BPCE - 2018 Registration document

RISK REPORT General structure of Groupe BPCE’S internal control system

GROUP RISK MANAGEMENT AND COMPLIANCE COMMITTEE: UMBRELLA COMMITTEE Its scope covers the entire Group (central institution, networks and all subsidiaries). It sets the broad risk policy, decides on the global ceilings and limits for Groupe BPCE and for each institution, validates the authorization limits of other committees, examines the principal risk areas for Groupe BPCE and for each institution, reviews consolidated risk reports and approves risk action plans for the measurement, supervision and management of risks, as well as Groupe BPCE’s principal risk standards and procedures. It monitors limits (Ministerial Order of November 3, 2014 on internal control, Article 226), particularly when overall limits are likely to be reached (Ministerial Order of November 3, 2014 on internal control, Article 229). The committee also examines matters relating to non-financial risks, specifically including risks associated with the compliance of banking and insurance activities, investment services and financial security. Overall risk limits are reviewed at least once a year and presented to the Group Risk Management and Compliance Committee (Ministerial Order of November 3, 2014 on internal control, Article 224). The Umbrella Committee provides the Risk Management Committee of the Supervisory Board with proposed criteria and thresholds for the identification of incidents to be brought to the attention of the supervisory body (Ministerial Order of November 3, 2014 on internal control, Articles 98 and 244). The Group Risk Management Committee is notified twice a year of the conditions under which the established limits were observed (Ministerial Order of November 3, 2014 on internal control, Article 252).

At the same time, several committees are responsible either for defining groupwide methodology standards for measuring, managing, reporting and consolidating all risks throughout the Group, or for making decisions about risk projects with an IT component.

COMMITTEES SPECIFIC TO EACH DEPARTMENT Credit Risk/Commitment Committees

Several kinds of committees have been established to manage credit risk for the full Group scope, meeting at varying frequencies depending on their roles ( ex-post or decision-making analysis) and their scope of authority. Financial Risk Committees The Group has also established Decision-Making and Supervisory Committees for both market and structural ALM risk. The frequency of their meetings is tailored to institutional and Group needs. Non-Financial Risk Committee This committee meets quarterly and includes the various Groupe BPCE business lines affected by non-compliance and operational risks, while incorporating Information System Security, Business Continuity and Accounting Review issues. Its objective is to validate action plans targeting these risks, which are included in the single map covering all risks incurred across Groupe BPCE. It also performs consolidated supervision of losses, incidents and alerts, including reports made to the ACPR under Article 98 of Ministerial Order A-2014-11-03 in respect of non-financial risks.

6

615

Registration document 2018