CHFC 2017 Annual Report

increasingly high volume of our transactions, certain errors may be repeated or compounded before they can be discovered and rectified. In addition, the increasing reliance on technology systems and networks and the occurrence and potential adverse impact of attacks on such systems and networks, both generally and in the financial services industry, have enhanced government and regulatory scrutiny of the measures taken by companies to protect against cyber-security threats. As these threats, and government and regulatory oversight of associated risks, continue to evolve, we may be required to expend additional resources to enhance or expand upon the security measures we currently maintain. In particular, information pertaining to us and our customers is maintained, and transactions are executed, on the networks and systems of us, our customers and certain of our third-party partners, such as our online banking or reporting systems. The secure maintenance and transmission of confidential information, as well as execution of transactions over these systems, are essential to protect us and our customers against fraud and security breaches and to maintain our clients’ confidence. While we have not experienced any material breaches of information security, such breaches may occur through intentional or unintentional acts by those having access or gaining access to our systems or our customers’ or counterparties’ confidential information, including employees. In addition, increases in criminal activity levels and sophistication, advances in computer capabilities, new discoveries, vulnerabilities in third-party technologies (including browsers and operating systems) or other developments could result in a compromise or breach of the technology, processes and controls that we use to prevent fraudulent transactions and to protect data about us, our customers and underlying transactions, as well as the technology used by our customers to access our systems. We cannot be certain that the security measures we or processors have in place to protect this sensitive data will be successful or sufficient to protect against all current and emerging threats designed to breach our systems or those of processors. Although we have developed, and continue to invest in, systems and processes that are designed to detect and prevent security breaches and cyber-attacks and periodically test our security, a breach of our systems, or those of processors, could result in losses to us or our customers; loss of business and/or customers; damage to our reputation; the incurrence of additional expenses (including the cost of notification to consumers, credit monitoring and forensics, and fees and fines imposed by the card networks); disruption to our business; our inability to grow our online services or other businesses; additional regulatory scrutiny or penalties; or our exposure to civil litigation and possible financial liability-any of which could have a material adverse effect on our business, financial condition and results of operations. We depend on information technology and telecommunications systems of third-party servicers, and systems failures, interruptions or breaches of security involving these systems could have an adverse effect on our operations, financial condition and results of operations. Our business is highly dependent on the successful and uninterrupted functioning of our information technology and telecommunications systems, third-party servicers accounting systems and mobile and online banking platforms. We outsource some of our major systems, such as payment processing systems, and online banking platforms. To revise based on outsourced systems. The failure of these systems, or the termination of a third-party software license or service agreement on which any of these systems is based, could interrupt our operations. Because our information technology and telecommunications systems interface with and depend on third-party systems, we could experience service denials if demand for such services exceeds capacity or such third-party systems fail or experience interruptions. If sustained or repeated, a system failure or service denial could result in a deterioration of our ability to process new and renewal loans, gather deposits and provide customer service, compromise our ability to operate effectively, damage our reputation, result in a loss of customer business and/or subject us to additional regulatory scrutiny and possible financial liability, any of which could have a material adverse effect on our financial condition and results of operations. In addition, failure of third parties to comply with applicable laws and regulations, or fraud or misconduct on the part of employees of any of these third parties could disrupt our operations or adversely affect our reputation. It may be difficult for us to replace some of our third party vendors, particularly vendors providing our core banking, debit card services and information services, in a timely manner if they are unwilling or unable to provide us with these services in the future for any reason and even if we are able to replace them, it may be at higher cost or result in the loss of customers. Any such events could have a material adverse effect on our business, financial condition or results of operations. Our operations rely heavily on the secure processing, storage and transmission of information and the monitoring of a large number of transactions on a minute-by-minute basis, and even a short interruption in service could have significant consequences. We also interact with and rely financial counterparties and regulators. Each of these third parties may be targets of the same types of fraudulent activity, computer break-ins and other cyber security breaches described above or herein, and the cyber securitymeasures that theymaintain tomitigate the risk of such activitymay be different than our own andmay be inadequate. As a result of financial entities and technology systems becoming more interdependent and complex, a cyber incident, information breach or loss, or technology failure that compromises the systems or data of one or more financial entities could have a material impact on counterparties or other market participants, including ourselves. Although we review business continuity and backup plans for our vendors and take other safeguards to support our operations, such plans or safeguards may be inadequate. 25