BPCE - 2018 Registration document

RISK REPORT Non-compliance, security and operational risks

The Financial Conglomerates Directive requires insight into the entire scope of consolidation (banking, Insurance, asset management and non-financial sector). The main focuses of additional supervision are: “financial conglomerate” capital adequacy; ● intragroup transactions between different entities of the ● conglomerate; monitoring of risk concentration; ● risk management and the internal control system. ● In terms of risk monitoring: the financial conglomerate approach seeks to consolidate banking ● and Insurance sector-based metrics, particularly capital requirements; additional supervision is primarily based on the banking system as a ● whole and the Group Insurance Risk function. In order to provide forward-looking insight into the Group’s capital adequacy from a financial conglomerate standpoint, the Capital Management function defines multi-year forecasts for surplus capital. The conglomerate’s surplus capital is tracked using the Level 1 indicators derived from the Group RAF (risk appetite framework). All three aspects of the system (Insurance, banking and financial conglomerates) are presented to and discussed with the ECB/ACPR joint supervisory team (JST). Governance is reviewed, as are the main management reports or analyses that have been provided to BPCE Executive Management over the course of the year. In line with the system implemented for the Insurance business, this system is based on subsidiarity with the risk and Compliance divisions of the banking parent companies and business lines; in particular Natixis Investment Managers (NIM), which consolidates most of the Group’s assets under management. The DRCCP pursues the following main objectives via the Asset Management risk and compliance system: identifying major risks liable to impact the solvency performance 1. of Groupe BPCE as a financial conglomerate in terms of the coverage of its banking or conglomerate capital adequacy ratios; being involved in the function’s contributions during Group 2. assessments (ICAAP, PRP, stress tests, etc.) in order to identify business model risks on the contribution to results and capital, and to quantify and prioritize these risks; organizing the coordination of the system by specifying a risk and 3. compliance review and setting up a formal quarterly meeting; keeping executive management informed by presenting a 4. summary of the Asset Management risk and compliance review to the Group Risk Management and Compliance Committee. In the asset management business, the DRCCP is formally in charge of: coordinating the risk and compliance system (cross-business or focused workshops); organizing cross-business projects within the banking scope of operations; keeping executive management informed via a summary report to the members of the CRCG. ASSET MANAGEMENT RISKS AND COMPLIANCE

The system consists of contributions from the asset management companies and their work on risk, compliance and permanent controls. It is based in large part on Natixis Investment Managers, which accounts for the large majority of the Asset Management business. Groupwide supervision draws heavily on locally existing work and methodologies. The DRCCP works with Natixis or NIM to anticipate the impacts of regulatory consultations and changes.

ACTIVITIES IN 2018 Insurance risks

In 2018, the main projects undertaken were aimed at expanding stress tests and forecasting under Solvency II, Basel III, and the Financial Conglomerates Directive, and at strengthening governance: coordination of the Group’s approach to Insurance stress tests, ● particularly the 2018 ORSAs (own risk and solvency assessments); establishment of detailed financial assumptions shared by the ● companies (ORSAs), as well as an analysis of results and recommendations; oversight of major risks and contagion mechanisms; ● analysis of regulatory interactions (Basel III, Solvency II (1) , Financial ● Conglomerates Directive). After adding the Group’s Insurance companies to the bank ISTs (internal stress tests), as set out under the 2018 ICAAP (internal capital adequacy assessment process), the model was expanded to include: commissions paid by Insurance companies to the retail networks, as ● well as fees paid to the Group’s asset managers; stressed Insurance inputs (based on ORSAs) in addition to the ● economic and financial inputs used by the Group; the simulation of SCR and MCR SII sector ratios based on ICAAP ● scenarios, to document any capital requirements under stress; the integration of CNP Assurances in the Group’s ICAAP approach, ● following the establishment of the additional supervisory committee (CSC CNP). The DRCCP was tasked with building an Insurance economic capital model to reassess the bank capital used by Insurance on an economic basis. This was done in coordination with the BPCE/Natixis Finance divisions and the risk management divisions of the Insurance companies. Insurance compliance In terms of Insurance compliance, a regulatory project was launched in 2017 and will be completed in 2018 with the Investment Services Compliance function. The project pertains to IDD, PRIIPs and MiFID 2. BPCE’s Compliance department is responsible for monitoring the operational application of these regulations and directives throughout the Group.

6

The DRCCP exercises caution in terms of changes to Solvency II. The standard version is still being revised as of end-2018 and the LTG package will be reviewed in 2020. (1)

693

Registration document 2018