The most significant strategic, operational and non-financial risks that could have a negative impact on Sanoma’s business, performance, or financial status as well as key mitigation actions are described below. However, other currently unknown or immaterial risks may arise or become material in the future. Financial risks are described in more detail here.

Risk management and internal control policies, processes, roles and responsibilities are presented in the Corporate Governance section

Significant near-term risks and uncertainties are reported on a continuous basis in each Interim Report during the course of the year. 

Strategic risks

General economic conditions

The general economic conditions in Sanoma’s operating countries and the overall industry trends could influence Sanoma’s business, performance or financial status. In general, risks associated with the performance of the learning business relate to development of public and private education spending especially during the curriculum renewals. In the media business, risks associated with business and financial performance typically relate to advertising demand and consumer spending. The volume of media advertising is especially sensitive to overall economic development and consumer confidence.

Sanoma’s diverse business portfolio partially mitigates the risk. In 2019, approx. 37% (2018: 23%) of Sanoma’s net sales was derived from learning, approx. 26% (2018: 36%) from single copy or subscription sales, approx. 7% (2018: 7%) from print advertising, approx. 20% (2018: 18%) from non-print advertising and approx. 10% (2018: 15%) from other sales (2018 comparison figures include continuing and discontinued operations).

Changes in customer preferences and the threat of new entrants

Changes in customer preferences are visible not only in consumer behaviour, but also both directly and indirectly in B2B and public demand. Ongoing digitalisation and mobilisation are the main drivers behind many of these changes. In education, digital learning materials, methods and platforms are gradually penetrating the market. The increasing use of mobile devices is changing the way people consume media, while viewing time of free-to-air TV is decreasing.

Sanoma partially mitigates the risk by continuous development of digital and hybrid learning and media products and services. In learning, close and long-term relations with schools, teachers and governing bodies play a significant role in the business, and digital solutions are typically combined and sold together with printed materials. The wide cross-media offering provides Sanoma a solid base to constantly develop its offering to advertisers and to introduce new services, such as cross-media solutions, native or branded and premium content. Nevertheless, new entrants and/or new technological developments entering the markets possess a risk for Sanoma’s established businesses.

Mergers and acquisitions (M&A)

Sanoma’s strategic aim is to grow through acquisitions. In M&A, the key risks may relate to the availability of potential M&A targets, suitability of timing, transaction process, integration of the acquired business, retention of key personnel, or achievement of the targets set.

Sanoma mitigates the risks by actively maintaining its industrial networks, proactively seeking for potential targets, working with well-known parties during the transaction processes and following its internal policies and procedures in decision-making, organisation and follow-up of M&A cases.

Political and legislative risks

Changes in governmental or legislative bodies or general political instability in the operating countries may affect Sanoma’s ability to effectively conduct business. Key legislative risks may relate to changing educational regulation, changes in the use of consumer data for commercial purposes, deterioration of publishers’ and broadcasters’ copyright protection, or changes in tax legislation or in the interpretation of tax laws and practices. These risks can have a significant impact on Sanoma’s commercial propositions, content investment needs or financial performance.

Close monitoring and anticipation of political and regulatory development and adaption of business models accordingly are ways to partially mitigate these risks. Legislation related to education, in particular, is typically country-specific, limiting the magnitude of the risk on the Group level.

Operational risks

Data and privacy

Data is an increasingly essential part of Sanoma’s products and services in both the learning and media business. The EU General Data Protection Regulation (GDPR) sets strict requirements for implementing data subject rights, and for companies to demonstrate their accountability for complying with the regulation. Non-compliance with the GDPR could lead to fines of up to 4% of the annual global turnover. In addition, the ePrivacy Directive imposes requirements for online data collection and use. The most relevant risks pertaining to data privacy are potential data breaches resulting from unauthorized or accidental loss of or access to personal data managed by Sanoma or by third parties processing data on Sanoma’s behalf, or other failure to comply with privacy laws.

To mitigate the risk and ensure compliance, Sanoma runs a Privacy Programme that monitors development and enforcement of privacy regulations and has oversight of the implementation of Privacy Policy. Key privacy implementation processes include data lifecycle management, negotiating data processing agreements with third parties, information security measures to protect data, data breach management procedures, and implementation of data subject rights. Privacy requirements and threat assessments are incorporated into product development and privacy impact assessments are regularly conducted to ensure compliance of products and services. Employees with privacy responsibilities have been nominated and trained to act as a first line of privacy support, and role-based privacy trainings are offered to key target groups. During 2019 Sanoma participated in the development of a standardized approach to manage online data consents by the IAB (Interactive Advertising Bureau) Finland’s Transparency and Consent Framework.

