2021 sustainability report

Risk
management
framework

Integrated in Nornickel’s business processes, its corporate risk management framework allows for risk-oriented decision-making at various levels to achieve strategic and operational goals.

Key objective of risk management include:

  • increase the likelihood of achieving the Company’s goals;
  • make resource allocation more efficient; and
  • boost the Company’s investment case and shareholder value.

Our risk management framework relies on the principles and requirements of the Russian and international laws and professional standards, including the Corporate Governance Code recommended by the Bank of Russia, GOST R ISO 31000:2019 (Risk Management), COSO ERM (Enterprise Risk Management — Integrating with Strategy and Performance), and recommendations on risk management, internal controls, internal audit and the work of the Board of Directors’ (Supervisory Board’s) audit committee in public joint-stock companies (Bank of Russia’s Information Letter No. IN-06-28/143 dated 1 October 2020).

Key risk management responsibilities and functions

GRI 102-28

BOARD OF DIRECTORS

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

KEY FUNCTIONS

  • Approving the Corporate Risk Management Policy
  • Supervising the process of building the risk management framework
  • Approving the Company's Risk Appetite Statement (annually)
  • Reviewing and approving the risk management roadmap and assessing the progress (annually)
  • Reviewing reports on strategic and key risks (annually/quarterly)
  • Assessing risk management efficiency (annually)

MANAGEMENT BOARD

RISK MANAGEMENT COMMITTEE OF THE MANAGEMENT BOARD

KEY FUNCTIONS

  • Reviewing strategic risks and reports on key risks
  • Reviewing the materialised risks and key takeaways
  • Reviewing risk appetite parameters
  • Risk management decision-making with regard to key risks
  • Reviewing Business Continuity Plans
  • Reviewing CRMF and ICS development strategy and plans
  • Reviewing the performance of Steering Risk Management Committees of Units

RISK MANAGEMENT SERVICE

KEY FUNCTIONS

  • Drafting and updating the risk management methodology
  • Reporting on Top 20 risks (quarterly)
  • Reporting on strategic risks (annually)
  • Strengthening quantitative risk assessment using simulation modelling
  • Developing a business continuity management framework
  • Educating and training employees in hands-on risk management practices

RISK OWNERS / HEADS OF BUSINESS UNITS

KEY FUNCTIONS

  • Managing risks on a day-to-day basis as part of the integrated risk management model, including identification, assessment and/or prioritisation, planning, putting into action risk response plans, developing and implementing risk management activities
  • Risk-oriented decision-making

INTERNAL AUDIT

KEY FUNCTIONS

  • Conducting an independent evaluation of the effectiveness of risk management, internal control and corporate governance (annually)

Structure of the risk management framework

GRI 102-29 102-30

We have formalised our risk management structure, allocating relevant roles and duties to all employees.

Improving the risk management framework in 2021

In 2021, the Company made the following efforts to enhance its risk management framework:

  • conducted an additional internal expert review, update and verification of risks associated with key assets;
  • performed a quantitative assessment of the aggregate impact that key risks had on the Company’s 2022 budget and evaluated its sensitivity to key risks;
  • improved an approach to setting and decomposing risk appetite indicators taking account ESG metrics in the relevant statement;
  • expanded the list of dedicated risk management committees, with existing ones working as planned;
  • drafted, tested and prepared for introducing risk management KPIs;
  • updated a corporate online course on risk management basics and made it mandatory for new hires;
  • piloted a GRC-type system built as part of risk management automation;
  • designed a target quantitative model to assess the risk of equipment failure in a testing environment, improved the approach to assessing risks of decommissioning buildings in permafrost of the Norilsk Industrial District;
  • implemented a project to streamline integration of risk management into budgeting;
  • kicked off a review of long-term climate change risks for a number of Polar Division’s key assets in line with TCFD requirements*.

Insurance

Insurance is one of the most important tools for managing risks and finances and protecting the assets of the Company and its shareholders against any unforeseen losses related to its operations, including due to external hazards.

Nornickel has centralised its insurance function to consistently implement uniform policies and standards supporting a holistic approach to managing insurance policies and fully covering every risk at all times. The Company annually approves a comprehensive insurance programme that defines key parameters by insurance type and key project.

We have implemented a corporate insurance programme that covers assets, equipment failures and business interruptions across the Group. Our corporate insurance policies are issued by major Russian insurers in cooperation with an international broker. This helps the Group make sure that its risks are underwritten by highly reputable international re-insurers.

