BPCE - 2018 Registration document

RISK REPORT General structure of Groupe BPCE’S internal control system

General structure of Groupe BPCE’S 6.2 internal control system

The Group control system relies on three levels of controls, in accordance with banking regulations and sound management practices – two levels of permanent controls and one level of periodic control – as well as the establishment of consolidated control processes in accordance with provisions approved by BPCE’s Management Board.

6.2.1

Participants in the control system

PERMANENT CONTROL BY LINE MANAGEMENT (LEVEL 1)

Depending on the situation and activit(ies) in question, Level 1 controls are performed, jointly if applicable, by a special-purpose Middle Office-type control unit or accounting control entity, by the operational staff themselves, or by line managers. Level 1 controls are formally reported to the relevant Permanent Control divisions or functions. PERMANENT CONTROL BY DEDICATED ENTITIES (LEVEL 2) Level 2 permanent controls, within the meaning of Article 13 of Ministerial Order A-2014-11-03 on internal control, are performed by entities dedicated exclusively to this duty within the Group’s Risk, Compliance and Permanent Control division. Other central functions also contribute to the permanent control system, such as the Legal Affairs division and the Group Human Resources division for certain issues affecting the pay policy. The entire system was approved by the Management Board on December 7, 2009 and presented to the Audit Committee on December 16, 2009. It was also presented to the Supervisory Board of BPCE. The Risk Charter was reviewed in 2017 and the body of standards consists of three Group charters covering all activities: the Group’s Internal Control Charter: an umbrella charter based on ● the following two separate charters: the Internal Audit Charter, - and the Risk, Compliance and Permanent Control Charter. - As mentioned above, the system also includes the Information System Security department and, to a certain extent, the Human Resources and Legal Affairs departments.

Level 1 permanent control is the first link in internal control and is primarily performed by operational or support departments under the

supervision of their line management. These departments are responsible for:

implementing formalized, documented and reportable self-checks; ● documenting and verifying compliance with transaction processing ● procedures, detailing the responsibility of those involved and the types of checks carried out; verifying the compliance of transactions; ● implementing recommendations drawn up by Level 2 control ● functions on the Level 1 control system; reporting to and alerting Level 2 control functions. ●

6.2.2

Permanent and Periodic Control departments

6

Integrated Permanent and Periodic Control departments have been set up throughout Groupe BPCE. Two Permanent and Periodic Control divisions are established within the central institution, under its authority: the Group Risk, Compliance and Permanent Control division for permanent controls and the Group Inspection Générale division for periodic controls. The permanent and periodic control functions, which are located at affiliates and subsidiaries subject to banking supervision, are functionally subordinate, as consolidated control departments, to BPCE’s corresponding Central Control divisions and report to their entity’s executive body. This subordination link includes approval of the appointment and dismissal of managers responsible for permanent or periodic control at affiliates and direct subsidiaries; reporting, disclosure and alert obligations; standards implemented by the central institution and laid out in a body of standards; and the definition or approval of control plans. These links have been formally defined in charters covering each department.

613

Registration document 2018