BPCE - Risk Report - Pillar III 2020

3

RISK MANAGEMENT SYSTEM

INTERNAL CONTROL

Internal control 3.4

The Group control system relies on three levels of controls, in accordance with banking regulations and sound management practices (two levels of permanent controls and one level of periodic control), as well as the establishment of consolidated control processes in accordance with provisions approved by BPCE’s Management Board.

STRUCTURE OF GROUPE BPCE’S INTERNAL CONTROL SYSTEM

Supervisory Body

Responsible for the quality of the internal control system

Audit Committee Risk Committee

Executive Body Executive managers

Remuneration Committee

Appointments Committee

Internal Control Coordination Committee (3CI)

Periodic control

Audit-Inspection function

Risk and Compliance Committee or Executive Risk Committee and specific committees for each type of risk

Outsourced activities

Review, ISS, BCP and SPB functions

Risk Management function

Compliance function

Level 2 permanent controls

Non-financial risks (Compliance, Operational Risk BPC, ISS)

Credit risks

Financial risks

Coordination of Permanent Controls

Level 1 permanent controls

Self-checks by the operational departments under managerial or functional supervision

Permanent control system

LEVEL 1: PERMANENT CONTROL BY LINE MANAGEMENT

Depending on the situation and activity(ies) in question, Level 1 controls are performed, jointly if applicable, by a special-purpose Middle Office-type control unit or accounting control entity, by the operational staff themselves, or by line managers. Level 1 controls are formally reported to the relevant Permanent Control divisions or functions.

Level 1 permanent control is the first link in internal control and is primarily performed by operational or support departments under the supervision of their line management. These departments are responsible for: implementing formalized, documented and reportable • self-checks; documenting and verifying compliance with transaction • processing procedures, detailing the responsibility of those involved and the types of checks carried out; verifying the compliance of transactions; • implementing recommendations drawn up by Level 2 control • functions on the Level 1 control system; reporting to and alerting Level 2 control functions. •

LEVEL 2: PERMANENT CONTROL BY DEDICATED ENTITIES

Level 2 permanent controls, within the meaning of Article 13 of Ministerial Order A-2014-11-03 on internal control, are performed by entities dedicated to this duty as part of the Group’s Risk division and Corporate Secretary’s Office in charge of Compliance and Permanent Control for Groupe BPCE.

36

RISK REPORT PILLAR III 2020 | GROUPE BPCE

www.groupebpce.com