This section provides a brief description of the key risks to which the Group’s operations are exposed and identify, in each case, their potential impact on the Group and the principal activities in place to manage the risk. Each risk is considered in the context of the Group strategy by identifying the principal strategic element to which it relates, although other elements may also be relevant. The Group strategy is discussed in detail in the preceding pages of this business review.

It is not the intention to provide an extensive analysis of all risks affecting the Group but rather to identify only those risks and uncertainties which the Directors believe to be the principal ones facing the business. Not all of the factors listed are within the control of the Group and other factors besides those listed may affect the performance of its businesses. Some risks may be unknown at present and other risks, currently regarded as immaterial, could turn out to be material in the future.

The risk factors listed in this section and the specific activities in place to manage them should be considered in the context of the Group’s internal control framework. This is addressed in detail in the section on risk management and internal control in the corporate governance statement. This section should also be read in the context of the accompanying cautionary statement regarding forward-looking statements.

Risk registers, based on a standardised methodology, are used at Group, regional, area and individual market level to identify, assess and monitor the key risks (both financial and non-financial) faced by the business at each level. Information on prevailing trends, for example whether a risk is considered to be increasing or decreasing over time, is provided in relation to each risk and all identified risks are assessed at three levels (high/medium/low) by reference to their impact and likelihood. Mitigation plans are required to be in place to manage the risks identified and the risk registers and mitigation plans are reviewed on a regular basis. At Group level, specific responsibility for managing each identified risk is allocated to a member of the Management Board. The Group risk register provides the basis for the assessment of the key Group risk factors identified below. It is reviewed regularly by a committee of senior managers chaired by the Finance Director and twice yearly by the Corporate Committee. In addition, it is reviewed annually by the Board and twice yearly by the Audit Committee. The Board and each such Committee reviews changes in the status of identified risks, assessing changes in impact and likelihood, and the Audit Committee also spends time focusing on selected key risks in detail.

Developments in the assessment of Group risk

The Board’s assessment of the key risks and uncertainties facing the Group has remained broadly unchanged over the past year, particularly with regard to illicit trade, excise and tax and financial risk. However, as a consequence of the Board’s continuing reappraisal of Group risks and the activities in place to address them, some risks which have in previous years been considered as key Group risks are no longer assessed as such in terms of their impact and likelihood and so are not addressed in this section. They are nevertheless still addressed as Group risks, remain on the Group risk register and continue to be reviewed in accordance with the Group’s risk management procedures. This applies, for example, to the loss of confidential information or malicious manipulation of data, which was included in last year’s table but is no longer included this year.

Climate change, which has previously been identified as a Group risk, is no longer considered to be a risk factor itself, but is treated as a potential cause of more specific risks, such as the inability to obtain adequate supplies of leaf. It therefore continues to be taken into account in the assessment of Group risk. Non-compliance with environmental, health and safety measures is now assessed as a key Group risk, having been identified as a significant compliance issue facing the Group given the complexity and global nature of its operations and in light of a number of recent incidents involving workplace accidents. In addition, increased focus on the regulatory risks facing the Group has highlighted key areas of risk, now set out separately below. This reflects their importance in the context of the future development of the Group’s business and the need to ensure that they are each effectively addressed.