Groupama // 2021 Universal Registration Document

7 FINANCIAL STATEMENTS Combined financial statements and notes

Risk factors and sensitivity analyses Note 48

As a multi-line insurer, Groupama is subject to various types of insurance risks with variable time horizons. The Group is also exposed to market risks because of its financial investment activities, particularly credit risks and the risks related to interest rates, equity markets, foreign exchange and property. Liquidity and reinsurer insolvency risks are also specifically monitored by the Group. In addition, the Group is subject to operational, regulatory, legal and tax risks as are all companies in other business sectors. Organisation of risk management within the Group Implementation of a consistent risk management system within the Group is ensured by: definition of standards and a structuring framework for analysis ❯ and control of risks; support from the entities in implementation of this risk ❯ management system; downstream checks of compliance with the Group standards ❯ and the effectiveness of the risk management system implemented within the entities. The general principles, the objectives, and the organisation of internal control are defined in the Group’s internal control policy. An internal audit policy, a component of internal control, supplements the provisions of the internal control policy and specifies its own operating rules and its areas of involvement. A general risk management policy and policies dedicated to covering all the risks to which the Group is exposed as well as a compliance policy, defining the overall framework for implementing and operating the compliance process within the Group, complete the system. All these policies are approved by the Groupama Assurances Mutuelles Board of Directors. The Group risk management policy is the basis for risk management at both the Group level and the entity level. It defines all the structuring principles of the risk management system within Groupama in terms of risk identification, measurement, and management methods and in organisational terms. Group entities formalise their risk management policy and various risk policies in line with the Group’s policies and on the basis of their risk profile, organisation and operating country. The service (or resource), distribution, and financial subsidiaries implement a risk management system in accordance with the rules applicable to their activities, consistent with the framework established by the Group. Since 2014, the risk management mechanism has also used the ORSA (Own Risk and Solvency Assessment) process, shown by the production of an annual report. In fact, this exercise, aimed at evaluating risks and solvency, is conducted for every Group entity and at the consolidated level, each report being ratified by the Board of the entity concerned and communicated to the regulator. 1.

Risks are identified according to the Group classifications defined by risk area – operational, life insurance, non-life insurance, and financial – common to all the Group’s entities and incorporating the Solvency II risk classification. Each major risk (Group and entity) is assigned a risk “owner” responsible for monitoring and controlling the risk in accordance with the standards defined by the Group. Risk owners set up risk control plans implemented within the Group’s entities. At Group level, risks related to insurance business lines are in particular monitored by the Groupama Assurances Mutuelles and Groupama Gan Vie Business Departments specialising in the area in question; and by the Reinsurance Department. The Group Finance Department is responsible for managing risks related to assets and Asset/Liability Management. Operational risks are monitored by the Groupama Assurances Mutuelles Business Departments, support departments or subsidiaries, specialising in the area in question. Operationally, the internal control system of the entities and the Groupama Supports et Services JV is organised around three complementary systems: risk management, and permanent control, and compliance of ❯ each entity; the entity’s internal audit; ❯ the Group Risk Management, Permanent Control, and ❯ Compliance Department as well as the Group General Audit Department, reporting to Groupama Assurances Mutuelles Executive Management, which direct and coordinate the Auditing and Risk & Control functions within the Group. Several bodies are responsible for Group-level risk monitoring governance: The Group Risk Committee: composed of the members of the ❯ Group Executive Committee and the Manager of the key Risk Management function; its role is to approve the risk management policy, by setting the limits of risks and approving the measures used to manage risks, and to supervise the management of major Group risks; the Risk Committees by risk family (insurance, financial, and ❯ operational/compliance) organised by the Group risk, operational risk/permanent control, and Compliance Departments and made up of major risk owners, and depending on the areas concerned of the representatives from the Groupama Assurances Mutuelles business lines and support departments (Group Actuarial Department, Group Financial Control Department, investments, French subsidiaries (including Asset Management), and international subsidiaries); the Capital Management Committee: consisting of the Deputy ❯ Managing Director in charge of finance, the Director of Risk Management, Control, and Compliance, the Director of Risk Management, the Director of Reinsurance, the Director of Financing and Investment Operations, the Group Actuarial Director, the Head of Financing, the Head of ALM, and the representative of the International Department in charge of monitoring the international subsidiaries.

241

Universal Registration Document 2021 - GROUPAMA ASSURANCES MUTUELLES