Universal registration document and annual financial report 2020

2020 Universal registration document and annual financial report - BNP PARIBAS458

5 risks and CaPital adequaCy Pillar 3

Operational risk

5.9 Operational risk

REGULATORY FRAMEWORK

Operational risk is the risk of incurring a loss due to inadequate or failed internal processes, or due to external events, whether deliberate, accidental or natural occurrences. Management of operational risk is based on an analysis of the cause event effect chain.

Internal processes giving rise to operational risk may involve employees and/or IT systems. External events include, but are not limited to floods, fire, earthquakes and terrorist attacks. Credit or market events such as default or fluctuations in value do not fall within the scope of operational risk.

Operational risk encompasses fraud, human resources risks, legal risks, non-compliance risks, tax risks, information system risks, conduct risks (risks related to the provision of inappropriate financial services), risk related to failures in operating processes, including loan procedures or model risks, as well as any potential financial implications resulting from the management of reputation risk.

Operational and compliance risks come under a specific regulatory framework:

■ Directive 36/2013/UE (CRD 4) and Regulation (EU) No. 575/2013 (CRR) governing prudential supervision and the methods for calculating the amount of capital requirements to cover the operational risk;

■ French Ministry of Finance Decree of 3 November 2014, which defines the roles and responsibilities of the Risk Function (covering all types of risks) and an internal control system which ensures the efficiency and quality of the Bank s internal operations, the reliability of internal and external information, the security of transactions, as well as compliance with applicable laws, regulations and internal policies.

Banking regulation divides operational loss events into seven categories: (i) internal fraud, (ii) external fraud, (iii) employment practices and

workplace safety (such as an anomaly arising from recruitment management), (iv) clients, products and business practices (such as product defects, mis-selling, professional misconduct, etc.), (v) damage to physical assets, (vi) business disruption and system failures, (vii) execution, delivery and process management (data entry error, error in documentation, etc.).

Effective management of compliance risk aims to ensure compliance with applicable laws, regulations, rules of ethics and instructions, protect the Group s reputation, that of its investors and that of its customers, ensure ethical professional behaviour, prevent conflicts of interest, protect customers interests and market integrity, fight against money laundering, corruption and the financing of terrorist activities, as well as ensure compliance with financial embargoes.

EUR 471 billion of encumbered assets and collateral received (mainly reverse repos) were mainly issued by general government entities, raising EUR 431 billion of financing.

The FICC and Prime Solutions & Financing businesses as well as Securities Services represent 59% of the Group s encumbered assets (EUR 263 billion) and 100% of the collateral received (EUR 435 billion),

i.e. 80% of the encumbrance (EUR 702 billion). This is mainly repo and derivative activity. The other encumbered assets are mainly through financing and Treasury ALM.

Encumbered assets and received and encumbered collateral are denominated mainly in euros or dollars (for a median amount of 44% and 38% respectively over the year).