Groupama // 2021 Universal Registration Document

7 FINANCIAL STATEMENTS Combined financial statements and notes

monitoring and analysis of legislation and case law and other ❯ standards (FFA (French Insurance Federation) professional standards, ACPR (French Prudential Supervisory and Resolution Authority) recommendations, opinions issued by the French government’s “defender of rights” and the CCLRF (Banque de France’s Advisory Committee on financial legislation and regulation)) having an impact on the insurance business (marketing, consumer protection, communication, advertising, the development, subscription, execution and termination of insurance products, etc.); the necessary anticipation and support to implement new ❯ regulations for insurance; information (notes, circulars, working groups, dissemination of a ❯ quarterly legal newsletter on customer protection); ratification of new insurance policies developed by the Business ❯ Departments and other Group insurance subsidiaries, well as changes made to existing policies; development and approval of distribution, management ❯ delegation, and partnership agreements in connection with insurance, banking and other services; legal and tax advice (taxation applicable to products and advice ❯ in the area of wealth management solutions); dealings with administrative authorities for inspections, and ❯ support during these inspections and any resulting consequences on the insurance business; building and running of training and awareness raising sessions ❯ on the regulations applicable to the insurance business, intended for a variety of audiences (distribution networks, Managers, etc.). (b) GROUP DATA PROTECTION SYSTEM Regarding the application of the provisions of the French data protection law and the General Data Protection Regulation (GDPR), the compliance system relies on the Data Protection Officer (DPO) of the Group’s French entities declared to the French national data protection commission (“CNIL”) and on the network of internal data relay protection officers (DRPO): one officer per entity and nine for Groupama Assurances Mutuelles in areas implementing processes. This network changes based on the Group’s organisational modifications. to prevent insider dealing, the internal bylaws governing the ❯ Groupama Assurances Mutuelles Board of Directors contain a detailed reiteration of the statutory and regulatory provisions on the various restrictions on persons privy to privileged information about listed companies and financial instruments traded on regulated markets. Groupama Assurances Mutuelles staff in charge of investing in financial instruments traded on regulated markets and those working in mergers-acquisitions sign a non-disclosure agreement reiterating these same statutory and regulatory provisions. Groupama Assurances Mutuelles staff required to work on strategic transactions involving a listed company sign an NDA for each such transaction; Closer look at mechanisms under Compliance’s responsibility Specific mechanisms have been set up to meet special requirements: 5.2.3

Compliance and legal securing by the Group Legal Department The compliance and legal securing carried out by the Group Legal Department covers the following tasks and are implemented directly or by the legal function within the Group: provide regulatory monitoring for the Group at both national and ❯ European levels, assess the possible legal impact of regulatory developments (on the Group’s strategy, activities, development, innovation, and assets), and contribute to the Public Affairs Department’s lobbying actions; ensure that the Group’s businesses and operations comply with ❯ regulatory developments (including information and contribution to the training of employees, Group Directors, and networks); secure and monitor the legal risks of the Group’s activities and its ❯ services and products offered (design, enrolment, management) and assist operations staff in the legal and fiscal investigation and securing of (i) their offerings of insurance and other services, including the insurance, banking, and service offerings of their partners, (ii) the distribution and marketing of their offering, and (iii) communication; secure and control the legal risks relating to the Group’s ❯ contractual commitments (excluding insurance), relations with its service providers and partners, and outsourcing in particular; secure and control the legal risks relating to intellectual property ❯ rights (portfolio of trademarks, designs/models, copyrights, and image rights); manage the Group’s compliance and secure the Group’s data ❯ protection processes, projects, and businesses, as the Data Protection Department is attached to the Group’s Legal Department; ensure the legal securing of governance (mandates, delegations ❯ of authority, and decision-making and examination processes), the monitoring of the Group’s entities, and the review of regulatory reports; secure and optimise, from a legal perspective, partnership and ❯ alliance operations, restructuring operations, acquisitions, affiliations, financing, investments, and asset management; control and manage the legal risks relating to litigation and ❯ pre-litigation cases (service providers, third parties, etc.) and our businesses, especially insurance (customer complaints, distribution networks, partners, etc.). 5.2.1

5.2.2

Closer look at two specific compliance mechanisms under the Legal Department’s responsibility:

(a) APPLICATION OF INSURANCE LAWAND REGULATIONS GOVERNING THE INSURANCE BUSINESS, DISTRIBUTION OF PRODUCTS AND SERVICES, AND COMMUNICATION The Group Legal Department, under the supervision of the General Secretary of Groupama Assurances Mutuelles provides, particularly on behalf of the business divisions of Groupama Assurances Mutuelles and insurance organisations (French insurance subsidiaries as well as the regional mutuals) a function of:

255

Universal Registration Document 2021 - GROUPAMA ASSURANCES MUTUELLES