Alt+0 to show this section, Tab to navigate forward, Shift+Tab key to navigate backward, Enter to access link, and Esc to reset

Press tab key to access skip links section. Press Alt+0 to access it anytime.

Reputational and operational risks

Reputational risk

We regularly review our policies and procedures for safeguarding against reputational risk. This is an evolutionary process which takes account of relevant developments, industry guidance, best practice and societal expectations.

We have always aspired to the highest standards of conduct and, as a matter of routine, take account of reputational risks to our business. Reputational risks can arise from a wide variety of causes. As a banking group, our good reputation depends not only upon the way in which we conduct our business, but also by the way in which clients, to whom we provide financial services, conduct themselves.

Group functions with responsibility for activities that attract reputational risk are represented at the Group Reputational Risk Policy Committee (GRRPC), which is chaired by the Group Chairman. The primary role of the GRRPC is to consider areas and activities presenting significant reputational risk and, where appropriate, to make recommendations to the Global Standards Steering Committee for policy or procedural changes to mitigate such risk. Reputational Risk Policy Committees, which have been established in each of the Group's geographical regions, are required to ensure that reputational risks are also considered at a regional level. Minutes from the regional committees are tabled at GRRPC.

Standards on all major aspects of business are set for HSBC and for individual subsidiaries, businesses and functions. Reputational risks, including environmental, social and governance matters, are considered and assessed by the Board, the GMB, the Risk Management Meeting, the Global Standards Steering Committee, subsidiary company boards, Board committees and senior management during the formulation of policy and the establishment of our standards. These policies, which form an integral part of the internal control system, are communicated through manuals and statements of policy and are promulgated through internal communications and training. The policies set out our risk appetite and operational procedures in all areas of reputational risk, including money laundering deterrence, counter-terrorist financing, environmental impact, anti-bribery and corruption measures and employee relations. The policy manuals address risk issues in detail, and co-operation between Group departments and businesses is required to ensure a strong adherence to our risk management system and our sustainability practices.

Operational risk

The objective of our operational risk management is to manage and control operational risk in a cost-effective manner within targeted levels of operational risk consistent with our risk appetite, as defined by the GMB.

Operational risk is organised as a specific risk discipline within Group Risk, and a formal governance structure provides oversight over its management. A Global Operational Risk and Control Committee, which reports to the Risk Management Meeting, meets at least quarterly to discuss key risk issues and review the effective implementation of our operational risk management framework. Business managers are responsible for maintaining an acceptable level of internal control, commensurate with the scale and nature of operations, and for identifying and assessing risks, designing controls and monitoring the effectiveness of these controls. The operational risk management framework helps managers to fulfil these responsibilities by defining a standard risk assessment methodology and providing a tool for the systematic reporting of operational loss data.