JUST GROUP PLC Annual Report and Accounts 2020
36
Principal risks and uncertainties continued
DESCRIPTION AND IMPACT
MITIGATION AND MANAGEMENT ACTION
RISK
Writing long-termDB de-risking, GIfL and equity release business requires a range of assumptions to be made based on market data and historical experience, including customers’ longevity, corporate bond yields, interest and inflation rates, property values and expenses. These assumptions are applied to the calculation of the reserves needed for future liabilities and solvency margins using recognised actuarial approaches. Experience may differ materially from the Group’s assumptions on these risk factors, requiring them to be recalibrated. This could affect the level of reserves needed, with an impact on profitability and the Group’s solvency position. To manage the risk of our longevity assumptions being incorrect, the Group has the benefit of its extensive underwritten mortality data, as well as external mortality data sets, to provide insights and enhanced understanding of the longevity risks that the Group chooses to take. The Group has monitored experience following the outbreak of COVID-19 and systematically reviewed external evidence related to the potential impact on assumptions. The Group continues to analyse possible direct and indirect impacts of the pandemic, including the possibility of an enduring effect on the longevity of customers. The Group relies on its operational processes and IT systems to conduct its business, including the pricing and sale of its products, measuring and monitoring its underwriting liabilities, processing applications and delivering customer service and maintaining accurate records. These processes and systems may not operate as expected, may not fulfil their intended purpose or may be damaged or interrupted by human error, unauthorised access, natural disaster or similarly disruptive events. Any failure of the Group’s IT and communications systems and/or third party infrastructure on which it relies could lead to costs and disruptions that could adversely affect its business as well as harm its reputation. Large organisations continue to be targets for cyber-crime, particularly those organisations that hold customers’ personal details and have implemented remote working arrangements for staff. The Group is no exception and a cyber-attack could affect customer confidence, or lead to financial losses.
Longevity and other decrement experience is analysed to identify any outcomes materially different from our assumptions and is used for the regular review of the reserving assumptions for all products. A significant proportion of longevity risk exposure is transferred to reinsurers. The Group performs due diligence on our reinsurance partners and they undertake due diligence on the Group’s approach to risk selection. The Group monitors its exposure to reinsurers on an on-going basis. Exposure is partially mitigated through the posting and receipt of collateral into third party trusts or similar security arrangements, or the deposit of premiums back to the Group, and is managed within the Group risk appetite limit. The Group measures its counterparty exposure as the change in excess own funds above Solvency II SCR from a default of each individual counterparty combined simultaneously with both longevity and market stresses. The measures used include the change immediately upon default and after the Group has re-established cover. The Group’s exposure to individual counterparties is subject to limits set by the Board. For equity release, the Group underwrites the properties against which it lends using valuations from expert third parties. The Group’s property risk is controlled by limits to the initial loan-to- property value ratio, supported by product design features, limiting specific property types and exposure to each region. We also monitor the exposure to adverse house price movements and the accuracy of our indexed valuations. The Group maintains plans and controls to minimise the risk of business disruption due to information security or resilience related events including civil unrest and pandemics. Detailed incident and crisis management plans exist to ensure effective responses, and these are supported by specialist third parties, including remote data centres. Protecting our customers’ interests is our top priority. Agile working arrangements enable the Group to protect customers, staff and business partners from operational shocks, ensuring that no one experiences any material detriment. A formal but flexible resilience framework, supplemented by our modern working capabilities, enables Group continuity of service. Just’s ability to remain operational is dependent upon a resilient technology platform, which allows us to switch our business from a central to a remote operating model. Risks associated with remote working have been assessed and addressed on an on-going basis. Privacy by design and staff awareness of their responsibilities underpins our commitment to protecting our customers’ data. Strong data protection controls support this philosophy, with all staff trained in data handling and the high standards that are expected to protect it. We operate a Group-wide network of Data Protection Champions to promote awareness, good practice and identify improvements within their teams. To support this commitment, the Group invests in tools to help identify, manage and report on data and cyber threats, including tools to monitor user access to sensitive data sets and the movement of data across the network. Using artificial intelligence and machine learning, these tools provide early warning of suspicious activity on IT systems. In 2020 the Group continued to spend on market leading products to protect a mobile workforce and to complete our multi-layered approach to information security. Further investment has been made on core infrastructure to help support the transition to remote and future hybrid working models.
RISK C RISKS FROM OUR PRICING AND REINSURANCE
Strategic objective
2. 3. 4. 5. 1.
Change in the year
Risk outlook
RISK D RISKS ARISING FROM OPERATIONAL PROCESSES AND IT SYSTEMS
Strategic objective
2. 3. 4. 5. 1.
Change in the year
Risk outlook
Powered by FlippingBook