2007 REGISTRATION DOCUMENT

More documents

Recommendations

Info

3 RiskRISK MANAGEMENTmanagement frameworkOPTIMUM ORGANISATIONAL STRUCTUREIn 2007 the units responsible for setting the operational risk framework,conducting permanent controls and coordinating business continuityplans were merged in an attempt to streamline and optimise internalcontrol procedures. The new unit will be responsible for both measuringand managing operational risk. It will define, coordinate and monitorthe Group’s operational risk, permanent controls and business continuityframeworks, and produce the appropriate risk measures and managementdata.The unit will work in line with a unified, five-tier approach based on:■ analysing risks;■ implementing preventive and/or mitigating tools including procedures,controls, business continuity plans and insurance;■ producing risk measures and calculating the capital charge foroperational risk (used to determine tolerance levels and consolidatedexposure);■ reporting and analysing information (used in validating controls andmanaging risk);■ formulating action plans to prevent and/or remedy risks, togetherwith follow-up procedures.This approach involves a two-way vertical information flow (bottom upand top down) which ensures that data is provided to the competent levelof the organisation for review, validation and decision-making purposes.It also functions as a loop, ensuring that due account has been takenof changes in the environment and that control procedures have beenadjusted accordingly.KEY PLAYERS AND GOVERNANCEAt all levels of the Group (core businesses, functions, business lines,subsidiaries and territories), the risk management framework relies onteams of operational risk analysts and coordinators of permanent controlsand business continuity plans. These teams head up the operational riskmanagement process falling within their particular remit, and ensurethat the standard operational risk policy and related methodologies andtools are properly implemented. They have a particularly important rolein risk analysis and risk reporting.The entire system requires significant involvement of operational staff.Issues that arise in relation to operational risk, permanent controls andbusiness continuity are discussed with the Group’s Executive Committeethree times a year, and with the Internal Control Coordination Committeeevery month. This committee is chaired by the Internal Control Coordinatorand brings together key players in the internal control process. Groupcompanies are encouraged to adopt this governance structure in theirown organisations.Executive Committees at the level of the Group and the core businessesare tasked with ensuring that operational risk is effectively managedand controlled in the areas falling within their remit, in accordance withthe Group’s operational risk framework. The committees are responsiblefor validating the quality and consistency of reporting data and forexamining the risk profile adopted in light of the tolerance levels setby either the committees themselves or the Group. They also assess thequality of risk control procedures in light of their objectives and therisks they incur.RISK ANALYSISA large number of people are involved in the risk analysis process, fromstaff heading up the operational risk management framework throughto their business line operating managers. Operational risk is analysedon the basis of historical data and prospective scenarios.Historical data: operational risk data has been systematically compiledsince the beginning of 2002, with the process subsequently rolled outto all of the Group’s business lines and territories and enhanced by dataquality reviews and certification procedures. The analysis and followupof operational risk data are key to identifying the actions needed toprevent incidents from recurring in the future.Prospective scenarios: the Group adopts an integrated approach tomodelling risks and analysing potential incidents, based on an analysis ofits internal processes. A qualitative analysis of the causes, correspondingcontrols and impact of operational risk incidents is carried out foreach process, with the results quantified and input into the internalcapital calculation model. The analysis highlights the Group’s mainrisk exposures and enables the organisation to identify the necessaryremedial actions.The analysis of actual and potential operational risks is therefore a keycomponent of the risk management process. It helps identify factorsthat may prevent or mitigate such risks, particularly the need for new oradjusted control procedures and business continuity plans. In turn, therisk analysis process is enhanced by the review of control procedures andbusiness continuity plans. The analysis of the “risk – controls – businesscontinuity plan” chain is therefore designed as a loop in order to optimisethe Group’s operational risk management framework.LEGAL, TAX AND INFORMATION TECHNOLOGYRISKS RELATING TO OPERATIONAL RISKLegal risk< Contents >In each country where it operates , BNP Paribas is bound by specific localregulations applicable to companies engaged in banking, insurance andfinancial services. The Group is notably required to respect the integrityof the markets and the primacy of clients’ interests.For many years, the Group Legal Department function has had an internalcontrol system designed to anticipate, detect, measure and managelegal risks.The system is organised around:■ Specific committees:■ the Legal