BPCE - 2018 Risk report / Pillar III

2 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Structure of Groupe BPCE’s internal control system

Committees specific to each department CREDIT RISK/COMMITMENT COMMITTEES Several kinds of committeeshave been establishedto manage credit risk for the full Group scope, meeting at varying frequencies depending on their roles ( ex-post or decision-makinganalysis) and their scope of authority. FINANCIAL RISK COMMITTEES The Group has also established Decision-Making and Supervisory Committeesfor both marketand structuralALM risk. The frequencyof their meetings istailored to institutional and Group needs.

NON-FINANCIAL RISK COMMITTEE This committeemeets quarterlyand includesthe variousGroupeBPCE business lines affected by non-compliance and operational risks, while incorporatingInformationSystem Security, Business Continuity and AccountingReview issues. Its objectiveis to validateaction plans targeting these risks, which are included in the single map covering all risks incurred across Groupe BPCE. It also performs consolidated supervision of losses, incidents and alerts, including reports made to the ACPR under Article 98 of Ministerial Order A-2014-11-03 in respect of non-financial risks.

26

Risk Report Pillar III 2018