Universal registration document and annual financial report 2020

2020 Universal registration document and annual financial report - BNP PARIBAS 337

5risks and CaPital adequaCy Pillar 3

Risk management [Audited]

The other main bodies at Group level have the following roles:

■ the General Management Credit Committee (CCDG) is the Group s highest authority concerning credit and counterparty risks. This Committee decides on credit requests exceeding the amount of individual delegations or relating to transactions of a specific nature or which would deviate from the principles of the General Credit Policy. A Compliance representative may attend CCDG meetings when an opinion on financial security is needed;

■ the General Management Doubtful Committee (CDDG) is the Group s highest level decision-making committee in terms of specific provisioning and recognitions of losses relative to the Group s customer exposures;

■ the Capital Markets Risk Committee (CMRC) is the body which governs the Group s risk profile of the capital markets activities; its tasks include, among others, analysing market and counterparty risks and setting limits for capital market activities;

■ the Country Envelope Committees determine the BNP Paribas Group s Risk Appetite by setting limits for medium-to-high-risk countries in view of risk in relation to country, market conditions, business strategies and aspects of risk and compliance;

■ the Risk & Development Policy Committees (RDPC) have the dual objective of defining an appropriate risk policy for any given subject which may be a business activity, a product, a geographic area (region or country), a customer segment or economic sector, and of investigating development opportunities in relation to the subject in question;

■ the Group IT Risk Committee (GITRC) defines and oversees the BNP Paribas Group s IT risk profile. This is the highest authority in terms of technological and cybersecurity risk management.

ADAPTATION MEASURES SPECIFIC TO THE HEALTH CRISIS The sanitary context led to the implementation of regular crisis committees at all Group s levels, for a close monitoring of the impacts on credit, market, liquidity, operational and ICT (Information, Communication and Technology) risks, providing rapid decision making opportunities adapted to the evolving environment.

On credit risk, this close monitoring resulted in the introduction at division and business line level, of the regular supervision of the portfolios and clients most exposed to the consequences of the health crisis, as well as the follow-up of the measures introduced by the States. In addition, debt recovery teams were reinforced.

Group and entities operational resilience was managed and strengthened with the activation crisis management procedures, including waiver control, adaptation of processes, the supervision of the operational arrangements and information systems related to moratoria and the adjustment of periodic internal control plans.

RISK MANAGEMENT ORGANISATION

POSITION OF THE CONTROL FUNCTIONS Risk management is central to the banking business and is one of the cornerstones of operations for the BNP Paribas Group. BNP Paribas has an internal control system covering all types of risks to which the Group may be exposed, organised around three lines of defence (see the Internal Control section in chapter 2 Corporate governance and internal control):

■ as the first line of defence, internal control is the business of every employee, and the heads of the operational activities are responsible for establishing and running a system for identifying, assessing and managing risks according to the standards defined by the functions exercising an independent control in respect of the second line of defense;

■ the main control functions within BNP Paribas ensuring the second line of defence are the Compliance, RISK and LEGAL Functions. Their Heads report directly to Chief Executive Officer and account for the performance of their missions to the Board of directors via its specialised committees;

■ General Inspection provides a third level of defence. It is responsible for the periodic control.

GENERAL RESPONSIBILITIES OF THE RISK AND COMPLIANCE FUNCTIONS Responsibility for managing risks primarily lies with the divisions and business lines that are at the origin of the underlying transactions. RISK continuously performs a second-line control over the Group s credit, market, banking book interest rate, liquidity, operational risks, including technological and cybersecurity risks, over data protection, social and environmental responsibility risks and insurance risks. As part of this role, it must ascertain the soundness and sustainability of the business developments and their overall alignment with the risk appetite target set by the Group. RISK s remit includes formulating recommendations on risk policies, analysing the risk portfolio on a forward-looking basis, approving corporate loans and trading limits, guaranteeing the quality and effectiveness of monitoring procedures and defining or validating risk measurement methods. RISK is also responsible for ensuring that all the risk implications of new businesses or products have been adequately assessed.

Compliance has identical responsibilities as regards compliance and reputation risks. It plays an important oversight and reporting role in the process of validating new products, new business activities and exceptional transactions.