BPCE - 2019 Universal Registration Document

6

RISK REPORT

RISK MANAGEMENT SYSTEM

EMERGING RISKS Groupe BPCE places great importance on anticipating and managing emerging risks in today’s constantly changing environment. The international geopolitical environment is an ongoing source of concern, with various geopolitical tensions continuing to weigh on general economic conditions and fueling uncertainties. Low-to-negative interest rates have had a continuous adverse impact on the profitability of commercial banking activities, due to the predominance of fixed-rate home loans and life insurance activities. As the economy and financial services have grown increasingly digitized, banks have had to remain constantly vigilant against cyber threats. The sophistication of cyber attacks and potential GOVERNANCE OF RISK MANAGEMENT Two Group-level bodies are responsible for governance of risk management: the Supervisory Board, which relies on the Board’s Risk Committee, and the Management Board. Chaired by the Chairman of the Management Board, the Group Risk and Compliance Committee (an Umbrella Committee) sets the broad risk policy, decides on the global caps and limits for Groupe BPCE and for each institution, validates the authorization limits of other committees, examines the principal risk areas for Groupe BPCE and for each institution, reviews consolidated risk reports and approves risk action plans for the measurement, supervision and management of risks, as well as Groupe BPCE’s principal risk standards and procedures. It monitors limits (Ministerial Order of November 3, 2014 on internal control, Article 226), particularly when overall limits are likely to be reached (Ministerial Order of November 3, 2014 on internal control, Article 229). Risk management 6.3.3

vulnerability of their IT systems are both major risks for Groupe BPCE, in conjunction with the expectations of the regulatory authority. Groupe BPCE is acutely aware of the changes in the regulatory environment, particularly in terms of new standards on provisions and guidelines on non-performing loans, and particularly the new definition of default and the finalization of Basel III. Climate change and social responsibility are increasingly covered in the risk management policy. Climate risk management is also addressed in the CRR2-CRD5 guidelines. Operational risks associated with pandemics, with the regular appearance of new viruses worldwide (and especially the current coronavirus, COVID-19), are closely monitored and crisis management systems are applied when necessary. The committee also examines matters relating to non-financial risks, specifically including risks associated with the compliance of banking and insurance activities, investment services and financial security. Overall risk limits are regularly reviewed and presented to the Group Risk and Compliance Committee (Ministerial Order of November 3, 2014 on internal control, Article 224) as part of the risk appetite framework (RAF). This committee provides the Supervisory Board Risk Committee with proposed criteria and thresholds for the identification of incidents to be brought to the attention of the supervisory body (Ministerial Order of November 3, 2014 on internal control, Articles 98 and 244). The Group Risk Committee is notified twice a year of the conditions under which the established limits were observed (Ministerial Order of November 3, 2014 on internal control, Article 252).

574

UNIVERSAL REGISTRATION DOCUMENT 2019 | GROUPE BPCE

www.groupebpce.com