BPCE_PILLAR_III_2017

2017 RISK REPORT PILLAR III

Contents Communication policy and structure of the Pillar III report

3

8 MARKET RISKS Market risk policy 8.1

155

1 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM

156 157 159 161 164

Market risk management 8.2

5

Market risk measurement methods 8.3

Participants in the control system 1.1

6 7

Quantitative disclosures 8.4

Permanent and periodic control departments 1.2 Structure of Groupe BPCE’s internal control 1.3 system

Detailed quantitative disclosures 8.5

8

9 LIQUIDITY, INTEREST RATE AND FOREIGN EXCHANGE RISKS

2 SUMMARY OF RISKS Types of risk

169

13

Governance and structure 9.1

170 171 173 176 177 178

14 15 17 18 20

Liquidity risk management policy 9.2

Key figures 2.1

Quantitative disclosures 9.3

Regulatory changes 2.2

Management of structural interest rate risk 9.4 Managing structural foreign exchange risk 9.5 Detailed quantitative disclosures on liquidity risk 9.6

Main risks and emerging risks 2.3

Risks factors 2.4

3 CAPITAL MANAGEMENT AND CAPITAL ADEQUACY

10 LEGAL RISKS

181

29

Legal and arbitration proceedings – BPCE 10.1 Legal and arbitration proceedings – Natixis 10.2

182 183 186

Regulatory framework 3.1 Scope of application 3.2

30 32 34 37 39 43

Dependency 10.3

Composition of regulatory capital 3.3 Regulatory capital requirements and 3.4 risk-weighted assets Management of capital adequacy 3.5 Detailed quantitative disclosures 3.6

11 NON-COMPLIANCE RISKS,

SECURITY AND OPERATIONAL RISKS

187

Banking compliance and customer protection 11.1

189 190

4 GOVERNANCE AND RISK MANAGEMENT SYSTEM

Investment services compliance 11.2

61

French Banking Separation and Regulation Act 11.3 (SRAB)

191 192 194 195 197 201 203

Governance of risk management 4.1

62 68 71

Financial security 11.4 Business continuity 11.5 IT System Security (ISS) 11.6

Groupe BPCE’s risk management system 4.2

Recovery Plan 4.3

Operational risks 11.7 Insurance risks 11.8

5 CREDIT RISK

73

Technical insurance risks 11.9

Organization of credit risk management 5.1 Internal ratings and risk measurements 5.2 Credit risk mitigation techniques 5.3

74 81 88 90 94

12 CLIMATE RISKS

207

Quantitative disclosures 5.4

Detailed quantitative disclosures 5.5

13 REMUNERATION POLICY

209

6 COUNTERPARTY RISK Counterparty risk management 6.1

129

14 APPENDICES

211

130 132 134

Quantitative disclosures 6.2

Index to tables in Pillar III report 14.1

212 214 215 216

Detailed quantitative disclosures 6.3

Cross-reference Table for the Pillar III report 14.2

EDTF cross-reference table 14.3

7 SECURITIZATION TRANSACTIONS 143 Regulatory framework and accounting methods 7.1 144 Management of securitization at Groupe BPCE 7.2 146 Quantitative disclosures 7.3 147 Detailed quantitative disclosures 7.4 150

Glossary 14.4

Risk Report Pillar III 2017

The purpose of Pillar III is to establishmarket discipline through a series of reporting requirements.These requirements– both qualitativeand quantitative – are intended to improve financial transparency in the assessment of risk exposure, risk assessment procedures and capital adequacy. Pillar III therefore enhancesminimumcapital requirements (Pillar I) and theprudentialsupervision process(Pillar II).

1

Risk Report Pillar III 2017

2

Risk Report Pillar III 2017

Communication policy and structure of the Pillar III report

This report provides informationon Groupe BPCE’s risks and thus complies with regulationNo.

575/2013 on prudentialrequirementsfor credit

institutions and investment firms (Capital Requirements Regulation –

CRR) and directive No. 2013/36 on access to the activity of credit

institutionsand the prudential supervision of credit institutions and investmentfirms (Capital Requirements Directive IV – CRD IV).

Improvement of transparency In order to improve the transparency of information published each year in its Pillar III report and meet the needs of investors and analysts, Groupe BPCE is fully committed to the Financial Stability Board initiatives aimed at improving financial disclosures (Enhanced Disclosure Task Force – EDTF). A cross-referenceTable between EDTF recommendationsand publishedinformationis presentedpage 215. In January 2015, the Basel Committee published phase one of the overhaul of Pillar III disclosures on credit, counterparty and market risks, and securitization transactions. In December 2016, the European Banking Authority in turn published its recommendations,

adapting the proposals of the Basel Committee to the prudential requirementsin Part Eight of the CRR, “Disclosureby institutions”.In March 2017, the Basel Committee completed the review of Pillar III disclosures, consolidating current and future requirements. The regulators aim to fully standardize disclosures to investors in the interest of facilitatingthe comparisonof risk profiles, by introducing detailed tables, the majority of which will follow mandatory

templates.

Groupe BPCE draws on the EBA’s guidelinesfor the publicationof its Pillar III report.

Governance

The policy governingthe publicationof Pillar III information,drawingon recommendationsby the EuropeanBankingAuthority,was approvedby the Supervisory Board onDecember 14, 2016.

Structure of the Pillar III report

The PillarIII report is divided into 14 sections: section 1 explains the overall structure of Groupe BPCE’s internal ● control system; section 2 presents key figures, the regulatory environment, main ● risks, emergingrisks and risk factors; section3 covers capital management and capital adequacy; ●

section 4 describes Groupe BPCE’s governance and risk ● managementframework; subsequentsections provide detailed disclosures on Groupe BPCE’s ● main risks. Each section describes risk management and organizational principles, provides an overview of key disclosures and sets out detailed quantitative information in a separate sub-section.

