BPCE - 2019 Universal Registration Document

5

FINANCIAL REPORT

CONTROLS OF ACCOUNTING AND FINANCIAL REPORTING QUALITY

the Framework for controls of accounting and financial • information quality, which was approved by the Group Internal Control Coordination Committee on June 9, 2016 and which sets out the rules and principles for such controls and the associated responsibilities in the production and publication of information submitted to “the supervisory and control authorities or appearing in documents intended for publication” (regulatory reporting: financial, fiscal and regulatory reports); the Framework for the preparation and publication of oversight • indicators and reports, approved by the Risk Standards and Methods, Compliance and Permanent Control Committee on December 12, 2018, which sets out the rules and principles for information submitted to the “executive managers or the supervisory body” (oversight or internal reports); the Framework for Statutory Auditor Assignments at Groupe • BPCE, approved by the BPCE Supervisory Board on November 7, 2017, which sets out the rules and principles governing statutory audits in the Group. AT INDIVIDUAL INSTITUTIONS Internal control procedures are decentralized by nature owing to the Group’s unique organizational structure and are adapted to the particular requirements of each consolidated entity, in compliance with the general rules and principles set by the Group. In addition to the level one self-checking and control procedures performed in the entities responsible for preparing individual or consolidated financial statements, the quality of accounting and financial controls is also verified by the Accounting division, which oversees the production of accounting and financial information. To this end, the Accounting division: sets accounting and prudential standards at the Group level for • the production of individual and consolidated financial statements that meet French and IFRS accounting standards, and the production of regulatory reports for national or supranational oversight and control authorities; coordinates the accounting process, thereby increasing the • quality of level one controls; examines the reports covering accounting and regulatory data • that it receives by conducting multiple controls using data contained in the consolidation packages sent by the entities in the Group’s scope of consolidation for the purposes of preparing the parent company and regulatory consolidated financial statements; conducts, as part of the duties of the central institution that • fall under Article L. 511-31 of the French Monetary and Financial Code, a routine review of the regulatory reports of affiliates before they are submitted to the ACPR and in accordance with the rules agreed-upon with the ACPR (multiple consistency checks and analyses); checks, under the tax consolidation scheme for cooperative • banking groups (Article 223 A et seq . of the French General Tax Code), the tax consolidation packages sent to the central institution by entities falling under the scope of said scheme. Level two controls The Group’s level two control system is overseen by the Financial Review department. The Head of this department is a standing guest member of the Group Internal Control Coordination Committee and has been granted powers to set standards for the function. In conjunction with the shareholder institutions and Group subsidiaries, the Financial Review AT THE CENTRAL INSTITUTION Level one controls

department maintains functional ties between local Review departments and the central institution to ensure the quality of the entire control system. Under its groupwide duties, the department’s primary activities are to: facilitate the sharing of best practices via a special-purpose • committee (Auditors’ Committee) and working groups; draft and distribute the set of standards and documents for • the function; coordinate each entity’s system for reporting to the central • institution so that it can assess their system for producing and verifying accounting and financial information; perform on-site controls at entities whose systems are falling • behind those of other entities; implement accounting controls to prevent and detect fraud, • corruption or influence peddling; verify, on behalf of the Audit Committee, the Group’s • regulatory audit system and in particular services other than certification of financial statements. Over and above its groupwide duties, the department performs operational audits of the central institution, as it does for each Group entity. These audits cover the processes and publication of reports by the central institution (regulatory and oversight reports), in conjunction with other level two control teams. Level three controls These controls are implemented by: the Group’s Statutory Auditors, which work on a panel basis • and base their opinions partly on the conclusions of each consolidated entity’s Statutory Auditors, particularly regarding compliance with the Group’s standards as laid down by BPCE and partly on the effectiveness of local internal control procedures. To make the certification process as efficient as possible, the Framework for Statutory Auditor Assignments at Groupe BPCE recommends that each Group entity has at least one representative of the Group’s Statutory Auditors on its panel; the Group Inspection Générale division, in audits of the • Group’s institutions and internal control procedures, including accounting and financial audits. CHANGES IN 2019 In 2019, efforts to enhance the accounting and financial information control system continued, with: for the regulatory financial statements, the continued use of a • control system based on local Review departments (for capital adequacy ratios, leverage ratios, FINREP, etc.) and the introduction of enhanced controls on ICAAP (internal capital adequacy assessment process) reports; the drafting of accounting control procedures to enhance the • prevention and detection of fraud, corruption or influence peddling, in particular in compliance with the requirements of the Sapin 2 Act; the integration of the Financial Solutions and Expertise • business line entities directly in the Review department’s oversight and monitoring scope, which includes the transmission of reports to the central institution; for internal oversight reports, the implementation of controls • to ensure compliance with Group rules, aimed at improving the quality of the reports and the data they contain, in particular with: the publication of harmonized level two control standards to – ensure compliance with the requirements of the Ministerial Decree of November 3, 2014 on internal control and BCBS Recommendation 239 of January 9, 2013,

550

UNIVERSAL REGISTRATION DOCUMENT 2019 | GROUPE BPCE

www.groupebpce.com