Internal Control and Risk Management

Risk management framework

Integrated in all of Nornickel’s business processes, its corporate risk management framework enables risk-oriented decision-making at various levels to achieve strategic and operational goals.

Nornickel has the following key objectives of risk management:

  • increase the likelihood of achieving the Company’s goals;
  • make resource allocation more efficient; and
  • boost the Company’s investment case and shareholder value.

The Company’s risk management practices are based on the principles and requirements of the Russian and international laws and regulations and are also guided by professional standards, including:

  • Corporate Governance Code recommended by the Bank of Russia;
  • GOST R ISO 31000–2019 (Risk Management. Principles and Guidelines);
  • COSO ERM (Enterprise Risk Management — Integrating with Strategy and Performance);
  • Recommendations on risk management, internal controls, internal audit and the work of the Board of Directors’ (Supervisory Board’s) audit committee in public joint-stock companies (appendix to the Bank of Russia’s Information Letter No. IN-06-28/143 dated 1 October 2020).

To manage production and infrastructure risks, the Company develops, approves, updates and tests business continuity plans designed to maintain and restore current operations.

Internal control

Structure of the risk management framework

Nornickel’s key documents that set out the core principles and approaches in risk management, along with functional responsibilities of the key participants involved in the risk management process, are the Risk Management Policy and Risk Management Regulations.

GRI 2–9, 2–12, 2–13, 2–16

Improving the risk management framework

In 2022, the Company completed the following projects to enhance and maintain the maturity of its risk management framework:

  • put into operation a GRC-type system to automate risk management processes, contributing to better integration of risk management and budgeting processes;
  • conducted an additional external expert review, update and verification of risks associated with key assets;
  • performed a quantitative assessment of the aggregate impact that key risks had on the Company’s 2023 budget and evaluated its sensitivity to key risks;
  • decomposed the Company’s risk appetite to lower levels of the corporate structure and put in place monitoring of specific metrics, including in the ESG area;
  • improved tools for quantitative assessment of operational risks;
  • provided comprehensive employee training in divisions’ companies/units to develop risk and continuity management skills;
  • developed a professional competency model for the key roles in risk management;
  • conducted a self-evaluation of the risk management framework’s maturity level;
  • kicked off a review of long-term climate change risks in line with the TCFD requirements.

To further improve the performance of its corporate risk management framework in the short term, the Company plans to:

  • go ahead with automating processes and functionality of the risk management framework;
  • use quantitative risk assessment in strategic and operational planning;
  • enhance methodology to analyse, assess and manage various categories and types of risks;
  • continue running projects to assess long-term climate change risks in line with the TCFD methodology.
Internal control

Insurance

Insurance is Nornickel’s key tool for managing risks and protecting the assets of the Company and its shareholders against any unforeseen losses related to its operations, including due to external hazards.

To ensure consistent application of the Group’s uniform policies and standards, the insurance function is centralised. Every year, Nornickel approves a comprehensive programme that defines key parameters by insurance type, key business line and project.

The Group has a corporate insurance programme in place that covers assets, equipment failures and business interruptions, with the same terms and conditions applied to all facilities of the core production chain. The principles of centralisation and continuity also underlie our programmes for third-party liability insurance for directors and officers, other types of liability insurance, freight, construction and installation, and vehicle insurance.

Our insurance policies are issued by Russia’s largest insurance companies.

To secure the best insurance and risk management terms, we monitor the mining industry’s best practices and the latest trends in the insurance market.

Key sustainability risks

Nornickel is engaged in ongoing efforts to identify, assess and manage key ESG risks. The risks to the Company’s sustainability goals are mainly related to occupational health and safety, power blackouts at production and social facilities in the Norilsk Industrial District, environmental and conservation legislation, social and labour relationships, information security, and climate change. The most significant risks in terms of their impact on the Company’s goals are shown on the map of key sustainability risks.

Map of key risks, including changes in assessment introduced in 2022

In 2022, risk trends reflected changes in the Company’s external environment. During the year, the Company faced a variety of external challenges, which caused a review of the impact coming from external risk factors.

In 2022, Kola MMC saw the materialisation of a risk that had been identified before, i.e. equipment risk loss, following fire at the electrowinning shop of the cobalt section of the nickel tankhouse. To remedy the consequences, Kola MMC took a number of steps to restore the process of producing metallic cobalt. The Company also implements activities to prevent accidents like that, including projects to upgrade and restore fire safety systems across the facilities.

