BPCE - 2019 Universal Registration Document

RISK REPORT

RISK MANAGEMENT SYSTEM

COORDINATION OF BUSINESS LINE FUNCTIONS ORGANIZATION Based on strong functional authority, the division in charge of coordinating the Heads of Risk and Compliance – part of the Risk Governance division – oversees the coordination of all Groupe BPCE Risk and Compliance functions. The Risk, Compliance and Permanent Control Charter calls for the Group Risk division and Corporate Secretary’s Office to participate, at their own initiative, in the annual performance assessment of the heads of the Permanent Control functions, particularly risk and/or compliance, in consultation with the Chairman of the Management Board or the Chief Executive Officer. This division deploys the entire system on a daily basis and contributes to the overall supervision of Group risks, primarily through: oversight and updates of key Risk and Compliance function • documents such as charters and standards; analysis of the work done by the Executive Committees on • the risks incurred by the Banques Populaires, the Caisses d’Epargne and the subsidiaries; coordination of Risk Management and Compliance function • events through a series of national Risk Management and Compliance Days, including discussions and exchanges on risk- and compliance-related issues, presentations on the work done by the functions, training and sharing of best practices in the credit, financial, operational and compliance fields between all Group institutions. Risk Management and Compliance Days also provide opportunities to strengthen group-wide solidarity in the risk management and/or compliance professions in today’s ever-changing regulatory environment. In addition, audio conferences and regional meetings are attended by the Heads of Risk Management and Compliance of the networks and subsidiaries to address current topics and events; a document library dedicated to The Risk, Compliance and • Permanent Control functions; operational efficiency initiatives (headcount benchmark • standards, risk and compliance half-year reports, risk appetite framework and institution macro-level risk mapping); oversight of all recommendations issued by the supervisory • authorities and by the Group’s Inspection Générale division covering Risks, Compliance and Permanent Control; support for new Heads of Risk Management and/or • Compliance of Groupe BPCE institutions via a special program;

frequent on-site meetings with the Heads of Risk • Management and/or Compliance and teams of the Banques Populaires, Caisses d’Epargne and subsidiaries; in addition to the operational committee meetings attended by • the Risk division, General Meetings held with each of the main BPCE subsidiaries: Natixis, Crédit Foncier, Banque Palatine, BPCE International, the subsidiaries of the Financial Solutions and Expertise division, FIDOR Bank and Oney for a comprehensive review with the Head of Risk Management and/or Compliance; distribution of a newsletter (“Mag R&C”) to the heads of • Group institutions, the heads of the various functions, including Sales, and the employees of the Risk, Compliance and Permanent Control functions as well as all Group employees; an annual training program (the Risk Academy) offered to all • Risk and Compliance function employees, in conjunction with the Group Human Resources division. In addition, a university training course on “internal control and risk management at financial institutions” is given at Université Paris-Dauphine. Participants earn a degree upon successful completion of the course. Two workshops focused on compliance and permanent control have also been added; and, in general, the practice of risk and compliance awareness • and sharing of best practices throughout the Group, in particular via a digital document library (the Kiosk) for all employees of the Group Risk, Compliance and Permanent Control functions, or dedicated thematic conferences that can be viewed live or in replay. The Project Management Office is a cross-business department of the division that also works with the Group Corporate Secretary’s Office. It provides support to the department heads and project managers of the Risk division in managing services, budgets and logistics. It also serves as an intermediary for the HR, sourcing, legal, Contingency and Business Continuity Plan, and budget oversight divisions or teams. For coordination purposes, the Risk Governance department relies on a half-yearly report drawn up by the institutions, aimed at ensuring that the various components of the local systems are properly implemented and operate under satisfactory conditions, particularly with respect to banking regulations and Group charters. The findings of this report improve operational efficiency and optimize best practices throughout Groupe BPCE. Activities specifically focused on the Lagarde report are being monitored in conjunction with the Group’s institutions. There is also a system in place to monitor anomalies observed at Group institutions, aimed at ensuring that business is conducted properly and the rules of ethics are applied.

6

HIGHLIGHTS Incorporation of the Financial Solutions Expertise subsidiaries in the Group risk and compliance coordination system: definition of a risk appetite system dedicated to Financial Solutions and Expertise activities; • review and validation of subsidiary risk policies; • deployment and adaption of interim risk and compliance questionnaires to their activity; • Oney Bank: incorporation in the Group’s risk management systems by establishing a risk appetite framework validated by the governance bodies.

577

UNIVERSAL REGISTRATION DOCUMENT 2019 | GROUPE BPCE