As a large company, we continually run risks. The skill lies in knowing which risks could affect our strategy and then in taking the right measures in order to manage those risks. That is the way we protect our customers, employees, shareholders and our own reputation.
Each of our business units has its own ‘Risk Champion’, who is responsible for recognising and identifying the relevant risks in that unit. We report to the Risk & Compliance Committee two times a year. Every year, our Privacy, Risk & Compliance team analyses and identifies the most important risks, safeguards the quality of the control process and coordinates the deployment of measures. Each risk has an owner, who is responsible for the measures being taken to control that risk.
Below you will find – in random order – the most important themes that posed risks to us in 2021, including the measures we took to control those risks.
The most important risks in 2021, in random order, were:
The risk that a failure occurs in critical parts of our networks, systems or platforms. This would mean that we could no longer supply some of our fixed or mobile services and would result in reduced customer satisfaction, reputational damage and/or fines from regulatory authorities.
We have a very low tolerance for network, IT and platform disruptions that could have major consequences for our customers. Recovery objectives and control measures have been determined for critical assets in order to limit the impact of service interruptions. We continuously monitor all networks, systems and platforms for (possible) technical failures and take immediate action to limit the consequences of such failures for our customers. In the event of incidents, we carry out root cause analyses in order to fully understand how we can solve the underlying problems.
The risk of a cyberattack, both inside and outside the organisation. An attack of that type can, among other things, cause data breaches and network failures. Cyber threats can lead to major consequences for our customers, finances and reputation.
We actively identify all risks and threats. We design control measures and apply them in all business units. In this way, we can prevent most attacks, immediately detect incidents and react quickly to limit the damage. In order to be well prepared, we regularly rehearse simulations of a cyber crisis together with senior management.
The risk of disruptive competition from telecom providers (major acceleration in the building of networks) offering a possibly improved customer proposition. This would give rise to a risk that VodafoneZiggo were no longer able to compete with other technological service providers.
This risk is difficult to control due to the many external factors. It is therefore important that we keep a close eye on market developments and respond to developments. That means, among other things, that we need to continue innovating and that we must continue to offer distinctive products, services and content (sports, films, series and TV programmes.
Not being able to fulfil customer expectations
The risk that we are unable to fulfil our customers’ expectations by means of our products, services and total customer experience, due, for example, to errors in our systems or products, or due to an unpleasant experience with our customer service. Negative experiences such as these can result in customers switching providers.
We carry out all kinds of projects that contribute to a positive customer experience, such as projects to further improve our products and services. We continuously monitor shifts in the customer experience and try to tailor our projects and internal processes to those insights.
The risk that the regulatory landscape changes due, among other things, to case law and new legislation. This is a well-known risk. There is increasing pressure from complex national and international legislation and regulations. This pressure has a major impact on our organisation and strategy and can also put as at a disadvantage compared to our competition.
The Regulatory Affairs team closely follows the latest developments in the field of legislation and regulations within our industry, and holds regular consultations with the government and other stakeholders on this.
Not complying with legislations and regulations
The risk that we fail to comply with legislation and regulations in the markets in which we are active (e.g. GDPR, anti-bribery, competition law, consumer law, consumer credit regulations) or with internal standards, policy and guidelines.
As an organisation, we strive to comply with all legislation and regulations on a daily basis. For example, we have a Code of Conduct and a framework of risks, policy and control measures. We steer the organisation, both proactively and reactively, in order to remain within the parameters laid down by law. We achieve this, for example, by means of various compliance programmes, supplemented with all kinds of training courses and awareness-raising activities. We also carry out frequent monitoring, review and audit activities in order to ensure compliance with legislation and regulations. In all of these areas, we are accountable to the Risk & Compliance Committee.
Data integrity/quality and data management
The risk that data quality and data management are not satisfactory and that we therefore do not have a proper basis for taking decisions. The result of this may be that we do not make the proper progress in our digital transformation, for which data quality is very important. This may lead to a negative impact on our customers and may hinder the achievement of our commercial and strategic objectives.
We have also appointed a Data Officer, who will bear ultimate responsibility for data quality and for the implementation of our improvement plans. We have made good progress within our initiatives to improve data quality and data management, both in terms of getting our data to the right quality level, as well as ensuring – by means of policies and measures – that we maintain that quality.
Company & IT transformation
VodafoneZiggo has many and complex IT systems. We are constantly searching for efficient ways to build and/or migrate those IT systems. Due to their complexity, however, there is always a chance that something may go wrong and that it will have major consequences for our customers, revenues, costs, synergy objectives and reputation.
The risk owner and management regularly discuss the progress of the programmes and the status of the risks. Where necessary, we adjust them and difficult decisions are taken in a risk-oriented way.
In 2022, we will conduct further research into three new risk areas. These are: employees/integrity risk, outsourcing risk and ESG guidelines (Environmental, Social and Governance). We will chart what, for us, are the most important risks in that regard and what control measures are needed.