Universal registration document and annual financial report 2020

2020 Universal registration document and annual financial report - BNP PARIBAS338

5 risks and CaPital adequaCy Pillar 3

Risk management [Audited]

ORGANISATION OF THE RISK AND COMPLIANCE FUNCTIONS

Approach

The RISK organisation fully complies with the principles of independence, vertical integration, and decentralisation issued by the Group s Management for the Group s main control functions (Compliance, RISK, LEGAL, and a third line of defence, General Inspection). Hence within RISK:

■ all the teams in charge of risks, including those in operational entities have been integrated in the function with reporting lines to the Chief Risk Officers of these entities;

■ the Chief Risk Officers of the entities report to RISK.

Moreover, this organisation enabled the governance of risk management activities to be strengthened, especially regarding model risk management, through RISK Independent Review and Control (RISK IRC) team, reporting directly to the Chief Risk Officer (CRO) which groups together the teams in charge of the independent review of the risk methodologies and models, and in the area of operational risk, with the organisation described in section 5.9 Operational risk.

In accordance with international standards and French regulations, Compliance manages the system for monitoring compliance and reputation risks for all of the Group s businesses in France and abroad. The system for monitoring compliance and reputation risks is described in section 5.9.

Role of the Chief Risk Officer

The Group Chief Risk Officer reports directly to the Chief Executive Officer and sits on the Executive Committee of BNP Paribas. He has line authority over all Risk employees. He can veto the risk-related decisions and has no connection, in terms of authority, with the Heads of Core

Businesses, business lines and territories. This positioning serves the following purposes:

■ ensuring the objectivity of risk control, by removing any involvement in commercial relationships;

■ making sure senior management is warned of any deterioration in risk and is rapidly provided with objective and comprehensive information on the status of risks;

■ enabling the dissemination, throughout the Bank, of high and uniform risk management standards and practices;

■ ensuring the quality of risk assessment methods and procedures by calling on professional risk managers in charge of evaluating and enhancing these methods and procedures in light of the best practices implemented by international competitors.

Role of the Chief Compliance Officer

The Chief Compliance Officer takes his powers from the Chief Executive Officer and reports directly to him. He is a member of the Group s Executive Committee and reports regularly to the ad hoc Committees of the Board of directors, generally the Internal Control, Risk and Compliance Committee. He may also inform the Board of directors, if the latter or Chief Executive Officer deems it necessary. He may also inform the Board of directors directly if he considers that an event likely to have a material impact on the Group should be brought to its attention.

He has no operational activity outside of compliance and reputation risk and no commercial activity, which guarantees his independence of action. He exercises hierarchical supervision over all the compliance teams in the various business units, geographical areas and functions.

The Compliance Function s mission is to issue opinions and decisions, and provide oversight and second-line controls, in order to give reasonable assurance that the Group s compliance oversight procedures for its transactions are effective and consistent, and that its reputation has been protected.

RISK CULTURE

ONE OF THE GROUP S CORE FOUNDING PRINCIPLES The BNP Paribas Group has a strong risk and compliance culture.

Executive Management has chosen to include the risk culture in three of its key corporate culture documents:

■ Code of conduct:

The Group adopted a new Code of conduct in 2016. It applies to all employees and defines the rules for our conduct in line with the core values of our corporate culture. For example, employees are reminded in the Code of conduct that the Group s interests are protected by responsible risk-taking in a strict control environment. The Code of conduct also includes rules for protecting customers interests, financial security, market integrity and professional ethics, which all play an important role in mitigating compliance and reputation risks;

■ Responsibility Charter:

Executive Management drew up a formal Responsibility Charter, inspired by the Group s core values (the BNP Paribas Way ), management principles and Code of conduct. One of the four commitments is Being prepared to take risks, while ensuring close risk control .

The Group sees rigorous risk control as part of its responsibility, both to clients and to the financial system as a whole. The Bank s decisions on the commitments it makes are reached after a rigorous and concerted process, based on a strong, shared risk culture which pervades all levels of the Group. This is true both for risks linked to lending activities, where loans are granted only after in-depth analysis of the borrower s situation and the project to be financed, and for market risks arising from transactions with clients these are assessed on a daily basis, tested against stress scenarios, and subject to limits.