SFIL Annual financial report 2018

Management report I 1 29 Annual Financial Report 2018 SFIL Management report Report on corporate governance Consolidated financial statements in accordance with IFRS Annual financial statements in accordance with French GAAP Shareholders’ Meeting of May 29, 2019 General information 2.5 – COMPLIANCE RISKS 2.5.1. Definition Article 10 p) of the arrêté of November 3, 2014 on the inter‑ nal control of banks defines compliance risk as the risk of judicial, administrative or disciplinary sanction, significant financial loss or loss of reputation resulting from failure to comply with the prevailing laws and regulations and profes‑ sional and ethical standards relating to banking and finan‑ cial activities or with instructions from the executive body issued in particular pursuant to directives from the deci‑ sion-making body. 2.5.2. Organization and governance The compliance system deployed at SFIL aims to reduce the risk of non-compliance with laws, regulations and internal procedures relating to employee ethics and the prevention of conflicts of interest, the compensation policy, the main‑ tenance of data confidentiality and protection of personal data, the protection of the integrity and transparency of financial markets, the protection of customers’ interests, financial security including compliance with financial sanc‑ tions and asset freezing measures, and the fight against money laundering, financing of terrorism and corruption. The system is based on a shared responsibility between the operating divisions and the Compliance division: the oper‑ ating divisions must integrate into their day-to-day actions compliance with laws and regulations, rules of good pro‑ fessional conduct and the SFIL Group’s internal rules. The Compliance division is tasked with two main roles: (i) advis‑ ing and assisting the business lines so that they can perform their tasks in accordance with their professional and regula‑ tory obligations and the SFIL Group’s commitments; and (ii) monitoring and assessing the adequacy and effectiveness of the compliance risk control and management system. The Compliance division is placed under the authority of the General Secretary who, in her capacity as Head of Compli‑ ance and member of the Executive Committee, is in turn placed under the direct authority of SFIL’s Chief Executive Officer. The Legal division, the Administration division and the Communications division also report to the General Secretariat, and provide active support to the Compliance division within the scope of their respective responsibilities. The General Secretary is responsible for relations with the supervisory authorities regarding compliance issues. SFIL’s Compliance division is independent of all of its operational units and, in particular, any commercial activity. More specifically, the Compliance division’s work involves the following main tasks: • Defining and implementing the standards framework, i.e. policies and procedures falling within its area of exper‑ tise, and adapting and operationally implementing these policies and procedures for areas under its functional responsibility; • Drawing up procedures aimed at ensuring compliance with the laws and regulations applicable to banking activ‑ ities, for compliance issues; • Drawing up and implementing a compliance training plan; • Analyzing projects to create or modify products or ser‑ vices and issuing compliance opinions, and, more gener‑ ally, working on cross-functional projects with compliance implications and advising the other divisions; in guidelines and operational procedures. This plan is also regularly tested, with tests carried out in 2018 on the new market transactions management tool, the new data ware‑ house and the Oracle technology. •  the crisis management system, which is managed by the Operational Risks and Permanent Control division. This system is governed by a crisis management operational procedure. A crisis unit has been identified and regularly tested crisis scenarios have been defined. In particular, a transportation unavailability scenario associated with potential terrorist risk is tested three times a year. A crisis unit exercise, based on a specific scenario, was carried out in November 2018. The IT security procedures and changes therein are moni‑ tored quarterly by the IT Security and Business Continuity Plan Committee and validated by the Operational Risks and Permanent Control Committee. Operational risk insurance The reduction of any financial impacts associated with the operational risks to which the SFIL Group is exposed is also taken into consideration when it takes out insurance pol‑ icies. SFIL has insurance policies covering standard dam‑ ages, premises-related multi-risks, IT equipment and civil liability. It has also taken out insurance policies to cover the third-party liability of members of its management and supervisory bodies, professional liability and fraud, as well as a specific cybercrime risk policy. These policies cover SFIL and its subsidiary CAFFIL. Security of means of payment The means of payment managed by SFIL for its own activ‑ ity, as Caisse Française de Financement Local’s managing institution or as La Banque Postale’s service provider are as follows: •  the SWIFT and TARGET 2 networks, to execute interbank payments related to transactions entered into by the front office operators of the Market Activities operating divi‑ sion or the Export Credit division, as well as any trans‑ fers requested by other SFIL divisions (mainly payment of invoices in foreign currencies); •  the SCBCM (ministerial budget and accounting control unit) network, used for disbursements and repayments on CAFFIL’s loans to its public sector customers and for the services provided on behalf of La Banque Postale; •  the CORE (Compensation Retail) system, used for most payments to Caisse Française de Financement Local’s cus‑ tomers with bank accounts and for payment of invoices in euros; •  lastly, certain supplier invoices may be settled by check. SFIL does not provide its customers or those of CAFFIL with any means of payment. Various procedures and systems are in place to ensure the security of means of payment, including payment processes under the responsibility of the back offices, segregation of duties, clearly defined rules for validating individual pay‑ ments, secure message management, the business continu‑ ity plan and specific compliance controls. SFIL and Caisse Française de Financement Local also responded to the SWIFT and TARGET 2 self-certification requests in accord‑ ance with the requirements issued by these organizations, reflecting the Group’s unerring commitment to increasing the level of security associated with means of payment.