REG-Capita PLC: Annual Financial Report

CapitaAnnouncement

14/03/2019 14:35

14 March 2018

Capita plc

(the "Company")

Annual Financial Report

In compliance with Rule 4.1 of the Disclosure Guidance and Transparency Rules
(“DTRs”), the Company announces the publication of its Annual Financial
Report for the year ended 31 December 2018. Pursuant to Listing Rule 9.6.1, a
copy of this document has been submitted to the National Storage Mechanism and
will shortly be available for inspection at http://www.hemscott.com/nsm.do.
The document is also available on the Company's website:
www.capita.com/investors.

Additional Information

A condensed set of the Company's financial statements and information on
important events that have occurred during the financial year and their impact
on the financial statements, were included in the preliminary results
announcement released on 14 March 2018. That information, together with the
information set out below, which is extracted from the Annual Report and
Accounts 2018, is provided in accordance with DTR 6.3.5. This information
should be read in conjunction with the Company's preliminary results
announcement. This announcement is not a substitute for reading the full
Annual Report and Accounts 2018.

Principal risk categories

Our risk management framework is based around risk categories against which
our businesses measure their risk exposure and report on incidents and issues.
The ‘critical’ risk exposures are reported directly to the Audit and Risk
Committee to provide clear line of sight. The principal risks represent the
main risks to the strategy and objectives of Capita.

The principal risks and uncertainties which are considered to have a material
impact on Capita’s performance and achievement of its strategy are set out
on the following pages. External and internal risk factors are considered.
This is not intended to be an exhaustive and extensive analysis of all risks
which may affect our businesses. Additional risks and uncertainties not
presently known to management, or currently deemed to be less material, may
also have an adverse effect on our objectives.

To repeat, Capita is in year one of a fundamental transformation plan. The
principal risks reflect this; in particular, Capita’s ability to meet
financial expectations, deliver sales growth and protect its reputation, so as
to continue to do business. The integrated nature of the transformation plan
is designed to mitigate these risks as effectively as possible. Accordingly,
such mitigation is dependent on the successful implementation of this plan.

1. Failure of internal systems of control – controls do not operate
effectively or do not operate at all. Potential impact:
* Increased fraudulent activity
* Increased risk of financial malpractice
* Increased regulatory scrutiny
* Increased costs associated with remediation activities
* Reputational damage
* Service detriment to our clients or end-customers
* Financial loss
How we manage the risk:

Mitigating actions in 2018
* Governance, boards and committees in place to review
* Internal audit programme of work
* Monitoring of regulatory requirements
* Monthly performance tracking of risk indicators
 Future actions
* Controls and risk self-assessment
* Financial Services Risk Committee put in place
* Implementation of a new finance systems supported by standard processes and
controls
2. Failure in information security controls – information held in systems is
accessed or shared in breach of policy. Potential impact:
* Significant loss of data
* Loss of customer confidence
* Failure to win new business
* Regulatory censure/fine
* Remediation programme at Capita’s expense
How we manage the risk:

Mitigating actions in 2018
* Capita operates and holds certifications for ISO 27001
* External review of cyber-resilience
* Programme of work of remediate issues
* Detective controls in place and regularly reviewed to consider new threats
* Preventative controls in place and regularly updated to detect new threats
* Data protection programme of work carried out
  Future actions
* Comprehensive review of current status of resilience against group and
contract requirements
* Simplify our cybersecurity through the creation of a single cyber-operations
centre
* Strengthen our cyber-posture by developing and mandating additional
capabilities, including organisational awareness and enhanced training of our
people
* Work with organisations, such as Security Alliance (a Gartner company), to
help assess the threat to Capita by looking from an external viewpoint
* Run continuous vulnerability assessments across the estate to proactively
identify weaknesses that need to be addressed
* Run executive cyber-training to ensure all our senior employees are aware
that cybersecurity is a business responsibility and not just an IT
responsibility
3. Increased business complexity – business has grown into many diverse
business areas. Potential impact:
*
Lack of clear accountability within the business
*
Risk and performance management are more difficult to operate effectively,
leading to sub-optimal outcomes for all stakeholders
*
Divisions not working together, duplicating effort and driving up costs

 How we manage the risk:

 Mitigating actions in 2018
*
Reorganised business into coherent divisions
*
Implemented a clear operating model with supporting governance to clarify
accountabilities
*
Simplified the range of market offerings
*
Strengthened corporate and divisional management
*
Disposal of non-core businesses

