GROUPAMA / 2019 Universal Registration Document

7 FINANCIAL STATEMENTS Consolidated financial statements and notes

The Group Risk Management, Permanent, and Compliance functionsare responsiblefor ensuringthat all Group entities comply with the requirements of Executive Management in terms of the internal control, compliance,and risk managementsystem, as well as thoseof Solvency 2, Pillar 2. With regard to risk management, the Group Risk Management Departmentis especially involved in areas related to financial risks, insurance risks, and risks related to the Group’s solvency, the Group Operational Risk Management and Permanent Control Department is especially involved in the scope related to operational risk management,and the key function of Compliance Verification of Groupama Assurances Mutuelles, the Group compliance officer, is involved in the areas related to non-compliance and image risks. Within this framework, these departments, according to their area of responsibility: assist the administrative and Executive Management bodies in ● defining: the riskstrategy; ● the structuring principles of the risk management system; ● are responsible for the implementationand coordination of the ● risk management system, consisting particularly of the risk management policies and the processes for identifying, measuring, managing, and reporting the risks inherent in the Group’sactivities; monitor andanalyse the Group’sgeneral risk profile; ● report on exposures to risk and alert the administration and ● ExecutiveManagementbodies in case of major risks threatening the Group’ssolvency; lead the RiskCommittees; ● lead the working groups and bodieswith the entities. ● More specifically, the Group Risk Department,as regards the risk management function, is responsible for: developing the Group risk management policy and the ● coordinating policies relating to insurance and financial risks together withthe risk owners concerned; defining the process for setting the Group’s risk tolerance (risk ● limits); monitoring themajor group insurance and financial risks (RMG); ● assessing and rating insurance and financial risks, including ● sensitivityanalyses and stress tests; implementing the ORSA process: internal assessment by the ● Companyof its risks andits solvencysituation; supportingthe Group’s entities in adaptingthe risk management ● system. The Group Operational Risk Managementand Permanent Control Department isresponsible for: developing the Group’s internal control and operational risk ● management policies; developing the Group’s standards and reference sources ● (mapping of processes, operational risks, permanent control plans, reference source of permanent controls) and overseeing the system within theentities; monitoring and assessing operational risks (related to control of ● processes);

acting as project owner of the EU tool for management of ● operating risks, OROp, managing in particular the collection of permanent control results, the incident database and the assessment ofoperationalrisks; establishing the internal control of the Groupama Assurances ● Mutuellesentity; defining the business continuity policy (BCP), respecting its ● implementation, overseeing the system within the entities; ensuring dataquality, in terms of governance and control plan; ● ensuring the internal validation of the internal model; ● supporting the Group’s entities in adapting the operational risk ● management and permanent control systems (steering, coordination, facilitation, information, and training); reporting on the status of the Group’s Internal Control system, ● for the purposesof communicationto the governancebodies as well as the appropriatesupervisoryauthoritiesby the Director of the Group’s Risk Management/Control, and Compliance Department. The key function of Compliance Verification of Groupama Assurances Mutuelles, the Group Compliance Officer: develops the Group Compliancepolicy. This function is involved ● in drafting Group compensation policies and governance and product oversight policies, in conjunction with the Groupama Assurance Mutuellesdepartmentsconcerned; oversees the Compliance functional line and those responsible ● for the key function of Compliance Verification by ensuring, where necessary, that legal, regulatory, and jurisprudential practices, conducted by the Group Legal Department, are implemented; regularly monitors compliance with group policies, standards, ● and procedures and their effective implementation; identifies, assesses, oversees, and monitors the exposure to ● non-compliance risks (risk mapping, dashboards, risk sheets, etc.); assists the business lines in drafting the level 1 control plans to ● strengthennon-compliancerisk managementand draws up the corresponding level 2control plans; implements and supervise, in collaboration with the Group ● entities, the prevention, identification, and management of conflictsof interest; contributes to drawing up replies to the authorities, with the ● Group Legal Department and entities that areconcerned; reports on non-compliancerisk managementto the governance ● bodies of the Group and thecompanies. Each Group entity has Risk Management,PermanentControl, and Compliancefunctions. The definition of the information systems security policy and its implementation by the entities is the responsibility of Groupama Support & Service (G2S), which reports to the Group Operational Risk Managementand PermanentControlDepartment. In addition, the Group Management Control Department is responsiblefor the ongoing monitoringof results and achievement of the Group’s objectives based on a process of estimated management common to all entities.

241

Universal Registration Document 2019 - GROUPAMA ASSURANCES MUTUELLES