UK Compliance Manual HSBC Holdings plc Version 1.0 Tuesday, 13 January 2015
PUBLIC
HSBC
UK Compliance Manual
PUBLIC
CONTENTS Contents .............................................................................................................................................................. i Foreword ............................................................................................................................................................. ii 1.
Purpose ..................................................................................................................................................... 1
2.
Scope ........................................................................................................................................................ 2
3.
Principles for Business .............................................................................................................................. 4
4.
Compliance Policy (including Managing Reputational Risk) .................................................................... 6
5.
Confidentiality / Data Security / Information Security / Control of Information ........................................ 10
6.
Data Protection ....................................................................................................................................... 14
7.
Conflicts of Interest ................................................................................................................................. 16
8.
Insider Dealing, Market Conduct and Misleading Statements ................................................................ 19
9.
Anti-Money Laundering ........................................................................................................................... 24
10.
Sanctions ................................................................................................................................................ 29
11.
Cross Border Business ........................................................................................................................... 31
12.
Competition Law ..................................................................................................................................... 34
13.
Personal Account Dealing ....................................................................................................................... 36
14.
Anti-Bribery and Corruption .................................................................................................................... 37
15.
Gifts and Entertainment .......................................................................................................................... 41
16.
Marketing and Financial Promotions....................................................................................................... 43
17.
External Business Interests .................................................................................................................... 45
18.
Whistleblowing ........................................................................................................................................ 46
19.
Outsourcing & Offshoring ........................................................................................................................ 47
20.
Insider Lists and Information Barriers ..................................................................................................... 48
A.
Glossary .................................................................................................................................................. 51
B.
Compliance Contacts .............................................................................................................................. 58
C.
References .............................................................................................................................................. 59
D.
Compliance Manual Revision History and Sign Off ................................................................................ 64
PUBLIC - Last modified on Tuesday, 13 January 2015
page i
HSBC
UK Compliance Manual - PUBLIC
FOREWORD The UK Compliance Manual - HSBC Holdings Plc (UK Compliance manual) has been prepared to ensure that all workers are familiar with the high-level Financial Crime Compliance (FCC) and Regulatory Compliance (RC) policies and procedures applicable to our businesses and Global Functions. It applies to all UK workers (permanent and temporary) who work in the Global Functions that are on a Holdings Contract, i.e. workers that are not aligned to a business line. As appropriate, the UK Compliance Manual compliments the procedures set out in the Functional Instruction Manual (FIM) applicable to your function and also the UK Employee Handbook. Contravention of the requirements of any of these documents may be considered as grounds for disciplinary action which may include dismissal or termination. In accordance with HSBC Group Values and Business Principles, all workers are expected to observe high standards of integrity and fair dealing, act with due skill, care and diligence at all times, and to comply with both the letter and the spirit of all relevant regulatory requirements. Demonstration of this expectation is increasingly demanded by the wider public as well as regulators. The UK Compliance Manual may be updated from time to time. You will be informed of material updates but you should always check the Global Functions RC SharePoint page for the latest version.
PUBLIC - Last modified on Tuesday, 13 January 2015
page ii
HSBC
1.
UK Compliance Manual - PUBLIC
PURPOSE Your Compliance Manual provides guidance and practical examples in order to help you comply with the letter and spirit of all relevant laws, rules, codes and regulations which govern financial services business in the UK. All relevant procedures and practices must be followed by you. If you are in any doubt about anything referred to or any other matters concerning compliance with relevant rules and regulations, please contact your Compliance Officer (CO) (see Appendix B Compliance Contacts, for information on FCC and RC oversight). Any compliance breach or issue identified by you must be immediately reported to your CO. All potential breaches or incidents are recorded and where deemed appropriate/necessary will be escalated accordingly. Failure to comply fully with the standards and procedures set out in this Compliance Manual may constitute grounds for termination of your employment. For the avoidance of doubt, the version of this Manual available on the SharePoint site should be used in preference to any hard copies.
1.1
FCA GUIDANCE
The FCA provides a wealth of information online. You may find the following links useful: FCA Handbook (http://fshandbook.info/FS/html/handbook/) Regulatory guides (http://fshandbook.info/FS/html/FCA/D44) The FCA Register (http://www.fca.org.uk/register/)
1.2
COMPLIANCE INTRANET SITES
The following compliance intranet sites are available to the functions; Global Risk, Risk Teams, Compliance (FCC and RC): http://risk.global.hsbc/globalrisk/home.nsf/gcms?open&ref=UKDT8XLU2Y111243PM08282012 Global Functions SharePoint; http://teams.global.hsbc/compliance/GlobalCompliance/RC%20Support%20Site%20%20Global%20Functions/SitePages/Home.aspx If you have any questions about, or updates for, this Compliance Manual, please email your CO (see section B. Compliance Contacts). .
PUBLIC - Last modified on Tuesday, 13 January 2015
page 1
HSBC
2.
UK Compliance Manual - PUBLIC
SCOPE NOTE: It is your responsibility to ensure that you are aware at all times of who your Compliance Officer (CO) is and how to contact them. Compliance requirements are set out in the Global Standards Manual (GSM), the Functional Instruction Manual (FIM) and Departmental/Desk Instruction Book/Manual (DIB/DIM). Specific requirements are also set out within your business and functional line policies and procedures.
This Manual, together with all relevant policies and procedures (available via links in the Further Guidance sections), applies to all workers, whether full-time or part-time employees of the HSBC Group, secondees and contractors, including agency temps and consultants (together referred to as "worker" or "workers") who work for Global Functions in the UK. The Global Functions are; Audit, Communications, Company Secretary, Finance (including Investor Relations), Human Resources, Legal, Marketing, Risk, Strategy and Planning, Sustainability and Financial Sector Policy. In addition to the offer of employment and the UK Employee Handbook that employees of the HSBC Group have received, this Manual forms part of the terms and conditions of your contract of employment. Consequently, a breach of any of the provisions of this Manual could lead to disciplinary procedures or sanctions being invoked (see the UK Employee Handbook for full details), or termination of your contract and/or legal action.
This Manual refers frequently to the UK Employee Handbook in order to provide greater clarity, definition and examples around Compliance procedures and processes. Whilst the UK Employee Handbook forms the terms and conditions only for employees of the HSBC Group; all workers should familiarise themselves with the complementary material in the UK Employee Handbook that this Manual regularly refers to. Although breach of the policies and procedures detailed in this Manual may result in the HSBC Group instigating disciplinary action only upon employees of the HSBC Group; all workers (i.e. agency temps and self-employed contractors) should be aware that breach of the policies and procedures laid out in this Manual may result in disciplinary action by the agency which employs you, termination of your contract and/or legal action. Whilst this Compliance Manual sets out high-level guidance and lays out the different materials that you may need to consult, it is your responsibility as a worker to familiarise yourself with the relevant Further Guidance highlighted and any other mandatory prescriptive, underlying policies that apply to you and your function line. Financial Crime Compliance (FCC) and Regulatory Compliance (RC) is part of the Global Risk Function and composed of:
FCC, which is focused on: (i) Anti-Money Laundering (AML), Counter Terrorist Financing and Proliferation Finance; (ii) Sanctions; and (iii) Anti-Bribery and Corruption (AB&C); and
RC, which is focused on: (i) Conduct of Business; (ii) Market Conduct; and (iii) general regulatory compliance management including stakeholder support.
All Compliance Officers have access via the Group Manuals System to the Compliance section of the Global Risk FIM, with which they are expected to be fully familiar. The Compliance section of the Global Risk FIM contains guidance on the policies and practices by which HSBC Group expects compliance and reputational risk to be managed and controlled. Many sections of the Compliance Section of the FIM/ GSM are undergoing significant amendments and changes, this manual will be updated on a regular basis however you should also refer to the relevant FIM/ GSM chapters. PUBLIC - Last modified on Tuesday, 13 January 2015
page 2
HSBC
UK Compliance Manual - PUBLIC
Important
2.1
Within this Compliance Manual, key points that you must be aware of are clearly indicated in the same manner as this paragraph. However, all information within this Manual is important and you should ensure that you have a solid understanding of compliance within your function. If you are uncertain on any points or you have any questions, you should contact your CO.
FURTHER GUIDANCE AND COMPLIANCE STRUCTURE
All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
5.4 Responsibility for Compliance 5.12 Procedures for Investigations
Global Risk Intranet
Reputation
Compliance (Global Risk FIM)
B2.1 Compliance Risk Management B2.3. Investigations
Holdings
UK Employee Handbook
PUBLIC - Last modified on Tuesday, 13 January 2015
HR Direct: Search Employee Handbook
page 3
HSBC
3.
UK Compliance Manual - PUBLIC
PRINCIPLES FOR BUSINESS 3.1
STATEMENTS OF PRINCIPLE
The Principles for Business are a general statement of the fundamental obligations HSBC must comply with under the regulatory regime. HSBC internal policies and procedures implement all relevant Principles and/or rules. Breaching a Principle makes HSBC liable to regulatory sanctions and may call into question HSBC's status as a fit and proper organisation and its permission to carry out certain regulated activities. In accordance with the GSM, you are obliged to comply with the letter and the spirit of all relevant rules and regulations. You are expected to pay due regard to the FCA Principles for Business and carry out your roles appropriately. Should you be unsure of the procedures or have any compliance queries, you should talk to your CO before effecting transactions or providing advice to customers. 1
Integrity
A firm must conduct its business with integrity.
2
Skill, Care and Diligence
A firm must conduct its business with due skill, care and
3
Management and Control
A firm must take reasonable care to organise and control its
4
Financial Prudence
A firm must maintain adequate financial resources.
5
Market Conduct
A firm must observe proper standards of market conduct.
6
Customers' Interests
A firm must pay due regard to the interests of its customers and
7
Communications with Clients
A firm must pay due regard to the information needs of its
8
Conflicts of Interest
A firm must manage conflicts of interest fairly, both between
9
Customers: Relationships of Trust
A firm must take reasonable care to ensure the suitability of its
10
Clients' Assets
A firm must arrange adequate protection for clients' assets when
11
Relations with Regulators
A firm must deal with its regulators in an open and cooperative way, and must disclose to the FCA appropriately anything relating to the firm of which the FCA would reasonably expect
diligence.
affairs responsibly and effectively, with adequate risk management systems.
treat them fairly.
clients, and communicate information to them in a way which is clear, fair and not misleading. itself and its customers, and between a customer and another client. advice and discretionary decisions for any customer who is entitled to rely upon its judgment. it is responsible for them.
notice.
3.2
TREATING CUSTOMERS FAIRLY
Treating Customers Fairly (TCF) is an FCA principle and is an area of intense focus for the FCA, particularly in relation to retail clients. All regulated firms should be able to demonstrate that TCF principles exist at all levels of their businesses, with firms constantly striving to provide their clients with the fairest possible treatment. The TCF concept is not a static one; it is on-going, and documentation relating to TCF implementation in firms should clearly show evidence of an appropriate evolutionary process.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 4
HSBC
UK Compliance Manual - PUBLIC
The FCA has defined six consumer outcomes, which will be used as a yardstick for assessing whether or not a firm is consistently treating customers fairly. These are: Outcome 1: Consumers can be confident that they are dealing with firms where the fair treatment of customers is central to the corporate culture. Outcome 2: Products and services marketed and sold in the retail market are designed to meet the needs of identified consumer groups and are targeted accordingly. Outcome 3: Consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale. Outcome 4: Where consumers receive advice, the advice is suitable and takes account of their circumstances. Outcome 5: Consumers are provided with products that perform as firms have led them to expect, and the associated services if of an acceptable standard and as they have been led to expect. Outcome 6: Consumers do not face unreasonable post-sale barriers imposed by firms to change product, switch provider, submit a claim or make a complaint. All workers must be aware of their individual obligations under TCF.
3.3
FURTHER GUIDANCE
All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
FCA Handbook
Principles for Business Rules (PRIN)
GCL 110018
HSBC values and business principles (01/Jun/2011)
GCL 120013
Our Purpose
GCL 120014
HSBC Global Standards
Global Standards Manual
5.16 Reputational Risk
Global Risk Intranet
Reputation
Compliance intranet
UK Guidelines for Handling Compliance Breaches
GBM, GPB,AMEU, HSS
PUBLIC - Last modified on Tuesday, 13 January 2015
page 5
HSBC
4.
UK Compliance Manual - PUBLIC
COMPLIANCE POLICY (INCLUDING MANAGING REPUTATIONAL RISK) 4.1
SCOPE
HSBC Group Values and Business Principles observe high standards of integrity and fair dealing in the conduct of its business and to act with due skill, care and diligence. Effective reputational risk management is an essential part of all of our efforts to secure the Group’s future and maintain its good name.
4.2
REPUTATIONAL RISK
Reputational risk is defined as a failure to meet the expectations of customers, regulators and other stakeholders and so cause those groups to form a negative view of HSBC. Reputational risk is closely related to customers selection, the management of risks arising from our association with our customers. All Group entities and members of staff must safeguard the reputation of HSBC by maintaining the highest standards of conduct at all times and by being aware of issues, activities and associations that might pose a threat to the Company’s good name. The governance of Reputational risk is divided into two complementary elements; the governance of reputational risk in policies, and the governance of individual risk cases. 1. Governance of reputational risk in policies The Group Reputational Risk Policy Committee (GRRPC) considers areas and activities presenting significant reputational risk and advises on policy or procedural changes to mitigate such risk. The GRRPC does not consider individual cases. The GRRPC is accountable to the Group Management Board. 2. Governance of reputational risk cases Cases of primary reputational risk related to customers or transactions are managed through the Reputational Risk and Client Selection governance process. The Reputational Risk and Client Selection Committee (RRCSC) structure ensures appropriate consideration of customer- and transaction-related reputational risks only. RRCSCs exist in each Business at country and/or regional and global levels. Cases escalated above a Business’s global RRCSC will be considered by the Global Risk Resolution Committee. All other primary and secondary reputational risk cases must be managed through the most appropriate existing risk management governance structures within the relevant Business (e.g., Risk Management Committees) and Functional Risk Committees in line with the management of other risk cases. Global Businesses and Global Functions should ensure that robust and complete processes are in place to manage reputational risks and identify and remediate any potential gaps in these processes. The Reputational Risk and Client Selection team The Reputational Risk and Client Selection team are part of the Financial Crime Compliance and Regulatory Compliance sub-functions within the Risk Function. The responsibilities of the team include: Globally developing, implementing and managing reputational risk policies. Coordinating reputational risk activities across the Global Businesses, Global Functions and HTS. Providing subject matter expertise, advice and guidance on matters relating to reputational risk identification, mitigation, escalation, reporting and monitoring. Considering internal and external trends and emerging risks to inform potential policy revision. PUBLIC - Last modified on Tuesday, 13 January 2015
page 6
HSBC
UK Compliance Manual - PUBLIC
Providing operational oversight of HSBC’s management of reputational risk considerations associated with customers and transactions through the RRCSC structure.
All queries relating to reputational risk should be referred to the Reputational risk and Client Selection team in the first instance.
4.3
LIAISON WITH REGULATORY AUTHORITIES
Your CO must be notified immediately in the event that you receive a written or oral notification of: an investigation being undertaken by the FCA enquiries from the Financial Ombudsman Service (FOS) any requests by the FCA for information any meetings with workers or for workers to appear before the FCA enquiries from any other regulator in the UK (or any other territories). Subject to legal obligation, no non-prudential information should be provided to the FCA without the express authority of your CO/ Compliance.
4.4
NOTIFICATIONS TO THE FCA
Certain events require notification to FCA. All notifications must be in writing, using the pre-printed FCA forms where appropriate, and should be forwarded via your CO. These requirements include notifications relating to FCA approved persons. Certain notifications, including FCA returns are subject to mandatory electronic notification and reference should be made to RC if there is any doubt.
4.5
FCA INFORMATION GATHERING AND INVESTIGATIONS
In the UK, the FCA has various powers to require the provision of information. These fall into broadly three types, namely: The power to obtain information informally from firms by requesting co-operation and assistance from them Statutory powers to make formal requests for information from firms Statutory powers to initiate a formal investigation and require the production of information as part of a formal investigation. The HSBC Group co-operates with its regulators in an open and honest manner. In the UK, Principle 11 of the FCA’s Principles for Businesses requires firms to deal with the regulator in an "open and cooperative way" (see section 3 Principles for Business for more information). Accordingly, in most instances we would hope to be able to respond positively to informal requests for information from the FCA. In exceptional circumstances, we may also wish to volunteer information to the FCA. There may however be occasions where it would be inappropriate to provide information to the FCA in the absence of the use of its statutory powers. Specifically these are as follows: Where the FCA makes a request for information and the provision of that information would involve breaching client confidentiality. Where the circumstances of FCA's request suggest that HSBC may wish to take advantage of protections afforded under the Financial Services and Markets Act 2000 (FSMA)L12.
