BPCE - 2019 RISK REPORT Pillar III

NON-COMPLIANCE AND SECURITY RISKS

COMPLIANCE

Compliance 11.1

Organization

Investment services compliance, which covers compliance • and ethicals in the conduct of financial activities, as defined by the AMF General regulations. More broadly, it includes the prevention of conflicts of interests across all business lines, ensuring that customer interests prevail, compliance with market rules and professional standards in the banking and financial sectors, and, finally, regulations and internal standards regarding business ethics. It also includes oversight of investment services and the operating procedures of investment services compliance officers (RCSIs). Since the end of 2016, investment services compliance has also included SRAB commitments (Separation and Regulation of Banking Activities) – Volcker office.

The Compliance function covers two main fields of expertise: Banking compliance, aimed at preventing risks of failure to • comply with laws, regulations and professional standards governing KYC and the banking industry. To that, it encompasses support for operational departments in their compliance with regulatory changes, distribution of standards (including ACPR recommendations and EBA guidelines), compliance expertise for the purpose of helping approve new products or sales processes, supervision of document and challenge approval processes, and oversight of the Group’s outsourced critical or essential services. It also strengthens the management of non-compliance risk by overseeing complaints analysis, making use of compliance controls and mapping of non-compliance risks reported by Groupe BPCE institutions within the scope of banking compliance and KYC.

Measurement and supervision of non-compliance risk

Non-compliance risks are analyzed, measured, monitored and managed in accordance with the Ministerial Order of November 3, 2014, with the aim of: ensuring a permanent overview of these risks and the • associated risk prevention and mitigation system, including updated identification under the new non-compliance risk-mapping exercise; ensuring that the largest risks, if necessary, are subject to • controls and action plans aimed at supervising them more effectively.

Groupe BPCE manages non-compliance risk by mapping out its non-compliance risks and implementing mandatory Level 1 and 2 compliance controls common to all Group retail banking institutions. The impact of non-compliance risk was calibrated and measured with the Group’s operational risk teams, using the methodology of operational risk tool OSIRISK, covering the risk management systems established by the institutions aimed at reducing gross risk levels.

Product governance and supervision

All new products and services, regardless of their distribution channels, as well as sales materials that fall within the Compliance function’s remit, are reviewed by Compliance beforehand. The purpose of this review is to ensure that applicable regulatory requirements are met and that targeted customers – and the public at large – receive clear and fair information. Product supervision is carefully conducted over the entire product life cycle.

Compliance also coordinates the approval of national sales challenges, ensures that conflicts of interest are managed properly and guarantees that customer interests always come first. Compliance is careful to ensure that sales procedures, processes and policies guarantee that the rules of compliance and ethics are observed at all times for all customer segments, and in particular that the advice given to customers is appropriate to their needs.

11

205

RISK REPORT PILLAR III 2019 | GROUPE BPCE