Climate change risks

Nornickel is aware of the importance of climate change risks and the threat they represent for sustainable development. The Company engages in consistent ongoing efforts to identify climate risk factors in its corporate risk management framework. Among other things, Nornickel implements activities as part of a Roadmap to comply with the TCFD Recommendations in order to integrate best practices in climate risk management into the Company’s business processes. The Company reviews all information related to climate change risks on a quarterly basis.

Key sustainability risks

1. Market risk

Reduced ability of the Company’s products to compete in the market may reduce their liquidity and result in sales at discounts to the market price and a decrease in the Company’s income.

Risk effect: high

Risk source: combined

Risk level change: increase

Key risk factors Key mitigants
  • Higher market standards for ESG compliance and product quality
  • Competition from producers of cheaper nickel
  • Growing role of transport electrification programmes
  • Replacement of metals made by the Company with alternative materials
  • Introduction of external trade restrictions by foreign regulators with negative implications for Nornickel’s operations

To mitigate this risk, the Company:

  • monitors and reviews market requirements to product quality and ESG compliance;
  • takes steps to support and boost demand for its key metals;
  • monitors transportation development trends by type of engine;
  • searches for new palladium applications;
  • diversifies its metal sales by industry and geography;
  • improves and diversifies its product range;
  • promotes cooperation with sectoral institutions to maintain access to relevant metal sales markets;
  • collaborates with Russian ministries and agencies to prevent/minimise negative impact from country-specific and international regulatory measures;
  • implements an ESG roadmap;
  • considers partnerships with key producers of cathodes for Li-ion batteries;
  • enters into strategic partnerships with automakers built on guarantees of long-term palladium supplies.
2. Technical and production risk

Technical and production risk relates to events that can be caused by technical, production-related, or natural factors that can have a negative impact on the progress of the production programme and result in equipment breakdowns or damage to third parties that will require compensation.

Risk effect: high

Risk source: combined

Risk level change: increase

Key risk factors Key mitigants
  • Harsh weather and climatic conditions, including low temperatures, storm winds, snow load
  • Unscheduled stoppages of key equipment due to excessive wear and tear
  • Release of explosive gases and flooding of mines
  • Collapse of buildings and structures
  • Infrastructure breakdowns

To mitigate this risk, the Company:

  • properly and safely operates its assets in line with the requirements of the technical documentation, technical rules and regulations as prescribed by the local laws across its footprint;
  • develops ranking criteria and criticality assessment for the Group’s key industrial assets;
  • rolls out an automated system for managing reliability, efficiency and risks associated with production assets;
  • timely replaces its fixed assets to ensure that production safety is at the required level;
  • rolls out a geotechnical monitoring system across operations to perform ongoing monitoring of its buildings and structures;
  • uses satellite monitoring of its facilities with subsequent analysis of the monitoring data;
  • introduces automated systems to control equipment process parameters, uses modern engineering control systems;
  • improves the maintenance and repair system;
  • trains and educates its employees both locally, on site, and centrally, through its corporate training centres;
  • systematically identifies and assesses technical and production risks, implements a programme of organisational and technical actions to mitigate such risks;
  • continuously monitors the current status of the industrial asset management system;
  • has risks reviewed by collegial bodies at all governance levels;
  • develops the technical and production risk management system, including by engaging independent experts to assess the system efficiency and completeness of data;
  • develops and tests business continuity plans outlining the steps that need to be taken by the Company’s personnel and internal service providers where technical and production risks cause the largest possible damage. The plans aim to ensure that the Company resumes its production as early as possible;
  • annually engages independent surveyors to analyse the Company’s exposure to disruptions in the production and logistics chain and assess related risks.
3. Occupational health and safety risks

Failure to comply with the Group’s health and safety rules may result in threats to employee health and life, temporary suspension of operations and property damage.

Risk effect: high

Risk source: internal

Risk level change: none

Key risk factors Key mitigants
  • Unsatisfactory organisation of operations
  • Process disruption
  • Exposure to hazardous factors

Pursuant to the Occupational Health and Safety Policy approved by the Board of Directors, the Company:

