<< < > >>
 
| Full PDF report | Print this page |
Annual Report & Accounts 2016 - Principal risks/Viability statement
slide
<< < > >>
32 Principal risks/Viability statement GVC Holdings PLC Annual Report 2016 PRINCIPAL RISKS 1 TECHNOLOGY The Group's customer offer includes products operated using different labels and gaming licences, the majority of which are now driven by the Group's proprietary technology obtained through the acquisition of bwin.party. In an industry where service reliability and integrity are key differentiating factors, our continual commitment to providing a reliable, safe, secure, compliant and continuous service has continued to be the Group's focus this year. Subsequent to the acquisition of bwin.party, the Group initiated a significant technology platform migration which carries inherent project risk. Other technology-related risks, such as our continuing operations in the event of a natural or man-made disaster, have been addressed with a substantial investment and both the Group's disaster recovery and business continuity solutions. With continuous shifts in how consumers choose and are able to access our services (via different devices and/or channels), the process of maintaining and improving our technology will become more complex. Mitigating factors In May 2016, the Internal Audit function performed a cyber security review over the key systems and interfaces that collectively form the gaming platform, over both the bwin.party and GVC infrastructures. The resilience to cyber and denial of service threats have been carefully considered and improved upon following the recommendations arising from this review. Furthermore, the Group has committed to maintain its ISO 27001 Information Security Management System certification, and is progressing with consolidating its ISO 27001 certification across the locations inherited through the bwin.party acquisition. Part of this process involves an internal audit review from an information security perspective of all certified sites across a three-year cycle, which form part of the internal audit annual calendar. The technology platform migration has been executed in phases, by label and territory to minimise risk and customer impact. The Group aims to complete the migration by the end of 2017 and subsequently decommission legacy systems. 2 REGULATION Focusing on nationally regulated and/or taxed markets safeguards our gaming revenues from potential national legislation threatening to prohibit or restrict one or more of the products that we offer, or online gaming entirely. There are potential risks for the Group from all markets where regulation is not clearly defined or adopted, especially in relation to EU law. Mitigating factors To manage this risk, the Group maintains a dialogue (either directly or indirectly) with national governments and regulators of to-be regulated markets. The Group's compliance and regulatory affairs teams keep abreast of the regulatory landscape and report to the Board on any developments. However, it should be noted that most of the risks in relation to the regulatory landscape are outside of the Group's direct control. Operating in nationally regulated and/or taxed markets requires the Group to comply with the rules and protocols of the particular regimes. Currently, the Group holds 31 licences each with their own unique regulatory requirements. The need to sometimes develop bespoke technological, operational and promotional offers in each market requires significant investment. The Group is committed to meeting its licence obligations and monitors its compliance with regulatory requirements by performing reviews of its licensed operations on a periodic basis, with the results reported to the Audit Committee. The Group also submits the licensed entities to a series of external audits by regulators and industry specialists to ensure that policies and procedures are being followed as intended. 3 TAXATION The Group has companies and employees spread over a number of jurisdictions which creates tax risk if actions and decisions are being made in the wrong jurisdictions by the wrong companies. In addition, these companies contract with one another for services which are subject to scrutiny by local tax authorities. The Group's strategic focus is to operate in nationally regulated and/or taxed markets. Revenues earned from customers located in a particular jurisdiction may give rise to further taxes in that jurisdiction. If such taxes are levied, either on the basis of existing law or the current practice of any tax authority, or by reason of a change in law or practice, then this may have a material adverse effect on the amount of tax payable by the Group. On 1 January 2015, new VAT rules came into force across the EU impacting several areas of the digital economy. Gambling has typically been exempt from VAT but falls within the rules for VAT on electronically supplied services. Under EU law, Member States have the ability to apply VAT to gambling, subject to certain limitations and conditions, and tax may be due depending on where customers are located and how Member States implement any exemption. Whilst substantial uncertainty remains, in light of the new rules the Group is now filing for, and paying VAT, in certain EU Member States. It is possible that VAT could be payable in other EU Member States. Mitigating factors Group companies operate only where they are incorporated, domiciled or registered across countries. The multi-location set up of the Group gives rise to transfer pricing risk, mitigated by the fact that all intra-group transactions are documented and take place on an arm's length basis unless local legislation or other business conditions make an arm's length basis impossible or impractical. Following the acquisition of bwin.party, the transfer pricing arrangements are in the process of being reviewed by the Group's Director of Tax. As well as holding workshops with senior management and business unit leaders, he also meets at least once a year with the Board to review tax strategy and management. There are a number of potential risks and uncertainties which could have a material impact on the Group's future performance. To mitigate against these risks, the Group conducts a continuous process of assessments that examine whether any risk has increased, decreased or become obsolete; identify new risks; and evaluate the likelihood of each risk occurring and the impact it would have on the Group. Our principal risks fall into five broad categories which are set out below, along with how we seek to manage them. More detail on our approach to risk management can be found in the Audit Committee Report on pages 46 to 50 of this Annual Report: