Home » HSBC Annual Reports » 2015 Annual Report - page 108

HSBC 2015 Annual Report Download - page 108

Download and view the complete annual report

Please find page 108 of the 2015 HSBC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Report of the Directors: Risk (continued)

Managing risk

HSBC HOLDINGS PLC

106

Risks Arising from Measurement, monitoring and management of risk

Operational risk (page 176)

The risk of loss resulting from

inadequate or failed internal

processes, people and systems or

from external events, including

legal risk.

Operational risk arises from

day to day operations or

external events, and is

relevant to every aspect of

our business.

Compliance risk and

Fiduciary risk are discussed

below. Other operational

risks are covered in the

Appendix to Risk (page 217).

Operational risk is:

• measured using both the top risk analysis process and the risk

and control assessment process, which assess the level of risk and

effectiveness of controls;

• monitored using key indicators and other internal control

activities; and

• managed primarily by global business and functional managers.

They identify and assess risks, implement controls to manage

them and monitor the effectiveness of these controls utilising

the operational risk management framework. Global Operational

Risk is responsible for the framework and for overseeing the

management of operational risks within global businesses and

global functions.

Compliance risk (page 178)

The risk that we fail to observe

the letter and spirit of all relevant

laws, codes, rules, regulations

and standards of good market

practice, and incur fines and

penalties and suffer damage to

our business as a consequence.

Compliance risk is part of

operational risk, and arises

from rules, regulations,

other standards and Group

policies, including those

relating to anti-money

laundering, anti-bribery and

corruption, counter-terrorist

and proliferation financing,

sanctions compliance and

conduct of business.

The US DPA is discussed on

page 113 and the Monitor

on page 116.

Compliance risk is:

• measured by reference to identified metrics, incident assessments

(whether affecting HSBC or the wider industry), regulatory

feedback and the judgement and assessment of compliance

officers in our global businesses, regions and functions;

• monitored against our compliance risk assessments and metrics,

the results of the monitoring and control activities of the second

line of defence functions, including the Financial Crime Compliance

and Regulatory Compliance sub-functions, and the results of

internal and external audits and regulatory inspections; and

• managed by establishing and communicating appropriate policies

and procedures, training employees in them, and monitoring

activity to assure their observance. Proactive risk control and/or

remediation work is undertaken where required.

Other material risks

Reputational risk (page 189)

The risk of failure to meet

stakeholder expectations as a

result of any event, behaviour,

action or inaction, either by HSBC

itself, our employees or those

with whom we are associated,

that might cause stakeholders to

form a negative view of the

Group. This may result in financial

or non-financial impacts, loss of

confidence, or other

consequences.

Primary reputational risks

arise directly from an action

or inaction by HSBC, its

employees or associated

parties that are not the

consequence of another

type of risk. Secondary

reputational risks are those

arising indirectly and are a

result of another risk

caused either by HSBC, its

employees or associated

third parties.

Reputational risk is:

• measured by reference to our reputation as indicated by our

dealings with all relevant stakeholders, including media, regulators,

customers and employees;

• monitored through a reputational risk management framework

that is integrated into the Group’s broader risk taxonomy; and

• managed by every member of staff and is covered by a number of

policies and guidelines. There is a clear structure of committees

and individuals charged with mitigating reputational risk, including

the Group Reputational Risk Policy Committee, the Global Risk

Resolution Committee and reputational risk committees in the

regions and global businesses.

Fiduciary risk (page 189)

The risk of breaching our fiduciary

duties, defined as any duty where

HSBC holds, manages, oversees or

has responsibilities for assets for

a third party that involves a legal

and/or regulatory duty to act

with the highest standard of care

and with utmost good faith.

Fiduciary risk is part of

operational risk, and arises

from our business activities

where we act in a fiduciary

capacity (‘designated

businesses’) as Trustee,

Investment Manager or

as mandated by law or

regulation.

Fiduciary risk is:

• measured by each designated business monitoring against their

own risk appetite statements and by the operational risk and

control assessment process, which assesses the level of risk and

the effectiveness of the key controls;

• monitored through a combination of testing, key indicators and

other metrics such as client and regulatory feedback; and

• managed within the designated businesses via established

governance frameworks, and comprehensive policies, procedures

and training programmes.