REG - Network Intnl Hldgs - Publication of Annual Report and AGM update
Network International Holdings Plc
Annual Report and Accounts 2020
and
COVID-19 likely impact on the Annual General Meeting
Network International Holdings Plc (LSE: NETW) (the "Company"), the leading enabler of digital commerce across the Middle East and Africa (MEA), announces that further to the release of the Company's preliminary results announcement on 8 March 2021, the Annual Report and Accounts for the year ended 31 December 2020 ("2020 Annual Report") has been published today and is available on the Company's website at https://investors.networkinternational.ae/. It has also been submitted to the National Storage Mechanism and will shortly be available at https://data.fca.org.uk/#/nsm/nationalstoragemechanism.
The appendix to this announcement contains additional information which has been extracted from the 2020 Annual Report for the purposes of compliance with the FCA's Disclosure & Transparency Rules and should be read together with the Company's preliminary results announcement, which can be found at https://investors.networkinternational.ae/. The Group continues to monitor the COVID-19 developments closely and continues to assess the impacts to its operational resiliency and third party supply chains.
Together these constitute the information required by DTR 6.3.5 to be communicated to the media in unedited full text through a Regulatory Information Service. This information is not a substitute for reading the full 2020 Annual Report.
COVID-19 LIKELY IMPACT ON THE ANNUAL GENERAL MEETING ('AGM')
We are closely monitoring the COVID-19 situation, including UK Government measures, and will continue to do so up to the AGM. The situation continues to develop rapidly and as a result the arrangements for the AGM may change at short notice.
Annual General Meeting will be held as a hybrid meeting, which will allow members to participate electronically or, subject to UK Government restrictions (please see below), in person at The Lincoln Centre 18 Lincoln's Inn Fields, London, WC2A 3ED, at 11:00 am on 20 May 2021.
On 22 February 2021, the UK Government published the "COVID-19 Response - Spring 2021" laying down the Government's plan to slowly move out of the lockdown imposed in relation to the fight against the COVID-19 pandemic (the "Roadmap"). This Roadmap explains in four steps, what will happen over the period from February 2021 and sets out the four tests that the UK Government will apply before deciding whether the next step in the phased easing of the lockdown measures can be introduced.
If the lockdown restrictions are extended and/or amended such that restrictions remain in place on 20 May 2021, shareholders must not attend the AGM in person; The AGM will, in any event, be conducted as a hybrid meeting and it is expected that two Directors will be present at the meeting venue or, if that is not possible, a location to be determined by the Board; and shareholders will be able to participate electronically as explained in the Notes to the Notice convening the AGM and on the Company's website.
If the lockdown restrictions (as may be amended by the UK Government from time to time) are relaxed such that they no longer restrict public gatherings and or travel to such gatherings, we would still ask you to review all UK Government guidance and consider whether your travel to and attendance at the AGM is necessary.
We encourage you to monitor the UK Government's Roadmap out of lockdown and any other restrictions and guidance on travel and meetings.
Updates on the status of the AGM and any changes to the proceedings of the meeting will be published at https://investors.networkinternational.ae/.
Any questions that the shareholders may have related to the business at the AGM can be submitted at AGM2021@network.global.
Enquiries
Network International
InvestorRelations@Network.Global
Amie Gramlick: Head of Investor Relations
Finsbury
network-lon@finsbury.com
James Leviton, Robert Allen: Media Relations
Appendix: additional information required by DTR 6.3.5R
In compliance with DTR 4.1.12R, the Annual Report and Accounts 2019 contain Directors' responsibilities statements. These are reproduced below, alongwith the Statement on Risks & Uncertainties and Related Party Balances and Transactions, in line with DTR 6.3.5R. The statements relate to and have been extracted from the 2019 Annual Report.
Page and note references in this appendix refer to page numbers and notes in the 2019 Annual Report.
DIRECTORS' RESPONSIBILITIES STATEMENTS
Statement of Directors' responsibilities
The Directors are responsible for preparing the Annual Report and Accounts and the Group and Parent Company financial statements in accordance with applicable law and practice.
Company law requires the Directors to prepare Group and Parent Company financial statements for each financial year.
Under that law they are required to prepare the Group financial statements in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006 and applicable law and have elected to prepare the Parent Company financial statements in accordance with UK accounting standards and applicable law, including FRS 102 The Financial Reporting Standard applicable in the UK and Republic of Ireland. In addition the Group financial statements are required under the UK Disclosure Guidance and Transparency Rules to be prepared in accordance with International Financial Reporting Standards adopted pursuant to Regulation (EC) No 1606/2002 as it applies in the European Union ('IFRS as adopted by the EU'). In addition the Group financial statements were also prepared in accordance with International Financial Reporting Standards as issued by the International Accounting Standards Board ('IFRS as issued by the IASB')
Under company law, the Directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs of the Group and Parent Company and of their profit or loss for that period. In preparing each of the Group and Parent Company financial statements, the Directors are required to:
› Select suitable accounting policies and then apply them consistently;
› Make judgements and estimates that are reasonable and prudent;
› For the Group financial statements, state whether they have been prepared in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006 and, as regards the Group financial statements, International Financial Reporting Standards adopted pursuant to Regulation (EC) No 1606/2002 as it applies in the European Union ('IFRS as adopted by the EU'), and International Financial Reporting Standards as issued by International Accounting Standards Board ('IFRS as issued by the IASB');
› For the Parent Company financial statements, state whether applicable UK accounting standards have been followed, subject to any material departures disclosed and explained in the Parent Company financial statements;
› Assess the Group and Parent Company's ability to continue as a going concern, disclosing, as applicable, matters related to going concern; and
› Use the going concern basis of accounting unless they either intend to liquidate the Group or the Parent Company or to cease operations, or have no realistic alternative but to do so.
