CONTROL SYSTEM

As a holding company, TMK recognizes the importance of the risk management, internal control, compliance and information security and sets higher standards for these control systems.

Control systems in place at TMK are formalized based on generally accepted international standards and cover all key assets, business processes and management levels of the Company.

PURPOSE OF THE SYSTEMS

To provide the Company’s management with an objective view of:

  • the Company’s current state and prospects in terms of set goals
  • risk exposure
  • reliability of all types of reporting
  • compliance with laws and internal regulations
  • effectiveness and reliability of the risk management and internal control systems and corporate governance processes
  • level of information security.

The principles of the control systems were determined by the Board of Directors and incorporated into TMK’s corporate policies and internal documents.

Control procedures are integrated into the business processes of TMK controlled entities and units and are run on a continuous basis by governing bodies at all levels and by employees in their day-to-day work.

The past year saw a some changes to the structure of control bodies: the Revision Commission was dissolved (on July 17, 2020, PAO TMK’s Articles of Association were revised).

Monitoring of the control system is done by the Board of Directors, including the Audit Committee.

INTERNAL CONTROL

GOVERNING REGULATIONS

TMK’s Regulations on Internal Control which define the goals, principles and elements of TMK’s internal control system, its main functions and responsibilities as well as the procedure for assessing the system.

ORGANIZATION

The internal control system is a set of internal control processes based on the existing organizational structure, regulatory documents, procedures and internal control methods used at all management levels and in all functions of the Company.

The internal control system relies on a risk-based approach, helping to identify and analyze the risks impeding the Company’s business growth as well as ways to manage them. The internal control system is based on the Three Lines Model.

ASSESSMENT

The Company’s Internal Audit assessed the internal control system in 2020 and concluded that its maturity is formalized and established.

PLANS

The Regulations on Internal Control will be updated in 2021, with a focus on developing the control environment, control measures and methods, communication, automation and monitoring.

RISK MANAGEMENT SYSTEM: EFFECTIVENESS DURING THE PANDEMIC

The multi-level hierarchical risk management system is present at various management levels and takes into account the role of each level in organization and ensuring the system’s functioning.

PURPOSE OF THE SYSTEM

To identify, assess, manage and control potential risk events or situations to provide reasonable assurance that the Company’s goals and objectives will be achieved.

GOVERNING REGULATIONS

TMK Group’s Risk Management Policy

DAY-TO-DAY RISK MANAGEMENT

Done by the CEO, via the Risk Management Committee. The Chairman of the Committee regularly reports to the Audit Committee on risk occurrence.

A dedicated unit, whose tasks are fully in line with the Russian Corporate Governance Code, coordinates risk management processes and cooperation between the Company business units.

The choice of a risk response method depends on the risk significance, its probability and impact, implementation costs and benefits.

During the pandemic, the Company’s risk management swiftly developed and implemented a set of crisis response measures.

CRISIS RESPONSE

  • Risk reassessment and prioritization
  • Development of crisis scenarios
  • Analysis of possible response measures
  • Measures to minimize the probability of risk occurrence
  • Adjustment of the risk map
  • Updates to internal documents

The table below lists the Key risks related to the Company’s business in 2020 and the measures taken to mitigate them. This table should not be seen as an exhaustive list of all TMK’s potential risks.

Risk Relative impact Risk factors Measures to eliminate the risk
Lower prices and demand for tubular products high The oil and gas industry is the largest consumer of steel pipes globally. The oil and gas industry has historically been volatile, and downturns in the oil and gas markets can adversely affect demand for tubular products, which largely depends on the number of oil and gas wells under development, their depth and drilling conditions, and the construction of oil and gas pipelines. In 2020, volatility in pipe prices was driven by deteriorating global economy, including as a result of COVID-19 restrictions.
  • Signing long-term contracts
  • Improving internal efficiency
  • Continuous monitoring of the current market situation and timely redistribution of commodity flows by regions and customers
  • Expanding the geography of supply
Increase in purchase prices for raw materials high At the end of 2020, the market saw a significant increase in prices for raw materials, in particular scrap. This trend is expected to continue in the future as business activity recovers and global coronavirus restrictions are lifted.
  • Agreeing a formula-based pricing model with suppliers
  • Optimizing raw material procurement
  • Improving raw material utilization
  • Inventory management
Legal risks arising from potential actions of state authorities low In the post-COVID unfavorable global economic environment, further protectionist measures are taken. Russia and the European Union still have political tensions, which may lead to new sanctions affecting product exports.
  • Monitoring of internal and external antitrust compliance risks
  • Analyzing international regulations governing the supply of tubular products and ensuring TMK’s compliance with their requirements
  • Control over contracts and reviews of counterparties using automated compliance systems
  • Providing training for the Company employees
Environmental risks low Our operations must comply with environmental laws in the countries of our presence.
  • A corporate-wide environmental policy
  • Environmental protection measures
  • In 2020, the Company adopted and follows a new strategy, which includes sustainability goals: improving occupational safety, environmental protection and corporate governance
Cyber risks low TMK rolls out digital technologies on a large scale in various business areas and also grows Internet communications with customers and suppliers. In 2020, the Company had to shift a significant number of its employees to remote work due to the COVID-19 pandemic. These factors may increase cyber risks.
  • TMK’s Strategy to Ensure and Improve Cybersecurity now being implemented
  • A set of measures, including infrastructure upgrades, security analysis of key information systems and resources
  • A corporate system for raising information security awareness
INTERNAL AUDIT

