INSTITUTE OF MANAGEMENT,

NIRMA UNIVERSITY

MBA-FT (2021-2023)

GROUP ASSIGNMENT
CASE SUMMARY

‘Regtech at HSBC’
MANAGEMENT INFORMATION SYSTEMS

Submitted to – Prof. Balakrishnan R. Unny

Submitted by-
Akshansh Kumar Garg (211087)
Krishna Patel (211112)
Soumiya Bisht (211147)
Tanveer Bagga (211150)
 SUMMARY

This case is about HSBC, a coveted bank of the world whose headquarters are in London. Its businesses
are expanded. Its business operations spread over America, Europe and Asia. In this case, the principal
character, Mark Cooke, Global Head of Operational Risk, is hesitant if to continue using or leave using
current existing regulatory technology (Regtech) to examine the efficacy 3LoD system which helps the
banks to safeguard themselves from operational risks. By merging big data, artificial intelligence (AI),
machine learning regtech obtains the same objectives. Financial market governance has stiffened since
financial crisis of 2008, with that the complexity of commercial activity has increased, and also
technology has evolved. HSBC introduced the 3LoD model in the early 2000s in relation to a range of
possible risks, including, tax dodging, financial fraud and other nefarious offenses. Aftermath of the
financial crisis of 2008, HSBC spent $1 billion on different regulatory compliance requirements,
including the 3LoD model. Cooke is perplexed as the HSBC board members need to find if such
investments are yielding the intended return. Cooke has been collaborating with a Regtech firm that
claims it can evaluate the 3LoD model's performance by following HSBC mails and spotting hazards
before they happen. HSBC has acquired certain impressive outcomes in one of its departments.Cooke
believed that technology might help the bank control risk. A because as the bank has to forgo
conventional risk mitigation strategies such as governance processes, employee training, staff surveys etc
among others thus Regtech deployment, may be onerous. Cooke was hesitant regarding entrusting a
venture by one of the world largest financial firms with worldwide operations to a small company with so
few employees and little income, as much as he intended to assess the efficacy of the 3LoD model. He
was also anxious about convincing HSBC's conservative management to go down the same path as him.
He was thinking about how his employees would react to the change and if the bank would be willing to
support further prototype initiatives, or if he should quit Regtech altogether.
   ABOUT THE COMPANY
 

HSBC Holdings Plc one of the world's largest firms in its area runs an investment company and is a
wealth management holding company. It provides    Professional Banking, Wealth and Personal Banking,
and International Banking & to over 40 million customers throughout the world. HSBC's network now
includes 64 countries and territories throughout Asia, Europe, North America, the Middle East and
Africa, and Latin America, having originally come into operation in 1865 to enable trade between Europe
and Asia. The company's history exposes its principles, capabilities, and practices, such as why they
prioritize long-term client connections, capital strength and cost containment. They desire to be where the
prosperity is, supporting businesses in thriving and economies advancing, and assisting individuals in
achieving their dreams and ambitions.

SITUATIONAL ANALYSIS

The case centers on the HSBC, which was established in 1865 with the objective of funding global trade
as the Hongkong and Shanghai Banking Corporation Limited. By 2019, the "world's local bank" had
grown to become the world's seventh-largest bank, with 235,000 employees working in 70 countries
around the world. The following are HSBC's four worldwide segments:

1. Business Banking

2. International Private Banking

3. Retail Banking & Wealth Management

4. Global Banking & Markets

To handle operational risks, the bank is known to employ the "Three Lines of Defense- 3LoD"
concept. It essentially outlined each bank employee's risk management tasks and responsibilities
to monitor and control the system's operational hazards. Non-financial risks like as fraud,
compliance, reputation harm, system failures, process mistakes, illegal operations, and more were
among the operational hazards, which might be caused by internal or external forces. The three
defense lines that make up the 3LoD model are as follows:

a) First line: Primarily responsible for getting in income for the bank, as well as risk
management duties to ensure that the organization's compliance rules and processes are
regulatory compliant, the first-line people are client-facing and business-focused
professionals.
 b) Second line: The second-line people are the first-partners, the line's not only in terms of assisting
them in understanding and managing risk management, but also in terms of overseeing it. That is,
keeping an eye on the front-line workers and ensuring that the regulations are followed in order to
ensure that operations are safe and risk-free.

c) Third line: Internal auditors are the third line of defense, ensuring that the whole risk-
management framework is in good working order and that the system is under control. They also
kept an eye on the first and second lines to make sure they were doing their jobs.

Cooke thinks using regtech to analyze the bank's systems for threat policy and supervisory
adherence is a good idea. He also considered how to spread the use of retch across the company,
as well as the benefits and problems that this would entail.

PROBLEM STATEMENTS

HSBC was facing three major issues when it came to recognize and following the authorities:

1) Obstructions in the legal and regulatory terms

1. Obstructions in the legal and regulatory terms: HSBC was involved in Berney Madoff Ponzi
scheme, for that, it helped wealthy customers to illegally escape via Swiss business, concealment of money
and supplying authorized nations. Department of Treasury in US handed HSBC a suspended activity, citing
its ineffective compliance procedures. HSBC was requested to give outline of how they are planning to
improve upon compliance as a part of ruling. HSBC put more than 10% of its workforce to danger and
compliance and spent money nine times money as on anti-money laundering than the industry average. This
took up significant time of their time and energy. HSBC has to adhere to the banking sectors’ legal
requirements.

