DNA’s risk management process and risks and business uncertainties
Risk management process
The Board of Directors decides on the objectives and principles of risk management and confirms the company’s risk management policy. The Board monitors the implementation of risk management. The Board of Directors has established an Audit Committee. Its risk management duties are defined in the Audit Committee Charter, which is confirmed by the Board of Directors.
The CEO is responsible for the practical organisation of risk management and maintenance of the risk management policy.
The risk management process provides reports on risks and risk management methods to the DNA Executive Team, Audit Committee and Board of Directors. Operational plans for the management of significant risks are drafted based on risk management reports, and the Executive Team and Audit Committee monitor the implementation of these plans. At DNA, risk management consists of identification and assessment of risks, development of risk management strategies, planning and implementation of risk management methods, monitoring of risk management results as well as continuous improvement of risk management competence.
The annual risk management plan is aligned with the annual plan of DNA’s strategy process. The ambition is to update DNA’s risk map annually and to draft 1 or 2 reports on the key risks and uncertainties and their management for DNA’s Executive Team, Audit Committee and Board of Directors.
DNA’s Executive Team selects the key risks and assigns persons to be responsible for them. These persons document appropriate risk management methods and development measures for their responsibility area and submit them to the CEO for approval. The responsibility for a risk is assigned to a person who, based on their role in the company, is best qualified to understand the risk and determine how its management should be developed. Several persons can share a responsibility for a risk. Risk management processes are aligned with internal control methods.
Risks and business uncertainties according to Interim Report Q3 2017
Strategic and operative risks
The Finnish telecommunications market is characterised by tough competition between established operators, and a high degree of penetration of telecommunications solutions. DNA mainly operates in Finland, a market where the number of mobile phones per capita is among the highest in the world, which limits the prospects of future growth in the number of subscriptions.
DNA closely monitors changes in the operating environment and the resulting possible new business opportunities, which always involve higher risks than conventional and established business operations.
New communication methods and continuous technological development
The rapid phase of technological development affects the entire telecommunication industry and DNA’s business. Alongside traditional communications methods, technological development and new types of services and devices can create new revenue models. Customer behaviour can change rapidly if new services are reliable and easy to use.
As new communications methods gain widespread popularity, they have an impact on the traditional business of operators.
Intense competition in entertainment business
International players have a strong presence in the competitive environment of TV and entertainment services. DNA’s competitors include traditional operators, but increasingly also OTT (over-the-top) service providers that deliver content over the Internet to mobile devices. The role of media companies’ own distribution channels and services is also becoming more important.
The ongoing shift in media use will provide both new risks and opportunities while content rights are being negotiated. DNA monitors the TV and entertainment service market intensively and continuously enhances its service offering to anticipate changes in the market.
System and network risks
The nature of DNA’s operations and customer requirements place high demands on DNA’s information systems and network infrastructure. DNA’s business is capital-intensive, and the Group’s success depends on its ability continuously to maintain and improve its network infrastructure.
DNA makes significant investments in high-quality data systems and data analytics tools, for instance to deepen customer understanding and to create a good omnichannel customer experience. DNA’s business operations are dependent on information systems, which involve several interconnected risks but also provide business-critical opportunities for utilising data.
Use of mobile devices that have a constant network connection is increasing strongly among both business and private users. M2M subscriptions and the Internet of Things (IoT) will further expand the volume of data traffic. As the IoT becomes more common, for example through the introduction of new kinds of smart devices, the role of good information security, data security and high operational network reliability gain in importance.
Both national and EU regulation have significant impact on the operation of the telecommunications market in Finland. The authorities’ ability to influence the price level of DNA’s products and services as well as the wholesale products that DNA procures from other operators and the criteria used in distributing frequencies, may have a significant impact on DNA’s business.
Regulatory initiatives indicating significant risks to DNA include the new European Electronic Communications Code, EU Data Protection Regulation and authority decisions on significant market power (SMP).
In order to manage the interest rate risk, the Group’s borrowings have been spread between fixed- and variable-rate instruments. In order to manage liquidity risk, in addition to liquid assets the Group uses credit limits. To manage customer credit risk, the credit history of new customers is checked as part of the ordering process. The Group’s foreign interest risk is insignificant, since the majority of its cash flow is euro denominated.
In anticipation of possible unforeseen damage risks, DNA has continuous insurance policies covering aspects of its operations including personnel, property, business interruption, third-party liability and criminal action. There is a specific insurance in place for cyber damage risks. Damage risks are prevented and minimised by means such as security guidelines and personnel training.