Group concise risk statement

Societe Generale seeks a sustainable development based on a diversified and balanced banking model with a strong European foothold and a global presence targeted on a few areas of strong business expertise. Risk appetite is declined in a global strategy which fulfills the following targets: 

  • CET 1 ratio at 13% in 2026, under Basel IV;
  • average annual revenue growth between 0% and 2% over 2022-2026;
  • increased operational efficiency with cost-to-income ratio below 60% in 2026;
  • return on tangible equity (ROTE) between 9% and 10% in 2026;
  • best standards of risk monitoring with a NCR comprised between 25 and 30 bps on 2024-2026, and a non performing loan rate between 2,5% and 3% in 2026;
  • maintaining a robust liquidity profile with an LCR superior or equal to 130% on 2024-2026 and a NSFR superior or equal to 112% on 2024-2026.

At 31 December 2023, the indicators of the Group’s risk appetite in terms of solvency, credit risk, market risk, operational risk and structural risks were within the risk appetite levels defined by the Group. They have not reached the tolerance thresholds defined by the Board.

1.1Financial strength profile

In 31 December 2023, the Group complies with all regulatory requirements relating to solvency.

Concerning the internal economic approach of the ICAAP, the rate of coverage of the Group's internal capital requirement by the internal capital the end of 2023 is greater than 100% and respects the risk appetite validated by the Board

Solvency ratios (In %)
SOC2024_PILIER_3_EN_H008_HD.png

1.2Credit risk and counterparty credit risk

CHANGE IN WEIGHTED EXPOSURE FROM EUR 298 bn to EUR 323 bn (in MEUR)
SOC2024_PILIER_3_EN_H006_HD.png

1.3Operational risk

As of 31 December 2023, operational risk-weighted exposures represented EUR 50.1 billion, up to 8.9% compared to the end of 2022 (EUR +4.1 billion). This evolution is mainly explained by Lease Plan integration. These weighted exposures are mainly determined using the internal model (91% of the total). 

Operational risk losses breakdown by risk event type (in value)
SOC2024_PILIER_3_EN_H005_HD.png

1.4Market risk

These weighted exposures amounted to EUR 12.5 billion at the end of 2023. Capital requirements for market risk decreased in 2023. This decrease is mainly reflected in VaR and capital add-ons, partially offset by an increase in risks calculated using the standard approach:

  • the VaR capital requirement gradually decreased in 2023, mainly due to the decrease in the multiplier factor following the steady decline in the number of backtesting breaches in a rolling year;
  • capital add-ons decreased, mainly due to the reserve variability, which is calculated over a 3-year rolling window and which has benefited from the gradual exit of the high variation scenarios of the Reserve Policies observed in 2020 during the COVID crisis;
  • the risks calculated in the standard approach are increasing mainly due to the risks assessed for currency positions.
  • Market risk-weighted exposures are mainly determined using internal models (74% of the total at the end of 2023). 
Breakdown of market risk RWA by component as of 31.12.2023:
EUR 12.5BN vs. EUR 13.7BN as of 31.12.2022
SOC2024_PILIER_3_EN_H007_HD.png

1.5Structural risk - Liquidity

The increase in Société Générale's LCR between the end of 2022 and the end of 2023  is mainly due to additional cash raising in bond markets, with also a slight decrease in net cash outflows.

The increase in liquidity reserve of 37 billion EUR  to 316 billion EUR at the end of 2023 is mainly explained by an increase in central bank deposits (excluding reserve requirements) and level 1 liquid assets, these increases are the result of additional surges in the various funding markets (money market and bond market). 
 

LCR ratio
SOC2024_PILIER_3_EN_H012_HD.png

1.6Structural risk - Rates

In a parallel schock scenario where the interest rates increase, the impact of the changes of EVE (economic value of equity) in 2023 is -1,821 EUR million and 621 EUR million on interest margin. On the contrary, in a parallel schock scenario where the interest rates decrease,  the impact of the changes of EVE (economic value of equity) in 2023 is -1,231 EUR million and -741 EUR million on interest margin.

(See details  of Chapter 11 "Structural Interest Rate ans Exchange Rate Risks). 

Table 3: Interest rate risk of non-trading book activities (IRRBB1)

(In EURm)

31.12.2023

Changes of the economic value
 of equity (EVE)

Changes of the net interest income (NII)

Supervisory shock scenarios

 

 

1

Parallel up

(1,821)

621

2

Parallel down

(1,231)

(741)

3

Steepener

1,621

 

4

Flattener

(2,110)

 

5

Short rates up

(1,890)

 

6

Short rates down

2,223

 

(In EURm)

31.12.2022(R)

Changes of the economic value
 of equity (EVE)

Changes of the net interest income (NII)

Supervisory shock scenarios

 

 

1

Parallel up

(1,914)

 375

2

Parallel down

(133)

(1,102)

3

Steepener

2,023

 

4

Flattener

(2,530)

 

5

Short rates up

(2,425)

 

6

Short rates down

2,527

 

(R) restatement STE IRRBB.

1.7Significant operations in 2023

Societe Generale, ALD’s majority shareholder, finalized the acquisition of 100% of LeasePlan’s capital by its subsidiary from a consortium led by TDR Capital in May. The combination of ALD and LeasePlan, now Ayvens, two leading players in the sector, is designed to create the world leader in sustainable mobility solutions. The impact of this acquisition on the CET1 capital ratio of the Société Générale group was around 40 basis points.

In addition, the Group remains fully committed to the Vision 2025 project to review the network of Societe Generale and Crédit du Nord branches.

Finally, the creation of the Bernstein joint venture with AllianceBernstein in cash and equity research activities is progressing well. The completion of the transaction remains subject to the required regulatory approvals. The capital impact is estimated at less than 10 basis points at the completion date of the transaction, expected in the first half of 2024.

1.8Key Figures

Table 4: Key metrics (KM1)

(In EURm)

31.12.2023

30.09.2023

30.06.2023

31.03.2023

31.12.2022

Available own funds (amounts)

1

Common Equity Tier 1 (CET1) capital

51,127

50,638

49,957

48,333

48,639

2

Tier 1 capital

60,510

60,782

60,995

59,262

58,727

3

Total capital

70,846

71,043

71,493

69,398

69,724

Risk-weighted exposure amounts

 

 

4

Total risk-weighted assets

388,825

384,226

385,011

361,043

360,465

Capital ratio (as a percentage of risk-weighted amounts)

 

 

5

Common Equity Tier 1 ratio (%)

13.15%

13.18%

12.98%

13.39%

13.49%

6

Tier 1 ratio (%)

15.56%

15.82%

15.84%

16.41%

16.29%

7

Total capital ratio (%)

18.22%

18.49%

18.57%

19.22%

19.34%

Additional own funds requirements to address risks other than the risk of excessive leverage 
(as a percentage of risk-weighted exposure amount)(1)

 

 

EU 7a

Additional own funds requirements to address risks other than the risk of excessive leverage (%)

2.14%

2.14%

2.14%

2.14%

2.12%

EU 7b

of which to be made up of CET1 capital (%)

1.20%

1.20%

1.20%

1.20%

1.19%

EU 7c

of which to be made up of Tier 1 capital (%)

1.60%

1.60%

1.60%

1.60%

1.59%

EU 7d

Total SREP own funds requirements (%)

10.14%

10.14%

10.14%

10.14%

10.12%

Combined buffer requirement (as a percentage of risk-weighted exposure amount)

 

 

8

Capital conservation buffer (%)

2.50%

2.50%

2.50%

2.50%

2.50%

EU 8a

Conservation buffer due to macro-prudential or systemic risk identified at the level of a Member State (%)

-

-

-

-

-

9

Institution-specific countercyclical capital buffer (%)

0.56%

0.56%

0.53%

0.23%

0.16%

EU 9a

Systemic risk buffer (%)

-

-

-

-

-

10

Global Systemically Important Institution buffer (%)

1.00%

1.00%

1.00%

1.00%

1.00%

EU 10a

Other Systemically Important Institution buffer

-

-

-

-

-

11

Combined buffer requirement (%)

4.06%

4.06%

4.03%

3.73%

3.66%

EU 11a

Overall capital requirements (%)

14.20%

14.20%

14.17%

13.87%

13.78%

12

CET1 available after meeting the total SREP own funds requirements (%)

7.45%

7.48%

7.27%

7.68%

7.80%

Leverage ratio

 

 

13

Leverage ratio total exposure measure(2)

1,422,247

1,467,589 

1,455,480

1,435,255

1,344,870

14

Leverage ratio (%)

4.25%

4.14%

4.19%

4.13%

4.37%

Additional own funds requirements to address risk of excessive leverage 
(as a percentage of leverage ratio total exposure exposure amount)

 

 

EU 14a

Additional own funds requirements to address the risk of excessive leverage (%)

-

-

-

-

EU 14b

of which to be made up of CET1 capital (%)

-

-

-

-

EU 14c

Total SREP leverage ratio requirements (%)(3)

3.00%

3.00%

3.00%

3.00%

3.00%

Leverage ratio buffer and overall leverage ratio

 

 

EU 14d

Leverage ratio buffer requirement (%)

0.50%

0.50%

0.50%

0.50%

-

EU 14e

Overall leverage ratio requirements (%)(3)

3.50%

3.50%

3.50%

3.50%

3.00%

Liquidity coverage ratio

 

 

15

Total high-quality liquid assets (HQLA) (Weighted value – average)

271,976

263,594 

257,650

251,709

246,749

EU 16a

Cash outflows – Total weighted value

332,805

391,411

420,693

428,006

413,693

EU 16b

Cash inflows – Total weighted value

153,387

199,289

249,992

259,253

233,039

16

Total net cash outflows (adjusted value)

171,220 

168,617

167,871

168,752

174,670

17

Liquidity coverage ratio (%)

159.31%

156.84%

154.00%

149.63%

141.41%

Net stable funding ratio

 

 

18

Total available stable funding

666,138 

654,781

651,437

621,713

617,491

19

Total required stable funding

560,850 

561,293 

575,937

542,352

543,549

20

NSFR ratio (%)

118.77%

116.66%

113.11%

114.63%

113.60%

  • ( 1 )The own funds requirement applicable to Societe Generale group in relation to Pillar 2 reaches 2.14% (of which 1.20% in CET1) until 31/12/2023 resulting in a total SREP own funds requirements of 10.14%.
  • ( 2 )Over the whole historical period considered, the measurement of the leverage exposure has been taking into account the option to exempt temporarily some central bank exposures in accordance with the European regulation.
  • ( 3 )The leverage ratio requirement applicable to Societe Generale group is 3.5% of which 3% of the Pillar 1 regulatory requirement and 0.5% related to OLRR cushions.

