BPCE_REGISTRATION_DOCUMENT_2017

3 RISK REPORT

Non-compliance risks, security and operational risks

ACTIVITIES IN 2017 Targeted improvements were made to detection tools for the preventionof terrorist financing.With this system, Groupe BPCE also meets the requirement of establishing a procedure to assess a customer’s situation with respect to corruption, as set out in Article 17, section 4, of Act No. 2016-1691 of December 9, 2016 (“Sapin II”) on transparency, prevention of corruption and modernization of the economy. Customers identified as “politically exposed persons” are assigned a high risk level and must be treated with special vigilance, particularlyby identifyingthe sources of their assets. Finally, Transparency International rankings of a customer’s countryof residence are taken into consideration. Corruption, which is defined as an act in which a person offers or grants an undue reward to another person in exchange for an act falling within that person’s remit, is a fraudulent and unethical behavior subject tosevere criminaland administrative sanctions. Groupe BPCE denounces corruption in all forms and in all circumstances. Accordingly, it is a signatory of the United Nations Global Compact,whose tenth principlestates that “Businessesshould work against corruption in all its forms, including extortion and bribery.” Anti-corruption measures The Group strives to prevent corruption in order to guarantee the financial security of its activities, including inparticular: by taking measures against money laundering and terrorist ● financing, measures against fraud, supervising “politically exposed persons”, andcomplyingwith embargoes; ensuring that employees observe professional rules of compliance ● and ethics by applying policies governing conflicts of interest, exchanges of gifts, benefits and invitations, confidentiality and professional secrecy. Disciplinary sanctions have been defined for any failure to respect professional rules governing the activities conducted by Group companies; exercising vigilance when making contributions to political ● campaigns or to government agents, donations, patronage and sponsorship, and lobbying; Group commitments in the prevention of corruption

supervising relations with intermediariesand business introducers ● via groupwide standardized contracts describing the reciprocal services and obligations and contractually establishing compensation terms. A whistleblowing system is available to employeesand included inthe internal rules. Employees also have access to a whistleblowing procedure. For the purposes of implementingthe Act of December 9, 2016 on transparency, prevention of corruption and modernization of the economy (“Sapin II Act”), Groupe BPCE has undertaken initiatives to analyze and expand existingmeasures. These initiatives include: Group risk exposures have been mapped out and distributed to all ● Group institutions, based on an analysis of their activities and associated risk management systems; the internal rules adopted by each institutionare in the process of ● being amended with the employee representative bodies to incorporate the following changes: existingwhistleblowingsystemshave been extendedto reportsof - corruption or influence-peddling, and expanded to include provisionsto protect whistleblowers, codes of compliance or ethics now include, where applicable, - examplesof corruption and influence-peddling. The Group has also defined standards and proceduresgoverning KYC and due diligence procedures used for customer classification and supervisionpurposes.In the interestof organizingthe internalcontrol system, whistleblowing/detectiontools and permanent control plans serve to bolsterthe security of this system. BPCE also has accountingpoliciesand proceduresin place in line with professional standards. The purpose of the Group’s internal control systemfor accountinginformationis to check the conditionsin which such informationis assessed, recorded, stored and made available, in particular by verifying the existence of the audit trail, within the meaning of the Ministerial Order of November 3, 2014 on internal control. This control system is part of the fraud, corruption and influence-peddling prevention and detection plan. From a more general standpoint, these systems are formalized and detailed in the umbrella charter governingthe organizationof Group internal control and the Risk, Compliance and Permanent Control Charter. Parent company affiliates and all BPCE subsidiaries have adopted these charters.

Business continuity 3.11.5

The management of business interruption risk is handled from a cross-businessperspective. This includes the analysis of the Group’s main critical business lines, notably liquidity, payment instruments, securities, individual and corporate loans and fiduciaryactivities.

Security division, which in turn reports hierarchically to the Compliance, Security and Operational Risk department and functionally to the Transformation and Operational Excellence department. The Group Business Continuity division performs its tasks independently of operational divisions. Theseinclude: managing Group business continuity and coordinating the Group ● Business Continuity department; coordinating Group crisis management; ●

ORGANIZATION

As of September 1, 2017, the Group Business Continuity manager, responsiblefor the Group Business Continuitydivision, reports to the

198

Registration document 2017

Made with FlippingBook - professional solution for displaying marketing and sales documents online