Risks & uncertainties

Loss of customer assets or data risk

Fraud, cyber and physical security

Risk The risk that customer assets or data are misappropriated as a consequence of a fraud perpetrated by our own employees or a third party. Globally there is a continued growing risk from cyber attacks, in terms of their sophistication and potential impact.
Examples of mitigating actions
  • Dedicated Information Security function including monitoring of activities, staff education and protection solutions.
  • IT infrastructure arrangements
  • IT change management controls
  • Customer password and memorable word security
  • Segregation of duties
  • External penetration testing and security reviews

Counterpart failure

Risk The risk that customers assets are lost as a result of the failure of a counterparty holding those assets.
Examples of mitigating actions
  • Diversification of banking counterparties
  • Due diligence and regular reviews of counterparties

Regulatory risk

Breach of regulatory requirements

Risk The Share Centre is a regulated entity. There is the risk that the Group fails to comply with current (and new) FCA rules e.g. treatment of customers and the handling of customer assets or standards expected e.g. Conduct Risk. This could lead to regulatory sanction, legal action or substantial fines.
Examples of mitigating actions
  • Well-staffed and knowledgeable Compliance and Technical Teams
  • Staff training
  • Reconciliation processes
  • Compliance reporting
  • Compliance Monitoring Programme
  • Engagement with experts and trade bodies

Regulatory capital

Risk The risk that the regulated capital required by the FCA to be held by the Group and its regulated entities is insufficient.
Examples of mitigating actions
  • Regulatory capital significantly in excess of requirements
  • Monthly monitoring of financial performance
  • ICAAP and stress testing overseen by Audit and Risk Committee

Financial crime

Risk The risk that The Share Centre is used to facilitate money laundering, fraud or corruption.
Examples of mitigating actions
  • Staff training at induction and annually
  • Non-complex products and mainly UK customers
  • Financial Crime Team
  • Ongoing monitoring and verification of customers

Operational failure risk

IT hardware and software failure

Risk The operations of the Group are highly dependent upon IT. There is the risk that the Group cannot operate for a period due to a failure in its core systems or interfaces, which could impact the Group’s financial performance and regulatory requirements.
Examples of mitigating actions
  • Back-up processes
  • Disaster Recovery capability and testing
  • In-house development resource enables issues to be immediately addressed
  • IT Governance including change control processes
  • Incident management to reduce volume of future failures
  • Alternate external interfaces avoid single points of failure

Reconciliation failure

Risk The risk of loss of CASS arising from a failure to complete in a timely and/or accurate manner the necessary reconciliations. Also the risk of fines for inadequate systems and controls
Examples of mitigating actions
  • Induction and ongoing training and development
  • Management oversight and review
  • Monitoring through CASS Governance and Management Information
  • Compliance Monitoring Programme

Key person dependency

Risk The risk that the Group has excess corporate knowledge vested in a small number of key individuals. The loss of that knowledge may impact our ability to serve our customers effectively.
Examples of mitigating actions
  • Cross-training and rotation
  • Documentation of processes
  • Skills matrices
  • Succession planning

Process or control failures

Risk The risk that a control fails or human error, that results in financial loss or regulatory harm.
Examples of mitigating actions
  • Documentation of processes
  • Defined ownership of processes across the Group
  • Review and sign-off procedures
  • Induction and ongoing training and development
  • Management information on errors

Process or control failures

Risk The risk of a material misstatement or omission within the Group’s financial or regulatory reporting. In preparing the financial statements in accordance with International Financial Reporting Standards, the Directors are required to make accounting judgements such as the valuation of unlisted investments and the capitalisation of intangible assets. These assumptions could be significant to the financial statements. Together with the risk of management override, there is a risk that the estimate or assumption used could be inaccurate or that the assumptions used subsequently turn out to be incorrect.
Examples of mitigating actions
  • Audit and Risk Committee review of compliance with accounting standards and annual audit
  • Corporate Investment Committee review of corporate investments
  • Monthly management information including financial reporting reviewed by the Executive and Board

Business model failure risk

Competition, investor appetite and sustainability of business model

Risk In what is a competitive market, the risk that customers are lost to existing (or new) competitors. This may require the Business to invest or spend more, which could impact the Group’s financial performance. Most revenues are driven by personal investors, with the risk that the Group’s financial performance is impacted by investor confidence in the stock market or economic sentiment.
Examples of mitigating actions
  • Regular reviews of competitive activity
  • Diverse and loyal customer base
  • Business model with recurring revenues
  • High quality customer service as evidenced by awards won
  • Competitive pricing
  • Strong balance sheet with cash resources
  • Positive shareholder relationship

Failure to execute group strategy

Risk The risk that poor management or investment decisions could result in distraction or financial loss.
Examples of mitigating actions
  • Well defined business strategy communicated to all staff
  • Staff survey
  • Board discussion, with expertise and guidance of Non-Executive Directors
  • Use of third party advisors
 

Cultural failure

Risk A failure of the culture of the Group, particularly with regard to the way it treats its customers and employees, could lead to a loss of customers and/ or regulatory censure.
Examples of mitigating actions
  • Being on a single site helps ensures that the culture is embedded and consistent
  • Well-articulated strategy and core values
  • Learning and development programme
 

Loss of third party or relationships

Risk The risk of financial loss or reputational harm of losing a major relationship.
Examples of mitigating actions
  • Contractual arrangements
  • Dedicated Partnership Team focussed on relationship management
  • Ongoing review of product and service improvements
  • Increased diversification of relationships