JUST GROUP PLC Annual Report and Accounts 2019
38
Principal risks and uncertainties continued
DESCRIPTION AND IMPACT
MITIGATION AND MANAGEMENT ACTION
RISK
Writing long-term DB de-risking, GIfL and equity release business requires a range of assumptions to be made based on market data and historical experience, including customers’ longevity, corporate bond yields, interest and inflation rates, property values and expenses. These assumptions are applied to the calculation of the reserves needed for future liabilities and solvency margins using recognised actuarial approaches. Experience may differ materially from the Group’s assumptions on these risk factors, requiring them to be recalibrated. This could affect the level of reserves needed, with an impact on profitability and the Group’s solvency position. The Group relies on its operational processes and IT systems to conduct its business, including the pricing and sale of its products, measuring and monitoring its underwriting liabilities, processing applications and delivering customer service and maintaining accurate records. These processes and systems may not operate as expected, may not fulfil their intended purpose or may be damaged or interrupted by human error, unauthorised access, natural disaster or similarly disruptive events. Any failure of the Group’s IT and communications systems and/or third party infrastructure on which it relies could lead to costs and disruptions that could adversely affect its business as well as harm its reputation. Large organisations continue to be targets for cyber-crime, particularly those organisations that hold customers’ personal details. The Group is no exception and a cyber-attack could affect customer confidence, or lead to financial losses.
To manage the risk of our longevity assumptions being incorrect, the Group has the benefit of extensive underwritten mortality data to provide insights and enhanced understanding of the longevity risks that the Group chooses to take. Longevity and other decrement experience is analysed to identify any outcomes materially different from our assumptions and is used for the regular review of the reserving assumptions for all products. Some longevity risk exposure is transferred to reinsurers. The Group performs due diligence on our reinsurance partners and they undertake due diligence on the Group’s approach to risk selection. The Group monitors its exposure to reinsurers on an on-going basis. Exposure is managed through the posting and receipt of collateral into third party trusts or similar security arrangements, or the deposit of premiums back to the Group. The Group measures its counterparty exposure as the change in excess own funds above Solvency II SCR from a default of each individual counterparty. The measures used include the change immediately upon default and after the Group has re-established cover. The Group’s exposure to individual counterparties is subject to limits set by the Board. For equity release, the Group underwrites the properties against which it lends using valuations from expert third parties. The Group’s property risk is controlled by limits to the initial loan-to-property value ratio, supported by product design features, limiting specific property types and exposure to each region. We also monitor the exposure to adverse house price movements and the accuracy of our indexed valuations. The Group maintains a suite of risk management tools to help identify, measure, monitor, manage and report its operational risks, including those arising from operational processes and IT systems. These include a risk management system, risk and control assessments, risk event management, loss reporting, scenario analysis and risk reporting through the ORSA. The Group maintains plans and controls to minimise the risk of business disruption due to information security or continuity related events including civil unrest and pandemics. Detailed incident and crisis management plans exist to ensure effective responses and these are supported by specialist third parties for our workplace recovery centre. Protecting our customers’ interests is our top priority. Flexing the Group working arrangements in stressed times, such as during a pandemic, helps to ensure that our customers do not experience any material detriment. Our approach to information security is under constant review as the cyber-threat landscape evolves. Due diligence is performed on all partners to ensure that they work to the same high security standards as the Group. Just believes that every member of staff has a duty of care to protect the data that they handle. Using federated models for data protection, resilience (business continuity) and information security, we operate a Group wide network of Data Protection Champions to promote awareness. The Group invests in tools to help identify, manage and report on data and cyber threats, including tools to monitor user access to sensitive data sets and the movement of data across the network. Using artificial intelligence and machine learning, these tools provide early warning of suspicious activity on IT systems. In 2019 the Group committed a significant additional spend on upper quadrant security related products deployed on end-points. Further investment has been made on core infrastructure such as firewalls and secure architecture, with proactive monitoring by our specialist partner, responsible for managing our Security Operations Centre.
RISK C RISKS FROM
OUR PRICING ASSUMPTIONS
Strategic objective
1. 2. 3. 4. 5.
Change in the year
Risk outlook
RISK D RISKS ARISING
FROM OPERATIONAL PROCESSES AND IT SYSTEMS
Strategic objective
1. 2. 3. 4. 5.
Change in the year
Risk outlook
Powered by FlippingBook