Just group PLC | Annual Report and accounts 2022
GROUP RISK AND COMPLIANCE COMMITTEE REPORT continued
MATTERS CONSIDERED
HOW THE COMMITTEE ADDRESSED THE MATTER
OPERATIONAL RESILIENCE
The Committee considered a self-assessment including a scenario testing plan, which described Just’s operational resilience at a specific date together with plans for remediation to be completed before March 2025 to meet defined regulatory requirements for operational risk. As part of this review, the Committee considered actions required to improve the business continuity management programme, including further disaster recovery testing, and noted plans to improve resilience in 2022. The Committee received an update on work being carried out to enhance the Group’s information security strategy, including cyber security, and steps being taken to attain an industry recognised accreditation for information security and audit. A key focus for the year ahead is to enhance the governance and oversight of the Group’s information security strategy at Board level. The Committee met with the new Chief Information Security Officer which provided an opportunity to raise questions and engage on various matters including the resilience of the current information security infrastructure, scenario testing and cyber security developments. During 2022, the Committee continued to receive regular updates on various ongoing actions to further develop the Group’s Climate-related Financial Disclosures and ensure that climate risk management is fully embedded in the Group’s governance processes and day-to-day activities. The Committee noted the progress on climate risk actions that had been made during the year and discussed future actions and concerns in relation to their delivery. The Committee considered potential reputational risks on various matters including the governance framework. After consideration, the Committee concluded that although it was satisfied that the governance processes were appropriate, there should be a review of the governance arrangements and reporting at Board level to determine whether there should be any enhancements to the governance and oversight of sustainability matters including climate change. Further details can be found in the Section 172 report. The Committee received regular updates on the planned Internal Model developments in 2022 including any key risks to their delivery. A key focus area for the Committee was the review of a major model change application for submission to the PRA for its approval. The application set out proposed changes to the credit risk module of the JRL internal model to ensure that it continued to appropriately reflect the underlying risks to the Group and to align it with the latest regulatory expectations and market practice. The Committee recommended, and the Group Board subsequently approved, the major model change application, which was approved by the PRA on 28 November 2022. The Committee also considered a business case review to move PLACL from the standard formula to an internal model to align PLACL’s capital model to the Group’s view of the underlying risk to PLACL. The Committee assessed the options available for PLACL and the associated risk implications, and concluded that the move to an internal model should be a priority for the business in 2023.
OPERATIONAL RESILIENCE FRAMEWORK
CYBER SECURITY
SUSTAINABILITY
CLIMATE CHANGE
SOLVENCY II
INTERNAL MODEL
COMPLIANCE, CONDUCT AND REGULATORY RISK
The Committee regularly reviews and challenges management’s view of conduct risks across the Group. During the year, the Committee continued to provide oversight on the programme of work to update the conduct risk framework and related policies to ensure that consumer outcomes are properly considered. The conduct risk dashboard presented to the Committee has evolved to include a number of new metrics and there will be further enhancements in 2023 to reflect the new Consumer Duty requirements. Following the publication of final rules and guidance on the new Consumer Duty by the FCA in 2022, the Committee considered the steps that need to be taken by Just to meet the new requirements, including the appointment of Michelle Cracknell as Just’s Board level Consumer Duty Champion. Implementation plans were approved by the relevant Group entity Boards. The Committee engaged on a proposal to revise the Group Policy Framework to clearly articulate and demonstrate how all core risks and underlying risks are identified, measured, monitored, managed and reported. The Committee took into consideration how the revised Group Policy Framework was aligned with the wider Risk Management Framework, the governance and oversight arrangements, and the proposed approach to implementation. After consideration, the Committee recommended the proposal to the Group Board who subsequently approved it. The Committee receives regular updates on key regulatory developments relevant to the Group and the associated actions being undertaken by management. During 2022, there continued to be a high level of regulatory activity as covered in more detail in the Principal risks and uncertainties report.
CONDUCT RISK AND CONSUMER DUTY
GROUP POLICY FRAMEWORK
REGULATORY RISK
On behalf of the Group Risk and Compliance Committee
KALPANA SHAH Chair, Group Risk and Compliance Committee 6 March 2023
94
Powered by FlippingBook