Groupama // 2021 Universal Registration Document

3 CORPORATE GOVERNANCE AND INTERNAL CONTROL Internal control procedures

3.4.4

GROUP COMPLIANCE

the International Department, for the systematic establishment of ❯ the Compliance Verification Function in each international subsidiary, in correspondence with the local laws and regulations. Each department is owner of the non-compliance risk of its field. The Group’s compliance function is responsible for coordinating and steering the compliance measures of its business line (France and international scope). It ensures that the Group’s policies, standards, and procedures in this area are implemented. To this end, it is responsible for coordinating the network of AML/CFT Managers of the Group’s reporting companies. Each year, it conducts an assessment of the Group’s major risks related to compliance during which the departments that are “owners” of the risks must assess the major risks to which they are exposed. On the basis on this assessment, an annual plan is developed at the end of each year for the following year. The Group’s compliance function also provides advice to the management and supervisory bodies. It reports functionally to the Deputy CEO for Finance, Actuarial Services, Audit, and Risk Management as an effective Manager. The Group Compliance Verification function regularly reports on major compliance issues to the Audit and Risk Management Committee, which informs the Board of Directors (if necessary). Such issues particularly pertain to the main regulatory developments with implications for compliance, the results of the compliance risk assessment, and any other important issues that should be reported to Executive Management. Compliance risks related to the regulatory environment of life insurance are managed by a specific body, the Regulatory and Environmental Management Committee (CREME), chaired by the Chief Executive Officer of Groupama Gan Vie. This decision-making body is made up of the Managers of Groupama Gan Vie’s departments, the Managers of the Group’s risk and compliance departments, the Legal Department, and the Group’s DPO, as well as the Deputy Managing Director of Groupama Asset Management. It reports directly to the Group Risk Management Committee. In accordance with the Solvency II requirements, the Group Compliance Policy is approved by the Board of Directors of Groupama Assurances Mutuelles. Its purpose is to ensure that Group complies with all laws and regulations as well as the standards issued by the supervisory authorities and the business practices to which the Group is subject in its various activities. This policy presents the organisation that implemented by the Group to achieve this objective and the organising framework of the system for managing non-compliance risks, i.e. : the arrangements put in place within the Group in keeping with ❯ its strategy and its risk appetite; the roles and responsibilities of key players at the Group and ❯ Company levels. The Group compliance policy applies to all companies of the Groupama group both in France and internationally, respecting the rules of proportionality as provided for in Directive 2009/138/EC, regardless of whether they are subject to Solvency II or to any equivalent legislation/regulation.

Non-compliance risk is a cross-group operational risk, and the non-compliance risk control system is one of the essential components of internal control organised within the Group. Compliance covers essentially the themes of the Group’s core business as non-life insurance, mutual certificates, distribution of banking and finance products, asset management, and real estate, governed in particular by the French Insurance Code, Monetary and Financial Code, Consumption Code, and Commercial Code, the AMF General Regulation, as well as the regulations established by the supervisory authorities of these activities. In this context, the main themes and risks covered are as follows: the protection of customers; ❯ the fight against money laundering and terrorist financing; ❯ ethics and professional conduct/conflicts of interest/the fight ❯ against corruption and influence peddling/the duty of care of parent companies and whistleblowing rights; internal fraud; ❯ confidentiality, professional secrecy, and processing of medical ❯ data; personal data protection. ❯ The Group Compliance Department supports, advises, and verifies the formalisation and implementation of the rules enacted by the Groupama Assurances Mutuelles functional departments and business lines: the Group Legal Department is responsible for regulatory ❯ monitoring and interpretation, regulatory compliance, and training activities in order to disseminate the legal culture within the Group and to advise and raise the awareness of operational functions with regard to compliance with the applicable regulations; the Group Financial Department within the framework of ❯ compliance with the provisions of the French Insurance Code, the AMF, the French Monetary and Financial Code, and the Sapin 2 law and, in particular, for the issuance of mutual certificates; the Group Insurance and Services Department for the approval ❯ of new products or significant transformations of new products, to issue the corresponding opinions, as well as procedures; the Group Human Resources Department with regard to, in ❯ particular, the compensation policy as well as the management of conflicts of interest, the whistleblowing right, the ethics charter, and the Group Code of Conduct; the Group Tax Department in the framework of deployment of ❯ the regulations relating to the Automatic Exchange of Information (AEOI) in its US component “FATCA” (Foreign Account Tax Compliance Act), its European component “DAC” (Directive for Administrative Cooperation) and its OECD component “CRS” (Common Reporting Standard); the External Communication Department for the protection of the ❯ Groupama group’s image and reputation;

62 Universal Registration Document 2021 - GROUPAMA ASSURANCES MUTUELLES