Our Group risk appetite acknowledges the need to proactively balance risk with opportunity, and knowingly taking an approved level of risk is essential to allowing the Group to advance in its strategic aims. Effective management of these risks is an inherent part of our operations.

Principal risks across the Group are managed on a day-to-day basis by the Group Executive and steps are taken to assess whether the business is within the Group’s risk appetite as set by the Board. Regular operational reporting from the executive and independent assurance provided on the Board's behalf to the Audit and Risk Management Committee ensure that the Board is regularly appraised on how risks are being managed. Particular focus is given to those risks which may threaten our strategic priorities or regulatory compliance.

Prioritising risks

Risk KeySet out below is the Board’s view of key risks currently facing the Group, along with commentary on how this directly affects our strategic goals. Setting these risks out in priority order, we provide a view on the likelihood of these risks crystallising in the coming year and the potential impacts, along with an indicator of the change in risk compared to the prior year assessment.

Area of risk

Expand all

Close all

Regulatory compliance and change

Regulatory compliance


Impact on strategy

William Hill is committed to upholding the British Gambling Commission’s core licencing objectives and adhering to the regulatory standards required in all of our licensed territories as they continue to evolve. Holding licences in key markets, such as with the Nevada Gaming Board, is an essential part of our growth strategy and therefore the risk of breaching local licensing regulations is a clear risk and must be managed. This multi-territory licensing drives a need to continually update processes and controls to ensure compliance, and to review the ongoing changes to our business to assess the impact on our licensing position. Changes to regulations in each of our licensed markets may have a negative impact on Group results.

What are we doing to address the issue?

We remain wholly confident that sustained investment in our compliance and other assurance functions allows us to identify, understand and address changing regulatory requirements in an efficient and effective manner. We actively engage with the UK Government and significant other parties to discuss the measures by which we fulfil our obligations under the licensing objectives in the UK.

We provide ongoing support and continued adherence to the voluntary ABB Code, and remain a committed member of the Senet Group, which aims to promote responsible gambling standards and to hold its members to account.

We maintain a dialogue with regulators and other key stakeholders in our licensed territories internationally, continually monitor the changing legal landscape and adapt our strategy on a country-by-country basis to changes in regulation.

A high proportion of Online’s revenues are derived from licensed territories, which mitigates risks associated with operating on a non-locally licensed basis.

We have well-resourced in-house compliance functions and have compliance officers in all of our strategic business units who are a core part of the local management teams, ensuring compliance has a voice at the top table in each location. Our Compliance processes and controls across the Group are well established and the compliance functions operate independently of operational management to both support management’s compliance obligations and to provide ongoing assurance over the adherence to local requirements. A bi-monthly Group Compliance Committee provides all compliance officers with direct access to senior Group leadership including the Interim CEO and ensures compliance issues are shared across the Group to allow for the identification of trends and common issues.

We also engage with governments and regulators on a pro-active basis when changes to regulation are proposed and we actively contribute to public consultations. This is designed to promote the consideration of the interests of the Group and the industry before regulation is finalised. The Group Risk and Audit function also considers regulatory compliance as a core part of audit delivery, reporting directly to the Audit and Risk Management Committee, as an independent third line of defence.

Cyber crime and IT security


Impact on strategy

The ability to provide a market leading offering to retain and attract customers, and the associated complex back-office functionality we require, is wholly underpinned by significant investment in proprietary technology and carefully selected third-party offerings. Increasing threats to these technologies from cyber-crime or malicious activities requires sophisticated protection techniques and growing investment to mitigate against them. The sports betting and online gaming industries, and the increasing digital footprint of our global operations, means that this risk is a material threat facing the Group.

What are we doing to address the issue?

During the year a significant DDoS attack on a previously unheard of scale was successfully addressed and customer impact minimised. The ability to scale our defence capability and work with mitigation partners to swiftly and successfully address rapidly emerging threats proved the value of investments made in this area.

Our technology security arrangements have prevented any material data security breaches or financial loss. However, the scale and complexity of the DDoS attack referred to above serves as a reminder as to the continually evolving and growing threats we face.

As well as working with a range of specialist security firms to enhance, review and test our defences against these threats, we continue to invest significantly in our in-house capabilities. This includes appointing a new Chief Information Security Officer with deep experience at a national infrastructure level, to enhance our team and to ensure our defences remain fit to address the changing threats.