Risk factors

2.1Risk factors by category

This section identifies the main risk factors which, based on the Group's estimates, could have a significant effect on its business, profitability, solvency or access to financing.

Societe Generale has updated its risk typology as part of its internal risk management. For the purposes of this section, these different types of risks have been grouped into six main categories (4.1.1 to 4.1.6), in accordance with Article 16 of the Regulation (EU) 2017/1129, also known as “Prospectus 3” regulation of 14 June 2017, according to the main risk factors that the Group believes could impact the risk categories. Risk factors are presented based on an evaluation of their materiality, with the most material risks indicated first within each category.  

The diagram below illustrates how the categories of risks identified in the risk typology have been grouped into the six categories and which risk factors principally impact them.

SOC2024_PILIER_3_EN_H013_HD.png

2.1.1Risks related to the macroeconomic, geopolitical, market and regulatory environments

2.1.1.1The global economic and financial context, geopolitical tensions, as well as the market environment in which the Group operates, may adversely affect its activities, financial position and results.

As a global financial institution, the Group’s activities are sensitive to changes in financial markets and economic conditions in Europe, the United States and elsewhere around the world. The Group generates 40% of its business in France (in terms of net banking income for the financial year ended 31 December 2023), 38% in Europe, 8% in the Americas and 14% in the rest of the world. The Group could face significant worsening of market and economic conditions in particular resulting from crises affecting capital or credit markets, liquidity constraints, regional or global recessions and fluctuations in commodity prices, notably oil and natural gas. Other factors could explain such deteriorations, such as variations in currency exchange rates or interest rates, inflation or deflation, rating downgrades, restructuring or defaults of sovereign or private debt, or adverse geopolitical events (including acts of terrorism and military conflicts). In addition, the emergence of new pandemics such as Covid-19 cannot be ruled out. Such events, which can develop quickly and whose effects may not have been anticipated and hedged, could affect the Group’s operating environment for short or extended periods and have a material adverse effect on its financial position, the cost of risk and its results.

The economic and financial environment is exposed to intensifying geopolitical risks. The war in Ukraine, which began in February 2022, has sparked deep tensions between Russia and Western countries, impacting global growth, energy and raw materials prices, as well as the humanitarian situation. This has also prompted a large number of countries, particularly in Europe and the United States, to impose economic and financial sanctions on Russia. The war between Israel and Hamas, which began in October 2023, could have similar impacts or contribute to existing ones and pose a risk to the flow of goods and raw materials via the Suez Canal. The Group will continue to analyse in real time the global impact of these crisis and take necessary measures.

In Asia, relations between the US and China, China and Taiwan and China and the European Union are fraught with geopolitical and trade tensions, the relocation of production and the risk of technological fractures.

After a long period of low interest rates, the current inflationary environment is pushing the major central banks to raise interest rates. The entire economy has had to adapt to a context of higher interest rates. In addition to the impact on the valuation of equities, interest rate-sensitive sectors such as real estate are adjusting. The US Federal Reserve and the European Central Bank (ECB) are expected to maintain tight monetary conditions before starting to loosen them from 2024 onwards, as inflation recedes according to our forecasts.

The slowdown in economic activity could generate strong volatility on the financial markets and a significant drop in the price of certain financial assets, potentially leading to payment defaults, with consequences that are difficult to anticipate for the Group. In France, Group's main market , after the long period of low interest rates which fostered an upturn of the housing market, the ongoing reversal of activity in this area had an adverse effect on the Group’s asset value and on business by decreasing demand for loans and resulting in higher rates of non-performing loans. More generally, the higher interest rate environment in a context where public and private debts have tended to increase is an additional source of risk.

Considering the ensuing uncertainty, both in terms of duration and scale, these disruptions could persist throughout 2024 and have a significant impact on the activity and profitability of certain Group counterparties.

Recent attacks on merchant ships in the Bab-el-Mandeb strait, claimed by the Houthi movement, could also have an impact on gas and oil supplies, or on prices and delivery times.

In the longer term, the energy transition to a “low-carbon economy” could adversely affect fossil energy producers, energy-intensive sectors of activity and the countries that depend on them.

With the ALD/LeasePlan merger in 2023, the automotive sector represents a major exposure for the Group. It is currently undergoing major strategic transformations, including environmental (growing share of electric vehicles), technological, as well as competitive (arrival of Asian manufacturers in Europe on the electric vehicles market), the consequences of which could generate significant risks for the Group’s results and the value of its assets.

With regard to financial markets, the topic of non-equivalence of clearing houses (central counterparties, or CCPs) beyond 2025 remains a point that needs watching, with possible impacts on financial stability, notably in Europe, and therefore on the Group’s business. In addition, capital markets (including foreign exchange activity) and securities trading activities in emerging markets may be more volatile than those in developed markets and may also be vulnerable to certain specific risks such as political instability and currency volatility. These elements could negatively impact the Group’s activity and results.

The Group’s results are therefore exposed to the economic, financial, political and geopolitical conditions of the main markets in which the Group operates.

2.1.1.2The Group’s failure to achieve the strategic and financial targets disclosed to the market could have an adverse effect on its business and its results.

During its Capital Markets Day event, the Group presented its strategic plan, which is to :

  • be a rock-solid bank: streamline business portfolio, enhance stewardship of capital, improve operational efficiency, maintain best-in-class risk management;
  • foster high performance sustainable businesses: excel at what SG does, lead in ESG, foster a culture of performance and accountability.

This strategic plan is reflected in the following financial targets:

  • a robust CET 1 ratio of 13% in 2026 after the implementation of Basel IV;
  • average annual revenue growth of between 0% and 2% over the 2022-2026 period;
  • an improved cost-to-income ratio lower than 60% in 2026 and ROTE of between 9% and 10% in 2026;
  • a distribution rate between 40% and 50% of reported net income(1), applicable from 2023.

The Group is fully on track to achieving its strategic milestones:

  • the Group’s “Vision 2025” project involves a review of the network of branches resulting from the merger of Crédit du Nord and Societe Generale. Although this project has been designed to achieve controlled execution, the merger could have a short-term material adverse effect on the Group’s business, financial position and costs. The project could lead to some staff departures, requiring their replacement and training efforts that could potentially generate additional costs. The merger could also lead to the departure of some of the Group’s clients, resulting in loss of revenue;
  • Mobility and Leasing Services will leverage the full integration of LeasePlan by ALD to be a world leader in the mobility ecosystem. However, 2024 will be an intermediate period, with the implementation of gradual integrations. From 2025 onwards, the new entity will make the transition to the target business model, including the implementation and stabilisation of IT and operational processes. If the integration plan is not carried out as expected or within the planned schedule, this could have adverse effects on ALD, particularly by generating additional costs, which could have a negative impact on the Group’s activities and results.

The Group also announced in November 2022 the signing of a letter of intent with AllianceBernstein to combine the equity research and execution businesses in a joint venture to create a leading global franchise in these activities. This announcement was followed by the signature of an acquisition agreement in early February 2023.

The creation of the Bernstein joint venture with AllianceBernstein in cash and equity research is making good progress. The final documentation was signed on 2 November 2023, with a revised structure to accelerate completion of the transaction. At the closing date (expected in the first half of 2024), the joint venture will be organised under two separate legal entities, focusing respectively on North America and on Europe and Asia. The two entities will then be combined, subject to required regulatory approvals. This change should have no significant impact on the Group’s expected net contribution. The capital impact is estimated at less than 10 basis points on the closing date. The transaction remains fully aligned with the strategic priorities of our Global Banking and Investor Solutions franchise.

Societe Generale and Brookfield Asset Management announced on 11 September 2023 a strategic partnership to originate and distribute private debt investments.

The conclusion of final agreements on these strategic transactions depends on several stakeholders and, accordingly, is subject to a degree of uncertainty (legal terms, delays in the integration process of LeasePlan or in the merger of the Crédit du Nord agencies). More generally, any major difficulties encountered in implementing the main levers for executing the strategic plan, notably in simplifying business portfolios, allocating and using capital efficiently, improving operating efficiency and managing risks to the highest standards, could potentially weigh on Societe Generale’s share price.

