BPCE - 2019 RISK REPORT Pillar III

11

NON-COMPLIANCE AND SECURITY RISKS

The Compliance and Security division, which has reported to the Corporate Secretary’s Office of Groupe BPCE since January 1, 2019, works independently of the operational divisions, and of the other Internal Control divisions with which it cooperates. It comprises: the Banking Compliance, Investment Services Compliance and • Insurance Compliance departments, and the Financial Security departments which notably includes BPCE’s Tracfin officers; the Security departments covering all areas: personal and • property safety, business continuity, information system security, and cyber security and fraud watch, while also coordinating the DPO (Data Protection Officer) function; The Compliance and Security division carries out its duties within the framework of business line operations. It helps guide and motivate the Heads of the Compliance and Security functions of the affiliates and subsidiaries. The Compliance Officers appointed by the various affiliates, including the Caisse d’Epargne and Banque Populaire parent companies and direct subsidiaries covered by the regulatory system of banking and financial supervision, are functionally subordinate to the Compliance and Security division. The division conducts any necessary initiatives to strengthen compliance and security throughout Groupe BPCE. As such, it builds and revises the standards proposed for the governance of Groupe BPCE, shares best practices and coordinates working groups consisting of departmental representatives.

Promoting a culture of non-compliance risk management and taking into account the legitimate interests of customers are achieved through employee training. To that end, the Compliance and Security division: creates the content for the training materials used for the • Compliance function and manages interactions with the Group Human Resources division and the Risk Governance department of the Risk division, which coordinates the annual work schedule for the Risk and Compliance functions; helps train Compliance staff, mainly through specialized annual • seminars (financial security, ethics and compliance, banking compliance, coordination of permanent compliance controls, cybersecurity, etc.); coordinates the training program for heads of compliance and • Compliance Officers; coordinates and checks the Compliance and Security functions • of the Group institutions, notably by holding national compliance and security days, and via a system of permanent controls coordinated at Group level; draws on the expertise of the Compliance functions of Group • institutions via theme-based working groups. Moreover, BPCE’s corporate compliance as well as the compliance of the Group’s insurance businesses have been handled by the Compliance and Security division since January 1, 2019.

204

RISK REPORT PILLAR III 2019 | GROUPE BPCE

www.groupebpce.com