CHFC 2017 Annual Report

support our operations. Our ability to raise additional capital will depend on conditions in the capital markets at that time, which are outside of our control, and on our financial performance. We cannot assure that we will be able to raise additional capital in the future on terms acceptable to us or at all. Any occurrence that limits our access to capital, may adversely affect our capital costs and our ability to raise capital and, in turn, our liquidity. Any inability to raise capital on acceptable terms when needed could have a material adverse effect on our business, financial condition and results of operations and could be dilutive to both tangible book value and our share price. In addition, an inability to raise capital when needed may subject us to increased regulatory supervision and the imposition of restrictions on our growth and business. These restrictions could negatively affect our ability to operate or further expand our operations through loan growth, acquisitions or the establishment of additional branches. These restrictions may also result in increases in operating expenses and reductions in revenues that could have a material adverse effect on our financial condition, results of operations and our share price. The soundness of other financial institutions could adversely affect us. Our ability to engage in routine funding transactions could be adversely affected by the actions and commercial soundness of other financial institutions. Financial services institutions are interrelated as a result of trading, clearing, counterparty or other relationships. We have exposure to many different industries and counterparties, and we routinely execute transactions with counterparties in the financial services industry. As a result, defaults by, or even rumors or questions about, one or more financial services institutions, or the financial services industry generally, could lead to losses or defaults by us or by other institutions. Many of these transactions expose us to credit risk in the event of default of our counterparty or client. In addition, our credit risk may be exacerbated when the collateral that we hold cannot be realized or is liquidated at prices insufficient to recover the full amount of the loan. We can give no assurance that any such losses would not materially and adversely affect our business, financial condition or results of operations. Our controls and procedures may fail or be circumvented. Management regularly reviews and updates our internal controls and corporate governance policies and procedures. Any system of controls, however well designed and operated, is based in part on certain assumptions and can provide only reasonable, not absolute, assurances that the objectives of the system are met. A significant failure or circumvention of our controls and procedures or failure to comply with regulations related to controls and procedures could have a material adverse effect on our business, results of operations and financial condition. A failure in or breach of our operational or security systems or infrastructure, or those of our third party vendors and other service providers or other third parties, including as a result of cyberattacks, could disrupt our businesses, result in the disclosure or misuse of confidential or proprietary information, damage our reputation, increase our costs and cause losses. Our operations rely on the secure processing, storage and transmission of confidential and other sensitive business and consumer information on our computer systems and networks and third party providers. Under various federal and state laws, we are responsible for safeguarding such information. For example, our business is subject to the Gramm-Leach-Bliley Act which, among other things: (1) imposes certain limitations on our ability to share nonpublic personal information about our customers with nonaffiliated third parties; (2) requires that we provide certain disclosures to customers about our information collection, sharing and security practices and afford customers the right to “opt out” of any information sharing by us with nonaffiliated third parties (with certain exceptions); and (3) requires that we develop, implement and maintain a written comprehensive information security program containing appropriate safeguards based on our size and complexity, the nature and scope of our activities, and the sensitivity of customer information we process, as well as plans for responding to data security breaches. Ensuring that our collection, use, transfer and storage of personal information complies with all applicable laws and regulations can increase our costs. Although we take protective measures to maintain the confidentiality, integrity and availability of information across all geographic and product lines, and endeavor to modify these protective measures as circumstances warrant, the nature of the threats continues to evolve. As a result, our computer systems, software and networks may be vulnerable to unauthorized access, loss or destruction of data (including confidential client information), account takeovers, unavailability of service, computer viruses or other malicious code, cyber-attacks and other events that could have an adverse security impact. Despite the defensive measures we take to manage our internal technological and operational infrastructure, these threats may originate externally from third parties such as foreign governments, organized crime and other hackers, and outsource or infrastructure-support providers and application developers, or may originate internally from within our organization. Furthermore, we may not be able to ensure that all of our clients, suppliers, counterparties and other third parties have appropriate controls in place to protect the confidentiality of the information that they exchange with us, particularly where such information is transmitted by electronic means. Given the 24