BPCE - 2018 Risk report / Pillar III

11 NON-COMPLIANCE, SECURITY AND OPERATIONAL RISKS

The Compliance, Security and Operational Risk division works independentlyof the operational divisions, as well as of the other Internal Control divisions with which it cooperates. It has three major divisions: a Compliance department which covers three areas: banking ● compliance, investment services and financial security, notably ensured by BPCE’sTracfinofficers; a Security department covering all areas: personal and property ● safety, business continuity, information system security, cyber security and fraud watch, as well as coordinationof the new DPO (Data ProtectionOfficer) function; an Operational Risk Management department. ● The Compliance, Security and Operational Risk division carries out its duties within the frameworkof business line operations.To this end, it helps guide and motivate the Heads of the Compliance, Security and Operational Risk functions of the affiliates and subsidiaries. The Compliance Officers appointed by the various affiliates, including the Caisse d’Epargne and Banque Populaire parent companiesand direct subsidiariescovered by the regulatory system of banking and financial supervision, are functionally subordinate to the Compliance, Security and Operational Risk division. The Compliance,Securityand OperationalRisk departmentconducts any necessary initiatives to strengthen compliance, security and operational risk managementthroughout Groupe BPCE. As such, it sets out standards, shares best practices and coordinates working groups consisting of departmental representatives.

Promoting a culture of risk management and taking into account the legitimate interests of customers is also achieved through employee training. Consequently, the Compliance, Security and Operational Risk department: creates the content for the training materials used for the ● Compliance function and manages interactions with the Group Human Resources division and the Governanceand Coordination department of the DRCCP, which coordinates the annual work schedule for the Risk andCompliancefunctions; helps train Compliance staff, mainly through specialized annual ● seminars (financial security, ethics and compliance, banking compliance, coordination of permanent compliance controls, cybersecurity,etc.); coordinates the training program for heads of compliance and ● Compliance Officers; coordinates the Compliance, Security and Operational Risk ● functions of the institutions, primarily by organizing national compliance, security and operational risk days; draws on the expertise of the Compliance functions of Group ● institutions via theme-based workinggroups. Moreover, BPCE’s corporate compliance as well as the compliance of the Group’s Insurancebusinessesis handled by a dedicatedteam in the DRCCP Secretary’s Office.

198

Risk Report Pillar III 2018