2. Structure to manage operational risk: The 3 LoD model had several operating challenges, including:

 The first line of defense had two main focus areas: Generating revenues for the company and
performing risk management related activities in order ensure consent with rules and policies. Role
conflict came as a consequence of it.
 There was some dispute between the first and second line of defense as the second line had to form
rules and procedures while also look after the first line.
 The internal audit role was in need of a good amount of manual processing and incurred significant
costs.

The 3 LoDs was designed with human efforts by keeping in mind the responses. As a consequence, when 3
LoDs was compared with Regtech, which centered its focus on primary information and analytics than the
overall margin of error is substantially high. On a systematic level, it was extremely tough.
3. Loopholes in Regtech’s development:

 Sourcing an internal (from one HSBC branch to another) or external (from HSBC to an external service
provider) activity had an outcome resulting in decreased participation and collaboration.

 A change in email activity pattern was connected to risk in the experiment.

 The pilot focused on employee communication both within the firm and with external parties. This
method analyzed created network of established design that alerted the system to irregularities.

SOLUTIONS/EFFECTIVE STRATEGIES BY HSBC

In response to the US Treasury Department's compliance with regulations, HSBC employed two measures to
improve the efficiency of their described strategy.

1. Rebuilding the 3 LoDs: When Cooke joined HSBC back in 2015, there was a clarity that the
conventional 3 LoD model was not functioning and was creating confusion, especially in operations.
Cooke led an operational risk management transformation effort to increase transparency and
concentrate on HSBC’s biggest operational risk, lowering risk profile of the bank as a whole. Cooke
used an activity-based 3D model, which highlighted the role every person plays, not their place in
organization determined in which line of defense they will be working. To support this strategy, HSBC
described five roles. To the individual who had 3 responsibilities inside 3 LoDs, HSBC offered role
specific training. Each line of segments had separate roles, even though they operated together. The 3
LoD transformations’ emphasis on soft skills was critical. HSBC put $ 1 Mn in its 3 LoDs model and
other compliance activities after being implicated in various crimes. The board of directors of HSBC
started to wonder if any of the 3 LoD initiatives had delivered the desired return on investment.

2.Regtech Solution: Over two years of working with a regtech startup firm, Cooke and HSBC agreed to
establish a trial venture in a sector of HSBC's US business segment. The research received a year's worth of
historical communication data from HSBC. HSBC's regtech partner enhanced its automated system and
started creating outcomes in just two months.

According to the regtech partner, trends in HSBC's information were linked to correlations in the firm ’s risk
control data. The test study discovered a correlation between the number of emails sent outside of regular
business hours and the number of risk and control assessments (RCAs), implying more active risk
mitigation.
Other strategies which can be implemented-

1. Applying the data-driven strategies:

The data processing and manipulation system must also be improved in tandem with data
modernization. The data in the bank is so large that computing and analyzing it will take several
years. Instead, increasing efficiency by employing appropriate data structures for relevant data
sources. The basic concept is to include Blockchain and Big-Data into the system to improve
data-driven performance.

2. Optimizing financial expenses on regulatory programs:

The bank should devote more resources on the framework system and spend less on programs.
The term "focus" refers to the use of new technologies and the enhancement of security. This will
cut down on costs while also increasing efficiency.
3. Remodeling and upgrading the existing 3LoD model:

The model's lines must all function within regulatory compliance, with no one line
breaking the flow. In order to monitor and regulate the flow utilizing a real-time
processing environment, Artificial Intelligence (AI) must be included.

4. Improving operational framework:

The Operational Framework lacks continual oversight and security access. Dynamic and real-time
supervision will be maintained using security methods such as firewalls, encryption for access
restriction, and Software-as-a-Service (SaaS).

5. Studying and improving IT strategies:

In order to reduce business losses and risk events, the five IT Competitive Strategies (Cost
Leadership + Innovation + Differentiation + Alliance + Growth) must be taught and
implemented.
 CONCLUSION

Regtech, according to Cooke, is a good addition to the firm ’s risk policy and supervisory compliance
systems. Extending the use of regtech could help us gain a better grasp of its possible benefits and
downsides. Regtech, it is evident, enables organizations to swiftly adapt to stringent regulations reporting
constraints while remaining cost-effective and secure. It also allows the company to automate various data
monitoring tasks and decide whether or not legally required requirements have been reached. Regtech
solutions can improve operational and economic efficiency. It also improves internal production processes
and is simple to combine with automation technologies such as artificial intelligence, machine learning,
and robotics.

This selection of Regtech firms also poses a number of issues. Because HSBC has grown into a
worldwide bank, it's difficult to put faith in an unproven new technology. Furthermore, HSBC workers
are conservative, which makes Cooke's job difficult because he must persuade them that monitoring their
conversations is beneficial. Cooke also considered whether or not substituting human experience with
modern technology would yield the desired outcomes. The pilot project was only done on one HSBC
business unit by the regtech partner in the end. Cooke is still debating whether the regtech solution will
capture all sorts of hazards that may arise at all levels of the company, as well as if this solution will be
sustainable.
 REFERENCES

1. https://www.about.hsbc.it/our-company/company-history,
2. www.google.co.in
3. https://www.captechconsulting.com/uploads/whitepapers/financial-r egtech-ebook-
opportunities-and-obstacles-final-compressed.pdf
4. https://due.com/blog/everything-need-regtech-new-fintech/
5. https://www.eisneramper.com/three-lines-defense-prts-1019/