BPCE - 2019 RISK REPORT Pillar III

CREDIT RISKS

RISK MEASUREMENT AND INTERNAL RATINGS

Internal rating system governance

The internal governance of rating systems is centered on the development, validation, monitoring and modification of these systems. The Groupe BPCE Risk division is completely independent from the rest of the Group (Banque Populaire and Caisse d’Epargne networks, Natixis, Crédit Foncier and the other subsidiaries) in conducting performance and adequacy reviews of models for credit risks, counterparty risks, and structural ALM and market risks. This role assigned to the Risk division is based on robust governance defined in a Model Validation Charter, a Model Governance Committee and on a map of models used throughout the Group. The Model Validation Charter encompasses all types of quantitative models, defines and specifies the duties and responsibilities of contributors involved throughout each model’s life cycle. It also specifies the conditions for delegating validation, within a specific scope, to another entity besides the Risk division validation team: the entity in question must have the necessary expertise, be independent of the team developing the model, and have appropriate validation governance. Under these rules, the validation of certain specific PD and LGD models, IMM models for counterparty risk, IMA and standard models for market risk and prudent valuation models has been delegated to the independent validation team at Natixis. The internal validation process for new models or for changes to existing models is broken down into three steps: a review of the model and its adequacy, conducted • independently of the entities having worked on the development of the model; The Risk division’s model validation tea reports to the Risk Governance department, which is independent of the Modeling department; a review by the Group Models Committee, comprised of • quantitative experts (modeling specialists and validators) and business line experts who issue a technical opinion on the

model. This committee is chaired by the Head of Risk Management, Deputy Chief Executive Officer and member of the Executive Management Committee; validation by the Group RCCP Standards and Methods • Committee, based on the technical opinion issued by the Group Models Committee, which decides to implement the necessary changes, particularly in terms of processes and operational adaptation. These changes are submitted, where applicable, to the European supervisory authority for prior approval, in accordance with Commission Delegated Regulation No. 529/2014 on changes of the Internal Ratings Based Approach used in determining capital requirements. After the completion of this governance process, internal control reports and statements of decisions are made available to Group management (and supervisory authorities for internal models used to determine capital requirements). Each year, a summary of the performances and adequacy of internal models is presented to the Risk Management Committee of the Group Supervisory Board. The Group is also in the process of establishing a Model Risk Management (MRM) system aimed at assessing, streamlining, supervising and reporting model risk. Implementation of the new system is subject to an independent control presenting a high level of consistency. The principles of the system deal with the documentation, design, development, implementation, review, approval, ongoing supervision and use of models, all in the interest of ensuring their dependability. An MRM risk management policy has been defined to that end, aimed at promoting a clear understanding of how each model works, when and why it is used, and its strengths, weaknesses and limits. The policy will be gradually rolled out for each category of models in 2020, while expanding the scope of models subject to independent review.

5

Model development process

The Risk division relies on a formalized process describing the main steps taken in developing any new model. This document, which serves as a guide for the entire documentation and validation process, is based on: a literary and general description of the model, indicating its • scope of application (counterparty type, product type, business line, etc.), the main assumptions on which it is based, and any aspects not covered; a descriptive diagram summarizing how the ultimately chosen • model works, indicating the various inputs, processes and outputs;

a detailed description of the modeling steps and approach; • a literary description of the model’s main risk factors. • Internally developed models are required to meet strict risk discrimination and qualification criteria. These models will ultimately (as from January 1, 2021) incorporate the regulatory changes enacted by the European Banking Authority under its IRB Repair program, aimed at improving the comparability of risk parameters input to the models.

83

RISK REPORT PILLAR III 2019 | GROUPE BPCE