• A programme called Stabilisation and Reliability is being implemented to improve the reliability of Moscow Exchange’s key systems and processes
• a dedicated unit has been formed to deal with operational risks;
• assessment of operational risks in individual business units has been completed;
• information on operational risk events is being collected;
• a database of operational risks has been created;
• a procedure has been implemented for assessing each identified operational risk and for making decisions on further action in relation to identified risks. An action plan is developed for each risk with respect to which a mitigation decision is made;
• a procedure has been introduced for independent tracking of plans to reduce identified operational risks;
• a series of employee training courses on operational risk management are being carried out.

Currently, operational risk issues are reviewed by the Moscow Exchange Executive Board on a monthly basis. The issues of operational risks, along with the issues of legal, reputational and regulatory risks are reviewed on a regular basis by the Risk Committee of the Moscow Exchange Supervisory Board.

With regard to information security and business continuity:

• an independent audit of IT management processes has been conducted;
• basic IT management processes are implemented in accordance with international CobIT and ITSM practices;
• companies receiving exchange intelligence on a commercial basis are periodically audited;
• information security procedures have been significantly upgraded, preparations have been started for certification for compliance with international standard ISO27001 for information security;
• Business Continuity and Business Recovery Plans have been developed for units of the Moscow Exchange Group, a business impact analysis has been conducted, and a disaster recovery plan has been developed;
• A Moscow Exchange backup office expansion project has been initiated.

The political and economic environment is monitored on an ongoing basis, and the most likely changes in the political and economic situation are assessed to reduce the political and economic risks to Moscow Exchange’s operations. The findings are factored into Moscow Exchange’s development concept, as well as decisions on the implementation of new projects.

• continuous monitoring of reputational risks;
• working with Moscow Exchange’s management to minimise reputational risks;
• holding public Moscow Exchange events aimed at enhancing the Company’s business reputation.

As part of its activities as an organiser of trading, Moscow Exchange may be exposed to risks associated with unethical practices on the part of professional participants in the securities market. The following set of measures are used to reduce the risks associated with actions on the part of traders that show signs of market manipulation, the use of insider or proprietary information, commercial secrets, and to protect the legitimate rights and interests of investors:

• development and approval of internal documents regulating Moscow Exchange’s activities in accordance with the laws and regulations of the federal executive body for the securities market;
• development of rules to prevent, detect and combat the misuse of insider information and/or market manipulation;
• continuous monitoring of traders’ stock market activities (applications and transactions) in order to detect unusual events, including events that can lead to market destabilisation. Information obtained from such monitoring is transferred to the federal executive body for the Securities Market;
• an annual audit of processes and internal documents by an independent auditor;
• interaction with regulatory authorities regarding the development of new regulations and changes to the existing ones.

• Long-term incentive programme for managers
• Recognition programme for Group employees
• Management of the performance evaluation system (compensation revision)
• Training aimed at increasing customer focus
• Skills training programmes

• information security is being monitored;
• new information security tools have been introduced;
• compliance with requirements for the protection of confidential and proprietary information, commercial secrets and personal information against unauthorised access is being monitored.

• Sanctions risks are being monitored;
• Moscow Exchange has developed an operation plan in the event that a sanctions risk event should occur.