AFD // 2021 Universal Registration Document

RISK MANAGEMENT 4 Risk management

Non-compliance risk monitoring is ongoing and backed by a risk map. The following changes were made to the non-compliance risk management system during 2021: P as regards the fight against corruption and influence peddling: continued roll out of the last segments of the AFD Group’s compliance programme, as required by the law on transparency, the fight against corruption and the modernisation of economic life (SAPIN ɸ 2); P as regards the fight against fraud and prohibited practices within the meaning of the Group’s general policy: creation and provision of a reporting mechanism, open to third parties outside the AFD Group, on the AFD and Proparco website; P as regards the internal control structure: amendments to the procedural documents impacted by the overhaul of the Decree of 3 ɸ November 2014 and the adoption of the Decree of 6 ɸ January 2021, and control of the due appointment of the persons undertaking new positions in relation to the permanent and periodic control of the anti-money laundering and anti-terrorist financing system. Insurance – Coverage of risks run by AFD AFD has a “Civil Liability” insurance policy that also covers Proparco, a “Directors and Officers civil liability” policy, a “labour relations” policy, a “first excess property damage” policy that also covers Proparco and VAL, an “all exhibition risks – works of art” policy, and a “Directors and Officers civil liability specific to supplementary pension scheme management (IGRS) risk policy” (1) . All of the network’s agencies are covered by locally underwritten insurance policies (multi-risk residential and office, and civil liability for office activities). These policies are accompanied by vehicle insurance covering head office (head office policy) and the network (local policies) plus “worldwide” “individual accident” insurance guaranteeing disbursement of share capital in case of death or disability caused by an accident with a vehicle belonging to or rented by ɸ AFD. 4.3.6.4 Risks related to the information system Information systems security The Security Department oversees all aspects of ICT risks, including IS security. To this end, the head of the department is supported by the AFD Group’s head of IT system security (RSSI). An analysis of ITC (information and communication technologies) risks is carried out at least once a year under the IS risk governance system. Security risks are extracted from it and processed under the IT security management system (SMSI), in compliance with ISO ɸ 27001. The SMSI provides a framework for addressing AFD’s IT-related risks, from appraisal of the risks to implementing remedial measures and ongoing IT system security checks. After the annual risk analysis, AFD’s operational risk map and the triennial security project plan are updated. The steering bodies use this plan to determine the security upgrades for the IT system.

with subsidiaries and equity investments, new products, climate finance, digital, ɸ etc.); P in market transactions; P in institutional matters (bylaws, governance, relations with the State and supervisory bodies, ɸ etc.); P regarding banking and finance regulations; P in criminal matters, on all subjects where AFD Group or its directors may be held liable; P by providing consulting services for all AFD entities. To AFD’s knowledge, there are no governmental, legal or arbitration proceedings, whether suspended or pending, that could have or have had a material effect on the financial situation or the profitability of AFD and/or AFD Group over the last 12 ɸ months. 4.3.6.3 Non-compliance risks According to regulations, the Compliance Department is responsible for the prevention, detection, monitoring and management of non-compliance risks throughout AFD Group. Non-compliance risk is defined as “the risk of legal, administrative or disciplinary sanction, material financial loss or loss to reputation arising from failure to comply with the provisions governing banking and financial activities, whether they be directly applicable legal, regulatory, national or European provisions, or whether they are professional and ethical standards or the instructions given by executive officers, particularly in light of the guidelines from the supervisory body” (Decree of 3 ɸ November 2014, Article ɸ 10p). The Compliance Department ensures the Group complies with (i) ɸ internal and external provisions related to preventing money laundering and terrorist financing (AML/CFT), (ii) ɸ provisions related to the fight against corruption and associated offences as well as fraud and anti-competitive practices, (iii) ɸ provisions to do with abiding by national and international trade and financial sanctions, (iv) ɸ provisions that govern, with regard to banking ethics, the performance of banking and financing activities or (v) ɸ provisions that ensure the protection of the personal data and private lives of clients. The department is part of the Executive Risk Department. The Compliance function reports on its activities to the Internal Control Committee (Cocint) and to the New Products and New Activities Committee (Coconap in its Compliance configuration), as well as the Regulatory Risk Committee. The Compliance function covers all sectors, operations, geographic areas and regulatory contexts of AFD Group. In addition to operational projects and activities, it also concerns the Group’s new activities and products, in accordance with regulations. Its ultimate aim is to ensure that non-compliance risks are appropriately evaluated in the interest of preventing and limiting the exposure of AFD Group and its management to legal and/ or administrative action and to reputational risks, by supervising them should these risks arise.

(1) This insurance contract has been transferred to and is managed by the HR Department.

110

www.afd.fr

2021 UNIVERSAL REGISTRATION DOCUMENT