Risk management
KEY RISKS
Moscow Exchange Group has built an integrated risk management system, however each of the Group company faces its own inherent risks associated with the specific field of its activities. Thus, Moscow Exchange, being the parent company of the Group, assumes the risks of a market operator, risks related to operations in its assets as well as risks of a financial platform operator.
That said, the Group’s principal risk taker is none other than Non-banking credit institution - Central Counterparty National Clearing Centre (short name “CCP NCC”) on the grounds that it operates as clearing house, a central counterparty for all main markets of Moscow Exchange Group, and an operator of deliveries in the Commodities Market. The Group’s comprehensive risk management system extends to the NSD, the infrastructure powerhouse of the Russian financial market, whose priorities lie in the reliable operation and stable development of the following key areas:
- Central securities depository;
- Clearing system;
- Commodities’ repository;
- Tripartite services;
- Corporate information center.
SYSTEM FOR MANAGING RISKS TO THE CURRENT STRATEGY
The principles and approaches employed by the Group in installing and operating the risk management system (RMS) are based on best international practices implemented in compliance with national and international risk and capital management standards. The Group holds an annual audit of its compliance with the CPMI-IOSCO Principles for Financial Market Infrastructures, the COSO Enterprise Risk Management Framework, and the guidelines of the Basel Committee on Banking Supervision on procedures to be employed by credit institutions in the sphere of risk and capital management.
In 2020, NCC successfully underwent operational audit by multinational professional services firm PwC in line with the Bank of Russia’s Regulation No. 556-P dated 11 November 2016 On the Operational Audit Procedure for a Central Counterparty; the audit covered such activities of NCC as risk management of the central counterparty (CCP), validation of the CCP model accuracy, stress-test of risks exposed to the CCP, estimation of the CCP’s dedicated capital and recovery of the financial stability of the CCP.
In 2020, the Exchange was reaffirmed under the ISO/IEC27001:2013 (Information Security Management Systems) and ISO 22301:2012 (Business Continuity Management Systems) certification covering the organization of on-exchange trading, clearing and other services on the Equity and Bond, Derivatives, FX and Money Markets. This certification ensures that the Exchange and NCC fully meet over 100 technical and administrative requirements in the area of information security and business continuity.
In 2020, Moscow Exchange acquired insurance contracts covering Electronic and Computer Crime and Personal Indemnity to mitigate operational and information security risks.
The integration of risk management functionality in business processes makes it possible to identify risks and assess their materiality in a timely manner, and to ensure an efficient response by mitigating potential adverse effects and/or by reducing the probability that they will materialize. Tools for mitigation include insurance, hedging, limit requirements and transaction collateral requirements.
The Group’s Risk Management System operates on the principles of comprehensive coverage, continuity, transparency, independent assessment, paper trail, prudence and materiality:
Comprehensive Coverage is premised on identifying risk factors and risk objects, determining risk appetite based on a comprehensive analysis of existing and proposed business processes (products), implementing universal RMS working procedures and elements, consistently applying methodological approaches in resolving similar risk assessment and risk management tasks, and assessing and managing key operational risks in close connection with the non-key operational RMS.
Continuity is premised on regular, coherent, target-driven procedures, such as assessment of existing risks, including monitoring risk parameters, review of key RMS parameters and how they are determined, including limits and other restrictions in respect of clearing members’ transactions, analyzing RMS technologies and operational rules, holding stress tests and preparing reports for management.
Transparency is manifested in providing relevant information regarding the RMS to clearing members / counterparties. Clearing members, including potential members, have access to methodological documents describing the RMS, including approaches to risk assessment, as well as to key aspects of the procedures employed in monitoring their financial stability. At the same time, the assessment results of a specific clearing member or counterparty, as represented in the form of internal ratings, or limits, as well as other restrictions established in respect of treasury or administrative operations, are never made public and are never subject to disclosure.
Independent Assessment means that a comprehensive assessment and review of each risk is undertaken by separate divisions / employees who are independent from the divisions responsible for taking on risks or counterparties. These divisions / employees cannot be charged with any responsibilities that may give rise to a conflict of interest.
Paper Trail means that RMS guidelines, procedures and rules are negotiated with the divisions involved in risk assessment and management procedures, and approved by the relevant governing bodies.
Prudence suggests that the Group bases its decision-making on a prudent combination of RMS reliability and profitability in choosing methods of risk assessment and management, and in determining the acceptable level of risk (risk appetite).
