Risk management

Effective risk management is crucial for VodafoneZiggo, helping us identify and mitigate potential threats that could adversely impact our people, operations, finances and reputation. By proactively addressing risks, we aim to enhance our decision-making, safeguard our assets and maintain resilience in the face of uncertainties. Ultimately, our robust risk management strategy contributes to our sustainable growth, our stakeholders’ trust and the overall success of our organisation.

Risk culture

We face various risks and uncertainties that could impact our strategic initiatives. As a result, our approach to risk, in both our organisational culture and our daily management, is an essential component of our strategy. VodafoneZiggo’s attention for creating a risk culture is the glue that binds all elements of our risk management together. It reflects our strategy, values, objectives, processes and practices that embed risk into our decision-making processes. We continuously work on improving our risk culture to ensure that everyone understands the organisation’s approach to risk and their personal responsibility to manage risk in everything that we do.

To ensure we promote the right risk culture across the company, VodafoneZiggo has identified key topics, listed in our Code of Conduct.

  • Behaviour: We work according to our core values (Open Up, Team Up, Step Up) and with respect and equal opportunities for everyone.

  • Health, safety and well-being: We work in a safe and responsible manner. Everybody knows and respects the rules and regulations.

  • Communication: We do not share sensitive and confidential information with external parties, not even informally.

  • Company assets and information: We handle company assets, intellectual property and data with due care.

  • Compliance with the law: We have zero tolerance for fraud, bribery, conflicts of interest and insider trading.

  • Social commitment and the environment: We use our technology in an ethical and responsible way.

  • Speak Out!: We pay attention and speak out when we see something that does not seem right, even when we are not sure.

Our Risk Management Framework

Risk management within VodafoneZiggo has an organisation-wide scope, considering end-to-end processes and systems and encompassing strategic, operational, financial and compliance risk categories. We ensure these different categories are addressed through our comprehensive Risk Management Framework. The Framework helps us achieve our goals, maintain confidence in our brands and protect our stakeholders, including customers, employees and shareholders. It incorporates five pillars, developed in line with industry practices for managing risk:

  • Risk governance and culture.

  • Strategy and objective-setting.

  • Risk management process.

  • Information, communication and reporting on risk.

  • Review and revision of the risk framework over time.

Our Framework serves as the foundation for effective risk management across the organisation. It establishes a transparent and uniform process to ensure our adherence to legal and regulatory requirements. This method involves the identification, assessment, management, and mitigation of potential risks to our business. Within this process, we identify significant or emerging risks, both internal and external.

Our approach to risk, both in our organisational culture and daily management is an essential part of our strategy.

Our governance and risk identification

VodafoneZiggo undertakes risk identification activities to establish an overview of all relevant risks. We aim to identify what uncertainties can negatively affect our objectives and which risks we should take in order to achieve our objectives.

A consolidated list of risks, along with proposed risk tolerances, is then presented to both management and the governing committees. The Supervisory Board has delegated the task of overseeing the quality and integrity of the company’s Risk Management Framework to its Audit, Risk & Compliance Committee. Members of this Committee oversee the implementation of control measures, as well as the company’s exposure to significant and emerging risks. Through in-depth risk assessments, the Committee monitors the actions taken to manage and mitigate significant risks. Each significant risk is assigned to a risk owner who is responsible for its management and the implementation of mitigation measures, and every business unit has a designated risk champion who is tasked with overseeing the management of existing risks and identifying and reporting new risks.

How we manage risk

VodafoneZiggo assesses risk on a consistent basis, allowing management to focus on the most important risks to VodafoneZiggo’s strategic objectives and identify opportunities for future growth. To establish the context and gain a comprehensive understanding of our operating environment, we classify our main risks under the four categories of our Risk Universe: strategic, operational, financial and compliance risk. Additionally, since environmental, social and governance (ESG) performance is an important part of our strategy, ESG is considered as an overarching risk theme. This approach enhances our comprehension of how to address the risk most efficiently and ensures the appropriate level of oversight and assurance.

Responsibility for confirming the presence of adequate controls and implementing necessary treatment plans to bring the risk within an acceptable tolerance level lies with the assigned risk owner. Throughout the year, we monitor the status of our risk treatment plans and conduct thorough reviews of our risks, with the results presented to the relevant oversight committees.

