BPCE - 2018 Risk report / Pillar III

GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Structure of Groupe BPCE’s internal control system

2

Internal Control Coordination Committee The Chairman of the central institution’s Management Board is responsible for ensuring the consistency and effectiveness of the internal control system. A Group Internal Control CoordinationCommittee(CCCIG),chaired by the Chairman of the ManagementBoard or his representative,meets periodically. This committee is responsible for dealing with all issues relating to the consistency and effectiveness of the Group internal control system,as well as the results of risk managementand internalcontrol work and follow-up work. The committee’s main responsibilitiesinclude: validating the Group’s Internal Control Charter, Risk, Compliance ● and Permanent Control Charter and Audit Charter; reviewing dashboards and reports on group control results, and ● presenting permanent control coordination initiatives and results; validating action plans to be implemented in order to achieve a ● consistent and efficient Group permanent control system, and assessing progress made on corrective measures adopted subsequent to recommendations issued by the Group Inspection Générale division, the national or European supervisoryauthorities, and the permanentcontrol functions; Its scope covers the entire Group (centralinstitution,networksand all subsidiaries). It sets the broad risk policy, decides on the global ceilings and limits for Groupe BPCE and for each institution,validates the authorization limits of other committees, examines the principal risk areas for Groupe BPCE and for each institution, reviews consolidated risk reports and approves risk action plans for the measurement, supervision and management of risks, as well as Groupe BPCE’s principalrisk standardsand procedures.It monitorslimits (Ministerial Order of November 3, 2014 on internal control, Article 226), particularly when overall limits are likely to be reached (Ministerial Order of November3, 2014 oninternal control,Article 229). The committeealso examines matters relating to non-financialrisks, specificallyincludingrisks associatedwith the complianceof banking and insurance activities, investment services and financial security.

reviewing the Group’s internal control system, identifying any ● shortcomings, and suggesting appropriate solutions to further secure the institutionsand the Group; reviewingthe allocation of resources with respect to risks incurred; ● presenting the resultsof institution controls or benchmarks; ● deciding on any cross-business initiatives or measures aimed at ● strengthening the Group’s internal control system; ensuring consistency between measures taken to strengthen ● permanentcontrol and risk areas identifiedduring the consolidated macro-level risk mapping exercise. This committee’s members include the member of the Executive Management Committee in charge of Risk, Compliance and Permanent Control and the Group Head of Internal Audit, who is a memberof the Group’s ExecutiveCommittee.The ManagementBoard member in charge of Retail Banking and Insurance is a standing member. If applicable, the Internal Control Coordination Committee may hear reports from operational managers about measures they have taken to apply recommendationsmade by internal and external control bodies. Overall risk limits are reviewed at least once a year and presented to the Group Risk Managementand ComplianceCommittee(Ministerial Order of November 3, 2014 on internal control, Article 224). The Umbrella Committee provides the Risk Management Committee of the Supervisory Board with proposed criteria and thresholds for the identification of incidents to be brought to the attention of the supervisorybody (MinisterialOrder of November 3, 2014 on internal control,Articles 98 and 244). The Group Risk ManagementCommittee is notified twice a year of the conditionsunder which the established limits were observed (Ministerial Order of November 3, 2014 on internal control,Article 252). At the same time, several committees are responsible either for defining groupwidemethodologystandardsfor measuring,managing, reporting and consolidating all risks throughout the Group, or for making decisions about risk projects with an IT component.

GroupRisk Management and Compliance Committee: Umbrella Committee

25

Risk Report Pillar III 2018