2018 Registration document and annual fi nancial report - BNP PARIBAS 285
5RISKS AND CAPITAL ADEQUACY PILLAR 3
5
Annual risk survey
■ the finalisation of Basel 3 published by the Basel committee in December 2017, introducing a revision to the measurement of credit risk, operational risk and CVA risk for the calculation of risk- weighted assets. These measures are expected to come into effect in January 2022, after transposition into EU law, and will be subject to an output fl oor (based on standardised approaches), which will be gradually applied as of 2022 and reach its fi nal level in 2027.
For a more detailed description, see the risk factor Laws and regulations adopted in recent years, particularly in response to the global fi nancial crisis, as well as new legislative proposals, may materially impact the Bank and the fi nancial and economic environment in which it operates .
Moreover, in this tougher regulatory context, the risk of non-compliance with existing laws and regulations, in particular those relating to the protection of the interests of customers and personal data, is a signifi cant risk for the banking industry, potentially resulting in signifi cant losses and fi nes(1). In addition to its compliance system, which specifi cally covers this type of risk, the Group places the interest of its customers, and more broadly that of its stakeholders, at the heart of its values. Thus, the code of conduct adopted by the Group in 2016 sets out detailed values and rules of conduct in this area.
Cyber security and technology risk
BNP Paribas ability to do business is intrinsically tied to the fl uidity of electronic transactions as well as the protection and security of information and technology assets.
The technological change is accelerating with the digital transformation and the resulting increase in the number of communications circuits, proliferation in data sources, growing process automation, and greater use of electronic banking transactions.
The progress and acceleration of technological change are giving cybercriminals new options for altering, stealing, and disclosing data. The number of attacks is increasing, with a greater reach and sophistication in all sectors, including fi nancial services.
The outsourcing of a growing number of processes also exposes the Group to structural cyber security and technology risks leading to the appearance of potential attack vectors that cybercriminals can exploit.
Accordingly, the Group has a second line of defence within the RISK Function dedicated to managing technological and cyber security risks (see the paragraph Cyber security and technology in section 5.9 Operational Risk). Thus, operational standards are regularly adapted to support the Bank s digital evolution and innovation while managing existing and emerging threats (such as cyber-crime, espionage, etc.).
EMERGING RISKS An emerging risk is defi ned as a new or evolving risk which potential impact could be material in the future but is currently not fully known or is diffi cult to quantify.
In 2018, the Group identified emerging risks related to technological innovations, the evolving regulatory environments, the reduction of international trade, as well as certain environmental and demographic risks.
Technological innovations
Technological developments related to the growing use of data in all production, marketing, and distribution processes, and to data sharing among economic players (producers, suppliers, and customers) will impact the economic models of our clients and counterparties in a lasting way. These impacts, which are sometimes hard to assess in a context where new standards, economic balances, and regulatory entities are in the process of evolving and adapting, are being analysed internally by industry experts focused on the economic sectors most exposed to this evolution.
Furthermore, the Group s competitive environment is undergoing profound change, with the emergence of new Fintech players, even though still relatively modest in size, and the emergence of technological innovations like blockchains, which disrupt the traditional value chains of Group s businesses, and place the quality of the customer experience, and the use of new technologies to reduce the cost of low added-value operations, as their key competitive success factors. Maintenance of the Group s information systems must be done in this context of evolving value chains. The Group is deploying a proactive strategy in this area to adapt its activities to these major technological developments and promote some industrial cooperation with Fintech players.
Evolving regulatory environments
Beyond the regulatory measures recently adopted or pending adoption, and already cited as Top Risks, the trend toward growing complexity and regional differences in the bank regulatory environment and related supervision is creating relative uncertainty over future developments, compliance costs, and proper performance risk concerning the various measures. The Group has established an active monitoring system for its regulatory environment, enabling it to minimise these risks.
Risks of reduction of international trade from protectionist measures
Various protectionist measures were taken in 2018. These measures are threatening to raise prices and slow down global economic activity, the positive effects sought in some sectors being more than offset by the negative effects suffered by the rest of the economy. If, at this point, the measures adopted do not seem likely to cause a major economic crisis, harsher measures and their potential consequences on fi nancial markets (equities, currencies) and on economic players, could signifi cantly worsen the outlook in the coming months. In the longer term, the increase in protectionist measures could disrupt international value chains and direct investment.
(1) Risk factors: The Bank may incur substantial fi nes and administrative and other criminal penalties for non-compliance with applicable laws and regulations and may also incur losses in related (or unrelated) litigation with private parties .