Affairs Committee,■ the Global Legal Committee, which coordinates the activities ofthe legal function throughout the Group in all countries that havetheir own legal staff, and ensures that the Group’s legal policiesare consistent and applied in a uniform manner,■ the Legislation Tracking Committee, which analyses, interpretsand distributes throughout the Group the texts of new laws andregulations, and details of changes in French and European caselaw,■ the Legal Internal Control Committee, whose focuses includeoperational risk,■ the Litigation Committee, which deals with major litigationproceedings in which the Group is the plaintiff or defendant,■ the Legal function is a permanent member of the ComplianceCommittee and the Internal Control Coordination Committee;1234567891011762007 Registration document - BNP PARIBAS
RISK MANAGEMENT3Risk management framework■ internal procedures and databases providing a framework for(i) managing legal risk, in close collaboration with the Compliancefunction for all matters which also fall under their responsibility, and(ii) overseeing the activities of the Group’s legal staff. At the endof 2004, a procedures database detailing all internal procedures inFrench and in English was set up on the Group intranet with accessrights for all employees;■ legal reviews, which are carried out in Group entities to ensure thatlocal systems for managing legal risks are appropriate, procedures areproperly applied, and tools correctly used. Regular visits are made,particularly to countries deemed the most vulnerable, in order tocheck the effectiveness of the systems developed by internationalunits for managing legal risks;■ internal reporting tools, document templates and analytical models,which are upgraded on an ongoing basis by Group Legal Departmentand contribute to the analysis of operational risk.The Legal function was reorganised at the end of 2007 to allow increasedoversight of the Group’s Legal Department and bring front-line legalstaff closer to the core businesses and divisions. The reorganisationmeans that legal risks can be managed more effectively, both withinand outside France.Tax riskIn each country where it operates , BNP Paribas is bound by specific localtax regulations applicable to companies engaged for example in banking,insurance or financial services.The Group Tax Department is a global function, responsible for overseeingthe consistency of the Group’s tax affairs. It also shares responsibility formonitoring global tax risks with Group Finance and Development. TheGroup Tax Department performs second-tier controls to ensure that taxrisks remain at an acceptable level and are consistent with the Group’sreputation and profitability objectives.To ensure its mission, the Group Tax Department has established:■ a network of dedicated tax specialists in 12 countries completed by taxcorrespondents covering other countries where the Group operates;■ a qualitative data reporting system in order to manage tax risks andassess compliance with local tax laws;■ regular reporting to Group Executive Management on the use made ofdelegations of authority and compliance with internal standards.The Group Tax Department co-chaured the Tax Coordination Committeechaired by Group Finance and Development. The Tax CoordinationCommittee also includes the Compliance function and may involvethe core businesses when appropriate. The committee is responsible foranalysing key tax issues for the Group and making appropriate decisions.Group Finance and Development is obliged to consult the Group TaxDepartment on any tax issues arising on transactions processed.The Group Tax Department has also drawn up procedures covering allcore businesses, designed to ensure that tax risks are identified, addressedand controlled appropriately. Tax risks may arise at Group level or fromspecific customer product or service offerings developed by the Group’sentities. To ensure these risks are addressed effectively, the Group TaxDepartment relies among other on:■ the tax risk management framework. The tax risk charter is presentedin the form of a mission letter for the territory tax manager whenthere is one or in the form of a mission letter for the Group TaxDepartment authority to the head of core business with regard toentities that do not have a dedicated tax manager. The latest isupdated regularly to reflect changes in the charter applicable toTerritory Chief Executives;■ procedures for validation by the Group Tax Department for all newproducts featuring a material tax component, together with all newactivities and “specific” transactions structured in France or abroad;■ procedures for procuring independent tax advice;■ definition of operational tax risk incidents and their common filingand reporting;■ definition and disclosure of groupwide tax rules and regulations, andvalidation of any framework agreement or internal circular/documentpresenting specific tax issues;■ tax audit reporting procedures;■ control procedures relating to the delivery of tax opinions andadvice.Information security< Contents >Information is a bank’s key commodity and effective management ofinformation security risk is vital in an era of near full-scale migration toelectronic media, growing demand for swift online processing of evermore sophisticated transactions, and widespread use of the internetor multiple networks as the primary interface between a bank and itsindividual or institutional customers.Incidents reported in different