3

Risk Report Pillar III 2017

4

Risk Report Pillar III 2017

GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM

1

PARTICIPANTS IN THE CONTROL SYSTEM 1.1 6 Permanent Control by line management (Level 1) 6 Permanent Control by dedicated entities (Level 2) 6 Periodic control (Level 3) 6

STRUCTURE OF GROUPE BPCE’S 1.3 INTERNAL CONTROL SYSTEM

8

Internal Control Coordination Committee

9

Group Risk Management Committee: Umbrella Committee

9 9

Committees specific to each department

PERMANENT AND PERIODIC CONTROL 1.2 DEPARTMENTS

Periodic Control

10

7

5

Risk Report Pillar III 2017

1 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Participants in the control system

The Group control system relies on three levels of controls,in accordancewith banking regulationsand sound managementpractices:two levels of permanent controls and one level of periodic control, as well as the establishment of consolidated control processes in accordance with provisionsapproved byBPCE’sManagement Board.

Participants in the control system 1.1

Permanent Control by linemanagement (Level 1) Level 1 permanent control is the first link in internal control and is primarily performedby operationalor support departmentsunder the

implementing recommendations drawn up by Level ● functions onthe Level1 controlsystem; reporting to and alerting Level 2 control functions. ● Dependingon the situationsand activities,these Level 1 controls are performed, jointly if applicable, by a special-purpose Middle Office-type control unit or accounting control entity, by the operationalstaff themselves, or by line managers. Level 1 controls are formally reported to the relevant Permanent Control divisions or functions. 2 control

supervision of their linemanagement. These departmentsare responsible for:

implementingformalized,documented and reportable self-checks; ● documentingand verifying compliancewith transactionprocessing ● procedures, detailing the responsibility of those involved and the types of checkscarried out; verifying the compliance of transactions; ●

Permanent Control by dedicated entities(Level 2)

Level 2 permanent controls, within the meaning of Article 13 of MinisterialOrder A-2014-11-03on internalcontrol,are performedby entities dedicated exclusively to this duty within the Group’s Risk, Compliance and Permanent Control division.

Other central functions also contribute to the permanent control system: the Legal Affairs division,the Operationsdivision in charge of informationsystem security and the Group Human Resourcesdivision for certainissues affectingthe pay policy.

Periodic control(Level 3)

Periodiccontrol,within the meaningof Article 17 of MinisterialOrder A-2014-11-03 on internal control, is performed by the Group’s

InspectionGénérale division and implementedby the audit function across all entities and activities, including permanent control.

6

Risk Report Pillar III 2017

1 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Permanent and periodic control departments

Permanent and periodic control 1.2 departments

Integratedpermanentand periodiccontroldepartmentshave been set up throughout Groupe BPCE. Two Permanent and Periodic Control divisions are established within the central institution, under its authority:the Group Risk, Complianceand PermanentControldivision for permanentcontrolsand the Group InspectionGénérale divisionfor periodic controls. The permanent and periodic control functions, which are located at affiliates and subsidiaries subject to banking supervision, have a strong functional link, as consolidated control departments,to BPCE’s correspondingCentral Control divisions and a hierarchical link to their entity’s executive body. This link includes approval of the appointment and dismissal of managers responsible for permanentor periodic control at affiliates and direct subsidiaries; reporting,disclosureand alert obligations;standardsimplementedby the central institutionand laid down in a body of standards;and the definitionor approvalof control plans. These links have been formally defined incharterscovering each department.

The entire system was approved by the Management Board on December 7, 2009 and presented to the Audit Committee on December 16, 2009. It was also presentedto the SupervisoryBoard of BPCE. The Risk Charter was reviewed at the beginning of 2017 and the body of standards now consists of three Group charters covering all activities: the Group’s Internal Control Charter: an umbrella charter based on ● the followingtwo separate charters: the Internal Audit Charter, - and the Risk, Compliance and Permanent Control Charter. - As mentionedabove, the system also includes the IT System Security departmentand, to a certain extent, the Human Resourcesand Legal Affairs departments.

7

Risk Report Pillar III 2017

1 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Structure of Groupe BPCE’s internal control system

Structure of Groupe BPCE’s internal 1.3 control system

ORGANIZATION OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM ➡

Supervisory Body

Responsible for the quality of the Internal Control system

Audit Committee

Risk Committee

Executive Body Executive managers

Remuneration Committee

Appointments Committee

Internal Control Coordination Committee (3CI)

Periodic control

Audit-Inspection function

Risk and Compliance Committee or Executive Risk Committee and specific committees for each type of risk

Outsourced activities

Review, ISS, BCP and SPB functions

Risk Management function

Compliance function

Level 2 permanent controls

Non-financial risks (Compliance, Operational Risk BCP, ISS)

Credit risk

Financial risks

Coordination of Permanent Controls

1 Level permanent controls

Self-checks by the operational departments under hierarchical or functional supervision

8

Risk Report Pillar III 2017

1 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Structure of Groupe BPCE’s internal control system

