UNIVERSAL
REGISTRATION
DOCUMENT

2024

ANNUAL FINANCIAL REPORT 2023

This document is a translation into English of the Annual Financial Report/Universal Registration Document of the Company issued in French and is available on the website of the Issuer.

The Universal Registration Document is a copy of the official version of the Universal Registration Document which has been prepared in XHTML format and is available on the Issuer’s website.

from the Chairman of the Board of Directors

2023 was a year of managerial transition with Slawomir Krupa being appointed Chief Executive Officer of the Group on 23 May. The transition at the top management of the Group had been carefully prepared, under the aegis of the Board of Directors and its Nomination and Corporate Governance Committee. As soon as he was appointed, Slawomir Krupa put in place a new General Management and an experienced and gender-balanced Executive Committee which were immediately operational, and prepared a new strategic and financial plan that was presented last September with a view to making Societe Generate a top-tier, rock-solid and sustainable European bank.

Being a rock-solid and sustainable bank is first and foremost about setting a goal for lasting strength and performance by adapting our business model, by optimising capital management and improving operational efficiency, while maintaining a disciplined and strict approach to risk. This is key to boosting our long-term flexibility and competitiveness.

Accelerating our ESG ambitions is also a cornerstone of Societe Generale’s sustainable development strategy. The ESG expertise built by our Group over many years is well recognised. Supporting our clients on their decarbonisation pathway is an even more critical priority at a time when the economic risks associated with climate transition are intensifying. The pro-active commitments that we have made and the milestones achieved are well recognised by the main extra-financial rating agencies that have placed the Group among the top-ranking global banks.

2023 was also filled with strategic achievements such as the emergence of SG, the new retail bank in France, which involved the successful migration of information systems, and the creation of Ayvens, a global leader in sustainable mobility following ALD’s acquisition of LeasePlan. We also made significant strategic headway in the other Group businesses, notably by laying the groundwork to form the joint venture with AllianceBernstein in the cash equities and equity research business, and further developing the exceptional momentum at BoursoBank, which took the number of individual clients to over 6 million January 2024.

2023, year of transition

From the financial perspective, the results were contrasted, marked by very solid performances in Global Banking and Investor Solutions and International Retail Banking, the negative impacts of rising interest rates in French Retail Banking, which only started to ease in the fourth quarter of 2023, and by LeasePlan’s higher-than-expected integration costs. But it is important to emphasise that our disciplined management of costs, risks and capital have helped make the Bank more robust.

As our Group prepares to celebrate its 160^th anniversary, the Board of Directors is confident of the ability of General Management and the Group’s staff to commit to serving clients, shareholders and the various stakeholders to embark on the new chapter that is opening up for Societe Generale, with the purpose of building together a better and sustainable future. ■

from the Chief Executive Officer

2023 was marked by the launch of a new strategic roadmap for Societe Generale designed to strengthen our Group by building on our solid foundations, with the aim of solidifying our position among Europe’s top-tier banks and creating long-term value for our various stakeholders.

From the moment we took office on 24 May 2023, the entire new Group management team and I immediately concentrated on our short-term priorities and on finalising the medium-term strategic roadmap that we presented last September.

After a 2023 of transition and transformation for our Group, a year that was both challenging in terms of performance and resolute in rolling out our strategic initiatives, 2024 will be a year focused on the execution of the Group’s new strategic medium-term plan.

Our strategy announced at the Capital Markets Day event is based on two key ambitions: rock-solid strength and sustainability. This means enhancing our commercial performance by paying constant attention to customer satisfaction and anticipating their needs, managing our capital selectively and proactively, and making structural cost reductions by improving efficiency and simplifying our organisation. This also means continuing our disciplined approach to risk management and fostering innovation. We have set interim targets for 2024 that will put us well on track to reach our medium-term targets by 2026.

2024 will also be crucial for achieving new milestones in our various strategic initiatives. Accelerating the rollout of our new retail banking model and winning new clients at BoursoBank will enable us to strengthen our positions in the French banking market. The creation of our joint venture with AllianceBernstein and our partnership with Brookfield will broaden our offering to corporate banking clients and investors. The further integration of Leaseplan’s activities into Ayvens will establish us as a world leader in mobility. We will also push further ahead with our portfolio review to focus on our core businesses and simplify the Group’s business model.

Maintaining our leadership in the ESG universe is clearly more than ever a linchpin of our strategy. The Group has accelerated its ESG ambitions for environmental transition to increase sustainable finance and reinforce our contribution to environmental imperatives and to the UN’s Sustainable Development Goals. We were again a pioneer in that domain and took ground-breaking and leading decisions based on our resolve to heavily reduce exposure to the oil and gas sector, define new decarbonisation targets for our businesses, and support development of new low-carbon technologies and solutions. To increase our positive impact, we signed new partnerships with The Ocean Cleanup and the International Finance Corporation (IFC), a member of the World Bank Group. Determined to lead by example, we also made another strong commitment to diversity, appointed the Chairman to our new Scientific Advisory Council and expanded our philanthropy programme. Societe Generale was the recipient of IFR’s prestigious Bank for Sustainability award in recognition of our leadership in this field. The rollout of our ESG ambitions is a major imperative and a continuous process.

With all the teams of SG, we are writing a new chapter in the history of our Group in a committed and responsible way. Leveraging a 160-year legacy through which we have assisted millions of clients, we can look confidently to the future. We have solid and differentiating assets that enable us to play an essential role, support major transitions of our stakeholders, help our clients’ ideas flourish, and assist their development and projects. Our contribution to their growth and to the achievement of their potential is, and will continue to be, a source of pride to us ■

On 4 May 1864, Napoleon III signed Societe Generale’s founding decree. Founded by a group of industrialists and financiers driven by the ideals of progress, the Bank’s mission has always been “to promote the development of trade and industry in France”. 

Since its beginnings, Societe Generale has worked to modernise the economy, following the model of a diversified bank at the cutting edge of financial innovation. Its retail banking branch network grew rapidly throughout the French territory, increasing from 46 to 1,500 branches between 1870 and 1940. During the interwar period, the Bank became the leading French credit institution in terms of deposits.

At the same time, Societe Generale began to build its international reach by financing infrastructure essential to the economic development of a number of countries in Europe, Americas and  North Africa. This expansion was accompanied by the establishment of an International Retail Banking network. In 1871, the Bank opened its London branch. On the eve of World War I, Societe Generale had a presence in 14 countries, either directly or through one of its subsidiaries. This network was subsequently expanded by opening branches in New York, Buenos Aires, Abidjan and Dakar, and by acquiring stakes in financial institutions in Central Europe. 

Societe Generale was nationalised by law on 2 December 1945 and played an active role in financing the reconstruction of France. The Bank thrived during the prosperous post-war decades and contributed to the increased use of banking techniques by launching innovative products for businesses, including medium-term discountable credit and lease financing agreements, for which it held the position of market leader.

Societe Generale demonstrated its ability to adapt to a new environment by taking advantage of the banking reforms that followed the French Debré Acts of 1966-1967. While continuing to support the businesses it partnered, the Group lost no time in focusing its business on individual clients. In this way, it supported the emergence of a consumer society by diversifying the credit and savings products it offered private households.

In June 1987, Societe Generale was privatised with a successful stock market launch and shares offered to Group staff. The Group developed a universal banking strategy, in particular through its Corporate and Investment Banking activities, to support the worldwide development of its clients. In France, it expanded its networks by founding Fimatex in 1995, which later became Boursorama and now BoursoBank, currently France’s leading online bank, and by acquiring Crédit du Nord in 1997. Internationally, it established itself in Central and Eastern Europe through Komerčni banka in the Czech Republic and BRD in Romania while consolidating its growth in Africa, notably in Morocco, Côte d’Ivoire, and Senegal. Building on the professionalism of its teams and the relationship of confidence developed with its clients, the Bank continues its process of transformation by adopting a sustainable growth strategy driven by its core values of team spirit, innovation, responsibility and commitment.

In 2023, the Group completed two major strategic projects: the launch of the new French Retail Banking, SG, resulting from the merger of the two Societe Generale and Crédit du Nord networks, and the creation of Ayvens, a leader in sustainable mobility resulting from the acquisition of LeasePlan by ALD Automotive.

The Group currently employs more than 126,000 people(1) in 65 countries. 

With 160 years of expertise serving clients and the sustainable development of economies, Societe Generale intends to leverage this legacy to look confidently towards the future.

Societe Generale is a top-tier European Bank with more than 126,000 employees serving around 25 million clients in 65 countries across the world. We have been supporting the development of our economies for nearly 160 years, providing our corporate, institutional, and individual clients with a wide array of value-added advisory and financial solutions. Our long-lasting and trusted relationships with the clients, our cutting-edge expertise, our unique innovation, our ESG capabilities and leading franchises are part of our DNA and serve our most essential objective – to deliver sustainable value creation for our various stakeholders.

The Group runs three complementary sets of businesses, embedding ESG offerings for all its clients:

• ■French Retail, Private Banking and Insurance, with the leading retail bank SG and insurance franchise, premium private banking services, and the leading digital bank BoursoBank;

• ■Global Banking and Investor Solutions, a top-tier wholesale bank offering tailored-made solutions with distinctive global leadership in Equity Derivatives, Structured Finance and ESG;
• ■International Retail, Mobility and Leasing Services, comprising well-established universal banks (in Czech Republic, Romania and several African countries), Ayvens (the new ALD  - LeasePlan brand), a global player in sustainable mobility, as well as specialised financing activities.

Committed to building together with its clients a better and sustainable future, Societe Generale aims to be a leading partner in the environmental transition and in sustainability overall.

The Group is included in the principal socially responsible investment indices: DJSI (Europe), FTSE4Good (Global and Europe), Bloomberg Gender-Equality Index, Refinitiv Diversity and Inclusion Index, Euronext Vigeo (Europe and eurozone), STOXX Global ESG Leaders indexes, and the MSCI Low Carbon Leaders Index (World and Europe).

The Group’s ambition is underpinned by a clear strategy and roadmap for a sustainable future: to become a rock-solid bank that fosters solid and sustainable performances that contribute to sustainable development objectives.

To further strengthen the Bank's financial profile is a core priority for the Group. This will notably be achieved by continuing to improve the Group's capital ratio, with a target CET1 ratio of 13% under Basel IV set for 2026. To achieve this target, the Group will allocate and use its capital effectively, improve operational efficiency and simplify its portfolio based on a consistent, integrated and synergy-centric business model leveraging its core franchises, while maintaining best-in-class risk management.

The Group intends to leverage high-performance, sustainable businesses with a robust diversified banking model suited to the needs of around 25 million corporate, institutional and individual clients, structured around three core businesses:

• ■French Retail, Private Banking and Insurance;
• ■Global Banking and Investor Solutions;
• ■International Retail, Mobility and Leasing Services.

In French Retail, Private Banking and Insurance, the Group intends to take advantage of the new operating model of its new SG network to boost synergies with the Insurance and Private Banking activities while improving operating efficiency, and accelerate BoursoBank's development with the aim of reaching 8 million clients by 2026 and enhancing long-term value creation. Leveraging a high-impact value offer, the Group intends to be the partner of choice for businesses, professionals and high net worth clients, as well as for digital clients, and at the same time be a responsible bank for its various counterparties.

For the Global Banking and Investor Solutions businesses, the Group is pursuing with the strategy initiated in 2021 that seeks to further enhance the sustainability and profitability of its model. Building on its positioning as a top-tier European player and trusted partner for its global banking clients, the Group intends to unlock greater value from its leading franchises, notably through innovative action, while continuing to improve operating efficiency and optimising its resources, particularly capital. Recent partnerships with AllianceBernstein and Brookfield are merely two examples of the Group’s ability to create innovative solutions to broaden the offering and value proposition for its clients.

The International Retail, Mobility and Leasing Services' main objective is to deliver sustainable performances that exceed the cost of capital, notably by implementing a more compact and efficient model that also offers first-rate client experience. The Group is aiming to become a world leader in the mobility ecosystem through its mobility and leasing activities, chiefly through Ayvens, following the finalisation of ALD's acquisition of LeasePlan. 

The Group’s main priority is to press further ahead with its commercial development, furnishing quality service, value-added and innovation to enhance client satisfaction. Its aim is to become a trusted partner for its clients, making sound use of its digital capabilities to provide them with responsible and innovative financial solutions. To this end, the Group is pursuing various digital transformation and operational efficiency initiatives.

Another priority for the Group is to foster a culture of performance and accountability. To this end, it has set targets to increase its employee engagement score, reduce the gender pay gap and promote diversity in senior leadership roles. The Group has also adjusted its financial reporting principles to embed greater accountability.

The Group is fully committed to the strategic initiatives presented in September 2023 and has set the following main financial targets: 

• ■a robust CET1 ratio at 13% under Basel IV in 2026;
• ■average annual revenue growth of between 0% and 2% over 2022-2026;
• ■increased operational efficiency, with a cost-to-income ratio below 60% in 2026;
• ■cost of risk within the 25-30 basis-point range over 2024-2026;
• ■return on tangible equity (ROTE) between 9 and 10% in 2026;
• ■a Liquidity Coverage Ratio (LCR) of at least 130% and a Net Stable Funding Ratio (NSFR) of at least 112% throughout the cycle;
• ■a Non-Performing Loans (NPL) ratio target of 2.5-3% in 2026;
• ■a leverage ratio of 4-4.5% throughout the cycle;
• ■an MREL ratio equal to at least 30% of risk-weighted assets (RWA) throughout the cycle;
• ■application of a sustainable distribution policy, based on a payout ratio range between 40% and 50% of reported net income(2) with a balanced distribution mix between cash dividends and share buybacks from 2024 onwards.

In a world faced with climate change, environmental imperatives and shifting societal norms, a a bank like Societe Generale has a crucial role to play. Mindful of its corporate purpose, Societe Generale has placed ESG concerns front and centre of its ambition to become a rock-solid and top-tier sustainable European bank.

Transitioning to sustainable, low-carbon economies presents complex and multifarious challenges for all economic operators. Tackling them requires a holistic approach that looks beyond the economic effects to also encompass the strategic, technological, geopolitical and social impacts of the transition. The Group firmly believes in the need to work together on this. It is committed to supporting its clients in their transition process and to working hand in hand with its various stakeholders.

As part of these efforts, Societe Generale has pledged EUR 300 billion to develop sustainable finance out to 2025 and offers its clients a range of financing and investment solutions designed their changing needs. Naturally, the Group must also look inwards if it is to live up to its promise of supporting clients in their transitions and satisfying stakeholder expectations: it continues to pursue its own transition and factors environmental and social considerations into decision-making processes Group-wide.

When presenting its 2026 strategic plan in September 2023, the Group highlighted a series of far-reaching measures to reaffirm its commitment as a top-tier operator in the transition to a sustainable world. ESG considerations are of critical importance and form the linchpin of the Group’s roadmap and the strategic trajectories of its various businesses.

The Group also announced that it is accelerating the decarbonisation of its activities with O&G exploration and production reduction targets and diligent decarbonisation of emission-intensive sectors. As a founding member of the Net Zero Banking Alliance (NZBA), launched in 2021 as part of the United Nations Environment Programme Finance Initiative (UNEP-FI) which is composed today of 130 banks, the Group has already set alignment targets for nine sectors out of 12 to align its financing portfolios with trajectories compatible with the Paris Agreement’s climate goals, starting with short- and medium-term targets. 

The three core themes of the Group’s environmental strategy are supporting clients in their transitions, managing the climate impact of its own activities and addressing environmental risk factors. This entails adapting its businesses, capitalising on its sector-specific expertise to offer clients customised support and develop innovative solutions. Not satisfied with simply financing existing technologies, the Group intends to position itself as a partner for emerging operators who are developing new technologies and experimenting with new ways of doing business.

This has prompted the Group to increase investment in groundbreaking partnerships and solutions to amplify its impact. And it is not doing so alone: aware of the value of international cooperation and outside expertise, it is strengthening its partnership with the International Finance Corporation (IFC) – a member of the World Bank Group – on sustainable finance projects. It has also announced the creation of a Scientific Advisory Council to contribute expert opinions on topics relating to climate, nature, social issues and sustainable development. Another announcement concerns the launch of a new EUR 1 billion transition investment fund to support transition champions, green technologies, nature-based solutions and impact finance projects. The fund offers further opportunities for positive action, notably by supporting new actors in the transition sector.

Last, embedding a culture of accountability and being a responsible employer are also priorities for the Group. In terms of gender diversity, it has decided to allocate EUR 100 million to reduce the pay gap between men and women. Also working along these lines, Societe Generale aims to get women into at least 35% of its Top 250 senior managerial positions worldwide by 2026.

The Group is deeply committed to the United Nations’ Sustainable Development Goals. This is reflected in the four strategic themes of its CSR ambition, each of which contributes to a number of the SDGs. The first two themes – Environmental Transition and Positive Local Impact – form the pillars of the Group’s transition efforts. The other two – Responsible Employer and Culture of Accountability – form the framework of responsible banking.

The Group’s businesses have all included ESG in their strategic roadmaps. Leveraging its regional footprint, French Retail Banking's ambition is to furnish support to its individual, corporate and local authority clients in their environmental transitions by developing a comprehensive range of ESG solutions. Likewise, Global Banking and Investor Solutions intends to remain the most innovative provider of ESG solutions. Meanwhile, International Retail Banking is seeking to position itself as a leader in ESG across all its regions worldwide. Last Ayvens, the Group’s new vehicle leasing subsidiary, is focusing on three ways to advance sustainable mobility: advising clients on greener mobility options, facilitating the switch to EVs and offering integrated Mobility-as-a-Service (MaaS) solutions.

Addressing these new challenges demands wide-sweeping change within the Group. CSR can no longer be the sole preserve of experts; a major considerable awareness-raising and upskilling campaign is required to tackle the challenges of transition. As such, the Group is rolling out an extensive in-house training programme.

As a responsible bank, the Group is maintaining its target to cut own-account CO2 emissions by -50% by 2030. This awareness of its responsibilities is also reflected in the Societe Generale Foundation’s work, with plans to boost sponsoring of cultural, educational and into-work initiatives.

The Group’s capacity for innovation across all businesses, its commitment to international coalitions to establish new standards and a firm grasp of its responsibilities as a bank are essential to consolidating the Group's leadership position. The strong commitments made in its 2026 strategic plan, the operational implementation of its CSR ambition and its ESG risk factor management are helping the Group move forward with its transformation, develop new processes and solutions to effect change and dial up its transition efforts.

The Group's aim is to remain a pioneer in this field, preparing for the future by developing expertise in areas such as the circular economy, nature conservation and water management. It continues to foster a Group-wide culture of responsibility and to strengthen its internal control framework, especially its Compliance operations, to meet the banking industry’s highest standards. It has now completed the rollout of its Culture & Conduct programme, embedding rules of conduct and strong shared values throughout the entire organisation.

In May 2023, French Retail Banking activities (SG Network and BoursoBank) were housed together with those of Private Banking and Insurance under the one banner in a bid to optimise synergies between businesses and offer a large suite of products and services adapted to the needs of a diversified client base – retail, professional and corporate clients, as well as non-profits and municipalities – seeking varied expertise.

2023 was marked by:

• ■the creation of the new bank SG resulting from the successful merger between the Societe Generale network and Crédit du Nord. After a large-scale IT migration process in the spring of 2023, the new relational model is being rolled out by strengthening our regional foothold, expertise and responsiveness. It is also capitalising on a strengthened CSR commitment;
• ■the number of Boursorama (now BoursoBank) clients reaching the 5 million mark;
• ■solid commercial and financial performances from the Private Banking and Insurance businesses that give further value to our suite of products and services with clients of the Retail Banking networks.

Our networks continue to support the economy and assist our clients with their financing projects despite a decrease in average loan outstandings in the networks from EUR 247 billion in 2022 to EUR 234 billion in 2023 in a context of climbing interest rates. At the same time and amid intense competition particularly in the corporate segment, deposit outstandings decreased by -3% to EUR 295 billion at the end of December 2023.

The SG Network France offers solutions tailored to the needs of nearly 9 million individual, professional, non-profit and corporate clients, representing EUR 217 billion in annual average outstanding deposits and EUR 201 billion in outstanding loans in 2023.

SG Network offers clients:

• ■around 1,700 main branches located predominantly in urban areas where a large proportion of national wealth is concentrated;
• ■an exhaustive and diversified range of products and services, ranging from savings vehicles and asset management solutions to corporate finance and payment means;
• ■a comprehensive and innovative omnichannel system offering Internet, mobile, phone and service platforms.

The system is the result of the legal merger of the French Retail Banking networks of Societe Generale and Crédit du Nord on 1 January 2023.

The migrations of Crédit du Nord’s IT system towards Societe Generale’s information system were successfully carried out in a two-stage process during the first quarter of 2023 and on schedule.

The strategic objectives set out in the programme to bring the networks closer together focus on four major areas:

• ■a bank with a local foothold across 11 regions: decisions will be predominantly taken at regional level and on an increasing basis directly in agencies and business centres;
• ■a more responsive, accessible and efficient bank with the launch of programmes to simplify internal procedures and optimise customer pathways;
• ■a bank that gears itself more to the specific needs of each client category: a bank that offers expertise, with resources increasingly focused on the specific requirements of the various client categories, notably with the creation of a wealth management bank, across-the-board presence of a dedicated advisor for professional clients – covering both their personal and professional banking needs – and more experts throughout France to deal with the full scope of their savings, insurance and advisory concerns.
• In 2023, Societe Generale continued to expand its network and increase its service offering in response to clients’ requirements. These efforts have focused in particular on increasing the use of electronic signatures and the continued development of digital applications for retail, private banking, professional and corporate markets;
• ■a responsible bank: the Societe Generale network makes sustainable development the linchpin of its strategy. It offers to support all clients in their energy transition: in each region, a regional CSR manager provides expertise to SMEs, non-profit organisations and local authorities, offering a comprehensive range of advice and financing solutions designed with benchmark partners.
• Retail clients could also avail themselves in 2023 of an energy renovation programme that includes diagnosis, building work and financing, on top of a dedicated range of savings products. Irrespective of their profile, the Bank also offers to measure clients’ greenhouse gas emissions, in partnership with Carbo.

Boursorama is a subsidiary of Societe Generale, and a pioneer and leader in France for its three main businesses: online banking, brokerage and online financial information at boursorama.com, ranked No. 1 for economic and stock market news. An online bank accessible to all, without any revenue or financial wealth prerequisites, BoursoBank’s promise is the same as it was when it was first created, which is to simplify clients’ lives at the most competitive price and furnish the best service possible to boost their purchasing power.

At end-2023, BoursoBank served 5.9 million clients, which is a +26% increase in the space of a year, after a 41% rise in 2022. This growth has been matched by an increase in the bank’s total outstandings of EUR 6 billion over the period, for a total of around EUR 71 billion at end-December 2023, including approximately EUR 15 billion in loans, around EUR 34 billion in current accounts, around EUR 13 billion in off-balance sheet savings (life insurance) and around EUR 9 billion in share securities).  

2023 was dominated by:

• ■the number of BoursoBank clients passing the 5 million mark midway through the year. Most of the targets of the prior strategic plan were met two and half years ahead of schedule;
• ■rebranding in October, making the bank’s name simpler. Boursorama Banque is now known as BoursoBank, but the portal name will remain boursorama.com;
• ■profitability of almost EUR 50 million in the second quarter, lending weight to the underlying economic model;
• ■B Corp certification, an international standard attesting to the fact that Societe Generale meets social and environmental performance, transparency, and accountability standards towards the public.

Over and above its successful mainstream banking offer, BoursoBank provides an increasingly wide range of products and services that in 2023 included the launch of:

• ■Banque au Quotidien: the launch of a BoursoPrime service which enables clients who subscribe to the offer to make use of the multiple advantages on all aspects of the offer, notably a cashback offer on all bankcard (CB) expenditure;
• ■savings: against the backdrop of increasing interest rates, a term account and a second savings account were launched (Bourso+). Cumulative net inflows on these two products totalled around EUR 6 billion in 2023;
• ■loans: an “ecoresponsible” mortgage loan offer was launched;
• ■a more comprehensive Beyond the Bank offer was introduced that generates larger business volumes via The Corner platform that again doubled in 2023 to reach EUR 300 million.

Boursorama was voted the least expensive bank for the 16th consecutive year (source: Le Monde/Panorabanque 2023) and France’s preferred bank for digital banking (source: Opinionway 2023). The online bank was ranked No. 1 on app stores, with a rating of 4.9/5 on iOS and 4.8/5 on Android. It boasts a Net Promoter Score of +36 for the sector (source: Bain and Company – January 2023).

Its online portal, www.boursorama.com, is consistently ranked the No. 1 website for online financial and economic information, and receives around 50 million visits a month for almost 300 million page views (Source ACPM – September 2023).

BoursoBank generally attracts young clients – the average age is 35 – who are city dwellers, who work and are financially stable. The average client outstanding is around EUR 13,000 (savings and loans). Against an overall backdrop of accelerated growth, the acquisition of private banking clients also continues to rise amid a rapid acceleration in growth. BoursoBank also continues to push ahead with optimisation and rationalisation efforts. It notably registered an annual decrease in IT costs per client of around 20%, whereas its headcount has increased by a mere 6% per year since 2017, in contrast to the number of clients by employee which  has increased on average by almost 30% per year.

Societe Generale Private Banking has an extensive foothold in Europe and offers global financial engineering and wealth management solutions, in addition to global expertise in structured products, hedge funds, mutual funds, private equity funds and real estate investment solutions. It also offers clients access to capital markets.

Since January 2014 and in conjunction with the French Retail, Private Banking and Insurance core business, Societe Generale Private Banking has extensively modified its relationship banking model in France by extending its services to all individual clients with more than EUR 500,000 in their accounts.

Societe Generale Private Banking also created a Wealth Investment Services centre of expertise in 2022, thereby becoming a genuine one-stop shop that houses unique expertise within the Group to design investment and open-architecture solutions. It consolidates the management and structuring skills offered by Investment Management Services, the Market Solutions teams in charge of market solutions and the management entities of SG 29 Haussmann(5) in France and SGPWM(6) in Luxembourg that have been housed in Societe Generale Private Banking following the Lyxor disposal at the end of 2021.

2023 was dominated by the legal and IT merger of the Societe Generale retail bank and Crédit du Nord. As a result, Societe Generale Private Banking welcomed new clients from Crédit du Nord in France and in Monaco in its network. The project enabled Private Banking to strengthen its local foothold and also capitalise on its national reputation.

Societe Generale Private Banking’s offering is available from three main centres: SGPB France, SGPB Europe (Luxembourg, Monaco and Switzerland) and Kleinwort Hambros (London, Jersey, Guernsey and Gibraltar). At the end of 2023, Private Banking held EUR 143 billion in assets under management.

