BPCE - 2018 Risk report / Pillar III

RISK GOVERNANCE AND MANAGEMENT SYSTEM Governance of risk management

The Supervisiondivision is tasked with coordinatingall dealings with supervisory bodies, working closely alongside the Group’s Inspection Générale division. This primarily concerns the relationship with the European Central Bank and the Joint Supervisory Team in charge of the continuous supervisionof GroupeBPCE, as well as the ACPR and the other French supervisory(AMF) or regulatoryauthorities(Banquede France, French Treasury department), and foreign authorities ( e.g. US Federal Reserve). The team attends all supervisory meetings within the Risk and Compliance scope. It also follows up on the primary on-site audits conducted by the supervisory bodies and the resulting recommendations. Finally, it coordinates all ad hoc or one-time requests received from the ECB or ACPR by the central institution. For coordination purposes, the DRCCP relies on a half-yearly report drawn up by the institutions, aimed at ensuring that the various components of the local systems are properly implemented and operate under satisfactory conditions, particularly with respect to banking regulations and Group charters. The findings of this report improve operational efficiency and optimize best practices throughoutGroupeBPCE. Activities specifically focused on the Lagarde report are being monitoredin conjunctionwith the Group’sinstitutions.There is also a system in place to monitor anomaliesobserved at Group institutions, aimed at ensuring that business is conducted properly. ACTIVITIES IN 2018 In 2018, the DRCCP carried out several initiatives that strengthened the Risk and Complianceoversightand coordinationsystem,including in particular: annually reviewing the Group risk appetite system and its ● interactionwith the single risk mapping system, and implementing Article 98 of the MinisterialOrder of November 3, 2014 on internal Risk management and compliance culture Strict risk management is one of the core principles observed by BPCE, which has always placed a risk management and control culture at the top of its priorities. To contribute to the expansion of the Group’s activities, in accordancewith its risk appetite, BPCE has decided to allocate additional resources to promoting and strengthening the risk and compliance culture at all levels. To this end, the Governanceand Coordinationdepartment’sRisk and Compliance Culture division is tasked with: developing risk and compliance training and awareness programs, ● at all Group levels; overseeing macro-level risk mapping for the institutions and ● BPCE SA group; assisting the institutions with changes pertaining to risk and ● compliance in their operations (sharing best practices, new procedures, structures,etc.); including the risk and compliance culture in human resources ● managementprocesses, such as employee career managementand mobility;

control. The risk appetite system is reviewedon a quarterlybasis to ensure it remains consistent with the Group system; enhancing and expanding the function’s regulatory briefings and ● half-yearly reports submitted by the DRCCP to the directors and Heads of Risk Managementfor the Banque Populairebanks, Caisses d’Epargne and subsidiaries; performing an enhanced analysis of the half-yearly summaries ● preparedby all ExecutiveCommitteescoveringthe risks incurredby the Banque Populaire banks and Caisses d’Epargne,for the purpose of sharing best practices and detecting potential areas of risk, for discussion when visiting the institutions; ensuringclose coordinationand oversightduring the preparationof ● regulatory reports (Lagarde report, Ministerial Order of November 3, 2014 on internal control, Management Board’s quarterlyreport tothe Supervisory Board,etc.); preparing a summary of all reports issued by the Group Inspection ● Générale divisionor by the supervisoryand control authorities,used to identify trends and shared with the entire function during Risk Management and Compliance days; contributingto Group institution risk assessments; ● making the rounds of all Group institutionsover the course of the ● year; acclimating new Heads of Risk Management and Compliance by ● putting them throughspecialtraining courses; organizing regional platforms to exchange best practices and ● address collective efficiency issues concerning the Risk and Compliance functions; overseeinggovernance of the Risk and Compliance functions; ● defining benchmark standards applicable to all Risk, Compliance ● and Permanent Control division employees; establishingan assessmentof the Risk Managementfunctions and ● compliance certification separately on a semi-annual basis. coordinatingthe preparationof the risk and compliancesections of ● the Groupe BPCE registration document and Pillar III report – for the DRCCP; coordinating the operations of the Group Credit function; ● establishing the Groupe BPCE code of conduct and ethics; ● offering the benefit of its risk managementexpertise to the Sales ● functions, particularly during meetings of the New Products Committee, and implementing/updating the sales processes of Group institutions. MACRO-LEVEL RISK MAPPING – GROUP INSTITUTIONS Established in 2017, macro-level mapping of the risks incurred by Group institutionscomplieswith regulations,and specificallywith the Ministerial Order of November 3, 2014 on internal control which stipulates, in Articles 100, 101 and 102, the requirement of a “risk mapping system that identifies and assess risks incurred due to internal and external factors”.

4

67

Risk Report Pillar III 2018