BPCE - 2020 Universal Registration Document

6

RISK FACTORS & RISK MANAGEMENT

RISK MANAGEMENT SYSTEM

RISK GOVERNANCE AT GROUP INSTITUTIONS BPCE’s Risk division and the Group CorporateSecretary’sOffice oversee the Group’s Risk Management, Compliance and Permanent Control functions, focusing on the management of credit, financial, operational and non-compliance risks, extended to business continuity, Financial Control and InformationSystem Security functions. They ensure that the risk policies of the affiliates and subsidiaries comply with those of Groupe BPCE. The Risk and/or Compliance departments of subsidiaries not subject to the banking supervision regulatory framework are functionally subordinate to Groupe BPCE’s Risk division and Corporate Secretary’s Office. The strong functional authority is exercised by the Head of Risk Management and by the Corporate Secretary, both members of Groupe BPCE's Executive Management Committee. It enables risk controls to be performed objectively, as each Group entity’s operational functions are independent from its Risk and Compliance functions. It also promotes a risk management and compliance culture and the application of shared risk

management standards, and ensures that managers are given independent, objective and detailed information on the Group’s risk exposures and any possible deterioration in its risk profile. Group institutions are responsible for defining, monitoring and managing their risk levels, as well as producing reports and data for submission to the central institution’s Risk division and Corporate Secretary’s Office. They ensure the quality, reliability and completeness of the data used to control and monitor risks at the company level and on a consolidated basis, in line with Group risk standards and policies. In the course of their work, the Group’s institutions rely on the Group Risk, Compliance and Permanent Control Charter. The charter specifies that each institution’s supervisory body and executivemanagers promote the risk management culture at all levels of their organization. A twofold assessment of a) Risk Management functions and b) Compliance functions is conductedevery six months by the Risk Committee of the Groupe BPCE Supervisory Board.

STANDARD RISK GOVERNANCE STRUCTURE AT A GROUP INSTITUTION

Internal Control Coordination Committee

Executive Risk Committee

Risk Compliance Function

Credit Risks

Financial Risks

Non-Financial Risks Operational Risks Non-Compliance Risks Business Continuity Risks Information System Security Risks

Credit Risk Committee

ALM Committee

Market Risk Committee

Loan or Commitment Committee Provision and Collection Committee Watchlist Committee

Executive Management

Non-Financial Risk Committee

610

UNIVERSAL REGISTRATION DOCUMENT 2020 | GROUPE BPCE

www.groupebpce.com