PURPOSE

Assist TMK’s Board of Directors/Audit Committee and executive bodies in improving the management of TMK Group by objectively evaluating the performance of internal controls, risk management and corporate governance

GOVERNING REGULATIONS

Internal Audit Policy of TMK Group, Regulations on the Internal Audit Service of PAO TMK, Internal Audit Quality Assurance and Improvement Programme (updated on May 22, 2020).

ORGANIZATION

The Internal Audit Service is an independent unit reporting directly to PAO TMK’s CEO (administratively) and to the Board of Directors via the Audit Committee (functionally), which ensures its independence and objectivity.

2020 CHALLENGES

The difficult conditions in the reporting year required Internal Audit to make non-standard decisions, revise strategies, adopt new perspectives, and accelerate audit procedures in order to provide prompt independent and objective assurance and advice to the management to take proactive and adequate measures.

The new challenges stimulated business process diagnostics across all areas, bringing a focus to key and realizable risks and triggering a revision of plans and approaches to remote mode audits.

Internal Audit addressed the challenges and met set targets, completing 20 audits to cover 32% of the Company’s Risk Map, of which 50% were key risks (the Internal Audit Service’s report was presented to the Board of Directors on December 17, 2020).

Risk map

INTERNAL AUDIT QUALITY ASSESSMENT

In line with TMK Group’s Internal Audit Quality Assurance and Improvement Programme (approved by TMK’s Order No. 216 dated May 22, 2020), usefulness and performance assessment of the Internal Audit Service is conducted annually (including self-evaluation, assessment by TMK’s management and the Board of Directors).

PLANS

Improve the Company’s control systems through cooperation and interaction between Internal Audit and business units, ensuring timely response to issues hindering the achievement of strategic objectives.

INTERNAL CONTROL OVER FINANCIAL REPORTING

CONTROL SCOPE

Reporting procedures for both standalone controlled entities and consolidated financial statements of PAO TMK.

PURPOSES

  • Compliance of the accounting policy with national and international accounting standards (RAS and IFRS)
  • Completeness and accuracy of accounting records, timely detection of errors
  • Reliability of financial statements
  • Conformity of financial statements to the law as well as national and international standards
  • Timely preparation of financial statements

CAPABILITIES

All employees engaged in the preparation of statements have a degree in accounting or finance and are regularly upskilled. PAO TMK’s Chief Accountant and the head of the department engaged in the preparation of IFRS consolidated financial statements are members of the Association of Chartered Certified Accountants (ACCA).

DIGITIZATION

The preparation of consolidated financial statements at the Company has been automated in line with the latest international standards to ensure its efficiency. With highly digitized processes, despite working from home due to the COVID-19 outbreak, the consolidated financial statements were prepared smoothly and on time.

PRINCIPLES

Centralized approach to developing accounting policies

ASSESSMENT

During the year, the Audit Committee reviewed matters of assessing the system of internal controls and minimizing risks when preparing accounting and management reports, and provided relevant recommendations to the Board of Directors.

EXTERNAL AUDITOR

The Company engages an external auditor on an annual basis to independently assess the reliability of the accounting (financial) statements prepared in accordance with RAS and IFRS.

PURPOSE

Confirm the reliability of the Company’s financial (accounting) statements prepared in accordance with national and international financial reporting standards (RAS and IFRS).

GOVERNING REGULATIONS

An external auditor to conduct an independent audit of the Company’s RAS statements is proposed by the Board of Directors and approved by PAO TMK’s General Meeting of Shareholders.