Internal Control Coordination Committee The President of the central institution’s Management Board is responsible for ensuring the consistency and effectiveness of the internal control system. A Group Internal Control CoordinationCommittee(CCCIG),chaired by the President of the ManagementBoard or his representative,meets periodically. This committee is responsible for dealing with all issues relating to the consistency and effectiveness of the Group internal control system,as well as the results of risk managementand internalcontrol work and follow-up work. The committee’s main responsibilitiesinclude: validating the Group’s Internal Control Charter, the Risk, ● Compliance and Permanent Control Charter and the Group Audit Charter; reviewing dashboards and reports on group control results, and ● presenting permanent control coordination initiatives and results; validating action plans to be implemented in order to achieve a ● consistent and efficient group permanent control system, and assessing progress made on corrective measures adopted subsequent to recommendations issued by the Group Inspection Its scope covers the entire Group (centralinstitution,networksand all subsidiaries). It sets the broad risk policy, decides on the global ceilings and limits for Groupe BPCE and for each institution,validates the authorization limits of other committees, examines the principal risk areas for Groupe BPCE and for each institution, reviews consolidated risk reports and approves risk action plans for the measurement, supervision and management of risk, as well as Groupe BPCE’s principalrisk standardsand procedures.It monitorslimits (Ministerial Order of November 3, 2014 on internal control, Article 226), particularly when overall limits are likely to be reached (Ministerial Order of November3, 2014 oninternal control,Article 229). Overall risk limits are reviewed at least once a year and presented to the Group Risk Management Committee (Ministerial Order of

Générale division, the national or European supervisoryauthorities, and the permanentcontrol functions; reviewing the Group’s internal control system, identifying any ● shortcomings, and suggesting appropriate solutions to further secure the institutionsand the Group; reviewingthe allocation of resources with respect to risks incurred; ● presenting the resultsof institution controls or benchmarks; ● deciding on any cross-business initiatives or measures aimed at ● strengthening the Group’s internal control system; ensuring consistency between measures taken to strengthen ● permanentcontrol and risk areas identifiedduring the consolidated macro-level risk mapping exercise. This committee’s members include the member of the Executive Management Committee in charge of Risk, Compliance and Permanent Control and the Group Head of Internal Audit, who is a memberof the Group’s ExecutiveCommittee.The ManagementBoard member in charge of retail banking and Insurance is a standing member. If applicable, this committee may hear reports from operational managers about measures they have taken to apply recommendationsmade byinternal and external control bodies. November 3, 2014 on internal control, Article 224). The Umbrella Committee provides the Risk Management Committee of the Supervisory Board with proposed criteria and thresholds for the identification of incidents to be brought to the attention of the supervisorybody (MinisterialOrder of November 3, 2014 on internal control, Articles 98 and 244). It notifies the Group Risk Management Committeetwice ayear of the conditions under which the established limits were observed (Ministerial Order of November 3, 2014 on internal control,Article 252). At the same time, several committees are responsible either for defining shared methodology standards for measuring, managing, reporting and consolidating all risks throughout the Group, or for making decisions about risk projects with an IT component.

GroupRisk Management Committee: Umbrella Committee

Committees specific to each department

CREDIT RISK/COMMITMENT COMMITTEES Several kinds of committeeshave been establishedto manage credit risk for the full Group scope, meeting at varying frequencies depending on their roles (ex-post or decision-makinganalysis) and their scope of authority.

FINANCIAL RISK COMMITTEES The Group has also established decision-making and supervisory committees for both market and ALM risk. The frequency of their meetings istailored to institutional and Group needs.

9

Risk Report Pillar III 2017

1 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Structure of Groupe BPCE’s internal control system

NON-FINANCIAL RISK COMMITTEE

non-complianceand operationalrisks and the associatedaction plans at Group level, and to perform consolidated supervision of losses, incidents and alerts, including reports made to the ACPR under Article 98 of Ministerial Order A-2014-11-03 in respect of

This committeemeets quarterlyand includesthe variousGroupeBPCE business lines affected by non-compliance and operational risks, while incorporating IT System Security, Business Continuity and Accounting Review issues. Its purpose is to validate the map of

non-financialrisks.

Periodic Control

Scope of activity To fulfill its role, the Group’s InspectionGénérale division establishes and maintains an up-to-date Group audit scope inventory, which is defined in coordinationwith the Internal Audit teams of the Group’s institutions. It ensures that all institutions,activities and related risks are covered by full audits, performed at a frequency defined according to the overall risk level of each institution or activity, and in no event less than once everyfour years for banking activities. In this regard, the Group’s Inspection Générale division takes into account not only its own audits, but also those performed by the supervisory authorities and the Internal Audit divisions. The annual audit programfor the Group’s InspectionGénérale division is approved by the President of the Management Board. It is also examinedby the Group Risk ManagementCommittee.This Committee ensures that the audit program provides satisfactorycoverage of the Group’s audit scope over several years and may recommend any measures to this effect. It reports on its work to the Supervisory Board of BPCE. Reporting The assignments completed by the Group’s Inspection Générale division result in the formulation of recommendationsprioritized by order of importance.These are monitoredon a regular basis, at least every six months. The InspectionGénérale division reports its findings to the company directors of the audited entities and to their supervisorybody. It also reports to the Presidentof the ManagementBoard of BPCE, to BPCE’s Group Risk ManagementCommitteeand to the SupervisoryBoard of BPCE. It provides these bodies with reports on the implementationof its main recommendationsand those of the ACPR. It ensures that remedial measures decided as part of the internal control system, in accordance with Article 26 of the Ministerial Order of November 3, 2014 on internalcontrol,are executedwithin a reasonabletimeframe, and may refer matters to the Risk Management Committee of the Supervisory Board if suchmeasuresare not executed. It coordinates the timetable for drafting regulatory reports. Relationship with the Central Institution’s Permanent Control divisions The Group’s Head of Internal Audit maintains regular discussions within the central institution and exchanges information with unit heads within their audit scope and, more specifically, with divisions responsible for Level 2 control.