Societe Generale was the recipient of around 30 awards in 2023 acclaiming the quality of its service and the depth of its high-value offering (Euromoney, Private Banker International, WealthBriefing, etc.).

Societe Generale Assurances lies at the core of Societe Generale Group’s development strategy, in synergy with its retail banking, private banking and financial services businesses. Societe Generale Assurances also pursues the expansion of its distribution model through the development of external partnerships.

Societe Generale Assurances offers a full range of products and services to meet the needs of individual, professional and corporate clients in Life Insurance Savings, Retirement Savings and Personal Protection businesses.

Leveraging the expertise of its 3,000 employees (FTE), Societe Generale Assurances combines financial strength with dynamic innovation and a sustainable development strategy to be a trusted partner for its clients. Gross premiums stood at EUR 13 billion in 2023, with the share of unit-linked (UL) funds totalling 38%. Outstandings in life insurance investment solutions reached EUR 136.2 billion at end-2023, up by 3.5%, of which UL funds accounted for 38%. Business is increasing in the personal protection and property and casualty lines, with growth accelerating by 3.6% compared to 2022.

In 2023, Societe Generale Assurances pushed ahead with its bid to assist and protect the clients of Group networks by stepping up the development of digital sales tools and its phygital dimension. It also accelerated the pace of digital client journeys by optimising data and client behaviour knowledge.

Societe Generale Assurances also continued diversifying its business model, which is a proven high-potential growth driver in both the life insurance and personal protection areas, in synergy with the Group’s other businesses, such as Ayvens, BoursoBank and with external partners.

As one of the dominant players in the retirement savings market in France, Societe Generale Assurances offers cross-business products to meet the needs of individual clients, corporate clients and their employees through customised solutions, simple and easy-to-use digital pathways, innovative and tailor-made services and bespoke assistance.

The financial strength of Societe Generale Assurances was confirmed by S&P Global Ratings which upgraded Sogécap’s long-term credit rating from BBB+ to A-, and the hybrid debt issue rating from BBB to BBB+.

Societe Generale Assurances actively endorses a policy to strengthen its CSR commitments, vowing to make Corporate Social Responsibility (CSR) a differentiating factor in its strategy. It has divided its policy into three areas: Being a Responsible Insurer, Being a Responsible Investor and Being a Responsible Employer. A host of actions have been rolled out both in relation to the Group’s investment policy – signing the Finance for Biodiversity Pledge, limiting non-conventional oil and gas funding, developing green investments and creating an energy efficiency plan – and to the products on offer, such as a responsible UL offering, giving the “Positive Insurance” certification to ten of its protection products. In addition, the Group has embedded the ESG dimension into all its activities making it the bedrock underpinning all its activities and processes (“ESG by design”).

Definitions and details of methods used are provided on page  2.3.6 and following.

Information followed by an asterisk (*) is indicated as adjusted for changes in Group structure and at constant exchange rates.

2022 data in this document are restated in compliance with IFRS 17 and IFRS 9 for insurance entities 2022 data are restated in compliance with IFRS 17 and IFRS 9 for insurance entities (see  Note 1.4 of the consolidated financial statements, page  Note 1.4 and following).

Over 2023, net banking income for the Group decreased by -7.6% vs. 2022.

Revenues in French Retail, Private Banking and Insurance contracted by -12.9% relative to 2022, mainly due to the negative impact from short-term hedges taken before the period of rising interest rates that occurred as of 2022.

Activity at Global Banking and Investor Solutions decreased by -4.6% despite solid revenues of EUR 9.6 billion in 2023. Global Markets and Investor Services  contracted by -6.3% vs. 2022 owing to an unfavourable base effect compared with a record year for market activities in 2022. The Financing and Advisory busines posted high revenues of EUR 3,341 million in 2023, down slightly by -1.4% vs. 2022.

Revenues for International Retail, Mobility and Leasing Services rose by +4.5% vs. 2022 on back of stable activity levels in International Retail Banking despite the disposal of the business in Russia and a sharp  increase in Mobility and Leasing Services actitivities (+9.3%) that was driven by the LeasePlan integration in ALD.

Revenues for the Corporate Centre totalled EUR -1,066 million in 2023 compared with EUR -302 million in 2022, notably due to  the impact of the unwinding of hedges on TLTRO operations and non-recurring items.

In 2023, operating expenses totalled EUR 18,524 million, up by a moderate +2.9% vs. 2022. They include EUR 617 million for the integration of LeasePlan's activities and EUR 730 million in transformation costs. At constant perimeter, operating expenses rose by a very moderate +0.3% in spite of the inflationary context. 

Over 2023, the cost of risk came to 17 basis points.

The Group’s provisions on performing loans amounted to EUR 3,572 million, down EUR -197 million relative to 31 December 2022, notably linked to the strong decrease in the Russian offshore exposure.

The gross coverage ratio stood at 2.9%(1) at 31 December 2023. The net coverage ratio on the Group’s doubtful loans stood at around 80%(2) at 31 December 2023, after taking into account guarantees and collateral.

At 31 December 2023, the Group sharply reduced its offshore exposure to Russia to around EUR 0.9 billion of EAD (Exposure at Default) compared with EUR 1.8 billion at 31 December 2022 (-50%). The maximum risk exposure on this portfolio is estimated at around EUR 0.3 billion before provision. Total provisions stood at EUR 0.2 billion at end-2023. The onshore residual exposure is marginal at around EUR 15 million and relates to the integration during the year of LeasePlan activities in Russia.

Operating income totalled EUR 5,555 million in 2023 compared with EUR 7,514 million in 2022 (-26.1%).

In 2023, a goodwill impairment of around EUR -340 million was recorded on Africa, Mediterranean Basin and Overseas Territories, and on Equipment Leasing activities.

The Group net income for 2023 came to EUR 2.5 billion, representing ROTE of 4.2%.

IEA: International Energy Agency scenario.

The Group’s actions are guided by its corporate purpose which is “Building together, with our clients, a better and sustainable future through responsible and innovative financial solutions”.

In 2023, under the leadership of the new management team, Societe Generale placed its ESG goals firmly at the centre of its strategy. In its 2026 strategic plan, it announced a series of major initiatives to accelerate its contribution to the environmental transition and, more broadly, to the UN’s Sustainable Development Goals. It stated the Group’s ambition to be a rock-solid and sustainable top-tier bank, lead in ESG, and foster a culture of performance and accountability. ESG is an imperative and is included in the criteria used to manage the Group's activities.

Societe Generale is a founding signatory of the UNEP-FI's Principles for Responsible Banking (PRB).

In the second half of 2023, the Group announced it was stepping up the pace of decarbonisation across its businesses with the following measures:

• ■sharply accelerate steps to reduce exposure to the upstream oil and gas sector, together with a new absolute carbon emissions reduction target across the whole oil and gas value chain;
• ■new decarbonisation targets for the steel, automotive, cement, aluminium and commercial real estate sectors to contribute to the alignment of the Group's financing activities with Net Zero trajectories by 2050. 

The Group also announced higher investment to develop innovative impact-generating solutions and partnerships to generate a bigger impact and develop as early as possible its positioning with emerging players and new markets:

• ■planned launch of a new EUR 1 billion transition investment fund that includes an equity investment of EUR 700 million. The fund aims to support transition actors, green technologies, nature-based solutions and impact-driven investments projects;
• ■continued development of key partnerships, such as with the International Finance Corporation, a member of the World Bank Group;
• ■planned establishment of an independent scientific advisory council to provide a long-term view and expert scientific opinions to inform strategy, with a focus on climate, nature, social questions and sustainable development.

Being a responsible employer and embedding a culture of responsibility are priorities for the Group. Launching its strategic plan, the Group announced:

• ■a new target of at least 35% of women in senior leadership roles (Top 250) by 2026;
• ■a EUR 100 million allocation to reduce the gender pay gap.

The Group ran its 30th Global employee share ownership plan in 2023.

The core goals of the Group’s CSR policy break down into four strategic priorities. Two of these concern the Group's activities: supporting clients with their environmental transition and making a positive contribution to local communities. And two make up the very foundation of a responsible bank: being a responsible employer and nurturing a culture of responsibility and accountability across all our businesses.

The Group's aim is to contribute EUR 300 billion in sustainable financing over the period 2022-2025 in: sustainable bonds, Sustainable and Positive Impact Finance (SPIF), advisory mandates on SPIF transactions, Sustainability-linked loans, as well as financing and long-term leases of electric vehicles. All Group businesses are committed to working towards these goals to meet the environmental and social challenges of our time. The Group’s contribution at end-2023 towards achieving the target was more than EUR 250 billion.

To drive the positive changes we urgently need now the Group is pushing forward with its transformation through the internal “Building together” programme. This approach places all its business lines on a change trajectory and seeks to embed an ESG culture throughout the Group. The three core themes are:

• ■rethinking the Bank’s businesses: revamping the teams’ missions to develop solutions to support clients as they transition their businesses to more sustainable models;
• ■implementing the transformation: systematically building ESG into all the Group’s strategic decisions, management tools and processes and applying them to the business lines;
• ■deepening expertise through team training: Societe Generale has rolled out a specific CSR training programme.

This year brought out new players. The first was a new SG-branded retail bank in France, formed by the merger of the Societe Generale and Crédit du Nord networks. The new bank sets out to provide a comprehensive range of ESG solutions (savings, financing and advisory). The second new player was Ayvens, the new global mobility brand created from ALD’s acquisition of LeasePlan. It is positioned to become a global agent in the mobility ecosystem.

These new ESG-focused models, the announcement of the new strategic plan and the accelerated decarbonisation drive represent major changes. Together with an unprecedented training programme and our determination to ensure that all the Group’s businesses evolve to better support its clients, these advances position it to help set new standards and open up new possibilities. Building on its hallmark innovation and entrepreneurship, combined with its pioneering position in financing the energy transition, the Group is accelerating the number and pace of transformations and readying itself to meet the pressing challenges of water management, the circular economy, protecting and restoring nature.

Thanks to the transformation of its businesses, the Group is poised to seize a myriad of opportunities at a stage when existing clients require increasingly sophisticated solutions in their transition pathways and where new markets and operators are materialising in the economies.

For more than 20 years Societe Generale has financed renewable energy and positive impact finance as a founding member of the UNEP-FI Positive Impact Finance initiative. Having built up solid expertise, in 2023 the Bank stepped up measures to progressively align its portfolios, at the heart of which is the Group's support for clients to successfully make the transition to a low-carbon model.

Acutely aware that decarbonising is a global challenge that requires collective action, the Group is working with clients, peers and all its stakeholders to accelerate the transition and contribute to setting new standards.

To promote transparency and accountability, the Group takes part in many sector working groups to advance research and development in sustainable finance and decarbonisation. Through building partnerships and participating in alliances within expert bodies such as the Poseidon Principles, the Hydrogen Council or, more recently, in industries such as steel, aviation and aluminium, the Group aims to work towards the adoption of common standards and comparability between companies.

Societe Generale Group takes a proactive approach to decarbonisation. Backed by a capacity for innovation and its teams’ industry-specific expertise, the Group is not only a driving force, but also has the ambition to be a leader in the green transition and sustainable development of our economies.

In 2020, Societe Generale co-published with a small group of banks a report on the application of the PACTA (Paris Agreement Capital Transition Assessment) methodology, developed by the 2Degrees Investing Initiative, to the credit portfolios of the banking sector. Societe Generale joined the UNEP-FI's Net Zero Banking Alliance (NZBA) as a founding member in April 2021 and has since undertaken, for the highest carbon emitting sectors defined by the NZBA, to align its financing portfolios with trajectories compatible with the goals of the Paris Agreement based on reference climate scenarios and science-based methodologies. The group has also undertaken to be transparent on the progress of these steps.

The Group’s portfolio alignment strategy is based on (i) prioritising reducing its absolute CO2 footprint in fossil fuels, and (ii) defining a trajectory to reduce the carbon intensity of its portfolios in other sectors.

2023 marked an important milestone with the announcement that the Group intends to accelerate its alignment efforts. Having largely completed its exit from thermal coal (target of zero exposure in 2030 in EU and OECD countries and by 2040 in the rest of the world) and hit its first reduction target ahead of time (-20% by 2025) for exposure to upstream oil and gas, the Group has set new targets aimed at aligning with benchmark 1.5 °C “low overshoot”(5) scenarios.

The Group announced a sharp acceleration in steps to reduce the Group’s exposure to the upstream oil and gas sector: an 80% reduction by 2030 (vs. 2019) with an intermediate target of 50% in 2025 stands out in the global banking world as one of the most ambitious targets.

The Bank has added a new target for a 70% absolute reduction in its carbon footprint across the entire oil and gas value chain by 2030 compared to 2019 levels (from a previous target of -30%). This is twice as ambitious as the IEA’s NZE (Net Zero Emissions) scenario.

The Group has also updated its Oil and Gas sector policy in line with the definition of these NZBA trajectories. Societe Generale will no longer provide financing and advisory services for new oil and gas field projects and is withdrawing from financing private pure players in upstream oil and gas. These exposures will be managed in run-off. At the same time, it is strengthening engagement with energy sector clients on their climate strategy.

Automotive sector: reduce the sector’s average carbon emissions intensity (carmakers, on their annual sales and over the vehicle’s useful life) to 90g of CO2 equivalent per km travelled per vehicle by 2030, vs. 2021 (184gCO2eq/v-km), a reduction of 51% in emissions intensity.

Steel sector: achieve a target alignment score of 0 by 2030(6), which equates to aligning the portfolio of steel manufacturers with the International Energy Aency’s Net Zero Emission (NZE) scenario trajectory.

Cement sector: reduce the carbon intensity of cement manufacture to 535kg of CO2 equivalent per tonne of cement by 2030, vs. 2022 (671kgCO2eq/t cement), a reduction of 20% in emissions intensity.

Commercial real estate: achieve target carbon intensity of 18kgCO2eq/sq.m in 2030 (based on the current composition of the Group’s portfolio) vs. 49kgCO2eq/sq. m in 2022, a reduction of 63% from 2022 levels.

Aluminium sector: reduce carbon emission intensity by -25% by 2030 vs. 2022, i.e., 6tCO2 e/t in 2030 vs. 8tCO2 e/t in 2022.

Maritime transport sector: achieve a Poseidon Principles target alignment score of 15% by 2030, which equates to a -43% reduction of carbon emission intensity (Annual Efficiency Ratio) relative to 2022.

The Group maintains its objective of reducing carbon intensity in the electricity generation sector to 125 gCO2  per kWh by 2030 vs. 221 gCO2  per kWh in 2019, which equates to a 43% reduction.

Having at this stage set targets for nine sectors, the Group is continuing its work on other sectors, namely aviation, residential real estate and agriculture. In December 2023, the Bank published a “Climate and Alignment Report” (available in English only) outlining the progress of its work as a member of the Net Zero Banking Alliance: https://www.societegenerale.com/sites/default/files/documents/CSR/climate-and-alignment-report.pdf 

Financing clients on their path to decarbonisation is a fundamental imperative that calls for unparalleled levels of investment. The International Energy Agency (IEA) estimates USD 100 trillion is needed in energy alone by 2050. Colossal investment is required to decarbonise our economies, often simultaneously across all value chains – which also calls for collective intelligence and co-construction.

The Group embeds the ESG dimension in the strategy of all its businesses and makes helping clients to achieve the transition a priority.

In a bid to speed up the pace of investment in the development of solutions and innovative partnerships to generate more positive impact, the Group announced in September 2023 that it was launching a EUR 1 billion transition investment fund that includes a EUR 700 million equity investment component. The fund aims to provide support for:

• ■green technologies and transition drivers;
• ■impact projects in line with the goal of contributing to the UN Sustainable Development Goals;
• ■solutions that are nature based and that help preserve biodiversity.

The Group makes ESG a core part of strategy across all its businesses, with each one working on shaping its business model and putting together a range of products and services to meet new client needs.

Bit by bit, the Bank is expanding its offering to meet the requirements of clients of all sizes and to support them in their transition. These offers are available to all Group clients and include not only financing and investment products, but also financial services.

A programme in Global Banking & Investor Solutions aims to upgrade its offering, step up expertise in the teams, and work with clients to build innovative solutions tailored to their transition challenges. Involving more than 400 professionals, the programme promotes cross-sector collaboration to share expertise and develop a broader vision and more comprehensive insight into what clients are grappling with. It also intensifies the focus on new value chains and brings deeper understanding of emerging leaders’ business models. In 2023, programme outcomes included a methodology to assess the maturity of clients' transitions with a tool to identify emerging opportunities. Based on a sector analysis and a review of where the client is on the decarbonisation and transition pathway, the tool, which is currently being deployed, flags the opportunities created by the client’s transition.

The programme has delivered handsomely with major advisory and financing transactions in the electrical power sector (such as financing for the first cross-border electricity interconnection between Germany and the United Kingdom), the green energy sector (e-fuels in Chile and the US), and in low-carbon hydrogen and rare metals (with the world’s most economical and cleanest copper-nickel projects in Australia).

SG, the new retail bank in France, formed from merging the Societe Generale and Crédit du Nord banking networks, is a responsible bank strongly committed to ESG and helping its clients move forward with their transition. CSR is at the very heart of its business model to strengthen the positive and local impact it has on its clients. This is reflected in how the Bank is organised and the appointment of a Chief CSR Officer in each region.

Drawing from its deep pool of talent, the Group is positioned to offer support and expertise in CSR to its clients to shift to a low-carbon economy through partnerships with innovative providers.

Societe Generale is developing an ecosystem to seed innovation to grow its businesses and serve its clients. Firm in the knowledge that innovation is central to sustainable finance, the Group promotes the new, supporting cutting-edge companies in business incubators, investing in the champions of the future and cementing partnerships to offer bold and original solutions to its clients. The transition investment fund focused on the transition, nature and impact will further boost this capacity to identify and support innovative players and emerging champions.

The Group has a number of incubators, including the Global Markets Incubator (GMI). The GMI and the Capital Markets Division works with start-ups and entrepreneurs to turn their innovative ideas into market-ready solutions. The Incubator has also upped its support for Fintechs. In 2023, it doubled the number of incubees and accepted the first intake of start-ups focused on sustainability. The ultimate aim is to deliver on its commitments and expand the offering to corporate clients, financial institutions and private investors who stand to benefit from these novel solutions tailored to their ESG objectives. The incubator spurs progress towards tackling sustainability imperatives and rounds out the Group’s offering with the products and services developed by the start-ups.

In France, the retail banking incubator for impact start-ups, SG Planète A, continued to scale up. It welcomed its third intake in the Lille-based incubator this year.

By supporting low-carbon champions and new technologies, the Group is breaking new ground. It made major new investments in 2023.

The Bank took a stake in the capital of EIT InnoEnergy. The aim of this strategic partnership is to help new industrial champions grow and to accelerate the energy transition by supporting the current 200 portfolio start-ups, which include names like Verkor, GravitHy, Holosolis and FertigHy. Societe Generale will provide access to its full range of financing and advisory services and to its own ecosystem of clients and investors.

Another key investment in 2023 was in Polestar, the only private debt fund in Europe dedicated to the circular economy. Polestar provides debt finance to innovative mid-sized Dutch companies to build their first recycling plants for organic, plastic, chemical, textile, metal and other forms of waste.

The Group joined the pool of investors in Partech which is launching its first growth impact fund (target: EUR 300 million). The fund plans to invest in around 15 European champions. The objective is to help them scale up innovative climate and social solutions.

Finally, the Group also took a stake in namR, an innovator in making data work for the green transition of buildings and regions, and Quarnot, a pioneer in heat recovery from data centres. These investments are part of the Group’s existing policy of forging partnerships with pioneering and innovative players.

Helping to protect biodiversity is part of the Group's commitment to the environmental transition. A member of the Act4Nature international* alliance, it updated its specific and measurable biodiversity objectives for the Group.

The Group is a member of several international alliances: the Taskforce for Nature-related Financial Disclosures, the Science-Based Targets Network and the Finance for Biodiversity Pledge. This engagement ensures we continuously deepen our understanding of nature-based issues and contribute to enhancing expertise in the area by collaborating on best practices.

In 2023, the Group completed an initial exercise to map the sectors it finances by the severity of their impacts and dependencies. It also developed an indicator of financial vulnerability based on an assessment of nature-based physical and transition risks. Following on from these two exercises, the Group started a process to assess nature-based impacts, dependencies and risks, which will be expanded in the near term. The Group's commitments to biodiversity are also set out in Group sector policies that specify exclusions to protect nature. In addition, a biodiversity component is now part of the client environmental and social assessment. The Group’s objective is to have conducted an assessment of all Corporate and Investment Banking clients by the end of 2024. Biodiversity factors have also been added to the E&S Interview Guide for SMEs. And to ensure everyone can put these initiatives to good use, a training programme is available with targeted modules.

Societe Generale champions innovation in this area. One example is the SG incubator’s support for REGROW, a start-up working to make agriculture more sustainable and resilient.

Last but not least, nature-based solutions form part of the EUR 1 billion transition investment fund announced in 2023.

Societe Generale was one of the sponsors of the Day of Dialogue on Nature for financial companies organised in 2023 by Entreprises pour l’Environnement* (EpE), a member of the World Business Council for Sustainable Development global network.

The Group also signed the Ecod’eau* Charter, an initiative to save water aimed at the general public, local authorities, businesses and other organisations.

Societe Generale Assurances and Tikehau Capital, alternative asset manager, announce a partnership for the launch of SG Tikehau Dette Privée. This unit-linked support, unprecedented on the French market, offers individual investors the opportunity to finance selected French and European unlisted companies while supporting the reduction of their greenhouse gas emissions.

An alternative source of financing to traditional bank loans and bond issuances on the financial markets, private debt is a source of financing increasingly used by unlisted companies to support their growth. Initially reserved for institutional investors, this investment strategy is now accessible to individual investors through this innovative support.

The support makes it possible to invest in the debt of French and European SMEs and medium-sized companies with a strong territorial footprint, to support them in their development (growth, acquisition, international deployment, etc.).

By only financing companies making a commitment to reduce their greenhouse gas emissions, SG Tikehau Dette Privée presents an ambitious low-carbon strategy, aligned with the objectives set by the Paris Climate Agreement(7).

In addition, in order to have a concrete influence on the environmental policy of companies:

• ■each financed company must commit to a decarbonisation trajectory based on the SBTi(8) reference methodology proposing a concrete application of the Paris Agreement.

Throughout the financing period, an independent audit will annually assess compliance with this trajectory and, depending on the results, will adjust the financing conditions granted to the Company.

Distributed today by Societe Generale Private Banking France, this Article 8 Unit of Account (SFDR)(9) will be available for 24 months on Life Insurance policies insured by Societe Generale Assurances. SG Tikehau Dette Privée is an FCPR(10) offering easy access to institutional quality assets from EUR 5,000 with a risk level of 4 out of 7 (SRI(11)). Its lifespan is ten years, but the capital invested in unit-linked support is available at any time thanks to liquidity provided by Societe Generale Assurances.

“We are very pleased with this partnership with Societe Generale, which underlines our pioneering position in private debt and sustainable financing. It is essential that the asset management sector plays its role in directing French savings towards the financing of companies and the real economy. Contributing to the achievement of the objectives set by the Paris Agreement is a priority of our roadmap: it is important for Tikehau Capital to take part in the launch of innovative solutions promoting the reduction of greenhouse gas emissions by companies while providing them with financing to support their growth” says Antoine Flamarion, co-founder of Tikehau Capital.

“Relying on the expertise of Tikehau Capital, Societe Generale Assurances continues to enrich its savings offer. This innovative and liquid investment solution will allow our clients to invest in a selection of around fifty companies and marks a new stage in our desire to democratise access to real assets. The launch of this unique support is, moreover, a new illustration of our desire to take concrete action in favor of ecological transition and regional development. Our development ambitions are strong, given the resolutely committed positioning of this offer in favor of reducing greenhouse gas emissions” adds Philippe Perret, Chief Executive Officer of Societe Generale Assurances.

The objective of the Group’s financial policy is to optimise the use of shareholders’ equity in order to maximise short- and long-term return for shareholders, while maintaining a level of capital ratios (Common Equity Tier 1, Tier 1 and Total Capital ratios) consistent with the market status of Societe Generale and the Group’s target rating. 

Since 2010, the Group has launched a major realignment programme, strengthening capital and focusing on the rigorous management of scarce resources (capital and liquidity) and proactive risk management in order to apply the regulatory changes related to the implementation of new Basel 3 regulations.

Group shareholders’ equity totalled EUR 66.0 billion at 31 December 2023. Net asset value per share was EUR 71.45 and net tangible asset value per share was EUR 62.71 using the new methodology disclosed in Chapter 2 of this Universal Registration Document, on page  2.3.6. 

Book capital includes EUR 9.1 billion in deeply subordinated notes.

At 31 December 2023, Societe Generale possessed, directly or indirectly, 6.7 million Societe Generale shares, representing 0.84% of the capital (excluding shares held for trading purposes). 

Under the liquidity contract implemented on 22 August 2011 with an external investment services provider, Societe Generale acquired 1,145,812 shares in 2023, with a value of EUR 26.4 million and sold 1,145,812 shares with a value of EUR 26.4 million. The liquidity contract was temporarily suspended from 2 January to 17 February 2023, and later from 7 August to 22 September 2023 during the share buyback periods.

The information concerning the Group’s capital and shareholding structure is available in Chapter 7 of this Universal Registration Document (p  Share, share capital and legal information).

The group maintained a targeted acquisition and disposal policy, in line with its strategy focused on its core businesses and the management of scarce resources.

Ongoing investments will be financed using the Group’s usual sources of funding.

The gross book value of the Societe Generale group’s tangible operating fixed assets amounts to EUR 83 billion as at 31 December 2023. This comprises land and buildings (EUR 5.3 billion), right of use (EUR 3.6 billion), assets leased by specialised financing companies (EUR 67.4 billion), investment property (EUR 0.7 billion) mainly related to insurance activities) and other tangible assets (EUR 5.9 billion).

The net book value of the tangible operating assets and investment property amounts to EUR 57.1 billion, representing only 3.7% of the consolidated balance sheet as at 31 December 2023. 

Owing to the nature of the businesses of Societe Generale, property and equipment are not material at Group level.

None.

Since the end of the last financial period, no significant change in the financial performance of the Group occurred other than those described in the present Universal Registration Document filed with the AMF on 11 March 2023.

The article L. 511-45 of the Monetary and Financial Code modified by Order No. 2014-158 of 20 February 2014, require credit institutions to communicate information about the locations and activities of their entitites included in their consolidation scope, in each State or territory.

Societe Generale publishes below the information relative to staff and the financial information by countries or territories.

The list of locations is published in the Note 8.4 of the notes to the consolidated financial statements.

