GROUPAMA / 2020 UNIVERSAL REGISTRATION DOCUMENT

3 CORPORATE GOVERNANCE AND INTERNAL CONTROL Internal control procedures

Group Financial Risk Committee (CRFG) (a) The Group Financial Risk Committee is made up of the Deputy Chief ExecutiveOfficer (Chairman),the heads of the GroupFinancial and Investment Departments, the Group Risk Management and Compliance Director, and representatives of the French Subsidiaries/InternationalSubsidiaries Departments and banking and Asset Managementsubsidiaries.It is responsiblefor proposing to the Group Risk Management Committee the policy and rules governing the acceptance and retention of financial risks. In this context, it: identifies and evaluates financial risks; ❯ proposes asset risk limits at Group level and entity level as well ❯ as hedging principles; checks the proper application of these limits by the Group’s ❯ entities and proposes action plans; validates any exemptions and/or the establishment of action ❯ plans; reviews the models and methodologies for assessment of ❯ financial risks ( e.g. Asset/Liability Management, valuation, etc.) and the limits of these models; defines stress test scenarios for financial risks, evaluates their ❯ consequences, and proposes a modus operandi in case of occurrence of a financial shock; alerts the Group’s Executive Management where appropriate. ❯ Group Insurance Risk Committee (CRAG) (b) The Group Insurance Risk Committee is made up of the Deputy CEO in charge of the Group Insurance and Services Department (Chairman), the heads of the Insurance, Agricultural, SOP Management and Coordination,Reinsurance,Group Actuarial, and Group Risk Management/Control and Compliance Departments, representativesof the InternationalSubsidiariesand GroupamaGan Vie. It is responsible for proposing the policy and rules governing the acceptanceand retention of insurance risks to the Group Risk Management Committee. In this context, it: identifies and evaluates insurance risks; ❯ examines the commitmentlevels at the Group level and the main ❯ guidelines; defines stress test scenarios on insurance risks, evaluates their ❯ consequences, and proposes a modus operandi in case of occurrence; monitors governanceand the performanceof the internal model ❯ for insurance risks ( e.g. decision for major change of the model); checks the proper application of the process for development ❯ and complianceof new products(life and non-life)with the Group risk management policy; alerts the Group’s Executive Management where appropriate. ❯ Group Operational Risk Committee (CROG) (c) Composedof the headsof the GroupRiskManagement/Controal nd Compliance Departmentand the GroupamaAssurancesMutuelles departmentsthat are “owners”of the main identifiedoperationalrisks and chaired by the General Secretary, it is responsible for: identifying andassessingoperationarl isks(includingcomplianceand ❯ reputation) and overseeing their considerawtioitnhin the entities;

defining and checking the budgets and operational risk limits ❯ consistent with the Group risk tolerance; monitoring all Group operational risks, particularly major Group ❯ operational risks; defining the policy for hedging against operational risks ❯ (operating risk insurance, BCP, etc.); alerting the Group’s Executive Management where appropriate. ❯ Capital Management Committee 3.4.3.2 The main objectives of this committee are: validation of the capital management policy; ❯ monitoring of the implementation of the capital management ❯ plan; monitoring of the Group’s solvency risk; ❯ validation of the internal assessmentof risks and the solvency of ❯ all Group entities at the Group level. Cross-functional committees 3.4.3.3 In addition to the specific Risk Committees (CRG, specialised committeesby risk category,and capital ManagementCommittee), the Group Risk Management and ComplianceDirector chairs two cross-functional committees, allowing him to coordinate two important areas involved in the control of the Group’s risks: the partial internal model and data quality. Internal Model Group Committee (CGMI) (a) The Internal Model Group Committee (CGMI), led by the Group Actuarial Department (in charge of modelling) and by the Group Risk Management,Control, and ComplianceDepartment(in charge of independent validation of the model), is a body for decision-making and discussionsbetween the various departments involved in or concernedby the internal model. As such, it takes an active role in the process of validating and changing the internal model. Its responsibilities are defined and detailed in the internal model policy. It reports to the Group Insurance Risk Committee, which has a role of consultation and guidance in such matters. It reports to the Group Risk Committee,the final decision-makerwith regard to major changes to the model, before approval by the Board of Directors. Group Data Quality Committee (CGQD) (b) The Group Data Quality Committee, coordinated by the Group Management Control function, defines the Group data quality policy, verifies its operational implementationand manages projects necessary to improve data quality. Under the internal model, the CGQD ensures that the data quality (completeness, accuracy, relevance) is sufficient both for entry of the model into calibration and after calibration.It is supportedby a networkof data Managers and data owners (by entity and for each Group department concerned), who are in charge of controls applied to the collection process. The CGQD prepares a Group report and reports directly to the Group Risk Management Committee (see above).

63 Universal Registration Document 2020 - GROUPAMA ASSURANCES MUTUELLES