To facilitate management of risks and to establish the right oversight of responsibilities, VodafoneZiggo operates according to the ‘Three Lines Model’.

The Three Lines Model provides VodafoneZiggo with a simple and effective structure and way of working to enhance communication on risk management by clarifying essential roles and responsibilities. Following this model, the first, second and third lines can work together, ensuring VodafoneZiggo achieves its objectives and manages risk in a responsible manner that adds value to the organisation.

Prioritisation of risks

To prioritise risks, we use common assessment criteria with defined impact and likelihood scales. We also assess risk tolerance, establishing the amount of risk that VodafoneZiggo is willing to accept to achieve an objective and/or the target level of control to prevent a risk from materialising. Risk tolerance provides clarity over the current and desired levels of risk exposure and helps identify gaps between the two.

The output of these activities is the list of VodafoneZiggo’s significant and watchlist risks, updated and presented to our governing committees on a bi-annual basis.

To prioritise risks, we use common assessment criteria with defined impact and likelihood scales.

Significant risks

Significant risks, made up of sub-risks, are the themes identified as the biggest potential threats to VodafoneZiggo. This heatmap depicts the ten identified significant risks for 2023 on the likelihood and impact scale. Here we provide detailed information for each risk, outlining the corresponding mitigating measures implemented to effectively manage these risks.

Risk

Category and trend

Description

Mitigating measures

Strategic objective

1

Cyber threats

Operational

No change in year-on-year risk ranking movement

The risk of a cyberattack, whether arising from within the company or externally, carries significant potential consequences such as data loss or network failures. These outcomes, in turn, can adversely impact our customers, financial standing or reputation. 

To address this risk, robust control measures are implemented across all business units. We actively identify potential cyber threats and conduct simulations to ensure our capability to respond effectively to attacks. Our objectives encompass preventing cyberattacks whenever possible, ensuring immediate reporting of all incidents, and responding promptly to minimise damage.

Secure & Seamless Connectivity

2

Technology failure

Operational

No change in year-on-year risk ranking movement

The potential risk of technical malfunctions in crucial components of our networks, systems, or platforms poses a threat to the smooth operation of fixed-line or mobile services. Such disruptions could result in diminished customer satisfaction, harm to our reputation, or even regulatory fines.

We maintain an extremely low tolerance for any faults in our networks, systems or platforms that could negatively impact our customers. To minimise the consequences of service interruptions, we have established clear recovery objectives and implemented measures for critical components. Vigilant monitoring of our networks, systems and platforms enables us to promptly identify and address technical faults as they occur. In the event of incidents, we conduct thorough investigations to determine the causes and take appropriate actions to rectify the faults.

Secure & Seamless Connectivity
Best Business Solutions

3

Market disruption

Strategic

No change in year-on-year risk ranking movement

The potential risk of disruptive competition involves competitors, including other telecom operators, expanding their networks, enhancing their services or introducing new customer offerings that could render VodafoneZiggo less competitive in its designated markets.

We closely monitor market developments, foster innovation and consistently provide customers with products, services and content that set us apart from the competition. This includes offerings such as sports, films and TV series.

Endless Entertainment
Best Business Solutions
Smart Digital Experience
Progress for Everyone
Secure & Seamless Connectivity

4

Changes in regulatory environment

Compliance

Increase in year-on-year risk ranking movement

The risk of substantial regulatory changes stemming from case law or newly enacted legislation is a concern. In our industry, the landscape of national and international regulations is growing more intricate. Emerging regulations have the potential to elevate the 'regulatory pressure' within our organisation or negatively impact our competitive standing.

Our Regulatory Affairs department diligently tracks legal and regulatory advancements, engaging in regular consultations with governments and other stakeholders. This proactive approach ensures that policymakers leverage our industry knowledge and experience before formulating new laws or regulations.

Best Business Solutions

5

Failure to comply with laws and regulations

Compliance

Increase in year-on-year risk ranking movement

The risk of non-compliance with laws and regulations in the markets we operate in, including the EU's General Data Protection Regulation (GDPR), anti-bribery laws, competition law, consumer law and consumer credit regulations, as well as internal standards, policies and guidelines, is significant. Failing to adhere to these regulations may result in financial penalties and damage to our reputation.

