2007 REGISTRATION DOCUMENT
2007 REGISTRATION DOCUMENT 2007 REGISTRATION DOCUMENT
2 ReportCORPORATE GOVERNANCEof the Chairman of the Board of Directors on the conditions for the preparation and organisationof the work of the Board and on internal control procedures implemented by BNP Paribas■ p eriodic Controls are based on “ex post” reviews carried out byemployees who are not involved in Permanent Controls. They areperformed by the General Inspection unit;■ separation of tasks: this applies to the various phases of a transaction,from initiation and execution, to recording, settlement and control.The separation of tasks also exists between independent functionsand between the players involved in Permanent Controls and PeriodicControls;■ responsibility of operational staff: a large part of the PermanentControl mechanism is incorporated within the operational organisation< Contents >under the direct responsibility of the entities (core businesses andfunctions) which should make sure that they have the resourcesrequired for effective control. Managers at all levels must ensureeffective control over the risks related to the activities for whichthey are responsible;■ exhaustiveness of Internal Control: see above, under “Scope of InternalControl”.Teams from the General Inspection unit verify that these four principlesare complied with by carrying out regular inspections.12INTERNAL CONTROL, RISK MANAGEMENT AND COMPLIANCE COMMITTEEEXECUTIVE MANAGEMENT3INTERNAL CONTROL COORDINATION COMMITTEEPERMANENT CONTROL – OPERATIONAL RISK – Central team4GeneralInspection unitGroup ComplianceGroupLegalDepartmentOtherFunctionsGroupFinance-DevelopmentGroup RiskManagementCORE BUSINESSESPermanent Control – Core Business and Function Operational Risk5Auditor(s)Head ofComplianceOther functional heads(excluding Legal Affairs)Head ofFinanceMarket / Credit(excluding specific cases)Conformité ENTITIES* Groupe6PERIODICCONTROLPERMANENT CONTROLHierarchical link Joint oversight Functional link * Business lines, subsidiaries, territoriesPLAYERS INVOLVED IN PERMANENT CONTROLSThe players involved in Permanent Controls are:■ the operational staff working in commercial, administrative or supportfunctions. They directly control the operations for which they areresponsible, based on Group procedures. These controls are knownas first-level permanent controls;■ managers, who perform controls as part of operational or autonomouscontrol procedures. These controls are known as second-levelpermanent controls;■ specialised control functions that also carry out second-levelpermanent controls - mainly the Compliance and Risk Managementfunctions.The Compliance function ensures that the Group “conforms to legal andregulatory provisions, professional and ethical standards, as well as theoverall strategy of the Board of Directors and Executive Managementguidelines”. It has considerable independence which it exercises withthe Heads of operating units over the managers of teams in chargeof compliance in the core businesses and support functions via a jointoversight arrangement. The Head of Compliance reports to the ChiefExecutive Officer and represents the Bank before the Commissionbancaire with regard to all matters concerning Permanent Controls.The Risk Management function is in charge of measuring and monitoringall types of risks (credit risks, market risks, etc.). It comprises an integratedGroup Risk Management unit (GRM), independent of the core businessesand business lines, and Risk Management teams with direct reportinglines to the core businesses and business lines. In accordance with theaforementioned Regulation n° 97-02, it prepares an annual statutoryreport on risk measurement and oversight for the attention of the Boardof Directors. The Head of Risk Management reports directly to the ChiefExecutive Officer.The Heads of the Compliance and Risk Management functions areinterviewed regularly by the Internal Control, Risk Managementand Compliance Committee set up by the Board of Directors ofBNP Paribas.7891011562007 Registration document - BNP PARIBAS
CORPORATE GOVERNANCEReport of the Chairman of the Board of Directors on the conditions for the preparation and organisation 2of the work of the Board and on internal control procedures implemented by BNP Paribas< Contents >PLAYERS INVOLVED IN PERIODIC CONTROLSPeriodic Controls (known as third-level controls) are carried out on anindependent basis by the General Inspection unit, which includes:■ inspectors based at headquarters, who are authorised to carry outcontrols throughout the Group;■ auditors within the various entities of the Group, who report to theGeneral Inspection unit.Periodic Controls are the responsibility of the Head of the GeneralInspection unit who reports operationally to the Chief Executive Officer.He also reports to the