14 March 2018
Capita plc
(the
"Company")
Annual Financial Report
In compliance with Rule 4.1 of the Disclosure Guidance and
Transparency Rules (“DTRs”), the Company announces the publication
of its Annual Financial Report for the year ended 31 December 2018. Pursuant to Listing Rule 9.6.1,
a copy of this document has been submitted to the National Storage
Mechanism and will shortly be available for inspection at
http://www.hemscott.com/nsm.do. The document is also available on
the Company's website: www.capita.com/investors.
Additional Information
A condensed set of the Company's financial statements and
information on important events that have occurred during the
financial year and their impact on the financial statements, were
included in the preliminary results announcement released on
14 March 2018. That information,
together with the information set out below, which is extracted
from the Annual Report and Accounts 2018, is provided in accordance
with DTR 6.3.5. This information should be read in conjunction with
the Company's preliminary results announcement. This announcement
is not a substitute for reading the full Annual Report and Accounts
2018.
Principal risk categories
Our risk management framework is based around risk categories
against which our businesses measure their risk exposure and report
on incidents and issues. The ‘critical’ risk exposures are reported
directly to the Audit and Risk Committee to provide clear line of
sight. The principal risks represent the main risks to the strategy
and objectives of Capita.
The principal risks and uncertainties which are considered to
have a material impact on Capita’s performance and achievement of
its strategy are set out on the following pages. External and
internal risk factors are considered. This is not intended to be an
exhaustive and extensive analysis of all risks which may affect our
businesses. Additional risks and uncertainties not presently known
to management, or currently deemed to be less material, may also
have an adverse effect on our objectives.
To repeat, Capita is in year one of a fundamental transformation
plan. The principal risks reflect this; in particular, Capita’s
ability to meet financial expectations, deliver sales growth and
protect its reputation, so as to continue to do business. The
integrated nature of the transformation plan is designed to
mitigate these risks as effectively as possible. Accordingly, such
mitigation is dependent on the successful implementation of this
plan.
1. Failure of internal systems of control – controls do not
operate effectively or do not operate at all. Potential impact:
- Increased fraudulent activity
- Increased risk of financial malpractice
- Increased regulatory scrutiny
- Increased costs associated with remediation activities
- Reputational damage
- Service detriment to our clients or end-customers
- Financial loss
How we manage the risk:
Mitigating actions in 2018
- Governance, boards and committees in place to review
- Internal audit programme of work
- Monitoring of regulatory requirements
- Monthly performance tracking of risk indicators
Future actions
- Controls and risk self-assessment
- Financial Services Risk Committee put in place
- Implementation of a new finance systems supported by standard
processes and controls
2. Failure in information security controls – information held
in systems is accessed or shared in breach of policy. Potential
impact:
- Significant loss of data
- Loss of customer confidence
- Failure to win new business
- Regulatory censure/fine
- Remediation programme at Capita’s expense
How we manage the risk:
Mitigating actions in 2018
- Capita operates and holds certifications for ISO 27001
- External review of cyber-resilience
- Programme of work of remediate issues
- Detective controls in place and regularly reviewed to consider
new threats
- Preventative controls in place and regularly updated to detect
new threats
- Data protection programme of work carried out
Future actions
- Comprehensive review of current status of resilience against
group and contract requirements
- Simplify our cybersecurity through the creation of a single
cyber-operations centre
- Strengthen our cyber-posture by developing and mandating
additional capabilities, including organisational awareness and
enhanced training of our people
- Work with organisations, such as Security Alliance (a Gartner
company), to help assess the threat to Capita by looking from an
external viewpoint
- Run continuous vulnerability assessments across the estate to
proactively identify weaknesses that need to be addressed
- Run executive cyber-training to ensure all our senior employees
are aware that cybersecurity is a business responsibility and not
just an IT responsibility
3. Increased business complexity – business has grown into many
diverse business areas. Potential impact:
-
Lack of clear accountability within the business
-
Risk and performance management are more difficult to operate
effectively, leading to sub-optimal outcomes for all
stakeholders
-
Divisions not working together, duplicating effort and driving
up costs
How we manage the risk:
