GROUPAMA / 2019 Universal Registration Document

3 CORPORATE GOVERNANCE AND INTERNAL CONTROL Internal control procedures

Group Financial Risk Committee (CRFG) (a) The Group Financial Risk Committee is made up of the Deputy Chief ExecutiveOfficer(Chairman),the heads of the GroupFinancial and Investment Departments, the Group Risk Management and Compliance Director, and representatives of the French Subsidiaries/InternationalSubsidiaries Departments and banking and Asset Managementsubsidiaries.It is responsiblefor proposing to the Group Risk Management Committee the policy and rules governing the acceptance and retention of financial risks. In this context,it: identifiesand evaluates financial risks; ● proposes asset risk limits at Group level and entity level as well ● as hedging principles; checks the proper application of these limits by the Group’s ● entities and proposesactionplans; validates any exemptions and/or the establishment of action ● plans; reviews the models and methodologies for assessment of ● financial risks ( e.g. Asset/Liability Management, valuation, etc.) and the limits of these models; defines stress test scenarios for financial risks, evaluates their ● consequences, and proposes a modus operandi in case of occurrence ofa financial shock; alerts the Group’sExecutiveManagement whereappropriate. ● Group Insurance Risk Committee (CRAG) (b) The Group Insurance Risk Committee is made up of the Deputy CEO in charge of the Group Insurance and Services Department (Chairman), the heads of the Insurance, Agricultural, SOP Managementand Coordination,Reinsurance,Group Actuarial, and Group Risk Management/Controland Compliance Departments, representativesof the InternationalSubsidiariesand GroupamaGan Vie. It is responsible for proposing the policy and rules governing the acceptanceand retention of insurance risks to the Group Risk Management Committee. In this context, it: identifiesand evaluates insurance risks; ● examinesthe commitmentlevels at the Group level and the main ● guidelines; defines stress test scenarios on insurance risks, evaluates their ● consequences, and proposes a modus operandi in case of occurrence; monitors governanceand the performanceof the internal model ● for insurancerisks ( e.g. decisionfor majorchange ofthe model); checks the proper application of the process for development ● and complianceof new products(life and non-life)with the Group risk management policy; alerts the Group’s ExecutiveManagement whereappropriate. ● Group Operational Risk Committee (CROG) (c) Composed of the heads of the Group Risk Management/Control and Compliance Department and the Groupama Assurances Mutuelles departments that are “owners” of the main identified operational risks and chaired by the General Secretary, it is responsible for:

identifyingand assessingoperationalrisks (includingcompliance ● and reputation) and overseeing their consideration within the entities; defining and checking the budgets and operational risk limits ● consistent withthe Group risktolerance; monitoring all Group operational risks, particularly major Group ● operational risks; defining the policy for hedging against operational risks ● (operating riskinsurance, BCP,etc.); alerting the Group’sExecutiveManagement whereappropriate. ● Capital Management Committee 3.4.3.2 The main objectives of this committee are: validation of the capital management policy; ● monitoring of the implementation of the capital management ● plan; monitoring of theGroup’s solvency risk; ● validationof the internal assessmentof risks and the solvency of ● all Group entities atthe Group level. Cross-functional committees 3.4.3.3 In addition to the specific Risk Committees (CRG, specialised committeesby risk category,and CapitalManagementCommittee), the Group Risk Managementand ComplianceDirector chairs two cross-functional committees, allowing him to coordinate two important areas involved in the control of the Group’s risks: the partial internal model and data quality. Internal Model Group Committee (CGMI) (a) The Internal Model Group Committee (CGMI), led by the Group Actuarial Department (in charge of modelling) and by the Group Risk Management,Control,and ComplianceDepartment(in charge of independent validation of the model), is a body for decision-makingand discussionsbetweenthe various departments involved in or concernedby the internal model. As such, it takes an active role in the process of validating and changing the internal model. Its responsibilities are defined and detailed in the internal model policy. It reports to the Group Insurance Risk Committee, which has a role of consultation and guidance in such matters. It reports to the Group Risk Committee,the final decision-makerwith regard to major changes to the model, before approval by the Boardof Directors. Group Data Quality Committee (CGQD) (b) The Group Data Quality Committee, coordinated by the Group Management Control function, defines the Group data quality policy, verifies its operationalimplementationand managesprojects necessary to improve data quality. Under the internal model, the CGQD ensures that the data quality (completeness, accuracy, relevance) is sufficient both for entry of the model into calibration and after calibration.It is supportedby a networkof Data Managers and data owners (by entity and for each Group department concerned),who are in charge of controls applied to the collection process. The CGQD prepares a Group report and reports directly to theGroup Risk Management Committee (see above).

63 Universal Registration Document 2019 - GROUPAMA ASSURANCES MUTUELLES