GROUPAMA / 2018 Registration document

5 RISK FACTORS AND RISK MANAGEMENT RISK MANAGEMENT AND SENSITIVITY ANALYSES

RISK MANAGEMENT AND SENSITIVITY ANALYSES 5.2

This section corresponds to Note 47 to theconsolidated financial statements for fiscal year 2018, auditedby the statutoryauditors.

As a multi-line insurer, Groupama is subject to various types of insurance risks with variable time horizons. The Group is also exposed to market risks because of its financial investment activities, particularly credit risks and the risks related to interest rates, equity markets, foreign exchange, and real estate. Liquidity and reinsurer insolvencyrisks are also specificallymonitoredby the Group. In addition, the Group is subject to operational, regulatory, legal andtax risks asare all companies in other business ectors.

Since 2014, the risk management system has also relied on the ORSA (Own Risk and Solvency Assessment) process, which is reflected in the drafting of an annual report. This exercise, which aims to assess risks and solvency, is carried out at the level of each Group entity and at the consolidatedlevel, and each report is validated by the Board of Directors of the entity in question and communicated to theregulator. Risks are identified according to the Group classifications defined by risk area – operational, life insurance, non-life insurance, and financial – common to all Group entities and incorporating the Solvency 2 risk classification.Each major risk (Group and entity) is assigned a risk “owner” responsible for monitoring and controlling the risk in accordance with the standards defined by the Group. The risk owners establish risk control plans, which are implemented within the Group’s entities. At the Group level, risks related to the insurancebusiness lines are monitored especially by the Groupama AssurancesMutuelles and GroupamaGan Vie BusinessDepartmentsspecialisingin the areas in question and by the Reinsurance Department. The Finance Department is responsiblefor managing the risks related to assets and Asset/Liability Management. Operational risks are monitored by the Business Departments, Support Departments, or subsidiariesof GroupamaAssurancesMutuelles specialising in the area in question. Operationally, the internal control system of the entities and the EIG Groupama Supports & Services is organised around three complementary systems: risk management and permanent control/compliance of each ❯ entity; internal oroperational auditing ofeach entity; ❯ Group risk management and permanent control/complianceas ❯ well as the Group General Audit Department, reporting to the Executive Management of Groupama Assurances Mutuelles, which direct and coordinate the Auditing and Risk & Control functions withinthe Group. Several bodies are responsible for governance of the risk monitoring system atthe Group level: the Group Risk Committee: composed of the members of the ❯ Group Executive Committee and Manager of the Risk Management key function; its tasks are to approve the risk managementpolicy, particularlyby setting the limits of risks and approving the measures to be used to manage the risks and supervisingthe management of major risks for the Group; the Risk Committees by risk family (insurance, financial, ❯ operational, and compliance) organised by the Group Risk Management, Operational Risk Management/Permanent Control, and Compliance Departments and made up of major risk owners and according to the affected areas of the representatives of the Groupama Assurances Mutuelles business and support departments (Group Actuarial Department, Group Steering and Results Department, Investments,etc.), French Subsidiaries/InternationalSubsidiaries Department, andAsset Management subsidiaries;

5.2.1

ORGANISATION OF RISK MANAGEMENT WITHIN THE GROUP

The general principles, the objectives, and the organisation of internal control are defined in the Group’s internal control policy. An internal audit policy, a componentof internal control, supplements the provisions of the internal control policy and specifies its own operating rules and its areas of involvement. A general risk managementpolicy and policies dedicatedto covering all the risks to which the Group is exposed as well as a compliance policy, defining the overall framework for implementingand operating the compliance system within the Group, complete the system. All these policies are approved by the Groupama Assurances MutuellesBoardof Directors. The Group risk management policy is the basis for risk managementat both the Group level and the entity level. It defines all the structuring principles of the risk managementsystem within Groupama in terms of risk identification, measurement, and management methods and in organisational terms. The Group’s entities formalise their risk management policy and the various risk policies in line with the Group’s policies and dependingon their risk profile, their organisation,and their country of operation. The service (or resource), distribution, and financial subsidiaries implement a risk management system in accordance with the rules applicable to their activities and consistent with the framework established by the Group. The implementation of a consistent risk management system within the Group isensuredby: the definition of standards and a structuring framework for ❯ analysis and control of risks; support from the entities in the implementation of this risk ❯ management system; downstream checks of compliance with the Group standards ❯ and the effectiveness of the risk management system implemented within the entities.

134

REGISTRATION DOCUMENT 2018 - GROUPAMA ASSURANCES MUTUELLES