As part of setting its Risk Appetite, Societe Generale seeks a sustainable development based on a diversified and balanced banking model with a strong European foothold and a global presence targeted on a few areas of strong business expertise. The Group also aims to maintain long-term relationships with its customers built on well-earned trust, and to respond responsibly to the expectations of all of its stakeholders. At 31 December 2022, the indicators of the Group’s risk appetite in terms of solvency, earnings, market risk, cost of risk and non performing loans rate were within the risk appetite levels defined by the Group. They have not reached the tolerance thresholds defined by the Board.

The Group seeks sustainable profitability, relying on a robust financial strength profile, consistent with its diversified banking model. In terms of financial ratios, the Group calibrates its objectives to ensure a sufficient margin of safety in relation to regulatory requirements. As of 31 December 2022, the Group’s CET1 ratio stood at 13.5% compared to 13.7% at the end of 2021, well above the regulatory requirement of 9.35% (“MDA” threshold - Maximum Distributable Amount, calculated at end of Decembre 2022).

The solvency and leverage prudential ratios, as well as the amounts of regulatory capital and RWA featured here take into account the IFRS 9 phasing (fully-loaded CET1 ratio of 13.34% at end 2022, the phasing effect being +17 bps) and the effects of the ECB’s Covid-19 transitional measures ending on 31 December 2022.

As of 31 December 2022, the Group’s leverage ratio stood at 4.4%, taking into account an amount of Tier 1 capital of EUR 58.7 billion compared to a leverage exposure of EUR 1,345 billion. euros (compared to 4.9% as of 31 December 2021, with EUR 57.9 billion and EUR 1,190 billion respectively).

In addition, as of 31 December 2022, the Group has a TLAC (Total Loss Absorbing Capacity) ratio of 33.64% of weighted exposures (compared to 31.1% as of 31 December 2021, for a regulatory requirement of 21.66% at the end of 2022).

Regarding its risk profile, the Group has a balanced distribution of risk-weighted exposures (RWA) between its Global Banking and Investor Solutions divisions (34% as of 31 December 2022), Retail Banking and International Financial Services (31% as of 31 December 2022), Retail Banking in France (29% as of 31 December 2022) and Corporate Center (6% as of 31 December 2022). In terms of change, the Group’s weighted exposures stood at EUR 360.5 billion as of 31 December 2022 compared to EUR 363.4 billion as of 31 December 2021, a decrease of -1%.

Concerning the internal economic approach of the ICAAP, the rate of coverage of the Group’s internal capital requirement by the internal capital the end of 2022 is greater than 100%.

In addition, the Group presents its unconsolidated structured entities in Note 2.4 of the financial statements of the 2023 Universal Registration Document. Intra-group transactions are governed by a credit granting process respecting different levels of delegation within the Business Units, the Risk Department and the Finance Department. The entities’ structural risk management and oversight systems are also submitted to the Finance Department and the Risk Department.

Weighted exposures for credit risk and counterparty risk represent the Group’s main risk with an amount of risk-weighted exposures (RWA) of EUR 300.7 billion as of 31 December 2022, i.e. 83% of the total RWAs. These weighted exposures decreased by -1.4% compared to 31 December 2021 and are mainly based on the internal model approach (67% of credit and counterparty risk RWA). This decrease is mainly due to a methodology effect (-8 billion euros), a perimeter effect (-6 billion euros) related to the sale of Rosbank, and a volume effect (-4.4 billion euros) partially offset by a model effect update (+7.8 billion euros), a downgrade of assets quality (+3.9 billion euros) and a foreign exchange effect (+2.6 billion euros).

The credit portfolio presents a diversified profile. As of 31 December 2022, exposure to credit and counterparty risk represented an amount of EAD of 1,119 billion euros, up (+4%) compared to the end of 2021, driven in particular by the increase of ” Sovereigns”exposures. The breakdown of the portfolio between main customer categories is balanced: Sovereigns (29%), Corporates (32%), Retail customers (20%), Institutions (9%) and Others (10%).

In terms of geographic breakdown of the portfolio, exposure to emerging countries remains limited: the Group’s exposure is 70% in Western Europe (including 48% in France) and 14% in over North America. In sectoral terms, only the Financial Activities sector represents 7% of the Group’s Corporate exposures, followed by the Real Estate Activities and Business Services sectors.

With regard more specifically to counterparty risk, exposure represents an amount of EAD of 160 billion euros, increased (+11%) compared to the end of 2021, linked to the significant increase in exposure to Sovereigns.

