Subsidiaries Cases Communications Employees 2014 reviewed * investigated to authorities trained
TOTAL 123 79,978 23,844 129,233
* Subsidiaries supervised by the financial intelligence corporate unit and local money laundering prevention units.
Marketing of products and services
Policies
At Grupo Santander management of the risk that could arise from an inadequate sale of products or from an incorrect provision of services by the Group is conducted in accordance with the corporate policies of marketing of products and services.
The corporate framework aims to establish a homogeneous system to market Grupo Santander’s products and services, in order to minimise the Group’s exposure to risks stemming from marketing, covering all its phases (admission, pre-sale, sale and monitoring). In order to adapt the framework to Banco Santander and the Group’s subsidiaries, these adopt the framework at their corresponding board meetings, adhere to it and make the necessary changes to ensure compliance with the local regulatory requirements.
Governance and organisation
The organisational structure in the risk management sphere that could arise from an inadequate marketing of products or services is based, at both the corporate and local levels, on marketing committees, monitoring committees and conduct risk management offices.
The corporate committee of marketing (CCM) is the maximum decision-making body for approving products and services. It comprises representatives from the divisions of risks, financial management technology and operations, general secretariat, financial accounting and control, internal audit, retail banking and global wholesale banking.
The CCM attaches particular importance to adjusting products and services to the framework where they are going to be marketed, paying special attention to ensuring that:
• Each product or service is sold by suitable staff.
• Customers are provided with the necessary and adequate information.
• The product or service fits the customer’s risk profile.
• Each product of service is assigned to the right market, not only for legal or tax reasons, but also to meet the market’s financial culture of them.
• The products and services fulfil the requirements of the corporate marketing policies and, in general, the applicable internal and external rules.
At the local level, local marketing committees (LCM) approve new products and channel to the LCM proposals for their validation. The marketing committees, in the respective approval processes, take a risk-focused approach from the double perspective of bank/client.
The corporate monitoring committee (CMC) is the Group’s decision-making body for monitoring products and services. It comprises representatives from the divisions of internal audit, general secretariat, risks and the business areas affected (with permanent representation of commercial banking). It meets every week to raise and resolve specific issues related to the marketing of products and services in all the Group’s units.
The corporate office of conduct risk management (COCRM) provides the governance bodies with the information needed for: (i) adequate analysis of risk when validating the product, from a double focus: impact on the Bank and on the client; and (ii) monitoring of products throughout their life cycle.
At the local level there are reputational risk management offices, which are responsible for promoting the risk culture and ensuring that approval and monitoring of products is developed in their respective local sphere in line with the corporate framework.
Main actions
The CCM met 12 times in 2014 (12 in 2013 and 14 in 2012) and analysed 103 new products/services. Moreover, 31 products/ services were presented to the corporate office of reputational risk, considered not new for approval and resolved 135 consultations from several areas and countries.
Monitoring of products and services approved is done locally (local committee of monitoring of products or equivalent local body, such as the LCM). The conclusions are set out in reports every four months for the COCRM.
The CMC held 41 meetings in 2014 (41 in 2013 and 44 in 2012) at which incidents were resolved and information analysed on the monitoring of products and services of the Group’s units abroad. Code of Conduct in Securities Markets (CCSM)
Policy
This is set by the code of conduct in securities markets (CCSM), complemented, among others, by the code of conduct for analysis activity, the research policy manual and the procedure for detecting, analysing and communicating operations suspected of market abuse.
Governance and organisation
The organisation revolves around the corporate office of
compliance together with local compliance management and that of subsidiaries.
The functions of compliance management with regard to the code of conduct in securities markets are as follows:
1. Register and control sensitive information known and/or generated by the Group.
2. Maintain the lists of securities affected and related personnel, and watch the transactions conducted with these securities. 3. Monitor transactions with restricted securities according to
the type of activity, portfolios or collectives to whom the restriction is applicable.
