Procedimiento

These controls are carried out centrally by specialised divisions:

Risk and Permanent Control division

 Role and responsibilities relating to the risk management The Risk Management and Permanent Control Division (RPC) is responsible for supervising risks within Crédit Agricole CIB.

The purpose of this division is to control counterparty risks, country risks, market risks, as well as operational and accounting risks. However, structural financial risks are managed by the Finance Department, legal risks by the Legal Department, the compliance risks by Global Compliance (see page 78).

In October 2014, the management of risks related to information system and organisation plans business continuity has been transferred to the Corporate Support International Department (see page 80).

To do this, it oversees the business development of the Group in order to minimise the cost of risk involved in the activities of various businesses and entities or units.

RPC is also responsible for the oversight of the continuous monitoring of risks across the perimeter of Crédit Agricole CIB.

The risk management and permanent controls organisation within Crédit Agricole CIB forms part of the risk management and permanent controls function set up within the Crédit Agricole S.A.

Group.

Crédit Agricole CIB holds certain powers in managing its risks.

Any cases outside the scope of its powers, as well as certain significant risk strategies, are validated by the “Group Risk Management Committee”.

Crédit Agricole CIB Head of Risk management and permanent controls reports hierarchically to the Crédit Agricole S.A.’s head of Group Risk Management and functionally to Crédit Agricole CIB Executive Management. He is part of the bank’s executive committee (Comex). The Head of Risk Management and Permanent Control is responsible for the risks sector and permanent controls within the meaning of the decree of 3 November 2014, relating to the internal control of banks, payment services companies and investment companies, submitted to the French Prudential Supervisory and Resolution Authority (ACPR).

Within Crédit Agricole CIB, RPC is organised as an independent global business line. It combines all head office risk functions and activities, as well as local and regional officers in the international network. At 31 December 2014, RPC had a worldwide staff of 1,021.5 people (internal full-time equivalents, including subsidiaries and activities of the Private Banking). It should be highlighted that the exit of Newedge in the fi rst half 2014 notably explains the downsize of headcounts.

Crédit Agricole CIB has implemented a set of procedures that determines risk monitoring, risk control and permanent control arrangements. The set of procedures is updated regularly to improve risk measurement and supervision and to take into account the evolution of the regulatory context.

 Governance

Crédit Agricole CIB governance bodies (Audit and Risks Committee and Board of Directors) receive a report on Risk situation (Management and exposures) quarterly and specific monographs when needed.

Activities are managed by the Strategy and Portfolio Committee (CSP). It is in charge of the adequacy of the bank’s strategic orientations with its capacity to take risks and define guidelines.

3 Corporate governance

to each significant perimeter (country, business line, sector). The CSP also works on alert and Business Watch topics.

Decision-making process is based on selected cases by dedicated committees:

• business and geographical Committees are in charge of retail financing within the limit granted to each manager,

• the most significant files are reviewed by the Counterparty Risk Committee (CRC),

• the Market Risk Committee (CRM) monitors market exposures twice a month.

In addition to the Committees in charge of risks (CSP, CRC, CRM), risk management is also presented to the following Executive Management bodies:

• Crédit Agricole CIB Executive Committee (Comex),

• internal Control Committee,

• lead Central Permanent Control Committee which validates the work assigned to permanent controls and reviews the per-manent control systems of the business lines, subsidiaries or branches and cross-functional issues.

The Early Warning meeting is in charge of anticipating and identifying the deterioration of sound counterparties. It is also in charge of the Business Watch activity.

Eventually, Crédit Agricole CIB is part of the Crédit Agricole S.A.

risk management process which is structured by the following bodies:

• the Group Risk Management Committee (CRG): Crédit Agricole CIB mainly presents to the committee its approval requests, its main limit risk one-off strategies, its budgets by country, the corporate authorisations of significant amounts, the sensitive cases as well as the market risk situation;

• the Supervisory Risk Management Committee which reviews the counterparties presenting signs of deterioration or a need of arbitrage between entities of the Group;

• the Standards and Methodology Committee (CNM) to which Crédit Agricole CIB submits for decision any proposal of metho-dology as regards Basel qualification before implementation in Crédit Agricole CIB;

• the CIB Business Line Monitoring Committee which reviews Crédit Agricole CIB risk situation as well as the progress of some of these processes.

