Company Announcements

Key considerations

Our target customer cohorts require robust practices to support responsible lending for borrowers under financial pressure and provide appropriate solutions to meet our customers' needs. We continually seek improvement to our product governance processes and customer outcome monitoring activity across the First and Second Lines of Defence, and proactively provide compliance advice and guidance on key matters.

We continue to see a high volume of complaints driven by Claims Management Companies (CMCs), with one such CMC accounting for 80% of the volume. CMCs are regulated by the Solicitors Regulation Authority and therefore do not follow FCA guidelines. Due to this, we are witnessing poor practices, such as lack of customer due diligence on their part, and the level of upheld complaints has been consistently low for both the Group and the Financial Ombudsman Service (FOS).

Mitigating actions

-     Customer, Culture and Ethics Committee oversaw the development, embedding and monitoring of the Group's customer objectives.

-      The Group successfully delivered the requirements to meet the FCA's Consumer Duty regulations in July 2023.

-    Board-approved conduct risk framework and supporting metrics are embedded across the Group to ensure delivery of good customer outcomes across all high-risk interactions, such as lending, forbearance, vulnerability and complaints.

-     A rigorous customer outcomes assurance activity programme is in place.

-     A complaints methodology and forum have been established to identify and learn from complaints trends and FOS referral outcomes.

-     In November 2023, the FCA confirmed receipt of our update on queries relating to Borrowers in Financial Difficulty (BiFD) action and acknowledged our ongoing progress to deliver the BiFD action plan.

Key considerations

As a dual regulated firm, we need to adapt to the regulatory environment as it continues to develop to ensure our lending is sustainable, suitable and affordable. The PRA/FCA published 'The Regulatory Initiatives Grid' in November 2023 and it highlights a number of key initiatives that are being proposed for 2024/25. The current initiatives do not pose a risk at this stage to the Group.

The FCA announced in January 2024 that it intends to review how motor finance firms have implemented a ban, originally introduced back in 2021, on discretionary (variable) commission levels. The announcement does not impact the Group directly as we do not pay discretionary commission currently or historically, only fixed, on our vehicle finance products.

Mitigating actions

-     SMCR responsibilities are aligned to the RMF and Group Delegated Authorities Manual (GDAM) providing a complete and clear view of accountability, risk and control ownership and clarity around delegations and mandates for approval. Senior management functions are required to attest to their understanding and agreement of these.

-      Conduct and regulatory policies and procedures are in place to ensure the Group has appropriate controls and processes to deliver fair customer outcomes.

-   A compliance monitoring plan is in place, supported by a robust methodology, to independently assess the adequacy and effectiveness of the control frameworks in place to drive fair customer outcomes and regulatory compliance.

-    Strong and proactive regulatory relationships with regular lines of communication are in place with both the FCA and PRA, who have been kept abreast of our strategic initiatives, key risk management activities and responses to regulatory developments e.g. Consumer Duty implementation and BiFD action plan.

-    Following the PRA's Periodic Summary Meeting in March 2023, we have successfully completed all actions due for delivery in 2023, with a small number to deliver in Q1 2024.

Key considerations

Financial crime includes anti-money laundering (AML), counter terrorist financing (CTF), financial sanctions, external and internal fraud and anti-bribery and corruption (ABC).

On average, we monitor 11 million transactions and 1.75 million customers each month for signs of financial crime. The banking industry continues to suffer from organised crime groups socially coercing individuals into providing security information, exposing them to fraud. In addition, the Group's fraud exposure has increased as a result of the Group's changing risk profile due to an increase in brand prominence, the launch of digital wallets and higher average credit limits/loan values offered to customers. Further technology developments are ongoing in support of our detection and prevention objectives.

Mitigating actions

-    Financial crime oversight has been consolidated across all products, implementing consistent risk oversight supported by Group-wide AML, CTF, sanctions, fraud and bribery policies, overseen by a Group Money Laundering Reporting Officer (MLRO).

