BPCE - 2018 Risk report / Pillar III

NON-COMPLIANCE, SECURITY AND OPERATIONAL RISKS Compliance and Risks – Insurance & Non-Banking Operations

Assetmanagement risks and compliance In line with the system implementedfor the Insurance business, this system is based on subsidiaritywith the risk and Compliancedivisions of the banking parent companies and business lines; in particular Natixis InvestmentManagers (NIM), which consolidatesmost of the Group’s assets under management. The DRCCP pursues the following main objectives via the Asset Management risk and compliance system: identifyingmajor risks liable to impact the solvency performance 1. of Groupe BPCE as a financial conglomerate in terms of the coverage of its bankingor conglomerate capital adequacy ratios; being involved in the function’s contributions during Group 2. assessments (ICAAP, PRP, stress tests, etc.) in order to identify business model risks on the contribution to results and capital, and to quantifyand prioritizethese risks; organizingthe coordinationof the systemby specifyinga risk and 3. compliance reviewand settingup a formal quarterlymeeting; INSURANCE RISKS In 2018, the main projects undertaken were aimed at expanding stress tests and forecasting under Solvency II, Basel III, and the Financial Conglomerates Directive, and at strengtheninggovernance: coordination of the Group’s approach to Insurance stress tests, ● particularly the 2018 ORSAs (own risk and solvency assessments); establishment of detailed financial assumptions shared by the ● companies (ORSAs), as well as an analysis of results and recommendations; oversight of major risks and contagion mechanisms; ● analysis of regulatoryinteractions(Basel III, Solvency II (1) , Financial ● Conglomerates Directive). After adding the Group’s Insurance companies to the bank ISTs (internal stress tests), as set out under the 2018 ICAAP (internal capital adequacy assessment process), the model was expanded to include: commissionspaid by Insurancecompaniesto the retail networks,as ● well as fees paid to the Group’s asset managers; stressed Insurance inputs (based on ORSAs) in addition to the ● economic and financial inputs used by the Group; the simulation of SCR and MCR SII sector ratios based on ICAAP ● scenarios, to documentany capital requirementsunder stress; the integrationof CNP Assurances in the Group’s ICAAP approach, ● following the establishment of the additional supervisory committee(CSC CNP). The DRCCP was tasked with building an Insurance economic capital model to reassess the bank capital used by Insuranceon an economic basis. This was done in coordinationwith the BPCE/Natixis Finance divisions and the risk management divisions of the Insurance companies. Activities in 2018

keeping executive management informed by presenting a 4. summary of the Asset Management risk and compliance review to the Group Risk Management and ComplianceCommittee. In the asset managementbusiness, the DRCCP is formally in charge of: coordinating the risk and compliance system (cross-business or focused workshops); organizing cross-business projects within the banking scope of operations; keeping executive management informed via a summaryreport to the members of the CRCG. The system consists of contributions from the asset management companies and their work on risk, compliance and permanent controls. It is based in large part on Natixis Investment Managers, which accounts for the large majority of the Asset Management business. Groupwide supervision draws heavily on locally existing work and methodologies. The DRCCP works with Natixis or NIM to anticipate the impacts of regulatory consultationsand changes. INSURANCE COMPLIANCE In terms of Insurance compliance,a regulatory project was launched in 2017 and will be completedin 2018 with the InvestmentServices Compliancefunction.The project pertains to IDD, PRIIPs and MiFID 2. BPCE’s Compliance department is responsible for monitoring the operationalapplicationof these regulationsand directivesthroughout the Group. In addition to the MiFID 2, IDD and PRIIPs projects, manufacturer/distributorworking groups were held throughout the year to address the fivePillars of theInsuranceDistribution Directive: Pillar I “ Product governance and distribution rules ”: this ● Pillar ensures consistency between the level of risk, the target market and the distribution strategy of aproduct; Pillar II “ Customer information and prevention of conflicts of ● interest ”: the aim of this Pillar is to improve customer information on Insuranceand investmentproducts; Pillar III “ Advice and long-term customer service ”: this ● Pillar addresses the duty to advise and the updating of advice over the customer’slife and over the termof the business relationship; Pillar IV “ Price transparency ”: the aim of this Pillar is full ● transparency for the customer regarding the prices charged by Insurance distributors and rebates on Insurance products (life and non-life); Pillar V “ Continuoustraining ”: the purposeof this Pillar is to ensure ● the continuous training of sales teams, taking into account both regulatory developments and best practices. A training plan was defined in conjunctionwith the manufacturers,so as to meet the regulatory deadline of February 23, 2019. BPCE is taking part in financialcenter initiativesin progresson “costs and expenses” and onproductgovernance.

11

The DRCCP exercises caution in terms of changes to Solvency II. The standard version is still being revised as of end-2018 and the LTG package will be reviewed in 2020. (1)

213

Risk Report Pillar III 2018