2018 Registration document and annual fi nancial report - BNP PARIBAS 103
2CORPORATE GOVERNANCE AND INTERNAL CONTROL
2
Internal Control
The organisation of the Board of directors and its specialised committees is defi ned through its Internal rules . The Heads of General Inspection and the integrated functions exercising second-level control have the right to be heard, possibly without the presence of Executive Offi cers, by the Board of directors or one of its specialised committees.
Finally, among the specialised committees, the Internal Control, Risk Management and Compliance Committee (CCIRC) is essential in the Group s internal control system. Indeed, it assumes the following responsibilities:
■ analyses reports on internal control and on risk measurement and monitoring, reports on the activities of the General Inspection, and signifi cant correspondence with the main regulators;
■ examines the strategic directions of the risk policy;
■ reports to the Board of directors.
COORDINATION OF INTERNAL CONTROL At the consolidated level, the coordination of internal control is ensured by the Group Supervisory & Control Committee, which is responsible, in particular, for ensuring consistency and coordination in the internal control system. It meets on a bi-monthly basis and brings together the Executive Offi cers, the Deputy Chief Executive Offi cer and the Heads of the integrated Functions. The Deputy Chief Operating Offi cers overseeing an operating division have standing invitations to attend.
In those entities and territories that are signifi cant for the Group, their Executive Officers are responsible for arranging this coordination, generally within the framework of the Internal Control Committees.
PROCEDURES The procedures are one of the key elements of the permanent control system alongside the identifi cation and assessment of risks, controls, reporting and monitoring of the control system.
Written guidelines are distributed throughout the Group and provide the organisation and procedures to be applied as well as the controls to be applied. These procedures constitute the basic framework for internal control. The Risk Function, as part of the oversight of the permanent control system, regularly monitors the completeness of the procedures guidelines. The Group s cross-functional procedures framework (levels 1 and 2) is regularly updated through contributions from all divisions and functions. Regarding the control framework, investigations into the status of the system are included in the semi-Annual Report on permanent control.
Among the Group s cross-functional procedures, applicable in all entities, risk control is critically important in:
■ the procedures that govern the process for approving exceptional transactions, new products and new activities;
■ the procedure for approving credit and market transactions;
■ the procedures in terms of compliance with embargoes and anti- money laundering.
These processes rely primarily on committees (Exceptional Transactions Committees, New Activities and Products Committees, Credit Committees, etc.) mainly covering, on the one hand, operational and related functions such as IT and Operations, and on the other, the control functions (Risk, Compliance, Finance, and Legal and Tax Functions), which take a second- look on transactions. In the event of a dispute, they are submitted to a higher level of the organisation. Leading this process are the committees (Credit, Market Risk, Risk Policy Committees, etc.) chaired by members of the Executive Management.
2018 HIGHLIGHTS 2018 was marked in particular by the following topics: the continued implementation of the remediation plans on financial security, the conduct and operational risk, the Know Your Customer programme (KYC) with the continued signifi cant reinforcement of Compliance means, and implementation of large programmes on compliance with MiFID regulations and French anti-corruption law.
Cyber threats remained at a high level in 2018, which mobilised the teams concerned throughout the Group to continue strengthening the Group s protection, detection and control system.
COMPLIANCE
Integrated globally since 2015, Compliance brings together all Group employees reporting to the function.
Compliance is organised based on its guiding principles (independence; integration and decentralisation of the function; dialogue with the business lines; a culture of excellence) through three operating areas, two regions, fi ve fi elds of expertise and three cross-functional activities.
All Compliance Offi cers in the various operational areas, regions, business lines and territories, fi elds of expertise and Group functions report directly to the Compliance Function.
The Group Compliance headcount again increased significantly to 4,186 full-time equivalents (FTEs) at the end of 2018, an increase of 11% compared to 2017. The Compliance Function continued to oversee the implementation of remediation plans initiated as part of its agreements with the authorities in France and the United States regarding international fi nancial and foreign exchange sanctions. Several other projects are underway in order to better align the organisation with the many challenges now faced (new regulatory requirements, complex transactions, etc.) by the Compliance Function. This is the case in particular in the areas of fi nancial security (anti-money laundering, fi ght against corruption and terrorist fi nancing, international fi nancial sanctions), market integrity, the implementation of the French Banking Act and the US Volcker Rule, as well as laws concerning the tax status of customers, Professional Ethics, the code of conduct and the strengthening of mechanisms to protect customer interests.