Principal risks and uncertainties of the Group

The Board has overall responsibility for managing risk. Risks are formally identified and recorded in a risk register, which is reviewed by the Board at each full board meeting. Risks are evaluated based on likelihood and potential impact, including any change from the prior year, and the register records current mitigating controls to reduce risk, together with any required actions to further reduce risk to appropriate levels. The Board do not consider there to have been any significant changes in the severity of the risks during the year.


Risk Area Potential Impact Change in the year Mitigation of Risks


The Group may fail to successfully execute its acquisition strategy or retain key personnel or encounter unforeseen difficulties in integrating acquired businesses. The Group may also fail to fully understand the risks or market challenges faced by the acquired businesses.

Before completion of acquisitions, extensive due diligence is performed in order to fully understand the operations and risks of the acquired business. An integration plan is put together and closely monitored and appropriate incentives are put in place to ensure the retention of key personnel.

Exchange rate fluctuations

A significant proportion of the Group’srevenue is generated overseas and is denominated in Indian Rupees, US Dollars, South African Rand and Nigerian Naira and cash deposits are held in multiple foreign currencies, most significantly the Nigerian Naira and US Dollar. Therefore the Group is exposed to foreign currency risk due to fluctuations in exchange rates. This may result in gains or losses with respect to movements in exchange rates which may be material and may also cause fluctuations in reported financial information that are not necessarily related to the Group’s operating results.

The Group naturally mitigates this
risk by offsetting its cost base in the same currencies where possible and by closely monitoring exchange rate fluctuations. The Group repatriates cash into UK Pounds Sterling whenever possible and makes use of forward exchange contracts where considered commercially appropriate.

Dependence on key personnel

The Group’s future success is substantially dependent on the continued services and performance of its senior management including the Group’s Directors, each of whom has significant relevant experience.

The Group provides meaningful long-term incentives to the executive team and key employees as well as offering competitive remuneration packages.

Customer relationships

A proportion of the Group’s business is derived from supplying ongoing services to customers based on formal contracts. Despite historically low levels of customer attrition and the longevity of many of the Group’s relationships with its core customers, it is possible that customer attrition rates may increase in the future due to increased competition, the takeover or merger of major customers or changes in market demand.

The Group seeks to minimise the risk of events of this nature occurring by diversifying its customer base, and maintaining strong relationships with its customers, as well as signing long-term contracts with customers.

Technological change

The Group operates in markets that are subject to constant technological development, evolving industry standards and changes in customer needs. Therefore the Group is subject to the effects of actions by competitors in these markets and relies on its ability to anticipate and adapt to constant technological changes taking place in the industry, for example, the growing number of communication channels used by consumers. To maintain its strong position in the market, the Group needs to successfully market its products and services and respond to both commercial actions by competitors and other competitive factors affecting these markets, anticipating and adapting promptly to technological changes, changes in consumer preferences and general economic, political and social conditions.

The Group spends approximately 5% of revenues on research and development as well as employing product and solution specialists who monitor market developments and keep the product offering relevant for the markets in which the Group operates.

Data privacy and regulatory compliance

Certain activities of the Group and its customers may require the implementation of appropriate privacy and security policies or explicit end user opt-in and compliance with the new general data protection regulations (GDPR) which affect how personal data is processed and stored. They may also affect the types of communication which are allowed based on permissions given by end users. Failure to comply with the laws governing the management of end-user and customer data could result in fines, damage to reputation or the loss of customers.

Certain activities of the Group are regulated by Phonepaid Services Authority (“PSA”) an agency of OFCOM which has responsibility for the regulation of mobile payments in the UK. The PSA has the ability to impose fines, suspend services or enforce certain other sanctions where its code of practice is breached. Such fines, suspensions or other sanctions can be imposed when the Group has failed to adequately deal with due diligence and/or risk management of the customer which has breached the code of practice.

The Group has invested heavily in its products, platforms and processes in order to ensure market-leading technology and practice are built-in to the solutions provided to its customers, most recently in relation to GDPR.

In relation to the UK payments business the Group follows detailed procedures for the sign up of new services as well as regular monitoring and risk assessment of ongoing services. In addition, key personnel from the Group meet regularly with the regulator in order to review market trends and collaborate on certain matters.

Significant failure of, or interruption to network or IT systems

The Group’s business depends on providing customers with highly reliable platforms and services. Unanticipated network, or other, interruptions (whether accidental or otherwise) may occur as a result of system failures, including hardware or software failures, which affect the quality or cause an interruption in the Group’s supply of services. Such failures can result from a variety of factors within the Group’s control, including human error, equipment failure, power loss, failure of services related to the internet and telecommunication networks, physical or electronic security breaches, as well as factors outside of the Group’s control, such as sabotage, vandalism, system failures of network service providers, fire, earthquake, adverse weather and other natural disasters,water damage, fibre optic cable cuts,power loss not caused by the Group and terrorism.

The Group’s infrastructure is hosted mainly using third-party data centres, with major platforms and systems also benefiting from geographical redundancy. Third-party hardware and software support contracts are in place. Connectivity to multiple networks also provides mitigation against elements of this risk.