Material risks

The main purpose of risk management is to adequately position the organisation to understand and respond to potential risks that could materially impact on the execution of our strategy and value creation.

Our Group’s primary risks are identified within the context of our strategy, to proactively respond to an ever changing internal and external operating environment. We continue to ensure that we strengthen the link between our strategy and the Group’s risks by applying our Enterprise Risk Management (ERM) process in the context of our key business requisites. In pursuing our goals towards creating, preserving and realising value for our stakeholders, within our ERM framework, we aim to proactively manage risk and opportunities in a dynamic operating context. In FY2021 we faced various challenges and risks that impacted on our business, including COVID-19 and the recapitalisation process of Cell C. Our enterprise risks management (ERM) process ensures the adequacy, appropriateness, and effectiveness of our responses, mitigating potential significant business impacts in order to deliver on our business targets.

  • 1
  • Increased threat of cybercrime

Description

Since the majority of the Group’s inventory is of a virtual nature, defence against cybercrime will remain a top priority.

The Group is dependent on the systems and platforms that enable its products and services on which it manages its merchant base. Blue Label’s technology spend has increased in recent years in support of its importance to both organic and acquisitive growth, simultaneously to improve system availability and resilience as the volume of the number and types of transactions increase.

Due to the COVID-19 pandemic, most of our staff shifted to a remote working environment, thus elevating this risk.

Mitigating measures

Blue Label places a major focus on the security of all systems, both production and enterprise, in order to pre-emptively detect and manage security threats and, in the event of a cybersecurity breach, recover expediently.

Independent third parties continually conduct vulnerability scans and penetration tests to ensure that Blue Label’s systems are as secure as possible and that new threats are appropriately addressed.

All of Blue Label staff members are mandated to participate in an ongoing cybersecurity awareness training programme, which was enhanced in light of most of them working remotely.

Cyber insurance cover is in place to protect the Group in the event of a breach.

  • 2
  • Unsuccessful execution of Cell C debt restructure

Description

The debt restructure of Cell C is critical to its successful turnaround, the outcome of which would reduce the negative perception in the market of Blue Label’s inherent value.

Failure in this regard would have a negative impact on Blue Label’s profitability, to the extent of cessation of its trading activities with Cell C.

Mitigating measures

  • A liquidity platform was established to manage cash flow within Cell C and to see it through the course of the recapitalisation process.
  • Network strategy: implementation of the extended roaming agreement with MTN commenced on 1 May 2020. This enables network innovation, promotes efficient network infrastructure utilisation and sustainable investment in network infrastructure. The transition to the new business model commenced on 1 January 2021.
  • Operational rationalisation: Cell C has taken active steps to reduce its focus on pure revenue and subscriber growth to rather focus on profitable customers and long-term growth. There is an unrelenting focus on cost cutting and a change in the operating business model from build, own and operate all functions to focused investment, partnering and an acquirer of services.
  • The turnaround strategy is clearly delivering improved operational efficiencies through the positive impact of these changes filtering through during the past 12 months.
  • All stakeholders are actively involved in the recapitalisation process and progress is being made towards its successful conclusion.
  • 3
  • Unsuccessful achievement of the CEC revenue sharing arrangement

Description

CEC’s contribution to group profits is dependent on the success of the Cell C revenue sharing agreement and the minimisation of bad debts on the Cell C post-paid base.

Mitigating measures

  • Management is of the opinion that it will mitigate risk through the operational model that has been formulated and implemented.
  • CEC and Cell C have stringent requirements for the granting of credit to subscribers.
  • CEC utilises the expertise of Blu Nova to proactively monitor for leading indicators of financial distress and to take pre-emptive remedial action accordingly.
  • CEC has direct access to the cash flows generated from the Cell C subscribers relating to their monthly subscriptions payable.
  • CEC will augment its current offerings to subscribers at higher margins in order to subsidise any potential bad debt losses.
  • In the unlikely event of default by Cell C, CEC has the right to sell the customer base.
  • 4
  • Unethical behaviour and fraud

Description

Due to the nature of our digital inventory, the Group is vulnerable to fraudulent activities.

Blue Label maintains zero tolerance for fraud and irregularities. All incidents are investigated, irrespective of the quantum therefore.

The ongoing roll out of new products/solutions increases the exposure to potential fraudulent-related activities.

Mitigating measures

We continue to refine operational controls, security, and our infrastructure in order to mitigate the risk of fraud.

Fraud and ethics are discussed at Board level by both the Social, Ethics and Transformation Committee (SETC) and the ARCC.

The ethics hotline, hosted by KMPG, remains available for anonymous reporting of any suspicions of fraud.

Staff are mandated to participate in digital programmes that enhance awareness relating to fraud and ethics. A code of conduct, disciplinary policy and fraud policy are in place.

