system (credit risk, market risk and operational risk). To supplement this internal control system, the Internal Audit department, as the third line of defence, is responsible for carrying out periodic controls. The Bank continues to adjust its internal control system in line with changes in its business, the regulatory environment and CA SA Group and Indosuez directives. The implementation of a formal, exhaustive control system meeting the latest regulatory requirements and Group rules is the main objective of the Permanent Control department in close collaboration with the CA Indosuez Business Line. Note the launch in Q4 2024 of a group project piloted by KPMG with a view to harmonising and rationalising level 2.1 and 2.2 control systems between Indosuez entities. Control results for 2024 Some 406 controls (at levels 1, 2.1 and 2.2) are monitored in the Enablon tool by entering a control result, and currently cover the major risks and processes considered to be sensitive. They were completed on schedule, and the results observed remain over 90% satisfactory for all quarters of the 2024 financial year. Information and decisions of the Executive Directors and the Board of Directors The various communications made to senior management include information on outsourced activities (see table on outsourced activities on page 40), the approval and monitoring of limits, the results of controls over the entire scope of internal control, information on significant incidents, anomalies detected by the system for monitoring and analysing the fight against money laundering and the financing of terrorism and any other significant element relating to permanent risk control, compliance and periodic control, for both internal and external tasks. The governing body was also provided with details of changes in outstanding loans, ratings and nonperforming loans. As well as the reports made by the Risk and Permanent Control department, the Compliance and Ethics function also submits reports to the General Management. Three Internal Control Committees met on 14 February, 15 June and 18 October 2024. An Information and Communication Committee (CCI) meeting to discuss the results of the Q3 2024 control campaign and the key events of the quarter was held by circular on 17 December 2024. The reports on Internal Control and the measurement and monitoring of risks and cheques for the 2023 financial year were presented to the Internal Control Committee on 14 February 2024, then to the Specialised Audit and Risk Committee on 14 March, OVERVIEW OF RISK AND EXPOSURE MANAGEMENT PRINCIPLE FOR THE ORGANISATION OF THE INTERNAL CONTROL SYSTEM Management of the system At CFM Indosuez Wealth, the internal control system is applied in accordance with the Order of 3 November 2014, and the Order of 25 February 2021 amending it, on the internal control of companies active in banking, payment services and investment services and subject to ACPR supervision. It includes a process for controlling transactions and internal procedures, a structure for accounting and processing information, systems for measuring risks and results, risk monitoring and management systems, an information and documentation system and a process for monitoring flows of cash and securities. The CACIB Chief Risk Officer (who reports to the ACPR) and the Indosuez Wealth Risk & Permanent Control (RPC) department delegate their authority to the Head of the Risk and Permanent Control department of CFM Indosuez Wealth to oversee the risk control and supervision system, based on: · a central system, adapted locally, including level 2.1 and 2.2 controls applied by all Group entities, implemented by the Indosuez Wealth Group on its main control functions (Legal, Compliance, Finance, Security, Permanent Control, etc.) ; · a local system including level 2.1 and 2.2 controls carried out by all operational departments, thus completing the scope of the Indosuez Joint Business Control Plan. In 2024, the Indosuez Group acquired a new integrated risk management tool (Enablon) to replace the Copilot control management tool, enabling the integration of the entire control plan and operational risk mapping. By the end of 2025, the tool will also handle incidents and the production of risk indicators. Level 2.2 and 2.1 control results have been centralised in the tool since Q1 2024. When analysing the results of the control campaigns, the results rated as red or amber are analysed in detail by Permanent Control. These improvable indicators are then presented to the Internal Control Committee and the Specialised Audit and Risk Committee and, if necessary, action plans are implemented. For CFM Indosuez Wealth and its subsidiaries, CFM Indosuez Gestion and CFM Conseil en Investissement, the risk management function is organised locally within the Risk and Permanent Control department, which is responsible for the oversight, coordination and supervision of the risk and permanent control Internal control CFM Indosuez Wealth Management 44
RkJQdWJsaXNoZXIy NzMxNTcx