As of 31 December 2022, EAD’s exposure to Russia represented 2.2 billion euros (exc. Private Banking) mainly made up of operations set up as part of the financing activities of Global Banking and Investor Solutions.

(See details in Chapter 6 “Credit risk” and Chapter 7 “Counterparty credit risk”.)

The Group’s net cost of risk in 2022 is EUR 1,647 million, up by 135% compared to 2021. This higher cost of risk compared to a low 2021 reference base is composed by a cost of risk which remains low on defaulted outstandings (stage 3), 17 bp compared to 18 bp in 2021, and provisions on sound outstandings (stage 1/stage 2) of 12 bp in order to maintain a prudent provisioning policy in an environment marked by economic prospects less favorable and in particular the rise in inflation and interest rates.

The cost of risk (expressed in basis points on the average of outstandings at the beginning of the period for the four quarters preceding the closing, including operating leases) thus stands at 28 basis points for the year 2022 compared to 13 basis points in 2021.

(See details in section 6 of Chapter 6 “Credit risk”.)

Elements relating to ESG risks are presented in Chapter 14 of this Pillar 3 document.

Within the meaning of Template 1 of Pillar 3 on ESG risks concerning transition risk, exposures towards sectors that highly contribute to climate change⁽¹⁾ (based on the NACE codes provided by the EBA) represent 177 billion euros of gross carrying amount.

As of 31 December 2022, operational risk-weighted exposures represented EUR 46 billion, or 13% of the Group’s RWA, down -2% compared to the end of 2021 (EUR 46.8 billion). These weighted exposures are mainly determined using the internal model (97% of the total). The total amount of exposures weighted assets decreases in 2022 (-0.8 billion euros, i.e. -1.7%) mainly due to the disposal of activities in Russia.

(See details in section 4 of Chapter 10 “Operational risk”).

Market risk-weighted exposures are mainly determined using internal models (86% of the total at the end of 2022). These weighted exposures amounted to EUR 13.7 billion at the end of 2022, i.e. 3.8% of the Group’s total RWA, up +18% compared to the end of 2021 (EUR 11.6 billion).

Capital requirements for market risk increased in 2022. This increase is reflected in the VaR and the risks calculated under the standard approach:

(See details in Chapter 9 “Market risk”).

The LCR (Liquidity Coverage Ratio) ratio stood at 141% at the end of 2022 (compared to 129% at the end of 2021), corresponding to excess liquidity of EUR 74 billion (compared to EUR 51 billion at the end of 2021), compared to a regulatory requirement of 100%. The increase in the LCR of Société Générale between end of 2021 and end of 2022 reflects a precautionary and anticipatory stance, whereby Société Générale has increased its term deposits in the money market and anticipated a portion of its 2023 funding plan. This was driven by (i) favorable market conditions at the end of the year, (ii) the new context of positive interest rates, that may reduce deposits from corporate clients to monetary supports; (iii) anticipating the reduction in liquidity generated by the end of the TLTRO.

Liquidity reserves amounted to EUR 279 billion as of 31 December 2022 (compared to EUR 229 billion as of 31 December 2021). This variation is mainly due to an increase in HQLA securities available for sale on the market (after discount), partially offset by an increase in central bank deposits (excluding mandatory reserves).

(See details in sections 5 and 6 of Chapter 12 “Liquidity risk”).

In a parallel schock scenario where the interest rate increase, the impact of the changes of EVE (economic value of equity) in 2022 is -2,900 EUR million and 375 EUR million on interest margin. On the contrary, in a parallel schock scenario where the interest rate decrease, the impact of the changes of EVE (economic value of equity) in 2022 is 1,011 EUR million and -1,102 EUR million on interest margin.

(See details in section 2 of Chapter 11 “Structural interest rate and exchange rate risks”).

In 2022, the Group finalized the sale of Rosbank in Russia in the context of the russo-ukrainian crisis and the net income was around -3 billion euros. Furthermore, some important milestones have been reached concerning the merger of the retail network in France, in accordance to the schedule, and lead to the legal merger of retail network of Société Générale and Crédit du Nord on January, 1st. The new SG retail bank is launched. Partnership between Société Générale and ING has been finalised, pushing further ahead Boursorama (new clients +1.4 million clients reaching 4.7 million clients at end of 2022). The planned acquisition of LeasePlan by ALD in the mobility sector and Bernstein joint venture deal for our Equities business will create global leaders.

