Risk management plan

Action plan following risk confirmation and risk management strategy

The third stage of the DDMS focuses on developing the Risk Management Plan (the “Plan”) should the risks be confirmed at the previous risk identification and assessment stages. The Plan is required for the supplier to eliminate the risks confirmed.

To start with, Nornickel’s management is notified of risk confirmation following an enhanced due diligence.

Thereafter, the Group develops the Plan in cooperation with suppliers and, where necessary, other stakeholders, such as representatives of local communities. The Plan should clearly specify the risk mitigation goals, timelines and performance indicators, as well as the responsibilities of all the parties involved and possible corrective actions. The Plan needs to be approved by the Company’s management.

The Plan relies on the Risk Decision Matrix which is the key tool used by the responsible parties, including the management, to decide whether to cooperate with the respective supplier going forward and choose the appropriate risk mitigants.

Depending on the risk exposure and the decision on cooperation made, the responsible parties determine the response times and the reporting procedures for the management to follow up on the Plan, as well as the list of risk mitigants. Each risk mitigant implies specific actions to be done and relies on the required internal resources. The Plan prioritises the most efficient solutions taking into account suppliers’ human, logistic and financial resources.

The choice of an approach to developing the Risk Management Plan depends on the risk exposure established during an enhanced due diligence and affects the deadlines for supplier notification and risk mitigation, the type (remote or in person) and frequency of progress assessments and whether Nornickel’s internal resources are required.

The overall success of the Plan hinges on stakeholder engagement, which makes the management keep a close eye on suppliers throughout its implementation. Under the Plan, the supplier must submit progress reports to the responsible sustainability manager.

Where critical risks need to be addressed, suppliers must continuously report to the respective business units at divisions and, where necessary, to the Sustainable Development Department at Nornickel’s Head Office, the Board of Directors, and the Management Board.

Upon the expiration of the deadlines set out in the Plan, the Company reviews the supplier’s progress. If the supplier fails to achieve the approved targets, the Company may either continue cooperation, provided that a new risk management plan is developed, or reconsider their relationship.

Since no risks were confirmed for mineral suppliers, the Company did not kick off the above action plan in 2021–2022.