BPCE_PILLAR_III_2017

NON-COMPLIANCE RISKS, SECURITY AND OPERATIONAL RISKS Financial security

Activities in 2017 Targeted improvements were made to detection tools for the preventionof terrorist financing.With this system, Groupe BPCE also meets the requirement of establishing a procedure to assess a customer’s situation with respect to corruption, as set out in Article 17, section 4, of Act No. 2016-1691 of December 9, 2016 (“Sapin II”) on transparency, prevention of corruption and modernization of the economy. Customers identified as “politically exposed persons” are assigned a high risk level and must be treated with special vigilance, particularlyby identifyingthe sources of their assets. Finally, Transparency International rankings of a customer’s countryof residence are taken into consideration. GROUP COMMITMENTS IN THE PREVENTION OF CORRUPTION Corruption, which is defined as an act in which a person offers or grants an undue reward to another person in exchange for an act falling within that person’s remit, is a fraudulent and unethical behavior subject tosevere criminaland administrative sanctions. Groupe BPCE denounces corruption in all forms and in all circumstances. Accordingly, it is a signatory of the United Nations Global Compact,whose tenth principlestates that “Businessesshould work against corruption in all its forms, including extortion and bribery.” ANTI-CORRUPTION MEASURES The Group strives to prevent corruption in order to guarantee the financial security of its activities, including inparticular: by taking measures against money laundering and terrorist ● financing, measures against fraud, supervising “politically exposed persons”, andcomplyingwith embargoes; ensuring that employees observe professional rules of compliance ● and ethics by applying policies governing conflicts of interest, exchanges of gifts, benefits and invitations, confidentiality and professional secrecy. Disciplinary sanctions have been defined for any failure to respect professional rules governing the activities conducted by Group companies; exercising vigilance when making contributions to political ● campaigns or to government agents, donations, patronage and sponsorship, and lobbying;

supervising relations with intermediariesand business introducers ● via groupwide standardized contracts describing the reciprocal services and obligations and contractually establishing compensation terms. A whistleblowing system is available to employeesand included inthe internal rules. Employees also have access to a whistleblowing procedure. For the purposes of implementingthe Act of December 9, 2016 on transparency, prevention of corruption and modernization of the economy (“Sapin II Act”), Groupe BPCE has undertaken initiatives to analyze and expand existingmeasures. These initiatives include: Group risk exposures have been mapped out and distributed to all ● Group institutions, based on an analysis of their activities and associated risk management systems; the internal rules adopted by each institutionare in the process of ● being amended with the employee representative bodies to incorporate the following changes: existingwhistleblowingsystemshave been extendedto reportsof - corruption or influence-peddling, and expanded to include provisionsto protect whistleblowers, codes of compliance or ethics now include, where applicable, - examplesof corruption and influence-peddling. The Group has also defined standards and proceduresgoverning KYC and due diligence procedures used for customer classification and supervisionpurposes.In the interestof organizingthe internalcontrol system, whistleblowing/detectiontools and permanent control plans serve to bolsterthe security of this system. BPCE also has accountingpoliciesand proceduresin place in line with professional standards. The purpose of the Group’s internal control systemfor accountinginformationis to check the conditionsin which such informationis assessed, recorded, stored and made available, in particular by verifying the existence of the audit trail, within the meaning of the Ministerial Order of November 3, 2014 on internal control. This control system is part of the fraud, corruption and influence-peddling prevention and detection plan. From a more general standpoint, these systems are formalized and detailed in the umbrella charter governingthe organizationof Group internal control and the Risk, Compliance and Permanent Control Charter. Parent company affiliates and all BPCE subsidiaries have adopted these charters.

11

193

Risk Report Pillar III 2017