  • continuously monitors compliance with occupational health and safety (OHS) requirements;
  • improves working conditions for its own and contractors’ employees deployed at the Company’s production facilities, including by implementing new technologies and labour saving solutions and enhancing industrial safety at production facilities;
  • provides staff with certified modern personal protective equipment;
  • improves the system of fixed gas analysers and furnishes staff with portable gas analysers;
  • implements preventive healthcare measures and sanitary and hygienic practices to reduce the potential impact of hazardous and dangerous production factors;
  • provides its employees with regular training and instructions and assesses their performance in OHS, conducts corporate workshops, where, among other things, special simulation equipment is used;
  • strengthens the methodological framework in OHS, including by developing and introducing corporate standards;
  • improves the risk assessment and management framework at the Group companies and production facilities as part of the Risk Control project;
  • reviews the competencies of line managers at the Company’s production facilities, develops OHS training programmes and arranges relevant training sessions;
  • holds OHS competitions;
  • provides all employees with updates on the circumstances and causes of accidents, conducts ad hoc themed instruction sessions;
  • introduces frameworks to manage technical, technological, organisational and HR changes.
Internal control
4. Soil thawing

Loss of pile foundation bearing capacity may cause deformation of buildings and structures leading to their destruction.

Risk effect: medium

Risk source: external

Risk level change: none

Key risk factors Key mitigants
  • Climate change, average annual temperature increase (over the last 15–20 years)
  • Increased depth of seasonal thawing

To mitigate this risk, the Company:

  • regularly monitors the condition of foundation beds and structural parts of buildings and structures;
  • runs geodetic control of changes in buildings’ positions;
  • uses satellite monitoring of the Company’s facilities with subsequent analysis of the monitoring data to identify potential risks of deformations in the earth’s crust, if any;
  • implements ongoing monitoring of the Company’s buildings and structures by scaling up a corporate information and diagnostics system (including deployment of automated monitoring points to control parameters essential for the safe operation of buildings and structures);
  • monitors soil temperature at foundations of buildings and structures;
  • monitors the facilities’ compliance with operational requirements for buildings and structures erected in the Northern climate zone;
  • puts in place corrective actions and adaptation measures to bring buildings and structures into safe operating conditions.
Internal control
5. Compliance risks
GRI 205–1

This risk relates to legal liability and/or legal sanctions, significant financial losses, suspension of production, revocation or suspension of licences, loss of reputation, or other adverse effects arising from the Company’s non-compliance with the applicable regulations, instructions, rules, standards or codes of conduct.

Risk effect: medium

Risk source: combined

Risk level change: none

Key risk factors Key mitigants
  • Discrepancies in rules and regulations
  • Considerable powers and a high degree of discretion exercised by regulatory authorities

To mitigate this risk, the Company:

  • develops and updates regulatory and procedural guidelines on anti-corruption and combating unlawful use of insider information and market manipulation;
  • implements initiatives to ensure compliance with the applicable laws;
  • ensures that its interests are protected during surveillance inspections or in administrative offence cases;
  • defends its interests in courts and when court rulings are executed;
  • includes in contracts provisions protecting its interests;
  • implements initiatives to combat corruption, money laundering, and financing of terrorism and proliferation of weapon of mass destruction, and to manage conflicts of interests;
  • takes actions to prevent unlawful use of insider information and market manipulation;
  • ensures timely and reliable information disclosures as required by the applicable Russian and international laws;
  • gives its employees training in dealing with insider information and combating corruption;
  • conducts induction briefings on anti-corruption;
  • supports the operation of the Corporate Trust Line set up to handle reports of future or past cases of corruption, fraud, theft or other wrongdoings;
  • assesses the effectiveness of anti-corruption controls in the Group.
6. Information security risks

This group of risks includes, among other things, potential cyber crimes, potential unauthorised transfer, modification or destruction of information assets, disruption or lower efficiency of IT services, business, technological and production processes of the Company.

Risk effect: medium

Risk source: combined

Risk level change: increase

Key risk factors Key mitigants
  • Growing external threats
  • Unfair competition
  • Rapid development of IT infrastructure and automation of production and business processes
  • Employee and/or third-party wrongdoings
  • Switch to remote working and engagement of remote workforce outside the regions of the Company’s operation

To mitigate this risk, the Company:

  • complies with applicable Russian laws and regulations with respect to personal data and trade secret protection, insider information, and critical information infrastructure;
  • implements MMC Norilsk Nickel’s Information Security Policy;
  • categorises information assets and assesses information security risks;
  • plans and controls the compliance of information systems with the corporate information security standards;
  • raises employee awareness in information security;
  • replaces imported tools of information protection that have limited functionality due to sanctions;
  • protects assets using technical means and manages information access;
  • monitors threats to information security and the use of technical protection means, including vulnerability analysis, intervention testing, cryptographic protection of communication channels, controlled access to removable media, protection from confidential data leakages, mobile device management;
  • develops information security regulations;
  • procures that the corporate information security management system is set up and duly certified;
  • takes measures to provide secure remote access.
7. Environmental risks

This group of risks includes events that cause hazardous substances to be present in the environment, as well as events that are not part of the approved production processes and outside of the Russian laws and regulations and affect the Company’s achievement of its environmental protection goals.

