HSBC 2014 Annual Report Download - page 77

Download and view the complete annual report

Please find page 77 of the 2014 HSBC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 200

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200

HSBC BANK PLC
Report of the Directors: Risk (continued)
75
Operational risk in 2014
During 2014, our operational risk profile continued to be
dominated by compliance and legal risks as referred to in
the ‘Principal risks’ section and Note 37 on the Financial
Statements. Losses were realised relating to events that
occurred in previous years, albeit at a lower level than in
2013. These events included the possible historical mis-
selling of payment protection insurance (‘PPI’) and
interest rate protection products in the UK (see Note 27
on the Financial Statements). A number of mitigating
actions continue to be taken to prevent future mis-
selling incidents.
The incidence of regulatory and other legal proceedings
against financial service firms is increasing. Proposed
changes relating to capital and liquidity requirements,
remuneration and/or taxes could increase our cost of
doing business, reducing future profitability. We remain
subject to a number of regulatory proceedings including
investigations and reviews by various regulators and
competition and law enforcement authorities around the
world relating to certain past submissions made by panel
banks and the processes for making submissions in
connection with the setting of London interbank offered
rates (‘Libor’) and other benchmark interest rates. As
certain HSBC companies are members of such panels,
HSBC has been the subject of regulatory demands for
information and is cooperating with those investigations
and reviews. Various regulators and competition and law
enforcement authorities around the world are also
conducting investigations and reviews into a number of
firms, including HSBC, related to trading on the foreign
exchange markets and activity in the credit derivatives
market, and various class actions have been filed in the
US related to alleged anti-competitive behaviour related
to precious metals In response, we have undertaken a
number of initiatives, including the restructuring of our
Compliance sub-functions, enhancing our governance
and oversight measures to implement Global Standards
as described on page 9 and other measures put in place
designed to ensure we have the appropriate people,
processes and procedures to manage emerging risks and
new products and business. For further details see
'Compliance risk' on page 76 and for details of the
investigations and legal proceedings see Note 37 of the
Financial Statements.
On 12 November 2014, the UK FCA and the US
Commodity Futures Trading Commission (‘CFTC’) each
announced having concluded regulatory settlements
with a number of banks, including HSBC Bank plc, in
connection with their respective investigations of trading
and other conduct involving foreign exchange
benchmark rates. Under the terms of those settlements,
HSBC Bank plc agreed to pay a financial penalty to the
FCA and a civil monetary penalty to the CFTC and to
undertake various remedial actions. For further
information, see Note 37 on the Financial Statements.
HSBC has undertaken a review of compliance with the
fixed-sum unsecured loan agreement requirements of
the UK Consumer Credit Act (CCA’). A liability has been
recognised within ‘Other liabilities’ for the repayment of
interest to customers where annual statements did not
remind them of their right to partially prepay the loan,
notwithstanding that the customer loan documentation
did include this right. There is uncertainty as to whether
other technical requirements of the CCA have been met,
for which we have assessed an additional contingent
liability. For further details see Note 27 on the Financial
Statements.
Other operational risks included:
fraud risks: the threat of fraud perpetrated by or
against our customers, especially in retail and
commercial banking, may grow during adverse
economic conditions. We increased monitoring,
analysed root causes and reviewed internal controls
to enhance our defences against external attacks and
reduce the level of loss in these areas. In addition,
Group Security and Fraud Risk worked closely with
the global businesses to continually assess these
threats as they evolved and adapt our controls to
mitigate these risks;
level of change creating operational complexity:
the Global Risk function is engaged with business
management in business transformation initiatives
to ensure robust internal controls are maintained,
including through participation in all relevant
management committees. The Global Transactions
Team has developed an enhanced risk management
framework to be applied to the management of
disposal risks;
information security: the security of our information
and technology infrastructure is crucial for
maintaining our banking applications and processes
while protecting our customers and the HSBC brand.
A failure of the control framework which protects this
could have implications for the wider financial sector
and result in direct financial loss, and / or the loss of
customer data and other sensitive information which
could undermine both our reputation and our ability
to retain the trust of our customers. Programmes of
work have been ongoing to strengthen internal
security controls to prevent unauthorised access to
our systems which may affect live services or facilitate
data loss or fraud. In common with other banks and
multinational organisations, we continue to be a
target of increasingly sophisticated ‘cyber’ attacks
such as Distributed Denial of Service attacks which
affect the availability of customer-facing websites. In
addition, reliance on standard internet technologies,
protocols and services means we are subject to wide-
scale remediation when flaws are reported in these
technologies. Lessons learnt from attacks experienced
within the industry and information sharing with
other financial institutions, government agencies and
external intelligence providers allows us to develop a
better understanding of our own susceptibilities and
to develop scenarios to test against. They will
continue to be a focus of ongoing initiatives to
strengthen the control environment. Significant
investment has already been made in enhancing
controls around data access, the heightened
monitoring of potential cyber-attacks and continued
training to raise staff awareness. This is an area that
will require continual investment in our operational
processes and contingency plans;
vendor risk management: we continue to focus on
the management of vendor risks including making