The Board of Directors reviewed the Bank’s purpose in 2019 following the introduction of French Act No. 2019-486 on 22 May 2019, referred to as the Pacte Law and defined the new purpose as “Building together, with our clients, a better and sustainable future through responsible and innovative financial solutions”. From a formal standpoint, it was decided not to include the purpose in the By-laws. However, at its Extraordinary General Meeting of 2020, Societe Generale modified its By-laws to specify that the Board determines the Company’s strategy and supervises its implementation in accordance with its corporate interests, taking into account the social and environmental stakes of its activity (see Chapter 5). In May 2021, the first sentence of the preamble of the Board of Directors’ internal rules was also modified to take account of this change.

(At 1 January 2024)

The composition of the Board of Directors is presented on page  Composition of the Board of Directors, changes in 2023 of this report on corporate governance. The internal rules of the Board of Directors, which define the Board of Directors’ powers, are provided in this Universal Registration Document, on pages  3.3. The Board of Directors’ work is presented on pages  The Board of Directors’ work.

The composition of General Management and of the Executive Committee is presented in the corresponding sections of this report (see pages and  Presentation of the members of the General Management and  Group Executive Committee  - Presentation of the members of the General Management and Group Executive Committee).

The duties of the Group’s Cross-functional Committees, Risk Committee and the main Business Committees are described in section 3.1.4 on page  Main Committees.

The powers of the Board of Directors and of its various Committees, along with the report on their work, are presented on pages  The Board of Directors’ work and following, and notably cover:

• ■the role of the Chairman and the report on his activities, page  The Chairman of the Board of Directors;
• ■the Audit and Internal Control Committee, page  Audit and Internal Control Committee;
• ■the Risk Committee, page  Risk Committee;
• ■the Compensation Committee, page  Compensation Committee ;
• ■the Nomination and Corporate Governance Committee, page  Nomination and Corporate Governance Committee.

Information regarding the non-voting Director’s role and a report on his activities appear on page  Non-voting Director.

On 15 January 2015, the Board of Directors decided that, in accordance with Article L. 511-58 of the French Monetary and Financial Code (Code monétaire et financier), the offices of Chairman and Chief Executive Officer would be separated following the General Meeting of 19 May 2015. At that date, Lorenzo Bini Smaghi became Chairman of the Board of Directors, and Frédéric Oudéa remained Chief Executive Officer until the General Meeting of 23 May 2023. In 2019, Mr. Oudéa’s term of office was renewed until the Annual General Meeting held on 23 May 2023. Lorenzo Bini Smaghi was reappointed Chairman of the Board of Directors, following the renewal of his term of office as a Director at the Annual General Meeting held on 17 May 2022, for a term equal to that of his term of office as a Director, i.e., until the Annual General Meeting called to approve the financial statements for the 2025 financial year.

As Frédéric Oudéa’s term of office as Chief Executive Officer expired on 23 May 2023 and given his wish not to renew his term of office, the Board of Directors’ meeting held on 23 May 2023 appointed Slawomir Krupa as Chief Executive Officer following his appointment as a Director by the Annual General Meeting held on the same day.

Slawomir Krupa is assisted by two Deputy Chief Executive Officers – Philippe Aymerich, whose term of office was renewed on 23 May 2023, and Pierre Palmieri, who was appointed on 23 May 2023.

As Chief Executive Officer, Slawomir Krupa directly supervises the Risk function, in addition to the Inspection & Audit and Finance Departments, and the Global Banking and Investor Solutions businesses.

Philippe Aymerich, Deputy Chief Executive Officer, supervises the Group’s non-HR resources, the General Secretariat, Communications, French Retail, Private Banking & Insurance businesses.

Pierre Palmieri, Deputy Chief Executive Officer, supervises the Compliance Control function, Corporate Social Responsibility, Human Resources, and the International Retail Banking and Mobility and Leasing Services businesses.

Societe Generale refers to the AFEP-MEDEF Corporate Governance Code for listed companies (hereinafter the “AFEP-MEDEF Code”). The document is available on the https://hcge.fr website. In accordance with the “comply or explain” principle, Societe Generale states that it applies all recommendations from the AFEP-MEDEF Code, with the exception of recommendation 23.1 governing the termination of a Chief Executive Officer’s employment contract due to his exceptional length of service with the company (24 years) and the related benefits (described on page  Suspension of the Chief Executive Officer’s employment contract and related rights)

A set of internal rules amended on 7 February 2024 (hereinafter referred to as the “internal rules”) governs the functioning of the Board of Directors and its Committees. The Company’s internal rules appears on pages  3.3 and By-laws appear in the Universal Registration Document (see Chapter  7.4 / By-laws).

ERNST & YOUNG et Autres 
Tour First
TSA 1444492037
Paris-La Défense Cedex
S.A.S. à capital variable
438 476 913 R.C.S. Nanterre

DELOITTE & ASSOCIÉS 
6, place de la Pyramide
92908 Paris-La Défense Cedex
S.A.S. au capital de € 2.188.160
572 028 041 R.C.S. Nanterre

SOCIETE GENERALE 
Société Anonyme
17, cours Valmy
92972 Paris-La Défense

Annual General Meeting held to approve the financial statements for the year ended December 31, 2023

This is a translation into English of the statutory auditors’ report on regulated agreements issued in French and it is provided solely for the convenience of English-speaking users.

This report should be read in conjunction with and construed in accordance with French law and professional auditing standards applicable in France. It should be understood that the agreements reported on are only those provided for by the French Commercial Code and that the report does not apply to those related-party transactions described in IAS 24 or other equivalent accounting standards.

To the Annual General Meeting of Société Générale,

In our capacity as Statutory Auditors of your Company, we hereby report to you on regulated agreements.

The terms of our engagement require us to communicate to you, based on information provided to us, the principal terms and conditions of those agreements brought to our attention or which we may have discovered during the course of our audit, as well as the reasons justifying that such agreements are in the Company’s interest, without expressing an opinion on their usefulness and appropriateness or identifying other such agreements, if any. It is your responsibility, pursuant to Article R.225-31 of the French Commercial Code (code de commerce), to assess the interest involved in respect of the conclusion of these agreements for the purpose of approving them.

Our role is also to provide you with the information stipulated in Article R.225-31 of the French Commercial Code (code de commerce) relating to the implementation during the year ended December 31, 2023, of agreements previously approved by the Annual General Meeting, if any.

We conducted the procedures we deemed necessary in accordance with the professional guidelines of the French National Institute of Statutory Auditors (Compagnie Nationale des Commissaires aux Comptes) relating to this engagement (Code de commerce).

We hereby inform you that we have not been advised of any agreement authorized and entered into during the year ended December 31, 2023, to be submitted to the approval of the Annual General Meeting pursuant to Article L.225-38 of the French Commercial Code.

(Amended on 7 February 2024)

The Board of Directors collectively represents all shareholders and acts in the corporate interest of Societe Generale (the "Company"), taking into consideration the social and environmental stakes of its activity. Each Director, regardless of the manner in which he/she was appointed, must act in the Company's corporate interest in all circumstances.

Societe Generale applies the AFEP-MEDEF Corporate Governance Code for listed companies.

As a credit institution listed on a regulated market, Societe Generale is subject to the provisions of the regulations, directives and other European texts applicable to the banking and financial sectors, the French Commercial Code (Code de commerce), the French Monetary and Financial Code (Code monétaire et financier) and the recommendations or guidelines of the European Banking Authority (the EBA) included in national law, the French Prudential Supervisory and Resolution Authority (Autorité de Contrôle Prudentiel et de Résolution - ACPR) and the Autorité des Marchés Financiers (the AMF).

The purpose of these Internal Rules is to define the Board of Directors’ organisation and operating procedures and to specify the rights and duties of its members (the “Internal Rules”).

The Board of Directors ensures that Societe Generale has a solid governance system including, in particular, a clear organisation with shared responsibilities in a well-defined, transparent and consistent manner, effective procedures for the detection, management, monitoring and reporting of risks to which the Company is or could be exposed, an adequate internal control system, sound administrative and accounting procedures and compensation policies and practices enabling and promoting sound and effective risk management.

The present charter forms an integral part of the Internal Rules of the Board of Directors of Societe Generale (the “Internal Rules”). Any subject not covered by this charter is governed by the Internal Rules, and the terms used are defined in the Internal Rules.

The topics that may be addressed jointly by the Audit and Internal Control Committee and the Risk Committee are indicated by an asterisk (*) in each of the charters.

The present charter forms an integral part of the Internal Rules of the Board of Directors of Societe Generale (the “Internal Rules”). Any subject not covered by this charter is governed by the Internal Rules, and the terms used are defined in the Internal Rules. The type of risks falling within the scope of the Committee’s competence is that mentioned in the Group’s Risk Appetite Statement.

The topics that may be dealt with jointly by the Risk Committee and the Audit and Internal Control Committee are indicated by an asterisk (*) in each of the charters.

The present charter forms an integral part of the Internal Rules of the Board of Directors of Societe Generale (the “Internal Rules”). Any subject not covered by this charter is governed by the Internal Rules, and the terms used are defined in the Internal Rules.

The present charter forms an integral part of the Internal Rules of the Board of Directors of Societe Generale (the “Internal Rules”). Any subject not covered by this charter is governed by the Internal Rules, and the terms used are defined in the Internal Rules.

The U.S. Risk Committee (“Committee” or the “USRC”) of the Societe Generale (“SG” or “SG Group”) Board of Directors (“Board”) is formed in accordance with the requirements of the Enhanced Prudential Standards for Bank Holding Companies and Foreign Banking Organizations (“EPS Rules”) as promulgated by the Board of Governors of the Federal Reserve System.(23) The Committee’s mandate is to (a) review all kinds of risks, both current and future, relating to, booked in or arising from SG’s business, activities, affairs and operations in the United States, including SG’s subsidiaries, branches and representative offices in the United States (collectively, “SGUS”), (b) advise the Board on the overall strategy and the appetite regarding such risks, and (c) assist the Board when it oversees the implementation of this strategy; and (d) oversee the adequacy and effectiveness of the SGUS Internal Audit function.

For avoidance of doubt, it is the responsibility of SG and SGUS senior management to identify and assess SGUS’ exposure to risk and escalate those risks, and planned mitigants, to the Committee. Although the Committee is responsible for overseeing the SGUS enterprise risk management function and challenging management on SGUS risk issues, it is not the sole body responsible for ensuring that SGUS’ risk management function is carried out efficiently and effectively.

(1)2022 figures are restated in compliance with IFRS 17 and IFRS 9 for insurance entities. In the rest of the chapter 4, unless otherwise mentioned, 2022 RWA figures have not been restated for.

This section identifies the main risk factors which, based on the Group's estimates, could have a significant effect on its business, profitability, solvency or access to financing.

Societe Generale has updated its risk typology as part of its internal risk management. For the purposes of this section, these different types of risks have been grouped into six main categories (4.1.1 to 4.1.6), in accordance with Article 16 of the Regulation (EU) 2017/1129, also known as “Prospectus 3” regulation of 14 June 2017, according to the main risk factors that the Group believes could impact the risk categories. Risk factors are presented based on an evaluation of their materiality, with the most material risks indicated first within each category.  

The diagram below illustrates how the categories of risks identified in the risk typology have been grouped into the six categories and which risk factors principally impact them.

As a global financial institution, the Group’s activities are sensitive to changes in financial markets and economic conditions in Europe, the United States and elsewhere around the world. The Group generates 40% of its business in France (in terms of net banking income for the financial year ended 31 December 2023), 38% in Europe, 8% in the Americas and 14% in the rest of the world. The Group could face significant worsening of market and economic conditions in particular resulting from crises affecting capital or credit markets, liquidity constraints, regional or global recessions and fluctuations in commodity prices, notably oil and natural gas. Other factors could explain such deteriorations, such as variations in currency exchange rates or interest rates, inflation or deflation, rating downgrades, restructuring or defaults of sovereign or private debt, or adverse geopolitical events (including acts of terrorism and military conflicts). In addition, the emergence of new pandemics such as Covid-19 cannot be ruled out. Such events, which can develop quickly and whose effects may not have been anticipated and hedged, could affect the Group’s operating environment for short or extended periods and have a material adverse effect on its financial position, the cost of risk and its results.

The economic and financial environment is exposed to intensifying geopolitical risks. The war in Ukraine, which began in February 2022, has sparked deep tensions between Russia and Western countries, impacting global growth, energy and raw materials prices, as well as the humanitarian situation. This has also prompted a large number of countries, particularly in Europe and the United States, to impose economic and financial sanctions on Russia. The war between Israel and Hamas, which began in October 2023, could have similar impacts or contribute to existing ones and pose a risk to the flow of goods and raw materials via the Suez Canal. The Group will continue to analyse in real time the global impact of these crisis and take necessary measures.

In Asia, relations between the US and China, China and Taiwan and China and the European Union are fraught with geopolitical and trade tensions, the relocation of production and the risk of technological fractures.

After a long period of low interest rates, the current inflationary environment is pushing the major central banks to raise interest rates. The entire economy has had to adapt to a context of higher interest rates. In addition to the impact on the valuation of equities, interest rate-sensitive sectors such as real estate are adjusting. The US Federal Reserve and the European Central Bank (ECB) are expected to maintain tight monetary conditions before starting to loosen them from 2024 onwards, as inflation recedes according to our forecasts.

The slowdown in economic activity could generate strong volatility on the financial markets and a significant drop in the price of certain financial assets, potentially leading to payment defaults, with consequences that are difficult to anticipate for the Group. In France, Group's main market , after the long period of low interest rates which fostered an upturn of the housing market, the ongoing reversal of activity in this area had an adverse effect on the Group’s asset value and on business by decreasing demand for loans and resulting in higher rates of non-performing loans. More generally, the higher interest rate environment in a context where public and private debts have tended to increase is an additional source of risk.

Considering the ensuing uncertainty, both in terms of duration and scale, these disruptions could persist throughout 2024 and have a significant impact on the activity and profitability of certain Group counterparties.

Recent attacks on merchant ships in the Bab-el-Mandeb strait, claimed by the Houthi movement, could also have an impact on gas and oil supplies, or on prices and delivery times.

In the longer term, the energy transition to a “low-carbon economy” could adversely affect fossil energy producers, energy-intensive sectors of activity and the countries that depend on them.

With the ALD/LeasePlan merger in 2023, the automotive sector represents a major exposure for the Group. It is currently undergoing major strategic transformations, including environmental (growing share of electric vehicles), technological, as well as competitive (arrival of Asian manufacturers in Europe on the electric vehicles market), the consequences of which could generate significant risks for the Group’s results and the value of its assets.

With regard to financial markets, the topic of non-equivalence of clearing houses (central counterparties, or CCPs) beyond 2025 remains a point that needs watching, with possible impacts on financial stability, notably in Europe, and therefore on the Group’s business. In addition, capital markets (including foreign exchange activity) and securities trading activities in emerging markets may be more volatile than those in developed markets and may also be vulnerable to certain specific risks such as political instability and currency volatility. These elements could negatively impact the Group’s activity and results.

The Group’s results are therefore exposed to the economic, financial, political and geopolitical conditions of the main markets in which the Group operates.

During its Capital Markets Day event, the Group presented its strategic plan, which is to :

• ■be a rock-solid bank: streamline business portfolio, enhance stewardship of capital, improve operational efficiency, maintain best-in-class risk management;
• ■foster high performance sustainable businesses: excel at what SG does, lead in ESG, foster a culture of performance and accountability.

This strategic plan is reflected in the following financial targets:

• ■a robust CET 1 ratio of 13% in 2026 after the implementation of Basel IV;

• ■average annual revenue growth of between 0% and 2% over the 2022-2026 period;
• ■an improved cost-to-income ratio lower than 60% in 2026 and ROTE of between 9% and 10% in 2026;
• ■a distribution rate between 40% and 50% of reported net income(1), applicable from 2023.

The Group is fully on track to achieving its strategic milestones:

• ■the Group’s “Vision 2025” project involves a review of the network of branches resulting from the merger of Crédit du Nord and Societe Generale. Although this project has been designed to achieve controlled execution, the merger could have a short-term material adverse effect on the Group’s business, financial position and costs. The project could lead to some staff departures, requiring their replacement and training efforts that could potentially generate additional costs. The merger could also lead to the departure of some of the Group’s clients, resulting in loss of revenue;
• ■Mobility and Leasing Services will leverage the full integration of LeasePlan by ALD to be a world leader in the mobility ecosystem. However, 2024 will be an intermediate period, with the implementation of gradual integrations. From 2025 onwards, the new entity will make the transition to the target business model, including the implementation and stabilisation of IT and operational processes. If the integration plan is not carried out as expected or within the planned schedule, this could have adverse effects on ALD, particularly by generating additional costs, which could have a negative impact on the Group’s activities and results.

The Group also announced in November 2022 the signing of a letter of intent with AllianceBernstein to combine the equity research and execution businesses in a joint venture to create a leading global franchise in these activities. This announcement was followed by the signature of an acquisition agreement in early February 2023.

The creation of the Bernstein joint venture with AllianceBernstein in cash and equity research is making good progress. The final documentation was signed on 2 November 2023, with a revised structure to accelerate completion of the transaction. At the closing date (expected in the first half of 2024), the joint venture will be organised under two separate legal entities, focusing respectively on North America and on Europe and Asia. The two entities will then be combined, subject to required regulatory approvals. This change should have no significant impact on the Group’s expected net contribution. The capital impact is estimated at less than 10 basis points on the closing date. The transaction remains fully aligned with the strategic priorities of our Global Banking and Investor Solutions franchise.

Societe Generale and Brookfield Asset Management announced on 11 September 2023 a strategic partnership to originate and distribute private debt investments.

The conclusion of final agreements on these strategic transactions depends on several stakeholders and, accordingly, is subject to a degree of uncertainty (legal terms, delays in the integration process of LeasePlan or in the merger of the Crédit du Nord agencies). More generally, any major difficulties encountered in implementing the main levers for executing the strategic plan, notably in simplifying business portfolios, allocating and using capital efficiently, improving operating efficiency and managing risks to the highest standards, could potentially weigh on Societe Generale’s share price.

Societe Generale has placed Environmental, Social and Governance (ESG) at the heart of its strategy in order to contribute to positive transformations in the environment and the development of local regions. In this respect, the Group has made new commitments during the Capital Market Day on 18 September 2023 such as:

• ■an 80% reduction in upstream Oil & Gas exposure by 2030 vs. 2019; with a 50% reduction by 2025;
• ■a EUR 1 billion transition investment fund with a focus on energy transition solutions and nature-based and impact-based projects supporting the UN’s Sustainable Development Goals.

Failure to comply with these commitments, and those that the Group may make in the future, could create legal and reputation risks. Furthermore, the rollout of these commitments may have an impact on the Group’s business model. Last, failure to make specific commitments, particularly in the event of changes in market practices, could also generate reputation and strategic risks.

The Group is governed by the laws of the jurisdictions in which it operates. This includes French, European and US legislation as well as other local laws in light of the Group’s cross-border activities, among other factors. The application of existing laws and the implementation of future legislation require significant resources that could affect the Group’s performance. In addition, possible failure to comply with laws could lead to fines, damage to the Group’s reputation and public image, the suspension of its operations and, in extreme cases, the withdrawal of operating licences.

Among the laws that could have a significant influence on the Group:

• ■several regulatory changes are still likely to significantly alter the framework for Market activities: (i) the strengthening of transparency conditions related to the implementation of the new requirements and investor protection measures (review of MiFID II/MiFIR, IDD, ELTIF (European Long-Term Investment Fund Regulation)), (ii) the implementation of the fundamental review of the trading book, or FRTB, which may significantly increase requirements applicable to European banks and (iii) possible relocations of clearing activities could be requested despite the European Commission’s decision of 8 February 2022 to extend the equivalence granted to UK central counterparties until 30 June 2025, (iv) the European Commission’s proposal to amend the regulation on benchmarks (European Parliament and EU Council, Regulation (EU) No. 2016/1011, 8 June 2016) with possible changes in scope and charges;

• ■the adoption of new obligations as part of the review of the EMIR regulation (EMIR 3.0); in particular, the information requirements for European financial actors towards their customers, the equity options regime and the calibration of requirements for active account funding in a European Union central counterparty;
• ■the implementation of technical standards (RTS) published by the European Banking Authority to clarify risk retention requirements to contribute to the development of a healthy, safe and sound securitisation market in the European Union published by the European Banking Authority on 12 April 2022;
• ■the implementation of the new directive on credit agreements for consumers (Directive (EU) 2023/2225, 18 October 2023), which strengthens consumer protection;
• ■the Retail Investment Strategy (RIS) presented by the European Commission on 24 May 2023, aimed at prioritisng the interests of retail investors and strengthening their confidence in the EU Capital Markets Union, including measures to regulate commission retrocessions in the case of non-advised transactions and to introduce a value-for-money test for investment products;
• ■new legal and regulatory obligations could also be imposed on the Group in the future, such as the continuation in France of consumer protection measures weighing on retail banks, and the potential obligation at European level to open up access to banking data to third-party service providers;
• ■the Commission’s proposal of 28 June 2023 for a regulation on the establishment of the digital euro, accompanying the initiatives taken by the ECB in this field;
• ■the strengthening of data quality and protection requirements and a future strengthening of cyber-resilience requirements in relation to the adoption by the Council on 28 November 2022 of the European Directive and regulation package on digital operational resilience for the financial sector (DORA). Added to this is the transposition of the NIS 2 Directive (Network and Information Security Directive, published in the Official Journal of the EU on 27 December 2022) expected before 18 October 2024, which extends the scope of application of the initial NIS Directive;
• ■the implementation of European regulatory frameworks related to due diligence under the so-called “CS3D” Directive proposal (Corporate Sustainability Due Diligence Directive), as well as to sustainable finance including the regulation on European green bonds, with an increase in non-financial reporting obligations, particularly under the CSRD Directive (Corporate Sustainability Reporting Directive), enhanced inclusion of environmental, social and governance issues in risk management activities and the inclusion of such risks in the supervisory review and assessment process (Supervisory Review and Evaluation Process, or SREP);
• ■the implementation of the requirements of the French “Green Industry” law (Loi Industrie verte) (no. 2023-973 of 23 October 2023), which aims to green up existing industries;
• ■new obligations arising from the Basel Committee’s proposed reform of banking regulations (the final text of Basel 3, also called Basel 4). This reform will be implemented in the European legislative corpus CRR (Regulation (EU) no. 575/2013) which, with a few exceptions, will become applicable on 1 January 2025, and CRD (Directive 2013/36/EU), which should be transposed into the applicable law of Member States no later than 18 months after its entry into force, i.e. by mid-2025;
• ■the European Commission’s initiative, published on 18 April 2023, aiming to strengthen the framework for bank crisis management and deposit insurance (CMDI). This proposal could lead to wider use of the guarantee and resolution funds and increase the Group’s contributions to the guarantee and resolution funds;
• ■European measures aimed at restoring banks’ balance sheets, notably through active management of Non-Performing Loans (NPLs), are leading to an increase in prudential requirements and require the Group to adapt its NPL management strategy. More generally, additional measures to define a best practices framework for loan origination (see the Loan origination guidelines published by the European Banking Authority) and loan monitoring could also have an impact on the Group. This new framework should ensure that newly granted loans are of high credit quality and contribute to reducing levels of non-performing loans in the future;
• ■in 2023, the “Interest Rate Risk in the Banking Book” (IRRBB) guidelines published by the European Banking Authority in October 2022 have applied:
  • -since 30 June 2023 for the IRRBB part,
  • -since 31 December 2023 for the “Credit Spread Risk arising from non-trading Book Activities” (CSRBB) section, requiring banks to calculate and manage the impact of a change in Credit Spread on the Bank’s value and revenues;
• ■in 2024, the following evolutions are expected:
  • -calculation and supervision of the Supervisory Outlier Test (SOT) for Net Interest Income (NII); this requirement has already been implemented by the Group,
  • -detailed reporting notably on IRRBB and CSRBB risks;
• ■new obligations arising from a package of proposed measures announced by the European Commission on 20 July 2021 aiming to strengthen the European supervisory framework around anti-money laundering and combating the financing of terrorism (AML-CFT), as well as the creation of a new European agency to combat money laundering.

The Group is also subject to complex tax rules in the countries where it operates. Changes in applicable tax rules, uncertainty regarding the interpretation of certain evolutions or their effects may have a negative impact on the Group’s business, financial position and costs.

In the US, as the implementation of the Dodd-Frank Act nears completion, the Securities and Exchange Commission (SEC) has embarked on a complete regulatory overhaul of markets that covers the equity market structure, treasury markets and derivatives markets, among others, which could lead to significant changes in the way these markets operate, the cost of market participation and the competitive landscape, among others.

Moreover, as an international bank that handles transactions with US persons, denominated in US dollars, or involving US financial institutions, the Group is subject to US regulations relating in particular to compliance with economic sanctions, the fight against corruption and market abuse. More generally, in the context of agreements with US and French authorities, the Group largely implemented, through a dedicated programme and a specific organisation, corrective actions to address identified deficiencies and strengthen its compliance programme. In the event of a failure to comply with relevant US regulations, or a breach of the Group’s commitments under these agreements, the Group could be exposed to the risk of (i) administrative sanctions, including fines, suspension of access to US markets, and even withdrawals of banking licences, (ii) criminal proceedings, and (iii) damage to its reputation.

Due to its international activity, the Group faces intense competition in the international and local markets in which it operates from banking or non-banking actors alike. As such, the Group is exposed to the risk of not being able to maintain or develop its market share in its various activities. This competition may also lead to pressure on margins, which would be detrimental to the profitability of the Group’s activities.

Consolidation in the financial services industry could result in competitors bolstering their capital, resources and an ability to offer a broader range of financial services. In France and in the other main markets where the Group operates, the presence of major domestic banking and financial actors, as well as new market participants (notably neo-banks and online financial services providers), has increased competition for virtually all products and services offered by the Group. New market participants such as “fintechs” and new services that are automated, scalable and based on new technologies (such as blockchain) are developing rapidly and are fundamentally changing the relationship between consumers and financial services providers, as well as the function of traditional retail bank networks. Competition with these new actors may be exacerbated by the emergence of substitutes for central bank currency (crypto-currencies, digital central bank currency, etc.), which themselves carry risks.

Moreover, competition is also heightened by the emergence of non-banking actors that, in some cases, may benefit from a regulatory framework that is more flexible and in particular less demanding in terms of equity capital requirements.

To address these challenges, the Group has implemented a strategy, notably the development of digital technologies and the creatioin of commercial or equity partnerships with these new actors. In this context, the Group may have to make additional investments to be able to offer new innovative services and compete with these new actors. Tougher competition could, however, adversely impact the Group’s business and results, both on the French market and internationally.

Environmental, social and governance (ESG) risks are defined as risks stemming from the current or prospective impacts of ESG factors on counterparties or invested assets of financial institutions. ESG risks are seen as aggravating factors to the traditional categories of risks (including credit risk, counterparty risk, market risk, non-financial risks, structural risks, business and strategy risks, other types of risk and other factors of risk). ESG risks are therefore likely to impact the Group’s activities, results and financial position in the short, medium and long-term.

