BPCE - 2018 Risk report / Pillar III

11 NON-COMPLIANCE, SECURITY AND OPERATIONAL RISKS Compliance

The new Markets in Financial Instruments Directive (MiFID 2) and PRIIPS Regulation (Packaged Retail Investment and Insurance-based Products), both of which are subject to careful consideration by Groupe BPCE, are specifically designed to strengthen market transparency and investor protection. They have an impact on the Group in its role as a distributor of financial instruments by enhancing the quality of the customer experience in terms of financial savingsand Insuranceproducts: adjustmentsto customerand KYC data collection(customerprofile, ● characteristicsof customer plans in terms of objectives, risks and investment horizons), but also an updated questionnaire on each customer’s financial investment knowledge and experience to ensure that suitable advisory services are provided; adaptation of offers associated with the financial services and ● products sold; Several regulatory projectswere carried out in2018: implementationof the Payment Accounts Directive, incorporating ● standard terminologyand definitionsin advertising,precontractual and contractualdocumentation,and organizinginitiativesto define the new annual fee statement; overhaul of the Level 2 oversight system covering critical or ● essential services, in connection with the European Banking Authority’s draft guidelines; strengtheningof the regulatoryKYC system, with the launch of an ● initiative aimed at improving the reliability of addresses for customers listed as “not living at the indicated address”, digitization and automation of onboarding due diligence reviews, implementation of anti-tax evasion obligations (second amended French Finance Act for 2017, laying down provisions in terms of AutomaticExchange of Information); review of the offer specificallytargetingcustomersfacing financial ● hardships,in accordancewith the Group’s commitmentsto the OIB (BankingInclusionObservatory)and standardprofessionalpractices in the industry. Special areasof focus included: the non-compliance risk management system, including a ● non-compliance risk mapping campaign in accordance with the new methodology defined in 2017 and a review of the Level 2 permanent control framework targeting compliance; utilizationof customercomplainsin conjunctionwith the Customer ● Quality Managementfunction of the Retail Banking and Insurance division. Within the scope of investment services, BPCE has adapted its sales procedures for financial savings products to incorporate the impacts Activities in 2018

formalization of customer advice (suitability report) and the ● customer’s acceptance of said advice (issuance of customer alerts where necessary); organization of relations between the Group’s manufacturersand ● distributors; inclusion of provisions related to the transparency of fees and ● charges at therequiredlevel of detail; production of value-added reports for customers and recording of ● conversations forcustomer relationsand advisorypurposes; disclosure of transaction reports to regulators and the market, ● best-executionand best-selection requirements; participation in the development of employee training and the ● change managementprogramrelated to these new provisions. of the Markets in Financial Instruments Directive and Regulation (MiFID 2), the Insurance Distribution Directive and PRIIPs. Some processes are transitional, with ongoing IT developments and a remediation plan aimed at securing these processes. Accordingly, product governance and supervision under MiFID 2 has resulted inthe establishment of: a committee in charge of validating model portfolios of financial ● instruments,meeting semi-annuallyto monitor the performanceof risk asset allocations, perform a macroeconomic review and analyses, and prepare anallocation outlook; a product governance and supervision committee, working ● alongside manufacturers: exchanging information between manufacturers and distributors, and overseeing distribution strategy,product changes and investor protection. In response to the enactment of the Market Abuse Directive and Regulation, the Group uses a market abuse alert analysis and reporting tool. This tool covers the Banque Populaire banks, the Caisses d’Epargneand their subsidiaries.BPCE conducteda feasibility study on the implementation of a virtual assistant for employees, designed to facilitate the analysis of alerts reported by the Group tool: thevirtual assistant is inthe process of being implemented. Software tool NORMA (market abuse) was updated and special training was dispensed on the analysis of market abuse alerts. This training was offered to the employeesof the Compliancefunction in charge of market abuse oversight, in the interest of heighteningdue diligence inthis area. Lastly, the SRAB indicator measurement methods recommended by the AMF and ACPR were implemented throughoutthe Group.

200

Risk Report Pillar III 2018