BPCE - 2018 Risk report / Pillar III

5 CREDIT RISK

Risk measurement and internal ratings

Rating system Internal rating systemmodels are developedbased on historical data for observed defaults and losses. They are used to measure the credit risks to which Groupe BPCE is exposed, expressed as a one-year probabilityof default(PD), as a Loss Given Default(LGD) and as Credit Conversion Factors (CCF), depending on the characteristics of the transactions. The models are generally built and validated based on internal historical data from as far back as possible, in accordance with prudent valuation and representativenessconstraints (affected portfolios and economic conditions). Internal rating systemgovernance The internal governance of rating systems is centered on the development, validation, monitoring and modification of these systems. The DRCCP is completely independent from the rest of the Group (Banque Populaire and Caisse d’Epargne networks, Natixis, Crédit Foncier and the other subsidiaries)in conductingperformance and adequacy reviews of models for credit risks, counterparty risks, and structuralALM and market risks. This role assigned to the DRCCP is based on governancedefinedin a model validationcharter,a Model GovernanceCommitteeand on a map of models used throughoutthe Group. The model validation charter models encompasses all types of quantitative models, and defines and specifies the duties and responsibilitiesof those involved throughout the model life cycle. It also specifies the conditions for delegating validation, within a specific scope, to another entity besides the DRCCP validation team: the entity in question must have the necessary expertise, be independentof the team developingthe model, and have appropriate validation governance. Under these rules, the validation of certain specific PD and LGD models, IMM models for counterpartyrisk, IMA and standard models for market risk and prudent valuation models has been delegated to the independent validation team at Natixis. Model development process The DRCCP relies on a formalized process describing the main steps taken in developingany new model. This document,which serves as a guide for the entire documentationand validation process, is based on: a literary and general descriptionof the model, indicatingits scope ● of application(counterpartytype, product type, business line, etc.), the main assumptions on which it is based, and any aspects not covered; a descriptive diagram summarizing how the ultimately chosen ● model works, indicating the various inputs, processes and outputs; a detailed description of themodelingsteps and approach: ●

These internal rating systems are also applied to risk supervision, authorizationsystems,internallimits on counterparties, etc., and may also serve as a basis for other processes, such as statistical provisioning. The resulting risk metrics are then used to calculate capital requirements, once they have been validated by the supervisory authority incompliance with regulatory requirements.

The internal validation process for new models or for changes to existing models is broken down into three steps: a review of the model and its adequacy, conducted independently ● of the entities havingworkedon the model; a review by the Group Models Committee, comprised of ● quantitative experts (modeling specialists and validators) and business line expertswho issuea technical opinion onthe model; validationby the DRCCP Standardsand Methods Committee,based ● on the technical opinion issued by the Group Models Committee, which decides to implement the necessary changes, particularly in terms of processes and operational adaptation. These changes are submitted,where applicable,to the European supervisoryauthority for prior approval, in accordance with Commission Delegated RegulationNo. 529/2014on changes of the Internal Ratings Based Approach used indetermining capitalrequirements. After the completion of this governance process, internal control reports and statements of decisions are made available to Group management(and supervisoryauthoritiesfor internal models used to determine capital requirements). Each year, a summary of the performances and adequacy of internal models is presented to the Risk Management Committee of the Group Supervisory Board. setting up the workingenvironment, - building amodelingsample, - creating samples, out-of-sample tests and out-of-time tests, - where applicable, comparing proposed models, where applicable, - justifying the choice of model (expert opinions, level of - discrimination, stability, consistency, robustness, etc.); a literary description of the model’s main risk factors. ● Internally developed models are required to meet strict risk discrimination and qualification criteria.

84

Risk Report Pillar III 2018