Societe Generale has placed Environmental, Social and Governance (ESG) at the heart of its strategy in order to contribute to positive transformations in the environment and the development of local regions. In this respect, the Group has made new commitments during the Capital Market Day on 18 September 2023 such as:

  • an 80% reduction in upstream Oil & Gas exposure by 2030 vs. 2019; with a 50% reduction by 2025;
  • a EUR 1 billion transition investment fund with a focus on energy transition solutions and nature-based and impact-based projects supporting the UN’s Sustainable Development Goals.

Failure to comply with these commitments, and those that the Group may make in the future, could create legal and reputation risks. Furthermore, the rollout of these commitments may have an impact on the Group’s business model. Last, failure to make specific commitments, particularly in the event of changes in market practices, could also generate reputation and strategic risks.

2.1.1.3The Group is subject to an extended regulatory framework in each of the countries in which it operates. Changes to this regulatory framework could have a negative effect on the Group’s businesses, financial position and costs, as well as on the financial and economic environment in which it operates.

The Group is governed by the laws of the jurisdictions in which it operates. This includes French, European and US legislation as well as other local laws in light of the Group’s cross-border activities, among other factors. The application of existing laws and the implementation of future legislation require significant resources that could affect the Group’s performance. In addition, possible failure to comply with laws could lead to fines, damage to the Group’s reputation and public image, the suspension of its operations and, in extreme cases, the withdrawal of operating licences.

Among the laws that could have a significant influence on the Group:

  • several regulatory changes are still likely to significantly alter the framework for Market activities: (i) the strengthening of transparency conditions related to the implementation of the new requirements and investor protection measures (review of MiFID II/MiFIR, IDD, ELTIF (European Long-Term Investment Fund Regulation)), (ii) the implementation of the fundamental review of the trading book, or FRTB, which may significantly increase requirements applicable to European banks and (iii) possible relocations of clearing activities could be requested despite the European Commission’s decision of 8 February 2022 to extend the equivalence granted to UK central counterparties until 30 June 2025, (iv) the European Commission’s proposal to amend the regulation on benchmarks (European Parliament and EU Council, Regulation (EU) No. 2016/1011, 8 June 2016) with possible changes in scope and charges;
  • the adoption of new obligations as part of the review of the EMIR regulation (EMIR 3.0); in particular, the information requirements for European financial actors towards their customers, the equity options regime and the calibration of requirements for active account funding in a European Union central counterparty;
  • the implementation of technical standards (RTS) published by the European Banking Authority to clarify risk retention requirements to contribute to the development of a healthy, safe and sound securitisation market in the European Union published by the European Banking Authority on 12 April 2022;
  • the implementation of the new directive on credit agreements for consumers (Directive (EU) 2023/2225, 18 October 2023), which strengthens consumer protection;
  • the Retail Investment Strategy (RIS) presented by the European Commission on 24 May 2023, aimed at prioritisng the interests of retail investors and strengthening their confidence in the EU Capital Markets Union, including measures to regulate commission retrocessions in the case of non-advised transactions and to introduce a value-for-money test for investment products;
  • new legal and regulatory obligations could also be imposed on the Group in the future, such as the continuation in France of consumer protection measures weighing on retail banks, and the potential obligation at European level to open up access to banking data to third-party service providers;
  • the Commission’s proposal of 28 June 2023 for a regulation on the establishment of the digital euro, accompanying the initiatives taken by the ECB in this field;
  • the strengthening of data quality and protection requirements and a future strengthening of cyber-resilience requirements in relation to the adoption by the Council on 28 November 2022 of the European Directive and regulation package on digital operational resilience for the financial sector (DORA). Added to this is the transposition of the NIS 2 Directive (Network and Information Security Directive, published in the Official Journal of the EU on 27 December 2022) expected before 18 October 2024, which extends the scope of application of the initial NIS Directive;
  • the implementation of European regulatory frameworks related to due diligence under the so-called “CS3D” Directive proposal (Corporate Sustainability Due Diligence Directive), as well as to sustainable finance including the regulation on European green bonds, with an increase in non-financial reporting obligations, particularly under the CSRD Directive (Corporate Sustainability Reporting Directive), enhanced inclusion of environmental, social and governance issues in risk management activities and the inclusion of such risks in the supervisory review and assessment process (Supervisory Review and Evaluation Process, or SREP);
  • the implementation of the requirements of the French “Green Industry” law (Loi Industrie verte) (no. 2023-973 of 23 October 2023), which aims to green up existing industries;
  • new obligations arising from the Basel Committee’s proposed reform of banking regulations (the final text of Basel 3, also called Basel 4). This reform will be implemented in the European legislative corpus CRR (Regulation (EU) no. 575/2013) which, with a few exceptions, will become applicable on 1 January 2025, and CRD (Directive 2013/36/EU), which should be transposed into the applicable law of Member States no later than 18 months after its entry into force, i.e. by mid-2025;
  • the European Commission’s initiative, published on 18 April 2023, aiming to strengthen the framework for bank crisis management and deposit insurance (CMDI). This proposal could lead to wider use of the guarantee and resolution funds and increase the Group’s contributions to the guarantee and resolution funds;
  • European measures aimed at restoring banks’ balance sheets, notably through active management of Non-Performing Loans (NPLs), are leading to an increase in prudential requirements and require the Group to adapt its NPL management strategy. More generally, additional measures to define a best practices framework for loan origination (see the Loan origination guidelines published by the European Banking Authority) and loan monitoring could also have an impact on the Group. This new framework should ensure that newly granted loans are of high credit quality and contribute to reducing levels of non-performing loans in the future;
  • in 2023, the “Interest Rate Risk in the Banking Book” (IRRBB) guidelines published by the European Banking Authority in October 2022 have applied:
    • -since 30 June 2023 for the IRRBB part,
    • -since 31 December 2023 for the “Credit Spread Risk arising from non-trading Book Activities” (CSRBB) section, requiring banks to calculate and manage the impact of a change in Credit Spread on the Bank’s value and revenues;
  • in 2024, the following evolutions are expected:
    • -calculation and supervision of the Supervisory Outlier Test (SOT) for Net Interest Income (NII); this requirement has already been implemented by the Group,
    • -detailed reporting notably on IRRBB and CSRBB risks;
  • new obligations arising from a package of proposed measures announced by the European Commission on 20 July 2021 aiming to strengthen the European supervisory framework around anti-money laundering and combating the financing of terrorism (AML-CFT), as well as the creation of a new European agency to combat money laundering.

The Group is also subject to complex tax rules in the countries where it operates. Changes in applicable tax rules, uncertainty regarding the interpretation of certain evolutions or their effects may have a negative impact on the Group’s business, financial position and costs.

In the US, as the implementation of the Dodd-Frank Act nears completion, the Securities and Exchange Commission (SEC) has embarked on a complete regulatory overhaul of markets that covers the equity market structure, treasury markets and derivatives markets, among others, which could lead to significant changes in the way these markets operate, the cost of market participation and the competitive landscape, among others.

Moreover, as an international bank that handles transactions with US persons, denominated in US dollars, or involving US financial institutions, the Group is subject to US regulations relating in particular to compliance with economic sanctions, the fight against corruption and market abuse. More generally, in the context of agreements with US and French authorities, the Group largely implemented, through a dedicated programme and a specific organisation, corrective actions to address identified deficiencies and strengthen its compliance programme. In the event of a failure to comply with relevant US regulations, or a breach of the Group’s commitments under these agreements, the Group could be exposed to the risk of (i) administrative sanctions, including fines, suspension of access to US markets, and even withdrawals of banking licences, (ii) criminal proceedings, and (iii) damage to its reputation.

2.1.1.4Increased competition from banking and non-banking operators could have an adverse effect on the Group’s business and results, both in its French domestic market and internationally.

Due to its international activity, the Group faces intense competition in the international and local markets in which it operates from banking or non-banking actors alike. As such, the Group is exposed to the risk of not being able to maintain or develop its market share in its various activities. This competition may also lead to pressure on margins, which would be detrimental to the profitability of the Group’s activities.

Consolidation in the financial services industry could result in competitors bolstering their capital, resources and an ability to offer a broader range of financial services. In France and in the other main markets where the Group operates, the presence of major domestic banking and financial actors, as well as new market participants (notably neo-banks and online financial services providers), has increased competition for virtually all products and services offered by the Group. New market participants such as “fintechs” and new services that are automated, scalable and based on new technologies (such as blockchain) are developing rapidly and are fundamentally changing the relationship between consumers and financial services providers, as well as the function of traditional retail bank networks. Competition with these new actors may be exacerbated by the emergence of substitutes for central bank currency (crypto-currencies, digital central bank currency, etc.), which themselves carry risks.

Moreover, competition is also heightened by the emergence of non-banking actors that, in some cases, may benefit from a regulatory framework that is more flexible and in particular less demanding in terms of equity capital requirements.

To address these challenges, the Group has implemented a strategy, notably the development of digital technologies and the creatioin of commercial or equity partnerships with these new actors. In this context, the Group may have to make additional investments to be able to offer new innovative services and compete with these new actors. Tougher competition could, however, adversely impact the Group’s business and results, both on the French market and internationally.

