992019 Universal registration document and annual financial report - BNP PARIBAS
2CorPorate GovernanCe and internal Control
2
Internal control
2.4 Internal control
The following information relating to internal control has been provided by the Group s Executive Management. The Chief Executive Officer shall be responsible for the organisation and procedures of internal control and for all information required by French law regarding the internal control report. This document is based on the information provided by the Compliance, Risk, Finance, Legal and General Inspection Functions. It has been approved by the Board of directors.
BNP PARIBAS INTERNAL CONTROL STANDARDS The principles and procedures for the internal control of banking activities in France and abroad are at the heart of banking and financial regulations and are subject to numerous legislative and regulatory provisions.
The main text applicable to BNP Paribas is the Ministerial Order of 3 November 2014. This text sets out the conditions for the implementation and monitoring of internal control in credit institutions and investment firms, in compliance with the European Directive CRD 4. In particular, it specifies the principles relating to internal transaction control systems and procedures, organisation of accounting and information processing, risk and result measurement systems, risk monitoring and control systems, and the information and documentation system for internal control. article 258 of the Order provides for the drafting for the Board of directors of an annual regulatory report on the conditions under which internal control is implemented.
This Order requires BNP Paribas to have an internal control system (hereinafter Internal control) comprising specific departments and persons responsible for permanent control (including the Compliance and Risk Functions) and periodic control. This system must also take into account, as appropriate, the general regulation of the AMF, the regulations applicable to foreign branches and subsidiaries and to specialised activities such as portfolio management and insurance, and the recommendations of leading international bodies dealing with issues related to the prudential regulation of international banks, first and foremost the Basel Committee, the Financial Stability Board, the European Authorities, the European Securities and Markets Authority, the European Central Bank and the French Autorité de contrôle prudentiel et de résolution.
DEFINITION, OBJECTIVES AND STANDARDS OF INTERNAL CONTROL The BNP Paribas Group s Executive Management has implemented an internal control system whose main purpose is to ensure overall control of the risks and to provide reasonable assurance that the Company s objectives in this respect are achieved.
BNP Paribas internal control charter (reworked and updated in 2017) specifies the framework of this system and constitutes BNP Paribas basic internal control framework. Widely distributed within the Group and
accessible to all its employees, this charter firstly recalls the objectives of internal control, which aims to ensure:
■ a sound and prudent risk management approach, aligned with BNP Paribas values and code of conduct in conjunction with the policies outlined in its corporate social responsibility framework;
■ operational security of BNP Paribas internal operations;
■ the relevance and reliability of accounting and financial information;
■ compliance with laws, regulations and internal policies.
Its implementation requires, in particular, that a culture of high-level risk and ethics be promoted to all employees and in BNP Paribas relations with third parties, clients, intermediaries or suppliers as well its shareholders.
The charter then sets out the rules governing the organisation, responsibility and scope of operations of the various internal control entities and establishes the principle according to which the control functions (Compliance, Legal, Risk and General Inspection in particular) execute these controls independently.
SCOPE OF INTERNAL CONTROL The BNP Paribas Group s internal control is overarching:
■ it covers all types of risks to which the Group may be exposed (credit and counterparty risk, market risk, liquidity risk, interest rate risk in the banking book, underwriting risk with respect to insurance, operational risk, risk of non-compliance, equity risk, etc.);
■ it is applied at the Group level and at the level of directly or indirectly controlled entities, irrespective of their line of business and irrespective of whether they are consolidation status. For other entities (in particular, legal entities subject to significant influence), the Group s representatives on the corporate bodies of these entities are strongly encouraged to promote the same standards of internal control;
■ it also covers the use of outsourced services, in accordance with principles defined by regulation.
FUNDAMENTAL PRINCIPLES OF INTERNAL CONTROL BNP Paribas internal control system is based on its values and the code of conduct as well as the principles of the following additional actions:
■ clearly identified responsibilities: internal control is the responsibility of every employee, irrespective of their seniority or responsibilities. The exercise of a managerial function carries the additional responsibility of ensuring the proper implementation of the internal control system within the scope subject to regulation. In this framework, the necessary responsibilities and delegations must be clearly identified and communicated to all stakeholders;