The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Parent Company's transactions and disclose with reasonable accuracy at any time the financial position of the Parent Company and enable them to ensure that its financial statements comply with the Companies Act 2006. They are responsible for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error, and have general responsibility for taking such steps as are reasonably open to them to safeguard the assets of the Group and to prevent and detect fraud and other irregularities.
Under applicable law and regulations, the Directors are also responsible for preparing a Strategic Report, Directors' Report, Directors' Remuneration report and Corporate Governance statement that complies with that law and those regulations.
The Directors are responsible for the maintenance and integrity of the corporate and financial information included on the Company's website. Legislation in the UK governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions.
Responsibility statement of the Directors in respect of the Annual Report
We confirm that to the best of our knowledge:
› The financial statements, prepared in accordance with the applicable set of accounting standards, give a true and fair view of the assets, liabilities, financial position and profit or loss of the Company and the undertakings included in the consolidation taken as a whole; and
› The Strategic Report includes a fair review of the development and performance of the business and the position of the Company and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face.
We consider the Annual Report and Accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group's position and performance, business model and strategy.
PRINCIPAL RISKS AND UNCERTAINTIES
Overview
We have continued to make further progress in maturing our approach to risk management, building on the firm foundations we laid in 2019. For example, we have embedded a strong culture of risk management which supports good governance and sound risk management practices across the Group. We operate in dynamic markets across the Middle East and Africa which can be impacted by a multitude of geopolitical events and regulatory changes. Therefore, our continued growth in the region, together with our expansion plans for the Saudi Arabia and Africa markets alongside rapid technological developments in the payments industry present shifting demands on our operational and technology capabilities. All of these factors continue to expose our business to multiple challenges, risks and uncertainties. Consequently, the effective and efficient identification and management of these risks is key to the successful achievement of our strategic objectives.
ERMF
The Group continues to make good progress in further embedding the ERMF, having established a clear risk governance model utilising the three lines of defence model to ensure effective risk management, oversight and assurance. In addition, the ERM Committee, which was constituted in 2020 with representatives from the management team and Group Internal Audit, has established regular meetings to monitor and review various enterprise level risks within the Group, to provide effective oversight of the ERMF and to report its findings to support the work of the Audit and Risk Committee. Examples of the steps we have taken to embed our ERMF and evidence of a strong risk culture are given within this section on Principal Risks and Uncertainties (from pages 76 to 78).
COVID-19
On pages 6 and 7 of this Annual Report, we explain the key priorities of our Coronavirus Management Strategy in rapid response to mitigate the impact of COVID-19 on our business, protecting our customers, our people and our financial position. For example, we implemented a number of practical support measures for customers across the business and our programme of cash support to micro-SMEs which was very well received. We approached this rapidly emerging risk by establishing a COVID-19 Assessment Team to monitor the situation, develop our Coronavirus Management Strategy and actively respond to the needs of our customers and colleagues.
A temporary principal risk was created to support the Committee to understand and monitor the impact of the pandemic on the Group's risk profile. The risk was monitored and reported during the first half of 2020 by identification of early warning indicators as the business responded to COVID-19. The reporting of COVID-19 as a standalone risk has now ceased and we continue to monitor the COVID-19 impact as part of the existing principal risk framework. In the principal risk section below we will explain how COVID-19 has impacted some of our principal risks and the actions taken by the Group to manage those risks.
Principal and emerging risk trends
We continue to see the risk trends remaining stable for our principal risks with further investments in our cyber security and technology infrastructure being particularly noteworthy. However, we recognise that we operate in a dynamic business environment and that our risk profile will continue to evolve over time. We continue to remain focused on new and emerging risks which could adversely affect our accepted risk profile and strategic planning in the longer term.
We have revisited these risks which are primarily driven by external factors including cyber, regulation, market stability and climate change. The increasing risk on execution is driven by increased levels of activity and we continue to assess, prioritise and increase our capacity to deliver against our strategic objectives. Further detail on the new and emerging risks can be found on page 87. The Board has also reaffirmed the Group's risk appetite for the year 2021.
How we manage risk
We have a dynamic, practical and action-oriented ERMF, which helps us in proactively responding to changes in our business environment, whilst continuing to deliver on our expectations of increased transparency, value protection and creation. This is supported by our use of the three lines of defence model and the functional responsibilities and oversight committees that support it.
We have implemented most of the core components as part of the ERMF design and the remaining components are on track to be implemented within the committed timelines during 2021. Risk profiles have now been documented for all business units across the Group in the form of risk assessments which help business and support functions in identifying, mitigating and reporting their risks and controls. Corporate risks, which act as the 'link' between the principal risks and unit level risks, have also been defined. This helps in creating a common risk taxonomy across the Group and ensures consistency of understanding and reporting of actual and emerging risk events.
The Group continues to use its ERMF to enable management to make sound risk-based decisions in relation to strategic initiatives. The proposed DPO acquisition was a recent example where the Group developed a separate risk profile of the DPO business to determine how the Group's overall risk profile would be impacted by the acquisition. This allowed where relevant for short and longer-term mitigating actions to be agreed and in due course mobilised.
For an overview of how we manage risk, please refer to Graphic 1 in the attached Appendix pdf document:
http://www.rns-pdf.londonstockexchange.com/rns/9069U_1-2021-4-8.pdf
Our approach to risk management
At Network International, we maintain a robust and sustainable ERMF, which ensures risks are properly identified, assessed against tolerance levels and appropriately managed across the Group. Our ERMF is designed to minimise the potential threats to achieve our objectives. In 2020, we completed a thorough risk assessment process that commenced in 2019 initially prioritising higher risk areas followed by lower risk business units. The overall approach was underpinned by a bottom-up approach and examined from a top-down perspective.
