BPCE - 2018 Risk report / Pillar III

GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Permanent and Periodic Control departments

2

Permanent and Periodic Control 2.2 departments

Integrated Permanent and Periodic Control departments have been set up throughoutGroupe BPCE. Two Permanentand Periodic Control divisions are established within the central institution, under its authority:the Group Risk, Complianceand PermanentControldivision for permanentcontrolsand the Group InspectionGénérale divisionfor periodic controls. The permanent and periodic control functions, which are located at affiliates and subsidiaries subject to banking supervision, are functionally subordinate, as consolidated control departments, to BPCE’s corresponding Central Control divisions and report totheir entity’sexecutivebody. This subordination linkincludes approval of the appointment and dismissal of managers responsible for permanentor periodic control at affiliates and direct subsidiaries; reporting,disclosureand alert obligations;standardsimplementedby the central institution and laid out in a body of standards; and the definitionor approvalof control plans. These links have been formally defined incharterscovering each department.

The entire system was approved by the Management Board on December 7, 2009 and presented to the Audit Committee on December 16, 2009. It was also presentedto the SupervisoryBoard of BPCE. The Risk Charter was reviewed in 2017 and the body of standards consistsof threeGroup charters covering all activities: the Group’s Internal Control Charter: an umbrella charter based on ● the followingtwo separate charters: the Internal Audit Charter, - and the Risk, Compliance and Permanent Control Charter. - As mentionedabove, the systemalso includesthe InformationSystem Security department and, to a certain extent, the Human Resources and LegalAffairs departments.

23

Risk Report Pillar III 2018