The threat continues to change and it is clear that no company or sector is immune. We believe our exposure is being well managed and continue to be vigilant and not complacent.

Transformation programme

What's the issue?

We recognise the benefits to be gained through a transformation programme to increase efficiencies and establish more effective ways of working in ensuring we can continue to invest in longerterm growth.

Delivering widespread change through such a programme has the potential to impact core business processes, disrupt staffing models and adversely affect existing development roadmaps or business-as-usual activity if not properly managed.

What are we doing to address the issue?

Working with a leading global consultancy firm who have a depth of experience in delivering wide-reaching programmes of this type, we have produced both topdown and bottom-up efficiency models and are working with the leadership teams within our business to prioritise a delivery programme. The programme has the full support of the Board and the Group Executive, both of which regularly discuss and monitor progress. A fully resourced programme office is in place to manage the delivery timelines, dependencies and resourcing requirements in order to minimise delivery risk and impact on existing plans.

Each initiative is sponsored by a member of the Group Executive and led by a member of the senior management team within the relevant business to ensure full visibility of the impacts of change.

An independent programme of assurance and risk management will report directly to the Interim CEO and Audit and Risk Management Committee for the duration of the programme.

Competitive landscape

Impact on strategy

The challenge to acquire, retain and service customers continues to intensify as recent mergers within the UK gambling industry begin to embed and entrants from overseas continue to invest in the region. We must ensure our strategy acknowledges and responds to this across all areas of our business, but specifically with respect to product development, user experience and marketing effectiveness.

Failure to differentiate and meet the needs of our customers may lead to a 'race to the bottom' on pricing, this being a natural outcome for those who serve commoditised offerings.

What are we doing to address the issue?

The keys to success in an increasingly fragmented market are new product developments which are easy to use and which are marketed such that both new and existing customers feel valued and rewarded. All of these elements involve providing customers with a personalised experience. The combination of the flexibility provided by our front-end platform with investment into our back-office, data and trading platforms provides the tools required to understand and service our customers’ needs. Steps taken in the year include the launch of our proprietary SSBTs in Retail, investments in NYX, improved access to development resource with the acquisition of Grand Parade and the development of our UNO single customer data warehouse, providing us with other opportunities to differentiate.

Aligned to this, our high-street presence and a change in the tone-of-voice of our marketing communications will ensure our brand is able to stand out in a crowded marketplace. Whilst we focus largely on our core brand, William Hill, we are also able to flex according to local market needs, as demonstrated by the use of Centrebet in Australia to complement our mass-market presence in that location.

Further, the appointment of Board members and key senior managers with deep industry experience during the year leaves us well placed.


Delivery of IT strategy

Impact on strategy

The ability to deliver change through the development of our IT infrastructure and platforms is key to differentiating ours from commodity-driven offerings, enhancing customer experience through our time to market, front-end, customer analytics and personalisation.

Our global technology footprint comprises a sophisticated combination of core central services and capabilities and more targeted, more localised and business-specific capabilities, delivered from multiple locations, to meet specific local business needs.

What are we doing to address the issue?

During the period, the Board sanctioned major investments in order to support our IT strategy and ensure we are fit for purpose for future needs. Our investments in NYX and acquisition of Grand Parade are key enablers in our technology strategy alongside our internal investments in our front-end platform, SSBTs and other key initiatives, which in turn underpin several other strategic goals. These investments enhance both our infrastructure and our ability to develop and support future capabilities. Our investment in NYX supported its acquisition of Openbet, which positions us well to partner with them to deliver our next-generation back-end platform.

Grand Parade has already been integrated into William Hill and has significantly enhanced our development capabilities with several of the enhancements to our mobile experience being the direct result of Grand Parade development work. A clear roadmap is in place to utilise existing development resource alongside Grand Parade to enhance user experience and increase personalisation.



Impact on strategy

We operate in a highly competitive landscape with operations in multiple locations worldwide. Delivery of our strategy relies on the maintenance and development of a focused leadership team and access to a number of highly skilled specialists across the Group.

What are we doing to address the issue?

