UNIVERSAL REGISTRATION DOCUMENT 2023

3 CORPORATE GOVERNANCE AND INTERNAL CONTROL Internal control procedures

As part of compliance reviews, the Group Compliance Department supports, advises, and verifies the formalisation and implementation of the rules enacted by the Groupama Assurances Mutuelles functional departments and business lines: the Group Legal Department is responsible for regulatory monitoring and interpretation, regulatory compliance, and training activities in order to disseminate the legal culture within the Group and to advise and raise the awareness of operational functions with regard to compliance with the applicable regulations; ❯ the Group Financial Department within the framework of compliance with the provisions of the French Insurance Code, the AMF, the French Monetary and Financial Code, and the Sapin 2 law and, in particular, for the issuance of mutual certificates; ❯ the Group Insurance and Services Department for the approval of new products or significant transformations of new products, to issue the corresponding opinions, as well as procedures; ❯ the Group Human Resources Department with regard to, in particular, the compensation policy as well as the management of conflicts of interest, the whistleblowing right, the ethics charter, and the Group Code of Conduct; ❯ the Group Tax Department in the framework of deployment of the regulations relating to the Automatic Exchange of Information (AEOI) in its US component “FATCA” (Foreign Account Tax Compliance Act), its European component “DAC” (Directive for Administrative Cooperation) and its OECD component “CRS” (Common Reporting Standard); ❯ the External Communication Department for the protection of the Groupama group’s image and reputation; ❯ the International Department, for the systematic establishment of the Compliance Verification Function in each international subsidiary, in correspondence with the local laws and regulations. ❯ Each department is owner of the non ‑ compliance risk of its field. The Group’s compliance function is responsible for coordinating and steering the compliance measures of its business line (France and international scope). It ensures that the Group’s policies, standards, and procedures in this area are implemented. To this end, it is responsible for coordinating the network of AML/CFT Managers of the Group’s reporting companies. Each year, it conducts an assessment of the Group’s major risks related to compliance during which the departments that are “owners” of the risks must assess the major risks to which they are exposed. On the basis on this assessment, an annual plan is developed at the end of each year for the following year. The Group’s compliance function also provides advice to the management and supervisory bodies. It reports functionally to the Assistant CEO in charge of finance, actuarial, audit, and risks as an effective Manager. The Group Compliance

Verification function regularly reports on major compliance issues to the Audit and Risk Management Committee, which informs the Board of Directors (if necessary). Such issues particularly pertain to the main regulatory developments with implications for compliance, the results of the compliance risk assessment, and any other important issues that should be reported to Executive Management. Compliance risks related to the regulatory environment of life insurance are managed by a specific body, the Regulatory and Environmental Management Committee (CREME), chaired by the Chief Executive Officer of Groupama Gan Vie. This decision ‑ making body is made up of the Managers of Groupama Gan Vie’s departments, the Managers of the Group’s risk and Compliance Departments, the Legal Department, and the Group’s DPO, as well as the Deputy Managing Director of Groupama Asset Management. It reports directly to the Group Risk Management Committee. In accordance with the Solvency II requirements, the Group Compliance Policy is approved by the Board of Directors of Groupama Assurances Mutuelles. Its purpose is to ensure that Group complies with all laws and regulations as well as the standards issued by the supervisory authorities and the business practices to which the Group is subject in its various activities. This policy presents the organisation that implemented by the Group to achieve this objective and the organising framework of the system for managing non ‑ compliance risks, i.e. : the arrangements put in place within the Group in keeping with its strategy and its risk appetite; ❯ the roles and responsibilities of key players at the Group and company levels. ❯ The Group compliance policy applies to all companies of the Groupama group both in France and internationally, respecting the rules of proportionality as provided for in Directive 2009/138/ EC, regardless of whether they are subject to Solvency II or to any equivalent legislation/regulation. Each Group company: means a person in charge of the key function of “compliance verification” whose name is reported to the ACPR or a compliance officer depending on whether they are subject to Solvency II or equivalent legislation/regulation; ❯ drafts its own compliance policy on the basis of the Group compliance policy by adapting it in keeping with the principle of proportionality; ❯ implements the drafted compliance policy. ❯ The Group compliance policy is reviewed at least every 12 months by the bodies that approved it and updated whenever an important event occurs. The Group’s compliance policy was updated to specify the organisation of the departments in charge of anti ‑ money laundering, terrorist financing, and asset freezing obligations, in accordance with the decree of 6 January 2021 following the order of 4 October 2020.

66

Universal Registration Document 2023 GROUPAMA ASSURANCES MUTUELLES