STRUCTURE AND ROLE OF THE GROUP’S INSPECTION GÉNÉRALE DIVISION

Duties In accordance with the central institution’s responsibilities and because of collective solidarity rules, the Group’s InspectionGénérale division has the task of periodically checking that all Group institutions are operating correctly and providing company directors with reasonable assurance as to their financialstrength. In this capacity, it ensures the quality, effectiveness,consistencyand proper operation of their permanent control framework and the management of their risks. The scope of the Group’s Inspection Générale division covers all risks, institutionsand activities,including those thatare outsourced. Its main objectives are to evaluate and report to the executive and governing bodies of Groupe BPCE and entities on: the quality of the financial position; ● the actual levelof risk incurred; ● the quality of organization and management; ● the consistency, suitability and effectiveness of risk measurement ● and managementsystems; the reliability and integrity of accounting and management ● information; compliance with laws, regulations and rules applicable to Groupe ● BPCE or each company; the effective implementationof recommendationsmade following ● previous audits and by regulators. The Group’s InspectionGénérale division reports to the President of the ManagementBoard and performs its work independentlyof the Operational and Permanent Control divisions. Representation in governance bodies and Group Risk Management Committees To fulfill its role and effectivelycontributeto promotinga risk control culture, the Group’s Head of Internal Audit participates as a Non-Voting Director on the central institution’s key committees involved inrisk management. The Head of Internal Audit is a member of the Group Internal Control Coordination Committee and is a standing member of BPCE’s Audit and Risk Committees,and the Audit and Risk Committeesof Natixis and Groupe BPCE’s main subsidiaries (BPCE International, Crédit Foncier and Banque Palatine).

10

Risk Report Pillar III 2017

1 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Structure of Groupe BPCE’s internal control system

The division heads must expedientlynotify the Head of Internal Audit of any failure or major incident brought to their attention. The Head of Internal Audit, along with the Heads of the Group’s Risk division and of the Complianceand PermanentControl division, must quickly inform each other of any audit or disciplinaryprocedure initiated by the supervisory authorities, or more generally of any external audit broughtto their attention. Activities in 2017 As part of the full cycle of investigationsit conductsover an average of four years, and drawing on risk assessmentsthat it keeps regularly updated for each institution,the Group’s InspectionGénérale division completed its audit plan mostly as scheduled, making a few adjustmentsrelated to ongoingentity restructuringinitiativesinitially providedfor in the plan, and to regulatorypriorities.It also conducted a half-yearly follow-up on the implementation of its own recommendations as well as those of the Autorité de contrôle prudentiel et de résolution (ACPR) and the Single Supervisory Mechanism (SSM). Pursuant to Article 26 of Ministerial Order A-2014-11-03 on internal control, the Group Inspection Générale division’s alert mechanism is used to inform the Risk Management Committee of significant delays in the implementation of these recommendations. Structure of the Audit department Groupe BPCE’s Inspection Générale division oversees all audit processes. Its operatingprocedures– aimed at achievingconsolidated supervision and optimal use of resources – are set out in a charter approved by BPCE’s Management Board on December 7, 2009. This charter wasupdatedin June 2016. The aim of this structure is to ensure coverage of all Group operationalor support units within the shortest possible timeframe, and to achieve effective coordination with each entity’s Internal Audit division. The Internal Audit divisions of affiliates and directly-owned subsidiaries have a strong functional link to the Group’s Inspection Générale division and a hierarchical link to their entity’s executive body. This strong functional link is established throughthe followingrules: the appointment or dismissal of Internal Audit directors of the ● affiliatesor direct subsidiariesis subjectto the prior approvalof the Group Head of Internal Audit; the existenceof a single Group Audit Chartercoveringall of Groupe ● BPCE. It sets out the purpose, powers, responsibilitiesand general organization of the Internal Audit process in the overall internal control system and is applied to all Group companiesmonitoredon a consolidated basis. The charter is broken down into thematic standards (audit resources, audit of the sales network, audits, follow-up of recommendations, etc.); the Group’s InspectionGénérale division ensures that the Internal ● Audit divisions of Group entities have the necessary resources to perform their duties; the budget and staff levels of these divisions are set by the executive body of the affiliates and subsidiaries, in conjunction with the Group’s InspectionGénérale division; AUDIT DEPARTMENT

the Internal Audit divisions use audit methods defined by the ● Group’s Inspection Générale division that are drawn up in consultation with them; the multi-year and annual audit programs of the Internal Audit ● divisions are established with the approval of the Group’s InspectionGénérale division,which then consolidatesthe programs. The Group’s InspectionGénérale division is kept regularly informed of their implementationand of anychanges inscope; the entities trans, it their Internal Audit reports to the Group’s ● InspectionGénérale divisionas and when they are issued; audit reports from regulatoryauthoritiesrelatingto entities,related ● follow-up letters and answers to those letters, and sanction procedures are transmitted to the Group’s Inspection Générale division when they are received or issued, if sent directly to the institution; the Group’s Inspection Générale division is notified as soon as ● possible of the start of audits performed by regulators on entities and subsidiaries,as well as anyproceedings againstthem; the annual reports of the entities preparedpursuantto Articles ● to 264 of Ministerial Order A-2014-11-03on internal control are sent to the Group’s Inspection Générale division, which forwards them to the supervisory authorities. This type of structure is duplicated at parent company subsidiaries and affiliates. The rules governing how the internal inspection business line is managed between Natixis and the central institution are part of Groupe BPCE’saudit process. Given the scope and nature of the audit function’s activities, the Group’s InspectionGénérale division and Natixis’ InspectionGénérale share coverage of the audit scope. They each conduct audits. A CoordinationCommitteemeets regularlyand involvesboth Inspection Générale divisions. It is responsible for all issues related to the operation of Internal Audit between the central institution and Natixis group. Activities in 2017 BPCE’s Inspection Générale division keeps audit standards and methodology regularlyupdated basedon best practices. The preparation and updating of audit guides were continued to maintain a current body of uniform guidelines covering the most commonly audited areas. In 2017, the division focused on methodologyin updating guides on financial security and KYC, ALM and accounting.A workinggroup was also formed to update the sales network audit guide. Another audit guide was drawn up for the Procurement function. Supplemented by appendices and supporting documentation, these audit guides are primarily accessible via the Group’s audit function’s intranet and/or the Group Inspection Générale ’s shared server. Priority audit items were also defined in terms of credit risk, compliance risk (AML-TF, Fraud, controls of investment services), financial risk (ALM, Cash management,Trading floor), accounting, finance control, the cooperative shareholder base and risk-takers. 258

