Societe Generale seeks a sustainable development based on a diversified and balanced banking model with a strong European foothold and a global presence targeted on a few areas of strong business expertise. Risk appetite is declined in a global strategy which fulfills the following targets: 

• ■CET 1 ratio at 13% in 2026, under Basel IV;
• ■average annual revenue growth between 0% and 2% over 2022-2026;
• ■increased operational efficiency with cost-to-income ratio below 60% in 2026;
• ■return on tangible equity (ROTE) between 9% and 10% in 2026;
• ■best standards of risk monitoring with a NCR comprised between 25 and 30 bps on 2024-2026, and a non performing loan rate between 2,5% and 3% in 2026;
• ■maintaining a robust liquidity profile with an LCR superior or equal to 130% on 2024-2026 and a NSFR superior or equal to 112% on 2024-2026.

At 31 December 2023, the indicators of the Group’s risk appetite in terms of solvency, credit risk, market risk, operational risk and structural risks were within the risk appetite levels defined by the Group. They have not reached the tolerance thresholds defined by the Board.

In 31 December 2023, the Group complies with all regulatory requirements relating to solvency.

Concerning the internal economic approach of the ICAAP, the rate of coverage of the Group's internal capital requirement by the internal capital the end of 2023 is greater than 100% and respects the risk appetite validated by the Board

In addition, the Group presents its unconsolidated structured entities in Note 2.4 of the financial statements of the 2023 Universal Registration Document. Intra-group transactions are governed by a credit granting process respecting different levels of delegation within the Business Units, the Risk Department and the Finance Department. The risks of intervention on these intra-group transactions are tracked as part of the risk inventory and represent a non-material risk to date. The entities’ structural risk management and oversight systems are also submitted to the Finance Department and the Risk Department.

As of December 2023, the increase of counterparty and credit risk exposure compared to 2022 is mainly due to increase of "Sovereign" exposures (+5%). 

The lower risk cost compared to 2022 is explained by recoveries measured on sound stocks (Stage 1/Stage 2) which offset a moderate increase in the cost of risk on defaulted stocks. The recoveries in S1/S2 are mainly due to lower exposures to Russia that had a strong impact in 2022. Overall, the Group maintains a prudent provisioning policy in an environment still impacted by high geopolitical uncertainties and less favorable economic prospects.

The ESG risk elements are presented in Chapter 14 of this Pillar 3 document. 

As defined in Table 1 of Pillar 3 on ESG risks related to transition risk linked to climate change, exposures to sectors that contribute significantly to climate change(2) (based on NACE codes provided by the EBA) amount to EUR 169.7 billion of gross carrying amount.

As defined in Table 5 of Pillar 3 on ESG risks concerning the physical risk related to climate change and taking into account the assumptions used and the data available, corporate exposures subject to gross physical risk before any mitigation is taken into account represent 27.5 billion euros of gross book value.

As of 31 December 2023, operational risk-weighted exposures represented EUR 50.1 billion, up to 8.9% compared to the end of 2022 (EUR +4.1 billion). This evolution is mainly explained by Lease Plan integration. These weighted exposures are mainly determined using the internal model (91% of the total). 

These weighted exposures amounted to EUR 12.5 billion at the end of 2023. Capital requirements for market risk decreased in 2023. This decrease is mainly reflected in VaR and capital add-ons, partially offset by an increase in risks calculated using the standard approach:

• ■the VaR capital requirement gradually decreased in 2023, mainly due to the decrease in the multiplier factor following the steady decline in the number of backtesting breaches in a rolling year;
• ■capital add-ons decreased, mainly due to the reserve variability, which is calculated over a 3-year rolling window and which has benefited from the gradual exit of the high variation scenarios of the Reserve Policies observed in 2020 during the COVID crisis;
• ■the risks calculated in the standard approach are increasing mainly due to the risks assessed for currency positions.
• Market risk-weighted exposures are mainly determined using internal models (74% of the total at the end of 2023). 

The increase in Société Générale's LCR between the end of 2022 and the end of 2023  is mainly due to additional cash raising in bond markets, with also a slight decrease in net cash outflows.

The increase in liquidity reserve of 37 billion EUR  to 316 billion EUR at the end of 2023 is mainly explained by an increase in central bank deposits (excluding reserve requirements) and level 1 liquid assets, these increases are the result of additional surges in the various funding markets (money market and bond market). 
 

In a parallel schock scenario where the interest rates increase, the impact of the changes of EVE (economic value of equity) in 2023 is -1,821 EUR million and 621 EUR million on interest margin. On the contrary, in a parallel schock scenario where the interest rates decrease,  the impact of the changes of EVE (economic value of equity) in 2023 is -1,231 EUR million and -741 EUR million on interest margin.

(See details  of Chapter 11 "Structural Interest Rate ans Exchange Rate Risks). 

Societe Generale, ALD’s majority shareholder, finalized the acquisition of 100% of LeasePlan’s capital by its subsidiary from a consortium led by TDR Capital in May. The combination of ALD and LeasePlan, now Ayvens, two leading players in the sector, is designed to create the world leader in sustainable mobility solutions. The impact of this acquisition on the CET1 capital ratio of the Société Générale group was around 40 basis points.

In addition, the Group remains fully committed to the Vision 2025 project to review the network of Societe Generale and Crédit du Nord branches.

Finally, the creation of the Bernstein joint venture with AllianceBernstein in cash and equity research activities is progressing well. The completion of the transaction remains subject to the required regulatory approvals. The capital impact is estimated at less than 10 basis points at the completion date of the transaction, expected in the first half of 2024.

As at 31 December 2023, the Group presents a TLAC ratio of 31.93% of risk-weighted assets (RWA) with the option of Senior preferred debt limited to 3.5% of RWA (the ratio being 28.43% without this option) for a regulatory requirement of 22.06%, and of 8.73% of the leverage exposure for a regulatory requirement of 6.75%.

This section identifies the main risk factors which, based on the Group's estimates, could have a significant effect on its business, profitability, solvency or access to financing.

Societe Generale has updated its risk typology as part of its internal risk management. For the purposes of this section, these different types of risks have been grouped into six main categories (4.1.1 to 4.1.6), in accordance with Article 16 of the Regulation (EU) 2017/1129, also known as “Prospectus 3” regulation of 14 June 2017, according to the main risk factors that the Group believes could impact the risk categories. Risk factors are presented based on an evaluation of their materiality, with the most material risks indicated first within each category.  

The diagram below illustrates how the categories of risks identified in the risk typology have been grouped into the six categories and which risk factors principally impact them.

As a global financial institution, the Group’s activities are sensitive to changes in financial markets and economic conditions in Europe, the United States and elsewhere around the world. The Group generates 40% of its business in France (in terms of net banking income for the financial year ended 31 December 2023), 38% in Europe, 8% in the Americas and 14% in the rest of the world. The Group could face significant worsening of market and economic conditions in particular resulting from crises affecting capital or credit markets, liquidity constraints, regional or global recessions and fluctuations in commodity prices, notably oil and natural gas. Other factors could explain such deteriorations, such as variations in currency exchange rates or interest rates, inflation or deflation, rating downgrades, restructuring or defaults of sovereign or private debt, or adverse geopolitical events (including acts of terrorism and military conflicts). In addition, the emergence of new pandemics such as Covid-19 cannot be ruled out. Such events, which can develop quickly and whose effects may not have been anticipated and hedged, could affect the Group’s operating environment for short or extended periods and have a material adverse effect on its financial position, the cost of risk and its results.

The economic and financial environment is exposed to intensifying geopolitical risks. The war in Ukraine, which began in February 2022, has sparked deep tensions between Russia and Western countries, impacting global growth, energy and raw materials prices, as well as the humanitarian situation. This has also prompted a large number of countries, particularly in Europe and the United States, to impose economic and financial sanctions on Russia. The war between Israel and Hamas, which began in October 2023, could have similar impacts or contribute to existing ones and pose a risk to the flow of goods and raw materials via the Suez Canal. The Group will continue to analyse in real time the global impact of these crisis and take necessary measures.

In Asia, relations between the US and China, China and Taiwan and China and the European Union are fraught with geopolitical and trade tensions, the relocation of production and the risk of technological fractures.

After a long period of low interest rates, the current inflationary environment is pushing the major central banks to raise interest rates. The entire economy has had to adapt to a context of higher interest rates. In addition to the impact on the valuation of equities, interest rate-sensitive sectors such as real estate are adjusting. The US Federal Reserve and the European Central Bank (ECB) are expected to maintain tight monetary conditions before starting to loosen them from 2024 onwards, as inflation recedes according to our forecasts.

The slowdown in economic activity could generate strong volatility on the financial markets and a significant drop in the price of certain financial assets, potentially leading to payment defaults, with consequences that are difficult to anticipate for the Group. In France, Group's main market , after the long period of low interest rates which fostered an upturn of the housing market, the ongoing reversal of activity in this area had an adverse effect on the Group’s asset value and on business by decreasing demand for loans and resulting in higher rates of non-performing loans. More generally, the higher interest rate environment in a context where public and private debts have tended to increase is an additional source of risk.

Considering the ensuing uncertainty, both in terms of duration and scale, these disruptions could persist throughout 2024 and have a significant impact on the activity and profitability of certain Group counterparties.

Recent attacks on merchant ships in the Bab-el-Mandeb strait, claimed by the Houthi movement, could also have an impact on gas and oil supplies, or on prices and delivery times.

In the longer term, the energy transition to a “low-carbon economy” could adversely affect fossil energy producers, energy-intensive sectors of activity and the countries that depend on them.

With the ALD/LeasePlan merger in 2023, the automotive sector represents a major exposure for the Group. It is currently undergoing major strategic transformations, including environmental (growing share of electric vehicles), technological, as well as competitive (arrival of Asian manufacturers in Europe on the electric vehicles market), the consequences of which could generate significant risks for the Group’s results and the value of its assets.

With regard to financial markets, the topic of non-equivalence of clearing houses (central counterparties, or CCPs) beyond 2025 remains a point that needs watching, with possible impacts on financial stability, notably in Europe, and therefore on the Group’s business. In addition, capital markets (including foreign exchange activity) and securities trading activities in emerging markets may be more volatile than those in developed markets and may also be vulnerable to certain specific risks such as political instability and currency volatility. These elements could negatively impact the Group’s activity and results.

The Group’s results are therefore exposed to the economic, financial, political and geopolitical conditions of the main markets in which the Group operates.

During its Capital Markets Day event, the Group presented its strategic plan, which is to :

• ■be a rock-solid bank: streamline business portfolio, enhance stewardship of capital, improve operational efficiency, maintain best-in-class risk management;
• ■foster high performance sustainable businesses: excel at what SG does, lead in ESG, foster a culture of performance and accountability.

This strategic plan is reflected in the following financial targets:

• ■a robust CET 1 ratio of 13% in 2026 after the implementation of Basel IV;
• ■average annual revenue growth of between 0% and 2% over the 2022-2026 period;
• ■an improved cost-to-income ratio lower than 60% in 2026 and ROTE of between 9% and 10% in 2026;
• ■a distribution rate between 40% and 50% of reported net income(1), applicable from 2023.

The Group is fully on track to achieving its strategic milestones:

• ■the Group’s “Vision 2025” project involves a review of the network of branches resulting from the merger of Crédit du Nord and Societe Generale. Although this project has been designed to achieve controlled execution, the merger could have a short-term material adverse effect on the Group’s business, financial position and costs. The project could lead to some staff departures, requiring their replacement and training efforts that could potentially generate additional costs. The merger could also lead to the departure of some of the Group’s clients, resulting in loss of revenue;
• ■Mobility and Leasing Services will leverage the full integration of LeasePlan by ALD to be a world leader in the mobility ecosystem. However, 2024 will be an intermediate period, with the implementation of gradual integrations. From 2025 onwards, the new entity will make the transition to the target business model, including the implementation and stabilisation of IT and operational processes. If the integration plan is not carried out as expected or within the planned schedule, this could have adverse effects on ALD, particularly by generating additional costs, which could have a negative impact on the Group’s activities and results.

The Group also announced in November 2022 the signing of a letter of intent with AllianceBernstein to combine the equity research and execution businesses in a joint venture to create a leading global franchise in these activities. This announcement was followed by the signature of an acquisition agreement in early February 2023.

The creation of the Bernstein joint venture with AllianceBernstein in cash and equity research is making good progress. The final documentation was signed on 2 November 2023, with a revised structure to accelerate completion of the transaction. At the closing date (expected in the first half of 2024), the joint venture will be organised under two separate legal entities, focusing respectively on North America and on Europe and Asia. The two entities will then be combined, subject to required regulatory approvals. This change should have no significant impact on the Group’s expected net contribution. The capital impact is estimated at less than 10 basis points on the closing date. The transaction remains fully aligned with the strategic priorities of our Global Banking and Investor Solutions franchise.

Societe Generale and Brookfield Asset Management announced on 11 September 2023 a strategic partnership to originate and distribute private debt investments.

The conclusion of final agreements on these strategic transactions depends on several stakeholders and, accordingly, is subject to a degree of uncertainty (legal terms, delays in the integration process of LeasePlan or in the merger of the Crédit du Nord agencies). More generally, any major difficulties encountered in implementing the main levers for executing the strategic plan, notably in simplifying business portfolios, allocating and using capital efficiently, improving operating efficiency and managing risks to the highest standards, could potentially weigh on Societe Generale’s share price.

Societe Generale has placed Environmental, Social and Governance (ESG) at the heart of its strategy in order to contribute to positive transformations in the environment and the development of local regions. In this respect, the Group has made new commitments during the Capital Market Day on 18 September 2023 such as:

• ■an 80% reduction in upstream Oil & Gas exposure by 2030 vs. 2019; with a 50% reduction by 2025;
• ■a EUR 1 billion transition investment fund with a focus on energy transition solutions and nature-based and impact-based projects supporting the UN’s Sustainable Development Goals.

Failure to comply with these commitments, and those that the Group may make in the future, could create legal and reputation risks. Furthermore, the rollout of these commitments may have an impact on the Group’s business model. Last, failure to make specific commitments, particularly in the event of changes in market practices, could also generate reputation and strategic risks.

The Group is governed by the laws of the jurisdictions in which it operates. This includes French, European and US legislation as well as other local laws in light of the Group’s cross-border activities, among other factors. The application of existing laws and the implementation of future legislation require significant resources that could affect the Group’s performance. In addition, possible failure to comply with laws could lead to fines, damage to the Group’s reputation and public image, the suspension of its operations and, in extreme cases, the withdrawal of operating licences.

Among the laws that could have a significant influence on the Group:

• ■several regulatory changes are still likely to significantly alter the framework for Market activities: (i) the strengthening of transparency conditions related to the implementation of the new requirements and investor protection measures (review of MiFID II/MiFIR, IDD, ELTIF (European Long-Term Investment Fund Regulation)), (ii) the implementation of the fundamental review of the trading book, or FRTB, which may significantly increase requirements applicable to European banks and (iii) possible relocations of clearing activities could be requested despite the European Commission’s decision of 8 February 2022 to extend the equivalence granted to UK central counterparties until 30 June 2025, (iv) the European Commission’s proposal to amend the regulation on benchmarks (European Parliament and EU Council, Regulation (EU) No. 2016/1011, 8 June 2016) with possible changes in scope and charges;
• ■the adoption of new obligations as part of the review of the EMIR regulation (EMIR 3.0); in particular, the information requirements for European financial actors towards their customers, the equity options regime and the calibration of requirements for active account funding in a European Union central counterparty;
• ■the implementation of technical standards (RTS) published by the European Banking Authority to clarify risk retention requirements to contribute to the development of a healthy, safe and sound securitisation market in the European Union published by the European Banking Authority on 12 April 2022;
• ■the implementation of the new directive on credit agreements for consumers (Directive (EU) 2023/2225, 18 October 2023), which strengthens consumer protection;

• ■the Retail Investment Strategy (RIS) presented by the European Commission on 24 May 2023, aimed at prioritisng the interests of retail investors and strengthening their confidence in the EU Capital Markets Union, including measures to regulate commission retrocessions in the case of non-advised transactions and to introduce a value-for-money test for investment products;
• ■new legal and regulatory obligations could also be imposed on the Group in the future, such as the continuation in France of consumer protection measures weighing on retail banks, and the potential obligation at European level to open up access to banking data to third-party service providers;
• ■the Commission’s proposal of 28 June 2023 for a regulation on the establishment of the digital euro, accompanying the initiatives taken by the ECB in this field;
• ■the strengthening of data quality and protection requirements and a future strengthening of cyber-resilience requirements in relation to the adoption by the Council on 28 November 2022 of the European Directive and regulation package on digital operational resilience for the financial sector (DORA). Added to this is the transposition of the NIS 2 Directive (Network and Information Security Directive, published in the Official Journal of the EU on 27 December 2022) expected before 18 October 2024, which extends the scope of application of the initial NIS Directive;
• ■the implementation of European regulatory frameworks related to due diligence under the so-called “CS3D” Directive proposal (Corporate Sustainability Due Diligence Directive), as well as to sustainable finance including the regulation on European green bonds, with an increase in non-financial reporting obligations, particularly under the CSRD Directive (Corporate Sustainability Reporting Directive), enhanced inclusion of environmental, social and governance issues in risk management activities and the inclusion of such risks in the supervisory review and assessment process (Supervisory Review and Evaluation Process, or SREP);
• ■the implementation of the requirements of the French “Green Industry” law (Loi Industrie verte) (no. 2023-973 of 23 October 2023), which aims to green up existing industries;
• ■new obligations arising from the Basel Committee’s proposed reform of banking regulations (the final text of Basel 3, also called Basel 4). This reform will be implemented in the European legislative corpus CRR (Regulation (EU) no. 575/2013) which, with a few exceptions, will become applicable on 1 January 2025, and CRD (Directive 2013/36/EU), which should be transposed into the applicable law of Member States no later than 18 months after its entry into force, i.e. by mid-2025;
• ■the European Commission’s initiative, published on 18 April 2023, aiming to strengthen the framework for bank crisis management and deposit insurance (CMDI). This proposal could lead to wider use of the guarantee and resolution funds and increase the Group’s contributions to the guarantee and resolution funds;
• ■European measures aimed at restoring banks’ balance sheets, notably through active management of Non-Performing Loans (NPLs), are leading to an increase in prudential requirements and require the Group to adapt its NPL management strategy. More generally, additional measures to define a best practices framework for loan origination (see the Loan origination guidelines published by the European Banking Authority) and loan monitoring could also have an impact on the Group. This new framework should ensure that newly granted loans are of high credit quality and contribute to reducing levels of non-performing loans in the future;
• ■in 2023, the “Interest Rate Risk in the Banking Book” (IRRBB) guidelines published by the European Banking Authority in October 2022 have applied:
  • -since 30 June 2023 for the IRRBB part,
  • -since 31 December 2023 for the “Credit Spread Risk arising from non-trading Book Activities” (CSRBB) section, requiring banks to calculate and manage the impact of a change in Credit Spread on the Bank’s value and revenues;
• ■in 2024, the following evolutions are expected:
  • -calculation and supervision of the Supervisory Outlier Test (SOT) for Net Interest Income (NII); this requirement has already been implemented by the Group,
  • -detailed reporting notably on IRRBB and CSRBB risks;
• ■new obligations arising from a package of proposed measures announced by the European Commission on 20 July 2021 aiming to strengthen the European supervisory framework around anti-money laundering and combating the financing of terrorism (AML-CFT), as well as the creation of a new European agency to combat money laundering.

The Group is also subject to complex tax rules in the countries where it operates. Changes in applicable tax rules, uncertainty regarding the interpretation of certain evolutions or their effects may have a negative impact on the Group’s business, financial position and costs.

In the US, as the implementation of the Dodd-Frank Act nears completion, the Securities and Exchange Commission (SEC) has embarked on a complete regulatory overhaul of markets that covers the equity market structure, treasury markets and derivatives markets, among others, which could lead to significant changes in the way these markets operate, the cost of market participation and the competitive landscape, among others.

