AFD // 2021 Universal Registration Document

RISK MANAGEMENT Risk management

4.3 Risk management

sectors, operations, geographic areas and regulatory contexts of AFD Group. Its ultimate aim is to ensure that non-compliance risks and risks to the Group’s reputation are monitored and managed. The Compliance function’s field of expertise enables it to (i) ɸ decide on AFD Group’s financial security policy, (ii) ɸ ensure that the financial institution follows the provisions on combating money laundering and terrorist financing, those on the prevention of corruption and on conducting banking and financial activities, and those ensuring the protection of clients’ personal data. 4.3.1.3 Periodic control system In view of the rules of independence of the function it performs, the General Inspection Department (IGE) reports to Executive Management and the Director of the IGE reports to the Internal Control Committee of the AFD Group. The IGE is in charge of the periodic control of transaction compliance, the actual risk level incurred, the respect of procedures, and the efficiency and suitability of the permanent control systems set up by AFD. It serves AFD’s internal audit function and has jurisdiction over all of the company’s activities, including outsourced activities. The Group’s risk management is governed through three main bodies: 1) the Board of Directors; 2) the committees emanating from the Board of Directors: P the Group Risk Committee Under the responsibility of the Board of Directors, the Group Risk Committee, set up in 2015 to meet the requirements of the Order of 3 ɸ November 2014, is responsible for: P conducting a regular review of the strategies, policies, procedures, systems, tools, and underlying limitations and assumptions and reporting its findings to the Board of Directors, P assessing all significant risks as listed by regulations and the risk management policies, and the changes made thereto; to this end, it is informed of significant incidents identified by the internal control procedures and of any significant anomalies detected by the anti money laundering and anti-terrorist financing monitoring and analysis system, as well as any shortcomings of this system, P assessing the measures taken to ensure business continuity, P advising the Board of Directors on the AFD Group’s overall strategy and risk appetite, both current and future, and assisting the supervisory body in overseeing the implementation of this strategy by management;

4.3.1 Internal control and risk monitoring AFD’s internal control system is intended to provide Executive Management with reasonable assurance of the implementation of the following three objectives: (i) ɸ implementation and optimisation of transactions, (ii) ɸ reliability of financial information, and (iii) ɸ compliance with laws and regulations. It includes the four targets set in the Decree of 3 ɸ November 2014, namely (i) ɸ the quality and reliability of accounting and financial information, (ii) ɸ the compliance of transactions, organisation, and internal procedures with legal and regulatory provisions, (iii) ɸ the quality of information systems, and (iv) ɸ compliance with decisions made by Executive Management. At AFD, the internal control process is overseen by the Operational Risk and Permanent Control Department (ROC) – which sits within the Group’s Executive Risk Department – and by the General Inspection Department (IGE) – reporting to Executive Management – for periodic controls. 4.3.1.1 Permanent control system The AFD Group’s permanent control process is supported by (i) ɸ the Permanent Control function – which sits within the ROC Department – responsible for leading and overseeing the AFD Group’s permanent control system, safeguarding its standardisation and effectiveness, (ii) ɸ Group managers, responsible for risk management at the level of their structure and who, in this respect, are the key contacts of the Permanent Control Function and (iii) ɸ any Group employees at the registered offices and in the international network, who come to identify and assess risks, conduct first and second level controls, report incidents and/or process them. AFD’s permanent control is exhaustive in scope, because its aim is to ensure that all risks generated by the Group’s activities, whatever they may be, are indeed subject to an appropriate control system. Lastly, with regard to the specific disbursements control system, the role of the Disbursement Control Division of the ROC Department is to carry out second-level checks following disbursements for AFD’s financing projects. It is a specialist unit that, in accordance with Article ɸ 14 of the Decree of 3 ɸ November 2014, is independent of operational structures and is responsible for controlling disbursement requests. 4.3.1.2 Compliance and anti-money laundering/ combating the financing of terrorism system (AML/CFT) The Compliance function performed by the Compliance Department (DCO) on behalf of AFD Group, which is independent of operational staff, is tasked with monitoring compliance in all

4

105

2021 UNIVERSAL REGISTRATION DOCUMENT