DNA’s risk management process and risks and business uncertainties
Risk management process
The Board of Directors decides on the objectives and principles of risk management and confirms the company’s risk management policy. The Board monitors the implementation of risk management. The Board of Directors has established an Audit Committee. Its risk management duties are defined in the Audit Committee Charter, which is confirmed by the Board of Directors.
The CEO is responsible for the practical organisation of risk management and maintenance of the risk management policy.
The risk management process provides reports on risks and risk management methods to the DNA Executive Team, Audit Committee and Board of Directors. Operational plans for the management of significant risks are drafted based on risk management reports, and the Executive Team and Audit Committee monitor the implementation of these plans. At DNA, risk management consists of identification and assessment of risks, development of risk management strategies, planning and implementation of risk management methods, monitoring of risk management results as well as continuous improvement of risk management competence.
The annual risk management plan is aligned with the annual plan of DNA’s strategy process. The ambition is to update DNA’s risk map annually and to draft 1 or 2 reports on the key risks and uncertainties and their management for DNA’s Executive Team, Audit Committee and Board of Directors.
DNA’s Executive Team selects the key risks and assigns persons to be responsible for them. These persons document appropriate risk management methods and development measures for their responsibility area and submit them to the CEO for approval. The responsibility for a risk is assigned to a person who, based on their role in the company, is best qualified to understand the risk and determine how its management should be developed. Several persons can share a responsibility for a risk. Risk management processes are aligned with internal control methods.
Risks and business uncertainties
Strategic and operative risks
The Finnish telecommunications market is characterised by tough competition between established operators, and a high degree of penetration of telecommunications solutions. DNA operates in Finland, a market where the number of mobile phones per capita is among the highest in the world, which limits the prospects of future growth in the number of subscriptions. DNA closely monitors changes in the operating environment and the resulting possible new business opportunities, which always involve higher risks than conventional and established business operations.
New communication methods and continuous technological development
The rapid phase of technological development affects the entire telecommunication industry and DNA’s business. Alongside traditional communications methods, technological development and new types of services and devices can create new revenue models. Customer behaviour can change rapidly if new services are reliable and easy to use.
As new communications methods gain widespread popularity, they have an impact on the traditional business of operators.
Intense competition in entertainment business
International players have a strong presence in the competitive environment of TV and entertainment services. DNA faces competition from traditional operators, but also increasingly from OTT (over-the-top content) service providers that deliver content over the Internet to mobile devices. The role of media companies’ own distribution channels and services is also becoming more important.
The ongoing shift in media use will provide both new risks and opportunities while content rights are being negotiated. DNA monitors the TV and entertainment service market intensively and continuously enhances its service offering to anticipate changes in the market.
System and network risks
The nature of DNA’s operations and customer requirements place high demands on DNA’s information systems and network infrastructure. DNA’s business is capital-intensive, and the group's success depends on its ability to continuously maintain and improve its network infrastructure. Use of mobile devices that have a constant network connection is increasing strongly among both business and private users. M2M subscriptions and the Industrial Internet will further expand the volume of data traffic. The role of good information security and data security gain in importance as the use of smart devices and Industrial Internet gain ground.
DNA has invested into high-quality data systems and data analytics tools to deepen customer understanding and create an omnichannel customer experience. DNA’s business operations depend on IT systems, which involve several interconnected risks but also provide business-critical opportunities for utilising data.
The EU institutions are still processing the proposal for the new European Electronic Communications Code made by the European Commission in the autumn of 2016. The new regulation may have significant impacts on DNA’s business.
In early 2017, the European Commission complemented its General Data Protection Regulation with a proposal for a Regulation on Privacy and Electronic Communications, which increases the protection of people’s privacy and personal data. Changes in the EU General Data Protection Regulation and Regulation on Privacy and Electronic Communications may have significant impacts on DNA’s business.
In December 2016, the European Commission approved the implementation act on the roaming Fair Use Policy. Final decision on the wholesale roaming caps was made in April 2017. The new roaming regulation may have significant impacts on DNA’s business.
In order to manage the interest rate risk, the Group’s borrowings have been spread between fixed- and variable-rate instruments. In order to manage liquidity risk, in addition to liquid assets the Group uses credit limits. To manage customer credit risk, the credit history of new customers is checked as part of the ordering process. The Group’s foreign interest risk is insignificant, since the majority of its cash flow is euro denominated.
A more detailed description of the management of financing risks can be found in Note 3 to the consolidated financial statements in DNA’s Annual Report: http://annualreport.dna.fi/en.
In anticipation of possible unforeseen damage risks, DNA has continuous insurance policies covering aspects of its operations including personnel, property, business interruption, third-party liability and criminal action. Damage risks are prevented and minimised by means such as security guidelines and personnel training.