Annual Financial Report

RNS Announcement

20 June 2016

For Immediate Release

TalkTalk Telecom Group PLC (the "Company")

 Publication of Annual Report 2016

The following documents have today been posted or otherwise made available to shareholders:

· Annual Report 2016

· Notice of 2016 Annual General Meeting

· Form of Proxy for the 2016 Annual General Meeting

In accordance with Listing Rule 9.6.1 a copy of each of these documents has been uploaded to the National Storage Mechanism and will be available for viewing shortly at http://www.morningstar.co.uk/uk/NSM.

These documents are also available to view and download from the Company's website at http://www.talktalkgroup.com.

Copies of the Annual Report 2016 and Notice of the 2016 Annual General Meeting may also be obtained from:

Company Secretary

11 Evesham Street

London

W11 4AR

Compliance with the Disclosure and Transparency Rule 6.3.5 ("DTR 6.3.5") - Extracts from the Annual Report 2016.

The information below, which is extracted from the Annual Report 2016, is included solely for the purpose of complying with DTR 6.3.5. It should be read in conjunction with the Company's Preliminary results announcement for the 12 months to 31 March 2016 issued on 12 May 2016 (at: http://www.talktalkgroup.com/~/media/FilesTalkTalkGroup/pdfs/reports/2016/fy16-preliminary-results-FY16.pdf). Together these constitute the material required by DTR 6.3.5 to be communicated to the media in unedited full text through a Regulatory Information Service. This material is not a substitute for reading the full Annual Report 2016. All page numbers and cross-references in the extracted information below refer to page numbers in the Annual Report 2016.

For further information please contact:

Tim Morris, Company Secretary +44 (0)203 417 1000

For media enquiries:

Isobel Bradshaw +44 (0) 20 3417 1027 / 07584 708351

Directors' Responsibilities

The Directors' responsibility statement below has been prepared in conjunction with the Annual Report 2016, whereas this dissemination document contains extracts from the Annual Report 2016 to comply with DTR 6.3.5.

Sir Charles Dunstone - Chairman

Dido Harding - Chief Executive Officer

Iain Torrens - Chief Financial Officer

Tristia Harrison - Managing Director, Consumer

Charles Bligh - Managing Director, TalkTalk Business

John Gildersleeve - Senior Independent Director

Ian West - Non-Executive Director

John Allwood - Non-Executive Director

Brent Hoberman - Non-Executive Director

Sir Howard Stringer - Non-Executive Director

Roger Taylor - Non-Executive Director

James Powell - Non-Executive Director

We confirm to the best of our knowledge:

1. The financial statements, prepared in accordance with the relevant financial reporting framework, give a true and fair view of the assets, liabilities, financial position and profit or loss of the Company and the undertakings included in the consolidation taken as a whole; and

2. The management report includes a fair review of the development and performance of the business and the position of the Company and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face.

Principal risks and uncertainties

The Board has identified the following principal risks and uncertainties to the Group, which the Group seeks to proactively manage and monitor on an ongoing basis. The detail of these principal risks, and the controls in place for mitigating them, are outlined below in no particular order of severity.The Group's risk management framework facilitates continuous and ongoing discussion of risks and associated risk appetite to ensure the appropriate focus is placed on mitigating principal risks. The Board will continue to assess the principal risks and uncertainties faced by the Group and will update the risk register and mitigation plans accordingly.

Data and cyber security

Risk and impact

Security of customer, commercial and colleague data poses increasing reputational and financial risk to all businesses. In particular, the sharp rise in cyber and data related crime presents a significant challenge in terms of securing data and systems against attack. Failure to do so successfully may have a material impact on brand reputation and financial performance. Other associated costs may also be incurred, including potential regulatory fines. As experienced by TalkTalk in October 2015, this is a modern, rapidly evolving threat requiring a new approach to risk which fully accounts for the scale and complexity of the ongoing challenge.

Mitigation

The October 2016 cyber attack has had a significant and lasting impact on TalkTalk as an organisation. Prior to the attack, the Company was actively implementing an ongoing programme to build security capability. However, subsequent learnings have been fundamental in reshaping the Company's approach to risk and mitigation. Whilst it is not possible to completely eliminate data and cyber security risk, it is clear that effective mitigation must now go beyond building and operating security controls. What is required is a sustained evolution of culture, organisation and ways of working which embeds security across the business. TalkTalk will therefore continue the Ten Steps to Cyber Security programme, as well as maintaining and updating ongoing initiatives (such as monitoring activities, vulnerability scanning, penetration testing and the data loss prevention solution) to ensure they remain fit for purpose. However, following an extensive independent review of existing controls and processes, an updated security programme is also now in place, designed to ensure the business itself is optimally configured for security. A number of other activities have been completed including:

· the realignment of Board-level responsibilities for technology and security, including the establishment of an additional senior position (Chief Information Security Officer) to support focus and oversight on the security plan and security activities; and

· the replacement of the previous governance forum for monitoring security progress with a Security Committee. This is a subcommittee of the Board, chaired by the Chief Executive, with senior executive representation and including a Non‑Executive Board member. In addition to the above, other activities are underway including:

· a comprehensive new governance structure to ensure sufficient security practices across systems, risk management, design, Company culture, third parties and internally;

· a thorough, high priority review of vulnerabilities of all systems and all data across the existing estate; and

· a renewed focus on awareness around data and cyber security, including formal internal and external awareness programmes.