4. Receive and deal with communications and requests to carry out own account trading.
5. Control own account trading of the relevant personnel. 6. Manage failures to comply of the CCSM.
7. Resolve doubts on the CCSM.
8. Register and resolve conflicts of interest and situations that could give rise to them.
9. Assess and manage conflicts arising from the analysis activity. 10. Keep the necessary records to control compliance with the
obligations envisaged in the CCSM.
12. Organise the training and, in general, conduct the actions needed to apply the code.
13. Analyse activities suspicious of constituting market abuse and, where appropriate, report them to the supervisory authorities. Main actions
The compliance corporate office, together with local compliance executives and of the subsidiaries, ensure that the obligations contained in the CCSM are observed by around 12,000 Group employees throughout the world.
The market abuse investigation unit continued to review many transactions that gave rise to opportune communications to the National Securities Market Commission. Moreover, a new unit of market compliance was created in 2014, focusing on controlling operations in the capital markets.
Corporate defence
The Group’s compliance management is also responsible for managing the corporate defence management model, created after the entry into force of Organic Law 5/2010, which introduced the penal responsibility of companies for crimes committed on account of and for the benefit of them by administrators or representatives and by employees as a result of the lack of control. The system of managing risks for the prevention of penal crimes, a key element of which is the whistle blowing channel, obtained the AENOR certification in 2014.
The Group has established 26 such channels, and in 2014 received denunciations in six of them (Germany, Brazil, US, UK, Poland and Spain).
In 2014, more than 400 denunciations were received by any channel. They were handled in accordance with the Group’s internal procedures. The most common reasons for the denunciations were failure to comply with the internal rules for employees, either because of inadequate behaviour or for not observing the Group’s policies or procedures.
Relationships with the supervisory authorities and dissemination of information to the markets
Compliance management is responsible for tending to the information requirements of the regulatory and supervisory bodies, both those in Spain as well as in other countries where the Group operates, monitoring implementation of the measures resulting from the reports or inspections of these bodies and supervising the way in which the Group disseminates institutional information in the markets transparently and in accordance with the regulators’ requirements. The committee of supervision of risks, regulations and compliance (before its creation in June 2014 the audit committee) is informed of the main issues at each of its meetings.
Banco Santander made public 90 relevant facts in 2014, which are available on the Group’s web site and that of the National Securities Market Commission (CNMV).
Other actions
Compliance management continued to carry out other activities in 2014 inherent to its sphere (reviewing the bank’s internal rules before their publication, ensuring treasury stock operations are in line with internal and external rules, maintaining the section on regulatory information on the corporate website, reviewing the vote recommendation reports for shareholders’ meetings drawn up by the leading consultancies in this area, sending periodic regulatory information to the supervisory bodies, etc). It also co-operated in new corporate projects such as the Group’s adjustment to the US Volker Rule, the listing of the Santander share on the stock markets of Sao Paulo (via BDRs) and Warsaw and implementing corporate data protection models and prevention of penal risks, among others.
The losses incurred by the Group from compliance, conduct and reputational risks are included in the data base of events which the Group’s corporate area of operational risk (CAOR) manages.
11. Model risk
The use of risk management models entails the appearance of model risk, understood as the losses that come from decisions mainly founded on the results of models, due to errors in the definition, application or use of the models.
The risk is manifested in both operational risk (that associated with errors in the data, in the construction, implementation and use), as well as implicitly in the risk associated with the activity it is supporting (be it credit, market or another risk, due to data, construction or inadequate use of the model).
Extending the use of the models to a wide series of activities makes it necessary to establish a series of actions and controls throughout the life cycle of these models in order to know and minimise the risks associated.
Model risk management is structured around three lines of defence that are specified in the following way:
• First line of defence, consisting of owners and developers as well as generators of exposure to this risk.