countries involving banking and credit cardindustries highlight the increased need for vigilance. This topic has beenreiterated by regulations and case law on data protection.Information security at BNP Paribas is managed in accordance with aseries of Group security policies rolled down to each individual businessline. These policies take into account any regulatory requirements andthe risk appetite of the business in question, and are governed by theGroup’s general security policy which draws on ISO 27001 (formerlyISO 17799). Each business line manages information security in the sameway, based on common objective indicators, periodic controls, residualrisk assessments and action plans. This approach is part of the permanentand periodic control framework set up for each banking activity pursuantto CRBF regulation 97-02 (amended in 2004) in France and similarregulations in other countries.Each of BNP Paribas’ business lines is exposed to some specific formof information security risk, with some risks common to all businesses.The Group’s policy for managing these risks takes into consideration thespecific nature of the business, often made more complex by legallyand culturally-specific regulations in the different countries in whichthe Group does business.Like most global banking players, the Group’s online retail bankingbusinesses suffered a number of phishing/pharming attacks in 2007, asin previous years. All large-scale attacks were countered, with no harmwhatsoever to our customers, thanks to the continuing reinforcementof existing awareness, prevention, detection and remedial measures.Although we did not see a significant rise in either the number or type ofattacks over the year, the Group’s businesses remain vigilant and continueto invest in measures that will allow them to keep one step ahead ofsecurity threats without increasing complexity for the internet user. Inall countries where it has retail banking operations, BNP Paribas playsan active role in raising users’ awareness of the intrinsic dangers of theinternet and of the key measures that can be taken to mitigate thesedangers, by establishing a direct dialogue with customers and workingclosely alongside public authorities and professional or communityassociations.12345678910112007 Registration document - BNP PARIBAS 77
Page 1 and 2:
2007REGISTRATION DOCUMENT
Page 3:
2007 Registration documentThis docu
Page 6 and 7:
1 TheTHE BNP PARIBAS GROUPBNP Parib
Page 9 and 10:
THE BNP PARIBAS GROUP1The Group’s
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 18 and 19:
1 ShareholderTHE BNP PARIBAS GROUPi
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29: 1 ShareholderTHE BNP PARIBAS GROUPi
Page 30 and 31: 2 BoardCORPORATE GOVERNANCEof Direc
Page 42 and 43: 2 ReportCORPORATE GOVERNANCEof the
Page 66 and 67: 2 StatutoryCORPORATE GOVERNANCEAudi
Page 68 and 69: Contents >1234567891011662007 Regis
Page 70 and 71: 3RISK MANAGEMENT< Contents >3.4 Ris
Page 72 and 73: 3 RiskRISK MANAGEMENTfactorsLIQUIDI
Page 74 and 75: 3 RiskRISK MANAGEMENTfactorsDETERIO
Page 76 and 77: 3 RiskRISK MANAGEMENTmanagement fra
Page 80 and 81: 3 RiskRISK MANAGEMENTmanagement fra
Page 82 and 83: 3 RiskRISK MANAGEMENTexposure in 20
Page 84 and 85: 3 RiskRISK MANAGEMENTexposure in 20
Page 86 and 87: 3 RiskRISK MANAGEMENTmitigation tec
Page 88 and 89: Contents >1234567891011862007 Regis
Page 90 and 91: 4 Consolidated2007 REVIEW OF OPERAT
Page 92 and 93: 4 Core2007 REVIEW OF OPERATIONSbusi
Page 100 and 101: 4 Balance2007 REVIEW OF OPERATIONSs
Page 102 and 103: 4 Balance2007 REVIEW OF OPERATIONSs
Page 104 and 105: 2007 REVIEW OF OPERATIONS4 Outlook<
Page 106 and 107: 2007 REVIEW OF OPERATIONS4 OutlookA
Page 108 and 109: Contents >12345678910111062007 Regi
Page 110 and 111: 5CONSOLIDATED FINANCIAL STATEMENTS<
Page 112 and 113: 5 ProfitCONSOLIDATED FINANCIAL STAT
Page 114 and 115: 5 StatementCONSOLIDATED FINANCIAL S
Page 116 and 117: 5 StatementCONSOLIDATED FINANCIAL S
Page 118 and 119: 5 NotesCONSOLIDATED FINANCIAL STATE
Page 128 and 129:
5 NotesCONSOLIDATED FINANCIAL STATE
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
5 StatutoryCONSOLIDATED FINANCIAL S
Page 226 and 227:
6INFORMATION ON THE PARENT COMPANY
Page 228 and 229:
6 BNPINFORMATION ON THE PARENT COMP
Page 230 and 231:
6 ChangesINFORMATION ON THE PARENT
Page 232 and 233:
6 BNPINFORMATION ON THE PARENT COMP
Page 234 and 235:
6 SubsidiariesINFORMATION ON THE PA
Page 236 and 237:
6 SubsidiariesINFORMATION ON THE PA
Page 238 and 239:
Contents >12345678910112362007 Regi
Page 240 and 241:
7 TheSOCIAL AND ENVIRONMENTAL INFOR
Page 242 and 243:
7 ClearlySOCIAL AND ENVIRONMENTAL I
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
7 NRESOCIAL AND ENVIRONMENTAL INFOR
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Contents >12345678910112642007 Regi
Page 268 and 269:
8 DocumentsGENERAL INFORMATIONon di
Page 270 and 271:
8 FoundingGENERAL INFORMATIONdocume
Page 272 and 273:
8 FoundingGENERAL INFORMATIONdocume
Page 274 and 275:
8 YearGENERAL INFORMATIONended 31 D
Page 276 and 277:
Contents >12345678910112742007 Regi
Page 278 and 279:
9 StatutorySTATUTORY AUDITORSAudito
Page 280 and 281:
Contents >12345678910112782007 Regi
Page 282 and 283:
10 PersonPERSON RESPONSIBLE FOR THE
Page 284 and 285:
11TABLE OF CONCORDANCE< Contents >H
Page 286 and 287:
Contents >12345678910112842007 Regi
Page 288:
HEAD OFFICE16, boulevard des Italie
show all

2007 REGISTRATION DOCUMENT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?