BPCE_REGISTRATION_DOCUMENT_2017

3 RISK REPORT

General structure of Groupe BPCE’S internal control system

Some disclosures required under IFRS 7 on the nature and the extent of various risks are presented in this report and covered by the Statutory Auditor's opinion on the consolidated financial statements. Such disclosures are flagged by the statement "Information provided in the respect of IFRS 7" and should be

interpreted as an integral part of the notes to the consolidated

financial statements.

The Pillar III report is available in the "Results" section of Groupe BPCE website (www.groupebpce.fr), under "Registration document".

General structure of Groupe BPCE’S 3.1 internal control system

The Group control system relies on three levels of controls,in accordancewith banking regulationsand sound managementpractices:two levels of permanent controls and one level of periodic control, as well as the establishment of consolidated control processes in accordance with provisionsapproved byBPCE’sManagement Board.

3.1.1

Participants in the control system

PERMANENT CONTROL BY LINE MANAGEMENT (LEVEL 1)

Level 1 controls are formally reported to the relevant Permanent Control divisions or functions.

Level 1 permanent control is the first link in internal control and is primarily performedby operationalor support departmentsunder the

PERMANENT CONTROL BY DEDICATED ENTITIES (LEVEL 2) Level 2 permanent controls, within the meaning of Article 13 of MinisterialOrder A-2014-11-03on internalcontrol,are performedby entities dedicated exclusively to this duty within the Group’s Risk, Compliance and Permanent Control division. Other central functions also contribute to the permanent control system: the Legal Affairs division,the Operationsdivision in charge of informationsystem security and the Group Human Resourcesdivision for certainissues affectingthe pay policy. PERIODIC CONTROL (LEVEL 3) Periodiccontrol,within the meaningof Article 17 of MinisterialOrder A-2014-11-03 on internal control, is performed by the Group’s InspectionGénérale division and implementedby the audit function across all entities and activities, including permanent control.

supervision of their linemanagement. These departmentsare responsible for:

implementingformalized,documented and reportable self-checks; ● documentingand verifying compliancewith transactionprocessing ● procedures, detailing the responsibility of those involved and the types of checkscarried out; verifying the compliance of transactions; ● implementing recommendations drawn up by Level 2 control ● functions onthe Level1 controlsystem; 1 controls are performed, jointly if applicable, by a special-purpose Middle Office-type control unit or accounting control entity, by the operationalstaff themselves, or by line managers. reporting to and alerting Level 2 control functions. ● Dependingon the situationsand activities,these Level

112

Registration document 2017