BPCE_PILLAR_III_2017

11 NON-COMPLIANCE RISKS, SECURITY AND OPERATIONAL RISKS Business continuity

Business continuity 11.5

The managementof businessinterruptionrisk is handledfrom a cross-businessperspective.This includesthe analysisof the Group’smain critical business lines, notably liquidity, payment instruments,securities,individualand corporate loansand fiduciaryactivities.

Organization As of September 1, 2017, the Group Business Continuity manager, responsiblefor the Group Business Continuitydivision, reports to the Security division, which in turn reports hierarchically to the Compliance, Security and Operational Risk department and functionally to the Transformation and Operational Excellence department. The Group Business Continuity division performs its tasks independently of operational divisions. Theseinclude: Activities in 2017 The importanceof digital technologyin the bank’s activities and the heightenedrisk of cybercrimecalls for the developmentof a specific responsein terms of emergencymanagementand businesscontinuity in the event of cyber-attacks,drawn up jointly with the departments in question. The development of a cyber Contingency and Business Continuity Plan(CBCP) waslaunchedin 2017. Group crisis governance, which provides enhanced coordination of incidents involving several Group companies or their suppliers, has a multi-disciplinarymonitoring unit capable of handing incidents in

managing Group business continuity and coordinating the Group ● Business Continuity department; coordinating Group crisis management; ● managing the implementation of the Group Contingency and ● Business Continuity Plans (CBCPs) and keeping them operational; ensuring compliancewith regulatory provisions governing business ● continuity; participating inGroupe BPCE’sinternal and external bodies. ●

cooperative mode. The Group management procedure for serious incidents wasfinalized in2017. The new supplier tracking system, implemented by the central institution,was adopted in June 2017. It is based on a decentralized model, drawing on contributions from the business lines to take advantage of their operational skills and knowledge while taking a Groupwide approach to ensure consistency. Continuity mechanisms are presented to the Group’s CBCP steering committeeon a regular basis.

194

Risk Report Pillar III 2017