BPCE - 2019 RISK REPORT Pillar III

RISK MANAGEMENT SYSTEM

RISK MANAGEMENT

distribution of a newsletter (“Mag R&C”) to the heads of • Group institutions, the heads of the various functions, including Sales, and the employees of the Risk, Compliance and Permanent Control functions as well as all Group employees; an annual training program (the Risk Academy) offered to all • Risk and Compliance function employees, in conjunction with the Group Human Resources division. In addition, a university training course on “internal control and risk management at financial institutions” is given at Université Paris-Dauphine. Participants earn a degree upon successful completion of the course. Two workshops focused on compliance and permanent control have also been added; and, in general, the practice of risk and compliance awareness • and sharing of best practices throughout the Group, in particular via a digital document library (the Kiosk) for all employees of the Group Risk, Compliance and Permanent Control functions, or dedicated thematic conferences that can be viewed live or in replay.

The Project Management Office is a cross-business department of the division that also works with the Group Corporate Secretary’s Office. It provides support to the department heads and project managers of the Risk division in managing services, budgets and logistics. It also serves as an intermediary for the HR, sourcing, legal, Contingency and Business Continuity Plan, and budget oversight divisions or teams. For coordination purposes, the Risk Governance department relies on a half-yearly report drawn up by the institutions, aimed at ensuring that the various components of the local systems are properly implemented and operate under satisfactory conditions, particularly with respect to banking regulations and Group charters. The findings of this report improve operational efficiency and optimize best practices throughout Groupe BPCE. Activities specifically focused on the Lagarde report are being monitored in conjunction with the Group’s institutions. There is also a system in place to monitor anomalies observed at Group institutions, aimed at ensuring that business is conducted properly and the rules of ethics are applied.

3

HIGHLIGHTS Incorporation of the Financial Solutions Expertise subsidiaries in the Group risk and compliance coordination system: definition of a risk appetite system dedicated to Financial Solutions and Expertise activities; • review and validation of subsidiary risk policies; • deployment and adaption of interim risk and compliance questionnaires to their activity; • Oney Bank: incorporation in the Group’s risk management systems by establishing a risk appetite framework validated by the governance bodies.

Consolidated risk oversight

ORGANIZATION In addition to the risk supervision conducted both individually and by type of risk, Groupe BPCE’s Risk division also consolidates the Group’s risks. It produces a quarterly risk dashboard, which is used to monitor the risk appetite defined by the Group as well as for comprehensive monitoring of risks based on an analysis of the Group’s risk profile in each area (mapping of risk-weighted assets, credit risks and counterparty risks – by customer segment –, market risks, structural ALM risks, non-financial risks and risks related to insurance businesses). In addition to the dashboard, a monthly flash report provides the Group with a more responsive and updated overview of Group risks. The Risk division also conducts or coordinates cross-business risk analyses and specific stress tests on the Group’s main portfolios or activities and, if needed, for the entities. It has also

developed half-year forward-looking risk analyses aimed at identifying economic risk factors (known and emerging; international, national and regional), circumstantial threats (regulations, etc.) and their potential impact on the Group. These forward-looking analyses are presented at meetings of the Group Supervisory Board Risk Committee. Furthermore, it performs specific analyses on counterparties, and portfolio-based risk measurements (statistical collective provisions, etc.) and, when authorized by the supervisory authority, for the calculation of credit risk-weighted assets. It reviews and validates risk models developed internally. Finally, it contributes to efforts to define internal capital requirements as well as internal and external solvency stress tests aimed at measuring the Group’s sensitivity to a series of risk factors and its resilience in the event of a severe shock, by determining impacts in terms of cost of risk.

31

RISK REPORT PILLAR III 2019 | GROUPE BPCE