'Nothing Is More Important Than The Safety Of Our Fans'

Everton Director of Risk and Governance Paul McNicholas details his extensive role.

Can you tell us a bit about your role please, Paul...


The best way to describe what my team does is that it’s all about protecting the Club.

Over the past couple of years we’ve been working hard to enhance our structures and processes to make sure that as a business we are well managed and well governed.

We put in place a risk management framework so that management at the Club understand the risks we are facing, both as a football club and as a business, and to make sure they are managing those risks effectively. And if something does go wrong, we’re there to help ensure we react to it in the right way.

Football clubs have a lot of legal risk exposure, and we have a dedicated Legal Team who make sure our contracts with players, agents, suppliers and commercial partners give us the protection we need so that if something goes wrong, we’re in a strong position to defend ourselves.

We also look after a range of other things such as insurance and data protection to ensure the Club is properly protected.

What sort of risks does the Club face?

We look at all aspects of risk to the Club, so there are too many to mention, really, but to give you some examples - we have some big operational risks on matchdays at Goodison Park, and we invest heavily in resourcing a safe and efficient matchday operation which our fans and visitors can enjoy.

Obviously our players are incredibly important assets to the Club, so as you can imagine we do a lot to ensure they are safe and in the best possible condition to perform on a matchday.

There are financial risks as well - the Club turns over around £180million a year, and we have to make sure that money is well spent and that we’re not taking unnecessary financial risks.

For obvious reasons, matchday security is a huge priority for every football club…

There is nothing more important than the safety of our fans and visitors. Our Head of Security, Dave Lewis, has a crisis management plan which we actually tested during the Watford game. We brought our Crisis Management Team together, including Denise our CEO, in less than four minutes. That gave us the assurance that, if we need to, we can start making decisions and making things happen very quickly.

Have you got to keep a close eye on the Brexit situation?

We know that Brexit is going to affect every club in some way or another and at the moment, like everyone else in the country, we don’t know exactly what that’s going to look like. We’re working really closely with the Premier League to make sure we’re at the forefront of whatever changes actually happen.

What impact could there be on football clubs?

We think the main impact for us is likely to be on player trading because there will probably be changes to the rules around bringing in EU-based players, which at the moment is not massively different from signing a British player.

Going forward it could be more difficult, for example, if EU players need to meet certain criteria to obtain a visa. This could mean some players become unobtainable, and it would also slow down the transfer process.

I think one of the things that could change is transfer deadline day because when you’re up against the ticking clock, last-minute signings could become more difficult to get over the line.

I know the Premier League and FA are working hard to minimise the disruption to clubs, and hopefully we will know more about how it will work soon.

Are you very much involved on transfer deadline day?

I’m not personally, but our Legal Team is obviously very involved. They will head to USM Finch Farm on deadline day with contracts at the ready for any last-minute transfers.

The threat of cyber-attacks needs to be monitored, doesn’t it?

Yes it does and we are continuously upgrading and testing our systems to make sure they’re well protected. As well as our operational systems such as ticketing, turnstiles, emergency systems and wifi, we have to make sure we properly protect our fans’ and stakeholders’ data, as well as our own.

GDPR (the General Data Protection Regulation) was something we had to deal with last year - we had a deadline of May 2018 to be fully compliant and we had huge amounts of data from the likes of fans, players, staff, suppliers, volunteers, EitC participants and Free School students, and we had to make sure each individual piece of data was compliant. It was a big piece of work but we did it with time to spare!

It’s important for our fans to know their data is safe with us, isn’t it?

Absolutely - our fans can be assured that the way we deal with their personal data is fully compliant with the GDPR regulations, and that’s the way it should be.