GROUPAMA / 2018 Registration document

RISK FACTORS AND RISK MANAGEMENT RISK MANAGEMENT AND SENSITIVITY ANALYSES

validation of new insurance policies developed by the Business ❯ Departments and other insurance subsidiaries of the Group as well as themodifications made to existing policies; development and validation of distribution and partnership ❯ agreements in connectionwith insurance andother services; legal and tax advice (taxation applicable to products and advice ❯ in the area of wealthmanagementsolutions); relations with the administrative authorities for control and ❯ support as part of these controls and any resulting consequences on the insurance business; the development and coordination of training and ❯ awareness-raisingactivities relating to the regulationsapplicable to the insurance activity for various audiences (distribution networks,Managers,etc.). Other areas (c) Specific procedures have been put in place to meet special requirements: to prevent insider trading, the internal bylaws of the Groupama ❯ Assurances Mutuelles Board of Directors contain a detailed reminder of the legal and regulatory provisions relating to restrictions on persons holding insider information about listed companies and financial instruments admitted for trading on a regulated market. The Groupama Assurances Mutuelles employees in charge of investments in financial instruments admitted for trading on a regulatedmarket and those in charge of mergers and acquisitions sign a confidentiality commitment reminding them of these legal and regulatory provisions. The Groupama Assurances Mutuelles employees called on to work on a strategic transactioninvolvinga listed companysign such a commitment foreach transaction; in the fight against money laundering and terrorist financing ❯ (AML/CFT), regulatory compliance and Group coordination are managed by the Legal Department. As part of this, regulated entities must implement in their procedures the applicable regulatory and professional provisions in this field. The key points of the framework include a classification of money laundering and terrorist financing risks, the collection of information on customers and the origin of funds according to the significance of the risks, an automated tool for detecting persons on asset freeze lists as well as politically exposed persons, a customer relationship profiling tool for life/savings activities, and a system for permanent and periodic monitoring of the proper application of procedures. An AML/FT organisational chart defines the roles and responsibilitiesof the various participants and stakeholders at Group level and at the level of each operational entity concerned, describes the mechanism in place with respect to informing and training employees, determines the methods and conditions for exchanges of information required for the exercise of vigilance, and specifies the system to be applied for control and risk

monitoring. The Legal Department, in contact with a network of AML/CFT Managers in insurance subsidiaries both in France and internationally,asset managementsubsidiaries,and regional mutuals, ensures the Group’s compliancewith its obligations in this area (monitoring of regulatory developments – including those resulting from the transposition of the “4 th Anti-Money Laundering Directive”, ACPR guidelines and case law, harmonisation and consistency of procedures, dashboards, supervisionof IT projects,and training kits); in applicationof the provisionsof the French data protectionand ❯ the General Data ProtectionRegulation (GDPR), the compliance system relies on the Data Protection Officer (DPO) of the Group’s French entities declared to the French national data protection commission (“CNIL”) and on the network of internal data relay protection officers (DRPO): one officer per entity and nine for GroupamaAssurancesMutuelles in areas implementing processes. This network changes based on the Group’s organisational modifications; with regard to the protection of medical data, Group ❯ recommendations are disseminated by the Groupama Assurances Mutuelles business division concerned or entity concerned. It is the responsibility of the various Group entities (regional mutuals and subsidiaries) to implement these recommendations,in partnershipwith the medical advisers, the Group Data Protection Correspondent (“CIL”), and the Claims Division of the Insurance,Banking, andServices Department; regarding the protection of customers, the key function of the ❯ Groupama Assurances Mutuelles Compliance Verification manages or contributes to the operational implementation of several themes,including: ACPR instruction 2015-I-22 of 2 October 2015 on the ■ questionnaire on commercial practices and protection of customers, the ACPR’s various recommendationsparticularlyon handling ■ complaints and knowledge of customers with respect to the duty to advisein life insurance, including for remote selling, monitoring of the major risk for the Group of “failure to ■ advise”, the deployment of the Insurance Distribution Directive, which ■ also includes the prevention and management of conflicts of interest, the compensation of the distribution networks, as well as their professionalcapability andcontinuedtraining, the recurring enrichmentof the permanent control system, ■ monitoring and implementation of action plans to improve ■ marketing measures(OAV); in the fight against corruption and influence peddling (Sapin ❯ law 2) and the duty of care of parent companies and ordering companies (law 2017-399 of 27 March 2017), the key function of Compliance Verification of Groupama Assurances Mutuelles leads the various operational implementationprojects deployed in the entities in 2018. The compliancework continues in2019.

5

149

REGISTRATION DOCUMENT 2018 - GROUPAMA ASSURANCES MUTUELLES