BPCE - 2018 Risk report / Pillar III

11 NON-COMPLIANCE, SECURITY AND OPERATIONAL RISKS Compliance and Risks – Insurance & Non-Banking Operations

Compliance and Risks – Insurance & 11.6 Non-Banking Operations

Insurance compliance and risks Groupe BPCE’s three Level 2 control teams were merged in the Risk, Complianceand PermanentControldivision(DRCCP)in the interestof combining Insurance, risk and compliance expertise. INSURANCE RISKS The DRCCP, in coordinationwith Natixis’ Insurance division, ensures the effective implementation and operation of Insurance risk oversight processes (including underwriting risk) at the main Insurance companies in which the Group is the major shareholder: Natixis Assurances (including its subsidiary BPCE Assurances), Compagnie Européenne de Garanties et de Cautions (CEGC), Prépar-Vieand Coface.Insurancerisk oversightcommitteeshave been formally set up for each companyand meet on a quarterlybasis. CNP Assurances, in which the Group is a minority shareholder, is also subject to DRCCP supervisiondue to its materiality, via a mechanism specific to financial conglomerates (CNP additional supervisory committee). The principle of subsidiarity applies within this framework, with controls carried out first by the Insurance companies, then at the level of the Risk divisions of the banking parent companies (Natixis

and BRED Banque Populaire) and then by Groupe BPCE’s DRCCP, which reports to the Group Risk and ComplianceCommitteeevery six months.

INSURANCE COMPLIANCE The aim of Insurance complianceis to ensure that sales of Insurance products comply with all applicable laws, regulations and ACPR recommended best practices, reflected in standards set for distributing institutions. Insurance Compliance also drafts “imperatives”, pre-specifying expectations on new products for manufacturers and relevant staff at BPCE SA group. Banking institutionsauthorizedto operate as Insurancebrokers are subject to brokerage law and required to comply in full. Accordingly,standards are disseminated and operationally implemented, an approval processes is carried out for new products distributed by the Group, sales processes and professional ethics are monitored, training modules are reviewed and updated and, lastly, content, advertisements and documents intended for the networks and training activitiesare validated.

Additional supervision ofinancial conglomerates Groupe BPCE has been identified by the ACPR/ECB as a financial conglomerate,based on the absolute and relative size of its banking and Insurance businesses.Since the launch of the Single Supervisory Mechanism (SSM), the ECB has coordinated the supervision of financial conglomerates predominantly focused onbanking.

monitoringof risk concentration; ● risk managementand the internal control system. ● In termsof risk monitoring:

the financial conglomerateapproach seeks to consolidate banking ● and Insurance sector-based metrics, particularly capital requirements; additionalsupervisionis primarilybased on the bankingsystemas a ● whole and theGroup InsuranceRisk function. In order to provide forward-lookinginsight into the Group’s capital adequacy from a financial conglomerate standpoint, the Capital Managementfunctiondefinesmulti-yearforecastsfor surpluscapital. The conglomerate’s surplus capital is tracked using the Level 1 indicators derivedfrom the Group RAF (risk appetite framework). All three aspects of the system (Insurance, banking and financial conglomerates) are presented to and discussed with the ECB/ACPR joint supervisoryteam (JST). Governanceis reviewed, as are the main management reports or analyses that have been provided to BPCE Executive Management over the course of the year.

A mission statementon additional supervision,highlightingthe work already undertaken by the DRCCP over the last several years, was validated by theManagementBoard in December 2017. A committee in charge of additional supervision of financial conglomerateswas formally established and will meet three to four times a year, reportingon conglomerate-relatedmattersto the Group Risk Management and Compliance Committee. Furthermore,as BPCE is a minorityshareholderof CNP, in the interest of rounding out the “Insurance risk” system, the decision was made with the CNP Risk division to establish an additional supervisory committee,meetingquarterly,focused on the obligationsof CNP as a financial conglomerate (“CSC CNP”). Conglomerate regulations require insight into the entire scope of consolidation (banking, Insurance, asset management and non-financialsector).The mainfocuses of additionalsupervision are: “financial conglomerate” capital adequacy; ● intragroup transactions between different entities of the ● conglomerate;

212

Risk Report Pillar III 2018