2020 Universal registration document and annual financial report - BNP PARIBAS 461
5risks and CaPital adequaCy Pillar 3
5
Operational risk
More specifically, reputation risk control is based on the following items:
■ the Group Supervisory and Control Committee is chaired by the Chief Executive Officer. Its other members are the Chief Operating Officer and the Heads of the Compliance, RISK, LEGAL and General Inspection Functions. The Deputy Chief Operating Officers have standing invitations to attend. Its mission is to define rules of principle and policies, to contribute to the organisation of the control functions and the consistency between them and to ensure their overall consistency vis-à-vis the operating entities of the Group;
■ Corporate Engagement: the Corporate Engagement department is made up of the Corporate Social and Environmental Responsibility and Group Communication functions. It defines and implements the Group s strategy of engagement in the main sectors related to the future of our society, such as economic development, the environment and energy transition; social integration and regional development; diversity and respect for human rights. These areas are particularly relevant to the protection against risk to the Group s reputation; Also, one of the major missions of Corporate Communication is to protect the reputation of the Group and its entities, as well as being a source of information for employees and the public, whose trust is essential for the Group;
■ the Group s Code of conduct, which is at the heart of every action and guides all employees in their decisions at all levels of the organisation. It describes the Group s mission and values ( the BNP Paribas Way ) and the associated rules of conduct;
■ the individual responsibility of employees: any employee confronted with the actual or potential occurrence of a credit, market or operational risk (including in the area of IT and cyber security), a compliance or legal risk, and/or the violation of a law or regulation, or of the Group s Code of conduct or procedures, that could lead to a reputation risk for the Group or one of its entities must communicate, immediately and without delay, his or her concern to his or her line manager or to a more senior manager;
■ the employee awareness training programme: the Group s employees have an essential role in managing the reputation risk. This awareness training includes identifying, controlling, and managing the reputation risk, the Group s Values, and its ethics standards;
■ permanent control: identifying and managing the reputation risk are part of the objectives of the permanent control system. Procedures and controls are closely monitored wherever the risk is highest. Whistleblowing procedures and periodic control recommendations are also taken into consideration. The reputation risk is also taken into account in the process for validating standard or non-standard transactions, new businesses, and new products. The Group has procedures for conflicts of interest; market integrity; adequacy and appropriateness of offers to clients; best execution of their orders; anti- money laundering, terrorist financing and corruption; compliance with international sanctions and embargoes; and social and environmental responsibility that, along with the Code of conduct, are conducive to effective management of reputation risk.
LEGAL RISK The LEGAL Function is an independent function of the BNP Paribas Group and is hierarchically integrated with all the Group s legal teams. LEGAL is responsible for legal risk management and is responsible for interpreting the laws and regulations applicable to the Group s activities and for providing legal guidance and advice to the Group in a manner that meets the highest standards of excellence and integrity.
The LEGAL Function provides executive officers and the Board of directors with reasonable assurance that legal risks are monitored, controlled and mitigated at the Group level. It is responsible for the management (including prevention) of legal risks within the Group through its advisory and control roles.
Legal risk refers to the potential loss to the BNP Paribas Group, whether financial or reputational, which impacts or could impact one or more entities of the BNP Paribas Group and/or its employees, business lines, operations, products and/or its services, and results from:
■ non-compliance with a law or regulation or a change in law(s) or regulation(s) (including a change in the interpretation or application of a law or regulation by a court or competent authority and any requirement of any regulatory or supervisory authority);
■ a dispute (including all forms of alternative/extrajudicial dispute resolution and court orders) or an investigation or inquiry by a regulatory or supervisory authority (with implications for LEGAL);
■ of a contractual deficiency;
■ of a non-contractual matter.
The LEGAL Function is responsible for:
■ the prevention of any failure or deficiency in a legal process that may involve the risk of a penalty, reputational risk or financial loss, in all areas (legal risk by nature);
■ management of the risk relating to a conflict with a counterparty, a customer, a third party or a regulatory body, resulting from a deficiency or default that could be attributable to the Group in the course of its operations (legal risk as a consequence).
Strategic and preventive missions
In its strategic missions, LEGAL is responsible for:
■ defining the Group s legal policy and overseeing its consistency;
■ providing legal advice to the Executive Management, business lines and functions;
■ contributing to the Bank s influence on regulatory, legislative or market initiatives.
In its prevention missions, LEGAL is responsible for ensuring:
■ the Group s legal security in connection with its commercial activities or proprietary businesses;
■ the protection of the Group s legal interests, including through the management of the Group s disputes and conflicts;
■ the legal protection of the Group s managers or employees in the ordinary course of their business.
