HSBC 2015 Annual Report Download - page 116

Download and view the complete annual report

Please find page 116 of the 2015 HSBC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 502

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
  • 493
  • 494
  • 495
  • 496
  • 497
  • 498
  • 499
  • 500
  • 501
  • 502

Report of the Directors: Risk (continued)
Top and emerging risks
HSBC HOLDINGS PLC
114
Cyber threat and unauthorised access to systems
Like other public and private organisations, we continue to
be a target of cyber attacks which, in some cases, disrupt
services including the availability of our external facing
websites, compromise organisational and customer
information or expose security weaknesses. Management of
cyber risks is coming under increased regulatory scrutiny.
Potential impact on HSBC
A major cyber attack, which could result from
unauthorised access to our systems, may result in
financial loss as well as significant reputational damage
which could adversely affect customer and investor
confidence in HSBC. Any loss of customer data would also
trigger regulatory breaches which could result in fines and
penalties being incurred.
Mitigating actions
The security of our information and technology
infrastructure is crucial for maintaining our banking
applications and processes and protecting our customers
and the HSBC brand. We continue to strengthen our
ability to prevent, detect and respond to the ever-
increasing and sophisticated threat of cyber attacks by
enhancing our governance and controls framework and
technology infrastructure, processes and controls.
We took part in the PRA‘s Cyber Vulnerability Testing
exercise during 2015 and are making further
enhancements to improve our resilience to, and
ability to recover from, cyber attacks.
We have realigned the responsibilities and
accountabilities for cyber and information risk
management to align with the operational risk lines of
defence operational model and instigated a number of
security improvement programmes within IT.
Internally driven
People risk
Execution risk
Third-party risk management
Model risk
Data management
People risk
Significant demands continue to be placed on our staff. The
cumulative workload arising from regulatory reform and
remediation programmes together with those related to the
delivery of our strategy is hugely consumptive of human
resources, placing increasingly complex and conflicting
demands on a workforce in a world where expertise is
often in short supply and globally mobile.
Potential impact on HSBC
Changes in remuneration policy and practice resulting
from CRD IV regulations, European Banking Authority
(‘EBA’) Guidelines and PRA remuneration rules apply on a
Group-wide basis for any material risk takers. This
presents significant challenges for HSBC because a
significant number of our material risk takers are based
outside the EU.
The Senior Managers and Certification regimes and the
related Rules of Conduct, which come into force in 2017
for other employees, set clear expectations of the
accountabilities and behaviour of both senior and more
junior employees.
Organisational changes to support the Group’s strategy
and/or implement regulatory reform programmes have
the potential to lead to increased staff turnover.
Mitigating actions
The changes in remuneration under the CRD IV
regulations, EBA guidelines and PRA remuneration rules
have necessitated a review of our remuneration policy,
especially the balance between fixed and variable pay, to
ensure we can remain globally competitive on a total
compensation basis and retain our key talent.
We continue to increase the level of specialist resource in
key areas, and to engage with our regulators as they
finalise new regulations.
Risks related to organisational change and disposals are
subject to close management oversight, especially in
those countries where staff turnover is particularly high.
Execution risk
Execution risk heightened during 2015 due to a number of
factors. Significant programmes are under way to deliver
nine business actions to capture value from our global
presence, announced at the Investor Update in June 2015.
These, along with the regulatory reform agenda and our
commitments under the US DPA require the management
of complex projects that are resource demanding and time
sensitive. In addition, the risks arising from the disposal of
our business in Brazil require careful management.
Potential impact on HSBC
Risks arising from the number, magnitude and complexity
of projects underway to meet these demands may
include financial losses, reputational damage or
regulatory censure.
The potential risks of disposals include regulatory
breaches, industrial action, loss of key personnel
and interruption to systems and processes during
business transformation. They can have both financial
and reputational implications.
Mitigating actions
We have strengthened our prioritisation and governance
processes for significant projects, which are monitored by
the GMB.
We have invested in our project implementation and
IT capabilities and increased our focus on resource
management.
Risks relating to disposals are carefully assessed and
monitored and are subject to close management
oversight.