GROUPAMA / 2018 Registration document

CORPORATE GOVERNANCE AND INTERNAL CONTROL INTERNAL CONTROL PROCEDURES

Group Financial Risk Committee(CRFG) (a) The Group Financial Risk Committee is made up of the Deputy Chief Executive Officer (Chairman), the heads of the Group Financial and Investment Departments, the Group Risk Managementand ComplianceDirector, and representativesof the French Subsidiaries/International Subsidiaries Departments and banking and Asset Management subsidiaries. It is responsible for proposing to the Group Risk Management Committee the policy and rules governingthe acceptanceand retentionof financial risks. In this context, it: identifies andevaluates financial risks; ❯ proposes asset risk limits at Group level and entity level as well ❯ as hedging principles; checks the proper application of these limits by the Group’s ❯ entities andproposesaction plans; validates any exemptions and/or the establishment of action ❯ plans; reviews the models and methodologies for assessment of ❯ financial risks ( e.g. Asset/Liability Management, valuation, etc.) and the limits of these models; defines stress test scenarios for financial risks, evaluates their ❯ consequences, and proposes a modus operandi in case of occurrence ofa financialshock; alerts the Group’s ExecutiveManagementwhere appropriate. ❯ Group InsuranceRisk Committee (CRAG) b) The Group Insurance Risk Committee is made up of the Deputy CEO in charge of the Group Insurance and Services Department (Chairman), the heads of the Insurance, Agricultural, SOP Managementand Coordination,Reinsurance,Group Actuarial, and Group Risk Management/Controland Compliance Departments, representatives of the International Subsidiaries and Groupama Gan Vie. It is responsible for proposing the policy and rules governing the acceptance and retention of insurance risks to the Group Risk Management Committee. In this context, it: identifies andevaluates insurance risks; ❯ examines the commitment levels at the Group level and the ❯ main guidelines; defines stress test scenarios on insurance risks, evaluates their ❯ consequences, and proposes a modus operandi in case of occurrence; monitors governanceand the performanceof the internal model ❯ for insurance risks( e.g. decision for major change of themodel); checks the proper application of the process for development ❯ and compliance of new products (life and non-life) with the Group risk management policy; alerts the Group’s ExecutiveManagementwhere appropriate. ❯ Group Operational Risk Committee (CROG) (c) Composed of the heads of the Group Risk Management/Control and Compliance Department and the Groupama Assurances Mutuelles departments that are “owners” of the main identified operational risks and chaired by the General Secretary, it is responsible for:

identifyingand assessingoperationalrisks (includingcompliance ❯ and reputation) and overseeing their consideration within the entities; defining and checking the budgets and operational risk limits ❯ consistent withthe Group risktolerance; monitoring all Group operational risks, particularly major Group ❯ operational risks; defining the policy for hedging against operational risks ❯ (operating riskinsurance,BCP, etc.); alerting the Group’s Executive Management where appropriate. ❯ Capital Management Committee 3.4.3.2 The mainobjectives of this committeeare: validation of thecapital managementpolicy; ❯ monitoring of the implementation of the capital management ❯ plan; monitoring ofthe Group’s solvency risk; ❯ validationof the internal assessmentof risks and the solvency of ❯ all Group entities at theGroup level. Cross-functional committees 3.4.3.3 In addition to the specific Risk Committees (CRG, specialised committees by risk category, and capital Management Committee), the Group Risk Management and Compliance Director chairs two cross-functional committees, allowing him to coordinate two important areas involved in the control of the Group’s risks:the partial internalmodel and data quality. Internal ModelGroup Committee (CGMI) (a) The Internal Model Group Committee (CGMI), led by the Group Actuarial Department (in charge of modelling) and by the Group Risk Management, Control, and Compliance Department (in charge of independent validation of the model), is a body for decision-making and discussions between the various departments involved in or concerned by the internal model. As such, it takes an active role in the process of validating and changing the internal model. Its responsibilities are defined and detailed in the internal model policy. It reports to the Group Insurance Risk Committee, which has a role of consultation and guidance in such matters. It reports to the Group Risk Committee, the final decision-maker with regard to major changes to the model, before approval by the Board of Directors. Group Data Quality Committee (CGQD) (b) The Group Data Quality Committee, coordinated by the Group Management Control function, defines the Group data quality policy, verifies its operationalimplementationand managesprojects necessary to improve data quality. Under the internal model, the CGQD ensures that the data quality (completeness, accuracy, relevance) is sufficient both for entry of the model into calibration and after calibration.It is supportedby a networkof Data Managers and data owners (by entity and for each Group department concerned),who are in charge of controls applied to the collection process. The CGQD prepares a Group report and reports directly to theGroup Risk Management Committee (see above).

3

69

REGISTRATION DOCUMENT 2018 - GROUPAMA ASSURANCES MUTUELLES