BPCE - 2018 Risk report / Pillar III

NON-COMPLIANCE, SECURITY AND OPERATIONAL RISKS Compliance

Compliance 11.1

Organization

The Compliancefunction covers two main fields of expertise: Banking Compliance,aimed at preventingrisks of failure to comply ● with laws, regulations and professional standards governing KYC and the banking industry. To that end, it encompassessupport for operational departments in their compliance with regulatory changes, dissemination of standards (including ACPR recommendationsand EBA guidelines),complianceexpertisefor the purpose of helping approve new products or sales processes, supervision of document and challenge approval processes, and oversight of the Group’s outsourcedcritical or essential services. It also strengthens the managementof non-compliancerisk through oversight of complaints analysis, use of compliance controls and mapping of non-compliance risks reported by Groupe BPCE institutionswithin the scope of banking and KYC compliance;

Investment Services Compliance, which covers compliance and ● ethics in the conduct of financial activities, as defined by the AMF General Regulations. More broadly, it includes the prevention of conflicts of interests, ensuring that customer interests prevail, compliance with market rules and professional standards in the banking and financial sectors, and, finally, regulationsand internal standards governing business ethics. It also includes oversight of investment services and the operating procedures of investment services compliance officers (RCSIs). Since the end of 2016, Investment Services Compliance has also included SRAB commitments (Separation and Regulation of Banking Activities) – Volcker office.

Measurement and supervision of non-compliance risk Non-compliance risks are analyzed, measured, monitored and managed in accordance with the Ministerial Order of November 3, 2014, with the aim of:

Groupe BPCE manages non-compliance risk by mapping out its non-compliance risks and implementing mandatory Level 1 and 2 compliancecontrols common to all Group retail banking institutions. These control frameworkswere reviewed in 2018 for the purpose of adaptingthem to the risks and systemsin place, and will be rolled out in the first half of 2019. The impact of non-compliancerisk was measured with the Group’s operational risk teams, with the aid of OSIRISK, covering the risk management systems established by the institutions aimed at reducinggross risk levels.

ensuring a permanent overview of non-compliance risks and the ● associatedrisk preventionand mitigationsystem,includingupdated identification under the new non-compliance risk-mapping exercise; ensuring that the largest risks, if necessary, are subject to controls ● and action plansaimed at supervising them more effectively. Product governance and supervision All new products and services, regardless of their distribution channels, as well as sales materials that fall within the Compliance function’sremit, are reviewedby Compliancebeforehand.The purpose of this review is to ensure that applicableregulatoryrequirementsare met and that targeted customers – and the public at large – receive clear and fair information.Product supervisionis carefully conducted over theentire product lifecycle. Customer protection The Group’s reputation and the trust of its customers grow stronger when the products and services it sells comply with regulations and the information it supplies is reliable. To maintain this trust, the Compliance divisionmakes customer protection a top priority. To that end, Group employees regularly receive training on customer protection issues to maintain the required level of customer service

Compliance also coordinates the approval of national sales challenges, ensures that conflicts of interest are managed properly and guarantees that customer interests always come first. Complianceis careful to ensure that sales procedures,processes and policies guarantee that the rules of compliance and ethics are observedat all times for all customersegments,and in particularthat the advicegiven to customers is appropriate to their needs.

11

quality. These training sessions are aimed first and foremost at promoting awareness of complianceand customer protection among new hires and/or sales team employees. Additionally, ethics and compliance training, entitled “Fundamentals of professional ethics”, has been set upfor all Group employees.

199

Risk Report Pillar III 2018