11

Risk Report Pillar III 2017

1 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Structure of Groupe BPCE’s internal control system

The Group’s Inspection Générale division and Natixis’ Inspection Générale maintained their close coordination, in terms of harmonizing ratings, assessing recommendation follow-up, and synchronizing respective annual macro-timetables for a common scope of auditableunits. They use a shared risk assessment approach, prepareaudit plans togetherand take a commonapproachto fields of investigation/auditstandards.In 2017, joint methodologyprojects led

to the preparationof shared audit guides on market risks, insurance,

structured financingand asset management.

Finally,the featuresof the recommendationfollow-uptool, which has been shared by all Group entities since the end of 2014, are continuouslybeing expanded for the benefit of auditors and audited alike.

12

Risk Report Pillar III 2017

2 SUMMARY OF RISKS

TYPES OF RISK

14

RISKS FACTORS 2.4

20

Risks relating to macroeconomic conditions, the financial crisis and stricter regulatory requirements Risks relating to Groupe BPCE’s 2018-2020 Strategic Plan Risks related to the structure of Groupe BPCE Risks relating to Groupe BPCE’s activities and the banking sector

20

KEY FIGURES 2.1

15

22 22

REGULATORY CHANGES 2.2

17

22

MAIN RISKS AND EMERGING RISKS 2.3

18

Main risks

18 18

Emerging risks

13

Risk Report Pillar III 2017

2 SUMMARY OF RISKS Types of risk

Types of risk

Given the diversity and developmentsin Groupe BPCE’s activities,risk managementis centered onthe followingmain categories: credit and counterparty risk (including country risk): risk of loss ● resulting from the inability of the Group’s customers, issuers or other counterparties to meet their financial commitments. Credit risk includes counterparty risk related to market transactions (replacementrisk) and securitizationactivities.Moreover,credit risk may be exacerbated by concentration risk, resulting from high exposureto a given risk, to one or more counterparties,or to one or more groups of similarcounterparties. Country risk arises when an exposure is liable to be adversely affected by changes in the political, economic,social and financial conditions of thecountryof exposure; market risks: risk of loss in value of financial instrumentsresulting ● from changes in market parameters, from the volatility of these parameters or from the correlations between these parameters. These parameters are exchange rates, interest rates and prices of securities (equities, bonds), commodities, derivatives or any other assets, suchas real estate assets; liquidityrisk: risk that the Group cannotmeet its cash requirements ● or collateral requirementswhen they fall due and at a reasonable cost; structural interest rate and foreign exchange risks: risk of loss in ● interest income or in the value of a fixed-ratestructuralpositionin the event of changes in interest rates and exchange rates. Structural interest rate and foreign exchange risks are associated with commercial activities and proprietarytransactions;

legal risks: risk of legal, administrativeor disciplinary sanction or ● material financial loss arising from a failure to comply with the provisionsgoverning theGroup’sactivity; non-compliancerisk: risk of a legal, administrativeor disciplinary ● penalty, material financial loss or reputational risk arising from a failure to comply with the provisions specific to banking and financial activities ( whether these are stipulated by directly applicable national or European laws or regulations), with professionalor ethical standards,or instructionsfrom the executive body, notably issued in accordance with the policies of the supervisory body; operational risk: risk of loss resulting from inadequacies or ● malfunctions attributable to procedures, employees and internal systems, or external events, includingevents with a low probability of occurrence, but with a risk of high loss; risk related to insurance activities: the Group is also exposed to a ● series of risks inherent to this business through its insurance subsidiaries or equity interests. In addition to asset-liability risk management (interest rate, valuation, counterparty and foreign exchange risks), these risks include pricing risk in respect of mortality risk premiums and structural risks related to life and non-life insurance activities, including pandemics, accidents and disasters (earthquakes, hurricanes, industrial accidents, terrorist acts or military conflicts); climate risk: the vulnerability of banking activities to climate ● change, where a distinction can be made between physical risk directly relating to climate change and transition risk associated with effortsto combat climate change.

14

Risk Report Pillar III 2017

SUMMARY OF RISKS Key figures

2

Key figures 2.1

PHASED-IN CAPITAL RATIOS ➡

FULLY-LOADED (1) CAPITAL RATIOS ➡

18.5% 19.2%

18.5% 19.2%

0.3 3.5 16.8%

0.4 3.4 16.7%

0.1 3.8

0.1 3.7

4.0

0.4 3.9

0.4

15.4

15.3

14.2

14.1

12.9

13.0

12/31/2015 12/31/2016 12/31/2017

12/31/2015 12/31/2016 12/31/2017

T2 contribution

CET1 ratio

AT1 contribution

PHASED-IN REGULATORY CAPITAL (IN €BN) ➡

FULLY-LOADED (1) REGULATORY CAPITAL (IN €BN) ➡

74.3

74.0

72.5

72.3

65.3

65.8

0.6 14.4

1.3 15.7

0.4 14.6

1.6 15.4

13.2 1.6

13.6 1.3

22.5

19.8

19.8

21.0

22.5

21.0

CET1 59.3

CET1 55.5

CET1 59.0

CET1 55.3

CET1 50.5

CET1 50.9

36.8

31.2

34.5

34.4

36.5

30.7

12/31/2015

12/31/2016

12/31/2017

12/31/2015

12/31/2016

12/31/2017

Tier 2 Capital

Cooperative shares

Reserves

Additional Tier 1 capital

CRR/CRD IV without transitional measures; additional Tier-1 capital takes account of subordinated debt issues that have become ineligible and capped at the phase-out rate in force. (1)