The same principles of centralisation apply to the Group’s freight, construction and installation, aircraft and ship insurance arrangements. The Group companies, as well as its directors and officers, carry business and third-party liability insurance.

To optimise terms of coverage and better manage covered risks, we follow the best mining industry practices.

Key sustainability risks

The risks to the Company’s sustainability goals are mainly related to occupational health and safety, power blackouts at production and social facilities in the NID, environmental and conservation legislation, social and labour relationships, information security, and climate change.

A high-level map of material risks takes into account international standards on risk management.

The reporting year saw two previously identified risks materialise:

  • an ore handling facility and an adjoining elevator walkway of Norilsk Concentrator collapsed during structural reinforcement repairs;
  • the Company suspended operations in Oktyabrsky and Taimyrsky mines due to an increased water inflow.

At Norilsk Concentrator, the Company reinforced key load-bearing structures and restored operations using a new crushing flowchart. The two buildings of the old crushing section were fully decommissioned.

The concentrator is creating a monitoring system for buildings and structures. On top of that, the Company keeps building a new Norilsk Concentrator to create advanced economically efficient ore processing capacities and ensure a reliable supply chain.

We completed a full set of measures to pump water from mines and make them operational. At all our mines, we are conducting additional hydrogeological exploration, with mining in close proximity to areas of potential groundwater accumulation stopped at two of them. In early 2022, we expect to finalise the hydrogeological model and update mining projects. We are also working to expand drainage capacities.

Map of key sustainability risks

Map of key sustainability risks

Key sustainability risks

GRI 102-15

1. Market risk*

Description
Mitigants

Description

Reduced ability of the Company’s products to compete in the market may shrink their liquidity and result in sales at discounts to the market price and a decrease in the Company’s income.

Key risk factors:

  • Higher market standards for ESG compliance and product quality;
  • competition from producers of cheaper nickel;
  • growing role of carbon-free transport programmes;
  • changing consumption patterns in the hi-tech segment;
  • introduction of external trade restrictions by foreign regulators with negative implications for Nornickel’s operations (tariff and non-tariff regulatory measures).

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
high
combined
none

Mitigants

To manage this risk, the Company:

  • monitors and reviews market requirements to product quality and ESG compliance;
  • helps boost global industrial and investment demand for the Company’s metals;
  • monitors transport electrification trends;
  • searches for new palladium applications;
  • diversifies its metal sales by industry and geography;
  • improves and diversifies its product range;
  • promotes cooperation with sectoral institutions to maintain access to relevant metal sales markets;
  • collaborates with Russian ministries and agencies to prevent/minimise negative impact from country-specific and international regulatory measures;
  • implements an ESG roadmap;
  • considers partnerships with key producers of cathodes for Li-ion batteries;
  • enters into strategic partnerships with automakers built on guarantees of long-term palladium supplies.

2. Risk of toughened environmental requirements

Description
Mitigants

Description

Our regions of operation have seen toughening environmental regulations, administrative penalties and government oversight over environmental compliance.

Key risk factors:

  • Strong emphasis placed by domestic and international communities on environmental protection and sustainable development;
  • active environmental law-making, including new standards and tougher limits on emissions and discharges, changing licence requirements and procedures for issuing waste management standards;
  • amendments to the Russian Code of Administrative Offences: failure to comply with improvement notices of government supervisory bodies, repeated violations, breach of requirements to prevent and clean up oil and petroleum product spills, failure to equip stationary emission and discharge sources with automated metering tools as required;
  • tougher procedures to decommission hazardous production facilities and waste disposal facilities as regards drafting and expert review of preventive and pollution response action plans;
  • emission quotas to be introduced in twelve Russian cities, including Norilsk and Krasnoyarsk, as part of an experiment in 2020–2024.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
medium
combined
none

Mitigants

To manage this risk, the Company:

  • put in place the Environmental and Climate Change Strategy;
  • manages environmental risks;
  • implements a programme to protect the environment and enhance environmental efficiency;
  • provides for industrial environmental control;
  • arranges for the Company’s representatives to take part in working groups on drafting and amending environmental laws;
  • monitors bills and draft regulations;
  • conducts legal due diligence and assessment of the impact of draft regulations on its operations;
  • contributes to drafting laws and regulations and makes proposals on amending those currently in effect.

3. Workplace injuries

Description
Mitigants

Description

Failure to comply with the Group’s health and safety rules may result in threats to employee health and life, temporary suspension of operations and property damage.