Moreover, as an international bank that handles transactions with US persons, denominated in US dollars, or involving US financial institutions, the Group is subject to US regulations relating in particular to compliance with economic sanctions, the fight against corruption and market abuse. More generally, in the context of agreements with US and French authorities, the Group largely implemented, through a dedicated programme and a specific organisation, corrective actions to address identified deficiencies and strengthen its compliance programme. In the event of a failure to comply with relevant US regulations, or a breach of the Group’s commitments under these agreements, the Group could be exposed to the risk of (i) administrative sanctions, including fines, suspension of access to US markets, and even withdrawals of banking licences, (ii) criminal proceedings, and (iii) damage to its reputation.

Due to its international activity, the Group faces intense competition in the international and local markets in which it operates from banking or non-banking actors alike. As such, the Group is exposed to the risk of not being able to maintain or develop its market share in its various activities. This competition may also lead to pressure on margins, which would be detrimental to the profitability of the Group’s activities.

Consolidation in the financial services industry could result in competitors bolstering their capital, resources and an ability to offer a broader range of financial services. In France and in the other main markets where the Group operates, the presence of major domestic banking and financial actors, as well as new market participants (notably neo-banks and online financial services providers), has increased competition for virtually all products and services offered by the Group. New market participants such as “fintechs” and new services that are automated, scalable and based on new technologies (such as blockchain) are developing rapidly and are fundamentally changing the relationship between consumers and financial services providers, as well as the function of traditional retail bank networks. Competition with these new actors may be exacerbated by the emergence of substitutes for central bank currency (crypto-currencies, digital central bank currency, etc.), which themselves carry risks.

Moreover, competition is also heightened by the emergence of non-banking actors that, in some cases, may benefit from a regulatory framework that is more flexible and in particular less demanding in terms of equity capital requirements.

To address these challenges, the Group has implemented a strategy, notably the development of digital technologies and the creatioin of commercial or equity partnerships with these new actors. In this context, the Group may have to make additional investments to be able to offer new innovative services and compete with these new actors. Tougher competition could, however, adversely impact the Group’s business and results, both on the French market and internationally.

Environmental, social and governance (ESG) risks are defined as risks stemming from the current or prospective impacts of ESG factors on counterparties or invested assets of financial institutions. ESG risks are seen as aggravating factors to the traditional categories of risks (including credit risk, counterparty risk, market risk, non-financial risks, structural risks, business and strategy risks, other types of risk and other factors of risk). ESG risks are therefore likely to impact the Group’s activities, results and financial position in the short, medium and long-term.

The Group is consequently exposed to environmental risks, including climate change risks through certain of its financing, investment and service activities.

The Group could be exposed to physical risk resulting from a deterioration in the credit quality of its counterparties whose activity could be negatively affected by extreme climatic events or long-term gradual changes in climate, and through a decrease in the value of collateral received (particularly in the context of real estate financing in the absence of guarantee mechanisms provided by specialised financing companies). The Group could also be exposed to transition risk through the deterioration in the credit quality of its counterparties impacted by issues related to the process of transitioning to a low-carbon economy, linked for example to regulatory changes, technological disruptions or changes in consumer preferences.

Beyond the risks related to climate change, risks more generally related to environmental degradation (such as the risk of loss of biodiversity, water resources or pollution) are also aggravating factors to the Group’s risks. The Group could notably be exposed to credit risk on a portion of its portfolio, on back of lower profitability of some of its counterparties due, for example, to increasing legal and operating costs (due to the implementation of new environmental standards).

In addition, the Group is exposed to social risks, related for example to non-compliance by some of its counterparties with labour laws or workplace health and safety issues, which may trigger or aggravate reputation and credit risks for the Group.

Similarly, risks relating to governance of the Group’s counterparties and stakeholders (suppliers, service providers, etc.), such as an inadequate management of environmental and social issues, could generate credit and reputational risks for the Group.

Beyond the risks related to its counterparties or invested assets, the Group could also be exposed to risks related to its own activities. Hence, the Group is exposed to physical climate risk with respect to its ability to maintain its services in geographical areas affected by extreme events (floods, etc.).

The Group also remains exposed to specific social and governance risks, relating for example to the operational cost of implementation of regulations (in particular related to labour laws) and the management of its human resources.

All of these risks could have an impact on the Group’s business, results and reputation in the short, medium and long term.

Directive 2014/59/EU of the European Parliament and of the Council of the European Union of 15 May 2014 (BRRD) and Regulation (EU) No. 806/2014 of the European Parliament and of the Council of the European Union of 15 July 2014 (the Single Resolution Mechanism, or “SRM”) define, respectively, a European Union-wide framework and a Banking Union-wide framework for the recovery and resolution of credit institutions and investment firms. The BRRD provides the authorities with a set of tools to intervene early and quickly enough in an institution considered to be failing so as to ensure the continuity of the institution’s essential financial and economic functions while reducing the impact of the failure of an institution on the economy and the financial system (including the exposure of taxpayers to the consequences of the failure). Within the Banking Union, under the SRM Regulation, a centralised resolution authority is established and entrusted to the SRB and national resolution authorities.

The powers granted to the resolution authority under the BRRD and the SRM Regulations include write-down/conversion powers to ensure that capital instruments and eligible liabilities absorb the Group’s losses and recapitalise it in accordance with an established order of priority (the “Bail-in Tool”). Subject to certain exceptions, losses are borne first by the shareholders and then by the holders of additional Tier 1 and Tier 2 capital instruments, then by the non-preferred senior debt holders and finally by the senior preferred debt holders, all in the order of their claims in a normal insolvency proceeding. The conditions for resolution provided by the French Monetary and Financial Code implementing the BRRD are deemed to be met if: (i) the resolution authority or the competent supervisory authority determines that the institution is failing or likely to fail; (ii) there is no reasonable perspective that any measure other than a resolution measure could prevent the failure within a reasonable timeframe; and (iii) a resolution measure is necessary to achieve the resolutions’ objectives (in particular, ensuring the continuity of critical functions, avoiding a significant negative effect on the financial system, protecting public funds by minimising the recourse to extraordinary public financial support, and protecting customers’ funds and assets) and the winding-up of the institution under normal insolvency proceedings would not meet these objectives to the same extent.

The resolution authority could also, independently of a resolution measure or in combination with a resolution measure, proceed with the write-down or conversion of all or part of the Group’s capital instruments (including subordinated debt instruments) into Common Equity Tier 1 (CET1) instruments if it determines that the Group will no longer be viable unless it exercises this write-down or conversion power or if the Group requires extraordinary public financial support (except where the extraordinary public financial support is provided in the form defined in Article L. 613-48 III, paragraph 3 of the French Monetary and Financial Code).

The Bail-in Tool could result in the write-down or conversion of capital instruments in whole or in part into ordinary shares or other ownership instruments.

In addition to the Bail-in Tool, the BRRD provides the resolution authority with broader powers to implement other resolution measures with respect to institutions that meet the resolution requirements, which may include (without limitation) the sale of the institution’s business segments, the establishment of a bridge institution, the splitting of assets, the replacement or substitution of the institution as debtor of debt securities, changing the terms of the debt securities (including changing the maturity and/or amount of interest payable and/or the imposition of a temporary suspension of payments), the dismissal of management, the appointment of a provisional administrator and the suspension of the listing and admission to trading of financial instruments.

Before taking any resolution action, including the implementation of the Bail-in Tool, or exercising the power to write down or convert relevant capital instruments, the resolution authority must ensure that a fair, prudent and realistic valuation of the institution’s assets and liabilities is made by a third party independent of any public authority.

The application of any measure under the French implementing provisions of the BRRD or any suggestion of such application to the Group could have a material adverse effect on the Group’s ability to meet its obligations under its financial instrument and, as a result, holders of these securities could lose their entire investment.

In addition, if the Group’s financial condition deteriorates, the existence of the Bail-in Tool or the exercise of write-down or conversion powers or any other resolution tool by the resolution authority (independently of or in combination with a resolution) if it determines that Societe Generale or the Group will no longer be viable could result in a more rapid decline in the value of the Group’s financial instruments than in the absence of such powers.

Weighted assets (RWA) in relation to credit and counterparty risks amounted to EUR 326.2 billion at 31 December 2023.

Due to its Financing and Market activities, the Group is exposed to credit and counterparty risk. The Group may therefore incur losses in the event of default by one or more counterparties, particularly if the Group encounters legal or other difficulties in enforcing the collateral allocated to its exposures or if the value of this collateral is not sufficient to fully recover the exposure in the event of default. Despite the Group’s efforts to limit the concentration effects of its credit portfolio exposure, it is possible that counterparty defaults could be amplified within the same economic sector or region of the world due to the interdependence of these counterparties.

Consequently, the default of one or more significant counterparties of the Group could have a material adverse effect on the Group’s cost of risk, results of operations and financial position.

At 31 December 2023, the Group’s exposure at default (EAD, excluding counterparty risk) was EUR 1,026 billion, with the following breakdown by type of counterparty: 32% on sovereigns, 30% on corporates, 21% on retail customers and 4% on credit institutions and similar. Risk-weighted assets (RWA) for credit risk totalled EUR 304 billion.

Regarding counterparty risks resulting from market transactions (excluding CVA), at the end of December 2023, the exposure value (EAD) was EUR 129 billion, mainly to corporates (39%) and credit institutions and similar entities (43%) and to a lesser extent to sovereign entities (15%). Risk-weighted assets (RWA) for counterparty risk amounted to EUR 19 billion.

At 31 December 2023, the main sectors to which the Group is exposed in its corporate portfolio included financial activities (accounting for 6.8% of  Group's total EAD exposure), real estate (3%), social services (2.8%), manufacturing (2.3%), the agriculture sector and agri-food industries (2.2%) and telecommunications, media and technology (2.0%).

In terms of geographical concentration, the five main countries to which the Group was exposed at 31 December 2023 were France (45% of the Group’s total EAD, mainly related to Sovereigns and Retail customers), the US (14% of EAD, mainly related to corporates and sovereigns), the UK (4% of EAD, mainly related to corporates), Germany (4% of total Group EAD, mainly related to credit institutions and corporates) and the Czech Republic (5% of the Group’s total EAD, mainly related to retail clients and corporates). Furthermore, the financial situation of certain counterparties could be affected by the macroeconomic context, the geopolitical tensions, the market events and regulatory changes mentioned in section 4.1.1.1, in particular “The global economic and financial context, geopolitical tensions, as well as the market environment in which the Group operates, may adversely affect its activities, financial position and results of operations”.

For more detail on credit and counterparty risk, see sections 4.5.5 “Quantitative information” and 4.6.3 “Counterparty credit risk measures” of the 2024 Universal Registration Document.

Financial institutions and other market actors (commercial or investment banks, credit insurers, mutual funds, alternative funds, institutional clients, clearing houses, investment service providers, etc.) are important counterparties for the Group in capital or inter-bank markets. Financial services institutions and financial actors are closely interrelated as a result of trading, clearing and funding relationships. In addition, there is a growing involvement in the financial markets of actors with little or no regulation (hedge funds, for example). As a result, defaults by one or several actors in the sector or a crisis of confidence affecting one or more actors could result in market-wide liquidity scarcity or chain defaults, which would have an adverse effect on the Group’s activity. Developments in the financial markets, and in particular the rise in interest rates compounded by high volatility of the market parameters, could also weaken or even cause the default of certain financial actors similar to the defaults observed at US regional banks such as SVB, thereby increasing liquidity risk and the cost of funding. The recent crisis involving certain US banks and Crédit Suisse highlighted the speed at which a liquidity crisis can develop with actors deemed fragile by the markets, who can therefore become victims of a serious and rapid loss of confidence from their investors, counterparties and/or depositors. In addition, certain financial actors could experience operational or legal difficulties in the unwinding or settlement of certain financial transactions. These risks are specifically monitored and managed (see counterparty risk).

The Group is exposed to risks related to clearing institutions and particularly to the default of one or more of their members because of the increase in transactions traded through these institutions, induced in part by regulatory changes that require mandatory clearing for over-the-counter derivative instruments standardised by these clearing counterparties. The Group’s exposure to clearing houses amounted to EUR 34.2 billion of EAD on 31 December 2023. The default of a member of a clearing institution(2) could generate losses for the Group and have an adverse effect on the business and results of the Group. These risks are also subject to specific monitoring and supervision (see counterparty risk).

The Group is also exposed on assets held as collateral for credit or derivatives instruments, with the risk that, in the event of failure of the counterparty, some of these assets may not be sold or that their disposal price may not cover the entire exposure in credit and counterparty risks. These assets are subject to periodic monitoring and a specific management framework.

The Group regularly records provisions for doubtful loans in connection with its lending activities in order to anticipate the occurrence of losses. The amount of provisions is based on the most accurate assessment at the time of the recoverability of the debts in question. This assessment, based notably on multi-scenario approaches, relies on an analysis of the current and prospective situation of the borrower as well as an analysis of the value and recovery prospects of the debt, taking into account any security interests. In some cases (loans to individual customers), the provisioning method may call for the use of statistical models based on the analysis of historical losses and recovery data. Since 1 January 2018, the Group has also been recording provisions on performing loans under the IFRS 9 accounting standard. This assessment is based on statistical models for assessing probabilities of default and potential losses in the event of default, which take into account a prospective analysis based on regularly updated macroeconomic scenarios.

IFRS 9 accounting standard principles and provisioning models could be pro-cyclical in the event of a sharp and sudden deterioration in the environment. A deterioration of the geopolitical and macroeconomic environment could lead to a significant and/or not-fully-anticipated variation in the cost of risk and therefore in the Group’s results of operations.

At 31 December 2023, the stock of provisions relating to outstanding amounts (on- and off-balance sheet) amounted to EUR 3.6 billion on performing assets and EUR 7.8 billion on assets in default. Outstanding loans in default at amortised cost (stage 3 under IFRS 9) represented EUR 16.4 billion, including 55% in France, 20% in Africa and Middle East and 10.5% in Western Europe (excluding France). The gross ratio of doubtful loans on the balance sheet was 2.9% and the gross coverage ratio of these loans was approximately 46%. The cost of risk stood at 17 basis points in 2023, against a cost of risk of 28 basis points in 2022.

Because of its international activities, the Group is exposed to the aggravating factor of country risk. (see § 4.1.1.1)

The country risk arises whenever an exposure (receivables, securities, guarantees, derivatives) is likely to be adversely affected by changes in the country’s regulatory, political, economic, social or financial conditions.

Strictly speaking, the concept of country risk refers to political and non-transfer risk, which includes the risk of non-payment resulting either from acts or measures taken by local public authorities (decision by local authorities to prohibit the debtor from fulfilling its commitments, nationalisation, expropriation, non-convertibility, etc.), or from internal (riot, civil war, etc.) or external (war, terrorism, etc.) events.

More broadly, a deterioration in the quality of the country, the sovereign, or the conditions for business activity in the country can lead to a commercial risk, with in particular a deterioration in the credit quality of all counterparties in a given country as a result of an economic or financial crisis in the country, irrespective of the specific financial situation of each counterparty. This could be a macroeconomic shock (sharp slowdown in activity, systemic crisis in the banking system, etc.), a currency devaluation or a sovereign default on its external debt, possibly leading to other defaults.

Market risk corresponds to the risk of impairment of financial instruments resulting from changes in market parameters, the volatility of these parameters and the correlations between these parameters. The concerned parameters include exchange rates, interest rates, as well as the prices of securities (shares, bonds) and commodities, derivatives and any other assets.

The Group generates a significant part of its income through net interest margins and, as such, remains exposed to interest-rate fluctuations in both absolute terms and with respect to the shape of the yield curve, particularly in its Retail Banking activities in France. The Group’s results are influenced by changes in interest rates in Europe and in the other markets where it operates. It is the same for value metrics.

In general, lower interest rates mean a reduction in the Group’s interest-rate margin, due not only to lower remuneration from deposit replacement but also to a higher risk of mortgage loans being renegotiated in the French market.

A series of very rapid rate hikes also presents a risk to the Group’s revenues. Such a scenario can be the consequence of a strong economic recovery or spiking inflation. A sharp increase in key rates combined with a context of high inflation can have negative effects, particularly in France, due to the upward interest-rate adjustment to the remuneration on certain savings products (the Livret A savings account, in particular) and the inability to fully pass on the increase to client rates for assets such as mortgage and consumer loans (in addition to the specific problems associated with the usury rate in the French market).

In general, any sudden fluctuation in interest rates may induce a change in client behaviour and calls for adjustments to the interest-rate hedges in place which could dent Group revenues and value. Last, a potential decrease in value of assets measured at fair value could also negatively impact revenues.

For more information on structural interest-rate risks, see Chapter 4.8 “Structural risks, interest rate and exchange rate” and Note 8.1 “Segmented reporting” in Chapter 6 of the 2024 Universal Registration Document.

In the course of its activities, the Group holds trading positions in the debt, currency, commodities and stock markets, as well as in unlisted shares, real estate assets and other types of assets including derivatives. The Group is thus exposed to “market risk”. Volatility in the financial markets can have a material adverse effect on the Group’s market activities. In particular:

• ■significant volatility over a long period of time could lead to corrections on risky financial assets (and especially on the riskiest assets) and generate losses for the Group;
• ■a sudden change in the levels of volatility and its structure, or alternative short-term sharp declines and fast rebounds in markets, could make it difficult or more costly to hedge certain structured products and thus increase the risk of loss for the Group.

Severe market disruptions and high market volatility have occurred in recent years and may occur again in the future, which could result in significant losses for the Group’s markets activities. Such losses may extend to a broad range of trading and hedging products, notably on derivative instruments, both vanilla and structured.

In the event that a much lower-volatility environment emerges, reflecting a generally optimistic sentiment in the markets and/or the presence of systematic volatility sellers, increased risks of correction may also develop, particularly if the main market participants have similar positions (market positions) on certain products. Such corrections could result in significant losses for the Group’s market activities. The volatility of the financial markets makes it difficult to predict trends and implement effective trading strategies; it also increases risk of losses from net long positions when prices decline and, conversely, from net short positions when prices rise. The realisation of any such losses could have a material adverse effect on the Group’s results of operations and financial position.

Similarly, the sudden decrease in, or even the cancellation of, dividends, as experienced during the Covid-19 pandemic, and changes in the correlations of different assets of the same class, could affect the Group’s performance, with many activities being sensitive to these risks. A prolonged slowdown in financial markets or reduced liquidity in financial markets could make asset disposals or position maneuverability more difficult, leading to significant losses. In many of the Group’s activity segments, a prolonged decline in financial markets, particularly asset prices, could reduce the level of activity in these markets or their liquidity. These variations could lead to significant losses if the Group were unable to quickly unwind the positions concerned, adjust the coverage of its positions, or if the assets held in collateral could not be divested, or if their selling prices did not cover the Group’s entire exposure on defaulting loans or derivatives.

The assessment and management of the Group’s market risks are based on a set of risk indicators that make it possible to evaluate the potential losses incurred at various time horizons and given probability levels, by defining various scenarios for changes in market parameters impacting the Group’s positions. These scenarios are based on historical observations or are hypothetically defined. However, these risk management approaches are based on a set of assumptions and reasoning that could turn out to be inadequate in certain configurations or in the case of unexpected events, resulting in a potential underestimation of risks and a significant negative effect on the results of the Group’s market activities.

Furthermore, in the event of a deterioration of the market situation, the Group could experience a decline in the volume of transactions carried out on behalf of its customers, leading to a decrease in the revenues generated from this activity and in particular in commissions received.

