GROUPAMA / 2019 Universal Registration Document

5 GROUP RISK FACTORS

Organisation of risk management within the Group

non-compliance and image risks. Within this framework, these departments, according to their area of responsibility: assist the administrative and Executive Management bodies in ● defining: the riskstrategy, ● the structuring principles of the risk management system; ● are responsible for the implementationand coordination of the ● risk management system, consisting particularly of the risk management policies and the processes for identifying, measuring, managing, and reporting the risks inherent in the Group’sactivities; monitor andanalyse the Group’sgeneral risk profile; ● report on exposures to risk and alert the administration and ● ExecutiveManagementbodies in case of major risks threatening the Group’ssolvency; lead the RiskCommittees; ● lead the working groups and bodieswith the entities. ● As regards the risk management function, the Group Risk Department isresponsible for: developing the Group risk management policy and the ● coordinating policies relating to insurance and financial risks together withthe risk owners concerned; defining the process for setting the Group’s risk tolerance (risk ● limits); monitoring themajor Group insurance and financial risks (RMG); ● assessing and rating insurance and financial risks, including ● sensitivityanalyses and stress tests; implementing the ORSA process: internal assessment by the ● company of itsrisks andits solvency situation; supportingthe Group’s entities in adaptingthe risk management ● system. The Group Operational Risk Managementand Permanent Control Department isresponsible for: developing the Group’s internal control and operational risk ● management policies; developing the Group’s standards and reference sources ● (mapping of processes, operational risks, permanent control plans, reference source of permanent controls) and overseeing the system within theentities; monitoring and assessing operational risks (related to control of ● processes); acting as project owner of the EU tool for management of ● operatingrisks, MAITRIS,managingin particularthe collectionof

permanent control results, the incident database, and the assessment ofoperationalrisks; establishing the internal control of the Groupama Assurances ● Mutuellesentity; defining the business continuity policy (BCP), respecting its ● implementation, overseeing the system within the entities; ensuring dataquality, in terms of governance and control plan; ● ensuring the internal validation of the internal model; ● supporting the Group’s entities in adapting the operational risk ● management and permanent control systems (steering, coordination, facilitation, information, and training); reporting on the status of the Group’s Internal Control system, ● for the purposesof communicationto the governancebodies as well as the appropriatesupervisoryauthoritiesby the Director of the Group’s Risk Management/Control, and Compliance Department. The key function of Compliance Verification of Groupama Assurances Mutuelles, the Group Compliance Officer: develops the Group Compliancepolicy. This function is involved ● in drafting Group compensation policies and governance and product oversight policies, in conjunction with the Groupama Assurance MutuellesDepartments concerned; oversees the Compliance functional line and those responsible ● for the key function of Compliance Verification by ensuring, where necessary, that legal, regulatory, and jurisprudential practices, conducted by the Group Legal Department, are implemented; regularly monitors compliance with Group policies, standards, ● and procedures and their effective implementation; identifies, assesses, oversees, and monitors the exposure to ● non-compliance risks (risk mapping, dashboards, risk sheets, etc.); assists the business lines in drafting the level 1 control plans to ● strengthennon-compliancerisk managementand draws up the corresponding level 2control plans; implements and supervise, in collaboration with the Group ● entities, the prevention, identification, and management of conflictsof interest; contributes to drawing up replies to the authorities, with the ● Group Legal Department and entities that areconcerned; reports on non-compliancerisk managementto the governance ● bodies of the Group and thecompanies. Each Group entity also has Risk Management,PermanentControl, and Compliancefunctions.

105

Universal Registration Document 2019 - GROUPAMA ASSURANCES MUTUELLES