The world's local bank - HSBC
The world's local bank - HSBC
The world's local bank - HSBC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>HSBC</strong> FRANCE<br />
Chairman’s report on corporate governance and internal control procedures (continued)<br />
chairmen of subsidiaries now depend on the<br />
counterparty’s Basel II rating.<br />
All excesses over authorised limits must be<br />
referred upwards to the relevant level of authority.<br />
All credit facilities are subject to periodic review on<br />
at least an annual basis, in accordance with French<br />
regulations and <strong>HSBC</strong> Group standards.<br />
Market risk<br />
<strong>The</strong> system for monitoring market risks is described<br />
in a circular that sets out mechanisms for risk limits,<br />
authorisations and control methods.<br />
Risk limits are set for all business activities by<br />
ALCO Balance Sheet Management and Markets,<br />
which meets monthly and is headed by the Chairman<br />
and Chief Executive Officer or Deputy CEO.<br />
Committee members include the heads of business<br />
units involved in market activities and heads of<br />
support services in charge of risk management.<br />
On 1 March 2005, <strong>HSBC</strong> France reorganised its risk<br />
management structure to bring it more into line with<br />
that of the <strong>HSBC</strong> Group. A new Product Control Unit<br />
brings together the teams responsible for control over<br />
trading results and those responsible for control over<br />
market risk. <strong>The</strong> Credit Service Unit combines the<br />
teams responsible for measuring and controlling<br />
counterparty risk with those responsible for setting limits<br />
and reviewing credit applications made by Corporate<br />
and Institutional Banking. <strong>The</strong> two new units report to<br />
the Chief Operating Officer of Corporate and<br />
Institutional Banking, who in turn reports to the Senior<br />
Corporate Vice President in charge of support<br />
functions. In addition, a Market Risk Manager (MRM)<br />
has been appointed for the dealing rooms. <strong>The</strong> MRM<br />
has a functional reporting line to the Market Risk<br />
Manager for Europe, based in London.<br />
Market risks are governed by a risk policy set by<br />
the Executive Management Committee, and must<br />
comply with global mandates attributed by the <strong>HSBC</strong><br />
Group to <strong>HSBC</strong> France. <strong>The</strong>se global mandates are<br />
divided by business line within ALCO Balance Sheet<br />
Management and Markets, then translated into<br />
operational limits within each entity. <strong>The</strong>se limits<br />
are expressed in terms of Value at Risk, sensitivity,<br />
maximum loss and lists of authorised instruments<br />
and maturities. <strong>The</strong>y are revised at least once a year<br />
by ALCO Balance Sheet Management and Markets<br />
and may be amended on an ad hoc basis.<br />
Product Control teams ensure compliance with<br />
limits on a day-to-day basis. Product Control is<br />
also in charge of informing ALCO Balance Sheet<br />
Management and Markets or its secretary of limit<br />
breaches and of decisions or actions made by the<br />
front office. <strong>The</strong> MRM is in charge of carrying<br />
out all actions to resolve breaches and to request<br />
temporary limits if necessary.<br />
<strong>HSBC</strong> France has developed its own internal<br />
models for managing, assessing and valuing certain<br />
derivative products. <strong>The</strong>se models are validated by a<br />
specialist team, the Derivative Models Review Group<br />
(DMRG), which reports to the Head of Risks and<br />
Product Control.<br />
Procedures for ensuring reliability of data<br />
processing<br />
Governance of IT processes and internal control<br />
in the Information Systems Department (ISD)<br />
<strong>The</strong> Information Systems Department’s compliance<br />
committee assesses the efficiency of internal controls<br />
on IT processes, intended to combat material IT risks,<br />
every two months. This committee comprises the<br />
head of the ISD, the deputy head of the ISD,<br />
the head of infrastructure and production and the<br />
ISD’s head of quality.<br />
Acquisition and development of information systems<br />
(applications or infrastructure)<br />
Project management methods are used to acquire<br />
or develop information systems, in line with <strong>HSBC</strong><br />
recommendations. <strong>The</strong>se methods include a number<br />
of control points throughout the project cycle, from<br />
initial business unit request to go-live. <strong>The</strong>se control<br />
points ensure that each stage of the cycle is complete<br />
and approved by all stakeholders.<br />
In addition, Information Systems has created<br />
an Architecture Committee and an IT Validation<br />
Committee to ensure that projects comply with<br />
<strong>HSBC</strong> Group architecture rules, but most importantly<br />
with rules for security and regulatory compliance.<br />
Testing<br />
Testing is conducted throughout the project management<br />
process. <strong>The</strong>re are several types of tests<br />
concerning different project resources. <strong>The</strong>y are carried<br />
out in sequence and each within its own environment.<br />
Each stage of testing must be validated. Validation<br />
takes the form of a report on each phase, signed by the<br />
tester, the tester’s manager and the person in charge of<br />
the subsequent testing phase. For production testing,<br />
the validation of the Change Control Committee is<br />
required. A signed implementation certificate is<br />
required before development can go ahead.<br />
System go-live control<br />
<strong>HSBC</strong> France has a change control system which<br />
has been reinforced by the establishment of a Change<br />
Control Committee responsible for examining and<br />
34