Your browser is not up to date and is not able to run this publication.
Learn more

2018 Registration document and annual fi nancial report - BNP PARIBAS 295

5RISKS AND CAPITAL ADEQUACY PILLAR 3

5

Annual risk survey

An interruption in or a breach of the Bank s information systems may cause substantial losses of client or customer information, damage to the Bank s reputation and fi nancial losses.

As with most other banks, the Bank relies heavily on communications and information systems to conduct its business. This dependency has increased with the spread of mobile and online banking services, and the development of cloud computing and blockchain technologies. Any failure or interruption or breach in security of these systems could result in failures or interruptions in the Bank s customer relationship management, general ledger, deposit, servicing and/or loan organization systems or could cause the Bank to incur signifi cant costs in recovering and verifying lost data. The Bank cannot provide assurances that such failures or interruptions will not occur or, if they do occur, that they will be adequately addressed.

In addition, the Bank is subject to cybersecurity risk, or risk caused by a malicious and/or fraudulent act, committed virtually, with the intention of manipulating information (confi dential data, bank/insurance, technical or strategic), processes and users, in order to cause material losses to the Group s subsidiaries, employees, partners and clients. An increasing number of companies (including fi nancial institutions) have in recent years experienced intrusion attempts or even breaches of their information technology security, some of which have involved sophisticated and highly targeted attacks on their computer networks. Because the techniques used to obtain unauthorized access, disable or degrade service, steal confi dential data or sabotage information systems have become more sophisticated, change frequently and often are not recognized until launched against a target, the Bank and its third-party service providers may be unable to anticipate these techniques or to implement in a timely manner effective and effi cient countermeasures. Any failures of or interruptions in the Bank s information systems or those of its providers and any subsequent disclosure of confi dential information related to any client, counterpart or employee of the Bank (or any other person) or any intrusion or attack against the Bank s communication system could cause signifi cant losses and have an adverse effect on the Bank s reputation, fi nancial condition and results of operations.

Moreover, the Bank is exposed to the risk of operational failure or interruption of a clearing agent, foreign markets, clearing houses, custodian banks or any other fi nancial intermediary or external service provider used by the Bank to execute or facilitate fi nancial transactions. Due to its increased interaction with clients, the Bank is also exposed to the risk of operational malfunction of the latter s information systems. The Group s communications and data systems and those of its clients, service providers and counterparties may also be subject to malfunctions or interruptions by as a result of cyber-crime or cyber-terrorism. The Bank cannot guarantee that these malfunctions or interruptions in its own systems or those of other parties will not occur or that in the event of a cyberattack, these malfunctions or interruptions will be adequately resolved.

The Bank s competitive position could be harmed if its reputation is damaged.

Considering the highly competitive environment in the fi nancial services industry, a reputation for fi nancial strength and integrity is critical to the Bank s ability to attract and retain customers. The Bank s reputation could be harmed if it fails to adequately promote and market its products and services. The Bank s reputation could also be damaged if, as it increases its client base and the scale of its businesses, the Bank s comprehensive procedures and controls dealing with confl icts of interest fail, or appear to fail, to address confl icts of interest properly. At the same time, the Bank s reputation could be damaged by employee misconduct, fraud or misconduct by market participants to which the Bank is exposed, a decline in, a restatement of, or corrections to its fi nancial results, as well as any adverse legal or regulatory action such as the settlement the Bank entered into in with the US authorities for violations of US laws and regulations regarding economic sanctions. Such risks to reputation have recently increased as a result of the growing use of social networks within the economic sphere. The loss of business that could result from damage to the Bank s reputation could have an adverse effect on its results of operations and fi nancial position.