We have developed a Fraud Management Framework that addresses the risk of fraud within the Group.

  • 5
  • Prolonged business model transformation impacting market relevance

Description

Historically, the Group specialised in the distribution of products. Going forward, Blue Label needs to evolve so that technology drives product development, or it risks losing market opportunities to more digitalised or agile competitors.

Mitigating measures

Management have embraced the change in mindset, spurred on by the necessity to implement digitalisation in the face of lockdown. Various technology driven initiatives were developed and brought to market.

The Group’s commercial offerings are being transformed through automation, consumer reach, consumer-centric design, enhanced software build and release mechanisms, simplified integrations and platform flexibility and scalability.

  • 6
  • Maturity of business continuity management (BCM)

Description

Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRP) ensure that the business is prepared for severe interruptions and that business processes continue with minimum downtime during cases of emergency or disaster.

If the BCPs are misinterpreted or not properly in place, the potential breakdown of critical business processes could harm the Group’s profitability and reputation.

Mitigating measures

Blue Label’s BCM steering committee meets regularly to ensure that the Group is prepared to counter any risk.

Active-active failover architecture is implemented throughout the Group.

BCP consultants have reviewed Blue Label’s BCPs and accordingly the Group is implementing their recommendations.

COVID-19 offered a unique opportunity to test our DRP, which proved to be resilient. Employees could operate remotely with minimal disruption to operations.

We will conduct simulation exercises to validate BCPs in FY2022 to ensure that all staff, in the event of disruption, are aware of their roles and responsibilities.

  • 7
  • Customer and revenue concentration risk

Description

Certain prominent financial institutions and retailers rely on Blue Label to process their substantial transaction volumes. A lapse in the Group’s service delivery to these stakeholders could result in a major negative impact on its profitability and/or reputation.

Mitigating measures

Blue Label maintains long-standing relationships with these parties and has an impressive track record of service delivery.

Mature failover and business continuity mechanisms provide a high degree of certainty that we maintain uptime beyond 99%, even as transaction volumes continue to grow.

Software release methodology and application-level failover reduces the need for system downtime during system release and maintenance windows.

  • 8
  • Potential theft of e-tokens of value

Description

E-tokens are a form of electronic cash utilised for secure transactions. The Group relies on the high-volume, low-margin distribution and sale of e-tokens of value. Blue Label, therefore, needs to protect its virtual stock from theft, the corruption of voucher pins and cybercrime.

Mitigating measures

The confidentiality, integrity, and availability of virtual stock is managed through rolebased access control, secure transfer of supplier/customer files and encryption with hardware security modules.

A robust set of automated internal controls assist in timeous detection and prevent the theft or corruption of voucher pins and related digital products.

Sufficient insurance cover is in place.

  • 9
  • Group-wide reconciliation and settlement process

Description

As Blue Label processes large transaction volumes to multiple vendors and across various systems, our reconciliation and settlement process must be run efficiently to prevent loss of revenue and enhance customer satisfaction.

Mitigating measures

All of the Group’s main reconciliations are automated. The finance department resolves any partially matched or unmatched files daily and an escalation process is in place.

  • 10
  • Business-related fraud

Description

Business-related fraud is consistently a risk. The Group needs to be diligent at all times to mitigate the possibility of fraud when launching new products.

Mitigating measures

Several key appointments serve to protect the Group from fraud, while employee accountability and responsibility campaigns ensure that every staff member is aware of their role and duty to prevent fraud.

BLT’s Technology division assists with, prioritises and supports efforts to address internal control gaps. Our new formal “Protect our Business” initiative places a strong focus on identifying control gaps in systems and processes. The Head of Fraud and the business improvement team continuously work to close such gaps and to improve thereon. This reduces the Company’s overall risk exposure and associated losses. BLT will appoint an external service provider to map the as-is processes in high-risk areas.

Furthermore, there is a strong focus from a fraud, risk and compliance perspective to mitigate any risks from the early stages of any new product initiatives, before the product is made available to the market. A formal sign off process has been implemented throughout the Group.

In FY2022, BLT will prioritise regular reviews of existing products.

  • 11
  • Supplier relationships (network operators and utilities)

Description

Each subsidiary is highly dependent on its respective suppliers to achieve its business objectives.

Should our customers (or aggregators) with a significant market footprint deal directly with the utilities, they effectively become competitors to the detriment of Blue Label.

In addition, there is potential for network operators to launch applications whereby consumers are granted direct access to airtime purchases from them.

Mitigating measures

Blue Label’s management nurtures relationships with existing suppliers and has a strong track record with them. Long-term contracts with suppliers ensure sustainable business relationships.

Margin management, the breadth of Group product suites and the efficient technological integration into customer backend systems discourage them from dealing directly with utilities.