In 2023, the main central banks stepped up their restrictive policies, leading to a sharp rise in interest rates in the markets and which destabilised by way of consequence part of the US banking system. Global inflation is showing significant signs of slowing but remains above the levels desired by central banks, which could lead to further rate increases or a longer period of high rates. macroeconomic indicators show that the US economy is holding up well, while growth in China is weakening and Europe is slipping into recession. Finally, the outlook for the markets remains uncertain, due in particular to a turbulent geopolitical context with the emergence of a conflict in the Middle East, the spread of which could lead to a significant rise in the price of oil products and other raw materials, boosting inflation at a time when central bankers have less room for manoeuvre than in 2022. These risks could have a significant negative impact on the Group’s trading activities and results.

As a result of the Group’s policy of desensitising the CET1 ratio to changes in the exchange rate of currencies against the euro, the Group’s consolidated equity is favorably exposed in the event of currency appreciation against the euro.

Thus, in the event of an appreciation of the euro against foreign currencies, the Group’s consolidated equity will be negatively impacted.

Because the Group publishes its consolidated financial statements in euros, which is the currency of most of its liabilities, it is also subject to translation risk for items recorded in other currencies, in the preparation of its consolidated financial statements. Exchange rate fluctuations of these currencies against the euro may adversely affect the Group’s consolidated results, financial position and cash flows. Exchange rate fluctuations may also negatively affect the value (denominated in euros) of the Group’s investments in its subsidiaries outside the eurozone.

For more information of structural exchange rate risk, see Chapter 4.8 “Structural risks, interest rate and exchange rate” of the 2024 Universal Registration Document.

The carrying amount of Societe Generale’s securities portfolios (excluding securities measured at amortised cost), derivatives and certain other assets, as well as its own debt recorded in its balance sheet, is adjusted at each financial statement reporting date.

Most adjustments are made on the basis of changes in the fair value of the Group’s assets or liabilities during the financial year, and changes are recorded either in the income statement or directly in shareholders’ equity.

Variations recorded in the income statement, to the extent that they are not offset by opposite variations in the value of other assets, affect the Group’s consolidated results and consequently its net income.

All fair value adjustments have an impact on shareholders’ equity and, consequently, on the Group’s prudential ratios.

A downward adjustment in the fair value of the Group’s securities and derivatives portfolios may result in a decrease in shareholders’ equity and, to the extent that such an adjustment is not offset by reversals affecting the value of the Group’s liabilities, the Group’s prudential capital ratios might also be lowered.

The fact that fair value adjustments are recorded over one financial period does not mean that additional adjustments will not be required in later periods.

As of 31 December 2023, on the assets side of the balance sheet, financial instruments valued at fair value through profit or loss, hedging derivative instruments and financial assets at market value through shareholders’ equity amounted to EUR 496 billion, EUR 11 billion and EUR 91 billion, respectively. On the liabilities side, financial instruments valued at fair value through profit or loss and hedging derivative instruments amounted respectively to EUR 286 billion and EUR 109 billion on 31 December 2023.

For the proper conduct of its activities, the Group depends on access to financing and other sources of liquidity. In the event of difficulties in accessing the secured or unsecured debt markets on terms it considers acceptable, due to market conditions or factors specific to the Group, its liquidity could be impaired. In addition, if the Group is unable to maintain a satisfactory level of customer deposits collection or in the event of an unexpected withdrawal of cash or collateral, it may be forced to turn to more expensive funding sources, which would reduce the Group’s net interest margin and results.

The Group is exposed to the risk of a variation in credit spreads. The Group’s medium and long-term financing cost is directly linked to the level of credit spreads which can fluctuate depending on general market conditions.

The variation of these spreads can also be affected by an adverse change by the rating agencies in France’s sovereign debt rating or countries rating where the Group operates as well as the Group’s external ratings as described below.

The Group is currently monitored by four financial rating agencies: Fitch Ratings, Moody’s, R&I and Standard & Poor’s. For instance, the downgrading of the Group’s credit ratings, by these or other agencies, could have a significant impact on the Group’s access to funding, increase its cost of financing or reduce its ability to carry out certain types of transactions or activities with customers. This could also require the Group to provide additional collateral to certain counterparties, which could have an adverse effect on its business, financial position and results of operations.

Material events such as severe damage to the Group’s reputation, the deterioration of the economic environment following the health crisis, France’s sovereign downgrading or countries downgrading where the Group operates, or more recently as a result of the crisis in Ukraine and its impact on the Group, particularly in terms of profitability and cost of risk, could increase the risk of external rating downgrades. The Group’s ratings could be placed under negative watch or be subject to a downgrade. In particular, France’s sovereign ratings could also be downgraded due to an increase in its debt and deficits (further increased by the Covid-19 pandemic and the response measures taken by the French government) and the inability to pass structural reforms. These elements could have a negative impact on the Group’s financing costs and its access to liquidity. The Group’s ratings by Fitch Ratings, Moody’s, R&I and Standard & Poor’s are available on the Group’s website (https://investors.societegenerale.com/fr/informations-
financieres-et-extra-financiere/notations/notations-financieres).

Access to financing and liquidity constraints could have a material adverse effect on the Group’s business, financial position, results of operations and ability to meet its obligations to its counterparties.

In 2023, the Group raised a total of EUR 57.5 billion of long-term funding (of which EUR 52.6 billion for the parent company and EUR 4.9 billion for its subsidiaries) comprising, at the parent company level, senior structured issues (EUR 27.8 billion), subordinated issues (EUR 5 billion), senior vanilla non-preferred issues (EUR 5.4 billion), unsecured senior vanilla preferred issues (EUR 7.1 billion) and secured issues (EUR 7.3 billion).

For 2024, the Group has planned a funding program of approximately EUR 20-22 billion in vanilla long-term debt, in senior preferred and secured debt as well as in senior non-preferred debt and subordinated debt.

In past crises (such as the 2008 financial crisis, the eurozone sovereign debt crisis, the tensions on the financial markets linked to the Covid-19 pandemic before the intervention of the central banks) or more recently the tensions linked to geopolitical shocks and, in 2023, to the transition towards a higher interest rate regime, access to financing from European banks was intermittently restricted or subject to less favorable conditions.

If unfavorable debt market conditions were to reappear following a new systemic or Group-specific crisis, the effect on the liquidity of the European financial sector in general and on the Group in particular could be very significantly unfavorable and could have an adverse impact on the Group’s operating results as well as its financial position. In this respect, the case of Crédit Suisse is illustrative of the potential consequences of a crisis affecting a systemic bank on the access to liquidity for the sector and an increase in banks’ financing costs.

For several years, central banks have taken measures to facilitate financial institutions’ access to liquidity, in particular by setting up TLTRO (Targeted Longer-Term Refinancing Operations) type facilities and by implementing asset purchase policies to keep long-term interest rates at very low levels. In a context of higher inflation, central banks (notably the ECB and the US Federal Reserve) phased out these accommodating policies in particular with the end of the TLTRO mechanism and the first repayments thereof, the gradual withdrawal of asset-purchase policies and a rise in key interest rates. Even if inflationary pressures are easing and some central banks are anticipating a pause in rate hikes, uncertainty persists over the outlook in this field. In this context, the Group could face an unfavorable evolution of its financing cost and access to liquidity.

In addition, if the Group were unable to maintain a satisfactory level of deposits from its customers, it could be forced to resort to more expensive financing due to rising interest rates, which would reduce its net interest margin as well as its results.

The Group’s regulatory short-term liquidity coverage ratio (LCR) stood at 160% at 31 December 2023 (end of period) and liquidity reserves amounted to EUR 316 billion at 31 December 2023.

At 31 December 2023, risk-weighted assets in relation to operational risk amounted to EUR 50.1 billion, or 13% of the Group’s total RWA. These risk-weighted assets relate mainly to Global Markets & Investor Services (58% of total operational risk).

Between 2019 and 2023, the Group’s operational risks were primarily concentrated in five risk categories, representing 94% of the Group’s total operating losses observed over the period: fraud (mainly external frauds) and other criminal activities (35%), execution errors (21%), disputes with authorities (15%), errors in pricing or risk assessment, including model risk (13%) and commercial disputes (10%). The Group’s other categories of operational risk (unauthorised activities in the markets, loss of operating resources and failure of information systems) remain minor, representing on average 6% of the Group’s losses between 2019 and 2023.

See Chapter 4.10.3 “Operational risk measurement” of the 2024 Universal Registration Document for more information on the allocation of operating losses.

The Group relies heavily on communication and information systems to conduct its business and this is reinforced by the widespread use of remote banking and the digitalisation of processes. Any breach of its systems or the systems of its external partners could materially disrupt the Group’s business. Such incidents could result in significant costs related to the recovery and verification of information, loss of revenues, customer attrition, disputes with counterparties or customers, difficulties in managing market operations and short-term refinancing operations, and ultimately damage the Group’s reputation. Difficulties experienced by the Group’s counterparties could also indirectly generate credit and/or reputational risks for the Group. The situation stemming from the conflict in Ukraine (mentioned in section 4.1.1.1 “The global economic and financial context, geopolitical tensions, as well as the market environment in which the Group operates, may adversely affect its activities, financial position and results of operations”) increases the risk of cyberattacks for the Group and its external partners.

Each year, the Group is subject to several cyberattacks on its systems or those of its clients, partners and suppliers. The Group could be subject to targeted and sophisticated attacks on its computer network, including phishing campaigns designed by “artificial intelligence” to achieve higher levels of persuasion, resulting in embezzlement, loss, theft or disclosure of confidential data or customer data which could constitute violations of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). Such actions could result in operational losses and have an adverse effect on the Group’s business, results and reputation with its customers.

In the case of non-compliance with applicable laws and regulations, the Group and certain of its former and current representatives may be involved in various types of litigation, including civil, administrative, tax, criminal and arbitration proceedings. The large majority of such proceedings arise from transactions or events that occur in the Group’s ordinary course of business. There has been an increase in client, depositor, creditor and investor litigation and regulatory proceedings against intermediaries such as banks and investment advisors in recent years, in part due to the challenging market environment. This has increased the risk for the Group of losses or reputational harm arising from litigation and other proceedings. Such proceedings or regulatory enforcement actions could also lead to civil, administrative, tax or criminal penalties that could adversely affect the Group’s business, financial position and results of operations.

In preparing its financial statements, the Group makes estimates regarding the financial outcome of civil, administrative, tax, criminal and arbitration proceedings in which it is involved, and records a provision when losses with respect to such matters are probable and can be reasonably estimated. It is inherently difficult to predict the outcome of litigation and proceedings involving the Group’s businesses, particularly those cases in which the matters are brought on behalf of various classes of claimants, cases where claims for damages are of unspecified or indeterminate amounts, or cases involving unprecedented legal claims. Should such estimates prove inaccurate or should the provisions set aside by the Group to cover such risks prove inadequate, the Group’s financial position or results of operations could be adversely affected.

For a description of the most significant ongoing proceedings, see section 4.11 “Compliance”, Note 8.3.2 “Other provisions for risks and expenses” and Note 9 “Information on risks and litigation” of Chapter 6 of the 2024 Universal Registration Document.

Any dysfunction, failure or interruption of service of the Group’s communication and information systems or the systems of its external partners, even brief and temporary, could result in significant disruptions to the Group’s business. Such incidents could result in significant costs related to information retrieval and verification, loss of revenue, loss of customers, litigation with counterparties or customers, difficulties in managing market operations and short-term refinancing, and ultimately damage to the Group’s reputation.

The Group is exposed to the risk of operational failure or capacity constraints in its own systems and in the systems of third parties, including those of financial intermediaries that it uses to facilitate cash settlement or securities transactions (such as clearing agents and houses and stock exchanges), as well as those of clients and other market participants.

The interconnections between various financial institutions, clearing houses, stock exchanges and service providers, including external cloud services, increase the risk that the operational failure of any one of them could lead to an operational failure of the entire sector, which could have an adverse impact on the Group’s ability to conduct its business and could therefore result in losses. This risk is likely to be increased by industry concentration, whether among market participants or financial intermediaries, as complex and disparate systems need to be integrated, often on an accelerated basis.

The Group is also subject to various regulatory reforms and major internal strategic projects that may lead to operational disruptions and have an impact on the Group’s operations, the accounting of transactions and their tax or prudential treatment, and on the Group’s results in the event of poor project management and understanding of operational risks (see “Risk factor” 4.1.1.2).

Fraud risk is defined as the intentional non-compliance with existing laws, regulations or procedures, which in most cases results in harm to the Bank or its customers and provides the fraudster or his or her relatives with a direct or indirect material or moral benefit.

The risk of fraud increases intrinsically in a crisis context (financial pressure among clients, third parties or our employees) and in a remote working environment that may limit the capacity for monitoring and exchanges by or with the manager or other employees contributing to the prevention or detection of fraud risk. This risk mainly involves external fraud related to the Bank’s credit activities and to the means of payment (electronic banking, transfers, and checks) made available to customers. Fraud schemes are changing rapidly in terms of volume and approach, in line with the security measures and counter-measures developed in the market and within the Group. Internal fraud is carried out through the misappropriation of funds and the granting of undue facilities and can be carried out with or without external collusion. Finally, unauthorised rogue trading, with or without circumvention of controls, could impact results and have a very significant negative impact on the Group’s reputation.

Between 2019 and 2023, the risk of fraud represented 35% of the Group’s total operating losses.

An organisation benefits from a good reputation when its activities and services meet or exceed the expectations of its stakeholders, both external (customers, investors, shareholders, regulators, supervisors, suppliers, opinion leaders such as NGOs, etc.) and internal (employees).

The Group’s reputation for financial strength and integrity is critical to its ability to foster loyalty and develop its relationships with clients and other counterparties in a highly competitive environment. Any reputational damage could result in loss of activity with its customers or a loss of confidence on the part of its stakeholders, which could affect the Group’s competitive position, its business and its financial condition. As in the case of the banking crisis at the beginning of 2023, a material damage to the Group’s reputation could also result in a reduction in the Company value and an increased difficulty in raising capital.

Therefore, failure by the Bank to comply with the relevant regulations and to meet its commitments, especially those relating to CSR, could damage the Group’s reputation.

Failure to comply with the various internal rules and Codes(3), which aim to anchor the Group’s values in terms of ethics and responsibility, could also have an impact on the Group’s image.

For more information about reputation risk please see section 4.11 “Compliance risk”, 4.9 “Structural-liquidity risk”, and 4.10 “Operational risk” of the 2024 Universal Registration Document.

At 31 December 2023, the Group employed more than 126,000 people in more than 60 countries. Human resources are key assets of the Group, its business model and value proposition.

The emergence of new actors and new technologies in the banking sector, as well as the consequences of the health crisis, have accelerated the transformation of the Bank, directly impacting the way the Company operates and the way employees work. Inadequate career and skills management (integration, career prospects, training, HR support, compensation levels in line with market practice, etc.), transformation projects, as well as a lack of attractiveness and poor working conditions could lead to a loss of resources, know-how and commitment. This would have a negative impact on individual and collective performance and the Group’s competitiveness. The inability of Societe Generale to attract and retain employees, a high rate of turnover, the loss of strategic employees and a poor management of human capital in a tense geopolitical context could adversely affect the performance of the Group, result in a loss of business, a deterioration in the quality of service (at the expense of client satisfaction) and a deterioration in the quality of working life (to the detriment of the employee experience).

For more information, see section 5.1.1 “Being a responsible employer” of the 2024 Universal Registration Document.

Internal models used within the Group could prove to be deficient in terms of their conception, calibration, use or monitoring of performance over time in relation to operational risk and therefore could produce erroneous results, notably with financial consequences. The faulty use of so-called artificial intelligence techniques in the conception of these models could also generate erroneous results.

In particular:

• ■the valuation of certain financial instruments that are not traded on regulated markets or other trading platforms, such as OTC derivative contracts between banks, uses internal models that incorporate unobservable parameters. The unobservable nature of these parameters results in an additional degree of uncertainty as to the adequacy of the valuation of the positions. In the event that the relevant internal models prove unsuitable for changing market conditions, some of the instruments held by the Group could be misvalued and could generate losses for the Group.
• For illustrative purposes, financial assets and liabilities measured at fair value on the balance sheet categorised within level 3 (for which the valuation is not based on observed data) represented EUR 24.4 billion and EUR 45.6 billion, respectively, as of 31 December 2023 (see Note 3.4.1 and Note 3.4.2 of Chapter 6 of the consolidated financial statements included in the 2024 Universal Registration Document on financial assets and liabilities measured at fair value);
• ■the assessment of client solvency and the Bank’s exposure to credit risk and counterparty risk is generally based on historical assumptions and observations that may prove to be inappropriate in light of new economic conditions. It is based on economic scenarios and projections that may not adequately anticipate unfavorable economic conditions or the occurrence of unprecedented events. This miscalculation could, among other things, result in an under-valuation and an under-provisioning of risks and an incorrect assessment of capital requirements;
• ■hedging strategies used in market activities rely on models that include assumptions about the changes of market parameters and their correlation, partly inferred from historical data. These models could be inappropriate in certain market environments (in the event of a large-scale armed conflict, strong movements in volatility resulting, for example, from a pandemic, or tensions between the United States and China, in the Middle East or in Africa), leading to an ineffective hedging strategy, thus causing unanticipated losses that could have a material adverse effect on the Group’s results and financial position;
• ■hedging strategies to manage the interest-rate and liquidity risks of retail banking activities, particularly those in France, use models that include behavioural assumptions. These models are partly based on historical observations the purpose of which is to identify likely client behaviour as well as changes in the interest rate terms offered to customers in relation to their banking products in specific interest rate scenarios. That said, they may be unsuitable due to a change in macroeconomic regime (for instance, significant movements in interest rates or inflation), in the competitive or regulatory environment, and/or in the Bank’s commercial policy, which would therefore temporarily make the resulting hedging strategies inappropriate, thereby potentially harming bank revenues.

In addition, the Group has introduced changes to its internal credit risk model framework, the first milestones of which have been reached. This “Haussmann project” aims at rationalizing the architecture of the Group’s internal credit models and bringing them into line with new European regulatory requirements. These changes could have a significant impact on the calculation of its RWA credit and counterparty risk in the event of timetable delays when submitting its models to the supervisor or in the event of the late validation by the supervisor.

The Group remains dependent on its environment. The occurrence of a new epidemic or pandemic crisis (such as the Covid-19 pandemic) or a health crisis related to the pollution of the natural environment could have a significant impact on the Group’s activities. Also, large-scale armed conflicts, terrorist attacks, natural disasters (including earthquakes, such as in Romania, and floods, such as the exceptional flooding of the Seine in Paris or the Chennai in India), extreme weather conditions (such as heatwaves) or major social unrest (such as the Gilets Jaunes movement in France) could affect the Group’s activities.

Such events could create economic and financial disruptions or lead to operational difficulties (including travel limitations or relocation of affected employees) for the Group.

These events could impair the Group’s ability to manage its businesses and also expose its insurance activities to significant losses and increased costs (such as higher re-insurance premiums). The Group could incur losses if these risks materialise.

As part of its long-term leasing activities, the Group is exposed to a potential loss in a financial year from (i) resale of vehicles related to leases which expire during the period whose resale value is lower than their net carrying amount and (ii) additional impairment during the lease period if residual value drops below contractual residual value. Future sales and estimated losses are impacted by external factors such as macroeconomic conditions, government policies, tax and environmental regulations, consumer preferences, new vehicle prices, etc.

On the mobility market, the used vehicle market began to normalize in 2023, although it remains at high levels, reflecting a sustained demand. This gradual normalisation, given the increase in new vehicle registrations by automakers, is leading to a gradual decline in used vehicle sale results. As a result, the Group, which has a fleet of 2.71 millions of vehicles at the end of 2023, has recorded earnings from the sale of used vehicles which remain high over 2023, although down on the previous year (Result of €2,400 per used vehicle sold before the impact of the reductions in depreciation costs and LeasePlan’s Purchase Price Allocation(4)). Given the continuing improvement in new car availability and the depreciation reductions previously recorded to take account of the exceptionally favorable market, a further decline in average earnings on used car sales is expected in 2024. Ayvens also aims to monitor residual value for Electric Vehicle, whose future sale in the specific used vehicle market could also involve uncertainties related to the level of demand, the level of prices, or rapid technological change.

