Internal control and risk management

Risk management framework

Key risk management objectives at Nornickel

1

Increase the likelihood of achieving the Company’s goals

2

Make resource allocation more efficient

3

Boost the Company’s investment case and shareholder value

The corporate risk management framework aligns with the principles and requirements of applicable laws and professional standards. Those include:

  • Corporate Governance Code recommended by the Bank of Russia;
  • GOST R ISO 31000–2019 (Risk Management. Principles and Guidelines);
  • COSO ERM (Enterprise Risk Management — Integrating with Strategy and Performance);
  • Recommendations on Risk Management, Internal Controls, Internal Audit and the Work of the Board of Directors’ (Supervisory Board's) Audit Committee in Public Joint‑Stock CompaniesAppendix to Letter of the Bank of Russia No. IN-06-28/143 dated 1 October 2020..

Key by‑laws setting out the core principles and components of the risk management framework, as well as the responsibilities of risk management units, include:

  • MMC Norilsk Nickel’s Risk Management Policy;
  • MMC Norilsk Nickel's Risk Management Regulations.
Initiatives to improve the risk management framework of Nornickel in 2023

Pilot automation of project risk management completed based on the existing GRC system, links between risks and relevant control procedures automated for the environmental risk group

Quantitative assessment completed with respect to the aggregate impact risks had on function specific strategies

Training materials prepared for project risk management

Concept for assessing long‑term climate change risks developed as part of a project seeking to ensure compliance with the TCFD recommendations

Employees of Kola and Norilsk Divisions’ companies trained in environmental risk management

Integration of risk management and budgeting processes continued using the automation opportunities offered by the GRC system

The Risk Management Committee and other dedicated committees continued to work on a regular basis

Tools for quantitative assessment of operational risks improved

Quantitative assessment completed with respect to the aggregate impact key risks had on the Company’s 2024 budget, the budget’s exposure to key risks evaluated, risk management initiatives included in the budget

The Company’s risk appetite decomposed to lower levels of the corporate structure, monitoring of relevant financial and non‑financial metrics put in place, process automation completed

The maturity of the risk management framework audited by an independent external expert, with the findings confirming a high level of maturity

Quantitative risk assessment of investment projects completed

Nornickel
Structure of Nornickel’s corporate risk management framework

GRI 2‑9, 2‑12, 2‑13, 2‑16

Management of sustainability risks

In 2023, the material risks of the Company related to achieving sustainable development goals included climate change, HSE, social and labour, and information security risks.

The most significant risks in terms of their impact on the Company's goals and sources are presented on the key risk map, which was developed in line with international risk management standards (risks No. 4–13 are classified as sustainability risks).

Map of key risks, including changes in assessment introduced in 2023
Climate change risks

Nornickel is improving its procedures to manage climate change risks.

Insurance

Insurance is one of the most important tools for managing risks and finances and protecting the assets of Norilsk Nickel Group and its shareholders against any unforeseen losses related to its operations, including due to external hazards.

The Group has a centralised insurance function in place to enforce compliance with uniform policies and standards under insurance programmes and to ensure continuous insurance coverage. The Company annually approves a comprehensive insurance programme that defines key parameters by insurance type and key project.

The Group developed and implemented a corporate insurance programme that covers assets, equipment failures and business interruptions, with the same terms and conditions applied to all facilities of the core production chain. The principles of centralisation also underlie the Group’s programmes for freight, construction and installation, and vehicle insurance, and third‑party liability insurance of the Group’s entities, directors, and officers.

Nornickel makes sure that its risks are underwritten. Our insurance policies are issued by Russia’s largest insurance companies. To optimise terms of insurance coverage for the Group companies and better manage covered risks, we follow the best metals and mining industry practices.

Key risks of Nornickel and relevant mitigation initiatives
Price risk

Potential decrease in revenue due to lower prices for metals produced by Nornickel subject to the actual or potential changes in demand and supply on certain metal markets, global macroeconomic trends, and the financial community's interest in speculative/investment transactions in the commodity markets.

