NSD’s Information Disclosure Rules approved by the Bank of Russia (Order No. 14−6-22/9132 dated 20 September 2017) set out the procedure for information disclosure, i.e., provision of the following information to an indefinite or unlimited number of concerned parties:
In particular, the Rules require that NSD act in accordance with the principle of transparency towards its shareholders, clients, business partners, counterparties, governmental authorities, employees, and other stakeholders. In accordance with the principle of transparency, the proper level of information disclosure is ensured by compliance with the following rules:
To ensure compliance with the Rules, the Chairman of the Executive Board approved the Procedure for Preparation, Verification and Approval of Information to Be Disclosed by NSD as the Central Securities Depository. The Procedure sets out a list of information (data, facts, documents, and other informational materials) to be disclosed by NSD and designates employees responsible for the preparation, verification, and approval of the information to be disclosed.
In addition to conventional communication channels, NSD discloses information and communicates with counterparties via popular social media: Twitter and Facebook.
The Internal Audit Commission is the controlling body responsible for internal control over NSD’s financial and business activities. Members of the Internal Audit Commission are elected at annual General Meetings of Shareholders.
The members of the Internal Audit Commission are:
1. Olga Melentieva;
2. Maxim Nikonov;
3. Vladimir Sukhachev
The proceedings of NSD’s Internal Audit Commission are governed by the Regulations on the Internal Audit Commission approved by the General Meeting.
On 30 May 2019, NSD’s annual General Meeting of Shareholders resolved to approve the appointment of Deloitte & Touche CIS as NSD’s auditor to conduct audits under the Russian Accounting Standards (RAS) and the International Financial Reporting Standards (IFRS) for the period until NSD’s annual General Meeting of Shareholders to take place in 2020.
Full name | Joint-Stock company «Deloitte & Touche CIS» |
Short name | Deloitte & Touche CIS |
Registered Office | 5 Lesnaya Street, 125047 Moscow |
Telephone and fax numbers | Tel.: +7 (495) 787 06 00 Fax: +7 (495) 787 06 01 |
moscow@deloitte.ru | |
Full name and address of the self-regulatory organization of auditors in which the auditor has (had) membership | Self-regulated organization of auditors «Russian Union of Auditors» (Association) 8 Petrovskiy Pereulok, Bldg. 2, 107031 Moscow 2 |
Financial year for which the auditor conducted an independent audit of the statutory accounting books and financial statements under Russian laws and the IFRS | 2017, 2018, 2019 |
Deloitte & Touche CIS is authorized under Russian laws to conduct independent audits of NSD’s accounting system, financial statements (accounts), tax reports, financial results, and NSD’s internal control system, as well as to prepare and present an auditor’s report on NSD’s financial statements prepared under the RAS and IFRS, and, if any material shortcomings in the accounting or internal control system are identified, issue an information letter, describing the shortcomings, to NSD’s executives.
Deloitte & Touche CIS does not have any significant common interests with NSD or the Moscow Exchange Group.
Interaction with the external auditor is maintained under the Audit and Review Services Agreement. An audit is only intended to express an opinion on the validity of NSD’s financial statements and on whether the accounting records are maintained by NSD in compliance with applicable Russian law. Validity means the degree of accuracy of the data contained in the financial statements and whether it enables a user of such financial statements to draw conclusions, on the basis of such data, regarding NSD’s performance results, financial position, and assets, and to make informed decisions. During the audit period, the auditors also examine the tax accounting books and tax reports filed by NSD in the forms required (i.e., tax returns, tax calculations, etc.) and determine whether all tax reliefs were obtained lawfully. The purpose of a review is to express a conclusion whether, on the basis of the review, anything has come to the auditor’s attention that causes the auditor to believe that NSD’s interim financial statements for the first six months of the year are not prepared, in all material respects, in accordance with IAS 34 «Interim Financial Reporting».
Interaction with the auditor includes several phases:
For the purposes of conducting an audit, NSD designates an employee to be in charge of liaising with NSD’s business units and ensuring that the information needed for the audit is delivered in a timely fashion.
Under the Audit and Review Services Agreement, the auditor undertakes to strictly comply with the laws of the Russian Federation and other regulations, including Federal Law No. 307-FZ dated 30 December 2008 «On Audit Activities», international standards on auditing, and federal standards on auditing adopted in the Russian Federation. Furthermore, the auditor is required to:
Where the auditor discovers any breach of the tax laws or any material misstatements in NSD’s financial statements or tax reports, the auditor will notify NSD’s executives that they may be held liable for such breaches and that it is necessary to make amendments to the financial statements or make adjustments to the tax returns and calculations.
The auditor determines, at its own discretion, the forms and methods of the audit based on the requirements imposed by the applicable Russian laws and regulations, subject to the specific terms and conditions of the Audit and Review Services Agreement.
In the course of an audit, NSD undertakes to make the relevant arrangements and provide assistance to the auditor to ensure that the financial and tax audits are completed in a timely fashion and in full. NSD provides the auditor with all the information and documents requested and needed for the audit, provides full clarifications and confirmations as may be requested by the auditor, and requests any information necessary for the audit from third parties.
