Managing risk

The Board recognises that the appropriate management of risk is key to the delivery of the Group’s strategic objectives.

We actively capitalise on the opportunities impacting our industry to ensure that the Group remains well positioned to deliver on the evolving needs of our customers. Our diversified business model means that we have low operational leverage with no single contract material to the Group. This enables us to take on a level of financial leverage in expanding the business. As a leading international transport company, however, the Group is exposed to an evolving landscape of risks, whether industry-wide or more specific to the Group, which could potentially impact performance or reputation negatively as well as positively.

The Board remains ultimately responsible for the effective management of risk in the Group,

and is committed to driving continuous improvement and adopting best practice in this crucial area. In addition to the broad strategic responsibilities of the Board, two or three times annually the Board: 

  • reviews the principal risks faced by the Group and approves the Group Risk Register; 
  • approves the Group Risk Appetite Statement; and 
  • reviews and approves the Group Emerging Risk Register.

The Audit Committee reinforces the process further by conducting ‘deep dive’ reviews, either on specific risks such as cyber security, or through discussions with divisional leadership teams to challenge their divisional risk registers.

Risk management framework

The effective management of risk is embedded in many ways in day-to-day management activities, for example the usage of very granular, detailed KPI tracking in monthly divisional reports, or robust due diligence on acquisitions. This is the ‘first line’ of the Group’s risk management structure where internal control and risk management processes are based on the ‘Three Lines Model’, summarised below.
 

Defence Responsibility Actions
Oversight Board
  • Sets strategic objectives
  • Determines overall risk culture and appetite 
  • Establishes organisational structure with defined lines of responsibility, delegated authorities and clear operating processes 
  • Reviews and approves Group Risk Register, Risk Appetite Statement and Emerging Risk Register, two or three times annually 
Audit Committee
  • Conducts ‘deep dive’ reviews of divisional risk registers, or specific Group risks
Third line Group internal audit
  • Provides reasonable assurance that systems of risk management, internal control and governance are effective
Second line

Group Executive Committee

Group functions including Risk

  • Support divisions with ‘first line’ responsibilities 
  • Coordinate and report on Group-level risks 
  • Build risk capability and understanding
First line

Divisional Executive Committees

Divisional management

  • Identify, assess and report key risks
  • Regularly review and update divisional risk registers
  • Implement risk mitigation plans

Risk Appetite

The Board recognises that the appropriate management of risk is key to the delivery of the Group’s strategic objectives.

Zero Tolerance

The Group has zero tolerance for risk which may impact:

  • The safety of our employees, customers or the general public
  • Our reputation and brand; and/or
  • Our legal and regulatory compliance
Core business / Operational Excellence Technology Strategic Growth / M&A

The Group has low tolerance for risk in its core operations.

The Group accepts a moderate level of risk in investing in and adopting technologies that will enhance customer service or improve operational and safety performance.

The Group accepts a moderate level of risk in pursuing new opportunities, including potential new markets.

.

Prioritising and reporting risks

The management of risk is embedded in the day-to-day operations of divisional management teams.

A key element of this is the regular review and update of detailed ‘risk registers’ in each division, in which risks are identified and assessed in terms of both the probability of the risk occurring and its potential impact.

Group-level risks are either derived from a ‘top‑down’ review, or from the divisional risk registers, because either the risk affects multiple divisions, or is of a materiality in itself that is considered of Group significance. Each of these Group-level risks is then assessed by the Board in terms of its potential impact on the Group and its key stakeholders. The Group prioritises risk mitigation actions by considering risk likelihood and potential severity.

Covid-19

The Covid-19 pandemic has had a significant impact on the public transport sector with mobility significantly restricted by lockdowns across the world. The Group has limited the impact of the pandemic by renegotiating contracts, entering in new arrangements with transport authorities and other customers to continue to operate on a pay-per-mile basis, and taking swift and decisive cost reductions.