Key risk factors:

  • Unsatisfactory organisation of operations;
  • process disruption;
  • exposure to hazardous factors.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
high
internal
none

Mitigants

To manage this risk, the Company:

  • continuously monitors compliance with health and safety requirements;
  • improves working conditions for its own and contractors’ employees deployed at the Company’s production facilities, including by implementing new technologies and labour saving solutions and enhancing industrial safety at production facilities;
  • provides staff with certified modern personal protective equipment;
  • improves the system of fixed gas analysers and furnishes staff with portable gas analysers;
  • implements preventive healthcare measures and sanitary and hygienic practices to reduce the potential impact of hazardous and dangerous production factors;
  • provides its employees with regular training and instructions and assesses their performance in occupational health and safety (OHS), conducts corporate workshops, where, among other things, special simulation equipment is used;
  • strengthens the methodological framework in OHS, including by developing and introducing corporate standards;
  • improves the risk assessment and management framework at the Group companies and production facilities as part of the Risk Control project;
  • reviews the competencies of line managers at the Company’s production facilities, develops OHS training programmes and arranges relevant training sessions;
  • holds OHS competitions;
  • provides all employees with updates on the circumstances and causes of accidents, conducts ad hoc themed instruction sessions;
  • introduces frameworks to manage technical, technological, organisational and HR changes.

4. Information security risks

Description
Mitigants

Description

Potential cyber crimes may result in an unauthorised transfer, modification or destruction of information assets, disruption or lower efficiency of IT services, business, technological and production processes of the Company.

Key risk factors:

  • Growing external threats;
  • unfair competition;
  • rapid development of IT infrastructure and automation of production and business processes;
  • employee and/or third-party wrongdoings;
  • switch to remote working and engagement of remote workforce outside the regions of the Company’s operation.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
high
combined
none

Mitigants

To manage this risk, the Company:

  • complies with applicable Russian laws and regulations with respect to personal data and trade secret protection, insider information, and critical information infrastructure;
  • implements MMC Norilsk Nickel’s Information Security Policy;
  • categorises information assets and assesses information security risks;
  • plans and controls the compliance of information systems with the corporate information security standards;
  • raises employee awareness in information security;
  • protects assets using technical means and manages information access;
  • monitors threats to information security and the use of technical protection means, including vulnerability analysis, intervention testing, cryptographic protection of communication channels, controlled access to removable media, protection from confidential data leakages, mobile device management;
  • develops information security regulations;
  • procures that the corporate information security management system is set up and duly certified;
  • takes measures to provide secure remote access.

5. Technical and production risk

Description
Mitigants

Description

Technical and production risk relates to events that can be caused by technical, production-related, or natural factors that can have a negative impact on the progress of the production programme and result in equipment breakdowns or damage to third parties and the environment that will require compensation.

Key risk factors:

  • Harsh weather and climatic conditions, including low temperatures, storm winds, snow load;
  • unscheduled stoppages of key equipment due to excessive wear and tear;
  • release of explosive gases and flooding of mines;
  • collapse of buildings and structures;
  • infrastructure breakdowns.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
medium
combined
none

Mitigants

To manage this risk, the Company:

  • properly and safely operates its assets in line with the requirements of the technical documentation, technical rules and regulations as prescribed by the local laws across its footprint;
  • introduces ranking criteria and determines the criticality of key industrial assets;
  • rolls out an automated system for managing reliability, efficiency and risks associated with production assets;
  • timely replaces its fixed assets to ensure that production safety is at the required level;
  • rolls out a geotechnical monitoring system across operations to perform ongoing monitoring of its buildings and structures;
  • uses satellite monitoring of its facilities with subsequent analysis of the monitoring data;
  • introduces automated systems to control equipment process parameters, uses modern engineering control systems;
  • improves the maintenance and repair system;
  • trains and educates its employees both locally, on site, and centrally, through its corporate training centres;
  • systematically identifies and assesses technical and production risks, implements a programme of organisational and technical actions to mitigate such risks;
  • continuously monitors the current status of the industrial asset management system;
  • has risks reviewed by collegial bodies at all governance levels;
  • develops the technical and production risk management system, including by engaging independent experts to assess the system efficiency and completeness of data;
  • develops and tests business continuity plans outlining the steps that need be taken by the Company’s personnel and internal service providers where technical and production risks cause the largest possible damage. The plans aim to ensure that the Company resumes its production as early as possible;
  • annually engages independent surveyors to analyse the Company’s exposure to disruptions in the production and logistics chain and assess related risks.
  • assesses physical risks taking into account climate change.

In 2021, key technical and production risks were insured as part of the property and business interruption (downtime) insurance programme, with emphasis placed on best risk management practices in the mining and metals industry.