Mitigating actions in 2018
-
Reorganised business into coherent divisions
-
Implemented a clear operating model with supporting governance
to clarify accountabilities
-
Simplified the range of market offerings
-
Strengthened corporate and divisional management
-
Disposal of non-core businesses
Future actions
-
Embed operating models across business
-
New customer relationship management tool to be put in place
-
Financial models agreed where divisions introduce each other
4. Operational IT – IT infrastructure is not fit for purpose.
Potential impact:
-
Disruptions to service lead to loss of revenue
-
Service credits payable to clients
-
Loss of confidence in Capita’s IT systems
How we manage the risk:
Mitigating actions in 2018
-
Upgrade technical abilities
-
Investment in data centre network
-
Simplified existing IT environment
-
Change management processes help reduce risk and unplanned
outages
Future actions
5. Failure to effectively manage our people – unable to recruit
and retain key employees. Potential impact:
-
Loss of key employees
-
Unable to attract the right people with the right skills
-
Lack of skilled, competent resource
-
Increased cost of recruitment due to high attrition rates
-
Unable to deliver Capita’s strategy
-
Lack of continuity at Executive Committee level
How we manage the risk:
Mitigating actions in 2018
-
Chief People Officer appointed
-
Focus on culture from the top
-
Strengthened senior leadership team
-
People strategy defined
-
Improved engagement across the business
-
Capita Academy launched
Future actions
-
Focus on succession planning and development of employees
-
Talent reviews, enabling employees to identify new opportunities
and to move to new roles within Capita
-
Investment into new HR systems
6. Weaknesses in acquisition and contracting – entering poorly
worded contracts to our detriment. Potential impact:
-
Loss of contracts
-
Lack of ability to acquire new business
-
Contract terms are punitive
-
Contract terms are not met or understood
-
Loss of profits
-
Exposure to unexpected costs or onerous terms
-
Brand and reputation damage if not managed effectively
-
Acquisition synergies are not realised
How we manage the risk:
Mitigating actions in 2018
- Contract Review Committee in place to better understand
contract risks in new or existing arrangements
Future actions
7. Legal and regulatory – breaking the law or not meeting
regulations. Potential impact:
-
Censure or fine from a regulator
-
Reputational damage
-
Lack of confidence from investors and customers
-
Data Subject Access requests not completed within required
timescales
-
Increased costs due to remediation activities
-
Increased regulatory scrutiny which could limit potential for
growth
How we manage the risk:
Mitigating actions in 2018
-
Regular risk committee meetings held throughout the year,
including the Audit and Risk Committee
-
Engagement with regulatory bodies
-
Specialist team monitoring and engaging with regulators over
proposed regulatory or legal changes
-
Chief General Counsel appointed
-
Legal team in place across the divisions to manage potential and
actual issues
Future actions
-
Financial Services Risk Committee to focus on financial services
risk
-
Development of controls and risk self-assessment tool
-
Refresh and roll-out of a revised risk framework
8. Failure to achieve financial expectations – adverse
performance against our stated business plans. Potential
impact:
-
Loss of revenues, profits and/ or cash flows
-
Failure to return to organic revenue growth
-
Loss in shareholder value
-
Undermines investor confidence
-
Erodes corporate position in the market
-
Weakens our ability to attract and retain the best people
How we manage the risk:
Mitigating actions in 2018
-
Move to a multi-year strategic planning range
-
Detailed bottom-up Board-approved business plan for 2019 and
2020
-
Enhanced monthly performance reviews
-
Clearer financial and operational KPIs at business, divisional
and functional level
-
New Executive Committee governance committees
-
Appointed Chief Growth Officer
Future actions
-
Delivery of upgraded financial systems, processes and
controls
-
Deep-dive review of businesses to assess progress against the
new strategy
-
Plan to drive revenue growth
9. Lack of corporate financial stability – failure to manage
financial exposures and access to finance. Potential
impact:
How we manage the risk:
Mitigating actions in 2018
-
Launched new strategy
-
Completion of the rights issue
-
Disposal of non-core businesses
-
Reduction in leverage
-
Early repayment of debt
-
Targeted investment
-
Achieving £70m of cost-out savings
-
Developed a plan to address pension deficit
Future actions
10. Failure to innovate – not keeping up with technology or
other changes. Potential impact:
-
Inability to grow and develop into new markets
-
Loss of new and existing business to competitors
-
Erodes corporate position in the market
-
Weakens our ability to attract and retain the best people
-
Unable to compete with others who are innovative
How we manage the risk:
Mitigating actions in 2018
-
Strengthened the executive team with a Chief Digital Officer and
Chief Growth Officer
-
Working with external technology partners to develop our digital
offering
-
Share market innovation best practice internally
11. Adverse changes in political landscape – unable to operate
under a different political regime. Potential
impact:
-
Fewer outsourcing opportunities offered by the public sector
-
Existing business no longer outsourced
-
Exposure to markets with limited growth opportunities
-
Loss of revenues, profits and/ or cashflows
How we manage the risk:
Mitigating actions in 2018
-
Engagement with Government and other parties (e.g. regulators)
