BPCE - 2018 Registration document

RISK REPORT Risk governance and management system

STANDARD RISK GOVERNANCE STRUCTURE AT A GROUP INSTITUTION ➡

Internal Control Coordination Committee

Risk Management Executive Committee

Level of executive managers (1) Credit risks Credit Risk Committee Credit or Committment Committee Provisions and Recovery Committee watch-list Committee

Risk and Compliance functions

Financial risks

Non-financial risks

ALM Committee

Operational risks Non-compliance risks

Market Risk Committee

Business non-continuity risks Information system security

Non-financial Risk Committee

Within its remit and across its entire scope, the Risk, Compliance and Permanent Control division: presents the Management Board and Supervisory Board with a risk ● appetite framework for the Group and ensures its implementation and roll-out at each major entity; helps draw up risk policies on a consolidated basis, examines overall ● risk limits, takes part in discussions on capital allocation and ensures that portfolios are managed in accordance with these limits and allocations; helps the Groupe BPCE Management Board to identify emerging ● risks, concentration of risk and other various developments, and to devise strategy and adjust risk appetite; performs stress tests with the goal of identifying areas of risk and the Group’s resilience under various predetermined shock scenarios; defines and implements standards and methods for consolidated ● risk measurement, risk-taking approval, risk control and reporting and compliance with laws and regulations; assesses and controls the level of risk across the Group; ● conducts permanent supervision, including detecting and resolving ● limit breaches, and centralized forward-looking risk reporting on a consolidated basis;

conducts controls to ensure that the operations and internal ● procedures of Group companies comply with legal, professional, or internal standards that apply to banking, financial and insurance activities; performs Level 2 controls of certain processes used to prepare ● financial information and implements a Group Level 2 permanent risk control system; manages risk information systems, working closely with the IT ● departments, while defining the standards to be applied for the measurement, control, reporting and management of risks; is functionally subordinate to the Risk and Compliance functions, ● contributing to the work of local Risk Management Committees or receiving the results of their work, coordinating department operations and approving the appointment or dismissal of all new Heads of Risk Management, Heads of Compliance, or Heads of Risk and Compliance, and meeting with the relevant managers and/or teams at national or local meetings and during checks performed on-site or at BPCE; helps disseminate risk and compliance awareness and promote the ● sharing of best practices throughout the Group; carries out the annual macro-level risk mapping exercise, factoring ● in the overall risk policy, risk appetite and annual permanent control plan, which is part of the internal control system.

6

629

Registration document 2018