Groupama // 2021 Universal Registration Document

7 FINANCIAL STATEMENTS Combined financial statements and notes

Audit and Risk Management Committee, and the Group Executive Committee for cross-functional audits. A quarterly report on the progress of the recommendations is given to the Groupama Assurances Mutuelles Board of Directors and its Audit and Risk Committee. The Group Risk Management and Permanent Control/Compliance functions are responsible for ensuring that all the Group’s entities comply with Executive Management’s requirements in terms of the internal control and risk management system, as well as those of Solvency II, Pillar 2. As regards risk management, the Group Risk Department works more specifically in areas related to financial and insurance risks, and risks connected to the Group’s solvency; the Operational Risk and Permanent Control Department works more particularly in areas related to the management of operational risks, and the key role in Groupama Assurances Mutuelles’ compliance, i.e. the Group Compliance Manager, works in fields connected to non-compliance and image-related risks. Within this framework, these departments, according to their area of responsibility: assist administrative and Executive Management bodies in ❯ defining: the risk strategy, ■ the core components of the risk management system; ■ are responsible for the implementation and coordination of the ❯ risk management system, consisting particularly of the risk management policies and the processes for identifying, measuring, managing, and reporting the risks inherent in the Group’s businesses; monitor and analyse the Group’s general risk profile; ❯ report on exposures to risk and alert the administration and ❯ Executive Management bodies in cases of major risks threatening the Group’s solvency; lead the Risk Committees; ❯ lead the working groups and bodies with the entities. ❯ More specifically, the Group Risk Department, as regards the risk management function, is responsible for: developing the Group risk management policy and the ❯ coordinating policies relating to insurance and financial risks together with the risk owners concerned; defining the process for setting the Group’s risk tolerance (risk ❯ limits); monitoring the Group’s major insurance and financial risks; ❯ assessing and rating insurance and financial risks, including ❯ sensitivity analyses and stress tests; implementing the ORSA process: internal assessment by the ❯ Company of its risks and its solvency situation; the implementation of the PRP (Preventive Recovery Plan); ❯ supporting the Group’s entities in adapting the risk management ❯ system. The Group Operational Risk Management and Permanent Control Department is responsible for: developing the Group’s internal control and operational risk ❯ management policies;

developing the Group’s standards and reference sources ❯ (mapping of processes, operational risks, permanent control plans, reference base of permanent controls) and overseeing the system within the entities; monitoring and assessing operational risks (related to control of ❯ processes); acting as project owner of the EU tool for management of ❯ operating risks, MAITRIS, managing in particular the collection of permanent control results, the incident database and the assessment of operational risks; establishing internal control at the Groupama Assurances ❯ Mutuelles entity; defining the business continuity policy (BCP) and implementing ❯ then overseeing the system within the entities; overseeing data quality control systems; ❯ validating the internal model; ❯ supporting the Group’s entities in adapting their operational risk ❯ management, permanent control and compliance systems (management, coordination, facilitation, information, and training); reporting on the status of the Group’s Internal Control system, ❯ for the purposes of communication to governance bodies and the appropriate supervisory authorities by the Group’s Director of Risk Management, Control and Compliance. The key role in verifying Groupama Assurances Mutuelles’ compliance, i.e. the Group Compliance Manager: develops the Group Compliance policy. The Compliance ❯ Manager is involved in drafting the Group remuneration policy, governance policy, and product surveillance policy, in conjunction with the relevant Groupama Assurances Mutuelles departments; coordinating the compliance function generally and the various ❯ Compliance Managers by acting, where necessary, as a conduit for legal, regulatory and jurisprudential intelligence prepared by the Group Legal Department; regularly checking the compliance of Group policies, standards ❯ and procedures, and effective implementation of same; identifying, assessing, supervising and monitoring exposure to ❯ businesses’ non-compliance risks (risk map, dashboards, risk sheets, etc.); assists the business lines in drafting the level 1 control plans to ❯ strengthen non-compliance risk management and draws up the corresponding level 2 control plans; implementing and supervising, in conjunction with all Group ❯ businesses, the prevention, identification and management of conflicts of interest; helping in drawing up replies to supervisory authorities, with the ❯ Group Legal Department and relevant departments and entities; reports on non-compliance risk management to the governance ❯ bodies of the Group and the companies.

243

Universal Registration Document 2021 - GROUPAMA ASSURANCES MUTUELLES