Risk effect: high.
Risk source: external.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Lower demand for metals produced by the Company;
  • global economic slowdown or economic downturn in countries consuming metals produced by the Company;
  • supply and demand imbalance in metal markets;
  • replacement of metals made by the Company with alternative materials
Upgrade of existing and construction of new facilities to ramp up production of key metals and to maintain financial stability

The Company made an informed decision to assume price risk. To manage this risk, the Company:

  • continuously monitors and forecasts changes in key metals supply and demand;
  • safeguards feedstock supplies for key customers through long‑term contracts to supply metals in fixed volumes;
  • as a member of the global Nickel Institute and the International Platinum Group Metals Association, works with other nickel and PGM producers to maintain and increase the demand for these metals;
  • searches for new palladium applications
Market risk

Reduced ability of the Company’s products to compete in the market may reduce their liquidity and result in sales at discounts to the market price and a decrease in the Company’s income.

Risk effect: high.
Risk source: combined.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Introduction of external trade restrictions by foreign regulators with negative implications for Nornickel’s operations;
  • competition from producers of cheaper nickel;
  • changes in the intensity of transport electrification programmes, requirements imposed on metals and their forms;
  • higher market standards for ESG compliance and product quality
Upgrade of existing and construction of new facilities to ramp up production of key metals and to maintain financial stability

To manage this risk, the Company:

  • monitors and reviews market requirements on product quality, product form and ESG compliance;
  • takes steps to support and boost demand for its key metals;
  • monitors transportation development trends by type of engine and requirements imposed on sourced metals;
  • diversifies its metal sales by industry and geography;
  • improves and diversifies its product range;
  • promotes cooperation with sectoral institutions to maintain access to relevant metal sales markets;
  • collaborates with Russian ministries and agencies to prevent/minimise negative impact from country‑specific and international regulatory measures;
  • considers partnerships with key producers of cathodes for Li‑ion batteries;
  • enters into strategic partnerships with car makers built on guarantees of long‑term palladium supplies;
  • looks into partnerships that can boost demand for nickel in Russia;
  • fosters and promotes alternative PGM supply/trade platforms
Financial risks

The group of risks includes FX, interest rate and liquidity risks, as well as other risks associated with financing the Company's operations and investment activities.

Risk effect: high.
Risk source: combined.
Risk level change: decreased
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Increase in the cost of borrowing;
  • worsening market environment;
  • sharp fluctuations in FX rates against the Russian rouble;
  • inability to raise debt financing due to negative changes in financial market conditions;
  • inability to tap into the key segments of global financial markets (debt and derivative instruments), limited capacity of FX borrowing markets;
  • risk of major unforeseen expenses;
  • materialisation of the counterparty credit risk;
  • restrictions introduced by foreign regulators that might affect Nornickel's operations, its key partners and infrastructure agents

Balanced debt portfolio in terms of debt currency, maturity and funding sources.

Upholding the Company’s investment case

To manage this risk, the Company:

  • maintains a balanced debt portfolio;
  • procures additional credit facilities denominated in Russian roubles to prevent liquidity shortages;
  • creates on‑balance liquidity cushions to secure payments;
  • monitors the payment position, current cash gaps, and availability of balance sheet liquidity;
  • conducts regular scenario modelling for key risk events and develops preventive response plans;
  • continuously expands the pool of potential partner credit and financial institutions, and diversifies the settlement infrastructure;
  • uses different financial models subject to their purpose or objective, expands the assessment toolkit for financial risks (stress testing, reverse stress testing covering all financial risks and their factors to track their links/combinations and correlations over time)
Technical and production risk

Technical and production risk relates to events that can be caused by technical, production‑related, or natural factors that can have a negative impact on the progress of the production programme and result in equipment breakdowns or damage to third parties that will require compensation.

Risk effect: high.
Risk source: combined.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Harsh weather and climatic conditions, including low temperatures, storm winds, snow load;
  • unscheduled stoppages of key equipment due to excessive wear and tear;
  • release of explosive gases and flooding of mines;
  • collapse of buildings and structures;
  • infrastructure breakdowns
Delivery against the metal production plan

To manage this risk, the Company:

