BPCE - 2018 Risk report / Pillar III

NON-COMPLIANCE, SECURITY AND OPERATIONAL RISKS Financial security

Activities in 2018 While updating their joint guidelines in 2018, the ACPR and Tracfin highlighted the importance of the anti-terrorist financing plan deployed for the last several years by the Ministry of Finance. Accordingly, the institutions of Groupe BPCE strengthened their anti-terroristfinancing system in 2018, based on a set of standards and automated scenarios tailored to the specific circumstances of terrorist financing (weak signals, relatively low amounts, importance of cross-checkingseveral indices), and meeting enhanced agility and fast-response requirements. GROUP ANTI-CORRUPTION COMMITMENTS Corruption, which is defined as an act in which a person offers or grants an undue reward to another person in exchange for an act falling within that person’s remit, is a fraudulent and unethical behavior subject tosevere criminaland administrative sanctions. Groupe BPCE denounces corruption in all forms and in all circumstances.It is a signatoryof the UnitedNationsGlobal Compact, whose tenth principle states that “Businesses should work against corruption inall its forms,includingextortion and bribery.” ANTI-CORRUPTION MEASURES The Group strives to prevent corruption in order to guarantee the financial security of its activities, including inparticular: by taking measures against money laundering& terrorist financing ● and fraud, supervising“politicallyexposed persons”, and complying with embargoes; ensuring that employees observe professional rules of compliance ● and ethics by applying policies governing conflicts of interest, exchanges of gifts, benefits and invitations, confidentiality and professional secrecy. Disciplinary sanctions have been defined for any failure to respect professional rules governing the activities conducted by Group companies;

exercising due diligence when making contributions to political ● campaigns or to government agents, donations, patronage and sponsorship, and lobbying; supervising relations with intermediariesand business introducers ● via groupwide standardized contracts describing the reciprocal services and obligations and contractually establishing compensation terms; mappingout exposureto corruption risks throughGroup activities; ● providing regulatory training on the rules of ethics in the industry ● and againstcorruption (an e-learning course). A whistleblowing system is available to employeesand included inthe internal rules. Employeeshave a procedurein place for implementing the whistleblowingsystem. The Group has also defined standards and proceduresgoverning KYC and due diligence procedures used for customer classification and supervisionpurposes.In the interestof organizingthe internalcontrol system, whistleblowing/detectiontools and permanent control plans serve to bolsterthe security of this system. BPCE also has accountingpoliciesand proceduresin place in line with professional standards. The purpose of the Group’s internal control systemfor accountinginformationis to check the conditionsin which such informationis assessed, recorded, stored and made available, in particular by verifying the existence of the audit trail, within the meaning of the Ministerial Order of November 3, 2014 on internal control. This control system is part of the fraud, corruption and influence-peddling prevention and detection plan. From a more general standpoint, these systems are formalized and detailed in the umbrella charter governingthe organizationof Group internal control and the Risk, Compliance and Permanent Control Charter. Parent company affiliates and all BPCE subsidiaries have adopted these charters.

11

203

Risk Report Pillar III 2018