48CF Hsbc Bk.5.844%

The Board is responsible for the establishment and operation of effective procedures for the maintenance of a sound system of internal control and risk management, adequate accounting, and compliance with statutory and regulatory obligations. The Board determine the aggregate level and types of risks the bank is willing to take in achieving its strategic objectives.

To meet this requirement and to discharge its obligations under the FCA Handbook and the PRA Handbook, procedures have been designed for safeguarding assets against unauthorised use or disposal, for maintaining proper accounting records, and for ensuring the reliability and usefulness of financial information used within the business or for publication.

These procedures provide reasonable assurance against material misstatement, errors, losses or fraud. They are designed to provide effective internal control within the group and accord with the Financial Reporting Council's guidance for Directors issued in 2014 (and subsequent relevant publications), internal control and related financial and business reporting. The procedures have been in place throughout the year and up to 21 February 2024, the date of publication of this Annual Report and Accounts 2023.

The key risk management and internal control procedures include the following:

-   Global principles: The HSBC Group's Global Principles set an overarching standard for all other policies and procedures and are fundamental to the HSBC Group's risk management structure. They inform and connect our purpose, values, strategy and risk management principles, guiding us to do the right thing and treat our customers and our colleagues fairly at all times.

-   Risk management framework ('RMF'): The RMF supports our Global Principles. It outlines the key principles and practices that we employ in managing material risks. It applies to all categories of risk and supports a consistent approach in identifying, assessing, managing and reporting the risks we accept and incur in our activities.

-   Delegation of authority within limits set by the Board: Subject to certain matters reserved for the Board, the Chief Executive Officer has been delegated authority limits and powers within which to manage the day-to-day affairs of the bank, including the right to sub-delegate those limits and powers. Each relevant executive has authority within which to manage the day-to-day affairs of the business or function for which he or she is accountable. Those individuals are required to maintain a clear and appropriate apportionment of significant responsibilities and to oversee the establishment and maintenance of systems of control that are appropriate to their business or function.

-   A new delegation of authorities framework was implemented by the HSBC Group in April 2023 with the aim of providing a simpler HSBC Group structure for the management of delegated powers. These delegated authorities can be used for the approval, signing and execution of specific written agreements and documents such as procurement contracts.

-   Authorities to enter into credit and market risk exposures are delegated with limits to line management of group companies. However, credit proposals with specified higher-risk characteristics require the concurrence of the appropriate global function. Credit and market risks are measured and reported at subsidiary company level and aggregated for risk concentration analysis on a group-wide basis.

-   Risk identification and monitoring: Systems and procedures are in place to identify, assess, control and monitor the material risk types facing the group as set out in the RMF. The group's risk measurement and reporting systems are designed to help ensure that material risks are captured with all the attributes necessary to support well-founded decisions, that those attributes are accurately assessed and that information is delivered in a timely manner for those risks to be successfully managed and mitigated.

-  
Changes in market conditions/practices: Processes are in place to identify new risks arising from changes in market conditions/practices or customer behaviours, which could expose the group to heightened risk of loss or reputational damage. The group employs a top and emerging risks framework, which contains an aggregate of all current and forward-looking risks and enables it to take action that either prevents them materialising or limits their impact.

-   We remain committed to investing in the reliability and resilience of our IT systems and critical services, including those provided by third parties, that support all parts of our business. We do so to help protect our customers, affiliates and counterparties, and to help ensure that we minimise any disruption to services that could result in reputational and regulatory consequences. In our approach to defend against these threats, we invest in business and technical controls to help us detect, manage and recover from issues, including data loss, in a timely manner.

-   We continue our focus on the quality and timeliness of the data used to inform management decisions, through measures such as early warning indicators, prudent active risk management of our risk appetite, and ensuring regular communication with our Board and other key stakeholders.

-   Responsibility for risk management: All employees are responsible for identifying and managing risk within the scope of their role as part of the three lines of defence model. This is an activity-based model to delineate management accountabilities and responsibilities for risk management and the control environment. For more details on the three lines of defence please refer to page 22.

-   The Board has delegated to the Audit Committee oversight for the implementation of the group's policies and procedures for capturing and responding to whistleblower concerns, ensuring confidentiality, protection and fair treatment of whistleblowers, and receiving reports arising from the operation of those policies as well as ensuring arrangements are in place for independent investigation.

