Groupama // Universal Registration Document 2022

3

CORPORATE GOVERNANCE AND INTERNAL CONTROL Internal control procedures

calibration and after calibration. It is supported by a network of data Managers and data owners (by entity and for each Group department concerned), who are in charge of controls applied to the collection process. The CGQD prepares a Group report and reports directly to the Group Risk Management Committee (see above).

Each department is owner of the non ‑ compliance risk of its field. The Group’s compliance function is responsible for coordinating and steering the compliance measures of its business line (France and international scope). It ensures that the Group’s policies, standards, and procedures in this area are implemented. To this end, it is responsible for coordinating the network of AML/CFT Managers of the Group’s reporting companies. Each year, it conducts an assessment of the Group’s major risks related to compliance during which the departments that are “owners” of the risks must assess the major risks to which they are exposed. On the basis on this assessment, an annual plan is developed at the end of each year for the following year. The Group’s compliance function also provides advice to the management and supervisory bodies. It reports functionally to the Deputy CEO for Finance, Actuarial Services, Audit, and Risk Management as an effective Manager. The Group Compliance Verification function regularly reports on major compliance issues to the Audit and Risk Management Committee, which informs the Board of Directors (if necessary). Such issues particularly pertain to the main regulatory developments with implications for compliance, the results of the compliance risk assessment, and any other important issues that should be reported to Executive Management. Compliance risks related to the regulatory environment of life insurance are managed by a specific body, the Regulatory and Environmental Management Committee (CREME), chaired by the Chief Executive Officer of Groupama Gan Vie. This decision ‑ making body is made up of the Managers of Groupama Gan Vie’s departments, the Managers of the Group’s risk and Compliance Departments, the Legal Department, and the Group’s DPO, as well as the Deputy Managing Director of Groupama Asset Management. It reports directly to the Group Risk Management Committee. In accordance with the Solvency II requirements, the Group Compliance Policy is approved by the Board of Directors of Groupama Assurances Mutuelles. Its purpose is to ensure that Group complies with all laws and regulations as well as the standards issued by the supervisory authorities and the business practices to which the Group is subject in its various activities. the International Department, for the systematic establishment of the Compliance Verification Function in each international subsidiary, in correspondence with the local laws and regulations. ❯ the Group Tax Department in the framework of deployment of the regulations relating to the Automatic Exchange of Information (AEOI) in its US component “FATCA” (Foreign Account Tax Compliance Act), its European component “DAC” (Directive for Administrative Cooperation) and its OECD component “CRS” (Common Reporting Standard); ❯ the External Communication Department for the protection of the Groupama group’s image and reputation; ❯

3.5.4

GROUP COMPLIANCE

Non ‑ compliance risk is a cross ‑ group operational risk, and the non ‑ compliance risk control system is one of the essential components of internal control organised within the Group. Compliance covers essentially the themes of the Group’s core business as non ‑ life insurance, mutual certificates, distribution of banking and finance products, Asset Management, and real estate, governed in particular by the French Insurance Code, monetary and financial Code, consumption Code, and Commercial Code, the AMF General Regulation, as well as the regulations established by the supervisory authorities of these activities. In this context, the main themes and risks covered are as follows: the protection of customers; ❯ the fight against money laundering and terrorist financing; ❯ ethics and professional conduct/conflicts of interest/the fight against corruption and influence peddling/the duty of care of parent companies and whistleblowing rights; ❯ internal fraud; ❯ confidentiality, professional secrecy, and processing of medical data; ❯ personal data protection. ❯ The Group Compliance Department supports, advises, and verifies the formalisation and implementation of the rules enacted by the Groupama Assurances Mutuelles functional departments and business lines: the Group Legal Department is responsible for regulatory monitoring and interpretation, regulatory compliance, and training activities in order to disseminate the legal culture within the Group and to advise and raise the awareness of operational functions with regard to compliance with the applicable regulations; ❯ the Group Financial Department within the framework of compliance with the provisions of the French Insurance Code, the AMF, the French monetary and financial Code, and the Sapin II law and, in particular, for the issuance of mutual certificates; ❯ the Group Insurance and Services Department for the approval of new products or significant transformations of new products, to issue the corresponding opinions, as well as procedures; ❯ the Group Human Resources Department with regard to, in particular, the compensation policy as well as the management of conflicts of interest, the whistleblowing right, the Ethics Charter, and the Group Code of Conduct; ❯

66

Universal Registration Document 2022 - GROUPAMA ASSURANCES MUTUELLES