Principal risks

In common with most organizations worldwide, Gemalto is affected by a number of risk factors, not all of which are within our control. Some factors, such as macroeconomic factors, are likely to affect the performance of businesses generally, while others are particular to our operations. This section sets out the risks that Gemalto’s management believes are the principal risks to the Company, most being specific to our business. Accordingly, it is not intended to be an exhaustive list of all the risks that may affect our business, but aims at reporting on the main identified risks that stem from our activity and the actions developed in order to mitigate them.

Strategic risks

Risk area Most important potential impacts on Gemalto Mitigating actions
Lower growth, decrease in activities and/or increase in competition
(Change in business environment, emerging market competition, etc.)
Financial
  • Critical size, global presence.
  • Competitive and market intelligence program.
  • 2010-2013 Development Plan.
  • Diversified portfolio of activities.
  • Capacity of innovation to bring new products and applications to the market. In 2010, Gemalto filed 103 new patent applications (103 in 2009).
  • Bolt-on acquisitions.
  • Cross-segments selling.
  • Strict pricing discipline.
  • Focus on creating value to clients. In 2010, overall client satisfaction remained strong at 712 points (2009: 715, 2008: 631).
Wrong acquisitions and/or joint ventures
(Technological bricks, geographical coverage etc.)
Financial and operational, loss of key people
  • 2010-2013 Development Plan.
  • Experience of successful combinations (twelve acquisitions since the Combination).
  • Dedicated M&A team and processes.
  • Strategy and M&A Committee with Board Members.
Technology shift
(Change in business model)
Financial and reputational
  • Diversified technology portfolio approach (including through M&A).
  • Participation in industrial bodies and standardization organizations. Many awards for technological innovations (see www.gemalto.com/companyinfo/about/awards).
  • Strong Research & Development and standardization teams.
  • Competitive and market intelligence program.
Operational risks    
Business interruption, including crisis mismanagement
(Inability to serve our customers in a timely way and protect our stakeholders)
Financial, commercial and reputational
  • Risk mapping with regular updates (both at site and group levels).
  • Crisis management framework and worldwide training program.
  • Business continuity responses build-up.
  • Diversified industrial footprint.
Sourcing failures including unavailability of chips
(Sophisticated technical requirements etc.)
Financial, commercial and reputational
  • Multiple sourcing.
  • Safety stocks management.
  • Protection clauses in contracts.
Decoding of encryption programs
(Encryption is key to security)
Financial and reputational
  • Strong security and cryptography expertise.
  • Market Intelligence team.
  • Eight sites with ISO 27001 certification (6 in 2009).
Defective products and/or service failures
(Manufacturing, personalization services and development of software etc.)
Commercial, financial and reputational
  • Standardized manufacturing processes.
  • Quality Management system and world-class enterprise organization.
  • 27 sites with ISO 9001 certification (27 in 2009).
  • Product and Professional liability insurance.
  • Customer satisfaction survey. In 2010, overall client satisfaction remained strong at 712 (2009: 715, 2008: 631).

Operational risks

Risk area Most important potential impacts on Gemalto Mitigating actions
Bidding and execution failures of major contracts
(Amount, duration, technology, commitments)
Commercial, financial and reputational
  • Project-based organization for government program bids.
  • Key account managers.
  • Security certifications and organization.
  • Crisis management.
Exposure to country risk
(Political, regulatory and trade exposure impacting our staff, footprint and receivables)
Financial
  • Involvement of treasury, tax and legal departments at the early stages of international operations.
  • Travel intelligence and medical repatriation cover.
Infringement to intellectual property rights (IPR)
(R&D is an important part of our activity)
Financial and reputational
  • Dedicated IPR team.
  • Protection clauses in contracts.
  • Internal inventors policy.
Sensitive data mismanagement
(Leakage and/or loss of customers’ data)
Financial and reputational
  • Internal audits.
  • Security and IT policies and related trainings.
  • Worldwide Security organization.
  • Security certifications (including ISO 27001, EMV, etc.).
Financial risks    
Foreign exchange risk
(Manufacturing footprint, portfolio of receivables, future cash flows, competition)
Financial
  • Centralized currency risk management.
  • Natural hedging (i.e. matching costs and revenue currencies).
  • Hedging transactions (foreign exchange forward contracts and options recorded as cash flow hedges).
Financial counterparty risk
(Long-term contracts, terms of payment, cash deposit)
Financial
  • Risk limits set for counterparties.
  • Usage of plain vanilla hedging instruments and low risk money market investment.
  • Working with financial institutions of investment grade (deposits, hedging transactions).
Financial reporting risks
(Revenue recognition process, inventory valuation, taxation and other complex accounting issues)
Financial and reputational
  • Financial policies and procedures.
  • Internal Audit department.
  • Dedicated team on internal control over financial reporting.
  • Single financial reporting tool company wide.
  • Single Enterprise Resource Planning (ERP) under deployment.