Board, either directly or via the Internal Control,Risk Management and Compliance Committee.COORDINATION OF INTERNAL CONTROLThe Internal Control Coordination Committee (ICCC), which meets on amonthly basis, includes the following participants:■ the key players involved in Permanent Controls:■ the Heads of Compliance, Finance-Development and RiskManagement or their representatives,■ the Heads of Tax Affairs, Legal Affairs and Technologies andProcesses or their representatives,■ the Heads of the five core businesses or their representatives;■ the Head of Periodic Controls.Members of the Bank’s Executive Management may attend ICCCmeetings. The Heads of other functions may also be invited to participatein such meetings.At Group level, coordinating Internal Control is the responsibility of theHead of Compliance, who sits on the Executive Committee and chairsthe Internal Control Coordination Committee. The ICCC:■ is not intended to replace the different Group Risk ManagementCommittees but to enhance their effectiveness within the overallsystem;■ guarantees the consistency of the Internal Control system and itscompliance with regulations;■ seeks to promote the use of shared internal control tools;■ enhances the overall consistency of the annual reports on internalcontrol and control of investor services prepared by the PermanentControl and Periodic Control functions as required under their “Charterof responsibilities”, and of the report of the Chairman of the Board ofDirectors on internal control procedures prepared in accordance withArticle L. 225-37 of the French Commercial Code.The Chairman of the ICCC reports to the Chief Executive Officer and, ifthe CEO or the Board of Directors deems it necessary, to the Board ofDirectors or the relevant Committee of the Board (usually the InternalControl, Risk Management and Compliance Committee).In 2007, the ICCC’s work covered the following main topics:■ the Internal Control report for 2006 and the results reported by thePermanent Controls function;■ the Group’s key charters or new policies in the area of controls;■ relations with regulatory authorities, particularly outside France;■ the organisation of internal control processes within the corebusinesses and ways of harmonising the tools used, risk assessmentmethodologies and the overall quality assurance programme of thePeriodic Controls function;■major operational issues such as implementation of the EuropeanMarkets in Financial Instruments Directive and fraud prevention.PROCEDURESWritten guidelines are distributed throughout the Group and providethe basic framework for the Group’s internal control, setting out theorganisational structures, procedures and controls to be applied. A teamworking within the Compliance function along with the PermanentControl-Operational Risk team, which report to both the Complianceand Risk Management functions, check that procedural guidelines areregularly monitored for completeness via a network of Procedure andPermanent Control correspondents.Following the completion in 2004 of the Group’s cross-functionalguidelines (levels 1 and 2), their content is now updated as part of anongoing process in which all the core businesses and functions activelyparticipate. The guidelines are currently in the process of being updated.As regards the organisation of controls, the twice-yearly surveys on theeffectiveness of processes have been integrated into the twice-yearlyreporting of the Permanent Controls function – in recognition of the factthat checking procedures is one of the key tasks of Permanent Controls,alongside identifying and assessing risks, running controls, verifyingreporting processes and overseeing the monitoring system.Among the Group’s cross-functional procedures, the roll-out of theprocedure dealing with the validation of exceptional transactions, newproducts and new activities deserves a special mention. This procedure,which was updated in 2006 to reflect changes in regulations and theGroup’s new Internal Control organisation, is applicable to all Groupentities and represents one of the pillars of the system for controllingall forms of risk to which the Group is exposed.Efforts are ongoing to streamline the set of procedures and the applicablestandards, improve their distribution and planning, make them moreaccessible and design better tools for storing them.INTERNAL CONTROL STANDARDSIn 2007, the key players involved in Internal Control continued to workon standardising the main components of the system.HIGHLIGHTS OF 2007The actions carried out during the year mainly focused on rolling outnew organisation standards and consolidating Group Internal Controlstandards.Group Compliance functionIn 2007, the Compliance function kept pace with both the Group’scontinued expansion and new regulatory requirements. As regards theGroup’s expansion, the addition of UkrSibbank and the ongoing processof merging Banca Nazionale del Lavoro into the Group are worthyof note. The Compliance function was closely involved in bringingorganisation and control standards in these entities into line with thoseof BNP Paribas. As regards regulatory developments, the major event in2007 was the entry into force of the Markets in Financial InstrumentsDirective (MiFID).All of the core businesses, support functions and subsidiaries locatedwithin the European Union brought their organisations into line withthe requirements of the Directive in spite of regulatory difficulties,12345678910112007 Registration document - BNP PARIBAS 57
