BPCE - 2020 Universal Registration Document

RISK FACTORS & RISK MANAGEMENT

RISK MANAGEMENT SYSTEM

Internal control 6.3.4

The Group control system relies on three levels of controls, in accordance with banking regulations and sound management practices (two levels of permanent controls and one level of periodic control), as well as the establishment of consolidated control processes in accordance with provisions approved by BPCE’s Management Board.

STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM

Supervisory Body

Responsible for the quality of the internal control system

Audit Committee Risk Committee

Executive Body Executive managers

Remuneration Committee

Appointments Committee

Internal Control Coordination Committee (3CI)

Periodic control

Audit-Inspection function

Risk and Compliance Committee or Executive Risk Committee and specific committees for each type of risk

Outsourced activities

Review, ISS, BCP and SPB functions

Risk Management function

Compliance function

Level 2 permanent controls

Non-financial risks (Compliance, Operational Risk BPC, ISS)

Credit risks

Financial risks

Coordination of Permanent Controls

Level 1 permanent controls

Self-checks by the operational departments under managerial or functional supervision

6

PERMANENT CONTROL SYSTEM LEVEL 1: PERMANENT CONTROL BY LINE MANAGEMENT Level 1 permanent control is the first link in internal control and is primarily performed by operational or support departments under the supervision of their line management. These departments are responsible for: implementing formalized, documented and reportable • self-checks; documenting and verifying compliance with transaction • processing procedures, detailing the responsibility of those involved and the types of checks carried out; verifying the compliance of transactions; • implementing recommendations drawn up by Level 2 control • functions on the Level 1 control system; reporting to and alerting Level 2 control functions. • Depending on the situation and activity(ies) in question, Level 1 controls are performed, jointly if applicable, by a special-purpose Middle Office-type control unit or accounting control entity, by the operational staff themselves, or by line managers.

Level 1 controls are formally reported to the relevant Permanent Control divisions or functions.

LEVEL 2: PERMANENT CONTROL BY DEDICATED ENTITIES Level 2 permanent controls, within the meaning of Article 13 of Ministerial Order A-2014-11-03 on internal control, are performed by entities dedicated to this duty as part of the Group’s Risk division and Corporate Secretary’sOffice in charge of Compliance and Permanent Control for Groupe BPCE. Both divisions perform Level 2 supervision of certain processes used to prepare financial information and implement a Group Level 2 permanent risk control system covering matters of governance, risk, organization, the work of the Risk and Compliance functions, and the implementation of standards, norms and charters. In the Corporate Secretary’s Office, the main role of the Permanent Control Coordinationdepartment is to coordinate the Group’s Level 1 and 2 permanent control system. To that end, it: proposes standards and methodological guides for the • exercise of permanent control in Groupe BPCE;

615

UNIVERSAL REGISTRATION DOCUMENT 2020 | GROUPE BPCE