Risk management framework

The Company continuously manages risks that affect its strategic and operational goals. These efforts include identification and assessment of external and internal risks in terms of their impact on key financial and non-financial metrics, along with the development and implementation of response and minimisation measures.

The Company has developed and adopted all relevant risk management documents, including:

  • Corporate Risk Management Policy,
  • Corporate Risk Management Framework Regulations,
  • Risk Management Regulations,
  • Investment Project Risk Management Regulations,
  • risk management regulations for specific processes (management of tax, health and safety and market risks).

Risk management embraces all business areas and governance levels:

  • strategic risks are managed by the Board of Directors and the Company's senior management;
  • key operational risks are managed by the Company's senior management;
  • other material operational risks are managed by heads of business units and subunits.

The Corporate Risk Management Policy sets out the following key risk management objectives:

  • increase the likelihood of achieving the Company's goals;
  • improve the resource allocation efficiency; and
  • boost the Company's investment case and shareholder value.

The risk management framework relies on the principles and requirements of Russian and international laws, and professional standards, including the Corporate Governance Code recommended by the Bank of Russia, ISO 31000 (Risk Management) and COSO ERM (Enterprise Risk Management – Integrated Framework).

To manage catastrophic production risks, the Company develops and approves business continuity plans that in case of emergency set out:

  • interaction procedure for business units;
  • operations support or resumption plan;
  • rehabilitation or reconstruction plan for affected assets.

The corporate risk management framework (CRMF) implementation and improvement initiatives are spearheaded by the Company’s Vice President and Head of Internal Controls and Risk Management and its Risk Management Service.

In 2018, key initiatives aimed at improving the CRMF will include:

  • continued integration of risk management practices into strategic, budget and investment planning, setting KPIs for the management and assessing their achievement;
  • deployment of risk management automation tools;
  • improvement of technical and production risk management, broadening of the analysis perimeter, evaluation of technical and production risk impact on human health and safety, and environment;
  • introduction of quantitative assessment methods and modelling to analyse technical and production risks and risks associated with investment projects.

Insurance

Insurance is one of the most important tools for managing risks and finances and protecting the assets of the Company and its shareholders against any unforeseen losses related to our operations, including due to external hazards.

Nornickel has centralised its insurance function to consistently implement uniform policies and standards supporting a comprehensive approach to managing insurance policies and fully covering every risk at all times. The Company annually approves a comprehensive insurance programme that defines key parameters by insurance type and key project.

As part of our risk mitigation initiatives, we have implemented a corporate insurance programme that covers assets, equipment failures and business interruptions across the Group. Our corporate insurance policies are issued by major Russian insurers in cooperation with an international broker. This helps the Company make sure that its risks are underwritten by highly reputable international re-insurers.

The same principles of centralisation apply to our freight, construction and installation, aircraft and ship insurance arrangements. The Group, as well as its directors and officers, carry business and third-party liability insurance.

To optimise terms of coverage and better manage covered risks, we follow the best mining industry practices.

Key risks, risk factors and mitigants

Risk type Mitigants
Workplace injury risk
Failure to comply with the Group’s health and safety rules may result in threats to the employee's health and life, temporary suspension of operations, and property damage.

Key risk factors

  • Unsatisfactory organisation and control of work safety
Pursuant to the Occupational Health and Safety Policy approved by the Company's Board of Directors, the Company undertakes to:
  • ensure continued control over compliance with the health and safety requirements;
  • improve the working conditions for employees of the Company and its contractors deployed at the Company's production facilities, including by implementing new technologies and labour saving solutions, and enhancing industrial safety at production facilities;
  • provide staff with certified state-of-the-art personal protective equipment;
  • carry out preventive and therapeutic interventions to reduce the potential impact of hazardous and dangerous production factors;
  • regularly train and instruct employees and assess their health and safety performance, and conduct corporate workshops, including by deploying special simulator units;
  • enhance methodological support for health and safety functions, including through the development and implementation of corporate health and safety standards;
  • improve the risk assessment and management framework at the Group’s companies and production facilities as part of the Risk Control project;
  • analyse the competencies of line managers at the Company’s production facilities, develop health and safety training programmes and arrange relevant training sessions;
  • provide training for managers under the programme to determine root causes of accidents using the best international practices (“Tree of Causes and Hazards”, 5-why, etc.);
  • provide information about the circumstances and causes of an accident to all employees of the Company, conduct ad hoc instruction sessions.
  • introduce a framework to manage technical, technological, organisational and HR changes.
INFORMATION SECURITY RISKS
Potential cyber crimes may result in an unauthorised transfer, modification or destruction of information assets, disruption or lower efficiency of IT services, business, technological and production processes of the Company.

