BPCE - Risk Report - Pillar III 2020

3

RISK MANAGEMENT SYSTEM

RISK MANAGEMENT

STANDARD RISK GOVERNANCE STRUCTURE AT A GROUP INSTITUTION

Internal Control Coordination Committee

Executive Risk Committee

Risk Compliance Function

Credit Risks

Financial Risks

Non-Financial Risks Operational Risks Non-Compliance Risks Business Continuity Risks Information System Security Risks

Credit Risk Committee

ALM Committee

Market Risk Committee

Loan or Commitment Committee Provision and Collection Committee Watchlist Committee

Executive Management

Non-Financial Risk Committee

Risk governance

STRUCTURE The Risk Governance department is responsible for managing and coordinating the Risk and Compliance departments within Groupe BPCE. The Risk, Compliance and Permanent Control Charter calls for the Group Risk division and Corporate Secretary’s Office to participate, at their own initiative, in the annual performance assessment of the Heads of the Permanent Control functions, particularly risk and/or compliance, in consultation with the Chairman of the Management Board or the Chief Executive Officer. The Risk Governance department deploys the entire system on a daily basis and contributes to the overall supervision of Group risks, primarily through: oversight and updates of key Risk and Compliance function • documents such as charters and standards; analysis of the work done by the Executive Committees on • the risks incurred by the Banques Populaires, the Caisses d’Epargne and the subsidiaries; coordination of Risk Management and Compliance function • events through a series of national Risk Management and Compliance Days, including discussions and exchanges on risk- and compliance-related issues, presentations on the work done by the functions, training and sharing of best practices in the credit, financial, operational and compliance fields between all Group institutions. Risk Management and Compliance Days also provide opportunities to strengthen group-wide solidarity in the risk management and/or compliance professions in today’s ever-changing regulatory environment. In addition, audio conferences and regional meetings are attended by the Heads of Risk Management and

Compliance of the networks and subsidiaries to address current topics and events; a document library dedicated to the Risk, Compliance and • Permanent Control functions; measuring the level of risk and compliance culture in the • Group’s institutions via a dedicated self-assessment; operational efficiency initiatives (headcount benchmark • standards, risk and compliance half-year reports, risk appetite framework, etc.); oversight of all recommendations issued by the supervisory • authorities and by the Group’s Inspection Générale division covering Risks, Compliance and Permanent Control; a twofold assessment of a) Risk Management functions and b) • Compliance functions is conducted every year and presented to the Risk Committee of the Groupe BPCE Supervisory Board. managing the institutions’ risk appetite framework: definition • in line with the Group framework, consolidation and reporting to the bodies; support for new Heads of Risk Management and/or • Compliance via a dedicated program and the annual training plan for Risk and Compliance departments; frequent on-site meetings with the Heads of Risk • Management and/or Compliance and teams of the Banques Populaires, Caisses d’Epargne and subsidiaries; in addition to the Operational Committee meetings attended • by the Risk division, General Meetings held with each of the main BPCE subsidiaries: Natixis, Crédit Foncier, Banque Palatine, BPCE International, the subsidiaries of the Financial Solutions & Expertise division, FIDOR Bank and Oney for a

32

RISK REPORT PILLAR III 2020 | GROUPE BPCE

www.groupebpce.com