GROUPAMA / 2018 Registration document

5 RISK FACTORS AND RISK MANAGEMENT RISK MANAGEMENT AND SENSITIVITY ANALYSES

5.2.6

OPERATING, LEGAL, REGULATORY, AND TAX RISKS

Operational Risks 5.2.6.1 Operational risks are managed in accordance with the principles and rules defined in the Group and Groupama Assurances Mutuelles operational riskmanagement policy(see point 1). The operational risk management system of Groupama is based on: the definition of internal management rules and operational ❯ procedures defining the manner in which the activities of Groupama SA must be conducted. They are appropriate to each business line andeach key process. Onthe basis of Group reference source of processes and Group classification of operational risks at every stage of the business line and functional processes, operational risks are identified, and associatedpermanentcontrols are formalisedacross the Group. The system is based on three levels of control with responsibility and control plansappropriatefor each level: internal-check type permanent monitoring of the operational ■ level andpermanent managementcontrol, permanent controls operated by the Permanent ■ Control/ComplianceFunction of each entity, periodic controls undertaken by the internal audit team of ■ each entity; on the definition and assessment of Group major operational ❯ risks and adaptationas entity major risks, which function on the basis of a network of risk owners with management and coordinationof the entire system by the Group OperationalRisk Management and Permanent Control Department and the Group Compliance Department; on securing informationsystems in the face of the major risks of ❯ “informationsystem failures”and “cyber risks”; on the Group business continuity policy; this policy serves as a ❯ reference for crisis management systems and Business Continuity Plans (BCP) being documented within the entities. The process is based on the BIA approach (Business Impact Analysis), which makes it possible to best calibrate the means necessary for the resumptionof activity by identifying the critical business activities.Three BCPs have been identified: a human resources BCP, ■ a propertyBCP, ■ an information systems BCP; ■ on the information system security policy and the associated ❯ sub-policies; on the system forsecuringgoods andindividuals. ❯ Moreover, an insurance programme is in place, designed to provide liability protection and the protection of the assets of the regional mutuals, Groupama Assurances Mutuelles and its subsidiaries. The policies are distributed among internal insurers and external insurers for the most significant risks. The principal

third-party liability ofcorporate officers; ❯ professional third-party liability; ❯ operatingthird-partyliability; ❯ property damage insurance (property, offices, equipment,motor ❯ fleets, etc.); cyber risks. ❯ Legal and regulatory risks 5.2.6.2 The legal and regulatory risks are managed as part of the Group system compliance, which is defined in the Group compliance policy validated by the governingbodies of the Group. The system in place, directed by the key function of ComplianceVerificationof Groupama Assurances Mutuelles, the Group Compliance Officer, aims to ensure that all Group practices comply with legal provisions, administrative regulations and requirements and professional standards, as well as the Group’s internal rules, charters andprocedures. The internal control proceduresdesigned to ensure the conformity of all Groupama Assurances Mutuelles operations are based on the mainmechanisms describedbelow. The Group Legal Department, under the supervision of the Corporate Secretary, manages the Groupama Assurances Mutuelles legal affairs and those of its subsidiaries and provides legal advice as needed to all the French legal entities of Groupama Assurances Mutuelles. Within this framework, it ensures the legal safety of its operations and its Directors and executives. Internal checks on the effective implementation of administrative legal procedures are based on ongoing monitoring systems on an individualentity basis. The Group Legal Department within the Corporate Secretary of GroupamaAssurancesMutuelles ensures, particularly on behalf of the Business Divisions of Groupama Assurances Mutuelles, the French insurance subsidiaries,as well as the regional mutuals: a function of monitoring and analysing legislation and case law ❯ and other standards (FFA professional standards, ACPR recommendations, opinion of the Rights Defender and the CCLRF, etc.) having an impact on the insurance business; (marketing, consumer protection, communication, advertising, development, subscription, execution, and termination of insurance products,etc.); the necessary anticipation and support to implement new ❯ regulations for this activity; information(notes, circulars, working groups, disseminationof a ❯ quarterly bulletin of legal information in connection with customer protection); Application ofcorporatelaw (a) and the commercialcode Application ofinsurance law and regulations (b) governing the insurance business

coverage isthe following: employee insurance; ❯

148

REGISTRATION DOCUMENT 2018 - GROUPAMA ASSURANCES MUTUELLES