The assessment of the principal areas of risk, their potential impact to achieving Gamma's strategy, movement in the year and how the Company seeks to mitigate them are described in the table below. The occurrence of any of these potential risk scenarios could to a greater or lesser extent potentially adversely result in damage to Gamma's reputation and/or business performance. The risk impact considers both the financial impact of the risk, when it may impact Gamma and the likelihood of it occurring.
Unplanned service disruption
Reliable, high-quality business communications services are critical to Gamma and are the core components of its products and strategy. Therefore, maintaining very high levels of service availability is central to Gamma’s credibility, competitive positioning and its financial performance. This is particularly so as it serves the business market, and any disruption to Gamma’s service affects the ability for its customers to provide services.
If Gamma's products and services perform below our customers’ expectations, then this could have a direct impact on product and revenue growth through reputational impact and could also result in significant financial loss.
Gamma operates a comprehensive operational governance framework to manage the availability and performance of its services. This includes the design and architecture of the network for resilience, capacity planning, change management and security.
Business continuity planning and rehearsals are routine components of the governance framework. This governance is subject to external audit via the ISO 22301 certification.
Regular reviews take place with key suppliers and there is an internal fortnightly ‘Supplier Management Meeting’ chaired by Gamma’s procurement team, which seeks to improve supplier performance as well as address risks as they arise.
There is a mature Incident Management process that is rehearsed on a regular basis. This capability is available 24x7x365 and ensures the business can respond immediately to events that may impact the performance of the services provided to customers.
The Company has established an Emergency Communications Committee as part of the communications process which is initiated during any major service incident. This committee ensures that the Company maintains effective communication both internally and externally with customers, suppliers and where necessary the media and regulatory bodies (the latter supported by specialist agencies). This process is normally rehearsed at least once a year and was last tested during the heightened cyber security threat in mid-2021.
Gamma recognises that occasional technology failures cannot be avoided and are more open to this risk when it comes to the deployment of new products at pace to maintain a competitive advantage
Data loss and cyber attacks
By its very nature, Gamma’s network infrastructure provides customers with open access to the internet and global voice networks. As such there is a risk from cyber threat and telephony fraud, as well as to the physical infrastructure.
Cyber attacks are constantly evolving, and Gamma recognises that it could be a target for both sophisticated targeted attackers as well as nuisance attackers. Gamma may also be targeted based on the downstream services provided to key sectors within the UK and European markets or may also be subject to potential breaches of security within its supply chain.
Gamma holds various types of data and its network carries customer communications, which heightens the risk of data related attacks.
A breach of security could have a significant impact on the Group's reputation and in some cases also impact its commercial position. Potential fines could also be enforced if the Company was found to be in breach of its obligations relating to various regulations.
Gamma continues to adapt its governance structure to ensure best practice is followed in the identification and management of information and cyber security threats. This includes increased frequency and broadened scope of both routine and bespoke penetration testing; continuous compliance checks; integrated security behaviours training, which is mandatory for all employees; dedicated security roles to track how cyber threats are evolving and are best detected; and Board visibility of the maturity of the governance structure.
Gamma's core infrastructure and operations is certified under ISO 27001 for security.
Gamma carefully considers the cost vs benefit when it comes to investing in controls against cyber attacks, as well as how its peers are approaching this risk. Targeted investments are made in preventative, detective and responsive controls but it is accepted that some service disruption resulting from cyber attacks is possible.
A large proportion of the Gamma workforce has continued to work remotely in 2021, and Gamma has invested in automated data controls to limit the chance of data leakage as well as continuing with an online awareness training package adapted to focus on security threats relevant to remote working.
The Company is represented in various industry forums to ensure it is aware of emerging risk, methods employed by malicious actors and best practice in the identification and mitigation of cyber risk.
The Company also has fraud management applications used to identify unusual voice traffic patterns quickly with its 24/7 operational monitoring.
Over-reliance on suppliers
The business relies on a number of key suppliers to provide elements of its products and services. For example, access circuits purchased from other operators to connect to customer premises, and equipment from various hardware and software suppliers that facilitate the provision of Gamma's services.
Failure of one of these suppliers to perform may have an impact on the Company’s ability to deliver products and services within the UK and European markets. Due to the nature of the services provided over-reliance may result in unplanned service interruptions or inability to provide equipment required to provide services. The latter has materialised in 2021 with the global shortage of chipsets.
Where possible, the business avoids significant reliance on suppliers, reducing the potential for operational issues or resulting in Gamma’s inability to react to market and customer developments. Gamma is more tolerant when it comes to reliance on dominant “tech suppliers” as their risk profile is lower and working with them is essential in certain selected market or product segments.
Suppliers of important services are monitored carefully and are subject to regular performance reviews which include adherence to Gamma's information security requirements and broader service KPls. The Risk Committee reviews the most significant risks and the status of related mitigation actions quarterly.
Recognising the global shortage of chipsets in the supply chain during 2021, Gamma invested in over £5m of stock which ensures that the Company is well positioned to continue to provide product hardware to its customers. In addition, new hardware options have also been introduced into the Gamma portfolio so that the Company can ensure continuity of service to customers and partners should key stock lines become scarce.