The Group is consequently exposed to environmental risks, including climate change risks through certain of its financing, investment and service activities.

The Group could be exposed to physical risk resulting from a deterioration in the credit quality of its counterparties whose activity could be negatively affected by extreme climatic events or long-term gradual changes in climate, and through a decrease in the value of collateral received (particularly in the context of real estate financing in the absence of guarantee mechanisms provided by specialised financing companies). The Group could also be exposed to transition risk through the deterioration in the credit quality of its counterparties impacted by issues related to the process of transitioning to a low-carbon economy, linked for example to regulatory changes, technological disruptions or changes in consumer preferences.

Beyond the risks related to climate change, risks more generally related to environmental degradation (such as the risk of loss of biodiversity, water resources or pollution) are also aggravating factors to the Group’s risks. The Group could notably be exposed to credit risk on a portion of its portfolio, on back of lower profitability of some of its counterparties due, for example, to increasing legal and operating costs (due to the implementation of new environmental standards).

In addition, the Group is exposed to social risks, related for example to non-compliance by some of its counterparties with labour laws or workplace health and safety issues, which may trigger or aggravate reputation and credit risks for the Group.

Similarly, risks relating to governance of the Group’s counterparties and stakeholders (suppliers, service providers, etc.), such as an inadequate management of environmental and social issues, could generate credit and reputational risks for the Group.

Beyond the risks related to its counterparties or invested assets, the Group could also be exposed to risks related to its own activities. Hence, the Group is exposed to physical climate risk with respect to its ability to maintain its services in geographical areas affected by extreme events (floods, etc.).

The Group also remains exposed to specific social and governance risks, relating for example to the operational cost of implementation of regulations (in particular related to labour laws) and the management of its human resources.

All of these risks could have an impact on the Group’s business, results and reputation in the short, medium and long term.

Directive 2014/59/EU of the European Parliament and of the Council of the European Union of 15 May 2014 (BRRD) and Regulation (EU) No. 806/2014 of the European Parliament and of the Council of the European Union of 15 July 2014 (the Single Resolution Mechanism, or “SRM”) define, respectively, a European Union-wide framework and a Banking Union-wide framework for the recovery and resolution of credit institutions and investment firms. The BRRD provides the authorities with a set of tools to intervene early and quickly enough in an institution considered to be failing so as to ensure the continuity of the institution’s essential financial and economic functions while reducing the impact of the failure of an institution on the economy and the financial system (including the exposure of taxpayers to the consequences of the failure). Within the Banking Union, under the SRM Regulation, a centralised resolution authority is established and entrusted to the SRB and national resolution authorities.

The powers granted to the resolution authority under the BRRD and the SRM Regulations include write-down/conversion powers to ensure that capital instruments and eligible liabilities absorb the Group’s losses and recapitalise it in accordance with an established order of priority (the “Bail-in Tool”). Subject to certain exceptions, losses are borne first by the shareholders and then by the holders of additional Tier 1 and Tier 2 capital instruments, then by the non-preferred senior debt holders and finally by the senior preferred debt holders, all in the order of their claims in a normal insolvency proceeding. The conditions for resolution provided by the French Monetary and Financial Code implementing the BRRD are deemed to be met if: (i) the resolution authority or the competent supervisory authority determines that the institution is failing or likely to fail; (ii) there is no reasonable perspective that any measure other than a resolution measure could prevent the failure within a reasonable timeframe; and (iii) a resolution measure is necessary to achieve the resolutions’ objectives (in particular, ensuring the continuity of critical functions, avoiding a significant negative effect on the financial system, protecting public funds by minimising the recourse to extraordinary public financial support, and protecting customers’ funds and assets) and the winding-up of the institution under normal insolvency proceedings would not meet these objectives to the same extent.

The resolution authority could also, independently of a resolution measure or in combination with a resolution measure, proceed with the write-down or conversion of all or part of the Group’s capital instruments (including subordinated debt instruments) into Common Equity Tier 1 (CET1) instruments if it determines that the Group will no longer be viable unless it exercises this write-down or conversion power or if the Group requires extraordinary public financial support (except where the extraordinary public financial support is provided in the form defined in Article L. 613-48 III, paragraph 3 of the French Monetary and Financial Code).

The Bail-in Tool could result in the write-down or conversion of capital instruments in whole or in part into ordinary shares or other ownership instruments.

In addition to the Bail-in Tool, the BRRD provides the resolution authority with broader powers to implement other resolution measures with respect to institutions that meet the resolution requirements, which may include (without limitation) the sale of the institution’s business segments, the establishment of a bridge institution, the splitting of assets, the replacement or substitution of the institution as debtor of debt securities, changing the terms of the debt securities (including changing the maturity and/or amount of interest payable and/or the imposition of a temporary suspension of payments), the dismissal of management, the appointment of a provisional administrator and the suspension of the listing and admission to trading of financial instruments.

Before taking any resolution action, including the implementation of the Bail-in Tool, or exercising the power to write down or convert relevant capital instruments, the resolution authority must ensure that a fair, prudent and realistic valuation of the institution’s assets and liabilities is made by a third party independent of any public authority.

The application of any measure under the French implementing provisions of the BRRD or any suggestion of such application to the Group could have a material adverse effect on the Group’s ability to meet its obligations under its financial instrument and, as a result, holders of these securities could lose their entire investment.

In addition, if the Group’s financial condition deteriorates, the existence of the Bail-in Tool or the exercise of write-down or conversion powers or any other resolution tool by the resolution authority (independently of or in combination with a resolution) if it determines that Societe Generale or the Group will no longer be viable could result in a more rapid decline in the value of the Group’s financial instruments than in the absence of such powers.

Risk appetite is defined as the level of risk that the Group is prepared to accept to achieve its strategic goals.

Thus, risk appetite is part of the Group’s overall strategy, which has the following objectives:

• ■CET 1 ratio at 13% in 2026, under Basel IV;
• ■average annual revenue growth between 0% and 2% over 2022-2026;
• ■cost-to-income ratio below 60% in 2026 • Return on tangible equity (ROTE) between 9% and 10% in 2026
• ■maintaining a risk management at the highest standards with a cost of risk between 25 and 30 bps over 2024-2026 and a rate of non performing loan between 2,5% and 3% in 2026;
• ■maintaining a strength liquidity profile with a short term liquidity ratio, Liquidity Coverage Ratio (LCR), greater or equal to 130% over 2024-2026 and a Net Stable Funding Ratio greater or equal to 112% over 2024-2026.

The Group seeks to achieve sustainable profitability, relying on a robust financial profile consistent with its diversified banking model, by:

• ■adjusting its activities portfolio according to performance criteria, synergy with the Group and extreme risk criteria;
• ■targeting profitable and resilient business development;
• ■maintaining a target rating allowing access to financial resources at a cost consistent with the development of the Group’s businesses and its competitive positioning;
• ■calibrating its capital indicators (consistent with the results of the ICAAP group process) to ensure:
  • -satisfaction of minimum regulatory requirements on CET1 ratio,
  • -financial conglomerate ratio requirement, which take into consideration the combined solvency of Group banking and insuring activities,
  • -coverage of one year of “internal capital requirement” using available CET1 capital,
  • -a sufficient level of creditor protection consistent with a debt issuance program that is particularly hybrid consistent with the Group’s objectives in terms of rating and regulatory ratios such as Tier 1, TLAC (“Total Loss Absorbing Capacity”), MREL (“Minimum Required Eligible Liabilities”), and the leverage ratio;
• ■ensuring resilience of its liabilities, which are calibrated by taking into account a survival horizon in a combined liquidity stress ratio (ILSI – Internal Liquidity Stress Indicator), compliance with LCR (Liquidity Coverage Ratio) and NSFR (Net Stable Funding Ratio) regulatory ratios and the level of dependence on short-term fundings and the foreign currencies needs business of the Group, notably in USD;
• ■controlling financial leverage.

Based on this model, the risk appetite is established and formalised at a Group level by type of risks.

Credit risk appetite is managed through a system of credit policies, risk limits and pricing policies.

When it takes on credit risk, the Group focuses on medium- and long-term client relationships, targeting both clients with which the Bank has an established relationship of trust and prospects representing profitable business development potential over the mid-term.

Acceptance of any credit commitment is based on in-depth client knowledge and a thorough understanding of the purpose of the transaction.

In particular, concerning the underwriting risk, the Group, mainly through the Business Unit GLBA “Global Banking and Advisory”, makes a steadfast commitment to transactions at a guaranteed price as debt financing arranger, prior to syndicating them to other banking syndicates and institutional investors. If market conditions deteriorate or markets close while the placement is under way, these transactions may create a major over-concentration risk (or losses, if the transaction placement requires selling below the initial price).

The Group controls the aggregate value of approved underwriting positions, so as limit it risk if debt markets are closed for an extended period.

In a credit transaction, risk acceptability is based first on the borrower’s ability to meet its commitments, in particular through the cash flows which will allow the repayment of the debt. For medium and long-term operations, the funding duration must remain compatible with the economic life of the financed asset and the visibility horizon of the borrower’s cash flow.

Security interests are sought to reduce the risk of loss in the event of a counterparty defaulting on its obligations, but may not, except in exceptional cases, constitute the sole justification for taking the risk. Security interests are assessed with prudent value haircuts and paying special attention to their actual enforceability.

Complex transactions or those with a specific risk profile are handled by specialised teams within the Group with the required skills and expertise.

The Group seeks risk diversification by controlling concentration risk and maintaining a risk allocation policy through risk sharing with other financial partners (banks or guarantors).

Counterparty ratings are a key criterion of the credit policy and serve as the basis for the credit approval authority grid used in both the commercial and risk functions. The rating framework relies on internal models. Special attention is paid to timely updating of ratings (which, in any event, are subject to annual review)(5).

The risk measure of the credit portfolio is based primarily on the Basel parameters that are used to calibrate the capital need. As such, the Group relies for the internal rating of counterparties on Basel models allowing the assessment of credit quality, supplemented for “non-retail” counterparties, by expert judgment. These measures are complemented by an internal stress-sized risk assessment, either at the global portfolio level or at the sub-portfolio level, linking risk measures and rating migration to macroeconomic variables most often to say expert. In addition, the calculation of expected losses under the provisions of IFRS 9, used to determine the level of impairment on healthy outstandings, provides additional insight into assessing portfolio risk.

In cooperation with the Risk Function, the business lines implement pricing policies which are differentiated based on counterparty and transaction risk levels. The purpose of pricing a transaction is to ensure acceptable profitability, in line with the objectives of ROE (Return on Equity) of the business or entity, after taking into account the cost of the risk of the transaction in question. The pricing of an operation can nevertheless be adapted in certain cases to take into account the overall profitability and the potential customer relationship development. The intrinsic profitability of products and customer segments is subject to periodic analysis in order to adapt to changes in the economic and competitive environment.

Proactive management of impaired risks is key to containing the risk of final loss in the event of default of a counterparty. As such, the Group has put in place rigorous procedures and/or enhanced follow-up to monitor counterparties with a worsening risk profile. Furthermore, the businesses lines and subsidiaries or branches, along with the Risk function, have set up joint teams of employees specialised in asset recovery management to effectively preserve the Bank’s interests in the event of default.

Transitional and physical environmental risk factors can have a significant impact on the credit risk and are an aggravating factor for the risks the Bank is facing, in particular credit risk through an increase of costs, a decrease in the guarantees’ performance and a reduction in demand.

Concerning ESG risks (Environmental, Social & Governance), the assessment and management of the impact of ESG risk factors on credit risk is particularly based on portfolio alignment indicators (power generation for example).

In general, credit granting policies must comply with the criteria defined within the framework of the Group’s Social and Environmental Responsibility (CSR) policy, which is broken down through:

• ■the general environmental and social principles and the sectoral and cross-cutting policies appended to them. Sector policies cover sectors considered potentially sensitive from an environmental, social or ethical point of view;
• ■the targets for alignment with the objectives of the Paris agreement, which the Group has set itself, starting with the sectors with the highest CO2 emissions;
• ■commitment to granting sustainable financing classified as Sustainable and Positive Impact Finance and to Sustainability linked transactions.

The risk related to climate change is taken into consideration in the credit risk assessment process. In July 2022, a Group procedure was published on the integration of C&E factors in the credit granting analysis, and a training program is being rolled out. In addition, over the course of 2023, the climate vulnerability assessment dedicated to transition risk will be fully integrated in the credit grating process and tools. It makes it possible to integrate the impact of climate risk in the analysis of credit risk.

Counterparty risk is the credit risk on market transactions and includes counterparty credit risk (CCR) and settlement-delivery risk (RDL). They are measured by parameters taken into account the dynamics of exposures distortions linked to market movements. Counterparty risk is thus managed via a set of limits that reflect the Group’s risk appetite. The Group also measures this risk under stress tests to take account exceptional market disturbances. In order to mitigate these risks, the Group has contracted close-out netting agreements and market collateralisation.

The future value of exposure to a counterparty as well as its credit quality are uncertain and variable over time, both of which are affected by changes in market parameters. Thus, counterparty credit risk management is based on a combination of several types of indicators:

• ■indicators of potential future exposures (potential future exposures, or PFE), aimed at measuring exposure to our counterparties:
  • -the Group controls idiosyncratic counterparty credit risks via a set of CVaR(6) limits. The CVaR measures the potential future exposure linked to the replacement risk in the event of default by one of the Group’s counterparties. The CVaR is calculated for a 99% confidence level and different time horizons, from one day until the maturity of the portfolio,
  • -in addition to the risk of a counterparty default, the CVA (Credit Valuation Adjustment) measures the adjustment of the value of our portfolio of derivatives and repos account the credit quality of our counterparties;
• ■the abovementioned indicators are supplemented by stress test impacts frameworks or on nominal ones in order to capture risks that are more difficult to measure;
• ■risks are measured via stress tests at different levels:
  • -across all categories(7) of counterparties,
  • --on all categories of clients,
  • -at activity level for agency businesses collateralised financing bearing more wrong-way risks by nature;
• ■the CVA risk is measured through a stress test aiming at measuring the CVA impacts due to hypothetical market risk scenarios reflecting market moves deemed to be representative, especially counter parties’ credit spreads.

• ■exposures to central counterparty clearing houses (CCP(8)) are subject to specific supervision:
  • -the amount of collateral posted for each segment of a CCP: the initial posted margins, both for our principal and agency activities, and our contributions to CCP default funds,
  • -in addition, a stress test measures the impact linked to (i) the default of an average member on all segments of a CCP and (ii) the failure of a major member on a segment of a CCP;
• ■the Global Stress Test on market activities includes cross market-counterparty risks, it is described in more detail in the “Market risk” section;
• ■besides, a specific framework that has been set up aims to avoid individual concentration related to counterparty risk in market operations.
• ■finally, a CCR RAS metric is now under Board delegation authority (subject to CORISQ, etc.), relying on the sum of the GASEL and the Collaterised Financing stress test commensurate with market risk.

Settlement-delivery risk is the risk of non-payment of amounts due by a counterparty or the risk of non-delivery of currencies, securities, commodities or other products by a counterparty in the context of the settlement of a market transaction whose payment type is FOP (Free of Payment, which implies that payment and delivery are two distinct flows that should be considered independently of each other).

The Group measures its exposure to this risk of non-payment or non-delivery of funds or securities using a dedicated metric (RDL). It is measured as the amount of flows (of funds, securities or commodities) to be received after netting the settlement flows to be paid and received and taking into account the risk mitigation mechanisms(9).

The characteristics of the transactions, as well as the legal and operational environment in which they are processed, are used to calculate the settlement-delivery risk profile for each Counterparty.

Group market activities are guided as part of a development strategy focused in priority for meeting the customer needs, with a complete range of solutions.

Market risk is managed through a set of limits for several indicators (such as stress tests, Value-at-Risk (VaR) and stressed Value-at-Risk (SvaR), “Sensitivity” and “Nominal” indicators). These indicators are governed by a series of limits proposed by the business lines and approved by the Risk Division during the course of a discussion-based process.

The choice of limits and their calibration reflect qualitatively and quantitatively the fixing of the Group’s appetite for market risks. This analysis is related to market conditions, the flexibility in managing down the Group’s positions or the consumption of regulatory own funds based on internal reference models. A regular review of these frameworks also enables risks to be tightly controlled according to changing market conditions with, for example, a temporary reduction of limits if market conditions worsen. Warning thresholds are also in place to prevent the possible occurrence of overstays.

Limits are set at different sub-levels of the Group, thereby cascading down the Group’s risk appetite from an operational standpoint within its organisation.

Within these limits, the Global Stress Test limits on market activities and the Market Stress Test limits play a pivotal role in determining the Group’s market risk appetite; in fact, these indicators cover all operations and the main market risk factors as well as risks associated with a severe market crisis which helps limit the total amount of risk and takes account of any diversification effects. These stress tests and their associated threshold, permit to evaluate and frame a potential loss under different market scenarios, adverse but plausible, of decennial occurrence (for instance, systemic crisis).

Non-financial risks are defined as non-compliance risk, risk of inappropriate conduct, IT risk, cybersecurity risk, other operational risks, including operational risk associated with credit risk, market risk, model risk, liquidity and financing, structural and rate risk. These risks can lead to financial losses.

Governance and a methodology have been put in place for the scope of non-financial risks.

As a general rule, the Group has no appetite for operational risk or for non-compliance risk. Furthermore, the Group maintains a zero-tolerance policy on incidents severe enough to potentially inflict serious harm to its image, jeopardise its results or the trust displayed by customers and employees, disrupt the continuity of critical operations or call into question its strategic focus. The Group underscores that it has is no or very low tolerance for operational risk involving the following:

• ■internal fraud: the Group does not tolerate unauthorised trading by its employees. The Group’s growth is founded on trust, as much between employees as between the Group and its employees. This implies respecting the Group’s principles at every level, such as exercising loyalty and integrity. The Group’s internal control system must be capable of preventing acts of major fraud;
• ■cybersecurity: the Group has no appetite for fraudulent intrusions, disruption of services, compromise of elements of its information system, in particular those which would lead to theft of assets or theft of customer data. The Bank intends to introduce effective means to prevent and detect this risk. It has a barometer that measures the maturity of the cybersecurity controls deployed within its entities and the appropriate organisation to deal with any incidents;
• ■data leaks: trust is one of Societe Generale Group’s key assets. As a result the Bank commits to deploy the necessary resources and implement controls to prevent, detect and remedy data leaks. The Bank does not tolerate leaks of its most sensitive information, in particular where it concerns its customers;

• ■business continuity: the Group relies heavily on its information systems to perform its operations and is therefore committed to deploying and maintaining the resilience of its information systems to ensure the continuity of its most essential services. The Group has very low tolerance for the risk of downtime in its information systems that perform essential functions, in particular systems directly accessible to customers or those enabling to conduct business on financial markets. In addition, to deal with the occurrence of certain extreme events that could permanently affect its information system, its external service providers or a major Group entity based abroad, the Bank is developing resilience solutions to ensure its survival. The Group thus defines the duration (“impact tolerance”) beyond which any interruption of a Group vital process would present a risk to (i) the safety and soundness of the Group, (ii) customers, (iii) the stability of the financial system. Impact tolerance applies to each vital process, regardless of crisis scenarios and available solutions, and differs from Recovery Time Objective (RTO), which is a business continuity indicator that oversees unavailability for low-impact incident. A maturity index will also be calculated to measure the degree of resilience of the most vital processes by crisis nature;
• ■outsourced services: Societe General Group intends to demonstrate a high degree of throroughness in the control of its activities entrusted to external service providers. As such, the Societe Generale Group adheres to a strict discipline of monitoring it’s providers with a review frequency depending on their level of risk. Thus, Societe General does not have any appetite for a delay in the management of its service providers exceeding three months;
• ■managerial continuity: the Group intends to ensure the managerial continuity of its organisation to avoid the risk of a long-term absence of a manager that would question the achievement of its strategic objectives, which might threaten team cohesion or disrupt the Group’s relationships with its stakeholders;
• ■physical security: the Societe Generale Group applies security standards to protect personnel, tangible and intangible assets in all the countries where it operates. The Group Security Department ensures the right level of protection against hazards and threats, in particular through security audits on a list of sites that it defines;
• ■execution errors: the Societe Generale Group has organised its day-to-day transaction processes and activities through procedures designed to promote efficiency and mitigate the risk of errors. Notwithstanding a robust framework of internal control systems, the risk of errors cannot be completely avoided. The Group has a low tolerance for execution errors that would result in very high impacts for the Bank or its clients.

The Group is exposed to legal risks inherent in its business such as commercial disputes and non-respect of the competition laws. The Group aims at managing and mitigating these risks. Its Legal Division serves a risk mitigation function within the Group and defines the norms, standards, procedures and controls associated with legal risk. The Legal Division provides independent legal advice within the Group and, among its roles, it identifies, assesses, analyses and mitigates legal risk issues within the Group. It also promotes a solid “legal risk culture” throughout the Group.

The Group is required to strictly comply with all laws and regulations which govern its activities in all countries in which it operates, and implements international best practices to that effect. It strives, in particular, to:

• ■knowing its customers by implementing appropriate KYC measures;
• ■work with clients and partners that comply with international rules and standards on anti-money laundering and terrorism financing;
• ■work with clients and complete transactions in accordance with rules related to international sanctions and embargoes;
• ■perform transactions, offer products and advisory services and work with partners in accordance with regulations governing, in particular, client protection;
• ■implementing the necessary measures and conducting transactions in the respect of the integrity of the markets;
• ■implementing and complying with data protection obligations, in particular obligations regarding the protection of personal data and the use of digital technologies;
• ■ensuring the proper functioning of the system for interpreting and transposing prudential regulations by the expert functions, in particular DFIN and RISQ.

Liquidity risk is defined as the Group’s inability to meet its financial obligations at a reasonable cost: debt repayments, collateral supply. The Group assesses this risk over various time horizons, including intraday, considering market access restriction risk (generalised or specific to the Group).

Funding risk is defined as the risk that the Group will not be able to finance the development of its businesses at a scale consistent with its commercial goals and at a competitive cost compared to its competitors. The capacity to raise funding is assessed over a three-year horizon. Controlling liquidity risk is based primarily on:

• ■compliance with regulatory liquidity ratios, with precautionary buffers: LCR (liquidity coverage ratio) ratios that reflect a stress situation and NSFR (net stable funding ratio);
• ■compliance with a minimum survival horizon under combined market and idiosyncratic stress (Internal Liquidity Stress Indicator (ILSI));
• ■framing of transformation and anti-transformation positions (price risk);
• ■management of the contingent liquidity reserve with the Central Bank.

Controlling financing risk is based on:

• ■maintaining liabilities structure designed to meet the Group’s regulatory constraints (Tier1, Total Capital, Leverage, TLAC, NSFR, MREL) and rating agency requirements in order to secure a minimum rating level;
• ■recourse to market financing: annual long-term issuance programs and a stock of moderate structured issues and short-term financing raised by supervised treasuries.

Structural exposure to interest rate, credit spread and foreign exchange risks results from commercial transactions and their hedging in the banking book (and not in the trading book, which concerns market risk).

Structural interest rate risk (also referred to as Interest Rate Risk in the Banking Book – IRRBB) refers to the risk – whether current or prospective – to the Group’s equity and earnings (hence for the Net Present value and the Net Interest Margin) posed by adverse movements in interest rates affecting the items comprising its banking book. There are four main types of risk based on the EBA taxonomy: Interest rates level risk, curve risk, optional risk and basis risk. All four types of risks may potentially affect the value or yield of interest-rate sensitive assets, liabilities and off-balance sheet items.

Structural credit spread risk (also referred to as Credit Spread Risk in the Banking Book – CSRBB) refers to the Group’s equity and earnings posed by adverse movements in market price for credit risk, for liquidity (of lenders) and for potentially other characteristics of credit-risky instruments, which is not captured by another existing prudential framework (such as IRRBB) or by expected credit default risk or a jump-to-default risk. The management of interest rate risk is detailed in Chapter 4-8 Structural risk-interest rate and exchange rate risk of the 2024 URD.

Changes in inter-currency exchange rates may cause changes in the value of assets, liabilities and off-balance sheet items and result in volatility in the income statement or other gains and losses recognised in equity.

The Group’s policy in terms of structural exchange rate risks consists of limiting as much as possible the sensitivity of its CET1 capital ratio to changes in exchange rates, so that the impact on the CET1 ratio of an appreciation or a depreciation of all currencies against the euro does not exceed a certain threshold in terms of bp by summing the absolute values of the impact of each currency.

The risks on social commitments result from the deficit between the social liabilities and the related financial assets.

Regarding risks to pension and long-service obligations, which are the Bank’s long-term obligations towards its employees, the amount of the provision is monitored for risk on the basis of a specific stress test and an attributed limit. The risk management policy has two main objectives: reduce risk by moving from defined-benefit plans to defined-contribution plans and optimize asset risk allocation (between hedge assets and performance assets) where allowed by regulatory and tax constraints.

The source of model risk may be linked to incorrect model design, implementation, use or monitoring.

The Group is committed to defining and deploying internal standards to reduce model risk on the basis of key principles, including the creation of three independent lines of defence, the proportionality approach relying on a model tiering methodology, a model inventory and the consistency of the approaches used within the Group.

Risk model appetite is defined for the perimeter of this group of models: credit risk IRB and IFRS 9, market and counterparty risk, market product valuation, ALM, trading model, compliance and granting.

A wrong design, application, use or monitoring of these models can have unfavourable consequences of two types: an underestimation of own funds on the basis of models approved by the regulators and/or financial losses.

The Group conducts Insurance activities (Life Insurance and Savings, Retirement savings, Property & Casualty Insurance, etc.) which exposes the Group to two major types of risks:

• ■subscription risk related to pricing and fluctuations in the claims ratio;
• ■risks related to financial markets (interest rate, credit and equity) and asset-liability management.

Insurance management risk is described in Financial Statements Note 4.3 Insurance activities

The Group has limited appetite for financial holdings, such as proprietary private equity transactions. The investments allowed are mainly related to:

• ■support clients and business development of the retail banking network through SGRF and certain subsidiaries abroad;
• ■taking stakes, either directly or through investment funds, in innovative companies via SG Ventures;
• ■the takeover of stakes in local companies: Euroclear, Crédit Logement, etc., which does not have limit.

The real estate risk is defined as the risk of decline in the value of SG’s own real estate investments. Such assessment is linked to the value of financial instruments related to real estate assets.

The SG policy related to the own real estate allows to mitigate this risk thanks to two mitigation actions:

• ■agency: the good location of the agency allows to limit the impact on the price in case of market depreciation;
• ■the practice of lease back for offices: the offices no longer belong to the Group that continues to occupy the premises for rent.

The residual value risk is the risk of a loss of value due to the changes in the price of vehicles on second-hand markets.

