BPCE - 2018 Risk report / Pillar III

CREDIT RISK Credit risk management

Credit risk monitoring and supervision system

Within its remit and across its entire scope, the Risk, Complianceand Permanent Control division: presents the ManagementBoard and SupervisoryBoard with a risk ● appetite framework for the Group and ensures its implementation and roll-out at eachmajor entity; helps draw up risk policieson a consolidatedbasis, examinesoverall ● risk limits, takes part in discussions on capital allocation and ensuresthat portfoliosare managedin accordancewith these limits and allocations; helps the Groupe BPCE ManagementBoard identify emerging risks, ● concentration of risk and other adverse developments and devise strategy and adjust risk appetite; performs any specific analyses and stress tests with the goal of identifying areas of risk and the Group’s resilience under various predetermined shock scenarios; defines and implementsrisk taking and managementstandardsand ● methods for consolidated risk measurement, risk mapping, risk-taking approval, risk control and reporting, and compliance with laws and regulations; assessesand controls the levelof risk acrossthe Group; ● conducts permanent supervision,including detecting and resolving ● limit breaches and centralized forward-lookingrisk reporting on a consolidatedbasis; conductscontrols – or ensures through the principle of subsidiarity ● that controls are conducted – to verify that the operations and internal procedures of Group companies comply with legal, professional,or internal standards that apply to banking, financial and Insuranceactivities; performs Level 2 controls of certain processes used to prepare ● financial information and implements a Group Level 2 permanent risk control system; manages risk information systems in accordance with an annual ● IT plan, working closely with the IT departments,while definingthe standardsto be appliedfor the measurement,control,reportingand managementof credit risks. The different levels of control at Groupe BPCE operate under the supervision of the DRCCP, which is also responsible for consolidated summary reporting to the various decision-making bodies and committees, in particular the Group Watchlist and Provisions Committee. The aim of risk supervision is to: improve the identificationof various degrees of situations that are ● stressed or becoming stressed, which may worsen and veer into default. A set of indicators used to identify incidents on customer accounts (past due payments, irregular payments, etc.) or external events (rejected notes, external ratings, customer life events) contributesto this supervisorysystem. This systemwas enhancedin 2018, with the inclusionof new supervisory triggers; enhance the quality of customer data through a data quality ● supervision and improvement system, in addition to seeking out high-quality exposures;

use observedresults to adjust the frameworkof permanentcontrols ● performed by each institution, based on its own macro-level risk mapping. The business line heads in charge of the content of the Level 2 permanent control framework and the heads of periodic control can then work together to cross-check the risk areas identified from the results of their own investigations, and complete: the self-assessmentsof GroupeBPCE institutions, - decisions on how to change the control systems within their - remit. The Credit Risk business line, which is in charge of the content of the Level 2 permanent control framework, receives summaries of the audit reports from the periodic control teams, and can also determinewhetherthe Level 2 periodiccontrol frameworkneeds to be adjusted forthe institutions. Risk prevention and monitoring at Groupe BPCE focuses on the quality of information, which is a heightened concern under the requirementsof RegulationBCBS 239 and is necessaryfor proper risk assessment,as well as the amount of risk taken and changes in these risks. The applicationof the “gross leverage ratio” to non-investmentgrade corporate counterparties (revenue >  € 50 million) strengthens oversight of potential overindebtedness. The supervision teams are responsible for ensuring that the sector watch is updated by focusing on “high-risk”business sectors and for analyzing portfolios to help identify the main concentrationsof risk. This systemis enhancedwith a set of industry-based limits. High-risk loans and counterparties (on the watchlist) and the provisioning policy for the main risks shared by several entities (includingNatixis)are regularlyexaminedby the GroupWatchlistand ProvisionsCommittee. Groupe BPCE performs threemain types of stress test oncredit risk: the EBA stress test, performed every 2 years, aimed at testing the ● resilience of credit institutionsto simulatedshocks, and comparing their results. The outcome of the EBA stress test may result in stronger capital requirements or other mandatory measures imposed by the supervisor,which has not been the case for Groupe BPCE to date; Groupe BPCE’s internal stress test. This test is performed once a ● year and its results are applied to ICAAP and the Recovery Plan. It covers several more scenariosthan the EBA stress test, and includes changes in projections on the entire balance sheet. The baseline scenario is also used to challenge Groupe BPCE’s medium-term plan. For the purposes of the Recovery Plan, an additional test is conducted onthe real estate portfolio; specific stress tests. These tests may be performedat the request of ● an external authority (supervisor)or an internal body. For example, in 2016, the ACPR requested a stress test on the commercial real estate portfolio, focusing specifically on office space. The results, particularly those of the latest EBA stress tests, have always demonstrated Groupe BPCE’s resilience to the shocks simulated in the test scenarios. They are consistently used with the aim of learning as much as possible from the stress tests.

5

79

Risk Report Pillar III 2018