BPCE - Risk Report - Pillar III 2020

5

CREDIT RISKS

RISK MEASUREMENT AND INTERNAL RATINGS

Internal rating system governance

The internal governance of rating systems is centered on the development, validation, monitoring and modification of these systems. The Groupe BPCE Risk division is completely independent from the rest of the Group (Banque Populaire and Caisse d’Epargne networks, Natixis and the other subsidiaries) in conducting performance and adequacy reviews of models for credit risks, counterparty risks, and structural ALM and market risks. In performing this duty, the Risk division relies on robust governance defined as part of the Model Risk Management (MRM) system. The Group has defined and launched a Model Risk Management (MRM) system to assess, reduce, monitor and communicate on model risk. Implementation of the new system is subject to an independent control presenting a high level of consistency. The principles of the system deal with the documentation, design, development, implementation, review, approval, ongoing supervision and use of models, all in the interest of ensuring their dependability. An MRM risk management policy has been defined to that end, aimed at promoting a clear understanding of how each model works, when and why it is used, and its strengths, weaknesses and limits. The policy is being gradually rolled out for each category of models in 2020, while expanding the scope of models subject to independent review. The policy is supplemented by a body of procedures defining the tools for monitoring the performance of the models, in particular the validation review, the monitoring of recommendations and the associated escalation processes, and the monitoring of the model portfolio through an inventory. The system is based on a specific tool that manages the life cycle of the models. A Model Risk Management Committee is dedicated to the governance of the models. The Group’s validation process encompasses all types of quantitative models, and defines and specifies the duties and responsibilities of contributors involved throughout each model’s life cycle. A specific procedure defines the conditions for delegating validation, within a specific scope, to another entity besides the Risk division validation team: the entity in question must have the necessary expertise, be independent of the team developing the model, and have appropriate validation governance. The delegation is subject to the approval of the

Model Risk Management Committee. Under these rules, the validation of certain specific PD and LGD models, IMM models for counterparty risk, IMA and standard models for market risk and prudent valuation models has been delegated to the independent validation team at Natixis. The validation of certain market valuation models has been delegated to the independent validation team at BRED. The internal validation process for new models or for changes to existing models is broken down into three steps: a review of the model and its adequacy, conducted • independently of the entities having worked on the development of the model; The Risk division’s model validation team reports to the Risk Governance department, which is independent of the Modeling department; a review by the Group Models Committee, comprised of • quantitative experts (modeling specialists and validators) and business line experts who issue a technical opinion on the model. This committee is chaired by the Head of Risk Management, Deputy Chief Executive Officer and member of the Executive Management Committee; validation by the Group RCCP Standards and Methods • Committee, based on the technical opinion issued by the Group Models Committee, which decides to implement the necessary changes, particularly in terms of processes and operational adaptation. These changes are submitted, where applicable, to the European supervisory authority for prior approval, in accordance with Commission Delegated regulation No. 529/2014 on changes of the Internal Ratings Based Approach used in determining capital requirements. After the completion of this governance process, internal control reports and statements of decisions are made available to Group management (and supervisory authorities for internal models used to determine capital requirements). Each year, a summary of the performances and adequacy of internal models is presented to the Risk Management Committee of the Group Supervisory Board. The Risk division’s validation team was strengthened in 2020 to support the increase in the number of models.

Model development process

The Risk division relies on a formalized process describing the main steps taken in developing any new model. This document, which serves as a guide for the entire documentation and validation process, is based on: a literary and general description of the model, indicating its • scope of application (counterparty type, product type, business line, etc.), the main assumptions on which it is based, and any aspects not covered; a descriptive diagram summarizing how the ultimately chosen • model works, indicating the various inputs, processes and outputs;

a detailed description of the modeling steps and approach; • a literary description of the model’s main risk factors. • Internally developed models are required to meet strict risk discrimination and qualification criteria. These models will ultimately (as from January 1, 2022) incorporate the regulatory changes enacted by the European Banking Authority under its IRB Repair program, aimed at improving the comparability of risk parameters input to the models.

88

RISK REPORT PILLAR III 2020 | GROUPE BPCE

www.groupebpce.com