10.1. Internal Control
In 2020, NCC performed the internal control in accordance with Federal Law No. 395-1 dated 02.12.1990 ‘On Banks and Banking Activity’, Federal Law No. 7-FZ dated 07.02.2011 ‘On Clearing, Clearing Activities and Central Counterparty’, Bank of Russia Regulation No. 242-P dated 16.12.2003 ‘On Organization of Internal Control in Credit Institutions and Banking Groups’, and Bank of Russia Ordinance No. 4739-U dated 15.03.2018, ‘On the Requirements for Internal Controls and Auditing Conducted by a Clearing Organization’ taking into account the nature and scope of carried activities, levels and combination of assumed risks affecting each other in the course of NCC’s activities as a credit institution, clearing organization, functioning as a central counterparty and commodity supply operator.
The internal control is exercised to ensure:
- the efficient financial and economic performance of NCC when exercising banking transactions and other trades, performing the functions of a clearing organization and central counterparty, efficient management of assets and liabilities, including safe custody of assets, and management of banking risks/ risks of central counterparty and CSO;
- reliability, completeness, objectivity and timeliness of preparation and submission of financial statements, accounts, statistical and other reports;
- information security, i.e. the protection of NCC’s interests in the information area as a system of information, information infrastructure, subjects collecting, forming, distributing and using information as well as the system of regulating the relations arising in this respect;
- compliance with the legislation of the Russian Federation, NCC’s Articles of Association and NCC’s internal documents;
- prevention of NCC’s involvement and its employees’ enggement in any illegal activity, including the legalization (laundering) of proceeds from crime and financing of terrorism, in exercising of suspicious transactions;
- mitigation of NCC’s risk of losses which may incur as a result of any sanctions and (or) other disciplinary measures taken by the supervisory authorities, including by reason of its incompliance with the legislation of the Russian Federation or NCC’s internal documents, as well as late provision of any governmental authorities or the Bank of Russia with any information required to be so disclosed in compliance with the legislation of the Russian Federation; maintenance of NCC’s effective system to combat legalization (laundering) of proceeds from crime and financing of terrorism at the level sufficient to manage the risks of legalization (laundering) of proceeds from crime and financing of terrorism.
NCC’s internal control organization also complies with the requirements established by the federal executive body authorized to control and supervise taxes and levies for the organization of the internal control framework, which goals are as follows:
- carrying out of NCC’s financial and economic activities in an orderly and effective manner, inter alia, achievement of financial and operational targets, asset safety;
- accurate accruing (withholding), full and duly payment (transfer) of taxes, levies, insurance premiums;
- reliability, completeness and timeliness of recording of the financial and economic performance results in the financial, tax, and other statements and consideration of such results when assessing (withholding) taxes, levies, insurance premiums; completeness and timeliness of their payment (transfer),
- compliance with the legislation of the Russian Federation, inter alia, facts of economic activity related to any executed and planned trade (transaction) or a series of related trades (transactions), and related to other occurred facts of business life of the organization;
- monitoring of results of the performed control procedures aimed at timely identification, rectification and prevention of errors (misstatements) in financial, tax and other statements.
Efficiency of the internal control framework run by NCC is ensured by:
- control procedures implemented at all levels of management;
- periodical inspections of compliance of all activity areas with the established policies and procedures;
- ensuring integration of the control procedures in NCC’s daily activities;
- follow-up control of closed transactions;
- ensuring separation of functions and prevention of conflicts of interest in performance of duties by the personnel;
- ensuring compliance of its transactions with the legislation of the Russian Federation and regulations of the Bank of Russia;
- ensuring timely provision of necessary information to the relevant employees of NCC;
- maintaining the required level of security of information systems;
- daily monitoring of high risk transactions;
- carrying out internal audit and different external audits;
- regular control of efficiency of the measures taken by its subdivisions and management bodies based on the inspection results ensuring decrease in the level of the identified risks;
- timely provision of the management bodies with the information on material risks and weaknesses of its internal control framework.
The system of NCC’s internal control bodies performing internal control in accordance with their powers defined in the Articles of Association and internal documents of NCC includes:
- NCC management bodies (General Shareholders Meeting, Supervisory Board, Executive Board, and CEO);
- NCC Revision Committee;
- NCC Chief Accountant and his/her deputies;
- Internal Audit Service (IAS). IAS operates under the direct control of NCC Supervisory Board. IAS’s main objective is ensuring of independent impartial assessment of efficiency of the internal control, risk management framework and corporate governance.
- Internal Control Service (ICS).
