BPCE - 2019 Universal Registration Document

6

RISK REPORT

NON-COMPLIANCE AND SECURITY RISKS

INSURANCE COMPLIANCE The Insurance Compliance department ensures that insurance products are marketed in compliance with applicable regulations. Insurance Compliance prepares fundamental guidelines stipulating the disclaimers that have to be included in advisory notices for Group products. It provides regulatory and operational support to Group entities, mainly by issuing normative recommendations and transposing them into operating practices. It also takes part in the Group New Product Committee and in commercial processes, verification of sales processes, and validation of training modules covering advertising media and network documents. HIGHLIGHTS In 2019, normative recommendations focused on payment protection insurance, product governance and supervision, insurance advisory obligations, and ORIAS registration obligations. The Insurance Compliance division handled the operational implementation of regulatory requirements: operational implementation of the standard pertaining to • customers aged 80 or more; optimization of the customer experience in terms of insurance • management procedures; improvement of the customer experience in terms of financial • savings products; annual insurance fee statements. •

On a quarterly basis, the market risk map calculates the required indicators referred to in Article 6 of the Ministerial Order of September 9, 2015. It also calculates additional annual indicators for the purpose of documentation and quantitative indicators such as the economic NBI or VaR of the internal units. Based on the work carried out by the Group, it has not been necessary to create a ring-fenced subsidiary, and mandates have been implemented at the institutions in order to handle the various activities. In conjunction with the calculations and other work done in accordance with this act, an enhanced compliance program was adopted and implemented as from July 2015 in response to the Volcker rule (a sub-section of the US Dodd-Frank Act) within the scope of BPCE SA and its subsidiaries. Taking a broader approach than that of the French Banking Separation and Regulation Act, this program aims to map out all the financial and commercial activities of BPCE SA group, notably to ensure that they comply with the two major bans imposed by the Volcker rule: the ban on proprietary trading and on certain activities related to covered funds. In March 2019, the Group certified its compliance with the Volcker rule with the US regulator, as it has every year since July 2015. Note: in early 2017, Groupe BPCE appointed a SRAB-Volcker officer responsible for the security of the banking segregation mechanisms. This officer also oversees the requirements set forth by US regulations on Legal Entity Management (LEM).

Financial security 6.11.2

ORGANIZATION Financial security covers anti-money laundering and terrorist financing (AML-TF) measures as well as adherence to international sanctions aimed at individual persons, entities or countries. BPCE’S INVOLVEMENT IN THE PREVENTION OF MONEY LAUNDERING AND TERRORIST FINANCING Groupe BPCE works to prevent money laundering and terrorist financing through: Corporate culture Promoted across all levels of the company, corporate culture is built on: customer relations principles aimed at preventing risks, which are formalized and regularly communicated to the employees; • a harmonized, biannual training program for Group employees, and specialized training for the Financial Security function. • Organizational structure In accordance with Groupe BPCE’s charters, each institution has its own financial security unit. The Risk division has a special department that oversees anti-money laundering and terrorist financing procedures, defines the financial security policy for the entire Group, prepares the various related standards and procedures (and has them validated), and ensures that anti-money laundering and terrorist financing risks are incorporated in BPCE’s new products and services approval procedure. Specialized processes In accordance with regulations, banks have methods for detecting unusual transactions that are specific to their risk classification. These can be used, if needed, to conduct closer analyses and to submit the required reports to Tracfin (French financial intelligence agency) as promptly as possible. The Group’s risk classification system incorporates the “at-risk countries” factor when addressing money laundering, terrorism, tax fraud and bribery. The system was also reinforced with the establishment of a database and automated scenarios specifically targeting terrorist financing. With respect to compliance with restrictive measures related to international sanctions, Group institutions are equipped with screening tools that generate alerts on customers (asset freezes on certain individuals or entities) and international flows (asset freezes and countries subject to European and/or US embargoes).

648

UNIVERSAL REGISTRATION DOCUMENT 2019 | GROUPE BPCE

www.groupebpce.com