GROUPAMA / 2020 UNIVERSAL REGISTRATION DOCUMENT

7 FINANCIAL STATEMENTS Consolidated financial statements and notes

monitoring and analysis of legislation and case law and other ❯ standards FFA (French Insurance Federation) professional standards,ACPR (French Prudential Supervisoryand Resolution Authority) recommendations, opinions issued by the French government’s “defender of rights” and the CCLRF (Banque de France’s Advisory Committee on financial legislation and regulation) having an impact on the insurance business (marketing, consumer protection, communication, advertising, the development, subscription, execution and termination of insurance products, etc.); the necessary anticipation and support to implement new ❯ regulations for insurance; information (notes, circulars, working parties, disseminationof a ❯ quarterly bulletin of legal information related to customer protection); ratification of new insurance policies developedby the business ❯ departments and other Group insurance subsidiaries, well as changes made to existing policies; development and approval of distribution and partnership ❯ agreements in connection with insurance and other services; legal and tax advice (taxation applicable to products and advice ❯ in the area of wealth management solutions); dealings with administrative authorities for inspections, and ❯ support during these inspections and any resulting consequences on the insurance business; building and running of training and awareness raising sessions ❯ on the regulationsapplicableto the insurancebusiness, intended for a variety of audiences (distribution networks, Managers, etc.). (b) GROUP DATA PROTECTION SYSTEM Regarding the application of the provisions of the French data protection law and the General Data ProtectionRegulation(GDPR), the compliancesystem relies on the Data ProtectionOfficer (DPO) of the Group’s French entities declared to the French national data protection commission(“CNIL”) and on the networkof internal data relay protection officers (DRPO): one officer per entity and nine for Groupama AssurancesMutuelles in areas implementingprocesses. This network changes based on the Group’s organisational modifications. to prevent insider dealing, the internal bylaws governing the ❯ Groupama Assurances Mutuelles Board of Directors contain a detailed reiteration of the statutory and regulatory provisions on the various restrictionson persons privy to privileged information about listed companies and financial instruments traded on regulated markets. Groupama Assurances Mutuelles staff in charge of investing in financial instruments traded on regulated markets and those working in mergers-acquisitions sign a non-disclosure agreement reiterating these same statutory and regulatory provisions. Groupama Assurances Mutuelles staff required to work on strategic transactions involving a listed company sign an NDA for each such transaction; Closer look at mechanisms under Compliance’s responsibility Specific mechanisms have been set up to meet special requirements: 5.2.3

Compliance and legal securing by the Group Legal Department The complianceand legal securing carried out by the Group Legal Department covers the following tasks and are implemented directly or by the legal function within the Group: provide regulatorymonitoringfor the Group at both national and ❯ European levels, assess the possible legal impact of regulatory developments (on the Group’s strategy, activities, development, innovation, and assets), and contribute to the Public Affairs Department’s lobbying actions; ensure that the Group’s businessesand operationscomply with ❯ regulatory developments (including information and contribution to the training of employees, Group Directors, and networks); secure and control the legal risks of the Group’s businesses, ❯ service offerings, and products (design, subscription, management) and support the operational teams in the examinationand the legal and tax securing of (i) their insurance products and other services, (ii) distribution and marketing of products, and (iii) communication; secure and control the legal risks relating to the Group’s ❯ contractualcommitments(excluding insurance), relationswith its service providers and partners, and outsourcing in particular; secure and control the legal risks relating to intellectual property ❯ rights (portfolio of trademarks, designs/models,copyrights, and image rights); manage the Group’s compliance and secure the Group’s data ❯ protection processes, projects, and businesses, as the Data Protection Department is attached to the Group’s Legal Department; ensure the legal securing of governance (mandates, delegations ❯ of authority, and decision-makingand examination processes), the monitoring of the Group’s entities, and the review of regulatory reports; secure and optimise, from a legal perspective, partnership and ❯ alliance operations, restructuring operations, acquisitions, affiliations, financing, investments, and asset management; control and manage the legal risks relating to litigation and ❯ pre-litigation cases (service providers, third parties, etc.) and our businesses, especially insurance (customer complaints, distribution networks, partners, etc.). 5.2.1

5.2.2

Closer look at two specific compliance mechanisms under the Legal Department’s responsibility:

(a) APPLICATION OF INSURANCE LAWAND REGULATIONS GOVERNING THE INSURANCE BUSINESS, DISTRIBUTION OF PRODUCTS AND SERVICES, AND COMMUNICATION The Group Legal Department,under the supervisionof the General Secretary of GroupamaAssurancesMutuellesprovides, particularly on behalf of the Business Divisions of Groupama Assurances Mutuelles and insurance organisations (French insurance subsidiaries as well as the regional mutuals):

260

Universal Registration Document 2020 - GROUPAMA ASSURANCES MUTUELLES