In compliance with the requirements set forth by Russian laws and Bank of Russia’s regulations, NSD implements internal controls that are appropriate to the nature and scope of NSD’s business (as the central securities depository and as a non-banking credit institution, professional securities market participant, clearing house, and trade repository), and to NSD’s risk profile.
Internal controls are implemented to ensure that NSD pursues the following objectives:
NSD’s Supervisory Board, Executive Board, and Executive Board Chairman are actively involved in managing the internal control system. NSD has the Audit Committee, a standing advisory body of the Supervisory Board established to ensure the effectiveness of internal controls and internal audits, to assess the effectiveness of the risk management system, and to make recommendations to NSD’s Supervisory Board and executive bodies to enable them to take decisions on those matters in accordance with their authority.
NSD’s internal control system is based on the principle of three lines of defence, as required by the global best practices. The maturity level of the internal control system is confirmed by an independent auditor.
At NSD, there are two departments responsible for internal control on a continuous basis: the Internal Audit Department and the Internal Control Department.
The Internal Audit Department is responsible for assessing the reliability and effectiveness of internal controls, risk management, corporate governance, and business processes at NSD, provides NSD’s management bodies with information upon completion of internal audits, and gives advice on matters relating to internal controls.
The Internal Control Department is responsible for ongoing control over NSD’s operations, including NSD’s operations as CSD, clearing house, and trade repository, as well as over the work of the AML/CFT Officer and the Insider Trading Compliance Officer.
In 2019, in the field of AML/CFT, the main focus was on automation of processes amid changing requirements of Russian laws, and on preventing questionable transactions attempted to be made using new instruments or services.
Compliance efforts were focused on ensuring compliance with increasing regulatory requirements to NSD’s operations and foreign jurisdictions' requirements concerning tax risks (FATCA, The Common Reporting Standard), as well as on managing geopolitical risks.
In 2019, NSD’s key areas of business were audited by the Bank of Russia, without any material findings on non-compliance.
The multi-level internal control system enables NSD to effectively identify and manage risks in all areas of its business.
To deliver on its strategic objectives, it is crucial for NSD to implement information management and protection practices, as information protection is the overarching factor of effective and sustainable performance.
NSD has the status of central securities depository, its Payment System is nationally important, and NSD also provides banking, trade repository, clearing, and other services in the financial market. All these factors make information and cyber security one of NSD’s priorities.
The work to ensure information security (IS) at NSD is organized in accordance with the Russian laws, Bank of Russia’s requirements and recommendations, the package of standardization documents issued by the Bank of Russia (entitled «Ensuring Information Security at Organizations of the Banking Industry of the Russian Federation») (the «BR ISBS Package»), NSD’s Information Security Policy, and the best practices and international standards.
The focus of IS activities is to ensure the security of clients' assets, as well as the security of the company‘s banking, depository, settlement and information systems, to ensure NSD’s sustainable and effective performance, and to safeguard interests of NSD and its shareholders, investors, and clients against information security threats. The Information Security Division is responsible for putting in place an effective system to manage IS risks and conducting works designed to identify and counter any possible threats.
In accordance with the requirements of the Russian laws and the requirements set out in the BR ISBS Package, the Information Security Division is actively involved in analyzing business processes, drafting terms of reference, rolling out hardware and software, and performing an expert review of contracts and agreements. In addition, the Information Security Division regulates processes designed to separate users' access, sets up and maintains information protection tools, allocates access rights, and maintains key information.
Thanks to regular IS audits, NSD can objectively assess the current level of information security. On a quarterly basis, the Information Security Division issues a cyber security report describing the current security status of IT systems; reports are provided to the Executive Board, Executive Board Chairman, Risk Management Department, and Audit Committee of the Supervisory Board.
An independent audit of NSD for compliance with the requirements set out in Bank of Russia’s Regulations No. 382-P dated 9 June 2012 «On the Requirements to Information Security in the Course of Money Transfers and the Procedure for Monitoring by the Bank of Russia of Compliance with Such Requirements», which was conducted in 2019, confirmed that NSD complies with the Bank of Russia’s requirements and observes the international Principles for Financial Market Infrastructures, and showed an improvement in the IS level.
To maintain and raise its IS level, NSD took steps to improve its information protection tools and IS-related internal regulations and to enhance security of source codes of business IT systems under development.
In 2019, NSD’s Information Security Division paid specific attention to:
NSD took steps to improve the process of vulnerability management, which allowed the company to identify and address vulnerabilities in NSD’s information infrastructure before they have caused negative effects as a result of such vulnerabilities being exploited by intruders.
In the reporting year, the following measures were implemented:
The Information Security Division continuously improves the methodological and technological support of its activities. In particular, the Information Security Division analyzes, on a regular basis, legislative and regulatory changes, including changes in Government Standard GOST 57580.1−2017 «Security of Financial (Banking) Operations. Information Protection at Financial Institutions. Basic Organizational and Technical Measures», providing the basis on which NSD can make necessary amendments to its internal regulations in a timely fashion, and implements and modernizes security and protection solutions.
Entity’s Full and Short Name | Registered Office | Interest in the Share Capital, % |
SWIFT SCRL (Society for Worldwide Interbank Financial Telecommunication) | Avenue Adèle 1, 1310 La Hulpe, Belgium | 0.0145 |