BPCE - 2018 Registration document

6 RISK REPORT

Risk governance and management system

Risk governance and management system 6.4

6.4.1

Governance of risk management

GROUPE BPCE’S RISK, COMPLIANCE AND PERMANENT CONTROL DIVISION Groupe BPCE’s Risk, Compliance and Permanent Control division (DRCCP) measures, monitors and manages risks, including non-compliance risks, pursuant to the Ministerial Order of November 3, 2014 on internal control. It ensures that the risk management system is efficient, complete and consistent, and that risk-taking is consistent with the guidelines for the business (particularly targets and resources of the Group and its institutions, including the Risk Management and Compliance functions or those contributing to Level 2 permanent control). Groupe BPCE’s Head of Risk Management, Compliance and Permanent Control, Deputy Chief Executive Officer of Groupe BPCE and member of the Executive Management Committee, is functionally subordinate to the Heads of Risk Management and Compliance of Group institutions. This strategic positioning enables risk controls to be performed objectively, as each Group entity’s operational functions are independent from its Risk and Compliance functions. It also promotes a risk management and compliance culture and the application of shared risk management standards, and ensures that managers are given independent, objective and detailed information on the Group’s risk exposures and any possible deterioration in its risk profile. Groupe BPCE places a strong focus on efficient organization of risk management across all Group entities, which is applied to all business lines, financing activities, customer segments, markets and regions where it operates. The governance structure is based on a series of Risk and Compliance Committees, coordinated by the DRCCP. The DRCCP will implement a new organizational structure in January 2019 for even greater efficiency.

The Group Risk Management and Compliance Committee, chaired by the Chairman of the Management Board, met eight times during fiscal year 2018 to review the adequacy of Groupe BPCE’s risk supervision mechanisms, and validated the annual review of the Group’s risk policies and limits. The committee found that credit, financial and operational risks (including compliance) are adequately covered, in line with the Group’s risk appetite framework validated by the BPCE Management Board and Supervisory Board, as presented in the “Risk Appetite” section, and closely related to the Group strategy as described in this document. From a more global standpoint, this system covers all risks referred to in the Ministerial Order of November 3, 2014 on internal control. The Risk, Compliance and Permanent Control division regularly ensures the effective application of risk and compliance standards via its control system, in particular those concerning prudential regulations. For example, the Risk Management department is notified of any new regulation with a prudential impact and information is shared with the department in charge of calculating the capital adequacy ratio. Similarly, all regulatory matters pertaining to compliance are incorporated and communicated to the relevant departments of the Groupe BPCE institutions. As for the nature of the risk assessment and reporting systems, the Group capitalizes on regulatory reports and reports specific to Groupe BPCE. Moreover, the Group uses risk maps which are regularly updated. These cover risk portfolios and the different types of risks, e.g. operational risks or non-compliance risks. All this work is presented at meetings of Group committees. A twofold assessment of a) Risk Management functions and b) Compliance functions is conducted every six months by the Risk Committee of the Groupe BPCE Supervisory Board.

628

Registration document 2018