CONTROL

The Audit Committee assesses the external auditors for independence, objectivity and absence of conflicts of interest, oversees the external audit and reviews the external auditor’s opinion.

To ensure the auditor’s independence and objectivity, the following procedures are in place:

  • The Company holds a tender to select TMK Group’s auditor pursuant to the terms and conditions approved by the Audit Committee, which also organizes the tender and announces its results
  • The Audit Committee may request an early tender (including after the evaluation of the auditor’s performance and its independence)
  • The auditor is selected from among internationally recognized independent auditors and is approved by the Board of Directors.

To mitigate the risk of a long-term relationship compromising the external auditor’s independence and objectivity, members of audit teams and the lead partner responsible for the audit are subject to rotation.

PAO TMK approved Ernst & Young LLC, a member of the Self-Regulatory Organization of Auditors Association Sodruzhestvo, as the external independent auditor of its 2020 and interim consolidated and standalone accounting (financial) statements.

In 2020, the auditor’s remuneration for auditing the annual financial statements and conducting interim reviews (including audits of standalone statements of individual TMK entities) was RUB 105.0 million, RUB 15.4 million for other audit-related services, and RUB 1.8 million for non-audit services.

SHARE OF NON-AUDIT SERVICES IN THE EXTERNAL AUDITOR’S TOTAL REMUNERATION:
COMPLIANCE SYSTEM

LEGALITY

TMK Group’s Code of Ethics

The key element of the Company’s activities is strict observance of the applicable laws, the Articles of Association and policies of the Company (including this Code), and good business practices. The image and reputation of the Company, as well as that of each and every one of its employees, depend on these rules being enforced.

APPROVED by the CEO of PAO TMK, Order No. 65 dated February 26, 2019. APPROVED by the Board of Directors of PAO TMK, Minutes No. 16 dated February 08, 2019.

TMK has a clearly structured and independent compliance framework, which ensures compliance with legal and ethical standards. The system integrates preventive measures, detection of, and sanctions for, violations. This process is coordinated by the CEO’s Committee on Regulating Compliance Risks and its regional subcommittees which work based on a single plan across all TMK Group’s divisions and plants.

Compliance framework

GOVERNING REGULATIONS AND STANDARDS

TMK has the Compliance section on its corporate website, in the upper part of the top navigation panel, which contains a set of documents guiding the Company’s compliance function: https://www.tmk-group.ru/compliance.

PAO TMK follows best anti-corruption standards in its business:

  • Guidelines for Development and Adoption of Measures by Organizations to Prevent and Combat Corruption of the Russian Ministry of Labor
  • Transparency International’s Business Principles for Countering Bribery
  • Global Reporting Initiative
Book

FIGHTING CORRUPTION AND FRAUD

PURPOSE

Maintain a zero tolerance attitude toward corruption offences.

At any time of day or night, any Company employee can and should inform the Company of any incidences of the offences outlined above via the following channels:

  • by Whistleblower Hotline: 8 800 700 8072 (you may call free of charge, from anywhere in the country, round the clock)
  • by e-mail: 8072@tmk-group.com (you may send the notification from any email address)
  • by post to: 40/2a Pokrovka Street, Moscow, 101000, Hotline.

During the year, TMK implemented TMK Group’s 2020 Anti-Corruption Improvement Programm as instructed by the Board of Directors of PAO TMK (Minutes No. 5 dated September 19, 2019).

VETTING COUNTERPARTIES AND MONITORING TRANSACTIONS

Transactions within counterparties’ ownership chain are continuously monitored for conflicts of interest, with anti-corruption clauses and other mandatory conditions included in contracts and with risks of all TMK’s counterparties reviewed for sanctions risks using the X-COMPLIANCE program.

In 2020:

2,282 reports received via the Hotline
34 trainings held
2,078 employees received compliance training

MANAGING POTENTIAL CONFLICTS OF INTEREST

PURPOSE

Identify, manage and prevent conflicts of interest involving the Company employees and potential negative outcomes of conflicts of interest for the Company.

GOVERNING REGULATIONS

TMK Group’s corporate standard Regulations on the Conflicts of Interest approved by Order of the CEO of PAO TMK No. 182 dated May 13, 2019.

The Regulations define the basic principles of, and the procedure for, identifying, preventing and managing conflicts of interest. The Regulations are mandatory for all Company employees regardless of their positions.

All new hires are required to familiarize themselves with the Regulations and fill out and sign a Conflict of Interest Disclosure Form.

