BPCE - 2019 Universal Registration Document

RISK REPORT

NON-COMPLIANCE AND SECURITY RISKS

The impact of non-compliance risk was calibrated and measured with the Group’s operational risk teams, using the methodology of operational risk tool OSIRISK, covering the risk management systems established by the institutions aimed at reducing gross risk levels. PRODUCT GOVERNANCE AND SUPERVISION All new products and services, regardless of their distribution channels, as well as sales materials that fall within the Compliance function’s remit, are reviewed by Compliance beforehand. The purpose of this review is to ensure that applicable regulatory requirements are met and that targeted customers – and the public at large – receive clear and fair information. Product supervision is carefully conducted over the entire product life cycle. Compliance also coordinates the approval of national sales challenges, ensures that conflicts of interest are managed properly and guarantees that customer interests always come first. Compliance is careful to ensure that sales procedures, processes and policies guarantee that the rules of compliance and ethics are observed at all times for all customer segments, and in particular that the advice given to customers is appropriate to their needs. CUSTOMER PROTECTION The Group’s reputation and the trust of its customers are strengthened when the products and services it sells comply with regulations and the information it supplies is reliable. To maintain this trust, the Compliance division makes customer protection a top priority. To that end, Group employees regularly receive training on customer protection issues to maintain the required level of customer service quality. These training sessions are aimed at promoting awareness of compliance and customer protection among new hires and/or sales team employees. Ethics and compliance training, entitled “Fundamentals of professional ethics”, has been set up for all Group employees. BPCE has also established a code of good conduct and ethics, rolled out to all Groupe BPCE institutions. The new Markets in Financial Instruments directive (MiFID 2) and PRIIPs regulation (Packaged Retail Investment and Insurance-based Products) strengthen investor protection and market transparency. They have an impact on the Group in its role as a distributor of financial instruments by enhancing the quality of the customer experience in terms of financial savings and insurance products: adjustments to customer and KYC data collection (customer • profile, characteristics of customer plans in terms of objectives, risks and investment horizons), an updated questionnaire on each customer’s financial investment knowledge and experience, and an updated questionnaire on customer risk appetite and loss tolerance, to ensure that suitable advisory services are provided; adaptation of offers associated with the financial services and • products sold;

formalization of customer advice (suitability report) and the • customer’s acceptance of said advice (issuance of customer alerts where necessary); organization of relations between the Group’s manufacturers • and distributors; inclusion of provisions related to the transparency of fees and • charges at the required level of detail; production of periodic suitability reports and value-added • reports for customers and recording of conversations for customer relations and advisory purposes; disclosure of transaction reports to regulators and the market, • best-execution and best-selection requirements; participation in the development of employee training and the • change management program related to these new provisions. HIGHLIGHTS A program was created in 2019 to strengthen regulatory KYC compliance. The aim of the program, in conjunction with the IT platforms, is to prevent accounts from being opened if a customer’s tax self-certification form has not been provided or regulatory records are not complete. Efforts are also under way to establish a regulatory KYC update system in 2020. In terms of banking inclusion, Groupe BPCE met its professional obligation to cap the incident fees charged to financially vulnerable customers as from January 1, 2019, pursuant to commitments undertaken by French banks in September and December 2018. At the same time, special focus was placed on: • the non-compliance risk management system, with the – automated rating (using the software tool Enablon) of non-compliance risk mapping, and the assessment of non-compliance risk now relying on the harmonized Level 2 compliance permanent control, use of permanent control results according to the risks – addressed by the controls. BPCE continued working on the remediation plan for the marketing of financial savings products in accordance with the European Markets in Financial Instruments directive (MiFID 2), the Insurance Distribution Directive (IDD) and PRIIPs. Product governance and supervision was strengthened in 2019 with the establishment of: a committee in charge of validating model investment • portfolios, meeting quarterly to monitor the performance of risk asset allocations, perform a macroeconomic review and analyses, and prepare an allocation outlook; a product governance and supervision committee, working • alongside manufacturers: exchanging information and alerts between manufacturers and distributors, and overseeing distribution strategy, product changes and investor protection.

6

FRENCH BANKING SEPARATION AND REGULATION ACT (SRAB)

Groupe BPCE’s market risk map is regularly updated, calling for the creation of internal units subject to an exemption within the meaning of act No. 2013-672 of July 26, 2013 on the separation and regulation of banking activities.

647

UNIVERSAL REGISTRATION DOCUMENT 2019 | GROUPE BPCE