Risk effect: medium

Risk source: combined

Risk level change: none

Key risk factors Key mitigants
  • Non-compliance with environmental protection laws and regulations when running the Company’s facilities
  • Poor internal management and controls
  • Failure to implement environmental protection programmes and activities on time
  • Natural phenomena and climate-related events

To mitigate this risk, the Company:

  • develops, implements and improves business processes to protect the environment and introduces best practices and approaches;
  • creates an incentive framework and develops employee expertise in environmental protection;
  • implements the Environmental and Climate Change Strategy;
  • goes ahead with the Company’s environmental action plan;
  • oversees compliance with environmental laws and regulations and implementation of programmes and activities on environmental protection.
8. Risk of insufficient water resources

Water shortages in storage reservoirs of the Company’s hydropower facilities may result in failure to achieve necessary water pressure at HPP turbines leading to limited power production and drinking water shortages in Norilsk.

Risk effect: medium

Risk source: external

Risk level change: none

Key risk factors Key mitigants

Abnormal natural phenomena (drought) caused by climate change

To mitigate this risk, the Company:

  • builds a closed water circuit to reduce water withdrawal from external sources;
  • performs ongoing hydrological monitoring to forecast water level in rivers and water bodies;
  • in cooperation with the Federal Service for Hydrometeorology and Environmental Monitoring sets up permanent hydrological and meteorological monitoring stations to ensure more accurate water level forecasting in its regions of operation;
  • dredges the Norilskaya River and reduces energy consumption at the production facilities, should the risk materialise;
  • replaces equipment at one of its two hydropower plants to increase power output through improving the performance of hydroelectric units.
Internal control
9. Social risk

The risk relates to increased tension among the workforce due to the deterioration of social and economic conditions in the Company’s regions of operation.

Risk effect: medium

Risk source: combined

Risk level change: none

Key risk factors Key mitigants
  • Projects that have an impact on headcount/staffing
  • Failure of some employees and/or third parties to share the Company’s values
  • Limited opportunities for annual wage indexation
  • Dissemination of false and inaccurate information about the Company’s plans and operations among the Group’s employees
  • Reallocation of spending on social programmes and charity

To mitigate this risk, the Company:

  • strictly abides by the collective bargaining agreements made between the Group’s companies and employees;
  • actively interacts with civil society institutions, and employee representative bodies;
  • runs programmes in accordance with its corporate social policy and the World of New Opportunities charitable programme to support and promote regional public initiatives, including those geared towards the indigenous peoples of the Taimyr Peninsula, and the Plant of Goodness corporate volunteering programme;
  • puts in place infrastructure to enable accelerated development and improved quality of life across the Company’s regions of operation in cooperation with the Norilsk Development Agency, the Second School Centre for community initiatives in the Pechengsky District, and the Monchegorsk Development Agency;
  • implements regular social monitoring across the Group’s operations;
  • conducts opinion polls among Norilsk’s communities to learn more about their living standards, employment, migration trends and general social sentiment, and identify major challenges;
  • implements social projects and programmes aimed at supporting employees and their families, as well as the Company’s former employees;
  • engages in dialogues with stakeholders and conduct opinion polls while preparing public sustainability reports of the Group;
  • implements a set of social support initiatives for the personnel facing redundancies as part of Kola MMC’s social programmes and develops roadmaps for the social and economic development of the Pechengsky District.
10. Supply chain risks

Supply chain disruption in existing transportation and logistics schemes.

Risk effect: medium

Risk source: combined

Risk level change: none

Key risk factors Key mitigants
  • Harsh physical and climatic conditions of the regions of operation
  • Transportation and logistics limitations
  • Higher inflation and exchange rates, pricing pressure from suppliers, improper planning and other factors
  • Improper performance of contractors

To mitigate this risk, the Company:

  • proactively partners with domestic manufacturers to strengthen competition;
  • enters into long-term contracts/agreements and sets optimal fixed prices for the long term for equipment, materials and spare parts at the most favourable terms possible;
  • makes lists of critical equipment and materials suppliers and takes steps to prevent supply disruptions and monitor the business of said partners;
  • runs logistics expansion programmes.