 Risk master plan

The master plan is steered by a team attached to the Risk and Permanent Control department at Crédit Agricole CIB.

The risk master plan was launched in late 2007, in a crisis context, to address the need to adopt a view of the medium term trends in risk management. The aim is to accelerate improvements and to ensure consistency among the main areas for improvement, enabling Crédit Agricole CIB to assess its risks more quickly and with greater precision while taking into account the strategic decisions of Crédit Agricole CIB Group.

It covers three main subject areas: regulatory, applications and organisation. It deals with the major types of risk, namely counterparty risk (including market transactions), market risk and operational risk. It also covers related projects that are not directly related to risk but are crucial for successful risk management.

A steering committee, chaired by a member of the Executive Management, brings together representatives of all the risk and IT divisions and monitors the twenty or so projects or programmes that have been selected.

The work carried out so far has made it possible to achieve the targets initially established leading to a risk management department therefore working in a more cross-divisional manner.

The procedures for controlling and monitoring market and counterparty risk in market transactions as well as the risk related to the rogue trading risk prevention have also been strengthened.

The main strategic focus of the master plan will currently be on the:

• BMA (Global Basis of Authorisation) project aimed at streamli-ning the IT system and the procedures for permissions management,

• the regulatory requirements of Basel III regarding the liquidity and counterparty risk of market transactions (EPE-CVA project, Desk CVA and VaR CVA),

• the requirements in terms of reporting and risk systems aggre-gation capacity, as described by the BCBS 239 text released by the EBA in January 2013. This program will also integrate the conclusions of the “Asset Quality Review” and EBA stress tests conducted in 2014 (Quartz programme).

 Marly Programme

The operational risk management programme gets regular backup from the Marly programme, launched in September 2007. It is a long-term programme aiming at improving in the way in which the operational risks arising from the bank’s market transactions are controlled. In particular it incorporates the recommendations of the Lagarde report. The work that has been undertaken is aimed at better identifying unusual or fraudulent activity by strengthening the system of controls. In 2014, the last projects were fi nalized: the strengthening of the controls on internal transactions is over, the work on the strengthening of IT security of the most sensitive zones has been fi nalized at the end of the year. Last actions of deployment of the programme in the entities abroad not yet covered are in progress. The programme has been included in the governance structure of Crédit Agricole CIB by means of a steering committee chaired by a member of the General Management and which has members from both the market front offices and all support functions.

This programme integrates the bi-annual revision of the auto-evaluation questionnaire coming from ACPR; the latter has 184 questions organised into 32 themes (questions of previous SSG / IIF / CRMPG III reports, etc.), Crédit Agricole CIB being involved in only 107 questions. By the end of December 2014, Crédit Agricole CIB’s system appeared “fully compliant” for the entire 107 questions.

Furthermore, Crédit Agricole CIB also participated in 2014 in a self-assessment questionnaire, quoted from the Basel Committee’s best practices in terms of operational risks (Principles for the Sound Management of Operational Risk).

 Counterparty risks

Any counterparty or group of counterparties is subject to limitations within the framework of specific procedures.

The decision process is based on two authorised signatures from the front office (one as responsible for the application, the other being the Delegated chairman of the relevant committee) as well as an independent RPC opinion issued by an authorised signatory.

Corporate governance 3

If the RPC’s opinion is negative, the decision-making power is passed on to the Chairman of the Committee immediately above.

Credit decisions are subject to risk strategies that set the main guidelines (target customer base, types of approved products, total budgets and expected unit values etc.), which each geographical unit or business line must apply to its activities.

When a case is considered to be outside the framework of the risk strategy in force, intermediary authorisations do not apply and a decision can only be made by the Executive Management-level committee (CRC).

The RPC also identifies assets that may deteriorate as soon as possible and initiates the most suitable measures to protect the Bank’s interests.

