BPCE - 2020 Universal Registration Document

ROLE AND OPERATING RULES OF GOVERNING BODIES REPORT ON CORPORATE GOVERNANCE

After reviewing the responses to the call for tenders, BPCE’s Audit Committee initially decided, at its meeting of July 31, 2020, on the list of Statutory Auditors for the Group’s institutions. With regard to the renewal of BPCE’s Statutory Auditors, the Audit Committee made a recommendation to the Supervisory Board in November 2020 on maintaining a three-firm college, with the renewal of Deloitte and PwC in 2021. The Board Meeting of November 5, 2020 decided, in accordance with the recommendation of the Audit Committee, to submit to the BPCE General Meeting scheduled to approve the financial statements at December 31, 2020, the renewal of Deloitte and PwC for a term of six years. The Risk Committee assists the Supervisory Board with respect to BPCE’s overall strategy and risk appetite, both current, future and when the Supervisory Board reviews the strategy’s implementation. Accordingly, it is tasked with assessing the effectiveness of the internal control and risk management systems and, more generally, fulfills the duties set out in Articles L. 511-92et seq. of the French Monetary and Financial Code and by the Ministerial Order of November 3, 2014 on internal control of banking sector companies. In this respect, its duties include: conducting a regular review of the strategies, policies, • procedures, systems, tools and limits referred to in Article 148 of the Ministerial Order of November 3, 2014 on internal control of banking sector companies and the underlying assumptions, and sharing its findings with the Supervisory Board; reviewing the total risk exposure of company and • Groupe BPCE activities, based on the associated reports; advising the Supervisory Board on the company’s overall • strategy and risk appetite, both current and future; assisting the Supervisory Board when it reviews the • implementation of this strategy by the members of the Management Board and the Head of Risk Management; assisting the Supervisory Board in regularly reviewing the • policies established to comply with the provisions of the Ministerial Order of November 3, 2014 on internal control of banking sector companies, assessing the effectiveness of these policies and that of the provisions and procedures implemented for the same purposes as well as any corrective measures undertaken in the event of failures; reviewing the annual report(s) on risk measurement and • supervision and on the conditions under which internal control is conducted throughout the Group; proposing to the Board the materiality criteria and thresholds • referred to in Article 98 of the Ministerial Order of November 3, 2014 on internal control of banking sector companies, i.e. the criteria and thresholds used to identify incidents that must be brought to the Board’s attention; ensuring the independence of Groupe BPCE’s Inspection • Générale division, which is authorized to request or access all items, systems, or information required for the successful completion of its duties; reviewing the annual schedule of the Group’s Inspection • Générale division; RISK COMMITTEE DUTIES

ensuring that the findings of audits performed by the Autorité • de contrôle prudentiel et de résolution (ACPR – French Prudential Supervisory and Resolution Authority) and/or the ECB and the Group’s Inspection Générale division, whose summaries regarding the company and Groupe BPCE entities are disclosed to it, are addressed; reviewing the follow-up letters sent by the ACPR and/or by the • ECB and issuing an opinion on the draft replies to these letters; determining, in accordance with its purview, if the prices of • products and services (referred to in Books II and III of the French Monetary and Financial Code: financial instruments, savings products, banking transactions, investment services) offered to customers are compatible with the company’s risk strategy and, if not, to present an action plan to the Supervisory Board to remedy the situation; determining if incentives provided by the company’s pay • practices and policy are compatible with the risks incurred by the company, its capital and liquidity and the likelihood that the expected benefits will vest, as well as their staggered vesting over time. ACTIVITY The Risk Committee met nine times between January 1 and December 31, 2020. The average attendance rate at these meetings was 96.30%. The main issues that it addressed were as follows: follow-up on the reports and investigations of the Autorité de • contrôle prudentiel et de résolution and the European Central Bank (ECB), and on the recommendations made by the Group’s Inspection Générale division; analysis and follow-up of the Supervisory Board Chairman’s • report on internal control and risk management; review of reports on internal control prepared in accordance • with Article 258 of the Ministerial Order of November 3, 2014 on internal control of banking sector companies and on risk measurement and supervision, prepared in accordance with Article 262 of the Ministerial Order of November 3, 2014 on internal control of banking sector companies: work carried out by the Group’s Inspection Générale division, annual compliance report (annual report of the investment services compliance officer [RCSI], report on the annual check control program, report on credit risks), update on accounting risks; review of the annual review of the system for reporting • significant incidents and assessment of the 2019 reports; study of the BCBS 239 issues for the Group and the • governance system implemented; monitoring of the impact of the health crisis (risks, treatment • of customers in difficulty, effectiveness of the liquidity management plan in a crisis situation); review of compliance work; • review of the work performed by the Group’s Inspection • Générale division and presentation of the 2021 audit plan; review of risk management and measurement work, and • particularly the review of Group risk monitoring mechanisms (monitoring of consolidated risks, review of the impact of conditions in Europe on the Group, forward-looking risk management approach, oversight of the Group’s market and credit limits); monitoring of the measures taken in 2019 to ensure the • control of essential outsourced services, including the monitoring of critical or important services and review of the 2020 outsourcing policy; analysis of Group risk measurement and quantification • systems, and review of their performance;

3

181

UNIVERSAL REGISTRATION DOCUMENT 2020 | GROUPE BPCE