Universal registration document and annual financial report 2019

102 2019 Universal registration document and annual financial report - BNP PARIBAS

2 CorPorate GovernanCe and internal Control

Internal control

■ the Head of a function performing a second level control performs this mission by relying on teams that can be placed:

■ either under its direct or indirect hierarchical responsibility, where the function is then called integrated. It thus has full authority over its budget and the management of its human resources,

■ or under its direct or indirect functional responsibility (so-called non-integrated function) subject to joint decision-making with the reporting line manager for Human Resources and budget.

The three integrated functions exercising second-level control are:

■ Risk, in charge of organising and overseeing the overall system for controlling those risks to which the BNP Paribas Group is exposed, particularly credit risk and counterparty risk, market risk, funding and liquidity risk, interest rate and exchange rate risk in the banking book, insurance risk and operational risk. The Head of Risk is also the Head of Permanent Control, responsible for the consistency and proper functioning of the permanent control system within the BNP Paribas Group;

■ Compliance, responsible for organising and overseeing the non- compliance risk control system. As such, it contributes to the permanent control of compliance with laws and regulations, professional and ethical standards and the guidelines of the Board of directors and the instructions of the Executive Management;

■ Legal, responsible for organising and overseeing the legal risk control system, exercises its responsibility to prevent and manage legal risks through its advisory and control roles. It exercises this control by (i) monitoring the implementation of legal opinions issued for the purpose of avoiding or mitigating the effects of a major legal risk and (ii) first and second level control exerted on the legal processes. The missions entrusted to this function are performed independently of the business activities and support functions. The function is integrated hierarchically under the sole authority of its Department head, i.e. Group General Counsel, who reports to the Chief Executive Officer.

The Heads of these functions may be heard by the Board or any of its specialised committees, directly, possibly without the presence of Executive Officers, or at their request.

The two non-integrated functions exercising a second-level control are:

■ Group Tax Department, as part of the organisation of the Group s tax risk control system and its contribution to its implementation;

■ Group Finance, under its responsibility in defining and implementing the risk control system related to accounting and financial information.

The appointment of the Heads of the Compliance, Finance and Risk Functions falls within the framework defined by the European Banking Authority.

Permanent control can be outlined as follows:

RISK Tax Fi

nan ce

GA L

Compliance

Operational entities

Control functions

Level 1 controls (L1Cs)

L1Cs L2Cs

Level 2 controls (L2Cs)

Permanent control

- Responsible for controlling their risks - Deploy and perform the Controls for their respective scopes

- Perform the level 2 controls : independent review of the robustness and effectiveness of the control system