  • properly and safely operates its assets in line with the requirements of the technical documentation, technical rules and regulations as prescribed by the local laws across its footprint;
  • introduces ranking criteria and determines the criticality of key industrial assets;
  • timely replaces its fixed assets to ensure that production safety is at the required level;
  • rolls out a geotechnical monitoring system across operations to perform ongoing monitoring of its buildings and structures;
  • uses satellite monitoring of its facilities with subsequent analysis of the monitoring data;
  • introduces automated systems to control equipment process parameters, uses modern engineering control systems;
  • improves the maintenance and repair system;
  • trains and educates its employees both locally, on site, and centrally, through its corporate training centres;
  • systematically identifies and assesses technical and production risks, implements a programme of organisational and technical actions to mitigate such risks;
  • continuously monitors the current status of the industrial asset management system;
  • has risks reviewed by collegial bodies at all governance levels;
  • develops the technical and production risk management system, including by engaging independent experts to assess the system efficiency and completeness of data;
  • develops and tests business continuity plans outlining the steps that need to be taken by the Company's personnel and internal service providers where technical and production risks cause the largest possible damage. The plans aim to ensure that the Company resumes its production as early as possible;
  • annually engages independent surveyors to analyse the Company's exposure to disruptions in the production and logistics chain and assess related risks
Investment project risks

Risks associated with major investment project delays, budget overruns, and deviations from technological targets.

Risk effect: high.
Risk source: combined.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Changing forecasts of ore volume, quality and properties in the course of follow‑up exploration;
  • changing implementation timelines for investment projects;
  • changes in the budgets of investment projects occurring in the course of their implementation;
  • changes in the technological targets of investment projects occurring in the course of their implementation

Strategic goal: development driven by Tier 1 assets.

Growth of mining, concentration and metallurgical capacities.

Enhancement of the resource base and upgrade of production units across the Company’s Tier 1 assets

To manage this risk, the Company:

  • performs proactive geological exploration and updates technological project indicators and the mining plan (long‑term production plan) based on the current status of major investment projects developing the mineral resource base;
  • implements resource, geomechanical and hydrogeological modelling;
  • holds external audits of geological data;
  • develops the mining and geological information system;
  • models mining plans through the mining and geological information systems;
  • as part of the project assurance process, conducts internal audits (cross‑functional expert review) of large investment projects at each stage in their life cycle;
  • improves project management incentives and enhances competencies (including through employee certification designed to identify areas for improvement and provide relevant training);
  • improves project management standards and upgrades project management tools;
  • rolls out successful pilots to all technically advanced and unique production units;
  • redesigns the projects and replaces providers of material and technical resources / services with suppliers from friendly countries subject to relevant sanction restrictions;
  • promotes NN Development as a dedicated corporate function integrating responsibility for capital construction projects;
  • transforms Gipronickel Institute to improve the quality of R&D and feasibility studies and to minimise their duration;
  • nurtures project management skills in project teams and facilitates knowledge sharing through regular project forums
Occupational health and safety risks

Failure to comply with the Group's occupational health and safety rules may result in threats to employee health and life, temporary suspension of operations and property damage.

Risk effect: high.
Risk source: internal.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Unsatisfactory organisation of operations;
  • process disruptions;
  • exposure to hazardous factors
Occupational health and safety

Pursuant to the Occupational Health and Safety Policy approved by the Company's Board of Directors, the Company:

  • continuously monitors compliance with occupational health and safety (OHS) requirements;
  • improves working conditions for its own and contractors’ employees deployed at the Company’s production facilities, including by implementing new technologies and labour saving solutions and enhancing industrial safety at production facilities;
  • provides staff with certified modern personal protective equipment;
  • improves the system of fixed gas analysers and furnishes staff with portable gas analysers;
  • implements preventive healthcare measures and sanitary and hygienic practices to reduce the potential impact of hazardous and dangerous production factors;
  • provides its employees with regular training and instructions and assesses their performance in OHS, conducts corporate workshops, where, among other things, special simulation equipment is used;
  • strengthens the methodological framework in OHS, including by developing and introducing corporate standards;
  • improves the risk assessment and management framework at the Group companies and production facilities as part of the Risk Control project;
  • reviews the competencies of line managers at the Company’s production facilities, develops OHS training programmes and arranges relevant training sessions;
  • holds OHS competitions;
  • provides all employees with updates on the circumstances and causes of accidents, conducts ad hoc themed instruction sessions;
  • introduces frameworks to manage technical, technological, organisational and HR changes
Degradation of permafrost soil (climate risk factor)

Loss of pile foundation bearing capacity may cause deformation of buildings and structures leading to their destruction.

Risk effect: medium.
Risk source: external.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Climate change, average annual temperature increase (over the last 15–20 years);
  • increased depth of seasonal thawing

Delivery against the metal production plan. Social responsibility: creating a safe and comfortable living environment for local communities in the Company's regions of operation.