4.6
INFORMATION REQUESTS INVOLVING CLIENTS
HSBC owes a duty of confidentiality to its customers. Under UK law however, HSBC can disclose client information to third-parties without breaching client confidentiality where it is obliged by law to do so. Accordingly, any request from Government Agencies to provide confidential client information should normally be refused unless statutory powers have been used in making the request. In other circumstances, we should invite the Agency to invoke its statutory powers. PUBLIC - Last modified on Tuesday, 13 January 2015
page 7
HSBC
UK Compliance Manual - PUBLIC
4.7
PROTECTIONS UNDER FSMA
Under section 174(2) of FSMAL12, evidence obtained through the exercise of FCA’s statutory powers of compulsion is generally inadmissible in criminal proceedings. Accordingly, where a person makes a statement to an investigator in compliance with an information requirement, the statement cannot be adduced in related criminal proceedings against that person or in proceedings against that person for market abuse. However, requests from FCA for information to be provided voluntarily do not constitute an "information requirement" and, therefore, statements provided further to these requests cannot benefit from the protections under section 174(2) of FSMAL12. Members of the HSBC Group should be able to avail themselves of statutory protections where appropriate. Accordingly, where the FCA has served a Notice of Investigation against a UK member of the HSBC Group, and it appears that there may be a suggestion of criminal misconduct or market abuse on the part of a worker or UK Group member, any requests from the FCA for information should be refused and the FCA should be requested to invoke its statutory powers. Where it appears such a course of action is appropriate, the approval of the Global Head of Regulatory Compliance should be sought before formally responding to the FCA. In their absence, the matter should be referred to the business line Head of Regulatory Compliance. All requests for information from Financial Government Agencies, whether informal or otherwise, should be referred to Compliance who can advise on the appropriate course of action. Any requests for information from other Government or central agencies should be referred to Legal.
4.8
CONTACT WITH NON-UK REGULATORS AND GOVERNMENT AGENCIES
If any UK worker is contacted directly by, or receives any request for information from, any overseas regulator, they must contact their CO immediately. Compliance will then work with relevant Regional and other Compliance colleagues to consider and, where appropriate, address the relevant overseas regulator’s request. It should be noted that, as a general principle, information sent from HSBC to an overseas regulator which relates to a UK business or Group prudential matters should usually be channelled through the FCA as our lead regulator. If there is any doubt on the most appropriate route to provide information to a regulator, Compliance should be contacted for further guidance.
4.9
GENERAL GUIDANCE
Accordingly, you are required to: Comply with both the letter and spirit of all relevant laws, codes, rules, regulations and standards of good market practice in each jurisdiction around the world where you conduct business; and Ensure that any irregularities which arise are promptly resolved in a manner which ensures that our clients are treated fairly, which minimises financial loss and protects the good name and reputation of the HSBC Group.
4.10 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
1.2 Group Values and Business Principles 5.4 Responsibility for Compliance 5.16 Reputation Risk
Compliance (Global Risk FIM)
B2.1.4. Escalation, Exception Reporting & Follow-Up
(FCA information gathering and investigations)
B2.3.2 External Investigations
PUBLIC - Last modified on Tuesday, 13 January 2015
page 8
HSBC
UK Compliance Manual - PUBLIC Business Line
Compliance Coverage
Section B2.7.1 Interaction with Authorities
Global Risk Intranet
Reputational Risk Reputational Risk GCL 110007
GBM,
FCA Handbook
PRIN 2.1 (The Principles)
Escalation Guidelines
UK Guidelines for Handling Compliance Breaches
GPB,AMEU, HSS
PUBLIC - Last modified on Tuesday, 13 January 2015
page 9
HSBC
5.
UK Compliance Manual - PUBLIC
CONFIDENTIALITY / DATA SECURITY / INFORMATION SECURITY / CONTROL OF INFORMATION NOTE: This section should be read in conjunction with sections 6 Data Protection and 7 Conflicts of Interest.
5.1
SCOPE
The HSBC Group Values and Business Principles highlight your obligation to maintain the confidentiality of the private affairs of HSBC customers and/ or the HSBC Group. If this duty is compromised, the client may have a right of action under common law. The long term success of the Group is closely linked to the confidence of its stakeholders. Any breach of confidentiality would damage the Group’s standards of integrity and could tarnish its reputation. Important
It is important that all workers are conscious of their duty of confidentiality to customers and the Group. Much of the information which customers will convey, either in writing or on the telephone, is confidential and personal to them. Information concerning customers or employee’s can only be passed between parts of the HSBC Group with consent for this disclosure.
The term ‘confidential information’ should be used in the broadest possible sense. Remember that:
Information which seems insignificant to you may be of significance to others.
Information which seems insignificant now may become sensitive or significant in the future.
The expectation of confidentiality is very often an implicit one. The fact that the customer or a colleague does not openly state that a particular piece of information is sensitive and should therefore be treated in confidence does not alter the fact that confidentiality may be expected.
A bank has a traditional and established duty of confidentiality to its customers and this applies as much to wholesale and investment banking businesses as it does to a retail bank branch. Disclosure of customers’ or clients’ business or personal affairs is not permitted without the customers’ or clients’ authority. You must at all times observe strict confidentiality about information the bank holds. This includes dealings, transactions, procedures, policies, decisions, systems, unpublished financial data and other confidential matters of and concerning the HSBC Group. Confidentiality relates to any and all transactions (including customer or client accounts and matters relating to their business or personal affairs as well as HSBC proprietary information) of the HSBC Group, except when you are required or authorised to disclose such information by the bank or by law. Any breaches of confidentiality, including unauthorised ‘browsing’ of bank accounts, may constitute grounds for termination of your employment. If you are in any doubt as to the nature of any information which you have in your possession and whether or not it is confidential to the customer, you should immediately consult your line manager or CO for guidance.
5.2
GENERAL GUIDANCE
During meetings, emails and calls, you should only use information the client has provided their consent to. Think about what information you disclose and to whom.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 10
HSBC
UK Compliance Manual - PUBLIC
Maintain confidentiality throughout the entire business relationship with the client and thereafter, whether processing, recording, reviewing or storing information. Appropriate codenames must be used in all correspondence and conversations relating to transactions which constitute inside or relevant information. The use of codenames does not imply that these general procedures can be relaxed. Codenames should be appropriate, and it should not be possible to identify easily the underlying client by word association. Codenames must be used consistently throughout correspondence and communications both written and verbal. During meetings, emails and calls, only share information on a “need to know” basis. There should be a genuine business reason for an intended recipient to receive confidential, inside or relevant information. Wherever practical, only share that part of the confidential, inside or relevant information that will be sufficient for the intended recipient to fulfil their role rather than providing all the confidential, inside or relevant information on a particular matter. Ask employees to leave meetings after they have finished presenting or discussing a particular matter, if there is no business need for them to stay for the remainder of the meeting and if further information will be discussed that they do not need to know. Ensure that others cannot overlook you and therefore get access to confidential information when viewing documents in a public place. Dispose of confidential waste in a secure manner. Adhere to the Group’s clear desk policy. When handling documents and data, follow Group procedures, which are in place to limit the user’s access to removable media and prevent information leakages. (See Keep Information Safe for more information.) When in public places, do not allow others to overhear conversations when you are on the phone. Take particular care when you are out of the office. Do not discuss highly restricted information in public places. Use electronic equipment in a secure way. Activate password settings on your BlackBerry. Lock computers whenever they are not attended. Use email sensibly to ensure that Internal, Restricted and Highly Restricted information is not disclosed to those who are not authorised to see it. Do not allow or facilitate ‘tailgating’ by allowing someone without access onto a restricted floor without questioning them. If you are sitting in a business area and need to discuss an issue which is not appropriate for others in the immediate vicinity to overhear (e.g. because it is confidential to another business area or contains inside / relevant information) such discussions must be conducted in a secure environment such as a separate meeting room. Consideration should also be given to the level of soundproofing available in meeting rooms to ensure that such discussions (particularly loudspeaker telephone conversations) are not overheard. Apply extra caution when working from home or away from the office. Ensure there are appropriate permissions granted to access documents from home or to take documents out of the office. You are required to take responsibility for the use of any documentation outside of the work place. Consider the integrity of those around you when you are working from home. Secondees’ and temporary staff must operate:
PUBLIC - Last modified on Tuesday, 13 January 2015
page 11
HSBC
UK Compliance Manual - PUBLIC
o
Under careful supervision;
o
After an explanation as to their duty of confidentiality by their line manager;
o
After they have signed an appropriate confidentiality undertaking; and
o
After they have been made aware of the control of information procedures that will apply to them by their line manager.
5.3 FALSE ACCOUNTING It is an offence under Section 17 of the Theft Act 1968 L22 if a person dishonestly (with a view to gain for himself or herself or another) or with intent to cause loss to another: (a) destroys, defaces, conceals or falsifies any account or any record or document made or required for any accounting purpose; or (b) in furnishing information for any purpose, produces or makes use of any account, or any such record or document which to his or her knowledge is or may be misleading, false or deceptive.
5.4 MISLEADING STATEMENTS AND PRACTICES Any person who does any act, or engages in any course of conduct, which creates a false or misleading impression as to the market in or the price or value of any investments is guilty of an offence if they do so for the purpose of creating that impression and of thereby inducing another person to acquire, dispose of, subscribe for or underwrite those investments or to refrain from doing so or to exercise, or refrain from exercising, any rights conferred by those investments. (See also section 8.3 Misleading Statements and Practices/ Market Manipulation).
5.5 RETENTION OF DOCUMENTS AND RECORD KEEPING It is important that business documents and records of all types (original or copy) in all forms of media (including paper, computer, microfiche and tape), used by you are retained for the appropriate period of time. Retention periods for certain types of documents and records are established by legal and/or regulatory requirements. Retention of records also may be subject to Companies Act L4 legislation and certain tax legislation, as well as internal requirements.
5.6
FURTHER GUIDANCE
All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
GCL 120008
Secure External Email
Global Standards Manual
5.8 Conflicts of Interest 8.4 Electronic Communications 10.7 Records management 10.14 Information Risk
Group News Desk
Information Classification Policy (GCL100008)
Global Risk
ISR Incident Reporting
Security & Fraud Risk intranet
It’s time to start labelling
Global Risk, SFR FIM
Information Classification Control Matrix B.10.1 Information Security Risk B.10.1.1 Information Classification B.10.1.18 Secure Remote Working B.10.1.3 Secure Storage of Physical Information
PUBLIC - Last modified on Tuesday, 13 January 2015
page 12
HSBC
UK Compliance Manual - PUBLIC Business Line
Compliance Coverage
Section Clear Desk Standard
GBM,
HTS, Operations FIM
B.2.5.2. Customer Complaints
Human Resources FIM
B2.7.2 Alternative Working
UK Employee Handbook
2.13. Confidentiality, Conduct and Compliance 3.8. Confidentiality and Security Information
GPB,AMEU, HSS Functions
Global Finance FIM
PUBLIC - Last modified on Tuesday, 13 January 2015
B.2.4.1 Record Retention Periods
page 13
HSBC
6.
UK Compliance Manual - PUBLIC
DATA PROTECTION NOTE: This section should be read in conjunction with sections 5 Confidentiality / Data Security / Information Security / Control of Information and 7 Conflicts of Interest. The UK Employee Handbook should be referred to for definitive Data Protection guidance.
6.1
SCOPE
Data protection laws apply to information held about natural persons in any format, including internet and e-mail processing. This can be as simple as the recording of a person’s contact details in a directory. The purpose of the Data Protection Act (DPA)L8 is to control the use of, and protect, personal information.
6.2
TELEPHONE VOICE RECORDING PROCEDURES
Not all telephones are recorded, a list of recorded telephone lines is maintained by IT and recordings are retained for five years. The procedure for listening to a telephone tape recording is to complete the relevant section in the GSR (Group Service Request); RC will authorise accordingly and recordings are then sent back to RC for screening and onward transmission as required.
6.3
EXAMPLES OF WHEN SPECIFIC RULES ARE TO BE FOLLOWED
If you are transporting data out of the office.
If you are about to transfer data outside the EEA.
If you are processing sensitive information.
If you are sending the data to a third party
6.4
CROSS BORDER DATA TRANSFER
If data is to be transferred either to an external third party or outside of the UK, a Data Transfer Compliance Schedule (DTCS) may need to be completed. The DTCS is designed to ensure that any local legal or regulatory risks with transferring the data are both considered and managed appropriately. A DTCS is completed by the project manager in consultation with their CO.
6.5
GENERAL GUIDANCE
Ensure you only take information that is relevant; consider the necessity and purpose of taking any personal information from the client or prospective client. Only use the information for the purpose for which it was provided.
Question the purpose for passing on any personal information and check whether or not there is a secure procedure in place. This could be client or employee data.
Add personal data to client record keeping systems as and when necessary to maintain updated records.
Store (and remove when appropriate) data securely, whether hard or soft copy.
Use encryption and secure email.
Verify the identity of all persons making requests for information.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 14
HSBC
UK Compliance Manual - PUBLIC
6.6
RELEVANT LEGISLATION
Data Protection Act 1998: http://www.legislation.gov.uk/ukpga/1998/29/contents
6.7
FURTHER GUIDANCE
All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
5A.5 (Legal) Group Privacy Statement 10.14 Information Risk
Data Protection Global Risk intranet
Data Protection
Compliance (Global Risk FIM)
B.2.4.5. Privacy, Data Protection and Cross-Border Data Transfer
Security and Fraud SharePoint UK Data Protection Compliance intranet
UK Data Protection Compliance
UK Employee Handbook
5.3 Data Protection
AMEU
Global Asset Management Stand-alone Policies
Data Protection Guidelines
GBM
Global Banking and Markets Stand-alone Policies
Record Retention Guide
GBM, GPB,AMEU, HSS
Telephone taping and electronic communication retrieval procedures section PBGB
Private Bank Stand-alone Policy
PUBLIC - Last modified on Tuesday, 13 January 2015
Global Markets Telephone Taping Procedures
DPA Retention Policy & Destruction Dates
page 15
HSBC
7.
UK Compliance Manual - PUBLIC
CONFLICTS OF INTEREST NOTE: This section should be read in conjunction with sections 5 Confidentiality / Data Security / Information Security / Control of Information and 6 Data Protection.
7.1
SCOPE
The Group is a global organisation which provides a wide range of financial services. As such, it, or a company with whom it has an association, may from time to time have interests which conflict with its clients’ interests or with the duties that it owes to its clients. There are procedures and arrangements in place to identify and manage actual or potential conflicts of interest, between (i) associates and workers on the one hand and the interests of clients of the Group on the other, (ii) any conflicts between the clients themselves, (iii) any conflicts between clients and the HSBC group, and (iv) any conflicts between workers.
Conflicts of interest are inherent to multi-service firms because they perform a wide range of functions such as, financing, customer trading, proprietary trading, investment research, underwriting security issues, advice and execution. A duty is placed on multi-service organisations by both the FCA (please refer to FCA Principles for Businesses, Principe 8, or see section 3 Principles for Business) and under common law to either prevent or manage any conflict of interest that may arise between: (i) a client and the firm (ii) a client and a similar client (iii) a client and a different client (iv) a client and a worker of the firm By having adequate procedures and measures/systems and controls in place to identify and manage conflicts. At HSBC, we aim to identify and manage any form of conflict arising between ourselves and our clients and/or between our clients, before it becomes embarrassing to pull out of a potential deal or relationship.
7.2
TRANSACTION CHECK REQUEST FORM (ETCR)
A Transaction Check Request Form (eTCR system) is an online form submitted to RC in order to notify Compliance of relevant information concerning a transaction or relationship, and a potential or actual mandate. NOTE: Please check with your CO or refer to the eTCR Business Guidelines in order to confirm that this method of reporting is relevant to your business line.