A deterioration in market conditions, and in particular a significant increase or decrease in interest rates, could have a material adverse effect on the life insurance activities of the Group’s Insurance business.

In 2023, the Group’s insurance activities represented net banking income of EUR 0.6 billion, or 2.5% of the Group’s consolidated net banking income. The Group’s Insurance Division is mainly focused on life insurance. At 31 December 2023, life insurance contracts registered outstandings of EUR 136 billion, divided between euro-denominated contracts (62%) and unit-linked contracts (38%).

The Group’s Insurance business is highly exposed to interest-rate risk due to the high proportion of bonds in the euro-denominated funds in its life insurance contracts. The level of and changes in interest rates may, in certain configurations, have a material adverse effect on the results and financial position of this business line.

With its impact on the yield of euro-denominated contracts, a prolonged outlook of low interest rates reduces the attractiveness of these products for investors, which can negatively affect fundraising and income from this segment of the life insurance business.

A sharp rise in interest rates could also degrade the competitiveness of the life insurance offerings in euros (compared with bank savings products, for example) and trigger significant repurchases and arbitrage operations by customers, in an unfavourable context of unrealised losses on bond holdings. This configuration could affect the revenues and profitability of the life insurance activity.

More generally, pronounced spread widening and a decline in equity markets could also have a significant negative effect on the results of the Group’s life insurance business.

In the event of a deterioration in market parameters, the Group could be required to strengthen the capital of its insurance subsidiaries to enable them to continue meeting their regulatory requirements in this domain.

The Pillar 3 report, published under the responsibility of Societe Generale Group’s Senior Management, sets out, in accordance with the CRR regulation, the quantitative and qualitative information on Societe Generale’s capital, liquidity and risk management to ensure transparency in respect of the various market players. This information has been prepared in compliance with the internal control procedures approved by the Board of Directors in the course of the validation of the Group Risk Appetite Framework and Group Risk Appetite Statement, and are based, among other things, on the annual review, by General Management in the Group Internal Control Coordination Committee (GICCC) and by the Risk Committee of the Board of Directors, of Societe Generale’s Risk division, particularly in its ability to exercise its role as the second line of defense for the entire Group.

Risk appetite is defined as the level of risk that the Group is prepared to accept to achieve its strategic goals.

Thus, risk appetite is part of the Group’s overall strategy, which has the following objectives:

• ■CET 1 ratio at 13% in 2026, under Basel IV;
• ■average annual revenue growth between 0% and 2% over 2022-2026;
• ■cost-to-income ratio below 60% in 2026 • Return on tangible equity (ROTE) between 9% and 10% in 2026;
• ■maintaining a risk management at the highest standards with a cost of risk between 25 and 30 bps over 2024-2026 and a rate of non performing loan between 2,5% and 3% in 2026;
• ■maintaining a strength liquidity profile with a short term liquidity ratio, Liquidity Coverage Ratio (LCR), greater or equal to 130% over 2024-2026 and a Net Stable Funding Ratio greater or equal to 112% over 2024-2026.

The Group seeks to achieve sustainable profitability, relying on a robust financial profile consistent with its diversified banking model, by:

• ■adjusting its activities portfolio according to performance criteria, synergy with the Group and extreme risk criteria;
• ■targeting profitable and resilient business development;
• ■maintaining a target rating allowing access to financial resources at a cost consistent with the development of the Group’s businesses and its competitive positioning;
• ■calibrating its capital indicators (consistent with the results of the ICAAP group process) to ensure:
  • -satisfaction of minimum regulatory requirements on CET1 ratio,
  • -financial conglomerate ratio requirement, which take into consideration the combined solvency of Group banking and insuring activities,
  • -coverage of one year of “internal capital requirement” using available CET1 capital,
  • -a sufficient level of creditor protection consistent with a debt issuance program that is particularly hybrid consistent with the Group’s objectives in terms of rating and regulatory ratios such as Tier 1, TLAC (“Total Loss Absorbing Capacity”), MREL (“Minimum Required Eligible Liabilities”), and the leverage ratio;
• ■ensuring resilience of its liabilities, which are calibrated by taking into account a survival horizon in a combined liquidity stress ratio (ILSI – Internal Liquidity Stress Indicator), compliance with LCR (Liquidity Coverage Ratio) and NSFR (Net Stable Funding Ratio) regulatory ratios and the level of dependence on short-term fundings and the foreign currencies needs business of the Group, notably in USD;
• ■controlling financial leverage.

Based on this model, the risk appetite is established and formalised at a Group level by type of risks.

Credit risk appetite is managed through a system of credit policies, risk limits and pricing policies.

When it takes on credit risk, the Group focuses on medium- and long-term client relationships, targeting both clients with which the Bank has an established relationship of trust and prospects representing profitable business development potential over the mid-term.

Acceptance of any credit commitment is based on in-depth client knowledge and a thorough understanding of the purpose of the transaction.

In particular, concerning the underwriting risk, the Group, mainly through the Business Unit GLBA “Global Banking and Advisory”, makes a steadfast commitment to transactions at a guaranteed price as debt financing arranger, prior to syndicating them to other banking syndicates and institutional investors. If market conditions deteriorate or markets close while the placement is under way, these transactions may create a major over-concentration risk (or losses, if the transaction placement requires selling below the initial price).

The Group controls the aggregate value of approved underwriting positions, so as limit it risk if debt markets are closed for an extended period.

In a credit transaction, risk acceptability is based first on the borrower’s ability to meet its commitments, in particular through the cash flows which will allow the repayment of the debt. For medium and long-term operations, the funding duration must remain compatible with the economic life of the financed asset and the visibility horizon of the borrower’s cash flow.

Security interests are sought to reduce the risk of loss in the event of a counterparty defaulting on its obligations, but may not, except in exceptional cases, constitute the sole justification for taking the risk. Security interests are assessed with prudent value haircuts and paying special attention to their actual enforceability.

Complex transactions or those with a specific risk profile are handled by specialised teams within the Group with the required skills and expertise.

The Group seeks risk diversification by controlling concentration risk and maintaining a risk allocation policy through risk sharing with other financial partners (banks or guarantors).

Counterparty ratings are a key criterion of the credit policy and serve as the basis for the credit approval authority grid used in both the commercial and risk functions. The rating framework relies on internal models. Special attention is paid to timely updating of ratings (which, in any event, are subject to annual review)(1).

The risk measure of the credit portfolio is based primarily on the Basel parameters that are used to calibrate the capital need. As such, the Group relies for the internal rating of counterparties on Basel models allowing the assessment of credit quality, supplemented for “non-retail” counterparties, by expert judgment. These measures are complemented by an internal stress-sized risk assessment, either at the global portfolio level or at the sub-portfolio level, linking risk measures and rating migration to macroeconomic variables most often to say expert. In addition, the calculation of expected losses under the provisions of IFRS 9, used to determine the level of impairment on healthy outstandings, provides additional insight into assessing portfolio risk.

In cooperation with the Risk Function, the business lines implement pricing policies which are differentiated based on counterparty and transaction risk levels. The purpose of pricing a transaction is to ensure acceptable profitability, in line with the objectives of ROE (Return on Equity) of the business or entity, after taking into account the cost of the risk of the transaction in question. The pricing of an operation can nevertheless be adapted in certain cases to take into account the overall profitability and the potential customer relationship development. The intrinsic profitability of products and customer segments is subject to periodic analysis in order to adapt to changes in the economic and competitive environment.

Proactive management of impaired risks is key to containing the risk of final loss in the event of default of a counterparty. As such, the Group has put in place rigorous procedures and/or enhanced follow-up to monitor counterparties with a worsening risk profile. Furthermore, the businesses lines and subsidiaries or branches, along with the Risk function, have set up joint teams of employees specialised in asset recovery management to effectively preserve the Bank’s interests in the event of default.

Transitional and physical environmental risk factors can have a significant impact on the credit risk and are an aggravating factor for the risks the Bank is facing, in particular credit risk through an increase of costs, a decrease in the guarantees’ performance and a reduction in demand.

Concerning ESG risks (Environmental, Social & Governance), the assessment and management of the impact of ESG risk factors on credit risk is particularly based on portfolio alignment indicators (power generation for example).

In general, credit granting policies must comply with the criteria defined within the framework of the Group’s Social and Environmental Responsibility (CSR) policy, which is broken down through:

• ■the general environmental and social principles and the sectoral and cross-cutting policies appended to them. Sector policies cover sectors considered potentially sensitive from an environmental, social or ethical point of view;
• ■the targets for alignment with the objectives of the Paris agreement, which the Group has set itself, starting with the sectors with the highest CO2 emissions;
• ■commitment to granting sustainable financing classified as Sustainable and Positive Impact Finance and to Sustainability linked transactions.

The risk related to climate change is taken into consideration in the credit risk assessment process. In July 2022, a Group procedure was published on the integration of C&E factors in the credit granting analysis, and a training program is being rolled out. In addition, over the course of 2023, the climate vulnerability assessment dedicated to transition risk will be fully integrated in the credit grating process and tools. It makes it possible to integrate the impact of climate risk in the analysis of credit risk.

Counterparty risk is the credit risk on market transactions and includes counterparty credit risk (CCR) and settlement-delivery risk (RDL). They are measured by parameters taken into account the dynamics of exposures distortions linked to market movements. Counterparty risk is thus managed via a set of limits that reflect the Group’s risk appetite. The Group also measures this risk under stress tests to take account exceptional market disturbances. In order to mitigate these risks, the Group has contracted close-out netting agreements and market collateralisation.

The future value of exposure to a counterparty as well as its credit quality are uncertain and variable over time, both of which are affected by changes in market parameters. Thus, counterparty credit risk management is based on a combination of several types of indicators:

• ■indicators of potential future exposures (potential future exposures, or PFE), aimed at measuring exposure to our counterparties:
  • -the Group controls idiosyncratic counterparty credit risks via a set of CVaR(2) limits. The CVaR measures the potential future exposure linked to the replacement risk in the event of default by one of the Group’s counterparties. The CVaR is calculated for a 99% confidence level and different time horizons, from one day until the maturity of the portfolio,
  • -in addition to the risk of a counterparty default, the CVA (Credit Valuation Adjustment) measures the adjustment of the value of our portfolio of derivatives and repos account the credit quality of our counterparties;
• ■the abovementioned indicators are supplemented by stress test impacts frameworks or on nominal ones in order to capture risks that are more difficult to measure;
• ■risks are measured via stress tests at different levels:
  • -across all categories(3) of counterparties,
  • --on all categories of clients,
  • -at activity level for agency businesses collateralised financing bearing more wrong-way risks by nature;
• ■the CVA risk is measured through a stress test aiming at measuring the CVA impacts due to hypothetical market risk scenarios reflecting market moves deemed to be representative, especially counter parties’ credit spreads.
• ■exposures to central counterparty clearing houses (CCP(4)) are subject to specific supervision:
  • -the amount of collateral posted for each segment of a CCP: the initial posted margins, both for our principal and agency activities, and our contributions to CCP default funds,
  • -in addition, a stress test measures the impact linked to (i) the default of an average member on all segments of a CCP and (ii) the failure of a major member on a segment of a CCP;
• ■the Global Stress Test on market activities includes cross market-counterparty risks, it is described in more detail in the “Market risk” section;
• ■besides, a specific framework that has been set up aims to avoid individual concentration related to counterparty risk in market operations.
• ■finally, a CCR RAS metric is now under Board delegation authority (subject to CORISQ, etc.), relying on the sum of the GASEL and the Collaterised Financing stress test commensurate with market risk.

Settlement-delivery risk is the risk of non-payment of amounts due by a counterparty or the risk of non-delivery of currencies, securities, commodities or other products by a counterparty in the context of the settlement of a market transaction whose payment type is FOP (Free of Payment, which implies that payment and delivery are two distinct flows that should be considered independently of each other).

The Group measures its exposure to this risk of non-payment or non-delivery of funds or securities using a dedicated metric (RDL). It is measured as the amount of flows (of funds, securities or commodities) to be received after netting the settlement flows to be paid and received and taking into account the risk mitigation mechanisms(5).

The characteristics of the transactions, as well as the legal and operational environment in which they are processed, are used to calculate the settlement-delivery risk profile for each Counterparty.

Group market activities are guided as part of a development strategy focused in priority for meeting the customer needs, with a complete range of solutions.

Market risk is managed through a set of limits for several indicators (such as stress tests, Value-at-Risk (VaR) and stressed Value-at-Risk (SvaR), “Sensitivity” and “Nominal” indicators). These indicators are governed by a series of limits proposed by the business lines and approved by the Risk Division during the course of a discussion-based process.

The choice of limits and their calibration reflect qualitatively and quantitatively the fixing of the Group’s appetite for market risks. This analysis is related to market conditions, the flexibility in managing down the Group’s positions or the consumption of regulatory own funds based on internal reference models. A regular review of these frameworks also enables risks to be tightly controlled according to changing market conditions with, for example, a temporary reduction of limits if market conditions worsen. Warning thresholds are also in place to prevent the possible occurrence of overstays.

Limits are set at different sub-levels of the Group, thereby cascading down the Group’s risk appetite from an operational standpoint within its organisation.

Within these limits, the Global Stress Test limits on market activities and the Market Stress Test limits play a pivotal role in determining the Group’s market risk appetite; in fact, these indicators cover all operations and the main market risk factors as well as risks associated with a severe market crisis which helps limit the total amount of risk and takes account of any diversification effects. These stress tests and their associated threshold, permit to evaluate and frame a potential loss under different market scenarios, adverse but plausible, of decennial occurrence (for instance, systemic crisis).

Non-financial risks are defined as non-compliance risk, risk of inappropriate conduct, IT risk, cybersecurity risk, other operational risks, including operational risk associated with credit risk, market risk, model risk, liquidity and financing, structural and rate risk. These risks can lead to financial losses.

Governance and a methodology have been put in place for the scope of non-financial risks.

As a general rule, the Group has no appetite for operational risk or for non-compliance risk. Furthermore, the Group maintains a zero-tolerance policy on incidents severe enough to potentially inflict serious harm to its image, jeopardise its results or the trust displayed by customers and employees, disrupt the continuity of critical operations or call into question its strategic focus. The Group underscores that it has is no or very low tolerance for operational risk involving the following:

• ■internal fraud: the Group does not tolerate unauthorised trading by its employees. The Group’s growth is founded on trust, as much between employees as between the Group and its employees. This implies respecting the Group’s principles at every level, such as exercising loyalty and integrity. The Group’s internal control system must be capable of preventing acts of major fraud;
• ■cybersecurity: the Group has no appetite for fraudulent intrusions, disruption of services, compromise of elements of its information system, in particular those which would lead to theft of assets or theft of customer data. The Bank intends to introduce effective means to prevent and detect this risk. It has a barometer that measures the maturity of the cybersecurity controls deployed within its entities and the appropriate organisation to deal with any incidents;
• ■data leaks: trust is one of Societe Generale Group’s key assets. As a result the Bank commits to deploy the necessary resources and implement controls to prevent, detect and remedy data leaks. The Bank does not tolerate leaks of its most sensitive information, in particular where it concerns its customers;
• ■business continuity: the Group relies heavily on its information systems to perform its operations and is therefore committed to deploying and maintaining the resilience of its information systems to ensure the continuity of its most essential services. The Group has very low tolerance for the risk of downtime in its information systems that perform essential functions, in particular systems directly accessible to customers or those enabling to conduct business on financial markets. In addition, to deal with the occurrence of certain extreme events that could permanently affect its information system, its external service providers or a major Group entity based abroad, the Bank is developing resilience solutions to ensure its survival. The Group thus defines the duration (“impact tolerance”) beyond which any interruption of a Group vital process would present a risk to (i) the safety and soundness of the Group, (ii) customers, (iii) the stability of the financial system. Impact tolerance applies to each vital process, regardless of crisis scenarios and available solutions, and differs from Recovery Time Objective (RTO), which is a business continuity indicator that oversees unavailability for low-impact incident. A maturity index will also be calculated to measure the degree of resilience of the most vital processes by crisis nature;
• ■outsourced services: Societe General Group intends to demonstrate a high degree of throroughness in the control of its activities entrusted to external service providers. As such, the Societe Generale Group adheres to a strict discipline of monitoring it’s providers with a review frequency depending on their level of risk. Thus, Societe General does not have any appetite for a delay in the management of its service providers exceeding three months;
• ■managerial continuity: the Group intends to ensure the managerial continuity of its organisation to avoid the risk of a long-term absence of a manager that would question the achievement of its strategic objectives, which might threaten team cohesion or disrupt the Group’s relationships with its stakeholders;
• ■physical security: the Societe Generale Group applies security standards to protect personnel, tangible and intangible assets in all the countries where it operates. The Group Security Department ensures the right level of protection against hazards and threats, in particular through security audits on a list of sites that it defines;
• ■execution errors: the Societe Generale Group has organised its day-to-day transaction processes and activities through procedures designed to promote efficiency and mitigate the risk of errors. Notwithstanding a robust framework of internal control systems, the risk of errors cannot be completely avoided. The Group has a low tolerance for execution errors that would result in very high impacts for the Bank or its clients.

The Group is exposed to legal risks inherent in its business such as commercial disputes and non-respect of the competition laws. The Group aims at managing and mitigating these risks. Its Legal Division serves a risk mitigation function within the Group and defines the norms, standards, procedures and controls associated with legal risk. The Legal Division provides independent legal advice within the Group and, among its roles, it identifies, assesses, analyses and mitigates legal risk issues within the Group. It also promotes a solid “legal risk culture” throughout the Group.

The Group is required to strictly comply with all laws and regulations which govern its activities in all countries in which it operates, and implements international best practices to that effect. It strives, in particular, to:

• ■knowing its customers by implementing appropriate KYC measures;
• ■work with clients and partners that comply with international rules and standards on anti-money laundering and terrorism financing;
• ■work with clients and complete transactions in accordance with rules related to international sanctions and embargoes;
• ■perform transactions, offer products and advisory services and work with partners in accordance with regulations governing, in particular, client protection;
• ■implementing the necessary measures and conducting transactions in the respect of the integrity of the markets;
• ■implementing and complying with data protection obligations, in particular obligations regarding the protection of personal data and the use of digital technologies;
• ■ensuring the proper functioning of the system for interpreting and transposing prudential regulations by the expert functions, in particular DFIN and RISQ.

Liquidity risk is defined as the Group’s inability to meet its financial obligations at a reasonable cost: debt repayments, collateral supply. The Group assesses this risk over various time horizons, including intraday, considering market access restriction risk (generalised or specific to the Group).

Funding risk is defined as the risk that the Group will not be able to finance the development of its businesses at a scale consistent with its commercial goals and at a competitive cost compared to its competitors. The capacity to raise funding is assessed over a three-year horizon. Controlling liquidity risk is based primarily on:

• ■compliance with regulatory liquidity ratios, with precautionary buffers: LCR (liquidity coverage ratio) ratios that reflect a stress situation and NSFR (net stable funding ratio);
• ■compliance with a minimum survival horizon under combined market and idiosyncratic stress (Internal Liquidity Stress Indicator (ILSI));
• ■framing of transformation and anti-transformation positions (price risk);
• ■management of the contingent liquidity reserve with the Central Bank.

Controlling financing risk is based on:

• ■maintaining liabilities structure designed to meet the Group’s regulatory constraints (Tier1, Total Capital, Leverage, TLAC, NSFR, MREL) and rating agency requirements in order to secure a minimum rating level;
• ■recourse to market financing: annual long-term issuance programs and a stock of moderate structured issues and short-term financing raised by supervised treasuries.

