BPCE - 2018 Registration document

5 FINANCIAL REPORT

Controls of accounting and financial reporting quality

5.8.3

Control process for accounting and financial data

GENERAL SYSTEM Groupe BPCE’s internal control system contributes to the management of all types of risk and enhances the quality of accounting and financial information. It is organized in accordance with legal and regulatory requirements, including those arising from the Ministerial Order of November 3, 2014 on internal control and texts governing BPCE. It concerns all Group companies, which are monitored on a consolidated basis. The system is managed by an Umbrella Charter governing the organization of Group internal control which represents the main principles, defines the scope of application, lists all actors concerned and their role to ensure the correct operation of the internal control system of each company and the Group. The Umbrella Charter covering the organization of Group internal control is accompanied by: a charter covering the Periodic Control department; ● a risk, Compliance and Permanent Control Charter covering the ● Permanent Control departments; frameworks and standards including one covering the accounting ● and financial information quality control system. APPLICATION OF THE CONTROL FRAMEWORK WITH REGARD TO ACCOUNTING AND FINANCIAL DATA The control of accounting and financial reporting quality is defined in accordance with the requirements of the Ministerial Order of November 3, 2014 concerning internal control, particularly Article 11c), which requires the “verification of accounting and financial reporting quality, related to information addressed to either the executive managers or the supervisory body, whether submitted to the supervisory and control authorities or appearing in documents intended for publication.” Within the central institution, the Risk, Compliance and Permanent Control division (DRCCP) coordinates the permanent control system for accounting and financial reporting as part of an Operational “Review” function, the rules of which are set out in the “Accounting and financial information quality control framework” approved by the Group Internal Control Coordination Committee on June 9, 2016. In accordance with the regulatory obligations set out by the Ministerial Order of November 3, 2014 on internal control (and in particular Article 11 c) and Title III), this framework defines the interaction of the system’s first and second level, the management of the mechanism within the Group, and takes into account changes in the regulatory provisions, as well as in the Group’s internal control system, since it was created. This single framework applies to all Groupe BPCE entities monitored on a consolidated basis. The entities were required to implement the new principles introduced by this framework by December 31, 2017. In addition to this framework, the control mechanism is also governed:

at the first level, by the body of standards, the uniformity of the ● information consolidation system and the body of documents described in Section 5.8.2 above; at the second level, by Group review standards which constitute the ● operational version of the framework, Group review guidelines which provide specific methodology information and the standard for accounting and financial information controls that can be carried out by the entities and upon which the institute-wide control approach is based with results reported to the central institution. Within the institutions Reflecting the decentralized nature of Groupe BPCE, internal control procedures are tailored to the organization of each consolidated entity. In all cases, these procedures include three levels of controls: a basic level, i.e. “first level controls” (control), relating to ● operational departments and integrated into accounting treatment procedures; an intermediate level, i.e. “second-level controls” (review), ● organized and managed by a Specialist Audit function dedicated to second-level controls on accounting and financial data: the Review. This function performs independent controls of operating processes to ensure the reliability and exhaustive nature of the accounts, in co-operation with the other permanent control functions; an upper level, i.e. “third-level controls” (audit), involving periodic ● controls organized under the authority of the Local Internal Audit department or the Group’s Inspection Générale division, or controls performed by parties external to Groupe BPCE (particularly Statutory Auditors, the Autorité de contrôle prudentiel et de résolution and the European Central Bank). Within the central institution Supervision and “Review” function relations Within the Risks, Compliance and Permanent Control division, the Operational Review function is managed by the Financial Review division. Its head, who reports to the head of Permanent Control Coordination, is a standing guest member of the Group Internal Control Coordination Committee and has been granted powers to set standards for the process. In conjunction with the shareholder institutions and Group subsidiaries, the Financial Review division maintains a strong functional link between the offices within the Group institutions and that of the central institution. This is to guarantee the quality of the Group’s accounting and financial reporting. Its main duties are to: facilitate sharing of best practices within a special-purpose ● committee (Auditors’ Committee) and working groups; organize the drafting and distribution of the set of standards and ● documents for the process; coordinate each entity’s system for reporting to the central ● institution so that it can assess their system for producing and controlling accounting and financial information; visiting entities whose systems are falling behind those of others. ●

592

Registration document 2018