HSBC 2015 Annual Report Download - page 220
Download and view the complete annual report
Please find page 220 of the 2015 HSBC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210 -
211 -
212 -
213 -
214 -
215 -
216 -
217 -
218 -
219 -
220 -
221 -
222 -
223 -
224 -
225 -
226 -
227 -
228 -
229 -
230 -
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
 |
 |
Report of the Directors: Risk (continued)
Appendix to Risk – Policies and practices
HSBC HOLDINGS PLC
218
responsibilities and ensures that business activity and decisions are underpinned by a robust consideration and management
of associated risks supporting delivery of the required fair outcomes for customers and maintenance of market integrity. Our
focus on compliance and conduct issues is further reinforced by the Financial System Vulnerabilities Committee, which reports
to the Board on matters relating to financial crime and financial system abuse and provides a forward-looking perspective on
financial crime risk. In addition, the Conduct & Values Committee reports to the Board on matters relating to delivery of the
required global conduct outcomes for customers and the orderly and transparent operation of financial markets, together with
adherence to HSBC’s Values.
Legal risk
Each legal department is required to have processes and procedures in place to manage legal risk that conform to Group
standards.
Legal risk falls within the definition of operational risk and includes:
• contractual risk, which is the risk of a member of HSBC suffering financial loss, legal or regulatory action or reputational
damage because its rights and/or obligations under a contract to which it is a party are technically defective;
• dispute adjudication risk, which is the risk of a member of HSBC suffering financial loss or reputational damage due to
an adverse dispute environment or a failure to take appropriate steps to defend, prosecute and/or resolve actual or
threatened legal claims brought against or by a Group member, including for the avoidance of doubt, regulatory matters;
• legislative risk, which is the risk that a Group member fails to or is unable to identify, analyse, track, assess or correctly
interpret applicable legislation, case law or regulation, or new regulatory, legislative or doctrinal interpretations of existing
laws or regulations, or decisions in the Courts or regulatory bodies; and
• non-contractual rights risk, which is the risk that a Group member’s assets are not properly owned or protected or are
infringed by others, or a Group member infringes another party’s rights.
There are legal departments in 47 of the countries in which we operate. In addition to the Group Legal function, there are
regional legal sub-functions in each of Europe, North America, Latin America, the Middle East and North Africa and Asia
headed by Regional General Counsels, and a Global General Counsel responsible for each of the global businesses.
Global security and fraud risk
Security and fraud risk issues are managed at Group level by Global Security and Fraud Risk. This unit, which has responsibility
for information, fraud, contingency, financial intelligence, physical and geopolitical risks is fully integrated within the central
Global Risk function. This enables management to identify and mitigate the permutations of these and other non-financial risks
to its business lines across the jurisdictions in which we operate.
• The Information Security Risk sub-function is responsible for defining the strategy and policy by which the organisation
protects its information assets and services from compromise, corruption or loss, whether caused deliberately or
inadvertently by internal or external parties. It provides independent advice, guidance and oversight to the business about
the effectiveness of information security controls and practices in place or being proposed.
• The Fraud Risk sub-function is responsible for ensuring that effective prevention, detection and investigation measures are
in place against all forms of fraudulent activity, whether initiated internally or externally, and is available to support any
part of the business. To achieve that and to attain the level of integration needed to face the threat, the management of all
types of fraud (e.g. card fraud, non-card fraud and internal fraud, including investigations) is established within one
management structure and is part of the Global Risk function. We use technology extensively to prevent and detect fraud.
For example, customers’ credit and debit card spending is monitored continuously and suspicious transactions are
highlighted for verification, internet banking sessions are reviewed and transactions monitored in a similar way and all new
account applications are screened for fraud. We have a fraud systems strategy which is designed to provide minimum
standards and allow easier sharing of best practices to detect fraud and minimise false alerts. We have developed a holistic
and effective anti-fraud strategy which, in addition to the use of advanced technology, includes fraud prevention policies
and practices, the implementation of strong internal controls, investigations response teams and liaison with law
enforcement where appropriate.
• The Contingency Risk sub-function is responsible for ensuring that the group’s critical systems, processes and functions
have the resilience to maintain continuity in the face of major disruptive events. Within this wider risk, business continuity
management covers the pre-planning for recovery, seeking to minimise the adverse effects of major business disruption,
either globally, regionally or within country, against a range of actual or emerging risks. The pre-planning concentrates on
the protection of customer services, our staff, revenue generation, the integrity of data and documents and meeting
regulatory requirements. Each business has its own recovery plan, which is developed following the completion of a
business impact analysis. This determines how much time the business could sustain an outage before the level of losses
becomes unacceptable, i.e. its criticality. These plans are reviewed and tested every year. The planning is undertaken
against Group policy and standards and each business confirms in an annual compliance certificate that all have been met.
Should there be exceptions, these are raised and their short-term resolution is overseen by Group and regional business