AFD - 2019 Universal registration document

RISK MANAGEMENT 4 Risk management

4.3.6.5 Tax risk AFD did not undergo any tax audits in 2019. 4.3.6.6 Other operational risks

a contingency on AFD’s two main head office buildings, has also been introduced. The Security Department (SEC) of the General Secretary has full responsibility for updating and controlling the BCP, the director of which is responsible for the Group’s business continuity management plan (BCMP). The SEC Director is responsible for crisis management and coordinates and synchronises the resumption of business once the BCP is triggered. The sixteen entities making up AFD, Sogefom and Proparco, whose activities are deemed essential and are covered by the BCP, are asked at least annually to revise their business impact assessments (BIAs) and update their degraded procedures. Each person in charge of entities registered in the BCP is responsible for applying the procedures of his or her BCP Kit once the plan has been triggered. In October Ǿ 2019 annual updates were finalised and the BCP kits published. A permanent standby mechanism at the level of the General Secretariat and Executive Committee (EXCOM) is in place to enable AFD to respond rapidly to a major disaster. The mechanism provides for a crisis unit led by an EXCOM member to be activated when in need. In case of a major disaster, the crisis unit decides whether to activate the BCP. The mechanism also covers Proparco and Sogefom. BCP activation tests were conducted in early 2019. The crisis management plan was tested in February Ǿ 2019 with the participation of the COMEX. No actual disasters leading to the activation of the emergency and business continuation plan occurred in 2019. An audit of the plan by the General Inspection Department (IGE) of AFD was begun in late 2016 and completed in February Ǿ 2017.

In addition to the risks detailed above, the Group’s permanent control system seeks to cover all risks within the remit of Basel categories 1 to 7 to which the Group is exposed (risks relating to (i) Ǿ internal and (ii) Ǿ external fraud, (iii) Ǿ human resources; concerning (iv) Ǿ the Group’s financing activity, (v) Ǿ personal safety, (vi) Ǿ information systems and (vii) Ǿ management, processes and procedures). This system for monitoring and mitigating all operational risks is based on: P operational risk mapping, which is the main tool used to measure and monitor these risks; P recording of operational incidents, enabling the implementation of corrective actions and new controls aimed at (i) Ǿ preventing any repeated dysfunction or limiting their impact and (ii) Ǿ improving operational risk mapping; P first and second level controls. Permanent control provides regular reports to the Group’s Risk Committee and Internal Control Committee (COCINT).

100

UNIVERSAL REGISTRATION DOCUMENT 2019

www.afd.fr