BPCE - 2019 Universal Registration Document

RISK REPORT

RISK MANAGEMENT SYSTEM

ORGANIZATION OF RISK MANAGEMENT Groupe BPCE’s Risk division and Corporate Secretary’s Office measure, monitor and manage risks, including non-compliance risks, pursuant to the Ministerial Order of November 3, 2014 on internal control.

They ensure that the risk management system is effective, complete and consistent, and that risk-taking is consistent with the guidelines for the business (particularly targets and resources of the Group and its institutions).

Group policy and standards

Supervision and control

Coordination

present the Management Board and Supervisory • Board with a risk appetite framework for the Group and ensure its implementation and roll-out at each major entity; help draw up risk policies on a consolidated basis, • inform overall risk limits, contribute to discussions on capital allocation and ensure that portfolios are managed in accordance with these limits and allocations; define and implement standards and methods for • consolidated risk measurement, risk-taking approval, risk control and reporting, and compliance with risk regulations; oversee the risk information system, working closely • with the IT departments, while defining the standards to be applied for the measurement, control, reporting and management of risks.

carry out the annual macro-level risk mapping • exercise, factoring in the overall risk policy, risk appetite and annual permanent control plan, which is part of the internal control system; assess and control the level of risk across the Group; • conduct permanent supervision of limit breachess • and their resolution, centralize risk data and prepare forward-looking risk reports on a consolidated basis; help the Groupe BPCE Management Board to • identify emerging risks, concentration of risk and other various developments, and to devise strategy and adjust risk appetite; perform stress tests with the goal of identifying • areas of risk and the Group’s resilience under various predetermined shock scenarios; conduct controls to ensure that the operations and • internal procedures of Group companies comply with legal, professional, or internal standards applicable to banking, financial and insurance activities; perform Level 2 controls of certain processes used to • prepare financial information, and implemens a Group Level 2 permanent risk control system.

are functionally subordinate to the Risk and • Compliance functions, participating in the work of local Risk Committees or receiving the results of their work, coordinating the departments and approving the appointment or dismissal of all new Heads of Risk Management, Heads of Compliance, or Heads of Risk and Compliance, by meeting with the relevant managers and/or teams during national or local meetings and during checks on-site or at BPCE; help disseminate risk and compliance awareness • and promote the sharing of best practices throughout the Group.

SPECIAL COMMITTEES Several committees are responsible either for defining Groupwide methodology standards for measuring, managing, reporting and consolidating all risks throughout the Group, or for making decisions about risk projects with an IT component.

Group Counterparty and Credit Risk Committees: Group Market Risk Committees:

Several types of committees have been established to manage credit risk for the entire Group, meeting at varying • frequencies depending on their roles ( ex-post or decision-making analysis) and their scope of authority. The Group has also established decision-making and supervisory committees for both market and structural ALM • risks. The frequency of their meetings is tailored to the needs of the Group and its institutions. This committee meets quarterly and includes the various Groupe BPCE business lines affected by non-compliance • and operational risks. It examines information system security, business continuity and accounting review issues. Its objective is to validate action plans targeting these risks, which are included in the Groupe BPCE macro-level risk map. It also performs consolidated supervision of losses, incidents and alerts, including reports made to the ACPR under • Article 98 of Ministerial Order A-2014-11-03 in respect of non-financial risks.

Non-Financial Risk Committee:

6

At the same time, several committees are responsible either for defining Groupwide methodology standards for measuring, managing, reporting and consolidating all risks throughout the Group, or for making decisions about risk projects with an IT component.

575

UNIVERSAL REGISTRATION DOCUMENT 2019 | GROUPE BPCE