BPCE - Risk Report - Pillar III 2020

12

OPERATIONAL RISKS

Incident alert procedure

The alert procedure for serious incidents has been extended to the entire scope of Groupe BPCE. The aim of this system is to enhance and reinforce the system for collecting loss data across the Group. An operational risk incident is deemed to be serious when the potential financial impact at the time of detection is over €300,000, or over €1 million for Natixis. Operational risk

incidents with a material impact on the image and reputation of the Group or its subsidiaries are also deemed to be serious. There is also a procedure in place covering material operational risks, within the meaning of Article 98 of the Ministerial Order of November 3, 2014, for which the minimum threshold is set at 0.5% of Common Equity Tier 1.

Operational risk measurement

Groupe BPCE applies the standardized approach to calculate its capital requirements. Moreover, elements of internal control are considered in the assessment of the Group’s net risk exposures.

HIGHLIGHTS The following special measures were applied to oversight of operational risks:

measurement of impact completeness: joint oversight between CBCP (Contingency and Business Continuity Plan) functions • and operational risks, with exchange of information and recognition of operating losses due to Covid-19 (during monthly videoconferencing sessions of institutions’ operational risk functions); verification of completeness and quality of data input to the information system: weekly check of all operational risk incidents • entered by all Group entities to ensure that Covid-19 related losses are clearly flagged as such (control carried out by Operational Risk Function team); new incidents and monthly increases/decreases are reported for operational risk events related directly or indirectly to the • health crisis (COREP view) as of March 1 (external fraud; execution, delivery and process management; damage to physical assets; employment practices and workplace safety; business disruption and systems failures; clients, products and business practice; internal fraud); establishment of monthly reporting on Covid-19 losses for submission to the ECB, Group executive managers and the • operational risk function (under the responsibility of the consolidated operational risks team).

BREAKDOWN OF LOSSES BREAKDOWN OF LOSSES BY BASEL BUSINESS LINE

BREAKDOWN OF LOSSES BY BASEL LOSS EVENT CATEGORY

Execution, Delivery and Process Management 13 %

Internal Fraud 1 %

Retail Brokerage (RBR) 1 % Commercial Banking (CB) 2 % Retail Banking (RB) 12 %

Trading and Sales (TS) 2 % Corporate Finance (CF) 0 %

External Fraud 22 %

Business Disruption and System Failures 2 %

Employment Practices and Workplace Safety 7 %

Damage to Physical Assets 21 %

Corporate Items (CI) 59 %

Payment and Settlement (PS) 21 % Agency services (AS) 0 %

Clients, Products and Business Practices 34 %

Asset Management (AM) 3 %

224

RISK REPORT PILLAR III 2020 | GROUPE BPCE

www.groupebpce.com