Banks take risks when they lend money and make investments. People may be unable to repay what they borrow and some investments fail. Banks assess these risks – known as credit risk and market risk – as a normal part of doing business.

But banks also have to cope with mistakes and events that disrupt everyday business. They could include a failure to comply with regulations or losses caused by poor computer systems. These are known as operational risks. They can arise from inadequate internal processes and systems as well as from external events.

Operational risk comes in different forms and its effects can last for many years. In 2015, many of our operational risk losses related to compliance and conduct, and we continued to incur losses relating to events from previous years. We are taking a range of action to prevent future incidents that are related to poor conduct and processes within the bank.

Other operational risks include:

  • Compliance with regulatory agreements and orders: failure to implement our obligations under the US Deferred Prosecution Agreement could have a material adverse effect on our results and operations. Read more about our approach to managing financial crime risk

  • Level of change creating operational complexity: we aim to maintain robust internal controls as we transform the business in line with our strategy

  • Fraud risks: our loss prevention performance remains strong in most markets, but the introduction of new technologies and ways of banking mean that we continue to be subject to fraud attacks. We continue to increase monitoring and enhance detective controls to mitigate these risks

  • Information security: the security of our information and technology infrastructure is crucial for maintaining our banking services and protecting our customers and the HSBC brand. Work is ongoing to strengthen internal security controls and to prevent unauthorised access to our systems and network. We are also improving the controls and security applied to protect our customers. Strong engagement and support within the industry, government agencies and intelligence providers helps to ensure we keep abreast of developments

  • Third-party risk management: we are strengthening our third-party risk management capability, particularly related to the management of vendor risks. We have implemented a supplier performance management programme with our biggest suppliers and screen suppliers to help us to identify if any are on a sanctions list and if we should therefore exit the relationship

  • The objective of our operational risk management is to manage and control operational risk in a cost-effective manner within targeted levels of operational risk consistent with our risk appetite, as defined by the Group Management Board.

Related content

Our conduct

Operating with high standards of conduct is central to our long-term success. We have processes, policies and a culture designed to ensure fair outcomes for customers and protect the integrity of financial markets.

Financial crime risk

In line with our ambition to be recognised as the world’s leading international bank, we aspire to set the industry standard for knowing our customers and detecting, deterring and protecting against financial crime.

Supplier code of conduct

We expect businesses who supply goods and services to HSBC to operate responsibly. Our supplier code sets out the standards we require.