BPCE_PILLAR_III_2017

1 GENERAL STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM Structure of Groupe BPCE’s internal control system

Internal Control Coordination Committee The President of the central institution’s Management Board is responsible for ensuring the consistency and effectiveness of the internal control system. A Group Internal Control CoordinationCommittee(CCCIG),chaired by the President of the ManagementBoard or his representative,meets periodically. This committee is responsible for dealing with all issues relating to the consistency and effectiveness of the Group internal control system,as well as the results of risk managementand internalcontrol work and follow-up work. The committee’s main responsibilitiesinclude: validating the Group’s Internal Control Charter, the Risk, ● Compliance and Permanent Control Charter and the Group Audit Charter; reviewing dashboards and reports on group control results, and ● presenting permanent control coordination initiatives and results; validating action plans to be implemented in order to achieve a ● consistent and efficient group permanent control system, and assessing progress made on corrective measures adopted subsequent to recommendations issued by the Group Inspection Its scope covers the entire Group (centralinstitution,networksand all subsidiaries). It sets the broad risk policy, decides on the global ceilings and limits for Groupe BPCE and for each institution,validates the authorization limits of other committees, examines the principal risk areas for Groupe BPCE and for each institution, reviews consolidated risk reports and approves risk action plans for the measurement, supervision and management of risk, as well as Groupe BPCE’s principalrisk standardsand procedures.It monitorslimits (Ministerial Order of November 3, 2014 on internal control, Article 226), particularly when overall limits are likely to be reached (Ministerial Order of November3, 2014 oninternal control,Article 229). Overall risk limits are reviewed at least once a year and presented to the Group Risk Management Committee (Ministerial Order of

Générale division, the national or European supervisoryauthorities, and the permanentcontrol functions; reviewing the Group’s internal control system, identifying any ● shortcomings, and suggesting appropriate solutions to further secure the institutionsand the Group; reviewingthe allocation of resources with respect to risks incurred; ● presenting the resultsof institution controls or benchmarks; ● deciding on any cross-business initiatives or measures aimed at ● strengthening the Group’s internal control system; ensuring consistency between measures taken to strengthen ● permanentcontrol and risk areas identifiedduring the consolidated macro-level risk mapping exercise. This committee’s members include the member of the Executive Management Committee in charge of Risk, Compliance and Permanent Control and the Group Head of Internal Audit, who is a memberof the Group’s ExecutiveCommittee.The ManagementBoard member in charge of retail banking and Insurance is a standing member. If applicable, this committee may hear reports from operational managers about measures they have taken to apply recommendationsmade byinternal and external control bodies. November 3, 2014 on internal control, Article 224). The Umbrella Committee provides the Risk Management Committee of the Supervisory Board with proposed criteria and thresholds for the identification of incidents to be brought to the attention of the supervisorybody (MinisterialOrder of November 3, 2014 on internal control, Articles 98 and 244). It notifies the Group Risk Management Committeetwice ayear of the conditions under which the established limits were observed (Ministerial Order of November 3, 2014 on internal control,Article 252). At the same time, several committees are responsible either for defining shared methodology standards for measuring, managing, reporting and consolidating all risks throughout the Group, or for making decisions about risk projects with an IT component.

GroupRisk Management Committee: Umbrella Committee

Committees specific to each department

CREDIT RISK/COMMITMENT COMMITTEES Several kinds of committeeshave been establishedto manage credit risk for the full Group scope, meeting at varying frequencies depending on their roles (ex-post or decision-makinganalysis) and their scope of authority.

FINANCIAL RISK COMMITTEES The Group has also established decision-making and supervisory committees for both market and ALM risk. The frequency of their meetings istailored to institutional and Group needs.

9

Risk Report Pillar III 2017