Inability to attract and retain top talent
The business has grown rapidly over the last few years and so far, has experienced low staff turnover, and has generally been able to develop or recruit the number and quality of staff required to support Gamma’s strategic development.
There is a risk to continued growth, product portfolio expansion and entry into new markets, if the business cannot attract, develop and retain people of the required skill and experience.
The COVID-19 pandemic has intensified the market demand for UCaaS skills and as this market continues to accelerate, it will become increasingly important to differentiate the Company’s business and brand to continue to attract new talent to Gamma.
Loss of key individuals or an inability to recruit the required quantity or quality of people could have an impact on the future growth of the business or the quality of services provided. For instance, in order for the business to achieve its strategic priorities, it is dependent upon recruiting and retaining highly skilled technical development and operational people with experience of modern technologies and design principles.
Gamma has a well-established reputation for being a good employer. Gamma encourages internal promotions with external hires in specialist areas, Gamma recognises the need for strong mitigation activities including appropriate value and reward propositions supported by performance management systems. In order to attract new technology focused skills, the Company has launched a technology careers webpage, demonstrating the different roles within Gamma and showcasing its existing talent.
Employee satisfaction is measured formally every six months using the Gamma Pulse survey. Anonymous feedback is provided through this platform which has enabled managers to act more swiftly to reinforce positive trends and tackle any negative sentiment.
Gamma sees the opportunity that flexible working provides as part of its employee value proposition and in 2021 established a flexible work framework which will be open to all its employees from 2022.
Additionally, the Company is committed to regularly reviewing the employee rewards package to ensure that it remains competitive for existing staff and attractive for new starters. The Company is committed to its People Agenda, with focus on development and leadership programmes, succession planning, employee wellbeing, developing our diversity, charitable giving, as well as effective employee engagement initiatives
Uncertain competitive landscape
The lack of a clear view of the competitive landscape and Gamma’s future positioning within the market could result in Gamma being unable to identify new entrants or potential competitive threats and respond accordingly. These threats could include for example, new market entrants such as software firms, disruptive technologies and competitive market consolidation.
These factors may impact Gamma’s position in the market due to the loss of its customers and growing competition may dilute the addressable market and slow down the rate of business growth. If the Company does not at least keep pace with the evolving market in terms of product and service development, then its plans for revenue growth may be negatively impacted.
Gamma is not an innovator of novel products but a “fast follower” and seeks to address growing markets tailoring products for the target market quickly. However, in light of the changing competitive landscape close monitoring is required to remain relevant and competitive and it is accepted that Gamma will likely need to become more disruptive and innovative in selected segments going forward.
Gamma aims to provide products and supporting services which are more attractive to its customers than those of its competitors. The planning, development and marketing of products and customer service that Gamma provides are closely aligned to the evolution of market demand and of relevant technologies.
Market insight is gathered, both through recognised industry and market experts, and internal analysis. This insight informs decision making and execution plans across multiple time horizons.
In addition, the Company undertakes a thorough strategic review every three years and in 2021 Gamma ‘stress-tested’ its UCaaS strategy considering the market changes and evolving competitive landscape. This has driven complementary strategies to continue to grow market share within its UK and European geographies.
Gamma could be exposed to increasing pricing pressure in its existing markets. This could be due to factors such as market consolidation, increased competition or the commoditisation of its products.
Whilst Gamma focus’ on its UCaaS strategy, it continues to benefit from its position within more mature markets within the UK such as SIP trunking where price erosion could become more prevalent.
Price erosion may not be comparable with Gamma’s cost base as the Company grows, which may impact margins achieved. This may ultimately impact Gamma's profitability and reduce outside investment interest.
Mitigating actionsGamma takes a cautious approach to protect price and margin on its existing products and services. This is tightly governed by its pricing committee in the UK. However, it strives to be more creative and disruptive with pricing models for future or improved products and services.
Gamma’s strategy is to leverage its skills and experience of operating communications products at scale in mature markets and penetrate less mature markets with its modern UCaaS product portfolio. In addition, it continues to introduce complementary features and services to its products to add value and protect profitability.
Gamma also strives to reduce operating costs by driving efficiency activities throughout the business.
Legal and regulatory non-compliance
The UK's telecommunications sector does not have a 'licence' requirement; it operates under a General Authorisation regime whereby, in combination with relevant UK and European statute, the sector's regulator outlines the required compliance which is presumed from telecommunications companies such as Gamma.
As UCaaS develops and begins to diverge from traditional telephony, each regulator may take a different view on the level of regulation required and therefore Gamma may either inadvertently breach local numbering regulations (resulting in regulatory penalties and reputational damage) or could be slow to act and lose ground to competitors through overcompliance with regulation which no longer applies.
As Gamma broadens its routes to market, the territories in which it operates and its pricing strategies evolve, there could be a greater risk of anti-competitive behaviour and non-compliance to competition law.