7.3
EXAMPLES OF WHEN SPECIFIC RULES ARE TO BE FOLLOWED
If you are about to make a banking pitch to a client.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 16
HSBC
UK Compliance Manual - PUBLIC
If you are approving a new relationship or transaction. If you would like to deal on your own account (see further Section 13). If a client approaches HSBC with a financing proposal. If you are a private-sider and you wish to seek advice from an Analyst in Global Research, you must follow the Analyst Contact Guidelines. rd
If you are working on project where HSBC is principal that involves a 3 party (e.g. buying or selling a Group asset) If you are asked to facilitate a Work Experience placement from a third party you do business with
7.4
GENERAL GUIDANCE
The various types of conflict that may arise and you need to be aware of include: Legal conflicts (breach of fiduciary duties). Regulatory conflicts (breach of FCA conduct of business rules and general principles). Commercial conflicts. Relationship and/or reputational issues. Client confidentiality (breach of confidentiality).
7.5
FURTHER GUIDANCE
Business Line
Compliance Coverage
Section
All
Global Standards Manual
5.8 Conflicts of Interest
Credit FIM
C.18A Compliance Principles for the Management of Credit Risk and Information Flows
Compliance (Global Risk FIM)
B.2.4.2 Conflicts of Interest B2.4.4 Group Company as Principle C.2.4.1 Overview of Information Flows through Credit and Risk (for Corporates, Banks and Financial Institutions) Guidance and Explanatory Note for Compliance Functions C.2.4.2 Conflicts of Interest C2.4.4 Group Company as Principle
GBM,
UK Employee Handbook
3.2.6 Conflicts of Interest
Global Asset Management Stand-alone Policies
Conflicts of Interest section
GPB,AMEU, HSS AMEU
GBM
Global Banking and Markets Stand-alone Policies
Conflicts of Interest External business interests authorisation request
Allocation Procedures section DCM Allocation Procedures ECM Allocation Procedures Conflicts Checks section
External business interests authorisation request eTCR Business Guidelines
Control of Information / Information barrier section
Policy for undertaking internal reviews of inside information Wall Crossing Policy and Procedures
Preserving Information Barriers
LAF Treeing Guidelines
LAF Loan Price Enquiry
PUBLIC - Last modified on Tuesday, 13 January 2015
page 17
HSBC
UK Compliance Manual - PUBLIC Business Line
Compliance Coverage
Section
ClientVision Policies Compliance Guidelines
Compliance IT Staff Global Compliance Policy
GB PEP Policy Global Information Register System section Impact Day Procedures
Impact Day Advisory
Impact Day ECM PB-GB Referral Procedures Dec 2011 Price stabilisation and buy-back procedures Referral Procedures for GB Bankers Restricted Lists section Research Analyst Contact Guidelines section
Analyst Contact Guidelines
Sales – use of Research & Analyst Contact section Guidance to sales on analyst contact Sales guidance on investment research Stapled Financing Committee Terms of Reference HSS
HSS Stand-alone Policies
HSS Conflicts of Interest Policy
PBGB
Private Bank FIM
C.6.2 Conflicts
Private Bank Stand-alone Policies
Global Conflicts Policy External business interests authorisation request
Functions
RCGF SharePoint site
PUBLIC - Last modified on Tuesday, 13 January 2015
Conflicts of Interest Policy (TBA)
page 18
HSBC
8.
UK Compliance Manual - PUBLIC
INSIDER DEALING, STATEMENTS
MARKET
CONDUCT
AND
MISLEADING
Important Insider dealing is a CRIMINAL OFFENCE. The maximum penalty is 7 years imprisonment or an unlimited fine or a combination of the two.
If you have any doubts about any particular course of action or transaction, whether it be for your own account, for the HSBC Group or for that of any customer or a related party, you should seek advice from RC.
8.1
SCOPE
Market abuse is often used as a generic term to cover a number of offences (both civil and criminal), where the common factor is the potential to profit by dishonest/unfair market practices or the misuse of privileged information. The three categories of market abuse are: Insider Dealing (criminal offence) Misleading Statements and Practices / Market Manipulation (criminal offence) Market Abuse (civil offence). There are laws relating to dealing offences [Criminal Justice ActL7 and FSMAL12] and defences. You must make sure you familiarise yourself with the definitions of price sensitive information, relevant information and inside information. The offence is committed when an insider deals (or encourages another to deal) on the basis of inside information, or improperly discloses the inside information. In certain circumstances, it is proper for individuals to be made ‘insiders’ in relation to inside information. Important
You must ensure that you make yourself aware of what constitutes inside information and/or confidential information. If you have any doubts, you must consult RC.
8.2
INSIDER DEALING
Broadly, it is a criminal offence for an individual who has information as an insider to: deal in price-affected securities in relation to inside information (the “dealing offence”) encourage another person to deal or disclose inside information to another person otherwise than in the proper performance of the functions of his employment, office or profession (the “tipping offence”). If you are inadvertently or otherwise made an insider, other than in the course of your employment, RC must be consulted. If you receive confidential or inside information to which you may not be entitled, RC must be contacted immediately. RC will maintain a log of this detail. Penalties: A person convicted of insider dealing is liable on summary conviction, to imprisonment for a term not exceeding six months or a fine not exceeding the statutory maximum, or both; on conviction on
PUBLIC - Last modified on Tuesday, 13 January 2015
page 19
HSBC
UK Compliance Manual - PUBLIC
indictment, to imprisonment for a term not exceeding seven years or a fine, or both (insider dealing carries the same penalties as misleading statements and practices / market manipulation).
8.3
MISLEADING STATEMENTS AND PRACTICES / MARKET MANIPULATION
Offences: A person who dishonestly conceals any material facts may be guilty of an offence under Section 397 of the FSMAL12 if they: a) make a statement, promise or forecast which they know to be misleading, false or deceptive in a material particular; b) dishonestly conceal any material facts whether in connection with a statement, promise or forecast made by them or otherwise; or c) recklessly make (dishonestly or otherwise) a statement, promise or forecast which is misleading, false or deceptive. A person may be guilty of an offence if they make a statement, promise or forecast or conceal the facts for the purpose of inducing, or are reckless as to whether this information may induce, another person (whether or not the person to whom the statement, promise or forecast is made): a) to enter or offer to enter into, or to refrain from entering or offering to enter into, investment business; or b) to exercise, or refrain from exercising, any rights conferred by an investment. Any person who does any act or engages in any course of conduct which creates a false or misleading impression as to the market in or the price or value of any investments is guilty of an offence if he does so for the purpose of creating that impression and of thereby inducing another person to acquire, dispose of, subscribe for or underwrite those investments or to refrain from doing so or to exercise, or refrain from exercising, any rights conferred by those investments. Defences: In proceedings for an offence brought against a person as a result of paragraph a) above, it is a defence for him to show that the statement, promise of forecast was made in conformity with price stabilising rules or FSMA control of information rules (section 147 (s397(5) FSMAL12)). In proceedings brought against any person for an offence, it is a defence for them to show: a) that they reasonably believed that their act or conduct would not create an impression that was false or misleading as to the matters mentioned in that subsection; b) that they acted or engaged in the conduct: (i)
for the purpose of stabilising the price of investments; and
(ii) in conformity with the price stabilising rules (s144 FSMAL12 ); or c) that they acted or engaged in the conduct in conformity with FSMA control of information rules (section 147 (s397(5) FSMAL12)). Penalties: A person guilty of an offence under Section 397 of the FSMAL12 is liable on summary conviction, to imprisonment for a term not exceeding six months or a fine not exceeding the statutory maximum, or both; on conviction on indictment, to imprisonment for a term not exceeding seven years or a fine, or both (misleading statements and practices / market manipulation carries the same penalties as insider dealing).
PUBLIC - Last modified on Tuesday, 13 January 2015
page 20
HSBC
UK Compliance Manual - PUBLIC
8.4
MARKET ABUSE
Market Abuse covers both insider dealing and market manipulation and is, broadly speaking, the civil law equivalent of these criminal offences. Section 118 FSMAL12, covers seven types of abusive behaviour:
Offences: 1.
Insider dealing – when an insider deals, or tries to deal, on the basis of inside information.
2.
Improper disclosure – where an insider improperly discloses inside information to another person.
3.
Misuse of information – behaviour based on information that is not generally available but would affect an investor’s decision about the terms on which to deal.
4.
Manipulating transactions – trading, or placing orders to trade, that gives a false or misleading impression of the supply of, or demand for, one or more investments, raising the price of the investment to an abnormal or artificial level.
5.
Manipulating devices – trading, or placing orders to trade, which employs fictitious devices or any other form of deception or contrivance.
6.
Dissemination – giving out information that conveys a false or misleading impression about an investment or the issuer of an investment where the person doing this knows the information to be false or misleading.
7.
Distortion and misleading behaviour – behaviour that gives a false or misleading impression of either the supply of, or demand for, an investment; or behaviour that otherwise distorts the market in an investment.
The offence covers any other behaviour which is likely to give a regular user of the market in question a false or misleading impression as to the supply of, demand for, price or value of an investment or where the behaviour would be likely to be regarded by a regular user of the market in question as behaviour that would distort the market in such an investment and is likely to be regarded by the regular user as a failure on the part of the person concerned to observe an appropriate standard of behaviour. Penalties: Under FSMAL12, the FCA has powers to instruct a person found to have committed market abuse to pay compensation or to surrender any profits from the abuse, or it can impose an unlimited fine and/or publicly censure a firm or individual. Authorised Firms and Approved Persons can be subject to disciplinary sanctions including suspension or withdrawal of authorisation.
8.5
SUSPICIOUS TRANSACTION REPORTS
Important
A worker who notifies Compliance of a suspicion of market abuse must not inform any other person, particularly the person on behalf of whom the transaction has been carried out, of their notification without further guidance from Compliance.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 21
HSBC
UK Compliance Manual - PUBLIC
If you have reasonable grounds for suspecting that a transaction which has been arranged or executed might constitute market abuse, you are required to contact, without delay, your CO. If your CO is unavailable, you can contact the Monitoring and Surveillance team by emailing the Global Markets trade surveillance team for further guidance. A Suspicious Transaction Report should be filed to the FCA by RC. Under no circumstances should a Suspicious Transaction Report be filed directly to the FCA by anyone outside of RC unless preapproval to do so has been provided.
8.6
RESEARCH RECOMMENDATIONS
Under the market abuse regime, firms are required to ensure that, in research recommendations published by them, issues are fairly presented and interests and conflicts of interest are disclosed. The disclosure requirements under this regime differ from those applicable in the US in a number of ways, including their application not just to equities but to all asset classes.
8.7
GENERAL GUIDANCE
If you are in possession of inside information, you must not improperly deal or disclose this information until it is in the public domain. If you are included on an insider list, and in order to avoid committing the criminal offence of insider dealing, you are prohibited from dealing yourself in the particular stock for which you have insider knowledge, and you are prohibited from encouraging or discouraging anyone from dealing in that stock. If you inadvertently disseminate inside information, report this to Compliance and the person(s) in receipt of the inside knowledge must also be registered as an insider(s), and made aware of their obligations and duties. If you inadvertently receive inside information, do not share it, unless permission is granted otherwise from your CO. Any worker who has reasonable grounds for suspecting that a transaction which has been arranged or executed by a UK entity might constitute market abuse must notify such suspicions to their RC team without delay.
8.8
8.9
RELEVANT LEGISLATION Criminal Justice Act 1993 (as amended): http://www.legislation.gov.uk/ukpga/1993/36/part/V
FURTHER GUIDANCE
All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
5.8 Conflicts of Interest
Compliance (Global Risk FIM)
B2.5 Insider Dealing C.2.4.2 Dissemination of Market Rumours: Guidance
Global Risk Intranet
Market Abuse
FCA Handbook
Code of Market Conduct (MAR1)
FCA
Market Abuse
PUBLIC - Last modified on Tuesday, 13 January 2015
page 22
HSBC
UK Compliance Manual - PUBLIC Business Line
Compliance Coverage
Section
AMEU
Global Asset Management Standalone Policies
Conflicts of Interest section Conflicts of Interest Market Abuse section Market Abuse - Summary Market Abuse Training Market Abuse - Guidance PA Dealing Rules
GBM
Global Banking and Markets Standalone policies
Allocation Procedures section DCM Allocation Procedures ECM Allocation Procedures Control of Information / Information barrier section
Leaks Review Policy 2011
Wall Crossing Policy and Procedures
Preserving Information Barriers
LAF Treeing Guidelines
LAF Loan Price Enquiry
ClientVision Policies Compliance Guidelines
Compliance IT Staff Global Compliance Policy
Global Information Register System section
GIRS Procedures GIRS Training Insiders list template Insider trading reviews
Impact Day Procedures
Impact Day Advisory
Impact Day ECM
Market Abuse section Market Abuse Guidance Market Rumours section Market Rumours Guidance Market Soundings Procedures Personal Account Dealing section Personal Account Dealing Procedures Price stabilisation and buy-back procedures Global Markets Policy for the Distribution of Sales and Trading Commentary PBGB
Private Bank FIM
B.1.2 Insider Dealing
Private Bank Stand-alone Policies
Inside Information Procedure
PUBLIC - Last modified on Tuesday, 13 January 2015
page 23
HSBC
UK Compliance Manual - PUBLIC
ANTI-MONEY LAUNDERING
9.
Important
9.1
Money laundering is a CRIMINAL offence. Breaches of money laundering laws, regulations and rules may lead to regulatory censure, prosecution, unlimited fines and reputational damage for the bank, and to disciplinary action, fines and jail sentences for workers.
SCOPE
As an employee, you must comply with the letter and spirit of HSBC’s Global Anti-Money Laundering (AML) Programme. All employees must be vigilant and not allow HSBC to be used as a conduit for money laundering, terrorist financing, proliferation financing, tax evasion, or other criminal activity (collectively referred to as “financial crime”). Money Laundering is a criminal or attempted criminal act to conceal or disguise the identity of illegally obtained proceeds, so that they appear to have originated from legitimate sources. Criminals and their associates may use HSBC in order to hide the source and beneficial ownership of money by making payments and transfers of funds from one account to another; purchasing monetary instruments, such a drafts and using safe-deposit facilities to provide storage for bank notes. The process is also used in the financing of terrorism, although the funds may not originate from the proceeds of crime. HSBC Group has developed a Global AML Programme, which includes a Global AML Policy reflecting the AML legislation in the UK, EU, US and Hong Kong. Each relevant line of business and functional area is introducing internal procedures to ensure compliance with the Global AML Programme, and local laws, rules and regulations, where applicable.
9.2
GLOBAL POLICY AND PRINCIPLES (GPP)
The HSBC Group Money Laundering Deterrence Programme, Global Policy and Principles (GPP) and other local business procedures protect the reputation of the Group from reputational damage, allegations of money laundering, criminal or civil sanctions. The policies consist of the following key standards: a)
Management of AML risks and controls
b)
AML Governance
c)
Internal controls to ensure on-going compliance
d) Customer Due Diligence (CDD) which includes risk based Identification and Verification (ID&V), Know Your Customers (KYC) and Enhanced Due Diligence (EDD) e)
Suspicious activity monitoring and reporting
f)
Transparency
g)
Co-operating fully with the Authorities and responsiveness to requests
h)
Maintaining appropriate records of customer identification and transactions
i)
Staff awareness, training and alertness.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 24
HSBC
UK Compliance Manual - PUBLIC
9.3
EXAMPLES OF WHEN SPECIFIC RULES ARE TO BE FOLLOWED 9.3.1
Customer Due Diligence
You should apply the relevant Customer Due Diligence (CDD) procedures as appropriate. CDD must be undertaken prior to onboarding a client and at various intervals during the business relationship.
Care should be taken during the CDD process to identify customers that should not be on-boarded due to their associated financial crime risks which are outside of HSBC’s Financial Crime Risk Appetite. Ensure that the customer’s due diligence profile is updated to reflect any changes in the customer’s circumstances to enable the assessment of any new risks. Understand the type of transactions in which the customer is likely to engage in, and escalate activity which is unusual or suspicious to the Money Laundering Reporting Officer (MLRO) in accordance with local reporting requirements. 9.3.2
Enhanced Customer Due Diligence
You should take extra precautions when dealing with high risk customers. High Risk Clients – Certain customers pose a higher risk to the Group and its reputation. This may include customers domiciled in a high risk country listed as indicated in the Group’s Financial Crime Country Risk Model or those categorised as Politically Exposed Persons or due to the nature of the client’s business such as gaming, money exchange, arms dealers, for example, which results in classifying them a Special Category of Client (SCC). 9.3.3
Due diligence when HSBC is principal
You should apply the relevant CDD procedures as appropriate. The level of due diligence and KYC rd material required is dependent on the jurisdiction of the 3 party and the risk profile of the asset involved.
