HSBC 2014 Annual Report Download - page 32

Download and view the complete annual report

Please find page 32 of the 2014 HSBC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 200

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200

HSBC BANK PLC
Strategic Report: Principal Risks and Uncertainties (continued)
30
Internet crime and fraud
HSBC is increasingly exposed to fraudulent and criminal
activities as a result of increased usage of internet and
mobile services by customers. We also face the risk of
breakdowns in processes or procedures and systems
failure or unavailability, and our business is subject to
disruption from events that are wholly or partially
beyond our control, such as internet crime and acts
of terrorism.
Potential impact on the group
Internet crime could result in financial loss and/or
customer data and sensitive information being
compromised. They may also give rise to losses in
service to customers. The same threats apply equally
when the group relies on external suppliers or
vendors for services provided to us and our
customers.
Mitigating actions
We continually assess these threats as they evolve
and adapt controls to mitigate them.
We have increased its defences through enhanced
monitoring and have implemented additional
controls, such as two-factor authentication, to reduce
the possibility of losses from fraud.
Information security risk
The security of our information and technology
infrastructure is crucial for maintaining our banking
applications and processes while protecting our
customers and the HSBC brand. HSBC and other
multinational organisations continue to be the targets of
cyber-attacks, which may disrupt services including the
availability of our external facing websites, compromise
organisational and customer information or expose
security weaknesses.
Potential impact on the group
Information security risk gives rise to potential
financial loss and reputational damage which could
adversely affect customer and investor confidence.
Loss of customer data would also trigger regulatory
breaches which could result in fines and penalties
being incurred.
Mitigating actions
We have invested significantly in addressing this risk
through increased training to raise staff awareness of
the requirements, enhanced multi-layered controls
protecting our information and technical
infrastructure, and heightened monitoring and
management of potential cyber-attacks and
continued vulnerability assessment.
Data management
HSBC must have a clear data strategy to meet the
volume, granularity, frequency and scale of regulatory
and other reporting requirements. As a G-SIB, HSBC is
also required to comply with the principles for effective
risk data aggregation and risk reporting as set out by the
Basel Committee on Banking Supervision (‘the Basel
Committee’) in its paper.
Potential impact on the group
Ineffective data management could adversely
affect our ability to aggregate and report complete,
accurate and consistent data to regulators, investors
and senior management on a timely basis; and
Financial institutions that fail to meet their Basel
Committee data obligations by the required deadline
may face supervisory measures.
Mitigating actions
Since the Data Strategy Board was established in
2012, HSBC has set a data strategy for the Group and
defined Group-level principles, standards and policies
to enable consistent data aggregation, reporting and
management; and
Key initiatives and projects to deliver our data
strategy and work towards meeting our Basel
Committee data obligations are in progress.
Model risk
HSBC uses models for a range of purposes in managing
its business, including regulatory and economic capital
calculations, stress testing, granting credit, pricing
and financial reporting. Model risk is the potential for
adverse consequences as a result of decisions based on
incorrect model outputs and reports or the use of such
information for purposes for which it was not designed.
Model risk could arise from models that are poorly
developed, implemented or used, or from the modelled
outcome being misunderstood and acted upon
inappropriately by management. The regulatory
environment and supervisory concerns over banks’ use
of internal models to determine regulatory capital
further contribute to model risk.
Potential impact on the group
The group may be required to hold additional capital
as a result of model limitations or failure; and
Supervisory concerns over the internal models and
assumptions used by banks in the calculation of
regulatory capital have led to the imposition of risk
weight and loss given default floors. Such changes
have the potential to increase our capital
requirement and/or make it more volatile.
Mitigating actions
We mitigate model risk through appropriate
governance over model development, usage and
validation, together with independent review,
monitoring and feedback.
On behalf of the Board
A P S Simoes, Director 23 February 2015
Registered number 14259