Corporate controls

GRI: 105-3, 102-16, 103

In December 2018, the Board of Directors approved the Company’s Risk Management and Internal Control Policy and made relevant amendments to the Corporate Governance Code to segregate this function in the general management framework.

The risk management and internal control framework represents a set of organisational measures, methods, practices and standards of corporate culture. It also embraces actions taken by the Company to strike the right balance between value growth, profitability and risks, support financial sustainability, and ensure efficient operations, protection of its assets, compliance with the laws, Charter and bylaws, along with timely and accurate reporting.

Risk management and internal controls

The risk management and internal control framework comprises:

The Board of Directors defines the key principles of, and approaches to, risk management and internal controls, oversees the Company’s executive bodies, and performs other key functions. It has set up a Risk Management Committee to provide recommendations and proposals to the Board of Directors and other Company’s bodies on identifying material risks and developing relevant management tools and measures to enhance the risk management framework. The Audit Committee focuses on assessing and making proposal to improve the risk management and internal control efficiency. On top of that, its members supervise the preparation of accounting (financial) statements and the measures taken to prevent fraudulent behaviour of the Company’s employees or third parties.

The Review Committee elected by the General Shareholders’ Meeting exercises control over the financial and business operations of the Company.

The Company’s executive bodies establish and maintain an efficient risk management and internal control framework. To this effect, they set up a Risk Commission that monitors the status and effectiveness of risk management initiatives. The results serve as a basis for the relevant proposals issued by the Commission to executive bodies and the Board of Directors.

Following the audits, the Internal Audit Department provides the Board of Directors and executive bodies with recommendations and reports, including, among other things, the assessment of the current status, reliability and efficiency of the corporate governance, risk management and internal control framework.

The Company’s Risk Management and Internal Control Department is charged with the general supervision of risk management, including related activities and consolidated reporting to the Board of Directors and executive bodies.

As part of their duties, heads of other organisational units are responsible for building, documenting, implementing, monitoring and developing the risk management and internal control framework in their respective functional areas. Besides, the framework requires the Company’s employees to identify and assess relevant risks and efficiently implement the controls and risk management initiatives.

Review Committee

The General Shareholders’ Meeting held in May 2019 elected the following members to the Review Committee:

  • Ekaterina Viktorova;
  • Elena Kryuchkova;
  • Olga Lizunova.

The Committee endorsed PhosAgro’s financial statements for 2019, with its report dated 18 February 2020 included in the materials for the Annual General Shareholders’ Meeting.

Internal audit

The Company’s Internal Audit Department (IAD) assists the Company’s top executives and the Board of Directors in improving the management of business processes and enhancing the internal control and risk management framework. In doing this, it uses a risk-oriented approach and works closely with the Risk Management, Internal Control and Economic Security Departments, and the Company management.

Audit of business processes

In 2019, the Internal Audit Department audited business processes related to project, repair and contractor operational safety management. The audit also covered IT of foreign offices and corporate governance. The audit plan for the calendar year is subject to review, discussion and approval by the Audit Committee and the Board of Directors. Audits are performed at the Group level, as well as at specific branches and subsidiaries. In addition, the Internal Audit Department monitors the effectiveness and efficiency of corrective actions taken by the management following the audit, and reports to the Board of Directors on a quarterly basis.

The 2020 audit plan covers such areas as sales, IT, information security, finance and HR.

External assessment

In early 2019, PwC completed an external assessment of the IAD’s compliance with the International Standards for the Professional Practice of Internal Auditing, the Institute of Internal Auditors’ Code of Ethics and the Corporate Governance Code approved by the Bank of Russia. For the IAD, the results were overall positive. The Company is consistently working to improve its internal audit function according to the plan.

Following the assessment, the internal audit methodology saw the following amendments:

  • annual audit plans take into account the outcomes of reviewing and assessing IT and information security risks;
  • each audit includes risk evaluation and control testing for information systems used by the audited processes.

Going forward, the external assessment will take place thrice a year.

Risk management

The Company is making a consistent effort to develop its risk management framework. In 2019, the Board of Directors reviewed the results of the independent risk management assessment, which showed good progress compared to 2016, including:

  • full compliance with regulatory requirements;
  • risk management roll-out at production sites;
  • introduction of key risk indicators;
  • risk appetite calculation and regular review;
  • organising training sessions to develop risk management competencies;
  • integrated approach to processing risk, control and internal audit data.

