We believe it is important to know which risks may influence our strategy. We want to take the right measures to manage these risks in order to protect our customers, employees, reputation and shareholders. In each business unit, an employee is responsible for recognising and listing all relevant risks in their business unit. These employees report to the Privacy, Risk & Compliance Team of VodafoneZiggo, four times a year. This team safeguards the quality of the process, coordinates company-wide risks and sets out the ten most important risks. The risk owner is responsible for implementing measures to manage the risk.
In the summary below, we have set out the ten most important risks that we faced in 2020 and what control measures we took to in order to manage these measures. Alongside the ten risks concerned, we also identified other risks, including risks with regard to the environment. We have provided a description of those risks in the chapter concerning our impact on the environment.
The ten most important risks in 2020, in no particular order, were as follows:
The risk of the implementation or migration of IT systems not going according to plan, with major consequences for our customers, revenues, costs, synergy targets and reputation.
Control measures: The risk owner and management regularly discuss the progress of the programmes and the status of the risks and make adjustments where necessary.
The risk that an important part of our infrastructure will be disrupted. This would mean that we would no longer be able to provide some of our services, such as our network, applications and other systems used by our customers. This can have a major effect on our customers and our turnover.
Control measures: We introduced many measures and projects in order to develop a fast, reliable and future-proof network and infrastructure, the focus of those being to prevent failures as much as possible. If a failure occurs, our aim is to be the most effective possible position to be able to communicate with our customers and other stakeholders, such as supervisory authorities and the government. We continually monitor all networks for (possible) technical failures and take immediate action to limit the consequences of such failures for our customers. In order to achieve this, we have set up a special team, the Crisis Management Team (CMT), which ensures that all necessary steps are taken to successfully control, manage and repair all of the company’s operations that are affected following a crisis, and to inform customers and other stakeholders of the failure in good time.
The risk of a cyberattack, both inside and outside the organisation. Cyberattacks can cause data breaches, network malfunctions, and other things besides.
Control measures: We are constantly improving prevention, detection and corrective measures to increase security and reduce the risk of cyberattacks. In addition, we comply with the general safety guidelines applicable in that regard and we follow the latest developments closely.
The risk of more and increasingly complex regulation that may have a major effect on our organisation and strategy, possibly putting us at a disadvantage in relation to our competitors. Two of the areas in which risks of this type may occur are spectrum auctions and cable access.
Control measures: The Regulatory Affairs team follows the latest developments in the field of legislation and regulations. This team regularly consults with the government and stakeholders with regard to new developments in the field of legislation and regulations within our industry.
The risk that we fail to comply with competition law. This can have an effect on our customers and may lead to the government imposing sanctions on us.
Control measures: To manage this risk, we draw our employees’ attention to the guidelines on competition. Our people are also able to consult these rules on the intranet at any time. We provide individual training and have put in place mandatory e-learning for all employees of VodafoneZiggo.
The risk that we fail to comply with the laws and regulations for consumer credit, possibly resulting in excessive lending by consumers. If we fail to comply, the government may impose sanctions on us.
Control measures: All colleagues who have contact with customers are obliged to follow a training course about the regulations relating to consumer credit. Each of them is required to take the banker's oath. We also take other prevention and detection measures to further limit the risk. We are constantly looking at how to improve our compliance programme.
The risk that we fail to comply with the privacy regulations. This can have a damaging effect on our customers and our reputation. The government can impose sanctions.
Control measures: We introduced the renewed privacy legislation by implementing an organisation-wide programme. Our Privacy Office keeps track of all developments in the area of privacy and works to reduce the risks.
Read more about privacy
Meeting customers’ expectations
The risk that we are unable to offer our customers the experience they expect. Possible reasons for this include faults in our systems, in our products and in our customer service.
Control measures: We carried out various projects that contributed towards a positive customer experience and perception. Examples of these included the transition to digital television for our customers and switching off the 3G network. Some projects are still ongoing. We continuously monitor the customer experience and any changes, in all parts of our organisation.
Data quality and data management
The risk that data quality and data management are not satisfactory and that we therefore do not have a proper basis for taking decisions. This can have a negative impact on our customers and can also make it harder for us to achieve our commercial and strategic goals.
Control measures: We are developing various initiatives and projects to improve data quality and data management. We have also appointed a Data Officer, who will bear ultimate responsibility for data quality and for the implementation of our improvement plans.
The risk of disruptive competition from telecommunications providers, new entrants to the market and from content and media providers such as Amazon, Google and Apple. This may cause customers to choose other suppliers, which would have a negative effect on our turnover and our profits.
Control measures: This risk is difficult to control due to the many external factors. We keep a very close eye on market developments and continue to provide distinctive content (sports, films, series and TV programmes), in addition to other products and services.
In order to continually monitor our ten most important risks and to maintain a clear overview of them, we categorise our risks along two axes. Which of the categories a risk is assigned to is determined by two factors: how likely is it that a risk will arise and what impact would this have with regard to achieving our strategic objectives? In assessing the impact, we not only seek to determine how significant an effect this will have on our organisation, strategy and objectives, but also set out to establish the financial impact and the possible damage to our reputation. In assessing the likelihood, we look at the probability that a particular risk will arise.
In the case of privacy risk, for example, the consequences with regard to our customers’ privacy, but also the possible enforcement actions taken by the supervisory authority if we fail to fulfil the privacy regulations are important factors that are taken into account when determining the ultimate impact of a risk and its position on the risk matrix. In the case of any technical faults that arise, the significant impact these have on our customers also play a major part in the ultimate evaluation. For these reasons, both of those risks appear in a high position in our risk matrix.