As at 31 December 2022, the Group presents a TLAC ratio of 33.64% of risk-weighted assets (RWA) with the option of Senior preferred debt limited to 3.5% of RWA (the ratio being 30.47% without this option) for a regulatory requirement of 21.66%, and of 9.02% of the leverage exposure for a regulatory requirement of 6.75%.

IN BRIEF

This section describes the various types of risks and the risks to which Societe Generale is exposed.

This section identifies the main risk factors that the Group estimates could have a significant effect on its business, profitability, solvency or access to financing.

As part of its internal risk management, Societe Generale has updated its risk typology. For the purposes of this section, these different types of risks have been grouped into six main categories (4.1 to 4.1.6), in accordance with Article 16 of the Regulation (EU) 2017/1129, also known as “Prospectus 3” regulation of 14 June 2017, according to the main risk factors that the Group believes could impact the risk categories. Risk factors are presented based on an evaluation of their materiality, with the most material risks indicated first within each category.

The diagram below illustrates how the categories of risks identified in the risk typology have been grouped into the six categories and which risk factors principally impact them.

2.1.1.1 The global economic and financial context, geopolitical tensions, as well as the market environment in which the Group operates, may adversely affect its activities, financial position and results of operations.

As a global financial institution, the Group’s activities are sensitive to changes in financial markets and economic conditions generally in Europe, the United States and elsewhere around the world. The Group generates 49% of its business in France (in terms of net banking income for the financial year ended 31 December 2022), 32% in Europe, 7% in the Americas and 12% in the rest of the world. The Group could face significant deteriorations in market and economic conditions resulting from, in particular, crises affecting capital or credit markets, liquidity constraints, regional or global recessions and fluctuations in commodity prices (notably oil and natural gas). Other factors could explain such deteriorations, such as variations in currency exchange rates or interest rates, inflation or deflation, rating downgrades, restructuring or defaults of sovereign or private debt, or adverse geopolitical events (including acts of terrorism and military conflicts). In addition, the Covid-19 crisis continues to have an impact mainly in China, where the so-called “Zero Covid” policy has begun to be relaxed. Such events, which can develop quickly and whose effects may not have been anticipated and hedged, could affect the Group’s operating environment for short or extended periods and have a material adverse effect on its financial position, cost of risk and results of operations.

The economic and financial environment is exposed to intensifying geopolitical risks. The war in Ukraine which began in February 2022 has led to high tensions between Russia and Western countries, with significant impacts on global growth, energy and raw materials prices, as well as on a humanitarian level. The economic and financial sanctions imposed by a large number of countries, particularly in Europe and the United States, against Russia and Belarus could significantly affect operators with direct or indirect links to Russia, with a material impact on the Group’s risks (credit and counterparty, market, reputation, compliance, legal, operational, etc.). The Group will continue to analyse in real time the global impact of this crisis and to take all necessary measures to comply with applicable regulations.

In Asia, US-China relations are fraught with trade tensions and the risk of technological fractures.

After a long period of low interest rates, the current inflationary environment is leading the major central banks to raise rates. The entire economy will need to adapt to a context of higher interest rates. In addition to the impact on the valuation of equities, interest rate-sensitive sectors such as real estate will have to adjust. The US Federal Reserve and the European Central Bank (ECB) are expected to continue to tighten monetary conditions in the first half of 2023 before taking a break as inflation recedes according to our predictions. In the meantime, inflation in the US and Europe continues to impact the price of services, food and energy.

This crisis could generate strong volatility on the financial markets and a significant drop in the price of certain financial assets, potentially leading to payment defaults, with consequences that are difficult to anticipate for the Group. In France, after the long period of low interest rates which fostered an upturn of the housing market, a reversal of activity in this area could have an adverse effect on the Group’s asset value and on business, by decreasing demand for loans and resulting in higher rates of non-performing loans. More generally, the higher interest rates environment in a context where public and private debts have tended to increase is an additional source of risk.

Considering the uncertainty generated by this situation, both in terms of duration and scale, these disruptions could persist throughout 2023 and have a significant impact on the activity and profitability of certain Group counterparties.

Against the backdrop of the continuing war in Ukraine, the reduction in Russian gas imports and the introduction of an embargo on Russian oil on 5 December 2022, the European energy sector is facing a more difficult and uncertain situation. Gas prices have risen and remain highly volatile. A total halt in Russian gas supplies combined with a post-Covid-19 economic recovery in China could lead to a further spike in gas prices, affecting European economic growth.

