Société Générale / Risk Report - Pillar III

6 CREDIT AND COUNTERPARTY CREDIT RISK RISK MEASUREMENT AND INTERNAL RATINGS

Governance of the modelling of risks Credit own funds estimation models are subject to the global model risk management framework (see Chapter 13 “Model risk” of this document). The first line of defense is responsible for designing, putting into production, using and monitoring models, in compliance with model risk management governance rules throughout the model lifecycle, which include for credit risk internal models traceability of development and implementation stages and annual backtesting. The Model Risk Division, reporting directly to the Chief Risk Officer, acts as a second line of defense for all credit risk models. Independent model review teams rely, for the conduct of their missions, on principles of control of the theoretical robustness (assessment of the quality of the design and development) of the models, the conformity of the implementation and the use, the continuous follow-up of model relevance over time. The independent review process concludes with (i) a report summarizing the scope of the review, the tests performed, the results of the review, the conclusions or recommendations and with (ii) Reviewing and Approval Committees (respectively “Comité Modèles” and “Comité Experts” in the case of credit risk models); and the model risk control framework results in recurring reports to the Senior Management. The Model Risk Division reviews, amongst others, new models, backtesting results and any change to the credit own funds estimation models. In accordance with the Delegated Regulation (EU) No. 529/2014 of 20 May 2014 relating to the follow-up of internal models used for own funds computation, any model change to the Group’s credit risk measurement system is then subjected to two main types of notification to the competent supervisor, depending on the significant nature of the change laid down by this Regulation itself: significant changes which are subject to a request for approval prior p to their implementation; other changes which should be notified to the competent p authorities: prior to their implementation: non-material changes, according - to the criteria defined by the Regulation, are notified to the Supervisor (ex-ante notification). Barring a negative response, these may be implemented within a two months period, after their implementation: these changes are notified to the - competent authorities after their implementation at least once a year, through a specific report (ex-post notification). The Internal Audit Division, as a third line of defense, is responsible for periodically assessing the overall effectiveness of the model risk management framework (relevance of the model risk governance and efficiency of second line of defense activities) and performing the independent model audit.

Climate risk - Measuring sensitivity to transition risk Transition risk’s impact on Societe Generale Corporate clients’ credit risk has been identified as the main climate change-related risk for the Group. In order to measure this impact, the Group is gradually implementing a Vulnerability Indicator which aims to reinforce the credit analysis on corresponds to the marginal impact on the counterparty internal p rating over a 20-year time horizon of a selected transition scenario (for 2019 the International Energy Agency (IEA) sustainable development scenario was chosen). The assumption here is that the counterparty does not take any adaptation measure. The vulnerability is evaluated in parallel of the internal rating (which is associated to a 1 year probability of default); is applicable to the sectors identified as sensitive to transition risks. p Those sectors include in 2019: oil & gas, power generation, transport (automotive, air and shipping), metals and mining and commercial real estate; is represented through a 7-level scale, from high negative to high p positive impacts. This assessment, proposed by the first line of defense, is validated by the Risk Department as a second line of defense and relies on a methodology defined by the Risk Department. It enables the Group to engage a dialog with the most exposed clients. Indeed, for clients having a long-term exposure and for which the vulnerability indicator is moderate negative or high negative, a discussion has to be initiated to formalize an opinion on the adaptation strategy of the counterparty to the transition risk. The climate risk management system is further detailed in section “Climate risk management” of Chapter 5.2.3 "Positive climate action: supporting a fair, environmental and inclusive transition" of the 2020 Universal Registration Document. the most exposed counterparties. This climate vulnerability indicator:

83

| SOCIETE GENERALE GROUP | PILLAR 3 - 2020