RBS 2010 Annual Report Download - page 204

Download and view the complete annual report

Please find page 204 of the 2010 RBS annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 445

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445

Risk management: Operational risk* continued
Physical security
The Group continues to implement strong security measures to ensure
the safety of staff, the Group’s customers and businesses from physical
harm. Against an ever changing threat environment, these measures are
kept under constant review and adapted accordingly. The past year has
seen protests groups continue to target the Group (most notably Climate
Camp in August 2010); robust processes are in place to ensure the
safety of customers and staff during these demonstrations. The Group
also continues to mitigate against the threat posed by international
related terrorism.
Information security
The Group is committed to protecting customer, employee and Group
information with regard to the loss of confidentiality, integrity and
availability. This extends to all physical and electronic information. All
employees and related third parties of the Group are responsible for the
protection of Group assets, systems and information. All customer
information is treated as confidential and appropriate security is applied
to protect the information. Additionally, the Group’s information security
policy is reviewed regularly and includes processes for managing and
monitoring compliance with the policy. The same standards apply to
information controlled by the Group or managed by authorised third
parties.
The Group continues to invest in programmes to enhance and maintain
information security controls and systems. For example, during 2010 the
Group have risk assessed the externally facing websites and penetration
tested those websites that contain confidential, high-risk Group data and
established an assurance team to implement an ongoing programme of
third party reviews.
Business continuity
The need to ensure the continuity of business across the Group and the
management of crisis situations is a key activity within the risk function.
Key risks and threats that the Group is consistently monitoring from a
business continuity perspective include pandemics, terrorism,
environmental impacts and technology disruptions. Business continuity
plans are in place to ensure that the Group can continue key products,
services, and operations. A consistent crisis management framework has
been developed that includes a six step methodology and allows
incidents to be managed and resolved through skilled global teams.
All business continuity plans, related activities and systems are tested
annually. The plan data is validated every 6 months and where the
impact on business is high, the validation frequency is increased to every
3months.
Regulatory risk*
Regulatory risk arises from the non-adherence to international and
national rules and regulations. The Group manages regulatory risk
through a regulatory risk and compliance framework that seeks to ensure
the Group is in compliance with all banking, securities, insurance and
anti-money laundering regulations defined by more than 120 different
regulatory bodies and central banks across the world. This framework
comprises global regulatory risk policies, tracking of regulatory
developments, training and awareness, assurance and monitoring and
regulatory relationship management.
Global regulatory risk policies
Within the Group Policy Framework (GPF), regulatory risk and
compliance policies define minimum standards for all businesses to
adhere to on a global basis. These policies are primarily driven by the
rules and regulations set by the FSA as the Group’s lead regulator.
These global minimum standards are supplemented by division specific
policies where appropriate (product specific or local market specific
requirements).
Regulatory developments
Regulatory environments are constantly evolving and it is critical that the
Group both understands early on the drivers for this change and be able
to assess the potential impact of prospective rules and regulations on the
different businesses. The regulatory developments tracker seeks to
identify, track and monitor all such material changes and ensure that an
appointed senior executive is responsible for assessing the potential
impacts on the Group’s business. Such activity supports both effective
engagement in the regulatory consultation process, and planning for the
introduction of new or changed rules and regulations.
During the last 12 months the Group has experienced unprecedented
levels of prospective rules and regulations particularly in the area of
prudential regulation (capital, liquidity, governance and risk management),
and to the treatment of systemically important entities, in particular
through initiatives on recovery and resolution plans (‘living wills’) - see
page 398 for regulatory developments and reviews.
Training and awareness
Maintaining compliance with existing rules and regulations requires a
continued investment in professional training and maintaining risk
awareness. The group undertakes extensive training both with group
wide learning initiatives (e.g. anti-money laundering) as well as divisional
or product specific training. To support the professional development of
the Group’s regulatory risk staff the Group has a comprehensive
progressive training programme that is deployed on a global basis.
Assurance and monitoring
Assurance and monitoring activities are key to ensuring that the Group
can demonstrate ongoing compliance with existing rules and regulations.
Such activities are conducted in both the first line and second line of
defence. Work to design, implement and embed enhanced monitoring
tools was undertaken in 2010 and will continue into 2011.
Regulatory relationship management
The Group is committed to working with its regulators in an open and
constructive way as it deals with both the evolution of regulatory
frameworks as well as the ongoing compliance to existing rules and
regulations. The regulatory relationship management tool is used to track,
record, monitor and report on all material regulatory engagement to
ensure that activities remain co-ordinated across the Group - see page
397 for a description of the key regulatory and supervisory bodies with
which the Group engages.
*unaudited
RBS Group 2010202
Business review continued