In the longer term, the energy transition to a “low-carbon economy” could adversely affect fossil energy producers, energy-intensive sectors of activity and the countries that depend on them.

With regard to financial markets, in the context of Brexit, the topic of non-equivalence of clearing houses (central counterparties, or CCPs) remains a point of vigilance, with possible impacts on financial stability, notably in Europe, and therefore on the Group’s business. In addition, capital markets (including foreign exchange activity) and securities trading activities in emerging markets may be more volatile than those in developed markets and may also be vulnerable to certain specific risks, such as political instability and currency volatility. These elements could negatively impact the Group’s activity and results of operations.

On the mobility market, due to the shortage of new car supply, demand for used vehicles has risen, pushing up resale prices sharply. As a result, ALD has recorded a historically high result on used vehicle sales for the past year. The Group is exposed to a potential loss in a financial year from (i) resale of vehicles related to leases which expire during the period whose resale value is lower than their net carrying amount and (ii) additional impairment during the lease period if residual value drops below contractual residual value. Future sales and estimated losses are impacted by external factors such as macroeconomic conditions, government policies, tax and environmental regulations, consumer preferences, new vehicle prices, etc. The Group anticipates for 2023 that supply chains may not return to normal immediately, which could support the resale prices of used vehicles.

The Group’s results are therefore exposed to the economic, financial, political and geopolitical conditions of the main markets in which the Group operates.

2.1.1.2 The Group’s failure to achieve its strategic and financial objectives disclosed to the market could have an adverse effect on its business, results of operations and the value of its financial instruments.

The Group is fully on track to achieving its strategic milestones and has set targets for profitable and sustainable growth out to 2025 with:

More precisely, the Group’s “Vision 2025” project anticipates the merger between the Retail Banking network of Societe Generale in France and Crédit du Nord. Although this project has been designed to achieve controlled execution, the merger could have a short-term material adverse effect on the Group’s business, financial position and costs. System reconciliations could undergo delays, thereby postponing part of the expected merger benefits. The project could lead to some staff departures, requiring replacements and training efforts which could potentially generate additional costs. The merger could also lead to the departure of some of the Group’s customers, resulting in loss of revenue. The legal and regulatory aspects of the transaction could prompt delays and additional costs.

Following ALD’s announcement on 6 January 2022 of its plan to acquire LeasePlan, Societe Generale and ALD announced on 22 April 2022 the signing of a framework agreement, with the aim of creating a global leader in mobility solutions. The acquisition is subject to receiving certain regulatory approvals and to the performance of other standard conditions precedent.

The Group also announced in November 2022 the signing of a letter of intent with AllianceBernstein to combine the equity research and execution businesses in a joint venture to create a leading global franchise in these activities. This announcement was followed by the signature of an acquisition agreement in early February 2023.

The conclusion of final agreements on these strategic transactions depends on several stakeholders and, accordingly, is subject to a degree of uncertainty. The inability to close on the transactions would not have an immediate impact on the Group’s activity, but could potentially weigh on the share price, at least temporarily.

Societe Generale has placed Environmental, Social and Governance (ESG) at the heart of its strategy in order to contribute to positive transformations in the environment and the development of local regions. In this respect, the Group has made a certain number of commitments (see Chapter 2, page 46 and following and Chapter 5, page 289 and following). Failure to comply with these commitments, and those that the Group may make in the future, could harm its reputation. Furthermore, the rollout of these commitments may have an impact on the Group’s business model. Last, failure to make specific commitments could also generate reputation and strategic risk.

The Group may face execution risk on these strategic projects, which are to be carried out simultaneously. Any difficulty encountered during the process of integrating the activities (particularly from a human resources standpoint) is likely to generate higher integration costs and lower-than-anticipated savings, synergies and benefits. Moreover, the process of integrating the acquired operational businesses into the Group could disrupt the operations of one or more of its subsidiaries and divert General Management’s attention, which could have a negative impact on the Group’s business and results.

2.1.1.3 The Group is subject to an extended regulatory framework in each of the countries in which it operates and changes to this regulatory framework could have a negative effect on the Group’s businesses, financial position and costs, as well as on the financial and economic environment in which it operates.

The Group is subject to the laws of the jurisdictions in which it operates. This includes French, European and US legislation as well as other local laws in light of the Group’s cross-border activities, among other factors. The application of existing laws and the implementation of future legislation require significant resources that could affect the Group’s performance. In addition, possible failure to compliance with laws could lead to fines, damage to the Group’s reputation, force the suspension of its operations or, in extreme cases, the withdrawal of operating licences.

