BPCE - 2018 Risk report / Pillar III

5 CREDIT RISK

Credit risk management

Credit risk management 5.1

Credit risk governance

The systems in place to govern credit approval and to manage and classify credit risks are all based on the followinggovernance: each standard, policy, system or method is the focus of workshops, ● organized and led by the DRCCP teams, comprisingrepresentatives of the Risk Management, Credit Exposure and Development divisions of each network and subsidiary. The purpose of these workshops is to define the rules and expectations for each topic addressed, as it relates to the Group’s risk appetite and regulatory constraints, foreach Group institution; the topic addressed by the workshop is then presented to a Group ● committee,consistingof companydirectors of the networksand/or subsidiaries, whoreach adecision onthe proposed solution; for the main risk supervision and/or managementsystems, a final ● decision is made on the solution chosen by these committees by one of the Groupe BPCE umbrella committees, i.e. either the Group Credit and CounterpartyRisk Committeeor the Group Market Risk Committee, for credit and counterparty risk. The Risk Managementfunction is structured in accordancewith the principle of subsidiarity: each Groupe BPCE institution has a Risk Management division ● addressing all categories of risk, including credit and counterparty risk. Each institution manages its risks in accordance with Group standardsand presentsa semi-annualreport to Groupe BPCE’s Risk, Compliance and Permanent Control division; each Head of Risk Managementis functionally subordinate to the ● Head of DRCCP, who reports to the Chairman of the Groupe BPCE ManagementBoard and is a memberof the ExecutiveManagement Committee; the DRCCP has a division in charge of coordinatingLevel 1 and 2 ● permanent controls at the institutions. The Credit Risk function helps ensure that each institution’s permanent control system is complete. The credit approval process is based on Group risk policies, which in turn draw on internal rating systems tailored to each type of customer and transaction. Groupe BPCE’s Risk, Compliance and Permanent Control division is responsible for: overseeingand defining guidelinesfor risk managementpolicies, in ● accordance withthe Group’s risk appetite; defining,deployingand verifyingthe performanceof internal rating ● systems; producing reports containing the relevant information on these ● measures; It also defines the frameworkfor all Level 2 permanentcontrols that it wants each institution to apply in terms of credit risk. The Group Internal Control Committee (3CIG) is regularly notified of control results. At the end of the fiscal year, 3CIG is informed of the action plan on Level 2 permanent controls for the following year, based on the resultsobserved during the fiscal year.

Each institution determines its priority risks via the macro-level risk mapping process, which serves as a guide for its annual permanent control plan. The decision not to incorporate some or all of the Groupwide framework belongs to the institution’s Internal Control Committee. The Level 2 permanent control system thus consists of an auditable base, available to the periodic control teams, on the control topics included and not included by each institution. For credit risk oversight purposes, Groupe BPCE manages the following risks: the creditworthiness of the main portfolios or activities (home ● loans, consumer loans, loans to professionalcustomers,SMEs/ISEs) at Group level, on a consistent and in-depth basis. Depending on the observations made, this oversight may call for the establishment and/or review of risk policies or risk management processes, and for updated risk coverage by specific mechanism ( e.g. policies,limits, sector rules); concentration risks, by setting individual limits on major ● counterparties (corporates, banks, sovereigns), and by sector and country; oversight of the consolidated amounts of loan outstandings by ● counterparty(on- and off-balance-sheet,non-retailcustomersand customers above a minimum level) and changes in these outstandings; average risk-weighted assets by entityand by asset class; ● counterparty risk using a Group-level consolidated approach ● through various regulatory measurements (CVA, EEPE and IRC in particular). The results of these management initiatives are presented to the Group Risk and Compliance Committee, the Group Credit and Counterparty Risk Committee and the Group Credit Risk and Permanent Control Committee. Furthermore,special reviews, particularlysector- and portfolio-based reviews, are carried out at Group level to obtain a consolidatedview of the credit quality of a given sector or asset class and, where applicable, to propose changes to risk policies or the corresponding managementprocedures. At Grouplevel, credit approvaldecisionsare subject to: Group risk management policies taken up, adapted or expanded on ● a more restrictive basis, where applicable, by each Group institution; Group sector policies adapted locally; ● regulatory caps, Group internal caps, internal caps for Banque ● Populairebanks, Caisses d’Epargneand subsidiariesCFF and Banque Palatine; a set of Group internal limits covering the major groups of ● counterparties(a companymade up of a parent and its subsidiaries) on a consolidatedbasis, for the main asset classes excludingretail, complemented if necessary by local limits; individual limits are defined on the basis of methodologiesspecific to each asset class. Predominantlybased on the internal rating (a synthetic indicator), these methodologiesare used to define the maximumrisk limit that Groupe BPCE is willing to take, based on updatedinformationat its disposal at thetime of its decision;

76

Risk Report Pillar III 2018