Universal registration document and annual financial report 2020

2020 Universal registration document and annual financial report - BNP PARIBAS 111

2CorPorate GovernanCe and internal Control

Internal control

Compliance, in addition to its role of coordinating, steering and management reporting of cross-functional initiatives, is in charge together with RISK and LEGAL of the second line of defence against risks related to the rules of conduct. In 2020, its efforts focused on finalising the adoption by the Businesses of the various components of the Code of conduct.

In terms of professional ethics, the whistleblowing system continued to be improved, in particular on the basis of enhanced alert analysis capabilities. Communication and training in handling alerts continued. In addition, the Group s Personal Transactions procedure has been revised, with increased standardisation of processes and rules as well as strengthened controls.

The Market Integrity area continued to adapt and strengthen its permanent control system, in accordance with regulatory changes relating to BMR (Benchmark Regulation) and MIFID II, and by managing the Group roll-out of the Bank for International Settlements Code of conduct on the foreign exchange market. The system for managing information barriers and inside information has been strengthened by updating procedures and new tools.

The implementation of systems relating to client tax regulations (Foreign Account Tax Compliance Act (FATCA), the Automatic Exchange of Information (AEOI) for tax purposes system or the Qualified Intermediary scheme concerning withholding taxation on American securities) has been strengthened, in particular, by implementing an annual internal FATCA/QI certification process, training employees about these regulations and deploying adequate controls at first and second levels.

Changes to systems relating to international banking laws continued with, in particular, the publication of first-level generic control plans and the gradual Group-wide implementation of the new Volcker 2.0 systems, including an annual internal certification. With regard to the CFTC Swap Dealer regulation, two internal reviews led to recommendations that will improve the system.

Controls

Compliance has updated its permanent control system to make the first line of defence more accountable (Businesses and functions) by publishing the first-level permanent control plans for each of the areas and by reviewing the second-level Independent Testing and Check & Challenge processes. This transformation work required a change to data collection (qualitative indicators) and the analysis of risk signals, thus improving the consolidated presentation of risks to Executive Management.

Training

In 2020, despite the health crisis, the mandatory Compliance training courses continued, with an adjusted schedule, allowing employees to complete them within the appropriate timeframe given the priorities of their respective business activities. For each of these training courses, the completion rate is over 94%.

Mandatory training on compliance topics is based on the following populations:

■ all Group employees: in 2020, 97% of Group employees completed the training on international sanctions and embargoes;

■ specifically exposed populations: Anti-Corruption Advanced course, Market Abuse, and training on banking and tax law (Volcker, US CFTC Swap dealer, AEOI, FATCA);

■ all new employees upon joining the Group: six mandatory training sessions, namely training on the Code of conduct and five specific compliance training courses (International Sanctions and Embargoes, Anti-Money Laundering, Anti-Corruption, Protection of Clients Interests, Professional Ethics).

Industrialisation of Compliance

The Industrialisation Department continued to set up its organisation and governance, by appointing various Process Leaders and describing the roles and responsibilities of the main internal and external players in relation to Compliance. In particular, the quality of the data, which is the fundamental basis of the alert tools, has been improved by establishing a dedicated data office team and optimising the use of data flows, leading to a significant reduction in irrelevant alerts.

Established in 2020, the Compliance Information Systems strategic committee will enable IT architecture to be defined and validated in 2021 to support the implementation of the functional master plan developed by Compliance. The work carried out in 2020 significantly contributed to improving the performance of Compliance tools, particularly in terms of financial security. For 2021, the projects announced cover in particular the optimisation of alert handling processes and the implementation of new monitoring tools.

LEGAL The LEGAL function is an independent function of the Group and is hierarchically integrated with all the Group s legal teams.

During 2020, the LEGAL function continued to develop its legal risk management system, in particular through:

■ continued strengthening of governance during the first half of the year:

■ updating the procedural framework, in particular to align it with the RISK ORC system in terms of standards and methodology,

■ defining a new procedure for risk management and permanent control in accordance with the Group s requirements,

■ establishing a dedicated Global Internal Control Committee (ICC) with participation from the RISK and Compliance functions as well as General Inspection, in addition to the Global Legal Risk Committee already in place for several years;