During the year, management has sought to build a richer understanding of the risks facing the Group's operations. A number of our successes as part of the management of our operational risks are set out below:
• We completed all functional risk assessments across all Group locations;
• We implemented risk and control self-assessments ('RCSA') for our operations function;
• We completed questionnaire-based risk reviews for our critical vendors to provide comfort over those partners critical to our delivery and supply chain cycle during the COVID-19 pandemic;
• We revised all our existing risk management policies to be aligned with the ERMF which were approved by the Board and rolled out to our colleagues.
While 2020 has been a challenging year due to the COVID-19 pandemic, the Group has emerged stronger as a result of a successful implementation of a robust Business Continuity programme which enabled the Group to continue to provide services to our customers seamlessly.
For an overview of our approach to risk management, please refer to Graphic 2 in the attached Appendix pdf document:
http://www.rns-pdf.londonstockexchange.com/rns/9069U_1-2021-4-8.pdf
Risk appetite
Risk appetite is the amount of risk we are willing to take in pursuit of our objectives. It defines the level of risk at which appropriate actions are needed to reduce risk to a level that we are willing to accept. As defined in our principal risks disclosure we consider risks from a low, balanced and high perspective. Our risk appetite is not static and may change over time in line with changing capabilities for managing risk and our business environment.
The risk appetite statement is reviewed and approved by the Board annually.
Group Risk Appetite Statement
"At Network International, our growth strategy is focused on maintaining our position as the best payments partner in the Middle East and Africa. We accept that these markets are subject to higher levels of geo-political uncertainty and business risk than those in more developed markets, and are also accepting of any concentration risk based upon our entry into these markets and territories, though we act to mitigate this through revenue diversification.
We will aim to balance this against a low appetite for any risks that compromise the confidentiality, integrity or availability of our data, our customers' data or our cyber security position. Additionally, we look to minimise our exposure to any risk which will adversely impact our stakeholders, operational performance or compliance with relevant regulation and legislation. Network International has a low appetite to incur losses from financial risk.
We will support this appetite with a level of investment that ensures we have suitable levels of policy and controls to effectively manage these risks, facilitate decision making and continue to support our growth strategy.
This means as a business that we have an informed appetite to taking risks which will enable us to drive growth in a sustainable manner providing an adequate and stable return on investment and which limits our exposure to those areas where we have a low risk appetite and effectively control those to which we have a greater appetite for risk. We believe that managing these risks in the right way will support our aim of enabling commerce in the world's most under penetrated payments markets."
Risk culture
The Group is committed to embedding a strong risk culture to support good governance and sound risk management practice. The Board and the Executive Management Team play a key role in directing and influencing this by ensuring that:
• a risk based approach is used during key decision making. A recent example has been the response by the Group to COVID-19 pandemic, where the Group applied its ERMF to support management in making sound risk based decisions by developing a new temporary principal risk to understand the impact of COVID-19 on our existing principal and emerging risks. Additionally, a separate risk profile of the DPO business was also developed to understand how the DPO risk profile might impact the Group's overall risk profile;
• a consistent tone from the top and clear responsibilities for risk identification and challenge; refer to responsible business section on page 56;
• employees have risk management accountability and escalate issues on a timely basis;
• our incentive structures described within our Remuneration Report on page 132 promote a risk aware culture to effectively manage risk and remunerate employees accordingly;
• we adopt a culture of "learning from our mistakes" to foster continuous improvement of processes and controls;
• whistleblowing, an independent confidential whistleblowing service to enable employees to raise their concerns through an independent route;
• risk awareness is embedded within the Group and is grounded in our strong ethical values and culture. Our risk management philosophy is cascaded top down and bottom up and runs through all our management, employees and connected stakeholders.
To improve risk awareness across the Group a comprehensive online training programme has been developed covering important risk and compliance topics. We have had very high levels of participation from our colleagues across the Group in 2020.
The importance of risk culture is reinforced in the Group's policies and standards and the Code of Conduct, to which all our colleagues attest annually as part of the annual training programme.
Focus areas for 2021
In 2021 we will focus on further embedding our approach to risk management throughout our business, markets and support functions to build an even richer picture of risk information.
The priorities for Group Risk throughout 2021 will be:
Priorities for 2021
Rationale
Completion of the Governance Risk and Compliance platform implementation.
This will provide us with a centralised tool for managing risks, controls, risk assessments and loss management. The platform enables cross-functional collaboration and alignment.
Complete the implementation of RCSA for all functional units.
RCSA helps the first line function in developing its control testing standards for the identified controls documented in the risk assessments and tests its effectiveness on defined frequencies. RCSA also helps in promoting and embedding a risk awareness and management culture across the Group through effective process governance.
Completion of the Annual Assurance plan for 2021.
To provide assurance on the effectiveness of Group's current control environment by the second line of defence and to ensure these are aligned and meeting the overall Group's business objectives.
Completion of separation of Network International Group 'Cyber Security services' from Emirates NBD Group.
To achieve self-sufficiency in the area of Cyber Security and implement enhanced security solutions in line with the Group requirements.
Integration of Group ERM framework into DPO Group business (post acquisition).
Implementing an integration strategy with prioritised focus on control functions as per ERM framework.
To further enhance our acquiring fraud monitoring capabilities with the implementation of new e-commerce risk control tools.
To support growth in e-commerce business with the required risk controls.
The completed priorities for Group Risk in 2020:
Priorities for 2020
Benefits
Enhanced whistleblowing process.
