434 2019 Universal registration document and annual financial report - BNP PARIBAS

5 risks and CaPital adequaCy Pillar 3

5

Operational risk

LEGAL is organised around:

■ a governance model based on:

■ the LEGAL Executive Board, a Committee that meets twice a month and manages strategic issues and oversees the LEGAL function s activities and decisions,

■ the LEGAL Executive Committee, a Committee that meets quarterly and helps to steer the LEGAL function and studies its key issues and topics;

■ the Global LEGAL Risk Committee, which ensures that an appropriate system for legal risk management is in place in LEGAL;

■ an oversight of legal risks via a number of actions:

■ management of a harmonised and robust system to manage global legal risks to provide overall supervision and proactive management of major legal risks, including namely defining a suitable system for ex post facto control by: (i) defining legal risk control plans, (ii) permanent control activities across all legal areas,

■ management of disputes, litigation and legal investigations,

■ provision of advice on the legal aspects of financial security,

■ constituting and managing panels of legal experts, i.e. selecting legal firms with which the Group works,

■ management and supervision of human resources litigation and disputes in various juridictions,

■ defining and ensuring the consistency of the Group s legal policy.

LEGAL is a global function made up of legal and paralegal teams located in around sixty countries, all reporting directly to the Group General Counsel.

The LEGAL Charter was updated in April 2018 and renewed in October 2019. The function is organised around the following principles:

■ independence and integration:

■ all LEGAL Function employees report directly or indirectly to the Group General Counsel,

■ LEGAL manages its own budget and human resources processes in terms of recruitment, appointment, performance appraisal, compensation, mobility and disciplinary and operational management;

■ delegation: the Group General Counsel delegates authority, whether directly or indirectly, to each member of the LEGAL Executive Committee, each within their own area of responsibility;

■ cross-functionality: Legal Practices, specialised teams by area of legal expertise tasked with managing issues relative to the Group s businesses and geographies within LEGAL, and with escalating major legal risks that fall within their scope, (Group Dispute Resolution, Company Law, Mergers and Acquisitions, Information Technology and Intellectual Property, Legal and Regulatory Intelligence and Competition Law) The role of Legal Practice Regulatory Risk & Advisory is to monitor, from a regulatory perspective, all proposed and adopted laws, case law and other regulatory and legal changes that may impact the Group or its businesses, in conjunction with the other functions;

■ responsibility:

lawyers are responsible for managing legal risks in the Group:

■ there is a comprehensive and unified legal organisation at all levels of the Group to provide adequate cover of legal risks,

■ each lawyer is responsible for ensuring that all major risks encountered are escalated within the LEGAL Function,

■ the Practice Group Dispute, a global team (integrated in line with management terms) so as to ensure management tailored to the Group s major disputes and investigations as well as legal issues associated with financial security (such as embargoes and anti- money laundering).

TAX RISK In each country where it operates, BNP Paribas is bound by specific local tax regulations applicable to companies engaged for example in banking, insurance or financial services.

The Tax Function ensures at a global level that the tax risk is managed throughout all of the transactions conducted by the Group. In view of the financial and reputational stakes, Finance and Compliance are involved in the tax risk monitoring process.

The Group Tax Department carries out the tax function and calls on the assistance of tax managers in certain businesses and in the main geographical areas where the Group operates (as well as tax correspondents in other geographical areas where the Group operates).

In ensuring the coherence of the Group s tax practices and the global tax risk monitoring, the Group Tax Department:

■ has drawn up procedures covering all divisions, designed to ensure that tax risks are identified, addressed and controlled appropriately;

■ has implemented a process of feedback aimed at contributing to the control of local tax risk;

■ reports to Executive Management on tax risk developments;

■ oversees the tax-related operational risks and the internal audit recommendations falling within the Tax Function s scope of responsibility.

A Tax Coordination Committee, involving Finance and Compliance and, on an as-needed basis, the businesses, is tasked with analysing the main tax issues with respect to the transactions the Group performs.

CYBER SECURITY AND TECHNOLOGY The use and protection of data and technologies are determining factors for the Bank s activity and its transformation process.

While the Bank continues the roll-out of Digital Banking (for the Group s customers and partners) and Digital Working (for the Group s employees), it must incorporate new technology and innovative risk management practices, and establish new working methods. This introduces new technology risks in the cyber security arena.