RBS 2013 Annual Report Download - page 535
Download and view the complete annual report
Please find page 535 of the 2013 RBS annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
Additional information
533
Such bail-in mechanism, which is anticipated to be consistent with the
powers granted under the Banking Reform Act 2013, pursuant to which
losses would be imposed on shareholders and, as appropriate, creditors
(including senior creditors) of the Group (through write-down or
conversion into equity of liabilities including debt securities) would be
used to recapitalise and restore the Group to solvency as well as other
options, including those as set forth in the Banking Act 2009, as amended
by the Banking Reform Act 2013, following the recommendations of the
ICB. The methods for implementation of any resolution and recovery
scheme remain the subject of significant debate, particularly for GSIFIs
with complex cross border activities. Such debate includes whether the
bail-in tool may be exercised through a single point of entry at the holding
company or at various levels of the corporate structure of a GSIFI.
The potential impacts of these resolution and recovery powers may
include the total loss of value of securities issued by the Group and, in
addition for debt holders, the possible conversion into equity securities,
and under certain circumstances the inability of the Group to perform its
obligations under its securities. As these resolution and recovery
measures remain subject to further implementation both at the European
and UK level, changes may be made in the course of the legislative
process, which may affect their impact on the Group and securities
issued by the Group.
The Group’s operations are highly dependent on its information
technology systems
The Group’s operations are dependent on the ability to process a very
large number of transactions efficiently and accurately while complying
with applicable laws and regulations where it does business. The proper
functioning of the Group’s payment systems, financial and sanctions
controls, risk management, credit analysis and reporting, accounting,
customer service and other information technology systems, as well as
the communication networks between its branches and main data
processing centres, are critical to the Group’s operations. Critical system
failure, any prolonged loss of service availability or any material breach of
data security, particularly involving confidential customer data, could
cause serious damage to the Group’s ability to service its clients, could
result in significant compensation costs, could breach regulations under
which the Group operates and could cause long-term damage to the
Group’s business and brand.
For example, failure to protect the Group’s operations from cyber-attacks
could result in the loss of customer data or other sensitive information.
During 2013, the Group experienced a number of IT failures following a
series of deliberate attacks which temporarily prevented RBS, RBS
Citizens and NatWest customers from accessing their accounts or
making payments. The Bank of England, the FCA and HM Treasury have
identified cyber security as a systemic risk to the UK financial sector and
highlighted the need for financial institutions to improve resilience to
cyber-attacks. In addition to meeting the requirements of the Bank of
England’s programme of work to improve and test financial institutions’
resilience to cyber-attacks due to be completed during the first quarter of
2014, the Group expects greater regulatory engagement on cyber
security in the future . Although the Group has been implementing
remedial actions to improve its resilience to the increasing intensity and
sophistication of cyber-attacks, the Group expects to be the target of
continued attacks in the future and there can be no assurance that the
Group will be able to prevent all threats.
In addition, in June 2012 and more recently in November 2013, computer
system failures prevented NatWest, RBS and Ulster Bank customers
from accessing accounts in both the UK and Ireland. Ongoing issues
relating to the failure continued for several months, requiring the Group to
set aside a provision for compensation to customers who suffered losses
as a result of the system failure, in addition to other related costs. See
page 451. The vulnerabilities of the Group’s IT systems are due to the
complexity of the Group’s IT infrastructure attributable in part to
overlapping multiple legacy systems acquired through the Group’s
acquisitions and resulting gaps in how the IT systems operate, and
insufficient-investments in IT infrastructure in the past, creating
challenges in recovering from system breakdowns.
The Group’s operations have inherent reputational risk
Reputational risk, meaning the risk of brand damage and/or financial loss
due to a failure to meet stakeholders’ expectations of the Group’s
conduct and performance, is inherent in the Group’s business.
Stakeholders include customers, investors, rating agencies, employees,
suppliers, government, politicians, regulators, special interest groups,
consumer groups, media and the general public. Brand damage can be
detrimental to the business of the Group in a number of ways, including
its ability to build or sustain business relationships with customers, low
staff morale, regulatory censure or reduced access to, or an increase in
the cost of, funding. In particular, negative public opinion resulting from
the actual or perceived manner in which the Group conducts its business
activities, the Group’s financial performance, the level of direct and
indirect government support or actual or perceived practices in the
banking and financial industry may adversely affect the Group’s ability to
keep and attract customers and, in particular, corporate and retail
depositors. Modern technologies, in particular online social networks and
other broadcast tools which facilitate communication with large audiences
in short time frames and with minimal costs, may significantly enhance
and accelerate the impact of damaging information and allegations. The
Group cannot ensure that it will be successful in avoiding damage to its
business from reputational risk, which may result in a material adverse
effect on the Group’s financial condition, results of operations and
prospects.
The Group may suffer losses due to employee misconduct
The Group’s businesses are exposed to risk from potential non-
compliance with policies, employee misconduct or negligence and fraud,
which could result in regulatory sanctions and serious reputational or
financial harm to the Group. In recent years, a number of multinational
financial institutions, including the Group, have suffered material losses
due to the actions of employees. It is not always possible to deter
employee misconduct and the precautions the Group takes to prevent
and detect this activity may not always be effective.