BPCE - 2018 Registration document

6 RISK REPORT

Non-compliance, security and operational risks

€ 38 million per claim and per year, solely reserved for “Global b) Banking” risk; € 25 million per claim and per year, solely reserved for c) “Professional Civil Liability” risk; € 70 million per claim and per year, combined “Global d) Banking/Professional Civil Liability” Insurance available in addition to or after use of the amounts guaranteed set out in b) and/or c) above. The maximum amount that can be paid out for any one claim under this arrangement is € 109.75 million under “Professional Civil Liability” coverage and € 109.75 million under “Fraud” coverage in excess of the applicable deductibles. B. “Regulated Intermediation Liability” (in three areas: Financial Intermediation, Insurance Intermediation, Real Estate Transactions/Management) with a total maximum payout of € 10 million per claim and per year. C. “Operating Civil Liability” covering € 100 million per claim, as well as a “Subsidiary Owner Civil Liability”/“Post Delivery-Reception INSURANCE COMPLIANCE AND RISKS Groupe BPCE’s three Level 2 control teams were merged in the Risk, Compliance and Permanent Control division (DRCCP) in the interest of combining Insurance, risk and compliance expertise. Insurance risks The DRCCP, in coordination with Natixis’ Insurance division, ensures the effective implementation and operation of Insurance risk oversight processes (including underwriting risk) at the main Insurance companies in which the Group is the major shareholder: Natixis Assurances (including its subsidiary BPCE Assurances), Compagnie Européenne de Garanties et de Cautions (CEGC), Prépar-Vie and Coface. Insurance risk oversight committees have been formally set up for each company and meet on a quarterly basis. CNP Assurances, in which the Group is a minority shareholder, is also subject to DRCCP supervision due to its materiality, via a mechanism specific to financial conglomerates (CNP additional supervisory committee). The principle of subsidiarity applies within this framework, with controls carried out first by the Insurance companies, then at the level of the Risk divisions of the banking parent companies (Natixis and BRED Banque Populaire) and then by Groupe BPCE’s DRCCP, which reports to the Group Risk and Compliance Committee every six months.

Civil Liability” coverage extension for up to € 35 million per claim and per year of Insurance. D. “Company Directors Civil Liability” for up to € 200 million per claim and per year of Insurance. E. “Property Damage” to “Registered Offices & Similar” and to their content (including IT equipment) and the consecutive “losses in banking activities”, for up to € 400 million per claim. F. “Protection of Digital Assets against Cyber-Risks” & the consecutive “losses in banking activities”, for up to € 140 million per claim and per year of Insurance. This coverage extends worldwide for initial risk or umbrella risk, subject to certain exceptions, mainly in terms of “Professional Civil Liability” where the policy does not cover permanent institutions based in the United States (where coverage is obtained locally by Natixis’ US operations). All the Insurance policies mentioned above were taken out with reputable, creditworthy Insurance companies and in excess of the deductibles and Groupe BPCE’s risk-retention capacity. “imperatives”, pre-specifying expectations on new products for manufacturers and relevant staff at BPCE SA group. Banking institutions authorized to operate as Insurance brokers are subject to brokerage law and required to comply in full. Accordingly, standards are disseminated and operationally implemented, an approval processes is carried out for new products distributed by the Group, sales processes and professional ethics are monitored, training modules are reviewed and updated and, lastly, content, advertisements and documents intended for the networks and training activities are validated. ADDITIONAL SUPERVISION OF FINANCIAL CONGLOMERATES Groupe BPCE has been identified by the ACPR/ECB as a financial conglomerate, based on the absolute and relative size of its banking and Insurance businesses. Since the launch of the Single Supervisory Mechanism (SSM), the ECB has coordinated the supervision of financial conglomerates predominantly focused on banking. A mission statement on additional supervision, highlighting the work already undertaken by the DRCCP over the last several years, was validated by the Management Board in December 2017. A committee in charge of additional supervision of financial conglomerates was formally established and will meet three to four times a year, reporting on conglomerate-related matters to the Group Risk Management and Compliance Committee. Furthermore, as BPCE is a minority shareholder of CNP, in the interest of rounding out the “Insurance risk” system, the decision was made with the CNP Risk division to establish an additional supervisory committee, meeting quarterly, focused on the obligations of CNP as a financial conglomerate (“CSC CNP”).

Compliance and Risks – Insurance & Non-Banking Operations 6.11.6

Insurance compliance

The aim of Insurance compliance is to ensure that sales of Insurance products comply with all applicable laws, regulations and ACPR recommended best practices, reflected in standards set for distributing institutions. Insurance Compliance also drafts

692

Registration document 2018