BPCE_REGISTRATION_DOCUMENT_2017

RISK REPORT Governance and risk management system

Development of training programs Annual training plan for the Group risk and compliance function: ● the risk and compliance academy; Video learning module on the priorities of the annual review of ● corporate customers,in terms of sales and risk, aimed at corporate accountmanagersand branch-based corporate customer advisors; Quiz aimed at raising awareness of banking risks, called Risk ● Pursuit, designed in gaming format and available for multiple devices, including tablets.

Increased coordination and exchange of best practices Coordination of Banque Populaire network credit exposure ● managersbeginningin 2017; Oversight of change management initiatives in cooperation with ● the business lines, for example with post-AQR changes in credit procedures (2016 projects: annual review, supervision, seizure of retail collateral; 2017 projects: syndications, provisioning, home loan indicators).

3

3.4.2

Groupe BPCE’srisk management system

international development (predominantly corporate & - investmentbankingand asset management,with a more targeted approach to retailbanking customers). In terms of risk profile, Groupe BPCE incurs risks intrinsically associated with itsretail banking and corporate& investment banking activities. Risk profile The following risks are incurred by the Group because of its business model: credit risk generated by the Group’s predominant business, i.e. ● lending to individual and corporate customers, which is managed under risk policiesapplied to all Group entities,concentrationlimits defined by counterparty,country and sector, and finally extensive oversight of loan books; structural interest rate risk, primarily linked to fixed-rate home ● loans and regulated liabilities. It is managed under group-wide standards andlimits set for each entity; liquidity risk, steered centrally by allocating budget-defined ● liquidity to round out customer depositsraised by the entities; non-financial risks, managed under group-wide standards. These ● standardscover non-compliance,fraud, informationsystemsecurity and misconduct risks, as well as other operational risks. Acccordingly: operational risks are subject to group-wide data collection - standards applicable to all Group entities, tools used to annually map out operational risks and report associated losses and incidents as they arise, monitor major risks, and monitor action plans targetingspecific risks, non-compliancerisks are governed by permanent controls based - on shared standards,a software tool used to consolidatedata at Group level, compliance-specific governance and group-wide principles aimed at mitigating these risks. Finally, aligning the requirements of individual customers (cooperative shareholders whose funds comprise the Group’s share capital) and credit investors necessitates very strong aversion to reputational risk. The following risks are concentrated in specificscopesof activity: market risks; ● emergingcountryrisk; ● risk related to securitization transactions. ●

All credit, financialand non-financialrisks, includingnon-compliance risks, are covered by central and local mechanismsserving to ensure the adequacy of risk management systems linked to Groupe BPCE’s risk appetiteand strategy. Groupe BPCE’s Supervisory Board unanimously approved Groupe BPCE’s risk appetite framework at its meeting on June 19, 2015. In addition, at its meeting on July 30, 2015, Groupe BPCE’s Supervisory Board unanimously approved the quantitative indicators used for Groupe BPCE’s risk appetite and the associated governance framework, and approved the resilience limit for each of the indicators.The most recent annual review of the Group’s risk appetite was conducted by Groupe BPCE’s Supervisory Board on December21, 2017 to unanimous approval. RISK APPETITE As a decentralized and united cooperative group, Groupe BPCE structuresits activity around share capital, held predominantlyby the regional institutions, and centralized market funding optimizing the resources allocated to the entities. Groupe BPCE: through its cooperative nature, is firmly committed to generating ● recurring and resilient income for its cooperativeshareholdersand investors by offering the best service to its customers; must preserve the solvency, liquidity and reputationof each Group ● entity – a duty assumed by the central institution through the oversight of consolidated risks, a risk policy and sharedtools; consists of regional entities and banks, owning the property of the ● Group and its subsidiaries. In addition to normal management operations,in the event of a crisis, solidaritymechanismsbetween Group entities ensure the circulation of capital and prevent the entities or the central institution from defaulting; focuses on the structural risks of its full-service banking business ● model, with a predominant retail banking component in France, while incorporating other business lines necessary to provide quality service to all of its customers; diversifiesits exposuresby developingcertain activitiesin line with ● its strategic plan: development of the bancassurance and asset management - businesses,

147

Registration document 2017