Materiality means that, in implementing various RMS elements, the Group is guided by the relationship between the costs that implementation of risk analysis, control and management mechanisms will require, and the potential outcome of such implementation, as well as the costs of the development and implementation of products, services or tools carrying the relevant exposure.
As part of the risk management strategy, and with a view to achieving strategic objectives, in 2020, credit entities of the Group developed a new approach to setting the risk appetite of Moscow Exchange Group.
The Group’s risk appetite is designed to help the Supervisory Board of Moscow Exchange, as the Group’s parent company, manage the Group’s overall risk level taking into account all intragroup effects and to set a target risk/return ratio for the Group.
The Group’s risk appetite is set for the horizon to 2024 in relation to risks recognised as significant at the Group level, and inherent to all Group companies* and equally measurable. The risk appetite of each company within the Group consists of a decomposed part of the Group’s risk appetite and individual indicators reflecting the specific risks of a particular company.
These priority areas serve as the basis for calculating threshold values for specific target indicators. Compliance with these indicators is regularly reviewed and communicated to the Supervisory Board.
RISK MAP
The risk map is based on an annual risk identification procedure.
Risk | Description | Actions |
---|---|---|
Credit risk (incl. CCP risk and concentration risk) | The risk of possible losses caused by failure of a Group’s counterparty to perform or properly perform its obligations to it. | The Group controls credit risk by employing the following procedures:
In order to reduce the credit risk associated with the CCP’s operations, the Group has implemented a multi-level safeguard structure triggered upon a clearing member’s failure to perform or properly perform its obligations, in compliance with regulatory requirements and strict international standards. |
Market risk | Market risk may emerge from a defaulting clearing member’s need to close major positions | The market risk management upon investing idle cash is aimed primarily to improve the risk/profitability correlation, and to minimize any losses should any adverse events occur. With this view the Group:
The market risk emerging as part of trading or clearing operations, is primarily managed by:
In managing the market risk emerging as part of trading or clearing operations, the Group:
|
Liquidity risk | Risk of potential losses following an adverse change in the value of the instruments comprising the bank book, caused by changes in interest and/or yield rates. | The liquidity management system includes the following elements:
|
Bank book interest risk | Risk of potential losses following an adverse change in the value of the instruments comprising the bank book, caused by changes in interest and/or yield rates. | In order to measure the impact of the interest risk over the fair value of financial instruments, the Group holds regular assessment of potential losses, which may be caused by negative change of the market terms. The risk management division regularly monitors the financials of the Group and its principal members, assesses the sensitivity of the market value of the investment portfolio and of the proceeds to the interest risk. |
Risk | Description | Actions |
---|---|---|
Operational risk | Risk of potential losses caused by inconsistency of internal operational procedures to the nature and scope of the business, and/or statutory requirements, their nonobservance by employees, lack of functionality, inadequacy of information, technological and other systems and/ or their failure, as well as by external events. | The principal operational risk management (mitigation) methods include:development of organizational structure, internal operational rules and regulations, distribution of powers, approval (negotiation) and reporting of undertaken operations, all of which will assist in avoiding (minimizing) the probability of operational risk factors;
|
Continuity risk | Risk of discontinued critical services. | With the view to ensuring normal operations in emergency situations:
|
Legal risk | Risk of losses caused by breach of contractual obligations, litigations, criminal and administrative liability of Group members and | Legal risk management procedures include:
Losses associated with legal risks shall be reflected in the operational risk database. |
Custody risk | Risk of loss of Group’s assets posted on it as collateral caused an action or omission of a counterparty responsible for safe custody and recordkeeping of the asset. | The custody risk is estimated within the credit risk as the custody risk occurrence may cause the credit risk event; and the custody risk is managed as part of the operational risk which may be the trigger the custody risk event. The custody risk management methods include:
|
Compliance (regulatory) risk | Risk of losses caused by non-compliance with the laws, internal regulations, self-regulating organizations’ standards (if mandatory), as well as by sanctions and/or other actions taken by regulatory authorities | The compliance risk is managed by the Group’s responsible business units within the Group’s unified compliance structure. As part of the activities of the Compliance Committee managed by the Chairman of the Executive Board of Moscow Exchange, Group companies seek to unify their approaches and implement best Russian and global practices in compliance risk management. |
Reputational risk | Risk of losses caused by a negative public opinion of the Group’s operational (technical) stability, quality of its services and its activities in general | In order to avoid losses associated with the realization of the reputational risk, the Group continuously monitors media space for information about the Group and analyses its internal processes applying the impact assessment methodology to each identified event or factor. The primary source of the reputational risk is the realization of the operational risk, especially when such information becomes public. Thus, all actions taken to prevent and to mitigate the operational risk work simultaneously towards the reduction of the reputational risk. |
Strategic risk | Risk of expenses (losses) sustained by the market operator as a result of mistakes (defects) made in deciding on the operator’s business and development strategy. | Principal methods of strategic risk management include:
|
RISK MANAGEMENT STRATEGY
In 2020, the Supervisory Board approved the following strategies of Moscow Exchange and the Group:
- Moscow Exchange’s Information Technology Strategy through 2024 (approved on 1 October 2020);
- Moscow Exchange Group’s Internal Audit Strategy (approved on 1 October 2020);
- Moscow Exchange Group’s 2024 Risk Management Strategy (approved on 29 October 2020);
- Moscow Exchange Group’s Information Security Strategy for
2021–2024 (approved on 10 December 2020).
