Groupama // Universal Registration Document 2022

7

FINANCIAL STATEMENTS Combined financial statements and notes

advising and contributing to the optimisation of projects. ❯

5.2 Legal and regulatory risk Legal and regulatory risks are managed as part of the Group compliance mechanism, which is defined in the Group compliance policy ratified by the Group’s governance bodies. The system put in place is based on two departments with separate scopes of involvement: Group Compliance and Group Legal. A first level in support of operational teams and Directors, under the responsibility of the Group Legal Department, is responsible for: employee insurance; ❯ third ‑ party liability of corporate officers; ❯ professional third ‑ party liability; ❯ general third ‑ party liability; ❯ property damage insurance (property, offices, equipment, motor fleets, etc.); ❯ cyber risks and fraud. ❯ monitoring and compliance with all regulations (public or private standards) whatever the regulatory area with the exception of labour law and corporate taxation; ❯ legal securing of the Group’s businesses (products, distribution, communication, and consumer protection), projects, and operations; and ❯ Moreover, an insurance programme is in place, designed to provide liability protection and the protection of the asset base of regional mutuals, Groupama Assurances Mutuelles and its subsidiaries. The policies covering the most significant risks are split among internal insurers and external insurers. The principal coverage is the following: the Group’s business continuity policy; this policy serves as a baseline for crisis management systems and Business Continuity Plans (BCP) documented within the entities. The process is based on a BIA approach (Business Impact Analysis), which makes it possible to best calibrate the means necessary for the resumption of activity by identifying the critical business activities. Three BCPs have been identified: ❯ a Human Resources BCP, ■ a property BCP, ■ a BCP for information systems; ■ the information systems security policy and any related sub ‑ policies; ❯ on the system for securing people and property. ❯ ensuring the securing information systems in the face of the major “Cyber” risk; ❯

5.2.1 The permanent control procedures designed to ensure the compliance of all Groupama Assurances Mutuelles’ operations are based on the main mechanisms described below. Compliance and legal securing by the Group Legal Department The compliance and legal securing carried out by the Group Legal Department covers the following tasks and are implemented directly or by the legal function within the Group: provide regulatory monitoring for the Group at both national and European levels, assess the possible legal impact of regulatory developments (on the Group’s strategy, activities, development, innovation, and assets), and contribute to the Public Affairs Department’s lobbying actions; ❯ ensure that the Group’s businesses and operations comply with regulatory developments (including information and contribution to the training of employees, Group Directors, and networks); ❯ secure and monitor the legal risks of the Group’s activities and its services and products offered (design, enrolment, management) and assist operations staff in the legal and fiscal investigation and securing of (i) their offerings of insurance and other services, including the insurance, banking, and service offerings of their partners, (ii) the distribution and marketing of their offering, and (iii) communication; ❯ secure and control the legal risks relating to the Group’s contractual commitments (excluding insurance), relations with its service providers and partners, and outsourcing in particular; ❯ secure and control the legal risks relating to intellectual property rights (portfolio of trademarks, designs/models, copyrights, and image rights); ❯ manage the Group’s compliance and secure the Group’s data protection processes, projects, and businesses, as the Data Protection Department is attached to the Group’s Legal Department; ❯ A second level, intended to provide independent insight to the Group’s Directors and decision ‑ makers, under the responsibility of the Group’s Compliance Department, is responsible for: establishing and validating the compliance system; ❯ verifying conformity; and ❯ assessing non ‑ compliance risk. It covers the scope of customer protection, the fight against money laundering and the financing of terrorism, ethics and professional conduct, and conflicts of interest. ❯ The aim of this system is to ensure that all Group practices comply with legal provisions, administrative regulations and requirements, and professional standards, as well as the Group’s internal rules, charters, and procedures.

289

Universal Registration Document 2022 - GROUPAMA ASSURANCES MUTUELLES