Sustainability risks
Russian Railways pays particular attention to sustainability risks. Sustainable development of the Company is underpinned by its economic, environmental and social performance as one of Russia’s major economic entities. The Company’s results are set out in its public sustainability reports. Russian Railways analyses international sustainability trends, reviews and improves its activity with a sustainable perspective, which makes it possible to identify growth drivers and leverage new sustainability opportunities in its activity balancing the opportunities for the Company and respective risks.
Social risks
The Company addresses risks with regard to its employees and retirees as well as other social partnership entities and personalities. Dealing with the risk of ineffective social policy is primarily aimed at creating sustainable working environment, fulfilling the obligations under the Collective Bargaining Agreement and cultivating the Company’s positive image to prevent decrease in labour productivity, staff motivation, and performance, avoid collective labour disputes and strikes.
In 2020, the following measures were taken to mitigate this risk:
- employee training;
- analysis of the performance under the Collective Bargaining Agreement;
- improvement and development of social benefits and guarantees for Russian Railways’ employees and retirees;
- staff monitoring, continuous information sharing and surveys through corporate channels, implementation and development of electronic communication tools, analysis of public appeals, participation in employee meetings, interaction with the trade union.
The measures taken in 2020 helped to increase employee satisfaction and awareness, fulfil social responsibility and employee protection obligations, attract and retain employees, create decent living conditions for the retirees.
Health and safety risks
In 2020, production departments of the Company’s branches assessed professional risks for the main types of hazardous occupations by conducting an integral assessment, defining the acceptable risk levels and making lists of unacceptable and undesirable risks. The measurement results were then evaluated and rated by the regional business units and summarised in risk matrices for the main types of hazardous occupations.
For example, professional risk management initiatives were developed and included in the Comprehensive Health and Safety Improvement Programme for 2018–2020 based on the risk assessment results. In 2020, the Company spent RUB 28.5 bn on the Programme.
Corruption risks
Russian Railways’ Board of Directors approved the risk appetite statements for 2020Minutes No. 13 dated 26 February 2020. under which the Company follows the principle of zero tolerance of corruption in any form or manifestation thereof and takes all necessary actions to prevent and combat corruption, mitigate fraud risks and build a common understanding of zero tolerance of corruption among all stakeholders. Following the corruption risk assessment, Russian Railways’ consolidated register of corruption risks for 2020 was updated and approved on 21 August 2020. Two more items – Information Technology and Traffic Safety – including the description of nine possible corruption schemes were added to the register. 39 new possible corruption schemes were defined and 31 known corruption schemes were fleshed out.
As part of corruption risk management and internal control system functioning in the reporting year, in Russian Railways’ and its affiliates’ units and subsidiaries which have units carried out over 50 anti-corruption compliance audits and approved corrective actions.
Climate change risks
The Company pays great attention to climate change risks, analysing the climate change impact and taking it into account when planning its activities. The key threat that can potentially affect the Company’s business is the growing number of meteorological hazards that jeopardise railway operations. These include heavy rains and snow, extremely low and high temperatures, huge temperature swings, glaze, rime and greater impact of dangerous hydrological phenomena, such as spring floods and freshets, etc. To address these risks to infrastructure, the Company implements various strengthening solutions (anti-washout slab covers, rock dumping, rock anchorage) and builds structures for protection of the track bed from natural hazards (such as mudflows, landslides, avalanches and rockfalls).
The Company has approved the work request for Comprehensive Analysis of the Exposure of Russian Railways’ Infrastructure to External Factors as part of its R&D plan for 2021. The work will result in the creation of a hardware and software system based on Russian Railways’ Geoinformation Platform to forecast and take account of changing environmental and anthropogenic factors affecting the technical condition of the engineering structure during its operating lifetime according to the methodology developed as part of the said work to calculate the effect of external risk factors on the condition and reliability of engineering structures.
Procurement risks
The main procurement risks include:
- procurement of materials and resources at a suboptimal price;
- procurement of materials and resources in volumes that are insufficient for Russian Railways’ units;
- failure to perform the obligation to procure required volumes from small and medium-sized businesses;
- failure to provide or untimely provision of information about Russian Railways’ procurement activity according to the procurement laws and Russian Railways’ regulations;
- violation of laws when arranging and holding procurements;
- violation of laws when making procurement disclosures;
- improper preparation of documents for competitive procurements.
The Company has the following procedures in place to eliminate or mitigate procurement risks:
- development and updating of Russian Railways’ regulations defining the steps to be taken by the Company’s units involved in procurements;
- procurement process automation;
- training of employees involved in procurement;
- control of compliance with Russian laws and Russian Railways’ regulations when arranging and holding procurements.
Cybersecurity risks
Information security risks are of no small importance for Russian Railways. If they materialise, information security threats may disrupt or suspend IT services, the process flow and operations of the Company, including leakage of information with restricted access.
The key information security measures implemented by Russian Railways include:
- classification and categorisation of the Company’s information systems;
- information security threat modelling;
- proper arrangement of the information infrastructure components with due account of information security;
- development of information protection requirements;
- design and implementation of information protection systems in the Company’s information infrastructure;
- assessment of the system compliance with information security requirements;
- employee training in information protection;
- information security of the Company’ information systems in use;
- arrangement of the Company’ workflow with due account of information security requirements;
- identification and handling of information security incidents;
- enhancement of the Company’s information security policies and guidelines;
- internal investigations of information security violations.
In 2020, Russian Railways took steps to implement and maintain the information protection system, including:
- automated information security management system;
- centralised access node for information systems;
- solution for monitoring and controlling information transmission channels;
- hardware and software for controlling access of privileged users;
- system for evaluating the security of automated information and telecommunication systems of Russian Railways;
- system for detecting and preventing cyberattacks on information infrastructure.
In 2021, it is planned to: enhance the information security management and control systems monitor the security of the Company’s information infrastructure enhance the Company’s information security policies and guidelines.