BPCE_PILLAR_III_2017

11 NON-COMPLIANCE RISKS, SECURITY AND OPERATIONAL RISKS

The Compliance, Security and Operational Risk department works independentlyof the operational divisions, as well as of the other Internal Control divisions with which it cooperates. It has three major divisions: a Compliance division which covers three areas: banking ● compliance,investment services and financial security, including BPCE’s Tracfinofficers; a Security division covering all areas: personal and property ● safety, businesscontinuity,informationsystemsecurity and cyber security and fraud watch, as well as the coordinationof the new DPO (Data Protection Officer) function; an Operational Risk Management division. ● The Compliance, Security and Operational Risk department carries out its duties within the framework of business line operations.To this end, it helps guide and motivate the Heads of the Compliance, Security and Operational Risk gunvyiond of the affiliates and subsidiaries. The compliance officers appointed by the various affiliates, including the Caisse d’Epargne and Banque Populaire parent companiesand direct subsidiariescovered by the regulatory system of banking and financial supervision, have a strong functional linkwith DCSG. The Compliance,Securityand OperationalRisk departmentconducts any necessary initiatives to strengthen compliance, security and operational risk managementthroughout Groupe BPCE. As such, it

sets out standards, shares best practices and coordinates working groups consisting of departmental representatives. Promoting a culture of risk management and taking into account the legitimate interests of customers is also achieved through employee training. Consequently, the Compliance, Security and Operational Risk department: puts together the training materials mainly used by the ● Compliance function and manages interaction with the Group Human Resourcesdivision; helps train Compliance staff, mainly through specialized annual ● seminars (financial security, ethics and compliance, banking compliance, coordination of permanent compliance controls, cybersecurity,etc.); coordinatestraining for complianceofficers through a dedicated ● system and appropriate courses; coordinatesthe compliance,security and operationalrisk process ● through national operationalrisk days and theme-basedworking groups. Moreover, BPCE’s corporate compliance as well as the compliance of the Group’s insurancebusinessesis handled by a dedicatedteam in the DRCCP Secretary’s Office.

188

Risk Report Pillar III 2017