The resale price of the vehicles is estimated at inception of the leasing contract. The resale price may differ from this estimated value, thus generating a gain or a loss.

Residual value risk is managed according to a central policy which defines the procedure for setting residual values and their review. The governance in place on residual value risk aims to monitor used car market price evolutions and adapt the Company’s pricing and financial policy. The governance in place on residual value risk also aims to monitor residual values for electric vehicles, whose future resale in the specific used vehicle market could also involve uncertainties related to the level of demand, the level of prices, or rapid technological change.

Several factors can cause deviations between the estimated price at contract inception and the actual realised resale price: economic context changes, used car market demand and supply evolutions (in terms of brand, model, car segment, etc.), new vehicle regulations/taxes, etc.

Internal control is part of a strict regulatory framework applicable to all banking institutions.

In France, the conditions for conducting internal controls in banking institutions are defined in the Order of 3 November 2014, modified by the Order of 25 February 2021. This Order, which applies to all credit institutions and investment companies, defines the concept of internal control, together with a number of specific requirements relating to the assessment and management of the various risks inherent in the activities of the companies in question, and the procedures under which the supervisory body must assess and evaluate how the internal control is carried out.

The Basel Committee has defined four principles – independence, universality, impartiality, and sufficient resources – which underpin the internal control carried out by credit institutions.

The Board of Directors ensures that Societe Generale has a solid governance system and a clear organisation ensuring:

• ■a well-defined, transparent and coherent sharing of responsibilities;
• ■effective procedures for the detection, management, monitoring and reporting of risks to which the Company could be exposed.

The Board tasks the Group’s General Management with rolling out the Group’s strategic guidelines to implement this set-up.

The Audit and Internal Control Committee is a Board of Directors’ Committee that is specifically responsible for preparing the decisions of the Board in respect of internal control supervision.

As such, General Management and Risk Division submits reports to the Audit and Internal Control Committee on the internal control of the Group. The Committee monitors the implementation of remediation plans when it considers the risk level to be justified.

Internal control is based on a body of standards and procedures.

All Societe Generale Group activities are governed by rules and procedures contained in a set of documents referred to collectively as the “Standard Guidelines”, compiled in the Societe Generale Code, which:

• ■set out the rules for action and behavior applicable to Group staff;
• ■define the structures of the businesses and the sharing of roles and responsibilities;
• ■describe the management rules and internal procedures specific to each business and activity.

The Societe Generale Code groups together the standard guidelines which, in particular:

• ■define the governance of the Societe Generale Group, the structures and duties of its Business Units and Services Units, as well as the operating principles of the cross-business systems and processes (Codes of Conduct, charters, etc.);
• ■set out the operating framework of an activity and the management principles and rules applicable to products and services rendered, and also define internal procedures.

The Societe Generale Code has force of law within the Group and falls under the responsibility of the Group Corporate Secretary.

In addition to the Societe Generale Code, operating procedures specific to each Group activity are applied. The rules and procedures in force are designed to follow basic rules of internal control, such as:

• ■segregation of functions;
• ■immediate, irrevocable recording of all transactions;
• ■reconciliation of information from various sources.

Multiple and evolving by nature, risks are present in all business processes. Risk management and control systems are therefore key to the Bank’s ability to meet its targets.

The internal control system is represented by all methods which ensure that the operations carried out and the organisation and procedures implemented comply with:

• ■legal and regulatory provisions;
• ■professional and ethical practices;
• ■the internal rules and guidelines defined by the Company’s management body of the undertaking in its executive function.

Internal control in particular aims to:

• ■prevent malfunctions;
• ■assess the risks involved, and exercise sufficient control to ensure they are managed;
• ■ensure the adequacy and effectiveness of internal processes, particularly those which help safeguard assets;
• ■detect irregularities;
• ■guarantee the reliability, integrity and availability of financial and management information;
• ■check the quality of information and communication systems.

The internal control system is based on five basic principles:

• ■the comprehensive scope of the controls, which cover all risk types and apply to all the Group’s entities;
• ■the individual responsibility of each employee and each manager in managing the risks they take or supervise, and in overseeing the operations they handle or for which they are responsible;
• ■the responsibility of functions, in line with their expertise and independence, in defining normative controls and, for three of them, exercising second-level permanent control;
• ■the proportionality of the controls to the materiality of the risks involved;
• ■the independence of internal auditing.

The internal control framework is based on the “three lines of defence” model, in accordance with the Basel Committee and European Banking Authority guidelines:

• ■the first line of defence comprises all Group employees and operational management, both within the Business Units and the Services Units in respect of their own operations.
• Operational management is responsible for risks, their prevention and their management (by putting in place first-level permanent control measures, amongst other things) and for implementing corrective or remedial actions in response to any deficiencies identified by controls and/or process steering;
• ■the second line of defence is provided by the risk and compliance functions.
• Within the internal control framework, operational management is responsible for verifying the proper and continuous running of the risk security and management operation functions through the effective application of established standards, defined procedures, methods and requested controls.
• Accordingly, these functions must provide the necessary expertise to define in their respective fields the controls and other means of risk management to be implemented by the first line of defence, and to ensure that they are effectively implemented; they conduct second-level permanent control over all of the Group’s risks, based in particular on the controls they have defined, as well as those defined, if necessary, by other expert functions (e.g. sourcing, legal, tax, human resources, information system security, etc.) and by the businesses;
• ■the third line of defence is provided by the Internal Audit Department, which encompasses the General Inspection and Internal Audit functions. This department performs periodic internal audits that are strictly independent of the business lines and the permanent control function;
• ■internal control coordination, which falls under the responsibility of the Chief Risk Officer, is also provided at Group level and is rolled out in each of the departments and core businesses.

The Chief Executive Officer is responsible for ensuring the overall consistency and effectiveness of the internal control system.

The purpose of the Group Internal Control Coordination Committee (GICCC) is to ensure the consistency and effectiveness of the Group’s internal control, in response in particular to the obligation laid down in Art. 16 of the amended French Order of 3 November 2014. The Committee is chaired by the Chief Executive Officer, or in his absence, by a Deputy General Manager tasked with supervising the area under review. Organised by RISQ/NFR, the CCCIG convenes the Managers of the second line of defence (CPLE and RISQ), the Representatives appointed by the Heads of DFIN and RESG (including the Global CISO), the Manager of the third line of defence (IGAD), as well as the Heads of the level 2 permanent control central teams (RISQ/CTL, CPLE/CTL, DFIN/CTL).

The Committee meets approximately 20 times a year to deal with cross-cutting topics, as well as the annual review of each BU/SU.

Its roles and responsibilities are:

• ■provide a consolidated view of the Group’s internal control framework to General Management;
• ■evaluate the Group’s internal control framework in terms of effectiveness, consistency, and completeness;
• ■evaluate the operation Group’s permanent control framework based on the analysis of the Group’s quarterly permanent control dashboard, completed by cross-functional thematic reviews and by the independent reviews of RISQ and CPLE in their role as the Group’s second line of defense;
• ■examine and validate the annual report of the Group’s internal control (“RCI”);
• ■define or validate the roles and responsibilities of permanent control stakeholders and of the GICCC and ICCC;
• ■validate the operational principles of permanent control and governance;
• ■validate the sections dealing with internal control in the SG Code;
• ■review and “challenge” the BU/SU permanent control framework, in particular, validate the target organisation of permanent control in the major and significant entities;
• ■review other cross-functional subjects related to the Group’s permanent control:
  • ( i )the permanent control budget,
  • ( ii )validate of level 2 Control Plans,
  • ( iii )other cross-functional subjects concerning all or part of the Group, in particular risks (including ESG topics), requiring an assessment of the effectiveness of preventive measures and controls; two subjects are examined annually, due to their importance and the attention they receive from the supervisory authorities:
    • •control of information security framework, and
    • •control of essential outsourced services;
• ■follow up the Group’s permanent control framework with the permanent members of the Committee: review and comment on the status of the action plan prepared by RISQ/NFR and take appropriate decisions if necessary.

The GICCC is a decision-making body. It therefore has the authority to take appropriate measures to correct any deficiencies or weaknesses detected and communicated.

The GICCC is declined into BU/SU ICCCs, which are mandatory in each BU/SU (expect IGAD) and in the most significant subsidiaries.

The Group’s permanent control system comprises:

• ■the first-level permanent control, which is the basis of the Group’s permanent control, is performed by the businesses. Its purpose is to ensure the security, quality, regularity and validity of transactions completed at operational level;
• ■the second-level permanent control, which is independent of the businesses and concerns three departments, i.e. the Compliance, Risk and Finance Departments.

Permanent Level 1 controls, carried out on operations performed by BUs and the SUs, ensure the security and quality of transactions and the operations. These controls are defined as a set of provisions constantly implemented to ensure the regularity, validity, and security of the operations carried out at operational level.

The permanent Level 1 controls consist of:

• ■any combination of actions and/or devices that may limit the likelihood of a risk occurring or reduce the consequences for the Company: these include controls carried out on a regular and permanent basis by the businesses or by automated systems during the processing of transactions, automated or non-automated security rules and controls that are part of transaction processing, or controls included in operational procedures. Also falling into this category are the organisational arrangements (e.g., segregation of duties) or governance, training actions, when they directly contribute to controlling certain risks;
• ■controls performed by managers: line managers control the correct functioning of the devices for which they are responsible. As such, they must apply formal procedures on a regular basis to ensure that employees comply with rules and procedures, and that Level 1 controls are carried out effectively.

Defined by a Group entity within its scope, Level 1 controls include controls (automated or manual) that are integrated into the processing of operations, proximity controls included in operating procedures, safety rules, etc. They are carried out in the course of their daily activities by agents directly in charge of an activity or by their managers. These controls aim to:

• ■ensure the proper enforcement of existing procedures and control of all risks related to processes, transactions and/or accounts;
• ■alert management in the event of identified anomalies or malfunctions.

Permanent Level 1 controls are set by management and avoid, as far as possible, situations of self-assessment. They are defined in the procedures and must be traced without necessarily being formalised, e.g. preventive automated controls that reject transactions that do not comply with system-programmed rules.

In order to coordinate the operational risk management system and the permanent Level 1 control system, the BUs/SUs use a specific department called CORO (Controls & Operational Risks Office Department).

The permanent Level 2 control ensures that the Level 1 control works properly:

• ■the scope includes all permanent Level 1 checks, including managerial supervision checks and checks carried out by dedicated teams;
• ■this review and these audits aim to give an opinion on (i) the effectiveness of Level 1 controls, (ii) the quality of their implementation, (iii) their relevance (including, in terms of risk prevention), (iv) the definition of their modus operandi, (v) the relevance of remediation plans implemented following the detection of anomalies, and the quality of their follow-up, and thus contribute to the evaluation of the effectiveness of Level 1 controls.

The permanent level 2 control, control of the controls, is carried out by teams independent of the operational.

These controls are performed centrally by dedicated teams within Risk Service Unit (RISQ/CTL), Compliance Service Unit (CPLE/CTL) and Finance Service Unit (DFIN/CTL) and locally by the second-level control teams within the BU/SUs or entities.

The internal audit function is carried out within the Societe Generale Group (the “Group”) by the General Inspection and Internal Audit Service Unit (“IGAD”). The internal audit function is under the responsibility of the Group’s General Inspector.

The Internal Audit function contributes to Societe Generale Group’s internal control framework. It constitutes the third and final line of defense and ensures periodic control, strictly independent of the business lines and other internal control functions.

The internal audit function performed by IGAD, defined in accordance with IIA (Institute of Internal Auditors) standards, is an independent and objective activity that gives the Group assurance on the level of control of its risks and operations, provides advice to improve them and helps create added value. Through the exercise of this mandate, Inspection and Internal Audit help the Group to achieve its objectives by evaluating, through a systematic and methodical approach, its risk management, controls, and corporate governance processes and by making proposals to strengthen their effectiveness.

IGAD’s scope of operations includes Societe Generale SA and all Group entities, regardless of their area of activity. All the Group’s activities, operations, and processes, without exception, may be the subject of a mission conducted by the General Inspection Department or the Internal Audit Department. That said, entities in which the Group holds a minority stake are excluded from IGAD’s scope of intervention, including when Societe Generale exercises a significant influence, except when this stake is likely to have a significant impact on the Group’s risk management.

Outsourced activities also fall within the scope of the internal audit function.

The Group’s General Inspector reports directly to the Group’s Chief Executive Officer.

He meets regularly with the Chairman of the Board of Directors. The Internal Rules of the Board of Directors, updated in August 2023, provide that the General Inspector shall report to the Board of Directors on his mission on the basis of presentations made beforehand to the Audit and Internal Control Committee. He presents the audit and inspection plans approved by the Group’s Chief Executive Officer for validation to the Board of Directors, after review by the Audit and Internal Control Committee.

The General Inspector is a permanent member of the Audit and Internal Control Committee, to which he regularly presents a summary of the activity of the General Inspection and Internal Audit as well as the review of the follow-up of the implementation of the recommendations issued by both the Audit and the General Inspection and the supervisors. The General Inspector is also a permanent member of the Risk Committee. He may be heard on any subject by these Committees at their request or on its initiative.

Finally, pursuant to the Board of Directors’ internal rules, the General Inspector may, if necessary, in the event of an actual or potential deterioration of risks, report directly to the Board of Directors, directly or through the Audit and Internal Control Committee, without referring to the Executive Managers.

In order to achieve its objectives, the General Inspection and Internal Audit Service Unit is provided with appropriate resources, proportionate to the challenges, both in terms of quality and quantity. In total, it comprises around 930 employees based at the Group’s head office, subsidiaries or branches (France and abroad).

The IGAD Service Unit is a hierarchically integrated directorate. The General Inspection Department, based at headquarters, operates throughout the Group. The Internal Audit Departments are each responsible for a defined scope of activities or risks. Whether located at headquarters or within entities (branches or subsidiaries), the audit teams are all attached to the IGAD Service Unit. Thanks to a matrix organisation, the main cross-cutting topics at Group level are covered. Depending on the resources and skills required, an audit assignment can bring together teams from different departments. IGAD has the possibility to involve any team of its choice in the execution of a mission within the Group.

The General Inspection and Internal Audit departments carry out their work from missions. In addition to the missions listed in its tour plan, the General Inspection may be asked to carry out specific studies or contribute to “due diligence” reviews in the event of the acquisition or disposal of entities or activities by the Group. This work is governed by procedures ensuring that the Inspection Department cannot subsequently find itself in a conflict-of-interest situation.

The General Inspection and Internal Audit Departments design their respective audit plans on a risk-based approach. Internal Audit combines this approach with the requirement to comply with a five-year audit cycle and determines the frequency of its interventions according to the level of risk of the scopes to be audited. While the General Inspection Department is not required to comply with an audit cycle, its work is considered for the compliance with the audit cycle.

The General Inspection and Internal Audit Departments are also involved in monitoring the implementation of supervisors’ recommendations as part of their independent positioning within the Group. This work continued in 2023 with regular presentations to the General Management – in coordination with the General Secretariat – and to the Audit and Internal Control Committee.

As required by the International Standards for Internal Audit, IGAD is subject to independent external certification by IFACI (French Institute of Audit and Internal Control).

Audited I Since January 2014, Societe Generale has been applied the new Basel III regulations implemented in the European Union through a regulation and a directive (CRR and CRD respectively).

The general framework defined by Basel III is structured around three pillars:

• ■Pillar 1 sets the minimum solvency, leverage and liquidity requirements and defines the rules that banks must use to measure risks and calculate the related capital requirements, according to standard or more advanced methods;
• ■Pillar 2 concerns the discretionary supervision implemented by the competent authority, which allows them – based on a constant dialogue with supervised credit institutions – to assess the capital adequacy calculated in accordance with Pillar 1, and to calibrate additional capital requirements taking into account all the risks faced by these institutions;
• ■Pillar 3 promotes market discipline by developing a set of reporting requirements, both quantitative and qualitative, that allow market participants to better assess the capital, risk exposure, risk assessment procedures and hence the capital adequacy of a given institution.

Several amendments to European regulatory standards were adopted in May 2019 (CRR2/CRD5). The majority of the provisions came into effect in June 2021.

The amendments concern in particular the following items:

• ■Leverage ratio: the minimum requirement of 3% to which will be added since January 2023, 50% of the buffer required as a systemic institution;
• ■Derivatives counterparty risk  (SA-CCR(3)): the “SA-CCR” method is the Basel method replacing the old CEM(4)method for determining the prudential exposure on derivatives under the standardised approach;
• ■Large Exposure: the main change is the calculation of the regulatory limit (25%) on Tier 1 capital (instead of total capital), as well as the introduction of a specific cross-limit on systemic institutions (15%);
• ■TLAC: the ratio requirement for G-SIB is introduced in CRR. According to the Basel text, G-SIBs must comply with an amount of capital and eligible debt equal to the highest between 18% + risk-weighted assets buffers and 6.75% leverage since 2022.

In December 2017, the Group of Central Bank Governors and Heads of Banking Supervision (GHOS), which oversees the Basel Committee on Banking Supervision, approved regulatory reforms to complement Basel 3.

The transposition into European law of the finalisation of Basel 3 in CRR3 and CRD6 was completed at the end of 2023. The new rules will apply from 1 January 2025.

One of the main novelties is the introduction of a global output floor: the Group’s risk-weighted assets (RWA) will be applied a floor corresponding to a percentage of the sum of the individual risk types (credit, market and operational) computed according to the standard method. The output floor level will gradually increase from 50% in 2025 to 72.5% in 2030.

Regarding FRTB, for the SA-Standard Approach: the reporting has been effective since the third quarter of 2021. The full implementation of FRTB, including the rules on the boundary between the banking and trading portfolio, should be aligned with the entry into force of CRR3. Nevertheless, the EU legislators reserve the right to postpone this application (up to 2 years) depending on how it is applied in other jurisdictions (in particular the US).▲

Audited I Business Units translate the principles laid out in this section as necessary into credit policies, which must comply with all the following rules:

• ■a credit policy that defines lending criteria and, usually, limits on risk-taking by sector, type of loan, country/region or customer/customer category. These rules are defined particularly by the CORISQ and Credit Risk Committees (CRCs) and are drawn up in concert with the BU concerned;
• ■the credit policy forms part of the Group’s risk management strategy in accordance with its risk appetite;
• ■credit policies concerning major issues must be periodically approved by DGLE and the Group Risk Committee (CORISQ). Those involving smaller issues or more specific in scope can be approved at BU level;
• ■credit policies rest on the principle that any commitment entailing credit risks depends on:
  • -in-depth knowledge of the customer and their business,
  • -an understanding of the purpose and nature of the transaction structure and the sources of income that will generate fund repayment,
  • -the appropriateness of the transaction structure, to minimise risk of loss in the event of counterparty default;
• ■the analysis and the validation of the files, involving respectively and independently the responsibility of the Primary Customer Responsibility Unit (PCRU-SSC) and the dedicated risk units within the risk management function. To ensure a consistent approach to the Group’s risk-taking, this PCRU-SSC and/or and this risk unit reviews all applications for authorisation relating to a given customer or category of customers except in the case of credit delegations granted by the PCRU-SSC and RISQ to certain SG entities, the monitoring being conducted on a consolidated customer basis for all these authorisations. The PCRU-SSC and risk unit must operate independently of each another;
• ■the allocation of rating or score, which is a key criterion of the granting policy. These ratings are validated by the dedicated risk unit. Particular attention is paid to the regular review of the ratings. On retail scope, cf. infra “Specificities of retail portfolios”;
• ■for the non-retail scope, a delegation of authority regime, mainly based on the internal rating of counterparties, provides decision-making authority on the risk units on one hand and the PCRU-SSC on the other;
• ■proactive management and monitoring of counterparties whose situation has deteriorated to contain the risk of loss given a default of a counterparty. ▲

The main mission of the Risk Department is to draw up the document formalising and defining with the Finance Department the Group’s risk appetite, a mechanism aimed at defining the acceptable level of risk given the Group’s strategic objectives.

The Risk Department is responsible for implementing the system to manage and monitor risks, including cross-Group risks. The Risk Department exercises hierarchical and functional oversight of the Risk management function in charge of Group credit risk giving it a comprehensive view of all the Group’s credit risks.

The Risk Department helps define risk policies in light of each core business targets and the associated risk issues. It defines or approves the methods and procedures used to analyse, measure, approve and monitor risks and the risk IT system and makes sure these are appropriate to the core businesses’ needs. As second line of defence, various Risk Departments (for Retail Banking, Corporate and Investment Banking and Market activities) are also in charge of credit risk and as such responsible for the independent control as second line of defence. These consist in independently reviewing and comparing any credit application that exceeds the authority delegated to core businesses or local Risk Department teams. The Risk Department also assesses the quality of first-level credit reviews and takes any remedial action necessary.

The Risk Department also approves transactions and limits proposed by core business lines in respect of credit risk.

Finally, as part of its responsibilities as a second line of defence, the Risk Department carries out permanent controls of credit risks. As such, the Risk Department provides independent control as a second line of defence on the detection and monitoring of the overshoot resolution.

The monthly Risk Monitoring Report presented to CORISQ by the Risk Department comments among others on the evolution of the Group’s credit portfolio and ensures compliance with the guidelines. Changes in the credit portfolio, changes in credit policy validated by CORISQ and respect for the Group’s risk appetite are presented at least quarterly to the Risk Committee of the Board of Directors.

As part of the quarterly reporting to the Board of Directors and to the Risk Committee of the Board of Directors, an overview of the main credit risk metrics supplemented by details of the thresholds and limits where applicable is presented. The following metrics are in particular the subject of a presentation with a quarterly history: net cost of risk, NPL rate (non-performing loans), coverage rate, average credit quality of portfolios, outstanding corporates placed under surveillance (watchlist), supervision of corporate exposures by sector of activity, Grands Risques Réglementaires (major regulatory risk exposures), environmental indicators of portfolio alignment, etc.

A monthly version of the report intended for the Risk Committee of the Board of Directors also provides additional information at a Business Unit level or on certain financing activities. A summary of the thematic CORISQs is also presented.

As part of the monthly CORISQ reporting to General Management, a summary of the main credit files is presented. Thematic presentations also provide recurring clarifications on certain perimeters and activities: personal real estate loans, consumer credit, non-retail credit risk, sector limits, country risks, major regulatory risks (Grands Risques Réglementaires), environmental indicators of portfolio alignment, etc.

Audited I Individual and professional portfolio (retail portfolio) have specific features in terms of risk management. This management is based on a statistical approach and on the use of tools and methods in the industrialisation of processes.

The retail portfolio is made up of a sum of exposures of low unit amounts, validated in a partially automated manner, which together constitute significant outstanding at Group level and therefore a high level of risk.

Given the high number and standardisation of retail clients commitments, aggregate monitoring is necessary at all levels of the Risk function in charge of credit risk. This mass monitoring of retail customer exposure is based on the use of a statistical risk approach and monitoring by homogeneous risk class or any other relevant axes (economic sectors for the Professionals for instance).

In these circumstances, the risk monitoring system for the Retail portfolio cannot rely on the same procedures or the same tools as for corporates.

For instance, any change in marketing policy (shortening probationary period for loyalty, delegation of lending decisions to brokers, increase in margins, etc.) can have a rapid and massive impact and must therefore be tracked by a system that allows all actors (i) to identify as quickly as possible where any deterioration in exposures is coming from and (ii) to take remedial action.

Even if the IFRS 9 standard authorizes a collective approach and if the Group has a statistical approach on retail customers for the evaluation of the expected loss, the increase in risk for the purposes of the classification into stages is identified on an individual basis for this clientele. The available parameters (operating accounts and late payments) generally allow the assessment of the significant increase in credit risk at the level of individual exposure. The collective approach is currently only used in a very small number of instances within the Group.

The Risk management function must support Business Units and subsidiary managers in managing their risks with an eye to:

• ■the effectiveness of lending policies;
• ■the quality of the portfolio and its development over the lifetime of exposures (from grant to recovery).

Risk Department structures its supervision around the following four processes:

• ■granting: this decision-making process can be more or less automated depending on the nature and complexity of the transactions, and hence the associated risk;
• ■monitoring: different entities use different systems for granting and managing retail risks systems (scoring, expert systems, rules, etc.) and an appropriate monitoring system must be in place for each to assess the appropriateness of the grant rules applied (notably via monitoring);
• ■recovery: recovery is an essential stage in the life cycle of Retail portfolio credits and makes a decisive contribution to our control of cost of risk. Whatever the organisation adopted (outsourcing, in-house collection, etc.), the establishment of an effective collection process is an essential element of good risk management. It makes a decisive contribution to controlling the cost of risk and limiting the level of our non-performing loans. If recovery is outsourced, it must conform to the Group’s regulations governing outsourcing;
• ■provisioning: provisions against the Retail portfolio are decided at local level. They are calculated using the methodologies and governance methods defined and approved by the Risk Department. ▲

Société Générale complies with regulations governing large exposures (large regulatory risk exposure limit at 25% of eligible own funds). In addition, the Group has set a more restrictive internal limit of 10%. Since 30 September 2023, the High Council for Financial Stability imposes a supplementary capital requirement (systemic buffer) if the Group’s exposure toward the most indebted companies established in France exceeds a limit of 5% of eligible own funds.

Internal systems are implemented to identify and manage the risks of individual concentrations, notably at credit origination. For example, concentration thresholds, based on the internal rating of counterparties, are set by a CORISQ and define the governance for validating the limits on Clients Groups falling under individual concentration monitoring. Exposure to groups of clients which are considered material are reviewed by the Large Exposure Committee chaired by the General Management. As part of the identification of its risks, the Group also carries out loss simulations by type of customer (on significant individual exposures that the Group could have).

The Group uses credit derivatives and insurances to reduce some exposures considered to be overly significant. Furthermore, the Group systematically seeks to share risks with other banking partners, at origination or through secondary sales, to avoid keeping a too large share in the banking pool, notably for large-companies.

Global country risk limits and/or exposure monitoring are established on the basis of internal ratings and country governance indices (the highest rated countries are not framed in limits or thresholds). Frameworks are strengthened according to the level of risk presented by each country.

The country limits and thresholds are validated annually by the General Management. They can be revised downwards at any time depending on the deterioration or anticipation of the deterioration of a country’s situation.

The procedure for placing a country under alert is triggered in the event of a deterioration in the country risk or in anticipation of such a deterioration by the Risk Management Division.

The Group regularly reviews its entire credit portfolio through analyses by business sector. To do this, it relies on industry sector studies (including a one-year anticipation of sectoral risk) and on sectoral concentration analyses.

In addition, the Group periodically reviews its exposures to the portfolio segments presenting a specific risk profile, at Group level or at Business Unit level. These identified sectors or sub-portfolios are, where appropriate, subject to specific supervision through portfolio exposure limits and specific granting criteria. The limits are monitored either at General Management level in the CORISQ at Risk Division levelor at Business Unit management level depending on the materiality and the level of risk of the portfolios.