-     The Financial Crime Risk Forum provides oversight and challenge on the Group's financial crime risk systems and controls. The Group MLRO provides twice-annual updates to the Risk Committee.

-   Industry-standard prevention and detection systems are in place covering fraudulent transactions, suspicious activity, customer screening and application fraud. These are regularly reviewed and refined to ensure effectiveness.

-      A Group-wide Fraud Strategy and Analytics team is in place within the First Line of Defence, which focuses on fraud prevention, consistent and fair customer outcomes and loss mitigation.

-      A detailed business-wide financial crime risk assessment is in place to measure financial crime risk consistently and effectively. This is now being extended to cover the vehicle finance product.

-   Oversight of our outsourced operations administering our savings products has been enhanced and the articulation of the financial crime controls. All new products are subject to a financial crime risk assessment.

Key considerations

The Group and Bank maintain sufficient capital resources, both in terms of amount and quality, to support the business strategy and provide a buffer for stress events. Throughout the year, the Group and Bank have maintained capital ratios in excess of regulatory requirements (see capital risk management section on page 140 for the Group's capital position). In assessing the adequacy of capital resources, the Group and Bank consider the material risk to which they are exposed and the appropriate strategies required to manage those risks.

The 'Strong and Simple' regulatory initiative will be monitored for any impacts on the Group's and Bank's management of capital risk. The PRA is expected to begin consultation on capital requirements for simpler regime firms in Q2 2024. The implementation of Basel 3.1 is expected to have limited impact on the capital position.

Mitigating actions

-      The capital framework is reviewed by the Board as part of the annual Internal Capital Adequacy Assessment Process (ICAAP).

-   Capital risk appetite metrics are monitored by the Board, Risk Committee and Assets and Liabilities Committee (ALCO).

-    Capital is held to meet Pillar 1 requirements, the most significant elements for the Group and Bank being credit and operational risks.

-     In addition, the PRA requires firms to hold capital to meet Pillar 2A requirements, as assessed in the ICAAP. This confirms the amount of capital required to be held to meet risk partially covered by Pillar 1 and risk not covered by Pillar 1. The combination of Pillar 1 and Pillar 2A requirements forms the TCR.

-    To protect against consuming its TCR, firms are also subject to regulatory capital buffers and the PRA may set an additional firm-specific PRA buffer, forming the OCR.

-      In March 2023, the Group announced a reduction to its TCR from the PRA to 11.9% (previously 18.3%). The OCR reduced from 21.8% to 15.4%, which included the regulatory combined buffer prevailing at the time of 3.5% but excluded confidential buffers set by the PRA and additional internal management buffers.

-      The Group's Pillar 3 disclosures for the year ended 31 December 2023 are published separately on the Group's website. Pillar 3 complements Basel's Pillar 1 and 2 framework and seeks to encourage market discipline by developing a set of disclosure requirements, which would allow market participants to assess key pieces of information on a firm's capital, risk exposures, risk management processes, leverage and remuneration.

Key considerations

The Group and the Bank maintain sufficient liquid assets both in terms of amount and quality, to meet daily cash flow needs and stressed scenarios driven by the Group's own risk assessment and regulatory requirements. Throughout the year, the Group and Bank have maintained funding and liquidity ratios in excess of regulatory requirements. Liquid assets solely comprise of reserves held with the Bank of England (see liquidity risk management section on pages 136 to 138). The 'Strong and Simple' regulatory initiative will be monitored for any impacts on the Group's and Bank's management of funding and liquidity risk. Changes announced to date have limited impact on the management of this risk, which are due to go live throughout H1 2024.

Mitigating actions

-      The funding and liquidity framework is reviewed by the Board as part of the annual Internal Liquidity Adequacy Assessment Process (ILAAP). ALCO is responsible for managing the balance sheet structure, including the funding plan and its risks.

-      To ensure that there is no significant risk that liabilities cannot be met as they fall due, business cash flows are managed and stress tested. The Group and Bank maintain liquid asset buffers of at least 100% of the anticipated outflows seen under internal stress test scenarios (90-day stress) and the regulatory prescribed liquidity coverage ratio (30-day stress).

