Expert RA Sustainability Report 2023
ru

Risk Management System and Internal Control

Risk management is an integral part of the Expert RA’s corporate governance system. It provides for an active involvement of the Agency’s business units and employees in risk identification and assessment, a continuous expansion of the scope of research into potential threats and dangers, a systematical integration of risk-related information into managerial decisions and the improvement of the internal control system.

The Agency has a risk management system, which has the form of a systematic process of risk identification, assessment and regulations, implemented with a view to:
  • Ensuring a more reliable achievement of expected results and promoting the Agency’s sustainable development
  • Being compliant with the regulatory requirements and the Agency’s by-laws
  • Achieving a more effective allocation of resources
  • Enhancing the Agency’s investment attractiveness and shareholder value

Risk Management Process

Identification

The Agency’s risk management system is governed by special by-laws and policies, including the Risk Management Policy and the Internal Control System Regulation.

Expert RA identifies the following sustainability risks:

No.

Risk

Description

Risk minimisation measures

1.

Cybersecurity and data privaсy

Security leakage; compromise of management or production information

  1. Improving technical and software controls of information security
  2. Carrying out strict control and verification when hiring new employees to ensure compliance with the requirements for professional experience and work conduct and reject persons not meeting these requirements
  3. Raising information security awareness among personnel

2.

Compliance

Violations of legal requirements, including the Bank of Russia’s subordinate laws

  1. Ensuring an effective functioning of the Internal Control and Risk Analysis Service
  2. Ensuring the relevance of the Agency’s by-laws
  3. Introducing automated controls
  4. Giving regular personnel training

3.

Information technologies

  1. Violation of business continuity due to the unavailability and limited functionality of foreign software
  2. Delayed development of the Agency’s IT platform, failure of the Agency’s IT support processes to meet the requirements stemming from the nature and scale of the Agency’s activities
  1. Making transition to domestic software
  2. Implementing the Agency’s digital transformation programmes in order to introduce the most modern technologies, analytical tools and information processing methods, enhance the staff digital culture, strengthen assessment processes and improve the rating quality

4.

Personnel management

  1. High personnel turnover
  2. Shortage of qualified personnel, needed to ensure the continuity and further development of the Agency’s rating activities
  3. Weakening of labour productivity
  1. Ensuring decent working conditions
  2. Developing employee motivation programmes
  3. Investing in staff training and development to ensure a high level of expertise and quality of provided services
  4. Automating routine processes

5.

Rating process

  1. Late response to the deterioration of the rated entities’ circumstances
  2. Ambiguous interpretation of rating information disclosed by the Agency (such as the rating rationale) by the investment community, the media and others concerned
  1. Implementing automated means of monitoring customer information
  2. Automating control procedures
  3. Standardising information disclosure processes
  4. Participating in webinars, conferences, providing feedback to users of credit ratings and others concerned
  5. Taking an active part in industrial events, publication of research and reports, joining to professional communities to enhance the Agency’s authority and reputation as a professional partner

Risk identification and management are the responsibility of the internal control (IC) bodies. Expert RA operates a multi-level IC system, which comprises the aggregate of governance bodies, business units and executives functioning as part of the IC system plus organisational arrangements, methods and procedures developed and employed to effectively implement a process designed to reasonably ensure the achievement of the Agency’s goals. The tasks of the Agency’s IC system include:

Ensuring the reliability of assigned credit ratings and the independence of the rating process from any political and/or economic influence Identifying, preventing and managing conflicts of interestEnsuring the reliability, completeness and timeliness of preparation and presentation of corporal reporting to external and internal usersManaging the Agency’ risks, including the regulatory riskMaking sure that the Agency operates effectively

Expert RA’s System of Internal Control Bodies

General Shareholders Meeting

Expert RA employs control procedures, including automated systems, aimed at identifying and preventing conflicts of interest and ensuring the independence of the rating process from any political and/or economic influences, as required by Federal Law No. 222-FZ, regulations of the Bank of Russia and the Agency’s local regulations.

Risk identification, analysis and assessment are carried out, inter alia, by the Internal Control and Risk Analysis Service (the ICRAS). The latter is Expert RA’s operational unit reporting to the BoD. The General Director — Chair of the Management Board enables the ICRAS’s smooth and effective operation.

ICRAS functioning principles

The ICRAS operates on an ongoing basis.

ICRAS has the following functions:

  • Monitoring of the compliance of Expert RA and its employees with the legislation of the Russian Federation, including regulations of the Bank of Russia, as well as the Agency’s by-laws (“the Russian Federation legislation and the ABLs”), monitoring of the regulatory risk and the conflict-of-interest risk management
  • Prevention and obviation of violations of the Russian Federation legislation and the ABLs by the Agency and its employees; prevention of conflicts of interest
  • Inspection / audit of the compliance of Expert RA and its employees with the Russian Federation legislation and the ABLs
  • Generation of regular reports on the results of inspections/audits, identification of risks and corrective actions and submitting them for consideration to the General Director — Chair of the Management Board and the Board of Directors
  • Participation in the development of the Agency’s by-laws defining the internal control practice and procedures
  • Coordination and development of the corporate risk management system;
  • Risk identification, assessment and analysis
  • Control of the timeliness of document submission to the Bank of Russia in accordance with the requirements of laws governing CRA activities
  • Participation in the processing of complaints (appeals, applications) received by the Agency
  • Organisation and preparation of statutory reports and disclosures in accordance with the requirements of laws governing CRA activities, etc.
  • Engagement with the users of credit ratings, professional associations, the Bank of Russia, and other stakeholders

In 2023, the ICRAS internal audits have revealed minor risks and deficiencies in the control environment. To eliminate them, the Agency has adopted action plans aimed at improving control procedures and relevant by-laws. Audit findings, as well as the results of implemented corrective measures, are regularly reviewed by the BoD.

A full list of the ICRAS’s functions is provided in the Agency’s Transparency Report 2023.

Governance BodiesAnti-Corruption and Ethics