Experian 2015 Annual Report Download - page 19

Download and view the complete annual report

Please find page 19 of the 2015 Experian annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 179

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179

Loss or inappropriate
use of data
New legislation or regulatory
and enforcement changes
Increasing competition
Material regulatory
enforcement actions and
adverse litigation claims
Adverse and unpredictable
business and financial markets
Ineffective business execution
Non-resilient or non-agile
IT environment
Business conduct risk
Dependence on highly
skilled personnel
Data ownership,
access and integrity
IMPACT
PRINCIPAL RISK PROFILE
LIKELIHOOD
2015 risk assessment
Our businesses and strategy expose the
Group to a number of inherent risks. The
Board has carefully considered the type and
extent of the significant risks it is willing to
take, so the Group can achieve its strategic
objectives and deliver a satisfactory return to
shareholders. The diagram summarises our
principal risk profile.
Over time, the Group’s risk profile evolves. As
a result, we have updated the principal risks to
reflect the Board’s view of the most important
risks currently facing the Group. We have
added a new risk in respect of business
conduct risk and expanded our discussion
of risks associated with ineffective business
execution and adverse and unpredictable
financial markets.
We have also updated the descriptions for
other risks. Each principal risk is described
on the following pages, together with its
relevance to strategy, our mitigating actions
and an overview of the risk trend during 2015.
How do we
manage the risk?
How has the
risk changed
since 2014?
What is the risk’s
status for 2015?
We have a number of defensive and proactive practices
across the Group, based on our global security policies
A programme of continuous measurement and alerting helps
ensure that we quickly highlight areas of risk in our business
practices and manage them accordingly
Our enterprise risk management framework works to create
transparency across layers of management and seeks to
ensure we have appropriate oversight of data security, privacy
and protection
Increasing risk,
reflecting the
intensity of threats
companies are
facing from cyber
attacks, both
domestic and
foreign
We continue to invest in IT security and to execute a sound
security strategy that results in layered protections across our
technology infrastructure. We maintain strong contractual
requirements for partners and other third parties who use
our data and periodically review third-party controls. New
and emerging tools give us increased visibility into technical
systems, with a keen focus on identifying suspicious activities.
The evolving attack environment is driving a larger dependence
on threat intelligence and fine tuning our capabilities, so we can
track and respond to a myriad of potentially malicious factors
We educate lawmakers, regulators, consumer and privacy
advocates, industry trade groups, our clients
and other stakeholders in the public policy debate
Our global compliance team has region-specific
regulatory expertise and works with our businesses
to identify and adopt balanced compliance strategies.
This is complemented by executing our Seven Elements
of Compliance Programme that directs the structure,
documentation, tools and training requirements to
support manager compliance on an ongoing basis
Increasing risk and
increasing costs,
associated
with compliance
and data
governance
process
From 1 April 2014 the UK Financial Conduct Authority has
regulated credit bureaux in the UK. Experian currently operates
under an interim permission and is in the process of obtaining
its full permission. We continue to face increasing regulatory
compliance risk related to, amongst other things consumer
protection and privacy, as there is still no certainty as to the
impact of the rule making, investigative and enforcement powers
of the various global regulatory and administrative bodies on
our Credit and Consumer Services businesses. We continue
to refine our compliance strategies in response to developing
requirements of these agencies
17Strategic report Protecting our business