Whilst there is good reason to believe that the deployment of vaccination programmes, and the development and introduction of new therapeutic treatments and drugs will speed recovery from the pandemic, the risk remains that new virus mutations or problems with the delivery of the vaccine may delay the recovery. We have introduced a new moderate likelihood, significant impact risk to cover both a materially slower recovery than base forecasts and lasting implications such as residual fear of travelling on public transport; significantly less travel for shopping; or a material change in working patterns with more of our passengers working from home.

Emerging risk

The Emerging Risk Register is reviewed and approved by the Board. The Group considers an emerging risk to be one that is not currently having a material impact on the business, but has a reasonable likelihood of impacting future strategy or operations. The Group’s approach to managing emerging risk exposure is to:

  • establish a wide universe of potential emerging risk, using horizon scanning techniques, published external research and peer/competitor review; 
  • assess these risks taking into account our industry sector and market position, and our strategy, to determine broad relevance; 
  • consider the potential impact of each risk on the Group’s strategy, finances, operations and reputation, taking into account the likelihood of the risk occurring, and the speed with which it may manifest; and 
  • develop actions to address the risks where appropriate.

As with the Group’s principal risks, many of the emerging risks present equal or greater opportunities. For example, climate change and ageing population demographics, which are risks fundamental to many sectors, are more of an opportunity than a threat to the Group.

As part of the process to identify emerging risks, Group businesses continue to monitor events that may develop anywhere in the world which have the potential to become global (e.g. a health pandemic, political conflict, climate/weather catastrophes) or to impact the markets where the Group operates.

From a very wide universe of potential emerging risks, the Group has, through the above process, identified a number of risks that warrant closer review. These have been further segregated into those requiring only a monitoring approach at present and those where actions are being developed alongside the principal risks. There are four risks that currently fall into the latter category.

These broadly cover the risk of disruption from integrators and/or demand‑responsive MaaS operations as well at the future possibilities offered by autonomous vehicles. It should be noted that the Group considers all these areas to be significant opportunities as well as risks.

Principle risk matrix

Macro/External Risks

Key

Extended Covid-19 impact
Economic conditions
Political/ geopolitical/ regulatory landscape
Brexit

Potential impact

Potential impact

Potential impact

Potential impact

  • Once restrictions are lifted and mobility recovers, there may be lasting implications such as residual fear of travelling on public transport; significantly less travel for shopping; or a material change in working patterns with more of our passengers working from home 
  • Declining economic conditions potentially impact demand for discretionary travel
  • Improving economic conditions may impact the Group’s ability to recruit drivers and other staff, or cause inflationary pressure on costs
  • Changes to government policy, funding regimes or the legal and regulatory framework may result in structural market changes or impact the Group’s operations in terms of reduced profitability, increased costs and/or a reduction in operational flexibility or efficiency
  • Franchise renewal risk in Spain
  • UK bus franchising or alternative models
  • Financial or reputational cost of failure to comply with changing regulations or legislation
  • An economic downturn in the UK could adversely impact demand for our services
  • Reduced travel volumes to/from UK airports could affect demand for our UK coach services
  • Supply chain disruptions could result in respect of imports from the EU

 Management/mitigation

Management/mitigation

Management/mitigation

Management/mitigation

  • Re-balance investment across our portfolio in the short term, e.g. less reliance on airport work 
  • Remain flexible to scale service up and an down in line with changing demand 
  • Continued focus on customer service, highlighting the benefits to society of quality public transport 
  • Relentlessly work with customers and staff to ensure safety is paramount 
  • Geographical diversification of the Group provides a natural hedge to some economic risk 
  • Strategic plans are stress tested for differing economic and pandemic scenarios 
  • Strong strategic focus on people/talent management and recruitment/retention 
  • Delivery of excellence in service and operations
  • Constant monitoring of the political landscape and focus on effective stakeholder management 
  • Political risk is specifically considered when considering bids or new market entry 
  • The Group carries out appropriate lobbying and communication, highlighting especially the importance of public transport to central and local government 
  • Focus on operational excellence and delivering value in our franchises and contracts, and to our fare paying customers
  • Ongoing close monitoring of specific Brexit-related risk issues 
  • Geographical diversification reduces Group-level risk; exposure to the UK market is less than 25% of total revenue 
  • Supply chains risk assessed