Appointed an independent and confidential whistleblowing service for the Group and rolled out awareness and communication on the revised whistleblowing process.
Completed the compliance assurance reviews.
Assessment of compliance risks of the changing regulations, emerging business risks and ongoing money laundering and sanctions risk.
Embedding of ERM framework.
Further strengthen Group's risk culture by rolling out awareness and communication on the ERM framework to our colleagues across the Group.
Completed 'bottom-up' risk assessments for all functional units.
Helps business and support functions in documenting and assessing their risks and controls for all Group functions.
Initiation of RCSA.
Implemented RCSA for our operations function and are on track for completing the remaining functional units. The RCSA helps the first line of defence in developing its control testing standards for the identified controls documented in the 'bottom-up' risk assessments and tests its effectiveness on defined frequencies. RCSA also helps in promoting and embedding a risk awareness and management culture across the Group through effective process governance.
Implementation of key cyber security enhancements.
Implementation of Group-wide end-point detection and response ('EDR') solution across all end-points and servers to protect against malware attacks.
Enhanced email protection, phishing triaging and anti-spoofing controls across the Group.
Enhancements in the DDOS protection across the Group including a simulation exercise to test the efficiency of the controls.
Implemented a new acquiring fraud monitoring system.
Acquiring fraud module of Way4 system was implemented.
Acquiring portfolios of UAE and Jordan were subjected to a stress testing exercise focusing on travel and subscription merchants to mitigate risk of chargeback.
To mitigate chargeback risk posed by certain delayed delivery merchants, due to COVID-19 pandemic impacting their trade volumes.
Our principal risks
We have completed a robust assessment of emerging and principal risks that we consider are most likely to have an impact on our business in the future. Not all risks facing the business are listed; however, we have highlighted on page 87 those emerging risks that we consider may have an impact on the business. These risks are not listed in any particular order of priority.
'Execution risk' disclosed last year as an emerging risk is now being included as a new principal risk. The Group has committed significant capital in order to pursue its strategic initiatives including M&A and plans to enter new markets. To achieve these strategic initiatives, the Group plans to make further investments in its infrastructure, product development and people. These strategic initiatives if not executed well may negatively impact our return on investment and may expose us to adverse financial and reputational risks. Inclusion of the new principal risk reflects increased focus on execution risk in FY21 in light of the DPO acquisition, ENBD separation, planned Saudi Arabia market entry and revenue growth plans for Africa.
In addition, two principal risks 'Fraud' and 'Credit', which were disclosed last year as separate principal risks, are now combined. Primarily both these risks are posed by chargebacks, fees, charges and scheme fines and have similar mitigating controls (with the exception of non-customer related fraud incidents). Additional controls and enhanced key risk indicators have been introduced through the COVID-19 period and notwithstanding the perceived higher risks associated with businesses impacted as a result of COVID-19, actual losses experienced from both a fraud and credit perspective have remained stable throughout the year and well within the 'low' loss rate threshold.
For 2020, the overall risk profile of the Group was managed at acceptable levels with the majority of the Group's principal risks falling within the 'Informed' risk rating.
The overall residual risk trend when compared broadly to the risk profile for the prior 12 months has been stable due to the continuous investments in the Group's infrastructure, resources, governance model and internal control framework.
The following section contains information about the principal risks, including a summary of the progress made in 2020 and the priorities for 2021, their potential impact, our risk appetite and the link to our strategic priorities.
Link to strategic priorities
1 Capitalise on digital payments adoption and enable financial inclusion
2 Expand customer base and focus on high value segments
3 Develop commercial arrangements with strategic partners
4 Product expansion and market penetration
5 Leverage technology and build capabilities
6 Pursue opportunities for acceleration
Risk appetite rating defined
Low - We will ensure that we have sufficient controls and mitigations in place to allow for a low level of risk whilst recognising there may be a limited reward potential.
Informed - An approach which we feel could deliver reasonable rewards, economic or otherwise, by managing the risk in an informed way.
High - Willing to consider opportunities with higher levels of risk in exchange for potential greater reward.
Risk trends defined
Decrease in principal risk impact and/or probability at residual level.
No change in principal risk impact and/or probability at residual level.
Increase in principal risk impact and/or probability at residual level.
Cyber Security
Breach of the Group's infrastructure resulting in the compromise of data or service disruption through cyber security breaches.
Strategic priorities
1, 5
Risk impact
Progress during 2020
2021 plan
Risk trend
An external cyber-attack, insider threat or third-party breach could cause the loss of confidential data or service disruption leading to financial loss and reputational damage.
· Completed the revalidation of the Cyber Security Maturity Assessment ('CSMA') report gaps across all Group locations.
· Continued investment and implementation of new age security solutions to safeguard the Group from emerging risks.
· Continued education and cyber security awareness programmes for the workforce.
COVID-19 response
· Completed additional security reviews on all remote access ('VPN') solutions to ensure secure WFH.
· Implemented relevant actions from various security advisories on cyber threats and emerging trends in light of COVID-19.
· Increased vigilance by 24/7 security monitoring teams across all locations.
· Enhanced Distributed Denial of Service ('DDOS') protection across Group infrastructure.
· Improve our incident response through implementation of next generation security operations centre ('SOC').
· Continued investment and implementation of new age security solutions to safeguard the Group from new threats.
· Cyber security mobilisation in new markets of operation to ensure our controls are standardised across the Group.
· Continued education and cyber security awareness programmes for the workforce.
· Following the DPO acquisition, further refine pre-completion work on DPO cyber controls.
No change
Risk appetite: Low
The Group will not accept risks which may compromise the confidentiality, integrity and availability of its data and its customers' data.