The process for monitoring receivables is enhanced by a system of portfolio and sub-portfolio analyses on group-wide business line, geographical or sector basis. Analysing concentrations and, if applicable, recommendations for the reorganisation of the portfolio are an integral part of this exercise.

In addition, portfolio reviews are organised periodically for each profit centre in order to verify that the portfolio complies with the risk strategy in force.

The rating of certain counterparties under review may be adjusted at this time.

Sensitive cases and major risks are monitored every quarter.

Other risks are reviewed on an annual basis.

The adequacy of the level of reserves in relation to risk is assessed every quarter by the Executive Management, on the recommendation of the RPC.

This approach also involves stress tests, aimed at assessing the impact of unfavourable macroeconomic assumptions and quantifying the risks to which the bank may be exposed in an unfavourable climate.

 Country risks

Country risks are subject to an assessment and monitoring system based on a specific rating methodology. Country ratings that are updated at least quarterly have a direct consequence on the limits applied to each country for the validation of their risk strategy.

 Market risks

Upstream market risk management takes place through several committees that assess risks associated with activities, products and strategies before they are introduced or implemented:

• the New Activity or New Product Committees, organised by the business line allows the Market Risk teams, among others, to pre-approve business development;

• the Market Risks Committee (CRM), which met twice a month, co-ordinates the whole market risk management system and approves market risk limitations;

• the Liquidity Risks Committee (CRL) ensure the implementation of the Group standards in terms of Liquidity Risks at the ope-rational level.

• the Pricers Validation Committee presents a summary of the pricers which were validated during the year.

Risk management is carried out using a variety of risk

measurements:

• global measurements using Value at Risk (VaR) or stress sce-narios; VaR measurements are drawn up with a 1% probabi-lity of occurring in any one day; stress scenario measurements include global stress (historical, hypothetical and adverse) and specific stress for each activity;

• specific measurements using sensitivity indicators, measure-ments of notional amounts and stop-loss limits.

Lastly, the Valuations and Pricing Committees define and monitor the application of portfolio valuation rules for each product range.

In 2014, projects have been conducted notably on the following regulatory subjects : CRD4 – Prudent Valuation – AVA (Additional Valuation Adjustment), the French Banking Law and the Volcker Rule (separation of speculative activities).

 Operational risks

Operational risk management relies mainly on a network of Permanent Control correspondents coordinated by the RPC.

Operational risks are monitored for each business line, subsidiary and each region, which ensure the reporting of losses and incidents, as well as their analysis, by Internal Control Committees.

Since the end of 2013, in addition to real losses, the operational risks’ scorecard methodology takes into account the provisions (notably legal).

Each quarter, the RPC produces an operational risk scorecard showing movements in operational risk-related costs and associated key events.

Remedial action following significant incidents is monitored closely, in conjunction with business lines and support functions.

The operational risk map covering all business lines at head office, the international network and subsidiaries is revised every year.

Together with the compliance and legal functions, the RPC takes into account non-compliance risks and legal risks.

In 2014, work has been conducted in order to homogeneize the maps realized by Crédit Agricole CIB and to present a global consolidated view. In 2015, a rationalization of the IT system related to the operational losses collect and signifi cant incidents’

statement is planned.

 Outsourced Essential Services (“PSEE”)

Any service or operational task classed as essential must meet certain monitoring requirements defined as part of a procedure that in particular sets forth the way in which outsourcing decisions are taken, the elements to be included in the contract and the supervision procedures to ensure that all associated risks are managed and that the service runs smoothly.

In addition, a review of all essential services including a report on service quality (i.e. analysis of the main incidents and dysfunctionings) and contract compliance is presented to the lead Permanent Control Committee.

 Permanent control of accounting and financing information The objectives of the permanent control of accounting and financing information aim at ensuring the adequate coverage of

3 Corporate governance

major accounting risks which could affect the quality of accounting and financing information. Crédit Agricole CIB applied the Crédit Agricole Group’s recommendations in this area.

