BPCE - 2018 Registration document

RISK REPORT Risk governance and management system

RISK MANAGEMENT AND COMPLIANCE CULTURE Strict risk management is one of the core principles observed by BPCE, which has always placed a risk management and control culture at the top of its priorities. To contribute to the expansion of the Group’s activities, in accordance with its risk appetite, BPCE has decided to allocate additional resources to promoting and strengthening the risk and compliance culture at all levels. To this end, the Governance and Coordination department’s Risk and Compliance Culture division is tasked with: developing risk and compliance training and awareness programs, ● at all Group levels; overseeing macro-level risk mapping for the institutions and ● BPCE SA group; assisting the institutions with changes pertaining to risk and ● compliance in their operations (sharing best practices, new procedures, structures, etc.); including the risk and compliance culture in human resources ● management processes, such as employee career management and mobility; coordinating the preparation of the risk and compliance sections of ● the Groupe BPCE registration document and Pillar III report – for the DRCCP; coordinating the operations of the Group Credit function; ● establishing the Groupe BPCE code of conduct and ethics; ● offering the benefit of its risk management expertise to the Sales ● functions, particularly during meetings of the New Products Committee, and implementing/updating the sales processes of Group institutions. Macro-level risk mapping – group institutions Established in 2017, macro-level mapping of the risks incurred by Group institutions complies with regulations, and specifically with the Ministerial Order of November 3, 2014 on internal control which stipulates, in Articles 100, 101 and 102, the requirement of a “risk mapping system that identifies and assess risks incurred due to internal and external factors”. The aim of this system is to secure the operations of its institutions and support their long-term financial profitability and growth. By identifying and rating its risks, each Group institution establishes its own risk profile and priority risks. This risk-driven approach, based on the rating of the risk management system, lays the groundwork for the implementation and follow-up of targeted action plans. Macro-level risk mapping plays a central role in an institution’s overall risk management system: it is closely linked to the risk appetite system by establishing the ● institution’s risk profile and determining its priority risks; it contributes to the Group’s SREP (Supervisory Review and ● Evaluation Process) by identifying its main risks from a risk management and supervisory standpoint;

banking regulations and Group charters. The findings of this report improve operational efficiency and optimize best practices throughout Groupe BPCE. Activities specifically focused on the Lagarde report are being monitored in conjunction with the Group’s institutions. There is also a system in place to monitor anomalies observed at Group institutions, aimed at ensuring that business is conducted properly. Activities in 2018 In 2018, the DRCCP carried out several initiatives that strengthened the Risk and Compliance oversight and coordination system, including in particular: annually reviewing the Group risk appetite system and its ● interaction with the single risk mapping system, and implementing Article 98 of the Ministerial Order of November 3, 2014 on internal control. The risk appetite system is reviewed on a quarterly basis to ensure it remains consistent with the Group system; enhancing and expanding the function’s regulatory briefings and ● half-yearly reports submitted by the DRCCP to the directors and Heads of Risk Management for the Banque Populaire banks, Caisses d’Epargne and subsidiaries; performing an enhanced analysis of the half-yearly summaries ● prepared by all Executive Committees covering the risks incurred by the Banque Populaire banks and Caisses d’Epargne, for the purpose of sharing best practices and detecting potential areas of risk, for discussion when visiting the institutions; ensuring close coordination and oversight during the preparation of ● regulatory reports (Lagarde report, Ministerial Order of November 3, 2014 on internal control, Management Board’s quarterly report to the Supervisory Board, etc.); preparing a summary of all reports issued by the Group Inspection ● Générale division or by the supervisory and control authorities, used to identify trends and shared with the entire function during Risk Management and Compliance days; contributing to Group institution risk assessments; ● making the rounds of all Group institutions over the course of the ● year; acclimating new Heads of Risk Management and Compliance by ● putting them through special training courses; organizing regional platforms to exchange best practices and ● address collective efficiency issues concerning the Risk and Compliance functions; overseeing governance of the Risk and Compliance functions; ● defining benchmark standards applicable to all Risk, Compliance ● and Permanent Control division employees; establishing an assessment of the Risk Management functions and ● compliance certification separately on a semi-annual basis.

6

631

Registration document 2018