16

In recent periods there has been a rise in fraudulent electronic activity, security breaches, and cyber-attacks within the

financial services industry, especially in the banking sector. Some financial institutions have reported breaches of their

websites and systems which have involved sophisticated and targeted attacks intended to misappropriate sensitive or

confidential information, destroy or corrupt data, disable or degrade service, disrupt operations or sabotage systems.

These breaches can remain undetected for an extended period of time. Furthermore, our customers and employees have

been, and will continue to be, targeted by parties using fraudulent e-mails and other communications that may appear

to be legitimate messages sent by the Bank, in attempts to misappropriate passwords, card numbers, bank account

information or other personal information or to introduce viruses or malware to personal computers through so-called

“Trojan horse” programs. Information security risks for financial institutions have increased in part because of new

technologies, mobile services and other Internet or web-based products used to conduct financial and other business

transactions, and the increased sophistication and activities of organized crime, perpetrators of fraud, hackers, terrorists

and others. The secure maintenance and transmission of confidential information, as well as the secure and reliable

execution of transactions over our systems, are essential to protect us and our customers and to maintain our customers’

confidence. Despite our efforts to identify, contain and mitigate these threats through detection and response

mechanisms, product improvement, the use of encryption and authentication technology, and customer and employee

education, such attempted fraudulent activities directed against us, our customers, and third party service providers

remain a serious issue. The pervasiveness of cyber security incidents in general and the risks of cyber-crime are

complex and continue to evolve.

We also face risks related to cyber-attacks and other security breaches in connection with debit card transactions that

typically involve the transmission of sensitive information regarding our customers through various third parties. Some

of these parties have in the past been the target of security breaches and cyber-attacks, and because the transactions

involve third parties and environments that we do not control or secure, future security breaches or cyber-attacks

affecting any of these third parties could impact us through no fault of our own, and in some cases we may have

exposure and suffer losses for breaches or attacks relating to them. We also rely on third party service providers to

conduct certain other aspects of our business operations, and face similar risks relating to them. While we regularly

conduct security assessments on these third parties, we cannot be sure that their information security protocols are

sufficient to withstand a cyber-attack or security breach.

Any cyber-attack or other security breach involving the misappropriation or loss of Company assets or those of its

customers, or unauthorized disclosure of confidential customer information, could severely damage our reputation,

erode confidence in the security of our systems, products and services, expose us to the risk of litigation and liability,

disrupt our operations, and have a material adverse effect on our business.

If our information systems were to experience a system failure, our business and reputation could suffer.

We

rely heavily on communications and information systems to conduct our business. The computer systems and network

infrastructure we use could be vulnerable to unforeseen problems. Our operations are dependent upon our ability to

minimize service disruptions by protecting our computer equipment, systems, and network infrastructure from physical

damage due to fire, power loss, telecommunications failure or a similar catastrophic event. We have protective

measures in place to prevent or limit the effect of the failure or interruption of our information systems, and will

continue to upgrade our security technology and update procedures to help prevent such events. However, if such

failures or interruptions were to occur, they could result in damage to our reputation, a loss of customers, increased

regulatory scrutiny, or possible exposure to financial liability, any of which could have a material adverse effect on our

financial condition and results of operations.

We are subject to a variety of operational risks, including reputational risk, legal risk, compliance risk, the risk

of fraud or theft by employees or outsiders, and the risk of clerical or record-keeping errors, which may

adversely affect our business and results of operations.

If personal, non-public, confidential or proprietary customer

information in our possession were to be mishandled or misused, we could suffer significant regulatory consequences,

reputational damage and financial loss. This could occur, for example, if information was erroneously provided to

parties who are not permitted to have the information, either by fault of our systems, employees, or counterparties, or

where such information is intercepted or otherwise inappropriately taken by third parties.

Because the nature of the financial services business involves a high volume of transactions, certain errors may be

repeated or compounded before they are discovered and successfully remediated. Our necessary dependence upon

automated systems to record and process transactions and our large transaction volume may further increase the risk