-   Strategic plans: Strategic plans are prepared for global businesses, global functions and geographical regions within the framework of the HSBC Group's overall strategy. The bank also prepares and adopts a Financial Resource Plan, which is informed by detailed analysis of risk appetite, describing the types and quantum of risk that the bank is prepared to take in executing its strategy and sets out the key business initiatives and the likely financial effects of those initiatives.

-   The effectiveness of the group's system of risk management and internal control is reviewed regularly by the Board, the Risk Committee and the Audit Committee.

-   During 2023, the group continued to focus on operational resilience and invest in the non-financial risk infrastructure. There was a particular focus on material and emerging risks with progress made enhancing the end-to-end risk and control assessment process. The Risk Committee, supported by the TRT, and the Audit Committee ensured that executive management continued to take efforts to effect the necessary actions to remedy any failings or weaknesses identified through the operation of the group's framework of controls.

Internal control over financial reporting

The bank is required to comply with section 404 of the US Sarbanes-Oxley Act of 2002 and assess its effectiveness of internal control over financial reporting at 31 December 2023, adopting the principles of the Committee of Sponsoring Organizations of the Treadway Commission ('COSO') 2013 framework for the monitoring of risk management and internal control systems to satisfy the requirements of section 404 of the Sarbanes-Oxley Act.

The primary mechanism through which comfort over risk management and internal control systems is achieved is through annual assessments of the effectiveness of controls to manage risk,

and the reporting of issues on a regular basis through the various risk management and risk governance forums.

The key risk management and internal control procedures over financial reporting include the following:

-   Entity level controls ('ELC'): ELCs are a defined suite of internal controls that have a pervasive influence over the entity as a whole and meet the principles of the COSO framework. They include controls related to the control environment, such as the bank's values and ethics, the promotion of effective risk management and the overarching governance exercised by the Board and its non-executive committees. The design and operational effectiveness of ELCs are assessed on an ongoing basis. If issues are significant to the group, they are notified to the Risk Committee, and also to the Audit Committee if concerning financial reporting matters.

-   Process level transactional controls: Key process level controls that mitigate risk of financial misstatement are identified, recorded and monitored in accordance with the risk framework. This includes the identification and assessment of relevant control issues against which action plans are tracked through to remediation. Further details on the group's approach to risk management can be found on page 22. The Audit Committee has continued to receive regular updates on HSBC's ongoing activities for improving the effective oversight of end-to-end business processes and management continues to identify opportunities for enhancing key controls, such as through the use of automation technologies.

-   Financial reporting controls: The group's financial reporting process is controlled using documented accounting policies and reporting formats, supported by detailed instructions and guidance on reporting requirements, issued to all reporting entities within the group in advance of each reporting period end. The submission of financial information from each reporting entity is supported by a certification by the responsible financial officer and analytical review procedures at subsidiary and group levels.

-   External Reporting Forum: The External Reporting Forum reviews financial reporting disclosures to be made by the bank for accuracy and completeness. The integrity of disclosures is underpinned by structures and processes within the group's Finance and Risk functions that support rigorous analytical review of financial reporting and the maintenance of proper accounting records.

-     Disclosure Committee: Chaired by the Chief Financial Officer, the committee supports the discharge of the bank's obligations under relevant legislation and regulation including the European Union's Market Abuse Regulation ('EU MAR'), as amended by the Market Abuse (Amendment) (EU Exit) Regulations 2019, the United Kingdom's Listing Rules, Prospectus Rules and the Disclosure Guidance and Transparency Rules of the Financial Conduct Authority, the New York Stock Exchange's Listed Company Manual, U.S. Securities laws and the rules and regulations of the SEC, and also any other listing and disclosure rules of the markets and exchanges on which the bank's financial instruments are listed, including any other requirements that shall apply from time to time. In so doing, the Disclosure Committee is empowered to determine whether a new event or circumstance should be disclosed, including the form and timing of such disclosure, and review certain material disclosures made or to be made by the group. The membership of the Disclosure Committee consists of senior management, including the Chief Financial Officer, Chief Risk Officer, General Counsel, Company Secretary and Head of Debt / Fixed Income Investor Relations. The integrity of disclosures is underpinned by structures and processes within the Finance, Risk and Compliance functions that support rigorous analytical review of financial reporting and the maintenance of proper accounting records. As required by the Sarbanes-Oxley Act, the Chief Executive and the Chief Financial Officer have certified that the Group's disclosure controls and procedures were effective as at the end of the period covered by the Annual Report and Accounts 2023. The annual review of the effectiveness of the group's system of risk management and internal control over financial reporting was conducted with reference to the COSO 2013 framework. Based on the assessment performed, the
Directors concluded that for the year ended 31 December 2023, the Group's internal control over financial reporting was effective.

