BPCE - 2020 Universal Registration Document

RISK FACTORS & RISK MANAGEMENT

RISK MANAGEMENT SYSTEM

RISK GOVERNANCE STRUCTURE

oversight of all recommendations issued by the supervisory • authorities and by the Group’s Inspection Générale division covering Risks, Compliance and Permanent Control; a twofold assessmentof a) Risk Management functions and b) • Compliance functions is conducted every year and presented to the Risk Committee of the Groupe BPCE Supervisory Board. managing the institutions’ risk appetite framework: definition • in line with the Group framework, consolidation and reporting to the bodies; support for new Heads of Risk Management and/or • Compliance via a dedicated program and the annual training plan for Risk and Compliance departments; frequent on-site meetings with the Heads of Risk • Management and/or Compliance and teams of the Banques Populaires, Caisses d’Epargne and subsidiaries; in addition to the Operational Committee meetings attended • by the Risk division, General Meetings held with each of the main BPCE subsidiaries: Natixis, Crédit Foncier, Banque Palatine, BPCE International, the subsidiaries of the Financial Solutions & Expertise division, FIDOR Bank and Oney for a comprehensive review with the Head of Risk Management and/or Compliance; distribution of a newsletter (“Mag R&C”) to the heads of • Group institutions, the heads of the various functions, including Sales, and the employees of the Risk, Compliance and Permanent Control functions as well as all Group employees; For coordination purposes, the Risk Governance department relies on a half-yearly report drawn up by the institutions, aimed at ensuring that the various components of the local systems are properly implemented and operate under satisfactory conditions, particularly with respect to banking regulations and Group charters. The findings of this report improve operational efficiency and optimize best practices throughout Groupe BPCE. Activities specifically focused on the Lagarde report are being monitored in conjunction with the Group’s institutions. There is also a system in place to monitor anomalies observed at Group institutions, aimed at ensuring that business is conducted properly and the rules of ethics are applied.

The Risk Governance department is responsible for managing and coordinating the Risk and Compliance departments within Groupe BPCE. The Risk, Compliance and Permanent Control Charter calls for the Group Risk division and Corporate Secretary’s Office to participate, at their own initiative, in the annual performanceassessment of the Heads of the Permanent Control functions, particularly risk and/or compliance, in consultation with the Chairman of the Management Board or the Chief Executive Officer. The Risk Governance department deploys the entire system on a daily basis and contributes to the overall supervision of Group risks, primarily through: oversight and updates of key Risk and Compliance function • documents such as charters and standards; analysis of the work done by the Executive Committees on • the risks incurred by the Banques Populaires, the Caisses d’Epargne and the subsidiaries; coordination of Risk Management and Compliance function • events through a series of national Risk Management and Compliance Days, including discussions and exchanges on risk- and compliance-relatedissues, presentationson the work done by the functions, training and sharing of best practices in the credit, financial, operational and compliance fields between all Group institutions. Risk Management and Compliance Days also provide opportunities to strengthen group-wide solidarity in the risk management and/or compliance professions in today’s ever-changing regulatory environment. In addition, audio conferences and regional meetings are attended by the Heads of Risk Management and Compliance of the networks and subsidiaries to address current topics and events; a document library dedicated to the Risk, Compliance and • Permanent Control functions; measuring the level of risk and compliance culture in the • Group’s institutions via a dedicated self-assessment; operational efficiency initiatives (headcount benchmark • standards, risk and compliance half-year reports, risk appetite framework, etc.);

6

HIGHLIGHTS Incorporation of the Financial Solutions & Expertisesubsidiaries in the Group risk and compliance coordination system: definition of a risk appetite system dedicated to financial solutions & expertiseactivities; • review and validation of subsidiary risk policies; • deployment and adaption of interim risk and compliancequestionnaires to their activity. • Oney Bank: incorporation in the Group’s risk management systems by establishing a risk appetite framework validated by the governance bodies. Strengthened department coordination during the lockdown: near-daily discussions with all players of the Risk, Compliance and Commitments departments.

611

UNIVERSAL REGISTRATION DOCUMENT 2020 | GROUPE BPCE