BPCE - 2019 Universal Registration Document

6

RISK REPORT

NON-COMPLIANCE AND SECURITY RISKS

Non-compliance and security risks 6.11

Promoting a culture of non-compliance risk management and taking into account the legitimate interests of customers are achieved through employee training. To that end, the Compliance and Security division: creates the content for the training materials used for the • Compliance function and manages interactions with the Group Human Resources division and the Risk Governance department of the Risk division, which coordinates the annual work schedule for the Risk and Compliance functions; helps train Compliance staff, mainly through specialized annual • seminars (financial security, ethics and compliance, banking compliance, coordination of permanent compliance controls, cybersecurity, etc.); coordinates the training program for heads of compliance and • Compliance Officers; coordinates and checks the Compliance and Security functions • of the Group institutions, notably by holding national compliance and security days, and via a system of permanent controls coordinated at Group level; draws on the expertise of the Compliance functions of Group • institutions via theme-based working groups. Moreover, BPCE’s corporate compliance as well as the compliance of the Group’s insurance businesses have been handled by the Compliance and Security division since January 1, 2019.

The Compliance and Security division, which has reported to the Corporate Secretary’s Office of Groupe BPCE since January 1, 2019, works independently of the operational divisions, and of the other Internal Control divisions with which it cooperates. It comprises: the Banking Compliance, Investment Services Compliance and • Insurance Compliance departments, and the Financial Security departments which notably includes BPCE’s Tracfin officers; the Security departments covering all areas: personal and • property safety, business continuity, information system security, and cyber security and fraud watch, while also coordinating the DPO (Data Protection Officer) function; The Compliance and Security division carries out its duties within the framework of business line operations. It helps guide and motivate the Heads of the Compliance and Security functions of the affiliates and subsidiaries. The Compliance Officers appointed by the various affiliates, including the Caisse d’Epargne and Banque Populaire parent companies and direct subsidiaries covered by the regulatory system of banking and financial supervision, are functionally subordinate to the Compliance and Security division. The division conducts any necessary initiatives to strengthen compliance and security throughout Groupe BPCE. As such, it builds and revises the standards proposed for the governance of Groupe BPCE, shares best practices and coordinates working groups consisting of departmental representatives. ORGANIZATION The Compliance function covers two main fields of expertise: Banking compliance, aimed at preventing risks of failure to • comply with laws, regulations and professional standards governing KYC and the banking industry. To that, it encompasses support for operational departments in their compliance with regulatory changes, distribution of standards (including ACPR recommendations and EBA guidelines), compliance expertise for the purpose of helping approve new products or sales processes, supervision of document and challenge approval processes, and oversight of the Group’s outsourced critical or essential services. It also strengthens the management of non-compliance risk by overseeing complaints analysis, making use of compliance controls and mapping of non-compliance risks reported by Groupe BPCE institutions within the scope of banking compliance and KYC. Investment services compliance, which covers compliance • and ethicals in the conduct of financial activities, as defined by the AMF General regulations. More broadly, it includes the prevention of conflicts of interests across all business lines, ensuring that customer interests prevail, compliance with market rules and professional standards in the banking and financial sectors, and, finally, regulations and internal standards regarding business ethics. It also includes oversight Compliance 6.11.1

of investment services and the operating procedures of investment services compliance officers (RCSIs). Since the end of 2016, investment services compliance has also included SRAB commitments (Separation and Regulation of Banking Activities) – Volcker office.

MEASUREMENT AND SUPERVISION OF NON-COMPLIANCE RISK

Non-compliance risks are analyzed, measured, monitored and managed in accordance with the Ministerial Order of November 3, 2014, with the aim of: ensuring a permanent overview of these risks and the • associated risk prevention and mitigation system, including updated identification under the new non-compliance risk-mapping exercise; ensuring that the largest risks, if necessary, are subject to • controls and action plans aimed at supervising them more effectively. Groupe BPCE manages non-compliance risk by mapping out its non-compliance risks and implementing mandatory Level 1 and 2 compliance controls common to all Group retail banking institutions.

646

UNIVERSAL REGISTRATION DOCUMENT 2019 | GROUPE BPCE

www.groupebpce.com

Made with FlippingBook - professional solution for displaying marketing and sales documents online