A A A

• 1Home
• 2Overview
• 3Business review
• 4Governance
  • Directors' profiles
  • Directors' report
  • Corporate governance report
  • Remuneration report 2007
  • Nominations Committee report
  • Audit committee report
  • Risk management and internal control report
  • Directors' responsibility statement
• 5Financial statements
• 6Other information

Risk management and internal control report

In this section we detail the work undertaken in connection with the Group's operational risk management process and system of internal controls.

Risk management

The Board is accountable for risk and is responsible for oversight of the risk management process. The Board has considered the key risks facing the Group and the exposure in relation to each of those risks.

The Group Management Committee reviews the key corporate risks facing the Group and receives regular reports as to the current status of each risk. It has approved a governance and risk framework which includes the responsibility of the Chief Financial Officer for the risk and control framework within the Group and the independent monitoring and reporting of risk and controls. A risk management structure is in place which embeds risk management within the business.

Group Risk Committee The Group Risk Committee supports the Chief Financial Officer in discharging the responsibilities outlined above and is the principal management committee for the monitoring and reporting of risks and controls. The Committee is chaired by the Chief Financial Officer, and includes representatives from the businesses and the control functions. The Committee reviews and monitors the adequacy and effectiveness of the process for the identification, assessment, mitigation, monitoring and management of all risks faced by the Group in achieving its business objectives. Local management is responsible for operational risk controls where appropriate and, depending on the size and complexity of the business unit, risk and control maps have been prepared which have been captured on an on-line worldwide risk management system. The Group Risk Committee receives reports from line management regarding any matters giving cause for concern and ensures appropriate remedial action is taken.

Credit risk Credit risk limits are reviewed and agreed centrally. In respect of agency risk, a dedicated team of credit professionals, together with local risk personnel are responsible for monitoring exposures against these limits and reporting to Group Risk management by exception. In respect of principal risk, the Group sets the overall Group limit and delegates authority to set credit limits within the overall limit to the Group's banking businesses in London and Switzerland.

Interest rate and market risk The Group does not run a trading book. The Private Banking subsidiaries hold certain financial instruments (debt securities, forward foreign exchange contracts and interest rate swaps) for customer facilitation purposes. It is Group policy to hedge interest rate risk which is largely mitigated by the short-term nature of our holdings of interest-bearing assets and liabilities. The Group has a number of overseas subsidiaries whose shareholders' funds, revenues and expenses are denominated principally in local currencies. Forward foreign exchange contracts with third parties are used to mitigate exposure to currency movements where it is considered that the sterling values of such amounts are at risk. The use of such instruments is limited and is subject to approval by the Group Capital Committee.

In addition, the Group's seed capital investments may also be hedged in respect of market risk where it is possible to construct an effective hedge and there is a perceived risk of volatility in the value of the investment due to market movements. The decisions to hedge market risk on seed capital investments, typically using futures, are taken by the Group Capital Committee in consultation with the business.

Monitoring risk The liquidity of the banking entities within the Group is monitored by the relevant local risk committees. The Group Capital Committee monitors and controls the use and liquidity of the Group's capital resources.

Dedicated personnel are responsible for producing and maintaining market and liquidity risk reports based upon the Financial Services Authority's methodologies under the Capital Adequacy Directive. The underlying methodologies and limits are reviewed and set centrally. Local risk committees review exposures against limits on a regular basis.

Group Compliance undertakes detailed monitoring activities to review compliance with legal and regulatory requirements. Group Internal Audit carries out a programme of audits approved by the Audit Committee, including reviews of the risk management process and advice and recommendations on improving the control environment.

Internal control

The Board is responsible for the Group's system of internal control and for reviewing its effectiveness. Such a system can provide only reasonable and not absolute assurance against material financial misstatement or loss and is designed to mitigate, not eliminate, risk.

On behalf of the Board, the Audit Committee carried out its annual assessment of the effectiveness of internal controls during 2007 using the following to support its conclusions:

• The six-monthly assessments by the Group Management Committee of key risks and of responsibilities for those risks. This assessment is supplemented where appropriate with the results of the semi-annual business risks and controls evaluation survey completed by business area heads across the Group;
• Quarterly reports from the Heads of Group Compliance and Group Risk on the control environment and relevant issues arising within the Group, highlighting any major instances of non-compliance and the actions being taken to remedy such non-compliance. This includes consideration of fraud prevention measures in place across the Group;
• A twice-yearly report from the Group General Counsel outlining the Group's legal risks;
• Quarterly reports from the Head of Group Internal Audit on the key issues arising from Internal Audit's inspection programme;
• Group Internal Audit's review of the effectiveness and application of the risk management process; and
• Annual and regular reports from the Head of Group Internal Audit on the control environment.

The Board is of the view that there is an ongoing process for identifying, evaluating and managing the Group's significant risks that:

• Has been in place for the year ended 31 December 2007 and up to the date of approval of the Annual Report and Accounts;
• Is regularly reviewed by the Board and complies with the internal control guidance for directors in the Combined Code (the Turnbull guidance 2005); and
• Necessary actions have been or are being taken to remedy any significant failings identified as part of the ongoing risk management process.