GROUPAMA / 2020 UNIVERSAL REGISTRATION DOCUMENT

5 GROUP RISK FACTORS

Organisation of risk management within the Group

5.2

ORGANISATION OF RISK MANAGEMENT

WITHIN THE GROUP

implement a risk managementsystem in accordancewith the rules applicable to their activities, consistent with the framework established by the Group. Since 2014, the risk management system has also relied on the ORSA (Own Risk and Solvency Assessment) process, which is reflected in the drafting of an annual report. This exercise, which aims to assess risks and solvency, is carriedout at the level of each Group entity and at the consolidated level, and each report is validated by the Board of Directors of the entity in question and communicated to the regulator. Several bodies are responsible for Group-level risk monitoring governance: the Group Risk Committee: composed of the members of the ❯ Group Executive Committee and the Manager of the key Risk Management function; its role is to approvethe risk management policy, by setting the limits of risks and approving the measures used to manage risks, and to supervise the management of major Group risks; the Risk Committees by risk family (insurance, financial and ❯ operational) organised by the Group Risk Management and Permanent Control/ComplianceDepartments and made up of major risk owners, and dependingon the areas concernedof the representatives from the Groupama Assurances Mutuelles Business and Support Departments (Group Actuarial Department, Group Financial Control Department, Investments, etc.), French Subsidiaries/InternationalSubsidiariesDepartment, and Asset Management subsidiaries; the Capital Management Committee consisting of the Deputy ❯ CEO, the Chief Financial Officer, the Director of Risk Management, Control, and Compliance,the InvestmentDirector, the Finance Director, the Solvency 2 Director, and the representative of the international department in charge of monitoring international subsidiaries. Similar mechanisms are in place at the entity level. In addition, a committee for the implementation and sharing of objectives, decisions, and best practices between the Group’s entities has been set up. This Audit, Risk, Control & Compliance operational implementation committee (called “Comop ARCC”) is run by the Risk Management,Control and ComplianceDepartment and the Group General Audit Department, with Group Legal Department involvement. It brings together the regional mutuals, the insurance subsidiaries in France, and Groupama Supports & Services (G2S). The Group Risk Managementand Permanent Control/Compliance functions are responsible for ensuring that all the Group’s entities comply with ExecutiveManagement’srequirementsin terms of the internal control and risk management system, as well as those of Solvency 2, Pillar 2.

In order to better manage all the risks to which it is exposed, the Group has put in place a set of measures and risk monitoring processes managed within a global framework. The implementation of the risk management system within the Group is ensured by: definition of standards and a structuring framework for analysis ❯ and control of risks; support from the entities in implementation of this risk ❯ management system; downstream checks of compliance with the Group standards ❯ and the effectiveness of the risk management system implemented within the entities. At the Group level, risks related to the insurancebusiness lines are monitored especially by the Groupama AssurancesMutuelles and Groupama Gan Vie BusinessDepartmentsspecialisingin the areas in question and by the Reinsurance Department. The Finance Department is responsiblefor managing the risks related to assets and Asset/LiabilityManagement.Operationalrisks are monitoredby the BusinessDepartments,SupportDepartments,or subsidiariesof Groupama Assurances Mutuelles specialising in the area in question. Risks are identified according to the Group classificationsdefined by risk area – operational, life insurance, non-life insurance, and financial – common to all the Group’s entities and incorporatingthe Solvency 2 risk classification.Each major (Group and entity) risk is assigned a risk “owner” responsible for monitoring and controlling the risk consistent with the standards defined by the Group. Risk owners set up risk control plans implementedwithin the Group’s entities. The general principles, the objectives, and the organisation of internal control are defined in the Group’s internal control policy. An internal audit policy, a component of internal control, supplements the provisions of the internal control policy and specifies its own operating rules and its areas of involvement. A general risk management policy and policies dedicated to covering all the risks to which the Group is exposed as well as a compliance policy, defining the overall framework for implementingand operating the compliance process within the Group, complete the system. All these policies are approved by the Groupama Assurances Mutuelles Board of Directors. The Group risk management policy is the basis for risk management at both the Group level and the entity level. It defines all the structuringprinciples of the risk managementsystem within Groupama in terms of risk identification, measurement, and management methods and in organisational terms. The Group’s entities formalise their risk management policy and various risk policies in line with the Group’s policies and on the basis of their risk profile, organisation and operating country. The service (or resource), distribution, and financial subsidiaries

110 Universal Registration Document 2020 - GROUPAMA ASSURANCES MUTUELLES