BPCE - 2018 Risk report / Pillar III

RISK GOVERNANCE AND MANAGEMENT SYSTEM Groupe BPCE’s risk management system

Groupe BPCE’s risk appetite is defined as the level of risk it is willing to accept with the goal of increasing its profitability while maintaining solvency. This risk appetite must be aligned with the institution’s operating environment, strategy and business model, while incorporating customer interests. In determining its risk appetite, Groupe BPCE aims to steer clear of any major pockets of concentration and to optimize capitalallocation. RISK APPETITE FRAMEWORK Groupe BPCE’s general risk appetite frameworkwas validated by the BPCE Supervisory Board, as was its 2018 annual review. It is consistentwith the “TEC 2020” strategicplan, as applied to the entire risk governance structure, including the Risk Management Umbrella Committee. More specifically, this general framework draws in turn on a framework document that gives both a qualitative and quantitative descriptionof risks the Group is willing to take. It also describes the governance and operational principles currently in force at Groupe BPCE. The operationalrisk appetiteframeworkis based on indicatorsbroken down by major risk category. There are six major risk categories: solvency risk, credit risk (credit and counterpartyrisk, concentration risk and securitizationrisk), non-financialrisks, financialrisks (market risks), liquidity risk and interest rate risk. These six categories are subject to indicators at the highest level of Group governance. Groupe BPCE enjoys high liquidity and solvency levels: in terms of solvency, the Group is able to absorb, if need be, the ● occurrence of arisk at entity or Group level; in terms of liquidity, the Group has a significantreserve consisting ● of cash and securities enabling it meet regulatory requirements, pass stress tests and access central bank unconventionalfinancing Stress testing system Groupe BPCE has been developinga stress testing system since 2011, complementing the business stress tests that can already be performedusing each of the risk modulesfor Group strategicanalysis purposes and regulatory purposes. There are twotypes of stress tests: internal stress tests; ● regulatorystress tests (includingin particularthe EBA’s 2018 stress ● test publishedon November2, 2018). Governance of the Group’s stress testing system is based on a comprehensive approach covering all Group entities, taking into considerationtheir specificcharacteristics,and coveringthe following risks: credit risk: change incost of risk and risk-weighted assets; ● securitization portfolios and counterparty risk: change in ● impairment and risk-weighted assets; market risks: market shocks, change in securities portfolios and ● risk-weighted assets; operationalrisk; ●

mechanisms. It also has high-quality assets eligible for market funding mechanisms and those offered by the ECB. The Group ensures the robustness of this system by conducting comprehensivestress tests on a regular basis, designed to verify the Group’s resilience inthe event of amajor crisis. The implementation of the risk appetite framework is centered on four key components: (i) the definition of groupwide standards, (ii) the existence of a set of limits in line with those defined by regulations, (iii) the distribution of expertise and responsibilities betweenthe entities and the central institutionand (iv) the operation of the governanceprocesswithin the Group and the differententities, enabling the efficient and resilient application of the risk appetite framework. The Group’s risk appetite framework is regularly updated, notably during the annual review, and is centered on a series of successive limits associated with separate respective authorization levels, i.e.: a limit which, if breached, calls for BPCE Management Board ● members to decide either to require the breach to be corrected or to allow the transaction to go ahead on an exceptional basis; a resilience limit: breaching this limit exposes the Group to ● potential business continuity and/or stability risk. Any such breach must be reportedto the BPCE SupervisoryBoard and addressedby a specific actionplan validated by the Board; an extreme limit in conjunction with the Group’s resolution and ● recovery plan mechanism,which, if breached, could jeopardize the Group’s very survival. This extreme limit concernscertain indicators adopted inrespect of the Group’s risk appetite. A quarterly dashboard is prepared by the Group’s Risk, Compliance and Permanent Control division, for the purpose of regularly and extensively monitoring all risk indicators and reporting to the supervisory body or/and any committeethereof. The risk appetite framework has been adapted by the entities for consistent group-wide implementation. insurance risk. ● The Group also examines scenarios on NII, all profit and loss items, and income, with the final impact on solvency. Risks associatedwith sovereignexposuresare addressedaccordingto their accounting classification under market risk or credit risk. Models are used for each risk category to determine the impacts of scenarios on the various profit and loss items and capital requirements. The methodologiesused to calculate projections vary for an internal stress test versus a regulatory stress test: the methodology is stipulated by the ECB and the EBA for ● regulatory stress tests; internal methodologies are used for internal stress tests, making ● the results easier to use for oversight,risk managementand budget planning purposes: stress tests are taken into consideration in identifying the areas of vulnerability of the Group and its constituent entities,and also serve to guidemanagementdecisions.

4

71

Risk Report Pillar III 2018