• Second line of defence, made up of teams specialised in controlling and supervising risks and charged with
complementing the control functions of the first line of defence, questioning whether its approaches are opportune and issuing an opinion on this.
• Third line of defence, constituted by Internal audit. The model risk can be mitigated through an environment of control and management, i.e. a series of controls on the model’s life cycle. The cycle covers the very definition of the standards to be used in its development through to regular monitoring and its final completion.
Of particular importance is the planning phase, where the priorities of development and management of the models are determined. By drawing up the plans, the needs to be covered are identified and the materiality of the risk involved assessed. Extracting and validating the information as well as the very development of the model are also two fundamental phases. In the case of the development, points of control must be established that enable aspects such as verifying whether the data used is adequate, that the objectives are in accord with what is requested, that the construction has been done following the established lines and that the implementation is viable before the model is put into operation, which will take place once formally approved.
A process of validation conducted by a function independent of the developer of the model must exist in order to control the risk associated with the development of models. The scope of the validation will depend on the type of the model, the materiality and the type of development applied.
Lastly, all developments of a new model or changes to the one already existing, or a new use of a model must be reviewed and approved, in accordance with its materiality, by the government established. This process represents the recognition by those involved that they know and are aware of all the risks associated with use of the model, as well as the different assumptions made in its construction and the limitations existing, according to the model’s envisaged uses.
Once installed, the models will be supervised regularly to ensure they are used for the purposes for which they were approved and continue to function as expected.
12. Capital management
and capital risk control
The Group manages capital in a comprehensive way, seeking to guarantee its solvency and maximise profitability and determined by the strategic objectives and the risk appetite set by the board. A series of practices are defined that shape the focus that the Group wants to give to management of capital:
• Establish adequate planning of capital that enables current needs to be covered and provides the necessary equity to cover the needs of business plans and the short and medium term risks, while maintaining the risk profile approved by the board.
• Ensure that under stress scenarios the Group and its companies maintain sufficient capital to cover the needs arising from the increase in risks resulting from the deterioration of macroeconomic conditions.
• Optimise the use of capital by adequately assigning it among the businesses, based on the relative return on regulatory and economic capital, taking into account the risk appetite, its growth and the strategic objectives.
Santander defines capital risk as the risk that the Group or its companies have an insufficient amount and/or quality of capital to tend to the expectations of its stakeholders, and in accordance with its strategic planning. Of note are the following objectives:
• Comply with the internal objectives for capital and solvency.
• Meet the regulatory requirements.
• Align the Bank’s strategic plan with the capital expectations of external agents (rating agencies, shareholders and investors, customers, supervisors, etc).
• Support business growth and the strategic possibilities that arise.
Solvency position
Grupo Santander maintains a very solid solvency position, significantly above the minimum levels required by regulations. In 2014, the Group strengthened its main capital ratios in response to the difficult economic and financial environment and the new regulatory requirements.
The stress tests conducted by the ECB on Europe’s financial industry underscored the quality of Banco Santander’s portfolios, the correct valuation of its assets and adequate provisions, as well as the strength of its business model for adverse macroeconomic scenarios. For more detail see item 1 of this chapter.
The Bank completed on January 9, 2015 its EUR 7,500 million capital increase. As a result, it meets the main objective of being able to sustain the organic growth of business, increasing loans and market share in its main markets, accompanying its clients in a new stage of economic growth.
After the capital increase, the Common Equity Tier 1 (CET1 fully loaded) ratio, which represents coverage of risks with the maximum quality capital, increased to 9.7% from 8.3%, in line with Santander’s peers. Furthermore, if we take into account the Group’s business model, characterised by its high geographic diversification, recurrent results and resilience to adverse environments, as manifested in the recent European stress exercise, the Group’s capital standards are among the best in the sector.
The Group’s objective is to increase the CET1 fully loaded ratio even more to around 10%-11% in 2017.
The table below shows risk-weighted assets (RWAs) in the main geographic areas and type of risk.