Technology Resilience
Risk of interruption to critical production services and delays to projects caused by limited availability of technical skills, poor delivery by vendors, software defects introduced to production which could expose the Group to financial losses (e.g. client claims and loss of business) and reputational impact.
Strategic priorities
1, 2, 4, 5
Risk impact
Progress during 2020
2021 plan
Risk trend
Undesired level of service to customers due to failure or poor performance of technology and/or system operating environment resulting in customer attrition, financial and/or reputational loss.
· Developed UAE Data Centre build and readiness plan.
· Stabilised the core platforms, closed open issues and implemented test-driven development for improved deliverable quality.
· Increased regression testing coverage enhancement and automation of regression testing.
· Initiated work on developing a standard 'structured service catalogue' for issuing clients on core platform.
· Automated monitoring dashboards to allow data-driven decisions and identify issues proactively.
· Introduced improvements in software deployment process which reduces downtime during system maintenance.
COVID-19 response
· Increased Internet Bandwidth capacity to manage the additional load of remote working.
· Monitoring of technology daily productivity dashboards.
· Reassessed critical technology vendors and obtained assurance from these vendors for continuity of services.
· Provided uninterrupted field support across UAE, Egypt and Jordan for point-of-sales support and ATM service, 24x7 service from contact centre.
· Supported ad-hoc urgent system change requests from clients on payment deferrals, holiday solutions, changes in ATM withdrawal limits as per central bank mandates during COVID-19 pandemic.
· Further investment into our technology and security infrastructure, including opening of a new datacentre in the Middle East (Dubai) and further expansion of the existing facility in Abu Dhabi including targeted completion of ENBD datacentre separation.
· Group-wide IT disaster recovery and business continuity testing to be completed.
· Further enhance and improve the End of day and Start of day process - to reduce processing time and ensure better compliance to SLAs.
· Continue to drive automaton across business operations and IT for predictable outcomes.
Decrease
Risk appetite: Informed
We are accepting some level of modest disruption, within the relative norms of the markets in which we operate. However we ensure appropriate levels of resilience are in place to minimise the impact to our customers.
Operational Resilience
Risk of inability to execute operational processes and deliver on contractual obligations due to operational inefficiencies and discontinuity, defects, errors and delays, which could damage customer relations, decrease potential profitability and expose the Group to liability.
Strategic priorities
1, 2, 4
Risk impact
Progress during 2020
2021 plan
Risk trend
An unexpected disruption to operational performance that may cause damage to customer relations or financial loss to the business.
· Automated majority of our Middle East manual processes through Robotic Process Automation ('RPA'). Based on the success of the Middle East processes, we have commenced automation in Africa.
· The Group Operations across portfolios have been carrying out continuous process improvement tracking ('CPIT') to critically evaluate the process flow and eliminate avoidable steps for better straight through processing ('STP').
· Completed risk assessments ('RAs') and implemented RCSAs programme for all operations units as part of ERMF.
COVID-19 response
· Established COVID-19 assessment team to monitor and actively respond to the COVID-19 situation.
· Performed an assessment of our pre-COVID-19 control environment and introduced enhanced controls in a number of areas in response to COVID-19 to ensure that the control environment remains effective and supports the remote working model.
· Swiftly activated Business Continuity Plan ('BCP') by moving all units to work from home. Currently all operations functions across all geographies are working from home seamlessly.
· The effectiveness of automation was visible during the pandemic as teams could seamlessly move to a work from home scenario while continuing to maintain service delivery standards and continued customer satisfaction.
· Continue to expand the scope of automation through RPA in Africa and other functions in Middle East to minimise processing errors.
· To further enhance our straight through processing and minimal touch point engagement, plan to introduce digital onboarding for the merchant acquiring business in the Middle East, self-service solution for the merchants in Middle East, and remote ATM management for the Egypt business.
· Automation of customer metrics for alignment and ensuring more engaged clients.
Decrease
Risk appetite: Informed
Whilst we continue to enhance our control framework across the Group we are accepting of some degree of operational failure from time to time provided the impact of failures remains within acceptable limits.
Strategy and Business
Risk of Group's ability to maintain its position as the best payments partner in the Middle East and Africa.
Strategic priorities
1, 2, 3, 4, 5, 6
Risk impact
Progress during 2020
2021 plan
Risk trend
We do not retain our strategic position as the best payments partner in the Middle East and Africa, impacting our ability to maintain market share and to meet growth and profit targets.
· Continued to enhance and expand product capabilities within the Group.
· Launched Commercial Card proposition enabling Network Mastercard and their customers to capture B2B payment streams.
· Launched a Digital Platform to enable broader adoption of digital payments in MEA through the reduction in marginal cost of deploying payment capabilities and enabling the Group to better engage with alternative payment methods in the region.
· Proposed acquisition of DPO gives access to faster e-commerce revenue pools and ability to provide a broader set of capabilities to existing customers.
COVID-19 response
· Implemented a number of practical support measures for customers across the business and our programme of cash support to micro-SMEs.
· Focus on delivering DPO business plan and commercial synergies once the transaction has closed.
· Focus on delivery of Saudi Arabia business plan.
· Delivery of commercial benefit associated with investment in new product, in particular gateway, N-Genius™ digital, commercial card.
· Continue to deepen relationship with Mastercard enabling value generation for both organisations.
Increase
Risk appetite: Informed
Revenue growth in line with investor expectations and no dilution of Group's market position in its markets of operation.
People
Inability to attract, develop and retain a skilled workforce and inconsistent organisational culture across the Group.