Risks related to third parties

A wide network of third parties plays an integral role in Sanoma’s daily business. Third-party suppliers in Sanoma’s value chain include, among others, paper and print suppliers and transport, distribution, technology solution and IT hosting service providers. Freelancers support Sanoma’s own editorial staff in creating learning materials and media content. The status of freelancers may vary by authority and by country. However, no individual case is estimated to become material unless it escalates to concern a large group of freelancers. Certain advertising and marketing efforts are executed with the help of third parties. The advertising technology ecosystem consists of players, such as Google and Facebook, that have a dominant market power, which may lead to an imbalance between their rights and liabilities. Cooperation with third parties exposes Sanoma to certain financial, operational, legal as well as data and GDPR-related risks, which are described in more detail in other sections of this risk review.

To mitigate the risks related to third parties, Sanoma follows the guiding principles of supplier risk management set in the Group’s Procurement policy, Supplier Code of Conduct and legal framework. The most significant suppliers are selected through competitive bidding and qualification process. Sanoma performs Know Your Counterparty -controls as part of the supplier approval process, and monitors the performance of third parties by performance approvals and service-level agreements.

Information and communication technology (ICT)

Reliable ICT systems form an integral part of Sanoma’s business. The systems include online services, digital learning platforms, newspaper and magazine subscriptions, advertising and delivery systems, as well as various systems for production control, customer relations management, and supporting functions. ICT security risks relate to confidentiality, integrity, and/or availability of information, as well as to reliability and compliance of data processing. The risks can be divided into physical risks (e.g. fire, sabotage and equipment breakdown) and logical risks (e.g. information security risks, such as malware attacks, hacking of persona data or other sensitive data assets, and employee or software failure).

To mitigate the risks, Sanoma has continuity and disaster recovery plans for its critical systems and clear responsibilities regarding ICT security in place. Information security controls include the use of threat intelligence capabilities, cyber security incident detection capabilities, identity and access management solutions, log management capabilities and the use of external information security audits. During 2019 Sanoma invested in a transition to cloud to improve flexibility, security, availability and to decrease costs.

Intellectual Property Rights (IPRs)

Key IPRs related to Sanoma’s products and services are copyrights including publishing rights, trademarks, business names, domains, and know-how, as well as patents related to e-business and utility models owned and licensed by the Group.

Sanoma manages its IPR in accordance with the Group-wide IPR policy and procedures. Because of a dispersed IPR portfolio, no material risks are expected to arise from individual IPR cases.

Hazard risks

Hazard risks include risks associated with business interruption, health and safety or environmental issues. They are mitigated through operational policies, efficient and accurate process management, contingency planning and insurance. Due to the nature of Sanoma’s business, hazard risks are not likely to have a material effect on Sanoma’s performance.

Non-financial risks

Talent attraction and retention

Sanoma’s success depends on competence and continuous development of the skills of its management and personnel. In particular, the ability to develop appealing customer products and services in changing environment is crucial for success. The ability to ensure the right skillset for the digital transformation as well as to attract and retain the right talents, especially in relation to acquisitions, may possess a risk to Sanoma’s business and financial performance.

To mitigate the risk, Sanoma enhances a corporate culture supporting innovation, creativity, diversity, as well as an ethical and efficient way of working. The culture is further supported by open and transparent leadership and communications, knowledge sharing between businesses and functions, as well as opportunities and resources for learning and professional development. The Code of Conduct and Diversity Policy set the framework for corporate culture and employee relations. Sanoma follows employee engagement closely by an annual survey.

Environmental risks

Sanoma’s main environmental impacts derive from energy use, paper and printing ink use and distribution.

Sanoma aims to prevent and minimise negative environmental impacts by focusing on efficient operations and material use as well as responsible procurement. Sanoma’s processes support compliance with relevant environmental legislative, regulatory and operating standards. Due to the nature of Sanoma’s business, no material environmental risks are expected to arise.

Risks related to human rights, anti-corruption and bribery

Sanoma operates in ten European countries, all of which score high or average on Transparency International’s corruption perception index and where risks related to human rights are assessed as low or medium by Verisk Maplecroft. In the learning business, the business partners mainly include municipalities, schools and teachers, while the media business is based on creating and selling content to individual people, and selling advertising space to companies.

All Sanoma employees must comply with Sanoma’s Code of Conduct, which supports the international standards on human rights and labour conditions and clearly prohibits all corruption and bribery. The requirements of the Code are extended to Sanoma’s suppliers through the Supplier Code of Conduct. Sanoma mitigates the compliance risk e.g. by a mandatory annual e-learning on the Code of Conduct to all employees. Due to the nature of Sanoma’s business and the current situation in its operating countries, no material risks related to human rights, anti-corruption or bribery are likely to arise.