 Future actions
*
Embed operating models across business
*
New customer relationship management tool to be put in place
*
Financial models agreed where divisions introduce each other

4. Operational IT – IT infrastructure is not fit for purpose. Potential
impact:
*
Disruptions to service lead to loss of revenue
*
Service credits payable to clients
*
Loss of confidence in Capita’s IT systems

How we manage the risk:

Mitigating actions in 2018
*
Upgrade technical abilities
*
Investment in data centre network
*
Simplified existing IT environment
*
Change management processes help reduce risk and unplanned outages

Future actions
*
Continued activity on simplifying data centre network Continued investment in
IT resilience

5. Failure to effectively manage our people – unable to recruit and retain
key employees. Potential impact: 
*
Loss of key employees
*
Unable to attract the right people with the right skills
*
Lack of skilled, competent resource
*
Increased cost of recruitment due to high attrition rates
*
Unable to deliver Capita’s strategy
*
Lack of continuity at Executive Committee level

How we manage the risk:

Mitigating actions in 2018
*
Chief People Officer appointed
*
Focus on culture from the top
*
Strengthened senior leadership team
*
People strategy defined
*
Improved engagement across the business
*
Capita Academy launched

Future actions
*
Focus on succession planning and development of employees
*
Talent reviews, enabling employees to identify new opportunities and to move
to new roles within Capita
*
Investment into new HR systems

6. Weaknesses in acquisition and contracting – entering poorly worded
contracts to our detriment. Potential impact: 
*
Loss of contracts
*
Lack of ability to acquire new business
*
Contract terms are punitive
*
Contract terms are not met or understood
*
Loss of profits
*
Exposure to unexpected costs or onerous terms
*
Brand and reputation damage if not managed effectively
*
Acquisition synergies are not realised

How we manage the risk:

Mitigating actions in 2018
* Contract Review Committee in place to better understand contract risks in
new or existing arrangements
Future actions
*
Delivery of a clearly defined Contract Management process
*
Transactions committee to be put in place

7. Legal and regulatory – breaking the law or not meeting regulations.
Potential impact: 
*
Censure or fine from a regulator
*
Reputational damage
*
Lack of confidence from investors and customers
*
Data Subject Access requests not completed within required timescales
*
Increased costs due to remediation activities
*
Increased regulatory scrutiny which could limit potential for growth

How we manage the risk:

Mitigating actions in 2018
*
Regular risk committee meetings held throughout the year, including the Audit
and Risk Committee
*
Engagement with regulatory bodies
*
Specialist team monitoring and engaging with regulators over proposed
regulatory or legal changes
*
Chief General Counsel appointed
*
Legal team in place across the divisions to manage potential and actual issues

Future actions
*
Financial Services Risk Committee to focus on financial services risk
*
Development of controls and risk self-assessment tool
*
Refresh and roll-out of a revised risk framework

8. Failure to achieve financial expectations – adverse performance against
our stated business plans. Potential impact: 
*
Loss of revenues, profits and/ or cash flows
*
Failure to return to organic revenue growth
*
Loss in shareholder value
*
Undermines investor confidence
*
Erodes corporate position in the market
*
Weakens our ability to attract and retain the best people

How we manage the risk:

Mitigating actions in 2018
*
Move to a multi-year strategic planning range
*
Detailed bottom-up Board-approved business plan for 2019 and 2020
*
Enhanced monthly performance reviews
*
Clearer financial and operational KPIs at business, divisional and functional
level
*
New Executive Committee governance committees
*
Appointed Chief Growth Officer

Future actions
*
Delivery of upgraded financial systems, processes and controls
*
Deep-dive review of businesses to assess progress against the new strategy
*
Plan to drive revenue growth

9. Lack of corporate financial stability – failure to manage financial
exposures and access to finance. Potential impact: 
*
Increase in leverage
*
Inflexible balance sheet
*
Lack of cash to invest
*
Inability to grow
*
Lack of confidence from investors and customers

How we manage the risk:

Mitigating actions in 2018
*
Launched new strategy
*
Completion of the rights issue
*
Disposal of non-core businesses
*
Reduction in leverage
*
Early repayment of debt
*
Targeted investment
*
Achieving £70m of cost-out savings
*
Developed a plan to address pension deficit

