Groupama // Universal Registration Document 2022

5

GROUP RISK FACTORS The Group’s main risks

5.1.3

OPERATIONAL RISKS

5.1.2.4 Cyber Insurance risk The Group’s Cyber Insurance risk relates to non ‑ life insurance policies offering cover to meet the need for customer protection in an environment of increased threat and frequency of cyber ‑ attacks. To best manage this risk in its portfolio, in addition to its own expertise, the Group also relies on the expertise of external service providers/counterparties, brokers, and reinsurers. In addition, the reinsurance protection in place would allow the Group to mitigate the potential impact of this risk should it occur. At 31 December 2022, the Cyber Insurance risk is considered “moderate”. Longevity The Group is exposed to the risk of an increase in the duration of payment of annuities, due to an increase in the life expectancy of annuitants or future annuitants, and therefore to an increase in the actuarial reserves to be established, which has a direct impact on the underwriting income from annuity insurance products. Changes to the regulatory table used also have a moderate impact on the increase in annuity reserves. The life expectancy risk is considered “moderate”. Pandemic In the context of Covid ‑ 19, pandemics are a proven risk. As an insurer and economic player, the Group has suffered from this unprecedented global phenomenon, particularly in 2020 and 2021. As an insurer, it has faced claims for work stoppages, business interruption, assistance, and credit and surety. As an economic player, Groupama has also committed to several initiatives such as premium reductions, contributions to solidarity funds for micro ‑ businesses and independent professionals, and contribution to government healthcare spending via an exceptional tax paid in 2020 and 2021. Although the pressure from Covid ‑ 19 began to subside in 2022, neither France nor other countries are immune to a new wave or epidemic. The pandemic risk is now considered “moderate”. 5.1.2.5 5.1.2.6 Although the likelihood of the risk materialising is greatly reduced at the Group level due to better diversification between the business lines and the entities, the risk of insufficient technical reserves is considered “moderate”.

5.1.3.1 Cyber ‑ Operational risk The steady increase in the number of security incidents (attempts to hack information systems) demonstrates the potential magnitude of this emerging risk. While these attempts have not yet succeeded in compromising the systems used by the Group, cyber ‑ risk is a pervasive risk that can result in data theft or a denial of service (saturation of systems) leading to a significant interruption of operations. In the course of its business activities, the Group has access to its customers’ personal data (bank data, health data, etc.), which are protected in its systems, and the growing digitisation of its operations increases the Group’s sensitivity to an attack on its information systems, which could have a significant impact on the Group’s business activity and reputation. The Cyber ‑ Operational risk is considered “significant”. Regulatory development risk New laws or regulations, or changes to them, can have a significant impact on companies, business activities, or markets. The Group’s activity is subject to detailed regulation and rigorous supervision in the countries where it operates. Such regulation and supervision are subject to new regulatory or legal provisions in terms of obligations related to Solvency II, IFRS 17 on the recognition and measurement of insurance contracts, Sapin 2, including corruption risks, the Insurance Distribution Directive (IDD) or the new CSR obligations. These various regulations and laws generate implementation costs and a non ‑ compliance risk. The Group is exposed to the risk that changes in laws or regulations, or their judicial interpretation, or new provisions may result in losses due to their negative impact on the income or performance of the Group’s entities, such as the extension of the retirement age in France. For example, the Group had been subject to an exceptional tax on health insurance premium income in France of around €91 million associated with the Covid ‑ 19 pandemic. For the sector as a whole, 2022 was marked by rising inflation (and therefore repair costs) and the exceptional weather ‑ related loss experience. With regard to the pension reform, the Government’s decision to maintain the retirement age of persons with disabilities at 62 will limit the impact of the reform for the Group, despite a slight increase in the loss experience expected in health and protection insurance because of the continued employment of individuals aged 62 to 64. The regulatory development risk is now considered “moderate”. 5.1.3.2

133

Universal Registration Document 2022 - GROUPAMA ASSURANCES MUTUELLES