CHFC 2018 Annual Report

to civil litigation and possible financial liability-any of which could have a material adverse effect on our business, financial condition and results of operations. We depend on information technology and telecommunications systems of third-party servicers, and systems failures, interruptions or breaches of security involving these systems could have an adverse effect on our operations, financial condition and results of operations. Our business is highly dependent on the successful and uninterrupted functioning of our information technology and telecommunications systems, third-party servicers accounting systems and mobile and online banking platforms. We outsource some of our major systems, such as payment processing systems, and online banking platforms. To revise based on outsourced systems. The failure of these systems, or the termination of a third-party software license or service agreement on which any of these systems is based, could interrupt our operations. Because our information technology and telecommunications systems interface with and depend on third-party systems, we could experience service denials if demand for such services exceeds capacity or such third-party systems fail or experience interruptions. If sustained or repeated, a system failure or service denial could result in a deterioration of our ability to process new and renewal loans, gather deposits and provide customer service, compromise our ability to operate effectively, damage our reputation, result in a loss of customer business and/or subject us to additional regulatory scrutiny and possible financial liability, any of which could have a material adverse effect on our financial condition and results of operations. In addition, failure of third parties to comply with applicable laws and regulations, or fraud or misconduct on the part of employees of any of these third parties could disrupt our operations or adversely affect our reputation. It may be difficult for us to replace some of our third party vendors, particularly vendors providing our core banking, debit card services and information services, in a timely manner if they are unwilling or unable to provide us with these services in the future for any reason and even if we are able to replace them, it may be at higher cost or result in the loss of customers. Any such events could have a material adverse effect on our business, financial condition or results of operations. Our operations rely heavily on the secure processing, storage and transmission of information and the monitoring of a large number of transactions on a minute-by-minute basis, and even a short interruption in service could have significant consequences. We also interact with and rely financial counterparties and regulators. Each of these third parties may be targets of the same types of fraudulent activity, computer break-ins and other cyber security breaches described above or herein, and the cyber securitymeasures that theymaintain tomitigate the risk of such activitymay be different than our own andmay be inadequate. As a result of financial entities and technology systems becoming more interdependent and complex, a cyber incident, information breach or loss, or technology failure that compromises the systems or data of one or more financial entities could have a material impact on counterparties or other market participants, including ourselves. Although we review business continuity and backup plans for our vendors and take other safeguards to support our operations, such plans or safeguards may be inadequate. As a result of the foregoing, our ability to conduct business may be adversely affected by any significant disruptions to us or to third parties with whom we interact. Additionally, regulators expect financial institutions to be responsible for all aspects of their performance, including aspects which they delegate to third parties. Disruptions or failures in the physical infrastructure or operating systems that support our businesses and clients, or cyber-attacks or security breaches of the networks, systems, devices, or software that our clients use to access our products and services could result in client attrition, regulatory fines, penalties or intervention, reputational damage, reimbursement or other compensation costs, and additional compliance costs, any of which could materially adversely affect our results of operations or financial condition. We rely on quantitative models to manage certain accounting, risk management and capital planning functions. We use quantitative models to help manage certain aspects of our business and to assist with certain business decisions, including estimating probable loan losses, measuring the fair value of financial instruments when reliable market prices are unavailable, estimating the effects of changing interest rates and other market measures on our financial condition and results of operations, risk management and for capital planning purposes. Our modeling methodologies rely on many assumptions, historical analyses and correlations. These assumptions may be incorrect, particularly in times of market distress, and the historical correlations on which we rely may no longer be relevant. Additionally, as businesses and markets evolve, our measurements may not accurately reflect this evolution. Even if the underlying assumptions and historical correlations used in our models are adequate, our models may be deficient due to errors in computer code, bad data, misuse of data, or the use of a model for a purpose outside the scope of the model’s design. All models have certain limitations. Reliance on models presents the risk that our business decisions based on information incorporated from models will be adversely affected due to incorrect, missing or misleading information. In addition, our models 29