15

Risk Report Pillar III 2017

2 SUMMARY OF RISKS Key figures

CAPITAL REQUIREMENT / SREP 2017 (AS A%) ➡

19.20%

Total surplus of 707bps

3.80% 0.10%

Tier 2

Tier-2 surplus of 178bps

Additional Tier 1

12.13%

CET1 surplus of 529bps

1.88% 0.75% 1.50% 1.38% 0.12% 2.00%

Tier 2

Additional Tier 1

15.30%

CET 1

10.01%

Phased-In 2018 G-SIB buffer Phased-In 2018 capital conservation buffer Pillar 1 Pillar 2 Requirement

CET 1

8.63%

4.50%

Phased-in ratio as at 12/31/2017

Requirement at Jan. 1, 2018 following 2017 SREP

BREAKDOWN OF RISK-WEIGHTED ASSETS PER TYPE OR ➡ RISK (1)

BREAKDOWN OF RISK-WEIGHTED ASSETS PER BUSINESS ➡ LINES

Other 10%

Market risk 3% Operational risk 10%

Retail Banking & Insurance 72%

CVA n.s

Corporate & Investment Banking 15%

Credit risk (1) 87%

€386 bn 12/31/2017

Asset & Wealth Management 3%

€386 bn 12/31/2017

ADDITIONAL INDICATORS ➡

12/31/2017

12/31/2016

Cost ofrisk (in basis points)

20

22

Non-performing/gross outstanding loans Impairment recognized/non-performing loans

3.3%

3.4%

51.4%

52.4%

Groupe BPCE’s consolidated VaR (in millionsof euros)

5.3

9.7

Leverage ratio

5.1%

5.0%

LCR

> 110%

> 110%

Liquidityreserves (in billions of euros)

214

230

Including settlement/delivery risk. (1)

16

Risk Report Pillar III 2017

SUMMARY OF RISKS Regulatory changes

2

Regulatory changes 2.2

Prudentialrequirementsprovide for major regulatorychanges both at international and European level, on which the Group is already focusing attention. Internationally,in the second half of 2017, the Basel Committee on Banking Supervision (BCBS) publishedthe “Finalizationof Basel III” on the revision of credit risk measurement methods, CVA risk, and operational risk, thereby finalizing the Basel III cycle on capital requirements.The package includes a floor for risk-weightedassets, including on the output of internal models, set at 72.5% of RWAs calculated using the Basel III standardized approach. Moreover, the Basel package also includes a gradual introduction of this floor between 2022and 2027. This point will be confirmed by theEuropean legislator for enactment purposes. A period of implementation is beginning for banks and a period of monitoring for the regulatory authorities, and the European Commission has stated that it will launch a consultationand an impact analysisbefore the transposition phase. The Basel Committee has also confirmed the schedule for FRTB recalibration(consultationset for Q1 2018) and has pushed back the implementation date to 2022, in line with transposition work in Europe. The Standardized Approach for Measuring Counterparty Credit Risk (SA-CCR), as applied to derivatives,and the treatment of derivativesfor the leverageratio and for the Net Stable FundingRatio (NSFR) are being re-examined.No clear schedulehas been established for the time being, but this work will probably be completed before the Basel III phase-in period. Finally, on December 7, 2017, the Basel Committee published a discussion paper on sovereign risk, while stressing that the working group had failed to reach a consensus.As we understandit, the matterwill not be taken up again at least in the short term. From an implementationstandpointin Europe, the first half of 2017 saw the finalization of the legislative process relating to the securitizationregulation and the review of the section of regulation 2013/575 (CRR) on securitization exposures (transposition of 2015 text “BCBS 303”). The upcoming effective date is January 2019, and implementationwork isalready under way. Work relating to the RRM (risk reduction measures) package was launched on November 23, 2016 when the European Commission’s proposal was remitted to the Council of Europe and the European Parliament. This work involves several regulation and directives

counterparty risk: incorporation of the revised counterparty risk ● framework in the standardized approach (BCBS 279 – 2014) modifying the measurement of derivative exposures; market risks: implementation of the fundamental review of the ● trading book (BCBS 352 – 2016), which addresses both the definition of the trading/banking book boundary and the measurement of market risk; leverage ratio:introductionof a binding leverage ratio requirement; ● net stable fundingratio: recalibrationand introductionof a binding ● ratio; interest rate risk in the banking book: transpositionof the revised ● Basel framework(BCBS 368 –2016); MREL (Minimum Requirement for own funds and Eligible ● Liabilities): methodologyupdate; TLAC: introductionof a TLAC requirementapplicableto G-SIBs and ● setting a minimum level of own funds and eligible liabilities (bail-in) capable of covering losses in the event of resolution (transposition of the2015 FSB text). By late June 2017, a compromise had already been reached on two acceleratedprocedures:the review of the insolvencyhierarchy in the bank resolution scheme, and incorporationof the IFRS 9 accounting reform in the capital ratio. 2017 also saw increasingly heated discussions on the proportionalityprinciple and the powers held by financial sector supervisors (ECB) and technical authorities (EBA, ESMA, etc.). The EuropeanCouncil and Parliamentmade considerableheadway on these matters in 2017. Under the Estonian Presidency, three new consolidatedregulatory packages made the rounds, with agreements reached on several key issues. In the first half of 2018, the Bulgarian Presidency is expected to wind up the Council’s work on bank resolution issues in particular. Parliament’s schedule is also much clearer, with the publication of draft reports by G. Hökmark and P. Simon. Trilogue negotiations are scheduled for second-half 2018 on regulatory proposals before the European Commission, Council and Parliament. The resulting final regulations could therefore be publishedin January 2019, meaningthe newmeasureswould become effectivein January2021 at theearliest. The next step will be to develop implementingtexts for supervisors and technical authorities. This in turn will set the stage for implementation by banking and financial institutions, from both a technical standpoint in order to comply with the new regulatory requirements,and from a strategicstandpointto adapt their products and services accordingly.

