Enterprise Risk Management (ERM) is about thinking ahead, drawing-up different scenarios, evaluating potential impacts and, most importantly, being aware of risks.
Raising awareness about ERM and providing information to initiate or update plans to recognize and anticipate risks, thereby minimizing their impact, is among the goals of the WLA Security and Risk Management Committee (SRMC).
The SRMC has sought member feedback on risk management practices via three surveys, developed a Risk Register detailing lottery sector specific risks and prepared Risk Profiles addressing key risks and mitigations. These tools are designed to assist members to understand and address risk.
The first survey was released in 2020 to understand industry risk perception and priorities. A second survey in 2023 aimed to understand risk management maturity across the membership base, to refresh the Lottery Risk Register, and to better target risk management support offerings for members.
The focus of the most recent survey, conducted in 2025, was to seek more detail on member risk practices, including whether they are supported by technology and Artificial Intelligence (AI). This survey engaged over 60 lotteries worldwide, with most respondents from Europe, Asia Pacific and the Americas.
The results highlight a maturity in risk management practices, with most organizations positioning themselves at intermediate or advanced levels. Respondents have indicated several opportunities for improvement, such as in levels of controls, business continuity planning, process digitization, and crisis protocols. The main challenges identified are the detection of emerging risks and the management of complex regulatory and compliance requirements.
Looking ahead, cybersecurity threats, increased regulatory scrutiny, and the adoption of advanced technologies such as AI and big data are seen as the most significant risks. The survey confirms the sector’s intention to invest in automation and innovation to address emerging challenges.
The full Survey outcomes can be accessed in the member section (login required, otherwise hidden).
The Lottery Risk Register includes risk-related information specific to the lottery and gaming sector. The aim of this document is to provide the WLA community with comprehensive documentation for establishing, implementing, or monitoring risk management processes.
The categorization and risks provided here are the result of work initiated by the SRMC in 2021 in collaboration with WLA members.
The Register is intended to be a living document, for which comments continue to be collected and added. It has recently been updated to show alignment of risks to Security Control Standards controls where relevant.
To improve member interaction with the Register, a one-page summary, sharing risks grouped under level 1 risk categories, has been prepared. The 2025 ‘top risks’ are highlighted in red font. Please log in to download the one-page summary.
The Register aims to provide the global lottery community with a place to collaborate and share experiences while creating comprehensive documentation on risk management for the sector.
Please log in to download the full Register.
The Register is reviewed by the SRMC on at least a yearly basis and updated as needed. Members are encouraged to provide input for future updates.
To provide members with additional risk management resources, Risk Profiles have been developed for key risks categories. Each Profile describes a risk, details what is driving the risk and offers risk mitigation strategies. A risk rating has been applied to each risk using an assessment of the likelihood of the risk occurring and its impact.
The first tranche of Risk Profiles was released in 2024 and addresses cybersecurity, artificial intelligence, illegal gaming, talent, licences and contracts, and disaster risks. A second tranche of Profiles was released in 2025 and covers responsible gaming, cloud computing and artificial intelligence. For the latter, four AI risks have been identified with a Profile for each.
Further Risk Profiles will likely be developed based on feedback from the 2025 Survey.
The Profiles are intended as examples only. It is acknowledged that key risks and their impacts will vary between members based on local circumstances. Providing this detail is intended to prompt risk management conversations within member organisations.
Please log in to download the Risk Profiles.
Feedback from members on the risk management resources detailed above is welcomed, as are suggestions on any additional services or support. Should you wish to share your thoughts please contact the SRMC here: [email protected]
