GROUPAMA / 2018 Registration document

3 CORPORATE GOVERNANCE AND INTERNAL CONTROL INTERNAL CONTROL PROCEDURES

GROUP COMPLIANCE 3.4.4

the Group Human Resources Department particularly with ❯ regard tothe compensation policy; the Group Tax Department in the framework of deployment of ❯ the regulationsrelating to the AutomaticExchangeof Information (AEOI) in its US component “FATCA” (Foreign Account Tax Compliance Act), its European component “DAC” (Directive for Administrative Cooperation) and its OECD component “CRS” (CommonReportingStandard); the External Communication Department, for the protection of ❯ the Groupama group’s imageand reputation; the InternationalDepartment,for the systematicestablishmentof ❯ the Compliance Verification Function in each international subsidiary, in correspondence with the local laws and regulations. Each Departmentis ownerof the non-compliancerisk of its field. Each year, the Group’s Compliance function conducts an assessment of the Group’s major risks related to compliance during which the Departmentsthat are “owners” of the risks must assess the major risks to which they are exposed. On the basis on this assessment, an annual plan is developed at the end of each year for the followingyear. The Group Compliance function regularly reports on major compliance issues to the Audit and Risk ManagementCommittee, which informs the Board of Directors (if necessary). Such issues particularly pertain to the main regulatory developments with implications for compliance, the results of the compliance risk assessment, and any other important issues that should be reported to Management. In 2015, the Groupama Assurances Mutuelles Board of Directors approved the Group Compliance Policy aiming to ensure the group’s compliancewith all legislativeor regulatorytexts as well as the standards enacted by the supervisory authorities and the professional practices to which the Group is subject as part of its various activities. This policy presents the organisation that the Group has put in place to achieve this objective and the organisingframeworkof the system formanagingnon-compliance risks, i.e. : the arrangementsput in place within the Group in keeping with ❯ its strategy andits risk appetite; the roles and responsibilities of key players at the Group and ❯ company levels. The Group Compliance policy applies to all companies of the Groupamagroup both in France and internationally,respectingthe rules of proportionalityas provided for in Directive 2009/138/EC, regardless of whether they are subject to Solvency 2 or to any equivalent legislation/regulation.

Non-compliance risk is a cross-group operational risk, and the non-compliance risk control system is one of the essential components ofinternal control organised within theGroup. Compliance essentially covers the themes pertaining to the Group’s core business, i.e. , non-life insurance, life insurance, banking, asset management,and real estate governed particularly by the insurance, monetary and financial, consumer, and commercial codes, the General Regulation of the AMF, as well as the regulations from the supervisory authorities to which these activities are subject. In this context, the main themes and risks covered areas follows: the protectionof customers; ❯ the fight against money laundering and terrorist financing; ❯ ethics and professional conduct/conflicts of interest/the fight ❯ against corruption and influence peddling/the duty of care of parent companiesand whistleblowingrights; internal fraud; ❯ confidentiality, professional secrecy, and processing of medical ❯ data; personaldata protection. ❯ The Group ComplianceDepartment supports, advises and verifies the formalisation and implementation of the rules enacted by the Groupama Assurances Mutuelles functional and business departments: the Group Legal Department for regulatory and legal watch ❯ aspects (compliance with the provisions of the insurance, commercial and consumer codes, tax regulations on insurance products, etc.) and Group internal standards, particularly for the monitoring of delegations of powers, anti-money laundering regulations and compliance with the provisions of the Data Protection Act. It serves as a cross-functional advisor in the implementationof projects within its fields, actively participates in the professional bodies and communicates the profession’s position within the Group. Lastly, by its training actions, it contributes to spreading the legal culture within the Group and raising awareness of compliancewith the applicable regulations among theoperational functions; the Group Financial Departmentin the frameworkof compliance ❯ with the provisions of the Insurance Code, the AMF’s rules and the monetaryand financial code; the Group Insurance and Services Department for the approval ❯ of new products,or significanttransformationsof new products, to issue the expectedopinions, andprocedures;

70

REGISTRATION DOCUMENT 2018 - GROUPAMA ASSURANCES MUTUELLES