GROUPAMA / 2019 Universal Registration Document

5 GROUP RISK FACTORS The Group’s main risks

Regulatory development risk 5.1.3.2 New laws or regulations,or changesto them, can have a significant impact on companies,businessactivities, ormarkets. The Group’s activity is subject to detailed regulation and rigorous supervisionin the countrieswhere it operates.Such regulationand supervision are subject to new regulatory or legal provisions, whether in terms of Solvency II obligations, IFRS 17 on the recognition and measurement of insurance contracts, obligations under Sapin 2, including corruption risks, or the Insurance Distribution Directive (IDD). The Group is exposed to the risk that changes in laws or regulations, or their judicial interpretation, or new provisions may result in losses due to their negative impact on the income or performance of the Group’s entities. For example, in 2017, there was a negative impact on the Group’s net income of €187 million as a result of the French government’s sudden withdrawal from fundingthe legal revaluationof life annuities. The regulatorydevelopment risk isconsidered “moderate”. Reputational risk 5.1.3.3 The Group is a major economicplayer in France (media visibility). It insures 12 millioncustomers,employs31,500 people,and is linked to all sectors of economicactivity in France, whether as an insurer or an investor.Its reputationmay be harmedby unfavourablemedia coverage (articles in the press or on the Internet) or by litigation in connection with a claim. It may be threatened by defamatory informationabout its financialposition, its management,its handling of a health crisis or natural disaster, its duty to advise, a publicised dispute, or a brand partnership. For example, the increase in consumer programmeswith a large TV/radioaudienceand the use of social media,where all customers can express themselves, has led to an increase in the number of publicised disputes likely to harm the confidence essential to the Group’sbusiness. For the Group, the reputational risk is considered“moderate”.

The Group establishes reserves in accordancewith the applicable accounting and regulatory requirements.However, these reserves do not represent a valuation of the corresponding liabilities, but rather an estimateof the amountsof claims, on a given date, using actuarial projection techniques. Claims reserves may therefore be subject to changes due to the number of variables that affect the ultimate cost of claims. These variablesmay be varied, such as the intrinsic change in claims, regulatory changes, trends in case law, and variations in the interest rates used to update annuity reserves. These items are not always predictable,as actual losses may differ significantly from the gross reserves initially established. Any upwardor downwardrevaluationsmay thereforehave an impact on net income. Although the likelihood of materialisation of the risk is greatly reducedat the Group level due to better diversificationbetweenthe business lines and the entities, the risk of insufficient technical reserves isconsidered“moderate”. Longevity 5.1.2.4 The Group is exposed to the risk of an increase in the duration of payment of annuities, due to an increase in the life expectancy of annuitantsor future annuitants,and therefore to an increase in the actuarial reserves to be established,which has a direct impact on the underwritingincome from annuity insuranceproducts.Changes to the regulatory table used also have a moderate impact on the increase in annuity reserves. The life expectancy risk is considered“moderate”. 5.1.3.1 The steady increasein the numberof security incidents(attemptsto hack informationsystems)demonstratesthe potentialmagnitudeof this emergingrisk. While these attemptshave not yet succeededin compromising the systems used by the Group, cyber-risk is a pervasive risk that can result in data theft or a denial of service (saturation of systems) leading to a significant interruption of operations. In the course of its business activities, the Group has access to its customers’ personal data (bank data, health data, etc.), which are protected in its systems, and the growing digitisationof its operations increases the Group’s sensitivity to an attack on its information systems, which could have a significant impact on the Group’sbusinessactivity and reputation. The cyber-riskis considered“moderate”. OPERATIONAL RISKS 5.1.3 Cyber-risk

103

Universal Registration Document 2019 - GROUPAMA ASSURANCES MUTUELLES