To ensure compliance with relevant laws and regulations, we have implemented a comprehensive framework of policies, controls and risk management measures. Additionally, we have established a Code of Conduct outlining ethical standards and principles that apply to all employees. Extensive training is provided to keep employees informed about new laws or regulations and to help them understand both their personal and the company's obligations. Regular reviews and audits of our business activities are conducted to maintain ongoing compliance with laws and regulations.

Best Business Solutions

6

Data integrity, quality and management

Operational

Decrease in year-on-year risk ranking movement

The risk of our data quality and data management poses potential consequences, including hindering decision-making, negatively impacting customers, potentially obstructing the company's digital transformation and impeding the realisation of our commercial and strategic objectives.

To address this risk, we have designated a dedicated Data Officer responsible for overseeing our data quality and data management. Initiatives are in place to enhance the quality of both financial and non-financial data, supported by policies to ensure the maintenance of specified quality levels.

Best Business Solutions
Smart Digital Experience 
Progress for Everyone

7

Failure to deliver on customer expectations

Strategic

Decrease in year-on-year risk ranking movement

The risk of falling short of customer expectations concerning our products, services and overall customer experience. This could arise from system or product faults or insufficient customer service, potentially resulting in decreased customer satisfaction or heightened customer churn.

We closely track customer feedback and market developments, implementing measures to rectify any shortcomings. To meet and exceed customer expectations, we regularly introduce initiatives aimed at enhancing both the customer experience and the quality of our products and services.

Endless Entertainment
Best Business Solutions
Smart Digital Experience
Progress for Everyone
Secure & Seamless Connectivity

8

Business & IT transformation

Operational

Increase in year-on-year risk ranking movement

The risk of IT system failures, arising from the extensive scale and complexity of our IT infrastructure. Such failures can have considerable adverse impacts on our customers, financial performance and reputation.

To tackle this risk, we maintain close monitoring of our IT systems to promptly identify errors or malfunctions. Management and designated risk owners engage in regular discussions regarding risks associated with ongoing IT programmes. Adjustments are made as needed to mitigate risk levels. As a standard practice, we prioritise risk management in our decision-making processes.

Best Business Solutions
Secure & Seamless Connectivity
Smart Digital Experience

9

Third-party risk management

Operational

Increase in year-on-year risk ranking movement

Third-party risk management involves the identification, assessment, monitoring and mitigation of potential risks associated with external entities that a business interacts with, such as vendors, suppliers or service providers. 

Mitigating activities for third-party risk management involve due diligence during vendor selection, including assessing their security practices and compliance. Once engaged, continuous monitoring of third-party activities is essential to promptly identify and address any emerging risks.

Endless Entertainment
Best Business Solutions
Smart Digital Experience
Progress for Everyone
Secure & Seamless Connectivity

10

Macro-economic conditions

Financial

Increase in year-on-year risk ranking movement

Macro-economic risks refer to threats and uncertainties that impact the overall economy on a large scale. These risks include factors such as inflation, economic recessions and fluctuations in interest rates or exchange rates. Their influence extends across various industries, affecting businesses, employment levels and consumer spending, making them critical considerations for economic stability and financial planning.

Mitigating financial macro-economic risks involves reducing vulnerability to market fluctuations by using financial tools to offset potential losses from changes in interest rates, exchange rates or commodity prices.

Progress for Everyone

Watchlist risks

Watchlist risks are those assessed for possible considerable impact. They are consistently evaluated and monitored to ensure that we are prepared. Although watchlist risks are not considered immediate threats, they necessitate preparation and readiness for the future. The watchlist risks includes but is not limited to, attracting and retaining skilful employees, energy and climate risks, business continuity and black swans, the geopolitical landscape, as well as various reporting directives, specifically the upcoming EU Corporate Sustainability Reporting Directive (CSRD).

Our response to fraud risks

We closely monitor fraud risks at operational and financial reporting levels. We conduct annual fraud risk assessments, host workshops and review and assess fraud risks based on risk heatmapping. We have implemented mitigating activities to reduce fraud risks and continuously assess the appropriateness of our response to those risks. In order to foster a culture of fraud awareness throughout our organisation, we have a company-wide Code of Conduct and mandatory e-learnings for new employees. We have whistleblowing procedures in place to encourage employees to report fraud, corruption and inappropriate behaviour, as outlined in our Code of Conduct.