 Opportunity

Opportunity

Opportunity

Opportunity

  •  The Group’s leadership positions in many diverse and attractive markets are likely to strengthen, as other operators are unable to withstand the impact of the pandemic 
  • When the world emerges out of the pandemic it will be confronted with the need to power an economic recovery with high quality, cleaner and greener public transport at its heart. The alternative is inefficient, congested towns and cities with dirty air. 
  • Despite a generally unsettled and a deteriorating economic outlook due to the pandemic, private consumption and demand conditions for public transport, particularly urban, continue to be strong 
  • Higher unemployment rates relieve pressure on staff costs and turnover
  • Political and social pressure continues to grow on congestion and clean air, which favours public transportation 
  • Increasing city regulation and investment in bus and Bus Rapid Transit (BRT) schemes
  • Continued liberalisation of markets in many territories
  • Not applicable

 Change in risk in the year

Change in risk in the year

Change in risk in the year

Change in risk in the year

  • This is a new risk for 2020
  • Due to the pandemic, economic growth is expected to slow or even reverse in our major markets in the short to medium term
  • The Spanish franchise renewals process has paused and is the process is being reviewed 
  • Continued strengthening of our relationships with key political stakeholders and our reputation as a high quality, innovative partner 
  • Birmingham’s Draft Transport Plan is pro public transport, demonstrating the direction of travel amongst enlightened local authorities 
  • Significant support of public transport by governments during the pandemic
  • Whilst the achievement of a deal between the EU and the UK has eliminated much of the uncertainty, the full impact of the changes continues to create risks, albeit significantly more limited

Strategic Risks

Key

Changing customer expectations in a digital world
Alternative fuel vehicles (AFVs)
Competition and market dynamics

Potential impact

Potential impact

Potential impact

  •  Increasing expectations of customers to be able to buy tickets and manage their travel plans through a variety of digital platforms 
  • Failure to develop applications and digital channels that meet these increasing expectations could affect profitability, customer satisfaction and the business’ ability to capitalise on valuable customer data to enable commercial initiatives
  •  Increasing popular, political and customer demand for alternative fuel (electric, hydrogen etc.) vehicles
  • Transition involves potentially material changes in financing, maintaining and operating the assets, creating execution risk 
  • Requires significant change to infrastructure
  •  Competition arises from direct price competition; inter-modal (e.g. coach vs. rail); and emerging threats such as new market entrants or disruptive technologies 
  • Changes in customer demographics impact demand and the nature of services required 
  • Potential ‘disintermediation’ risk created by aggregators seeking to ‘own’ the customer relationship

Management/mitigation

Management/mitigation

Management/mitigation

  •  Comprehensive digital strategies developed in each division 
  • Divisional ‘digital scorecards’ are reviewed monthly by the Group Executive Committee to monitor the effectiveness of various digital channels 
  • Developing strategies for demand responsive services 
  • Oversight by Chief Digital Officer
  •  Environmental leadership with pledge to never again buy a diesel bus in the UK and launch electric vehicle procurement competition in UK coach. Ambition to reach zero emissions in UK bus by 2030 and UK coach by 2035 
  • Cross-division executive leadership of AFV strategy 
  • Close engagement with new and existing original equipment manufacturers 
  • Pilot testing in a number of areas
  • Commitment to service excellence, providing the best solutions to our customers 
  • Price leadership and value for money 
  • Revenue trends are closely monitored and RMS deployed 
  • Investment in technology 
  • Focus on operational excellence 
  • even with an aggregator model, service delivery is critical 
  • Targeted acquisitions and growth in the most attractive markets