As a complement, targeted sector-based research and business portfolio analyses may be requested by General Management, the Risk Department and/or the businesses, depending on current affairs. In that respect, certain sectors, weakened in 2022 by the Russian-Ukrainian crisis and its effects (for example the energy sector in Europe) or that could be impacted in 2023 by the situation in the Middle East, have been subject to dedicated monitoring or a specific focus. Portfolios specifically monitored by the Group CORISQ include:

• ■individual and professional credit portfolio (retail) in metropolitan France. The Group defines in particular a risk appetite target concerning the minimum share covered by Crédit Logement guarantee for real estate loans granted to individuals in France;
• ■oil and gas sectors, on which the Group has defined a specific approach adapted to the different types of activities, sector’s players or geographies commercial real estate scope (i.e. corporates acting mainly as investors or developers in the field of real estate activities, to the benefit of third parties), on which the Group has defined a framework for origination and monitoring of exposures and limits according to the different types of financing, geographical areas and/or activities;
• ■leveraged finance, for which the Group applies the definition of the scope and the management guidelines recommended by the ECB in 2017 (guidance on leveraged transactions). The Group continues to pay a particular attention to the Leverage Buy-Out (LBO) sub-portfolio, as well as to the highly-leveraged transactions segment;
• ■exposures on hedge funds is subject to a specific attention. The Group incurs risk on hedge funds through derivative transactions and its financing activity guaranteed by shares in funds. Risks related to hedge funds are governed by individual limits and global limits on market risks and wrong way risks;
• ■exposures on shadow banking are managed and monitored in accordance with the EBA guidelines published in 2015 which specify expectations regarding the internal framework for identifying, controlling and managing identified risks. CORISQ has set a global exposure threshold for shadow banking.

With the aim of identifying, monitoring and managing credit risk, the Risk Department works with the businesses to conduct a set of specific stress tests relating to a country, subsidiary or activity. These specific stress tests combine both recurring stress tests, conducted on those portfolios identified as structurally carrying risk, and ad hoc stress tests, designed to recognize emerging risks. Some of these stress tests are presented to CORISQ and used to determine how to frame the corresponding the activities concerned.

Credit risk stress tests complement the global analysis with a more granular approach and allow fine-tuning of the identification, assessment and operational management of risk, including concentration. They allow to calculate the expected credit losses on exposures which have undergone an event of default and on exposures which have not undergone an event of default, in accordance with the method prescribed in the standard IFRS 9. The perimeter covered may include counterparty credit risk on market activities when relevant.

For the Group, ESG risk factors do not constitute a new risk category but represent an aggravating factor of credit risk. Their integration is based on the governance and existing framework and follows a classical approach: Identification, Quantification, Definition of the risk appetite, Control and Mitigation of the risk.

ESG risk management is presented in Chapter 4.13 “Environmental, social and governance (ESG) risks” of this document.

Audited I Counterparty credit risk is framed through a set of limits that reflect the Group’s appetite for risk.

Counterparty credit risk management mainly relies on dedicated first and second lines of defence as described below:

• ■the first lines of defence (LoD1) notably include the business lines that are subject to counterparty credit risk, the Primary Client Responsibility Unit that is in charge of handling the overall relationship with the client and the group to which it belongs, dedicated teams within Global Banking & Advisory and Global Markets Business Units responsible for monitoring and managing the risks within their respective scope of activities;
• ■the Risk Department acts as a second line of defence (LoD2) through the setup of a counterparty credit risk control system, which is based on standardised risk measures, to ensure the permanent and independent monitoring of counterparty credit risks.

The fundamental principles of limit granting policy are:

• ■dedicated LoD1 and LoD2 must be independent of each other;
• ■the Risk Department has a division dedicated to counterparty credit risk management in order to monitor and analyse the overall risks of counterparties whilst taking into account the specificities of counterparties;
• ■a system of delegated authorities, mainly based on the internal rating of counterparties, confers decision-making powers to LoD1 and LoD2;
• ■the limits and internal ratings defined for each counterparty are proposed by LoD1 and validated by the dedicated LoD2(15). The limits may be set individually, at the counterparty level, or globally through framing a (sub) set of counterparties (for example: supervision of stress test exposures).

These limits are subject to annual or ad hoc reviews depending on the needs and changes in market conditions.

A dedicated team within the Risk Department is in charge of production, reporting and controls on risk metrics, namely:

• ■ensuring the completeness and reliability of the risk calculation by taking into account all the transactions booked by the transaction processing department;
• ■producing daily certification and risk indicator analysis reports;
• ■controlling compliance with defined limits, at the frequency of metrics calculation, most often on a daily basis: breaches of limits are reported to Front Office and dedicated LoD2 for remediation actions.

In addition, a specific monitoring and approval process is implemented for the most sensitive counterparties or the most complex categories of financial instruments.

While not a substitute for CORISQ or for the Risk Committee of the Board of Directors (see the section on Risk management governance), the Counterparty Credit Risk Committee (CCRC) closely monitors counterparty credit risk through:

• ■a global overview on exposure and counterparty credit risk metrics such as the global stress tests, the Potential Future Exposure PFE, etc., as well as focuses on specific activities such as collateralised financing, or agency business;

• ■dedicated analysis on one or more risks or customer categories or frameworks or in case of identification of emerging risk areas.

This Committee, chaired by the Risk Department on a monthly basis, brings together representatives from the Global Banking and Investment Solutions (GBIS), from the Market Activities and the Global Banking and Advisory Business Units, but also departments that, within the risk management function, are in charge of monitoring counterparty credit risks on market transactions and credit risk. The CCRC also provides an opinion on the changes to the risk frameworks within its authority. The CRCC also identifies key CCR topics that need to be escalated to the management.

The Group frames the replacement risks by limits that are defined by credit analysts and validated by LoD2 based on the Group’s risk appetite.

The limits are defined at the level of each counterparty and then aggregated at the level of each client group, each category of counterparties and finally consolidated at the entire Societe Generale Group portfolio level.

The limits used for managing counterparty credit risk are:

• ■defined at the counterparty level;
• ■consolidated across all products types authorised with the counterparty;
• ■established by maturity buckets to control future exposure using the Potential Future Exposure (PFE) measure also known as CVaR within Societe Generale;
• ■calibrated according to the credit quality and the nature of the counterparty, the nature/maturity of the financial instruments contemplated (FX transactions, repos transactions, security lending transactions, derivatives, etc.), and the economic understanding, the contractual legal framework agreed and any other risk mitigants.

The Group also considers other measures to monitor replacement risk:

• ■a multifactor stress test on all counterparties, which allows to holistically quantify the potential loss on market activities following market movements which could trigger a wave of defaults on these counterparties;
• ■a set of single-factor stress tests to monitor the general wrong-way risk (see section 4.6.3.3 on Wrong Way Risk).

In addition to the replacement risk, the CVA (Credit Valuation Adjustment) measures the adjustment of the value of the Group’s derivatives and repos portfolio in order to take into account the credit quality of the counterparties facing the Group (see section 4.6.3.2 “Credit Valuation Adjustment”).

Positions taken to hedge the volatility of the CVA (credit, interest rate or equity instruments) are monitored through:

• ■sensitivity limits;
• ■stress test limits: scenarios representative of the market risks impacting the CVA (credit spreads, interest rates, exchange rates and equity) are applied to carry out the stress test on CVA.

The different indicators and the stress tests are monitored on the net amount (the sum of the CVA exposure and of their hedges).

Clearing of transactions is a common market practice for Societe Generale, notably in compliance with the EMIR (European Market Infrastructure Regulation) regulations in Europe and the DFA (Dodd-Frank Act) in the United States, which require that the most standardised over-the-counter transactions be compensated via clearing houses approved by the authorities and subject to prudential regulation.

As a member of the clearing houses with which it operates, the Group contributes to their risk management framework through deposits into the default funds, in addition to margin calls.

The counterparty credit risk stemming from the clearing of derivatives and repos with central counterparties (CCP) is subject to a specific framework on:

• ■initial margins, both for house and client activities (client clearing);
• ■the Group’s contributions to the CCP default funds (guarantee deposits);
• ■a stress test defined to capture the impact of a scenario where a major CCP member should default. ▲

See table “EAD and RWA on central counterparties” of section 4.6.3.4 “Quantitative Information” for more information.

Audited I Although primary responsibility for managing risk exposure relies on the Front Office managers, the supervision system comes under the Market Risk Department of the Risk Department, which is independent from the businesses.

The main missions of this department are:

• ■the definition and proposal of the Group’s market risk appetite;
• ■the proposal of appropriate market risk limits by Group activity to the Group Risk Committee (CORISQ);
• ■the assessment of the limit requests submitted by the different businesses within the framework of the overall limits authorised by the Board of Directors and General Management, and based on the use of these limits;
• ■the permanent verification of the existence of an effective market risk monitoring framework based on suitable limits;
• ■coordination of the review by the Risk Department of the strategic initiatives of the Market Risk Department;
• ■the definition of the indicators used to monitor market risk;
• ■the daily calculation and certification of the market risk indicators, of the P&L resulting from market activities, based on formal and secure procedures, and then of the reporting and the analysis of these indicators;
• ■the daily monitoring of the limits set for each activity;
• ■the risk assessment of new products or market activities.

In order to perform its tasks, the department also defines the architecture and the functionalities of the information system used to produce the risk and P&L indicators for market transactions, and ensures it meets the needs of the different businesses and of the Market Risk Department. ▲

This department contributes to the detection of possible rogue trading operations through a monitoring mechanism based on alert levels (on gross nominal value of positions for example) applied to all instruments and desks.

Market risks oversight is provided by various Committees at different levels of the Group:

• ■the Risk Committee of the Board of Directors(20) is informed of the Group’s major market risks; in addition, it issues a recommendation on the most substantial proposed changes in terms of market risk measurement and framework (after prior approval by the CORISQ); this recommendation is then referred to the Board of Directors for a decision;
• ■the Group Risk Committee(21) (CORISQ), chaired by the Chief Executive Officer of the Group (DGLE), is regularly informed of Group-level market risks. Moreover, upon a proposal from the Risk Department, it validates the main choices with regard to market risk measurement, as well as the key developments on the architecture and implementation of the market risk framework at Group level. The global market risk limits with a Board or DGLE delegation level are reviewed in CORISQ at least once a year;
• ■the market risks are reviewed during the Market Risk Committee(22) (MRC) led by the Market Risk Department, chaired by the Risk Department and attended by the Head of the Global Banking and Investor Solutions Division and the Head of the Global Markets Division. This Committee provides information on risk levels for the main risk indicators as well as for some specific activities pointed out depending on market or business driven events. It also provides an opinion on the market risk framework changes falling under the remit of the Risk Department. In this context, a systematic review of all the limits with a Head of the Risk Division level is organized at least once a year.

During these Committees, several metrics for monitoring market risks are reported:

• ■stress test measurements: Global Stress Test on market activities and Market Stress Test;
• ■regulatory metrics: Value-at-Risk (VAR) and Stressed Value-at-Risk (SVAR).

In addition to these Committees, detailed and summary market risk reports, produced on a daily, weekly, monthly or quarterly basis, either related to various Group levels or geographic areas, are sent to the relevant business line and risk function managers.

In terms of governance, within the Market Risk Department, the main functional and transversal subjects are dealt with during Committees organised according the nature of activity in question.

Audited I The principles and standards for managing these risks are defined at the Group level. The entities are first and foremost responsible for managing these risks. The ALM (Asset and Liability Management) Department within the Group’s Finance Division leads the control framework of the first line of defence. The ALM department of the Risk Department assumes the role of second line of defence supervision.

The purpose of the Group ALM Committee is to:

• ■validate and ensure the adequacy of the system for monitoring, managing and supervising structural risks;
• ■review changes in the Group’s structural risks through consolidated reporting;
• ■review and validate the measures and the adjustments proposed by the Group's Finance Department.

The Group ALM Committee gives delegation to the Global Rate Forex Committee chaired by the Finance Department and the Risk Division for the validation of frameworks not exceeding defined amounts.

The ALM (Asset and Liability Management) Department is responsible for:

• ■defining the structural risk policies for the Group and formalising risk Appetite to structural risks;
• ■analysing the Group’s structural risk exposure and defining hedging strategies;
• ■monitoring the regulatory environment concerning structural risk;
• ■defining the ALM principles for the Group;
• ■defining the modelling principles applied by the Group’s entities regarding structural risks;
• ■identifying, consolidating and reporting on Group structural risks;
• ■monitoring compliance with structural risk limits.

Within the Risk Division, the ALM Risk Department oversees structural risks and assesses the management system for these risks. As such, this department is in charge of:

• ■interest and foreign exchange rates risks identification of the Group;
• ■defining the steering indicators and overall stress test scenarios of the different types of structural risks and setting the main limits for the business divisions and the entities and Business Units (BU) and Service Units (SU);
• ■defining the normative environment of the structural risk metrics, modelling and framing methods.

In addition, by delegation of MRM, this department ensures the validation of ALM models for which it organises and chairs the Validation Committee of Models.

Finally, he chairs the Model Validation Committee and the ALM Standards Validation Committee and thus ensures that the regulatory framework is correctly read and properly adapted to Société Générale environment.

Each entity, each BU/SU, manages its structural risks and is responsible for regularly assessing risks incurred, producing the risk report and developing and implementing hedging options. Each entity, each BU/SU is required to comply with Group standards and to adhere to the limits assigned to it.

As such, the entities and the BUs/SUs apply the standards defined at Group level and develop the models, with the support of the central modelling teams of the Finance Department.

An ALM manager reporting to the Finance Department in each entity, is responsible for monitoring these risks. This manager is responsible for reporting ALM risks to the Group Finance Department. All entities have an ALM Committee responsible for implementing validated models, managing exposure to interest rate and exchange rate risks and implementing hedging programs in accordance with the principles set out by the Group and the limits validated by the Finance Committee and the BU/SU ALM Committees. ▲

Audited I The liquidity and funding management set up at Societe Generale aims at ensuring that the Group can:

(i) fulfil its payment obligations at any moment in time, during normal course of business or under lasting financial stress conditions (management of liquidity risks); 

(ii) raise funding resources in a sustainable manner, at a competitive cost compared to peers (management of funding risks). Doing so, the liquidity and funding management ensures compliance with risk appetite and regulatory requirements.

To achieve these objectives, Societe Generale has adopted the following guiding principles:

• ■liquidity risk management is centralised at Group level, ensuring pooling of resources, optimisation of costs and consistent risk management. Businesses must comply with static liquidity deadlocks in normal situations, within the limits of their supervision and the operation of their activities, by carrying out operations with the “own management” entity, where appropriate, according to an internal refinancing schedule. Assets and liabilities with no contractual maturity are assigned maturities according to agreements or quantitative models proposed by the Finance Department and by the business lines and validated by the Risk Division;
• ■funding resources are based on business development needs and the risk appetite defined by the Board of Directors.(see section 2);
• ■financing resources are diversified by currencies, investor pools, maturities and formats (vanilla issues, structured, secured notes, etc.). Most of the debt is issued by the parent company. However, Societe Generale also relies on certain subsidiaries to raise resources in foreign currencies and from pools of investors complementary to those of the parent company;
• ■liquid reserves are built up and maintained in such a way as to respect the stress survival horizon defined by the Board of Directors. Liquid reserves are available in the form of cash held in central banks and securities that can be liquidated quickly and housed either in the banking book, under direct or indirect management of the Group Treasury, or in the trading book within the market activities under the supervision of the Group Treasury;
• ■the Group has options that can be activated at any time under stress, through an Emergency Financing Plan (EFP) at Group level (except for insurance activities, which have a separate contingency plan), defining leading indicators for monitoring the evolution of the liquidity situation, operating procedures and remedial actions that can be activated in a crisis situation.

The Group operational risk management framework, other than non-compliance risks detailed in Chapter 4.11 “Compliance risk” is structured around a three-level system comprising:

• ■a first line of defence in each core Business Units/Service Units, responsible for applying the framework and putting in place controls that ensure risks are identified, analysed, measured, monitored, managed, reported and contained with the limits set by the Group-defined risk appetite;
• ■a second line of defence, namely the Non-Financial Risk and permanent control Department in the Group’s Risk Division, in charge of the management of operational risks frameworks.
• As such, the Non-Financial Risk and permanent control Department:
  • -conducts a critical examination of the BU/SUs management of operational risks (including fraud risk, risks related to information systems and information security, and risks related to business continuity and crisis management),
  • -sets regulations and procedures for operational risk systems and production of cross Group analyses,
  • -produces risk and oversight indicators for operational risk frameworks.
• To cover the entire Group, the Non-Financial Risk and permanent control Department has a central team supported by regional hubs. The regional hubs report back to the department, providing all information necessary for a consolidated overview of the Bank’s risk profile that is holistic, prospective and valid for both internal oversight purposes and regulatory reporting.
• The regional hubs are responsible for implementing the Operational Risk Division’s briefs in accordance with the demands of their local regulators.
• The Non-Financial Risk and permanent control Department communicates with the first line of defence through a network of operational risk correspondents in each Business/Service Units.
• Concerning risks specifically linked to business continuity, crisis management and information, of persons and property, the Non-Financial Risk and permanent control Department carries out the critical review of the management of these risks in connection with the Group Security Division. Specifically, regarding IT risks, the Non-Financial Risk and permanent control Department carries out the critical review of the management of these risks in connection with the Resources and Digital Transformation Department;
• ■a third line of defence in charge of internal audits, carried out by the General Inspection and Audit Division.

The implementation and monitoring of the operational risk management framework is part of the Group’s internal control framework:

• ■level 1 control is performed as part of operations within each SG Group BU/SU/entity, including managerial supervision and operational controls. This permanent control framework is supervised by the Normative Controls Library (NCL), which brings together, for the entire Group, the control objectives defined by the expertise functions, the business lines, in connection with the second lines of defence;
• ■level 2 control is carried out by dedicated teams in the Risk Division to carry out this mission on operational risks covering the risks specific to the various businesses (including operational risks related to credit and market risks), as well as the risks associated with purchases, communication, real estate, human resources and information system.

Protecting persons and property, and compliance with the laws and regulations governing security are major objectives for Societe Generale Group. It is the mission of the Group Security Division to manage human, organisational and technical frameworks that guarantee the smooth operational functioning of the Group in France and internationally, by reducing exposure to threats (in terms of security and safety) and reducing their impact in the event of crisis.

The security of persons and property encompasses two very specific areas:

• ■security, which comprises all the human, organisational and technical resources combined to deal with technical, physical, chemical and environmental accidents that can harm people and property;
• ■safety, which comprises all the human, organisational and technical resources combined to deal with spontaneous or premeditated acts aimed at harming or damaging the Bank with the intent of obtaining psychological and/or financial profit.

The management of all these risks is based on operational risk systems and the second line of defence is provided by the Risk Department.

Given the importance for the Group of its information system and the data it conveys and the continuous increase in the cybercriminal threat, the risks related to information and communication technologies (ICT) and to security are major for Societe Generale. Their supervision, integrated into the general operational risk management system, is steered as the first line of defence by a dedicated area of expertise (Information and Information Systems Security – ISS) and the second line of defence is provided by the Risk Department. They are subject to specific monitoring by the management bodies through sessions dedicated to Group governance (Risk Committee, CORISQ, CCCIG, ISCO) and a quarterly dashboard which presents the risk situation and action plans on the main information and communication technologies risks.

The Group Security Department, housed within the General Secretariat, is responsible for protecting information. The information provided by customers, employees and also the collective knowledge and know-how of the bank constitute Societe Generale’s most valuable information resources. To this end, it is necessary to put in place the human, organisational and technical mechanisms which make it possible to protect the information and ensure that it is handled, communicated to and shared by only the people who are authorised to know.

The person in charge of risks related to information and communication technologies (ICT) and security of information systems is housed at the Corporate Resources and Digital Transformation Division. Under the functional authority of the Head of Group Security, he recommends the strategy to protect digital information and heads up the IT Security Department. The IT security framework is aligned with the market standards (NIST, ISO 27002, ISO 27001, ISO 27035), and implemented in each Business/Service Unit. Societe Generale policies and process tend to be compliant with their requirements and conducts regular control on this compliance.

Risk management associated with cybercrime is carried out through the tri-annual Information Systems Security (ISS) master plan.

In order to take into account the development of the cyber threat, in a sustainable way on SG Group and in line with the Group strategy, with a budget of EUR 1 billion is allocated over the four coming years, the 2024-2026 cyber security strategy is structured around five pillars that guide actions out to 2026:

• ■decrease the SG Group’s exposure to cyber risk by increasing protection levels and response capacity. In particular, by improving the deployment of key cyber risk controls through a commitment of Executive Committee members on results;
• ■empower SG staff with regard to cyber security, ensuring that core security rules are fully enforced, in particular by ensuring production of Group’s assets are secured by design;
• ■improve the operational efficiency of cyber security teams by optimizing more automated and more preventive cyber controls, to reduce the run cost and deploy additional protection measures;
• ■support business transformation with the appropriate involvement of cyber security teams, to anticipate new trends (e.g. Artificial Intelligence or blockchain);
• ■improve the human resources management of the sector, in particular on developing the skills and attractiveness of the Group’s security function.

At the operational level, the Group relies on a CERT (Computer Emergency Response Team) unit in charge of incident management, security watch and the fight against cybercrime. This team uses multiple sources of information and monitoring, both internal and external. Since 2018, this unit has also been strengthened by the establishment of an internal Red Team whose main tasks are to assess the effectiveness of the security systems deployed and to test the detection and reaction capabilities of the defence teams (Blue Teams) during an exercise simulating a real attack. The services of the Red Team enable the Group to gain a better understanding of the weaknesses in the security of the Societe Generale information system, to help in the implementation of global improvement strategies, and also to train cybersecurity defence teams. CERT works closely with the Security Operation Center (SOC), which is in charge of detecting security events and processing them.

A team at the Resources and Digital Transformation Department is in charge of ensuring the consistency of the implementation of operational risk management systems and their consolidation for IT processes. The main tasks of the team are as follows:

• ■identify and evaluate the major IT risks for the Group, including extreme risk scenarios (e.g. cyberattack, failure of a provider), to enable the Bank to improve its knowledge of its risks, be better prepared for extreme risk scenarios and better align their investments with their IT risks;
• ■produce the indicators that feed the IT risks monitoring dashboard, intended for management bodies and Information Systems Directors. They are reviewed regularly with the second line of defence in order to remain aligned with the IS and SSI strategy and their objectives;
• ■more generally, ensure the quality and reliability of all devices addressing IT operational risks. Particular attention is paid to the permanent control system for its IT risks, which is based on the definition of normative IT and security controls and the support of the Group in the deployment of managerial supervision on this topic. Since 2022, the SSI normative controls were reviewed, i.e. around 200 controls covering cyber topics in addition to the IT controls already in place. The IS/SSI Departments monitor the deployment of these controls across the Group, the progress of which is aligned with the objectives set by the Group.

In terms of awareness, a multilingual online training module on information security is mandatory for all internal Group staff and for all service providers who use or access our information system. It was updated in early 2023 in order to incorporate changes to the new Group Information Security Policy.

The supervision of fraud risk, whether internal or external, is integrated into the general operational risk management framework which allows the identification, assessment, mitigation and monitoring of the risk, whether it is potential or actual.

It is steered in the first line of defence by dedicated expert teams working on fraud risk management, in addition to the teams in charge of operational risk management specific to each of the banking businesses. These teams are in charge of the definition and operational implementation of the means of raising awareness, preventing, detecting and dealing with frauds. The second line of defence is provided by the Non-Financial Risks and permanent control Department with a fraud risk manager. The second line defines and verifies compliance with the principles of fraud risk management in conjunction with the first line teams, and ensures that the appropriate governance is in place.

Finally, the teams, whether they are in the first or second line of defence, work jointly with teams of experts in charge of information security, the fight against cyber crime, know your client (KYC), anti-money laundering and combating corruption. Likewise, the teams work closely with the teams in charge of credit risk and market risk. The sharing of information contributes to the identification and increased responsiveness in the presence of a situation of proven fraud or weak signals. This active collaboration makes it possible to initiate investigative measures, blocking attempted fraud or initiating the recovery of funds or the activation of associated guarantees and insurance payments in the event of successful fraud.

Compliance risk is considered a non-financial risk, in keeping with the Group’s risk taxonomy.

Acting in compliance means understanding and observing the external and internal rules that govern our banking and financial activities. These rules aim to ensure a transparent and balanced relationship between the Bank and its stakeholders. Compliance is the cornerstone of trust between the Bank, its clients, its supervisors and its staff.

Compliance with rules is the responsibility of all Group employees, who must demonstrate compliance and integrity on a daily basis. The rules must be clearly expressed, and staff have been informed and/or trained to understand them properly.

The compliance risk prevention system is based on shared responsibility between the operational entities and the Group Compliance Department:

• ■the operational entities (BUs and SUs) must incorporate into their daily activities compliance with laws and regulations, the rules of professional best practice and the Group’s internal rules;
• ■the Compliance Department manages the Group’s compliance risk prevention system. It ensures the system’s consistency and efficiency, while also developing appropriate relationships (liaising with the General Secretariat) with bank supervisors and regulators. This independent department reports directly to General Management.

To support the businesses and supervise the system, the Compliance Department is organised into:

• ■Standards and Consolidation teams responsible for defining the normative system and oversight guidelines, consolidating them at Group level, as well as defining the target operational model for each compliance risk;
• ■Core Business/Business Compliance teams which are aligned across the Group’s major business lines (Corporate and Investment Bank, French Retail Banking, International Retail Banking, Private Banking and Corporate Divisions), responsible for the relationship with BU/SUs, including deal flow, advisory, and risk oversight of BU/SUs;
• ■teams responsible for cross-business functions;
• ■teams responsible for second-level controls.

The Compliance Department is organised into three main compliance risk categories, for which it plays a standard-setting role:

• ■financial security: know your client (KYC); compliance with the rules and regulations on international sanctions and embargoes; anti-money laundering and combating the financing of terrorism (AML/CFT), including reporting suspicious transactions to the appropriate financial intelligence authority when necessary;
• ■regulatory risks, which cover in particular: client protection, anti-bribery and corruption, ethics and conduct, compliance with tax transparency regulations (based on knowledge of the customers’ tax profile), compliance with corporate social responsibility regulations and Group commitments, market integrity, compliance with prudential regulations in collaboration with the Risk Department, joint coordination with HRCO of the Group’s Culture & Conduct issues (conduct in particular);
• ■protection of data, including personal data and in particular those of customers.

Compliance has set up an extensive compulsory training programme for each of these risk categories, designed to raise awareness of compliance risks among all or some employees. The completion rates for these training modules are monitored closely by the Group at the highest level.

In addition to its LoD2 function regarding the aforementioned risks, Compliance oversees the regulatory system for all regulations applicable to credit institutions, including those implemented by other departments, such as prudential regulations.