9.4
SUSPICIOUS ACTIVITY REPORTING Important
There is a statutory and regulatory obligation on you to report information that comes to your attention in the course of your business activities and which gives rise to knowledge or suspicion or reasonable grounds to know or suspect money laundering or terrorist financing. Failure to report a suspicion is a CRIMINAL offence. An employee who identifies suspicious activity must not inform the customer or any other person of the existence or decision of filing a Suspicious Activity Report (SAR). “Tipping-off” a customer is also a CRIMINAL offence.
The MLRO is the central point responsible for dealing with all suspicions activity reports and for reporting them, as appropriate, to the authorities. To help determine whether a report should be passed to the authorities, the MLRO is required to have access to the relevant records for that particular customer and you must be co-operative in any requests for access to records or other assistance in the review process.
To ensure consistency in the reporting process, an Unusual Activity Report (UAR) should be reported in the first instance to Compliance, who will liaise with the appropriate internal departments, including the MLRO.
If a suspicion is formed about an instruction received from a customer prior to the transaction or other activity taking place, a SAR must be made immediately. The transaction or activity must not proceed further without the prior consent of the authorities, as instructed via the MLRO.
Follow through: there should be a review of other transactions that the client is involved in and any accounts that the client is linked to. Serious consideration in association with Senior
PUBLIC - Last modified on Tuesday, 13 January 2015
page 25
HSBC
UK Compliance Manual - PUBLIC
Management and Compliance should be given to the closure of any relevant accounts. This decision must always be reached through collaboration between Senior Management and Compliance. In deciding whether or not potentially suspicious activity is being undertaken, you should have a clear understanding of the legitimate business of your customers. The CDD information obtained at the outset of and during the customer relationship plays a vital role in this process. You should take particular care when the proposed customer is not well known or is engaged in transactions which are not typical for the customer or its peer group, or are unusual from a commercial viewpoint, especially where the transaction is to be settled in an unusual manner. There are systems including WOLF, NORKOM and CAMP in place to monitor clients and identify any suspicious activity, as well as manual monitoring that may be more appropriate in some cases.
You should also be aware that the reporting requirement may be triggered in respect of any misconduct in, or misuse of information relating to, a financial market, such as market abuse (see section 8 Insider Dealing, Market Conduct and Misleading Statements for more information). The offender in these cases may therefore be a worker of the UK entity or other financial services institution. UARs should be submitted via the online form available via https://ukapplications21.systems.uk.hsbc/web/eforms/home.nsf/homepage/eForm%20Home?Opendocument
9.5 SUSPICIOUS AND UNUSUALLY LARGE BUSINESS OFFERS HSBC may be approached from time to time by persons who state that they, or the companies they represent, have access to very large sums of money, loan finance or other financial instruments such as blocked funds letters, certificates of deposit, prime bank guarantees/notes, promissory notes, standby letters of credit, treasury bills, gold certificates etc. Values involved are frequently hundreds of millions of dollars (or equivalent) and the underlying schemes are variously described as being highly remunerative, risk free, sensitive or secret and sanctioned by such bodies as the US Federal Reserve, the International Chamber of Commerce, the International Monetary Fund, the World Bank or the United Nations. These persons, often purporting to be acting as agents for well-known or distinguished, but possibly unnamed, principals, may be introduced by respected members of the community, claim that senior executives of the Group have knowledge of their activities or that other banks have already agreed to become involved. Dubious agreements and photocopies of bonds, certificates or fax messages are sometimes produced. The objective of such an approach is to induce HSBC to provide the approaching party with tangible evidence of a customer relationship with HSBC. Such evidence could then be used in a money laundering scheme or to intimate a close relationship in dealings with other parties as an agent, purportedly able to raise funds or place deposits on attractive terms; the objective being to obtain fraudulent payment of front-end fees for fictitious financial services. You must be alert to the dangers of dealing with such persons and must exercise great caution where they believe that an unusual approach is being made. Under no circumstances should you issue or send any telexes, letters or certificates bearing HSBC’s telex answerback, letterhead or authorised signature. You must not hand over your business card to persons who appear to be making unusual or large business offers. Wherever possible, you should obtain details of the person’s identity, address and company represented, together with copies of any available documentation.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 26
HSBC
UK Compliance Manual - PUBLIC
Important
9.6
When a suspect proposal is received, FCC must be advised urgently. Full details of discussions should be forwarded, together with original copies of any documents received, details of related accounts held and copies of internal correspondence. FCC will make the necessary report to Group Security and Fraud Risk, who will then inform any other Group office or member mentioned in the approach.
GENERAL
Failure to report suspicions or failure to report where there are reasonable grounds for suspicions may lead to action being taken against you. Within some jurisdictions (including the UK) local legislation imposes severe penalties on individuals (including possible imprisonment) on conviction of offences. The existing AML legislation in the UK places personal responsibilities on all employees and provides that you are committing an offence if you:
9.7
Know or suspect, or have reasonable grounds to know or suspect, that another person is engage in money laundering and do not report your knowledge or suspicion Reveal in any way to a person (customer, non-customer or employee) that they are subject of a report or an investigation
RELEVANT LEGISLATION 9.7.1
Relevant UK Law:
The Money Laundering Regulations (‘The Regulations’) Regulations 5-9, 11-17, 18-21L19 The Proceeds of Crime Act (‘POCA’) Sections 327-329, 330-331, 334(2), 333-338, 342L21 Part 3 of the Terrorism Act 2000, Sections 21ZA-21H, 39 Financial Sanctions LegislationL11 9.7.2
Customers that may not be dealt with:
Regulation 18L19 (HMT powers to prohibit firms from forming or maintaining relationships with customers situated in a country to which the FATF has applied countermeasures) UN Sanctions ResolutionsL24 1267 (1999), 1333 (2000), 1390 (2002) and 1617 (2005) EC RegulationL9 2580/2001 and 881/2002 (as amended) Terrorism Act 2000 Schedule 2L17 Terrorist Asset-Freezing etc. Act 2010 Counter-Terrorism Act 2008 Schedule 7 Al-Qa’ida and Taliban (United Nations Measures) Order 2006L1 9.7.3
Regulatory Regime:
Senior Management Arrangement Systems and Controls (SYSC) – Section 3.2.6.R 9.7.4
Other materials/guidance pointing to good practice:
JMLSG FATF Recommendations The Wolfsberg PrinciplesL25
9.8
FURTHER GUIDANCE
All further guidance relevant to your business line is mandatory for you to read and understand. PUBLIC - Last modified on Tuesday, 13 January 2015
page 27
HSBC
UK Compliance Manual - PUBLIC Business Line
Compliance Coverage
Section
All
FCA Handbook
SYSC 3.2.6
Global Standards Manual
5.6 FINANCIAL, ECONOMIC AND TRADE SANCTIONS (Financial Crime Compliance Risk Appetite) 5.7 Money Laundering Compliance
Global Risk Intranet
Financial Crime Country Risk Model Global Policy and Principles Guidance issued by Group Money Laundering Control Officer
Compliance (Global Risk FIM)
B.2.17 Global Anti- Money Laundering Policy B.2.17.3 Special Categories of Clients B.2.21.4 Sixth Filter
Group Circular Letters
GCL 120027 – Sixth Filter – a new Global Standard focusing on financial crime risk GCL 120030 – Bearer Shares and Bearer Share Companies – a new Global Standard
GBM & HSS
Global Standards
Global Standards intranet
Higher Risk Review Process section
Higher Risk Review Process Guidance Higher Risk Review Process Flow
AMEU
Global Asset Management Stand-alone Policies
Anti-Money Laundering section Source of Wealth Institutional AML Training
Global Banking and Markets Stand-alone Policies
Customer Due Diligence section
HSS
HSS FIM
PBGB
Private Bank AML & Sanctions (Money Laundering Operations Manual)
B.8.5.1 Risk Management HSS AML Requirements MLOM MLOM Appendix 1 - PAO procedures MLOM Appendix 2 - Bribery and Corruption MLOM Appendix 3 - US GPB Policy
GBM
PUBLIC - Last modified on Tuesday, 13 January 2015
Know Your Customer (KYC) ID Matrix
page 28
HSBC
UK Compliance Manual - PUBLIC
10. SANCTIONS Important
Evading sanctions is a crime.
10.1 SCOPE Sanctions are restrictions imposed by countries and multinational bodies like the UN and EU. They are a tool to help protect national or international security and help to stop financing for crimes like terrorism, drug trafficking and illegal arms dealing. Country based sanctions are designed to restrict financial and commercial interaction with a specific country or government; also specific individuals and/or entities connected with that country. Activity based sanctions aim to restrict financial and commercial interaction with certain individuals, entities and organisations.
10.2 GENERAL GUIDANCE – WARNING SIGNS Contact your local Financial Crime Compliance contact immediately if your customer lives or does business in any of these countries.
Cuba Iran Myanmar North Korea Sudan Syria
Warning signs include attempts to deliberately change or remove details of a transaction to conceal the identity of a sanctioned individual, entity or country or where a transaction is deliberately structured to avoid screening controls. If a customer attempts or asks you to omit or alter any information about them, their associates or their transactions, you should immediately escalate to Financial Crime Compliance. Be careful not to warn the customer that you are escalating. Managing sanctions risk is about precision: we are looking for the needle in the haystack. We need to be precise in the way we capture information at on-boarding, update information for existing customers, and enter information in the right systems, so that we can find matches with the sanctions lists.
10.3 RELEVANT LEGISLATION
UK HM Treasury Financial Sanctions
OFAC Sanctions
10.4 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
5.6 Financial, Economic and Trade Sanctions (Financial Crime Compliance Risk Appetite)
PUBLIC - Last modified on Tuesday, 13 January 2015
page 29
HSBC
UK Compliance Manual - PUBLIC Business Line
Compliance Coverage
Section
Global Risk Intranet
Sanctions
Compliance (Global Risk FIM)
B2.19.1 Global Sanctions Policy
Global Standards
Global Standards intranet Sanctions
GCL
PUBLIC - Last modified on Tuesday, 13 January 2015
GCL 140003 – Global Sanctions Policy, A new Global Standard
page 30
HSBC
UK Compliance Manual - PUBLIC
11. CROSS BORDER BUSINESS 11.1 SCOPE Important
It is your responsibility to confirm that HSBC is licensed to provide investment services and activities in the jurisdiction you are visiting or providing services into (from outside the country).
Overseas business visits or marketing initiatives must be organised and conducted in accordance with appropriate policies and local regulatory requirements. If you are in any doubt as to the impact of such regulations on the product or service to be offered, please consult RC or the Cross Border Marketing Survey ("the Survey"). The Survey is a tool designed to help determine what products can be sold and marketed into a territory from another jurisdiction. It covers virtually all the jurisdictions within which the Group has a presence.
The Survey is a high-level document designed to assist workers in determining what may or may not be permitted in any particular jurisdiction where business or marketing activity is targeted. The Survey should be used as a "starting point" for planning purposes with more detailed advice being sought from the CO in the jurisdiction where the activity originates and the CO in the jurisdiction where the activity is targeted.
11.2 CERTAIN TERRITORIES REQUIRING PARTICULAR CARE These include: Australia
Lebanon
Bahrain
Malaysia
Canada
Oman
Central and Eastern Europe
Saudi Arabia
EU Countries
Singapore
Hong Kong
Taiwan
India
United Arab Emirates
Japan
United States of America
11.3 CROSS BORDER BUSINESS NEW INITIATIVES Before commencing or materially changing a product, service or marketing activity, you must understand and follow the local laws, particularly tax rules, and ensure that the UK entity concerned is fully authorised to perform the planned services. Take extra care when seeking to engage in a highly regulated market, when establishing a new branch or when connected companies are entering into arrangements with each other. It is essential that HSBC is fully authorised to perform the planned services in the place and manner contemplated (including any local business authorisation or licensing restrictions, any worker registration requirements, any requirements regarding customer agreements/mandates, and whether
PUBLIC - Last modified on Tuesday, 13 January 2015
page 31
HSBC
UK Compliance Manual - PUBLIC
acting as principal or agent) before any new product, service or marketing initiative is commenced or an existing product, service or marketing initiative is amended. Particular care must be exercised when: (a)
seeking to commence or to materially change existing activities in a highly regulated market;
(b)
seeking to establish a new branch, subsidiary or representative office; and
Connected Companies propose to enter into arrangements with each other to service customer needs, including arrangements for the secondment or attachment of workers, and the remuneration and taxation of such workers.
11.4 DEALING WITH US CUSTOMERS Important
11.4.1
Please ensure that you familiarise yourself with the relevant rules and guidance surrounding dealing with US persons and the different US person definitions that apply for different purposes. If in doubt, please speak to your CO.
Soliciting Business from US Customers
Entities with no appropriate local licence/registration must consult with US Legal, RC and Tax prior to doing business with, marketing to or targeting non-US persons while in the US and US persons (wherever those US persons are now located and including business conducted from non-US locations with US persons) . This applies whether the activity is undertaken as an entity or as a sole individual and regardless of the means used (e.g. on the ground, from outside the country, or through a website). 11.4.2
Foreign Account Tax Compliance Act (FATCA)
The aim of FATCA is to prevent US Persons from using offshore entities to avoid US taxation on their income and assets. Workers must not engage in any activity, or have any formal or informal policies and procedures in place, directing, encouraging or assisting Group account holders/investors with respect to strategies for avoiding identification of their accounts as US accounts. 11.4.3
Dodd-Frank Act (DFA) Swap Dealing
Swaps can only be sold or booked to US persons or marketed to or solicited to US persons by swap associated persons within Global Banking and Market entities which are registered with the US authorities (“Swap Dealers”). These requirements are set out in more detail in the Derivatives Sales and Trading Manual within GBM. There should be no remunerated introductions of swaps business within the Group apart from out of the Swap Dealers.
11.5 MARKETING MATERIAL Care should be taken whenever marketing or promotional material is going to be used across borders. You must also be aware of the dangers of inadvertent cross border activity through posting information on websites. You must speak to your marketing department before undertaking the preparation of any material to be provided (or shown to) clients and/or an external audience. You must understand the requirements and sign off process applicable to the material you are producing.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 32
HSBC
UK Compliance Manual - PUBLIC
11.6 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
5.9 Cross-Border Business 5.10 Transactions and activities by non-us group companies that may be subject to us jurisdiction or otherwise affected by us laws (including on an extraterritorial basis) 5.13 Secondary Market Trading in Affiliate Securities
Global Risk Intranet
Cross Border Marketing Internet Based Marketing
GBM
Compliance (Global Risk FIM)
C.2.8 Marketing and Sales Practices – Cross Border Marketing Guidelines
Global Banking and Markets Stand-alone Policies
Contacting US Clients section Cross border marketing (including soliciting business from US customers) Derivatives Sales and Trading Manual Other:
PBGB
Private Bank FIM
Cross Border Marketing
B.7.4 Cross-Border Marketing Planning B.7.5 Cross-Border Marketing Execution
Private Bank Stand-alone Policies
Cross Border Marketing Attestation Cross Border Marketing CEO Notification Form
PUBLIC - Last modified on Tuesday, 13 January 2015
page 33
HSBC
UK Compliance Manual - PUBLIC
12. COMPETITION LAW Important
Breaches of Competition Law can have serious consequences for both the Group and individual workers, including fines, criminal prosecution and reputational damage. If in doubt, please speak to your usual Legal contact.
As a worker, you must (a) be able to identify possible competition issues in connection with your work, and (b) know how to elevate them to your usual contact in Legal.
12.1 SCOPE Details of the most commonly encountered issues in relation to Competition Law that workers must be aware of are set out in the UK Employee Handbook. You must also ensure that you are familiar with the Competition compliance materials and procedures specifically tailored to your business line.