Among the laws that could have a significant influence on the Group:

New legal and regulatory obligations could also be imposed on the Group in the future, such as:

The Group is also subject to complex tax rules in the countries where it operates. Changes in applicable tax rules, uncertainty regarding the interpretation of certain evolutions or their effects may have a negative impact on the Group’s business, financial position and costs.

Moreover, as an international bank that handles transactions with US persons, denominated in US dollars, or involving US financial institutions, the Group is subject to US regulations relating in particular to compliance with economic sanctions, the fight against corruption and market abuse. More generally, in the context of agreements with US and French authorities, the Group largely implemented, through a dedicated programme and a specific organisation, corrective actions to address identified deficiencies and strengthen its compliance programme. In the event of a failure to comply with relevant US regulations, or a breach of the Group’s commitments under these agreements, the Group could be exposed to the risk of (i) administrative sanctions, including fines, suspension of access to US markets, and even withdrawals of banking licences, (ii) criminal proceedings, and (iii) damage to its reputation.

2.1.1.4 Increased competition from banking and non-banking operators could have an adverse effect on the Group’s business and results, both in its French domestic market and internationally.

Due to its international activity, the Group faces intense competition in the international and local markets in which it operates, whether from banking or non-banking actors. As such, the Group is exposed to the risk of not being able to maintain or develop its market share in its various activities. This competition may also lead to pressure on margins, which would be detrimental to the profitability of the Group’s activities.

Consolidation in the financial services industry could result in the competitors benefiting from greater capital, resources and an ability to offer a broader range of financial services. In France and in the other main markets where the Group operates, the presence of major domestic banking and financial actors, as well as new market participants (notably neo-banks and online financial services providers), has increased competition for virtually all products and services offered by the Group. New market participants such as “fintechs” and new services that are automated, scalable and based on new technologies (such as blockchain) are developing rapidly and are fundamentally changing the relationship between consumers and financial services providers, as well as the function of traditional retail bank networks. Competition with these new actors could be exacerbated by the emergence of substitutes for central bank currency (crypto-currencies, digital central bank currency, etc.), which themselves carry risks.

Moreover, competition is also enhanced by the emergence of non-banking actors that, in some cases, may benefit from a regulatory framework that is more flexible and in particular less demanding in terms of equity capital requirements.

To address these challenges, the Group has implemented a strategy, in particular with regard to the development of digital technologies and the establishment of commercial or equity partnerships with these new actors (such as Lumo, the platform offering green investments, or Shine, the neobank for professionals). In this context, additional investments may be necessary for the Group to be able to offer new innovative services and to be competitive with these new actors. This intensification of competition could, however, adversely affect the Group’s business and results, both on the French market and internationally.

2.1.1.5 Environmental, social and governance (ESG) risks, in particular related to climate change, could have an impact on the Group’s activities, results and financial situation in the short-, medium- and long-term.

Environmental, social and governance (ESG) risks are defined as risks stemming from the current or prospective impacts of ESG factors on counterparties or invested assets of financial institutions. ESG risks are seen as aggravating factors to the traditional categories of risks (credit risks, counterparty risks, market risks, structural risks (including liquidity and funding risks), operational risks, reputational risks, compliance risks and risks related to insurance activities) and are likely to impact the Group’s activities, results and financial position in the short, medium and long-term.

The Group is thus exposed to environmental risks, and in particular climate change risks through certain of its financing, investment and service activities. Concerning climate risks, a distinction is made between (i) physical risk, with a direct impact on entities, people and property stemming from climate change and the multiplication of extreme weather events; and (ii) transition risk, which results from the process of transitioning to a low-carbon economy, such as regulatory or technological disruptions or changes in consumer preferences.

The Group could be exposed to physical risk resulting from a deterioration in the credit quality of its counterparties whose activity could be negatively impacted by extreme climatic events or long-term gradual changes in climate, and through a decrease in the value of collateral received (particularly in the context of real estate financing in the absence of guarantee mechanisms provided by specialized financing companies).

Beyond the risks related to climate change, risks more generally related to environmental degradation (such as the risk of loss of biodiversity) are also aggravating factors to the Group’s risks. The Group could notably be exposed to credit risk on a portion of its portfolio, linked to lower profitability of some of its counterparties due, for example, to increasing legal and operating costs (for instance due to the implementation of new environmental standards).

In addition, the Group is exposed to social risks, related for example to non-compliance by some of its counterparties with labour rights or workplace health and safety issues, which may trigger or aggravate reputational and credit risks for the Group.