Today Societe Generale’s KYC system is essentially robust in the wake of the Group’s remediation and transformation programmes aimed at bringing the system to the required level over the past five years. The year 2023 was marked in particular by strengthened procedures for the continuous detection of clients or beneficial owners who have acquired the status of Politically Exposed Person (PEP) or of Relative and Close Associate, and by the continued roll-out of the Group’s solution to identify Negative News.

The Group implements all the measures related to Directive (EU) 2015/849 on anti-money laundering and counter-terrorism financing (referred to as “the 5th Anti-Money Laundering Directive”), as well as European Regulation 2015/847 on the quality of payment information and the Order of 6 January 2021 on the system and internal controls to fight money laundering and terrorism financing.

Moreover, it has launched or continued several internal initiatives aimed at making its system even more robust. In particular, these initiatives involve the optimisation of transaction surveillance scenarios and the development of more sophisticated tools to detect suspicious or unusual transactions, based on technology like big data and machine learning. The implementation of these so-called new-generation tools saw major progress in 2023, in particular at BoursoBank and in International Retail Banking activities.

The global environment was marked in 2023 by stronger sanctions imposed on Russia by various jurisdictions (the European Union, the US, the UK, etc.) on account of the war against Ukraine. The implementation of these sanctions remains very complex and may generate high operational risk for financial institutions. Accordingly, the Societe Generale Group continues to closely supervise transactions involving Russia to ensure compliance with international sanctions.

Following the dismissal of the Deferred Prosecution Agreement in December 2021 by the US authorities, the Group took further measures to bolster its Embargoes/Sanctions system, which continues to be regularly reviewed by an independent consultant appointed by the FRB.

Customer protection is a major challenge for the Societe Generale Group, which is committed to respecting and protecting the interests of its customers.

The prevention of financial vulnerability (early detection), banking inclusion (the right to hold an account) and the unbundling of insurance taken out on a real estate loan remain priorities. These measures were supplemented by the application of the Lemoine Act, which stipulates that any request to replace a contract must be processed within 10 days.

Information provided to customers was strengthened with new rules on ESG (Environmental and Social Governance) labelling and designations.

The Group continues to implement significant measures to improve its system in terms of:

• ■strengthening internal rules regarding key aspects of customer protection (marketing rules, especially for sustainable investment, cross-border sales, customer claims, conflicts of interest, product governance, protection of customers’ assets, along with compensation and qualification of employees);
• ■specific training and increased staff awareness; the importance the Group places on this issue is widely addressed in the Group’s Code of Conduct;
• ■adapting tools to regulatory requirements as a matter of necessity (managing conflict of interest mapping, integrating customer preferences in terms of sustainable investment, etc.).

Processing a claim is a commercial act that impacts customer satisfaction. Accordingly, it has received extensive coverage in the Code of Conduct.

Updated in 2023, the “Customer claim processing” Group instruction incorporates the recommendations of the national supervisor (French Prudential Supervisory and Resolution Authority – ACPR) and the regulatory requirements (MIF2, DDA and DSP – the Payment Services Directive) relative to the strengthening of customer protection measures at European level. The Bank’s businesses have an ad hoc governance, an organisation, human resources and applications, formalised procedures, and quantitative monitoring indicators.

Independent mediation supplements this internal system. Mediation aims to settle disputes amicably and the Group notifies customers of their recourse to it using multiple media in particular by the existence of a permanent notice on the last page of their bank account statements. Every entity involved is obliged to comply with the independent mediator’s decision.

The Group has a clear normative framework (updated in 2023) in place to prevent and manage conflicts of interest. This framework specifies the principles and mechanisms that have been implemented. It is a robust system that tackles various types of potential conflicts of interest: those of Group entities that may arise in the course of business, whether with respect to customers or other third parties (suppliers, etc.); those of employees when their personal activities and interests conflict with their professional activities. The system is supplemented by the annual reporting of conflicts of interest (Déclaration des Conflits d’intérêts – DACI) regarding people most exposed to the risks of corruption. Societe Generale gives priority to their customers’ interests under all circumstances. If in some instances this system does not appear to remove the risk of conflicts of interest with reasonable certainty and in accordance with local regulations, Societe Generale shall either refrain from carrying out the transaction or, insofar as confidentiality requirements allow, inform the client or prospect of the general nature or source of conflict of interest. The customer can then make an informed decision.

Systematic reviews ahead of and during the marketing process ensure compliance with product governance obligations. As product originator, SG sets up Product Review Committees to ensure the target market has been defined correctly and, if not, to adjust it accordingly. As distributor, Societe Generale checks that the criteria match the customers’ situation and communicates with product originators to track products during their life cycle. SG’s investment services policy includes new offers in terms of sustainable finance, the supervision of crypto-assets, and detailed notes on the target markets of the main instruments produced or distributed by each business.

Societe Generale has established practices and usages to comply with legislation vis-à-vis vulnerable customers, in particular customers benefiting from the offer tailored to financially challenged customers. To contribute to the national effort to boost the purchasing power of French citizens in difficult financial circumstances, the Group added to its practices by introducing additional measures in 2019, notably by 

i) freezing bank fees; 

ii) capping bank intervention fees for vulnerable clients; and 

iii) organising follow-up and support suited to the situation of customers experiencing difficulties in the wake of recent events. These measures are closely monitored and covered in action plans aimed at identifying financially vulnerable customers.

The market integrity laws and regulations adopted in recent years, together with their latest changes, have been included in a robust risk hedging system implemented in the Societe Generale Group.

The rules of conduct, the organisational principles and the oversight and control measures are in place and regularly assessed. Moreover, extensive training and awareness-raising programmes are provided to all Group employees.

This system was strengthened in 2023, notably by:

• ■the roll-out of tools enabling to record electronic communications on platforms like WhatsApp for persons targeted by orders issued by the US authorities (SEC and CFTC) against several banking institutions, such as SG SA and SGAS;
• ■ramping up the supervision of market abuse risk generated by transactions executed using access information provided by the markets;
• ■updating the compliance management system for derivatives, which are subject to ever-changing regulations that go hand-in-hand with business and technology developments;
• ■addressing the escalation in and ongoing changes to regulatory requirements regarding transaction reporting, along with the need to improve data quality.

Societe Generale Group’s principles on combating tax evasion are governed by the Tax Code of Conduct. The code is updated periodically and approved by the Board of Directors after review by the Executive Committee. It is publicly available via the Bank’s institutional investor portal (https://www.societegenerale.com/sites/default/files/documents/code-conduct/tax-code-of-conduct-of-societe-generale-group-uk.pdf). The previous version from 2017 was updated in December 2023.

The five main principles of the Code of Conduct are as follows:

• ■Societe Generale has a responsible tax policy that forms part of its overall strategy;
• ■Societe Generale ensures compliance with the applicable tax rules in all countries where the Group operates, in accordance with international conventions and national laws;
• ■in its customer relationships, Societe Generale ensures that customers are informed of their tax obligations relating to transactions carried out with the Group (insofar as this information is authorised by the applicable laws and regulations). The Group complies with the reporting obligations that apply to it as bookkeeper and in any other way;
• ■in its relations with the tax authorities, Societe Generale is committed to strictly respecting tax procedures and ensures that it maintains responsible and transparent relations;
• ■Societe Generale prohibits tax evasion and the abuse of rights, whether in the Group or by its subsidiaries, and does not encourage or facilitate tax evasion for its customers. Societe Generale also prohibits any transaction not based on sound economic grounds and driven solely by tax considerations, whether for its own account or for its customers.

The tax strategy and its guiding principles are approved by the Board of Directors. Measures for monitoring compliance with the tax strategy and risks are presented to the Board of Directors (or a delegate Committee) at least once a year.

The Group is committed to a strict policy with regard to tax havens. No new Group entity may be established in a state or territory on the official French list of ETNCs(38) (États et territoires non coopératifs in French). Moreover, the Group undertakes to cease operating entities in said countries unless their activities are mainly regional in nature. Internal rules have also been in place since 2013 to monitor an expanded list of countries or territories.

The Group adheres to the Organisation for Economic Co-operation and Development’s (OECD) Transfer Pricing recommendations and applies the principle of competitive neutrality in order to ensure that its intra-group transactions are made under arm’s length conditions and do not result in the transfer of any indirect benefits. However, where local regulations differ from these recommendations, the former shall prevail in all relations with the relevant government and be properly documented.

The Group publishes information on its entities and activities annually on a country-by-country basis (cf section 2.13 – pages  2.13) and confirms that its presence in a number of countries is for commercial purposes only, and not to benefit from special tax provisions. The Group complies with the tax transparency rules for its own account (CbCR – country-by-Country Reporting) and has included the principle of transparent tax communications in its Code of Conduct. Societe Generale complies with client tax transparency standards. The Common Reporting Standard (CRS) enables tax authorities to be systematically informed of income received abroad by their tax residents, including where the accounts are held in asset management structures. Societe Generale also complies with the requirements of the United States FATCA (Foreign Account Tax Compliance Act), which aims to combat tax evasion involving foreign accounts or entities held by US taxpayers. The Group has implemented the European Directive DAC6, which requires the reporting of cross-border tax planning arrangements. Last, the Group is studying the new tax transparency standards on digital assets ahead of their upcoming implementation, in particular the CARF (Crypto-Asset Reporting Framework), changes to the CRS standard, and the new European Directive in this regard, known as DAC8 (Directive on Administrative Cooperation 8).

Importantly, the account-keeping entities of the Private Banking business line are established exclusively in countries with the strictest tax transparency rules imposed by G20 member countries and the OECD. Assets deposited in Private Banking books are subject to enhanced scrutiny using comprehensive due diligence procedures to ensure they are tax compliant.

In accordance with regulatory requirements, Societe Generale also includes tax fraud in its anti-money laundering procedures.

Societe Generale is fully committed to fighting corruption, in particular by participating in the Wolfsberg Group and the Global Compact.

The Group applies the strict principles included in its Code of Conduct and its “Anti-Corruption and Influence Peddling Code”. It promotes a culture of compliance with zero tolerance for corruption.

The body of standards governing the fight against corruption is reviewed annually and covers:

• ■Know Your Third Party requirements (due diligence of customers, suppliers and partners alike, especially beneficiaries of patronage and sponsorship initiatives);
• ■human resources (recruitment, mobility, professional assessment, remuneration, disciplinary framework);
• ■gifts, business meals and external events;
• ■identification and training of employees most exposed to corruption risks;
• ■interest representation activities;
• ■contractual policy;
• ■mergers and acquisitions;
• ■right to whistleblow;
• ■conflict of interest situations, documented in dedicated records within each Group entity.

The anti-corruption system implemented is a solid solution that includes:

• ■preventative measures:
  • -corruption risk mapping,
  • -policies and procedures,
  • -regular training at all levels (senior management, most exposed persons, all employees),
  • -awareness-raising and communication to governance bodies;
• ■detection measures:
  • -a whistleblowing system updated in 2023 following the Waserman Law; see Chapter 5.5, “Duty of Care Plan”,
  • -periodic and permanent monitoring of specific anti-corruption accounting and operational controls,
  • -internal audits;
• ■reporting and steering via a specific governance and key indicators.

The Societe Generale Group also has several tools at its disposal, such as the tool for declaring gifts and invitations (GEMS), the tool for whistleblowing management (WhistleB), the annual conflict of interest declaration tool (DACI), and the tool for selecting risky manual accounting entries (OSERIS).

European financial regulations have seen significant changes from a social and environmental perspective, in particular with:

• ■the entry into force in March 2021 of Regulation (EU) 2019/2088 – SFDR on Sustainability-related disclosures in the financial services sector;
• ■the Taxonomy Regulation (EU) 2020/852 on the establishment of a framework to facilitate sustainable investment; and
• ■the entry into force in January 2022 of the Delegated Regulation of 4 June 2021 supplementing the Taxonomy Regulation.

The Compliance Department is developing the normative framework relative to the European Union regulations on sustainable investment and producing deliverables pertaining to normative documentation, training, controls and supervision to help the business lines to comply with regulations. An e-learning module on sustainable investment was made compulsory for more than 30,000 Group employees.

Over and above the regulations, the Group is making voluntary, public commitments in this area (refer to  4.13.3.1) To manage the implementation of the environmental and social risk management system and ensure the Group’s commitments are upheld, the Compliance Division introduced the following measures to:

• ■develop normative controls;
• ■deploy e-learning on environmental and social risk management. The training was made compulsory for all employees having a direct or indirect relationship with corporate customers and was distributed to more than 70,000 Group employees;
• ■define an environmental and social escalation procedure with respect to corporate customers to set out the criteria requiring business lines to reach out to the Compliance Division and, where applicable, the Arbitration Committee chaired by General Management, to onboard a company in situations likely to present a reputation risk arising from environmental or social factors.

Societe Generale is especially sensitive to personal data protection. The governance of personal data processing within the Societe Generale Group was strengthened when the General Data Protection Regulation (GDPR) came into force.

A governance and normative framework have been defined for the data protection system which applies to entities within the scope of the GDPR.

The supervision of personal data protection risk is taken into account notably through impact analyses carried out pursuant to regulations when the data processing is likely to generate a high risk for the rights and freedoms of the people concerned. In general, Societe Generale analyses the compliance of its personal data processing and takes risk mitigating measures aligned with their sensitivity.

When Societe Generale communicates personal data to its partners, it applies the necessary governance to meet regulatory requirements and its customers’ legitimate expectations with contractual obligations requiring said partners to implement the necessary personal data protection measures.

Moreover, before transferring the personal data outside of the European Economic Area, Societe Generale Group entities subject to the GDPR conduct an impact analysis considering the laws and practices of the destination countries to assess whether the level of personal data protection in the country of destination is essentially equivalent to that of the EU, and whether additional measures (especially safety and organisational measures) should be implemented prior to the transfer.

When using legitimate interest as legal grounds for the transfer of data, Societe Generale performs an analysis to check that the interests sought do not create an imbalance that adversely affects the rights and interests of the persons whose data are being processed.

Information systems for people (such as customers, employees - including external ones, shareholders, supplier employees), in compliance with the RGPD, are made available and cover the type of data collected, the data collected, the purpose of the data processing, the categories of recipients of the data, the existence of data transfer (where applicable), the data retention period and the rights of the persons concerned, as well as how those rights can be exercised.

Moreover, the Group has made dedicated efforts to increase staff awareness via specialised training. The e-learning module was rolled out to all employees working in the relevant entities and completed by 98% of them at the end of 2023.

In accordance with the applicable regulations, the Societe Generale Group has appointed a Data Protection Officer (DPO) who reports to the Head of Group Compliance (the latter is a member of the Group’s Executive Committee). The DPO is the main contact person for the Personal Data Protection Authority (Commission Nationale de l’Informatique et des Libertés – CNIL). The DPO is also responsible for ensuring sound Group compliance for personal data protection.

The DPO works with a network of local DPOs and correspondents throughout the Group entities, which he or she supervises and coordinates by way of a dedicated Committee. The DPO is tasked with performing regular reviews of certain risk indicators, notably the number and nature of personal data leaks, and the internal training course completion rate.

The risk indicators are reported to the Group’s Compliance Committees for personal data protection. The information gathered from the permanent controls, compliance controls and periodic controls (control framework based on the three lines of defence) are also monitored by the appropriate Compliance Committees.

A risk assessment exercise is carried out periodically by the Compliance Department. This risk assessment exercise includes a dedicated questionnaire on personal data protection, which aims to assess an activity’s inherent risk level and the strength of its risk mitigation system from a personal data protection perspective.

Data purge, performed in accordance with personal data protection regulations, forms part of Data Records Management and the process of storing evidence of the Group’s activity (see paragraph below).

Societe Generale Group is required to archive information that could provide evidence of its activities, in accordance with the laws and regulations applicable in its countries of operation.

Data Records Management (DRM) is defined as all actions, tools and methods aimed at identifying, storing, retrieving and managing the final disposition of all information providing evidence of its activities. It ensures the traceability of the Group’s activities by preserving records held in compliance with the legal, regulatory, contractual and business rules applicable to the relevant activities, and by destroying them at the end of their retention period (purge), except in specific, duly justified cases (e.g., under pre-litigation or litigation retention procedures).

Three DRM principles must be observed and implemented in a proportionate manner for all archived records: integrity, traceability and access.

DRM governance is covered by a specific Group-wide policy published in the SG Code.

Management of reputation risk is coordinated by the Compliance Department, which:

• ■supports the Compliance Control Officers of the businesses in their strategy for preventing, identifying, assessing and controlling reputation risk;
• ■develops a reputation risk dashboard that is communicated quarterly to the Risk Committee of the Board of Directors, based on information from the businesses/Business Units and support functions/Service Units (in particular the Human Resources, Communications, Legal, Corporate Social Responsibility, etc.);
• ■performs the Secretariat role for the Customer Acceptance Committee (CAC) whose role is to approve the onboarding or continuing relationship with certain customers which are subject to an arbitration request between the businesses and control functions;
• ■is a permanent member of the Complex Transactions and Reputation Risk Committee (CTRC), tasked with reviewing and approving the legal, regulatory, tax, compliance and/or reputation risk that may arise from the involvement of a Group entity or Group employees in a complex transaction or from a product, transaction, service or activity with a customer or counterparty.

Moreover, Chief Compliance Officers dedicated to Business Units take part in the various bodies (New Product Committees or NPC, ad hoc Committees, etc.) organised to approve new types of transactions, products, projects or customers, and formulate a written opinion as to their assessment of the level of risk of the planned initiative, and notably the reputation risk.

In addition to its second-line-of-defence function with regard to the aforementioned areas, the Compliance Department has continued to strengthen the supervision of the Group’s regulatory system in coordination with the Risk, Finance, Legal and Human Resources Departments. This oversight relies on the Corporate Compliance Framework, which aims to ensure the Group’s compliance with all regulations, including those implemented by other departments, namely control functions or independent expert functions.

To this end, a document setting out the Compliance function’s roles and responsibilities with respect to implementing its remit is formalised and approved by the stakeholders.

In this regard, the Group concentrated on three priority themes in 2023: prudential compliance, competition law compliance, and remuneration. It will pursue its efforts in 2024 across other themes.

In accordance with regulatory requirements, the Societe Generale Group has a system to centrally manage compliance incidents which is governed by a regularly updated body of standards.

The procedure for reporting incidents is governed by an ad hoc governance, together with Compliance Incident Committees (CIC). These are held monthly with an intermediate level for the business lines and a consolidated level for the Group, which addresses the most significant incidents. These bodies promote information sharing between members regarding any malfunctions that may occur, and the methods used to resolve them.

The presentation of these incidents in the CICs for the purposes of compliance risk supervision and steering is routinely accompanied by long-term remedial action plans to prevent future incidents from recurring. Once all the remedial action plans have been finalised, a compliance incident may be closed upon formal approval by the CIC.

Major compliance incidents within the Group are reported on a quarterly basis:

• ■to the executive arm of the Group Compliance Committee;
• ■to the supervisory arm of the Risk Committee of the Board of Directors in a Group Compliance dashboard;
• ■to the French Prudential and Resolution Supervisory Authority (ACPR).

In June 2018, Societe Generale entered into agreements with the US Department of Justice (DOJ) and the US Commodity Futures Trading Commission (CFTC) to resolve their investigations into IBOR submissions, and with the DOJ and the French Financial Prosecutions Department (Parquet National Financier – PNF) to resolve their investigations into certain transactions involving Libyan counterparties.

In November 2018, Societe Generale entered into agreements with the US authorities to resolve their investigations into certain US dollar transactions involving countries, persons or entities subject to US economic sanctions.

As part of these agreements, the Bank committed to enhance its compliance system in order to prevent and detect any violation of anti-corruption and bribery, market manipulation and US economic sanction regulations, and any violation of New York state laws. The Bank also committed to enhance corporate oversight of its economic sanction’s compliance programme. Against this background, the Bank defined and rolled out a programme to implement all these commitments and strengthen its compliance system in the relevant areas.

On 30 November and 2 December 2021, after three years of remediation, the US Federal Court terminated legal proceedings by the DOJ, which confirmed that Societe Generale had complied with obligations relating to the deferred prosecution agreements (DPA) of June and November 2018. In December 2020, the PNF resolved proceedings against Societe Generale and acknowledged that Societe Generale had fulfilled its obligations with respect to the public interest judicial convention.

In terms of compliance with the OFAC sanctions regime, closing the legal proceedings did not terminate the Orders signed in 2018 with the Federal Reserve Bank and the NY DFS. In this respect, the Bank continues to be regularly reviewed by an independent consultant responsible for assessing the strength of its compliance programme in terms of sanctions and embargoes.

On 19 November 2018, Societe Generale Group and its New York branch (SGNY) entered into an agreement (enforcement action) with the NY State Department of Financial Services regarding the SGNY anti-money laundering compliance programme. This agreement requires the Group to (i) submit an enhanced anti-money laundering programme, (ii) submit an anti-money laundering governance plan, and (iii) perform an external audit in 2020.

By way of background, on 14 December 2017, Societe Generale and SGNY on the one hand, and the Board of Governors of the Federal Reserve on the other hand, agreed to a Cease-and-Desist order (the “Order”) regarding the SGNY compliance programme to adhere to the Bank Secrecy Act (“BSA”) and its anti-money laundering (“AML”) obligations (the “Anti-Money Laundering Compliance Program”), and regarding some aspects of its know your client (KYC) programme.

This Cease-and-Desist Order signed on 14 December 2017 with the US Federal Reserve supersedes the Written Agreement entered into in 2009 between Societe Generale Group and SGNY on the one hand, and the US Federal Reserve and the New York State Financial Services Department on the other.

On 17 December 2019, Societe Generale SA and SGNY signed an agreement with the Federal Reserve Bank of New York (FRB) regarding its compliance risk management. The agreement included the submission and approval by the FRB, followed by the implementation, of :

(i) an action plan to strengthen supervision by the US Risk Committee of the compliance risk management programme, 

(ii) an action plan to improve the compliance risk management programme in the US, and 

(iii) changes to the internal audit programme concerning compliance risk management audits in the US.

At the end of 2023, Societe Generale had made considerable progress in the delivery of the remedial actions.

The Group is fully committed to maintaining a solid governance system in terms of model risk management in order to ensure the efficiency and reliability of the identification, design, implementation, modification monitoring processes, independent review and approval of the models used. An MRM (“Model Risk Management”) Department in charge of controlling model risk was created within the Risk Department in 2017. Since then, the model risk management framework has been consolidated and structured and is based today on the following device.

The model risk management system is implemented by the three independent lines of defence, which correspond to the responsibility of the business lines in risk management, to the review and independent supervision and evaluation of the system and which are segregated and independent to avoid any conflict of interest.

The device is as follows:

• ■the first line of defence (LoD1), which brings together several teams with diverse skills within the Group, is responsible for the development, implementation, use and monitoring of the relevance over time of the models, in accordance with model risk management system; these teams are housed in the Business Departments or their Support Departments;
• ■the second line of defence (LoD2) is made up of governance teams and independent model review teams, and supervised by the “Model Risk” Department within the Risk Department;
• ■the third line of defence (LoD3) is responsible for assessing the overall effectiveness of the model risk management system (the relevance of governance for model risk and the efficiency of the activities of the second line of defence) and independent audit of models: it is housed within the Internal Audit Department.

A MRM Committee chaired by the Risk Director meets at least every three months to ensure the implementation of the management system and monitor the risk of models at Group level. Within the second line of defence and the “Model risk” Department, a governance team is in charge of the design and management of the model risk management system at Group level.

As such:

• ■the normative framework applicable to all of the Group’s models is defined, applied when necessary to the main families of models to provide details on the specifics, and maintained while ensuring the consistency and homogeneity of the system, its integrity and its compliance with regulatory provisions; this framework specifies in particular the definition of expectations with regard to LoD1, the principles for the model risk assessment methodology and the definition of guiding principles for the independent review and approval of the model;
• ■the identification, recording and updating of information of all models within the Group (including models under development or recently withdrawn) are carried out in the model inventory according to a defined process and piloted by LoD2;
• ■the monitoring and reporting system relating to model risk incurred by the Group in Senior Management has been put in place. The appetite for model risk, corresponding to the level of model risk that the Group is ready to assume in the context of achieving its strategic objectives, is also formalised through statements relating to risk tolerance, translated under form of specific indicators associated with warning limits and thresholds.

For each model, risk management is based on compliance with the rules and standards defined for the entire Group by each LoD1 player, it is guaranteed by an effective challenge from LoD2 and a uniform approval process.

The need to examine a model is assessed according to the level of model risk, its model family and applicable regulatory requirements. The independent review by the second line of defence is triggered in particular for new models, periodic model reviews, proposals to change models and transversal reviews in response to a recommendation:

• ■it corresponds to all the processes and activities which aim to verify the conformity of the functioning and use of the models with respect to the objectives for which they were designed and to the applicable regulations, on the basis of the activities and controls implemented by LoD1;
• ■it is based on certain principles aimed at verifying the theoretical robustness (evaluation of the quality of the design and development of the model), the conformity of the implementation and use, and the relevance of the monitoring of the model;
• ■it gives rise to an Independent Review Report, which describes the scope of the review, the tests carried out, the results of the review, the conclusions or the recommendations.

The approval process follows the same approval scheme for all models, the composition of governance bodies being able to vary according to the level of model risk, the family of models, the applicable regulatory requirements and the Business Units/Service Units in which model is applicable. Responsible for LoD2, the approval process consists of two consecutive instances:

• ■the Review Authority which aims to present the conclusions identified by the review team in the Independent Review Report and to discuss, allowing for a contradictory debate between LoD1 and LoD2. Based on the discussions, LoD2 confirms or modifies the conclusions of the Review Report, including the findings and recommendations, without being limited thereto;
• ■the Approval Authority, a body which has the power to approve (with or without reservation) or reject the use of a model, changes made to the existing model or continuous monitoring of the relevance of the model along the time proposed by the LoD1, from the Independent Review Report and the minutes of the Review Authority.

ESG Risk (Environmental, Social, and Governance Risk) can be defined as the negative materialisation of current or prospective ESG factors through SG counterparties or invested assets. ESG factors may negatively impact SG’ financial performance by materialising through risk types, such as credit risk, which are primarily affected by an institution’s exposure to its counterparties and invested assets.

The Group’s risk management framework is continuously reviewed and updated to take these new challenges into account.

ESG risks are seen as aggravating factors to the traditional categories of risks (credit risk, counterparty risk, market risk, non-financial risks, structural risk, business and strategy risks, as well as other types of risk and other risk factors). They could have an impact on the Group’s activities, results and financial situation in the short, medium, and long term. These risk categories are closely interconnected and must be addressed as a whole.

