Managing legal, regulatory and deontological risks
Compliance: responsible commitment
BPCE is the central body of the cooperative banking group formed by the networks of the Banque Populaire banks and Caisses d’Epargne along with the other affiliated credit institutions, including Natixis. Within this framework, BPCE ensures strict compliance with laws, regulations and good professional practices within its affiliated entities. The Compliance function guarantees the effective enforcement of all these rules, thereby helping to develop trust among all the Group’s stakeholders.
Ethics form an integral part of the compliance policy whose guiding principles are defined by BPCE and then adopted by each entity in accordance with its specific characteristics. Compliance on the part of employees with the rules of good conduct enables each entity to pursue its business activities in an honest, upright and professional manner while providing the highest possible degree of protection for its customers’ interests.
Continuous training and awareness-building sessions organized for employees to ensure compliance with the rules of ethics in the pursuit of their everyday work are essential. Several years ago, the Group set up a professional certification system enabling it to ascertain that the presentation, recommendation and sale of financial services and products are undertaken by employees possessing the necessary professional expertise.
The entities of Groupe BPCE take all reasonable measures to identify and manage situations related to conflicts of interest, to prevent market abuse, and to verify the compliance of employees’ behaviour with antitrust and competition law and the fight against corruption.
The Group has set up a system to monitor and control the management of confidential and privileged information. The respect of bank or professional secrecy is a principle that admits no exception. Confidential information – i.e. information intended to be kept secret – about a customer or company is subject to specific monitoring procedures. As the Group owns several publicly listed companies, procedures have been set up to monitor and control the use of privileged information. Special measures have been taken with respect to transactions involving the securities of listed subsidiaries carried out by employees who enjoy access to privileged information on a permanent or occasional basis.
Working through its Compliance function, Groupe BPCE draws up rules designed to guarantee customer protection. These rules cover advertising, the validation of the products sold to customers, and the approval of commercial processes irrespective of the sales channel used (direct, online, or telephone sales, etc.).
Customer protection must be effective at every stage in the relationship between the bank and its customers, from the provision of pre-contractual information, the subsequent giving of advice, and during the life and final termination of the contract.
The GDPR* sets out to improve the protection of the personal data of natural persons and to grant them new rights over how their data is collected or processed. This new EU regulation is based on the principles of transparency and accountability of the different entities involved. Its entry into application concerns all companies, wherever they are based, as soon as they collect, process or host the personal data of European residents.
* An acronym for the General Data Protection Regulation.
For further details: You are a Banque Populaire customer
For further details: You are Caisse d'Epargne customer
Groupe BPCE has circulated among its entities a set of recommendations enabling each entity to draw up, depending on its particular requirements, a clear and transparent procedure for handling customer complaints.
A regular monitoring of complaints broken down by type of malfunction using a set of quality indicators (processing times, etc.) is carried out by the Quality and Compliance departments in the individual entities.
Furthermore, each Groupe BPCE entity has appointed an independent mediator whose contact details are clearly presented on the documents given to customers and on the website to which they enjoy free access.
Groupe BPCE is actively committed to the prevention of financial crime, notably measures taken to combat money laundering and the financing of terrorism or to prevent fraud. Groupe BPCE also complies with embargos or sanctions imposed on certain countries decided by the European Union or United States.
All entities belonging to Groupe BPCE ensure compliance with the rules and regulations introduced by French legislation that comply with international standards as defined by the Financial Action Task Force (1), by the United Nations or European community institutions (2).
The principles and framework are defined by the central institution of Groupe BPCE and circulated within all Group entities. Awareness-building measures are taken at regular intervals to ensure that all the operating personnel remain sensitized to financial security issues, both regarding the new ways in which financial crime is perpetrated or regarding changes in the law and regulations in this area. Dedicated training material is used by all Groupe BPCE employees.
The prevention of money laundering and terrorist financing, which is based on the principle of developing a personal understanding of the customer, goes hand-in-hand with strategies designed to combat internal and external fraud. These different missions generate synergies capable of improving all the measures adopted to fight against the multifarious dimensions of financial crime. These measures are reinforced by constant vigilance maintained over financial activities, calling on the assistance of the local networks and the team of Group employees directly assigned to the management of these issues.
Like all companies, the different entities belonging to Groupe BPCE may be affected by incidents of an accidental or criminal nature liable to disrupt their smooth operation and, consequently, the quality of the services they provide.
Under such circumstances, the Business Continuity function identifies and approves the alternative solutions to be adopted with a view to:
• Reducing exposure to certain events or incidents,
• Managing crisis situations and minimizing the impacts of the incident,
• Ensuring that the activities of the BPCE Group’s entities start up again as rapidly as possible,
• Maintaining a minimum level of service, by all means available,
• Restoring a normal operating environment as rapidly as possible.
All the financial institutions belonging to Groupe BPCE, as well as the structures contributing to the pursuit of financial activities, have developed a system that can be activated in the event of a major incident.
All the Group’s employees are involved to different degrees and are liable to contribute to the business continuity solution. These solutions are developed from scenarios of previously identified incidents. Their validity is ensured by a policy of regular tests involving the Group’s employees and by a periodical review of needs, resources and related procedures.
Article L211-5 of the French Monetary and Financial Code requires financial institutions distributing Livret A and sustainable development passbook accounts to publish an annual report specifying how the funds deposited on these savings accounts and not centralized with the Caisse des Dépôts et Consignations are used. The report drawn up at the end of December 2011 testifies to Groupe BPCE’s compliance with its regulatory obligation to ensure that decentralized funds deposited on Livret A and sustainable development passbook savings accounts are, effectively, reinvested by Group entities.
(1) The Financial Action Task Force (FATF) is an inter-governmental body whose purpose is the development and promotion of national and international policies to combat money laundering and terrorist financing.
(2) Directives and regulations published by the European Commission or the European Council.