People

Risk and impact

TalkTalk recognises employees as a key asset and aspires to be a 'Great Place to Work' for all colleagues. We understand the increasing challenges and importance in the market of attracting and retaining the right talent to deliver current performance and future growth aspirations. Failure to attract and retain required talent and competencies may negatively impact our ability to deliver on performance targets and strategic objectives. TalkTalk has undertaken an extensive programme to understand and implement the behavioural and values-based changes required for the Company to evolve from a start-up culture to a fully mature, responsible business. Failure to successfully bring about this change may have a negative impact on the Company's reputational and commercial outlook.

Mitigation

As well as a full internal review into corporate culture following the cyber attack, TalkTalk also appointed independent advisers PWC to conduct a thorough assessment of what happened and what learnings might be taken from TalkTalk's experience. Responding to these learnings, the Company is now implementing an extensive programme of cultural change, including behaviours, values and ways of working. More information on this is available in the 'People' section. Structured talent forecasting and assessment processes are in place to ensure required talent is proactively understood. A people scorecard is also in place for ongoing monitoring and oversight of people risk and, where required, actions to further mitigate risk exposures are identified and implemented. In addition, a Group-wide engagement survey is completed annually to understand the level of employee engagement and action plans are developed from the survey to ensure a highly engaged and motivated workforce is maintained. The Executive Committee assesses the annual engagement level of the workforce and, in addition, performs an annual assessment of talent at senior management level to ensure the right leadership is in place for motivating, inspiring and leading the workforce to deliver on the corporate objectives. In FY16, TalkTalk announced the move to new office premises in Salford in 2017, reinforcing its commitment to developing a 'Great Place to Work' through investment in employees and their workplace.

Customer trust and brand reputation

Risk and impact

Customer confidence and trust are critical to TalkTalk's business, and the Company's operating approach always seeks to do what is right for the customer. However, as a value player in the market, there is a risk that TalkTalk is perceived as a 'budget' provider, associated with price rather than quality and service.

Events in the last twelve months have also had an impact on brand reputation and trust, particularly in the case of the Consumer business. Failure to maintain trust, improve brand reputation and offer a positive customer experience may result in increased churn, performance decline and loss of investor confidence.

Mitigation

TalkTalk remains confident of the role for a well-regarded value champion in the market and is committed to delivering a positive end-to-end customer experience. The ongoing MTTS programme is designed to improve customer experience through better quality and availability of products and services. Over the last three years, the programme has delivered material improvements on congested exchanges and customer complaints handling processes, as well as improved web chat facilities, shorter call waiting times and router upgrades. Further significant benefits are scheduled for delivery in FY17. Programme progress and success is monitored via a formal governance structure, including senior management representation on the Steering Committee. Building trust and confidence in a value brand presents particular challenges, particularly for TalkTalk's Consumer business. One of the key learnings from the October 2015 cyber attack was that putting customers first was critical to the speedy recovery of the business. Consistent quantitative and qualitative data suggests that the decision to inform customers, and to provide a gesture of thanks in the form of a free upgrade, has increased brand consideration and provided a firm foundation on which to improve trust and reputation. TalkTalk will now move forward with a renewed focus on existing customers, guided by the four key principles we believe are critical to being a value champion - affordability, reliability, simplicity and fairness.

Change delivery and execution

Risk and impact

Delivery of performance objectives and development of the business is reliant on the ability to successfully deliver innovation and other operational changes required to support growth and performance. Failure to effectively deliver change programmes and associated benefits, including MTTS, would result in an inability to deliver performance objectives and limit TalkTalk's competitive position in the market.

Mitigation

In FY16, TalkTalk formalised its change framework and established a centre of excellence Group Change function under the Group Change Director. The remit of the function includes overseeing and monitoring the progress of significant change programmes and embedding a consistent and robust change framework for delivery of change and innovation. The Group Change function facilitates prioritisation discussions to ensure people and financial resources are appropriately engaged, allocated and focused. Performance measures for all key change projects are defined and monitored and benefit tracking is in place and regularly reviewed by Group Change. Monitoring and oversight of key change projects occurs at both the business unit leadership team level and by the Executive Committee on a regular basis. The Group Change Director sits on the Executive Committee, enabling real time consideration of the potential impact of other operational and strategic activities on current change projects.

