BPCE_REGISTRATION_DOCUMENT_2017

5 FINANCIAL REPORT

Controls of accounting and financial reporting quality

5.8.3

Control process for accounting and financial data

GENERAL SYSTEM Groupe BPCE’s internal control system contributes to the management of all types of risk and enhances the quality of accounting and financial information. It is organized in accordancewith legal and regulatoryrequirements, including those arising from the Ministerial Order of November 3, 2014 on internal control and texts governing BPCE. It concernsall Group companies,which are monitoredon a consolidated basis. The system is managed by an umbrella charter governing the organization of Group internal control which represents the main principles, defines the scope of application,lists all actors concerned and their role to ensure the correct operation of the internal control system of each companyand the Group. The umbrella charter covering the organization of Group internal control is accompaniedby: a charter covering the periodicontrol department; ● a risk, compliance and permanent control charter covering the ● permanent control departments; frameworks and standards including one covering the accounting ● and financial information quality control system. APPLICATION OF THE CONTROL FRAMEWORK WITH REGARD TO ACCOUNTING AND FINANCIAL DATA The control of accountingand financialreportingquality is defined in accordance with the requirements of the Ministerial Order of November 3, 2014 concerning internal control, particularly Article 11c), which requires the “verification of accounting and financial reporting quality, related to informationaddressedto either the executive managers or the supervisory body, whether submitted to the supervisoryand control authoritiesor appearingin documents intended for publication.” Within the central institution, the Risk, Compliance and Permanent Control division (DRCCP) coordinates the permanent control system for accounting and financial reporting as part of an operational “review” function, the rules of which are set out in the “Accounting and financialinformationquality control framework”approvedby the Group Internal Control Coordination Committee on June 9, 2016. In accordance with the regulatory obligations set out by the Ministerial Order of November 3, 2014 on internal control (and in particular Article 11 c) and Title III), this framework defines the interactionof the system’s first and second level, the managementof the mechanismwithin the Group, and takes into account changes in the regulatory provisions, as well as in the Group’s internal control system, since it wascreated. This single framework applies to all Groupe BPCE entities monitored on a consolidatedbasis. The entities were required to implementthe new principles introduced by this framework by December 31, 2017. In addition to this framework, the control mechanism is also governed: at the first level, by the body of standards, the uniformity of the ● information consolidation system and the body of documents described inSection 5.5.2 above;

at the second level, by Group reviewstandardswhich constitutethe ● operational version of the framework, Group review guidelines which provide specific methodologyinformation and the standard for accounting and financial information controls that can be carried out by the entities and upon which the institute-wide control approach is based with results reported to the central institution. Within the institutions Reflecting the decentralizednature of Groupe BPCE, internal control procedures are tailored to the organization of each consolidated entity. Inall cases,these proceduresinclude threelevels of controls: a basic level, i.e. “first level controls” (control), relating to ● operationaldepartmentsand integrated into accountingtreatment procedures; an intermediate level, i.e. “second-level controls” (review), ● organized and managed by a specialist audit function dedicated to second-levelcontrolson accountingand financialdata: the Review. This function performs independentcontrols of operatingprocesses to ensure the reliability and exhaustive nature of the accounts, in co-operation withthe other permanent control functions; an upper level, i.e. “third-level controls” (audit), involving periodic ● controls organized under the authority of the Local Internal Audit departmentor the Group’s InspectionGénérale division, or controls performed by parties external to Groupe BPCE (particularly Statutory Auditors, the Autorité de contrôle prudentiel et de résolution and the EuropeanCentral Bank). Within the central institution Supervision and “review” function relations Within the Risks, Compliance and Permanent Control division, the operational review function is managed by the Financial Review division. Its head, who reports to the head of Permanent Control Coordination, is a standing guest member of the Group Internal Control CoordinationCommitteeand has been granted powers to set standards for the process. In conjunction with the shareholder institutions and Group subsidiaries, the Financial Review division maintains a strong functionallink between the offices within the Group institutionsand that of the central institution.This is to guaranteethe quality of the Group’s accounting and financial reporting. Its mainduties are to: facilitate sharing of best practices within a special-purpose ● committee(Auditors’ Committee)and workinggroups; organize the drafting and distribution of the set of standards and ● documents forthe process; coordinate each entity’s system for reporting to the central ● institution so that it can assess their system for producing and controlling accounting and financial information; visiting entities whose systems are falling behind those of others. ●

510

Registration document 2017