RBS 2013 Annual Report Download - page 360
Download and view the complete annual report
Please find page 360 of the 2013 RBS annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
Business review Risk and balance sheet management
358
Other risks* continued
Operational risk
Definition
Operational risk is the risk of loss resulting from inadequate or failed
internal processes, people and systems, or external events.
It arises from day-today operations and is relevant to every aspect of the
Group’s business.
Sources of risk
Operational risk may arise from a failure to manage appropriately the
Group's operations, transactions and security. It may arise from other
forms of human error, an inability to deliver change on time or
adequately, or from the unavailability of technology services, or the loss
of customer data. It could also result from a liability or a loss arising from
a defective transaction. A failure to take appropriate measures to protect
assets or to take account of changes in law, are sources of risk. Fraud
and theft are important sources of operational risk, as is the impact of
natural and man-made disasters.
Governance structure
The Group operates with an independent Operational Risk Second Line
of Defence function comprising both a central team and teams based in
each business. The function plays a leadership role by providing a
forward-looking, value-adding capability, working with the business to
achieve a robust risk management culture across the bank. The Group
Head of Operational Risk reports to the Group Chief Risk Officer.
The Operational Risk function is responsible for the design and
maintenance of the operational risk framework. The Operational Risk
Policy and associated standards are incorporated in the Group Policy
Framework and provide direction for the consistent identification,
assessment, management, monitoring and reporting of operational risk.
The Operational Risk Executive Committee, which is a sub-committee of
the Group Risk Committee, acts on all operational risk matters. It is
responsible for identifying and managing emerging operational risks, and
for reviewing and monitoring operational risk profile strategies and
frameworks across the Group, ensuring they are in line with risk appetite.
Risk management
Risk appetite
The Group’s operational risk appetite statement is agreed by the Group
Board. It comprises a number of specific measures of risk, including
operational risk capital adequacy, earnings volatility based on the
relationship between operational risk losses and the Group’s estimated
gross income. It also includes metrics covering control environment
performance. Further refinement of the appetite measure is planned for
2014.
To confirm that the Group operates within the set risk appetite, the high-
level statement is aligned with the strategic risk objectives of the Group.
Group-level measures have been set and cascaded to divisions and
supported by additional tolerances and key indicators.
Operational risk appetite measures and frameworks are reviewed
annually at the ERF.
*unaudited
The objective of operational risk management is not to remove
operational risk altogether, but to manage it to an acceptable level, taking
into account the cost of minimising the risk against the resultant reduction
in exposure. Strategies to manage operational risk include avoidance,
transfer, acceptance and mitigation by controls.
The operational risk cycle comprises four stages:
• Identification of risks
• Assessment or measurement of the scale of risks
• Management or control of risks to prevent their recurrence or
minimise the potential impact
• Monitoring and reporting of risks.
Although the operational risk tools encompass all stages of the risk cycle,
they can be broadly categorised as follows:
Identification and assessment
Risk assessments are used to identify and assess material operational
risks and key controls across all business areas. To provide a consistent
categorisation of risks and controls across the Group and to support
identification of risk concentrations, all risks and controls are mapped to
the Group-wide risk taxonomy and the control catalogue.
The process is designed to confirm that risks are effectively managed
and prioritised in line with the stated risk appetite. Controls are tested
frequently to verify and validate that they remain fit for purpose and
operate effectively. Risk assessments are typically conducted in a
workshop environment, bringing together subject matter experts and key
stakeholders from across the divisions and key functions.
In 2013, the focus was on the continued implementation and embedding
of risk assessments across the Group. This included the strengthening of
links between risk assessments and other elements of the Group
operational risk framework.
New product risk assessment
The Group’s new product risk assessment process is used to ensure that
risks for all new products (and material variations to existing products)
are adequately identified and assessed before their launch. The
assessment documentation and review includes the requirement to
demonstrate that the product provides fair outcomes for customers.
The Group New Business Forum reviews and challenges proposed high
risk products to ensure material risks have been adequately identified
and assessed so that new products are launched in line with the Group’s
risk appetite and strategy.
Enhancements made during 2013 include the introduction of an improved
product pipeline to provide more detail on product review and sign-off,
and enhanced reporting to the Group New Business Forum to allow
challenges to the risk classification of products assessed as low-risk by
divisions.