Risks and uncertainties

Experian identifies a number of risks to its business activities which it seeks to anticipate, assess regularly and over which it seeks to introduce internal controls to ensure that such risks are appropriately mitigated. The corporate governance statement contained in this report provides further detail on this enterprise risk management process.

Risks to Experian’s business are either specific to Experian’s business model, such as information security, or more general, such as the impact of competition. Experian has identified the following principal risks.

Data

The data that Experian holds may be inappropriately used

Experian has established rigorous information security policies, standards, procedures, and recruitment and training schemes, which are embedded throughout its business operations. Experian also screens new third party partners carefully and conducts targeted audits on their operations. The loss and/or potential misuse of consumer data is addressed through continued investment in IT security infrastructure, including the significant use of data and communications encryption technology.

Legislation or government regulations may alter what data Experian can collect and how it is collected

To the best of Experian’s knowledge, the Group is in compliance with data protection requirements in the jurisdictions in which it operates. Experian actively monitors its collection and use of personal data, while the Group’s legal, regulatory and government affairs departments work closely with senior management to adopt strategies to educate lawmakers and influence the public policy debate, where appropriate.

Technology

There could be security breaches of Experian’s systems or facilities

Experian’s data centres are protected against computer viruses or other purposeful attacks, such as physical break-ins or hacking. To mitigate the risk from insecure systems, Experian has strict standards, procedures and training schemes for technology services, physical security and information security.

Business processes or systems could fail

Failures to plan, resource, test or adequately respond to major incidents could put Experian at risk of breaching client contracts and services levels, loss of revenue and reputation damage. Experian’s data centres are protected against damage from fire, power loss, telecommunications failure, natural disaster, and hardware or software malfunction. Experian maintains full duplication of all information contained in databases and runs back-up data centres. The Group also has established support arrangements with third party vendors and strict standards, procedures and training schemes for business continuity. Whilst the probability of disaster events occurring is generally low, the geographic diversity of the business means that Experian is in a position to respond effectively to both larger and smaller scale incidents.

People

Experian is dependent upon highly skilled personnel, especially its senior management and other experienced staff

Loss of these people could have an adverse effect on the Group’s ability to deliver its corporate objectives. Experian aims to provide compensation and benefits that are competitive with other leading companies, as well as fulfilling future career opportunities.

General economy

Macro economic factors impact the demand for customer credit in particular

Experian could be adversely affected by worsening economic conditions globally or in certain individual markets such as the United Kingdom or United States. However, prudent expense management along with the breadth of Experian’s portfolio by geography, by product, by sector and by client partly reduces the impact of this risk.

Consolidation among Experian’s clients may cause price compression and a reduction in its revenue and profits

No single client accounts for more than 2% of Experian’s revenue, which reduces the probability of this potential risk having a significant impact on the business. However, in light of the global economic downturn, Experian continues to respond with a wide range of countercyclical products and solutions, across all relevant business lines.

Experian could fail to protect adequately against its exposure to financial risks

Experian’s financial risk management focuses on the unpredictability of financial markets and seeks to minimise potential adverse effects on the Group’s financial performance.

Counterparties could fail

Counterparty risk is a new principal risk. Experian’s ability to engage in routine transactions to fund its operations and manage its risks could be adversely affected by the commercial soundness of our counterparties. We continue to monitor counterparty positions regularly. Treasury and insurance activities are conducted only with financial and insurance institutions with strong credit ratings, within limits set for each organisation.

Other risks

Experian could face increased competition, especially in the credit reporting industry

Experian mitigates this risk through continued research and investment in people, technology and products as prioritised by its strategic plan.

Acquisitions may not meet expectations

Experian assesses all acquisitions rigorously, using both in-house experts and professional advisers. In addition, the Group conducts extensive post-acquisition reviews to ensure performance remains consistent with the acquisition buy-plan.

The outcome of litigation could be unfavourable to Experian

Experian carries insurance and employs expert legal personnel inhouse, as well as retaining the services of several leading legal practices, to assist in the effective management and disposal of legal proceedings.

Experian could fail to protect adequately its valuable intellectual property rights or face claims for intellectual property right infringement

Experian seeks patent protection and appropriate agreements regarding its intellectual property rights, where appropriate and feasible, and continues to monitor this situation.