(CRR II/CRD V/BRRD II/SRMRII) and addresses: capital: updateto definitionand issuecategories; ●

credit risk: reviews of the accounting treatment of investments in ● funds (transposition of 2013 text “BCBS 266”), treatment of exposureswith clearing houses (BCBS 282 – 2014) and supervision of major risks (BCBS 283 – 2014);

17

Risk Report Pillar III 2017

2 SUMMARY OF RISKS

Main risks and emerging risks

Main risks and emerging risks 2.3

Main risks Credit and counterpartyrisk: Groupe BPCE’s credit and counterparty risk monitoringsystem is regularly reviewed to continuouslyadapt to changes inportfolioquality. The key components of this system include risk appetite, individual, sector and country limits, regulatoryand internalceilings,at both the Group and institution level. Strict risk diversification is applied to maintain alow risk profile. Three new indicatorson concentrationsby risk calss were introduced to the Group’s risk appetite framework in 2017: a maximum percentageof “at-risk”outstandingsin the professionaland corporate customer segments, and a maximum percentage of outstandingsfor exposures in the statement of large exposures. In 2018, a maximum percentage of exposures to the French public sector will be introduced for institutions with material outstandings in this asset class. The aim is first to limit risks on at-risk outstandingsin the asset classes in question and second to limit each institution’s largest outstandings. Sector risks are monitoredat Group level for all business sectors, and especially sectors with the highest at-risk ratings and default rates. Recommendations are issued by a monthly Sector Oversight Committee, made up of representatives from the Local Risk Management divisions and the Groupe BPCE Risk, Compliance and PermanentControl division. These recommendationsare validated by the Group Creditand Counterparty Committee. Groupe BPCE also has a systemof geographiclimits based on country risks. Most of Groupe BPCE’s country risk is concentrated in its domestic market, France, and to a lesser extent in the European Union. Natixis also manages its distribution of country risk through country limits given the particular features of its international business. The Group is vigilant regarding risks associated with European periphery countries and geopolitical risks borne by certain countries.The Group is predominantlyexposed to country risks in the Emerging risks Like other European and French players, Groupe BPCE must address the risks caused by its environmentand is placing greater emphasis on the anticipation and management of emergingrisks. The international situation continues to be a source of concern, despite strengthening global economic growth and more positive conditions in emerging countries. Certain regions remain affected by political instability and budget imbalances, notably due to persistently low commodity prices. In Europe, Brexit coupled with security and migrationissues generaterisks for the stabilityof the EuropeanUnion

banking and corporate asset classes. Virtually all exposures to these asset classesare subjectto individualGroup limits (by counterpartyor groups of counterparties). For counterparty risk, BPCE has begun keeping track of business conducted with CCPs, due to the obligation to centrally clear over-the-counter (OTC) derivatives, potentially resulting in concentrated exposure to CCPs. In monitoring internal caps and Group, sector or country limits over the course of the year, no counterparties were found to have exceeded the regulatory caps and no unusual risk concentrationwas identified. Market risks: market risk indicators are monitored and analyzed at various position aggregation levels, giving an overview of total exposure and risk consumption by risk factor. VaR and stress indicators were kept very low for the Group in 2017 (VaR of € 5.3 million at end-2017and stress test at - € 67 million for the most adverse scenario). Operational risk: considering the nature of its businesses, the main causes of Groupe BPCE’s operatinglosses fall into the followingBasel categories: “fraud”, “execution,delivery and proceduremanagement” and “customers, products and sales practices”. Liquidity, interest rate and currency risks: Groupe BPCE’s liquidity position improved over the course of 2017 thanks to improved coverageof stress scenarios.At December 31, 2017, liquidity reserves covered 174% of all short-term funding as well as short-term maturities of MLT debt (versus 158% at end-2016). Groupe BPCE also improved its oversight of interest rate risk in the banking book to ensure a dynamic multi-scenario approach better suited to managing this risk. Future regulatory changes relating to this risk are also currently being integrated to the management system.

and its currency, forming a potential source of risks for banking institutions. The current environment of ultra-low interest rates generates a risk for commercial banking activities, particularly in France where fixed-rateloans predominate, and for life insurance. As the economyin generaland bank transactionsin particularbecome increasinglydigital,risks are on the rise for informationsystemsecurity and customers, with cybersecurity calling for increasing levels of watchfulness.

18

Risk Report Pillar III 2017

SUMMARY OF RISKS Main risks and emerging risks

2

Climate change and Corporate Social Responsibility are a growing concern for financial institutions, as addressed in their risk management policies, but also from a commercial standpoint in regards to customer expectations.

