Your browser is not up to date and is not able to run this publication.
Learn more

2018 Registration document and annual fi nancial report - BNP PARIBAS104

2 CORPORATE GOVERNANCE AND INTERNAL CONTROL

2

Internal Control

In 2018, for example, the Compliance Function s activity resulted in the following developments:

■ in terms of fi nancial security, as part of its transformation programme, the Bank strengthened the Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) system by updating several key elements of its regulatory framework. The operational implementation of the new standards for transaction monitoring and AML/CFT alert management defi ned in 2017 continued throughout the Group, the effective implementation of which is expected by the end of 2019 in most of the entities concerned;

■ as regards the system relating to international fi nancial sanctions and verifi cation of the Group s compliance with the commitments made to the French and US authorities, the third annual audit of the independent consultant of the Fed and the ACPR took place between June and November 2018. The review of the independent consultant of the Department of Financial Services of New York ( DFS ), which covered the customer data screening tools and processes, the list management processes and tools, and BNP Paribas New York s new Anti-Money Laundering/Terrorist Financing Tool also took place in 2018;

■ moreover, the system to ensure the Group s compliance with the payment transparency (FATF recommendation 16) was strengthened in 2018 and the Group s country risk assessment model was reviewed and strengthened during the year;

■ the BNP Paribas corruption prevention and management system overhauled following the publication of the so-called Sapin 2 law of 9 December 2015 on transparency, anti-corruption and modernising the economy. This system is now based on an anti-corruption code of conduct incorporated into BNP Paribas SA s internal regulations, governance, corruption risk mapping, policies, procedures and tools used to control identifi ed risks, internal alert systems, and finally, controls and reports. The measures undertaken enabled the existing system to be strengthened in 2018 to comply with new recommendations from the Agence Française Anti-Corruption (French Anti-Corruption Agency - AFA). Anti-Corruption Contacts were appointed at all operational levels of BNP Paribas and the Central team was expanded, the whistleblowing system and the corruption risk mapping were completed and an online awareness training on corruption risks was launched for all employees. These measures will be completed in 2019, notably by strengthening the operational accounting controls and the 1st and 2nd level controls of the anti- corruption system;

■ the Whistleblowing procedure was revised to meet the new regulatory requirements. Consolidation of the whistleblowing system continued by strengthening whistleblower protection, formalising the methodological framework for alert processing, and improving feedback;

■ the implementation of the target permanent compliance control system continued in 2018, with, notably, deployment of the generic market integrity control plan and the fi nalisation of the target permanent control program for Compliance. Efforts to strengthen the permanent control system will continue in 2019 in close collaboration with the Risk Function to ensure convergence of the approaches, methodologies and tools used;

■ the continued improvement of the market abuse detection system in terms of governance, supervision and tools;

■ compliance with the BMR ( Benchmark Regulation ) for all business undertaken by BNP Paribas as an administrator, contributor or user of benchmarks, and compliance with the principles of the IOSCO;

■ compliance with the FX code of the Bank for International Settlements;

■ the publication of all policies, guidelines and technical guides in relation to MiFID II;

■ the implementation of major new European regulations MiFID II, IDD and PRIIPs continued as part of the global governance adapted to coordinate the actions of the local Compliance teams in all the countries and business lines concerned;

■ the continued implementation of new applicable regulations (including French banking law, the US Volcker Rule , the US FATCA law (Foreign Account Tax Compliance Act), standard AEOI (Automatic Exchange of Information) of reporting promoted by the OECD on tax clients) and deployment of the corresponding periodic certifi cation process.

In the area of Know Your Client , or KYC, all business lines continued to implement the Group s policies and to improve operational effi ciency. These projects are regularly monitored by the Executive Management. At the same time, Compliance conducts an adaptive standards maintenance program to take into account emerging risks and regulatory changes, and to develop the risk approach.

In terms of training, a large-scale initiative continued throughout the Group (online training) with a view to raising awareness among all employees concerned about the importance and main features of international fi nancial sanctions. Thus, at 31 December 2018, more than 90% of the employees concerned had taken online training on international sanctions and embargoes, anti-money laundering and fi nancing of terrorism training.

A number of projects will be continued and finalised in 2019: the strengthening of the Conduct supervisory framework within the Group, but also the industrialisation and automation of processes to focus on a closer and more effective management of non-compliance risks.

LEGAL

In 2018, the Legal Function continued to strengthen its legal risk management system, in particular through:

■ Improving governance:

■ strengthening the system for anticipating legal risks by the effective implementation of a Legal Risk Anticipation Department;

■ structuring a Legal Risk Oversight team to develop the permanent control system in the Legal COO;

■ strengthening coordination with the General Inspection, Risk and Compliance Functions, particularly by contributing to a common operational risk governance ( Group Operational Risk Committee );

■ review of the target operating model for the regulatory monitoring applicable to all the functions involved in the monitoring process.