Strategic Report
Financial Statements
Governance
107
Matters considered
How the Committee addressed the matter
OPERATIONAL RESILIENCE OPERATIONAL RESILIENCE FRAMEWORK
The Committee considered a self-assessment, which described Just’s operational resilience at a specific date and included an overview of lessons learnt from testing that had been conducted, and future remediation and test plans scheduled to ensure ongoing operational resilience. Following the review, the Committee concluded that the impact tolerances remained reasonable for the Group to operate safely and soundly to protect our customers in the event of a material disruption to business operations. Throughout the year, the Committee considered and challenged the Group’s operational resilience during discussions on the operational risk profile of the business, and received updates on technology modernisation programmes to support the business as it grows. This will remain an area of focus in 2025 and beyond. During the year, the Committee considered and approved the updated cyber security strategy, which set out objectives to further enhance the Group’s approach to managing cyber security risks. The Committee kept abreast of the steps being taken to attain an industry recognised accreditation for information security and audit, and received updates on other cyber security initiatives. Following the appointment of our new Group Chief Digital Information Officer in 2024, the Committee received an insight on his initial observations on technology and data capabilities at Just, the strategic risks that impact the Group and the actions that are being taken to mitigate the risks. The Committee also engaged on data risks, with particular focus on the risks associated with the use of third party administrators. Following consideration of the options available to enhance the assurance process, the Committee approved changes to the risk assessment process to independently verify suppliers’ security and technology measures to mitigate risks. Following a request from the Committee, a detailed overview of third party risk management at Just was provided in 2024. The Committee received an update on the steps being taken to evolve processes and controls, and plans to enhance policies and practices to meet the needs of the business as it grows. The Committee engaged on the management of risks related to chain outsourcing, and there was a discussion on next steps to enhance performance monitoring and the management of cyber risk. A focus area for 2025 will be to oversee enhancements to third party risk management processes.
IT RISK AND CYBER SECURITY STRATEGY
THIRD PARTY RISK MANAGEMENT
SUSTAINABILITY CLIMATE CHANGE During 2024, the Nested Meetings of the Committee received updates on the Responsible Investment Framework and the transition management plan to meet the climate-related commitments set by the Board, including a specific target for scope 3 emissions to reduce by 50% by 2030 and to achieve net zero by 2050. The Committee noted the progress on climate risk actions that had been made during the year and discussed future actions and concerns in relation to their delivery. This will remain an important focus area for the Committee in 2025 and beyond.
SUSTAINABILITY RISK
The Committee receives regular updates on the management of sustainability risk within Just. During the year, the Committee noted progress to embed sustainability across Just’s Enterprise Risk Management Framework, which included the creation of a new Group sustainability risk dashboard to monitor progress against sustainability metrics and assess the operation of key controls. The Committee considered the new challenges and risks relevant to the business, and will continue to monitor activities to manage risks as the sustainability environment continues to evolve. In 2024, the Committee received regular updates on the Group’s oversight of prudential and conduct risks, financial crime issues, and regulatory developments. It approved the annual compliance monitoring programme, including various changes requested throughout the year, and provided oversight of the findings from the reviews completed during the year. The Committee considered findings from various regulatory thematic reviews and noted the actions being taken to ensure the Group continues to meet regulatory expectations. During 2024, there continued to be a high level of regulatory activity as covered in more detail in principal risks and uncertainties on page 67. The Committee regularly reviews and challenges management’s view of conduct and customer risks across the Group. During the year, the Committee engaged on customer service levels, and received regular updates on actions being taken to enhance the Group’s customer complaints handling process. Just’s Consumer Duty Champion, Michelle Cracknell, presented an overview of the steps being taken to embed Consumer Duty and she provided her view on the areas requiring further work to ensure the ongoing effective delivery of good customer outcomes. The Committee noted plans to evolve customer metrics and further enhance reporting in 2025 as Just continues its journey to embed Consumer Duty across the business.
COMPLIANCE, CONDUCT AND REGULATORY RISK COMPLIANCE OVERSIGHT
CONDUCT AND CUSTOMER RISK
On behalf of the Group Risk and Compliance Committee
John hastings-bass Interim Chair, Group Risk and Compliance Committee 6 March 2025
Powered by FlippingBook