BPCE - 2020 Universal Registration Document

NON-COMPLIANCE AND SECURITY RISKS RISK FACTORS & RISK MANAGEMENT

6.11.1

Compliance

ORGANIZATION As part of its new structure, the Group Compliance division brings together three main business lines, one cross-functional entity dedicated to the management and coordination of Compliance, and three specialized business lines in dedicated entities. It is organized as follows:

Compliance is organized as follows:

Bancassurance Compliance contributes to the prevention of risks of non-compliance with regulations and professional standards in the scope of banking and non-life insurance activities. As such, it supports the operational sectors in the development and dissemination of standards (including ACPR recommendations and EBA guidelines) and in bringing their processes into compliance with regulatory changes. Bancassurance Compliance also studies the launch of new products and participates in the validation of commercial processes and documents. Lastly, it supports and leads the Compliance department on all these subjects, and contributes to the development of training modules for Group employees. Financial Savings Compliance and Ethics covers the compliance and ethics of financial activities as defined by the General Regulation of the French Financial Markets Authority (AMF), as well as the prevention of risks of non-compliance in legislative and regulatory areas in the life insurance and foresight scope. Within the aforementioned scope, this division is responsible for implementing the applicable regulations and carries out missions related in particular to the approval of products and services, the validation of commercial materials, the training of employees and the prevention of conflicts of interest, while safeguarding the customer’s interests and ensuring compliance with market rules and professional standards in banking and finance, together with internal rules and regulations on ethics. It also includes oversight of investment services and the operating procedures of investment services Compliance Officers (RCSIs). Since the end of 2016, investment services compliance has also included SRAB commitments (Separation and Regulation of Banking Activities) – Volcker office. Lastly, it supports, coordinates and supervises the Group entities’ Compliance function in this area. Financial Security covers activities related to anti-money laundering and counter-terrorism financing (AML/CFT), international financial sanctions, embargoes and asset freezes, and anti-corruption measures. It supports and coordinates the Compliance function on all these topics, updating the reference documentation in compliance with regulatory changes in AML/CFT, national and international financial embargoes, and anti-corruption measures. Steering and Cross-functional Coordination covers the coordination of Compliance functions, and the centralization of relations with regulators, supervisors and the Group General Inspection in compliance matters. Drawing on the expertise of the Compliance divisions in Bancassurance and Off-balance sheet D&S, it manages the mapping of compliance risks by Groupe BPCE institutions.

1. Measurement and supervision of non-compliance risk

2. Product governance and supervision

6

Non-compliance risks are analyzed, measured, monitored and managed in • accordance with the Ministerial Order of November 3, 2014, with the aim of: ensuring a permanent overview of these risks and the associated risk • prevention and mitigation system, including updated identification under the new non-compliance risk-mapping exercise; ensuring that the largest risks, if necessary, are subject to controls and action • plans aimed at supervising them more effectively. Groupe BPCE manages non-compliance risk by mapping out its non-compliance • risks and implementing mandatory Level 1 and 2 compliance controls common to all Group retail banking institutions. The impact of non-compliance risk was calibrated and measured with the • Group’s operational risk teams, using the methodology of operational risk tool OSIRISK, covering the risk management systems established by the institutions aimed at reducing gross risk levels.

All new products and services, regardless of their distribution channels, as well • as sales materials that fall within the Compliance function’s remit, are reviewed by Compliance beforehand. The purpose of this review is to ensure that applicable regulatory requirements are met and that targeted customers – and the public at large – receive clear and fair information. Product supervision is carefully conducted over the entire product life cycle. Compliance also coordinates the approval of national sales challenges, ensures • that conflicts of interest are managed properly and guarantees that customer interests always come first. Compliance is careful to ensure that sales procedures, processes and policies • guarantee that the rules of compliance and ethics are observed at all times for all customer segments, and in particular that the advice given to customers is appropriate to their needs.

In 2020, the Group Compliance division continued the program been provided or regulatory records are not complete. Actions established to strengthen the completeness and compliance of have also been taken to support Group institutions in correcting regulatory Know Your Customer files. The aim of the program, incomplete files (targeting customers, communication kits, in conjunctionwith the IS platforms, is to prevent accounts from reports). Lastly, efforts are under way to roll out a regulatory being opened if a customer’s tax self-certification form has not KYC update system.

689

UNIVERSAL REGISTRATION DOCUMENT 2020 | GROUPE BPCE