Internal control framework
The Company has an internal control system in place intended to promote the achievement of the Company's goals and enhance investor confidence in its business and corporate bodies. The internal control system is aimed at improving the effectiveness and efficiency of activities, keeping reliable and accurate financial and management accounts, ensuring compliance with the requirements of applicable Russian laws and the Company's by-laws.
The Company has the Internal Control Policy in place adopted by resolution of the Board of Directors in 2016. In addition, internal control requirements, procedures, and processes are covered by the procedure for “Internal Control Processes at MMC Norilsk Nickel”, as well as by business unit regulations and other internal guidelines.
All internal control processes, principles, mechanisms, means, and procedures make up a system of elements:
- control environment;
- assessment of risks to business processes;
- control procedures;
- information and communications;
- monitoring of the internal control system.
Entities that form the internal control system are structured on a number of levels, which comprise the Company’s and subsidiaries’ corporate bodies, business units and employees as well as dedicated control bodies:
- Internal Control and Risk Management Unit, including the Internal Control Department, Risk Management Service, and Financial Control Service,
- Internal Audit Department,
- Audit and Sustainable Development Committee,
- Audit Commission.
Internal Control Department
The Internal Control Department aims to create an efficient internal control framework that represents a combination of organisational processes, policies and guidelines, control procedures, corporate culture principles and actions that the internal control entities perform to provide reasonable assurance that the Company will achieve its targets. The department's functions include:
- developing and boosting efficiency of the internal control framework;
- ensuring a consistent approach to the design, operation and development of the internal control framework;
- detecting and preventing any waste, misuse or misappropriation of funds or assets of the Company and its subsidiaries, wrongdoings and theft;
- ensuring accuracy of metrics and measurement standards for the control and accounting of metal bearing products;
- arranging and implementing internal controls so as to combat illegal activities, such as money laundering and terrorism financing;
- managing the Corporate Trust Service operations.
Also, the Company has set up the Financial Control Service that audits the financial and business operations of the Company and its subsidiaries to report and issue recommendations to the President and directors of the Company. The head of the Financial Control Service is appointed by a resolution adopted by the Company’s Board of Directors.
Corporate Trust Service
In February 2010, the Company launched its Corporate Trust Service, which helps the Company’s management to promptly respond to reports of abuses, embezzlement and other violations. Employees, shareholders and other stakeholders have an opportunity to report any actions that will or might result in financial damages or be detrimental to the business reputation of the Company. The key principles underlying the Corporate Trust Service include guaranteed confidentiality for whistleblowers, timely and unbiased consideration of all reports. In no circumstances does the Company impose sanctions (including dismissal, demotion, deprivation of a bonus) against the employee who submitted a report to the Corporate Trust Service.
To make a report, anyone is invited to call a toll-free 24/7 hotline: +7 800 700-1941, +7 800 700-1945, or e-mail to firstname.lastname@example.org.
Information on received and processed reports is disclosed annually by the Company as part of its CSR report.
Internal Audit Department
The Internal Audit Department is responsible for the Company's internal audit. It was established to assist the Board of Directors and executive bodies in enhancing the Company’s management efficiency and improving its financial and economic operations through a systematic and consistent approach to the analysis and evaluation of risk management and internal controls as tools to provide reasonable assurance that the Company will achieve its goals.
The Internal Audit Department conducts unbiased and independent audits, assessing how effective the internal controls and the risk management system are. Based on the audits, the department prepares reports and proposals for the management on how to improve internal controls, and monitors the development of action plans to eliminate violations.
In order to ensure independence and objectivity, the Internal Audit Department functionally reports to the Board of Directors through the Audit and Sustainable Development Committee and has an administrative reporting line to the Company's President. It continuously monitors the implementation of activities developed by the management. The Board of Directors’ Audit and Sustainable Development Committee regularly reviews the department's work plan, audit reports, and monitoring analytics.
In 2017, the Department conducted the following audits:
- planning and control of process equipment repairs;
- operation of motor vehicles;
- compliance with health and safety requirements;
- technical and production risk management;
- compliance with corporate standards and policies.
Based on these audits, the management developed action plans which provide for a range of activities aimed at improving internal control procedures and mitigating risks.
