BPCE_REGISTRATION_DOCUMENT_2017

RISK REPORT Non-compliance risks, security and operational risks

ACTIVITIES IN 2017 Several regulatoryprojects were carried out in 2017: implementation of the Eckert Act fordormant accounts, support for Salesdepartments in implementing new banking mobility requirements (Macron Act), improved access to deposit accounts in line with the Payment Accounts Directive, incorporatin of initial skill sets and continuous training inthe enactmentof theMortgage Credit Directive.

At the same time, particularfocus was placed on: management of non-compliance risks by re-mapping these risks ● and drawing more information from customer complaints; use of social media for sales purposes,with stricter communication ● guidelines for institutions.

Investmentservices compliance 3.11.2

3

ORGANIZATION This area includes the compliance and ethical aspects of financial activities, as defined by the AMF General Regulations.More broadly, it includes the prevention of conflicts of interests, ensuring that customer interests prevail, compliance with market rules and professional standards in the banking and financial sectors, and, finally, regulationsand internalstandardsregardingbusinessethics. It also includes oversight of Investmentdepartmentsand the operating procedures of investment services compliance officers (RCSIs). Since the end of 2016, this area has also includedSRAB commitments (Separation and Regulation of Banking Activities) – Volckeroffice . ACTIVITIES IN 2017 BPCE, drawing on the work and discussionsundertakenby the French financial center, has adapted its sales proceduresgoverning financial savings products to reflect the impact of the Markets in Financial Instruments Directive and Regulation, the Insurance Distribution Directive and PRIIPs obligations. These regulations improve market transparency and investor protection. They have an impact on the Group in its role as a distributor of financial instruments, thus calling for the following changesto the new customerexperiencein terms of financialsavings and insurance products: adjustmentsto customerand KYC data collection(customerprofile, ● characteristicsof customer plans in terms of objectives, risks and investment horizons), but also an updated questionnaire on customerfinancial investmentknowledgeand experienceto ensure that suitableadvisory services are provided; adaptation of offers associated with the financial services and ● products sold; formalization of customer advice (suitability report) and the ● customer’s acceptance of said advice (issuance of customer alerts where necessary); arrangementof relationshipsbetweenproducersand distributorsin ● order to meet thenew applicable regulatory requirements; inclusion of provisions related to the transparency of fees and ● charges accordingto required granularity; production of value-added reports for customers and recording of ● conversations forcustomer relationsand advisorypurposes;

disclosure of transaction reports to regulators, particularly on ● best-executionand best-selection requirements; participation in the development of employee training and the ● change managementprogramrelated to these new provisions. In response to the enactment of the Market Abuse Directive and Regulation, the Group uses a market abuse alert analysis and reporting tool. This tool covers the Banque Populaire banks, the Caisses d’Epargne and their subsidiaries. In cooperation with the institutions,BPCE reviewed the tool’s configurationfor market abuse detection. At the same time, standards and procedures administered by the central institution were updated in the interest of reviewing the regulatory and IT framework for marketabuse vigilance. Regarding the sale of cooperativeshares, changes were made to the normative frameworks to reflect regulatory requirements on the dilution and control of capital by the institutions and the rules governingthe sale of cooperativeshares to the public, in particularin terms of information in the event of an institution’s resolution. An opportunity study on the creation of a Group ethics tool to maintain lists of insiders was conducted with the help of a working group involving the Group’s Investment Services Compliance department. Investment services non-compliancerisks were analyzed, measured, monitored and managed, in line with the Ministerial Order of November3, 2014,with the aimof: ensuring a permanent overview of these risks and the system ● implemented to prevent or reduce them, including updated mapping; ensuring that the largest risks, if necessary, are subject to controls ● and action plansaimed at supervising them more effectively. With regard to implementation of the SRAB Act on the Banque Populaireand Caisse d’Epargnenetworks,operationalimplementation of the managementand risk mandateswas completedin the first half of 2017, based on the mapping of internal units in the Group’s institutions. In addition, the Group was “Volcker Rule”-certified in March 2017 based on Independent Testing performed by the Group’s Inspection Générale division and the senior managementreport, which identifies the controlscarriedout onthe Volcker Units. Finally, SRAB and Volcker Units as well as methodologiesgoverning indicators were converged. Monitoring and compliance with these two regulations were covered in a report to the SRAB Volcker Coordinating Committee, chaired by the Group Compliance division.

195

Registration document 2017