BPCE - Risk Report - Pillar III 2020

3

RISK MANAGEMENT SYSTEM

RISK MANAGEMENT

Risk management 3.3

Governance of risk management

Risk management is governed by two main bodies at Group level: the Supervisory Board, which is supported by the Board’s Risk Committee, and the Executive Management Committee, of which the Head of Risk Management is a member. Chaired by the Chairman of the Management Board, the Group Risk and Compliance Committee, an umbrella committee, sets

the broad outlines of the risk policy and examines issues related to non-financial risks (specifically those related to banking, insurance and investment service compliance, and to financial security), annually reviews the risk appetite system, and approves a prospective risk analysis twice a year.

Organization of risk management

Groupe BPCE’s Risk division and Corporate Secretary’s Office – in charge of compliance and permanent control – measure, monitor and manage risks, pursuant to the Ministerial Order of November 3, 2014 on internal control. They ensure that the risk management system is effective, complete and consistent, and that risk-taking is consistent with the guidelines for the business (particularly targets and resources of the Group and its institutions). These duties are formalized in Groupe BPCE’s Internal Control Charter, an umbrella charter. It is based on the two charters of

the control functions, namely the Internal Audit Charter and the Group Risk, Compliance and Permanent Control Charter. The various departments of the Group Risk division are involved in all risks (credit, financial, operational, climate and non-banking investments) by acting on: the risk policy and the resulting standards; • permanent monitoring and control; • coordination. •

These activities are described in more detail below:

Group policy and standards

Monitoring and control

Coordination

present the Management Board and Supervisory • Board with a risk appetite framework for the Group and ensure its implementation and roll-out at each major entity; help draw up risk policies on a consolidated basis, • inform overall risk limits, contribute to discussions on capital allocation and ensure that portfolios are managed in accordance with these limits and allocations; define and implement standards and methods for • consolidated risk measurement, risk-taking approval, risk control and reporting, and compliance with risk regulations; oversee the risk information system, working closely • with the IS departments, while defining the standards to be applied for the measurement, control, reporting and management of risks.

carry out the annual macro-level risk mapping • exercise, factoring in the overall risk policy, risk appetite and annual permanent control plan, which is part of the internal control system; assess and control the level of risk across the Group; • conduct permanent monitoring of limit breaches and • their resolution, centralize risk data and prepare forward-looking risk reports on a consolidated basis; help the Groupe BPCE Management Board to • identify emerging risks, concentration of risk and other various developments, and to devise strategy and adjust risk appetite; perform stress tests with the goal of identifying • areas of risk and the Group’s resilience under various predetermined shock scenarios; conduct controls to ensure that the operations and • internal procedures of Group companies comply with legal, professional, or internal standards applicable to banking, financial and insurance activities; perform Level 2 controls of certain processes used to • prepare financial information, and implement a Group Level 2 permanent risk control system.

are functionally subordinate to the Risk and • Compliance functions, participating in the work of local Risk Committees or receiving the results of their work, coordinating the departments and approving the appointment or dismissal of all new Heads of Risk Management, Heads of Compliance, or Heads of Risk and Compliance meeting with the relevant managers and/or teams during national or local meetings and during checks on site or at BPCE; help disseminate risk and compliance awareness • and promote the sharing of best practices throughout the Group.

30

RISK REPORT PILLAR III 2020 | GROUPE BPCE

www.groupebpce.com