2018 Registration document and annual fi nancial report - BNP PARIBAS430
5 RISKS AND CAPITAL ADEQUACY PILLAR 3
5
Operational risk
By its nature, operational risk covers numerous areas related with the Group s usual business activity and is linked to specifi c risks such as compliance, reputation, legal, fi scal and cyber security risks which are monitored in specifi c ways.
COMPLIANCE AND REPUTATION RISK Compliance risk is defi ned in French regulations as the risk of legal, administrative or disciplinary sanctions, of signifi cant fi nancial loss or reputational damage that a bank may suffer as a result of failure to comply with national or European laws and regulations, codes of conduct and standards of good practice applicable to banking and fi nancial activities, or instructions given by an executive body, particularly in application of guidelines issued by a supervisory body.
By defi nition, this risk is a sub-category of operational risk. However, as certain implications of compliance risk involve more than a purely fi nancial loss and may actually damage the institution s reputation, the Bank treats compliance risk separately.
Reputation risk is the risk of damaging the trust placed in a corporation by its customers, counterparties, suppliers, employees, shareholders, supervisors and any other stakeholder whose trust is an essential condition for the corporation to carry out its day-to-day operations.
Reputation risk is primarily contingent on all the other risks borne by the Bank, specifi cally the potential materialisation of a credit or market risk, or an operational risk, as well as a violation of the Group s code of conduct.
In accordance with international standards and French regulations, Compliance manages the system for monitoring compliance and reputation risks for all of the Group s businesses in France and abroad. Compliance reports to the Chief Executive Officer and has direct, independent access to the Board s Internal Control, Risk and Compliance Committee.
Integrated globally, Compliance brings together all Group employees reporting to the function. Compliance is organised based on its guiding principles (independence; integration and decentralisation of the function; dialogue with the business lines; accountability of each of the Group s stakeholders; a culture of excellence) through three operating areas, three regions, six fi elds of expertise and fi ve cross-functional activities.
All Compliance Offi cers in the various operational areas, regions, business lines and territories, fi elds of expertise and Group functions report directly to the Compliance Function.
This management of compliance and reputation risks is based on a system of permanent controls built on four components:
■ general and specifi c procedures;
■ coordination of action taken within the Group to guarantee the consistency and effectiveness of monitoring systems and tools;
■ deployment of tools for detecting and preventing money laundering, terrorist fi nancing and corruption, detecting market abuses, etc.;
■ training, both at Group level and in the divisions and business lines.
During 2018, the Group continued implementing this system, through the following initiatives:
■ strengthening its Financial Security mechanism;
■ continually increasing human and fi nancial resources;
■ launching a new program to industrialise its IT compliance processes by creating a dedicated organisation;
■ strengthening its resources in banking law and customers tax compliance;
■ continuing remediation plans launched as part of its settlements with French and US authorities concerning international fi nancial sanctions and foreign exchange.
(See chapter 2 Corporate governance and internal control, Internal Control section.)
More specifi cally, reputation risk control is based on the following items:
SPECIFIC COMPONENTS LINKED TO OPERATIONAL RISK [Audited]