Structural exposure to interest rate, credit spread and foreign exchange risks results from commercial transactions and their hedging in the banking book (and not in the trading book, which concerns market risk).

Structural interest rate risk (also referred to as Interest Rate Risk in the Banking Book – IRRBB) refers to the risk – whether current or prospective – to the Group’s equity and earnings (hence for the Net Present value and the Net Interest Margin) posed by adverse movements in interest rates affecting the items comprising its banking book. There are four main types of risk based on the EBA taxonomy: Interest rates level risk, curve risk, optional risk and basis risk. All four types of risks may potentially affect the value or yield of interest-rate sensitive assets, liabilities and off-balance sheet items.

Structural credit spread risk (also referred to as Credit Spread Risk in the Banking Book – CSRBB) refers to the Group’s equity and earnings posed by adverse movements in market price for credit risk, for liquidity (of lenders) and for potentially other characteristics of credit-risky instruments, which is not captured by another existing prudential framework (such as IRRBB) or by expected credit default risk or a jump-to-default risk. The management of interest rate risk is detailed in Chapter 4-8 Structural risk-interest rate and exchange rate risk of the 2024 URD.

Changes in inter-currency exchange rates may cause changes in the value of assets, liabilities and off-balance sheet items and result in volatility in the income statement or other gains and losses recognised in equity.

The Group’s policy in terms of structural exchange rate risks consists of limiting as much as possible the sensitivity of its CET1 capital ratio to changes in exchange rates, so that the impact on the CET1 ratio of an appreciation or a depreciation of all currencies against the euro does not exceed a certain threshold in terms of bp by summing the absolute values of the impact of each currency.

The risks on social commitments result from the deficit between the social liabilities and the related financial assets.

Regarding risks to pension and long-service obligations, which are the Bank’s long-term obligations towards its employees, the amount of the provision is monitored for risk on the basis of a specific stress test and an attributed limit. The risk management policy has two main objectives: reduce risk by moving from defined-benefit plans to defined-contribution plans and optimize asset risk allocation (between hedge assets and performance assets) where allowed by regulatory and tax constraints.

The source of model risk may be linked to incorrect model design, implementation, use or monitoring.

The Group is committed to defining and deploying internal standards to reduce model risk on the basis of key principles, including the creation of three independent lines of defence, the proportionality approach relying on a model tiering methodology, a model inventory and the consistency of the approaches used within the Group.

Risk model appetite is defined for the perimeter of this group of models: credit risk IRB and IFRS 9, market and counterparty risk, market product valuation, ALM, trading model, compliance and granting.

A wrong design, application, use or monitoring of these models can have unfavourable consequences of two types: an underestimation of own funds on the basis of models approved by the regulators and/or financial losses.

The Group conducts Insurance activities (Life Insurance and Savings, Retirement savings, Property & Casualty Insurance, etc.) which exposes the Group to two major types of risks:

• ■subscription risk related to pricing and fluctuations in the claims ratio;
• ■risks related to financial markets (interest rate, credit and equity) and asset-liability management.

Insurance management risk is described in Financial Statements Note 4.3 Insurance activities

The Group has limited appetite for financial holdings, such as proprietary private equity transactions. The investments allowed are mainly related to:

• ■support clients and business development of the retail banking network through SGRF and certain subsidiaries abroad;
• ■taking stakes, either directly or through investment funds, in innovative companies via SG Ventures;
• ■the takeover of stakes in local companies: Euroclear, Crédit Logement, etc., which does not have limit.

The real estate risk is defined as the risk of decline in the value of SG’s own real estate investments. Such assessment is linked to the value of financial instruments related to real estate assets.

The SG policy related to the own real estate allows to mitigate this risk thanks to two mitigation actions:

• ■agency: the good location of the agency allows to limit the impact on the price in case of market depreciation;
• ■the practice of lease back for offices: the offices no longer belong to the Group that continues to occupy the premises for rent.

The residual value risk is the risk of a loss of value due to the changes in the price of vehicles on second-hand markets.

The resale price of the vehicles is estimated at inception of the leasing contract. The resale price may differ from this estimated value, thus generating a gain or a loss.

Residual value risk is managed according to a central policy which defines the procedure for setting residual values and their review. The governance in place on residual value risk aims to monitor used car market price evolutions and adapt the Company’s pricing and financial policy. The governance in place on residual value risk also aims to monitor residual values for electric vehicles, whose future resale in the specific used vehicle market could also involve uncertainties related to the level of demand, the level of prices, or rapid technological change.

Several factors can cause deviations between the estimated price at contract inception and the actual realised resale price: economic context changes, used car market demand and supply evolutions (in terms of brand, model, car segment, etc.), new vehicle regulations/taxes, etc.

Risk appetite is determined at Group level and attributed to the businesses and subsidiaries. Monitoring of risk appetite is performed according to the principles described in the Risk Appetite Framework governance and implementation mechanism, which are summarised below.

As part of the supervision of risk appetite, the Group relies on the following organisation:

• ■the Board of Directors:
  • -approves each year the Group Risk Appetite Statement and the Group Risk Appetite Framework, as well as the Group Risk Appetite Framework,
  • -approves in particular the main Group risk appetite indicators (Board of Directors indicators) validated beforehand by General Management,
  • -ensures that risk appetite is relevant to the Group’s strategic and financial objectives and its vision of the risks of the macroeconomic and financial environment,
  • -reviews quarterly the risk appetite dashboards presented to it, and is informed of risk appetite overruns and remediation action plans,
  • -sets the compensation of corporate officers, sets out the principles of the remuneration policy applicable in the Group, especially for regulated persons whose activities may have a significant impact on the Group’s risk profile, and ensures that they are in line with risk management objectives.
  • The Board of Directors relies primarily on the Risk Committee;
• ■General Management:
  • -approves the document summarising the Group’s risk appetite Statement and its Risk Appetite Framework based on the proposal of the Chief Risk Officer and the Chief Financial Officer,
  • -examines the risk appetite compliance dashboards presented to it quarterly and is informed of risk appetite breaches and the redemption action plans implemented,
  • -ensures the effectiveness and integrity of the risk appetite implementation system,
  • -ensures that the risk appetite for the Group’s Business Units and eligible subsidiaries/branches is formalised and translated into frameworks consistent with the Group’s risk appetite,
  • -ensures internal communication of risk appetite and its transposition in the Universal Registration Document.

As part of the Risk appetite Framework, General Management relies on several Committees: the Group Executive Committee (ExCo), the Group Risk Committee (CORISQ), the Finance Committee (COFI), the Assets and Liabilities Committee (ALCO), the Compliance Committee (COMCO), the responsible Commitments Committee (CORESP), the Group Provision Committee (COPRO), the Large Exposure Committee (CGR), and the Sogécap Board and its ALM & Risk Management Committee and the Group Internal Control Coordination Committee (CCCIG), with it chairs.

In addition, the main mission of the Risk Department is to draw up the document summarising the Group’s risk appetite, as well as the implementation of a risk management, monitoring and control system.

The Finance Department addresses, with Risk Department, this risk appetite in the framework of indicators under the responsibility of the Finance Committee (profitability, solvency and structural risks).

The Compliance Department is also responsible for instructing the risk appetite setting for indicators falling within its scope.

The Risk Identification Process is a cornerstone and effective tool of the Group risk-management framework as it allows to identify all risks that are or might become material at the Group level. This process, which is continuously performed by Business Units and Service Units, should be comprehensive to cover all Group exposures and all risk categories(6) defined in the Risk Taxonomy.

The outcome of this process is the preparation of the annual Risk Inventory, a list of all material i) Risk Scenarios/Stress Tests and ii) Risk categories, that are to be considered for inclusion in key downstream risk management processes (of which the Risk Appetite, the ICAAP, and the Recovery & Resolution Plan). The Risk Identification process can be breakdown into two processes:

• ■the Continuous Risk Identification process is embedded in the day-to-day management of SG and relies on various processes/governance setups;
• ■the Annual Risk Identification process is performed on an annual basis or updated more frequently if substantial changes occur in the business model, industry, macroeconomic environment, or regulations.

The outcome of the annual Risk Identification process is approved annually by the Group CORISQ and presented to the Group Board of Directors.

Within the Group, stress tests, a key attribute of risk management, contribute to the identification, measurement and management of risks, as well as to the assessment of the adequacy of capital and liquidity to the Group’s risk profile.

The purpose of the stress tests is to cover and quantify, resulting from the Risk Identification annual process, all the material risks to which the Group is exposed and to inform key management decisions. They thus assess what the behavior of a portfolio, an activity, an entity or the Group would be in a degraded business context. It is essential in building the forward-looking approach required for strategic/financial planning. In this context, they constitute a privileged measure of the resilience of the Group, its activities and its portfolios, and are an integral part of the process of developing risk appetite.

The Group stress testing framework combines stress tests in line with the stress testing taxonomy set by the EBA. Group-wide stress tests should cover all legal entities in the Group consolidation perimeter, subject to risk materiality. Stress test categories are:

• ■stress tests based on scenarios: application of historical and/or hypothetical conditions but which must remain plausible and in conjunction with the Economic and Sector Studies Department, to a set of risk factors (interest rates, GDP, etc.);
• ■sensitivity stress tests: assessment of the impact of the variation of an isolated risk factor or of a reduced set of risk factors (a shock in rates, credit rating downgrade, equity index shock, etc.);
• ■reverse stress tests: start with a pre-defined adverse outcome, such as a level of a regulatory ratio, and then identifies possible scenarios that could lead to such an adverse outcome.

The stress test system within the Group thus includes:

• ■global stress tests:
• Global Group stress tests cover all activities and subsidiaries that are part of the Group’s consolidation scope (“Group-wide”), as well as all major risks (including credit risk, market risk, non-financial risk and structural risk). They aim at stressing both the Group P&L and key balance sheet metrics, notably capital and liquidity ratios.
• The central stress test is the overall group stress test, which is based on a central scenario and on adverse macroeconomic scenarios modeled by the Economic Research Department, under the independent supervision of the Group Chief Economist. macroeconomic scenarios are supplemented by other parameters such as capital market conditions, including assumptions on funding.
• The performance of the overall Group stress test is based on the uniform application of the methodology and assumptions at the level of all entities and at Group level. This means that the risk factors, and in particular the macroeconomic assumptions used locally, must be compatible with the macroeconomic scenario defined by the Group. Entities must submit macroeconomic variables to the Group’s Economic Studies Department to check their consistency.
• The regulatory stress test conducted periodically by the EBA also covers all entities and risks and is scenario-based. Therefore, its execution globally mirrors the process defined for the internal Group Global Stress Test, with an increased involvement of the Group central teams, except for the scenario design which is defined by the supervisor;
• ■specific stress tests which assess a specific type of risk (market risk, credit risk, liquidity risk, interest rate risk, etc.):
  • -credit risk stress tests complement the global analysis with a more granular approach and allow fine-tuning of the identification, assessment and management of risk, including concentration,
  • -market stress tests estimate the loss resulting from a severe change in financial market risk factors (equity indexes, interest rates, credit spreads, exotic parameters, etc.). They apply to all Group’s market activities and rely on adverse historical and hypothetical scenarios,
  • -the operational risk assessment relies on an analysis of historical losses, factoring in internal and external loss data as well as the internal framework and the external environment. This includes losses incurred by international financial institutions, and hypothetical forward-looking “scenario analyses” for all operational risk categories,
  • -liquidity stress tests which include: (i) a market-wide scenario that attempts to capture a crisis in which financial markets would undergo an extreme market liquidity disruption causing systemic stress event, and (ii) an idiosyncratic scenario that attempts to capture a firm-specific crisis potentially triggered by a material loss, reputational damage, litigation, executive departures,
  • -stress tests which assess the sensitivity to structural interest rate risk concerning the banking book. The exercise focuses on rate variations by stressing (i) the net present value of the positions or (ii) the interest margin and on exchange rate fluctuations on the residual exchange positions,
  • -a stress test on employment benefits which consists of simulating the impact of variations in market risk factors (inflation, interest rates, etc.) on the Group’s net position (dedicated investments minus the corresponding employment benefits),
  • -stress tests on the risk linked to insurance activities defined in the risk appetite of the Insurance Business Unit, which puts stress on risk factors specific to financial and insurance activities to measure and control the main risks relating thereto,
  • -Residual Value Risk Stress Tests where ALD/Ayvens performs various shocks on leasing-specific risk factors to measure and control its major risks like residual value risk,
  • -climate stress tests based on climate risk scenarios at least once a year. These stress tests may encompass both transition and/or physical risk and may cover short term to medium-long term horizons,
  • -reverse stress tests, both as part of the risk appetite and the recovery plan. The impact of these stress tests is typically defined via a breaking point in the solvency ratio or liquidity indicator, which poses a significant threat to the Bank. Hypothetical scenarios leading to this breaking point are then constructed in order to identify new weaknesses.

In addition to internal stress test exercises, the Group is part of the sample of European banks participating in major international stress tests programmes conducted by the European Banking Authority (EBA) and the European Central Bank (ECB).

The Group’s risk appetite is formalised in a document (“Risk Appetite Statement”) which sets out:

• ■the strategic profile of the Group;
• ■its profile of profitability and financial soundness;
• ■the frameworks relating to the management of the Group’s main risks (qualitative, through risk policies, and quantitative, through indicators).

Regarding the profile of profitability and financial soundness, the Finance Department proposes each year, upstream of the budgetary procedure, to the General Management, limits at Group level, supplemented by alert thresholds and crisis levels according to a “traffic light” approach. These frameworks on financial indicators, then submitted to the Board of Directors for approval allow:

• ■to respect, with a sufficient safety margin, the regulatory obligations to which the Group is subject (in particular the minimum regulatory solvency, leverage and liquidity ratios), by anticipating as best as possible the implementation of new regulations;
• ■to ensure, via a safety margin, sufficient resistance to stress scenarios (stress standardised by regulators or stress defined according to a process internal to the Group).

The frameworks relating to risk management, also represented via a graduated approach (limits, alert thresholds, etc.), result from a process in which the needs expressed by the businesses are confronted with a contradictory opinion independent from the second line defense. The latter is based on:

• ■independent analysis of risk factors;
• ■the use of prospective measures based on stress approaches;
• ■the proposal for a framework.

For the main risks, the frameworks set make it possible to consolidate the achievement of the Group’s financial targets and to orient the Group’s profitability profile.

The allocation of risk appetite in the organisation is based on the strategic and financial plan, and on risk management systems:

• ■based on recommendations by the Finance Department to General Management, the financial indicator’s frameworks defined at Group level are broken down into financial frameworks(7) at business line level, as part of financial management;
• ■the breakdown of frameworks and risk policies are based on an understanding of the needs of the Business Units and/or subsidiary/branch and their business prospects and takes into account the profitability and financial strength objectives of the Business Units and/or the subsidiary/branch.

Implementing a high-performance and efficient risk management structure is a critical undertaking for Societe Generale Group in all businesses, markets and regions in which it operates, as is maintaining a balance between strong awareness of risks and promoting innovation. The Group’s risk management, supervised at the highest level, is compliant with the regulations in force, in particular the order of 3 November 2014 revised by the order of 25 February 2021 on the internal control of companies in the banking sector, Payment Services and Investment Services subject to the control of the French Prudential Supervisory and Resolution Authority (Autorité de Contrôle Prudentiel et de Résolution – ACPR) and the final version of European Basel 3 Regulations ((Capital Requirements Regulation/Capital Requirements Directive).  (See Corporate Governance-Role of Chairman of the Board of directors").

Two main high-level bodies govern Group risk management: the Board of Directors and General Management.

General Management presents regularly (more often if circumstances require so) the main aspects of, and notable changes to, the Group’s risk management strategy to the Board of Directors.

As part of the Board of Directors, the Risk Committee advises the Board of Directors on overall strategy and appetite regarding all kinds of risks, both current and future, and assists the Board when the latter verifies that the strategy is being rolled out.

The Board of Directors’ Audit and Internal Control Committee ensures that the risk control systems operate effectively.

Chaired by the general management, the bank’s executive committee, in terms of risks, is in charge of making sure that the Group has an efficient risks management frame and monitor and control this frame. This responsibility will be mainly assumed through the participation of the Executive Committee at the Group Risk Committee. In addition, the Executive Committee must:

• ■on an annual basis, review and validate the Group’s Risk Appetite Statement, before submitting it to the Société Générale Board of Directors; 
• ■on an annual basis, review and validate the Group’s Risk Appetite Framework, before submitting it to the Société Générale Board of Directors;
• ■ensure that the Group has effective segregation of duties between the first, second and third lines of defense;
• ■on an annual basis, review, challenge and take note of the report of the Chief Risk Officer on the risk control and self-assessment process, as well as the Group’s IT and cybersecurity risk assessment;
• ■on a monthly basis, review and challenge the Risk Report prepared by the Chief Risk Officer which includes: (a) an assessment of significant and emerging risks, risk deficiencies, risk management and mitigation within the Group and for all types of risks identified; (b) quantitative data on risk exposure and their use to enable the Executive Committee to regularly monitor compliance with the Group’s risk appetite, risk tolerance and risk capacity; and (c) a summary of the quarterly meetings of the Enterprise Risk Committee at the Pillar level;
• ■review and challenge the important post-mortem analysis presented to it by the Operational Risk Department, which constitute the important post-mortem subjects within the Group.

Chaired by General Management, the Committees responsible for central oversight of internal control and risk management are as follows:

• ■The Group Risk Committee (Group CORISQ), chaired by the Group CEO, has authority over the entire Société Générale Group and aims to:
  • -validate the main risk management processes, in particular the Group’s risk taxonomy, risk identification, risk management and stress testing frameworks,
  • -validate, before proposing to the Board of Directors, the Risk Appetite Framework (RAF),
  • -validate the Risk Inventory;
  • -for credit, counterparty, market, operational, model risks, ESG(8) and Country risk factors:
    • •ensure the annual validation (before review by the Group ExCo and before final validation by the Board of Directors) of the Group’s Risk Appetite (RAS) for these categories,
    • •define or validate the Group’s main guidelines in terms of risks policies in the context of the risk appetite previously validated by the Board of Directors, 
    • •monitor conformity with the Group’s risk appetite and the material topics of the Pillars/BUs Risk Appetite reporting to it,
    • •ensure a holistic view of all these risks through monthly risk reporting. 

The validation of the Group’s Risk Appetite (RAS), before being proposed to the Board of Directors for approval, is the responsibility of the Exco Group.

Along with the Risks Committee, the Large Exposures Committee (Comité Grands Risques) is an ad hoc Committee, responsible for approving the sales and marketing strategy and risk appetite regarding major client groups (Corporates, Insurance Companies and Asset Managers). The Large Exposures Committee is a decision-making body and has authority over the entire Société Générale Group. 