The individual components of ESG risks can be defined as follows:

• ■environmental risks correspond to the risk of materialisation of environmental factors that may adversely affect the financial performance or solvency of a sovereign or individual entity. Environmental factors are those related to the quality and proper functioning of the natural environment and natural systems. They include factors such as climate change, biodiversity*, energy consumption and waste management. Environmental risks could have an adverse financial impact through a range of risk drivers, classed as follows:
  • -physical risk, which refers to the current or potential financial impact of physical environmental factors on the Group, its counterparties or its invested assets,
  • -transition risk, which refers to current or potential impact of the transition to a more environmentally sustainable economic model on the Group, its financial position, counterparties or invested assets;
• ■social risks correspond to the risk of materialisation of social factors that may adversely affect the financial performance or solvency of a sovereign or individual entity. Social factors are those related to the rights, well-being and interests of people and communities. They include factors such as (in)equality, health, inclusiveness, labour relations, workplace health & safety and well-being, human capital and communities;
• ■governance risks correspond to the risk of materialisation of governance factors that may adversely affect the financial performance or solvency of a sovereign or individual entity. Governance factors are those related to governance practices (executive leadership, executive pay, audits, internal control, fiscal policy, Board of Director independence, shareholder rights, integrity, etc.) and to how companies and entities take environmental and social factors into account in their policies and procedures.

The Group analyses the potential adverse impact of ESG risk factors on its counterparties or invested assets as part of a double materiality assessment:

• ■environmental and social materiality, which could stem from the impact of the Group’s economic and financial activities on the environment and on human rights; and
• ■financial materiality, which could stem from the impact of ESG factors on the Group’s economic and financial activities across the entire value chain (upstream and downstream) and affecting the value (profitability) of these activities.

The Group added ESG risk factors to its risk taxonomy in 2021, based on the “EBA Report on management and supervision of ESG risks for credit institutions and investment firms” (2021) and the “ECB Guide on climate-related and environmental risks” (2020). Their description was revised in 2022 to include physical and transition risks as environmental risk factors and to incorporate the concept of double materiality. In 2023, the definition of double materiality was revised to highlight how the concept applies to assessing financial materiality.

With a view to satisfying the Pillar 3 requirements for qualitative disclosures on ESG risks, this part of Chapter 4 explains how the Group has developed a framework to mitigate such risks. A table of cross-references to the Declaration of Extra-Financial Performance is provided in Chapter 9 (see page  9.1.4).

Precise definition is given to words followed by an asterisk. These definitions are presented in the Glossary, page  Corporate social responsibility glossary. 

Refer to Financial Statements in Chapter 6 - Note 4.3 Insurance activities.

The Group’s ESG ambitions form the cornerstone of the strategy pursued by its new General Management team. The strategic plan for 2026 includes a series of far-reaching initiatives designed to ramp up Societe Generale’s contribution to the environmental transition and, more broadly, the UN’s Sustainable Development Goals (SDGs). These initiatives are the Group’s most ambitious yet in terms of decarbonising its activities and investing in innovative solutions and partnerships to magnify its impact.

Conscious of the urgent need for climate action and keen to address the financing gap for the environmental transition and promote the UN’s SDGs, Societe Generale is committed to cementing its role as a driver of change, leading the transition and sustainable development of the world’s economies. It takes a holistic approach in this respect, based on proactive and responsible change within all teams and businesses throughout the Group. Aware of the risks but also the opportunities involved, the Bank is both stepping up its efforts to decarbonise its activities – getting fully behind its clients’ transition programmes – and supporting the development of innovative solutions and partnerships with a view to helping a more socially responsible, low-carbon economy emerge.

Societe Generale is well positioned to adapt its activities. With its corporate purpose – “Building together, with our clients, a better and sustainable future through responsible and innovative financial solutions” – and its materiality matrix (see Chapter 5, Measuring the objectives and expectations of stakeholders,  page  5.1.4.1.1) firmly in mind, the Group pursues its Corporate Social Responsibility (CSR) Ambition. Details of this CSR Ambition and how it infuses the Group’s business model are given in Chapter 1 (see Chapter 1, Profile of Societe Generale, page  1.2).

To learn about how the Group translated its CSR Ambition into actions and results in 2023, see Chapter 2 (Chapter 2, Extra-Financial Report, page  2.4).

Driven by its core values of Innovation, Team Spirit, Commitment and Responsibility, the Group is pursuing a fair and inclusive environmental transition, in keeping with the highest standards of governance (see Chapter 3, Corporate governance, page  3.1.1, ensuring rigorous risk assessment and management systems for both financial and non-financial risks (see Chapter 4.13, Environmental, social and governance (ESG) risks, page  4.13) and regularly reviewing the impact of its activities (see Chapter 5, Duty of Care Plan, page  5.6).

Societe Generale upholds all national and EU laws, regulations and agreements applicable to it, everywhere it operates, and strives to respect the local culture and environment. As a signatory of the UN Principles for Responsible Banking, Societe Generale believes it has a duty to conduct its activities responsibly and transparently and to do its utmost to help its clients towards a more sustainable economy. The first section of this Chapter 5 on Corporate Social Responsibility sets out the Group’s governance of CSR matters and how it deploys its Code of Conduct (see Chapter 5, A transparent bank,  page  5.1.1). The second section details Societe Generale’s alignment targets (see Chapter 5, A committed bank, page  5.1.2).

To help its clients transition to a more sustainable economy, the Group draws on its technical expertise and capacity for innovation, as well as its international reach (see Chapter 5, A Bank that supports its clients, page  5.1.3), taking into account the needs of its stakeholders (see Chapter 5, A mindful bank, page  5.1.4).

This requires Societe Generale to be exemplary in everything it does. The last section of Chapter 5 therefore looks at the transformation projects undertaken by the Group in its role as a responsible employer, a responsible purchaser and a company that cares about the environment (see Chapter 5, Being an exemplary financial company, page  5.2).

The Group uses various indicators to measure and manage progress towards the targets from its CSR transformation and development plan each year. The table below presents a selection of these metrics.

Societe Generale has been committed to financing renewable energy projects and supporting positive-impact finance for over 20 years. It was a founding member of the UNEP-FI’s Positive Impact Finance initiative as well as, in 2019, its Principles for Responsible Banking (PRB). The sound technical expertise it has developed over the years has proven valuable in helping the Group progressively align its portfolios, boost innovation and support positive local impact, making it a key partner for its customers. This expertise underpins the innovative ESG solutions and advisory services the Group offers its clients to assist them in achieving their own transitions.

To learn about how the Group translated the four pillars of its CSR Ambition into actions and results in 2023, see Chapter 2, Extra-Financial Report (page  2.4).

Societe Generale is committed to conducting its activities in an exemplary manner and has made the culture of responsibility a prime focus of its CSR strategic ambition. The Group has also made CSR the linchpin of its governance and compensation policy. In addition, as part of its quest to be a vehicle for transformation towards a more sustainable world, Societe Generale participates in numerous coalitions which debate environmental, social and governance (ESG) issues and enable it to make concrete commitments and a contribution towards shared standards. Last, the Group has developed a strict framework for the management of ESG risks to ensure it rolls out these commitments throughout the entire organisation (for more information, see Chapter 4.13 Environmental, social and governance (ESG) risks, page  4.13).

The charts below present how CSR is integrated into Group governance and prioritised by all entities:

Four bodies play a specific role in CSR:

• 1 .the Board of Directors, which approves the CSR strategy (notably climate strategy) guided by General Management and the non-voting Director. The proposed strategy is first reviewed by the Risk Committee for risk-related issues, the Compensation Committee for remuneration-related matters involving the Chief Executive Officers, and the Nomination and Corporate Governance Committee for governance questions (including the Group’s internal governance). The Risk Committee also examines CSR risks at least once every quarter, together with climate stress test results. The Audit and Internal Control Committee reviews all financial and extra-financial communication documentation relating to CSR (i.e., Duty of Care Plan, Declaration of Extra-Financial Performance), before submitting it to the Board of Directors for approval. The Compensation Committee makes recommendations to the Board of Directors on CSR criteria concerning the remuneration of corporate officers. The Nomination and Corporate Governance Committee prepares discussion material to enable the Board of Directors to deal optimally with CSR issues. Using the Directors’ skills matrix (see Chapter 3, page  Directors’ expertise) it also delves every year into the Board of Directors’ needs in terms of expertise, including in respect of the various CSR topics, drawing the necessary conclusions on the recruitment processes in place and the training on offer. Each topic covered by the Committees is subsequently discussed by the Board of Directors. The non-voting Director assists the Committees when they deal with CSR topics. Furthermore, the Board of Directors’ Internal Rules provide that dossiers submitted to the Board must contain information on social and environmental objectives for consideration where necessary. Over 2023, the Board of Directors' members were trained on CSR, climate-related issues and biodiversity (for more information, see: Chapter 3: Appraisal of the Board of Directors and its members/Training, page  Appraisal of the Board of Directors and its members);
• 2 .General Management, which examines CSR themes through:
  • -the Responsible Commitments Committee (CORESP), chaired by the Deputy Chief Executive Officer responsible for CSR, who oversees the Group’s CSR commitments and standards, including as regards aligning its activity with climate targets. The Deputy Chief Executive Officer also examines any environmental and social (E&S) issues that could impact the Group’s responsibility or reputation, when not covered by an existing General Management Committee (see Chapter 3, Governance bodies, page  3.1.4, and Chapter 4, Governance of risk management, page  Governance of risk management),
  • -the Group Risk Committee (CORISQ), which sets out the Group’s main strategies in relation to credit, counterparty, environmental, country, market, operating and model risks, etc., in addition to risk appetite and the financial objectives set by the Board, and ensures compliance in these areas (see Chapter 4, Governance of risk management, page  Governance of risk management).
• General Management conducted a strategic review of CSR matters in 2023.
• Two new committees were created in 2023:
  • ■the Group Complex Transactions & Reputational Risk Committee (CTRC), whose purpose is to review, assess and, as appropriate, approve/reject transactions that may generate a heightened legal, regulatory, tax, compliance, accounting, conduct and/or reputational risks that may arise from:
    • -the involvement of any Group entities or employees in any complex structured transaction, or
    • -any new or existing product, transaction, business, service or activity with any client, customer or counterparty.
  • ■the Group Client Acceptance Committee (CAC), whose purpose is to approve or reject client on-boarding or confirm the continuation/termination of relationships with clients dependent on certain risk criteria.
• 3 .the Sustainable Development Department, which has reported to General Management since 1 January 2022. The Head of the department is a member of the Group Management Committee and oversees the formulation of a dedicated policy for the Group that is attuned to stakeholders, and the monitoring of actions in this area, backed by a 27-strong team (in Q4 23) and supported by a network of CSR officers in the Business and Service Units;
• 4 .the Group Business Units/Service Units, which are tasked with implementing and aligning their initiatives with Societe Generale’s CSR policy.

The Group seeks to establish a culture of responsibility and apply strict control and compliance standards. It commits its employees to acting with integrity and in accordance with applicable law in all its activities. To that end, the Group has defined a Code of Conduct describing the standards to be observed. This Code applies to all its employees worldwide. In addition to its Code of Conduct, Societe Generale has also adopted a Charter for Responsible Advocacy (see below) and a Sustainable Sourcing Charter (https://www.societegenerale.com/sites/default/files/construire-demain/12112018-sustainable-sourcing-charter-vf-eng.pdf).

Societe Generale has built a strong culture based on its values, its Leadership Model and its Code of Conduct. It is guided by four key values which are shared by all employees: Team Spirit, Innovation, Commitment and Responsibility. At the centre of these is the client, for whom the Group strives to achieve the highest possible standards of service quality.

The Group’s values feed into its Leadership Model, which defines the behaviour and skills expected within the Group, emphasising that the way in which results are achieved is every bit as important as the results themselves.

The behavioural skills reflected in the Leadership Model are divided into three categories corresponding to the main levels of responsibility within the Bank (senior executives, managers and employees) and are shared throughout the Group.

The four key values thus translate into key skills (see diagram below):

The Leadership Model’s internal skills guide describes the expected behaviour corresponding to each of these skills. In conjunction with the guide, a self-assessment tool available on the intranet asks twenty questions through which respondents can see how they rate in relation to appropriate conduct and provides leadership development tools to work through the various skills.

The annual appraisal targets are set based on the four Leadership Model values. One of the values is attached to each behavioural objective, and employees can use the Leadership Model to formulate their annual targets.

The Group conducts its operations in line with the values set out in the following major international conventions:

• ■the Universal Declaration of Human Rights and its additional commitments;
• ■the fundamental conventions of the International Labour Organization (ILO);
• ■the UNESCO Convention concerning the protection of the world cultural and natural heritage;
• ■the OECD (Organisation for Economic Co-operation and Development) Guidelines for Multinational Enterprises;
• ■the United Nations Guiding Principles on Business and Human Rights.

These values are espoused in the Code of Conduct policy document and span the entire spectrum of Group activities and the countries in which it operates. The Code describes its commitments towards all stakeholders – clients, employees, investors, suppliers, the regulator and supervisory bodies, the general public and civil society – as well as the principles of expected individual and collective behaviour. It refers directly to the whistleblowing procedure, which forms part of the mechanism to combat inappropriate behaviours.

Available in the main languages spoken in the Group, the Code of Conduct is the cornerstone of professional ethics at Societe Generale. It promotes respect for human rights and the environment, the prevention of conflicts of interest and corruption, anti-money laundering and counter-terrorist financing measures, respect for market integrity, data protection, proper conduct regarding gifts and invitations, and responsible sourcing.

The Code of Conduct rules go beyond the minimum statutory and regulatory requirements in force, especially in countries whose laws and regulations are not as stringent as the Group’s high ethical standards.

Stakeholders can view the Code of Conduct on the Societe Generale corporate website: https://www.societegenerale.com/sites/default/files/documents/Code-conduct/code-of-conduct-en.pdf.

Further information is provided in the Tax Code of Conduct and the Code Governing the Fight Against Corruption and Influence Peddling (see: https://www.societegenerale.com/sites/default/files/documents/code-conduct/tax-code-of-conduct-of-societe-generale-group-uk.pdf and https://www.societegenerale.com/sites/default/files/documents/ Code%20de%20conduite/code-governing-the-fight-against-corruption- and-influence-peddling-uk.pdf).

The Group furthermore updated its Conflict of Interest policy in 2023: (https://wholesale.banking.societegenerale.com/fileadmin/user_upload/Wholesale/pdf/compliance/Conflict-Interest/EN/Summary-of-the-Societe-Generale-s-Conflict-of-Interest-policy.pdf).

The Group undertakes to operate with the utmost integrity and transparency, and to comply with the applicable laws and regulations in all countries in which it operates, in particular regarding the offering and receipt of gifts, and the organisation of or participation in business meals or external events as part of its professional activities and business relationships (including when these events involve public and/or politically exposed persons – PEPs).

The whistleblower tool, which is accessible at www.societegenerale.com (https://report.whistleb.com/en/portal/socgengroup) and on the intranet, is operational in France and internationally. Whistleblowers can use the system to report any suspected potential or actual violation or attempt to conceal a violation of an international commitment, a law or a regulation, any risks to human rights, fundamental freedoms, health and safety or the environment, and any behaviour or situation that runs counter to the Group’s Code of Conduct. It is available to all employees, management, Directors, shareholders, external or temporary staff, service providers working with the Group on an established basis (as subcontractors or suppliers) and third-party facilitators. Whistleblowers have the right to remain anonymous. Flags raised by whistleblowers are hosted on a secure external platform offering the guarantees required by the French Act on Transparency, the Fight against Corruption and Modernisation of the Economy, namely the protection of personal data and strict confidentiality of any information provided. Whistleblowing is a right and no employee may be sanctioned in any way whatsoever for having made disclosures in good faith.

The whistleblowing system has been updated in accordance with the French Waserman Act (Act 2022-401 of 21 March 2022), introduced to amend the Sapin II Act (Act 2016-1691 of 9 December 2016). The Waserman Act extended the list of people who could raise whistleblowing alerts to include third-party “facilitators”, shareholders and Directors and removed the requirement for whistleblowers to be acting “disinterestedly”, instead simply stipulating that they must not receive any direct financial consideration.(1) The Group’s normative documentation was updated to reflect these changes and local whistleblowing tools were set up as an additional alternative to the main Group system.

Societe Generale has also committed to the following:

• ■transparency International France’s joint statement (https://www.societegenerale.com/sites/default/files/documents/2023-11/20140225_Declaration_commune_sur_le_lobbying.pdf – in French);
• ■the Responsible Lobbying Charter for responsible representation to public authorities and representative institutions (https://www.societegenerale.com/sites/default/files/documents/2022-05/2022-memorandum-responsible-advocacy-activities.pdf);
• ■the Transparency Register of European Institutions (https://ec.europa.eu/transparencyregister/public/consultation/displaylobbyist.do?id=34369111614-57&locale=en#en)
• ■the French Senate’s Code of Conduct (https://www.senat.fr/fileadmin/cru-1681198794/Groupes_d_interet/Code_de_conduite.pdf – in French);
• ■the French National Assembly’s Code of Conduct (https://www.assemblee-nationale.fr/dyn/pages-statiques/pages-simples/ decouvrir-l-assemblee/code-de-conduite-applicable-aux- representants-d-interets – in French);
• ■the digital transparency register administered by the High Authority for Transparency in Public Life (Haute Autorité pour la transparence de la vie publique – HATVP) (https://www.hatvp.fr/fiche-orga nisation/?organisation=552120222 – in French);
• ■compliance with local Codes of Conduct and registration of its interest representation activities on any other local registers managed by the authorities in countries where Societe Generale operates.

The full list of these commitments appears:

• ■for internal use, in a dedicated section of Societe Generale’s normative documentation (Societe Generale Code), available and applicable to employees and service providers;
• ■for public consultation, in a document describing measures governing interest representation – Memorandum Responsible Advocacy Activities 2023 – available on the Group’s corporate website: https://www.societegenerale.com/sites/default/files/docu ments/2023-05/2023-dispositif-groupe-pour-une-representation- d-interets-responsable.pdf.

At the end of 2016, the Board of Directors approved the launch of a Group Culture & Conduct programme, with the aims of supporting the Group’s cultural transformation, ensuring compliance with the strictest integrity standards, and establishing a lasting relationship with its stakeholders built on trust.

The programme was shared with all employees, to reaffirm and promote collective and individual behaviour that contributes to the ethical and responsible performance of the Group’s activities. Since the launch of the initiative, numerous actions have been successfully carried out in the following seven areas: implementation of a Culture & Conduct governance system at the highest level of the organisation and in the businesses, publication of a dashboard to monitor changes in Culture & Conduct indicators, implementation of a conduct risk management system, alignment of Human Resources processes, training and awareness-raising among employees, development of cultural transformation, and communication aimed at integrating Culture & Conduct issues into the daily lives of employees.

Placed from the outset under the supervision of the Board of Directors and General Management and steered by a cross-business project team, the programme has achieved the targets it had set for this first stage. Project mode management came to an end on 31 December 2020 and evolved into a long-term system, with the Culture & Conduct approach remaining a major consideration for the Group.

Since 2021, all BUs and SUs have been expected to push further ahead with integrating Culture & Conduct considerations into the performance of their daily activities. Every year, they each set out a roadmap on these topics, covering their goals and the related risks.

Central oversight of these topics is coordinated by the Human Resources and Compliance Departments. They intend to continue cementing a solid and lasting culture of responsibility throughout the Group, and to ensure that all BUs and SUs roll out the necessary measures to encourage appropriate behaviour and protect the Group’s interests in the long term. General Management supervises the entire programme and prepares an annual report on the results for the Board of Directors. The programme is managed as a fully integrated part of the Group’s governance: quarterly Culture & Conduct reviews by the Group Executive Committee were introduced in June 2023. General Management and the Board of Directors receive annual Culture & Conduct reports. This report provides an overview of the main conduct risks in the businesses, identifies the action plans necessary to improve risk management in these areas and helps track indicator trends.

At BU/SU level, Culture & Conduct has been made part of the remit of the Internal Control Coordination Committees since 2022.

The thematic Responsible Employer report sets out the Culture & Conduct approach (https://www.societegenerale.com/en/news/all-news/2021-responsible-employer-reports).

In 2023, Societe Generale made a reference document on its Speak-Up* Culture available to all employees, together with various tools to help them embody the Speak-Up* approach (workshops, training for Culture & Conduct correspondents, etc.). It also added a new Ethics and Conduct pathway to its training offer. All staff are required to follow this Ethics and Conduct pathway each year. It provides an overview of the main principles of the Culture & Conduct approach, through three modules: Code of Conduct, Speak-Up* Culture and Whistleblowing. The Code of Conduct module covers the principles of individual and group conduct as set out in the Societe Generale Code of Conduct. It stresses that all acts of corruption, as well as pressure or solicitations from third parties, are prohibited.

In addition to this mandatory training pathway, key contributors are provided with regular training on conduct risk management processes (such as the Risk and Control Self-Assessment, management of conduct incidents, disciplinary sanctions, etc.) and on how to handle Culture & Conduct matters. Alongside this training, the Group also deploys annual awareness-raising and communications campaigns. The aims of these campaigns are to: provide BUs and SUs with greater support, encouraging them to take responsibility for Culture & Conduct matters; continue to inform and raise awareness among employees, especially on how to identify conduct risks; and encourage people to adopt the Speak-Up* culture, at both BU/SU and Group level.

Societe Generale has also strengthened its normative framework, embedding its Culture & Conduct approach within its internal rules and controls and thereby making it a permanent fixture.

The Group likewise pushed ahead with efforts to align its main Human Resources management processes with its Culture & Conduct ambitions over 2023: updating its guidelines for assessing conduct and compliance, and optimising how it manages inappropriate conduct and disciplinary sanctions.

Societe Generale is committed to respecting and promoting human rights – one of the fundamental values of its CSR policy. The Group defines and implements environmental and social (E&S) policies, processes and operational procedures to uphold its human rights commitments.

Societe Generale reaffirms these commitments in its Human Rights Statement, appended to its Environmental and Social General Principles (the E&S General Principles) (https://www.societe generale.com/sites/default/files/documents/CSR/environmental-social-general-principles.pdf#page=12). The respect for and protection of human rights is enshrined in its Code of Conduct (https://www.societegenerale.com/sites/default/files/documents/Code-conduct/code-of-conduct-en.pdf) and its E&S General Principles (https://www.societegenerale.com/sites/default/files/documents/CSR/environmental-social-general-principles.pdf).

Societe Generale is also governed by French legislation passed on 27 March 2017 on the duty of care for parent and subcontracting companies (known as the Duty of Care Act). This law requires that the Group prepare and implement a duty of care plan to identify risks and prevent serious violations of human rights or fundamental freedoms or damage to the health, safety and security of persons or the environment as a result of its activities. The Group’s Duty of Care Plan is provided on page  5.6.

As required under the United Kingdom’s Modern Slavery Act of 2015 and the Australian Modern Slavery Act of 2018, Societe Generale also publishes an annual statement on its corporate website outlining the steps it has taken to prevent modern slavery and human trafficking (https://www.societegenerale.com/sites/default/files/documents/2020-10/modern-slavery-act.pdf).

Over the years, the Group has voluntarily adopted various procedures and tools to identify, assess and manage human rights and environmental risks as part of how it manages its human resources, supply chain and businesses. Accordingly, Societe Generale saw this legal duty of care as an opportunity to clarify and strengthen its existing framework.

The Group’s risk assessment and management framework covers three main areas:

• ■respecting the human rights of its employees and social partners (for more information, see Being a responsible employer, page  5.2.1);
• ■respecting human rights in its supply chain and through its suppliers (for more information, see Responsible sourcing, page  5.2.2);
• ■respecting human rights in its financial and banking products and services (for more information, see Managing E&S risks, page  4.13.3).

The risks in these three areas and the associated risk policies are detailed in the Group’s Duty of Care Plan, presented on page  5.6.

Whistleblowers can report any potential or actual violations in respect of human rights, fundamental freedoms, health and safety or the environment using the Group’s online tool, available on the www.societegenerale.com portal at https://report.whistleb.com/fr/societegenerale (for more information, see The Code of Conduct, a vehicle for the Group’s values / Whistleblowing, page  5.1.1.2.2 and the Group's Duty of Care Plan / Whistleblowing procedure,  page  5.6.5).

Societe Generale strives to be a responsible employer in more than 60 countries and for over 126,000 employees. As such, it works to prevent and control social and operational risks related to its management of human resources. This ensures that its operations comply with regulations (labour law, health and safety standards, social legislation, etc.) and with the internal rules it has established, while also securing business continuity and decent working conditions for its employees.

The Group conducts its operations in line with the values and principles set out in the following major international conventions:

• ■the Universal Declaration of Human Rights and its additional commitments;
• ■the fundamental conventions of the International Labour Organization (ILO);
• ■the Unesco World Heritage Convention;
• ■the OECD (Organisation for Economic Co-operation and Development) Guidelines for Multinational Enterprises;
• ■the United Nations Guiding Principles on Business and Human Rights.

Details of the Group’s commitments, the main human resources indicators it monitors and the associated policies and initiatives it deploys can be found in the Responsible Employer Report. (see: www.societegenerale.com, Responsibility, section: Responsible employer).

As an international group, Societe Generale operates within a competitive and changing environment, in which:

• ■new players and new technologies are disrupting the banking sector’s make-up and revolutionising how it handles labour relations and conducts business with clients;
• ■traditional ideas surrounding how we work and how businesses operate have been profoundly shaken up by the climate and social crises, leading in particular to greater individual and collective awareness of what is at stake with digitalisation and working conditions in particular;
• ■the economic, social and environmental fall-out from the pandemic and geopolitical crises weigh heavily on individuals, in both their professional and their personal lives.

In light of these structural and economic factors, the Group is stepping up its transformation efforts in a bid to address the new challenges arising for its businesses, such as:

• ■intensifying job market competition, particularly for candidates with IT and data expertise;
• ■the emergence of new working arrangements and evolving aspirations and demands from employees in terms of how they relate to their work and their employer;
• ■emerging needs in response to environmental, social and governance (ESG) issues.

The Group recognises the impact of this accelerating pace of change and the HR risks that come with it. In line with the Group-level risk mapping detailed in Chapter 4.1 (see Risk factors by category, page  4.1), the Group HR Department has carried out its own risk assessment and identified three key HR risks for Societe Generale and its subsidiaries:

• ■the risk of a lack of qualified staff and the resulting risks of high staff turnover and loss of skills and expertise, which could lead to a loss of resources, know-how, efficiency and commitment. This would have a negative impact on individual and collective performance, client satisfaction and the Group’s competitiveness;
• ■the risk in relation to working conditions and the resulting risks of reduced employer appeal, increased absenteeism and lack of motivation among employees, as well as the associated health and safety risks, in particular situations leading to psychosocial risks. The risk of occupational accidents and illnesses for the Group’s employees is relatively limited given that they work in the banking sector rather than in an industrial setting;
• ■the risk of non-compliance with labour regulations and the Group’s own labour rules, and the resulting legal and reputational risks.