1112019 Universal registration document and annual financial report - BNP PARIBAS

2CorPorate GovernanCe and internal Control

2

Internal control

Control of the value of financial instruments and the use of valuation in determining the results of market activities and accounting reports

Finance is responsible for producing and ensuring the quality of the Group s accounting and management information. It delegates the production and control of market values or models for financial instruments to specialists in this area, who thus form a single, integrated channel for valuing such instruments. The processes covered include:

■ verifying the appropriateness of the valuation system as part of the approval process for new transactions or activities;

■ verifying the proper recording of transactions in the systems and ensuring it is appropriate with the valuation methodologies;

■ verifying the development and approval mechanism independent of the valuation methods;

■ determining the market parameters and the procedure for an independent verification of these parameters;

■ determining valuation adjustments for market, liquidity and counterparty risks;

■ classifying instruments within the fair value hierarchy, determining day one profit adjustments, estimating the sensitivity of level 3 valuations to valuation assumptions.

Through appropriate processes and tools, the channel s objectives are to ensure both the correctness and the reliability of the process for valuing financial instruments, and the quality and comprehensiveness of the control system. It can thus provide the appropriate data to the various decision-making bodies, data that also informs the operational processes for compiling the accounting and management results, and ensures the transparency of annexes dedicated to fair value.

The control exercised by the valuation channel which involves all players is supervised by the Finance Function and has its own governance framework. This control system is based on a set of organisational principles defined in the Group s Internal Control Charter for each organisational level, i.e. Group, CIB and the main entities that account for market transactions.

The Finance Function relies on dedicated CIB Methodology & Financial Control (CIB MFC) teams, which oversee the entire system, to ensure that it is functioning correctly. The Finance Function decides on the information that must be reported by the various players: this comprises both quantitative and qualitative data indicating trends in different businesses as well as the results and quality of upstream controls carried out.

Several committees that meet on a quarterly or monthly basis are set up to bring all of the players together to review and examine, for each process and business line, the methods used and/or the results of the controls conducted. These committees operating methods are governed by procedures approved by the Finance Function, ensuring that the Finance Function takes part in the main choices and arbitrations. Lastly, the CIB MFC reports at each accounting quarter-end to the Product Financial Control Committee (PFC), an arbitration and decision- making committee chaired by the Group Chief Financial Officer, on its work, and informs the committee of the points of arbitration or

attention concerning the effectiveness of the controls and the reliability of the result measurement and determination process. This quarterly Committee meeting brings together the business lines, Group Finance and the divisions concerned, the ALMT and the Risk Function. Intermediary PFC committees complete this system and aim to define project priorities, monitor their implementation and thoroughly examine certain technical elements.

Development of the system

The control system is continuously adapted to the Group s requirements. The procedures described form part of an evolving system that aims to guarantee an adequate level of control throughout the Group.

In particular, the quality of the accounting certification process is regularly reviewed with the divisions/business lines, for instance with the preparation of quantitative indicators for some controls, targeted cross-functional reviews of a major control and ad hoc reviews with the divisions/business lines on specific points for improvement in various areas. These reviews are supplemented by presentations to the various committees in the Finance channel, on-site visits and training sessions. Group procedures clarifying some major controls, and detailed instructions aimed at ensuring consistent responses and adequately- documented processes are also distributed. These Group procedures and instructions are extended where necessary at divisions/business lines level to cover issues specific to them.

Similarly, the certification system of the data contributing to the calculation of the capital adequacy ratio is subject to adjustment in order to take into account developments in the processes and the organisation, and to capitalise on indicators and controls in place in the various sectors in connection with the improvement programme on the reporting and the quality of the data.

In addition, in respect of liquidity reporting, changes in processes and tools are carried out regularly in order to adapt to the new demands of regulatory reporting, and specific actions are taken with the various contributors in order to enhance the quality and controls for the channel.

Lastly, in late 2019, the Group completed a programme called Risk Data Aggregation and Reporting (RaDAR) in response to the Principles for effective risk data aggregation and risk reporting established by the Basel Committee. The aim of this programme was to improve the quality and integrity of the data needed to produce reports covering the different types of risks to which BNP Paribas is exposed (credit, market, liquidity, operational), and to strengthen the consistency of reporting for all levels of the organisation during normal times as well as in times of stress or crisis.

The Group believes itself to be compliant with the principles established by the Basel Committee for the purposes of risk data aggregation and risk reporting ( Principles for effective risk data aggregation and risk reporting ) in line with the criteria defined when the RaDAR programme was launched.

To ensure that the Group complies with BCBS 239 principles in day-to-day operations management, BNP Paribas has appointed a Group Chief Data Officer (CDO) as well as a CDO Risk/Finance. To ensure compliance, they use the Chief Data Officers process within the businesses and functions.