The reporting year saw the Company’s production sites complete the first full-year cycle of risk management, including:

  • ongoing risk monitoring;
  • analysis of key risk indicators;
  • development of corrective actions;
  • follow-up control and review.

In 2020, risk management initiatives will focus on the support and deeper integration of the existing elements into the Company’s processes and practices.

External audit

The Company›s auditor performs the audit of its financial and business operations in compliance with Russian laws and regulations and the agreement signed with the Company. The auditor is approved by the General Shareholders’ Meeting.

In 2019, the Company engaged KPMG (10 Presnenskaya Embankment, Moscow, Russia) to audit its IFRS financial statements. The actual remuneration paid to the auditor for this service stood at RUB 34.5 mln, net of VAT. In addition, KPMG was engaged in preparing the Company’s Eurobond issue and received RUB 14 mln for this service. Furthermore, during the reporting year, other agreements were signed with the auditor for non-audit services worth of RUB 1.5 mln, net of VAT, as well as for non-audit services to be provided to the Company’s subsidiaries worth of RUB 10.3 mln, net of VAT.

In 2019, the Company engaged FBK (44/1 Myasnitskaya St., Bld. 2AB, Moscow, 101990, Russia) to audit its RAS accounting statements. The actual remuneration paid to the auditor for this engagement stood at RUB 590,000, net of VAT.

Conflicts of interest

The Board of Directors pays special attention to resolving conflicts of interest, with independent directors playing a crucial role in their prevention. In late 2018, the Board of Directors approved the amended Conflict of Interest Regulation as part of the Company’s internal anti-corruption regulations.

The Company’s Economic Security Department is responsible for identifying conflicts of interest and taking the required corrective actions. In its quarterly report, the IAD informs the Board’s Audit Committee of all complaints received via the hotline and relevant investigation results.

The Regulation on the Board of Directors also contains provisions defining a conflict of interest and regulating the directors’ actions if any such conflict arises. Every year, at one of the Board’s in-person meetings, directors are notified of their duties in connection with potential conflicts of interest. In the reporting year, there were no conflicts of interests among the Board members and the top management.

Inside information

The Company has adopted an Inside Information Regulation compliant with Russian and EU laws. In accordance with its provisions, the Corporate Secretary’s office keeps a list of insiders, persons discharging managerial responsibilities (PDMR) and persons closely associated with them (PCA). The Regulation defines the scope of responsibilities for each insider group, which the Corporate Secretary’s office from time to time communicates to respective persons. First and foremost, these include the limitations on the use of inside information and trading in the Company’s securities. Depending on the group, an insider may be prohibited from such transactions or obliged to notify the Company or obtain its consent for such transactions. Every quarter, the Corporate Secretary’s office goes through the list of shareholders to identify transactions that may have been executed in breach of such limitations.

The reporting year saw no violations of the Inside Information Regulation.

Anti-corruption

GRI: 102-16, 103, 205-3

The Company operates in strict compliance with generally accepted ethical business standards and is intolerant to anyone taking advantage of their official position contrary to public or national interests. PhosAgro takes consistent efforts to prevent corruption and to this end has developed and put in place Anti-Corruption Policy, Code of Ethics, Conflict of Interest Regulations, and Hotline Regulations.

The Company’s anti-corruption policy is implemented in accordance with applicable anti-corruption laws and international conventions (including the United Nations Convention Against Corruption, the OECD Convention, Russian anti-corruption laws). In accordance with the Anti-Corruption Policy, the members of the Company’s Board of Directors and senior management must comply with and lead by example setting the highest standards of behaviour and work ethic. The policy commits all employees to a zero-tolerance approach to corruption. Any law violation jeopardises successful development of business, that is why we try to minimise the risk of business relations with those potentially involved in corruption. To achieve this principle, we check counterparties for reliability and for having their own rules and procedures to prevent fraud and corruption, also looking at their willingness to comply with anti-corruption laws, have an anti-corruption clause incorporated in contracts, and work together to prevent fraud and corruption. PhosAgro’s Hotline is another important element of the Company’ anti-corruption system. Used to collect and process information, it allows employees and third parties to report fraud or signs of fraud, theft and corruption in the Company or its subsidiaries. In 2019, two cases of corruption were identified and prosecuted under the Russian Criminal Code as Commercial bribery and Fraud. The Company terminated employment of the offenders.