2.1.1.5Environmental, social and governance (ESG) risks, particularly those involving climate change, could have an impact on the Group’s activities, results and financial situation in the short-, medium- and long-term

Environmental, social and governance (ESG) risks are defined as risks stemming from the current or prospective impacts of ESG factors on counterparties or invested assets of financial institutions. ESG risks are seen as aggravating factors to the traditional categories of risks (including credit risk, counterparty risk, market risk, non-financial risks, structural risks, business and strategy risks, other types of risk and other factors of risk). ESG risks are therefore likely to impact the Group’s activities, results and financial position in the short, medium and long-term.

The Group is consequently exposed to environmental risks, including climate change risks through certain of its financing, investment and service activities.

The Group could be exposed to physical risk resulting from a deterioration in the credit quality of its counterparties whose activity could be negatively affected by extreme climatic events or long-term gradual changes in climate, and through a decrease in the value of collateral received (particularly in the context of real estate financing in the absence of guarantee mechanisms provided by specialised financing companies). The Group could also be exposed to transition risk through the deterioration in the credit quality of its counterparties impacted by issues related to the process of transitioning to a low-carbon economy, linked for example to regulatory changes, technological disruptions or changes in consumer preferences.

Beyond the risks related to climate change, risks more generally related to environmental degradation (such as the risk of loss of biodiversity, water resources or pollution) are also aggravating factors to the Group’s risks. The Group could notably be exposed to credit risk on a portion of its portfolio, on back of lower profitability of some of its counterparties due, for example, to increasing legal and operating costs (due to the implementation of new environmental standards).

In addition, the Group is exposed to social risks, related for example to non-compliance by some of its counterparties with labour laws or workplace health and safety issues, which may trigger or aggravate reputation and credit risks for the Group.

Similarly, risks relating to governance of the Group’s counterparties and stakeholders (suppliers, service providers, etc.), such as an inadequate management of environmental and social issues, could generate credit and reputational risks for the Group.

Beyond the risks related to its counterparties or invested assets, the Group could also be exposed to risks related to its own activities. Hence, the Group is exposed to physical climate risk with respect to its ability to maintain its services in geographical areas affected by extreme events (floods, etc.).

The Group also remains exposed to specific social and governance risks, relating for example to the operational cost of implementation of regulations (in particular related to labour laws) and the management of its human resources.

All of these risks could have an impact on the Group’s business, results and reputation in the short, medium and long term.

2.1.1.6The Group is subject to regulations relating to resolution procedures, which could have an adverse effect on its business and the value of its financial instruments.

Directive 2014/59/EU of the European Parliament and of the Council of the European Union of 15 May 2014 (BRRD) and Regulation (EU) No. 806/2014 of the European Parliament and of the Council of the European Union of 15 July 2014 (the Single Resolution Mechanism, or “SRM”) define, respectively, a European Union-wide framework and a Banking Union-wide framework for the recovery and resolution of credit institutions and investment firms. The BRRD provides the authorities with a set of tools to intervene early and quickly enough in an institution considered to be failing so as to ensure the continuity of the institution’s essential financial and economic functions while reducing the impact of the failure of an institution on the economy and the financial system (including the exposure of taxpayers to the consequences of the failure). Within the Banking Union, under the SRM Regulation, a centralised resolution authority is established and entrusted to the SRB and national resolution authorities.

The powers granted to the resolution authority under the BRRD and the SRM Regulations include write-down/conversion powers to ensure that capital instruments and eligible liabilities absorb the Group’s losses and recapitalise it in accordance with an established order of priority (the “Bail-in Tool”). Subject to certain exceptions, losses are borne first by the shareholders and then by the holders of additional Tier 1 and Tier 2 capital instruments, then by the non-preferred senior debt holders and finally by the senior preferred debt holders, all in the order of their claims in a normal insolvency proceeding. The conditions for resolution provided by the French Monetary and Financial Code implementing the BRRD are deemed to be met if: (i) the resolution authority or the competent supervisory authority determines that the institution is failing or likely to fail; (ii) there is no reasonable perspective that any measure other than a resolution measure could prevent the failure within a reasonable timeframe; and (iii) a resolution measure is necessary to achieve the resolutions’ objectives (in particular, ensuring the continuity of critical functions, avoiding a significant negative effect on the financial system, protecting public funds by minimising the recourse to extraordinary public financial support, and protecting customers’ funds and assets) and the winding-up of the institution under normal insolvency proceedings would not meet these objectives to the same extent.

The resolution authority could also, independently of a resolution measure or in combination with a resolution measure, proceed with the write-down or conversion of all or part of the Group’s capital instruments (including subordinated debt instruments) into Common Equity Tier 1 (CET1) instruments if it determines that the Group will no longer be viable unless it exercises this write-down or conversion power or if the Group requires extraordinary public financial support (except where the extraordinary public financial support is provided in the form defined in Article L. 613-48 III, paragraph 3 of the French Monetary and Financial Code).

The Bail-in Tool could result in the write-down or conversion of capital instruments in whole or in part into ordinary shares or other ownership instruments.

In addition to the Bail-in Tool, the BRRD provides the resolution authority with broader powers to implement other resolution measures with respect to institutions that meet the resolution requirements, which may include (without limitation) the sale of the institution’s business segments, the establishment of a bridge institution, the splitting of assets, the replacement or substitution of the institution as debtor of debt securities, changing the terms of the debt securities (including changing the maturity and/or amount of interest payable and/or the imposition of a temporary suspension of payments), the dismissal of management, the appointment of a provisional administrator and the suspension of the listing and admission to trading of financial instruments.

Before taking any resolution action, including the implementation of the Bail-in Tool, or exercising the power to write down or convert relevant capital instruments, the resolution authority must ensure that a fair, prudent and realistic valuation of the institution’s assets and liabilities is made by a third party independent of any public authority.

The application of any measure under the French implementing provisions of the BRRD or any suggestion of such application to the Group could have a material adverse effect on the Group’s ability to meet its obligations under its financial instrument and, as a result, holders of these securities could lose their entire investment.

In addition, if the Group’s financial condition deteriorates, the existence of the Bail-in Tool or the exercise of write-down or conversion powers or any other resolution tool by the resolution authority (independently of or in combination with a resolution) if it determines that Societe Generale or the Group will no longer be viable could result in a more rapid decline in the value of the Group’s financial instruments than in the absence of such powers.

Risk management organisation

3.1Suitability of risk management systems

The Pillar 3 report, published under the responsibility of Societe Generale Group’s Senior Management, sets out, in accordance with the CRR regulation, the quantitative and qualitative information on Societe Generale’s capital, liquidity and risk management to ensure transparency in respect of the various market players. This information has been prepared in compliance with the internal control procedures approved by the Board of Directors in the course of the validation of the Group Risk Appetite Framework and Group Risk Appetite Statement, and are based, among other things, on the annual review, by General Management in the Group Internal Control Coordination Committee (GICCC) and by the Risk Committee of the Board of Directors, of Societe Generale’s Risk division, particularly in its ability to exercise its role as the second line of defense for the entire Group.

3.2Risk appetite

Risk appetite is defined as the level of risk that the Group is prepared to accept to achieve its strategic goals.

Thus, risk appetite is part of the Group’s overall strategy, which has the following objectives:

  • CET 1 ratio at 13% in 2026, under Basel IV;
  • average annual revenue growth between 0% and 2% over 2022-2026;
  • cost-to-income ratio below 60% in 2026 • Return on tangible equity (ROTE) between 9% and 10% in 2026;
  • maintaining a risk management at the highest standards with a cost of risk between 25 and 30 bps over 2024-2026 and a rate of non performing loan between 2,5% and 3% in 2026;
  • maintaining a strength liquidity profile with a short term liquidity ratio, Liquidity Coverage Ratio (LCR), greater or equal to 130% over 2024-2026 and a Net Stable Funding Ratio greater or equal to 112% over 2024-2026.
A robust financial strength profile

The Group seeks to achieve sustainable profitability, relying on a robust financial profile consistent with its diversified banking model, by:

  • adjusting its activities portfolio according to performance criteria, synergy with the Group and extreme risk criteria;
  • targeting profitable and resilient business development;
  • maintaining a target rating allowing access to financial resources at a cost consistent with the development of the Group’s businesses and its competitive positioning;
  • calibrating its capital indicators (consistent with the results of the ICAAP group process) to ensure:
    • -satisfaction of minimum regulatory requirements on CET1 ratio,
    • -financial conglomerate ratio requirement, which take into consideration the combined solvency of Group banking and insuring activities,
    • -coverage of one year of “internal capital requirement” using available CET1 capital,
    • -a sufficient level of creditor protection consistent with a debt issuance program that is particularly hybrid consistent with the Group’s objectives in terms of rating and regulatory ratios such as Tier 1, TLAC (“Total Loss Absorbing Capacity”), MREL (“Minimum Required Eligible Liabilities”), and the leverage ratio;
  • ensuring resilience of its liabilities, which are calibrated by taking into account a survival horizon in a combined liquidity stress ratio (ILSI – Internal Liquidity Stress Indicator), compliance with LCR (Liquidity Coverage Ratio) and NSFR (Net Stable Funding Ratio) regulatory ratios and the level of dependence on short-term fundings and the foreign currencies needs business of the Group, notably in USD;
  • controlling financial leverage.

Based on this model, the risk appetite is established and formalised at a Group level by type of risks.

3.3Risk appetite – General framework

Risk appetite is determined at Group level and attributed to the businesses and subsidiaries. Monitoring of risk appetite is performed according to the principles described in the Risk Appetite Framework governance and implementation mechanism, which are summarised below.