Strategic priorities
1, 2, 4, 5, 6
Risk impact
Progress during 2020
2021 plan
Risk trend
We are unable to effectively manage our workforce to ensure consistent delivery of the Group's strategy and/ or operational performance.
· Launched a new L&D Charter in response to employee feedback from our 2019 Engagement Survey.
· Developed training calendars for employees based on the training requirements obtained from the performance appraisal process and the Training Needs Analysis 'TNA' survey.
· Excellent scores achieved from the Employee Engagement Survey as well as COVID-19 Actions - Feedback survey (highlighted in a case study in the Responsible Business section see page 65.
· Updated Diversity & Inclusion Policy and Processes.
· Appointment of new highly qualified and business relevant Group CEO.
COVID-19 response
· Introduced a wide range of initiatives to promote staff well-being, health and morale in light of COVID-19 pandemic. Including virtual medical services and mental health consultancy services.
· Increased focus on leadership communication via enhanced contact points with employees through virtual forums, video messaging and social media platforms.
· Sanitising and deep cleaning of Group offices and implemented precautionary measures. Group's office layouts have been altered to ensure adherence to social distancing norms & thereby a safe work environment.
· Refer to Responsible Business section for more details and case studies.
· Health and wellness initiatives to continue as ongoing activities.
· Mental well-being will continue to be a key focus area given the continuing impact of the pandemic.
· Focus on the following initiatives: career counselling, mentorship, job shadowing, job rotation and role-specific training programmes.
· Continue to recognise and reward our people through various awards and recognition programmes.
Decrease
Risk appetite: Informed
Group annual attrition rate not to exceed defined parameters however we accept a modest number of regretted losses which do not materially impact operational efficiency or impact our customers.
Regulatory Compliance
Failure or inability to comply with relevant laws, regulations & scheme obligations. Failure to identify monitor & respond to changing regulations or scheme rules. Failure to comply with regulatory reporting requirements in a timely manner.
Strategic priorities
1, 2, 4, 5, 6
Risk impact
Progress during 2020
2021 plan
Risk trend
A breach or non-compliance to legal or regulatory standards leading to penalties, sanctions or reputational damage.
· Completed compliance assurance reviews in line with our annual compliance plan.
· Reviewed and updated all compliance policies.
· Launched new service to provide an independent confidential whistleblowing reporting service where all staff can raise their concerns.
· Continued monitoring of new and emerging regulations in the MEA region by Regulatory and Data Privacy Change Management Committee which may impact operating models within existing and new markets.
· Refer to regulatory compliance section in the risk introduction and highlights on page 73 for more details.
· Compliance Monitoring Plan to include new themed reviews to capture market abuse regulations and a review of the whistleblower process.
· Continued focus on timely implementation of new requirements from regulatory change.
· Further strengthening compliance capabilities in certain markets to meet regulatory requirements (Jordan/Nigeria/Ghana).
No change
Risk appetite: Low
The Group will not accept practices which could cause breaches of laws, regulations or scheme rules; or a delay and/or failure to adapt its systems, processes and controls to prevent material compliance breaches and/or regulatory censure.
Geo-Political
Risk of significant political, social and economic instability in one or more of the Group's target markets which could have a material adverse effect on the Group's business, financial condition and results of operations.
Strategic priorities
1, 2, 3, 4, 6
Risk impact
Progress during 2020
2021 plan
Risk trend
A geo-political event within our markets that impacts our ability to do business or to meet our strategic objectives.
· Completed country risk assessments of markets the Group identified as high risk.
· Reviewed evolving regulatory changes in the payments markets where the Group provides its services.
· Completed due diligence review for issuing clients across all regions.
COVID-19 response
· Continued management focus on executing acceleration opportunities to further diversify business mix.
· The Group will continue to closely monitor the markets which have been identified as high risk.
· Post DPO acquisition the geographic footprint will expand for the combined Group and an assessment will be conducted on countries where the Group does not have any business activities.
No change
Risk appetite: High
The Group's growth strategy is focused on markets which are likely to be subject to higher levels of political, legal, economic and social instability than those in more developed markets.
Financial
Financial risks for the Group arise mainly from the following three elements: (1) Not having sufficient liquidity to meet our obligations as they fall due; (2) Exposure to adverse movements in foreign exchange rates arising from Group's foreign operations and transactions in currencies other than AED and pegged currencies; and (3) Exposure to adverse interest rate risk primarily on our variable rate long-term borrowing/revolving line of credit, which we use to manage our working capital needs.
Strategic priorities
1, 2, 3, 4, 6
Risk impact
Progress during 2020
2021 plan
Risk trend
Our liquidity, foreign exchange or interest rate risks are not effectively managed affecting the business's ability to meet its financial obligations, profitability targets or working capital needs.
· Implemented financial risk management policies related to Liquidity, Interest Rate and Cash Management.
· Further refining of robust stress testing to ensure liquidity risks remain fully manageable even under severe stress scenarios.
· Refinanced and upsized the Group's term loan to ensure that we have ample liquidity headroom to meet our financial obligations.
· Realised savings in interest costs due to the lower interest rate environment and effective renegotiation on our term loan margins.
COVID-19 response
· Enhanced monitoring of liquidity position and covenant compliance throughout the year in view of the pandemic.
· The Group is in the process of developing policies to further manage financial risks concerning FX, debt management and derivative and financial instruments.
· Continued monitoring of liquidity position to ensure sufficient funds and liquidity headroom are available in our borrowing facilities across the Group.
· Exercise extension option available on our revolver credit facility that will allow us to have further access to liquidity if required.
Increase
Risk appetite: Informed
The Group will manage its liquidity, FX and interest rate risks in line with agreed policies and thresholds.