Prevention of interregional or federal emergency situations that might cause environmental damages

To manage this risk, the Company:

  • regularly monitors the condition of foundation beds of buildings and structures;
  • runs geodetic control of changes in buildings’ positions;
  • uses satellite monitoring of the Company's facilities with subsequent analysis of the monitoring data;
  • implements ongoing monitoring of the Company’s buildings and structures and analyses the monitoring data to identify potential risks of deformations in the earth's crust, if any;
  • implements ongoing monitoring of the Company’s buildings and structures by scaling up a corporate information and diagnostics system (including deployment of automated monitoring points to control parameters essential for the safe operation of buildings and structures);
  • monitors soil temperature and moisture at foundations of buildings and structures;
  • puts in place corrective actions and adaptation measures to bring buildings and structures into safe operating conditions
Supply chain risks

Supply chain disruption in existing transportation and logistics schemes.

Risk effect: medium.
Risk source: combined.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Harsh physical and climatic conditions in the regions of operation;
  • transportation and logistics limitations;
  • higher inflation and exchange rates, pricing pressure from suppliers, improper planning and other factors;
  • non‑compliance with sustainability principles on the part of suppliers;
  • improper performance of contractors

Delivery against the metal production plan.

Timely shipments to customers

To mitigate supply chain risks, the Company:

  • partners with domestic manufacturers to strengthen competition;
  • enters into long‑term contracts/agreements and sets optimal fixed prices for equipment, materials and spare parts;
  • makes lists of critical equipment and materials suppliers, and takes steps to prevent supply disruptions and monitor said counterparties;
  • conducts due diligence of mineral suppliers in accordance with the Five‑Step OECD Due Diligence Guidance;
  • runs the logistics expansion programme
Compliance risks

GRI 205-1

This risk relates to legal liability, significant financial losses, suspension of production, revocation or suspension of licences, loss of reputation, or other adverse effects arising from the Company’s non‑compliance with the applicable regulations, instructions, rules, standards and codes of conduct, or resulting from the application of sanctions and/or other penalties imposed by external regulatory authorities.

Risk effect: medium.
Risk source: combined.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Discrepancies in rules and regulations;
  • considerable powers and a high degree of discretion exercised by regulatory authorities;
  • regulatory instability;
  • market practices influenced by business ethics and country‑specific
Ensuring compliance of Nornickel Group and its Russian entities with applicable laws, regulations, corporate standards and business practices

To mitigate compliance risks, the Company:

  • develops and updates key internal regulations and guidelines in accordance with applicable laws, ensures compliance with such regulations and guidelines;
  • applies advanced practices to improve the compliance system;
  • ensures that its interests are protected during surveillance inspections or in administrative offence cases;
  • includes in contracts provisions protecting its interests;
  • checks the reliability of its counterparts, partners and suppliers before signing contracts with them;
  • raises employee awareness about the Company's compliance risk mitigation requirements and initiatives;
  • supports the operation of the Corporate Trust Line set up to handle reports of future or past cases of corruption, fraud, theft or other wrongdoings;
  • develops and maintains an antitrust compliance system;
  • assesses the performance of compliance control at Nornickel.
Information security risks

This group of risks includes, among other things, potential cyber crimes, potential unauthorised transfer, modification or destruction of information assets, disruption or lower efficiency of IT services, business, technological and production processes of the Company.

Risk effect: medium.
Risk source: combined.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Growing external threats;
  • unfair competition;
  • rapid development of IT infrastructure and automation of production and business processes;
  • employee and/or third‑party wrongdoings;
  • remote/hybrid working models and engagement of remote workforce outside the regions of the Company’s operation;
  • limitations of operated protection tools
Reducing the threats to information security and the risk of cyber attacks on the Company’s information and automated process control systems

To mitigate information security risks, the Company:

  • complies with applicable laws and internal regulations with respect to information security, personal data and trade secret protection, insider information, and critical information infrastructure;
  • categorises information assets and assesses information security risks;
  • raises employee awareness in information security;
  • replaces tools of information protection that have limited functionality;
  • protects assets using technical means and manages information access;
  • monitors threats to information security and the use of technical protection means, including vulnerability analysis, intervention testing, cryptographic protection of communication channels, controlled access to removable media, protection from confidential data leakages, mobile device management;
  • procures that the corporate information security management system is set up and duly certified;
  • takes measures to provide secure remote access
Environmental risks

This group of risks includes events that cause chemical substances to be present in the environment, as well as events that are not part of the approved production processes and outside of the Russian laws and regulations and affect the Company’s achievement of its environmental protection goals.