Competitive intensity

Risk and impact

TalkTalk is established as a value for money provider in the fast growing quad play market. The value proposition is a key part of the business model and to date has provided competitor differentiation. Over the last year there has been significant activity in the competitive landscape. There is a risk that this competitive backdrop makes it difficult for TalkTalk to maintain its value credentials.

Mitigation

A clear pricing strategy is in place with ongoing monitoring of pricing position and value proposition. The strategy is reviewed to ensure it remains competitive and continues to support our position as a value for money provider against the changing competitor activity landscape. In addition, competitor pricing activity is monitored to understand customer and market impact and plans are revisited if necessary accordingly. TalkTalk uses customer communications to promote the value for money provider message and is committed to helping customers understand the best positioned package to meet their needs.

Changing market structure

Risk and impact

The UK telecommunications market structure is currently experiencing significant change. Both the regulator and the Government have acknowledged a pressing need to promote competition and drive investment across the market, and TalkTalk is well placed participate in the opportunities that may result. The outcomes from the Ofcom Strategic Review of the UK's digital communications markets (published in February 2016) fell short of recommending a formal split of Openreach from BT. However, mounting political and public pressure has led to Ofcom considering Openreach separation as part of a separate consultation process in summer 2016. The strategic review also included a commitment by Ofcom to help improve competition among broadband providers by opening up access to BT's infrastructure. The outcome of the review also included other proposals such as making it easier for consumers to switch providers. There is a risk that change to the current regulatory regime of Openreach, and future mergers and/or acquisitions proceeding with limited or no remedies, creates a less competitive environment with possible negative impacts in the end customer.

Mitigation

TalkTalk has been a vocal advocate of competition and is well placed to benefit from an increasing trend toward a more pro-competition regulatory framework. This poses a significant risk to incumbent players in the market, whilst presenting potentially valuable opportunities for challengers. The business is actively engaging with the necessary external stakeholders to share views and attempt to deliver the best market and customer outcomes, as well as to proactively understand and respond to the opportunities and challenges presented by structured market changes.

Regulatory compliance

Risk and impact

The telecommunications sector is highly regulated, with compliance over key customer-focused regulations monitored by the governing body, Ofcom. The regulations that TalkTalk must comply with are designed to support customers. Failure to comply with regulatory obligations may result in negative customer impact and/or significant regulatory fines.

Mitigation

There has been continued focus on improving processes and controls and clarifying lines of accountability both in first-line operations and in our second‑line assurance function. There has been significant progress with delivering improvements in our complaint handling processes during the period and there is continued focus on reducing compliant volumes. The Group's Regulatory Compliance Committee, a subcommittee of the Board, has continued to convene throughout the year to monitor the mitigation of operational risks which could give rise to customer complaints and regulatory breaches. The Group Counsel and Company Secretary has chaired weekly compliance meetings throughout the year, attended by senior management.

Financial

Risk and impact

A key financial risk is the ability to raise required short and long term funding to enable delivery of strategic objectives.

Mitigation

The Group Treasury function is responsible for managing the Group's liquid resources. Policies and operating procedures are in place and these are regularly reviewed to ensure they remain appropriate for the business. In addition, the Executive Committee and the Board oversee the liquidity and funding position of the Group on a regular basis and are required to provide approval on major and significant funding decisions.

Resilience and business continuity

Risk and impact

TalkTalk is reliant on its infrastructure as well as key third party suppliers and partners in order to deliver quality products and services to its customers. Network or third party failure could result in significant disruption to services or business processes, which may have a negative impact on customers and therefore damage customer loyalty or drive complaints. It is therefore important to establish resilience in the network and require resilience from our third parties and partners. It is also noted that in the event of an incident, TalkTalk must be able to respond in an efficient and effective manner in order to minimise impact on customers and performance.

Mitigation

Network resilience is assessed and monitored on regular basis and, over the last year, network improvements supporting greater resilience have been delivered. Further improvements are in progress and will continue in FY17. Continuous monitoring of network availability is also in place to ensure any issues are identified in a timely manner. Where an incident does occur, a robust incident response process is in place and exercised to ensure effective response in the event of an incident. Other prioritised critical processes, systems and third parties are identified and business owners are assigned accountability for assessing resilience and implementing business continuity plans to enable continuity of operations in the event of an incident. For third parties, the relationship owners are assigned accountability for requiring critical third parties to have adequate business continuity plans in place and obtaining third party assurance that their plans have been reviewed and tested on a regular basis.