-     Funding and liquidity metrics are monitored through daily liquidity reporting, reported monthly at ALCO meetings and quarterly to the Risk Committee and Board.

-     Throughout the year, the Group has moved to a more retail deposit source of funds, having successfully repaid maturing wholesale funding sources. Additionally, the Bank has demonstrated that it continues to have access to the retail deposit market through fixed-rate deposits. The Group has worked closely with our third-party provider, Newcastle Strategic Solutions Limited, to make operational improvements and has broadened the range of retail products it offers to include 30-day and 90-day notice accounts. The Bank will continue to ensure it has sufficient and diverse access to retail deposit markets.

Key considerations

Operational risk is inherent to our Group's activities and can crystallise in the form of interruption or degradation in the performance or capacity of our technology applications and operational infrastructure. Our inherent operational risk is heightened as we deliver our activities through a multi-site and hybrid colleague working approach, utilising in-house capability, third-party and offshore business support. During 2023, we increased customer operation activity with our existing offshore partners.

Whilst it is not possible, nor cost effective, to fully eliminate operational risk, failure to build resilience and recovery capabilities into business processes can result in customer detriment, loss and reputational damage.

Mitigating actions

-     The Group's Three Lines of Defence model ensures there are clear lines of accountability between management which owns the risks, oversight by the Risk function and independent assurance provided by Internal Audit. The model provides continuous integrated assurance over the effectiveness of key controls and swift response and remediation to issues if they arise, supported by an automated and integrated risk management system.

-     Operational risk is overseen by the monthly Operations Risk Forum, with clear lines of escalation.

-      The RMF has been enhanced to drive improvement of operational risk management assurance activity e.g. RCSA, controls testing programme, risk event management and key risk indicators.

-     An Operational Resilience programme is established and on track for regulatory deadlines and continues to test against important business services impacting scenarios.

-    A fully implemented supplier management model is in place with a supporting third-party risk management framework being embedded throughout 2024.

Key considerations

The Group is initiating a strategic redirection, which seeks to strengthen and grow the business in an effective and sustainable manner, meeting the needs of all our stakeholders. Effective risk management is critical to both the delivery of strategy and maintaining our existing commitments in a safe and controlled way.

Mitigating actions

-     The Board and its sub-committees make risk-based decisions in the formulation of their business strategy, in line with the GDAM and risk appetite framework and subject to independent oversight from the Risk function.

-      Strategic and emerging risks are reported to the Risk Committee and Board. Throughout the year, the CRO has highlighted a significantly high level of change across the Group to both its strategic objectives and operating model, and the broader plans in place to stabilise the business, which has increased strategic performance risk and thus remained a key focus.

-      The Risk function has had an active role providing oversight, challenge and support to the range of strategic initiatives that have been implemented during the year, which encompass the offshoring of aspects of customer services, the reduction in the Group's TCR, the delivery of Gateway across the Group and, more recently, the strategy development.

-      The Group continues to quantify the actual and potential impacts of climate-related risks and opportunities on our business, strategy and financial planning. ICAAP activity takes account of material climate-related financial impacts, meeting PRA requirements. Further detail of the governance and management of the climate-related risks and opportunities and our TCFD disclosure can be found in the sustainability section from page 19.

Key considerations

Models are widely used across the Group and play an important role in helping achieve key business decisions, risk management and strategic objectives. The use of models carries inherent risk to the Group due to their underlying assumptions, methodologies and complexities. Effective model governance, oversight and validation of models are key in mitigating model risk across the Group.

Mitigating actions

-     A model risk management framework, policies and standards are in place and align with the PRA's Model Risk Management Principles.

-     A Model Risk Committee has been established to provide model risk oversight with supporting technical forums created to review model developments and model performance monitoring across the Group.

-      A model inventory is in place and reviewed on a regular basis.

-  Material models are independently validated and corresponding validation findings and actions are regularly tracked.

-   Planned enhancements to existing IFRS 9 models and the model monitoring framework have been completed.