BPCE_REGISTRATION_DOCUMENT_2017

3 RISK REPORT

Non-compliance risks, security and operational risks

Non-compliance risks, security 3.11 and operational risks

The Compliance, Security and Operational Risk department works independently of the operational divisions, as well as of the other Internal Control divisionswith which it cooperates.It has three major divisions: a Compliance division which covers three areas: banking ● compliance, investment services and financial security, including BPCE’s Tracfinofficers; a Security division covering all areas: personal and property safety, ● business continuity,informationsystem security and cyber security and fraud watch, as well as the coordinationof the new DPO (Data Protection Officer)function; an Operational Risk Management division. ● The Compliance,Securityand OperationalRisk departmentcarries out its duties within the framework of business line operations. To this end, it helps guide and motivate the Heads of the Compliance, Security and Operational Risk gunvyiond of the affiliates and subsidiaries. The compliance officers appointed by the various affiliates,includingthe Caisse d’Epargneand BanquePopulaireparent companiesand direct subsidiariescoveredby the regulatorysystemof banking and financial supervision,have a strong functional link with DCSG. The Compliance, Security and Operational Risk department conducts any necessary initiatives to strengthen compliance, security and operational risk management throughout Groupe BPCE. As such, it This field includesthe preventionof non-compliancerisks in the areas of legislation, regulations or professional standards, within the banking and KYC scope. To this end, it encompasses support for operationaldepartmentsin their compliancewith regulatorychanges, the distribution of standards (including ACPR recommendationsand EBA guidelines), compliance expertise for the purpose of approving new products or sales processes, supervision of document and challenge approval processes and the monitoring of the Group’s OutsourcedEssentialServices.It also strengthensthe managementof non-compliancerisk throughthe oversightof complaintsanalysis,the operationof compliancecontrols and through risk-mappingelements reported by Groupe BPCE institutionswithin the banking compliance and KYCscope. Customer protection The Group’s reputation and the trust of its customers are strengthened when the products and services it sells comply with regulations and the information it supplies is reliable. To maintain this trust, the Compliance division makes customer protection a top priority. ORGANIZATION Banking compliance

sets out standards, shares best practices and coordinates working groups consisting of departmental representatives. Promotinga culture of risk managementand taking into account the legitimate interests of customers is also achieved through employee training. Consequently, the Compliance, Security and Operational Risk department: puts togetherthe trainingmaterialsmainly used by the Compliance ● function and manages interaction with the Group Human Resourcesdivision; helps train Compliance staff, mainly through specialized annual ● seminars (financial security, ethics and compliance, banking compliance, coordination of permanent compliance controls, cybersecurity,etc.); coordinates training for compliance officers through a dedicated ● system and appropriate courses; coordinates the compliance, security and operational risk process ● through national operational risk days and theme-based working groups. Moreover, BPCE’s corporate complianceas well as the complianceof the Group’s insurance businesses is handled by a dedicated team in the DRCCP Secretary’s Office. PRODUCT GOVERNANCE All new products and services, regardless of their distribution channels,as well as sales materialsthat fall within Compliance’sarea of expertise obtain prior approval by Compliance. In this way, the Compliance division ensures that applicable regulatory requirements are followed and that the targeted customers – and the public at large – receive clear and fair information. Compliance also coordinates the approval of national sales challenges, ensures that conflicts of interest are managed properly and guarantees that customer interests always come first. TRAINING INITIATIVES Customer protection is a constant priority for Groupe BPCE’s Compliance function. Group employees regularly receive training on customer protection issues to maintain the required level of customer service quality. These training sessions are aimed first and foremost at promoting awareness of compliance and customer protection among new hires and/or sales team employees. Additionally, ethics and compliance training, entitled “Fundamentalsof professionalethics”, has been set up for all Group employees.

Banking complianceand customerprotection 3.11.1

194

Registration document 2017