12.2 GENERAL GUIDANCE 12.2.1 Agreements between competitors Agreements between competitors that harm competition are prohibited. These are (among others): agreements that limit, prevent, restrict or distort competition (e.g. price fixing, bid-rigging, sharing or allocating markets among participants) Fix other competitive terms, such as margins, commissions, fees, discounts or credit terms 12.2.2 Agreements with suppliers, distributors and customers Agreements with suppliers, distributors and customers that harm competition are prohibited. You must therefore seek advice from your usual contact in Legal before:
fixing or setting the maximum price at which a distributor must resell a product
granting a distributor exclusive rights to distribute a product
agreeing to purchase products or services exclusively from one supplier
requiring a customer buying one product to buy a separate product as well. 12.2.3
Information exchanges with competitors
Information exchanges with competitors may be permissible in certain limited circumstances (e.g. in the context of joint ventures or syndicated deals). However, you must consult your usual contact in Legal before entering into any arrangements that involve: sharing “competitively sensitive information” actively participating in any trade association or industry group contacts with competitors that, inadvertently or deliberately, trigger a breach of competition law 12.2.4
Abuse of a dominant position
Abuse of a dominant position is prohibited. You must therefore consult and seek advice from your usual contact in Legal where the Group, or any Group entity, may have a market share of more than 40 per cent.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 34
HSBC
UK Compliance Manual - PUBLIC
12.3 HOW TO ESCALATE OR REPORT SUSPECTED INFRINGEMENTS If you have any concerns about the Group 's behaviour or that of a competitor, you have two options, contact: 1. your usual Legal contact; or 2. the general Compliance Disclosure Line, details of which are set out on the UK intranet. Immunity or leniency may be granted to a whistleblower that alerts the relevant competition authority to an anti-competitive agreement. You can keep your call anonymous. It is the responsibility of all workers to ensure that they are aware at all times of who their Legal contact is and how to contact them. If you report your concerns in writing, you should include the following at the top of your email: “Privileged and confidential – prepared for the purpose of obtaining legal advice”. Ideally, however, you should call in the first instance.
12.4
RELEVANT LEGISLATION
Treaty on the Functioning of the European Union (Articles 101 and 102)
Competition Act 1998
Enterprise Act 2002
12.5 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Legal FIM
B.11.2 Competition Law
GBM,
UK Employee Handbook
Section 3.2.17. Competition
Global Banking and Markets Stand-alone Policies
Competition Law section
GPB,AMEU, HSS GBM
PUBLIC - Last modified on Tuesday, 13 January 2015
page 35
HSBC
UK Compliance Manual - PUBLIC
13. PERSONAL ACCOUNT DEALING Important
When you correctly follow the Personal Account Dealing procedures that are in place, you will naturally create evidence that you have taken reasonable steps to ensure that you are able to undertake the relevant transaction(s). Should you fail to follow the appropriate procedures, you may create unnecessary suspicion into your actions.
13.1 SCOPE All workers are covered by the Personal Account Dealing rules. For Employees, these form part of your contract with the Group. It is the responsibility of all workers to follow relevant guidance and comply with the procedures for your Function.
13.2 GENERAL GUIDANCE A breach of your Personal Account Dealing procedures may be considered as grounds for disciplinary action, including dismissal or termination. Staff dealing principles and rules are in place to manage any conflicts of interest, discourage speculative dealing and maintain the highest standards of business behaviour. All Restricted Persons must follow the Code for Dealing in Group Securities (GCL 090007 issued 5 March 2009, as amended from time to time) when dealing in Group securities. Individuals who are Restricted Persons are notified personally with a Restricted Persons Memorandum containing guidance as to the procedures they should follow before dealing in Group securities. All Restricted Persons must comply with close periods for dealing in Group securities. In accordance with the Code for Dealing in Group Securities if you are a Restricted Person you must seek clearance from the Group Company Secretary before dealing in HSBC Group Securities. This approval is required in addition to any required by your local PAD rules.
13.3 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
ALL
Group Company Secretary
Code for Dealing in Group Securities GCL 090007
Functions
Global Standards Manual
5.11 Staff Dealing Principles and Rules
Global Risk FIM, Compliance
B2.11 Personal Dealing in Securities
Global Risk Intranet site
Employee Sharedealing: Restricted Persons
RCGF SharePoint site
PAD
PUBLIC - Last modified on Tuesday, 13 January 2015
page 36
HSBC
UK Compliance Manual - PUBLIC
14. ANTI-BRIBERY AND CORRUPTION Important GIVING A BRIBE It is a criminal offence to offer an inducement to someone to perform their duties improperly (or reward them for doing so). In other words, you must not bribe.
Important
RECEIVING A BRIBE It is a criminal offence to accept or agree to accept an inducement to perform your duties improperly (or be rewarded for doing so). In other words, you must not solicit a bribe or allow yourself to be bribed.
14.1 SCOPE The Group’s Principles for Countering Bribery are in place to improve standards of business integrity, commitment to fair truth and dealing and commitment to complying with all applicable laws and regulations.
You are required to apply these policies and principles to both the countering of bribery of public officials and to commercial transactions and relationships. The UK Bribery Act 2010L3 is extra-territorial; in effect it binds the Group. It is important for all workers and Group entities to comply with the Bribery ActL3 and similar extra-Territorial legislation such as the US Foreign Corrupt Practices Act and Hong Kong Prevention of Bribery Ordinance. Among the core provisions of the Bribery ActL3, is a new criminal offence for corporations and partnerships of “failure to prevent bribery”. This offence is effectively one of “strict liability”, i.e. the only defence is that “adequate procedures” were in place to prevent bribery. If you fail to act upon an opportunity to prevent bribery, you could be held liable for a criminal offence. You should also note that many other anti-bribery or anti-corruption legislation covers the UK and must be applied equally (e.g. US Foreign Corrupt Practices Act)
14.2 GENERAL GUIDANCE A bribe need not have monetary value. So it may also include: o Turning a “blind eye” to a conflict of interest o Providing training to or employing someone’s (e.g. CEO, Public Official, prospect) family member or close associate o Bypassing the Group’s policies and procedures to the customers/prospect’s advantage o Promising a future ‘favour’ Due diligence requirements: conduct due diligence before entering business relationships, joint ventures, signing contracts or when acquisitions are made. Do not provide facilitation payments. Restrictions are in place around Gifts & Entertainment (alternately referred to as Gifts and Hospitality) that can be provided to Public Officials or others. Breaches: report any breach to your CO, as the breach may be considered grounds for disciplinary action including dismissal or termination.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 37
HSBC
UK Compliance Manual - PUBLIC
A training course has been developed for e-learning purposes and is mandatory for all workers. Line Management must also ensure that all new workers joining HSBC undertake and complete the module within three months of their start date.
14.3 RESTRICTIONS AROUND PUBLIC OFFICIALS As a result of the Bribery Act, there are restrictions around Gifts & Entertainment that can be provided to Public Officials (See Gifts & Entertainment Section 14). “Public Officials” are broadly defined as individuals at any level of authority who:
hold a legislative, administrative or judicial position of any kind, whether appointed or elected;
represent any public agency or public enterprise. This includes Regulators, Central Banks, local or municipal governments, health agencies, Debt Management Offices and State Owned Enterprises (including banks in public ownership) and quasi-autonomous national government organisation (‘quangos’); or
are employees or agents of a public international organisation (defined as an organisation whose members are countries, territories, governments, or other public international organisations).
14.4 ASSOCIATED PERSON a)
Definition of an Associated Person under the 2010 Anti-Bribery Act
Any person who performs services for or on behalf of the Group is an ‘associated person’ of the Group. This could include, but is not limited to the Group’s: agents, intermediaries, contractors, introducing brokers, technical consultants, introducers, professional advisers, subsidiaries, joint ventures, strategic partnerships or equity holdings or vendors and suppliers (where they are performing services rather than just selling goods), where such persons might be capable of committing bribery on the Group’s behalf intending to obtain or retain business or a business advantage for the Group”. b)
Due Diligence
All functions must implement the “Third Party Associated Persons Bribery Risk Assessment and Due Diligence Policy”, which requires each member to develop procedures and controls to assess bribery risk and undertake due diligence on all third party associated persons. The policy sets out due diligence guidance on proposed Associated Persons where the relationships are exclusively managed by the functions outside of the Group’s existing third party due diligence procedures in, for example, Procurement, Vendor Management, Joint Venture/Equity and Legal. This policy is not intended to change any of these existing policies and procedures and the function is expected to continue to adhere to these policies as per normal practices. c)
Record keeping
The results of the due diligence undertaken in relation to associated persons must be accurately recorded and maintained and be readily available for review internally or externally d)
Escalation
At the inception of, or during the term of, the relationship concerns may arise with respect to bribery risk. Any concerns you have, should be escalated in line with existing procedures (e.g. line manager and / or FCC). In the event of the business wishing to proceed/continue with the relationship, despite concerns that may have been identified with respect to bribery risk, these should be escalated in line with existing
PUBLIC - Last modified on Tuesday, 13 January 2015
page 38
HSBC
UK Compliance Manual - PUBLIC
business procedures including as may be appropriate: FCC, Senior Management and/or relevant business committees e.g. ORIC, Reputational Risk Committee, new business committee.
14.5 RECRUITMENT & WORK PLACEMENTS HR FIM B2.1 (“Recruitment”) makes clear that hiring must be meritocratic. As outlined in the General Guidance section above, the selection of a specific candidate in order to influence a specific business decision may be considered a bribe and therefore constitute criminal conduct. Relevant HR policies and procedures must be followed at all times. Group policy states that all requests for work experience, work shadowing placements and informal internships should be made through a formal HSBC work experience application and selection process which is open, based on considered, objective selection criteria and meritocratic. Any requests from current or potential customers, third party vendors and public officials should also be referred to the CO where there is any concern that the offer could be considered as a "bribe" and/or an inducement for favours (refer to GSM 5.14).
14.6 FACILITATION PAYMENTS "Facilitation payments" (also called “speed" or "grease" payments) are small payments made to secure or expedite the performance of a routine or necessary action to which the payer of the facilitation payment has legal or other entitlement. As facilitation payments are a form of bribery, they are prohibited. All group entities must adopt a “zero-tolerance” policy regarding facilitation payments It is recognised that there may be circumstances when a member of staff is left with no alternative but to make payment(s) in order to protect against loss of life, limb or liberty. Should this situation occur, the event must be reported to the local Anti-Bribery and Corruption (AB&C) Compliance function
14.7 OTHER RELEVANT LEGISLATION Anti-Terrorism, Crime and Security Act 2001L2 Bribery Act 2010L3 Convention on Combating Bribery of Foreign Public Officials in International Business Transactions International Chamber of Commerce Rules of Conduct to Combat Extortion and Bribery Organisation for Economic Co-operation and Development Convention
14.8 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
5.14 Business Policy and Principles for Countering Bribery
Compliance (Global Risk FIM)
B2.6.1 Group Business Principles for Countering Bribery B2.6.3 Third Party Associated Persons Bribery Risk Assessment and Due Diligence Policy
Global Risk Intranet
Group Guidance for an Anti-Bribery Programme Bribery (currently being updated)
Human Resources FIM
PUBLIC- Last modified on Tuesday, 13 January 2015
B2.1 Recruitment
page 39
HSBC
UK Compliance Manual - PUBLIC Business Line
Compliance Coverage
Section B1.7 Work Experience
Risk FIM
Risk FIM B2.6.4 Gifts and Entertainment
New mandatory e-Learning Anti-Bribery and Corruption GCL
GCL 100045 - New mandatory e-learning - Anti Bribery and Corruption (21/Oct/2010)
UK Bribery Act GCL
GCL 100031 - UK Bribery Act (20/Jul/2010)
PUBLIC - Last modified on Tuesday, 13 January 2015
page 40
HSBC
UK Compliance Manual - PUBLIC
15. GIFTS AND ENTERTAINMENT NOTE: This section should be read in conjunction with section 14 Anti-Bribery and Corruption.
15.1 SCOPE Details of the obligations that all workers are obliged to comply with in relation to Gifts & Entertainment (alternately referred to as Gifts and Hospitality) matters are set out in the UK Employee Handbook.
15.2 GIFTS AND ENTERTAINMENT (“G&E”) In accordance with the policy set out in the GSM and Risk FIM B2.6.4 (“Gifts & Entertainment”), you must actively, but sensitively, discourage customers, suppliers or service providers from offering personal benefits of any kind. This includes all types of gifts, favours, services, hospitality, loans or fees, or anything of monetary value. Equally, you must not offer any personal benefit, of the type outlined above, if it is likely to conflict with your duties to any customer or member of the Group. (Please also refer to section 14 Anti-Bribery and Corruption). It is recognised that there are occasions where it may be considered discourteous or harmful to HSBC for you to decline or fail to offer a gift or corporate hospitality. Gifts and corporate hospitality of a monetary value in excess of thresholds specified in local policies or procedures may require Senior Management approval or disclosure to clients.
15.3 PUBLIC OFFICIALS Public Officials are defined under the Anti-Bribery and Corruption section (Section 14.3). Under the Group policy, hospitality may only be provided to or accepted from Public Officials without preapproval if the hospitality is provided in a normal business context such as refreshments (e.g. teas, coffees, biscuits) during meetings, excluding lunches and dinners. The policy requires all other gifts/entertainment/hospitality provided to or accepted from Public Officials to be pre-approved by the Country CEO or Regional Compliance Officer. This approval authority can be delegated to a member of staff with relevant knowledge and sufficient seniority. The following must be recorded in the UK Gifts and Hospitality Register (see section 15.5 for further information): i.
name of the Public Official;
ii.
his / her position;
iii.
description of the gift, entertainment or hospitality to be provided;
iv.
purpose of the gift, entertainment or hospitality;
v.
results of World-Check; and
vi.
details of the pre-approval.
Any local laws or restrictions on interaction with Public Officials must also be followed. All approvals should be notified to your local compliance team.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 41
HSBC
UK Compliance Manual - PUBLIC
15.4 DE MINIMIS LIMITS & EXCEPTIONAL GIFTS & ENTERTAINMENT Unless your Function has a more stringent G&E policy, the de minimis limits for Holdings employees should be adhered to. These can be found in the UK Giving or Receiving Gifts, Hospitality, and Other Personal Benefits Policy. The aforementioned policy also includes the approval process for gifts/entertainment that exceed the de minimis levels and also for hospitality that is deemed exception hospitality (e.g. flights and accommodation).
15.5 RECORDING GIFTS & ENTERTAINMENT OFFERED OR RECEIVED Unless your Function has an alternative process in place, all G&E above the de minimis limit should be logged on the UK Gifts and Hospitality Register (“the Register”). The Register can be found at: http://giftshospreg.systems.uk.hsbc/. The following must be logged on the Register:
ALL gifts, entertainment, hospitality or other advantage given/ received above the de minimis limits, (whether accepted or declined) in accordance with these guidelines; ALL gifts, entertainment, hospitality or other advantage provided to or accepted from a Public Official (excluding light refreshments provided in a business context – see section 15.3 for further details); ALL exceptional gifts, entertainment, hospitality or other advantages as outlined above mentioned policy (for example, flights and accommodation); and Details of any approvals (whether approved or denied).
You can delegate access to the Register to your PAs/ Secretaries to allow them to log information on your behalf using the delegation tab on the Register. When inputting an entry onto the Register, include the name of the person providing/ receiving the gift/ hospitality and the firm they represent in the “Description” field.
15.6 EXAMPLES OF WHEN SPECIFIC RULES ARE TO BE FOLLOWED Ensure that you know the thresholds above which prior approval is required from Senior Management and obtain prior approval in line with local procedures before accepting or offering G&E with a value above these thresholds. You must not offer clients lavish or repeated entertainment which could be construed as an inducement to use the services of a Group company. You must not offer or accept gifts, entertainment or benefits whilst negotiating a new/ renewed contract. Take care to avoid engaging in any activities which could be construed as offering or receiving bribes (see section 14 Anti-Bribery and Corruption)
15.7 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
6.3 Codes of Conduct
Risk FIM
B2.6.4 Gifts and Entertainment Policy
Functions
UK Gifts and Hospitality Register
http://giftshospreg.systems.uk.hsbc/.