- ICS operates under the direct control of and reports to CEO. The main functions of ICS are mitigation of regulatory risk, control over compliance by CCP NCC with the laws on clearing, clearing activities and central counterparty, and the laws on combating unlawful use of insider information and market manipulation;
- Financial Monitoring Service (FMS) is NCC’s structural unit for prevention of legalization (laundering) of proceeds from crime and financing of terrorism. In accordance with Clause 2, Article 7 of Federal Law No. 115-FZ dated 07.08.2001 ‘On Combating Legalization (Laundering) of Proceeds from Crime and Financing of Terrorism’, by its order, NCC appointed the authorized officer (head of the Financial Monitoring Service) – a special officer responsible for implementation of internal control regulations to combat legalization (laundering) of proceeds from crime and financing of terrorism (AML/CFT). FMS reports to NCC’s Supervisory Board on an annual basis – 2020 report was taken into consideration;
- Credit Risk Department (CRD) is a structural unit of NCC responsible for organization of the risk management framework (RMF). CRD manages the credit and custodial risks, coordinates the activity of non-financial risk management officers and the activity of the Market Risk Department with respect to the management of NCC’s market and liquidity risk;
- Market Risk Department (MRD) is a structural unit of NCC responsible for taking part in organization of RMF and management of NCC’s risk with respect to the market and liquidity risk;
- Legal Affairs Officer is a person responsible for the management of legal risk and organization of work aimed at legal risk mitigation. The Legal Affairs Officer acts in compliance with the legislation of the Russian Federation, regulations issued by the Bank of Russia, NCC’s Articles of Association and other internal documents and policies;
- Reputational Risk Management Officer is a person responsible for management of reputational risk and organization of work aimed at mitigation thereof. The Reputational Risk Management Officer acts in compliance with the legislation of the Russian Federation, the regulations issued by the Bank of Russia, NCC’s Articles of Association and internal documents;
- Operational and Strategic Risk Management Officer acts in compliance with the legislation of the Russian Federation, the regulations issued by the Bank of Russia, NCC’s Articles of Association and internal documents,
- other structural divisions and employees of NCC performing their internal control functions in accordance with their powers defined in the internal documents of NCC. For instance, the Information Security Service (ISS) operates under the direct control of and reports to CEO. ISS’s key responsibilities include the development of a set of measures to protect confidential information (including banking secrecy, personal data), and to conduct periodic audits of NCC’s information infrastructure facilities as well as the existing processes for checking the compliance with the information security requirements.
During the reporting year, NCC established the Audit Committee, a permanent consultative advisory body of NCC’s Supervisory Board performing the following major functions:
- control and analysis of the matters essential for NCC in the area of financial statements, issues related to the effectiveness of internal control over the financial and economic activities, effectiveness of the system for risk and capital management, compliance and corporate governance;
- insurance of independence and objectivity in the area of internal and external audit, control over their operation efficiency;
- control in the area of counteractions to fraud and malpractice on the part of NCC’s employees and third parties aimed against the Company, over regulatory and statutory requirements, and protected interests of the Company;
- assistance in promotion of personal awareness of NCC’s Supervisory Board members regarding the financial and economic activities and overall internal control framework of the Company;
- preliminary consideration, analysis, development and provision of opinions and recommendations to NCC’s Supervisory Board regarding the matters related to the functions and objectives of the Committee;
- preparation of evaluation of the opinion of NCC’s auditor.
The composition of the Committee is determined by NCC’s Supervisory Board, it consists of three (3) members of the Company’s Supervisory Board, who are independent directors. The Committee members are Anna Arkhangelskaya (Chairman of the Audit Committee), Andrey Popov, Natalia Puzyrnikova.
The internal audit is one of the major components of NCC’s internal control framework. NCC has in place the Internal Audit Service (hereinafter, IAS) — a standalone structural subdivision of internal audit — established to organize and perform the internal audit activity in compliance with the Federal Law ‘On Banks and Banking Activity’, the Federal Law ‘On Clearing, Clearing Activities and Central Counterparty’, the Bank of Russia Regulation ‘On Organization of Internal Control in Credit Institutions and Banking Groups’, and any other applicable laws of the Russian Federation and regulations of the Bank of Russia. IAS activity is also regulated by the International Standards for the Professional Practice of Internal Auditing, the Code of Ethics and reports of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) on ‘internal control’ and ‘enterprise risk management’.
 Order of the Russian Federal Tax Service No. MMB-7-15/509@ dated 16.06.2017 ‘On Approval of Requirements for the Internal Control Framework Organization’.