Similarly, risks relating to governance of the Group’s counterparties and stakeholders (suppliers, service providers, etc.), such as an inadequate management of environmental and social issues, could generate credit and reputational risks for the Group.

Beyond the risks related to its counterparties or invested assets, the Group could also be exposed to risks related to its own activities. Therefore, the Group is exposed to physical climate risk with respect to its ability to maintain its services in geographical areas impacted by extreme events (floods, etc.).

The Group also remains exposed to specific social and governance risks, relating for example to the operational cost of implementation of regulations related to labour laws and the management of its human resources.

All of these risks could have an impact on the Group’s business, results and reputation in the short-, medium- and long-term.

2.1.1.6 The Group is subject to regulations relating to resolution procedures, which could have an adverse effect on its business and the value of its financial instruments.

The BRRD and Regulation (EU) No. 806/2014 of the European Parliament and of the Council of the European Union of 15 July 2014 (the Single Resolution Mechanism, or “SRM”) define a European Union-wide framework for the recovery and resolution of credit institutions and investment firms. The BRRD provides the authorities with a set of tools to intervene early and quickly enough in an institution considered to be failing so as to ensure the continuity of the institution’s essential financial and economic functions while reducing the impact of the failure of an institution on the economy and the financial system (including the exposure of taxpayers to the consequences of the failure). Under the SRM Regulation, a centralized resolution authority is established and entrusted to the SRB and national resolution authorities.

The powers granted to the resolution authority under the BRRD and the SRM Regulations include write-down/conversion powers to ensure that capital instruments and eligible liabilities absorb the Group’s losses and recapitalize it in accordance with an established order of priority (the “Bail-in Tool”). Subject to certain exceptions, losses are borne first by the shareholders and then by the holders of additional Tier 1 and Tier 2 capital instruments, then by the non-preferred senior debt holders and finally by the senior preferred debt holders, all in the order of their claims in a normal insolvency proceeding. The conditions for resolution provided by the French Monetary and Financial Code implementing the BRRD are deemed to be met if: (i) the resolution authority or the competent supervisory authority determines that the institution is failing or likely to fail; (ii) there is no reasonable perspective that any measure other than a resolution measure could prevent the failure within a reasonable timeframe; and (iii) a resolution measure is necessary to achieve the resolutions’ objectives (in particular, ensuring the continuity of critical functions, avoiding a significant negative effect on the financial system, protecting public funds by minimizing the recourse to extraordinary public financial support, and protecting customers’ funds and assets) and the winding up of the institution under normal insolvency proceedings would not meet these objectives to the same extent.

The resolution authority could also, independently of a resolution measure or in combination with a resolution measure, proceed with the write-down or conversion of all or part of the Group’s capital instruments (including subordinated debt instruments) into equity if it determines that the Group will no longer be viable unless it exercises this write-down or conversion power or if the Group requires extraordinary public financial support (except where the extraordinary public financial support is provided in the form defined in Article L. 613-48 III, 3° of the French Monetary and Financial Code).

The Bail-in Tool could result in the write-down or conversion of capital instruments in whole or in part into ordinary shares or other ownership instruments.

In addition to the Bail-in Tool, the BRRD provides the resolution authority with broader powers to implement other resolution measures with respect to institutions that meet the resolution requirements, which may include (without limitation) the sale of the institution’s business segments, the establishment of a bridge institution, the split of assets, the replacement or substitution of the institution as debtor of debt securities, changing the terms of the debt securities (including changing the maturity and/or amount of interest payable and/or the imposition of a temporary suspension of payments), the dismissal of management, the appointment of a provisional administrator and the suspension of the listing and admission to trading of financial instruments.

Before taking any resolution action, including the implementation of the Bail-in Tool, or exercising the power to write down or convert relevant capital instruments, the resolution authority must ensure that a fair, prudent and realistic valuation of the institution’s assets and liabilities is made by a third party independent of any public authority.

The application of any measure under the French implementing provisions of the BRRD or any suggestion of such application to the Group could have a material adverse effect on the Group’s ability to meet its obligations under its financial instrument and, as a result, holders of these securities could lose their entire investment.

In addition, if the Group’s financial condition deteriorates, the existence of the Bail-in Tool or the exercise of write-down or conversion powers or any other resolution tool by the resolution authority (independently of or in combination with a resolution) if it determines that Societe Generale or the Group will no longer be viable could result in a more rapid decline in the value of the Group’s financial instruments than in the absence of such powers.

