AFD - 2018 Registration document

4

RISK MANAGEMENT

Risk management

4.3.6.5 Tax risk AFD did not undergo any tax audits in 2018.

AFD also has a “pandemic” plan which describes the principles and ways of maintaining business activity in the event of a global or local pandemic. The Information and Telecommunications Recovery Plan (PRIT), which covers the risk of an extended IT system outage, has an IT infrastructure that reactivates the AFD Group’s applications and essential systems. The PRIT system covers all of the business lines’ IT continuity requirements by duplicating 70% of the Group’s Information System and 100% of production data. This includes all systems essential to users’ “core business” activity for the first month of loss. The remaining 30%, corresponding to non-essential systems, are re-established within three months. Improvements to the PRIT engaged in 2018 cut the time needed to activate the emergency platform by 70%. In 2019 the technical platform will be due for an upgrade as part of obsolescence management. A Flood Risk Prevention Plan (PPRI), intended to cover the risk of the Seine bursting its banks and mitigate the impact of such a contingency on AFD’s main head office building, has also been introduced. Another building will be added to the PPRI in 2019. A permanent standby mechanism at the level of the General Secretariat and Executive Committee (EXCOM) is in place to enable AFD to respond rapidly to a major disaster. The mechanism provides for a crisis unit led by an EXCOM member to be activated when in need. In case of a major disaster, the crisis unit decides whether to activate the BCP. The mechanism also covers Proparco and Sogefom. In 2018 BCP and PRIT activation tests were conducted (the former covering both business lines and IT). That same year a crisis simulation was carried out with the Executive Committee. No actual disasters leading to the activation of the emergency and business continuation plan occurred in 2018. An audit of the plan by the General Inspection Department was begun in late 2016 and completed in February 2017.

In a letter dated 7 October 2016, the tax authority conducted a comprehensive assessment of all of Proparco’s tax returns for the period from 1 January 2014 to 31 December 2015. An audit began on 20 October 2016 and was completed at the end of 2017. The General Directorate of Public Finance issued a proposed non-material correction. The notice of assessment was received in June 2018. 4.3.6.6 Other operational risks In addition to the risks detailed above, the Group’s permanent control system seeks to cover all risks within the remit of Basel categories 1 to 7 to which the Group is exposed (risks relating to (i) internal and (ii) external fraud, (iii) human resources; concerning (iv) the Group’s financing activity, (v) personal safety, (vi) information systems and (vii) management, processes and procedures). This system for monitoring and mitigating all operational risks is based on: P operational risk mapping, which is the main tool used to measure and monitor these risks; P a system for reporting operational incidents, key controls, and action plans developed across the most significant risk zones. Specifically, incidents are recorded to ensure corrective action is implemented to avoid repeat incidents, and to further develop risk mapping and deploy new controls, where applicable. Permanent control provides regular reports to the Group’s Risk Committee and Internal Control Committee (COCINT).

88

www.afd.fr

REGISTRATION DOCUMENT 2018