RBS 2008 Annual Report Download - page 121

Download and view the complete annual report

Please find page 121 of the 2008 RBS annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 299

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299

Operational risk events by category – % of total by value
The charts below show that execution, delivery, and process management accounted for over 60% of losses by value during 2008. This differs from
2007 where a single large value event meant that clients, products and business practices was the largest category. The data is on a statutory basis.
Clients, product and business practices
Execution, delivery and process management
External fraud
Other
2008 2007
RBS Group Annual Report and Accounts 2008120
Business review continued
Financial crime
Financial crime remains a big challenge for the Group, especially given
the sophistication of the criminal fraternity. However, the Group
continues to respond to such threats, by continuing to invest in people
and processes for both detective and preventative measures especially
relating to card fraud and cyber crime. Key initiatives include changes
to authentication of payments, ATM security, software enhancements
and improvement in counterfeit detection.
Physical security environment
The number of physical attacks on our retail business was broadly static
in 2008 compared with 2007. Business plans and controls have been
enhanced to reflect the increase in size of the global business during
the year, for example changes to retail and ATM security and sharing
best practice with competitors and law enforcement agencies.
Information security
The Group is committed to protecting customer and Group information.
Under a Group-wide policy framework, Group Information Security is
developing, maintaining and implementing policies and systems to
secure such information. All employees and agents of the Group are
responsible for the protection of Group assets, systems and information.
All customer information is treated as confidential and appropriate
security is applied to protect the information. The Group Information
Security Policies are aligned to international standards and regulatory
requirements.
The Group recognises information security, relating to the loss of
confidentiality, integrity or availability of our information and systems, as
a specific risk, which is managed through a Group Information Security
Policy. This is reviewed annually and includes processes for managing
and ensuring compliance with the policy. The same standards apply to
information controlled by the Group or managed by authorised third
parties. The Group continues to invest in programmes to enhance and
maintain information security controls and systems. For example, during
2008, security reviews on third party suppliers and vendors were
significantly increased.
Business continuity
The management of crisis situations and the need to ensure the
continuity of business across the Group is a key activity within the risk
function. A consistent crisis and incident management framework has
been rolled out across the Group, to ensure that any incident is
identified, managed and resolved through skilled divisional, country,
regional and global teams. A six step methodology is in place within the
Group for managing incidents.
Key risks and threats that the Group is consistently monitoring from the
crisis and incident management perspective include pandemics,
terrorism, environmental impacts and technology disruptions.
Business continuity plans have been implemented to ensure that the
Group can continue key services, products and operations.