Just Annual Report and Accounts 2021

JUST GROUP PLC Annual Report and Accounts 2021

PRINCIPAL RISKS AND UNCERTAINTIES CONTINUED

STRATEGIC PRIORITIES

No change/stable Increasing Decreasing CHANGES IN THE PERIOD/RISK OUTLOOK

Improve our capital position Transform how we work Get closer to our customers and partners

Generate growth in newmarkets Be proud to work at Just

RISK

DESCRIPTION AND IMPACT

MITIGATION AND MANAGEMENT ACTION

Writing long-term defined benefit de-risking, Guaranteed Income for Life and lifetime mortgage business requires a range of assumptions to be made based on historical experience, current data and future expectations, for customers’ longevity, corporate bond yields, interest and inflation rates, property values and expenses. These assumptions are applied to the calculation of the reserves needed for future liabilities and solvency margins using recognised actuarial approaches. Experience may differ materially from the Group’s assumptions, requiring them to be recalibrated in future. This could affect the level of reserves needed, with an impact on profitability and the Group’s solvency position. As part of its overall risk mitigation and capital management strategy, the Group purchases reinsurance from a number of reinsurance providers to cover a significant proportion of its longevity risk exposure. Use of reinsurance creates a counterparty default risk exposure in the unlikely event of the failure of the reinsurance provider. Just’s reinsurance counterparties have climate risk exposure which may impact their creditworthiness in due course. The Group relies on its operational processes and IT systems to conduct its business, including the pricing and sale of its products, managing its investments, measuring and monitoring its underwriting liabilities, processing applications and delivering customer service and maintaining accurate records. These processes and systems may not operate as expected, may not fulfil their intended purpose or may be damaged or interrupted by human error, unauthorised access, natural disaster or similarly disruptive events. Any failure of the Group’s IT and communications systems and/or the third party infrastructure on which it relies could lead to costs and disruptions that could adversely affect its business and ability to serve its customers as well as harm its reputation. Large organisations continue to be targeted for cyber crime. This includes attacks by state-sponsored actors on national infrastructure as well as criminal attacks on particular organisations that hold customers’ personal details. The Group is exposed to the effects of indirect and direct attacks and these could affect customer confidence, or lead to financial losses.

Current mortality rates are largely derived using historical experience. The Group has the benefit of its extensive underwritten mortality data, as well as external mortality datasets, in setting base longevity assumptions. Experience is regularly monitored to ensure consistency with expected levels of mortality. If there are material differences between assumptions and emerging experience, bases are modified appropriately. Assumptions relating to future longevity are based on our analysis of trends and likely drivers of future change. This analysis includes the potential impact (both direct and indirect) of COVID-19 on the longevity of customers. Given the uncertainty around the potential impact of both COVID-19 and climate risk on longevity, no explicit allowance is made for these in our assumptions. Any material climate risk developments will be considered as part of our overall basis setting. The Group performs due diligence on our reinsurance partners, who themselves undertake due diligence on the Group’s approach to risk selection. The Group manages its exposure to reinsurers on an on-going basis within the Group’s risk appetite limit, with the maximum exposure to individual counterparties being subject to limits set by the Group Board. This exposure is partially mitigated through the posting of collateral into third party trusts or similar security arrangements, or the deposit of premiums back to the Group. The Group measures its counterparty exposure as the change in its Solvency II SCR coverage ratio from a default of each individual counterparty combined with simultaneous longevity and market stresses. The measures used include the change immediately upon default and after allowing for management actions such as re-establishing cover. Potential increased counterparty risk in respect of the reinsurer due to climate risk is at present difficult to assess due to the diverse nature of the reinsurers’ business models but should become clearer over time. The Group maintains a system of internal control, with associated policies and operational procedures, to ensure its processes operate with a low level of risk of failure. The Group also defines clear expectations of the standards we expect of all colleagues. Protecting our customers and their data remains our highest priority, while maintaining a resilient framework on our existing, well-established business continuity management and disaster recovery capabilities. In parallel to this and as part of our commitment to continuous improvement, 2021 has seen some significant changes in the Group’s infrastructure, with the migration and rationalisation of data centres forming part of a wider network and technology transformation programme. This means that the Group is in an even stronger position to ensure the continuity of IT service availability, particularly for the technologies that enable important business services to support the needs of our customers. Group security and management of data has also seen advances in the capability implemented, including the latest technologies to protect our customers’ information from advanced cyber threats. Further management and security tools have been added to the Group email system to identify and resist malicious attacks. The newly deployed telephony system builds security and resilience into all contact points with our customers and partners. A specialist Security Operations Centre monitors all Group externally facing infrastructure and services, providing real-time threat analysis and incident management and response capabilities. The Group continues to invest in market-leading products to protect a hybrid workforce and to maintain our multilayered approach to information security and resilience.

Risk D RISKS FROM OUR PRICING AND REINSURANCE

STRATEGIC PRIORITIES

2. 3. 4. 5. 1.

CHANGE IN THE PERIOD

RISK OUTLOOK

Risk E RISKS

ARISING FROM OPERATIONAL PROCESSES AND IT SYSTEMS

STRATEGIC PRIORITIES

2. 3. 4. 5. 1.

CHANGE IN THE PERIOD

RISK OUTLOOK