Opportunity

Opportunity

Opportunity

  •  Leadership in adopting new technologies will enhance our service to existing customers and attract new ones 
  • Millennials are an increasingly important target market and more inclined to use public transportation if the service is right
  • AFVs present potential opportunities to reduce the cost base of the business, while helping cities solve the challenges of the drive for a cleaner air environment 
  • Total Cost of Ownership equivalence versus net present value (NPV) by around 2024 
  • Commitments in other divisions
  • Ageing population in major markets creates additional paratransit opportunities 
  • Continuing urbanisation drives cities to partner with high quality transportation operators 
  • Weaker transport operators become targets for acquisition

Change in risk in the year

Change in risk in the year

Change in risk in the year

  • Innovation programmes implemented in North America, UK and Spain are improving the customer digital experience 
  • Continued increases in bookings through online and digital mobile platforms 
  • Continued roll-out of ticketless operations
  • Electric vehicles entered service in Coventry, Birmingham and Bilbao 
  • EV pilot project underway in New York
  • First autonomous electric bus service in Madrid university campus
  • Operators without strong financial position and backing are more unlikely to survive in the current climate, reducing competition

Operational Risks

Key

Attraction/ retention of talent/HR/ labour relations
Cyber/IT failure/ General Data
Protection Regulation (GDPR)
Terrorism

Potential impact

Potential impact

Potential impact

  • Lack of available management talent/ leadership skills can inhibit growth
  • Shortages in drivers and other key staff can disrupt operations and lead to wage and benefits cost inflation 
  • Increased unionisation and/or poor labour relation presents increased risk of strike or operational disruption
  •  Major IT failure could disrupt operations and lead to loss of revenue, especially in the coach businesses 
  • Data compromise involving a loss of customer information could result in reputational damage and significant remedial costs 
  • Breach of the EU General Data Protection Regulation (GDPR) or the US California Consumer Privacy Act (CCPA) could result in a regulatory investigation and financial losses
  •  Direct impact through asset damage, disruption to operations and revenue loss 
  • Potential indirect impact from a general reduction in the public’s appetite to travel reducing demand and revenue

Management/mitigation

Management/mitigation

Management/mitigation

  • The Group is committed to employee engagement and invests in a number of retention programmes 
  • Appropriate training is provided for managers and supervisors 
  • Reward and recognition programmes are established to further enhance employee engagement 
  • Focus on the effective management of stakeholder and union relationships, and the advice of specialist outside counsel is sought where necessary
  • Continuous investment in organisational and technical measures to protect data assets
  • Revised cyber security strategy aligned with the threat landscape (including the Covid-19 pandemic) 
  • Regulatory compliance plans in place, tailored to each division’s exposure (GDPR or CCPA)
  • Close liaison with government agencies and industry partners 
  • Major incident/emergency plans are developed in all divisions 
  • Insurance coverage is available and in place for some terrorism-related risks
  • Risk assessment of any new business growth opportunity

Opportunity

Opportunity

Opportunity

  • Ensuring we have an agile, skilled workforce will enable us to adapt to emerging challenges and opportunities
  •  Strengthened resilience against cyber threats and IT outages increases awareness and leverage of technology across the Group
  • n/a

Change in risk in the year

Change in risk in the year

Change in risk in the year

  • Higher unemployment levels in key markets due to the pandemic have led to lower pressures on recruitment, retention and cost inflation 
  • Established diversity and inclusion programmes
  • The pandemic, and in particular the material rise in home-working, has led to an increase in remote access exploitations and phishing campaigns
  • An adaptable cyber security programme supported improvements in our resilience and risk management
  • UK Government threat level increased from ‘substantial to ‘severe’ in November (but returned to ‘substantial’ in February 2021) 
  • In Spain and the USA the threat levels have remained unchanged