6. Power blackouts in the Norilsk Industrial District

Description
Mitigants

Description

The failure of key equipment at the generating facilities and transmission networks may result in power, heat and water shortage at key production sites and social facilities in the NID.

Key risk factors:

  • Isolation of the NID’s power system from the national grid (Unified Energy System of Russia);
  • harsh weather and climatic conditions, including low replaces transmission towers; temperatures, storm winds, snow load;
  • length of power, heat and gas transmission lines;
  • wear and tear of key production equipment and infrastructure.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
medium
combined
none

Mitigants

To manage this risk, the Company:

  • operates and maintains generating and mining assets as required by the technical documentation, industry rules, regulations, and laws;
  • monitors the technical condition of linear facilities, including monitoring by independent experts;
  • timely constructs and launches transformer facilities, timely replaces transmission towers;
  • timely upgrades (replaces) power units’ equipment at heat and power and hydropower plants;
  • timely upgrades and renovates trunk gas and condensate pipelines and gas distribution networks.

7. Compliance risk

Description
Mitigants

Description

This risk relates to legal liability and/or legal sanctions, significant financial losses, suspension of production, revocation or suspension of licences, loss of reputation, or other adverse effects arising from the Company’s non-compliance with the applicable regulations, instructions, rules, standards or codes of conduct.

Key risk factors:

  • Discrepancies in rules and regulations;
  • considerable powers and a high degree of discretion exercised by regulatory authorities;

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
medium
combined
none

Mitigants

To manage this risk, the Company:

  • implements initiatives to ensure compliance with the applicable laws;
  • ensures that its interests are protected during surveillance inspections or in administrative offence cases;
  • defends its interests in courts and when court rulings are executed;
  • includes in contracts provisions protecting its interests;
  • implements initiatives to combat corruption, money laundering, and financing of terrorism and proliferation of weapon of mass destruction;
  • takes actions to prevent unauthorised use of insider information and market manipulation;
  • ensures timely and reliable information disclosures as required by the applicable Russian and international laws;
  • gives its employees training in dealing with insider information and combating corruption;
  • conducts induction briefings on anti-corruption;
  • supports the operation of the Corporate Trust Line set up to handle reports of future or past cases of corruption, fraud, thefts or other wrongdoings;
  • asses the effectiveness of anti-corruption controls in the Group.
  • The Company drafted (updated) and approved the following documents:
  • the Methodology of Business Process Outsourcing;
  • List of Insider Information (new version);
  • Internal Control Rules for Preventing, Identifying, and Combating the Unlawful Use of Insider Information and/or Market Manipulation (new version);
  • Methodology for Identifying, Analysing, Assessing and Monitoring Regulatory Risk Related to Combating Insider Information Unlawful Use and Market Manipulation at MMC Norilsk Nickel
  • Procedure for Notifying MMC Norilsk Nickel Governance Bodies and Audit Commission of Blackout Periods in Accordance with the Russian Laws and amendments to the Procedure for Notifying Persons Discharging Managerial Responsibilities at MMC Norilsk Nickel of Blackout Periods in Accordance with the European Union Laws and for Disclosing Information on Transactions by Such Persons and Persons Closely Associated with Them;
  • Procedure for Maintaining the List of Insiders (updated);
  • Regulations on Interaction of PJSC MMC Norilsk Nickel Business Units and Russian Business Units within Norilsk Nickel Group to Disclose/Provide Information Required by the Securities Market (updated).

8. Social risk

Description
Mitigants

Description

The risk relates to increased tension among the workforce due to the deterioration of social and economic conditions in the Company’s regions of operation.

Key risk factors:

  • Projects that have an impact on headcount / staffing;
  • failure of some employees and/or third parties to share the Company’s values;
  • limited opportunities for annual wage indexation;
  • dissemination of false and inaccurate information about the Company’s plans and operations among the Group’s employees;
  • reallocation in spending on social programmes and charity.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
medium
combined
none

Mitigants

To manage this risk, the Company:

