Risk & uncertainties

The principal risks and uncertainties facing the Group may change over time as new risks emerge and others cease to be of concern.  The ongoing identification, understanding and mitigation of risks forms part of the ICAAP and is core to the decision making processes within the Group. The Group’s operational risk monitoring system consists of a combination of the ‘bottom up’ monitoring work, evaluation of departmental controls and review by the Compliance team, combined with the ‘top down’ approach of the Executive Governance & Risk Committee (which uses the Risk Register as a template for regularly examining and measuring each identified element of risk). The Executive Governance & Risk Committee reports to the Audit and Risk Committee and ultimately the Board, ensuring that the Board regularly reviews and challenges the Group’s risk profile.

The principal risks to the Group are detailed below. The Directors believe that the identified risks have been addressed and where possible, and within the Group’s control, mitigating actions have been taken to ensure processes and procedures are in place and followed to limit any impact which could arise.

Loss of customer assets or data risk

Fraud, cyber and physical security

The risk that customer assets or data are misappropriated as a consequence of a fraud perpetrated by our own employees or a third party. Globally there is a continued growing risk from cyber attacks, in terms of their sophistication and potential impact.

Examples of mitigating actions

  • Dedicated Information Security function including monitoring of activities, staff education and protection solutions.
  • IT infrastructure arrangements
  • IT change management controls
  • Customer password and memorable word security
  • Segregation of duties
  • External penetration testing and security reviews

Counterparty failure

The risk that customers assets are lost as a result of the failure of a counterparty holding those assets.

Examples of mitigating actions

  • Diversification of banking counterparties
  • Due diligence and regular reviews of counterparties

Regulatory risk

Breach of regulatory requirements

The Share Centre is a regulated entity. There is the risk that the Group fails to comply with current (and new) FCA rules e.g. treatment of customers and the handling of customer assets or standards expected e.g. Conduct Risk. This could lead to regulatory sanction, legal action or substantial fines.

Examples of mitigating actions

  • Well-staffed and knowledgeable Compliance and Technical Teams
  • Staff training
  • Reconciliation processes
  • Compliance reporting
  • Compliance Monitoring Programme
  • Engagement with experts and trade bodies

Regulatory capital

The risk that the regulated capital required by the FCA to be held by the Group and its regulated entities is insufficient.

Examples of mitigating actions

  • Regulatory capital significantly in excess of requirements
  • Monthly monitoring of financial performance
  • ICAAP and stress testing overseen by Audit and Risk Committee

Operational failure risk

IT hardware and software failure

The operations of the Group are highly dependent upon IT. There is the risk that the Group cannot operate for a period due to a failure in its core systems or interfaces, which could impact the Group’s financial performance and regulatory requirements.

Examples of mitigating actions

  • Back-up processes
  • Disaster Recovery capability and testing
  • In-house development resource enables issues to be immediately addressed
  • IT Governance including change control processes
  • Incident management to reduce volume of future failures
  • Alternate external interfaces avoid single points of failure

Reconciliation Failure


  • The risk of loss of CASS arising from a failure to complete in a timely and/or accurate manner the necessary reconciliations. Also the risk of fines for inadequate systems and controls

Examples of mitigating actions

  • Induction and ongoing training and development
  • Management oversight and review
  • Monitoring through CASS Governance and Management Information
  • Compliance Monitoring Programme

Key person dependency

The risk that the Group has excess corporate knowledge vested in a small number of key individuals. The loss of that knowledge may impact our ability to serve our customers effectively.

Examples of mitigating actions

  • Cross-training and rotation
  • Documentation of processes
  • Skills matrices
  • Succession planning

Process or control failures

The risk that a control fails or human error, that results in financial loss or regulatory harm.

Examples of mitigating actions

  • Documentation of processes
  • Defined ownership of processes across the Group
  • Review and sign-off procedures
  • Induction and ongoing training and development
  • Management information on errors

Business model failure risk

Competition, investor appetite and sustainability of business model

In what is a competitive market, the risk that customers are lost to existing (or new) competitors. This may require the Business to invest or spend more, which could impact the Group’s financial performance. Most revenues are driven by personal investors, with the risk that the Group’s financial performance is impacted by investor confidence in the stock market or economic sentiment.

Examples of mitigating actions

  • Regular reviews of competitive activity
  • Diverse and loyal customer base
  • Business model with recurring revenues
  • High quality customer service as evidenced by awards won
  • Competitive pricing
  • Strong balance sheet with cash resources
  • Positive shareholder relationship

Failure to execute group strategy

The risk that poor management or investment decisions could result in distraction or financial loss.

Examples of mitigating actions

  • Well defined business strategy communicated to all staff
  • Staff survey
  • Board discussion, with expertise and guidance of Non-Executive Directors
  • Use of third party advisors

Cultural Failure


  • A failure of the culture of the Group, particularly with regard to the way it treats its customers and employees, could lead to a loss of customers and/ or regulatory censure.

Examples of mitigating actions

  • Being on a single site helps ensures that the culture is embedded and consistent
  • • Well-articulated strategy and core values
  • • Learning and development programme

Source: Annual Report 2017

SHare price (p)

LON:SHRE = 19 Jun

34.00 0.00 (2.16%)

15 minutes delayed price

SHare price (p)

Annual Report

Annual Report

Download the latest Annual Report 2018