Continuous strengthening of our Risk Management Framework

The Management Board is committed to thorough examination and scrutiny of the strategy and assumptions by continuously evaluating both the internal and external environment, along with significant threats and opportunities that impact the sustainable creation of long-term shareholder value. We continuously refine and integrate our Risk Management Framework into our daily processes with the aim of advancing our risk management approach and ensuring consistency throughout the organisation.

In 2023, we:

  • Advanced the maturity of a risk knowledge and skills matrix for our risk management community.

  • Improved reporting to our governance committees, facilitating more informed decision-making.

  • Conducted a comprehensive management-wide risk awareness workshop to strengthen our risk culture.

  • Completed a cross-functional analysis of our operational resilience capabilities, identifying gaps and areas for improvement, resulting in improved oversight of our significant and watchlist risks.

Climate-related risks and opportunities

In 2023, VodafoneZiggo undertook a comprehensive qualitative evaluation of climate-related risks and opportunities, separating the overarching theme of ‘climate change’ identified through our double materiality assessment (see Stakeholder interaction and materiality) into distinct focus areas. We believe this is important not only for enhancing the maturity of our risk analysis programme and thereby ensuring we can respond effectively to the changing environment around us, but also for fulfilling our duty as a responsible company aiming to minimise our negative impact on society and the planet.

Our approach to risk identification followed the guidelines of the Task Force on Climate-Related Financial Disclosures (TCFD), which, in turn, align with the requirements of the CSRD. To carry out the assessment, representatives from VodafoneZiggo’s Risk Management, Corporate Social Responsibility and ESG Reporting teams collaborated with external experts.

Process

Two types of climate-related risks as well as climate-related opportunities were considered in the scope of the assessment:

  • Transition risks related to the evolution towards a low-carbon economy and to the financial impact thereof on our organisation.

  • Physical risks resulting from climate change, driven either by specific weather events or by longer-term shifts in climate patterns.

  • Opportunities that could result from efforts to combat climate change and/or from the transition to a low-carbon economy.

The process began with the identification of relevant risks and opportunities through desk research and peer comparisons. We drew up a longlist based on sources including sector information, academic literature, internal risk documentation and peer reports on climate-risk assessments. This was converted into a shortlist of risks and opportunities more specifically relevant to VodafoneZiggo.

In consultation with key internal topic owners, we assessed the shortlisted risks and opportunities based on their (financial) impact on the organisation and their likelihood to occur. We concluded the process by plotting our climate-related risks and opportunities onto an impact/likelihood matrix to establish their relative significance.

Outcomes

Our analysis highlights rising energy prices as one of the most significant transition risks for VodafoneZiggo, particularly affecting our energy-intensive infrastructure. Another is the switch to renewable energy sources, which could potentially result in increased costs for the near future. Rising interest and demand among investors in relation to companies’ ESG performance (including our own) could also pose a risk.

Furthermore, our most significant acute physical risks include potential supply chain disruptions and power shortages, both of which could be caused by extreme weather events. Supply chain disruption might cause resource or product shortages in our supply chain, limiting VodafoneZiggo’s ability to deliver products and services. Power shortages could pose a particular threat to our network infrastructure, negatively impacting the quality of our service. Another key physical risk is potential damage to our infrastructure resulting from chronic changes in climate conditions, which could lead to acceleration of maintenance work on and damage to our networks and thus have a major impact on expenditure and the quality of our service.

We also identified several important climate-related opportunities, including the adoption of energy-efficient processes. VodafoneZiggo has the chance to capitalise on the global trend towards a low-carbon economy by working to develop sustainable products and services delivered via more efficient operations with reduced energy consumption and by creating business opportunities enabling our customers to make this transition. As well as representing a short-term transition risk, the switch to renewable energy sources can be turned into an opportunity, thereby increasing our resilience against fluctuating fossil fuel prices and reducing long-term operational costs. We can also grow VodafoneZiggo’s portfolio of customers and investors by improving transparency around our sustainability efforts, in line with demand from regulators and wider society.

Next steps

Through this assessment, VodafoneZiggo improved its understanding of the impact of climate change on our organisation. Many of the climate-related risks and opportunities identified in this assessment are being addressed through the Progress for Everyone pillar of our strategy. This includes climate-related KPIs to measure our CO2 emissions and our energy consumption (see Sustainability (new window)). With this first analysis now complete, we will continue to integrate the outcomes into our overall Risk Management Framework to ensure we are prepared to address climate-related threats to our business continuity and capture the opportunities presented by the sustainability transition.