Governance

As part of the supervision of risk appetite, the Group relies on the following organisation:

  • the Board of Directors:
    • -approves each year the Group Risk Appetite Statement and the Group Risk Appetite Framework, as well as the Group Risk Appetite Framework,
    • -approves in particular the main Group risk appetite indicators (Board of Directors indicators) validated beforehand by General Management,
    • -ensures that risk appetite is relevant to the Group’s strategic and financial objectives and its vision of the risks of the macroeconomic and financial environment,
    • -reviews quarterly the risk appetite dashboards presented to it, and is informed of risk appetite overruns and remediation action plans,
    • -sets the compensation of corporate officers, sets out the principles of the remuneration policy applicable in the Group, especially for regulated persons whose activities may have a significant impact on the Group’s risk profile, and ensures that they are in line with risk management objectives.
    • The Board of Directors relies primarily on the Risk Committee;
  • General Management:
    • -approves the document summarising the Group’s risk appetite Statement and its Risk Appetite Framework based on the proposal of the Chief Risk Officer and the Chief Financial Officer,
    • -examines the risk appetite compliance dashboards presented to it quarterly and is informed of risk appetite breaches and the redemption action plans implemented,
    • -ensures the effectiveness and integrity of the risk appetite implementation system,
    • -ensures that the risk appetite for the Group’s Business Units and eligible subsidiaries/branches is formalised and translated into frameworks consistent with the Group’s risk appetite,
    • -ensures internal communication of risk appetite and its transposition in the Universal Registration Document.

As part of the Risk appetite Framework, General Management relies on several Committees: the Group Executive Committee (ExCo), the Group Risk Committee (CORISQ), the Finance Committee (COFI), the Assets and Liabilities Committee (ALCO), the Compliance Committee (COMCO), the responsible Commitments Committee (CORESP), the Group Provision Committee (COPRO), the Large Exposure Committee (CGR), and the Sogécap Board and its ALM & Risk Management Committee and the Group Internal Control Coordination Committee (CCCIG), with it chairs.

In addition, the main mission of the Risk Department is to draw up the document summarising the Group’s risk appetite, as well as the implementation of a risk management, monitoring and control system.

The Finance Department addresses, with Risk Department, this risk appetite in the framework of indicators under the responsibility of the Finance Committee (profitability, solvency and structural risks).

The Compliance Department is also responsible for instructing the risk appetite setting for indicators falling within its scope.

3.4Risk management organisation

Implementing a high-performance and efficient risk management structure is a critical undertaking for Societe Generale Group in all businesses, markets and regions in which it operates, as is maintaining a balance between strong awareness of risks and promoting innovation. The Group’s risk management, supervised at the highest level, is compliant with the regulations in force, in particular the order of 3 November 2014 revised by the order of 25 February 2021 on the internal control of companies in the banking sector, Payment Services and Investment Services subject to the control of the French Prudential Supervisory and Resolution Authority (Autorité de Contrôle Prudentiel et de Résolution – ACPR) and the final version of European Basel 3 Regulations ((Capital Requirements Regulation/Capital Requirements Directive).  (See Corporate Governance-Role of Chairman of the Board of directors").

Governance of risk management

Two main high-level bodies govern Group risk management: the Board of Directors and General Management.

General Management presents regularly (more often if circumstances require so) the main aspects of, and notable changes to, the Group’s risk management strategy to the Board of Directors.

As part of the Board of Directors, the Risk Committee advises the Board of Directors on overall strategy and appetite regarding all kinds of risks, both current and future, and assists the Board when the latter verifies that the strategy is being rolled out.

The Board of Directors’ Audit and Internal Control Committee ensures that the risk control systems operate effectively.

Chaired by the general management, the bank’s executive committee, in terms of risks, is in charge of making sure that the Group has an efficient risks management frame and monitor and control this frame. This responsibility will be mainly assumed through the participation of the Executive Committee at the Group Risk Committee. In addition, the Executive Committee must:

  • on an annual basis, review and validate the Group’s Risk Appetite Statement, before submitting it to the Société Générale Board of Directors; 
  • on an annual basis, review and validate the Group’s Risk Appetite Framework, before submitting it to the Société Générale Board of Directors;
  • ensure that the Group has effective segregation of duties between the first, second and third lines of defense;
  • on an annual basis, review, challenge and take note of the report of the Chief Risk Officer on the risk control and self-assessment process, as well as the Group’s IT and cybersecurity risk assessment;
  • on a monthly basis, review and challenge the Risk Report prepared by the Chief Risk Officer which includes: (a) an assessment of significant and emerging risks, risk deficiencies, risk management and mitigation within the Group and for all types of risks identified; (b) quantitative data on risk exposure and their use to enable the Executive Committee to regularly monitor compliance with the Group’s risk appetite, risk tolerance and risk capacity; and (c) a summary of the quarterly meetings of the Enterprise Risk Committee at the Pillar level;
  • review and challenge the important post-mortem analysis presented to it by the Operational Risk Department, which constitute the important post-mortem subjects within the Group.

Chaired by General Management, the Committees responsible for central oversight of internal control and risk management are as follows:

  • The Group Risk Committee (Group CORISQ), chaired by the Group CEO, has authority over the entire Société Générale Group and aims to:
    • -validate the main risk management processes, in particular the Group’s risk taxonomy, risk identification, risk management and stress testing frameworks,
    • -validate, before proposing to the Board of Directors, the Risk Appetite Framework (RAF),
    • -validate the Risk Inventory;
    • -for credit, counterparty, market, operational, model risks, ESG(8) and Country risk factors:
      • ensure the annual validation (before review by the Group ExCo and before final validation by the Board of Directors) of the Group’s Risk Appetite (RAS) for these categories,
      • define or validate the Group’s main guidelines in terms of risks policies in the context of the risk appetite previously validated by the Board of Directors, 
      • monitor conformity with the Group’s risk appetite and the material topics of the Pillars/BUs Risk Appetite reporting to it,
      • ensure a holistic view of all these risks through monthly risk reporting. 

The validation of the Group’s Risk Appetite (RAS), before being proposed to the Board of Directors for approval, is the responsibility of the Exco Group.

Along with the Risks Committee, the Large Exposures Committee (Comité Grands Risques) is an ad hoc Committee, responsible for approving the sales and marketing strategy and risk appetite regarding major client groups (Corporates, Insurance Companies and Asset Managers). The Large Exposures Committee is a decision-making body and has authority over the entire Société Générale Group. 

  • the Finance Group Committee (COFI)
  • The COFI is responsible for Société Générale Group’s financial strategy and for steering Société Générale Group’s strategic financial targets. In that capacity, the COFI oversees all key aspects of SG Group’s:
    • ( i )management of Société Générale Group’s strategic financial targets as defined in SG Group’s Risk Appetite: rating, profitability, capital, liquidity, balance sheet,
    • ( ii )ICAAP and ILAAP, including their validation ahead of submission to the Board of Directors for approval,
    • ( iii )funding strategy and funding plan,
    • ( iv )monitoring of Societe Generale’s rating by credit agencies,
    • ( v )recovery and resolution planning,
    • ( vi )monitoring of Societe Generale’s Group tax capacity,
    • ( vii )distribution policy and proposals,
    • ( viii )financial management of the Corporate Centre and intragroup re-invoicing.
  • Operational management of structural risks within the Group Risk Appetite is addressed by the Group Assets and Liabilities Management Committee (“ALCO”).
  • The COFI aims at setting and enforcing Société Générale’s own management practices while complying with all relevant regulations and ensuring the highest risk control standards.
  • The COFI has a Group-wide authority excluding insurance activities. However, the COFI is competent for scarce resources management for the financial conglomerate (reunion of the banking and insurance activities). The COFI has authority in normal as well as in stressed circumstances, subject to the provisions of the Contingency Funding Plan and Recovery Plan.
  • Some matters handled by the COFI are for its sole decision, while others are reviewed by the COFI ahead of the submission to the Board of Directors (e.g. ILAAP and ICAAP documents).
  • The COFI is chaired by the CEO or its delegate as per usual general management delegation rules;
  • the Group Assets and Liabilities Management Committee (ALCO)
  • The ALCO is responsible for the management of SG Group’s structural risks within the Group Risk Appetite. Structural risks include:
    • ( i )interest rate risk and foreign exchange risk in the banking book,
    • ( ii )Group Structural risk,
    • ( iii )liquidity risk of the entire banking and trading book.
  • The ALCO has a Group-wide authority in normal as well as in stressed circumstances, subject to the provisions of the Contingency Funding Plan and Recovery Plan.
  • The ALCO aims at setting and enforcing Société Générale’s own management practices while complying with all relevant regulations and ensuring the highest risk control standards.
  • Some matters handled by the ALCO are for its own decision only, while others are reviewed by the ALCO ahead of the submission to the Board of Directors.
  • The ALCO is chaired by the CEO or his delegate as per usual general management delegation rules;
  • the Compliance Committee (COMCO), this Committee reviews the risks of non-compliance, the main issues and defines the Group’s compliance principles and ensures the annual monitoring of the quality of the Sanctions & Embargoes risk management system:
    • ( i )review of the main compliance incidents of the period,
    • ( ii )review of key information related to relationships with supervisors,
    • ( iii )follow-up of potential ongoing remediations,
    • ( iv )review/challenge of compliance indicators on each non-compliance risk, including a biannual focus on financial crime prior to presentation to the Board of Directors,
    • ( v )validation of compliance risk appetite criteria and quarterly review of RAS indicators,
    • ( vi )review of permanent (CN1 and CN2) and periodic (IGAD) controls and main points of attention and Need for Action,
    • ( vii )monitoring of Group Policies and Procedures deployment,
    • ( viii )review of the Group annual mandatory trainings roadmap and validation of new modules for all employees,
    • ( ix )review of CACI/CR and Board documents not previously reviewed by DGLE,
    • ( x )ad hoc validation on Group compliance topics.
  • The COMCO is chaired by the CEO;
  • the Group Information Systems Committee (ISCO)
  • The ISCO is responsible for SG Group’s Information System (“IS”) strategy and for steering SG Group’s strategic IS targets. In that capacity, the ISCO oversees all key aspects of SG Group’s:
    • ( i )validates major objectives of the IS sector,
    • ( ii )steers investments (CTB) and run costs (RTB) and approves major or strategic projects for the Group’s information systems, ensuring their consistency and alignment with the BU/SU Strategic Transformation Plans (TSP),
    • ( iii )oversees IS sector operating on its pillars (IT Financial Steering, IT strategy & Architecture, Project Portfolio and CTB Management, Digital and Data Assets & Capabilities, Resource Management (HR & sourcing) and Model delivery, Operations, Quality of Service and Obsolescence, Cyber security and resilience, Green IS, IT Risk Management) and associated KPIs (financial trajectory, validation of budget adjustments and arbitrations, asset mutualisation, CTB allocation, major projects risks, review of key post-mortem points on incidents, deployment of norms and standards),
    • ( iv )defines the priorities of the IS sector and, if necessary, arbitrates between local and global priorities.
  • The Committee validates the elements that will be presented to the Board of Directors regarding strategies, risks, incidents, and status on IT production and projects;
  • the Group Internal Control Coordination Committee (GICCC), is chaired by the Chief Executive Officer or, in his absence, by a Deputy Chief Executive Officer. The purpose of the GICCC is to ensure the consistency and effectiveness of the Group’s internal control, in response in particular to the obligation laid down in Art. 16 of the amended French Order of 3 November 2014. The Committee meets approximately 20 times a year to deal with cross-cutting topics as well as the annual review of each Business Unit and Service U;
  • the Responsible Commitments Committee (CORESP), chaired by the Deputy Chief Executive Officer in charge of overseeing the ESG policy, deals with all matters falling within the Group’s responsibility in Environmental and Social matters, or those having an impact on the Group’s responsibility or reputation and not already covered by an existing Executive Management Committee. The Committee is decision-making and has authority over the whole Group;
  • the Group Provisions Committee (COPRO), chaired by the Chief Executive Officer, meets quarterly, presents and validates the net cost of risk of the Group (provisions for credit risk) which will be accounted in the quarter.

