Enterprise Risk Management is about thinking ahead, drawing-up different scenarios, evaluating potential impacts and, most importantly, being aware of the risks. Raising awareness about Enterprise Risk Management (ERM) and providing information to initiate or update plans to recognize and anticipate risks, thereby minimizing their impact, is among the goals of the WLA Security and Risk Management Committee (SRMC).
What has taken place regarding the Covid-19 outbreak has shown us the importance of a good understanding of risk. Being prepared to address a crisis and trying to reduce the impact on employees, partners and players is crucial for the lottery and sports betting industries.
In November 2010 Oswald Grübel, CEO of UBS declared, “Risk is our business. I can assure you, as long as I’m here, and as long as my colleagues are here, we know about risks”. Ten months later the Bank had to announce losses of USD 2.3 billion owing to fraud. Risks should never be underestimated and being prepared to address critical situations is decisive in avoiding disruptive times.
We are in the middle of a wake-up call for the future. Reshaping organizations, reviewing processes, innovating products, and modifying cost and capital investment priorities, together with customer engagement in the new normal, are the immediate operational challenges facing the lottery industry. Risk Management must be taken into consideration and, in doing so, we must think out of the box to mitigate risks and to be prepared to face any critical situation that may arise in the future.
In the summer 2020 the WLA conducted a first survey of “Risk management in the lottery sector” among its lottery and sports betting members to better understand industry risk perception and priorities. Following the analysis of survey results a Lottery Risk Register was developed to provide the WLA community with comprehensive documentation for establishing, implementing, or monitoring risk management processes.
To assess the current risk landscape, a second survey was conducted in 2023. This survey, released in late May, targeted risk management specialists. It was hoped that survey insights would help the WLA better understand risk management maturity across the membership base, to refresh the Lottery Risk Register and to better target risk management support offerings for members.
Survey outcomes are available for download below.
The Lottery Risk Register is a list of risk-related information specific to the lottery and gaming sector. The aim of this document is to provide the WLA community with comprehensive documentation for establishing, implementing, or monitoring risk management processes.
The categorization and risks provided here are the result of work initiated by the WLA Security and Risk Management Committee in 2021 in collaboration with WLA members.
The Lottery Risk Register is intended to be a living document, for which comments continue to be collected and added. It has recently been updated for feedback received via the second Risk Management survey and a review of the lottery risk environment conducted by the Security and Risk Management Committee. It aims to provide the global lottery community with a place to collaborate and share experiences while creating a comprehensive documentation on risk management for the sector. To download the latest version of the Lottery Risk Register, please login.
A copy of the Lottery Risk Register for comments can be found on the WLA Wiki. All WLA members can register and login to the WLA Wiki to leave comments and input for future updates of the Lottery Risk Register. The Lottery Risk Register is reviewed by the WLA SRMC on at least a yearly basis and updated as needed.
To provide members with additional risk management resources, risk profiles have been developed for key risk categories. Each profile describes a risk, details what is driving the risk and offers risk mitigation strategies. A risk rating has been applied to each risk using an assessment of the likelihood of the risk occurring and the consequence of its impact.
The first tranche of risk profiles address cybersecurity, artificial intelligence, illegal gaming operations, talent, licences and contracts, and disaster risks.
The profiles are intended as examples only. It is acknowledged that key risks and their impacts will vary between members based on local circumstances. Providing this detail is intended to prompt risk management conversations within member organisations.
All risk profiles and the supporting risk rating tools can be accessed in the member section (login required).