Holdings & UK
UK Giving or Receiving Gifts, Hospitality, and Other Personal Benefits Policy
UK Giving or Receiving Gifts, Hospitality, and Other Personal Benefits Policy
Bank
PUBLIC - Last modified on Tuesday, 13 January 2015
page 42
HSBC
UK Compliance Manual - PUBLIC
16. MARKETING AND FINANCIAL PROMOTIONS 16.1 SCOPE When representing the Group in any form, including all advertising and marketing, you must ensure that the representation you are making is fair, clear and not misleading, and you must identify the issuers. The UK financial promotion regime contained in Section 21 of the FSMAL12 and Chapter 4 of the FCA Conduct of Business Rules contains a basic requirement that regardless of delivery mechanism and target audience all financial promotions should: be fair, clear and not misleading be balanced and not give undue prominence to benefits in relation to risks not disguise, diminish or obscure any important items, statements or warnings be clearly identifiable as a financial promotion where applicable, make it clear if a client’s capital is at risk provide a clear explanation of the charging structure for a product be comprehensible to an average member of the target audience. However, the detailed regime is complex and contains a number of specific requirements depending on the nature of the product being promoted and the target audience. If you are in any doubt about the need for approval of a particular item of material, you should seek guidance from RC.
16.2 EXAMPLES OF WHEN SPECIFIC RULES ARE TO BE FOLLOWED When you are issuing any written marketing communications or financial promotions When you are publishing research under the HSBC brand you must ensure you are compliant with GCL 070042 When you are writing advisory reports or advertisements When you are making use of social media for both business and personal purposes, whether during office hours or otherwise When you are issuing a Deal Flash When you are disseminating communications outside the Group and you need to limit any legal liability and avoid regulatory sanction through the inclusion of a suitably worded disclaimer When publishing reports or adverts. It is important for you to consider whether or not the recipients are authorised to access such materials. You must also be aware of the dangers of inadvertent cross border activity through posting information on websites (see Cross Border Business).
16.3 MARKETING NEW BUSINESS INITIATIVES To ensure that any pertinent regulatory issues are identified early in the business and tax planning process and to prevent the commencement of business initiatives which may contravene regulations, it is a requirement that RC is always consulted when a new business initiative is considered, before it is marketed, as regulatory approval may be required. A due diligence proposal may need to be completed. If in doubt, contact RC. It is essential that HSBC is fully authorised to perform the planned services in the place and manner contemplated (including any local business authorisation or licensing restrictions, any worker registration requirements, any requirements regarding customer agreements/mandates, and whether PUBLIC - Last modified on Tuesday, 13 January 2015
page 43
HSBC
UK Compliance Manual - PUBLIC
acting as principal or agent) before any new product, service or marketing initiative is commenced or an existing product, service or marketing initiative is amended. Particular care must be exercised when: a) seeking to commence or to materially change existing activities in a highly regulated market; b) seeking to establish a new branch, subsidiary or representative office; and c) Connected Companies propose to enter into arrangements with each other to service customer needs, including arrangements for the secondment or attachment of workers, and the remuneration and taxation of such workers.
16.4 GENERAL GUIDANCE You must gain approval from RC, in accordance with your local procedures, prior to issuing any marketing communication or financial promotion. Particular care must be taken when marketing new business initiatives and when material is to be provided to an audience wider that the country of origin (see Cross Border Business). You should also consider if the material is appropriate for the intended audience, both in terms of culturally appropriate and also if it is appropriate in terms of the products themselves (e.g. Life insurance policies may not be appropriate for customers over 75 years etc). You should consider whether access to the material should be blocked from certain countries/ jurisdictions if it is not appropriate to them.
16.5 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Financial Services and Markets Act 2000
Section 21 (Financial Promotion)
FCA Handbook
COBS 4 (Communicating with Clients)
Global Standards Manual
11.2 Global Research 14.2 Advertising and Marketing Communications
Compliance (Global Risk FIM)
B2.8 Marketing and Sales Practices B2.10 E-Business
Markets FIM
B.80 Research
Group News Desk
GCL 070042
PUBLIC - Last modified on Tuesday, 13 January 2015
page 44
HSBC
UK Compliance Manual - PUBLIC
17. EXTERNAL BUSINESS INTERESTS 17.1 SCOPE If you have an external business interest or an outside directorship, you must obtain appropriate prior approval from your line manager and HR as well as seeking pre-approval guidance from RC. This rule applies to all workers who intend to take on a new external business interest whilst employed by the HSBC Group, as well as new joiners. Approval is not required for totally non-work related activities e.g. residents' associations, sports clubs or associations, civic charities, religious or political organisations. For further details, see the UK Employee Handbook and relevant links as listed below.
17.2 EXAMPLES OF WHEN SPECIFIC RULES ARE TO BE FOLLOWED If you are about to join the Group as a worker, you require prior approval to continue your external business interest or outside directorship and therefore you must first complete an External Business Interests Authorisation Request. If you are a worker and wish to accept a role through which action is taken on behalf of another entity you must first seek prior approval and complete an External Business Interests Authorisation Request. If you are a worker and wish to accept a role at the request of HSBC Group you must first seek prior approval and complete an External Business Interests Authorisation Request.
17.3 DUAL EMPLOYMENT The Rules governing EBI’s are different to dual employment, you should refer to your relevant employee Handbook for more information on dual employment.
17.4 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
6.5 Directorships and other influential roles on Behalf of Non-Group Entities
HR FIM
B.2.12 External Directorships
UK Employee Handbook
External Business Interests Authorisation Request
GBM,
3.3 External Business or Professional Interests and Avoidance of Conflicts
GPB,AMEU, HSS
2.15.7 Directorships GBM & HSS
Compliance intranet
External Business Interests Authorisation Request
HSS
HSS FIM
D.2.1 External Directorship Approval Checklist
PUBLIC - Last modified on Tuesday, 13 January 2015
page 45
HSBC
UK Compliance Manual - PUBLIC
18. WHISTLEBLOWING Important
You are reminded that guidance in relation to “whistleblowing” is set out in the Global Standards Manual (5.5 Whistleblowing) as well as the UK Employee Handbook. Whistleblowing via the Compliance Disclosure Line should be used when the normal channels for airing grievances or concerns are unavailable or inappropriate.
Comprehensive whistleblowing procedures are contained in the UK Employee Handbook. Refer to the Compliance Disclosure Line and other relevant links below for information on how and where to raise any concerns about actual or suspected malpractice.
18.1 FURTHER GUIDANCE All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
Global Standards Manual
5.5 Whistleblowing
Intranet
Compliance Disclosure Line
UK Employee Handbook
4.19 WhistleBlowing
GBM, GPB,AMEU, HSS
PUBLIC - Last modified on Tuesday, 13 January 2015
page 46
HSBC
UK Compliance Manual - PUBLIC
19. OUTSOURCING & OFFSHORING 19.1 SCOPE The FCA has detailed rules and guidelines relating to the outsourcing of work by firms it regulates in the UK. Regulators in many of the jurisdictions in which the Group operates have issued local regulations and guidelines on outsourcing. These must be observed in all respects, and so to ensure compliance where relevant, GSM 10.13 requires Compliance to be consulted where outsourcing is being considered. In this context, Outsourcing can be taken to mean the use of third party suppliers to perform a process, a service or an activity which would otherwise be undertaken by the firm itself. The FCA rules/guidance stipulate the common elements of a proficient outsourcing policy. These include a Service Level Agreement, contingency plan, quality monitoring, supplier due diligence, and (in the case of non-Group suppliers) a legal contract. All these elements should be contained in relevant Group initiatives. Offshoring in this context means performing a process, service or activity outside of the UK. The FCA considers any work offshored to still be under their remit. You should be aware of this best practice advocated by the FCA, and the need to consult the relevant CO where either Outsourcing or Offshoring are being considered.
19.2
FURTHER GUIDANCE
All further guidance relevant to your business line is mandatory for you to read and understand. Business Line
Compliance Coverage
Section
All
FCA Handbook
SYSC 8.1 General Outsourcing Requirements
GSM 10.13
Outsourcing
PUBLIC - Last modified on Tuesday, 13 January 2015
page 47
HSBC
UK Compliance Manual - PUBLIC
20. INSIDER LISTS AND INFORMATION BARRIERS NOTE: This section should be read in conjunction with sections 5 Confidentiality / Data Security / Information Security / Control of Information and 8 Insider Dealing, Market Conduct and Misleading Statements
20.1 SCOPE Workers employed within the Functions are likely to come into possession of confidential and possibly inside information in the course of their duties. As such all workers must follow the procedures designed to ensure that such information is handled properly and securely, including in accordance with policies and procedures aimed at managing conflicts of interest and handling restricted/highly restricted informaton. Misuse of inside, relevant or confidential information could result in criminal, civil or regulatory liability on the part of HSBC and / or individual employees. Such misuse could also damage HSBC’s reputation and / or cause a loss of business. A breach of the following procedures could result in a fine, public censure or another penalty (including imprisonment). Important Members of staff must be aware that the unauthorised disclosure of confidential information is a serious disciplinary offence. It may also, if it is “inside” information, be a criminal offence.
20.2 INFORMATION BARRIERS – GENERAL CONCEPTS Subject to the overriding duty of confidentiality owed to the Group and to customers, confidential or inside information may be shared within the Group or with a third party, only when the communication of such information is necessary and observes our Information Barrier policies. These procedures are designed to protect information, and to help manage conflicts of interest. The following general principles relate to the flow of information within HSBC Holdings plc;
A strict need-to-know policy prevails in relation to the flow of all information. The recipient of the information should not have any responsibilities, whether to a Group company, the Group’s customers or others, that are likely to give rise to a conflicts of interest or misuse of the information. The recipient understands that the information is confidential or inside information, as well as the limitations on further distribution of the information. Employees must ensure that any restrictions precluding information sharing agreed with a customer or third party are adhered to (for example, restrictions contained in a confidentiality agreement or if a seller of an asset expressly denies consent to share information throughout the HSBC Group).
Each Group company which routinely holds inside information within one part of its operations, and which needs to insulate the rest of its business from that information, must establish and maintain an Information Barrier around that operation.
20.3 INSIDER LISTS An insider register is a regulatory requirement and must be established as soon as inside information is identified. An insider register means that there is inside information involved either on HSBC or on a third party. As a result dealing restrictions must apply to at least one company involved in the PUBLIC - Last modified on Tuesday, 13 January 2015
page 48
HSBC
UK Compliance Manual - PUBLIC
transaction, and apply to everyone on the list - preventing them from dealing in the securities of the effected company. If HSBC is the only company involved (i.e. it is a strategy analysis of business unit, Capital raising by HSBC) then the dealing restrictions will apply to anyone on the list and they will not be able to deal in HSBC securities until the project is complete, dead or changed to a confidential register. If a project is considered inside information to HSBC, then the Group Company Secretary team needs to be consulted immediately. It is not a regulatory requirement to maintain confidential lists (i.e. where the transaction is not inside information to either side of the deal), however in certain circumstances this may be advisable. Examples of when a project insider/ confidential list may be required include projects considering topics such as the following:
Changes to the HSBC Holdings plc Board of Directors;
Preparation of the Group Annual Report and Accounts/ Interim Results
Significant capital raisings involving the Group;
Group investor day roadshow / Group Strategy day;
Significant strategic decisions or material changes in announced strategy;
Mergers, acquisitions and disposals;
Joint Ventures.
The project team in charge of the inside information is responsible for ensuring that an insider register is established at an appropriate time and maintained accurately and kept up-to-date. If there is any doubt about whether a register is required or is already in place in relation to a particular project, you should contact your CO. It should be noted that, from time to time, regulatory authorities may request lists of all persons who had inside information in relation to a particular matter, including the date and time at which such person became an insider. It is therefore imperative that the insider register is maintained accurately and kept up-to-date. Insider register must not be forwarded to a third party (including any Regulatory Authorities) without prior consultation with CO.
20.4 CROSSING THE INFORMATION BARRIER There is an Information Barrier around HSBC Holdings plc, to restrict the flow of confidential information from Holdings to other parts of the Group. The Barrier is there to protect information and to manage the risk of conflicts of interest arising and to avoid “tainting” other parts of the Group with information known only in Holdings. Consequently, your CO must be consulted before inside information is to be shared with workers outside Holdings.
20.5 WHAT IT MEANS TO BE AN INSIDER If you are made an insider on a project, you will be considered to have access to inside information on one or more parties involved in the project. Sometimes, just knowing the project exists is considered inside information. Due to the size of the HSBC Group, normally the inside information will relate to a third party, however it can on occasion relate to HSBC. If you have inside information on a company you cannot deal (or encourage) someone to deal in that companies securities (or a company associated with that company if the inside information would have an impact on them). See Section 8 “Insider Dealing”.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 49
HSBC
UK Compliance Manual - PUBLIC
If you are in doubt about the nature of the information you hold and the impact of that information on you or any planned dealing or other activity, you should speak to the project leader or you CO before you deal or act.
20.6 WHEN A PROJECT IS ANNOUNCED / ENDS Even when a project is publicly announced, or when it is decided not to pursue a project further, you may still have either confidential or inside information in your possession or a Group company may still be bound by a confidentiality agreement. You must therefore continue only to share information on a “need to know” basis. Additionally, you may still be unable to deal in the securities of that third party. If you are unsure about whether you continue to be restricted, you must contact either the project manager or your CO for guidance.
20.7 FURTHER GUIDANCE Business Line / Function All
Material
Section
Group Standards Manual
5.8 Conflicts of Interest
Legal and Compliance FIM
B.2.4.2 Conflicts of Interest C.2.4.2 Conflicts of Interest B.2.4.4. Group Company as Principal transaction C.2.4.4. Group Company as Principal transaction
Holdings Employee Handbook
HR Direct: Search Employee Handbook Section 3.8.4 Dealing Rules
PUBLIC - Last modified on Tuesday, 13 January 2015
page 50
HSBC
A.
UK Compliance Manual - PUBLIC
GLOSSARY NOTE: The terms and definitions below are provided for your information only. These are not to be regarded as official definitions, unless specified. Term
Definition
A firm
A firm as stated in the FCA Principles for Business applies to HSBC Bank Plc.
Additional Information Barriers
Arrangements designed to manage information flows by providing for appropriate segregation within stated business units.
All
All workers for whom this Manual is applicable.
AMEU
HSBC Global Asset Management UK Ltd
AML
Anti-Money Laundering
Approved Insider
A nominated individual within the business who, due to their position and seniority, is in a position to know which of their staff can be approached by a member of a different part of the business to be made inside on a matter constituting inside or relevant information without becoming conflicted. An Approved Insider is not a Permanently Exempt Person. A list of all the Approved Insiders for Global Markets Sales and Trading and Principal Investments in the UK can be found on the UK Compliance Intranet site. For a list of Approved Insiders in other jurisdictions/ businesses or functions, you should speak to your usual Compliance representative.
Approved person
A person in relation to whom the FCA has given its approval under section 59 of FSMA 2000 (Approval for particular arrangements) for the performance of a controlled function.
ARM
Authorised Relationship Manager
BAC
Business Approval Committee
Business line
Any individual company within the HSBC Group of companies. For example, AMEU, GBM, HSS or PBGB.
Businesses
Collective term for any business and functions to which this manual applies.
CDD
Customer Due Diligence. Defined by regulation 5 of the Money Laundering Regulations 2007 as the identification and verification of the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source; the identification and verification, on a risk sensitive basis, of the beneficial owner including, in the case of a legal person, trust or similar arrangement, measures to understand the ownership and control structure of the person, trust or arrangement; obtaining information on the purpose and intended nature of the business relationship.
CFA
Corporate Finance and Advisory
Information Barrier
An information barrier to ensure that inside and/or relevant information held by a firm in the course of one part of its business is withheld from or is not used by persons with or for whom the firm acts in another part of its business.
CJA
Criminal Justice Act 1993
CoI
Control of Information The means by which information is sufficiently controlled to ensure that HSBC minimises the potential for conflicts of interest and ensures that it meets its legal, regulatory and fiduciary duties and obligations.
Compliance
Part of the Global Risk Function: Financial Crime Compliance (FCC) and Regulatory Compliance (RC).
FCC is focused on: (i) Anti-Money Laundering (AML); (ii) Counter Terrorist Financing & Proliferation Finance; (iii) Sanctions; and (iv) Anti-Bribery and Corruption (AB&C).
RC is focused on: (i) Conduct of Business (Customer, Counterparties and Clients as well as Products and Services); (ii) Market Conduct; and (iii) general regulatory
PUBLIC - Last modified on Tuesday, 13 January 2015
page 51
HSBC
UK Compliance Manual - PUBLIC compliance management including stakeholder support. Compliance Manual
This Manual together with all relevant Further Guidance and Appendices forms “The Compliance Manual”, applies to all UK based workers within HSS, Private Bank, Global Banking and Markets, and Asset Management. The UK Compliance Manual may be updated from time to time. You will be informed of updates but you should always check the UK Compliance Manual intranet page for the latest version.