to understand current thinking
-
Preparations made in relation to Brexit
-
Understanding of client requirements for Brexit if there is a
transition period or no deal with Europe
Future actions
-
Build a broader base of understanding about Capita as a
transforming business, committed to delivery of service
-
Demonstrate value delivered in public sector
12. Reputation – poorly thought of by our stakeholders.
Potential impact:
-
Loss of confidence in Capita
-
Clients suffer reputational damage
-
Fewer or no new contracts
-
Loss of revenues, profits and/ or cash flows
-
Unattractive proposition for shareholders to invest in
How we manage the risk:
Mitigating actions in 2018
-
Director of Corporate Affairs appointed
-
Reactive and proactive management of media stories
-
Working with selected media to promote Capita’s positive
image
Future actions
-
Deliver new corporate affairs strategy
-
Ensure Capita’s multi-year transformation is understood and
clearly communicated to all stakeholders
-
Embed new corporate purpose, and refreshed values and
behaviours
13. Transformation – making the business fit for the future.
Potential impact:
-
A more complex business that is unmanageable
-
Loss of revenues, profits and/or cash flows
-
Money spent on transformation is wasted
-
Business is not fit for the future
How we manage the risk:
Mitigating actions in 2018
-
‘Blueprint’ used to ensure consistent approach to operating
model across divisions and functions
-
Chief Transformation Officer appointed
-
Focus by Executive Committee on risks
-
Simplification is the way to strengthen the business
Future actions
Emerging Risk
Impact of Brexit:
While the details around the UK’s scheduled departure from the
EU remained unclear at the time of writing this Annual Report,
Capita has continued to review a range of Brexit scenarios and
conducted contingency planning. We have taken steps to manage risk
in specific areas and are not aware of any material
company-specific impacts from Brexit. We are therefore confident
that there will be no significant disruption to the services we
offer clients.
Capita employs a significant number of EU nationals, and we want
to see maximum certainty for our valued employees and colleagues.
We are providing guidance and support for those who are applying
for settled status in the UK.
Our preparations for any Brexit scenario, including a ‘no deal’
exit, include safeguards to ensure resilience around potential
changes to data protection rules, procurement rules and immigration
requirements. As with other companies, Capita would be subject to
any deterioration in the economy occurring as a result of
Brexit.
We continue to monitor political developments and consider
scenarios as the Government’s plans and positions develop.
Other risk factors
Protecting our information and data:
Protecting the data of our clients, our company and our people
is one of the most fundamental and important responsibilities we
have. Our Data Protection and Information Security Policies,
Standards and Procedures ensure we treat personal information
correctly, in accordance with the law and best practice. When we
process personal information (including sensitive personal
information), we ensure that we comply with these policies,
standards and procedures including its collection, storage, use,
retention, transfer, deletion and safe destruction.
In order to ensure compliance with the Data Protection Act 2018
(and General Data Protection Regulations), we have implemented a
comprehensive programme, including a network of trained privacy
professionals who provide expert help and assistance for anyone
handling data within our business or on behalf of our clients.
We continue to raise awareness of the importance of data
protection and privacy through our mandatory data protection
training and ongoing training programmes, in particular the Think
Privacy; Think Security campaigns.
Cyber-attacks:
Cyber-attacks continue to negatively impact all industry
sectors.
Capita fully recognises the persistent cyber-threat posed by
criminals and nation-states, and that cyber-attacks are increasing
both in their number and in their sophistication.
