HSBC 2013 Annual Report Download - page 51

Download and view the complete annual report

Please find page 51 of the 2013 HSBC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 127

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127

49
Compliance risk
Compliance risk is the risk that we fail to observe
the letter and spirit of all relevant laws, codes, rules,
regulations and standards of good market practice,
and incur fines and penalties and suffer damage to our
business as a consequence. We have committed to adopt
and enforce industry leading compliance standards
and one of the ways to achieve this is to ensure that
we put in place a robust compliance risk management
infrastructure.
In 2013 we commenced the restructuring of our
previous Compliance sub-function within Risk into two
new sub-functions: Financial Crime Compliance and
Regulatory Compliance. This restructuring is ongoing
and will allow us to:
manage different types of regulatory and financial
crime compliance risk more effectively;
focus our efforts appropriately in addressing issues
highlighted by regulatory investigations and reviews,
internal audits and risk assessments of our past
business activities; and
ensure we have in place clear, robust accountability
and appropriate expertise and processes for all areas
of compliance risk.
Financial Crime Compliance will focus on setting
policy and managing risks in the following areas:
anti-money laundering, counter terrorist financing
and proliferation finance;
sanctions; and
anti-bribery and corruption.
Regulatory Compliance will focus on setting policy
and managing risks in the following areas:
conduct of business;
market conduct; and
general regulatory compliance management
including stakeholder support.
Legal risk
Legal risk includes:
– contractual risk, which is the risk that the rights
and/or obligations of the bank within a contractual
relationship are defective;
dispute risk, which is made up of the risks that the
bank is subject to when it is involved in or managing
a potential or actual dispute;
legislative risk, which is the risk that the bank fails
to adhere to the laws of the jurisdictions in which it
operates; and
non-contractual rights risk, which is the risk that the
bank’s assets are not properly owned or are infringed
by others, or the bank infringes on another party’s
rights.
Our legal function assists management in controlling
legal risk.
Security and fraud risk
Security and fraud risk includes: Fraud Risk, Informa-
tion Security Risk, and Business Continuity.
The Fraud Risk function is responsible for ensuring
that effective protection measures are in place against all
forms of fraudulent activity, whether initiated internally
or externally, and is available to support any part of
the business. To achieve that and to attain the level of
integration needed to face the threat, the management
of all types of fraud (e.g. card fraud, non-card fraud and
internal fraud, including investigations), is established
within one management structure and is part of the overall
Risk function. We have increased monitoring, root cause
analysis and review of internal controls to enhance our
defences against external attacks and reduce the level of
loss in these areas. Security and Fraud Risk is working
closely with the businesses to continually assess fraud
threats as they evolve and adapt our controls to mitigate
these risks. We have developed a holistic and effective
anti-fraud strategy comprising fraud prevention policies
and practices, the implementation of strong internal
controls, and investigations response team and liaison
with law enforcement where appropriate.