In 2018, the Internal Audit Department plans to conduct a comprehensive assessment of the risk management and internal control system and its performance, and submit the results to the Audit and Sustainable Development Committee for review.
The Audit Commission is a corporate body which monitors the financial and business operations of the Company. The commission audits the Company’s financial and business operations on an annual basis and at any time as decided by the commission, resolutions of the General Meeting of Shareholders and the Board of Directors or as requested by shareholders who hold collectively at least 10% of the Company's voting shares. Following the review of financial and business results, the Audit Commission issues an opinion. Business operations were last audited in April–May 2017.
The Audit Commission works in the shareholders’ interests and reports to the General Meeting of Shareholders, which elects members of the Audit Commission until the next Annual General Meeting of Shareholders. The Audit Commission is independent from the officers of the Company’s governance bodies, and its members do not hold positions in the Company's governance bodies.
In the reporting year, the Audit Commission consisted of five people as prescribed by the resolution of the Annual General Meeting of Shareholders dated 9 June 2017.
|No.||Name||Primary employment and position|
|1.||Vladimir Shilkov||Chief Investment Officer at CIS Investment Advisers, Deputy Project Manager of the Financial Control Service at MMC Norilsk Nickel|
|2.||Anna Masalova||Chief Financial Officer, Moscow–McDonalds CJSC|
|3.||Georgy Svanidze||Head of Financial Department, member of the Management Board at Interros Holding Company|
|4.||Elena Yanevitch||Chief Executive Officer, Interpromleasing|
|5.||Artur Arustamov||Director of Price Control and Commercial Operations Department, En+ Management|
Remuneration payable to the members of the Audit Commission was approved by the Annual General Meeting of Shareholders on 9 June 2017. Members of the Audit Commission employed by the Company are remunerated throughout the year as per their job description and employment terms.
The Company complies with Russian and international anti-corruption laws. In its interaction with government officials, the Company, as well as its employees and corporate bodies, comply with the applicable laws (including anti-corruption laws), thus boosting the Company's reputation and building up trust towards the Company from its shareholders, investors, business partners and other stakeholders.
As part of its effective anti-corruption combat, the Company has developed and approved the following anti-corruption regulations:
- Business Ethics Code;
- Code of Conduct and Ethics for Members of the Board of Directors;
- Anti-Corruption Policy;
- Regulation on the Product Procurement Procedure for MMC Norilsk Nickel's Enterprises;
- standard anti-corruption agreement – appendix to the employment contract;
- Regulation on Information Security;
- Regulation on the Prevention and Management of Conflicts of Interest;
- Regulation on Business Gifts;
- Procedure for Anti-Corruption Due Diligence on Internal Documents at the Head Office of MMC Norilsk Nickel;
- Regulation on the Conflict of Interest Commission;
- Information Policy.
Having joined the Anti-Corruption Charter of the Russian Business, the Company implements dedicated anti-corruption measures based on the Charter and set forth in the Company's Anti-Corruption Policy.
In January 2018, the Company confirmed compliance with the Charter and secured its position on the Charter’s Register.
|Remuneration types||thousand RUB||thousand USD|
|Remuneration for the membership in a control body||7,200||123|
|Other types of remuneration||0||0|
In November 2016, the Company joined the United Nations Global Compact, which aims to promote recognition and practical application of ten basic principles of human rights, labour, environment and anti-corruption by businesses worldwide.
The Company’s personnel receive ongoing training on anti-corruption matters. In December 2017, all new employees at the Head Office completed online anti-corruption training and testing. An important element of the Company's undertakings are corruption prevention measures aimed at making employees clearly aware of the possible consequences and the “inevitability of penalty” not only for those who engage in corruption, but also for those who become aware of corruption and do not report it. Starting in 2015, all of the Company employees sign an agreement setting out their obligations in the anti-corruption area. All of the Company's employees are familiarised with the corporate Anti-Corruption Policy and related regulations. The Company ensures functioning of the Preventing and Fighting Corruption page on the corporate website containing information on anti-corruption regulations adopted, measures taken, preventive procedures introduced, legal training sessions organised and law-abidance promotion efforts taken.
