HSBC 2014 Annual Report Download - page 78

Download and view the complete annual report

Please find page 78 of the 2014 HSBC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 200

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200

HSBC BANK PLC
Report of the Directors: Risk (continued)
76
good progress with the implementation of the
supplier performance program with our most
important suppliers. Additional focus is put on the
identification and exit of sanctioned suppliers. Vendor
risk management is a core element of third party risk
management.
compliance with regulatory agreements and orders:
Failure to implement our obligations under the DPAs
could have a material adverse effect on our results
and operations. Legal proceedings are discussed in
Note 37 on the Financial Statements and further
details regarding compliance risk are set out below.
Other operational risks are also monitored and managed
through the use of the ORMF.
Compliance risk
Compliance risk is the risk that we fail to observe the
letter and spirit of all relevant laws, codes, rules,
regulations and standards of good market practice, and
incur fines and penalties and suffer damage to our
business as a consequence.
In 2014, we completed the restructuring of the
Compliance sub-function within Global Risk into two new
sub-functions: Financial Crime Compliance and
Regulatory Compliance, appropriately supported by
shared Compliance Chief Operating Officer, Assurance
and Reputational Risk Management teams. We continue
to ensure that the Compliance sub- functions, through
their operation and the execution of the Group strategy,
including measures to implement Global Standards, are
well positioned to meet increased levels of regulation
and scrutiny from regulators and law enforcement
agencies. In addition, the measures that have been put in
place are designed to ensure we have the appropriate
people, processes and procedures to manage emerging
risks and new products and business.
Enhanced global AML and Sanctions policies,
incorporating risk appetite, were approved by the Board
in January 2014. The policies adopt and seek to enforce
the highest or most effective standards globally,
including a globally consistent approach to knowing our
customers.
The Policies are being implemented in phases through
the development and application of procedures required
to embed those policies in our day to day business
operations globally. The overriding policy objective is for
every employee to engage in onlythe right kind of
business, conducted in the right way’.
HSBC Holdings has fulfilled all of the requirements
imposed by the DANY DPA, which expired by its terms at
the end of the two-year period of that agreement in
December 2014. Breach of the US DPA at any time
during its term may allow the DoJ to prosecute HSBC
Holdings or HSBC Bank USA in relation to the matters
which are the subject of the US DPA. For further
information, see ‘Regulatory commitments and consent
orders’ on page 27.
In May 2014, the HSBC Board approved a globally
consistent approach to the management of regulatory
designed to ensure we deliver fair outcomes for our
customers and conduct orderly and transparent
operations in financial markets. Implementation of the
group conduct approach is managed through the global
lines of business and functions and covers all our
business and operational activities.
It is clear that the level of inherent compliance risk that
we face will continue to remain high for the foreseeable
future. However, we consider that good progress is being
made and will continue to be made in ensuring that we
are well placed to effectively manage those risks.
Legal risk
Each operating company is required to have processes
and procedures to manage legal risk that conform to
Group standards. Legal risk falls within the definition of
operational risk and includes:
contractual risk, which is the risk of a group company
suffering financial loss, legal or regulatory action or
reputational damage because its rights and/or
obligations under a contract to which it is a party are
technically defective;
dispute risk, which is the risk of a group company
suffering financial loss, sanction and/or reputational
damage due to adverse dispute environment and/or
mis-management of disputes;
legislative risk, which is the risk that a group company
fails to adhere to the laws of the jurisdictions in which
it operates; and
non-contractual rights risk, which is the risk that a
group company’s assets are not properly owned or
protected or are infringed by others, or a group
company infringes another party’s rights.
The group has a legal function, headed by the General
Counsel for Europe, to assist management in controlling
legal risk. The function provides legal advice and support
in managing claims against the group’s companies, as
well as in respect of non-routine debt recoveries or other
litigation against third parties.
There are legal departments in all the countries in which
the group has significant operations.
The group’s operating companies must notify the
appropriate legal department and General Counsel
immediately if any litigation or contentious regulatory
proceeding is either threatened or commenced against
the group or an employee. The appropriate legal
department and General Counsel must provide
appropriate reports to the HSBC Group Legal Head Office
on contentious regulatory matters, criminal proceedings,
actual or threatened litigation where the amount
claimed is (or is likely to be) at or in excess of US$5
million or has significant reputational risk.
In addition, the group’s operating companies are
required to submit semi-annual returns detailing, among
other matters, outstanding claims where the claim (or
group of similar claims) exceeds US$10 million, where
the action is by a regulatory authority, where the
proceedings are criminal or might materially affect the
group’s reputation. These returns are used for reporting
to various committees within the group.
Group security and fraud risk
Security and Fraud Risk, Europe, which has responsibility
for physical risk, fraud, information and contingency risk,