BPCE - 2019 Universal Registration Document

6

RISK REPORT

RISK MANAGEMENT SYSTEM

RISK GOVERNANCE AT GROUP INSTITUTIONS BPCE’s Risk division and the Group Corporate Secretary’s Office oversee the Group’s Risk Management, Compliance and Permanent Control functions, focusing on the management of credit, financial, operational and non-compliance risks, extended to business continuity, Financial Audit and Information System Security functions. They ensure that the risk policies of the affiliates and subsidiaries comply with those of Groupe BPCE. The Risk and/or Compliance departments of subsidiaries not subject to the banking supervision regulatory framework are functionally subordinate to Groupe BPCE’s Risk division and Corporate Secretary’s Office. The strong functional authority exercised by the Head of Risk Management and by the Corporate Secretary of Groupe BPCE enables risk controls to be performed objectively, as each Group entity’s operational functions are independent from its Risk and Compliance functions. It also promotes a risk management and compliance culture and the application of shared risk

management standards, and ensures that managers are given independent, objective and detailed information on the Group’s risk exposures and any possible deterioration in its risk profile. Group institutions are responsible for defining, monitoring and managing their risk levels, as well as producing reports and data for submission to the central institution’s Risk division and Corporate Secretary’s Office. They ensure the quality, reliability and completeness of the data used to control and monitor risks at the company level and on a consolidated basis, in line with Group risk standards and policies. In the course of their work, the Group’s institutions rely on the Group Risk, Compliance and Permanent Control Charter. The charter specifies that each institution’s supervisory body and executive managers promote the risk management culture at all levels of their organization. A twofold assessment of a) Risk Management functions and b) Compliance functions is conducted every six months by the Risk Committee of the Groupe BPCE Supervisory Board.

STANDARD RISK GOVERNANCE STRUCTURE AT A GROUP INSTITUTION

Internal Control Coordination Committee

Executive Risk Committee

Risk Compliance Function (1) Executive Management within the meaning of Article L511-13 of the French Monetary and Financial Code: a person responsible for the executive management of the company Executive Management (1) Business Continuity Risks Credit Risks Financial Risks Non-Financial Risks Operational Risks Non-Compliance Risks ALM Committee Information System Security Risks Market Risk Committee Non-Financial Risk Committee Credit Risk Committee Loan or Commitment Committee Provision and Collection Committee Watchlist Committee

576

UNIVERSAL REGISTRATION DOCUMENT 2019 | GROUPE BPCE

www.groupebpce.com