the Board requires those individuals to maintain a clear and appropriate apportionment of significant responsibilities and to oversee the establishment and maintenance of systems of control that are appropriate to the business or function. Appointments to the most senior positions within HSBC requires the approval of the Board.
· Risk identification and monitoring. Systems and procedures are in place to identify, control and report on the major risks facing HSBC (see page 36) including credit, market, liquidity and funding, capital, financial management, model, reputational, pension, strategic, sustainability, operational (including accounting, tax, legal, regulatory compliance, financial crime compliance, fiduciary, security and fraud, systems operations, project and people risk), insurance and Islamic finance risk. Exposure to these risks is monitored by risk management committees, asset, liability and capital management committees and executive committees in subsidiaries and, for the Group, in Risk Management Meetings ('RMM') of the GMB which are chaired by the Group Chief Risk Officer. RMM meets regularly to address asset, liability and risk management issues. HSBC's operational risk profile and the effective implementation of the Group's operational risk management framework is monitored by the Global Operational Risk and Control Committee ('GORCC'), which reports to the RMM. Model risks are monitored by the Model Oversight Committee which also reports to the RMM. The minutes of the GMB meetings and the RMM are provided to members of the GAC, the GRC and the Board.
· Changes in market conditions/practices. Processes are in place to identify new risks arising from changes in market conditions/ practices or customer behaviours, which could expose HSBC to heightened risk of loss or reputational damage. During 2013, attention was focused on:
- emerging markets' slowdown;
- increased geopolitical risk;
- regulatory developments affecting our business model and Group profitability;
- regulatory investigations, fines, sanctions commitments and consent orders and requirements relating to conduct of business and financial crime negatively affecting our results and brand;
- dispute risk;
- heightened execution risk;
- internet crime and fraud;
- information security risk; and
- model risk.
· Strategic plans. Periodic strategic plans are prepared for global businesses, global functions and certain geographical regions within the framework of the Group's strategy. Annual Operating Plans, informed by detailed analysis of risk appetite describing the types and quantum of risk that we are prepared to take in executing our strategy, are prepared and adopted by all major HSBC operating companies and set out the key business initiatives and the likely financial effects of those initiatives.
· Disclosure Committee. The Disclosure Committee reviews material public disclosures made by HSBC Holdings for any material errors, misstatements or omissions. The membership of the Disclosure Committee, which is chaired by the Group Company Secretary, includes the heads of Global Finance, Legal, Risk (including Financial Crime Compliance and Regulatory Compliance), Communications, Investor Relations, and Internal Audit functions and representatives from the principal regions and global businesses. The integrity of disclosures is underpinned by structures and processes within the Global Finance and Risk functions that support expert and rigorous analytical review of financial reporting complemented by certified reviews by heads of global businesses, global functions and certain legal entities.
· Financial reporting. The Group financial reporting process for preparing the consolidated Annual Report and Accounts 2013 is controlled using documented accounting policies and reporting formats, supported by a chart of accounts with detailed instructions and guidance on reporting requirements, issued by Group Finance to all reporting entities within the Group in advance of each reporting period end. The submission of financial information from each reporting entity to Group Finance is subject to certification by the responsible financial officer, and analytical review procedures at reporting entity and Group levels.
· Responsibility for risk management. Management of global businesses and global functions are primarily accountable for managing, measuring and monitoring their risks and controls. Processes consistent with the three lines of defence risk management and the internal control model are in place to ensure weaknesses are escalated to senior management and addressed.
· IT operations. Centralised functional control is exercised over all IT developments and operations. Common systems are employed for similar business processes wherever practicable.
· Functional management. Global functional management is responsible for setting policies, procedures and standards for the following risks: credit, market, liquidity and funding, capital, financial management, model, reputational, pension, strategic, sustainability and operational risk (including accounting, tax, legal, financial crime compliance, regulatory compliance, fiduciary, information security, security and fraud, systems and people risk) insurance and Islamic finance risk. Authorities to enter into credit and market risk exposures are delegated with limits to line management of Group companies. The concurrence of the appropriate global function is required, however, to credit proposals with specified higher risk characteristics. Credit and market risks are measured and reported on in subsidiaries and aggregated for review of risk concentrations on a Group-wide basis.
· CEO Attestation process. Global Operational Risk coordinate the annual CEO Attestation process under which the chief executive officer of each of the Group's material subsidiaries confirms that the internal control framework applicable to that subsidiary has been assessed and any significant open issues have been identified, with action plans in place to address weaknesses. The remediation of these issues is monitored by the Operational Risk and Internal Control ('ORIC') teams for the relevant regions/ global businesses and reports on progress are presented to their ORIC committees and quarterly to Global Operational Risk. An annual report and updates on identified issues and remediation plans are presented to the GRC and the GAC.