Future actions
*
Further repayment of debt

10. Failure to innovate – not keeping up with technology or other changes.
Potential impact:   
*
Inability to grow and develop into new markets
*
Loss of new and existing business to competitors
*
Erodes corporate position in the market
*
Weakens our ability to attract and retain the best people
*
Unable to compete with others who are innovative

How we manage the risk:

Mitigating actions in 2018
*
Strengthened the executive team with a Chief Digital Officer and Chief Growth
Officer
*
Working with external technology partners to develop our digital offering
*
Share market innovation best practice internally

11. Adverse changes in political landscape – unable to operate under a
different political regime. Potential impact:  
*
Fewer outsourcing opportunities offered by the public sector
*
Existing business no longer outsourced
*
Exposure to markets with limited growth opportunities
*
Loss of revenues, profits and/ or cashflows

How we manage the risk:

Mitigating actions in 2018
*
Engagement with Government and other parties (e.g. regulators) to understand
current thinking
*
Preparations made in relation to Brexit
*
Understanding of client requirements for Brexit if there is a transition
period or no deal with Europe

Future actions
*
Build a broader base of understanding about Capita as a transforming business,
committed to delivery of service
*
Demonstrate value delivered in public sector

12. Reputation – poorly thought of by our stakeholders. Potential
impact:  
*
Loss of confidence in Capita
*
Clients suffer reputational damage
*
Fewer or no new contracts
*
Loss of revenues, profits and/ or cash flows
*
Unattractive proposition for shareholders to invest in

How we manage the risk:

Mitigating actions in 2018
*
Director of Corporate Affairs appointed
*
Reactive and proactive management of media stories
*
Working with selected media to promote Capita’s positive image

Future actions
*
Deliver new corporate affairs strategy
*
Ensure Capita’s multi-year transformation is understood and clearly
communicated to all stakeholders
*
Embed new corporate purpose, and refreshed values and behaviours

13. Transformation – making the business fit for the future. Potential
impact:  
*
A more complex business that is unmanageable
*
Loss of revenues, profits and/or cash flows
*
Money spent on transformation is wasted
*
Business is not fit for the future

How we manage the risk:

Mitigating actions in 2018
*
‘Blueprint’ used to ensure consistent approach to operating model across
divisions and functions
*
Chief Transformation Officer appointed
*
Focus by Executive Committee on risks
*
Simplification is the way to strengthen the business

Future actions
*
Complete operating model work
*
Embed the new model

Emerging Risk

Impact of Brexit:

While the details around the UK’s scheduled departure from the EU remained
unclear at the time of writing this Annual Report, Capita has continued to
review a range of Brexit scenarios and conducted contingency planning. We have
taken steps to manage risk in specific areas and are not aware of any material
company-specific impacts from Brexit. We are therefore confident that there
will be no significant disruption to the services we offer clients.

Capita employs a significant number of EU nationals, and we want to see
maximum certainty for our valued employees and colleagues. We are providing
guidance and support for those who are applying for settled status in the UK.

Our preparations for any Brexit scenario, including a ‘no deal’ exit,
include safeguards to ensure resilience around potential changes to data
protection rules, procurement rules and immigration requirements. As with
other companies, Capita would be subject to any deterioration in the economy
occurring as a result of Brexit.

We continue to monitor political developments and consider scenarios as the
Government’s plans and positions develop.

Other risk factors

Protecting our information and data:

Protecting the data of our clients, our company and our people is one of the
most fundamental and important responsibilities we have. Our Data Protection
and Information Security Policies, Standards and Procedures ensure we treat
personal information correctly, in accordance with the law and best practice.
When we process personal information (including sensitive personal
information), we ensure that we comply with these policies, standards and
procedures including its collection, storage, use, retention, transfer,
deletion and safe destruction.

In order to ensure compliance with the Data Protection Act 2018 (and General
Data Protection Regulations), we have implemented a comprehensive programme,
including a network of trained privacy professionals who provide expert help
and assistance for anyone handling data within our business or on behalf of
our clients.

We continue to raise awareness of the importance of data protection and
privacy through our mandatory data protection training and ongoing training
programmes, in particular the Think Privacy; Think Security campaigns.

Cyber-attacks:

Cyber-attacks continue to negatively impact all industry sectors.

