The world's local bank Annual Report and Accounts CCF - HSBC
The world's local bank Annual Report and Accounts CCF - HSBC
The world's local bank Annual Report and Accounts CCF - HSBC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>CCF</strong><br />
Chairman’s report on corporate governance <strong>and</strong> internal control procedures (continued)<br />
b<br />
c<br />
Audits performed during 2003 revealed a big<br />
improvement in the application of <strong>HSBC</strong>’s GSM,<br />
FIM <strong>and</strong> BIM in many business segments, <strong>and</strong><br />
particularly the central support functions of the<br />
regional <strong>bank</strong>s. Audit conclusions were therefore<br />
broadly more favourable than before.<br />
Significant progress has also been made in<br />
implementing <strong>HSBC</strong> st<strong>and</strong>ards in information technology.<br />
<strong>CCF</strong> must continue its efforts to improve<br />
information systems security.<br />
Audit Committee<br />
<strong>The</strong> Audit Committee is key to the <strong>CCF</strong> group’s<br />
internal control system. Its duties <strong>and</strong> composition<br />
are set out in the section of this report on corporate<br />
governance.<br />
Supervisory authorities <strong>and</strong> external auditors<br />
<strong>The</strong> supervisory authorities <strong>and</strong> external auditors<br />
may make recommendations on <strong>CCF</strong>’s internal control<br />
procedures. In this case, the divisions concerned<br />
are responsible for drawing up action plans for their<br />
implementation.<br />
Description of internal control procedures<br />
Control environment <strong>and</strong> oversight<br />
Management is responsible for creating a sound overarching<br />
control environment. This involves establishing,<br />
implementing <strong>and</strong> ensuring the effectiveness of<br />
first line controls. Oversight of the control environment<br />
is also a key means of verifying whether internal<br />
controls are appropriate <strong>and</strong> have been adapted to take<br />
account of changing circumstances.<br />
GEA checks <strong>and</strong> tests the quality of the overall<br />
internal control system. It performed almost 160 audit<br />
assignments in 2003, covering all business activities.<br />
Implementation of its recommendations is monitored<br />
closely.<br />
<strong>CCF</strong> is required to draw up an annual report on its<br />
internal control systems under the provisions of the<br />
CRBF’s regulation no. 97-02, supplemented <strong>and</strong><br />
amended by regulation no. 2001-01. <strong>The</strong> report is<br />
meant to take a critical look at internal control procedures,<br />
including a description of any significant<br />
improvements made, the results of <strong>and</strong> follow up to<br />
surveys carried out <strong>and</strong> specific control measures for<br />
foreign branches. <strong>CCF</strong> therefore undertakes a regular<br />
detailed review of its internal control systems.<br />
<strong>CCF</strong>, like all <strong>HSBC</strong> Group subsidiaries, is also<br />
required to complete an annual Internal Control<br />
Questionnaire (ICQ), also known as the Cadbury questionnaire.<br />
This information is reported to the Financial<br />
Services Authority (FSA) in London.<br />
Procedures for controlling compliance with laws<br />
<strong>and</strong> regulations<br />
As indicated on page 26, <strong>CCF</strong> established a Group<br />
Compliance Department in 2001, which is responsible<br />
for ensuring compliance with laws <strong>and</strong><br />
regulations (certain more specialised laws remain the<br />
responsibilities of other departments, such as Human<br />
Resources, Legal <strong>and</strong> Tax Affairs, etc.).<br />
A chart of compliance risks by type of business,<br />
based on the <strong>HSBC</strong> Group model, has been established<br />
<strong>and</strong> distributed to assist LCOs in performing their advisory<br />
<strong>and</strong> control tasks. <strong>The</strong> LCOs have a functional<br />
reporting line to <strong>CCF</strong> Group Compliance, which gives<br />
them the independence they require to carry out their<br />
duties effectively. <strong>The</strong>ir operational reporting line is<br />
to the <strong>local</strong> business head.<br />
<strong>The</strong> LCOs submit a quarterly report on compliance<br />
with laws <strong>and</strong> regulations to the head of <strong>CCF</strong> Group<br />
Compliance. <strong>The</strong> business head concerned is required<br />
to co-sign these reports on a half-yearly basis. <strong>The</strong>y<br />
also describe the measures taken (procedures, training,<br />
etc.) to ensure compliance with laws <strong>and</strong> regulations.<br />
In addition, a quarterly consolidated report for the<br />
<strong>CCF</strong> group is prepared based on the information contained<br />
in the LCOs’ quarterly reports <strong>and</strong> the comments<br />
of the head of <strong>CCF</strong> Group Compliance. <strong>The</strong><br />
report is co-signed half-yearly by the head of <strong>CCF</strong><br />
Group Compliance <strong>and</strong> the Chairman <strong>and</strong> Chief<br />
Executive Officer.<br />
<strong>The</strong> head of <strong>CCF</strong> Group Compliance reports quarterly<br />
to the Audit Committee on any issues raised in<br />
these reports <strong>and</strong> any other material matters. An<br />
annual report, validated by the Audit Committee is<br />
sent to the Autorité des Marchés Financiers (AMF).<br />
Control procedures to limit risk of financial loss<br />
<strong>and</strong> fraud<br />
<strong>CCF</strong> has established comprehensive procedures for<br />
limiting the risk of financial loss <strong>and</strong> fraud. <strong>The</strong>se<br />
include segregation of key duties in branches <strong>and</strong> the<br />
processing/payment departments. Strict rules are in<br />
place for the protection, receipt, storage <strong>and</strong> archiving<br />
of documents, <strong>and</strong> for the storage of cash, assets, safe<br />
keys, etc.<br />
With regard to the prevention of money laundering<br />
<strong>and</strong> other fraud/security related issues,<br />
28