Internal Control System

Moscow Exchange Group has in place an internal control system based on advanced practices and COSO principles, including the Three Lines of Defense Model. According to the model, duties related to risk and control are distributed between the senior management (1st Line of Defense), control and coordination functions (2nd Line of Defense) and internal audit (3rd Line of Defense). The roles are assigned and powers are determined by senior managers of the Group.

The first line identifies, evaluates and manages the risks as well as creates and implements policies and procedures regulating on-going business processes. The second line (internal control, operational risk, information security and business continuity, financial control, economic security, etc.) continuously monitors the internal control system, establishes the common concept for detecting and evaluating risks and taking measures to mitigate actual and potential risks as well as advising and supporting the first line in risk management, control procedures and compliance. The third line (internal audit) provides the Group’s management bodies with an independent and impartial assessment of internal control performance.

Risks are identified, evaluated and monitored across the Group in accordance with a unified approach for risk evaluation. Control procedures are in place that reduce risks affecting the Group’s business to acceptable levels.

Risks as detected and assessed, as well as measures taken to reduce them, are reported to the management bodies on an on-going basis. This includes reporting the efficiency evaluation in respect to risk management and internal control system.

In 2017, an independent audit of the MOEX internal control system was carried out. Upon completion of the audit, the system was evaluated as Matured. The current internal control system complies with the Group’s profile, business scale and environment.

The Group continues enhancing its internal control system to ensure it remains compliant with high industry standards.