Key risk factors

  • Growing external threats;
  • unfair competition;
  • rapid development and automation of IT infrastructure, technological and business processes;
  • employee and third party wrongdoing.
To manage this risk, the Company undertakes to:
  • develop the Information Security Strategy and Programme, define roles and responsibilities in information security at a corporate level;
  • draft information security rules and regulations;
  • comply with Russian laws and regulations with respect to personal data and trade secret protection, insider information, and critical information infrastructure;
  • categorise information assets and assess information security risks;
  • raise awareness in information security;
  • use technical means to ensure information security of assets;
  • manage access to information assets and information security incidents;
  • ensure information security of the process control system;
  • monitor threats to information security and use technical protection means, including vulnerability analysis, penetration testing, cryptographic protection of communication channels, controlled access to removable media, protection from confidential data leakages, mobile device management;
  • set up and certify the Information Security Management System.
PRICE RISK
Potential decrease in revenues due to lower prices for metals (nickel, copper, platinum, palladium, etc.) subject to the actual or potential changes in demand and supply on certain metal markets, global macroeconomic trends, and the financial community's interest in speculative/investment transactions in the commodity markets.

Key risk factors

  • Lower demand;
  • inventory liquidation by market participants;
  • speculative price decrease.
To manage this risk, the Company is continuously monitoring metal price (market) forecasts.

Should the risk materialise, the Company will consider cutting capital expenditures (revising the investment programme for projects that do not have a material impact on the Company’s development strategy) as part of the budget process.

FX RISK
USD depreciation against RUB, including due to changes in the Russian economy and the policy of the Bank of Russia, may adversely affect the Company's financial performance, as most of its revenues are denominated in USD, while most of its expenses are denominated in RUB.

Key risk factors

  • Increase in Russia’s balance of payments, higher oil exchange prices and lower imports;
  • improved country macroeconomics;
  • change in ratings;
  • lower volatility in financial markets of Russia and other developing countries.
To manage this risk, the Company undertakes to:
  • maintain a balanced debt portfolio where USD-denominated borrowings prevail to ensure a natural hedge;
  • implement regulations that limit fixing of prices in foreign currencies in expenditure contracts.
TECHNICAL AND PRODUCTION RISK
Technical, production, or natural phenomena, which, once materialised, could have a negative impact on the implementation of the production programme and cause technical incidents or reimbursable damage to third parties and the environment.

Key risk factors

  • Harsh weather and climatic conditions, including low temperatures, storm winds, snow load;
  • unscheduled stoppages of key equipment;
  • release of explosive gases and flooding of mines;
  • collapse of buildings and structures;
  • infrastructure breakdowns.
To manage this risk, the Company undertakes to:
  • properly and safely operate its assets in line with the requirements of the technical documentation, technical rules and regulations as prescribed by the local laws across the Company's footprint;
  • introduce ranking criteria and determine the criticality of key industrial assets;
  • timely replace its fixed assets to achieve production safety targets;
  • implement automated systems to control equipment's process flows;
  • improve the maintenance and repair system;
  • train and educate its employees both locally, on site, and centrally, through its corporate training centres;
  • systematically identify and assess technical and production risks. The Company has developed and is implementing a programme of organisational and technical actions aimed at reducing these risks;
  • develop the technical and production risk management system, including by engaging independent experts to assess the system efficiency and completeness of data;
  • engage, on an annual basis, independent surveyors to analyse the Company's exposure to disruptions in the production and logistics chain and assess related risks. In 2017, key technical and production risks were insured as part of the property and business interruption (downtime) insurance programme, with emphasis laid on best risk management practices in the mining and metals industry. The programme aims to protect the assets of the Company and its shareholders against any catastrophic risks. In addition, the Company insured production assets at its facilities that make up the key production chain.
COMPLIANCE RISK
The risk of legal liability and/or legal sanctions, significant financial losses, suspension of production, revocation or suspension of a licence, loss of reputation, or other adverse effects arising from the Company’s non-compliance with the applicable regulations, instructions, rules, standards or codes of conduct.