Regulating the conflict of interest
One of the key anti-corruption measures is timely prevention and management of conflicts of interest. Procedures for assessing and settling conflicts of interest are set forth in the Regulation on the Prevention and Management of Conflicts of Interest at MMC Norilsk Nickel. As part of the regulation, the Company has approved the standard declaration form for reporting conflicts of interest, to be filled in by candidates applying for vacant positions or by the Company's employees whenever required.
On top of that, the Company has undertaken measures aimed at preventing potential conflict of interest involving governance bodies and key employees. From December 2016, members of the Company's governance bodies are required to annually submit information on relatives and family as per the approved form.
Alongside with these measures, the Regulation on the Prevention and Management of Conflicts of Interest at MMC Norilsk Nickel extends to all employees of the Company. It sets forth key principles that include obligation of each employee to disclose a conflict of interest, as well as non-retaliation for reporting the conflict of interest.
The Company takes measures aimed at identifying related-party transactions. All measures combined, undertaken in order to identify and prevent conflicts of interest, minimise the probability of negative consequences for the Company.
The Company implements initiatives to prevent unauthorised use of insider information. In accordance with Federal Law No. 224-FZ of 27 July 2010 On Prevention of Unlawful Use of Inside Information and Market Manipulation and on Amendments to Certain Legislative Acts of the Russian Federation, as well as the Market Abuse Regulation of the European Parliament and of the Council No. 596/2014 of 16 April 2014, the Company keeps a list of insiders, reviews by-laws and corporate events, to control implementation of measures as provided for in the Russian and international legislation, which includes disclosure of insider information. The Company also undertakes other measures aimed at preventing unlawful use of insider information.
Comprehensive security framework
In 2017, MMC Norilsk Nickel's corporate security operations focused on regular updates and the implementation of a comprehensive security system, which drew heavily on the ongoing analysis of the full range of the Company's modern-day challenges and threats in a rapidly changing operating environment. The ongoing implementation of the MBO (Management by Objectives) principles in the economic, corporate, information and physical security systems has enabled the Company to promptly and adequately respond to key risks, clamp down on embezzlement, implement initiatives to counter illicit trafficking of precious metals and metal bearing materials, and efficiently prevent in-house corruption.
The methodology boasts recognition from the international forensic community and is widely used not only for the Company's purposes, but also in examinations as requested by law enforcement authorities, to combat illicit trafficking of precious and non-ferrous metals.
In an effort to take public-private partnership in the field of security to a new level of quality, cooperation was established with government law-enforcement authorities, also in the Company's regions of operations. This approach enables a balanced planning of corporate security measures set to be an integral part of the national economic security system. MMC Norilsk Nickel pays special attention to complying with anti-terrorism requirements and enhancing security of the Company's strategic power and transportation facilities. In 2017, the close cooperation with law enforcement authorities helped the Company protect these facilities from any potential unlawful intrusion.
The Company ensures 100% safety and confidentiality of the employee and counterparty personal data, taking steps to integrate information security processes with other group-wide business processes and novel IT solutions. It is also continuously upgrading its comprehensive security system aimed at preventing external cyber interference with production processes. This made it possible for the Company, among other things, to effectively neutralise WannaCry and Petya virus attacks.
On top of that, Nornickel initiated the adoption of the Information Security Charter for Critical Industrial Facilities which defines corporate principles and standards of safe cyber behaviour. Measures undertaken in 2017 ensure a reliable protection of the Company's IT infrastructure.
The Company has further fostered its international activity in the field of industry-specific business security. The Security Committee of the International Platinum Group Metals Association is chaired by the Company's representative who works together with the United Nations Interregional Crime and Justice Research Institute (UNICRI) to prepare and implement practical recommendations in order to strengthen public-private partnerships aimed at fighting illicit transnational trafficking of precious metals. These initiatives received the support of world’s major metal producers.
The Institute for Modern Security Challenges, the Company's subsidiary, has been developing new corporate methods to protect the Company's legitimate interests focusing on the analysis of best international practices, introduction of acknowledged standards and practices of secure development of mining companies, expert reviews and preparation of analytical materials. Their practical implementation is aimed at optimising the Company's security costs and more efficient process management.