RBS 2013 Annual Report Download - page 63
Download and view the complete annual report
Please find page 63 of the 2013 RBS annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
Report of the Board Risk Committee
61
Risk strategy and policy
RBS has a clear risk strategy supported by well defined strategic risk
objectives. The members of the Board Risk Committee provide input to
the overarching strategy for the business on an ongoing basis.
During 2013, the Board Risk Committee reviewed the implementation of
the Group Policy Framework across the organisation. It also reviewed
the output of control environment certifications which provided the
Committee with an assessment of the effectiveness of the Group’s
internal control environment. Particular focus was placed on how the
operational risk framework was structured to identify single points of
failure and “black swan” events, being those events that were difficult to
predict but would have a high impact. The Committee agreed that Risk
Management should reinforce with divisions that risk assessments and
scenario analysis should extend to these events and that consideration
should also be given to resilience.
Together with the Group Audit Committee, throughout 2013, the
members placed particular focus on the implementation and embedding
of the three lines of defence model across divisions. While progress has
been made, the Committee recognises that additional work is required to
fully delineate responsibilities across front line management, risk and
internal audit. The Committee has emphasised that it considers effective
operation of the model to be a priority and will closely monitor progress
in 2014 alongside strategic and organisational change.
The Committee also considered management’s plans to deliver a holistic
Enterprise Risk Management (ERM) framework, intended to deliver an
increase in effectiveness and make risk more relevant to the operation of
the business. This would involve rationalising existing risk management
tools and making them integral to business as usual. The Committee
noted its emphatic support to the accelerated programme of work
planned for 2013/2014 which including the development of outcome-
focused principles of business and the use of tools such as the “yes
check” to align values with customer outcomes based on integrity,
safety, soundness, reputation and standards.
The members closely reviewed implementation plans and delivery of
solutions to meet the requirements of the Single European Payments
Area. The Committee in particular has monitored the relationship with
the Central Bank of Ireland in this regard.
The Committee has received reports on plans underway to enhance
data quality across the organisation. It has also considered information
security, corporate security and cyber risk.
Risk profile
Reporting
The Committee received a detailed report on key risks and metrics at
each meeting and the Group Chief Risk Officer provided a verbal update
on the key risks to the organisation. Following his appointment, the Head
of Conduct and Regulatory Affairs also provided a verbal update on
current pertinent matters to the Committee at each meeting. These
reports enabled the Committee to identify the key risk areas where
additional focus was required.
During 2013, the Committee has continued to focus on enhancing risk
reporting and some improvements have been made, including the
creation of a risk report at entity level of National Westminster Bank Plc.
However, the annual Committee performance evaluation has highlighted
that more work is required to rationalise the reports that are received by
the Committee; to ensure that key risks are conveyed succinctly and
prominently; and to standardise and simplify presentations. This will be
taken forward in 2014.
The Committee reported to the Board following each meeting on its
consideration of the risk profile of the business and made
recommendations as appropriate.
Risk Incidents and Regulatory reviews and investigations
As in previous years, regulatory risk featured highly on the agenda of the
Committee during 2013. Most significantly, as highlighted above, in the
letter from the Committee Chairman, the Committee continued to play a
central role in the oversight and remediation of the Group’s 2012 IT
incident. It received regular reports on the work being undertaken to
enhance resilience and address root causes of the issue and has
challenged management on the robustness of plans and in relation to
capability across the three lines of defence. Significant progress has
been made to address the deficiencies highlighted by the incident.
However, longer term investment in further enhancement to the Group’s
infrastructure is ongoing. The Committee will continue to oversee the
remediation activity and wider enhancement required to systems and
resilience during 2014. The Committee will also work with its regulators
to address findings as their investigation of the incident concludes and
will ensure accountability is fully considered and learnings are adopted,
across the organisation.
The Committee was dismayed to learn of the most recent system outage
in late 2013 and will ensure that this matter and any correlation with the
earlier IT incident is fully understood.
The allegations set out in the Tomlinson Report have been taken very
seriously by the Group and while there is no evidence of systemic
wrongdoing in the way distressed customers were treated by the
Group’s restructuring division, an independent review by Clifford Chance
has been commissioned. The FCA has separately appointed a skilled
person to undertake a review under section 166 of the Financial
Services and Markets Act. The Board Risk Committee will review the
outputs of these investigations and will liaise with its regulators as
required.