Société Générale / Risk Report - Pillar III

12 COMPLIANCE RISK, LITIGATION COMPLIANCE

Acting in compliance means understanding and observing the external and internal rules that govern our activities. These rules aim to ensure a transparent and balanced relationship between the Bank and all of its stakeholders. Compliance is the foundation stone for trust between the Bank, its customers, its supervisors and its staff. Compliance with rules is the responsibility of all Group employees, who must demonstrate compliance and integrity on a daily basis. The rules must be clearly expressed, and staff must be informed and/or trained to understand them properly. The compliance risk prevention system is based on shared responsibility between the operational entities and the Group Compliance Division: the operational entities (BU/SUs) must incorporate into their daily p activities compliance with laws and regulations, the rules of professional best practice and the Group’s internal rules; the Compliance Division manages the Group’s compliance risk p prevention system. It ensures the system’s consistency and efficiency, while also developing appropriate relationships with bank supervisors and regulators. This independent division reports directly to General Management.

To support the businesses and supervise the system, the Compliance Division is organised into: dedicated teams in each business line, liaising with the businesses p on all their compliance issues and responsible for most of the deal flow, except for the most sensitive transactions; central teams dedicated to oversight, the definition of standards p and controls, and key cross-business activities such as training and digital transformation. The Compliance Division is organised into eight main compliance risks grouped into two major categories: financial security, which includes Know Your Customer (KYC) p processes, the observance of international sanctions and embargoes rules, and anti-money laundering and counter-terrorism financing rules; regulatory risks that cover customer protection, market integrity, p anti-bribery & corruption, ethics & conduct, compliance with international tax regulations and personal data protection.

Financial security

Regulatory risks

Anti- corruption, Conduct and Ethics

Sanctions & Embargoes

Customer protection Market integrity Tax transparency

KYC

AML

Data

EMIR/DFA, Volcker, FBL, MAD/MAR, benchmarks, etc.

MiFID II/ MIFIR PRIIPs etc.

FATCA, CRS, QI, DAC6, etc.

Anti-money laundering and counter-terrorism financing

ABC, Sapin II, etc.

Know Your Customer

GDPR, Archiving, etc.

210

PILLAR 3 - 2020 | SOCIETE GENERALE GROUP |