VR CORPORATENEXT has implemented a comprehensive and structured Internal Control and Risk Management System (ICRMS) that is integral to its corporate governance framework. This system is designed to provide continuous monitoring and mitigation of the principal risks inherent in the company’s activities, with the overarching objective of ensuring sound, prudent, and effective management in accordance with regulatory expectations and industry best practices.

​

The ICRMS is articulated in alignment with the internationally recognised "three lines of defence" model, which delineates roles and responsibilities across distinct control layers, thereby reinforcing the integrity, accountability, and effectiveness of risk governance throughout the organisation.

​​

​

FIRST-LEVEL CONTROLS: OPERATIONAL LINE CONTROLS.

 

These controls are embedded within day-to-day business operations and are performed directly by the organizational units that originate and manage the processes. They are primarily preventive in nature and are designed to ensure the correct execution of activities in compliance with internal procedures, assigned responsibilities, and regulatory requirements.

This level includes both manual and automated controls implemented by business units and support functions, including risk owners, process owners, and administrative personnel. Their responsibilities include the identification, assessment, and primary mitigation of risks, as well as the implementation of corrective actions where necessary.

​​

​

SECOND-LEVEL CONTROLS: RISK OVERSIGHT AND COMPLIANCE FUNCTIONS.

​

These are conducted by specialized control functions that are independent from the business units and are responsible for the ongoing monitoring and validation of the risk management framework and compliance with applicable laws, regulations, and internal policies.

Key Second-Level control functions include:

• Risk Management, which ensures the identification, measurement, assessment, and monitoring of all material risks as credit, market, operational, reputational, and liquidity risks, and the consistent application of risk policies and methodologies across the organization;

• Compliance Function, which verifies that the company operates in adherence to legal and regulatory provisions, including supervisory requirements and internal conduct rules;

• Anti-Money Laundering (AML) Function, which ensures the effective implementation of AML and counter-terrorist financing controls, in accordance with national and international standards, and oversees the adequacy of customer due diligence and suspicious activity reporting processes.

 

These functions operate autonomously and report directly to senior management and governing bodies, ensuring a robust second line of defense capable of intervening proactively to mitigate emerging risks and compliance failures.

​​

​

THIRD-LEVEL CONTROLS: INTERNAL AUDIT FUNCTION.

 

The Internal Audit Function constitutes the third line of defense and performs independent, ex-post assessments of the entire Internal Control and Risk Management System. Its mandate includes evaluating the design, operational effectiveness, and overall adequacy of governance, risk management, and control processes across all organizational levels. Internal audit activities are conducted in accordance with a risk-based audit plan, approved annually by the Board of Directors, and are aligned with the standards of the Directives and the Law.

The function provides assurance to the Board, the Audit Committee, and senior management regarding the reliability of controls, and issues recommendations to strengthen the control environment, remediate deficiencies, and support the achievement of strategic and operational objectives.