Key risk factors

  • Сhanges in legislation and law enforcement practices;
  • discrepancies in rules and regulations;
  • considerable powers and a high degree of discretion exercised by regulatory authorities;
  • potential violation of legal requirements by the Company’s business units and Russian subsidiaries.
To manage this risk, the Company undertakes to:
  • make sure that the Company complies with the applicable laws;
  • defend the Company's interests during surveillance inspections or in administrative offence cases;
  • use pre-trial and trial remedies to defend the Company's interests;
  • include conditions defending the Company's interests in the contracts signed by the Company;
  • implement anti-corruption, anti-money laundering and counter-terrorist financing initiatives;
  • take actions to prevent unauthorised use of insider information and market manipulation;
  • ensure timely and reliable information disclosures as required by the applicable Russian and international laws.
  • In addition to ongoing measures, the following documents were developed and approved in 2017: the Norilsk Nickel Group's Legal Support Policy, Antitrust Compliance Policy (formalising interactions to ensure legal protection of the Norilsk Nickel Group's interests), Regulations on Interaction of MMC Norilsk Nickel's Business Units and Officers to Prevent Unlawful Use of Insider Information in Compliance with the Market Abuse Regulation of the European Parliament and of the Council No. 596/2014, amended version of MMC Norilsk Nickel's Information Policy Regulations (alignment with the applicable Russian and international information disclosure laws).
RISKS RELATED TO CHANGES IN LEGISLATION AND LAW ENFORCEMENT PRACTICES
Adverse consequences arising from the Company’s non-compliance with the applicable regulations, instructions, rules, standards or codes of conduct.

Key risk factors

  • Unstable legal environment;
  • complicated geopolitical situation;
  • significant budget deficit (government agencies and authorities seeking to boost revenues).
To manage this risk, the Company undertakes to:
  • continuously monitor changes in legislation and law enforcement practices in all business areas;
  • perform legal due diligence of draft regulations and amendments;
  • participate in discussions of draft regulations, both publicly and as part of the expert groups;
  • engage its employees in relevant professional and specialist training programmes, corporate workshops, and conferences;
  • cooperate with government agencies to ensure that new laws and regulations take into account the Company’s interests.
POWER BLACKOUTS AT PRODUCTION AND SOCIAL FACILITIES IN THE NORILSK INDUSTRIAL DISTRICT (NID)
The failure of key equipment at the generating facilities of fuel and energy companies and transmission networks may result in power, heat and water shortage at key production facilities of the Company’s Polar Division / Russian subsidiaries and social facilities in the NID.

Key risk factors

  • The isolation of the NID's power system from the national grid (Unified Energy System of Russia);
  • harsh weather and climatic conditions, including low temperatures, storm winds, snow load;
  • length of power, heat and gas transmission lines;
  • wear and tear of key production equipment and infrastructure.
To manage this risk, the Company undertakes to:
  • operate and maintain generating and mining assets as required by the technical documentation, industry rules, regulations, and laws;
  • timely construct and launch transformer facilities;
  • timely upgrade (replace) TPP and HPP power units' equipment;
  • timely replace transmission towers;
  • timely upgrade and renovate trunk gas and condensate pipelines and gas distribution networks.
SOCIAL RISKS
Escalating tensions among the workforce due to the deterioration of social and economic conditions in the Company's regions of operation.

Key risk factors

  • Headcount optimisation;
  • rejection of the Company’s values by some employees and third parties;
  • limited ability to perform annual wage indexation;
  • dissemination of false and inaccurate information about the Company’s plans and operations among the Group’s employees;
  • lower spending on social programmes and charity.
To manage this risk, the Company undertakes to:
  • strictly abide by the collective bargaining agreements made between the Group's companies and employees;
  • actively interact with regional and local authorities, and civil society institutions;
  • fulfil its social obligations under public-private partnership agreements;
  • implement the World of New Opportunities charity programme aimed at supporting and promoting regional public initiatives;
  • implement the Norilsk Upgrade project to introduce innovative solutions for sustainable social and economic development of the region;
  • implement monitoring across the Group's operations;
  • conduct opinion polls among Norilsk's communities to learn more about their living standards, employment, migration trends and general social sentiment, and identify major challenges;
  • implement social projects and programmes aimed at supporting employees and their families, as well as the Company’s former employees;
  • coordinate, over the year, the joint efforts of various participants and promptly address any issues arising during the reconstruction of Norilsk Airport's runway, at the meetings of the task force involving the representatives of the Norilsk Administration, regional and federal authorities, Norilsk Airport and NordStar Airlines;
  • provide treatment at Chinese health resorts during winter (programme geography expansion) to compensate for fewer summer packages due to runway reconstruction at Norilsk Airport;
  • engage in dialogues with stakeholders and conduct opinion polls while preparing public CSR reports.