BPCE - 2019 RISK REPORT Pillar III

3

RISK MANAGEMENT SYSTEM

RISK MANAGEMENT

STANDARD RISK GOVERNANCE STRUCTURE AT A GROUP INSTITUTION

Internal Control Coordination Committee

Executive Risk Committee

Risk Compliance Function (1) Executive Management within the meaning of Article L511-13 of the French Monetary and Financial Code: a person responsible for the executive management of the company Executive Management (1) Business Continuity Risks Credit Risks Financial Risks Non-Financial Risks Operational Risks Non-Compliance Risks ALM Committee Information System Security Risks Market Risk Committee Non-Financial Risk Committee Credit Risk Committee Loan or Commitment Committee Provision and Collection Committee Watchlist Committee

Coordination of business line functions

ORGANIZATION Based on strong functional authority, the division in charge of coordinating the Heads of Risk and Compliance – part of the Risk Governance division – oversees the coordination of all Groupe BPCE Risk and Compliance functions. The Risk, Compliance and Permanent Control Charter calls for the Group Risk division and Corporate Secretary’s Office to participate, at their own initiative, in the annual performance assessment of the heads of the Permanent Control functions, particularly risk and/or compliance, in consultation with the Chairman of the Management Board or the Chief Executive Officer. This division deploys the entire system on a daily basis and contributes to the overall supervision of Group risks, primarily through: oversight and updates of key Risk and Compliance function • documents such as charters and standards; analysis of the work done by the Executive Committees on • the risks incurred by the Banques Populaires, the Caisses d’Epargne and the subsidiaries; coordination of Risk Management and Compliance function • events through a series of national Risk Management and Compliance Days, including discussions and exchanges on risk- and compliance-related issues, presentations on the work done by the functions, training and sharing of best practices in the credit, financial, operational and compliance fields between all Group institutions. Risk Management and

Compliance Days also provide opportunities to strengthen group-wide solidarity in the risk management and/or compliance professions in today’s ever-changing regulatory environment. In addition, audio conferences and regional meetings are attended by the Heads of Risk Management and Compliance of the networks and subsidiaries to address current topics and events; a document library dedicated to The Risk, Compliance and • Permanent Control functions; operational efficiency initiatives (headcount benchmark • standards, risk and compliance half-year reports, risk appetite framework and institution macro-level risk mapping); oversight of all recommendations issued by the supervisory • authorities and by the Group’s Inspection Générale division covering Risks, Compliance and Permanent Control; support for new Heads of Risk Management and/or • Compliance of Groupe BPCE institutions via a special program; frequent on-site meetings with the Heads of Risk • Management and/or Compliance and teams of the Banques Populaires, Caisses d’Epargne and subsidiaries; in addition to the operational committee meetings attended by • the Risk division, General Meetings held with each of the main BPCE subsidiaries: Natixis, Crédit Foncier, Banque Palatine, BPCE International, the subsidiaries of the Financial Solutions and Expertise division, FIDOR Bank and Oney for a comprehensive review with the Head of Risk Management and/or Compliance;

30

RISK REPORT PILLAR III 2019 | GROUPE BPCE

www.groupebpce.com