• ■the Finance Group Committee (COFI)
• The COFI is responsible for Société Générale Group’s financial strategy and for steering Société Générale Group’s strategic financial targets. In that capacity, the COFI oversees all key aspects of SG Group’s:
  • ( i )management of Société Générale Group’s strategic financial targets as defined in SG Group’s Risk Appetite: rating, profitability, capital, liquidity, balance sheet,
  • ( ii )ICAAP and ILAAP, including their validation ahead of submission to the Board of Directors for approval,
  • ( iii )funding strategy and funding plan,
  • ( iv )monitoring of Societe Generale’s rating by credit agencies,
  • ( v )recovery and resolution planning,
  • ( vi )monitoring of Societe Generale’s Group tax capacity,
  • ( vii )distribution policy and proposals,
  • ( viii )financial management of the Corporate Centre and intragroup re-invoicing.
• Operational management of structural risks within the Group Risk Appetite is addressed by the Group Assets and Liabilities Management Committee (“ALCO”).
• The COFI aims at setting and enforcing Société Générale’s own management practices while complying with all relevant regulations and ensuring the highest risk control standards.
• The COFI has a Group-wide authority excluding insurance activities. However, the COFI is competent for scarce resources management for the financial conglomerate (reunion of the banking and insurance activities). The COFI has authority in normal as well as in stressed circumstances, subject to the provisions of the Contingency Funding Plan and Recovery Plan.
• Some matters handled by the COFI are for its sole decision, while others are reviewed by the COFI ahead of the submission to the Board of Directors (e.g. ILAAP and ICAAP documents).
• The COFI is chaired by the CEO or its delegate as per usual general management delegation rules;
• ■the Group Assets and Liabilities Management Committee (ALCO)
• The ALCO is responsible for the management of SG Group’s structural risks within the Group Risk Appetite. Structural risks include:
  • ( i )interest rate risk and foreign exchange risk in the banking book,
  • ( ii )Group Structural risk,
  • ( iii )liquidity risk of the entire banking and trading book.
• The ALCO has a Group-wide authority in normal as well as in stressed circumstances, subject to the provisions of the Contingency Funding Plan and Recovery Plan.
• The ALCO aims at setting and enforcing Société Générale’s own management practices while complying with all relevant regulations and ensuring the highest risk control standards.
• Some matters handled by the ALCO are for its own decision only, while others are reviewed by the ALCO ahead of the submission to the Board of Directors.
• The ALCO is chaired by the CEO or his delegate as per usual general management delegation rules;
• ■the Compliance Committee (COMCO), this Committee reviews the risks of non-compliance, the main issues and defines the Group’s compliance principles and ensures the annual monitoring of the quality of the Sanctions & Embargoes risk management system:
  • ( i )review of the main compliance incidents of the period,
  • ( ii )review of key information related to relationships with supervisors,
  • ( iii )follow-up of potential ongoing remediations,
  • ( iv )review/challenge of compliance indicators on each non-compliance risk, including a biannual focus on financial crime prior to presentation to the Board of Directors,
  • ( v )validation of compliance risk appetite criteria and quarterly review of RAS indicators,
  • ( vi )review of permanent (CN1 and CN2) and periodic (IGAD) controls and main points of attention and Need for Action,
  • ( vii )monitoring of Group Policies and Procedures deployment,
  • ( viii )review of the Group annual mandatory trainings roadmap and validation of new modules for all employees,
  • ( ix )review of CACI/CR and Board documents not previously reviewed by DGLE,
  • ( x )ad hoc validation on Group compliance topics.
• The COMCO is chaired by the CEO;
• ■the Group Information Systems Committee (ISCO)
• The ISCO is responsible for SG Group’s Information System (“IS”) strategy and for steering SG Group’s strategic IS targets. In that capacity, the ISCO oversees all key aspects of SG Group’s:
  • ( i )validates major objectives of the IS sector,
  • ( ii )steers investments (CTB) and run costs (RTB) and approves major or strategic projects for the Group’s information systems, ensuring their consistency and alignment with the BU/SU Strategic Transformation Plans (TSP),
  • ( iii )oversees IS sector operating on its pillars (IT Financial Steering, IT strategy & Architecture, Project Portfolio and CTB Management, Digital and Data Assets & Capabilities, Resource Management (HR & sourcing) and Model delivery, Operations, Quality of Service and Obsolescence, Cyber security and resilience, Green IS, IT Risk Management) and associated KPIs (financial trajectory, validation of budget adjustments and arbitrations, asset mutualisation, CTB allocation, major projects risks, review of key post-mortem points on incidents, deployment of norms and standards),
  • ( iv )defines the priorities of the IS sector and, if necessary, arbitrates between local and global priorities.
• The Committee validates the elements that will be presented to the Board of Directors regarding strategies, risks, incidents, and status on IT production and projects;
• ■the Group Internal Control Coordination Committee (GICCC), is chaired by the Chief Executive Officer or, in his absence, by a Deputy Chief Executive Officer. The purpose of the GICCC is to ensure the consistency and effectiveness of the Group’s internal control, in response in particular to the obligation laid down in Art. 16 of the amended French Order of 3 November 2014. The Committee meets approximately 20 times a year to deal with cross-cutting topics as well as the annual review of each Business Unit and Service U;
• ■the Responsible Commitments Committee (CORESP), chaired by the Deputy Chief Executive Officer in charge of overseeing the ESG policy, deals with all matters falling within the Group’s responsibility in Environmental and Social matters, or those having an impact on the Group’s responsibility or reputation and not already covered by an existing Executive Management Committee. The Committee is decision-making and has authority over the whole Group;
• ■the Group Provisions Committee (COPRO), chaired by the Chief Executive Officer, meets quarterly, presents and validates the net cost of risk of the Group (provisions for credit risk) which will be accounted in the quarter.

The Group’s Corporate Divisions, which are independent from the core businesses, contribute to the management and internal control of risks. In these Corporate Divisions, Risk and Compliance Divisions are part of 2nd Line of defense (LoD2).

As a reminder, the 2nd line of defense relies on the 1st line of defense, which is represented by the Group’s operational management, in the Business Units and Service Units for their own operations.

Operational management is responsible for the risks, takes charge of their prevention, as well as the implementation of corrective or palliative actions in response to any deficiencies detected by the controls and/or in the context of process management.

The Corporate Divisions provide the Group’s General Management with all the information needed to assume its role of managing Group strategy under the authority of the Chief Executive Officer. The Corporate Divisions report directly to General Management:

• ■the Risk Division
• The Risk Management Function: RISQ’s main mission is to contribute to the strategy definition and to the sustainable development of the Societe Generale group’s activities and profitability. To that end, the Risk Management Function (i) proposes to the management and the Board of Directors the Group’s risk appetite based on its independent analysis of all existing and forecasted risks; (ii) is involved in all material risk management decisions through an effective challenge; (iii) defines, implements, and controls effectiveness of an holistic, relevant and robust risk management framework, validated by the Board of Directors, allowing to ensure the adherence to the risk appetite and to provide the management and the Board of Directors with an independent analysis and an opinion on group-wide holistic view on all the existing and forecasted risks the Group is facing; (iv) proposes adjustment and remediation, if necessary.
• Specifically, in order to contribute to the sustainable development of Société Générale Group’s activities and profitability, the Risk Management Function, as an independent second line of defense, and in line with the principle of proportionality:
  • -informs the Board of Directors and the General Management of the institution’s actual and potential risks, so that they can (i) make fully informed decisions on the Group’s strategy and (ii) determine and approve the institution’s risk appetite. Reports and provides all relevant information regarding risks, including major incidents and ensures that they are reviewed at the appropriate levels of the institution, including General Management (DGLE) and the Board of Directors,
  • -participates in the definition of the institution’s risk strategy. Is responsible, with the contribution of the Financial Department, for proposing to the General Management a risk appetite for approval by the Board of Directors, assessing the soundness and sustainability of the risk strategy and risk appetite. Establishes and proposes to the General Management and the Board of Directors internal limits in line with the risk appetite of the institution, taking into account its framework, its operating model, its financial soundness, and its strategic objectives,
  • -participates in strategic risk-taking decisions, provides independent opinion, advice, and recommendations, delivers a holistic view of all risks at institutional and Group level, and ensures conformity with the risk strategy,
  • -anticipates the risks to which the Group may be exposed by taking into account trends and relevant data in the macroeconomic context, recognizes new or emerging risks, as well as increased risks, related to changes in activities and market conditions, establishes frameworks for the identification and assessment of risks in hypothetical adverse scenarios to measure the institution’s ability to take risks,
  • -defines an effective risk management framework, including risk policies, procedures, limits, and controls to be applied by all business lines and allowing to identify, evaluate, measure, monitor, manage, mitigate and report holistically the current risks to which the Group is exposed, and thus ensure the management of the latter,
  • -challenges, reviews independently and critically, controls and supports on a permanent basis adherence to and the deployment of the Risk Management Framework by the business lines, including adherence to the risk appetite, at all levels of the organisation as well as defined remediation actions (Group/BU/entities) via effective governance, frameworks, and processes. Ensures that related party transactions are reviewed and that the risks they pose to the institution are identified and properly assessed,
  • -contributes to the establishment of a risk culture by reporting a holistic view of risks and how they are managed, and by ensuring that the lines of activities are aware of their risks and the risk appetite in which they must operate,
  • -is in charge of the management of Group Risk Division;
• ■the Group Compliance Division must ensure the Group’s compliance with banking and financial regulations and provide a holistic view of non-compliance risks, based in particular on the analysis produced by the RISQ function and cross-functional expert functions.
• Its main missions are to:
  • -ensure that all risks of non-compliance are identified and that the Group complies with all regulatory and supervisory obligations,
  • -assess the impact of regulatory and legal changes on the Group’s activities and compliance framework,
  • -define standards and procedures to manage the risk of non-compliance,
  • -provide notice on new products and activities, or material changes to products or activities,
  • -ensure appropriate management of risks of non-compliance through LOD1 and the establishment of appropriate controls, including Level 2 controls,
  • -identify, assess and escalate incidents and breaches of compliance,
  • -train employees and promote a culture of compliance in the Group,
  • -advise and inform General Management and the Board of Directors on non-compliance risks;
• ■the Finance Department (DFIN) coordinates the Finance Management Function and is responsible for the Group’s financial management, oversight and production through several complementary tasks:
  • -fueling General Management’s discussions on strategic and financial aspects. To this end, DFIN takes care to provide a consistent overview of performance indicators and financial information,
  • -managing, at consolidated level for Société Générale SA and for certain subsidiaries, the establishment and analysis of financial, tax and regulatory statements (regulatory indicators regarding scarce resources, regulatory reports, ICAAP and ILAAP documentation) in compliance with applicable standards and obligations,
  • -monitoring and overseeing P&L performance, profitability and scarce resources (capital, liquidity, balance sheet) in line with strategic objectives and in accordance with regulatory obligations,
  • -supporting the Business Units and Service Units with financial and strategic oversight,
  • -managing liquidity, in particular through the implementation of financing and resilience plans, in accordance with the objectives set by the Group and in compliance with the Group’s risk appetite,
  • -maintaining financial crisis management plans tailored to the Group’s configuration,
  • -ensuring the management and first-level monitoring of structural interest rate, foreign exchange and liquidity risks. RISQ assuming the role of second line of defence,
  • -performing regulatory watch with respect to scarce resources, accounting and finance, and participating in institutional relations and advocacy with its main peers and with banking federations,
  • -acting as enterprise architect for all activities performed by the Group’s Finance Divisions;
• ■the Group General Secretariat (SEGL) within its fields of expertise, is assigned with the mission of protecting the Bank so as to further its development. It assists the General Management on the subject of the Group’s governance. Together with the Service Units, Business Units and other Société Générale Group entities, it ensures the administrative, legal and tax compliance of the Group’s activities, both in France and abroad. It is in charge of managing legal and tax risks. It also oversees global Group security (together with the RESG Service Unit in respect of IT systems security), designs and implements the risk insurance policy for the entire Group and its staff, and provides assistance in developing insurance products for the Group’s clients. It oversees public affairs and institutional relations/advocacy initiatives within the Société Générale Group. In liaison with DGLE and the Group’s Business Units/Service Units, he coordinates the relationship with the authorities in charge of supervising the Société Générale Group, on a consolidated basis. Lastly, it handles the Group’s central administration and offers support to the Board of Directors and its Secretary as necessary. SEGL manages a number of executive and non-executive governance matters on behalf of the subsidiaries;
• ■the Group Human Resources Division (HRCO) is tasked with defining and implementing the general and individual policies designed to enable the Group to develop the skills and talent needed for its strategy to succeed. The Division’s role as partner to the businesses is key to the Group’s adaptation to its environment;
• ■the Group resources and digital transformation Department (RESG) accompanies the digital transformation and promotes operational efficiency for the Group. It supervises the Resource Management Functions (Information Systems, Sourcing and Property) as well the Group’s Digital transformation and Innovation;
• ■the Group Internal Audit and General Inspection Department, under the authority of the General Inspector, is in charge of internal audit; finally
• ■the Sustainable Development Division attached to the General Management, the Group Sustainable Development Division (DGLE/RSE) assists the Deputy Chief Executive Officer in charge of the whole ESG policies (CSR – Corporate Social Responsibility-) and their actual translation in the business lines and functions trajectories. It supports the Group ESG transformation to make it a major competitive advantage, in the business development as well as in the ESG (Environmental & Social) risks management.

According to the last census carried out on 31 December 2023, the full-time equivalent (FTE) workforce of:

• ■the Group’s Risk Department for the second line of defence represents approximately 4,508 FTEs (1,835 within the Group’s Risk Department itself and 2,673 for the rest of the Risk function);
• ■the Compliance Department or the second line of defence represents approximately 2,888 FTEs;
• ■the Information System Security Department totals approximately 529 FTEs.

The Group’s risk measurement systems serve as the basis for the production of internal Management Reports allowing the monitoring of the Group’s main risks (credit risk, counterparty, market, operational, liquidity, structural, settlement/delivery) as well as the monitoring of compliance with the regulatory requirements.

The risk reporting system is an integral part of the Group’s risk management system and is adapted to its organisational structure. The various indicators are thus calculated at the level of the relevant legal entities and Business Units and serve as the basis for the various reportings. Departments established within the Risk, Finance and Compliance sectors are responsible for measuring, analysing and communicating these elements.

Since 2015, the Group has defined architecture principles common to the Finance and Risk functions, the TOM-FIR principles (Target Operating Model for Finance & Risk), in order to guarantee the consistency of the data and indicators used for internal management and regulatory production. The principles revolve around:

• ■Risk and Finance uses, whether at the local level and at the various levels of consolidation subject to an organised system of “golden sources”, with a collection cycle adapted to the uses;
• ■common management rules and language to ensure interoperability;
• ■consistency of Finance and Risk usage data, via strict alignment between accounting data and management data.

The Group produces, via all of its internal reports for internal monitoring purposes by the Business Units and Service Units, a large number of risk metrics constituting a measure of the risks monitored. Some of these metrics are also produced as part of the transmission of regulatory reports or as part of the publication of information to the market.

The Group selects from these metrics a set of major metrics, able to provide a summary of the Group’s risk profile and its evolution at regular intervals. These metrics concern both the Group’s financial rating, its solvency, its profitability and the main risks (credit, market, operational, structural (liquidity and financing, rates and exchange rates), model) and are included in the reports intended for internal management bodies.

They are also subject to a framework defined and broken down in line with the Group’s risk appetite, giving rise to a procedure for reporting information in the event of breaches.

Thus, the risk reports intended for the management bodies are guided in particular by the following principles:

• ■coverage of all significant risks;
• ■combination of a global and holistic view of risks and a more in-depth analysis of the different types of risk;
• ■overview supplemented by focus on certain specific scopes, forward-looking elements (based in particular on the presentation of elements on the evolution of the macroeconomic context) and elements on emerging risks;
• ■balance between quantitative data and qualitative comments.

The main Risk reports for management bodies are:

• ■monthly reporting to the Risk Committee of the Board of Directors aims to provide an overview of changes in the risk profile.
• This reporting is complemented by dashboard for monitoring the Group’s Risk Appetite Statement indicators is also sent quarterly to the Board of Directors. These indicators are framed and presented using a “traffic light” approach (with distinction between thresholds and limits) in order to visually present monitoring of compliance with risk appetite. In addition, a compliance dashboard and a reputation dashboard are sent to the Risk Committee of the Board of Directors and provide an overview of each non-compliance risk;
• ■monthly reporting to the Group Risk Committee (CORISQ), for the general management, aims to regularly provide this Committee with a risk analysis under its supervision, with a greater level of detail than reporting to the Risk Committee of the Board of Directors. In particular, a summary of the main credit files over the period covered by the reporting is presented;
• ■reporting to the Finance Committee (COFI) for General Management gives rise in particular to the following two reports: a “Scarce resources trajectory” report allowing budget execution to be monitored and a “Structural risk monitoring (ALM)”report” making it possible to monitor compliance with the thresholds and limits relating to liquidity risks and structural interest and exchange rate risks;
• ■the quarterly reporting of the Group Compliance Committee (COMCO) to General Management: the COMCO provides via dedicated reporting an overview of the main non-compliance risks, raises points of attention on compliance topics Group, decides on the main orientations and defines the Group principles in terms of compliance;
• ■the quarterly reporting of the Provisions Committee (COPRO) to General Management is intended to provide an overview of changes in the level of provisions at Group level. In particular, it presents the change in the net charge of the cost of risk by pillar, by Business Unit and by stage;
• ■reporting by the Group Internal Control Coordination Committee (GICCC) to General Management: this Committee reviews, on the basis of a standardised dashboard for all Business Units/Service Units, the efficiency and the consistency of the permanent control system implemented within the Group, as well as, within the framework of the Risk Internal Governance Assessment (RIGA) process, the ability of the Risk function to exercise its role as the 2nd line of defence in the whole group. Finally, the Risk Department contributes, as a permanent member, to all GICCC meetings, through position papers on the subjects under review.

Although the above reports are used at Group level to monitor and review the Group’s risk profile in a global manner, other reports are transmitted to the Board of Directors or to the General Management in order to monitor and control certain types specific risks.

Ad hoc reports can be produced.

Additional information on risk reporting and assessment systems by type of risk is also presented in the following chapters.

Internal control is part of a strict regulatory framework applicable to all banking institutions.

In France, the conditions for conducting internal controls in banking institutions are defined in the Order of 3 November 2014, modified by the Order of 25 February 2021. This Order, which applies to all credit institutions and investment companies, defines the concept of internal control, together with a number of specific requirements relating to the assessment and management of the various risks inherent in the activities of the companies in question, and the procedures under which the supervisory body must assess and evaluate how the internal control is carried out.

The Basel Committee has defined four principles – independence, universality, impartiality, and sufficient resources – which underpin the internal control carried out by credit institutions.

The Board of Directors ensures that Societe Generale has a solid governance system and a clear organisation ensuring:

• ■a well-defined, transparent and coherent sharing of responsibilities;
• ■effective procedures for the detection, management, monitoring and reporting of risks to which the Company could be exposed.

The Board tasks the Group’s General Management with rolling out the Group’s strategic guidelines to implement this set-up.

The Audit and Internal Control Committee is a Board of Directors’ Committee that is specifically responsible for preparing the decisions of the Board in respect of internal control supervision.

As such, General Management and Risk Division submits reports to the Audit and Internal Control Committee on the internal control of the Group. The Committee monitors the implementation of remediation plans when it considers the risk level to be justified.

Internal control is based on a body of standards and procedures.

All Societe Generale Group activities are governed by rules and procedures contained in a set of documents referred to collectively as the “Standard Guidelines”, compiled in the Societe Generale Code, which:

• ■set out the rules for action and behavior applicable to Group staff;
• ■define the structures of the businesses and the sharing of roles and responsibilities;
• ■describe the management rules and internal procedures specific to each business and activity.

The Societe Generale Code groups together the standard guidelines which, in particular:

• ■define the governance of the Societe Generale Group, the structures and duties of its Business Units and Services Units, as well as the operating principles of the cross-business systems and processes (Codes of Conduct, charters, etc.);
• ■set out the operating framework of an activity and the management principles and rules applicable to products and services rendered, and also define internal procedures.

The Societe Generale Code has force of law within the Group and falls under the responsibility of the Group Corporate Secretary.

In addition to the Societe Generale Code, operating procedures specific to each Group activity are applied. The rules and procedures in force are designed to follow basic rules of internal control, such as:

• ■segregation of functions;
• ■immediate, irrevocable recording of all transactions;
• ■reconciliation of information from various sources.

Multiple and evolving by nature, risks are present in all business processes. Risk management and control systems are therefore key to the Bank’s ability to meet its targets.

The internal control system is represented by all methods which ensure that the operations carried out and the organisation and procedures implemented comply with:

• ■legal and regulatory provisions;
• ■professional and ethical practices;
• ■the internal rules and guidelines defined by the Company’s management body of the undertaking in its executive function.

