GROUPAMA / 2020 UNIVERSAL REGISTRATION DOCUMENT

5 GROUP RISK FACTORS

Organisation of risk management within the Group

The role of the Group’s Tax Department is to provide information and monitor tax regulations for all of the Group’s entities. It is also regularly questionedabout specific technical points and is involved in preparing the end-of-year financial statements. The Group’s internal control system is supplemented with the activities of the Group General Audit Department. The Group General Audit Department conducts several types of audits, including a general economic and financial audit of the Group’s entities, generally on a three-year basis and at the latest every five years, in addition to the operational audits conducted within the entities. For large entities, these audits may be conducted more frequently and cover smaller scopes. The Group General Audit Department also conducts on Groupama Assurances Mutuelles processes and on the Group’scross-functionalprocesses,in which several entities may be involved, with the support of the entities’ internal auditing departments. Lastly, the Group General Audit Department conducts audits on behalf of some entities as part of the pooling of the Audit key function with Groupama Assurances Mutuelles. The audit schedule of the Group General Audit Departmentis defined by the ExecutiveManagementof Groupama Assurances Mutuelles and validated by the GroupamaAssurances Mutuelles Audit and Risk ManagementCommitteeand the Boardof Directors of Groupama Assurances Mutuelles. Every mission involves a review of the risk and internal control system for the activity or entity audited, and a mission report is prepared presenting the observations,findings, and recommendationsto the Executive Managementof the audited entities. A regular summary of the missions is provided to the Executive Management of Groupama AssurancesMutuelles, the Audit and Risk Management Committee, and the Group Executive Committee for cross-functional audits. A quarterly report on the progress of the recommendationsis given to the GroupamaAssurancesMutuelles Executive Management and its Audit and Risk Management Committee.

The Group Legal Department,under the supervisionof the General Secretariat, provides, particularly on behalf of the Business Divisions of Groupama Assurances Mutuelles and insurance organisations (French insurancesubsidiariesas well as the regional mutuals): monitoring and analysis of legislation and case law and other ❯ standards (FFA (French Insurance Federation) professional standards, ACPR (French Prudential Supervisoryand Resolution Authority) recommendations, opinions issued by the French government’s “defender of rights” and the CCLRF (Banque de France’s advisory committee on financial legislation and regulation) having an impact on the insurance business (marketing, consumer protection, communication, advertising, the development, subscription, execution and termination of insurance products, etc.); the necessary anticipation and support to implement new ❯ regulations for insurance; information (notes, circulars, working parties, disseminationof a ❯ quarterly bulletin of legal information related to customer protection); ratificationof new insurance policies developedby the Business ❯ Departments and other Group insurance subsidiaries, well as changes made to existing policies; development and approval of distribution and partnership ❯ agreements in connection with insurance and other services; legal and tax advice (taxation applicable to products and advice ❯ in the area of wealth management solutions); dealings with administrative authorities for inspections, and ❯ support during these inspections and any resulting consequences on the insurance business; building and running of training and awareness raising sessions ❯ on the regulationsapplicableto the insurancebusiness, intended for a variety of audiences (distributionetworks, Managers, etc.). In addition, as regards applicationof data protectionlegislationand the General Data Protection Regulation (GDPR), the compliance system makes use of Data ProtectionOfficers (DPO) in the Group’s French entities, registeredwith the French data protectionauthority (CNIL), and of a network of internal assistant DPOs, with one such per entity and nine for Groupama Assurances Mutuelles in areas implementing data processing.This networkchangesbased on the Group’s organisational modifications.

112 Universal Registration Document 2020 - GROUPAMA ASSURANCES MUTUELLES