There is no legal requirement for business to guard against crime in general terms. The closest the United Kingdom has come to guidance on business responsibilities in relation to crime is the Turnbull report of 1999, which stated that crime could be included as a specific risk that directors of public limited companies (PLC's) need to address and report on to their shareholders. Three major areas with which government and the public may be concerned but which “fall below the Turnbull radar” are the non-application to those businesses that are not PLC's; the apparent lack of need to deal with crimes below corporate materiality levels; and the apparent irrelevance of crime externalities generated by the company’s core or marginal business. There is no legal obligation on any company to do more about any of these three items than they are minded to do in furthering shareholder or private interests. Crime can have its effect on business in a number of ways. Catastrophic single major hits can cause destruction or serious interruption of major business assets. Criminal acts can happen where individual occurrences have comparatively little impact on profitability, but where the cumulative effect of repeated occurrences can lead to business failure. There can be crime that may not damage the business directly but can have a significant effect on the reputation of the business. Every business has its own risk profile, and business crime needs to be broken down into categories appropriate to the business. The business needs to assess the possible impact of the risks and consider the appropriate response. The six steps a business can take to achieve this are to establish the nature of the business; look at actual experience; look at the experience of comparable organizations; define information requirements and establish routines; establish cost-effective programs for review, controls, and prevention; and have a post-event strategy and plan. 47 notes