BPCE - 2019 RISK REPORT Pillar III

CREDIT RISKS

CREDIT RISK MANAGEMENT

The credit approval process is based on Group risk policies, which in turn draw on internal rating systems tailored to each type of customer and transaction.

The Groupe BPCE Risk division is responsible for:

overseeing and proposing guidelines for risk management policies, in accordance with the Group’s risk • appetite; defining, deploying and verifying the performance of internal rating systems; • producing reports containing the relevant information on these measures. • the creditworthiness of the main portfolios or activities (home loans, consumer loans, • loans to professional customers, SMEs/ISEs) at Group level, on an in-depth basis; concentration risks, defining individual limits for major counterparties; • consolidated amounts and changes in loan outstandings by counterparty; • average risk-weighted assets by entity and by asset class; • counterparty risk consolidated at Group level. • Group risk policies, Group sector policies; • regulatory caps, Group internal caps, internal caps for institutions in the Banque Populaire • and Caisses d’Epargne networks and all BPCE subsidiaries; a set of Group internal limits covering the major categories of counterparties (a company made up of a • parent and its subsidiaries) on a consolidated basis, for the main asset classes excluding retail, supplemented as needed by local limits; predominantly based on the internal rating approach, these methodologies are used to define the maximum risk that Groupe BPCE is willing to take; at each Group institution, a pro-con analysis or counter-analysis procedure involving the Risk function, • which holds the right to veto decisions, calling on the higher-level Credit Committee for arbitration where necessary, or the duly authorized representative; a permanent control system. •

For credit risk oversight purposes, Groupe BPCE manages and regularly reviews the following risks:

Credit approval decisions deployed or adapted at each Group institution are supervised within a system made up of:

5

Furthermore, sector and portfolio reviews are carried out at Group level to obtain a consolidated view of their credit quality and, where applicable, to be able to propose changes to risk policies or the corresponding management procedures. Compliance with regulatory and internal caps and limits is regularly checked by the Group Risk and Compliance Committee and the Audit and Risk Committees of the Supervisory Board. Each institution is responsible for ensuring compliance with internal limits; The Risk division also defines the credit risk Level 2 permanent control framework for all institutions. The Group Internal Control Committee (3CIG) is informed of the action plan for year N+1, based on the results observed during the fiscal year; Each institution determines its priority risks via the macro-level risk mapping process, which serves as a guide for its annual permanent control plan; The Level 2 permanent control system forms an auditable base available to the periodic control teams; The results of these management initiatives are presented to the Group Risk and Compliance Committee, the Group Credit and Counterparty Risk Committee and the Group Credit Risk and Permanent Control Committee. Finally, the Risk division coordinates the credit risk process, particularly through monthly audio conferences, national credit risk days, regional platforms or through theme-based working groups. It also oversees change management with respect to

standards to ensure the operational adoption of Group rules at the local level and to harmonize practices within the Group’s institutions. HIGHLIGHTS With regulations undergoing significant changes, all institutions are required to implement applicable standards, rules and policies in their operations, in order to ensure consistent implementation throughout the Group. Several major operational projects were undertaken in 2019, particularly in terms of consolidation scope: several Natixis subsidiaries were sold to BPCE SA (Natixis • Lease, Natixis Factor, CEGC, Natixis Financement) in addition to SOCFIM, a subsidiary of Crédit Foncier de France. As a result, the delegation system of these subsidiaries were modified to comply with the BPCE delegation system; Crédit Foncier de France was placed under run-off • management; BPCE International was also placed under run-off • management, with its subsidiaries having already been sold in 2019 or currently in the process of being sold; subsequent to the ECB’s “bad loans” audit in 2017, a project • was launched to improve the detection of risk prior to customer hardships; the ECB also conducted two audits in 2019 on the specialized • lending and leveraged finance activities.

77

RISK REPORT PILLAR III 2019 | GROUPE BPCE