AFD - 2018 Registration document

4

RISK MANAGEMENT

Risk management

4.3 Risk management

4.3.1 Internal control and risk monitoring AFD’s internal control system is intended to provide Senior Management with reasonable assurance of the implementation of the following three objectives: (i) implementation and optimisation of transactions, (ii) reliability of financial information, and (iii) compliance with laws and regulations. It includes the four targets set in the decree of 3 November 2014, namely, (i) the quality and reliability of accounting and financial information, (ii) the compliance of transactions, organisation, and internal procedures with legal and regulatory provisions, (iii) the quality of information systems, and (iv) compliance with decisions made by Senior Management. At AFD, internal control is the purview of the Operational Risk and Permanent Control Department (ROC) and the General Inspection department (IGE) for periodic controls. a) Permanent control system AFD Group’s permanent control is cross-functional and carried out by (i) the Permanent Control unit of the Operational Risk and Permanent Control Department (ROC), comprising employees who are responsible for defining, leading and supervising the system, (ii) Group managers responsible for risk mitigation in their part of the organisation and who are the appointed contacts in this respect for the Permanent Control function, and (iii) any employees, whether at headquarters or in field offices, who may be required to play a role in identifying and assessing risks, performing first- and second-level checks, and detecting and reporting and/or handling incidents. AFD’s permanent control is exhaustive in scope, because its aim is to ensure that all risks generated by the Group’s activities, whatever they may be, are indeed subject to an appropriate control system. Lastly, with regard to the specific disbursements control system, the role of the Disbursement Control Division of the ROC department is to carry out second-level checks following disbursements for AFD’s financing projects. It is a specialist unit that, in accordance with Article 14 of the Decree of 3 November 2014, is independent of operational structures and is responsible for controlling disbursement requests. b) Compliance and anti-money laundering/combating the financing of terrorism system (AML/CFT) The Compliance function performed by the Compliance Department (DCO) on behalf of AFD Group, which is independent

of operational staff, is tasked with monitoring compliance in all sectors, operations, geographic areas and regulatory contexts of AFD Group. Its ultimate aim is to ensure that non-compliance risks and risks to the Group’s reputation are monitored and managed. The Compliance function’s field of expertise enables it to (i) decide on AFD Group’s financial security policy, (ii) ensure that the financial institution follows the provisions on combating money laundering and terrorist financing, those on the prevention of corruption and on conducting banking and financial activities, and those ensuring the protection of clients’ personal data. c) Periodic control system Given the rules governing the independence of the services that it provides, the General Inspection department (IGE) reports to AFD’s Chief Executive Officer. It is in charge of the periodic control of transaction compliance, the actual risk level incurred, the respect of procedures, and the efficiency and suitability of the permanent control systems set up by AFD. It serves AFD’s internal audit function and has jurisdiction over all of the company’s activities, including outsourced activities. The Group’s risk mitigation is governed through two main bodies: 1) the Board of Directors, via the Group Risk Committee and the Audit Committee, and 2) the Internal Control Committee. The Internal Control Committee is the body through which the heads of Periodic Control, Permanent Control and Compliance of the Group report on the fulfilment of their roles to the executive officers, as stipulated in Article 10 of the Decree of 3 November 2014. The Group Risk Committee Reporting to the Board of Directors, the Group Risk Committee, created in 2015 to meet the requirements of the Order of 3 November 2014, is tasked with (i) carrying out a regular review of strategies, policies, procedures, systems, tools, and limits, and the underlying assumptions, (ii) appraising all of the significant risks, risk management policies, and changes made to them, (iii) appraising the measures taken to ensure business continuity, (iv) advising the Board of Directors on the AFD Group’s overall strategy and risk appetite. P The Internal Control Committee P

82

www.afd.fr

REGISTRATION DOCUMENT 2018