BPCE - 2018 Risk report / Pillar III

4 RISK GOVERNANCE AND MANAGEMENT SYSTEM Governance of risk management

Governance of risk management 4.1

The Group Risk Managementand ComplianceCommittee,chaired by the Chairman of the Management Board, met eight times during fiscal year 2018 to review the adequacy of Groupe BPCE’s risk supervision mechanisms, and validated the annual review of the Group’s risk policies and limits. The committee found that credit, financial and operational risks (including compliance) are adequately covered, in line with the Group’s risk appetite framework validated by the BPCE Management Board and Supervisory Board, as presented in the “Risk Appetite” section, and closely related to the Group strategy as describedin this document.From a more global standpoint,this system covers all risks referred to in the Ministerial Order of November 3, 2014 on internal control. The Risk, Compliance and Permanent Control division regularly ensures the effectiveapplicationof risk and compliancestandards via its control system, in particular those concerning prudential

regulations. For example, the Risk Management department is notified of any new regulation with a prudential impact and information is shared with the department in charge of calculating the capital adequacyratio. Similarly,all regulatorymatters pertaining to compliance are incorporated and communicated to the relevant departments of the Groupe BPCE institutions. As for the nature of the risk assessment and reporting systems, the Group capitalizeson regulatoryreports and reports specific to Groupe BPCE. Moreover, the Group uses risk maps which are regularly updated. These cover risk portfolios and the different types of risks, e.g. operational risks or non-compliance risks. All this work is presented at meetings of Group committees. A twofold assessment of a) Risk Management functions and b) Compliance functions is conducted every six months by the Risk Committee of the Groupe BPCE SupervisoryBoard. performed objectively, as each Group entity’s operational functions are independent from its Risk and Compliance functions. It also promotes a risk management and compliance culture and the application of shared risk management standards, and ensures that managers are given independent,objective and detailed information on the Group’srisk exposuresand any possibledeteriorationin its risk profile. Groupe BPCE places a strong focus on efficient organization of risk managementacross all Group entities,which is appliedto all business lines, financing activities, customer segments, markets and regions where it operates. The governance structure is based on a series of Risk and Compliance Committees, coordinated by the DRCCP. The DRCCP will implement a new organizational structure in January 2019 for even efficiency.

Groupe BPCE’sRisk, Complianceand Permanent Control division Groupe BPCE’s Risk, Compliance and Permanent Control division (DRCCP) measures, monitors and manages risks, including non-compliance risks, pursuant to the Ministerial Order of November3, 2014 oninternalcontrol.

It ensures that the risk managementsystem is efficient,completeand consistent, and that risk-taking is consistent with the guidelines for the business (particularlytargets and resources of the Group and its institutions, including the Risk Management and Compliance functions or those contributing to Level 2 permanent control). GroupeBPCE’s Head of Risk Management,Complianceand Permanent Control, Deputy Chief Executive Officer of Groupe BPCE and member of the ExecutiveManagementCommittee,is functionallysubordinate to the Heads of Risk Management and Compliance of Group institutions. This strategic positioning enables risk controls to be

64

Risk Report Pillar III 2018