SFIL Annual financial report 2018

3 I Consolidated financial statements in accordance with IFRS 110 SFIL Annual Financial Report 2018 Measurement of financial instruments classified in Fair Value Level 2 and 3 Risk identified Our response In connection with its activities, the SFIL Group holds derivatives recognized at fair value through profit or loss as well as loans recognized at fair value through profit or loss in accordance with the classification criteria of IFRS 9 “Financial Instruments”. When no active market or directly observable market data exists, the SFIL Group uses, to calculate the fair value level 2 or 3 of these instruments, valuation techniques based on observable data for similar instruments or internal models based on non-observable market data, as indicated in “Methods used to determine the fair value of financial instruments,” Note 7.1.3 to the consolidated financial statements. The models and parameters used to value these instruments are based on estimates. As of December 31, 2018, financial instruments recognized at fair value through profit or loss amounted to EUR 10,001 million under assets (of which EUR 5,573 million of loans recognized at fair value through profit or loss) and EUR 7,363 million under liabilities on the SFIL balance sheet. Note 7.1.3 to the consolidated financial statements provides detailed disclosures on the valuation and classification of these financial instruments in fair value level 2 and 3. Due to the complexity related to determining valuation models, the sensitivity of these models to assumptions adopted by the Credit Risk Department, and the uncertainty inherent in the exercise of judgements used to estimate the level 3 parameters, we considered the valuation of financial instruments classified in fair value level 2 and 3 to be a key audit matter. Our audit approach focused on certain key internal control processes related to the valuation of derivatives and in particular: •  regular review and validation of the valuation models by the Credit Risk Department; •  verification of market data and parameters used in the models; •  review of the recognition process for non-SPPI loans at fair value through profit or loss; With the support of our risk modeling and valuation techniques experts, we have adopted an approach comprising the following main steps: •  review of variations in the classification of financial instruments according to fair value levels; •  review of the results of valuation verification processes based on valuations of external counterparties as part of collateral reconciliation and review of analyses performed by the entity in the event of material differences for a selection of contracts; •  independent valuation performed on a selection of derivative contracts; •  analysis of the formula used to value non-SPPI loans at fair value through profit or loss and using this formula on a selection of contracts; •  review of the backtesting of the model used to value non-SPPI loans at fair value through profit or loss; •  review of the consistency of accounting treatments with the support of our IFRS experts; •  review of the methodology and approach for qualifying the valuation of derivatives as described in chapter C of Note 7.1 “Fair value” in the notes to the consolidated financial statements and analysis of criteria adopted to determine the fair value hierarchy; •  review of disclosures provided in the notes to the consolidated financial statements. IT migration Risk identified Our response The SFIL group rolled out a program to overhaul its IT system. In April 1, 2018, this project resulted in the migration of, notably, the management of all market transactions (derivatives and securities) towards a new IT system integrating a new management application and the creation of an data warehouse. Considering the risks inherent in such a project, notably the correct recovery of data and carryforward of historical balances in the new IT system, as well as the changes related to a new IT system in the processes of the activities, we considered this project to be a key audit matter. Our procedures, with the support of our experts who are part of the audit team, consisted in: • Examining the documentation related to the different phases of the project and its governance framework; • Examining the controls set up by the permanent control and internal audit reports; • Analyzing coverage of acceptance testing; • Examining the control mechanism framing the recovery of post-migration transactions; • Examining the application authorizations for the new IT tools and applications having been impacted by the simplification of the IT system; • Examining the developments of new application program interfaces; • Analyzing internal developments enabling non-assured functionalities to be repaired by the new IT system as of the production starting date.