Internal control Framework

4.1Internal control

Internal control is part of a strict regulatory framework applicable to all banking institutions.

In France, the conditions for conducting internal controls in banking institutions are defined in the Order of 3 November 2014, modified by the Order of 25 February 2021. This Order, which applies to all credit institutions and investment companies, defines the concept of internal control, together with a number of specific requirements relating to the assessment and management of the various risks inherent in the activities of the companies in question, and the procedures under which the supervisory body must assess and evaluate how the internal control is carried out.

The Basel Committee has defined four principles – independence, universality, impartiality, and sufficient resources – which underpin the internal control carried out by credit institutions.

The Board of Directors ensures that Societe Generale has a solid governance system and a clear organisation ensuring:

  • a well-defined, transparent and coherent sharing of responsibilities;
  • effective procedures for the detection, management, monitoring and reporting of risks to which the Company could be exposed.

The Board tasks the Group’s General Management with rolling out the Group’s strategic guidelines to implement this set-up.

The Audit and Internal Control Committee is a Board of Directors’ Committee that is specifically responsible for preparing the decisions of the Board in respect of internal control supervision.

As such, General Management and Risk Division submits reports to the Audit and Internal Control Committee on the internal control of the Group. The Committee monitors the implementation of remediation plans when it considers the risk level to be justified.

Internal control is based on a body of standards and procedures.

All Societe Generale Group activities are governed by rules and procedures contained in a set of documents referred to collectively as the “Standard Guidelines”, compiled in the Societe Generale Code, which:

  • set out the rules for action and behavior applicable to Group staff;
  • define the structures of the businesses and the sharing of roles and responsibilities;
  • describe the management rules and internal procedures specific to each business and activity.

The Societe Generale Code groups together the standard guidelines which, in particular:

  • define the governance of the Societe Generale Group, the structures and duties of its Business Units and Services Units, as well as the operating principles of the cross-business systems and processes (Codes of Conduct, charters, etc.);
  • set out the operating framework of an activity and the management principles and rules applicable to products and services rendered, and also define internal procedures.

The Societe Generale Code has force of law within the Group and falls under the responsibility of the Group Corporate Secretary.

In addition to the Societe Generale Code, operating procedures specific to each Group activity are applied. The rules and procedures in force are designed to follow basic rules of internal control, such as:

  • segregation of functions;
  • immediate, irrevocable recording of all transactions;
  • reconciliation of information from various sources.

Multiple and evolving by nature, risks are present in all business processes. Risk management and control systems are therefore key to the Bank’s ability to meet its targets.

The internal control system is represented by all methods which ensure that the operations carried out and the organisation and procedures implemented comply with:

  • legal and regulatory provisions;
  • professional and ethical practices;
  • the internal rules and guidelines defined by the Company’s management body of the undertaking in its executive function.

Internal control in particular aims to:

  • prevent malfunctions;
  • assess the risks involved, and exercise sufficient control to ensure they are managed;
  • ensure the adequacy and effectiveness of internal processes, particularly those which help safeguard assets;
  • detect irregularities;
  • guarantee the reliability, integrity and availability of financial and management information;
  • check the quality of information and communication systems.

The internal control system is based on five basic principles:

  • the comprehensive scope of the controls, which cover all risk types and apply to all the Group’s entities;
  • the individual responsibility of each employee and each manager in managing the risks they take or supervise, and in overseeing the operations they handle or for which they are responsible;
  • the responsibility of functions, in line with their expertise and independence, in defining normative controls and, for three of them, exercising second-level permanent control;
  • the proportionality of the controls to the materiality of the risks involved;
  • the independence of internal auditing.

The internal control framework is based on the “three lines of defence” model, in accordance with the Basel Committee and European Banking Authority guidelines:

  • the first line of defence comprises all Group employees and operational management, both within the Business Units and the Services Units in respect of their own operations.
  • Operational management is responsible for risks, their prevention and their management (by putting in place first-level permanent control measures, amongst other things) and for implementing corrective or remedial actions in response to any deficiencies identified by controls and/or process steering;
  • the second line of defence is provided by the risk and compliance functions.
  • Within the internal control framework, operational management is responsible for verifying the proper and continuous running of the risk security and management operation functions through the effective application of established standards, defined procedures, methods and requested controls.
  • Accordingly, these functions must provide the necessary expertise to define in their respective fields the controls and other means of risk management to be implemented by the first line of defence, and to ensure that they are effectively implemented; they conduct second-level permanent control over all of the Group’s risks, based in particular on the controls they have defined, as well as those defined, if necessary, by other expert functions (e.g. sourcing, legal, tax, human resources, information system security, etc.) and by the businesses;
  • the third line of defence is provided by the Internal Audit Department, which encompasses the General Inspection and Internal Audit functions. This department performs periodic internal audits that are strictly independent of the business lines and the permanent control function;
  • internal control coordination, which falls under the responsibility of the Chief Risk Officer, is also provided at Group level and is rolled out in each of the departments and core businesses.
SOC2024_PILIER_3_EN_H014_HD.png

The Chief Executive Officer is responsible for ensuring the overall consistency and effectiveness of the internal control system.

The purpose of the Group Internal Control Coordination Committee (GICCC) is to ensure the consistency and effectiveness of the Group’s internal control, in response in particular to the obligation laid down in Art. 16 of the amended French Order of 3 November 2014. The Committee is chaired by the Chief Executive Officer, or in his absence, by a Deputy General Manager tasked with supervising the area under review. Organised by RISQ/NFR, the CCCIG convenes the Managers of the second line of defence (CPLE and RISQ), the Representatives appointed by the Heads of DFIN and RESG (including the Global CISO), the Manager of the third line of defence (IGAD), as well as the Heads of the level 2 permanent control central teams (RISQ/CTL, CPLE/CTL, DFIN/CTL).

The Committee meets approximately 20 times a year to deal with cross-cutting topics, as well as the annual review of each BU/SU.

