Managing Risk

The Board has ultimate responsibility for setting the Group’s risk appetite and for effective management of risk.  

An ongoing process has been established for identifying, evaluating and managing risks faced by the Group.  This comprises the maintenance of a detailed risk register by the management team of each division which is regularly reviewed and challenged by the Executive Directors. An annual assessment of key risks is performed by the Executive Directors and presented to the Board.  

All risks take into consideration the likelihood of the event occurring and the impact of that event. Once the risks have been assessed appropriate mitigation actions are determined for each key risk identified. The principal risks identified in the table below.


Description
Category
Risk Appetite
Mitigation
Credit exposure
The Group has a number of ongoing arrangements with law firm customers and joint venture partners, some of which include extended credit terms, which create a credit risk in the event of their insolvency or a dispute.
Financial
Balanced (7/12)
The Group has processes to approve credit limits and monitor exposures to law firm customers and partners that are consistent with its balanced appetite for risk. In Consumer Legal Services, extended credit terms have not been offered to new customers since 2020 and contractual provisions, such as set-off clauses  and parental guarantees, are in place to mitigate the risk for material debts with joint venture partners.

In Critical Care, the business offers extended credit terms on certain services and the risk is diluted by having a diverse range of customers. Material debts are monitored more closely by the credit control team and reported on the risk register.
Accuracy of business model assumptions
The Group’s business model relies on several key assumptions which, if not delivered, could have a material impact on financial performance.

These key assumptions include:
- Enquiry generation costs and volumes
- Placement of personal injury enquiries to panel firms
- Claim processing performance
- Volume of instructions in Critical Care
- Average revenues for services in Critical Care
Financial
Balanced (7/12)
Model assumptions are determined by management with oversight from the Executive Directors and the Board, and sensitivities are then performed on the key assumptions. The model assumptions are scrutinised and regularly compared to actual results and updated where necessary. The 2024 budget factored in prudent assumptions relating to personal injury enquiry generation with no market growth assumed.
Additional measures have been taken to de risk certain assumptions by securing contractual
guarantees from key partners.
Assumptions relating to the expected value of open cases and the average value of future cases within NAL were uplifted in the year following a review of older case performance which has out-performed original expectations.
Regulatory Breaches
The Consumer Legal Services division operates in a highly regulated environment and handles high volumes of sensitive customer data, including credit card information and medical data, as well as client money. The Group’s law firms are regulated by the Solicitors Regulation Authority. Breaches of regulations could result in regulatory action against those businesses, directors, and compliance officers.
Critical care is audited by the Care Quality Commission (CQC), and any failings could create reputational damage and loss of customers.
Regulatory
Cautious (4/12)
Both divisions employ dedicated compliance resources responsible for managing regulatory issues and reporting directly to the Board.
External legal advice is taken, including from leading counsel, where appropriate, in particular when faced with changes to the law and regulation, internal processes, or structure. In Critical Care, the divisional management have created a Clinical Governance Board to report to Executive Directors on risks arising from clinical decisions and regulation. This group comprises senior management and a Chief Medical Officer who is a consultant surgeon, at the Royal National Orthopaedic Hospital, Stanmore.
The CQC carried out an audit of the Critical Care business in December 2023 with a ‘good’ status received and no negative comments.
Critical Care self-employed associate model
IR35 legislation requires careful interpretation to ensure arrangements do not breach tax laws, resulting in unexpected tax charges and fines.
Financial Balanced (7/12)
To comply with IR35 rules, the Board has taken external advice from a leading accountancy and tax firm and made the necessary status determinations for each associate. These determinations are supported by contractual terms, operational processes and working practices currently in place. Bush & Co regularly monitors compliance with these
processes and has controls in place to ensure the risk of a breach of the legislation is low.
Key Person Dependency and Recruitment
Unavailability or loss of key individuals could have a detrimental impact on business performance.
Significant intellectual property, relationships and experience is held by certain members of management. If they became unavailable there could be a short-term impact on operational performance and the progress of key projects.
People and Culture
Balanced (8/12)
There is a succession plan in place covering all key individuals and no one person is responsible for any key relationship. Bonus schemes and share options are put in place to support retention of key employees and are regularly reviewed by the Remuneration Committee. Remote and hybrid working has continued to be a significant enabler in attracting and training new people, particularly experienced legal staff.
Working capital management and funding
The Group is managing its levels of working capital whilst it builds its book of personal injury claims in National Accident Law.
These claims can take a number of years to process and it is at the point of settlement of each successful claim that cash is received.
The Group’s working capital is funded through its £15m revolving credit facility (RCF), which runs to December 2025. This facility includes several financial covenants, which have been aligned with the Group’s strategy and medium-term forecasts. If performance falls outside of expectations, the Group could be required to depart from its growth strategy in order to meet covenant requirements (e.g. by reducing investment in NAL).
Financial
Balanced (7/12)
The Board closely monitors the use of capital and uses short and medium-term forecasts to plan future requirements.

Compliance with the debt covenants is reviewed on a monthly basis by the Executive Directors and reported to the Board.

After the balance sheet date, the Group extended the term of its RCF by 12 months to December 2025, and reduced the maximum drawn balance to £15m. The Board determined that this facility was adequate for its funding needs for the foreseeable future.


IT infrastructure and security
Many of the Group’s interactions with its customers are online and systems are increasingly automated, creating an increased exposure to systems error. Both divisions are reliant on their IT systems to capture and protect valuable customer data obtained in the normal course of business. Theft, loss, and misappropriation of digital assets and data could result in reputational damage and/or regulatory fines. The Group relies on a number of key IT suppliers and its systems are increasingly automated, creating an increased exposure to systems error.
IT Systems & Data Security
Cautious (5/12)
The Group takes data security very seriously and has robust policies and procedures to ensure it is compliant with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR).
Business Continuity plans are in place and have been tested, the Group’s employees are provided with regular training, and the cyber security controls are regularly stress tested. External suppliers are used to conduct regular penetration and phishing testing and the Consumer Legal Services division has secured the Cyber Essentials accreditation. A Cyber security steering group
meets quarterly to assess risk.
Interest rate risk
The Group is exposed to interest rate risk through its £15m RCF, of which
£11.8m was drawn at the year end. Interest accrues at 2.25% above the Sterling Overnight Index Average (SONIA), which closely tracks the Bank of England (BoE) base rate.

Given the elevated levels of inflation in the UK, and the higher base rate set by the BoE in response, this risk is likely to remain elevated this year leading to higher borrowing costs for the Group.


Financial
Balanced (7/12)
The Group will continue to leverage its flexible placement model to drive short-term cash flow in addition to increasing levels of cash generated from NAL which is now approaching maturity. This, along with strong cash generation from the Critical Care division helped reduce net debt by £3.6m in 2023 and will underpin free cash flow in 2024, leading to a further reduction in drawn debt.