Compliance Risk
Compliance risk is the risk arising from failure to comply with relevant Regulations governing the conduct of the HSBC Group’s business. It is a composite risk made up of FCC risk and RC risk.
Confidential Information
Information which is received in confidence by one part of HSBC Group, or information which falls under the terms of a confidentiality agreement, or information in respect of which a duty of confidentiality arises in terms of common law. Confidential information would include, by way of example: information disclosed by customers about their own internal affairs; information about customers’ credit lines; or information about customers’ previous or proposed transactions. Information on HSBC strategy or committee papers
Conflict of Interest
The HSBC Group is a global organisation which provides a wide range of financial services. As such, it, or a company with whom it has an association (HSBC), may from time to time have interests which conflict with its clients’ interests or with the duties that it owes to its clients. These include conflicts arising between the interests of HSBC, its associates and workers on the one hand and the interests of its clients on the other and also conflicts between clients themselves. You may also wish to refer to the ‘HSBC Policy on Conflicts of Interest’ and the Transaction Check Request (eTCR) Business Guidelines.
Connected Company
Any individual company within the HSBC Group of companies.
Controlled Function
A function, relating to the carrying on of a regulated activity by a firm, which is specified, under section 59 of FSMA 2000 (Approval for particular arrangements), in the table of controlled functions in SUP 10.4.5.
Corporate Bridge
A nominated senior individual within Global Markets Sales and Trading who is in a position to source market intelligence within Global Markets Sales and Trading without alerting their colleagues or the market as to the reason for their enquiries.
Data Transfer Compliance Schedule (DTCS)
A DTCS is a document completed by a project manager, detailing the data issues related to the transfer of data to a new system/for a new process. The DTCS is sent out to the local compliance teams in the impacted countries to consider any local regulatory issues with the transfer of the data. Further information can be found in Global Risk, Compliance FIM B.2.4.5. Privacy, Data Protection and Cross-Border Data Transfer.
Dawn Raid
Is when investigators arrive at one of HSBC’s offices – lead investigator introduces him/herself and requests access to premises and/or to see certain HSBC employees, usually unannounced. In the event of a Dawn Raid, Legal MUST be consulted immediately.
Designated Investment Business
Designated investment business encompasses the following activities: dealing in investments as principal or agent arranging (bringing about) deals in investments, but only in relation to designated investments (see below) making arrangements with a view to transactions in designated investments managing investments safeguarding and administering investments sending dematerialised instructions causing dematerialised instructions to be sent establishing, operating, or winding up a collective investment scheme acting as trustee of an authorised unit trust scheme acting as the depositary or sole director of an open-ended investment company advising on investments agreeing to carry on a regulated activity
PUBLIC - Last modified on Tuesday, 13 January 2015
page 52
HSBC
UK Compliance Manual - PUBLIC Designated investments encompass any of the following: life policies shares debentures (that is, instruments creating or acknowledging indebtedness of any maturity) government and public securities warrants (that is, instruments giving entitlement to investments) certificates representing certain securities units options contracts for differences (excluding spread bets and rolling spot FX) rights to or interests in investments In addition, certain mortgage contracts and general insurance business are also regulated activities. DIB
Desk / Departmental Instruction Book
DPA
Data Protection Act 1998 (http://www.legislation.gov.uk/ukpga/1998/29/contents)
DPO
Group Data Protection Office
EEA
European Economic Area
Eligible counterparty
(1) (for the purposes other than those set out in (2)), (in accordance with COBS 3.6.1 R) a client that is either a per se eligible counterparty or an elective eligible counterparty. (2) (for the purposes of PRIN, in relation to activities other than designated investment business) a client categorised as an eligible counterparty in accordance with PRIN 1 Annex 1 R.
FATCA
The Foreign Account Tax Compliance Act is a new piece of legislation to help counter tax evasion in the US. Introduced by the United States Department of Treasury (Treasury) and the US Internal Revenue Service (IRS), the purpose of FATCA is to encourage better tax compliance by preventing US Persons from using Banks and other Financial Organisations to avoid US taxation on their income and assets. A significant number of countries worldwide are expected to sign Inter-governmental Agreements (IGAs) relating to FATCA compliance with the United States government. These IGAs will result in the FATCA legislation becoming part of these countries’ local laws. (http://home.global.hsbc/gc/home.nsf/gcms?open&ref=UKCM97ZNWE064926PM05242013)
FATF
Financial Action Task Force
FIM
Functional Instruction Manual
FMG
Financial Management Group
FOS
Financial Ombudsman Service (http://www.financial-ombudsman.org.uk/)
FCA
Financial Conduct Authority (UK) (http://www.fca.org.uk/)
FCC
Financial Crime Compliance
FSMA
Financial Services and Markets Act 2000 (http://www.legislation.gov.uk/ukpga/2000/8/contents)
GBM
Global Banking and Markets includes Global Banking, Global Markets, Global Research and Principal Investments
GDCC
Group Data Control Centre
GDPO
Group Data Protection Office
GIBD
Global Investment Banking Division
GIRS
Global Information Register System is the automated system that holds the Insider Register and Confidential Register for recording insider lists and confidential lists respectively
Global Functions
Audit, Communications, Company Secretary, Finance (including Investor Relations), Human Resources, Legal, Marketing, Risk, Strategy and Planning, Sustainability and Financial Sector Policy
Global Markets trade
This is the Compliance monitoring and surveillance team
PUBLIC - Last modified on Tuesday, 13 January 2015
page 53
HSBC
UK Compliance Manual - PUBLIC surveillance team GPB
Global Private Banking
GPP
Group Policy and Procedures (http://compliance.ghq.hsbc/compliance/home.nsf/ByRef/UKDE6H6HFQ14095414102005?Ope nDocument)
Group company
Any individual company within the HSBC Group of companies.
GSM
Global Standards Manual (http://fim.ghq.hsbc/FIM/home.nsf/ByRef/EMEA773N4618072515092007?OpenDocument)
GSR
Group Service Request
Highly Restricted
Under the Information Classification (IC) policy this information presents the greatest danger if it were lost or disclosed. Only very limited audiences (sometimes just a single person) have access to this information, which includes things like merger/acquisition plans and site closure details, as well as passwords and logon codes that grant access to HSBC systems and electronic files. As you’d expect, Highly Restricted information requires the strongest controls.
HR
Human Resources
HRR
Higher Risk Review
HSBC Group
HSBC Holdings plc and all its subsidiaries
HSS UK [HSS]
HSBC Securities Services in the UK, includes Funds Services, Custody, Treasury, CTLA and HBAP London Branch
Individuals
Employees, temporary contractors, contractors and workers.
Inside Information
Information that is not generally available that a reasonable investor would be likely to use as part of the basis of an investment decision. It is also information that, if generally available, would be likely to significantly affect the price of an investment. However, it should be noted that information no longer needs to be deemed price sensitive to qualify as inside information. This definition is also the historic definition of relevant information .
Inside Information (Commodity derivatives)
In relation to [qualifying investments] or [related investments] which are commodity derivatives, [inside information] is information of a precise nature which ... (c) users of markets in which the derivatives are traded would expect to receive in accordance with any accepted market practices on those markets." "For the purposes of subsection (3)(c), users of markets on which investments in commodity derivatives are traded are to be treated as expecting to receive information ... which is (i) routinely made available to the users of those markets, or (ii) required to be disclosed in accordance with any statutory provision, market rules, or contracts or customs on the relevant underlying commodity market or commodity derivatives market.
Insider
An ‘insider’ is any person who has inside information: as a result of their membership of the administrative, management or supervisory body of an issuer of qualifying investments; as a result of holding capital of an issuer of prescribed investments; as a result of having access to the information through their employment, profession or duties; as a result of criminal activities; or which they have obtained by other means, e.g. a tip-off from a friend, and which they know, or could be reasonably expected to know, is inside information.
Insiders Register
The local register for the recording of insiders
Intended Recipient
For the purposes of subsection (3)(c), users of markets on which investments in commodity derivatives are traded are to be treated as expecting to receive information ... which is: (i) routinely made available to the users of those markets, or (ii) required to be disclosed in accordance with any statutory provision, market rules, or contracts or customs on the relevant underlying commodity market or commodity derivatives market.
Internal
Under Information Classification (IC) policy this information is commonly available to all employees, things like company policies, org charts and employee at-work contact information. Even though this information is proprietary to HSBC, Internal information would pose only a minor risk if the information was lost or disclosed. Simple precautions must be taken to protect it.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 54
HSBC
UK Compliance Manual - PUBLIC IPE
International Petroleum Exchange
ISA
Individual Savings Account
KYB
Know Your Business
KYC
Know Your Customer. Obtaining sufficient background information about the customer including, but not limited to, appropriate personal, business and financial details with regard to the customer, details on the purpose and intended nature of the business relationship including anticipated transactional activity, details as to the source of funds/wealth.
CO
Compliance Officer (see appendix B. Compliance Contacts for a list of Financial Crime Compliance and Regulatory Compliance contacts)
LIFFE
London International Financial Futures & Options Exchange
Line Manager
The individual or individuals to whom you report, as notified by HR
LME
London Metals Exchange
LSE
London Stock Exchange
Made Public
Definitely includes information published in accordance with the rules of a regulated market; contained in records which are open to inspection by the public; that can be readily acquired by those likely to deal; and derived from public information. May include (but not necessarily) information published only outside the UK; which can be acquired only by persons exercising diligence or expertise; which is only communicated to a section of the public not to the public at large; which is communicated only on payment of a fee; and which can be acquired only by observation.
Mandatory training
Training that has been notified to you and labelled as mandatory training. This includes any reading that has been identified as mandatory by the Group.
Market Abuse Directive
Directive of the European Parliament and of the Council of 28 January 2003 on insider dealing and market manipulation (market abuse) (No 2003/6/EC).
Market abuse regime
Market Abuse, defined in section 118 of the FSMA and in the Market Abuse Directive, consists primarily of Insider Information and Market Manipulation. The Market Abuse Directive provides an EU wide market abuse regime aimed at reducing the incidence of market abuse.
Market Information
Information about one or more of the following: a) the fact that securities are (or are not) to be acquired/disposed of; b) regarding the number or price (or price range) of securities to be acquired/disposed of; and c) regarding the identity of those involved or likely to be involved in the acquisition/disposal.
Market Sounding
The prescriptive process to be adhered to when approaching institutional investors
MiFID
Markets in Financial Instruments Directive, or the European Parliament and Council Directive on markets in financial instruments (No. 2004/39/EC).
MLOM
Money Laundering Operations Manual
MLPP
HSBC Private Bank (UK) Limited Money Laundering Prevention Procedures Manual
MLRO
Money Laundering Reporting Office. The team responsible for evaluating suspicious activity reports and reporting them to the external authorities, as required under The Proceeds of Crime Act and the Terrorism Act.
NCCT
Non-Co-operative Country or Territory
Natural person
A real human being, as distinguished from a corporation which is often treated at law as a fictitious person.
Non-investment Business
The following products; GBP wholesale deposits, currency wholesale deposits, gold and silver bullion wholesale deposits, spot and forward foreign exchange, spot and forward gold and silver bullion, are outside the scope of the FSMA and are governed by the Non-Investment Products Code for principals and broking firms in the wholesale markets which is a voluntary code of good market practice drawn up by market participants and endorsed by a number of trade industry associations. While ordinary commercial foreign exchange and bullion transactions are outside the scope of the FCA’s Conduct of Business rules, if transactions are undertaken for speculative purposes
PUBLIC - Last modified on Tuesday, 13 January 2015
page 55
HSBC
UK Compliance Manual - PUBLIC they may fall within the scope of these rules. Accordingly, if a worker is in any doubt about the applicability of the FCA’s rules, Compliance advice should be sought. OEIC
Open Ended Investment Company
OMLX
The London Securities and Derivatives Exchange
Origination Businesses
An Origination Business sitting within the Origination Chinese Wall from time to time. Origination Businesses sit on the Private Side of the Origination Chinese Wall
PBGB
See Private Bank
Permanently Exempt Person
An individual who has access to all inside, relevant and confidential information in a particular business, sector, product line, region or country in order to manage the business properly.
Personal Account Dealing
Refers to the buying, selling, exercising rights or options in respect of any investments that a worker holds or wishes to hold. HSBC Group allows workers to deal on their own account on the basis that they do not abuse this freedom and do not deal to the disadvantage of any customer, client or Group Company, and that the worker meets the Personal Account Dealing rules procedures imposed by their business lines.
Politically Exposed Person
An individual who has or has had positions of public trust such as government officials, senior
Price Sensitive Information
Information in relation to particular securities or a particular issuer which is specific or precise, has not been made public and would, if it were made public, have a significant effect on those securities. This term is defined in more detail in S56(2) of the Criminal Justice Act 1993.
Private Bank
HSBC Private Bank (UK) Ltd
Private Side
Capital Financing and Banking, who deal principally with private and/or inside information
Professional client
A client that is either a per se professional client or an elective professional client (see COBS 3.5.1 R). [Note: article 4(1)(12) of MiFID]
executives of government corporations, politicians, important political party officials, and their families and close associates.
PSI
Price Sensitive Information
PSRs
Payment Services Regulations
Public
Under the Information Classification (IC) Policy this is the lowest level of security. It covers information that is freely available to the public and employees, things like published press releases and public phone directories. Public information requires no special protection.
Public Side
Global Research and the Secondary Markets side of the business within Global Markets. These parts of the business almost exclusively hold only public information, with the exception of when an individual from Global Markets or Global Research has been brought over the Chinese Wall on a private side deal.
Regular User
The Code of Market Conduct states that, in some cases, behaviour will be market abuse where it falls below the standards expected by the ‘regular user’. A regular user is effectively a reasonable person who deals regularly and understands the workings of the market concerned. In some places, the Code employs a ‘reasonable person’ test similar to the one that has often been used in the English courts.
RC
Regulatory Compliance
Relevant Information
Information in relation to a UK listed security which would be likely to be regarded by a regular user of the market in question as relevant when deciding the terms on which transactions in that security should be effected.
Research Analysts
Research Analysts sitting within the Global Research Division.
Research Gatekeeper
Nominated individual within Compliance who is responsible for providing prior approval, or otherwise, for contact as specified in the Guidelines for Global Banking, DCM and ASF interaction with Research Analysts.
Restricted
Under the Information Classification (IC) policy only people with a need to know should see Restricted information. This category includes things like HSBC operational budgets, marketing and strategic plans, and details relating to HSBC’s customers and employees. There are tighter protection measures for Restricted information because its loss or disclosure would pose a moderate to major risk to HSBC.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 56
HSBC
UK Compliance Manual - PUBLIC Restricted Persons
Individuals working for the Group who must follow the “Code for Dealing in Group Securities” (GCL 070039 issued 3 August 2007) when dealing in HSBC Group Securities.
Retail client
(1) (other than in relation to the provision of basic advice on stakeholder products) in accordance with COBS 3.4.1 R, a client who is neither a professional client or an eligible counterparty; or [Note: article 4(1)(12) of MiFID] (2) (in relation to the provision of basic advice on a stakeholder product and in accordance with article 52B of the RAO) any person who is advised by a firm on the merits of opening or buying a stakeholder product where the advice is given in the course of a business carried on by that firm and it is received by a person not acting in the course of a business carried on by him.
RIE
Recognised Investment Exchange
SCC
Special Category of Client
SEC
Securities and Exchange Commission
Securities
A security is a fungible, negotiable instrument representing financial value. Broadly categorised into debt securities (banknotes, bonds and debentures), and equity securities (common stock and derivative contracts such as forwards, futures, options and swaps.
SEO
Senior Executive Officer
SETS
Stock Exchange Electronic Trading Service
T&C
Training and Competence
TCF
Treating Customers Fairly An FCA principle but not a specific component of the FCA Handbook. It is, however, an area of intense focus for the FCA, particularly in relation to retail clients.
the Code
Code on Take-overs and Mergers
the Group
HSBC Holdings plc and all its subsidiaries
the Panel
Panel on Takeovers and Mergers
the Principles
FCA Principles for Businesses
the Regulations
Money Laundering Regulations 2007
the Survey
Cross Border Marketing Survey (http://teams.global.hsbc/compliance/GlobalCompliance/CrossBorder%20Marketing/Forms/AllIte ms.aspxt)
this Manual
See Compliance Manual
Traders
Traders employed within Global Markets Sales & Trading Division
UK
United Kingdom
UK Compliance Manual
See Compliance Manual
UK Employee Handbook
The UK Employee Handbook forms part of the workers contractual obligations. The latest version of the UK Employee Handbook is available on the HR Direct intranet (search employee handbook). https://hrdirect.hk.hsbc/psp/ps/EMPLOYEE/EMPL/h/?tab=DEFAULT
UN
United Nations
US
United States (of America)
Worker(s)
This includes employees (whether full-time, part-time, or on fixed term HSBC Contracts), secondees, workers employed via a third party provider (e.g. Agency Temporary Workers) and self-employed contractors who work for the business lines to which this Manual applies as set out in the 2. Scope.
