Your browser is not up to date and is not able to run this publication.
Learn more

2018 Registration document and annual fi nancial report - BNP PARIBAS102

2 CORPORATE GOVERNANCE AND INTERNAL CONTROL

2

Internal Control

■ the Head of a Function performing a second level control performs this mission by relying on teams that can be placed:

■ either under its direct or indirect hierarchical responsibility, where the Function is then called integrated. It thus has full authority over its budget and the management of its human resources,

■ or under its direct or indirect functional responsibility (so-called non-integrated Function) subject to joint decision-making with the reporting line manager for Human Resources and budget.

The three integrated Functions exercising second-level control are:

■ Risk, in charge of organising and overseeing the overall system for controlling those risks to which the BNP Paribas Group is exposed, particularly credit risk and counterparty risk, market risk, funding and liquidity risk, interest rate and exchange rate risk in the banking book, insurance risk and operational risk. The Head of Risk is also the Head of Permanent Control, responsible for the consistency and proper functioning of the permanent control system within the BNP Paribas Group;

■ Compliance, responsible for organising and overseeing the non- compliance risk control system. As such, it contributes to the permanent control of compliance with laws and regulations, professional and ethical standards and the guidelines of the Board of directors and the instructions of the Executive Management;

■ Legal, responsible for organising and overseeing the legal risk control system, exercises its responsibility to prevent and manage legal risks through its advisory and control roles. It exercises this control by (i) monitoring the implementation of legal opinions issued for the purpose of avoiding or mitigating the effects of a major legal risk and (ii) fi rst and second level control exerted on the legal processes. The missions entrusted to this function are performed independently of the business activities and support functions. The function is integrated hierarchically under the sole authority of its Department head, i.e. Group General Counsel, who reports to the Chief Executive Offi cer.

The heads of these functions may be heard by the Board or any of its specialised committees, directly, possibly without the presence of Executive Offi cers, or at their request.

The two non-integrated functions exercising a second-level control are:

■ Group Tax Department, as part of the organisation of the Group s tax risk control system and its contribution to its implementation;

■ Group Finance, under its responsibility in defi ning and implementing the risk control system related to accounting and financial information.

The appointment of the Heads of the Compliance, Finance and Risk Functions falls within the framework defi ned by the European Banking Authority.

■ General Inspection (third line of defence): the General Inspection is responsible for periodic control, performs the Internal Audit Function and contributes to the protection of the Group by independently acting as its third line of defence on all Group entities and in all areas. It includes:

■ centrally based inspectors who carry out their duties throughout the Group;

■ auditors distributed in the geographical or business line platforms (called hubs ).

The Inspector General, responsible for periodic controls, reports to the Chief Executive Offi cer.

■ Executive Offi cers: the Chief Executive Offi cer and the Chief Operating Offi cer ensure the effective management of the Company for regulatory and legal purposes. In practice, the Executive Officers make key decisions through specialised committees that allow them to rely on experts with a deep understanding of the issues to be addressed.

Executive Directors are responsible for the internal control system as a whole. As such and notwithstanding the powers of the Board of directors, the Executive Offi cers:

■ decide on the key policies and procedures serving as the basis for this system;

■ directly oversee the functions exercising independent control and provide them with the means to allow them to fulfi l their responsibilities effectively;

■ defi ne the Group s risk-taking policies, validate the most important decisions in this area and, if necessary, make the fi nal decisions in the context of the escalation process. This process is implemented in accordance with the powers conferred to the Group Risk Offi cer, who may exercise his right of veto under the conditions set out in the Risk charter,

■ periodically evaluate and monitor the effectiveness of the internal control policies, systems and procedures and to implement the appropriate measures to remedy any defi ciencies;

■ receive the main reports on internal control within the Group;

■ report to the Board of directors or its relevant committees on the operation of this system.

■ The Board of directors: the Board of directors exercises directly or through specialised committees (Financial Statements Committee, Internal Control, Risk Management and Compliance Committee, Corporate Governance, Ethics, Nominations and CSR Committee, etc.) key responsibilities in terms of internal control. Among others, the Board of directors:

■ determines, on the proposal of the Executive Offi cers, the strategy and guidelines of the internal control activity and ensures their implementation;

■ reviews the internal control activity and results at least twice per year;

■ regularly reviews, assesses and verifies the effectiveness of the governance system, including in particular, clearly defi ned responsibilities, and internal control, including in particular risk reporting procedures, and taking appropriate measures to remedy any failings uncovered;

■ validates the Risk Appetite Statement , approve and periodically review the strategies and policies for taking up, managing, monitoring and controlling risks and approves their overall limits.