Risk

We are subject to enhanced regulatory scrutiny and therefore face a higher chance of investigation, enforcement or sanction by financial services regulators. This may be driven by internal factors, such as the strength of our control framework or its interpretation, or the awareness, understanding or implementation of relevant regulatory requirements. This risk can also arise from external factors, such as the current and changing priorities of our regulators' policy and supervision departments.

Mitigation and controls

·   Monitor operations to ensure they adhere to regulatory requirements and standards

·   Continuously review all regulatory incidents and breaches

·   Define and embed policies and procedures across the Group to ensure regulatory compliance

Risk

We operate across highly regulated environments which are continually evolving, and face the risk of governments or regulators introducing legislation or new regulations and requirements in any of the jurisdictions in which we operate. This could result in an adverse effect on our business or operations, through reduction in revenue, increases in costs or increases in capital and liquidity requirements.

Mitigation and controls

·   Maintain strong relationships with key regulators and actively seek to converse in an effort to keep abreast of, contribute to and correctly implement regulatory changes

·   Monitor relevant public statements by regulators that affect our industry

·   Maintain current and emerging risk reports which timeline incoming changes

Risk

The risk of significant adverse changes in the manner in which we are taxed.

Examples of tax risks we face include the risk of the imposition of a financial transactions tax, which could severely impact the economics of trading and developments in international tax law, which in turn could impact the amount of tax that we pay.

Mitigation and controls

·   Monitor developments in international tax laws to ensure continued compliance and that stakeholders are aware of any significant adverse changes that might impact us

·   Where appropriate and possible, collaborate with tax and regulatory authorities to provide input on tax policy, or changes in law

Risk

The risk that our competitive position weakens or profits are impacted due to the failure to adopt or implement an effective business strategy, including the risk of failing to appropriately integrate an acquisition.

Mitigation and controls

·      The Board receive strategy updates from the Executive Directors throughout the year detailing the strategic progress of the business

·      Undertake external consultation and extensive market research in advance of committing to any strategy in order to test and validate a concept

·      Manage projects via a phased investment process, with regular review periods, in order to assess performance and determine if further investment is justified

Risk

The risk that our performance is affected by client sensitivity to adverse market conditions, making it harder to recruit new clients and reducing the willingness of existing clients to trade.

Mitigation and controls

·     Review daily revenue, monthly financial information, KPIs and regular reforecasts of expected financial performance

·     Use forecasts to determine actions necessary to manage performance and products in different geographical locations, with consideration given to changes in market conditions

·     Regularly update investors and market analysts on revenue performance, and engage with them to manage the impact of market conditions on performance expectations

Risk

We operate in a highly competitive environment and seek to mitigate competitor risk by maintaining a clear distinction in the market. This is achieved through compelling and innovative product development and quality of service, all while closely monitoring the activity and performance of our competitors.

Mitigation and controls

·     Monitor conduct to ensure we do not engage in questionable practices, regardless of whether they would prove to be commercially attractive to clients

·     Ensure that our product offering remains attractive, taking into account the other benefits that we offer our clients, including brand, strength of technology and service quality

Market risk

Risk

The risk of loss due to movements in market prices arising from our net position in financial instruments. We seek to manage our market risk so our trading revenue predominantly reflects client transaction fees net of hedging costs and is not driven by market risk gains or losses.

We are also exposed to interest rate risk through our debt and holdings of cash and investments.

Mitigation and controls

·      Use a real-time market position monitoring system

·      Monitor market risk exposures with hourly scenario-based stress tests which analyse the impact of potential stress and market gap events

·      Take appropriate action to reduce risk exposures as required. If exposures exceed pre-determined limits, hedging is undertaken to bring the exposure back within the limits

·      Our framework consists of dynamic limits which can be fully utilised during market opening hours and contract in less liquid periods. Market risk limits have been increased over the year in line with the growth of the Group, bringing greater efficiency of internalisation of client flow. All increases are reviewed and approved by the Board

Risk

The risk that a client fails to meet their obligations to us, resulting in a financial loss. Client credit risk principally arises when a client's total funds deposited are insufficient to cover any trading losses incurred.

