43 Internal Audit department, as the third line of defence, is responsible for carrying out periodic controls. The Bank continues to ensure that it adjusts its internal control system in line with changes in its business and the regulatory environment. The implementation of a formal, exhaustive control system meeting the latest regulatory requirements and Group rules is the main objective of the Permanent Control department in close collaboration with the Business Line. Results and specific measures for 2022 Results of controls Level 2.2 and 2.1 controls of the control plan were carried out in accordance with the deadlines, and the results observed remain satisfactory for all quarters of the 2022 financial year, with no major deterioration in risk. Dedicated resources for managing the Russian crisis In addition, the system dedicated to managing the Russian crisis (see Impact of the Russo-Ukrainian conflict on the business of CFM Indosuez Wealth) was subject to dedicated controls by Permanent Control, which did not reveal any problems. Two special control tasks As part of its remit, Permanent Control also carried out specific controls on the implementation of the 2021 anti-fraud action plan common to the Indosuez Wealth Group and an additional assignment on the activity, processes and controls of the CFM Indosuez Conseil en Investissement subsidiary. No major malfunctions or shortcomings were noted in the course of these tasks. Information and decisions of the Executive Directors and the Board of Directors The various communications made to senior management include information on outsourced activities (see table on outsourced activities on page 40), the approval and monitoring of limits, the results of controls over the entire scope of internal control, information on significant incidents, anomalies detected by the system for monitoring and analysing the fight against money laundering and the financing of terrorism and any other significant element relating to permanent risk control, compliance and periodic control, for both internal and external tasks. The governing body is also provided with details of changes in outstanding loans, ratings and nonperforming loans. In addition to the reports made by the Risk and Permanent Control department, the OVERVIEW OF RISK AND EXPOSURE MANAGEMENT PRINCIPLE FOR THE ORGANISATION OF THE INTERNAL CONTROL SYSTEM Management of the system At CFM Indosuez Wealth, the internal control system is applied in accordance with the Order of 3 November 2014, and the Order of 25 February 2021 amending it, on the internal control of companies active in banking, payment services and investment services and subject to ACPR supervision. It includes a process for controlling transactions and internal procedures, a structure for accounting and processing information, systems for measuring risks and results, risk monitoring and management systems, an information and documentation system and a process for monitoring flows of cash and securities. The CACIB Chief Risk Officer (who reports to the ACPR) and the Indosuez Wealth Risk & Permanent Control (RPC) department delegate their authority to the Head of the Risk and Permanent Control department to oversee the risk control and supervision system, based on: • a central system, adapted locally, including level 2.1 and 2.2 controls applied by all Group entities, implemented by the Indosuez Wealth Group on its main control functions (Legal, Compliance, Finance, Security, Permanent Control, etc.) ; • a local system including level 2.1 and 2.2 controls carried out by all operational departments, thus completing the scope of the Indosuez Joint Business Control Plan. The results of level 2.2 and 2.1 controls are centralised and monitored using a group IT tool shared by all entities. Results that require improvement and that are rated red or orange are analysed in detail by Permanent Control. These improveable indicators are presented to the Internal Control Committee and the Specialised Audit and Risk Committee and, if necessary, action plans are implemented. For CFM Indosuez Wealth and its subsidiaries, CFM Indosuez Gestion and CFM Conseil en Investissement, the risk management function is organised locally within the Risk and Permanent Control department, which is responsible for the oversight, coordination and supervision of the risk and permanent control system (credit risk, market risk and operational risk). To supplement this internal control system, the / Internal control /
RkJQdWJsaXNoZXIy NzMxNTcx