Its roles and responsibilities are:

  • provide a consolidated view of the Group’s internal control framework to General Management;
  • evaluate the Group’s internal control framework in terms of effectiveness, consistency, and completeness;
  • evaluate the operation Group’s permanent control framework based on the analysis of the Group’s quarterly permanent control dashboard, completed by cross-functional thematic reviews and by the independent reviews of RISQ and CPLE in their role as the Group’s second line of defense;
  • examine and validate the annual report of the Group’s internal control (“RCI”);
  • define or validate the roles and responsibilities of permanent control stakeholders and of the GICCC and ICCC;
  • validate the operational principles of permanent control and governance;
  • validate the sections dealing with internal control in the SG Code;
  • review and “challenge” the BU/SU permanent control framework, in particular, validate the target organisation of permanent control in the major and significant entities;
  • review other cross-functional subjects related to the Group’s permanent control:
    • ( i )the permanent control budget,
    • ( ii )validate of level 2 Control Plans,
    • ( iii )other cross-functional subjects concerning all or part of the Group, in particular risks (including ESG topics), requiring an assessment of the effectiveness of preventive measures and controls; two subjects are examined annually, due to their importance and the attention they receive from the supervisory authorities:
      • control of information security framework, and
      • control of essential outsourced services;
  • follow up the Group’s permanent control framework with the permanent members of the Committee: review and comment on the status of the action plan prepared by RISQ/NFR and take appropriate decisions if necessary.

The GICCC is a decision-making body. It therefore has the authority to take appropriate measures to correct any deficiencies or weaknesses detected and communicated.

The GICCC is declined into BU/SU ICCCs, which are mandatory in each BU/SU (expect IGAD) and in the most significant subsidiaries.

Permanent control system

The Group’s permanent control system comprises:

  • the first-level permanent control, which is the basis of the Group’s permanent control, is performed by the businesses. Its purpose is to ensure the security, quality, regularity and validity of transactions completed at operational level;
  • the second-level permanent control, which is independent of the businesses and concerns three departments, i.e. the Compliance, Risk and Finance Departments.
First-level permanent control

Permanent Level 1 controls, carried out on operations performed by BUs and the SUs, ensure the security and quality of transactions and the operations. These controls are defined as a set of provisions constantly implemented to ensure the regularity, validity, and security of the operations carried out at operational level.

The permanent Level 1 controls consist of:

  • any combination of actions and/or devices that may limit the likelihood of a risk occurring or reduce the consequences for the Company: these include controls carried out on a regular and permanent basis by the businesses or by automated systems during the processing of transactions, automated or non-automated security rules and controls that are part of transaction processing, or controls included in operational procedures. Also falling into this category are the organisational arrangements (e.g., segregation of duties) or governance, training actions, when they directly contribute to controlling certain risks;
  • controls performed by managers: line managers control the correct functioning of the devices for which they are responsible. As such, they must apply formal procedures on a regular basis to ensure that employees comply with rules and procedures, and that Level 1 controls are carried out effectively.

Defined by a Group entity within its scope, Level 1 controls include controls (automated or manual) that are integrated into the processing of operations, proximity controls included in operating procedures, safety rules, etc. They are carried out in the course of their daily activities by agents directly in charge of an activity or by their managers. These controls aim to:

  • ensure the proper enforcement of existing procedures and control of all risks related to processes, transactions and/or accounts;
  • alert management in the event of identified anomalies or malfunctions.

Permanent Level 1 controls are set by management and avoid, as far as possible, situations of self-assessment. They are defined in the procedures and must be traced without necessarily being formalised, e.g. preventive automated controls that reject transactions that do not comply with system-programmed rules.

In order to coordinate the operational risk management system and the permanent Level 1 control system, the BUs/SUs use a specific department called CORO (Controls & Operational Risks Office Department).

Second-level permanent control

The permanent Level 2 control ensures that the Level 1 control works properly:

  • the scope includes all permanent Level 1 checks, including managerial supervision checks and checks carried out by dedicated teams;
  • this review and these audits aim to give an opinion on (i) the effectiveness of Level 1 controls, (ii) the quality of their implementation, (iii) their relevance (including, in terms of risk prevention), (iv) the definition of their modus operandi, (v) the relevance of remediation plans implemented following the detection of anomalies, and the quality of their follow-up, and thus contribute to the evaluation of the effectiveness of Level 1 controls.

The permanent level 2 control, control of the controls, is carried out by teams independent of the operational.

These controls are performed centrally by dedicated teams within Risk Service Unit (RISQ/CTL), Compliance Service Unit (CPLE/CTL) and Finance Service Unit (DFIN/CTL) and locally by the second-level control teams within the BU/SUs or entities.

4.2Control of the production and publication of financial management information

The participants involved

There are many participants in the production of financial data:

  • the Board of Directors, and more specifically its Audit and Internal Control Committee, has the task of examining the draft financial statements which are to be submitted to the Board, as well as verifying the conditions under which they were prepared and ensuring not only the relevance but also the consistency of the accounting principles and methods applied. The Audit and Internal Control Committee’s remit also is to monitor the independence of the Statutory Auditors, and the effectiveness of the internal control, measurement, supervision and control systems for risk related to the accounting and financial processes. The Statutory Auditors meet with the Audit and Internal Control Committee during the course of their engagement;
  • the Group Finance Department gathers the accounting and management data compiled by the subsidiaries and the Business Units/Services Units in a set of standardised reports. It consolidates and verifies this information so that it can be used in the overall management of the Group and disclosed to third parties (supervisory bodies, investors, etc.). It also has a team in charge of the preparation of the Group regulatory reports.
  • In the framework of these missions, it is in charge of:
    • -monitoring the financial aspects of the Group’s capital transactions and its financial structure,
    • -managing its assets and liabilities, and consequently defining, managing and controlling the Group’s financial position and structural risks,
    • -ensuring that the regulatory financial ratios are respected,
    • -defining accounting and regulatory standards, frameworks, principles and procedures for the Group, and ensuring that they are observed,
    • -verifying the accuracy of all financial and accounting data published by the Group;
  • the Finance Departments of subsidiaries and Business Units/Services Units carry out certification of the accounting data and entries booked by the back offices and of the management data submitted by the front offices. They are accountable for the financial statements and regulatory information required at the local level and submit reports (accounting data, finance control, regulatory reports, etc.) to the Group Finance Department. They can perform these activities on their own or else delegate their tasks to Shared Service Centers operating in finance and placed under Group Finance Department governance;
  • the Risk Department consolidates the risk monitoring data from the Group’s Business Units/Services Units and subsidiaries in order to control credit, market and operational risks. This information is used in Group communications to the Group’s governing bodies and to third parties. Furthermore, it ensures in collaboration with the Group Finance Department, its expert role on the dimensions of credit risk, structural liquidity risks, rates, exchange rates, on the issues of recovery and resolution and the responsibility of certain closing processes, notably the production of solvency ratios;
  • the Back offices are responsible for all support functions to front offices and ensure contractual settlements and deliveries. Among other responsibilities, they check that financial transactions are economically justified, book transactions and manage means of payment.

Capital management and adequacy

5.1Regulatory framework

Since January 2014, Societe Generale has been applied the new Basel III regulations implemented in the European Union through a regulation and a directive (CRR and CRD respectively).

The general framework defined by Basel III is structured around three pillars:

  • Pillar 1 sets the minimum solvency, leverage and liquidity requirements and defines the rules that banks must use to measure risks and calculate the related capital requirements, according to standard or more advanced methods;
  • Pillar 2 concerns the discretionary supervision implemented by the competent authority, which allows them – based on a constant dialogue with supervised credit institutions – to assess the capital adequacy calculated in accordance with Pillar 1, and to calibrate additional capital requirements taking into account all the risks faced by these institutions;
  • Pillar 3 promotes market discipline by developing a set of reporting requirements, both quantitative and qualitative, that allow market participants to better assess the capital, risk exposure, risk assessment procedures and hence the capital adequacy of a given institution.

Several amendments to European regulatory standards were adopted in May 2019 (CRR2/CRD5). The majority of the provisions came into effect in June 2021.

The amendments concern in particular the following items:

  • Leverage ratio: the minimum requirement of 3% to which will be added since January 2023, 50% of the buffer required as a systemic institution;
  • Derivatives counterparty risk  (SA-CCR(1)): the “SA-CCR” method is the Basel method replacing the old CEM(2) method for determining the prudential exposure on derivatives under the standardised approach;
  • Large Exposure: the main change is the calculation of the regulatory limit (25%) on Tier 1 capital (instead of total capital), as well as the introduction of a specific cross-limit on systemic institutions (15%);
  • TLAC: the ratio requirement for G-SIB is introduced in CRR. According to the Basel text, G-SIBs must comply with an amount of capital and eligible debt equal to the highest between 18% + risk-weighted assets buffers and 6.75% leverage since 2022.

In December 2017, the Group of Central Bank Governors and Heads of Banking Supervision (GHOS), which oversees the Basel Committee on Banking Supervision, approved regulatory reforms to complement Basel 3.

The transposition into European law of the finalisation of Basel 3 in CRR3 and CRD6 was completed at the end of 2023. The new rules will apply from 1 January 2025.

One of the main novelties is the introduction of a global output floor: the Group’s risk-weighted assets (RWA) will be applied a floor corresponding to a percentage of the sum of the individual risk types (credit, market and operational) computed according to the standard method. The output floor level will gradually increase from 50% in 2025 to 72.5% in 2030.

Regarding FRTB, for the SA-Standard Approach: the reporting has been effective since the third quarter of 2021. The full implementation of FRTB, including the rules on the boundary between the banking and trading portfolio, should be aligned with the entry into force of CRR3. Nevertheless, the EU legislators reserve the right to postpone this application (up to 2 years) depending on how it is applied in other jurisdictions (in particular the US).

