Report on the Description of the National Settlement Depository Controls, Suitability of Controls Design and Operating Effectiveness,
12 October, 2015
13
competencies in relation to risk and control issues are defined in the Company's corresponding
internal documents – its Charter, Regulations for commissions and committees, Regulations for
specific business units, job descriptions, etc.
To ensure sustainability and efficiency of its operations, the Company consistently takes efforts
to put in place and ensure the smooth operation of the risk management system, which is
adequately aligned with the nature and the scale of the Company's business, the profile of risks
it takes, and meets the needs of its further development. The risk management system is
designed to ensure identification, assessment and mitigation of risks taken by the Company, as
well as to control the related risk exposure and profile.
In its risk management efforts, NSD relies on international risk management practices, and
requirements and recommendations of regulators. In particular, NSD has implemented the
Three Lines of Defense Model, which addresses the following:
The first line of defense (heads and employees of NSD’s business units, apart from the
Risk Management Department and the Internal Audit Department) is involved in risk
identification, information collection, and assessment, and participates in risk mitigation
activities when executing business processes within their competencies in accordance with
NSD’s internal regulations.
The second line of defense (Risk Management Department) is put in place to develop,
implement and improve the risk management procedures, tools and methodology;
manage the risk identification and data collection at NSD; assess risk levels, perform
reviews and come up with risk mitigation techniques and controls structure. They exert
control over implementation of their recommendations; ensure staff awareness about the
risk management system in place at NSD; and prepare reports on issues related to risk
management.
The third line of defense (Internal Audit Department) provides assurance and
independent analysis of the complete coverage and effectiveness of the risk assessment
methodology and risk management procedures at NSD.
The Risk Management Department operates along three lines: financial risks, non-financial
risks, and information risks. Financial risk management is about the liquidity risk, the market
risk, and the credit risk management. Non-financial risk management is about the operating,
strategic, legal, regulatory and reputational risk management. Information risk management is
about management of risks associated with the ownership, development, operation and
application of information technologies as part of NSD’s activities.
Business continuity management
The development and improvement of the business continuity system was at the top of NSD's
agenda in 2014. To protect themselves from high impact threats, NSD constantly carries out
disaster recovery tests on their hardware and software, and has established a backup office.
Due to the performed organisational and technical methodological activities, as from mid 2014
the NSD's backup office started to operate on a permanent basis (part of specialists from critical
business units perform their functions from the backup office on a daily basis). The expansion of
the backup office made it possible to not only accommodate additional employee workstations,
but also improve comfort of NSD's staff seating arrangements, which is critical in the conditions
of day-to-day operation from the backup office premises. Due its extensive and integrated