Statutory regulations on preventing and managing conflicts of interest are reflected in PAO TMK’s Articles of Association, Regulations on the Board of Directors, Regulations of the Management Board, Code of Ethics, Corporate Governance Code and other regulations governing procurement and other business processes.

EXPECTATIONS

Acting reasonably and in good faith, governing bodies pass resolutions on a fully informed basis, with no conflicts of interest, subject to equal treatment of the Company’s shareholders, and assuming normal risk levels

REPORT ON PREVENTION OF CONFLICT OF INTEREST IN 2020
Mechanism Compliance status
Level of the Company’s shareholders
  • Adhering to the order of, and procedure for; passing resolutions on key matters
  • Full compliance.
  • Complying with the voting procedure for interested party transactions and disclosing transactions
  • Full compliance. Transactions are disclosed as material facts in quarterly issuer reports and in this Annual Report.
  • Ensuring transparency and openness when preparing and holding Meetings of Shareholders, and prompt information disclosures on meeting agendas and resolutions passed by the Board of Directors
  • Engaging external auditors from the Big Four accounting firms
  • Full compliance. Auditor: LLC Ernst & Young.
  • Deploying dilution of value prevention tools.
  • Full compliance. Our vendors are selected in line with the corporate standards, which provide for open competitive procurement procedures.
Level of the Board of Directors
  • Members of the Board of Directors are to refrain from actions that will or may result in a conflict between their interests and those of the Company and should such a conflict arise, they should promptly disclose to the Company any relevant information:
  • Full compliance. No conflicts have been identified
  • Notify the Board of Directors of TMK securities owned by them and transactions with such securities, disclose their equity interests in controlled entities, contemplated transactions in which such members of the Board of Directors could be deemed interested (with the existing interest and its grounds to be promptly disclosed)
  • Full compliance.
  • Notify the Board of Directors of their intention to join the governing bodies of other entities (apart from the entities controlled by the Company) and of being elected (appointed) to such bodies.
  • Full compliance.
Level of PAO TMK employees
  • Employees must provide the Company with information, in writing, regarding any conflict of interest between the employee or their close relatives and the Committee on Regulating Compliance Risks (Subcommittee).
  • In 2020, Subcommittees reviewed 12 cases of potential conflicts of interest at Its meetings (8 of them were confirmed).
  • Protecting employees from adverse consequences due to a reported conflict of interest that has been promptly disclosed by the employee and managed (prevented) by the Company.
  • Full compliance. The Company has in place whistleblower protection mechanisms, and no cases of retaliation have been identified.

Each conflict of interest is reviewed and managed as any new case arises.

The Company’s special authorized body responsible for prevention and settlement of conflicts of interest is the Committee on Regulating Compliance Risks.

FEEDBACK

To enable public control, TMK operates a hotline information system (telephone lines and email — 8072@tmk-group.com), which can be used by the Company’s employees, investors, clients and other stakeholders to report any known abuse or violations. Overall, in 2020, TMK’s hotline received 1,138 calls (up 32% year-on-year) and 1,144 e-mails (up nearly 34% year-on-year). The appropriate personnel and management decisions were taken to address the confirmed cases.

PROTECTION FOR WHISTLEBLOWERS

To ensure the anonymity of whistleblowers, all incoming information is directed to a dedicated group of three authorized members of the Committee on Regulating Compliance Risks, who have signed a non-disclosure agreement.

TRAINING

The Committee on Regulating Compliance Risks organized training workshops for senior managers and members of the Board of Directors as well as regular trainings for employees of TMK Group entities.

Nine employees of TMK Group entities were trained under the ICA program, passed exams and received international certificates in basic compliance. The head of the Compliance Risk Department holds an international professional diploma in Compliance and is an Honorary Member of the International Compliance Association (ICA).

During 2020, the Company held 34 trainings (taking into account COVID-19 restrictions) on identifying, assessing and managing compliance risks, covering a total of 1,828 people.

In addition, 250 people were trained in the Compliance Risk Management programme as part of distance learning on the TMK2U platform. The Company launched the PAO TMK’s Code of Ethics. The Company further launched the On the Shop Floor interactive course on the platform in December 2020 and continues to develop new projects, such as PAO TMK’s Code of Ethics. Office, Sanctions Compliance, and Conflict of Interest.

