BPCE - 2018 Risk report / Pillar III

4 RISK GOVERNANCE AND MANAGEMENT SYSTEM Governance of risk management

The aim of this system is to secure the operations of its institutions and support their long-term financial profitability and growth. By identifying and rating its risks, each Group institution establishes its own risk profile and priority risks. This risk-drivenapproach,based on the rating of the risk management system, lays the groundwork for the implementationand follow-up of targeted action plans. Macro-level risk mapping plays a central role in an institution’s overall risk management system: it is closely linked to the risk appetite system by establishing the ● institution’s risk profile and determining its priority risks;

it contributes to the Group’s SREP (Supervisory Review and ● Evaluation Process) by identifying its main risks from a risk managementand supervisory standpoint; it assesses the risk managementsystem, in particularby examining ● the results producedby the internal control system (permanentand periodic controls). Identifying potential areas of risk helps strengthenthe internal control system and allocate permanentand periodiccontrol resources where they are needed; it serves as a source of information for various documents, ● including the internal control annual report, ICAAP report, documentation for JST meetings, etc.

GOVERNANCE OVERSIGHT

POST-RISK MANAGEMENT SYSTEM RISK + FORWARD- LOOKING VIEW Accepted risk

EXPOSURES

RISK MANAGEMENT SYSTEM

Incurred risk, Chosen risk

Quality, Controls, Resources

RISK IDENTIFICATION AND ASSESSMENT

Credit Risks

Financial Risks

Non- Financial Risks

Other Risks

IDENTIFICATION • ANALYSIS • ASSESSMENT • TREATMENT

68

Risk Report Pillar III 2018