Thus, the Permanent Accounting Control of the Risk Department ensures the permanent control of the last level of accounting and financing information (Second-degree, second-level controls). In this regard it has the following tasks:

• the production, in the Group’s tool, of the accounting control indicators (2.2 degree and 2.2.C degree on a consolidated basis);

• the production of the 2.2 degree control indicators of the accounting outsourced Essential Services ensured by Crédit Agricole CIB for the other entities of Crédit Agricole Group;

• the development of an Accounting and Financial Information Scoreboard for Crédit Agricole CIB completed for the year ended 31 December of the previous year, making it possible to assess the proper functioning of the accounting control device of the published Financial Information. The Permanent Accounting Control ensures the implementation of action plans if needed. This Scoreboard is presented to Crédit Agricole CIB Executive Management within the framework of its lead Permanent Control Committee. Accounting control indicators and their evolutions are presented, at least twice a year before this same Committee;

• monitoring of 1 and 2.1 degree controls which are monthly passed on by the ISIS network’s entities; the Permanent Accounting Control of RPC is addressed to the synthesis, made from head offices, of these controls;

• punctual controls of all information of the Permanent Accounting Control and of all publishable accounting and financial information;

• thematic on-the-spot controls: an annual control plan is defined. This plan is validated during a lead Permanent Control Committee. The summary and conclusions of these the-matic controls are presented each year during the June and December Permanent Control Committees.

In 2014, the two monitoring missions realized covered:

1-the unactive accounts of Crédit Agricole CIB France,

2-the accounting control of the Crédit Agricole S.A.’s outsourced Essential Services.

 Regulatory capital requirements

Within the framework of Basel II regulations, Crédit Agricole CIB uses an approach based on internal models approved by the French Prudential Supervisory Authority (ACPR, or “Autorité de Contrôle Prudentiel et de Résolution”) for calculating capital requirements with respect to credit and market risks as well as operational risk.

These patterns are part of the risk management device of Crédit Agricole CIB, they are monitored and reviewed on a regular basis to ensure their effective performance and use.

As regards credit risk, the Corporate model has been validated by the French prudential supervisory authority (ACPR) in June 2014 and implemented in “Anadéfi ” rating tool in October 2014.

Furthermore, all the PD and LGD models have been subject to backtesting. A summary of this work has been presented during Crédit Agricole S.A. Standards and Methodology Committees (June/December 2014) and during the Bank Executive Committee in July 2014. Lastly, certain credit models are due to be presented to the ECB in 2015. The aim of these changes and the new models is to ensure tighter management of our risk. A Basel II data quality committee is in charge of carrying out regular inspections to ensure the requirements of Basel II are being carried out correctly.

As regards the new capital requirement regulations in relation to counterparty risk in market transactions contained in CRD4/

CRR1, they have been implemented in 2013 within the framework of the EPE/CVA project. At the end of May 2014, ACPR has authorized Crédit Agricole CIB to use its internal risk model on market transactions for calculating capital requirements. This authorization covers the use of the Internal Model Method for calculating the counterparty risk and of the Advanced Method for calculating the credit value adjustment risk (CVA) on the main part of the calculation scope.

As regards operational risk, Crédit Agricole CIB uses a method based on the Crédit Agricole Group’s internal model, which in turn is based on our loss history and also includes a number of risk scenarios, which are reviewed every year.

Finance Division: internal control of accounting and financial information, global interest-rate risk and liquidity risk

 Roles and responsibilities relating to the preparation and processing of accounting and financial information

In accordance with the Group’s current rules, roles and organization principles of the Finance Directio’s functions are described in a directive.

Within the Finance Division of Crédit Agricole CIB, Group Financial Control is in charge of drawing up the financial statements (the individual accounts of Crédit Agricole CIB, the consolidated financial statements for the Crédit Agricole CIB group, and regulatory statements for the company and for the group). The department is also responsible for giving Crédit Agricole S.A. all the data needed to prepare the consolidated accounts of the Crédit Agricole Group.

The Finance Divisions of the entities that fall within the scope of consolidation are responsible for drawing up their own financial statements by local and international standards. They operate within the framework of the instructions and controls of the Head Offi ce’s Finance Department.

 Procedures for the preparation and processing of financial

 Procedures for the preparation and processing of financial