Sustainability Report 2024

Risk Management System and Internal Control

2024 Key Fact

No cases of conflict of interest were recorded

UN SDGs

Icons
Icons

Target groups

  • Responsible Business
  • Employees

Key aspects

  • Business Ethics
  • Employee Wellbeing and Development

Risk management is an integral part of Expert RA’s corporate governance system.

The risk management system  provides for an active involvement of Expert RA’s business units and employees:
  • Risk identification and assessment
  • Continuous expansion of the scope of research into potential threats and dangers
  • Systematical integration of risk-related information into managerial decisions
  • Improvement of the internal control system
Expert RA has a risk management system, which has the form of a systematic process of risk identification, assessment and regulations, implemented with a view to:
  • Ensuring a more reliable achievement of expected results and promoting Expert RA’s sustainable development
  • Being compliant with the regulatory requirements and the Agency’s by laws
  • Achieving a more effective allocation of resources
  • Enhancing the Agency’s investment attractiveness and shareholder value

Risk Management Process

Identification

Expert RA’s risk management system is governed by special by-laws and policies, including the Risk Management Policy and the Internal Control System Regulation.

Sustainability Risks

Risk

Description

Risk minimisation measures

Cybersecurity and data privaсy

Security leakage; compromise of management / production information

  1. Measures to improve technical and software controls of information security
  2. Strict control and verification when hiring new employees to ensure compliance with the requirements for professional experience and work conduct and reject persons not meeting these requirements
  3. Raising information security awareness among personnel

Compliance

Violations of legal requirements, including the Bank of Russia’s subordinate laws

  1. Ensuring an effectively functioning Internal Control and Risk Analysis Service
  2. Ensuring the relevance of internal regulatory documents
  3. Implementation of automated controls
  4. Regular staff training

Information technologies

  1. Violation of business continuity due to the unavailability and limited functionality of foreign software.
  2. Delayed development of Expert RA’s IT platform, failure of Expert RA’s IT support processes to meet the requirements stemming from the nature and scale of Expert RA’s activities
  1. Transition to domestic software
  2. Implementation of Expert RA’s digital transformation programmes in order to introduce the most modern technologies, analytical tools and information processing methods, enhance the staff digital culture, strengthen assessment processes and improve the rating quality

Personnel management

  1. High personnel turnover
  2. Shortage of qualified personnel, needed to ensure the continuity and further development of Expert RA’s rating activities
  3. Weakening of labour productivity
  1. Ensuring decent working conditions
  2. Development of employee motivation programmes
  3. Investing in staff training and development to ensure a high level of expertise and quality of provided services
  4. Automation of routine processes

Rating process

  1. Late response to the deterioration of the rated entities’ circumstances
  2. Ambiguous interpretation of rating information disclosed by Expert RA (such as the rating rationale) by the investment community, the media and others concerned
  1. Implementation of automated means of monitoring customer information
  2. Automation of control procedures
  3. Standardisation of information disclosure processes
  4. Participation in webinars, conferences, providing feedback to users of credit ratings and others concerned
  5. Taking an active part in industrial events, publication of research and reports, joining to professional communities to enhance Expert RA’s authority and reputation as a professional partner

Risk identification and management are the responsibility of the internal control (IC) bodies. Expert RA operates a multi-level IC system, which comprises the aggregate of governance bodies, business units and executives functioning as part of the IC system plus organisational arrangements, methods and procedures developed and employed to effectively implement a process designed to reasonably ensure the achievement of Expert RA's goals.

Tasks of Expert RA’s IC System
Ensuring the reliability of assigned credit ratings and the independence of the rating process from any political and/or economic influence

Expert RA’s System of Internal Control Bodies

GSM

Expert RA employs control procedures, including automated systems, aimed at identifying and preventing conflicts of interest and ensuring the independence of the rating process from any political and/or economic influences, as required by Federal Law No. 222-FZ, regulations of the Bank of Russia and the Agency’s local regulations.

Risk identification, analysis and assessment are carried out, inter alia, by the Internal Control and Risk Analysis Service (the ICRAS). The latter is Expert RA’s operational unit reporting to the BoD. The General Director — Chair of the Management Board enables ICRAS’s smooth and effective operation.

ICRAS Functioning Principles

Continuity

ICRAS has the following functions:

  • Monitoring of the compliance of Expert RA and its employees with the legislation of the Russian Federation, including regulations of the Bank of Russia, as well as the Agency’s by-laws (the Russian Federation legislation and the ABLs), monitoring of the regulatory risk and the conflict-of-interest risk management
  • Prevention and obviation of violations of the Russian Federation legislation and the ABLs by Expert RA and its employees; prevention of conflicts of interest
  • Inspection / audit of the compliance of Expert RA and its employees with the Russian Federation legislation and the ABLs
  • Generation of regular reports on the results of inspections/audits, identification of risks and corrective actions and submitting them for consideration to the General Director — Chair of the Management Board and the Board of Directors
  • Participation in the development of Expert RAs by-laws defining the internal control practice and procedures
  • Coordination and development of the corporate risk management system
  • Risk identification, assessment and analysis
  • Control of the timeliness of document submission to the Bank of Russia in accordance with the requirements of laws governing CRA activities
  • Participation in the processing of complaints (appeals, applications) received by Expert RA
  • Organisation and preparation of statutory reports and disclosures in accordance with the requirements of laws governing CRA activities, etc.
  • Engagement with the users of credit ratings, professional associations, the Bank of Russia, and other stakeholders

In 2024, ICRAS internal audits have revealed minor risks and deficiencies in the control environment. To eliminate them, Expert RA has adopted action plans aimed at improving control procedures and relevant by-laws. Audit findings, as well as the results of implemented corrective measures, are regularly reviewed by the BoD.

Governance Bodies Anti-Corruption and Ethics