Strategic Report | Governance | Financial Statements | 99
Matters considered
How the Committee addressed the matter
OPERATIONAL RESILIENCE
The Committee considered a self-assessment, which described Just’s operational resilience at a specific date and included an overview of lessons learnt from testing that had been conducted, and future remediation and test plans scheduled to ensure ongoing operational resilience. As part of this review, the Committee considered and agreed changes to the impact tolerances for various important business services to ensure they are reasonable for the Group to operate safely and soundly to protect our customers in the event of a material disruption to business operations. During the year, the Committee enhanced its oversight of the Group’s information security strategy, including cyber security, and kept abreast of the steps being taken to attain an industry recognised accreditation for information security management. In addition to receiving regular reporting on cyber security developments, the Committee engaged on data risks, with particular focus on the risks associated with the use of third party administrators, and it considered the steps taken by Just to ensure that appropriate governance oversight processes and controls are in place to mitigate the risks. The Committee also considered changes to the information security and data protection key risk indicators which were made to ensure they remain appropriate for the identification and measurement of these risks. During 2023, the Nested meetings of the Committee received updates on the Responsible Investment Framework and the transition plan to meet the climate-related commitments set by the Group Board, including the specific target for scope 3 emissions to reduce by 50% by 2030 and achieve net zero by 2050. The Committee noted the progress on climate risk actions that had been made during the year and discussed future actions and concerns in relation to their delivery. This will remain an important focus area for the Committee in 2024 and beyond. During the year, the Committee also considered responsibilities for the management and oversight of sustainability. The Committee noted that there was appropriate accountabilities and oversight across the various environmental, social and governance elements of the sustainability framework to manage and mitigate sustainability-related risks. The Committee received an update on the Internal Model validation plan and developments in 2023 including risks to their delivery. Proposed changes to the approach taken by PLACL to calculate its regulatory capital requirement, which was aligned with the Group’s view of the underlying risk to PLACL, were considered and recommended to the Board for approval. As part of the approval process, the Committee considered the governance process followed when developing the proposed changes, regulatory expectations and the Group Chief Risk Officer’s opinion on the proposals. The Committee also received a report from the Group Chief Actuary, which summarised the validation work carried out on the JRL Internal Model during the year and conclusions of the validation performed. The report also summarised the validation work on the proposed changes to the calculation of PLACL’s regulatory Solvency Capital Requirement carried out in 2023 and outlined further work planned for 2024.
OPERATIONAL RESILIENCE FRAMEWORK
CYBER SECURITY AND DATA PROTECTION
SUSTAINABILITY
CLIMATE CHANGE
SOLVENCY II
INTERNAL MODEL
COMPLIANCE, CONDUCT AND REGULATORY RISK
In 2023, the Committee received regular updates on the Group’s oversight of prudential and conduct risks, and financial crime issues. It also approved the compliance monitoring programme, including various changes requested throughout the year, and provided oversight of the findings from the reviews completed during the year. The Committee considered findings from various regulatory thematic reviews including the FCA’s review of advice processes for lifetime mortgages and noted the actions being taken to ensure the Group continues to meet regulatory expectations. The Committee regularly reviews and challenges management’s view of conduct and customer risks across the Group. During the year, the Committee continued to provide oversight on the programme of work to update the conduct and customer risk framework to ensure that consumer outcomes are properly considered. The conduct and customer risk dashboard presented to the Committee has evolved to include a number of new metrics and there will be further enhancements in 2024 to reflect evolving Consumer Duty requirements. The Committee receives regular updates on general and specific regulatory developments relevant to the Group and the actions being undertaken by management in response. During 2023, there continued to be a high level of regulatory activity as covered in more detail in principal risks and uncertainties on page 67.
COMPLIANCE OVERSIGHT
CONDUCT AND CUSTOMER RISK
REGULATORY RISK
On behalf of the Group Risk and Compliance Committee
KALPANA SHAH Chair, Group Risk and Compliance Committee 7 March 2024
Powered by FlippingBook