BPCE - 2018 Risk report / Pillar III

RISK GOVERNANCE AND MANAGEMENT SYSTEM Governance of risk management

STANDARD RISK GOVERNANCE STRUCTURE AT A GROUP INSTITUTION ➡

Internal Control Coordination Committee

Risk Management Executive Committee

Level of executive managers (1) Credit risks Credit Risk Committee Credit or Committment Committee Provisions and Recovery Committee watch-list Committee

4

Risk and Compliance functions

Financial risks

Non-financial risks

ALM Committee

Operational risks Non-compliance risks

Market Risk Committee

Business non-continuity risks Information system security

Non-financial Risk Committee

Within its remit and across its entire scope, the Risk, Complianceand Permanent Control division: presents the ManagementBoard and SupervisoryBoard with a risk ● appetite framework for the Group and ensures its implementation and roll-out at eachmajor entity; helps draw up risk policieson a consolidatedbasis, examinesoverall ● risk limits, takes part in discussions on capital allocation and ensuresthat portfoliosare managedin accordancewith these limits and allocations; helps the Groupe BPCE Management Board to identify emerging ● risks, concentrationof risk and other various developments,and to devise strategy and adjust risk appetite; performs stress tests with the goal of identifyingareas of risk and the Group’sresilienceunder various predetermined shock scenarios; defines and implements standards and methods for consolidated ● risk measurement, risk-taking approval, risk control and reporting and compliance with laws and regulations; assessesand controls the levelof risk acrossthe Group; ● conducts permanent supervision,including detecting and resolving ● limit breaches, and centralized forward-lookingrisk reporting on a consolidatedbasis;

conducts controls to ensure that the operations and internal ● procedures of Group companies comply with legal, professional,or internal standards that apply to banking, financial and insurance activities; performs Level 2 controls of certain processes used to prepare ● financial information and implements a Group Level 2 permanent risk control system; manages risk information systems, working closely with the IT ● departments, while defining the standards to be applied for the measurement, control, reporting and management of risks; is functionally subordinate to the Risk and Compliance functions, ● contributingto the work of local Risk ManagementCommitteesor receiving the results of their work, coordinating department operations and approving the appointmentor dismissal of all new Heads of Risk Management,Heads of Compliance,or Heads of Risk and Compliance, and meeting with the relevant managers and/or teams at national or local meetings and during checks performedon-site or at BPCE; helps disseminaterisk and complianceawareness and promote the ● sharing of bestpractices throughoutthe Group; carries out the annual macro-levelrisk mapping exercise, factoring ● in the overall risk policy, risk appetite and annual permanent control plan, which ispart of the internal control system.

65

Risk Report Pillar III 2018