Universal registration document and annual financial report 2019

430 2019 Universal registration document and annual financial report - BNP PARIBAS

5 risks and CaPital adequaCy Pillar 3

Operational risk

5.9 Operational risk

REGULATORY FRAMEWORK

Operational risk is the risk of incurring a loss due to inadequate or failed internal processes, or due to external events, whether deliberate, accidental or natural occurrences. Management of operational risk is based on an analysis of the cause event effect chain.

Internal processes giving rise to operational risk may involve employees and/or IT systems. External events include, but are not limited to floods, fire, earthquakes and terrorist attacks. Credit or

market events such as default or fluctuations in value do not fall within the scope of operational risk.

Operational risk encompasses fraud, human resources risks, legal risks, non-compliance risks, tax risks, information system risks, conduct risks (risks related to the provision of inappropriate financial services), risk related to failures in operating processes, including loan procedures or model risks, as well as any potential financial implications resulting from the management of reputation risk.

Operational and compliance risks come under a specific regulatory framework:

■ Directive 36/2013/UE (CRD 4) and Regulation (EU) No. 575/2013 (CRR) governing prudential supervision and the methods for calculating the amount of capital requirements to cover the operational risk;

■ French Ministry of Finance Decree of 3 November 2014, which defines the roles and responsibilities of the RISK Function (covering all types of risks) and an internal control system which ensures the efficiency and quality of the Bank s internal operations, the reliability of internal and external information, the security of transactions, as well as compliance with applicable laws, regulations and internal policies.

Banking regulation divides operational loss events into seven categories: (i) internal fraud, (ii) external fraud, (iii) employment practices and

workplace safety (such as an anomaly arising from recruitment management), (iv) clients, products and business practices (such as product defects, mis-selling, professional misconduct, etc.), (v) damage to physical assets, (vi) business disruption and system failures, (vii) execution, delivery and process management (data entry error, error in documentation, etc.).

Effective management of compliance risk aims to ensure compliance with applicable laws, regulations, rules of ethics and instructions, protect the Group s reputation, that of its investors and that of its customers, ensure ethical professional behaviour, prevent conflicts of interest, protect customers interests and market integrity, fight against money laundering, corruption and the financing of terrorist activities, as well as ensure compliance with financial embargos.

The corresponding liabilities, contingent liabilities or securities lent are issued mainly by public authorities, for a median value of EUR 396 billion over 2019. The encumbered assets, collateral received and own securities issued other than covered bonds or securities backed by encumbered assets concern public authorities for an amount of EUR 415 billion.

The FICC and Prime Solutions & Financing businesses as well as Securities Services represent, in median value terms over 2019, 69% of the Group s encumbered assets (EUR 234 billion) and 99% of the collateral received (EUR 377 billion), i.e. 85% of the encumbrance (EUR 611 billion). This is mainly repo and derivative activity. The other encumbered assets are mainly through financing and Treasury ALM.

The Group s encumbered assets and received and encumbered collateral are denominated mainly in euros or dollars (for a median amount of 40% and 41% respectively over the year).