-     Subsidiary certifications: Certifications are provided to the Audit Committee and the Risk Committee (full and half yearly) and to the Nomination, Remuneration and Governance Committee (annually) from the audit, risk and remuneration committees of key material subsidiary companies confirming amongst other things that:

-   Audit - the financial statements of the subsidiary have been prepared in accordance with group policies, present fairly the state of affairs of the subsidiary and are prepared on a going concern basis;

-   Risk - the risk committee of the subsidiary has carried out its oversight activities consistent with and in alignment to the RMF; and

-   Remuneration - the remuneration committee of the subsidiary has discharged its obligations in overseeing the implementation and operation of HSBC's Group Remuneration Policy.

Employees

Health and safety

We are committed to providing a safe and healthy working environment for everyone. We have adopted global policies, mandatory procedures, and incident and information reporting systems across the organisation that reflect our core values and are aligned to international standards. Our global health and safety performance is subject to ongoing monitoring and assurance to ensure we are compliant with relevant laws and regulations.

Our Chief Operating Officers have overall responsibility for engendering a positive health and safety culture and ensuring that global policies, procedures and systems are put into practice locally. They also have responsibility for ensuring all local legal requirements are met.

We delivered a range of programmes in 2023 to help us understand and manage our health and safety risks:

-   We reinforced our advice and risk assessment and control methodology on working from home for employees adopting a hybrid work style, providing more awareness and best practices on good ergonomics and well-being.

-   We delivered health and safety training and awareness our employees and contractors, ensuring roles and responsibilities were clear and understood.

-   We completed the annual safety inspection on all of our buildings globally, to ensure we were meeting our standards and continuously improving our safety performance.

-   We maintained measures in our workplaces globally to minimise the risks from the spread of respiratory disease, including provision of hand sanitiser, improved ventilation, and guidance on good hygiene practices.

-   We continued to focus on enhancing the safety culture in our supply chain through our SAFER Together programme, covering the five key elements of best practice safety culture, including speaking up about safety, and recognising excellence.

-   We delivered Safety Passport training to more than 100 construction workers carrying out works at HSBC premises to reduce the likelihood of accidents occurring by helping them understand and deliver industry leading health and safety performance.

-   In 2023, our Eat Well Live Well programme continued to promote healthier and more sustainable diets among our colleagues and contributed to 30% of global food sales from HSBC catering outlets. We also extended the reach of our programme through the launch of increased plant-based offers, monthly events dedicated to Eat Well Live Well, healthy vending machine options and virtual teaching kitchens accessible to all our employees.

-   Protection of our colleagues and operations is of critical importance and we have effective controls in place to protect our people from natural disasters (such as storms and earthquakes). In 2023, there was no major impact to our buildings from storms.

1   Fractures, dislocation, concussion, loss of consciousness overnight admission to hospital.

Diversity and Inclusion

Our purpose, 'Opening up a world of opportunity', explains why we exist as an organisation and is the foundation of our diversity and inclusion strategy. Promoting diversity and fostering inclusion contributes to our 'Energise' priority. By valuing differences, we can use our colleagues' unique expertise, capabilities, breadth, and perspectives to benefit our customers. To achieve progress, we are focused on specific region-wide priorities for which we hold senior executives accountable. We are pleased to report on key progress made in 2023:

Achievements

-   We continue to hold our Diversity and Inclusion Council, chaired by the Chief Executive Officer and consisting of the European Executive Committee, to reinforce our commitments, define high-impact actions, engage more closely with our Employee Resources Groups and track progress and accountability.

-   Throughout 2023, we arranged multiple events and conferences to support our colleagues across our European countries, including a week of Inclusion events in May hosted by Inclusive Europe Employee Resource Group ('ERG'). Other key events included our event on Neurodiversity, "Creating a Brain-Friendly Workplace", and "The Power of Resilience" during Europe Disability Week.

-   We have continued supporting colleagues through our ERGs focused on disability, gender, LGBTQ+, ethnicity, and parents. e.g., Atypik in France, Pride in Luxembourg, and Balance in Ireland.

