68 | Just Group PLC | Annual Report and Accounts 2023
PRINCIPAL RISKS AND UNCERTAINTIES continued
RISK OUTLOOK
HOW THIS RISK EFFECTS JUST
JUST’S EXPOSURE TO RISK
OUTLOOK AND HOW WE MANAGE OR MITIGATE THE RISK
The value of corporate bonds and illiquid investments can be affected by the impact of climate risk on the assets or business models of corporate bond issuers and commercial borrowers. Yields available from corporate bonds may also be affected by any litigation or reputational risks associated with the issuers’ environmental policies or adherence to emissions targets. Our IT systems are central to conducting our business from delivering outstanding Customer service and to the financial management of the business. We maintain a framework of operational resilience and disaster recovery capabilities so that we can continue to operate the business in adverse circumstances. Protecting the personal information of our customers and colleagues is a key priority. Internal controls and our people are integral to protecting the integrity of our systems, with our multi-layered approach to information security supported by training, embedded company policies, and governance. We continue to invest in strategic technologies.
Following the BoE and PRA Climate and Capital Conference, in March 2023, the BoE published a report setting out its latest thinking. This included consideration of whether firms assess risks within the matching adjustment (MA) adequately to allow for the capture of climate risk. They will also start to explore whether it is appropriately reflected in external credit ratings (or firms’ own internal ratings) and if resulting MA benefits could be too large. The ABI are maintaining engagement with key stakeholders including Just. The cyber threat to firms is expected to continue at a high level in the coming years and evolve in sophistication. We will continue to closely monitor evolving external cyber threats to ensure our information security measures remain fit for purpose. Just’s Chief Information Security Officer has recently implemented a revised information security team structure and approach. 2024 will see further investments in cyber-attack countermeasures, to enable consistent delivery of required security standards, in line with our Cyber strategy. We will continue to evaluate impacts of other new and emerging technologies, such as Artificial Intelligence, during the year. Following the 2023 CBEST thematic findings from the Bank of England, a review of such by the Chief Information Security Officer found that there were minimal improvements required regarding the recommendations and guidance; all of which were of low residual risk and for which improvements have been undertaken to address such. To strengthen data security and overall resilience, in 2023, we continued to make enhancements to network architecture and implemented data centre upgrades. Our email system has been made more resilient to malicious attacks, including detection of emerging types of phishing and malware. A specialist security operations centre monitors all our externally facing infrastructure and services, with threat analysis, incident management and response capabilities. The Group’s cyber defences are subject to regular external penetration tests to drive enhancements to our technology infrastructure. The development of in-house systems and our use of third-party systems, including cloud, is continuously monitored by technical teams following established standards and practices. Experience and insights emerging since mid-2021 indicate that COVID-19, and the aftermath of the pandemic, will have a material and enduring impact on mortality for existing and future policyholders. Our views on the changes are updated annually taking into account recent data, emerging best practice and expected trends. The assumptions about these changes have been incorporated into Just’s pricing across our Retirement Income and Lifetime Mortgage products and will be updated as more information becomes available. Changes in customer behaviour due to current higher interest rates have been taken into account where appropriate.
2 CLIMATE AND ESG CONT...
3 CYBER AND TECHNOLOGY IT systems are key to serving customers and running the business. These systems may not operate as expected or may be subject to cyber-attack to steal or misuse our data or for financial gain. Any system failure affecting the Group could lead to costs and disruption, adversely affecting its business and ability to serve its Customers, and reputational damage.
TREND STABLE
STRATEGIC PRIORITIES 1. 2. 3. 4. 5.
A high proportion of longevity risk on new business Just writes is reinsured, with the exception of care business for which the risk is retained in full. Most of the financial exposure to the longevity risks that are not reinsured relate to certain business written prior to 2016. Reinsurance treaties include collateral to minimise exposure in the event of a reinsurer default. Analysis of collateral arrangements can be found in notes 26 and 34 of the Annual Report and Accounts. Mortality experience continues to be volatile and remains above pre-pandemic levels.
4 INSURANCE RISK In the long-term, the rates of
mortality suffered by our customers and other demographic risks may differ from the assumptions made when we priced the contract.
TREND STABLE
STRATEGIC PRIORITIES 1. 3. 5.
Powered by FlippingBook