2018 Registration document and annual fi nancial report - BNP PARIBAS 325
5RISKS AND CAPITAL ADEQUACY PILLAR 3
5
Risk management [Audited]
The other main bodies at Group level have the following roles:
■ the General Management Credit Committee (CCDG) is the Group s highest authority concerning credit and counterparty risks; it decides on risk-taking and conducts annual reviews of authorisations for customers or groups, in both cases beyond certain thresholds;
■ the General Management Doubtful Committee (CDDG) decides, beyond certain thresholds, on stage 3 provisions and recognitions of losses relative to Group exposures to defaulting counterparties;
■ the Capital Markets Risk Committee (CMRC) is the body which governs the Group s risk profi le of the capital markets activities; its tasks
include, among others, analysing market and counterparty risks and setting limits for capital market activities;
■ the Country Envelope Committees set limits for medium to high risk countries, in light of market conditions, business strategies and risk and compliance aspects;
■ a Risk Policy Committee (RPC) defi nes the appropriate risk policy on a given matter such as a business activity, a product, a geography (region, country), a client segment or an economic sector;
■ the General Management IT Committee oversees Group-wide topics in the IT sector and validates the Group s strategy, governance framework, and risk strategy in terms of IT.
RISK MANAGEMENT ORGANISATION
POSITION OF THE CONTROL FUNCTIONS Risk management is central to the banking business and is one of the cornerstones of operations for the BNP Paribas Group. BNP Paribas has an internal control system covering all types of risks to which the Group may be exposed, organised around three lines of defence (see the Internal Control section in chapter 2, Corporate Governance and Internal Control):
■ as the fi rst line of defence, Internal Control is the business of every employee, and the heads of the operational activities are responsible for establishing and running a system for identifying, assessing and managing risks according to the standards defi ned by the functions exercising an independent control in respect of a second level of control;
■ the main control functions within BNP Paribas ensuring the second line of defence are the Compliance, RISK and LEGAL Functions. Their Heads report directly to Chief Executive Officer and account for the performance of their missions to the Board of directors via its specialised committees;
■ General Inspection provides a third level of defence. It is responsible for the periodic control.
GENERAL RESPONSIBILITIES OF THE RISK AND COMPLIANCE FUNCTIONS Responsibility for managing risks primarily lies with the divisions and business lines that propose the underlying transactions. RISK continuously performs a second-line control over the Group s credit, market, banking book interest rate, liquidity, operational and insurance risks. As part of this role, it must ascertain the soundness and sustainability of the business developments and their overall alignment with the risk appetite target set by the Group. Risk s remit includes formulating recommendations on risk policies, analysing the risk portfolio on a forward-looking basis, approving corporate loans and trading limits, guaranteeing the quality and effectiveness of monitoring procedures and defi ning or validating risk measurement methods. RISK is also responsible for ensuring that all the risk implications of new businesses or products have been adequately assessed.
Compliance has identical responsibilities as regards compliance and reputation risks. It plays an important oversight and reporting role in the process of validating new products, new business activities and exceptional transactions.
ORGANISATION OF THE RISK AND COMPLIANCE FUNCTIONS
Approach
The RISK organisation fully complies with the principles of independence, vertical integration, and decentralisation issued by the Group s Management for the Group s main control functions (Compliance, RISK , LEGAL , and a third line of defence, General Inspection). Hence within RISK :
■ all the teams in charge of risks, including those in operational entities have been integrated in the function with reporting lines to the Chief Risk Offi cers of these entities;
■ the Chief Risk Offi cers of the entities report to RISK .
Moreover, this organisation enabled the governance of risk management activities to be strengthened, especially regarding model risk management, by creating RISK Independent Review and Control (RISK IRC), reporting directly to the Chief Risk Offi cer (CRO) which groups together the teams in charge of the independent review of the risk methodologies and models, and in the area of operational risk, with the organisation described in section 5.9 Operational, compliance, and reputation risk.
In accordance with international standards and French regulations, Compliance manages the system for monitoring compliance and reputation risks for all of the Group s businesses in France and abroad. The system for monitoring compliance and reputation risks is described in section 5.9.