Mitigation and controls

·      Set client margin requirements considering the market for each instrument, requiring clients to deposit additional collateral or reduce positions where necessary

·    Manage client credit risk in real time via our 'Close-out monitor' system. Monitor and manage client margin calls via automatic liquidation of account positions once pre-determined account close-out levels are breached

·    Offer risk management training to clients which encourages them to collateralise their accounts at an appropriate level and set a level at which an individual deal will be closed

Risk

We have financial exposure to a number of financial institutions, owing to the placement of financial assets at banks and the hedging of market risk in the wholesale markets, which requires us to place margin with our hedging brokers.

Mitigation and controls

·      Perform credit reviews on financial institutional counterparties when a new relationship is entered into; this is updated semi-annually (or ad hoc upon an event)

·      Actively manage credit exposure to each of our broking counterparties, settling or recalling balances at each broker on a daily basis in line with the collateral requirements

·      Ensure the majority of deposits are demand or overnight deposits, enabling us to react immediately to any deterioration in credit quality

Risk

This is the risk that we are unable to meet our financial obligations as they fall due.

Mitigation and controls

·      Manage liquidity within the UK Defined Liquidity Group (UK DLG) comprising of IG Markets (IGM), IG Index (IGI) and IG Trading and Investments (IGT&I)

·      The UK DLG carries out a liquidity assessment each year to ascertain if it has sufficient liquidity to continue in operation under liquidity stress and provides mitigating actions to improve the liquidity position in these stress scenarios

·      Mitigate liquidity risk through access to committed unsecured bank facilities and debt

Risk

The risk that we hold insufficient capital to cover our risk exposures and have to curtail or cease operations.

We are supervised on a consolidated basis by the UK's FCA and our global entities' operations are directly authorised by the respective local regulators.

Mitigation and controls

·      Manage capital resources with the objectives of facilitating business growth, maintaining our dividend policy and complying with the regulatory capital resource requirements

·      Undertake an annual capital assessment and apply a series of stress-testing scenarios to our base financial projections, approved by the Board

·   Operate a monitoring framework over our capital resources and minimum capital requirements daily

Risk

The risk that clients are unable to trade on the platform due to an operational outage and the risk that our operations are affected due to inadequate disaster recovery capabilities and delays in our ability to recover within appetite.

Mitigation and controls

·      Maintain a 24/7 Incident Management function to manage the resolution of incidents

·      Perform regular disaster recovery capability testing to ensure that standby services are effective and minimise the impact to operations

·      Apply denial-of-service (DOS) protection against cyber-attacks that would impact platform availability

·      Maintain a Change Management function which undertakes risk assessments and utilises defined maintenance windows to protect core trading periods and client impact

Risk

The risk that system capability limitations or unexpected client activity results in degradation of client platforms or internal business service to clients. We need to ensure we have sufficient capacity to flex with client demand.

Mitigation and controls

·      Undertake regular performance and capacity stress testing to ensure our platforms have sufficient headroom and resilience to perform in times of heightened volatility and increased demand

·      Maintain an Enterprise Change function to manage business change and the development of new products and services

·      Maintain a Quality Assurance function to test and identify system defects through the development lifecycle and resolve these before they impact applications

Risk

This is the risk of data loss that results in a regulatory breach or fine. This can be due to employee or vendor activity, non-compliance with data regulations, cyber-attack or data integrity issues.

Mitigation and controls

·      Maintain a 24/7 Security Operations Centre for the review and triage of information security incidents, and employ mitigation services for threats such as hacking, malware, data loss and data gathering

·      Host a dedicated Information Security Forum, through which senior management are updated on the strategy and progress of the Information Security Programme and the status of threats and risks

Risk

The risk that we have inadequate employment practices which are detrimental to staff or can create conflict with the business. Employees should be confident that they work in a safe environment.