Risk effect: medium.
Risk source: combined.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Non‑compliance with environmental protection laws and regulations when running the Company’s facilities;
  • poor internal management and controls;
  • failure to implement environmental protection programmes and activities on time;
  • natural phenomena and climate‑related events
Ensuring compliance of operations with applicable environmental laws, regulations, corporate standards and business practices

To manage these risks, the Company:рамках стратегии управления данной группой рисков Компания: -->

  • develops, implements and improves business processes to protect the environment and introduces best practices and approaches;
  • creates an incentive framework and develops employee expertise in environmental protection;
  • implements the Environmental and Climate Change Strategy;
  • implements environmental action plans of Nornickel Group and its Russian entities;
  • oversees compliance with environmental laws and regulations and implementation of programmes and activities on environmental protection
Low water levels in rivers

Water shortages in storage reservoirs of the Company's hydropower facilities may result in failure to achieve necessary water pressure at HPP turbines leading to limited power production and drinking water shortages in Norilsk.

Risk effect: medium.
Risk source: external.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Abnormal natural phenomena (drought) caused by climate change

Social responsibility: creating a safe and comfortable living environment for local communities in the Company's regions of operation.

Reducing the share of renewable energy consumption

To manage this risk, the Company:

  • improves the efficiency of the closed water circuit to reduce fresh water withdrawal from surface sources (water bodies);
  • carries out regular hydrological examinations to forecast water levels in rivers and water bodies;
  • in cooperation with the Federal Service for Hydrometeorology and Environmental Monitoring (Rosgidromet) sets up permanent hydrological and meteorological monitoring stations to ensure more accurate water level forecasting in its regions of operation;
  • dredges the Norilskaya River at the water withdrawal sites to improve reliability during low water periods;
  • implements a comprehensive range of initiatives to improve equipment performance and the efficiency of production chains with a view to reducing water consumption;
  • replaced hydroelectric units at Ust‑Khantayskaya HPP to increase power output through improving the performance of hydroelectric units
Social risk

The risk relates to increased tension among the workforce due to the deterioration of social and economic conditions in the Company’s regions of operation.

Risk effect: medium.
Risk source: combined.
Risk level change: none
Key risk factors Goals and strategic areas of the Company related to the risk Key mitigants
  • Projects that have an impact on headcount/staffing;
  • failure of some employees and/or third parties to share the Company’s values;
  • limited opportunities for annual wage indexation;
  • dissemination of false and inaccurate information about the Company's plans and operations among the Group's employees;
  • reallocation of spending on social programmes and charity

Social responsibility:

  • partnership with regional and local authorities to develop social infrastructure required to create safe and comfortable living environment for local communities;
  • contribution to the professional and cultural development of employees and building of the talent pool in the regions of operation;
  • ongoing charity programmes and projects

To manage this risk, the Company:

  • strictly abides by the collective bargaining agreements made between the Group's companies and employees (22 bargaining agreements in total);
  • interacts with regional and local authorities, and civil society institutions;
  • fulfils its social obligations under public‑private partnership agreements;
  • runs programmes in accordance with its corporate social policy and the World of New Opportunities charitable programme to support and promote regional public initiatives, including those geared towards the indigenous peoples of the Taimyr Peninsula, and the Plant of Goodness corporate volunteering programme;
  • puts in place infrastructure to enable accelerated development and improved quality of life across the Company’s regions of operation in cooperation with the Norilsk Development Agency, the Second School Centre for community initiatives in the Pechengsky District, and the Monchegorsk Development Agency;
  • implements regular social monitoring across the Group's operations;
  • conducts opinion polls among Norilsk’s communities to learn more about their living standards, employment, migration trends and general social sentiment, and identify major challenges;
  • implements social projects and programmes aimed at supporting employees and their families, as well as the Company's former employees;
  • engages in dialogues with stakeholders and conduct opinion polls while preparing public sustainability reports of the Group;
  • implements a set of social support initiatives for the personnel facing redundancies as part of Kola MMC's social programmes and develops roadmaps for the social and economic development of the Pechengsky District