Your browser is not up to date and is not able to run this publication.
Learn more

2018 Registration document and annual fi nancial report - BNP PARIBAS 101

2CORPORATE GOVERNANCE AND INTERNAL CONTROL

2

Internal Control

The functions exercising the second and third lines of defence are so-called Functions exercising independent control. They report directly to the Executive Offi cers and with respect to Compliance, Legal, Risk and General Inspection, they report on the performance of their duties to the Board of directors.

General Inspection

2nd level integrated functions(*)

2nd level non-integrated functions(**)

Operational entities

Pe ri

od ic

co nt

ro l

Pe rm

an en

t co

nt ro

l

Executive Officers

Board of Directors

Reports to

Direct hierarchical reporting

Three lines of defence

Key players in Internal Control

(*) Compliance, Legal, Risk. (**) Group Tax Department and Group Finance under its responsibility as part of the organisation and oversight of the control system for risks related to accounting and financial information.

KEY PLAYERS IN INTERNAL CONTROL ■ The operational entities are the fi rst line of defence: the operational entities are primarily responsible for managing their risks and are the front-line in permanent control. They act within the framework defi ned by the Group s Executive Offi cers and reviewed by its Board of directors, transcribed in the form of policies and procedures and to the extent necessary, tailored by the corporate bodies of the Group s entities.

■ The risk control system operated by the fi rst line of defence forms what is called the fi rst-level control system. It is implemented by employees and/or their reporting line and/or control teams that do not operate the processes under their control.

The operational entities cover:

■ all Operating divisions and Business Lines, whether these concern profi t-centre entities and their associated support functions, or all entities of Domestic Markets, International Financial Services and Corporate & Institutional Banking;

■ all cross-divisional Functions, including the control functions for the processes that they operate directly and not under the responsibility of the second line of defence;

■ all the Territories, attached to an operating division.

■ The Functions exercising second-level control (second line of defence):

■ functions exercising second-level control are responsible, under the delegation given by the Executive Offi cers, for the organisation and functioning of the risk control system and its compliance with laws and regulations on a range of areas (subjects and/or processes), as defi ned in their responsibility charter;

■ as such, in their fi eld of expertise and, where appropriate, after having consulted the operational entities, they defi ne the general normative framework in which the risk management under their responsibility is to be carried out, the methods of their intervention (thresholds, delegations, escalation, etc.), implement this system in those aspects that concern them and for which they are responsible, in their area of expertise, for fi rst-level and second-level permanent control. They challenge and provide an independent view of risk identifi cation and assessment vis-à-vis operational entities. They also contribute to spreading a culture of risk and ethics within the Group;

■ those responsible for these functions provide the Executive Offi cers and Board of directors with a reasoned opinion on the level of risk control, current or potential, in particular regarding the Risk Appetite Statement as defi ned and propose any actions for improvement that they deem necessary;