5. Summary of proposed Oversight Plans
advertisement
GROUP REGULATORY RISK "setting and overseeing HBOS standards in regulatory risk management" Summary Business Plan 2004 - 2005 "The regulatory environment - a key strategic challenge" 1 TABLE OF CONTENTS 1. Introduction............................................................................. 3 2. Key regulatory challenges and risks ....................................... 4 3. Our accountabilities ................................................................ 5 4. Our vision ............................................................................... 6 5. Our objective .......................................................................... 6 6. Our strategy............................................................................ 6 7. Key priorities........................................................................... 7 8. Summary of proposed oversight plans ................................. 10 9. Fighting financial crime ...... …………………………………….14 10. Technical & policy services................................................... 14 11. Key performance indicators .................................................. 15 12. Key risks to executing the plan ............................................. 16 13. Resources ............................................................................ 17 14. Conclusion............................................................................ 18 APPENDICES 1. Structure chart ...................................................................... 19 2 Extracts from FSA Financial Risk Outlook and Business Plan 2004…………………………………………………………20 2 1. INTRODUCTION This paper sets out a summary of the GRR Business Plan for 2004-2005. It has been revised following the draft presented to the Group Audit Committee on 9th December 2003 to take account of further discussions and developments relating to the Arrow Risk Assessments of HBOS Group and the Retail, IID, Corporate and Treasury Divisions. It also takes account of the themes set out in the FSA's business plan for April 2004–2005 published in mid January 2004. See Appendix 2 for key extracts. The theme of the Business Plan is – "The regulatory environment – a key strategic challenge". With our regulatory risk profile arguably as high as it has ever been, it is clear that managing our regulatory risks over the coming year (and maybe more) will be a major challenge. It is, of course, a major tactical challenge to manage the existing list of regulatory risks and issues we face in the current environment. But it needs to be seen as even more important than that. It needs to be treated as a strategic challenge. If we treat it with that importance, we will not only deliver the tactical successes we must achieve but also a real competitive advantage in the market place. As Dennis Stevenson will say in his statement in the Annual Report and Accounts 2003: "Regulation represents both society's consent to our activities and an opportunity to create advantage over our competitors." Conversely, the impact on the Group's Business Plans of not meeting the challenge we face could be material if senior management's attention is forced to be diverted from its growth ambitions - which are such a prominent feature of our message to the market place - to its systems and controls for ensuring regulatory compliance. This could not only impact on existing markets but may make the FSA reluctant to see HBOS undertaking any material expansion into new markets or any significant M&A activity. More directly, the quality cost of failure or re-work will hit the bottom line - the £2m of fines we received in 2003 mask the very much larger other direct and indirect costs associated with resolving these failures. If this means we don't hit our published targets, the financial impact will not just hit the P&L and our crucial ROE target but could well have a magnified impact on shareholder value. Furthermore, if we don't get the implementation of the Integrated Prudential Source Book right, we may very well be required by the FSA to set aside more regulatory capital. So, how can we meet this crucial strategic challenge? At the heart of overcoming the challenge, GRR believes that there are three key pre-requisites for success on which we should focus:3 The strength, depth and quality of our relationships and communications with the FSA. This requires much more work so that all the requisite parts of the group are working in harmony, with one strategy and a completely different level of coordination. It also needs the FSA to agree how important this is and how much work needs to be done in this area. The credibility of Group Risk functions operating as a truly effective second line of defence. This depends on the standards and policies they set, the depth and quality of the oversight they perform and the strength of the relationships they have which allow them to provide functional and technical leadership. But even more important, it will depend crucially on the FSA's confidence in this work. The demonstrable and enthusiastic engagement of the operating divisions in the work carried out by Group Risk functions. This business plan is designed support the achievement of these key prerequisites. 2. KEY REGULATORY RISKS AND CHALLENGES The key regulatory risks, challenges and issues on which this Plan is based include: Significantly increased FSA scrutiny ("close and continuous") of HBOS following their recent Arrow risk assessments of Retail, IID, Corporate, Treasury and HBOS Group. The determination of the HBOS Board and GMB to ensure the full effectiveness of its governance framework, systems and controls and its approach to risk management generally for the benefit of all our stakeholders including the FSA. In particular, the plan has been informed by what Mike Ellis said in his organisational announcements on October 3rd relating to the whole of Group Finance and Risk – and I quote - "As part of our organization review James Crosby has made it clear that he is keen to strengthen our hand in delivering against our responsibilities and will be taking steps to clarify and reinforce the role of Group Finance and Risk over the coming months." A continued focus on fairness to customers in line with Retail's "Customer Champion" strategy. This covers product development, promotion, delivery, fulfillment and complaints handling. This aligns perfectly with the FSA's own focus on "Treating Customers Fairly". Mortgage endowment complaints handling. Sales practices generally and the FSA's recent focus on Corporate Bond Fund Sales in particular and their decision to carry out a themed review. 