Internal control in particular aims to:

• ■prevent malfunctions;
• ■assess the risks involved, and exercise sufficient control to ensure they are managed;
• ■ensure the adequacy and effectiveness of internal processes, particularly those which help safeguard assets;
• ■detect irregularities;
• ■guarantee the reliability, integrity and availability of financial and management information;
• ■check the quality of information and communication systems.

The internal control system is based on five basic principles:

• ■the comprehensive scope of the controls, which cover all risk types and apply to all the Group’s entities;
• ■the individual responsibility of each employee and each manager in managing the risks they take or supervise, and in overseeing the operations they handle or for which they are responsible;
• ■the responsibility of functions, in line with their expertise and independence, in defining normative controls and, for three of them, exercising second-level permanent control;
• ■the proportionality of the controls to the materiality of the risks involved;
• ■the independence of internal auditing.

The internal control framework is based on the “three lines of defence” model, in accordance with the Basel Committee and European Banking Authority guidelines:

• ■the first line of defence comprises all Group employees and operational management, both within the Business Units and the Services Units in respect of their own operations.
• Operational management is responsible for risks, their prevention and their management (by putting in place first-level permanent control measures, amongst other things) and for implementing corrective or remedial actions in response to any deficiencies identified by controls and/or process steering;
• ■the second line of defence is provided by the risk and compliance functions.
• Within the internal control framework, operational management is responsible for verifying the proper and continuous running of the risk security and management operation functions through the effective application of established standards, defined procedures, methods and requested controls.
• Accordingly, these functions must provide the necessary expertise to define in their respective fields the controls and other means of risk management to be implemented by the first line of defence, and to ensure that they are effectively implemented; they conduct second-level permanent control over all of the Group’s risks, based in particular on the controls they have defined, as well as those defined, if necessary, by other expert functions (e.g. sourcing, legal, tax, human resources, information system security, etc.) and by the businesses;
• ■the third line of defence is provided by the Internal Audit Department, which encompasses the General Inspection and Internal Audit functions. This department performs periodic internal audits that are strictly independent of the business lines and the permanent control function;
• ■internal control coordination, which falls under the responsibility of the Chief Risk Officer, is also provided at Group level and is rolled out in each of the departments and core businesses.

The Chief Executive Officer is responsible for ensuring the overall consistency and effectiveness of the internal control system.

The purpose of the Group Internal Control Coordination Committee (GICCC) is to ensure the consistency and effectiveness of the Group’s internal control, in response in particular to the obligation laid down in Art. 16 of the amended French Order of 3 November 2014. The Committee is chaired by the Chief Executive Officer, or in his absence, by a Deputy General Manager tasked with supervising the area under review. Organised by RISQ/NFR, the CCCIG convenes the Managers of the second line of defence (CPLE and RISQ), the Representatives appointed by the Heads of DFIN and RESG (including the Global CISO), the Manager of the third line of defence (IGAD), as well as the Heads of the level 2 permanent control central teams (RISQ/CTL, CPLE/CTL, DFIN/CTL).

The Committee meets approximately 20 times a year to deal with cross-cutting topics, as well as the annual review of each BU/SU.

Its roles and responsibilities are:

• ■provide a consolidated view of the Group’s internal control framework to General Management;
• ■evaluate the Group’s internal control framework in terms of effectiveness, consistency, and completeness;
• ■evaluate the operation Group’s permanent control framework based on the analysis of the Group’s quarterly permanent control dashboard, completed by cross-functional thematic reviews and by the independent reviews of RISQ and CPLE in their role as the Group’s second line of defense;
• ■examine and validate the annual report of the Group’s internal control (“RCI”);
• ■define or validate the roles and responsibilities of permanent control stakeholders and of the GICCC and ICCC;
• ■validate the operational principles of permanent control and governance;
• ■validate the sections dealing with internal control in the SG Code;
• ■review and “challenge” the BU/SU permanent control framework, in particular, validate the target organisation of permanent control in the major and significant entities;
• ■review other cross-functional subjects related to the Group’s permanent control:
  • ( i )the permanent control budget,
  • ( ii )validate of level 2 Control Plans,
  • ( iii )other cross-functional subjects concerning all or part of the Group, in particular risks (including ESG topics), requiring an assessment of the effectiveness of preventive measures and controls; two subjects are examined annually, due to their importance and the attention they receive from the supervisory authorities:
    • •control of information security framework, and
    • •control of essential outsourced services;
• ■follow up the Group’s permanent control framework with the permanent members of the Committee: review and comment on the status of the action plan prepared by RISQ/NFR and take appropriate decisions if necessary.

The GICCC is a decision-making body. It therefore has the authority to take appropriate measures to correct any deficiencies or weaknesses detected and communicated.

The GICCC is declined into BU/SU ICCCs, which are mandatory in each BU/SU (expect IGAD) and in the most significant subsidiaries.

The Group’s permanent control system comprises:

• ■the first-level permanent control, which is the basis of the Group’s permanent control, is performed by the businesses. Its purpose is to ensure the security, quality, regularity and validity of transactions completed at operational level;
• ■the second-level permanent control, which is independent of the businesses and concerns three departments, i.e. the Compliance, Risk and Finance Departments.

Permanent Level 1 controls, carried out on operations performed by BUs and the SUs, ensure the security and quality of transactions and the operations. These controls are defined as a set of provisions constantly implemented to ensure the regularity, validity, and security of the operations carried out at operational level.

The permanent Level 1 controls consist of:

• ■any combination of actions and/or devices that may limit the likelihood of a risk occurring or reduce the consequences for the Company: these include controls carried out on a regular and permanent basis by the businesses or by automated systems during the processing of transactions, automated or non-automated security rules and controls that are part of transaction processing, or controls included in operational procedures. Also falling into this category are the organisational arrangements (e.g., segregation of duties) or governance, training actions, when they directly contribute to controlling certain risks;
• ■controls performed by managers: line managers control the correct functioning of the devices for which they are responsible. As such, they must apply formal procedures on a regular basis to ensure that employees comply with rules and procedures, and that Level 1 controls are carried out effectively.

Defined by a Group entity within its scope, Level 1 controls include controls (automated or manual) that are integrated into the processing of operations, proximity controls included in operating procedures, safety rules, etc. They are carried out in the course of their daily activities by agents directly in charge of an activity or by their managers. These controls aim to:

• ■ensure the proper enforcement of existing procedures and control of all risks related to processes, transactions and/or accounts;
• ■alert management in the event of identified anomalies or malfunctions.

Permanent Level 1 controls are set by management and avoid, as far as possible, situations of self-assessment. They are defined in the procedures and must be traced without necessarily being formalised, e.g. preventive automated controls that reject transactions that do not comply with system-programmed rules.

In order to coordinate the operational risk management system and the permanent Level 1 control system, the BUs/SUs use a specific department called CORO (Controls & Operational Risks Office Department).

The permanent Level 2 control ensures that the Level 1 control works properly:

• ■the scope includes all permanent Level 1 checks, including managerial supervision checks and checks carried out by dedicated teams;
• ■this review and these audits aim to give an opinion on (i) the effectiveness of Level 1 controls, (ii) the quality of their implementation, (iii) their relevance (including, in terms of risk prevention), (iv) the definition of their modus operandi, (v) the relevance of remediation plans implemented following the detection of anomalies, and the quality of their follow-up, and thus contribute to the evaluation of the effectiveness of Level 1 controls.

The permanent level 2 control, control of the controls, is carried out by teams independent of the operational.

These controls are performed centrally by dedicated teams within Risk Service Unit (RISQ/CTL), Compliance Service Unit (CPLE/CTL) and Finance Service Unit (DFIN/CTL) and locally by the second-level control teams within the BU/SUs or entities.

The internal audit function is carried out within the Societe Generale Group (the “Group”) by the General Inspection and Internal Audit Service Unit (“IGAD”). The internal audit function is under the responsibility of the Group’s General Inspector.

The Internal Audit function contributes to Societe Generale Group’s internal control framework. It constitutes the third and final line of defense and ensures periodic control, strictly independent of the business lines and other internal control functions.

The internal audit function performed by IGAD, defined in accordance with IIA (Institute of Internal Auditors) standards, is an independent and objective activity that gives the Group assurance on the level of control of its risks and operations, provides advice to improve them and helps create added value. Through the exercise of this mandate, Inspection and Internal Audit help the Group to achieve its objectives by evaluating, through a systematic and methodical approach, its risk management, controls, and corporate governance processes and by making proposals to strengthen their effectiveness.

IGAD’s scope of operations includes Societe Generale SA and all Group entities, regardless of their area of activity. All the Group’s activities, operations, and processes, without exception, may be the subject of a mission conducted by the General Inspection Department or the Internal Audit Department. That said, entities in which the Group holds a minority stake are excluded from IGAD’s scope of intervention, including when Societe Generale exercises a significant influence, except when this stake is likely to have a significant impact on the Group’s risk management.

Outsourced activities also fall within the scope of the internal audit function.

The Group’s General Inspector reports directly to the Group’s Chief Executive Officer.

He meets regularly with the Chairman of the Board of Directors. The Internal Rules of the Board of Directors, updated in August 2023, provide that the General Inspector shall report to the Board of Directors on his mission on the basis of presentations made beforehand to the Audit and Internal Control Committee. He presents the audit and inspection plans approved by the Group’s Chief Executive Officer for validation to the Board of Directors, after review by the Audit and Internal Control Committee.

The General Inspector is a permanent member of the Audit and Internal Control Committee, to which he regularly presents a summary of the activity of the General Inspection and Internal Audit as well as the review of the follow-up of the implementation of the recommendations issued by both the Audit and the General Inspection and the supervisors. The General Inspector is also a permanent member of the Risk Committee. He may be heard on any subject by these Committees at their request or on its initiative.

Finally, pursuant to the Board of Directors’ internal rules, the General Inspector may, if necessary, in the event of an actual or potential deterioration of risks, report directly to the Board of Directors, directly or through the Audit and Internal Control Committee, without referring to the Executive Managers.

In order to achieve its objectives, the General Inspection and Internal Audit Service Unit is provided with appropriate resources, proportionate to the challenges, both in terms of quality and quantity. In total, it comprises around 930 employees based at the Group’s head office, subsidiaries or branches (France and abroad).

The IGAD Service Unit is a hierarchically integrated directorate. The General Inspection Department, based at headquarters, operates throughout the Group. The Internal Audit Departments are each responsible for a defined scope of activities or risks. Whether located at headquarters or within entities (branches or subsidiaries), the audit teams are all attached to the IGAD Service Unit. Thanks to a matrix organisation, the main cross-cutting topics at Group level are covered. Depending on the resources and skills required, an audit assignment can bring together teams from different departments. IGAD has the possibility to involve any team of its choice in the execution of a mission within the Group.

The General Inspection and Internal Audit departments carry out their work from missions. In addition to the missions listed in its tour plan, the General Inspection may be asked to carry out specific studies or contribute to “due diligence” reviews in the event of the acquisition or disposal of entities or activities by the Group. This work is governed by procedures ensuring that the Inspection Department cannot subsequently find itself in a conflict-of-interest situation.

The General Inspection and Internal Audit Departments design their respective audit plans on a risk-based approach. Internal Audit combines this approach with the requirement to comply with a five-year audit cycle and determines the frequency of its interventions according to the level of risk of the scopes to be audited. While the General Inspection Department is not required to comply with an audit cycle, its work is considered for the compliance with the audit cycle.

The General Inspection and Internal Audit Departments are also involved in monitoring the implementation of supervisors’ recommendations as part of their independent positioning within the Group. This work continued in 2023 with regular presentations to the General Management – in coordination with the General Secretariat – and to the Audit and Internal Control Committee.

As required by the International Standards for Internal Audit, IGAD is subject to independent external certification by IFACI (French Institute of Audit and Internal Control).

There are many participants in the production of financial data:

• ■the Board of Directors, and more specifically its Audit and Internal Control Committee, has the task of examining the draft financial statements which are to be submitted to the Board, as well as verifying the conditions under which they were prepared and ensuring not only the relevance but also the consistency of the accounting principles and methods applied. The Audit and Internal Control Committee’s remit also is to monitor the independence of the Statutory Auditors, and the effectiveness of the internal control, measurement, supervision and control systems for risk related to the accounting and financial processes. The Statutory Auditors meet with the Audit and Internal Control Committee during the course of their engagement;
• ■the Group Finance Department gathers the accounting and management data compiled by the subsidiaries and the Business Units/Services Units in a set of standardised reports. It consolidates and verifies this information so that it can be used in the overall management of the Group and disclosed to third parties (supervisory bodies, investors, etc.). It also has a team in charge of the preparation of the Group regulatory reports.
• In the framework of these missions, it is in charge of:
  • -monitoring the financial aspects of the Group’s capital transactions and its financial structure,
  • -managing its assets and liabilities, and consequently defining, managing and controlling the Group’s financial position and structural risks,
  • -ensuring that the regulatory financial ratios are respected,
  • -defining accounting and regulatory standards, frameworks, principles and procedures for the Group, and ensuring that they are observed,
  • -verifying the accuracy of all financial and accounting data published by the Group;
• ■the Finance Departments of subsidiaries and Business Units/Services Units carry out certification of the accounting data and entries booked by the back offices and of the management data submitted by the front offices. They are accountable for the financial statements and regulatory information required at the local level and submit reports (accounting data, finance control, regulatory reports, etc.) to the Group Finance Department. They can perform these activities on their own or else delegate their tasks to Shared Service Centers operating in finance and placed under Group Finance Department governance;
• ■the Risk Department consolidates the risk monitoring data from the Group’s Business Units/Services Units and subsidiaries in order to control credit, market and operational risks. This information is used in Group communications to the Group’s governing bodies and to third parties. Furthermore, it ensures in collaboration with the Group Finance Department, its expert role on the dimensions of credit risk, structural liquidity risks, rates, exchange rates, on the issues of recovery and resolution and the responsibility of certain closing processes, notably the production of solvency ratios;
• ■the Back offices are responsible for all support functions to front offices and ensure contractual settlements and deliveries. Among other responsibilities, they check that financial transactions are economically justified, book transactions and manage means of payment.

Local financial statements are drawn up in accordance with local accounting standards, and the consolidated Group financial statements are prepared in accordance with the standards defined by the Group Finance Department, which are based on IFRS as adopted by the European Union.

The applicable standards on solvency and liquidity, promulgated by the Basel Committee, were translated into European law by a directive (CRD4) and a regulation (CRR). They were rounded out by the Regulation CRR2 and the Directive CRD5 which entered into force on 28 June 2019. These texts are supplemented by several delegated acts and implementation technical standards. As the Societe Generale Group is identified as a “financial conglomerate”, it is subjected to additional supervision.

The Group Finance Department has dedicated teams that monitor the applicable standards and draft new internal standards to comply with any changes in the accounting and regulatory framework.

Each entity in the consolidation scope of the Group prepares its own accounting and management statements on a monthly basis. This information is then consolidated each month at Group level and published for the markets on a quarterly basis. Data reported are subject to analytical reviews and consistency checks performed by Finance Department or delegated to financial shared service centers acting under their responsibility and sent to the Group Finance Department. The Group Finance Department forwards the consolidated financial statements, Management Reports and regulatory statements to General Management and any interested third parties.

Accounting data are compiled independently of the front offices and the sales teams.

The quality and objectivity of the accounting and management data are ensured by the separation of sales functions and all the functions of operational processing and follow-up of the operations: back offices and middle offices integrated into the Resources Department and teams in charge of producing the financial reports that are housed in the Finance Department. These teams carry out a series of controls defined by Group procedures on financial and accounting data, in particular:

• ■verification of the economic justification of all information reported;
• ■reconciliation of accounting and management data, using specific procedures, respecting the specified deadlines;
• ■for market activities, reconciliation between the accounting result, produced by the Finance Department and the economic result, produced by a dedicated expert department in the Risk Department.

Given the increasing complexity of the Group’s financial activities and organisation, staff training and IT tools are regularly upgraded to ensure that the production and verification of accounting and management data are effective and reliable.

In practice, the internal control procedures implemented in the Group’s businesses are designed to guarantee the quality of financial and accounting information, and notably to:

• ■ensure that the transactions entered in the Group’s accounts are exhaustive and accurate;
• ■validate the valuation methods used for certain transactions;
• ■ensure that transactions are correctly assigned to the corresponding fiscal period and recorded in the accounts in accordance with the applicable accounting regulations, and that the accounting aggregates used to prepare the Group financial statements are compliant with the regulations in force;
• ■ensure the inclusion of all entities that must be consolidated in accordance with Group regulations;
• ■check that the operational risks associated with the production and transmission of accounting data through the IT system are correctly controlled, that the necessary adjustments are accurately performed, that the reconciliation of accounting and management data is satisfactory, and that the flows of cash payments and other items generated by transactions are exhaustive and adequate.

The Finance Department of each subsidiary checks the accuracy and consistency of the financial statements with respect to the relevant accounting frameworks (local standards and IFRS for subsidiaries, as well as French standards for branches). It performs checks to guarantee the accuracy of the information disclosed.

The financial data received for consolidation from each subsidiary are drawn from corporate accounting data by the subsidiaries after they have been locally brought into line with Group accounting principles.

Each subsidiary must be able to explain the transition from the Company financial statements to the financial statements reported through the consolidation tool.

The Finance Departments of the Business Units/Services Units have a dedicated department for financial management and control.

The Finance Departments also rely on shared service centers that perform Level 1 controls necessary to ensure the reliability of accounting, tax and regulatory information on the financial statements they produce in accordance with local and IFRS standards and notably data quality and consistency checks (equity, securities, foreign exchange, financial aggregates from the balance sheet and income statement, deviations from standards), justification and certification of the financial statements under their responsibility, intercompany reconciliation of the financial statements, regulatory statement checks and verification of evidence of tax charges and balances (current, deferred and duties).

These controls are declared as part of the managerial supervision and Group accounting certification processes.

These controls allow the shared services centres to provide all necessary information to the Finance Departments of Business Units/Services Units and the Group Finance and Accounting Department to ensure the reliability and consistency of the accounts prepared.

These shared service centres are located in Paris, Bangalore and Bucharest.

The operational staff monitor their activity via a permanent supervision process under the direct responsibility of their management teams, repeatedly verifying the quality of the controls carried out on completeness of accounting data and the associated accounting treatment.

Once the financial statements prepared by the entities have been restated according to Group standards, they are entered into a central database and processed to produce the consolidated statements.

The service in charge of consolidation in the Group Accounting Department checks that the consolidation scope complies with the applicable accounting standards and performs multiple checks on data received for consolidation purposes. These checks include:

• ■confirmation that the data collected are properly aggregated;
• ■verification of recurring and non-recurring consolidation entries;
• ■exhaustive treatment of critical points in the consolidation process;
• ■treatment of any residual differences in reciprocal or intercompany statements.

Last, this service ensures that the overall consolidation process has been conducted properly by performing analytical reviews of the summary data and verifying the consistency of the main aggregates of the financial statements. These checks are complemented by cross-functional analysis such as analysis of changes in shareholders’ equity, goodwill, provisions and consolidated deferred taxes.

A team in this department is in charge of managing and coordinating the Group accounting certification framework to certify first-level controls on a quarterly basis (internal control certification).

The Group Finance Department has also a dedicated team, it which is responsible for ensuring second-level permanent controls on all Finance processes and for implementing the framework within the Group. Its mission is to ensure the effectiveness, quality and relevance of the Level 1 control framework by assessing it through process or activity reviews, testing controls and quarterly certifications. The team, reporting directly to the Group Finance Department, also  functionally reports to the Head of Internal Control Coordination of Societe Generale Group. 

Internal Audit and the General Inspection define their audits and inspections using a risk-based approach and define an annual work program (Inspection and Audit plan schedule – plan de tournée). As part of their assignments, teams may verify the quality of the control environment contributing to the quality of the accounting and management data produced by the audited entities. They may check a certain number of accounts and assess the reconciliations between accounting and management data, as well as the quality of the permanent supervision procedures for the production and control of accounting data. They also assess the performance of IT tools and the accuracy of manual processing.