IN BRIEF

This section describes Societe Generale’s risk management approaches and strategies. It describes how the functions in charge of risk management are organised, how these functions guarantee their independence and how they broadcast the risk culture within the Group.

The Pillar 3 report, published under the responsibility of Societe Generale Group’s Senior Management, sets out, in accordance with the CRR regulation, the quantitative and qualitative information on Societe Generale’s capital, liquidity and risk management to ensure transparency in respect of the various market players. This information has been prepared in compliance with the internal control procedures approved by the Board of Directors in the course of the validation of the Group Risk Appetite Framework and Group Risk Appetite Statement, and are based, among other things, on the annual review, by General Management in the Group Internal Control Coordination Committee (GICCC) and by the Risk Committee of the Board of Directors, of Societe Generale's Risk division, particularly in its ability to exercise its role as the second line of defense for the entire Group.

Risk appetite is defined as the level of risk that the Group is prepared to accept to achieve its strategic and financial goals.

Principles governing risk appetite

The Group’s ambition is to push ahead with sustainable development based on a diversified and balanced banking model with a strong European anchor and a targeted global presence in selected areas of strong business expertise. The Group also wishes to maintain long-term relationships with its clients built on the mutual confidence deserved and to meet the expectations of all of its stakeholders by providing them with responsible and innovative financial solutions.

This is reflected in:

A robust financial strength profile

The Group seeks to achieve sustainable profitability, relying on a robust financial profile consistent with its diversified banking model, by:

Credit risk (including concentration effects)

Credit risk appetite is managed through a system of credit policies, risk limits and pricing policies.

When it takes on credit risk, the Group focuses on medium- and long-term client relationships, targeting both clients with which the Bank has an established relationship of trust and prospects representing profitable business development potential over the mid-term.

Acceptance of any credit commitment is based on in-depth client knowledge and a thorough understanding of the purpose of the transaction.

In particular, concerning the underwriting risk, the Group, mainly through GLBA, makes a “steadfast commitment” to transactions at a guaranteed price as debt financing arranger, prior to syndicating them to other banking syndicates and institutional investors. If market conditions deteriorate or markets close while the placement is under way, these transactions may create a major over-concentration risk (or losses, if the transaction placement requires selling below the initial price).

The Group limits the cumulative amount of approved underwriting or underwriting positions in order to limit its risk in the event of a prolonged closure of the debt markets.

In a credit transaction, risk acceptability is based first on the borrower’s ability to meet its commitments, in particular through the cash flows which will allow the repayment of the debt. For medium and long-term operations, the funding duration must remain compatible with the economic life of the financed asset and the visibility horizon of the borrower’s cash flow.

Security interests are sought to reduce the risk of loss in the event of a counterparty defaulting on its obligations, but may not, except in exceptional cases, constitute the sole justification for taking the risk. Security interests are assessed with prudent value haircuts and paying special attention to their actual enforceability.

Complex transactions or those with a specific risk profile are handled by specialised teams within the Group with the required skills and expertise.

The Group seeks risk diversification by controlling concentration risk and maintaining a risk allocation policy through risk sharing with other financial partners (banks or guarantors).

Counterparty ratings are a key criterion of the credit policy and serve as the basis for the credit approval authority grid used in both the commercial and risk functions. The rating framework relies on internal models. Special attention is paid to timely updating of ratings (which, in any event, are subject to annual review)⁽¹⁾.

The risk measure of the credit portfolio is based primarily on the Basel parameters that are used to calibrate the capital need. As such, the Group relies for the internal rating of counterparties on Balois models allowing the assessment of credit quality, supplemented for “non-retail” counterparties, by expert judgment. These measures are complemented by an internal stress-sized risk assessment, either at the global portfolio level or at the sub-portfolio level, linking risk measures and rating migration to macro-economic variables most often to say expert. In addition, the calculation of expected losses under the provisions of IFRS 9, used to determine the level of impairment on healthy outstandings, provides additional insight into assessing portfolio risk.

In consultation with the Risk Department, the businesses implement, most of the time, pricing policies that are differentiated according to the level of risk of counterparties and transactions. The purpose of pricing a transaction is to ensure acceptable profitability, in line with the objectives of ROE (Return on Equity) of the business or entity, after taking into account the cost of the risk of the transaction in question. The pricing of an operation can nevertheless be adapted in certain cases to take into account the overall profitability and the potential customer relationship development. The intrinsic profitability of products and customer segments is subject to periodic analysis in order to adapt to changes in the economic and competitive environment.

