GROUPAMA / 2020 UNIVERSAL REGISTRATION DOCUMENT

3 CORPORATE GOVERNANCE AND INTERNAL CONTROL Internal control procedures

GROUP COMPLIANCE

3.4.4

the Group Tax Department in the framework of deployment of ❯ the regulationsrelating to the AutomaticExchangeof Information (AEOI) in its US component “FATCA” (Foreign Account Tax Compliance Act), its European component “DAC” (Directive for Administrative Cooperation) and its OECD component “CRS” (Common reporting Standard); the External CommunicationDepartment, for the protection of ❯ the Groupama group’s image and reputation; the InternationalDepartment,for the systematicestablishmentof ❯ the Compliance Verification Function in each international subsidiary, in correspondence with the local laws and regulations. Each department is owner of the non-compliance risk of its field. Each year, the Group’s Compliance function conducts an assessment of the Group’smajor risks related to complianceduring which the departmentsthat are “owners” of the risks must assess the major risks to which they are exposed. On the basis on this assessment, an annual plan is developed at the end of each year for the following year. The Group Compliance function regularly reports on major compliance issues to the Audit and Risk ManagementCommittee, which informs the Board of Directors (if necessary). Such issues particularly pertain to the main regulatory developments with implications for compliance, the results of the compliance risk assessment, and any other important issues that should be reported to Management. In accordance with the Solvency 2 requirements, the Group Compliance Policy is approved by the Board of Directors of Groupama Assurances Mutuelles. Its purpose is to ensure that Group complies with all laws and regulations as well as the standards issued by the supervisory authorities and the business practices to which the Group is subject in itvsarious activities. This policy presents the organisation that implemented by the Group to achieve this objectiveand the organisingframeworkof the system for managing non-compliance risks, i.e. : the arrangementsput in place within the Group in keeping with ❯ its strategy and its risk appetite; the roles and responsibilities of key players at the Group and ❯ company levels. The Group Compliance policy applies to all companies of the Groupamagroup both in France and internationally,respecting the rules of proportionality as provided for in Directive 2009/138/EC, regardless of whether they are subject to Solvency 2 or to any equivalent legislation/regulation. Each Group company: appoints a person in charge of the key function of “Compliance ❯ Verification”, whose name was reported to the ACPR; drafts its own Compliance policy on the basis of the Group ❯ Compliance policy by adapting it in keeping with the principle of proportionality; implements the drafted Compliance policy. ❯

Non-compliance risk is a cross-group operational risk, and the non-compliance risk control system is one of the essential components of internal control organised within the Group. Compliance covers essentially the themes of the Group’s core business as non-life insurance, mutual certificates, distribution of banking and finance products, asset management,and real estate, governed in particularby the French InsuranceCode, monetaryand financial Code, Consumption Code, and Commercial Code, the AMF General Regulation, as well as the regulations establishedby the supervisory authorities of these activities. In this context, the main themes and risks covered are as follows: the protection of customers; ❯ the fight against money laundering and terrorist financing; ❯ ethics and professional conduct/conflicts of interest/the fight ❯ against corruption and influence peddling/the duty of care of parent companies and whistleblowing rights; internal fraud; ❯ confidentiality, professional secrecy, and processing of medical ❯ data; personal data protection. ❯ The Group ComplianceDepartmentsupports, advises, and verifies the formalisation and implementationof the rules enacted by the Groupama Assurances Mutuelles functional and business departments: Group Legal Department for aspects of regulatory oversight, ❯ interpretation of regulations, active participation in professional bodies, dissemination of legal doctrine within the Group, validation of non-life and life insurance products, methods of marketing them by the Group’s various networks, customer protection, monitoringof delegationsof authority, regulationson the fight against money laundering and terrorist financing, implementation of the law on the duty of care of parent companies and contracting companies, the anti-bribery component of the Sapin 2 law, etc., and compliance with personal data protection provisions. Lastly, through its training activities, it contributes to promoting the legal culture within the Group and advising and raising awareness of the operational functions of compliance with the applicable regulations; Group Financial Departmentwithin the frameworkof compliance ❯ with the provisions of the French InsuranceCode, the AMF, the French Monetary and Financial Code, and the Sapin 2 law and, in particular, for the issuance of mutual certificates; the Group Insurance and Services Department for the approval ❯ of new products, or significant transformationsof new products, to issue the expected opinions, and procedures; Group Human Resources Department with regard to, in ❯ particular, the compensationpolicy as well as the management of conflicts of interest, the whistleblowing right, the ethics charter, and the Group Code of Conduct;

64 Universal Registration Document 2020 - GROUPAMA ASSURANCES MUTUELLES