KU_Obuch

DIGITIZATION

With some employees shifting to remote work, a new security awareness tool was introduced via the Mobi2U corporate mobile app.

phone

Every Company employee can find out news on TMK’s security system at its enterprises from their mobile phone in the regular On the Lookout! column and also use the mobile app to take an active part in protecting corporate property, ethical standards and values.

phone2

PUBLIC ACTIVITY

TMK is a member of the International Compliance Association (ICA).

icassoci

TMK is a member of the Russian Union of Industrialists and Entrepreneurs (RSPP) and has signed the Anti-Corruption Charter of Russian Business.

TMK regularly participates in the All-Russian Interactive Anti-Corruption Campaign launched by the Russian Chamber of Commerce and Industry.

ASSESSMENT

TMK Group’s 2020 anti-corruption report was discussed at a meeting of the Audit Committee (minutes dated December 16, 2020) and received a positive assessment.

PLANS

  • Pass certification to international standards ISO 19600 Compliance Management Systems and ISO 37001 Anti-Bribery Management Systems in 2021 in line with TMK Group’s Anti-Corruption Improvement Programme
  • Launch distance courses PAO TMK’s Code of Ethics. Office, Sanctions Compliance, and Conflict of Interest.
INFORMATION SECURITY

PURPOSE

Protect commercially sensitive confidential information, insider information and personal data of employees, shareholders and partners.

GOVERNING REGULATIONS

Strategy to Ensure and Improve Cybersecurity to 2022, Information Security Policy of TMK Group Russian Entities, the medium-term programme to improve security of TMK’s IT infrastructure.

ORGANIZATIONAL STRUCTURE

Vice President for Security, PAO TMK’s Information Technology Department, PAO TMK’s Economic Security Service, PAO TMK’s IT Infrastructure Protection Department, as well as local cybersecurity departments and desks at PAO TMK’s entities.

Adapting to current business realities and taking proactive steps, TMK promotes rapid automation/digitization of its operations. As they are mostly performed in IT systems, this significantly increases cybersecurity requirements.

DELIVERING THE 2019–2022 STRATEGY TO ENSURE AND IMPROVE CYBERSECURITY IN 2020

The projects planned for 2020 under the Strategy were, as the events of the past year have proven, strategically timely and substantiated and were implemented in full, establishing TMK’s leadership in technology in challenging conditions for business.

IT Security Projects in 2020

Following the requirements of the corporate information security standard, in early 2020, TMK transitioned to the hybrid IT infrastructure, creating a cloud-based virtual data center fully integrated with the corporate infrastructure.

  • TMK was one of the first companies in Russia to start the process of shifting its workforce to remote work. The Company’s IT team was able to implement a flexible cloud solution that enabled a smooth shift with practically no interruptions in business processes or additional costs. During the pandemic, almost 9,000 TMK employees (about 20% of the total headcount) shifted to remote work.
  • In 2020, TMK set up and launched the Security Operations Center (SOC) connected to the key sites of the Russian division, including the executive office and main data centers. The center serves as a platform for centralized monitoring and responding to information security incidents within TMK Group and also interacting with the State System for Detection, Prevention and Consequence Management of Cyberattacks on Web Resources in the Russian Federation (GosSOPKA). We have already seen tangible benefits from these measures amidst a growing number of cyber attacks during the COVID-19 related lockdown.
  • TMK implemented a corporate information security awareness system comprising a whole range of measures to improve digital hygiene: interactive courses and trainings on countering phishing and social engineering methods on the platform of TMK2U Corporate University, regular newsletters, etc.
CYBER RESILIENCE, IT RISKS, DEVELOPMENT

The conditions in which TMK had to work in 2020 have served as a testing ground for IT and information security systems in a real business environment and confirmed the systems’ reliability. As part of the corporate risk management system, cybersecurity risks were identified in a timely manner and promptly responded to, with measures developed to minimize key risks and their potential consequences in the future.

KEY IT RISKS

  • Loss of control over the Company’s information systems regulating business process due to unauthorized access to the corporate network (i.e. cyberattacks)
  • Disruption of business continuity
  • Loss of control over information sources, data leaks from information systems.

PLANS

  • Ensure IT security of TMK’s digital transformation projects
  • Assess the maturity of cyber security in TMK’s Russian division: develop a methodology, conduct the assessment, develop follow-up measures and solutions. These measures will significantly enhance the information security efficiency
  • Proceed from audits and preparations to implementing measures and deploying security systems at critical facilities (in line with the requirements of Federal Law No. 187-FZ On Security of Critical Information Infrastructure of the Russian Federation) in 2021–2022
  • Conduct corporate cyber security awareness training
p113