BPCE - 2018 Risk report / Pillar III

4 RISK GOVERNANCE AND MANAGEMENT SYSTEM Groupe BPCE’s risk management system

The following typesof scenariosare tested: a baselinescenario serving as the budget scenario; ●

two reverse scenarios, i.e. based on areas of vulnerability,used to ● explore highly adverse conditions for the Group or some of the regionsit serves,one for ICAAP and the other for the recovery plan; specific scenarios for the Preventive Recovery Plan (PRP) and the ● recovery and resolutionoptions.

two stress scenarios which are both severe and plausible, used to ● provide relevant information on the Group’s resilience in crisis situations with ahigh probabilityof occurrence;

Cross-businessrisk analysis

ORGANIZATION In addition to the risk supervisionconductedboth individuallyand by type of risk, Groupe BPCE’s Risk, Complianceand Permanent Control division (DRCCP) also consolidatesthe Group’s risks. It calculatesand consolidates credit risk-weighted assets at Group level, produces regulatory reports (particularly COREP statements on loans, large exposures, etc.) and internal dashboards. In particular, it produces a quarterly consolidated risk dashboard, which is used to monitor the risk appetite defined by the Group as well as for comprehensive monitoringof risks based on an analysis of the Group’s risk profile in each area (mapping of risk-weighted assets, credit risks and counterpartyrisks – by customer segment –, market risks, structural ALM risks,operationalrisk and risks related to insurance activities). The DRCCP also conducts or coordinatescross-businessrisk analyses on the Group’s main portfolios or activities and, if needed, for the entities. It has also developed half-yearly forward-looking risk analyses aimed at identifying economic risk factors (known and emerging;international,nationaland regional),circumstantialthreats (regulations, etc.) and their potential impact on the Group. These prospective analyses are presented at Group Supervisory Board Risk Management Committee meetings. It also develops internal credit risk measurestargetingcounterparties and transactions, used to make lending decisions, as well as portfolio-based risk measures (statistical collective provisions, etc.) and, when authorized by the supervisorybody, for the calculationof credit risk-weighted assets. It reviews and validates risk models developed internally. Finally, it contributes to efforts to define internalcapital requirementsas well as internaland externalsolvency stress tests aimed at measuring the Group’s sensitivity to a series of risk factors and its resilience in the face of a severe shock, by determining impacts in terms of cost of risk.

ACTIVITIES IN 2018 As part of its consolidated risk monitoring system, the Risk, Compliance and Permanent Control division has produced several cross-business analyses for Group governance bodies (Umbrella Committee, Risk Management Committee of the Supervisory Board, Supervisory Board): enhancement of consolidated risk management by carrying out ● Groupe BPCE’s annual risk appetite review and developing an appropriate system of indicators and limits tracked operationally via the Group consolidatedrisk dashboard; the Group risk dashboard (produced quarterly), used to supervise ● cross-business risks, which is continuously improved in terms of coverage and granularity. In addition, the Executive Management Committee is provided withmonthly analyses; two forward-lookingrisk analyses (producedsemi-annually),aimed ● at identifying the main risk factors and quantifying their impacts for GroupeBPCE based onits exposures; several in-depthcross-businessanalysesof loan book risks (loans to ● Large Corporates & ISEs, professional retail loans and retail home loans) were conducted in2018. For the purposes of risk supervision and operational managementof ratingmodels,a new model reservedfor Small Enterprises(revenueof € 3 million to € 10 million) and another for Professional customers (launched in July 2018) were examined during the TRIM (target review of internal models). The Group was also very busy in 2018 with the applicationof IFRS 9, and specifically Phase 2 “Impairments”, EBA stress tests and the ongoing implementationof Basel III/BaselIV regulatory requirements.

Coordination of Permanent Controls

ORGANIZATION The DRCCP:

manages a Group-level permanent control tool (Pilcop) in close ● collaboration with the Group’s institutions; oversees the Level 1 control standards with the business lines; uses Pilcop to implement, centralize and capitalize on the ● permanent controls carried out by the Risk, Compliance and Permanent Control divisions. The various permanent control standards are overseen and constantly updated and expanded in Pilcop.

is responsible for Level 2 controls of certain processes used to ● prepare financial information and implements a Group Level 2 permanentrisk control systemcoveringmatters of governance,risk, organization, the work of the Risk Management and Compliance functions, and the implementation of standards, norms and charters. The main role of the DRCCP’s Permanent Control Coordinationdepartmentis to coordinatethe Group’s Level 1 and 2 permanent control system;

72

Risk Report Pillar III 2018