Compliance framework

MegaFon defines compliance as employees acting in accordance with the Company’s principles and standards of business ethics and integrity to protect the interests of the Company and all parties affected by its activities or decisions.
Compliance requires observance of applicable Russian and foreign laws, as well as the Code of Ethics and Corporate Conduct, and other internal regulations.

In 2021, the Company adopted a new policy outlining the goals and principles of the compliance system, describing its mandatory elements, and defining its scope.
The main purpose of the compliance system is to manage key risks related to compliance obligations. MegaFon is focused on complying with ISO 19600:2014 — Compliance management systems, while incorporating best practice, standards, and regulatory guidance.

MegaFon’s compliance function is managed at several levels of the organisation:

  • The Board of Directors, which oversees the compliance system via its Audit Committee
  • Chief Executive Officer and the Management Board, which perform day-to-day management via the risk management function
  • Business-unit heads, who are responsible for fulfilling basic compliance obligations

Compliance risk management is part of MegaFon Group’s integrated risk management and internal control system and is an ongoing process at MegaFon, along with efforts to ensure these requirements are met.

2021 highlights

In 2021, the Company continued its practice of managing risks related to key compliance obligations by identifying separate compliance areas. At the beginning of the year, the risk management unit performed a risk assessment for each of these compliance areas, followed by a plan of necessary measures put together with the responsible heads of business units. During the year, the Management Board promptly reviewed the status of measures within each compliance area and made decisions regarding both previously identified and new emerging risks.

Plans for 2022 include further improvement of the compliance system through implementing proposals by the external consultant, active involvement of the compliance officer, and running a self-diagnostic process.

In the second half of 2021, MegaFon engaged an external consultant to analyse the design of its compliance system for conformity with best global practice.
The analysis confirmed that most controls within the system are effective and comply with international best practice and internal regulations.

At the end of 2021, the Company decided to introduce a new participant to the compliance system — an independent compliance officer responsible for the operation of the Direct Line, an anti-corruption and ethics whistleblower hotline which is a key tool of the system.