Capita fully recognises the persistent cyber-threat posed by criminals and
nation-states, and that cyber-attacks are increasing both in their number and
in their sophistication.

The Board remains focused on ensuring our businesses and systems are resilient
against the latest cyber-threats and have instigated a cyber-resilience
programme. Supported by external and internal cybersecurity subject matter
experts, the cyber-resilience programme liaises with our businesses and IT
providers to implement and maintain robust preventative security controls
throughout Capita’s IT estate. As a managed service provider, we recognise
our role within our client’s supply chain, and the increasing cyber-threat
posed by nation-state resourced actors targeting our clients.

We continue to work closely with UK Government agencies and our partner
organisations, to help protect our clients’ digital assets and services, and
the key parts of the national information infrastructure with which we are
entrusted.

Related party transactions

Compensation of key management
personnel                      
                                           

                                 2018  2017  
                                  £m    £m   
 Short term employment benefits  11.9  11.3  
 Pension                          0.2   0.2  
 Share based payments              -    0.1  
 Total                           12.1  11.6  

Gains on share options exercised in the year by Capita plc Executive Directors
were £0.0m (2017: £0.7m) and by key management personnel £0.0m (2017:
£0.2m), totalling £0.0m (2017: £0.9m).

During the year, the Group rendered administrative services to Smart DCC Ltd,
a wholly-owned subsidiary which is not consolidated (refer to note 34 of the
Annual Report and Accounts 2018). The Group received £64.3m (2017: £55.5m)
of revenue for these services. The services are procured by Smart DCC on an
arm’s length basis under the DCC licence. The services are subject to review
by Ofgem to ensure that all costs are economically and efficiently incurred by
Smart DCC.

Capita Pension and Life Assurance Scheme is a related party of the Group.
Transactions with the Scheme are disclosed in note 32 – Employee benefits on
pages 157-164 of the Annual Report and Accounts 2018.

The following companies are substantial shareholders in the Company and
therefore a related party of the Company (in each case, for the purposes of
the Listing Rules of the UK Listing Authority).

The number of shares held on 5 March 2019 was as below:

 Shareholder                          No. of shares  % of voting rights  
 Veritas Asset Management LLP (1)     192,533,863    11.54               
 Invesco Ltd.                         191,409,106    11.47               
 Investec Asset Management Ltd        153,805,729    9.22                
 RWC Asset Management LLP             127,012,876    7.61                
 Schroders Investment Management Ltd  101,030,829    6.06                
 Woodford Investment Management LLP   93,562,659     5.60                
 Coltrane Asset Management, L.P       82,388,589     4.94                
 BlackRock, Inc.                      74,230,358     4.45                
 Marathon Asset Management LLP        64,756,810     3.88                
 Veritas Funds PLC                    55,009,900     3.30                
 Vanguard Group                       54,711,874     3.28                
 Norges Bank Investment Management    54,273,873     3.25                
 Jupiter Asset Management Limited     53,573,060     3.21                

(1) This includes the holding of Veritas Funds PLC

Responsibility Statement of Directors in respect of the annual financial
statements

The Directors confirm that, to the best of their knowledge:
*
the financial statements, prepared in accordance with the applicable set of
accounting standards, give a true and fair view of the assets, liabilities,
financial position and profit or loss of the Company and the undertakings
included in the consolidation taken as a whole.
*
the strategic report includes a fair review of the development and performance
of the business and position of the Company and the undertakings included in
the consolidation taken as a whole, together with a description of the
principal risks and uncertainties that they face.
*
The Annual Report and Accounts, taken as a whole, are fair, balanced and
understandable, and provide the information necessary for shareholders to
assess the Company’s position and performance, business model and strategy.

Cautionary statement

The Directors present the Annual Report for the year ended 31 December 2018
which includes the strategic report, governance and audited accounts for this
year. Pages 1 to 98 of the Annual Report comprise a report of the Directors
that has been drawn up and presented in accordance with English company law,
and the liabilities of the Directors in connection with that report shall be
subject to the limitations and restrictions provided by such law. Where the
Directors’ report refers to other reports or material, such as a website
address, this has been done to direct the reader to other sources of Capita
plc information which may be of interest. Such additional materials do not
form part of the report.

Contact:  Francesca Todd, Group Company Secretary, 020 7202 0641



Copyright (c) 2019 PR Newswire Association,LLC. All Rights Reserved