The ability of the Group to hold or increase prices and therefore achieve performance targets could be affected.

������ Maintain price discipline and leadership.

������ Maintain focus on choosing the best sites in a geographical area.

������ Continue to invest in the member proposition.

Delays to our rollout plan may have adverse impact on growth targets and operational returns.

������ Our highly experienced property team are focused on site selection and sourcing the best deals.

Reductions in actual or perceived customer service could result in a decrease in membership numbers and revenue generation.

������ Monitor utilisation, NPS and FEEFO scores.

������ Enhance monitoring and feedback processes.

������ Ongoing review of equipment usage to ensure we meet member requirements.

������ Explore further innovations to improve the member experience.

A lack of experienced and motivated staff will have a detrimental impact on all areas of the business, from operations to central functions.

The Group uses a variety of techniques to attract, retain and motivate staff at all levels across the business. These techniques include:

������ competitive remuneration packages;

������ opportunities to own shares in the company;

������ opportunities for training and progression;

������ short, clear reporting lines; and

������ succession planning.

Failure to address any of these risks could cause impact from minor inconvenience to major business interruption.

The risk will be mitigated by having appropriate project governance procedures in place, to include:

·      project sponsor;

·      project steering group;

·      project plan;

·      appropriate level of due diligence; an

·      integration plan.

Disruption in critical IT systems could have a negative impact on our reputation and our ability to collect revenue.

·      Our primary data systems are hosted by fully qualified organisations in suitable data centres.

·      Our primary IT infrastructure is fully managed by specialist IT companies who provide best-practice architecture and support.

·      All membership and business information is backed up using third party locations.

·      Robust disaster recovery and business continuity plans are in place.

Unauthorised access, loss or disclosure of this information may lead to legal claims, regulatory penalties, disruption of operations and reputational damage.

·      The Group's networks and systems are protected by firewalls, security software and secure passwords.

·      A full GDPR compliance programme is being delivered with support from external legal and cyber security specialists.

·      All sensitive data is captured and presented using SSL encryption. Our transactional website is scanned quarterly to ensure PCI compliance.

·      Access to central member data systems requires 2-Factor authentication.

·      All customer payment data is stored externally on systems that are PCI-DSS and/or BACS certified.

As the Group grows, there is risk that delivery from service providers is either unreliable or of unsatisfactory quality.

·      Ensure quality suppliers are chosen through well-run tender processes.

·      Understand and seek to mitigate supplier key-man risks.

·      Service level agreements for all key suppliers.

·      Members of management monitor service levels and hold suppliers to account.

·      Ongoing assessment of whether any services should be moved to an insourced resource.

A limited number of corrective options in the cost base could be made to correct any underperformance in membership numbers, which could have an adverse impact on profitability

·      Monthly monitoring and re-forecasting of business performance at site level.

·      Active yield management on a gym-by gym basis.

·      Regular financial management by senior management team and Board.

Potential reputational damage and penalties.

·      The Board has oversight over the management of regulatory risk and compliance, and delegates specific responsibilities to senior management.

·      Expert opinion sought where relevant.

·      Legal advice taken to ensure systems, processes and documentation conform with the Data Protection Act.

·      Third party health and safety risks assessments and audits carried out. Staff conduct periodic health and safety assessments.

·      Employment and continuous training and development of appropriately qualified staff.