· Internal Audit. The establishment and maintenance of appropriate systems of risk management and internal control is primarily the responsibility of business management. The Global Internal Audit function, which is centrally controlled, provides independent and objective assurance in respect of the adequacy of the design and operating effectiveness of the Group's framework of risk management, control and governance processes across the Group, focusing on the areas of greatest risk to HSBC using a risk-based approach. The Group Head of Global Internal Audit reports to the Chairman of the GRC and Chairman of the GAC in relation to the independence of the function and resourcing, with a secondary executive reporting line to the Group Chief Executive Officer.
· Internal Audit recommendations. Executive management is responsible for ensuring that recommendations made by the Global Internal Audit function are implemented within an appropriate and agreed timetable. Confirmation to this effect must be provided to Global Internal Audit.
· Reputational risk. Policies to guide subsidiary companies and management at all levels in the conduct of business to safeguard the Group's reputation are established by the Board and its committees, subsidiary company boards and their committees and senior management. Reputational risks can arise from a variety of causes including environmental, social and governance issues, as a consequence of operational risk events and as a result of employees acting in a manner inconsistent with HSBC Values. HSBC's reputation depends upon the way in which it conducts its business and may be affected by the way in which clients, to which it provides financial services, conduct their business or use financial products and services.
Role of GAC and GRC
On behalf of the Board, the GAC has responsibility for oversight of risk management and internal controls over financial reporting and the GRC has responsibility for oversight of risk management and internal controls, other than over financial reporting.
During the year, the GRC and the GAC have kept under review the effectiveness of this system of internal control and have reported regularly to the Board. In carrying out their reviews, the GRC and the GAC receive regular business and operational risk assessments, regular reports from the Group Chief Risk Officer and the Global Head of Internal Audit; reports on the annual reviews of the internal control framework of HSBC Holdings which cover all internal controls, both financial and non‑financial; annual confirmations from chief executives of principal subsidiary companies as to whether there have been any material losses, contingencies or uncertainties caused by weaknesses in internal controls; internal audit reports; external audit reports; prudential reviews; and regulatory reports. The GRC monitors the status of top and emerging risks and considers whether the mitigating actions put in place are appropriate. In addition, when unexpected losses have arisen or when incidents have occurred which indicate gaps in the control framework or in adherence to Group policies, the GRC and the GAC review special reports, prepared at the instigation of management, which analyse the cause of the issue, the lessons learned and the actions proposed by management to address the issue.
Effectiveness of internal controls
The Directors, through the GRC and the GAC, have conducted an annual review of the effectiveness of our system of risk management and internal control covering all material controls, including financial, operational and compliance controls, risk management systems, the adequacy of resources, qualifications and experience of staff of the accounting and financial reporting function and the risk function, and their training programmes and budget. The review does not extend to joint ventures or associates.
The GRC and the GAC have received confirmation that executive management has taken or is taking the necessary actions to remedy any failings or weaknesses identified through the operation of our framework of controls.
The financial statements are prepared on a going concern basis, as the Directors are satisfied that the Group and parent company have the resources to continue in business for the foreseeable future.
In making this assessment, the Directors have considered a wide range of information relating to present and future conditions, including future projections of profitability, cash flows and capital resources.
HSBC's principal activities, business and operating models, strategic direction and top and emerging risks are described in the 'Strategic Report'; a financial summary, including a review of the consolidated income statement and consolidated balance sheet, is provided in the 'Financial Review' section; HSBC's objectives, policies and processes for managing credit, liquidity and market risk are described in the 'Risk' section; and HSBC's approach to capital management and allocation is described in the 'Capital' section.
At 31 December 2013 we had a total workforce of 263,000 full-time and part-time employees compared with 270,000 at the end of 2012 and 298,000 at the end of 2011. Our main centres of employment are the UK with approximately 46,000 employees, India 31,000, Hong Kong 29,000, Brazil 22,000, mainland China 19,000, Mexico 18,000, the US 16,000 and France 9,000.
In the context of the current global financial services operating environment, a high performance and values-led work force is critical. We encourage open and honest communication in decision making. Employment issues and financial, economic, regulatory and competitive factors affecting HSBC's performance are regularly shared with our employees.
Reward
Our approach to reward is meritocratic and market competitive, underpinned by an ethical and values based performance culture which aligns the interests of our employees, shareholders, regulators and customers.
Employee relations
We negotiate and consult with recognised unions as appropriate. The five highest concentrations of union membership are in Argentina, Brazil, mainland China, Malta and Mexico. It is our policy to maintain well-developed communications and consultation programmes with all employee representative bodies and there have been no material disruptions to our operations from labour disputes during the past five years.
Diversity and inclusion
HSBC is committed to building a values-driven high performance culture where all employees are valued, respected and where their opinions count. We remain committed to meritocracy, which requires a diverse and inclusive culture where employees believe that their views are heard, their concerns are attended to and they work in an environment where bias, discrimination and harassment on any matter, including gender, age, ethnicity, religion, sexuality and disability are not tolerated and where advancement is based on objective criteria. Our inclusive culture helps us respond to our diverse customer base, while developing and retaining a secure supply of skilled, committed employees. Our culture will be strengthened by employing the best