Russian Railways’ risk map for 2020 and 2021

Business line
  1. Traffic safety
  2. Government relations
  3. Public relations (PR and communication with the business community)
  4. Freight transportation
  5. Procurement
  6. IT and information security
  7. Capital construction, upgrade and overhaul
  8. Corporate security
  9. Corporate governance
  10. Corporate governance and coordination at the railway domains
  11. Corporate governance of affilates
  12. Corporate programmes and initiatives
  13. International operations
  14. Traffic management
  15. Organising and conducting audits, control activities
  16. Passenger transportation
  17. Legal support and compliance (excluding corruption risks)
  18. Infrastructure services
  19. Locomotive traction services
  20. Other services
  21. Infrastructure and rolling stock development
  22. Strategic planning and target setting
  23. Inventory management / logistics
  24. Property management
  25. Intangible asset management
  26. HR management (personnel and social development)
  27. Social facility management
  28. Reporting
  29. Economics and finance
  30. Operation, maintenance and repairs of infrastructure facilities (infrastructure maintenance and repairs)
  31. Rolling stock operation, maintenance and repairs (rolling stock maintenance and operation)

As of 2021, the following areas have the most material changes in risk assessment compared to 2020:

  • IT and information security, which is primarily connected with the increasing attention of Russian Railways’ customers to this area as well as more stringent regulatory environment and specific features of the processes as a result of the pandemic;
  • passenger transportation amidst the COVID-19 pandemic and related restriction risks.

At the same time, there is a positive trend in traffic management, locomotive traction services and management of social facilities.

Key measures to mitigate risks implemented in 2020 by business lines included:

  • review and improvement of internal processes for identifying key gaps, developing and implementing systematic mitigants to reduce risk impact and prevent future negative developments (including enhancement of the Company’s internal regulations), based, among other things, on the best practices;
  • automation and digitisation, including measures to improve the reliability and efficiency of data, reduce the human factor and manual labour, and increase the speed of management decision-making;
  • legislative initiatives aimed at increasing the transparency of the Company’s operations, including through implementing the regulatory guillotine mechanism to eliminate outdated regulations;
  • employee training and increasing the level of employee competencies;
  • taking into account the factors in connection with the COVID-19 spread, economic downfall in the countries of operation, changes in foreign exchange rates, changing geopolitical situation in some countries of operation, including development and implementation of respective mitigants to ensure, inter alia, health and safety of the employees and customers and ability of the Company to continue as a going concern.