Misconduct risk is monitored with operational risks and has been written into ethics and conflict-of-interestcharters at all levels of Groupe BPCE. Another area of permanent supervision is regulatory developments. Increasingly strict requirements are being imposed on the banking industry and 2017 sawparticularly close supervision of model risks.

19

Risk Report Pillar III 2017

2 SUMMARY OF RISKS Risks factors

Risks factors 2.4

The banking and financial environment in which Groupe BPCE operates is exposed to numerous risks which obliges it to implement an increasingly demanding and strict policy to control and manage these risks. Some of the risks to which GroupeBPCE is exposedare set out below. However,this is not a comprehensivelist of all of the risks incurredby

Groupe BPCE in the course of conducting its business or given the environmentin which it operates. The risks presented below, as well as other risks which are not currently known or not considered significantby Groupe BPCE, could have a material adverse impact on its business, financialpositionand/or results.

Risks relating to macroeconomic conditions, the financial crisis and stricter regulatoryrequirements

Over the last ten years, economic and financial conditions in Europe have had and may continue to have an impact on Groupe BPCE and its markets ofoperation The European markets have experienced major upheavals over the past ten years which have affected economic growth, particularly during the 2008 financial crisis. Initially originating from concerns over the ability of certain euro zone countriesto refinancetheir debt securities, thesedisruptionshave created uncertaintiesmore generally regarding the shortterm economic outlook of European Union countries as well as the quality of the debt securities of sovereign European Union issuers. There has also been an indirect impact on financial markets in Europe and worldwide. While the impact on its sovereign bond holdings has remained limited, Groupe BPCE has been indirectly affected by the consequences of the crisis spreading to most countries in the euro-zone, including France, the Group’s historic domestic market. Some rating agencies have downgraded the rating on French sovereign bonds in recent years, in some cases leading these same agencies to automatically downgrade the ratings on senior and subordinated bonds issued by French commercial banks, including Groupe BPCE. In the wake of these crises, anti-austerity sentiment has triggered political uncertainties in a number of European companies, while the financial and banking markets have been impacted by other factors, including the many unconventional economic stimulus measures launched by the European Central Bank (the “ECB”) along with other central banks around the world. The financial markets have also been subject to strong volatility in responseto various events, includingbut not limited to the decline in oil and commodityprices, the slowdown in emerging economies and turbulenceon the equity markets. If economic or market conditions in France or elsewhere in Europe were to deterioratefurther,GroupeBPCE’smarketsof operationcould be more significantlydisrupted,and its business,results and financial position could be adversely affected. The United Kingdom’svote to leave the EuropeanUnion could have an adverse impact on Groupe BPCE and its markets of operation, imposing restructuringcosts on some subsidiaries On 23 June 2016, the United Kingdom held a referendum that saw the majority of voters choose to exit the European Union (“Brexit”). The referendumis not an obligationto leave the EuropeanUnion, but it is highly likely that the United Kingdomwill trigger the appropriate measuresto implementBrexit. On 29 March 2017, the governmentof the United Kingdominvoked Article 50 of the Treaty on the European Union (the “Lisbon Treaty”) relating to withdrawal.Negotiationshave begun to determinefuture relationsbetweenthe United Kingdomand the European Union, particularly in terms of commercial, financial and legal agreements.The nature, timetable as well as the economic

and political impacts of a potential Brexit are still highly uncertain and will depend on the outcome of the negotiations between the United Kingdom and the European Union. Brexit has sparked uncertainties, volatility and major disturbances on the European markets, and more broadly on the global economic and financial markets, and may well continue to do so, potentially harming the credit rating, activity, results and financialpositionof GroupeBPCE. A persistentlylow interest rate environmentmay be detrimentalto the profitabilityand financialposition of Groupe BPCE The global markets have been subject to low interest rates in recent years, and it appearsthis situationwill not be changinganytimesoon. When interest rates are low, credit spreads tend to tighten, meaning Groupe BPCE may not be able to sufficientlylower interest rates paid on deposits to offset the drop in revenues associated with issuing loans at lower market rates. Groupe BPCE’s efforts to reduce the cost of deposits may be restricted by the high volumes of regulated products, especially on the French market, including in particular Livret A passbook savings accounts and PEL home savings plans, which earn interest above the current market rate. In addition, Groupe BPCE may incur an increase in prepayments and renegotiationsof home loans and other fixed-rateloans to individuals and businesses, as customers seek to take advantage of lower borrowing costs. Combined with the issuance of new loans at low interest rates prevailing on the markets, Group BPCE may see an overall decrease in the average interest rate in the loan book. Reduced credit spreads and weaker retail banking revenuesstemming from this decrease may undermine the profitability of the retail banking activities and overall financial position of Groupe BPCE. Furthermore,if market rates begin climbing again and Groupe BPCE’s hedging strategies prove ineffective or only partially offset this fluctuationin value, its profitabilitymay be affected.An environment of persistently low interest rates may also cause the market yield curve to flattenmore generally,which in turn may lower the premium generated by Groupe BPCE’s financing activities and negatively impact its profitability and financial position. The flattening of the yield curve may also encourage financial institutions to enter into higher-risk activities in an effort to obtain the targeted level of return, which may heighten risk and volatility on the market. Given the difference in economic cycle between the United States and Europe, rising interest rates are expected to affect the dollar before the euro, and Groupe BPCE may be more affected by interest rate rises in EUR thanin USD. Legislation and regulatory measures in response to the global financial crisis may materially impact Groupe BPCE and the financialand economic environment in which the Groupoperates Legislation and regulations have recently been enacted or proposed with a view to introducinga number of changes, some permanent,in the global financial environment. While the objective of these new

20

Risk Report Pillar III 2017

Made with FlippingBook - Online magazine maker