1. TNK-BP:Fraud Risk management process International Business Leaders Forum Feb 28, 2007

2. 2 2 Fraud Risk Management 1 Reporting and communication Monitoring, Auditing, Lessons Learned Fraud-risk assessment (re- assessment) Development of the control environment (antifraud) Design, development, implementation & execution of the anti-fraud programs and controls Fraud Risk Management Consistent approach is needed Fraud Risk Management Project Code of Business Policies Security Block Activities Contracts Process Trading and Revenue Accounting Accounting Transformation Project Supply Chain Management Re-engineering Internal Controls Improvement Project Security Block and Internal Audit Activities Policies and Standards Social Spend Due Diligence

3. 3 3 Key Elements of Fraud Risk Management Effective Fraud Risk Mitigation Prevention Detection Investigation Whistle-Blowing Risk Assessment Specific Mitigation Actions Education & Awareness Training Creation of anti-fraud culture/ behaviours Lessons Learned and Communications Process Tailored internal controls & compliance program Security/Audit Investigations Forensic investigation resources Fraud investigation principles HR/Disciplinary Procedures Tip-offs Line Management Fraud audit program Data Mining Tools Computer Imaging and Analysis Fraud policyCode of Ethics Internal Reporting Security & Internal Audit Regulations 2006 Plan of mutual actions & coordination Internal Audit & Security

4. 4 4 Corporate Normative documents related to Enterprise-wide Fraud risk management system (continued) TNK-BP Code of Business Policies TNK-BP Security Policy Corporate Standard The Principles of Business Operations Corporate Standard “ The Principles of Business Operations ” Corporate Standard Internal Control and Finance Corporate Standard “ Internal Control and Finance ” Security Security and Internal Audit Internal Audit PreliminaryCheck Investigation Monitoring Security and Internal Audit Interaction Procedure Assessment Fraud Investigation Procedure Security Investigation Procedure Internal Audit Regulations Key Procedures/ Regulations Policies/ Standards Stream/ Function Documents

5. 5 5 Completed in 2006 The Fraud Investigation Principles adopted and Fraud Investigation Corporate Procedure approved, which: For the first time ever in the Russian private corporate arena introduced a clear and comprehensive definition of “Fraud” and its difference from “Negligent conduct” and/or “Operational error”. Defined the purpose and goals of fraud investigation Stated that: “…an Investigation is aimed at improving performance of the Company through implementation of systematic measures to prevent fraud and improving efficiency and effectiveness of internal control”. Main goals of Investigation determined as follows: -To determine whether fraud was committed or not. -To determine scope of inflicted damage or prevent further damage. -To identify employees involved in fraud and determine their level of culpability to enable appropriate measures to be taken against them. -To recommend systematic actions required to prevent fraud recurrence. Set a sequence of actions in the fraud investigation process. Clearly delineated roles of Corporate Security, Internal Audit and Line Management in the fraud investigation process. Resulted in a breakthrough in Line Management’s understanding of: -fraud classification in the context of Company business activities -fraud investigation process stages -importance of Line Management’s role in fraud identification, investigation and prevention TNK-BP Hot-Line for fraud/corruption reporting was put in place

6. 6 6 Definition of Fraud (As stated in the Fraud Investigation Procedures of TNK-BP) Fraud: actions (inactions) committed voluntarily with a direct or indirect intent (i.e. where the person was cognizant of the threat of his actions (inaction) to the Company, could foresee possible and inevitable hazardous consequences and wished them to materialize or was indifferent to the onset thereof), and which resulted in, or were reasonably likely to cause, damage to the Company with a view to receive unjustified benefits and privileges for him or herself or any other persons. Negligent Conduct: improper performance of duties by Company employees which results in, or is likely to cause, unintended damage to the Company, without a view to receive benefits and privileges for him- or herself or any other persons. Operational Error: actions of Company employees committed in good faith which result in, or are likely to cause, unintended damage to the Company as a consequence of reasonable operating risk assumed by them in the course of proper performance of their duties. Criterion Act Willful and Voluntary Intent Damage to Company Unjustified benefits for employee or other persons Persons acting in good faith FraudYes No Negligent Conduct NoYesNo Operational ErrorNoYesNoYes

7. 7 7 Next steps Complete development of Integrated Company-Wide Fraud Risk Management Program as a practical management tool supporting Policy implementation; such Program to include practical and regular actions by Security, Internal Audit, Financial Control and Line Management aimed at mitigating fraud risk and making it more manageable. Appoint a Corruption Risk Manager to act as a Single Point of Accountability for the Integrated Fraud Risk Management Program implementation.