- Page 9 and 10: THE BNP PARIBAS GROUP1The Group’s
- Page 11 and 12: THE BNP PARIBAS GROUP1The Group’s
- Page 13 and 14: THE BNP PARIBAS GROUP1The Group’s
- Page 15 and 16: THE BNP PARIBAS GROUP1The Group’s
- Page 18 and 19: 1 ShareholderTHE BNP PARIBAS GROUPi
- Page 20 and 21: 1 ShareholderTHE BNP PARIBAS GROUPi
- Page 22 and 23: 1 ShareholderTHE BNP PARIBAS GROUPi
- Page 24 and 25: 1 ShareholderTHE BNP PARIBAS GROUPi
- Page 26 and 27: 1 ShareholderTHE BNP PARIBAS GROUPi
- Page 28 and 29: 1 ShareholderTHE BNP PARIBAS GROUPi
- Page 30 and 31: 2 BoardCORPORATE GOVERNANCEof Direc
- Page 32 and 33: 2 BoardCORPORATE GOVERNANCEof Direc
- Page 34 and 35: 2 BoardCORPORATE GOVERNANCEof Direc
- Page 36 and 37: 2 BoardCORPORATE GOVERNANCEof Direc
- Page 38 and 39: 2 BoardCORPORATE GOVERNANCEof Direc
- Page 40 and 41: 2 BoardCORPORATE GOVERNANCEof Direc
- Page 42 and 43: 2 ReportCORPORATE GOVERNANCEof the
- Page 44 and 45: 2 ReportCORPORATE GOVERNANCEof the
- Page 46 and 47: 2 ReportCORPORATE GOVERNANCEof the
- Page 48 and 49: 2 ReportCORPORATE GOVERNANCEof the
- Page 50 and 51: 2 ReportCORPORATE GOVERNANCEof the
- Page 52 and 53: 2 ReportCORPORATE GOVERNANCEof the
- Page 54 and 55: 2 ReportCORPORATE GOVERNANCEof the
- Page 56 and 57: 2 ReportCORPORATE GOVERNANCEof the
- Page 60 and 61: 2 ReportCORPORATE GOVERNANCEof the
- Page 62 and 63: 2 ReportCORPORATE GOVERNANCEof the
- Page 64 and 65: 2 ReportCORPORATE GOVERNANCEof the
- Page 66 and 67: 2 StatutoryCORPORATE GOVERNANCEAudi
- Page 68 and 69: Contents >1234567891011662007 Regis
- Page 70 and 71: 3RISK MANAGEMENT< Contents >3.4 Ris
- Page 72 and 73: 3 RiskRISK MANAGEMENTfactorsLIQUIDI
- Page 74 and 75: 3 RiskRISK MANAGEMENTfactorsDETERIO
- Page 76 and 77: 3 RiskRISK MANAGEMENTmanagement fra
- Page 78 and 79: 3 RiskRISK MANAGEMENTmanagement fra
- Page 80 and 81: 3 RiskRISK MANAGEMENTmanagement fra
- Page 82 and 83: 3 RiskRISK MANAGEMENTexposure in 20
- Page 84 and 85: 3 RiskRISK MANAGEMENTexposure in 20
- Page 86 and 87: 3 RiskRISK MANAGEMENTmitigation tec
- Page 88 and 89: Contents >1234567891011862007 Regis
- Page 90 and 91: 4 Consolidated2007 REVIEW OF OPERAT
- Page 92 and 93: 4 Core2007 REVIEW OF OPERATIONSbusi
- Page 94 and 95: 4 Core2007 REVIEW OF OPERATIONSbusi
- Page 96 and 97: 4 Core2007 REVIEW OF OPERATIONSbusi
- Page 98 and 99: 4 Core2007 REVIEW OF OPERATIONSbusi
- Page 100 and 101: 4 Balance2007 REVIEW OF OPERATIONSs
- Page 102 and 103: 4 Balance2007 REVIEW OF OPERATIONSs
- Page 104 and 105: 2007 REVIEW OF OPERATIONS4 Outlook<
- Page 106 and 107: 2007 REVIEW OF OPERATIONS4 OutlookA
CORPORATE GOVERNANCEReport of the Chairman of the Board of Directors on the conditions for the preparation and organisation 2of the work of the Board and on internal control procedures implemented by BNP Paribas< Contents >PLAYERS INVOLVED IN PERIODIC CONTROLSPeriodic Controls (known as third-level controls) are carried out on anindependent basis by the General Inspection unit, which includes:■ inspectors based at headquarters, who are authorised to carry outcontrols throughout the Group;■ auditors within the various entities of the Group, who report to theGeneral Inspection unit.Periodic Controls are the responsibility of the Head of the GeneralInspection unit who reports operationally to the Chief Executive Officer.He also reports to the Board, either directly or via the Internal Control,Risk Management and Compliance Committee.COORDINATION OF INTERNAL CONTROLThe Internal Control Coordination Committee (ICCC), which meets on amonthly basis, includes the following participants:■ the key players involved in Permanent Controls:■ the Heads of Compliance, Finance-Development and RiskManagement or their representatives,■ the Heads of Tax Affairs, Legal Affairs and Technologies andProcesses or their representatives,■ the Heads of the five core businesses or their representatives;■ the Head of Periodic Controls.Members of the Bank’s Executive Management may attend ICCCmeetings. The Heads of other functions may also be invited to participatein such meetings.At Group level, coordinating Internal Control is the responsibility of theHead of