Groupama // Universal Registration Document 2022

3

CORPORATE GOVERNANCE AND INTERNAL CONTROL Internal control procedures

THE INTERNAL CONTROL SYSTEM

Governance Bodies

LEVELS TYPES OF CONTROLS

3

Audit

Permanent Regularly

Permanent Control & Risk Management

2

Independent

Hierarchy

1

Employees/Operational Resources

Operational

3.5.2.1 Principles of organisation As the central body, Groupama Assurances Mutuelles has defined a uniform policy framework to be put in place within the companies that takes into account their specific characteristics in terms of regulations, structure, organisation, and activity. The aim is to ensure the consistency of the principles and rules of management of Permanent Control and periodic control, with a view to controlling the risks that affect the Group, while taking into account the principle of proportionality as provided for in the Solvency II directive. The Group General Audit Department and the Group Risk Management, Control, and Compliance Department each manage and supervise the internal control system for the entire Group. In practice, they are in direct contact with the regional mutuals and the subsidiaries both nationally and internationally as well as with medium ‑ sized companies. Each of these companies must include in its scope all of its own subsidiaries and manage and oversee the implementation and monitoring of internal control systems in accordance with the principles and rules set out by the Group. The Group Audit Department, under the responsibility of the Director of Audit, Risk Management, and Internal Control, and the Group Risk Management, Control, and Compliance Department (DRCCG) report to the Deputy Chief Executive Officer of Groupama Assurances Mutuelles. The Group audit Director and the Group risk management, control, and Compliance Director periodically report to the audit and risk Management Committee of the Groupama Assurances Mutuelles Board of Directors on the Group’s position and any work in progress in terms of internal control and risk management. It coordinates the actions of the Group Risk Management Department and the Group Operational Risk Management and Permanent Control Department.

(a) Group Risk Management Department (DRG) In terms of risk management, as of the end of 2022, the DRG has a dedicated team of eight people and is more specifically involved in areas related to financial and insurance risks. In 2022, the main actions undertaken by the teams in the Group Risk Management Department focused on: assessment of the Group’s major risks and the revision and strengthening of reporting to the Group’s governance bodies; ❯ preparation and coordination of specialised Risk Management Committees; ❯ completion of the annual system of assessment and collection of insurance and financial risks for all of the Group’s entities; ❯ definition of the common methodological principles of assessment and preparation of a generic ORSA report proposed by the Group Risk Management Department, which serves as a basis for the entities to draw up their final report; ❯ support for the Risk Managers of the Group’s entities for the processes of assessing risks and finalising their ORSA reports; ❯ implementation of the Group’s risk tolerance framework in the regional mutuals; ❯ Both at Group level and at the entity level in France and internationally, the ORSA process was presented as work progressed, with approvals sought at each stage from the Steering Committee of Groupama Assurances Mutuelles and risk Management Committees of Groupama Assurances Mutuelles and the entities. At the same time, the Boards of Directors of the Group’s insurance companies were involved – directly or through the audit and risk Management Committee upstream of the ORSA work (particularly through the validation of calculation

61

Universal Registration Document 2022 - GROUPAMA ASSURANCES MUTUELLES