Strategic report Governance Financial statements Other information RISK MANAGEMENT AND THE PRINCIPAL RISKS AND UNCERTAINTIES EVALUATING AND MANAGING RISKS CONTINUED Taxonomy Level 1 Operational Taxonomy Level 2 Regulatory and Legal Compliance Owner: Risk Mitigation and controls Key risk indicators Client Director, Risk that required regulatory change is not •Compliance-led Horizon scanning and monitoring • Volume of new outputs from regulatory bodies Chief Financial Officer implemented to regulatory expectations or •Change Committee oversight • Number of regulatory change projects Link to strategy: requirements and/or existing regulatory •Compliance Plan • Number of regulatory breaches requirements are not met. •Internal Audit assurance •Ongoing open dialogue with the FCA 2020/21 activity Potential impact • CASS Improvement Plan • Regulatory breaches • Restructure of Compliance function • Increased regulatory scrutiny, enforcement • Prioritisation of Change Portfolio Link to HL values: action, censure or fines • Build out of 2LoD capabilities Put the client first, do the right • FOS complaints and awards • Strengthened Governance Framework thing, make it easy, do it better • Litigation 2020-2021 Change • Reputational impact INCREASING • Missed opportunities to achieve competitive advantage Taxonomy Level 1 Operational Taxonomy Level 2 Financial Crime Owner: Risk Mitigation and controls Key risk indicators Chief Executive Officer, Client Risk that HL fails to design or implement •Dedicated Chief Information Security Officer and • Fraud monitoring Director, Chief Financial Officer, appropriate frameworks, including policies, team, and a Security Operations Centre focused • Cyber threat assessment Group Chief Risk Officer processes or technology, to counter HL being on the detection, containment and remediation • Time taken to address security vulnerabilities Link to strategy: used to further financial crime by either internal of information security threats • Number of Information Commissioner’s Office (ICO) or external parties. •Dedicated Information Security, Anti Money notifiable data protection breaches Laundering and Client Protection teams in place Potential impact • Formal policies and procedures and a robust, 2020/21 activity • Loss of sensitive data rolling risk-based programme of penetration • A programme of training and awareness for all employees Link to HL values: • Poor client outcomes (including fraud) and vulnerability testing in place • Continuous cycle of cyber control improvements Put the client first, go the extra • Negative impact on confidence in HL •Horizon scanning of peer group to understand • Improvements to fraud monitoring mile, do the right thing, make it • Diminish the integrity of the financial system industry trends • Phase 1 implementation of a third-party fraud easy, do it better • Regulatory censure monitoring tool • Programme of Market abuse and Client Protection 2020-2021 Change risk reviews INCREASING 56 Hargreaves Lansdown Report and Financial Statements 2021