5.2Capital management

As part of the management of its capital management, the Group ensures, under the monitoring of the Finance Department and the control of the Risk Department, that its solvency level is always compatible with the following objectives:

  • maintaining its financial strength while respecting risk Appetite;
  • maintaining its financial flexibility to its internal and external development;
  • appropriate allocation of capital between its various business lines in accordance with the Group’s strategic objectives;
  • maintaining the Group’s resilience in the event of stress scenarios;
  • meeting the expectations of its various stakeholders: supervisors, debt and capital investors, rating agencies, and shareholders.

The Group therefore determines its internal solvency target, in accordance with these objectives and compliance with regulatory thresholds.

The Group has an internal capital adequacy assessment process that measures and explains changes in the Group’s capital ratios over time, taking into account future regulatory constraints where appropriate.

This process is based on a selection of key metrics that are relevant to the Group in terms of risk and capital measurement, such as CET1, Tier 1 and Total Capital ratios. These regulatory indicators are supplemented by an assessment of the coverage of internal capital needs by available internal capital and thus confirming via an economic perspective, the relevance of the targets set in the risk appetite. Besides, this assessment takes into account the constraints arising from the other metrics of the risk appetite, such as rating, MREL and TLAC or leverage ratio.

All of these indicators are measured on a forward-looking basis in relation to their target on a quarterly or even monthly basis for the current year. During the preparation of the financial plan, they are also assessed on an annual basis over a minimum of three-year horizon according to at least a baseline and adverse scenarios, in order to demonstrate the resilience of the bank’s business model against adverse macroeconomic and financial uncertain environments. Capital adequacy is continuously monitored by the Executive Management and by the Board of Directors as part of the Group’s corporate governance process and is reviewed in depth during the preparation of the financial plan. It ensures that the bank always complies with its financial target and that its capital level is above the “Maximum Distributable Amount” (MDA) threshold.

Besides, the Group maintains a balanced capital allocation among its three strategic core businesses:

  • French Retail Banking;
  • International Retail Banking and Mobility & Leasing Services;
  • Global Banking and Investor Solutions.

Each of the Group’s core businesses accounts for around a third of total Risk-Weighted Assets (RWA), with a predominance of credit risk (84% of total Group RWA, including counterparty credit risk).

At 31 December 2023, Group RWA were up by 8% to EUR 389 billion, compared with EUR 362 billion at end-December 2022.

The trend traced by the business lines’ RWA lies at the core of the operational management of the Group’s capital trajectory based on a detailed understanding of the drivers of variations. Where appropriate, the General Management may decide, upon a proposal from the Finance Department, to implement managerial actions to increase or reduce the share of the business lines, for instance by validating the execution of synthetic securitisation or of disposals of performing or non-performing portfolios. The Group Capital Committee and the capital contingency plan provide General Management with framework analysis, governance and several levers in order to adjust the capital management trajectory.

5.3Scope of application – Prudential scope

The Group’s prudential reporting scope includes all fully consolidated entities according to accounting rules except for insurance entities, which are subject to separate capital supervision.

Whenever relevant, subsidiaries may be excluded from prudential reporting scope notably if the sum of balance sheet and off balance sheet commitments are lower than EUR 10 million or 1% of the total balance sheet and off balance sheet of the legal entity owning the equity. Legal entities excluded from the prudential reporting scope are subject to periodic reviews, at least annually.

All regulated entities of the Group comply with their prudential commitments on an individual basis.

The following table provides the main differences between the accounting scope (consolidated Group) and the prudential scope (Banking Regulation requirements).

Table 6: Difference between accounting scope and prudential reporting Scope

Type of entity

Accounting treatment

Prudential treatment

Entities with a finance activity

Full consolidation

Full consolidation

Entities with an Insurance activity

Full consolidation

Equity method

Holdings with a finance activity by nature

Equity method

Equity method

Joint ventures with a finance activity by nature

Equity method

Proportional consolidation

The following table provides a reconciliation between the consolidated balance sheet and the accounting balance sheet within the prudential scope.The amounts presented are accounting data, not a measure of RWA, EAD or prudential capital. Prudential filters related to entities and holdings not associated with an insurance activity are grouped together on account of their non-material weight (< 0.1%).

5.4Regulatory capital

Reported in accordance with International Financial Reporting Standards (IFRS), Societe Generale’s regulatory capital consists of the following components:

Common Equity Tier 1 capital

According to the applicable regulations, Common Equity Tier 1 capital is made up primarily of the following:

  • ordinary shares (net of repurchased shares and treasury shares) and related share premium accounts;
  • retained earnings;
  • components of other comprehensive income;
  • other reserves;
  • minority interests limited by CRR/CRD.

Deductions from Common Equity Tier 1 capital essentially involve the following:

  • estimated dividend payments;
  • goodwill and intangible assets, net of associated deferred tax liabilities;
  • unrealised capital gains and losses on cash flow hedging;
  • income on own credit risk;
  • deferred tax assets on tax loss carryforwards;
  • deferred tax assets on refundable tax credit;
  • deferred tax assets resulting from temporary differences beyond a threshold;
  • assets from defined benefit pension funds, net of deferred taxes;
  • any positive difference between expected losses on customer loans and receivables managed under the internal ratings-based (IRB) approach, and the sum of related value adjustments and collective impairment losses;
  • Pillar 1 NPL backstop;
  • value adjustments resulting from the requirements of prudent valuation;
  • securitisation exposures weighted at 1,250%, when these positions are excluded from the calculation of RWA.

5.5Risk-weighted assets and capital requirements

The Basel III Accord has established the rules for calculating minimum capital requirements in order to more accurately assess the risks to which banks are exposed, taking into account the risk profile of transactions via two approaches intended for determining RWA: a standardised approach and an advanced one based on internal methods modelling the counterparties’ risk profiles.

Change in risk-weighted assets and capital requirements
Table 14: overview of risk-weighted assets (OV1)

(In EURm)

Risk-weighted 
assets

Total own funds requirements

 

31.12.2023

30.09.2023

31.12.2022

31.12.2023

 

Credit risk (excluding counterparty credit risk)

296,912

293,861

269,084

23,753

 

o.w. standardised approach

106,455

106,516

94,083

8,516

 

o.w. Foundation IRB (FIRB) approach

3,856

3,593

4,190

308

 

o.w. slotting approach

716

348

667

57

 

o.w. equities under the simple risk-weighted approach

2,146

2,061

2,753

172

 

o.w. other equities under IRB approach

16,589

15,775

13,864

1,327

 

o.w. Advanced IRB (AIRB) approach

167,151

165,569

153,528

13,372

 

Counterparty credit risk – CCR

21,815

22,796

23,803

1,745

 

o.w. standardised approach

5,374

5,387

6,649

430

 

o.w. internal model method (IMM)

11,070

12,457

12,381

886

 

o.w. exposures to a CCP

1,572

1,591

918

126

 

o.w. credit valuation adjustment – CVA

3,013

2,831

2,805

241

 

o.w. other CCR

786

530

1,050

63

 

Settlement risk

5

1

6

0

 

Securitisation exposures in the non-trading book (after the cap)

7,450

7,574

7,801

596

 

o.w. SEC-IRBA approach

1,978

2,213

2,706

156

 

o.w. SEC-ERBA incL IAA

4,228

4,196

4,023

338

 

o.w. SEC-SA approach

1,243

1,165

1,072

99

 

o.w. 1,250%/deductions

-

-

-

-

 

Position, foreign exchange and commodities risks (Market risk)

12,518

11,294

13,747

1,001

 

o.w. standardised approach

3,305

1,632

1,932

264

 

o.w. IMA

9,214

9,662

11,816

737

 

Large exposures

-

-

-

-

 

Operational risk

50,125

48,701

46,023

4,010

 

o.w. basic indicator approach

-

-

-

-

 

o.w. standardised approach

4,759

3,968

1,290

381

 

o.w. advanced measurement approach

45,365

44,733

44,733

3 629

 

Amounts (included in the “credit risk” section above) 
below the thresholds for deduction (subject to 250% risk weight)

6,646

6,513

7,319

532

 

Total

388,825

384,226

360,465

31,106

 

Table 15: risk-weighted assets (RWA) by core business and risk type

(In EURbn)

Credit and
 counterparty credit

Market

Operational

Total 31.12.2023

Total 31.12.2022(R)

French Retail Banking

113.3

-

5.2

118.5

116.7

International Retail Banking and Mobility and Leasing services

122.2

0.1

7.6

130.0

101.7

Global Banking and Investor Solutions

78.7

10.4

29.3

118.5

123.7

Corporate Centre

11.9

1.9

8.0

21.8

20.3

Group

326.2

12.5

50.1

388.8

362.4

2022 figures have been restated, in compliance with IFRS 17 and IFRS 9 for insurance entities

As at 31 December 2023, RWA (EUR 388.8 billion) were distributed as follows:

  • credit and counterparty credit risks accounted for 84% of RWA (of which 37% for International Retail Banking and Financial Services);
  • market risk accounted for 3% of RWA (of which 83% for Global Banking and Investor Solutions);
  • operational risk accounted for 13% of RWA (of which 58% for Global Banking and Investor Solutions).
Table 16: Main subsidiaries’ contributions to the Group’s rWA

REVOIR LA POSITION DES MONTANTS DES 2 DERNIERES LIGNES / CELA DEVRAIT ETRE AU MILIEU DES COLONNES IRB ET STANDARD

(In EURm)

ALD SA

Boursorama

Komerčni Banka

IRB

Standard

IRB

Standard

IRB

Standard

Credit and counterparty credit risks

13,867 

34,669