Professional Documents
Culture Documents
Regulatory Risk: HSBC Technology and Services
Regulatory Risk: HSBC Technology and Services
The three key regulatory risks to a business and the measures Compliance
Department should have in place to mitigate them
CONTENTS
Introduction
Regulatory Risk
Consequences of Non-adherence
Key Risks : Reputational Risk, Financial Risk &
Litigation Risk
?
Other Risks : Money Laundering Risk
Measures to Manage Regulatory Risks
Introduction
Regulatory Risk
A Regulatory risk is the risk to the legal position, earnings, capital and reputation
associated with failure to comply with regulatory requirements and expectations set by the
operating BA Regulatory Authority.
The three key regulatory risks for a business or an outsourcing company would be
Reputational Risk, Financial Risk & Litigation Risk.
4 Your presentation title goes here Restricted for company use only
HSBC TECHNOLOGY AND SERVICES
5 Your presentation title goes here Restricted for company use only
HSBC TECHNOLOGY AND SERVICES
Financial Risk
Financial risk is risk associated with the possibility of incurring a Financial loss due to the
non-adherence of regulations.
Non adherence to Regulations would increase the Financial risks in the business as
mentioned below;
Regulatory authorities penalizing the organization could demand increased capital due to
the increase in the overall business regulatory risks.
Financial losses incurred during a penalty or fine by the regulators.
Reputational loss due to non adherence could lead to financial losses.
During the correctional period of a regulatory breach, the Management time and
resources spent implementing regulator's requirements could lead to Financial losses.
If an organization regulatory breach is public and or if the breach leads to a litigation,
significant losses via shares could be experienced
6 Your presentation title goes here Restricted for company use only
HSBC TECHNOLOGY AND SERVICES
Litigation Risk
7 Your presentation title goes here Restricted for company use only
HSBC TECHNOLOGY AND SERVICES
8 Your presentation title goes here Restricted for company use only
HSBC TECHNOLOGY AND SERVICES
Operation Level
9 Your presentation title goes here Restricted for company use only
HSBC TECHNOLOGY AND SERVICES
• All processing staff who have direct contact with customers (either telephone or written) must be
aware of DSARs / Requests for Personal Information .
• Staff must, on first instance, be able to understand the nature of request and escalate immediately
as appropriate.
• If a verbal request is received, the customer needs to be asked to put this in writing or guided to
complete the DSAR / Requests for Personal Information request form available via the intranet.
http://letsconnect.systems.uk.hsbc/INT/repository.nsf/vw_title/E7675180293EDCFD80256E8A0055
7C79/$file/ProvInfo.pdf
• It is mandatory that all AMOs and above, be aware of this right and notice of a DSAR be escalated
to the LCO immediately.
• Where information is held on a system at a GSC site that is not accessible by the BP, staff must be
aware that they must search these systems when a request for information is made by the customer to
ensure all details are provided.
10 Your presentation title goes here Restricted for company use only