BPCE - 2020 Universal Registration Document

NON-COMPLIANCE AND SECURITY RISKS RISK FACTORS & RISK MANAGEMENT

Financial security 6.11.2

ORGANIZATION Financial security covers anti-money laundering and terrorist financing (AML-TF) measures as well as adherence to international sanctions aimed at individual persons, entities or countries.

BPCE’S INVOLVEMENT IN THE PREVENTION OF MONEY LAUNDERING AND TERRORIST FINANCING GroupeBPCEworks to preventmoney launderingand terrorist

Specialized processes In accordance with regulations, banks have methods for detecting unusual transactions that are specific to their risk classification. These can be used, if needed, to conduct closer analyses and to submit the required reports to Tracfin (French financial intelligence agency) as promptly as possible. The Group’s risk classification system incorporates the “at-risk countries” factor when addressing money laundering, terrorism, tax fraud and bribery. The system was also reinforced with the establishment of a database and automated scenarios specifically targeting terrorist financing. With respect to compliancewith restrictivemeasures related to internationalsanctions,Group institutionsare equippedwith screening tools that generate alerts on customers (asset freezes on certain individuals or entities) and international flows (asset freezes and countriessubject to Europeanand/or US embargoes). Supervision of operations Internal reports on the prevention of money laundering and terrorist financing are submitted to company directors and governing bodies, as well as to the central institution.

financing through: Corporate culture Promoted across all levels of the company, corporate culture is built on: customer relations principles aimed at preventing risks, • which are formalized and regularly communicated to the employees; a harmonized, biannual training program for Group • employees, and specialized training for the Financial Security function. Organizational structure In accordancewith Groupe BPCE’s charters, each institution has its own financial security unit. The Corporate Secretary’s Office has a special department that oversees anti-money laundering and terrorist financing procedures, defines the financial security policy for the entire Group, prepares the various related standards and procedures (and has them validated), and ensures that anti-money laundering and terrorist financing risks are incorporated in BPCE’s new products and services approval procedure. The management of business interruption risk is handled from a cross-business perspective. This includes the analysis of the Group’s main critical business lines, notably liquidity, payment instruments, securities, individual and corporate loans, and fiduciary activities. ORGANIZATION The Group Business Continuity department, which reports to the Group Security division, performs its tasks independently of operational divisions. These include: managing Group business continuity and coordinating the • Group Business Continuity function; coordinating the Group’s crisis management; • managing the implementation of the Group Contingency and • Business Continuity Plans (CBCPs) and keeping them operational; ensuring compliance with regulatory provisions governing • business continuity; participating in Groupe BPCE’s internal and external bodies. • Business continuity 6.11.3

6

The treatment of the situation resulting from the Covid-19 pandemic confirmed the relevance of the crisis management guidelines adopted, both in terms of the measures and the tools deployed; However, the Group remains aware that these provisions cannot be reproduced for all types of crisis and has therefore developed other responses adapted to the various possible contexts. Although fully mobilized by the fight against the effects of the health crisis, the teams continued the usual activities to improve the resilience of the systems: risk analyzes, using a mapping tool (ArcGIS), in order to check • the consistency of the systems with an acceptable level of risk; the validation of a Group BCP management tool (Drive) by • client establishments, future beneficiaries; continued qualification of the criticality of services within the • framework of the framework of contracts in progress; the creation of a working group and the proposal of a cyber • resilience routing sheet to better address the risk of extreme chaos.

691

UNIVERSAL REGISTRATION DOCUMENT 2020 | GROUPE BPCE