AFD - 2019 Universal registration document

RISK MANAGEMENT 4 Risk management

4.3 Risk management

4.3.1 Internal control and risk monitoring AFD’s internal control system is intended to provide Senior Management with reasonable assurance of the implementation of the following three objectives: (i) Ǿ implementation and optimisation of transactions, (ii) Ǿ reliability of financial information, and (iii) Ǿ compliance with laws and regulations. It includes the four targets set in the Decree of 3 Ǿ November Ǿ 2014, namely, (i) Ǿ the quality and reliability of accounting and financial information, (ii) Ǿ the compliance of transactions, organisation, and internal procedures with legal and regulatory provisions, (iii) the quality of information systems, and (iv) Ǿ compliance with decisions made by Senior Management. At AFD, the internal control process is overseen by the Operational Risk and Permanent Control Department (ROC) - which sits within the Group’s Executive Risk Department - and by the General Inspection Department (IGE) - reporting to Senior Management - for periodic controls. 4.3.1.1 Permanent control system The AFD Group’s permanent control process is supported by (i) Ǿ the Permanent Control function – which sits within the ROC department - responsible for leading and overseeing the AFD Group’s permanent control system, safeguarding its standardisation and effectiveness, (ii) Ǿ Group managers, responsible for risk management at the level of their structure and who, in this respect, are the key contacts of the Permanent Control Function and (iii) Ǿ any Group employees at the registered offices and in the international network, who come to identify and assess risks, conduct first and second level controls, report incidents and/or process them. AFD’s permanent control is exhaustive in scope, because its aim is to ensure that all risks generated by the Group’s activities, whatever they may be, are indeed subject to an appropriate control system. Lastly, with regard to the specific disbursements control system, the role of the Disbursement Control Division of the ROC department is to carry out second-level checks following disbursements for AFD’s financing projects. It is a specialist unit that, in accordance with Article Ǿ 14 of the Decree of 3 Ǿ November Ǿ 2014, is independent of operational structures and is responsible for controlling disbursement requests. 4.3.1.2 Compliance and anti-money laundering/ combating the financing of terrorism system (AML/CFT) The Compliance function performed by the Compliance Department (DCO) on behalf of AFD Group, which is independent of operational staff, is tasked with monitoring compliance in all sectors, operations, geographic areas and regulatory contexts

of AFD Group. Its ultimate aim is to ensure that non-compliance risks and risks to the Group’s reputation are monitored and managed. The Compliance function’s field of expertise enables it to (i) Ǿ decide on AFD Group’s financial security policy, (ii) Ǿ ensure that the financial institution follows the provisions on combating money laundering and terrorist financing, those on the prevention of corruption and on conducting banking and financial activities, and those ensuring the protection of clients’ personal data. 4.3.1.3 Periodic control system Given the rules governing the independence of the services that it provides, the General Inspection department (IGE) reports to AFD’s Chief Executive Officer. It is in charge of the periodic control of transaction compliance, the actual risk level incurred, the respect of procedures, and the efficiency and suitability of the permanent control systems set up by AFD. It serves AFD’s internal audit function and has jurisdiction over all of the company’s activities, including outsourced activities. The Group’s risk mitigation is governed through two main bodies: 1) the Board of Directors, via the Group Risk Committee and the Audit Committee, and The Internal Control Committee is the body through which the heads of Periodic Control, Permanent Control and Compliance of the Group report on the fulfilment of their roles to the executive officers, as stipulated in Article Ǿ 10 of the Decree of 3 Ǿ November Ǿ 2014. P The Group Risk Committee Reporting to the Board of Directors, the Group Risk Committee, created in 2015 to meet the requirements of the Decree of 3 Ǿ November Ǿ 2014, is tasked with (i) Ǿ carrying out a regular review of strategies, policies, procedures, systems, tools, and limits, and the underlying assumptions, (ii) Ǿ appraising all of the significant risks, risk management policies, and changes made to them, (iii) Ǿ appraising the measures taken to ensure business continuity, (iv) Ǿ advising the Board of Directors on the AFD Group’s overall strategy and risk appetite. P The Audit Committee Reporting to the Board of Directors, the Group Audit Committee is provided for in the bylaws. Since the Group’s Risk Committee was set up, it has been in charge of (i) Ǿ checking the clarity of the information provided and assessing the relevance of accounting methods, (ii) Ǿ assessing the quality of internal control from an accounting and financial perspective, (iii) Ǿ overseeing the choice of statutory auditors; 2) the Internal Control Committee. P The Internal Control Committee

94

UNIVERSAL REGISTRATION DOCUMENT 2019

www.afd.fr