GROUPAMA / 2019 Universal Registration Document

3 CORPORATE GOVERNANCE AND INTERNAL CONTROL Internal control procedures

3.4.4

GROUP COMPLIANCE

(AEOI) in its US component “FATCA” (Foreign Account Tax Compliance Act), its European component “DAC” (Directive for Administrative Cooperation) and its OECD component “CRS” (CommonReportingStandard); the External CommunicationDepartment, for the protection of ● the Groupama group’s image and reputation; the InternationalDepartment,for the systematicestablishmentof ● the Compliance Verification Function in each international subsidiary, in correspondence with the local laws and regulations. Each Department isowner ofthe non-compliance risk of its field. Each year, the Group’s Compliance function conducts an assessmentof the Group’smajor risks relatedto complianceduring which the Departmentsthat are “owners” of the risks must assess the major risks to which they are exposed. On the basis on this assessment,an annual plan is developed at the end of each year for the followingyear. The Group Compliance function regularly reports on major compliance issues to the Audit and Risk ManagementCommittee, which informs the Board of Directors (if necessary). Such issues particularly pertain to the main regulatory developments with implications for compliance, the results of the compliance risk assessment, and any other important issues that should be reported to Management. In 2015, the Groupama Assurances Mutuelles Board of Directors approved the Group Compliance Policy aiming to ensure the Group’scompliancewith all legislativeor regulatorytexts as well as the standards enacted by the supervisory authorities and the professionalpractices to which the Group is subject as part of its various activities. This policy presents the organisation that the Group has put in place to achieve this objectiveand the organisingframeworkof the system for managing non-compliance risks, i.e. : the arrangementsput in place within the Group in keeping with ● its strategyand its riskappetite; the roles and responsibilities of key players at the Group and ● company levels. The Group Compliance policy applies to all companies of the Groupamagroup both in France and internationally,respectingthe rules of proportionality as provided for in Directive 2009/138/EC, regardless of whether they are subject to Solvency II or to any equivalentlegislation/regulation. In 2016,each of them: appointeda person in charge of the key functionof “Compliance ● Verification”, whosename was reported to theACPR; drafted its own Compliance policy on the basis of the Group ● Compliancepolicy by adapting it in keeping with the principle of proportionality; implemented the draftedCompliancepolicy. ●

Non-compliance risk is a cross-group operational risk, and the non-compliance risk control system is one of the essential componentsof internal control organised within the Group. Complianceessentiallycovers the themespertainingto the Group’s core business, i.e. , non-life insurance,life insurance,banking,asset management, and real estate governed particularly by the insurance, monetary and financial, consumer, and commercial codes, the General Regulation of the AMF, as well as the regulationsfrom the supervisoryauthoritiesto which these activities are subject. In this context, the main themes and risks covered are as follows: the protectionof customers; ● the fightagainstmoney laundering and terrorist financing; ● ethics and professional conduct/conflicts of interest/the fight ● against corruption and influence peddling/the duty of care of parent companies and whistleblowing rights; internal fraud; ● confidentiality,professional secrecy, and processing of medical ● data; personaldata protection. ● The Group ComplianceDepartmentsupports, advises and verifies the formalisation and implementationof the rules enacted by the Groupama Assurances Mutuelles functional and Business Departments: the Group Legal Department for regulatory and legal watch ● aspects (compliance with the provisions of the insurance, commercial and consumer codes, tax regulations on insurance products, etc.) and Group internal standards,particularlyfor the monitoring of delegations of powers, anti-money laundering regulations and compliance with the provisions of the Data Protection Act. It serves as a cross-functional advisor in the implementationof projectswithin its fields, activelyparticipatesin the professional bodies and communicates the profession’s position within the Group. Lastly, by its training actions, it contributes to spreading the legal culture within the Group and raising awareness of compliancewith the applicable regulations among theoperationalfunctions; the Group Financial Departmentin the frameworkof compliance ● with the provisions of the Insurance Code, the AMF’s rules and the monetary andfinancialcode; the Group Insurance and Services Department for the approval ● of new products,or significanttransformationsof new products, to issue theexpected opinions,and procedures; the GroupHumanResourcesDepartmentparticularlywith regard ● to the compensationpolicy; the Group Tax Department in the framework of deployment of ● the regulationsrelating to the AutomaticExchangeof Information

64 Universal Registration Document 2019 - GROUPAMA ASSURANCES MUTUELLES