Risk Management

Principal risks across the Group are managed on a day-to-day basis by the executive management team and steps are taken to assess whether the business is within the Group’s risk appetite as set by the Board. The Board receives regular feedback on the degree to which management is operating within acceptable risk tolerances. All members of the executive leadership team have individual ownership for one or more of the principal risks. Management of these risks forms part of their personal objectives.

Set out below is the Board’s view of key risks and uncertainties currently facing the Group. They are ranked by net predicted impact.

Breach of legal and regulatory requirements

How does it impact the Group?

It is possible that our employees or overseas representatives, either individually or in collusion with others, could act in contravention of our stringent requirements in relation to bribery and corruption, anti- competitive behaviours and management of third party partners (TPPs).


What are we doing to mitigate it?

We are accredited to the Banknote Ethics Initiative, which provides governments and central banks with assurance regarding our ethical standards and business practices.

Our commitment to ethical standards is articulated in the Code of Business Principles. This is supported by underlying policies which are reviewed regularly and enforced robustly. Where necessary, non-compliance is dealt with through disciplinary procedures.

We have a particular focus on raising awareness as well as training on anti-bribery and corruption, and competition law. Our policies and processes are independently audited.

Our process for the appointment, management and remuneration of TPPs operates independently of the sales function. The behaviours of TPPs are strictly monitored and the TPP process is overseen by the General Counsel and Company Secretary, who reports directly to the Board on these matters. To reduce the exposure of TPPs, we are working on migrating them to employee relationships.


Our whistleblowing policy and associated procedures are integral aspects of the compliance framework.

Mergers and Acquisitions

How does it impact the Group?

We are seeking to grow our business both organically and through appropriate partnerships and acquisitions.


What are we doing to mitigate it?

We have a controlled process for reviewing all opportunities that have to meet certain criteria before being able to progress to full due diligence and offer stage. The Board has to approve all such transactions before they can proceed.

Failure to maintain and exploit competitive and technologically advanced products, services and manufacturing processes

How does it impact the Group?

We operate in competitive markets. Our products and services are characterised by continually evolving industry standards and changing technology, driven by the demands of our customers. Longer term threats could include the growth of eCommerce, the emergence of cashless societies and lower barriers to manufacturing.


What are we doing to mitigate it?

We maintain sustained levels of investment in research and development to ensure a steady flow of ideas into our innovation pipeline. Our product roadmaps are designed to meet our customers’ needs. Our materials science expertise and software science team are centralised in the UK. These teams follow defined technology management processes, which include regular pipeline and portfolio reviews.

We continue to invest in new technologies to enable us to advance our R&D and manufacturing capabilities, and have increased our focus on digital technologies since the strategy review in 2015.

We aim to double our R&D investment in the five years to 2020.

Quality management failure

How does it impact the Group?

Each of our contracts has a unique specification on product quality and delivery. Some of these contracts demand a high degree of technical specification.


What are we doing to mitigate it?

We operate an established quality management system across all production sites. All major sites are certified to ISO9001 quality management standards.

In 2012, we introduced an Operational Excellence programme to further drive continuous improvement across our manufacturing sites. In 2017-18, we introduced further capital and operational investment to increase quality management in response to increasing quality standards demanded by our customers.

Supply chain failure

How does it impact the Group?

We have close trading relationships with a number of key suppliers, including unique producers of specialised components that we incorporate into our finished products.

With the sale of Portals De La Rue Limited, our paper supplier now moves to become a third party supplier.


What are we doing to mitigate it?

Where we rely on external supply, we have established procedures for identifying possible risks for each supplier. Key suppliers are managed through a supplier relationship management programme. This incorporates checks on their financial strength and their ability to deliver to our quality standards and security, as well as their business continuity arrangements. Key suppliers are audited on a rotational basis.

As a contingency, alternative suppliers are pre-qualified wherever possible and where necessary we retain higher levels of stocks.

Unpredictability in the timing and size of substantial contract awards

How does it impact the Group?

Political and other factors can delay government procurement decisions for sensitive products such as banknotes and passports.


What are we doing to mitigate it?

We maintain close and regular contact with customers so that any changes in timing and requirements are recognised promptly.

We monitor our sales activity, order pipeline and forward order book to optimise production planning and ensure that delivery to customers is on time and in full.

We also monitor any delays in order confirmation on a weekly basis. This enables us to maintain flexibility in the supply chain as far as possible, and to accommodate any changes to production planning.

To minimise future unpredictability, we proactively pursue longer term commitments from customers. We also aim to grow recurring revenues by expanding our digital and service offerings.