Third Party
The Group's reliance on third parties to provide systems, technology infrastructure, product development and service delivery. Risk of data breaches of third-party's systems, service disruptions with no alternatives, non-compliance to contractual obligations, applicable laws and international standards.
Strategic priorities
1, 3, 4, 5
Risk impact
Progress during 2020
2021 plan
Risk trend
A third-party provider does not meet its obligations, which negatively impacts our customer relationships, and causes disruption to business performance.
· Completed 40% desktop based reviews conducted through due diligence questionnaires for high risk vendors. The reviews helped to ensure that these vendors were compliant with Group internal policies.
· Completed vendor contract reviews for high risk vendors to identify contractual risks.
· Completed financial stability reviews for high risk vendors.
· Completed vendor name screening against all international sanction list and adverse media.
COVID-19 response
· Vendors which were considered critical during the COVID-19 pandemic were identified and assurances were obtained for continuity of services.
· Continue to complete the remaining desktop reviews through due diligence questionnaires for high-risk vendors.
· Monitoring and closure of issues identified as part of desktop reviews with the high risk vendors.
· The Group will continue to address the contractual risks identified during the vendor contract reviews, as appropriate.
· Enhancing of vendor onboarding due diligence process.
· Continue to monitor vendor service performance for high risk vendors.
· Develop an assurance programme for medium risk vendors.
No change
Risk appetite: Informed
The Group will not accept risks which may compromise the confidentiality, integrity and availability of its data and its customers' data.
Execution
Our ambitious growth and expansion plans could be compromised if we are not able to deliver critical internal transformational projects or strategically important projects within expected deadlines. Our growth plans could create heightened levels of risk with regard to people and organisational capacity as we execute our growth plans to ensure on time delivery without disruption to our day to day operations.
Strategic priorities
1, 2, 3, 4, 5, 6
Risk impact
Progress during 2020
2021 plan
Risk trend
We fail to deliver critical strategic projects on time and on budget, deferring or stalling growth and increasing operational and capital expenses.
· Developed UAE Data Centre build and readiness plan.
· Completed pre-work for Saudi Arabia Data Centre build and readiness plan.
· Developed ground work for 'New Ways of Working' initiative.
· Completed risk assessment on the proposed DPO acquisition. Documented risks, assumptions, issues and dependencies with mitigation actions.
· Complete the UAE Data Centre migration and physical separation from Emirates NBD Data Centres.
· Continue to execute the Saudi Arabia entry including work on Saudi Arabia Data Centre.
· Continuous evolution of optimising the way we work under the 'New Ways of Working' initiative.
· DPO, continue to build out integration plan until completion, then execute.
· Monitoring the progress of key strategic projects.
Increase
Risk appetite: Informed
The Group has limited appetite for late or over budget delivery of critical strategic projects.
Fraud and Credit
Risk of compromise of card or merchant data or compromise of systems or networks or collusive merchants with the intention of performing unauthorised payment transactions for financial or non-financial gain resulting in losses to the Group or Group's clients. Risk of financial or non-financial losses arising due to internal or external parties making a negligent and/or intentional fraudulent misrepresentation against the Group or any of its clients. The risk of merchants' inability to meet obligations resulting in chargebacks, refunds, scheme fines, fees and other charges. Risk of clients' inability to settle invoices for services received as part of issuing or acquiring processing. The risk that the Group will be liable for meeting the settlement obligation of sponsored issuing clients where such clients are unable to do so or comply with scheme rules.
Strategic priorities
1, 2, 4, 5
Risk impact
Progress during 2020
2021 plan
Risk trend
Higher level of losses resulting in material impact on reported results and material damage to reputation.
· Fraud risk KRIs have remained well below thresholds.
· Implemented a new acquiring fraud monitoring system.
· Credit risk KRIs have remained well below thresholds despite COVID-19.
· Credit pre-approval provided for straight through e-com merchant onboarding.
COVID-19 response
· Fraud monitoring processes were conducted with enhanced due diligence.
· Implemented controls for preventing any malicious processing transfer by blocking of all system level access for Operations staff for after office hours.
· Acquiring portfolios of UAE and Jordan were subjected to a stress testing exercise focusing on travel and subscription merchants. Unrecovered chargebacks and refunds of these merchants were well below the forecasted stress scenarios and also well within accepted risk appetite KRIs.
· Chargebacks and refunds of airline and selected high risk merchants were paid from withheld reserves or through pre-funding arrangements in place with merchants.
· Unrecovered chargebacks and refunds of the Group Acquiring portfolio reduced to less than pre COVID-19 levels and were well within accepted risk appetite KRIs.
· Implemented enhanced risk profiling and early risk warning monitoring of SME merchant portfolio.
· To further enhance our acquiring fraud monitoring capabilities with the implementation of new e-commerce risk control tools.
· Enhanced monitoring of delinquency levels of processing clients' receivables to ensure that losses are minimised.
· With the planned acquisition of DPO and its portfolio of e-commerce merchants in Africa, their credit risk profile will be assessed to measure the impact on Group's overall risk profile.
No change
Risk appetite: Informed
Acquiring fraud losses as a percentage of sales to be less than market average of 6.3 bps. Enterprise level fraud losses to be less than 5% of EBITDA. Unrecoverable chargebacks and credit losses to revenue ratio not to exceed more than 5% by portfolio. All sponsored issuing clients' settlements to be cleared within 15 days.
Emerging risks
Emerging risks have the potential to increase in significance and affect the performance of the Group and, as such, are continually monitored through our existing risk management processes by risk owners at all levels of the Group. We also use tools such as horizon scanning, operational risk aggregation and external sources to support our analysis. The outputs of these processes are reported to the Audit and Risk Committee and Board of Directors for their review and assessment.
