Internal control function

In order to improve the Group’s overall efficiency and performance and to further enhance its asset management and risk management frameworks, the Group has established a multilevel internal control function, which is a system of management bodies and internal oversight functions that ensures that business processes are conducted in compliance with Russian laws and the Group’s constitutive documents and internal regulations.

Internal control functions are exercised by: the Revision Commission, the external auditor (audit firm), the Internal Control Service, the Supervisory Board’s Audit Committee and the supervisory and management bodies, including the Supervisory Board, the Executive Board and the Chairman of the Executive Board.

The Supervisory Board participates in shaping the internal controls through: approval of internal regulations governing internal control processes, including those related to internal audit; identification of internal control and risk management principles and approaches; review and evaluation of the Risk Management System; appointment and dismissal of the head of the Internal Audit Service; regular review of reports from the Internal Audit Service; approval of the Internal Audit Service’s action plan; and authorisation of ad hoc audits and inspections.

In order to create an effective system for the internal control, monitoring and improvement of internal audit procedures, the Audit Committee of the Supervisory Board and the Risk Management Committee were created, whose main purpose is to ensure the effective work of the Supervisory Board in governing issues related to monitoring the reliability and efficiency of the risk management, internal control and corporate governance functions, as well as the financial and business activities.

The Internal Audit Service is functionally independent from the executive bodies, and it exercises internal control functions by assessing the reliability and effectiveness of the risk management and internal control system (including financial and economic control), as well as the corporate governance practices of Moscow Exchange and, upon request from the Supervisory Board, of other companies in the Group. Following audits and inspections carried out by internal control bodies, reports are drafted and submitted for approval by Moscow Exchange’s Supervisory Board.

In order to organise and exercise internal control over compliance with organised trading laws, as well as with the Company’s Articles of Association and other internal regulations, a separate subdivision was established, the Internal Control Service, whose main purpose is to review, at least once every three months, the activities of the risk management officer (subdivision) in terms of compliance with the laws on anti-money laundering and the financing of terrorism, misuse of insider information and market abuse and prevention of conflicts of interest and corruption.

To ensure a systematic and integrated approach to risk management, a separate subdivision was established to to identify, assess and mitigate the risks facing Moscow Exchange.

In order to improve the management of non-economic (including operational, legal, regulatory, reputational and strategic) risks and to mitigate losses from a non-economic risk event and to reduce the likelihood of the occurrence of such an event, the Non-economic Risk Committee was established by the Executive Board.

Risks associated with Moscow Exchange’s activities are managed in accordance with the requirements of the Bank of Russia and taking into account international risk management standards (BIS, BCBS, CPSS, IOSCO, etc.).