Mitigation and controls

·      Continuously refresh our employment policies and processes to ensure they match the latest industry standards and best practices

·      Obtain regular feedback from staff members on employment practices and working conditions in order to assess and improve our practices and continue to be a top employer

·      Undertake annual engagement surveys to identify any employee dissatisfaction which can then be investigated and improved upon

·      Purchase suitable insurance programmes which cover employee requirements globally

Risk

The risk related to any issues with the processes around our internal hedging and client trading. This also considers how we process clients' corporate action events, dividends and stock transfers.

Mitigation and controls

·    Internalise client flow and hedge efficiently with return to volume of client income being a key monitoring metric

·    Put in place market risk limits and have very low tolerance for operational issues that result in a market risk loss

·    Strictly adhere to best execution rules which are monitored through the Best Execution Committee, applying the highest standards to all jurisdictions in which we operate Take a 'follow the sun' approach with trading desks located in Australia and London with shift patterns

Risk

This is the risk related to the operational and conduct issues in the client lifecycle spanning from the customer agreement, account set-up, interaction with us, and appropriateness of account types and product offerings.

Mitigation and controls

·      Regular assessments of services which have been identified as being critical to clients and are required to be operationally resilient, with single points of failure identified and back-ups set in place

·      Cross-team training to ensure resources are adequate to flex with demand

·      Establish KPIs to monitor levels of service provided, and invite clients to provide feedback, with any issues identified being investigated

Risk

The failure to identify and report financial crime, and inadequate client due diligence and oversight, can result in a breach of regulatory requirements. Clients may attempt to use us to commit fraud or launder money, third parties may try to extract client or corporate funds, and employees could misappropriate funds if an opportunity arose.

Mitigation and controls

·    Have a mature control framework for identifying suspicious transactions related to market abuse which must then be reported on

·    Establish appropriate onboarding processes for different clients and vendors with an enhanced due diligence process

·    Ensure Group policies and processes have segregated duties to ensure adequate oversight and control over internal fraud

Risk

The risk that inadequate business processes and oversight can lead to internal issues within the business. These can relate to inaccurate or late client money or asset management, mismanaged corporate cash, unintentional breach of market risk limits, incorrect revenue calculation or allocation, or incorrect or late payroll processing.

Mitigation and controls

·    Our operational risk framework ensures the control environment is monitored and aim to reduce the operational events which occur

·    Escalation procedures efficiently manage the occurrence of these risks

·    Specific committees and audits monitor topics such as client money and asset management

·   Ensure correct resourcing to flex with client volumes and monitor attrition rates at a functional level

Risk

The risk of production issues which could lead to untimely, incomplete or inaccurate Financial Statements, transaction reporting, tax filing, regulatory capital, financial crime reporting and forecasting. Any issues or errors can have a detrimental impact on clients, markets and shareholders.

Mitigation and controls

·    Monitor and enhance our control environment, which aims to reduce the number, size of and impact of these events which occur

·    Implement escalation procedures to efficiently manage the occurrence of these risks

·    Specific steering committees help manage areas such as transaction reporting, financial crime reporting, financial reporting and forecasting, Internal Capital Adequacy and Risk Assessment (ICARA) production and annual report production

Risk

The risk related to dangers to employees and damage to physical and non-physical property or assets from natural or non-natural external causes. We recognise the growing risks associated with climate change and a warming planet. These include the physical risks from changing weather patterns, and the transition risks arising from movement towards a less polluting, greener economy.

Mitigation and controls

·    Secure data centres and offices and with state-of-the-art cyber security and fire safety protocols in place

·    Purchase suitable commercial insurance globally for assets and each of our premises

·    Engage with an external environmental consultant to help conduct climate-related risk assessments bi-annually