You
A worker of HSBC Group.
PUBLIC - Last modified on Tuesday, 13 January 2015
page 57
HSBC
B.
UK Compliance Manual - PUBLIC
COMPLIANCE CONTACTS NOTE: It is your responsibility to ensure that you are aware at all times of who your Compliance Officer is and how to contact them.
B.1
REGULATORY COMPLIANCE (RC) CONTACTS FOR GLOBAL FUNCTION Contact
Int. No.
Email Address
Global Head of RCGF
Steve D Smith
799 23196
Steve D SMITH/IBEU/HSBC
Company Secretary
Lynda Smith
799 23082
Lynda SMITH/IBEU/HSBC
Elyn Foo
799 24215
Elyn S FOO/IBEU/HSBC
Leigh Jamieson
799 25689
Leigh JAMIESON/HGHQ/HSBC
Lucy Robinson
799 30303
Lucy ROBINSON/HGHQ/HSBC
Marie-Cecile Pommier
790 46130
Marie-Cecile POMMIER/HBEU/HSBC
Ndidi Njoku
799 10528
Finance, Financial Sector Policy Strategy and Planning, Global Risk Legal, Communications Human Resources, Audit Marketing, Sustainability
B.2
GLOBAL CONTROL ROOM Head of Global Control Room
Contact
Int. No.
Email Address
Elaine Jephcott
799 13538
Elaine JEPHCOTT/IBEU/HSBC
UK personal account dealings
PAD Queries Transaction check request queries
B.3
Ndidi NJOKU/IBEU/HSBC
799 10928
Control Room EMEA
FINANCIAL CRIME COMPLIANCE (FCC) CONTACT FOR GLOBAL FUNCTION FCC Queries
Contact
Int. No.
Email Address
Elaine Teh
799 16792
Elaine1 Teh/HBEU/HSBC
PUBLIC - Last modified on Tuesday, 13 January 2015
page 58
HSBC
UK Compliance Manual - PUBLIC
C.
REFERENCES
C.1
GUIDANCE The following tables summarise the documents that this Compliance Manual refers to.
C.1.1 GUIDANCE FOR ALL BUSINESS LINES Document/Site
Location and Sections
RCGF SharePoint site
http://teams.global.hsbc/compliance/GlobalCompliance/RC%20Support%20Site%20%20Global%20Functions/SitePages/Home.aspx
Approved Persons Guide
http://www.hsbcnet.hsbc/support/attachments/compliance/uk/apvd_persons.pdf Referenced sections:
All
Data Protection Group CMP intranet Cross border transfer
http://risk.global.hsbc/globalrisk/home.nsf/gcms?open&ref=UKCM9KHKGA035302PM0527 2014
Compliance Disclosure Line
http://home.global.hsbc/gc/home.nsf/ByRef/UKCM8TPW32084233PM04252012
Compliance Officer Handbook
http://teams.global.hsbc/compliance/GlobalCompliance/Compliance%20Library/Misc%20P olicy%20%20Standards/Information%20%20Compliance%20Officer%20Handbook%20(Mar%202010).pdf
FATCA
FATCA Programme
Credit FIM
C.18A Compliance Principles for the Management of Credit Risk and Information Flows
Employee Handbook
Found on HR Direct (search Employee Handbook for latest version) https://hrdirect.hk.hsbc/psp/ps/EMPLOYEE/EMPL/h/?tab=DEFAULT October 2013 version: https://hrdirect.hk.hsbc/psp/ps/EMPLOYEE/EMPL/c/EPPCM_CONTENT_MGMT.EPP CM_PUB_VIEWER.GBL?Action=U&EPPCM_CONTENTID=13900
FCA Handbook / Guidance
http://fshandbook.info/FS/html/FCA Referenced sections:
CASS (Client Assets) Conduct of Business Sourcebook (COBS) COBS 2.3 (Inducements) COBS 3.1 (Application) COBS 4 (Communicating with Clients) COBS 6.1.11 (Timing of Disclosure) COBS 9 (Suitability) COBS 10 (Appropriateness) DISP 1.6 (Complaints Time Limit Rules) MAR1 (Code of Market Conduct) PRIN 2.1 (The Principles) Training and Competence Electronic Money Directive Consumer complaints: The ombudsman award limit and changes to the complaintshandling rules
FCA Market Abuse
http://www.fca.org.uk/firms/markets/market-abuse
Group Company Secretary
http://gcs.ghq.hsbc/
Code for Dealing in Group Securities GCL 090007
PUBLIC - Last modified on Tuesday, 13 January 2015
page 59
HSBC
UK Compliance Manual - PUBLIC Document/Site Global Risk Intranet
Location and Sections http://risk.global.hsbc/globalrisk/home.nsf/home http://teams.global.hsbc/compliance/GlobalCompliance/default.aspx Referenced policies:
Group News Desk
Bribery Country Risk Table Cross Border Marketing Internet Based Marketing Market Conduct Reputational Risk Sanctions
http://group.ghq.hsbc/group/home.nsf/ByRef/UKCM7SGER211485428052009 Referenced articles:
Global Standards Manual
HSBC Global Standards (GCL 120014) Information Classification Policy (GCL100008) New mandatory e-Learning Anti Bribery and Corruption (GCL 100045) Our Purpose (GCL 120013) Secure External Email (GCL 120008) UK Bribery Act (GCL 100031) Reputational Risk (GCL 110007) Sixth Filter – a new Global Standard focusing on financial crime risk (GCL 120027) Bearer Shares and Bearer Share Companies – a new Global Standard (GCL 120030)
http://fim.ghq.hsbc/FIM/home.nsf/ByRef/EMEA773N4618072515092007?OpenDocument Referenced sections:
Higher Risk Review Process section
http://www.hsbcnet.hsbc/support/compliance Referenced sections
Human Resources FIM
1.2 Group Values and Business Principles 5.3 Group Privacy Statement 5.4 Responsibility for Compliance 5.5 Whistleblowing 5.6 Anti-Terrorism and Crime Legislation 5.7 Money Laundering Deterrence 5.8 Conflicts of Interest 5.9 Cross-Border Business 5.10 Acquisitions in the US 5.12 Procedures for Investigations 5.11 Staff Dealing Principles and Rules 5.13 Trading in Affiliate Securities 5.14 Business Policy and Principles for Countering Bribery 5.16 Reputation Risk 6.3 Codes of Conduct 6.5 Directorships and Actions on Behalf of Non-Group Entities 8.4 Electronic Communications 10.10 Customer Complaints 10.14 Information Risk 14.2 Advertising and Marketing Communications
Higher Risk Review Process Guidance Higher Risk Review Process Flow
http://fim.ghq.hsbc/FIM/home.nsf/ByRef/EMEA75KHUY14310629072007?Open Referenced sections:
B1.7 Work Experience B2.1 Recruitment B2.7.2 Alternative Working
HR Direct
UK Social Media Policy
Keep Information Safe
http://www.hsbcnet.hsbc/support/compliance/keep-info-safe
PUBLIC - Last modified on Tuesday, 13 January 2015
page 60
HSBC
UK Compliance Manual - PUBLIC Document/Site
Location and Sections
Knowledge Management FIM
B.6 Records management D.6.1 Group records retention framework
Compliance (Global Risk FIM)
http://fim.ghq.hsbc/FIM/home.nsf/ByRef/EMEA75TDBF10381306082007?Open Referenced sections:
Legal FIM
B.2.1 Compliance Risk Management B.2.3 Investigations B.2.4.2 Conflicts of Interest B.2.4.5. Privacy, Data Protection and Cross-Border Data Transfer B.2.5 Insider Dealing B.2.6.1Group Business Principles for Countering Bribery B.2.6.4 Gifts and Entertainment B.2.7.1 Interaction with Authorities B.2.8 Marketing and Sales Practices B.2.17.1 Global Policies and Principles (GPP) B2.17.3 Special Categories of Clients B.2.19 Sanctions B.2.20 Sanctions Policy Scope B.2.18 Sale of Investment Products C.2.4.2. Conflicts of Interest – Dissemination of Market Rumours: Guidance C.2.8 Marketing and Sales Practices – Cross Border Marketing Guidelines
http://fim.ghq.hsbc/FIM/home.nsf/ByRef/EMEA75KHVL14320629072007?Open Referenced sections: B.11.2 Competition Law
Global Risk, SFR FIM Global Risk, ISR FIM
http://fim.ghq.hsbc/FIM/home.nsf/ByRef/EMEA75KDDC10412029072007?Open&language =EN http://fim.ghq.hsbc/FIM/home.nsf/ByRef/UKWE82WFFB11264922022010?Open&language =EN Referenced sections:
Records Retention
B.10.1. Information Classification B.10.1.18 Secure Remote Working B.10.1.3 Secure Storage of Physical Information
GCL 110022 Group Records Retention Framework
Global Risk
ISR Incident Reporting
Security and Fraud Risk and Information Security Risk intranet
http://teams.europe.hsbc/risk/isr/SitePages/Home.aspx http://risk.global.hsbc/globalrisk/home.nsf/gcms?open&ref=UKDT8ZVNV8054731PM11092 012 http://home.uk.hsbc/uk/home.nsf/ByRef/UKCM6MNCYK09205207032006?OpenDocument http://risk.global.hsbc/globalrisk/home.nsf/gcms?open&ref=UKDT8YYCLQ1001542012101 Referenced sections:
Information Classification Email security Social Media
UK Data Protection Compliance intranet
http://home.uk.hsbc/uk/home.nsf/ByRef/UKCM83ZCA309444529032010?OpenDocument
UK Payments Administration
Payments Services Directive
PUBLIC - Last modified on Tuesday, 13 January 2015
page 61
HSBC
C.2
UK Compliance Manual - PUBLIC
LEGISLATION NOTE: All references to legislation refer to the relevant legislation as amended from time to time. Ref
Legislation information
L1.
Al-Qa’ida and Taliban (United Nations Measures) Order 2006: http://www.legislation.gov.uk/uksi/2006/2952/contents/made
L2.
Anti-Terrorism, Crime and Security Act 2001: http://www.legislation.gov.uk/ukpga/2001/24/contents
L3.
Bribery Act 2010: http://www.legislation.gov.uk/ukpga/2010/23/contents
L4.
Companies Act 1985: http://www.legislation.gov.uk/ukpga/1985/6/contents
Section 450 (Punishment for destroying, mutilating, etc. company documents.): http://www.legislation.gov.uk/ukpga/1985/6/section/450
L5.
Competition Act 1998: http://www.legislation.gov.uk/ukpga/1998/41/contents
L6.
Convention on Combating Bribery of Foreign Public Officials in International Business Transactions: http://www.oecd.org/corruption/oecdantibriberyconvention.htm
L7.
Criminal Justice Act 1993: http://www.legislation.gov.uk/ukpga/1993/36/part/V
L8.
Data Protection Act 1998: http://www.legislation.gov.uk/ukpga/1998/29/contents
L9.
EC Regulation: http://eur-lex.europa.eu/en/index.htm Relevant legislation; 2580/2001 881/2002 2003/6/EC European Prospectus Directive: http://ec.europa.eu/internal_market/securities/prospectus/index_en.htm
L10.
Enterprise Act 2002: http://www.legislation.gov.uk/ukpga/2002/40/contents
L11.
Financial Sanctions Legislation: http://www.hm-treasury.gov.uk/fin_sanctions_index.htm
L12.
Financial Services and Markets Act 2000: http://www.legislation.gov.uk/ukpga/2000/8/contents
Section 21 (Financial Promotion): http://www.legislation.gov.uk/ukpga/2000/8/part/II/crossheading/financialpromotion Section 144 (Price Stabilising Rules): http://www.legislation.gov.uk/ukpga/2000/8/section/144 Section 147 (Control of Information Rules): http://www.legislation.gov.uk/ukpga/2000/8/section/147 Section 397 (Misleading Statements and Practices): http://www.legislation.gov.uk/ukpga/2000/8/section/397
L13.
Forgery and Counterfeiting Act 1981: http://www.legislation.gov.uk/ukpga/1981/45
L14.
International Chamber of Commerce Rules of Conduct to Combat Extortion and Bribery: http://www.iccwbo.org/Advocacy-Codes-and-Rules/Document-centre/2004/ICC-Rules-of-Conduct-andRecommendations-to-Combat-Extortion-and-Bribery-(2005-Edition)/
L15.
Organisation for Economic Co-operation and Development Convention: http://www.oecd.org/document/7/0,3343,en_2649_201185_1915847_1_1_1_1,00.html
L16.
Payment Services Regulations 2009 http://www.legislation.gov.uk/uksi/2009/209/contents/made
L17.
Terrorism Act 2000: http://www.legislation.gov.uk/ukpga/2000/11
Part III: http://www.legislation.gov.uk/ukpga/2000/11/part/III Schedule 2: http://www.legislation.gov.uk/ukpga/2000/11/schedule/2
L18.
Terrorist Asset-Freezing etc. Act 2010: http://www.legislation.gov.uk/ukpga/2010/38/contents
L19.
The Money Laundering Regulations ('The Regulations') Regulations 5-9, 11-17, 18: http://www.legislation.gov.uk/uksi/2007/2157/contents/made
L20.
The Electronic Money Regulations 2011 http://www.legislation.gov.uk/uksi/2011/99/contents/made
L21.
The Proceeds of Crime Act ('POCA') Sections 330-331, 334(2), 342: http://www.legislation.gov.uk/ukpga/2002/29/part/7
L22.
Theft Act 1968: http://www.legislation.gov.uk/ukpga/1968/60/contents Section 17 (False Accounting): http://www.legislation.gov.uk/ukpga/1968/60/section/17 Section 20 (Suppression, etc. of documents): http://www.legislation.gov.uk/ukpga/1968/60/section/20
PUBLIC - Last modified on Tuesday, 13 January 2015
page 62
HSBC
UK Compliance Manual - PUBLIC Ref
Legislation information
L23.
Treaty on the Functioning of the European Union: http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:083:0047:0200:en:PDF
L24.
UN Sanctions Resolutions: http://www.un.org/sc/committees/
L25.
1267 (1999): http://www.un.org/sc/committees/1267/index.shtml and http://www.un.org/ga/search/view_doc.asp?symbol=S/RES/1267(1999) 1333 (2000): http://www.un.org/ga/search/view_doc.asp?symbol=S/RES/1333(2000) 1390 (2002): http://www.un.org/ga/search/view_doc.asp?symbol=S/RES/1390(2002) 1617 (2005): http://www.un.org/ga/search/view_doc.asp?symbol=S/RES/1617(2005) Consolidated list: http://www.un.org/sc/committees/1267/consolist.shtml
Wolfsberg Principles: http://www.wolfsberg-principles.com/
PUBLIC - Last modified on Tuesday, 13 January 2015
page 63
HSBC
D.
UK Compliance Manual - PUBLIC
COMPLIANCE MANUAL REVISION HISTORY AND SIGN OFF NOTE: If you have any updates for, or queries about the Compliance Manual, please email your CO (see section B. Compliance Contacts).
D.1
D.2
REVISION HISTORY Date
Revised by
Version
Description of changes
23-Jun-14
L. Jamieson
1.0
Document created
12-Sept-14
L. Jamieson
1.0
Document edited following a discussion with Lucy Robinson and Sajan Narsy
29-Sept-14
S. Narsy
1.0
Document structure and content reviewed
22-Dec-14
E. Teh
1.0
FCC review of FCC-related sections
SIGN OFF INFORMATION The Global Functions, Regulatory Compliance Team has approved this Compliance Manual for publication. Version approved:
1.0
Date:
07 January 2015
Approved by:
Regulatory Compliance, HTS and Global Functions
PUBLIC - Last modified on Tuesday, 13 January 2015
page 64