4 3. Major regulatory change in UK and EU including implementing mortgage and general insurance regulation, IPSB, IAS and numerous other policy developments on the European legislative runway. Our own (and the FSA's) concern in relation to market timing and other types of potential market abuse. The importance of having an even greater focus on Arrow Risk Assessment and RMP processes and the general quality of our approach to systems and controls and risk management oversight. Senior Management Responsibilities, the Approved Persons Regime and the FSA's Principles for Business. Fighting financial crime – in all its guises. This is not only a compliance requirement but also a hugely important social responsibility. The Plan recognises that the Group continues to drive through ambitious business growth targets with stretch business plans and a determination to fulfill its promise to the market of hitting its target of 20% ROE by the end of 2004. OUR ACCOUNTABILITIES In summary, GRR's accountabilities are as follows: Setting group wide regulatory risk management standards, policies and framework. Carrying out oversight of and providing advice on regulatory risk management and the Combined Code (Turnbull) in each of the eight operating divisions and in Group Areas. This includes the provision of best practice standards for measurement of the effectiveness of the regulatory risk management framework, processes and environment. Providing functional / technical leadership and advice to Regulatory Risk Management specialists in the operating divisions. Fulfilling the regulatory accountabilities of Group MLRO and Data Protection Officer. Processing suspicion reports to go to NCIS. Coordinating communications and relations with the FSA including managing the Approved Persons regime. Coordinating the developments. Reporting on the above to all key stakeholders, as required, including the FSA. operational implementation of new regulatory 5 4. KEY PRIORITIES Our key priorities are set out below under the three headings corresponding to the HBOS Leadership Framework Profile. Delivering results Our key GRR priorities for delivering results across the HBOS Group in 2004 will be: Oversight and Advice - Our number one priority is to carry out and report on a much broader and deeper programme of oversight and advisory activities in each operating division. A summary of our oversight plans is set out in section 8 below. There are separate detailed plans developed by each Lead Relationship Manager in respect of their operating divisions. The new GRR structure with its focus on Lead Relationship Managers is designed principally to support this critical oversight and advisory activity. These senior professionals (Level 6) will agree the proposed programme of oversight activities with each operating division. They will seek to ensure complete alignment, coordination and non-duplication with GIA and local regulatory risk management audit or compliance monitoring programmes. Our oversight and advisory work falls into three broad categories which are explained in section 8 below: "Business as usual oversight" . "Group-wide themed oversight". "Operating division specific oversight". Our oversight and advisory activities will enable us to assess in more depth and provide more formal opinions to key stakeholders on the effectiveness of regulatory risk management in each of the operating divisions. 5. SUMMARY OF PROPOSED OVERSIGHT PLANS 5.1 OBJECTIVES OF OVERSIGHT The objectives of regulatory risk management oversight activities are: To enable GRR to provide key stakeholders (GAC, Main Board, GMB, DRCCs, FSA) with formal, independent opinions (see below for specimen wording), based on appropriate and adequate evidence, relating to the 6 effectiveness of regulatory risk management generally or in specific areas of high regulatory risk. To fulfill GRR's accountabilities under the HBOS governance framework as the "second line of defence". To fulfill GRR's accountabilities under the Approved Persons regime for the controlled functions of Compliance Oversight, Risk Assessment and Group Money Laundering Reporting Officer and to provide evidence to the other Approved Persons in Group and the Divisions that they have fulfilled their accountabilities. The specimen general opinion we would seek to give each year on regulatory risk management effectiveness is as follows: “Subject to the provisos set out below, GRR is of the opinion that regulatory risk management in [XYZ Division] is being carried out in a framework and environment which is likely to ensure that material regulatory risks are identified, assessed and mitigated in a manner which will meet the key FSA and HBOS Group requirements and policies." In relation to "themed" or division specific oversight activities, the nature of the opinion will depend on the area being reviewed and will provide an assessment on the actual substantive compliance performance in the relevant area. For example, if GRR were carrying out a themed review of regulatory complaints handling in Retail, its specimen opinion might be as follows:"Subject to the provisos set out below, GRR is of the opinion that the processes, resources, management systems and controls are operating effectively and in accordance with the relevant regulatory requirements and HBOS Group Policies. This is corroborated by the evidence of the sample of [X] specific complaints which were reviewed in the course of our work". The "watchwords" of outstanding oversight which provides confident assurance to the Group and added value to the operating divisions are:- Deep business understanding and relationships with divisional colleagues. - Confident advice and assessment that both protects and adds value. - Technical excellence and outstanding judgement. - Personal courage, independence and integrity. 7