During the year the Board made a change at the CEO level and Philip Bowcock was appointed Interim CEO, supported by Mark Summerfield as Interim CFO. Whilst the roles are interim a clear focus of this leadership team has been to strengthen our senior management cohort and align leadership skills to the needs of the business. Several senior hires with a depth of betting, gaming and technical specialist experience have been appointed to the Online business and critical support functions.

In addition, following a review of the composition of the Board (see the report from the Nomination Committee on page 66) we have appointed three additional Non-executive Directors who bring significant digital, multi-channel and gambling industry experience.

As well as looking to strengthen with external appointments, we also recognise the need to do more to retain and develop the talent we have in-house. By making significant investments in our Human Resources leadership, and outsourcing much of the administrative work to a third party, our HR function is able to focus on talent development, robust performance appraisal and the alignment of reward to performance.

Overall, the Group provides competitive salary and benefits packages, including short-term bonuses and long-term share-based incentives, having taken steps to review and enhance reward arrangements during the year. All employees are encouraged to become owners of the business through a Sharesave programme. The Board has visibility of key leadership remuneration arrangements through the Remuneration Committee.

Following investment into the HR function, robust appraisal and goalsetting processes are being rolled out for 2017 and annual talent reviews will be conducted with the senior management team. The Group regularly reviews the levels of employee engagement through an annual employee survey and implements specific action plans to address areas of improvement.


Business continuity management

Impact on strategy

With key operational offices in ten countries, supported by a network of operational hubs, licensed betting offices and sports books, disaster recovery facilities and business critical third-party locations, a comprehensive business continuity plan in the event of disruption to any of our key sites is required. Business continuity events include disruption to our people and locations which may impact the business' ability to service customer needs.

What are we doing to address the issue?

Whilst we have successfully dealt with significant issues across our estate in the recent past, minimising the impact of any business interruption on our customer group and the ability to serve their needs is essential.

As we look to drive efficiencies across the Group we continue to consider whether our location strategy is aligned to our needs and where our exposures are unfavourable.

The Group now has access to business continuity (BC) sites in our core UK locations, multiple sites or bespoke BC facilities in key overseas locations, or the ability to rely on flexible ways of working in other locations. We have established a Brexit Working Group to consider the implications as we move towards the triggering of Article 50 and beyond, specifically considering the potential implications financially, operationally and from a regulatory perspective. This includes ensuring suitable arrangements are in place should there be disruption to the Gibraltar crossing or the availability of any services offered through Gibraltar, and validation of these arrangements by undertaking BC testing.

A BC management system is in place which includes a programme of rolling reviews of our Group-wide BC plans and we continue to evolve these plans in line with our wider business evolution. This is owned by a full-time BC Manager, with appointed BC champions in all key locations, as well as named BC plan owners in all business units. We continue to test and rehearse our people, technology and building services infrastructure to ensure that BC capability and readiness is embedded in the culture of the business and that our business is safe and secure and available for colleagues and customers. In 2017 a particular focus will be given to assessing BC capabilities across our supply chain.

BC readiness forms part of the regular reporting to the Group Audit and Risk Management Committee, to ensure adequate oversight of our plans and preparedness.

IT disaster recovery

Impact on strategy

As a global business sharing elements of our trading platforms across different time zones, and with a global sporting calendar generating round-the-clock activity, any significant disruption to core platforms or online services is likely to have a significant impact on our ability to service customer needs regardless of its timing. It is therefore important that we establish robust disaster recovery mechanisms for such services, to ensure that any visible downtime is minimised in the event of disruption.

What are we doing to mitigate the issue?

Minimising the impact of any platform or online service interruption on our customer group and the ability to serve their needs is essential. We therefore continue to work on refreshing our IT Disaster Recovery solution for the Online business, as well as leveraging next-generation technologies to continuously improve the underlying resilience of core services. In addition, as we look to drive efficiencies across the Group, we continue to consider whether our current data centre strategy is fully aligned to our needs, including whether opportunities exist to benefit our IT Disaster Recovery posture.

For our US and Australian businesses, separate local IT Disaster Recovery facilities, plans and processes are also in place and indeed have been improved over the last 12 months.

We continue to monitor the status of our IT Disaster Recovery capabilities across the Group to ensure that our protections are in line with business requirements, and that remedial action is taken where necessary. The status of our IT Disaster Recovery solutions have been regularly monitored by the Group Audit and Risk Management Committee.