Groupama // Universal Registration Document 2022

7

FINANCIAL STATEMENTS Combined financial statements and notes

5.2.3 protection law and the General Data Protection Regulation (GDPR), the compliance system relies on the Data Protection Officer (DPO) of the Group’s French entities declared to the French national data protection commission (“CNIL”) and on the network of internal data relay protection officers (DRPO): one officer per entity and 20 for Groupama Assurances Mutuelles in areas implementing processing operations. Each international subsidiary in the European Union has also designated a DPO with its national supervisory authority. All of these players are coordinated by the France DPO, who serves as CPO (Corporate Privacy Officer) within the Group. This network changes based on the Group’s organisational modifications. Closer look at mechanisms under Compliance’s responsibility Specific mechanisms have been set up to meet special requirements: to prevent insider dealing, the internal bylaws governing the Groupama Assurances Mutuelles Board of Directors contain a detailed reiteration of the statutory and regulatory provisions on the various restrictions on persons privy to privileged information about listed companies and financial instruments traded on regulated markets. Groupama Assurances Mutuelles staff in charge of investing in financial instruments traded on regulated markets and those working in mergers ‑ acquisitions sign a non ‑ disclosure agreement reiterating these same statutory and regulatory provisions. Groupama Assurances Mutuelles staff required to work on strategic transactions involving a listed company sign an NDA for each such transaction; ❯ the Legal Department manages regulatory compliance and Group coordination as regards anti ‑ money laundering and combating the financing of terrorism (AML/CFT). Entities implement applicable regulatory provisions and professional guidance in those of their procedures relevant to this field. The key points of the procedure include categorisation of the risks of money laundering and the financing of terrorism, collecting information on customers and the sources of their funds on the basis of the size of the risk, an automated detection system for people on asset ‑ freeze lists and politically ‑ exposed persons, a CRM profiling system for life/ savings business activities, and a permanent and periodic control mechanism to check procedures are followed properly. An anti ‑ money laundering and combating the financing of terrorism organisational policy defines the roles and responsibilities of the various participants and stakeholders at Group level and at each operational entity concerned, describes the mechanism in place with respect to informing and training employees, determines the methods and conditions for exchanging information required for due diligence, and specifies the procedure to be followed for control and risk monitoring. The Group Compliance Department, in conjunction with a network of managers in AML/CFT in insurance subsidiaries in France and internationally, Asset Managers and the regional mutuals, ensure the Group is meeting its obligations in this respect; ❯ with regard to the protection of medical data, Group recommendations are disseminated by the Groupama Assurances Mutuelles business division concerned or entity ❯

ensure the legal securing of governance (mandates, delegations of authority, and decision ‑ making and examination processes), the monitoring of the Group’s entities, and the review of regulatory reports; ❯ secure and optimise, from a legal perspective, partnership and alliance operations, restructuring operations, acquisitions, affiliations, financing, investments, and asset management; ❯ control and manage the legal risks relating to litigation and pre ‑ litigation cases (service providers, third parties, etc.) and our businesses, especially insurance (customer complaints, distribution networks, partners, etc.). ❯

5.2.2

Closer look at two specific compliance mechanisms under the Legal Department’s responsibility APPLICATION OF INSURANCE LAW AND REGULATIONS GOVERNING THE INSURANCE BUSINESS, DISTRIBUTION OF PRODUCTS AND SERVICES, AND COMMUNICATION

(a)

(b) GROUP DATA PROTECTION SYSTEM Regarding the application of the provisions of the French data building and running of training and awareness ‑ raising sessions on the regulations applicable to the insurance business, intended for a variety of audiences (distribution networks, Managers, etc.). ❯ The Group Legal Department, under the supervision of the General Secretary of Groupama Assurances Mutuelles provides, particularly on behalf of the business divisions of Groupama Assurances Mutuelles and insurance organisations (French insurance subsidiaries as well as the regional mutuals) a function of: monitoring and analysis of legislation and case law and other standards (FFA (French Insurance Federation) professional standards, ACPR (French Prudential Supervisory and Resolution Authority) recommendations, opinions issued by the French government’s “defender of rights” and the CCLRF (Banque de France’s advisory committee on financial legislation and regulation)) having an impact on the insurance business (marketing, consumer protection, communication, advertising, the development, subscription, execution and termination of insurance products, etc.); ❯ the necessary anticipation and support to implement new regulations for insurance; ❯ information (notes, circulars, working groups, dissemination of a quarterly legal newsletter on customer protection); ❯ ratification of new insurance policies developed by the Business Departments and other Group insurance subsidiaries, well as changes made to existing policies; ❯ development and approval of distribution, management delegation, and partnership agreements in connection with insurance, banking and other services; ❯ legal and tax advice (taxation applicable to products and advice in the area of wealth management solutions); ❯ dealings with administrative authorities for inspections, and support during these inspections and any resulting consequences on the insurance business; ❯

290

Universal Registration Document 2022 - GROUPAMA ASSURANCES MUTUELLES