-   We focused on developing our middle management female colleagues through a new digital coaching programme and our "Taste of the Top" initiative, which gives high-performing female colleagues a chance to cover senior leadership roles.

-   We have a Black heritage action plan to support our ethnicity goals, including a Black Heritage Sponsorship Programme in Global Banking and Markets.

-   63.3% of employees in the UK, Bermuda, Channels Islands and Isle of Man and South Africa have declared their ethnicity in our 'HR Direct' system, as of 31 December 2023.

Gender diversity statistics

Our overall female representation is improving, and we are committed to building a strong pipeline of female talent to improve gender balance in senior leadership across Europe.

Female representation by management level:

-   All grades - 52.5%

-   GCB 6-8 Clerical grades - 65.8%

-   GCB 4-5 Management - 45.2%

-   GCB 0-3 Senior management - 25.3%

Employment of people with a disability

We strongly believe in providing equal opportunities for all employees. The employment of people with a disability is included in this commitment. The recruitment, training, development, and promotion of people with a disability are based on the aptitudes and abilities of the individual. Should employees become disabled during their employment with us, efforts are made to continue their employment. Where necessary, we will provide appropriate training, facilities, and reasonable equipment. For example, for people with a visual impairment in France, we offer access to dedicated software for voice reading.

Our ERG's, supported by HR and business leadership, are doing an important job of breaking down barriers. They offer a space for discussion between those with a disability and their allies for exchanges of inclusive best practices.

Continuous work ensures individualised support is provided to make home office adjustments.

Learning and talent development

We aim to build a dynamic environment where our colleagues can develop skills and undertake experiences that help them fulfil their potential. Our approach allows us to meet our strategic priorities and support our colleagues' career goals.

We expect all colleagues to complete global mandatory training each year regardless of their contract type. This training plays a critical role in shaping our culture, ensuring a focus on the issues fundamental to our work - such as sustainability, financial crime risk, and intolerance of bullying and harassment. New joiners attend our Global Discovery programme to build their knowledge of the organisation and engage them with our purpose, values, and strategy.

HSBC University remains our home for skills development with access to face-to-face training and an extensive digital content catalogue from partners such as LinkedIn Learning, Harvard Business Review podcast and Microsoft Learn. Powered by Degreed, our HSBC University platform provides tailored content aligned to employees' chosen skills and development areas. Our Leadership development partners include Imperial College and London Business Schools, with whom we work on topics of strategic importance. For example, in 2023, we launched the Managing Director Programmes, which offer experiential learning with small working groups addressing live challenges across the business. Executive Masterclasses provide a deep dive into topics, issues and skills that will shape HSBC's future.

My HSBC Career Portal, which offers career development information and resources to help colleagues manage the various stages of their careers, from joining to career progression, is also available to all our employees. However, we also recognise that most development happens while our colleagues work through regular coaching, feedback, and performance management, and we will extend the use of the HSBC Talent Marketplace platform in Europe in 2024 (the platform is already live in the UK, Malta, and Poland). This will connect our employees to 'on-the-job' development opportunities across the HSBC Group by matching individuals' existing skills and career aspirations to live projects within the HSBC Group. HSBC Europe will also be able to call upon talent across the HSBC Group to supplement its personnel in developing local initiatives and projects.

Employee relations

We consult and, where appropriate, negotiate with employee representative bodies where we have them. We also aim to maintain well-developed communications and consultation programmes with all employee representative bodies, and there have been no material disruptions to our operations from labour disputes during the past five years.

Disclosure of information to auditors

The directors are not aware that there is any relevant audit information (as defined in the Companies Act 2006) of which the bank's auditors are unaware and processes are in place to ensure that the bank's auditors are aware of any relevant audit information.

Auditors

PricewaterhouseCoopers LLP ('PwC') are the external auditors to the bank. PwC has expressed its willingness to continue in office and the Board recommends that PwC be re-appointed as the bank's auditors. A resolution proposing the re-appointment of PwC as the bank's auditors, and giving authority to the Audit Committee to determine its remuneration, will be submitted to the forthcoming AGM.

Branches

HSBC Bank plc provides a wide range of banking and financial services through 20 markets. HSBC Bank plc is simplifying its operating model to one integrated business supporting a wholesale banking hub for the EU in Paris and a wholesale banking hub for western markets in London. Further information on the bank's branches are located in 'HSBC in Europe' on page 5.