Failure to win or renew a material contract

How does it impact the Group?

While we operate globally and have a diversified geographic, product and customer profile, we rely heavily on a small number of medium and longer term material contracts.


What are we doing to mitigate it?

Our business involves tendering for long term contracts on a constant basis. We have dedicated bid specialists and where necessary contract in additional resources for the largest strategic bids. We employ complex sales methodologies to identify and qualify opportunities. These measures, along with our focus on customer service and quality mean that we are well positioned to win or renew strategic or significant contracts.

We are focused on retaining key contracts, as and when they fall due for renewal, and on winning new opportunities as they arise. However, as the UK Passport contract award announced in March 2018 shows, there can be no certainty that we will win all major contract tenders.

Our order book as at March 2018 was 6% above that of March 2017.

Capacity for change

How does it impact the Group?

Our business has seen a considerable level of organisation change over the last three years. The Board expects there to be a similar level of change over the next two to three year period.


What are we doing to mitigate it?

Our change goals are incorporated into the annual objectives each year, so that all staff understand and are familiar with our priorities. All change initiatives are reviewed and approved by the ELT following risk analysis. All change initiatives are managed through programme managers with progress monitored and reported to the ELT and Board.

Pension fund deficit

How does it impact the Group?

The Group’s UK defined benefit pension scheme (the Scheme) is in deficit. As at 31 March 2018 the deficit as accounted for under IAS 19 was £87.6m (25 March 2017: £237.0m).


What are we doing to mitigate it?

We continue to work with the pension trustees to explore methods of improving the return of the Scheme’s assets and reducing the Scheme’s liabilities. As announced in November 2017, the trustees changed the primary index for increased Scheme benefits to the Consumer Prices Index. The movements in the assets and liabilities as measured under IAS 19 are in note 24 of the financial statements.

Loss of a key site

How does it impact the Group?

All our manufacturing sites are exposed to business interruption risks.


What are we doing to mitigate it?

Our head office and the banknote production operations in Debden and Gateshead UK are both accredited to the ISO22301:2012 Business Continuity standard.

We maintain a degree of interoperability across our banknote production and security printing sites. We aim to minimise risk by adopting the highest standards of risk engineering in our production processes.

In recognition of our customers’ increasingly high requirements regarding business continuity, we continue to enhance the resilience of our major facilities in line with the ISO standard.

Health, safety or environmental failure

How does it impact the Group?

All of our activities are subject to extensive internal health, safety and environmental (HSE) procedures, processes and controls. Nevertheless, there is a risk that any failure of an HSE management process could result in a serious incident.


What are we doing to mitigate it?

At all major facilities, we have a robust HSE management system which is internally audited and certified to the OHSAS18001 and ISO14001 standards.

All of our activities are subject to extensive internal HSE procedures, processes and controls.

The Group HSE Committee regularly reviews HSE performance. This is also monitored by the Chief Operating Officer’s leadership team and reported to the Board monthly.

Each manufacturing facility has clear HSE action plans which are prioritised, monitored and subject to review by local senior management to ensure that health and safety standards are maintained.

Functionality and information security risk

How does it impact the Group?

Increasingly, our business involves providing software to customers. Poor quality of the functionality and information security built into the software and associated hardware could affect the confidentiality and integrity of our customer, employee and business data. Factors that could potentially impact functionality and information security include human error, ineffective design or operation of key data security controls, or the breakdown of IT control processes.


What are we doing to mitigate it?

Our corporate information systems are accredited to the ISO27001 Information Security standard. We strengthened governance processes in 2017 with the introduction of an Information Security Steering Group.

We maintain a strict control environment to enforce disciplined software development and information security practices and behaviours. A number of key technical controls are in place to manage this risk, including agile software development techniques, quality reviews, regular testing, network segregation, access restrictions, system monitoring, security reviews and vulnerability assessments of infrastructure and applications.

We regularly review all aspects of information security arrangements, and our employees undertake mandatory information security e-learning.

Product security

How does it impact the Group?

Loss of product or high security components from a manufacturing site could occur as a result of negligence or theft. Loss of product while in transit, particularly during transhipment, through the failure of freight companies or through the loss of an aircraft or vessel as a result of an accident or natural disaster, is also possible.


What are we doing to mitigate it?

We have robust physical security and materials control procedures at our production sites, which reduce the risk of inadvertent loss or theft during manufacturing. We apply stringent operational procedures – and use carefully selected carriers and personnel – to handle movements of security materials between our sites and onward delivery to customers. All movements are risk managed and monitored globally on a 24/7 basis. We also maintain a comprehensive global insurance programme.