Compliance, who sits on the Executive Committee and chairsthe Internal Control Coordination Committee. The ICCC:■ is not intended to replace the different Group Risk ManagementCommittees but to enhance their effectiveness within the overallsystem;■ guarantees the consistency of the Internal Control system and itscompliance with regulations;■ seeks to promote the use of shared internal control tools;■ enhances the overall consistency of the annual reports on internalcontrol and control of investor services prepared by the PermanentControl and Periodic Control functions as required under their “Charterof responsibilities”, and of the report of the Chairman of the Board ofDirectors on internal control procedures prepared in accordance withArticle L. 225-37 of the French Commercial Code.The Chairman of the ICCC reports to the Chief Executive Officer and, ifthe CEO or the Board of Directors deems it necessary, to the Board ofDirectors or the relevant Committee of the Board (usually the InternalControl, Risk Management and Compliance Committee).In <strong>2007</strong>, the ICCC’s work covered the following main topics:■ the Internal Control report for 2006 and the results reported by thePermanent Controls function;■ the Group’s key charters or new policies in the area of controls;■ relations with regulatory authorities, particularly outside France;■ the organisation of internal control processes within the corebusinesses and ways of harmonising the tools used, risk assessmentmethodologies and the overall quality assurance programme of thePeriodic Controls function;■major operational issues such as implementation of the EuropeanMarkets in Financial Instruments Directive and fraud prevention.PROCEDURESWritten guidelines are distributed throughout the Group and providethe basic framework for the Group’s internal control, setting out theorganisational structures, procedures and controls to be applied. A teamworking within the Compliance function along with the PermanentControl-Operational Risk team, which report to both the Complianceand Risk Management functions, check that procedural guidelines areregularly monitored for completeness via a network of Procedure andPermanent Control correspondents.Following the completion in 2004 of the Group’s cross-functionalguidelines (levels 1 and 2), their content is now updated as part of anongoing process in which all the core businesses and functions activelyparticipate. The guidelines are currently in the process of being updated.As regards the organisation of controls, the twice-yearly surveys on theeffectiveness of processes have been integrated into the twice-yearlyreporting of the Permanent Controls function – in recognition of the factthat checking procedures is one of the key tasks of Permanent Controls,alongside identifying and assessing risks, running controls, verifyingreporting processes and overseeing the monitoring system.Among the Group’s cross-functional procedures, the roll-out of theprocedure dealing with the validation of exceptional transactions, newproducts and new activities deserves a special mention. This procedure,which was updated in 2006 to reflect changes in regulations and theGroup’s new Internal Control organisation, is applicable to all Groupentities and represents one of the pillars of the system for controllingall forms of risk to which the Group is exposed.Efforts are ongoing to streamline the set of procedures and the applicablestandards, improve their distribution and planning, make them moreaccessible and design better tools for storing them.INTERNAL CONTROL STANDARDSIn <strong>2007</strong>, the key players involved in Internal Control continued to workon standardising the main components of the system.HIGHLIGHTS OF <strong>2007</strong>The actions carried out during the year mainly focused on rolling outnew organisation standards and consolidating Group Internal Controlstandards.Group Compliance functionIn <strong>2007</strong>, the Compliance function kept pace with both the Group’scontinued expansion and new regulatory requirements. As regards theGroup’s expansion, the addition of UkrSibbank and the ongoing processof merging Banca Nazionale del Lavoro into the Group are worthyof note. The Compliance function was closely involved in bringingorganisation and control standards in these entities into line with thoseof BNP Paribas. As regards regulatory developments, the major event in<strong>2007</strong> was the entry into force of the Markets in Financial InstrumentsDirective (MiFID).All of the core businesses, support functions and subsidiaries locatedwithin the European Union brought their organisations into line withthe requirements of the Directive in spite of regulatory difficulties,1234567891011<strong>2007</strong> Registration document - BNP PARIBAS 57
Change language