The 2024 Risk Management Strategy also establishes success criteria for its implementation, strategy implementation risks and measures aimed at preventing them. Roadmaps have been developed for the implementation of the above strategies.
As part of the implementation of the Risk Management System Development Strategy Roadmap, an approach has been implemented to determine the risk appetite of Moscow Exchange Group.
The Information Security Strategy sets out measures aimed at reducing the likelihood of actual threats to the information security of Moscow Exchange and defines key performance indicators for the implementation of the Strategy.
All principal risk takers among the companies of the Group have developed a risk and capital management strategy. The principles and processes of the strategy seek to build, use and develop a comprehensive system of capital and risk management to ensure business continuity both in normal and stressed economic conditions, to enhance transparency of the risk and capital management processes, as well as to identify and assess significant risks in a timely manner, support capital planning and take due account of risks in the decision-making process.
With a view to maintaining efficiency of the regular risk management processes:
- the following committees operate: the Risk Committee of the NCC Supervisory Board, Risk Management Committee of Moscow Exchange, Risk Management Committees of NCC Management board and Moscow Exchange and Risk Committee of NSD Executive Board;
- a system of distribution of powers and responsibilities is in place to implement key risk management principles;
- risks are regularly identified and mitigation measures;
- financial resilience recovery plans and plans for engagement of additional resources have been developed.
The Exchange is constantly developing and improving its risk management system to reduce the vulnerability of business processes and their recovery time, to improve system redundancy based on spacing and duplication of resources, and to improve the reliability of communication systems between traders, the Exchange and depository and settlement organizations.
Moscow Exchange has also established a separate market operator’s risk management subsystem that enables it to identify and assess risks in a timely manner and to develop mitigation measures. This system incorporates continuous monitoring of emergencies and assessment of their potential impact on the technical processes of the Exchange’s markets, as well as updating the integrated operational and financial risk management system in line with adopted decisions and procedures.
The Exchange has developed and approved the Regulations on Managing the Risks of a Market Operator and the Regulations on Managing the Risks of a Financial Platform Operator. In addition, the Exchange has also set up a separate structural unit aiming to identify and assess risks in a timely manner and to develop mitigation measures.
In addition, the Group’s Risk Management Development Strategy through 2024 was developed and, as a follow-up, roadmaps were approved that include a description of specific objectives in such areas as risk management development, risk culture, deepening of core markets, balance sheet management, treasury and capital management. In particular, in pursuance of this Strategy, the Supervisory Board of Moscow Exchange approved the Group’s risk appetite indicators and their thresholds.
SHORT-TERM RISK OUTLOOK
Given that the Group’s strategy calls for the development of new products, formation of new trading markets and the expansion of the investor base, the management of financial risks will be key for the Company.
Entering a new market and receiving the status of a Financial Platform Operator by Moscow Exchange entail new risks, in particular information security risks and reputational risks came from the arrival of a new category of customers - individuals.
HR risks will remain neutral, given that most ongoing activities are long-term; however, staff turnover remains low. Given that the Exchange’s strategic objectives include the financial platform and balance management, regulatory and legal risks will continue to have a high impact on the Exchange’s activities; however, taking into account ongoing activities, we do not expect a significant increase in regulatory and legal risk.
Stabilization 3.0 programs being implemented results in the reduction of operational and compliance risks; however, the full effect will be visible only in the long term.
Plans to upgrade the Exchange’s key information systems will keep information security risks elevated.
Strategic risks will remain neutral given that no factors preventing the achievement of strategic objectives, as well as no substantial delays and/or negative variances in implementation of the budget for strategic projects and initiatives, are present considering the Group’s strategy through 2024.