  • strictly abides by the collective bargaining agreements made between the Group’s companies and employees (23 bargaining agreements in total);
  • actively interacts with regional and local authorities, and civil society institutions;
  • fulfils its social obligations under public-private partnership agreements;
  • runs programmes in accordance with its corporate social policy and the World of New Opportunities charitable programme to support and promote regional public initiatives, including those geared towards the indigenous peoples of the Taimyr Peninsula, and the Plant of Goodness corporate volunteering programme;
  • puts in place infrastructure to enable accelerated development and improved quality of life across the Company’s regions of operation in cooperation with the Norilsk Development Agency, the Second School Centre for community initiatives in the Pechengsky District, and the Monchegorsk Development Agency;
  • implements regular social monitoring across the Group’s operations;
  • conducts opinion polls among Norilsk’s communities to learn more about their living standards, employment, migration trends and general social sentiment, and identify major challenges;
  • implements social projects and programmes aimed at supporting employees and their families, as well as the Company’s former employees;
  • engages in dialogues with stakeholders and conduct opinion polls while preparing public sustainability reports of the Group;
  • implements a set of social support initiatives for the personnel facing redundancies as part of Kola MMC’s social programmes and develops roadmaps for the social and economic development of the Pechengsky District.

9. Risk of insufficient water resources*

Description
Mitigants

Description

Water shortages in storage reservoirs of the Company’s hydropower facilities may result in failure to achieve necessary water pressure at HPP turbines leading to limited power production and drinking water shortages in Norilsk.

Key risk factors:

  • Abnormal natural phenomena (drought) caused by climate change.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
medium
external
none

Mitigants

To manage this risk, the Company:

  • builds a closed water circuit to reduce water withdrawal from external sources;
  • performs ongoing hydrological monitoring to forecast water level in rivers and water bodies;
  • in cooperation with the Federal Service for Hydrometeorology and Environmental Monitoring (Rosgidromet) sets up permanent hydrological and meteorological monitoring stations to ensure more accurate water level forecasting in its regions of operation;
  • dredges the Norilskaya River and reduces energy consumption at the production facilities, should the risk materialise;
  • replaces equipment at captive hydropower plants to increase power output through improving the performance of hydroelectric units.

10. Soil thawing

Description
Mitigants

Description

Loss of pile foundation bearing capacity may cause deformation of buildings and structures leading to their destruction.

Key risk factors:

  • Climate change, average annual temperature increase (over the last 15–20 years);
  • increased depth of seasonal thawing.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
medium
external
none

Mitigants

To manage this risk, the Company:

  • regularly monitors the condition of foundation beds for buildings and structures built on permafrost;
  • runs geodetic control of changes in buildings’ positions;
  • uses satellite monitoring of the Company’s facilities with subsequent analysis of the monitoring data;
  • rolls out a geotechnical monitoring system across operations to perform ongoing monitoring of the Company’s buildings and structures;
  • monitors soil temperature at buildings’ foundations;
  • monitors the facilities’ compliance with operational requirements for crawl spaces;
  • develops recommendations and corrective action plans to ensure safe operating conditions for buildings and structures.

11. Epidemiological risk

Description
Mitigants

Description

The risk is associated with infectious disease outbreaks and related preventive and anti-epidemic measures.

Key risk factors:

  • Viral infection outbreaks;
  • epidemiological restrictions imposed by national and local governments.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
medium
external
none

Mitigants

The Company has implemented a set of measures to mitigate the consequences of the risk materialisation:

  • full pay levels maintained with additional compensations paid to employees working non-remotely at the Group’s production facilities and in its offices;
  • remote working arrangements put in place for office staff;
  • personal protective equipment, tests, control devices, and disinfectants procured for all the Group’s assets;
  • medicines and equipment, including 1 automatic immunochemistry analyser, 940 UV air flow cleaners-recirculators, 489 contactless thermometers and over 324,000 test kits, purchased;
  • support provided to increase the capacity of local hospitals;
  • local volunteers assisted in supporting employees who require regular health monitoring;
  • mandatory testing for COVID-19 put in place;
  • extended shifts introduced for shift workers arriving in Chita/Norilsk;
  • vaccination information communicated to employees, with an additional paid day off (based on average salary) provided after each day of COVID-19

12. Supply chain disruption

Description
Mitigants

Description

Supply chain disruption in existing transportation and logistics schemes.

Key risk factors:

  • Harsh physical and climatic conditions of the regions of operation;
  • transportation and logistics limitations;
  • higher inflation and exchange rates, pricing pressure from suppliers, improper planning, pandemic spread, and other factors;
  • improper performance of contractors.

Risk assessment

Risk effect
Risk source
Risk level change y-o-y
medium
external
new

Mitigants

To manage this risk, the Company:

  • proactively partners with domestic manufacturers to strengthen competition;
  • enters into long-term contracts/agreements and sets optimal fixed prices for the long term for equipment, materials and spare parts at the most favourable terms possible;
  • made a list of critical equipment and materials suppliers and takes steps to prevent supply disruptions and monitor the business of said partners;
  • runs logistics expansion programmes.