BPCE - 2020 Universal Registration Document

6

RISK FACTORS & RISK MANAGEMENT

RISK MANAGEMENT SYSTEM

monitors the application of control standards, • framework document governing the Group’s permanent control system – operational adaptation of the Internal Control Charter – and the control sampling standard, which is based on random, representative samples. To that end, all annual control plans of retail banking institutions are centralized and analyzed each year; assists the business lines in the review of controls and to • ensure their risk coverage is complete. The various permanent control standards are overseen and constantly updated and expanded in the tool; performs consolidated reporting of control results for the • Group Internal Control Committee;

i.e. the

ensures the management of the system and the central • functional administration of the permanent repositories of controls/users/entities. The first mapping exercises and the input of action plans were carried out this year in the modules deployed. Developments increasing the reliability of first-level controls have enabled institutions to improve the quality of their system. The project to automate the annual control plans began in Q4 2020. The project of integrating new subsidiaries into the Group’s permanent control system was also finalized during this year. Other central functions also contribute to the permanent control system, such as the Legal Affairs division and the Group Human Resources division for certain issues affecting the pay policy.

HIGHLIGHTS The management of the Covid-19 crisis required an organization adapted to health restrictions, in particular in points of sale receiving customers. The Group’s local banking control plan was adapted to this exceptional situation to factor in the availability of teams working in the institutions. During the lockdown, permanent controls were prioritized in the high-risk areas defined by the risk business lines concerned, in particular in financial security, internal and external fraud, LCR and collateral. Efforts were also made to complete the first-quarter checks on the compliance of customer regulatory files. New credit risk controls have been defined for controls on state-guaranteed loans.

PERIODIC CONTROL (LEVEL 3) STRUCTURE AND ROLE OF THE GROUP INSPECTION GÉNÉRALE DIVISION Duties In accordance with the duties incumbent on the central institution, and pursuant to the rules of collective solidarity, the Group InspectionGénérale division is responsible for periodically verifying the operation of all Group institutions and providing their executive managers with reasonable assurance of their financial strength. In that role, it ensures the quality, effectiveness, consistency and efficiency of their permanent control system as well as their risk management. The division’s scope of authority covers all risks, all institutions and all activities, including those that are outsourced. Its top priorities are to assess and to report to the executive and decision-making bodies of the entities and the Group as a whole on: the quality of its organizational structure and management; • the consistency, adequacy and operation of risk assessment • and management systems; the reliability and integrity of accounting and management • information; compliance with the laws, regulations and rules applicable to • Groupe BPCE or each company; the effective implementation of recommendations from • previous audits and issued by the regulatory authorities. Reporting to the Chairman of the Management Board, the Group Inspection Générale division performs its duties independently of the Operational and Permanent Control divisions. the quality of its financial position; • the level of risks actually incurred; •

Representation on Group governance bodies and Risk Management Committees In the interest of exercising its duties and contributing effectively to the promotion of an auditing culture, the Head of the Group Inspection Générale division takes part, without voting rights, in the central institution’s key Risk Management Committees. As indicated above, the Head of the Group Inspection Générale division is a member of the Group Internal Control Coordination Committee and has a standing invitation to participate in the Supervisory Board’s Risk Committee and the Audit Committee of BPCE, the Risk Committee and Audit Committee of Natixis, and the Risk Committee and Audit Committee of the Group’s main subsidiaries (BPCE International, Crédit Foncier, Banque Palatine). Scope of authority To fulfill its duties, the Group Inspection Générale division establishes and maintains an inventory of the Group’s auditing scope, which is defined in coordination with the Internal Audit departments of the Group institutions. It makes sure that all institutions, activities and corresponding risks are covered by comprehensive audits, performed at frequencies defined according to the overall risk level of each institution or activity, and at least every four years on average for banking activities. In so doing, it takes into account not only its own audits, but also those conducted by the supervisory authorities and the Internal Audit divisions. The annual audit plan is defined with the Chairman of the BPCE Management Board, and presented to the Group Internal Control Coordination Committee and the Supervisory Board’s Risk Management Committee. It is also transmitted to the national and European supervisors.

616

UNIVERSAL REGISTRATION DOCUMENT 2020 | GROUPE BPCE

www.groupebpce.com