BPCE - 2019 RISK REPORT Pillar III

First page Table of contents Previous page 209 Next page Last page

NON-COMPLIANCE AND SECURITY RISKS

BUSINESS CONTINUITY

Business continuity 11.3

The management of business interruption risk is handled from a cross-business perspective. This includes the analysis of the Group’s main critical business lines, notably liquidity, payment instruments, securities, individual and corporate loans, and fiduciary activities.

Organization

The Group Business Continuity department, which is part of the Compliance and Security division, performs its tasks independently of operational divisions. These include: managing Group business continuity and coordinating the • Group Business Continuity function; coordinating Group crisis management; • managing the implementation of the Group Contingency and • Business Continuity Plans (CBCPs) and keeping them operational; ensuring compliance with regulatory provisions governing • business continuity; participating in Groupe BPCE’s internal and external bodies. • HIGHLIGHTS Efforts were once again focused on strengthening crisis management, with the ongoing development of the crisis management software tool (CrisisCare), redeployment of the crisis management system (I2G) for greater effectiveness, and identification of crisis management training modules to be

offered in 2020. This organizational structure proved its merit during the “Robustness” marketplace exercise and the handling of incidents arising over the course of the year. A mapping tool (ArcGIS) was added to the Group’s incident management and decision-making resources. Business continuity more broadly incorporates a risk approach, reflected in the policy distributed this year and integrated in the control database, which was adjusted accordingly. The operational aspects of the business continuity system were also addressed. A Group BCP management tool (Drive) was tested with one institution and will be rolled out groupwide in 2020. Oversight of third-party business continuity is a priority for the Group, in light of the stronger regulatory outsourcing requirements. A policy, formalized early in the year, was extended by the initiatives undertaken to establish a single Group third-party provider listing and contract management database.

11

209

RISK REPORT PILLAR III 2019 | GROUPE BPCE

Made with FlippingBook - professional solution for displaying marketing and sales documents online