Internal control system

Moscow Exchange has in place an internal control system to ensure its licensed activities comply with Russian legislation and other regulatory requirements, as well as the rules of organized trading and the Exchange’s own constituent and internal documents.

The internal control system has several main tasks:

  • To ensure the Exchange complies with Russian legislation and MOEX’s own constituent and internal documents;
  • To prevent misuse of insider information and/or market manipulation;
  • To prevent any involvement of the Exchange and its employees in illegal and immoral activities, including money laundering and fonancing of terrorism;
  • To prevent any conflicts of interests, including by identifying and monitoring conflicts of interests, and to avert the consequences of any conflicts of interests.

Internal control is based on the identification, analysis, assessment and monitoring of the risk of losses being sustained by the market operator and/or other adverse effects of potential non-compliance of its activities carried out under an exchange license or a trading system license with Russian legislation and regulatory requirements, the rules of organized trading, and the constituent and internal documents of the market operator, and as a result of actions taken by the Bank of Russia («Compliance Risk»), as well as the management of such risk.

Within this framework, the Exchange’s internal control system is based on the COSO internal control concept and utilizes a Three Lines of Defense model. Duties related to risk management and internal control are allocated among MOEX’s governing bodies, control and coordination units, and the internal audit unit.

The First Line of Defesce is represented by all employees of the business and operational units of the Exchange, whose key functions are to identify, assess and manage the risks inherent in MOEX’s daily activities, as well as to elaborate and implement policies and procedures governing existing business processes.

The Second Line of Defense is represented by the Department of Operational Risk, Information Security and Business Continuity, the Internal Control Service, and the Compliance Risk Management Department. Their key functions are to continuously monitor and manage risks, as well as to control the compliance of MOEX’s activities with Russian legislation and regulations, the rules of organized trading, as well as the Exchange’s constituent and internal documents, in the following areas:

  • Ensuring information security, including protecting MOEX’s interests/goals in the information sphere;
  • Compliance with Russian legislation and the constituent and internal documents of Moscow Exchange;
  • Preventing any involvement of Moscow Exchange and its employees in illegal and immoral activities, including money laundering and financing of terrorism;
  • To prevent any misuse of insider information and/or market manipulation;
  • To prevent any conflicts of interests, including by identifying and monitoring conflicts of interests, as well as averting the consequences of any conflict of interests.

These units provide support to the First Line of Defense units in terms of identifying compliance risks, elaborating and implementing control procedures, clarifying the requirements of applicable laws, and preparing monitoring reports for governing bodies.

The Third Line of Defense is represented by the Exchange’s governing bodies, which determine the principles of and approaches to the organization of risk management and the internal control system in accordance with the Exchange’s Charter and regulations on governing bodies; and by the Internal Audit Service, which monitors the efficiency and productivity of the Exchange’s financial and economic activities, the efficiency of asset and liability management, including the safety of assets and the efficiency of the market operator’s risk management.

MOEX’s internal control system was subject to an independent audit, which evaluated the system as «mature». The current internal control system is appropriate to the Group’s profile, business scale and environment. However, the Group continues to enhance its internal control system to improve efficiency and maintain the system at a high level.