BPCE - 2019 RISK REPORT Pillar III

RISK MANAGEMENT SYSTEM

RISK MANAGEMENT

SPECIAL COMMITTEES Several committees are responsible either for defining Groupwide methodology standards for measuring, managing, reporting and consolidating all risks throughout the Group, or for making decisions about risk projects with an IT component.

Group Counterparty and Credit Risk Committees: Group Market Risk Committees:

Several types of committees have been established to manage credit risk for the entire Group, meeting at varying • frequencies depending on their roles ( ex-post or decision-making analysis) and their scope of authority. The Group has also established decision-making and supervisory committees for both market and structural ALM • risks. The frequency of their meetings is tailored to the needs of the Group and its institutions. This committee meets quarterly and includes the various Groupe BPCE business lines affected by non-compliance • and operational risks. It examines information system security, business continuity and accounting review issues. Its objective is to validate action plans targeting these risks, which are included in the Groupe BPCE macro-level risk map. It also performs consolidated supervision of losses, incidents and alerts, including reports made to the ACPR under • Article 98 of Ministerial Order A-2014-11-03 in respect of non-financial risks.

3

Non-Financial Risk Committee:

At the same time, several committees are responsible either for defining Groupwide methodology standards for measuring, managing, reporting and consolidating all risks throughout the Group, or for making decisions about risk projects with an IT component.

Risk governance at Group institutions

BPCE’s Risk division and the Group Corporate Secretary’s Office oversee the Group’s Risk Management, Compliance and Permanent Control functions, focusing on the management of credit, financial, operational and non-compliance risks, extended to business continuity, Financial Audit and Information System Security functions. They ensure that the risk policies of the affiliates and subsidiaries comply with those of Groupe BPCE. The Risk and/or Compliance departments of subsidiaries not subject to the banking supervision regulatory framework are functionally subordinate to Groupe BPCE’s Risk division and Corporate Secretary’s Office. The strong functional authority exercised by the Head of Risk Management and by the Corporate Secretary of Groupe BPCE enables risk controls to be performed objectively, as each Group entity’s operational functions are independent from its Risk and Compliance functions. It also promotes a risk management and compliance culture and the application of shared risk management standards, and ensures that managers are given independent, objective and detailed information on the Group’s risk exposures and any possible deterioration in its risk profile.

Group institutions are responsible for defining, monitoring and managing their risk levels, as well as producing reports and data for submission to the central institution’s Risk division and Corporate Secretary’s Office. They ensure the quality, reliability and completeness of the data used to control and monitor risks at the company level and on a consolidated basis, in line with Group risk standards and policies. In the course of their work, the Group’s institutions rely on the Group Risk, Compliance and Permanent Control Charter. The charter specifies that each institution’s supervisory body and executive managers promote the risk management culture at all levels of their organization. A twofold assessment of a) Risk Management functions and b) Compliance functions is conducted every six months by the Risk Committee of the Groupe BPCE Supervisory Board.

29

RISK REPORT PILLAR III 2019 | GROUPE BPCE