2018 Registration document and annual fi nancial report - BNP PARIBAS 55
2CORPORATE GOVERNANCE AND INTERNAL CONTROL
2
Corporate governance report
2.c Works performed by the Financial Statements Committee and the Internal Control, Risk Management and Compliance Committee in their joint meetings, and work approved by the Board of directors in 2018
Meetings Number
of members Attendance
rate 9 2 88%
The committees:
■ reviewed the ICAAP (Internal Capital Adequacy Assessment Process) report. They examined the Bank s assessment of its risks, and made sure that it had appropriate controls and the required capital to cover those risks;
■ studied the nature and organisation of the joint work of the Finance and RISK Functions, including impairments and provisions, fair value measurement of fi nancial instruments, stress tests, ICAAP processes and the Internal Liquidity Adequacy Assessment Process (ILAAP);
■ examined the Statutory Auditors audit plan;
■ discussed whether the prices of the products and services proposed to customers are compatible with the risk strategy (CRD 4);
■ were informed of the implementation of the Bank s action plan to close recommendations made by the ECB in its follow-up letter on its topical review of the implementation of BCBS 239;
■ acknolwedged the results of BNP Paribas stress tests forwarded to the EBA and asked that the Board be kept informed of the fi nal outcome for all European banks;
■ reviewed the Global Systemically Important Bank notifi cation system.
The Board:
■ approved the Internal Capital Adequacy Assessment Process and its conclusions;
■ was regularly informed of the development of negotiations conducted within the scope of class actions, and inquiries or investigations conducted by the regulatory and judicial authorities of several countries concerning transactions on foreign exchange markets;
■ was informed about the global systemically important bank notification system;
■ was informed of the final outcome of the EBA s stress tests.
2.d Works performed by the Internal Control, Risk Management and Compliance Committee and work approved by the Board of directors in 2018
Meetings Number
of members Attendance
rate 4 8 94%
Risks and liquidity The Internal Control, Risk Management and Compliance Committee:
■ continued to monitor the implementation of the organisation of the RISK Function which is intended to improve the operational effi ciency of control mechanisms and procedures, most notably, those linked to cybersecurity and liquidity as well as the anticipation of risks, including those linked to regulations;
■ reviewed trends in market, counterparty and credit risk and liquidity. It deliberated on the basis of information presented by the RISK Function. The Head of RISK answered the committee s questions on the various categories of risks during a meeting;
■ examined the dashboard presented quarterly by the Head of RISK and proposed some changes to its presentation;
■ was informed of any risk indicator thresholds or limits that had been exceeded and, where applicable, any action plans decided by Executive Management;
■ reviewed the 2017 internal control report, including the report on operational risk, including IT and cybersecurity, permanent control and business continuity as well as the control of outsourced activities;
■ reviewed the interim Operational Risk report;
■ monitored the introduction of the action plan to expand the Risk Appetite Statement (RAS) with credit packages for specifi c sectors and businesses;
■ acknowledged the follow-up letter on the ECB s operational risk mission;
■ reviewed the RAS, its changes in relation to liquidity risk, banking book and operational interest rate risk and aggregate risk thresholds;
■ examined and monitored the Group s liquidity risks and the liquidity policy implemented by Executive Management in view of market and regulatory changes;
■ acknowledged the ECB s ongoing review of internal models (Targeted Review of Internal Model or TRIM);
■ acknowledged the General Data Protection Regulation (GDPR) and its implementation (in particular, the introduction of a network of Data Protection Offi cers (DPO));
■ reviewed the Group s cybersecurity programme and its deployment schedule;
■ reviewed monitoring indicators relating to cyber risk on a quarterly basis enabling the Bank s exposure to security breaches to be measured;
■ reviewed the risks arising from the Group s exposure in Turkey;