Controls and code of conduct

Controls

The effectiveness of our internal control system is reviewed regularly by the Board, its committees, the Group Management Committee, and Group Internal Audit. The Audit Commi! ttee has reviewed the effectiveness of the Group's system of internal control during the year ended 31 December 2011 and reported on its review to the Board. The Committee's review was supported by an annual business self-certification process, which was managed by Group Internal Audit.

Group Internal Audit monitors compliance with policies and standards and the effectiveness of internal control structures across the Group through its programme of business audits. The work of Group Internal Audit is focused on the areas of greatest risk as determined by a risk-based assessment methodology.

Group Internal Audit reports regularly to the Audit Committee, the Chairman and to the Group Chief Executive. The findings of all adverse audits are reported to the Audit Committee, the Chairman and to the Group Chief Executive where immediate corrective action is required.

The Board Risk Committee has responsibility for overseeing the management of the Company's fundamental prudential risks as well as reviewing the effectiveness of the Company! ' s risk management framework. The Audit Committee monitors the integrity of the Company's financial reporting, compliance and internal control environment.

The Risk review describes the Group's risk management structure. Our business is conducted within a developed control framework, underpinned by policy statements, written procedures and control manuals. This ensures that there are written policies and procedures to identify and manage risk, including operational risk, country risk, liquidity risk, regulatory risk, legal risk, reputational risk, market risk and credit risk. The Board has established a management structure that clearly defines roles, responsibilities and reporting lines. Delegated authorities are documented and communicated. Executive risk committees regularly review the Group's risk profile.

The performance of the Group's businesses is reported regularly to senior line management and the Board. Performance trends and forecasts, as well as actual performance against budgets and prior periods, are monitored closely. Financial information is prepared using appropriate accounting policies, which are applied consistently. Operational procedures and controls have been established to facilitate complete, accurate and timely processing of transactions and the safeguarding of assets. These controls include appropriate segregat! ion of d uties, the regular reconciliation of accounts and the valuation of assets and positions.

Code of conduct

The Board has adopted a Group code of conduct relating to the lawful and ethical conduct of business and this is supported by the Group's core values. The Group code of conduct has been communicated to all directors and employees, all of whom are expected to observe high standards of integrity and fair dealing in relation to customers, staff and regulators in the communities in which the Group operates.