Compliance within - BNP Paribas

Compliance within - BNP Paribas

Compliance withinBNP ParibasBNP Paribas, Paris

The fi nancial security teams also coordinate the application of fi nancial embargoes.The international situation has led the authorities to put in place sanctionsin respect of certain countries or goods, by imposing such embargoes.Instructions relating to the application of these embargoes lay down imperativeguidelines for detecting and dealing with transactions by clients targeted bythese measures, in accordance with the legislation in force. In light of theparticularly sensitive political and regulatory climate in 2007, the mechanism forensuring compliance with fi nancial embargoes has been strengthened.The BNP Paribas Group has set itself the goal of limiting and strictly coordinatingits presence in tax havens, in order to improve its control of unforeseeableadministrative complications and any risk to its reputation that could occur asa result. Procedures and rules of conduct defi ne the countries involved, thecontrol regulations for companies operating in these countries and the complianceand fi nancial security mechanisms. In accordance with the “best interests”principle, Group regulations on combating money laundering, corruptionand the fi nancing of terrorism, as well as on compliance with embargoes, applyto entities domiciled in tax havens, even if local regulations are more lenient.Developing and installing tools for monitoring transactions, detecting discrepanciesand helping to manage obligations remains a priority. New IT controltools in the fi nancial security domain continued to be developed in 2007. Thesetools, which represent a major investment for the Group, include: the databaseof politically exposed persons (LYNX); a system that automatically checks clientlists against lists of sanctions and politically exposed persons (SUN); a referencesystem for sanction lists (REGLISS); an anti-terrorism fi lter and embargoapplication system (SHINE); a tool for analysing the functioning of accounts todetect money laundering operations (IRIS); and a new tool for managing suspicioustransaction reporting (SYSFACT). The mechanism for detecting marketabuse is now largely operational and has highlighted a considerable numberof warnings and enabled the Group to make the necessary declarations tothe relevant authorities. The rollout of the ACTIMIZE risk management solutioncontinues apace. This tool, which should be operational in all entities by 2008,will further enhance the procedure’s reliability.Compliance training, whether with regard to protecting clients’ interests, marketintegrity or the fi ght against money laundering, is one of the function'smain responsibilities. In 2007, this training was provided to almost 82,000employees, a 30% increase on 2006, at constant scope. At central Grouplevel, new modules for informing employees about compliance were createdfor the detection of market abuse (insider trading and stock manipulation) andthe implementation of MiFID containing important compliance-related provisionswhich should improve the execution of transactions, the matching of productsto clients’ needs, client reporting, and confl ict of interest management.Two more modules, entirely dedicated to confl ict of interest management andcompliance with fi nancial embargoes, are currently being developed.Report on Environmental and Social Responsibility 2007 /////// Compliance within BNP Paribas84

Business continuityBusiness continuity is an area of constant concern for the Group. In the1980s, both BNP and Paribas implemented information system security procedures.To address outside events, changes in regulations and increasedpressure from clients, these procedures are continually upgraded in all of theBank’s businesses and territories. In 2006, Group-wide coordination becamepart of a global business continuity approach and helped to provide a clearercross-functional perspective across the fast-growing Group. Numerous localinitiatives were also implemented, including the creation of a dedicated sitein New York, and improved coordination of business continuity and disasterrecovery plans in London.Organisation of continuity effortsThe three mainstays of business continuity are:• The Group Compliance function, which defi nes the standard businesscontinuity guidelines applicable across the Group;• The ITP – Technologies and Processes function, which develops strategy,methodology and rules and regulations based on defi ned guidelines, acts inaccordance with the principles of consistency and oversees the strategy’simplementation;• The entities, which draw up, implement and test their own continuity plans.A dedicated Group Security team has also been set up to coordinate theimplementation of a proactive and effective crisis management policy throughoutthe Group.Operational management of business continuity plansAll BNP Paribas entities are directly responsible for identifying their continuityimperatives and drawing up an appropriate action plan (business continuityplan), testing the effectiveness of the plan on a regular basis, and defi ningand implementing specifi c crisis management procedures. These responsibilitiesare part of a standard Group methodology designed to ensure that thecontinuity plan is effective, which consists of four phases:Phase 1 – Preliminary steps: these include identifying continuity solutions, inparticular disaster recovery plans and user business continuity plans in relationto risks such as power cuts, fi re, fl oods, earthquakes, landslides, terroristattacks or strikes that would lead to employees being unable to access theGroup’s premises or process transactions; designating key players; assessingregulatory requirements, including those applicable to outsourced activities;and identifying critical business components: key employees, systems,applications, data, and logistics (availability, access, security, and supplies).Report on Environmental and Social Responsibility 2007 /////// Compliance within BNP Paribas85

Phase 2 – Analysing and reporting continuity imperatives: Each entity defi nesthe critical components necessary to continue working in an emergency:strategic activities and any corresponding fi nancial, commercial, regulatoryor reputational impacts are listed, prioritised and validated. The maximumperiods of permitted interruption are assessed, validated and reviewed on aregular basis. Strategic databases and tools are listed, prioritised and validated,in particular minimum system usage modes and data access, togetherwith the maximum allowable data losses. Logistics and communication toolsare identifi ed, and conditions ensuring employee and data security (authorisationmanagement, back-ups and data warehousing) are defi ned.Phase 3 – Launch and implementation of business continuity strategies:Procedures are in place for triggering continuity solutions in each crisis situation.Organisational, functional and technical procedures are documentedand updated at least once a year.Phase 4 – Continuous review: The business continuity plans are regularlytested and the corresponding documentation is updated in line with changesin the technical or regulatory environment.Over the past few years, BNP Paribas has signifi cantly increased its resilience,although it remains impossible to protect the Group against every eventuality.Business continuity is not only a requirement imposed by banking regulations,it is also a major strategic challenge for the Group, in view of offering itsclients, shareholders and employees a commitment of the Bank’s strengthand resistance in an increasingly complex and volatile environment wheretensions may be experienced more frequently. This imperative is refl ected inthe business continuity plans in place, which help improve the performanceof operational risk control and management.Report on Environmental and Social Responsibility 2007 /////// Compliance within BNP Paribas86

More magazines by this user
Similar magazines