Universal registration document and annual financial report 2020

2020 Universal registration document and annual financial report - BNP PARIBAS110

2 CorPorate GovernanCe and internal Control

Internal control

Among the Group s cross-functional procedures, applicable in all entities, risk control is critically important in, for example:

■ the procedures that govern the process for approving exceptional transactions, new products and new business activities;

■ the procedure for approving credit and market transactions;

■ the procedures for compliance with embargoes, anti-money laundering and anti-corruption.

The processes from these procedural frameworks rely primarily on committees (Exceptional Transactions Committees, New Business Activities and Products Committees, Credit Committees, etc.) mainly covering both operational and related functions such as IT and Operations, as well as the control functions (RISK, Compliance, Finance, and LEGAL and Tax Functions), which take a second-look on transactions. In the event of a dispute, they are submitted to a higher level of the organisation. At the highest level of the Group, there are committees (Credit, Market Risk, Risk Policy Committees, etc.) chaired by members of Executive Management.

2020 HIGHLIGHTS The year 2020 was marked by the Covid-19 pandemic during which the Group had to implement its operational resilience capabilities by modifying some of its processes to be able in particular to perform them outside the Group s sites. The first and second level control systems have been adapted accordingly to safely and properly perform customer activities at the same time as employee vigilance and protection systems. The Group has also set up a system for identifying and closely monitoring pandemic-related risks.

COMPLIANCE Integrated globally since 2015, Compliance brings together all Group employees reporting to the function.

Compliance is organised based on its guiding principles (independence; integration and decentralisation of the function; dialogue with the business lines; a culture of excellence) through three operating areas and two regions, reflecting the Group s organisation, as well as five fields of expertise and cross-functional activities.

All Compliance Officers in the various operational areas, regions, business lines and territories, fields of expertise and Group functions report directly to the Compliance Function.

The Compliance workforce reached 4,217 full-time equivalents (FTEs) at the end of 2020, stable compared to the 2019 workforce.

Compliance activity in 2020

Compliance continued to oversee the implementation of the Group s remediation plans initiated as part of its agreements with the authorities in France and the United States regarding international financial sanctions. This plan has been largely implemented.

■ The review by the independent consultant (IC) of the New York Department of Financial Services (DFS) following the Memorandum of Understanding (MOU) of 2013 and the Consent Order of 2014 was positively concluded. The scope of the report includes the tools and process for screening customer data as well as list management processes. In addition, as part of its annual audit of the Bank s New York entity, the DFS Supervision department conducted a review of compliance with the MOU and Consent Order agreements and issued a recommendation in favour of lifting the two above-mentioned agreements;

■ In the autumn of 2020, the French and American Supervisors (the ACPR and the Federal Reserve Bank) jointly conducted a final review to assess the Bank s compliance with the commitments made under the Cease & Desist Order of 2014, and are expected to publish their final report in 2021.

The Group, in terms of Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) and asset freezing, continued to develop its system by updating several key elements of its regulatory framework in order to incorporate regulatory changes and prevent the emergence of new risks. These changes were supported by increased awareness and accountability of operational staff and IT developments aimed at improving transaction monitoring capabilities.

Throughout the year, significant IT developments were made to the management of lists and central tools for screening customers names. Progress in the management of the lists was largely completed in 2020 and the program to roll out the centralised screening tool has met its overall objectives, knowing that all these efforts must be completed in 2021 as planned.

In the area of Know Your Customer , or KYC, the Group s standards have been updated to ensure compliance with regulatory changes, in particular the transposition of the EU s 5th AMLD Directive. They were supplemented by an update of the due diligence measures applicable to intermediaries and intra-Group entities. The Businesses are continuing their IT systems development programs, particularly within Corporate and Investment Banking, and have taken actions to increase internal operational efficiency and the customer experience. These initiatives are regularly monitored by Executive Management.

BNP Paribas system for the prevention and management of corrupt practices continues to be further strengthened following the publication of the Sapin 2 law of 9 December 2016. The corruption risk mapping methodology has been aligned with the Risk & Control Self-Assessment (RCSA) procedure to enable a more detailed analysis of corruption risks and scenarios by process. The training to raise awareness of these risks, carried out by all employees in 2019, was followed up in 2020 by mandatory advanced training for 26,000 employees who are more specifically exposed to corruption risks. Work has been undertaken to further improve risk management with regard to supplier relations and accounting controls.