The department in charge of auditing the Group’s Central Departments is responsible for auditing the Group Finance Department. Within that Department, a distinct team, placed under the responsibility of a dedicated Audit Business Correspondent, monitors and animates audit work related to accounting and financial matters on a Group-wide basis. The team provides expertise in identifying the Group’s main accounting risks and develops training sessions and methodologies to help share expertise in the auditing of accounting risks.

Audit missions carried out by IGAD contribute to the reliability of the Group’s accounting information, as well as its subsidiaries.

Based on their findings, these teams issue recommendations to the parties involved in the production and control of accounting, financial and management data. Departments being assigned these recommendations are responsible for their implementation. A monitoring is performed by IGAD.

Since January 2014, Societe Generale has been applied the new Basel III regulations implemented in the European Union through a regulation and a directive (CRR and CRD respectively).

The general framework defined by Basel III is structured around three pillars:

• ■Pillar 1 sets the minimum solvency, leverage and liquidity requirements and defines the rules that banks must use to measure risks and calculate the related capital requirements, according to standard or more advanced methods;
• ■Pillar 2 concerns the discretionary supervision implemented by the competent authority, which allows them – based on a constant dialogue with supervised credit institutions – to assess the capital adequacy calculated in accordance with Pillar 1, and to calibrate additional capital requirements taking into account all the risks faced by these institutions;
• ■Pillar 3 promotes market discipline by developing a set of reporting requirements, both quantitative and qualitative, that allow market participants to better assess the capital, risk exposure, risk assessment procedures and hence the capital adequacy of a given institution.

Several amendments to European regulatory standards were adopted in May 2019 (CRR2/CRD5). The majority of the provisions came into effect in June 2021.

The amendments concern in particular the following items:

• ■Leverage ratio: the minimum requirement of 3% to which will be added since January 2023, 50% of the buffer required as a systemic institution;
• ■Derivatives counterparty risk  (SA-CCR(1)): the “SA-CCR” method is the Basel method replacing the old CEM(2) method for determining the prudential exposure on derivatives under the standardised approach;
• ■Large Exposure: the main change is the calculation of the regulatory limit (25%) on Tier 1 capital (instead of total capital), as well as the introduction of a specific cross-limit on systemic institutions (15%);
• ■TLAC: the ratio requirement for G-SIB is introduced in CRR. According to the Basel text, G-SIBs must comply with an amount of capital and eligible debt equal to the highest between 18% + risk-weighted assets buffers and 6.75% leverage since 2022.

In December 2017, the Group of Central Bank Governors and Heads of Banking Supervision (GHOS), which oversees the Basel Committee on Banking Supervision, approved regulatory reforms to complement Basel 3.

The transposition into European law of the finalisation of Basel 3 in CRR3 and CRD6 was completed at the end of 2023. The new rules will apply from 1 January 2025.

One of the main novelties is the introduction of a global output floor: the Group’s risk-weighted assets (RWA) will be applied a floor corresponding to a percentage of the sum of the individual risk types (credit, market and operational) computed according to the standard method. The output floor level will gradually increase from 50% in 2025 to 72.5% in 2030.

Regarding FRTB, for the SA-Standard Approach: the reporting has been effective since the third quarter of 2021. The full implementation of FRTB, including the rules on the boundary between the banking and trading portfolio, should be aligned with the entry into force of CRR3. Nevertheless, the EU legislators reserve the right to postpone this application (up to 2 years) depending on how it is applied in other jurisdictions (in particular the US).

As part of the management of its capital management, the Group ensures, under the monitoring of the Finance Department and the control of the Risk Department, that its solvency level is always compatible with the following objectives:

• ■maintaining its financial strength while respecting risk Appetite;
• ■maintaining its financial flexibility to its internal and external development;
• ■appropriate allocation of capital between its various business lines in accordance with the Group’s strategic objectives;
• ■maintaining the Group’s resilience in the event of stress scenarios;
• ■meeting the expectations of its various stakeholders: supervisors, debt and capital investors, rating agencies, and shareholders.

The Group therefore determines its internal solvency target, in accordance with these objectives and compliance with regulatory thresholds.

The Group has an internal capital adequacy assessment process that measures and explains changes in the Group’s capital ratios over time, taking into account future regulatory constraints where appropriate.

This process is based on a selection of key metrics that are relevant to the Group in terms of risk and capital measurement, such as CET1, Tier 1 and Total Capital ratios. These regulatory indicators are supplemented by an assessment of the coverage of internal capital needs by available internal capital and thus confirming via an economic perspective, the relevance of the targets set in the risk appetite. Besides, this assessment takes into account the constraints arising from the other metrics of the risk appetite, such as rating, MREL and TLAC or leverage ratio.

All of these indicators are measured on a forward-looking basis in relation to their target on a quarterly or even monthly basis for the current year. During the preparation of the financial plan, they are also assessed on an annual basis over a minimum of three-year horizon according to at least a baseline and adverse scenarios, in order to demonstrate the resilience of the bank’s business model against adverse macroeconomic and financial uncertain environments. Capital adequacy is continuously monitored by the Executive Management and by the Board of Directors as part of the Group’s corporate governance process and is reviewed in depth during the preparation of the financial plan. It ensures that the bank always complies with its financial target and that its capital level is above the “Maximum Distributable Amount” (MDA) threshold.

Besides, the Group maintains a balanced capital allocation among its three strategic core businesses:

• ■French Retail Banking;
• ■International Retail Banking and Mobility & Leasing Services;
• ■Global Banking and Investor Solutions.

Each of the Group’s core businesses accounts for around a third of total Risk-Weighted Assets (RWA), with a predominance of credit risk (84% of total Group RWA, including counterparty credit risk).

At 31 December 2023, Group RWA were up by 8% to EUR 389 billion, compared with EUR 362 billion at end-December 2022.

The trend traced by the business lines’ RWA lies at the core of the operational management of the Group’s capital trajectory based on a detailed understanding of the drivers of variations. Where appropriate, the General Management may decide, upon a proposal from the Finance Department, to implement managerial actions to increase or reduce the share of the business lines, for instance by validating the execution of synthetic securitisation or of disposals of performing or non-performing portfolios. The Group Capital Committee and the capital contingency plan provide General Management with framework analysis, governance and several levers in order to adjust the capital management trajectory.

The Group’s prudential reporting scope includes all fully consolidated entities according to accounting rules except for insurance entities, which are subject to separate capital supervision.

Whenever relevant, subsidiaries may be excluded from prudential reporting scope notably if the sum of balance sheet and off balance sheet commitments are lower than EUR 10 million or 1% of the total balance sheet and off balance sheet of the legal entity owning the equity. Legal entities excluded from the prudential reporting scope are subject to periodic reviews, at least annually.

All regulated entities of the Group comply with their prudential commitments on an individual basis.

The following table provides the main differences between the accounting scope (consolidated Group) and the prudential scope (Banking Regulation requirements).

The following table provides a reconciliation between the consolidated balance sheet and the accounting balance sheet within the prudential scope.The amounts presented are accounting data, not a measure of RWA, EAD or prudential capital. Prudential filters related to entities and holdings not associated with an insurance activity are grouped together on account of their non-material weight (< 0.1%).

The main Group companies outside the prudential reporting scope are as follows:

All regulated Group undertakings are generally subject to solvency requirements set by their respective supervisory authorities. Regulated financial entities and  regulated affiliates outside of Societe Generale’s prudential consolidation scope all comply with their respective solvency requirements. As a general principle, all banks should be under a double supervision, on a standalone basis and on a consolidated basis, but the CRR allows, under specific conditions, waivers from the requirements on an individual basis granted by the competent authorities.

The supervisory authority accepted that some Group entities within the same member state may be exempted from the application of prudential requirements on an individual basis or, where applicable, on a sub-consolidated basis. Terms and conditions of waiver of requirements granted by supervisors include a commitment to provide these subsidiaries with the Group’s support to ensure their overall solvency and liquidity, as well as a commitment to ensure that they are managed prudently according to the applicable banking regulations.

The conditions for applying waivers regarding monitoring on an individual basis for a parent company, as far as solvency and large exposure ratios are concerned, are defined by the CRR, which stipulates that two conditions have to be met:

• ■there is no significant obstacle, in law or in fact, current or anticipated, to the prompt transfer of equity capital or the rapid repayment of liabilities to the parent company in a member state;
• ■the risk assessment, measurement and control procedures that are useful for the purposes of supervision on a consolidated basis cover the subsidiary in a Member State.

Accordingly, for instance, Societe Generale SA is not subject to prudential requirements on an individual basis.

Any transfer of equity or repayment of liabilities between the parent company and its entities is carried out in compliance with capital and liquidity requirements that are locally applicable. The obligation to comply with such requirements may affect the capacity of subsidiaries to transfer funds to the parent company. Every year, in compliance with local capital and liquidity regulatory requirements, the Group reviews the capitalisation of its subsidiaries (direct and indirect) and proposals for appropriation of their allocating their net income (payment of dividends, retained earnings, etc.). In addition, the Group studies requests from its subsidiaries relating to changes in their equity or eligible liabilities (capital increases or decrease, distributions of exceptional dividends, loan issues or repayments). These reviews and studies show that, as long as subsidiaries comply with their regulatory constraints, there is no significant obstacle to transfer funds from Societe Generale to them or vice versa.

The financing process of subsidiaries within the Group allows rapid repayments of loans between the parent company and its subsidiaries.

The outline of the differences in the scopes of consolidation (entity byentity) is available on the website www.societegenerale.com, section“Universal Registration Document, Pillar 3” This informationcorresponds to table LI3 of EBA instructions (EBA/ITS/2020/04).

Reported in accordance with International Financial Reporting Standards (IFRS), Societe Generale’s regulatory capital consists of the following components:

According to the applicable regulations, Common Equity Tier 1 capital is made up primarily of the following:

• ■ordinary shares (net of repurchased shares and treasury shares) and related share premium accounts;
• ■retained earnings;
• ■components of other comprehensive income;
• ■other reserves;
• ■minority interests limited by CRR/CRD.

Deductions from Common Equity Tier 1 capital essentially involve the following:

• ■estimated dividend payments;
• ■goodwill and intangible assets, net of associated deferred tax liabilities;
• ■unrealised capital gains and losses on cash flow hedging;
• ■income on own credit risk;
• ■deferred tax assets on tax loss carryforwards;
• ■deferred tax assets on refundable tax credit;
• ■deferred tax assets resulting from temporary differences beyond a threshold;
• ■assets from defined benefit pension funds, net of deferred taxes;
• ■any positive difference between expected losses on customer loans and receivables managed under the internal ratings-based (IRB) approach, and the sum of related value adjustments and collective impairment losses;
• ■Pillar 1 NPL backstop;
• ■value adjustments resulting from the requirements of prudent valuation;
• ■securitisation exposures weighted at 1,250%, when these positions are excluded from the calculation of RWA.

According to CRR/CRD regulations, Additional Tier 1 capital is made up of deeply subordinated notes that are issued directly by the Bank, and have the following features:

• ■these instruments are perpetual and constitute unsecured, deeply subordinated obligations. They rank junior to all other obligations of the Bank, including undated and dated subordinated debt, and senior only to common stock shareholders;
• ■Societe Generale may elect, on a discretionary basis, not to pay the interest and coupons linked to these instruments. This compensation is paid out of distributable items;
• ■they include neither a step-up in compensation nor any other incentive to redeem;
• ■they must have a loss-absorbing capacity;
• ■they might be haircut or converted when in resolution or independently of a resolution measurement;
• ■subject to the prior approval of the European Central Bank, Societe Generale has the option to redeem these instruments at certain dates, but no earlier than five years after their issuance date.

Deductions of Additional Tier 1 capital essentially apply to the following:

• ■AT1 treasury shares;
• ■holding of AT1 hybrid shares issued by financial sector entities;
• ■minority interests beyond the minimum T1 requirement in the entities concerned.

Tier 2 capital includes:

• ■subordinated notes;
• ■any positive difference between the sum of value adjustments and impairment losses on customer loans and receivables exposures managed under the IRB approach and expected losses, up to 0.6% of total credit RWA under the IRB approach;
• ■value adjustments for credit risk related to collective impairment losses on customer loans and receivables exposures managed under the standardised approach, up to 1.25% of total credit RWA.

Deductions of Tier 2 capital essentially apply to the following:

• ■Tier 2 hybrid treasury shares;
• ■holding of Tier 2 hybrid shares issued by financial sector entities;
• ■minority interests beyond the minimum capital requirement in the entities concerned.

All capital instruments and their features are detailed online (www.societegenerale.com/en/measuring-our-performance/information-and-publications/registration-documents).

The solvency ratios are set by comparing the Group’s equity (Common Equity Tier 1 (CET1), Tier 1 (T1) or Total Capital (TC)) with the sum of risk-weighted exposures for credit risk and the capital requirement multiplied by 12.5 for market and operational risks.

Each quarter, the ratios are calculated following the accounting closing and then compared to the supervisory requirements.

The Pillar 1 regulatory minimum capital requirement is set at 4.5% for CET1, 6% for T1 and 8% for Total Capital. This minimum remains stable over time.

The minimum Pillar 2 requirement (P2R) is set by the supervisor following the Supervisory Review and Evaluation Process (SREP). It has been standing at 2.14% until 31 December 2023. Starting from January 1st, 2024, this level will stand at 2.42% including the additional requirement regarding Pillar 2 prudential expectations on the provisioning of non-performing loans granted before 26 April 2019.

In addition to these requirements comes the overall buffer requirement which is the sum of:

• ■the mean of the countercyclical buffer rates of each country, weighted by the relevant credit risk exposures in these countries. As of 1 January 2024, Societe Generale’s countercyclical buffer is equal to 0.78%;
• ■the conservation buffer in force since 1 January 2016 with a maximum level standing at 2.50% since 1 January 2019;
• ■the Group’s G-SIB buffer imposed by the Financial Stability Board (FSB), which is equal to 1%.

As at 31 December 2023, taking into account the combined regulatory buffers, the phased-in CET1 ratio level that would trigger the Maximum Distributable Amount (MDA) mechanism stands at 9.76%. It will stand at 10.22% from 1 January 2024.

The solvency ratio as at 31 December 2023 stood at 13.1% in Common Equity Tier 1 (13.5% at 31 December 2022) and 15.6% in Tier 1 (16.3% at 31 December 2022) for a total ratio of 18.2% (19.3% at 31 December 2022).

Group shareholders’ equity at 31 December 2023 totalled EUR 65.9 billion (compared with EUR 66.4 billion at 31 December 2022).

After taking into account non-controlling interests and regulatory adjustments, CET1 regulatory capital was EUR 51.1 billion at 31 December 2023, vs. EUR 48.6 billion at 31 December 2022. The Additional Tier One deductions mainly regard authorisations to buy back own Additional Tier 1 capital instruments as well as subordinated bank and insurance loans issued by the Group.

The prudential deductions and restatements included in the “Other” category essentially involve the following:

• ■any positive difference between expected losses on customer loans and receivables managed under the internal ratings-based (IRB) approach, and the sum of related value adjustments and impairment losses;
• ■Pilier 1 NPL backstop;
• ■unrealised gains and losses on cash flow hedges;
• ■assets from defined benefit pension funds, net of deferred taxes;
• ■securitisation exposures weighted at 1,250%, when these positions are excluded from the calculation of RWA.

The Basel III Accord has established the rules for calculating minimum capital requirements in order to more accurately assess the risks to which banks are exposed, taking into account the risk profile of transactions via two approaches intended for determining RWA: a standardised approach and an advanced one based on internal methods modelling the counterparties’ risk profiles.

2022 figures have been restated, in compliance with IFRS 17 and IFRS 9 for insurance entities

As at 31 December 2023, RWA (EUR 388.8 billion) were distributed as follows:

• ■credit and counterparty credit risks accounted for 84% of RWA (of which 37% for International Retail Banking and Financial Services);
• ■market risk accounted for 3% of RWA (of which 83% for Global Banking and Investor Solutions);
• ■operational risk accounted for 13% of RWA (of which 58% for Global Banking and Investor Solutions).

REVOIR LA POSITION DES MONTANTS DES 2 DERNIERES LIGNES / CELA DEVRAIT ETRE AU MILIEU DES COLONNES IRB ET STANDARD

The Total Loss Absorbing Capacity (TLAC) requirement which applies to Societe Generale is 18% of RWA since 1 January 2022, to which the conservation buffer of 2.5%, the G-SIB buffer of 1% and the countercyclical buffer must be added. As at 31 December 2023, the TLAC requirement thus stood at 22.06% of Group RWA.

The TLAC rule also provides for a minimum ratio of 6.75% of the leverage exposure January 2022.

As at 31 December 2023, Societe Generale reached a phased-in TLAC ratio of 28.4% excluding senior preferred debts. The phased-in ratio stands at 31.9% of RWA when considering the possibility to account for senior preferred debts up to 3.5% of RWA.

The TLAC ratio expressed as a percentage of leverage exposure is 8.7%.

Quantitative information on the TLAC ratio can be found in Chapter 1 (summary) and Section 5.10 (detail).

The Minimum Requirement for own funds and Eligible Liabilities (MREL) has applied to credit institutions and investment firms within the European Union since 2016.

Contrary to the TLAC ratio, the MREL requirement is tailored to each institution and regularly revised by the resolution authority. This requirement amounts to 25.7% in 2023. Throughout the year, Societe Generale complied with its requirements while MREL ratio as a percentage of RWA stands at 33.7% at the end of 2023.

Moreover, the MREL requirement as a percentage of leverage exposure amounts to 5.91% while the ratio stands at 9.2% at the end of 2023.

The Group calculates its leverage ratio according to the CRR2 rules applicable since June 2021.

Managing the leverage ratio means both calibrating the amount of Tier 1 capital (the numerator of the ratio) and controlling the Group’s leverage exposure (the denominator of the ratio) to achieve the target ratio levels that the Group sets for itself. To this end, the leverage exposure of the different businesses is monitored by the Finance Division.

The Group aims to maintain a consolidated leverage ratio that is significantly higher than the 3.5% minimum set in the Basel Committee’s recommendations, implemented in Europe via CRR2, including a fraction of the systemic buffer which is applicable to the Group.

At 31 December 2023, the leverage ratio of Societe Generale stood at 4.25% taking into account a Tier 1 capital amount of EUR 60.5 billion compared with a leverage exposure of EUR 1,422 billion (versus 4.37% at 31 December 2022, with EUR 58.7 billion and EUR 1,345 billion, respectively).

The CRR incorporates the provisions regulating large exposures. As such, Societe Generale must not have any exposure towards a single beneficiary which exceeds 25% of the Group’s capital.

The final rules of the Basel Committee on large exposures, transposed in Europe via CRR2, have been applicable since June 2021. The main changes compared with CRR reside in the calculation of the regulatory limit (25%), henceforth expressed as a proportion of Tier 1 (instead of cumulated Tier 1 and Tier 2), and in the introduction of a cross-specific limit on systemic institutions (15%).

The Societe Generale Group, also identified as a “Financial conglomerate”, is subject to additional supervision from the ECB.

At 31 December 2023, Societe Generale’s financial conglomerate equity covered the solvency requirements for both banking and insurance activities.

At 30 June 2023, the financial conglomerate ratio was 139%, consisting of a numerator “Own funds of the Financial Conglomerate” of EUR 79.4 billion, and a denominator “Regulatory requirement of the Financial Conglomerate” of EUR 56.9 billion.

As at 31 December 2022, the financial conglomerate ratio was 144%, consisting of a numerator “Own funds of the Financial Conglomerate”of EUR 75.5 billion, and a denominator “Regulatory requirement of the Financial Conglomerate” of EUR 52.3 billion.