The Board remains focused on ensuring our businesses and systems
are resilient against the latest cyber-threats and have instigated
a cyber-resilience programme. Supported by external and internal
cybersecurity subject matter experts, the cyber-resilience
programme liaises with our businesses and IT providers to implement
and maintain robust preventative security controls throughout
Capita’s IT estate. As a managed service provider, we recognise our
role within our client’s supply chain, and the increasing
cyber-threat posed by nation-state resourced actors targeting our
clients.
We continue to work closely with UK Government agencies and our
partner organisations, to help protect our clients’ digital assets
and services, and the key parts of the national information
infrastructure with which we are entrusted.
Related party transactions
Compensation of key management
personnel
|
2018 |
2017 |
|
£m |
£m |
Short term employment
benefits |
11.9 |
11.3 |
Pension |
0.2 |
0.2 |
Share based payments |
- |
0.1 |
Total |
12.1 |
11.6 |
Gains on share options exercised in the year by Capita plc
Executive Directors were £0.0m (2017: £0.7m) and by key management
personnel £0.0m (2017: £0.2m), totalling £0.0m (2017: £0.9m).
During the year, the Group rendered administrative services to
Smart DCC Ltd, a wholly-owned subsidiary which is not consolidated
(refer to note 34 of the Annual Report and Accounts 2018). The
Group received £64.3m (2017: £55.5m) of revenue for these services.
The services are procured by Smart DCC on an arm’s length basis
under the DCC licence. The services are subject to review by Ofgem
to ensure that all costs are economically and efficiently incurred
by Smart DCC.
Capita Pension and Life Assurance Scheme is a related party of
the Group. Transactions with the Scheme are disclosed in note 32 –
Employee benefits on pages 157-164 of the Annual Report and
Accounts 2018.
The following companies are substantial shareholders in the
Company and therefore a related party of the Company (in each case,
for the purposes of the Listing Rules of the UK Listing
Authority).
The number of shares held on 5 March
2019 was as below:
Shareholder |
No. of shares |
% of voting rights |
Veritas Asset Management LLP
1 |
192,533,863 |
11.54 |
Invesco Ltd. |
191,409,106 |
11.47 |
Investec Asset Management Ltd |
153,805,729 |
9.22 |
RWC Asset Management LLP |
127,012,876 |
7.61 |
Schroders Investment Management
Ltd |
101,030,829 |
6.06 |
Woodford Investment Management
LLP |
93,562,659 |
5.60 |
Coltrane Asset Management, L.P |
82,388,589 |
4.94 |
BlackRock, Inc. |
74,230,358 |
4.45 |
Marathon Asset Management LLP |
64,756,810 |
3.88 |
Veritas Funds PLC |
55,009,900 |
3.30 |
Vanguard Group |
54,711,874 |
3.28 |
Norges Bank Investment
Management |
54,273,873 |
3.25 |
Jupiter Asset Management
Limited |
53,573,060 |
3.21 |
1 This includes the holding of Veritas Funds PLC
Responsibility Statement of Directors
in respect of the annual financial statements
The Directors confirm that, to the best of their knowledge:
-
the financial statements, prepared in accordance with the
applicable set of accounting standards, give a true and fair view
of the assets, liabilities, financial position and profit or loss
of the Company and the undertakings included in the consolidation
taken as a whole.
-
the strategic report includes a fair review of the development
and performance of the business and position of the Company and the
undertakings included in the consolidation taken as a whole,
together with a description of the principal risks and
uncertainties that they face.
-
The Annual Report and Accounts, taken as a whole, are fair,
balanced and understandable, and provide the information necessary
for shareholders to assess the Company’s position and performance,
business model and strategy.
Cautionary statement
The Directors present the Annual Report for the year ended
31 December 2018 which includes the
strategic report, governance and audited accounts for this year.
Pages 1 to 98 of the Annual Report comprise a report of the
Directors that has been drawn up and presented in accordance with
English company law, and the liabilities of the Directors in
connection with that report shall be subject to the limitations and
restrictions provided by such law. Where the Directors’ report
refers to other reports or material, such as a website address,
this has been done to direct the reader to other sources of Capita
plc information which may be of interest. Such additional materials
do not form part of the report.
Contact: Francesca Todd,
Group Company Secretary, 020 7202 0641