Our ERM process ensures emerging risks are considered to aid the Audit and Risk Committee's assessment of whether the Group is adequately prepared for the potential opportunities and threats they present. The process enables new risks to be discussed at an early stage, allowing us to analyse them thoroughly and assess potential exposure.
We closely monitor emerging risks and with time they may become principal risks as they mature. Emerging risks may also be superseded by other risks or cease to be relevant as the internal or external environment in which we operate evolves. Additionally, we recognise that some of our principal risks are more volatile or fast changing than others and, therefore, would benefit from the increased management processes that apply to emerging risks. A non-exhaustive list of some current emerging risks of relevance to the Group and those principal risks that are subject to the emerging risk process are set out below.
Increasingly sophisticated cybersecurity threats:
We expect to see an increase in the level of sophistication of cyber related attacks as a result of the shifting geo-political tensions in the MEA. We regularly intercept sophisticated and malicious third-party attempts to identify and exploit system vulnerabilities, or which aim to penetrate or bypass our security measures, in order to gain unauthorised access to our networks and systems or those of our associated third parties.
We follow a defence-in-depth model to ensure we are proactively employing multiple methods of defence at different layers to protect our systems against intrusion and attack. However, we cannot always be certain that these measures will be successful and will be sufficient to counter all current and emerging cyber threats.
See page 74 and 80 for more details.
New and emerging regulatory changes in the MEA:
The increase in growth and innovation of payments services and the proposed DPO acquisition exposes the Group to a number of additional regulatory regimes focusing on payment services and data governance. The Group's ability to navigate these changing environments will be a long-term driver of competitive advantage.
In the short to medium term these initiatives could present increased complexity and cost to our operating model.
See page 73 and 83 for more details.
Political change:
Our business focus is on the emerging markets of Middle East and Africa. We recognise some countries within this region have a history of political volatility. The risk of continued political and economic change could affect our operating results. Changes in governments may increase the complexity of serving customers in a country due to actual or potential political or military conflict; and the imposition of UN, US or other sanctions may restrict our ability to service customers in those countries.
See page 84 for more details.
Climate change:
In an ever-changing world, we recognise that we have a responsibility to meet our environmental and sustainability commitments and obligations. We have made progress over the last year in measuring and reporting our energy consumptions. We will continue to develop systems to report on GHG emissions, and to understand the risks that a changing climate may present to our business.
Competition risk:
Network recognises that COVID-19 has accelerated the shift from cash to digital payments resulting in an increasingly competitive landscape in the Middle East and Africa region. Our ability to grow our business and deliver an exceptional customer experience may be impeded by new market entrants and established payments service providers operating in certain territories, be it though competitive pricing, enhanced capabilities and solutions, or skilled resources with local market knowledge.
RELATED PARTY BALANCES AND TRANSACTIONS
Parties are considered to be related if one party has the ability to control the other party or exercise significant influence over the other party in making financial and operating decisions. Related parties include associates, parent, subsidiaries, and key management personnel or their close family members. The terms and conditions of these transactions have been mutually agreed between the Group and the related parties. Key management personnel consists of the Network Leadership Team.
Management believes that the terms and conditions of these transactions are comparable with those that could be obtained from third parties.
Transguard Cash LLC
Transactions for the year (refer to note 9) - there are no receivable / payable balances as at 31 December 2020 and 2019.
2020
2019
USD '000
USD '000
Directors' remuneration
Directors' remuneration during the year *
1,577
2,363
End of service benefits (two Executive Directors)
44
31
Key management personnel remuneration **
Salaries and allowances
4,391
4,006
Terminal and other benefits
11,124
13,504
* Directors' remuneration includes the cash component of Pre-IPO incentive.
** Key management personnel remuneration includes remuneration for two Executive Directors whose salaries are also included in Directors' remuneration above.
In 2020, Emirates NBD PJSC is not a related party as its shareholding has been reduced to less than 10%. Details of the related party transactions and balances for the year ended 31 December 2019 are as follows:
2019
USD '000
Emirates NBD PJSC Group
Transactions for the year
Revenue
60,714
Expenses
7,399
Net interest expense
1,981
Balances as at 31 December
Receivable balances
18,603
Bank balance
73,873
Prepaid amounts included under:
Long-term receivables
2,326
Receivables and prepayments
1,078
Overdraft facility
(51,204)
Performance and other guarantees (refer to note 30)
7,506
**END**
This information is provided by RNS, the news service of the London Stock Exchange. RNS is approved by the Financial Conduct Authority to act as a Primary Information Provider in the United Kingdom. Terms and conditions relating to the use and distribution of this information may apply. For further information, please contact rns@lseg.com or visit www.rns.com.
RNS may use your IP address to confirm compliance with the terms and conditions, to analyse how you engage with the information contained in this communication, and to share such analysis on an anonymised basis with others as part of our commercial services. For further information about how RNS and the London Stock Exchange use the personal data you provide us, please see our Privacy Policy.ENDACSSSEESAEFSEDL
Recent news on Network International Holdings
See all newsREG - Moneta Asset Mgmt. Network Intnl Hldgs - Form 8.3 - Network International Holdings plc
AnnouncementREG - JPMorgan Sec.Plc Network Intnl Hldgs - Form 8.5 (EPT/RI)-Network International Holdings
AnnouncementREG - Morgan Stanley & Co. Network Intnl Hldgs - Form 8.5 (EPT/RI)-Network International Holdings
AnnouncementREG - Citigroup Global Mkt Network Intnl Hldgs - Form 8.5 (EPT/RI)
AnnouncementREG - Network Intnl Hldgs - Director/PDMR Shareholding
Announcement