SFIL Annual financial report 2018

1 I Management report 16 SFIL Annual Financial Report 2018 mapping and control plan were presented to and approved by the Risks and Internal Control Committee on January 24, 2019. As of December 31, 2018, 23 second-level compliance con‑ trols were in place. They are carried out at a frequency defined based on their criticality. The compliance control scope does not extend to the control of compliance with rules outside the banking and financial sphere (labor and social security law, regulations regarding personal and property safety, etc.), which other divisions are responsible for monitoring. Lastly, the Compliance division uses various internal tools to report shortcomings, breaches and malfunctions: a network of compliance correspondents, a professional and ethical alert procedure and an incident reporting system. 1.6 – THIRD LEVEL OF CONTROL: PERIODIC CONTROL 1.6.1. Organization and governance of the periodic control system Periodic control within the meaning of the arrêté of Novem‑ ber 3, 2014 is carried out by the Internal Audit and Inspec‑ tion division. This division’s scope of intervention covers all SFIL Group activities, operational processes and systems with no reservations or exceptions, including outsourced essential activities and anti-fraud procedures. The independence and effectiveness of the internal audit and inspection function are guaranteed by: •  the fact that its head is the General Auditor who reports to SFIL’s Chief Executive Officer; •  the absence of involvement in the operating management of SFIL’s activities; •  unconditional, immediate access to all information, docu‑ ments, premises, systems and people, as its activities require; •  the resources made available by management to carry out these missions; •  compliance by the division’s staff with the principles of integrity, objectivity, confidentiality and competence (through a permanent training plan on audit techniques and regulatory developments). These principles are reflected in the internal audit charter and the inspection charter approved by the Risks and Inter‑ nal Control Committee and distributed to all SFIL employ‑ ees to remind them of the rights and duties of auditors and auditees. As of January 1, 2019, the Internal Audit and Inspection divi‑ sion had nine staff (plus two alternates), including six audi‑ tors and audit managers. The General Auditor supervises all audit activities and reports issued by the division. She is assisted by a Supervisor, who is in charge of the team of auditors and oversees the audit missions carried out by the auditors under the responsibility of the audit managers. In addition, auditors and audit managers are each responsible for a specific field, with duties covering continuous docu‑ mentation updating, risk monitoring and the following up of recommendations for implementation by SFIL’s operating divisions. 1.6.2. Internal Audit and Inspection division activities The Internal Audit and Inspection division’s activities are described in a regularly updated internal audit manual that ensure compliance with laws and regulations, compliance rules and guidelines, rules to protect the Group’s reputa‑ tion and that of its investors and customers, ethical rules governing professional conduct, rules to prevent conflicts of interest, protect customers’ interests and uphold market integrity, anti-money laundering, corruption and financing of terrorism rules, and financial embargo rules. Pursuant to article 29 of the arrêté , SFIL’s Compliance divi‑ sion is autonomous, independent of all operating units and particularly of any commercial activity. The Compliance division reports to the General Secretary, who is a member of SFIL’s Executive Committee and has been designated as the compliance contact for the ACPR. Reporting directly to the Chief Executive Officer, the General Secretary has direct and independent access to SFIL’s Risks and Internal Control Committee and the Board of Directors. The General Secre‑ tary also acts as the TRACFIN correspondent in connection with the Bank’s anti-money laundering and financing of ter‑ rorism obligations. SFIL’s accountable officers, Executive Committee members and Board of Directors are regularly briefed on the compli‑ ance system. The Compliance division prepares a semi-an‑ nual report which is presented to the Executive Committee and the Risks and Internal Control Committee. These bodies accordingly examine the results of the Compliance division’s activities as well as the compliance control results: control evaluation results, monitoring of action plans, presenta‑ tion of the compliance risk mapping and the annual con‑ trol plan. The Executive Committee issues decisions on the main compliance system issues and broad areas requiring improvement. Lastly, a detailed presentation and annual activity report are submitted annually to a meeting of the Risks and Inter‑ nal Control Committee dedicated to hearing the officers of the Risks, Compliance, and Periodic Control divisions, not attended by General Management. For 2018, this presenta‑ tion was made at the Risks and Internal Control Committee meeting of January 24, 2019. 1.5.2. Compliance control system To ensure the effectiveness of SFIL’s and CAFFIL’s compli‑ ance risk management system, the Compliance division uses a compliance control plan to manage compliance risks. The Compliance division implements and documents compli‑ ance controls in accordance with the control plan approved by the Executive Committee and the Risks and Internal Control Committee at the start of the year. Dysfunctions or non-compliance identified as part of the performance of the control plan are systematically the subject of specific action plans sent to the divisions in charge of implementing reme‑ diation actions. The Compliance division monitors overall progress on these action plans. The Compliance division endeavors to make all changes necessary to the mapping of compliance risks and the resulting control plan in order to take into account changes in SFIL’s activity and those arising from the entry into force of new regulations. The methodology for rating “gross” and “net” compliance risks is identical to the internal audit meth‑ odology. The updated compliance risk mapping and control plan are submitted every January for approval by the Risks and Internal Control Committee. The 2019 compliance risk