Potential impact The Company’s activities can be impacted by the decisions of relevant legislative, regulatory, or judicial bodies both domestically and in other non-UK territories within which it operates, the outcomes of which could put Gamma at a competitive disadvantage in its target markets.
Legal and regulatory non-compliance could lead to significant reputational damage and resultant fines.
Gamma does not seek to influence regulations in every market, but may choose to do so in selected markets, considering various factors, such as the market size, our presence, and the regulatory maturity of that market.
Gamma mitigates this risk by continuing to monitor likely legislative or regulatory changes within UK and non-UK territories, assessing their risk and potential impact, and by regularly engaging with regulators as appropriate.
In addition, Gamma carefully governs its pricing strategies, setting reasonable thresholds and a governance process that extends across the Gamma Group. In the UK where Gamma carries a large market share of Cloud PBX and SIP trunking, a central pricing committee operates to control and agree pricing limits and incentives.
Furthermore, specific training surrounding competition law and anti-competitive behaviour is provided to employees with roles where this risk may occur.
Unsuccessful M&A strategies
Gamma faces multiple risks surrounding its M&A activity with the significant risks being:
- an over-reliance on organic growth instead of M&A which could limit Gamma’s potential for growth;
- disruption to its business through a more aggressive in-organic strategy or poor integration; and
- potential inappropriate governance or poor due diligence on M&A leading to the purchase of a business that fails to deliver.
The result of one or more of these risks occurring could limit both Gamma’s geographical reach as well as the opportunity to improve shares in its existing markets, which could ultimately result in the loss of competitiveness.
Acquisition targets are identified based on Gamma’s strategic objectives. Giving in depth consideration to what the new company could contribute to Gamma, such as geographical expansion into new markets.
Acquisition of new businesses, particularly those in different countries, introduces both financial and operational risk. In order to reduce the risks associated with acquisitions: pre-purchase, Gamma applies adequate specialist resource to due diligence, negotiation, and contractual preparation; post-purchase, adequate resource is applied to the integration and strategic direction of the acquired business and bringing it under the main governance control processes.
Gamma also ensures that its SLT responsibilities are aligned to effectively support the development and growth of the Group.
Gamma recognises that entering markets is a risk that can be tempered by effective M&A activities
In addition to the Principal Risks facing Gamma, the company also considers emerging risks, which have different characteristics and are defined as a risk which is either highly ambiguous and therefore cannot yet be impact assessed or is a risk that materialises and evolves rapidly and therefore requires frequent re-assessment to gauge the potential impact to Gamma.
Russian / Ukraine conflict
Gamma is closely following the conflict between Russia and the Ukraine and continues to monitor and adjust its risk assessment as the situation evolves.
Gamma does not have customers in either Russia, the Ukraine or any other non-EU bordering territories and therefore does not anticipate any immediate threat to financial performance. Additionally, Gamma does not anticipate any significant impact to the company through the application of sanctions. Direct operational threats have been assessed as well as potential consequences in Gammas upstream and downstream supply chain.
However, the following areas of risk have been identified and remain under regular review.
- The increasing cyber threat, where Russian state sponsored attacks could by targeted at UK or European communications providers and national infrastructure as a direct response to sanctions.
- The risk of further escalating energy and fuel costs in the medium-term would subsequently increase Gammas costs to power its data centres and offices.
- Longer-term economic downturn or a period of high inflation may have a detrimental impact on Gamma’s financial performance.
Gamma’s core network operates within the UK and best practice is followed in the identification and management of information and cyber security threats which are constantly evolving. Gamma also receives intelligence from National Cyber Security Centre, which enables the dynamic adaption of cyber controls to help mitigate targeted threats. As a precautionary measure Gamma has also brought forward planned cyber security investments to further strengthen its rapid response capability in preparation for any large-scale network attack.
Energy supply to Gamma’s UK data centres represents the largest proportion of the company’s usage and Gamma has multi-year fixed energy pricing on its UK office facilities and its largest UK data centre. This helps to contain company exposure to short-term price escalation, however risks do still remain with energy price increases to power network equipment located in 3rd party data centres.
During 2021 Gamma has made significant progress on the assessment of climate-related risks, assessing the impact of both transition and physical risks, both of which are judged to be minimal at present and more detail of which can be found in Gamma’s Climate Related Business Risks & Opportunities section on page 42 of the report.
The profile and therefore impact of climate-related risks are set to change as government policy evolves through the transition to a carbon net-zero economy and Gamma’s physical assets expand to new geographies.
To support the management of emerging risks in this area, Gamma has roles dedicated to environmental management and has established a Group Environmental Management Policy with senior management responsibilities to oversee related risks.
Adjustments to Gamma’s principal risks from prior year
Customer Service experience
Gamma’s principal risks were reviewed in 2021 and the risk of delivering poor customer service recorded within its 2020 Annual Report was subsumed into the present principal risk relating to unplanned service disruption. The rationale for this change was driven by the potential for a greater impact to Gamma’s customer experience, reputation and revenue growth if Gamma’s products and service availability were to perform below customer expectation.