Proactive management of counterparties whose situation has deteriorated is key to containing the risk of final loss in the event of counterparty failure. As such, the Group has put in place rigorous procedures for monitoring non retail counterparties and/or for closer monitoring of retail counterparties whose risk profiles are deteriorating. In addition, the businesses and entities, in conjunction with the Risk and Finance Departments, and through collaborators specialising in recovery and litigation, work together to effectively protect the Bank’s interests in the event of default.

MEASURES TO MANAGE ESG RISK FACTORS

Concerning ESG risks (Environmental, Social & Governance), the assessment and management of the impact of ESG risk factors on credit risk is based in particular on the establishment of exclusion lists, portfolio alignment indicators (oil and gas and electricity production for example) and sensitivity analyses (in particular transition risk via the CCVI or Corporate Climate Vulnerability Index).

In general, credit granting policies must comply with the criteria defined within the framework of the Group’s Social and Environmental Responsibility (CSR) policy, which is broken down through:

Risks related to climate change (physical and transition risks), which are an aggravating factor in the types of risks facing the Bank must be taken into account in risk assessment processes. An assessment of climate vulnerability (particularly in terms of transition risk) must be provided by the Business Unit for certain specific sectors and may have an impact on the internal rating so that it incorporates the client’s adaptation strategy (See also section 4.13 “Environmental, social and governance risks” of this Universal Registration Document).

Counterparty credit risk

The future value of exposure to a counterparty as well as its credit quality are uncertain and variable over time, both of which are affected by changes in market parameters. Thus, counterparty credit risk management is based on a combination of several types of indicators:

Market risk

The Group’s market activities are carried out as part of a business development strategy primarily focused on meeting client requirements through a full range of products and solutions.

Market risk is managed through a set of limits for several indicators (such as stress tests, Value at Risk (VaR) and stressed Value at Risk (SVaR), “Sensitivity” and “Nominal” indicators). These indicators are governed by a series of limits proposed by the business lines and approved by the Risk Division during the course of a discussion-based process.

The choice of limits and their calibration reflect qualitatively and quantitatively the fixing of the Group’s appetite for market risks. A regular review of these frameworks also enables risks to be tightly controlled according to changing market conditions with, for example, a temporary reduction of limits in case of a deterioration. Warning thresholds are also in place to prevent the possible occurrence of overstays.

Limits are set at different sub-levels of the Group, thereby cascading down the Group’s risk appetite from an operational standpoint within its organisation.

Within these limits, the Global Stress Test limits on market activities and the Market Stress Test limits play a pivotal role in determining the Group’s market risk appetite; in fact, these indicators cover all operations and the main market risk factors as well as risks associated with a severe market crisis which helps limit the total amount of risk and takes account of any diversification effects.

Non financial risks (including compliance risk)

Non-financial risks are defined as non-compliance risk, risk of inappropriate conduct, IT risk, cybersecurity risk, other operational risks, including operational risk associated with credit risk, market risk, model risk, liquidity and financing, structural and rate risk. These risks can lead to financial losses.

Governance and a methodology have been put in place for the scope of non-financial risks.

As a general rule, the Group has no appetite for operational risk or for non-compliance risk. Furthermore, the Group maintains a zero-tolerance policy on incidents severe enough to potentially inflict serious harm to its image, jeopardise its results or the trust displayed by customers and employees, disrupt the continuity of critical operations or call into question its strategic focus.

The Group underscores that it has is no or very low tolerance for operational risk involving the following:

Structural interest rate and exchange rate risks, risk to employee commitments

The Group measures and strictly controls structural risks. The mechanism whereby rate risk, foreign exchange risk and the risk on pension/long-service obligations is controlled is based on sensitivity or stress limits which are broken down within the various businesses (entities and business lines).

There are four main types of risk: rate level risk, curve risk book, optional risk (arising from automatic options and behavioral options) and basis risk, related to the impact of relative changes in interest rates indices. The Group’s structural interest rate risk management primarily relies on the sensitivity of Net Present Value (“NPV”) of fixed-rate residual positions (excesses or shortfalls) to interest rate changes according to several interest rate scenarios. The limits are established either by the Board of Directors or by the Finance Committee, at the Business Unit/Service Unit and Group levels. Furthermore, the Group measures and controls the sensitivity of its net interest margin (“NIM”) on different horizons.

The Group’s policy in terms of structural exchange rate risks consists of limiting as much as possible the sensitivity of its CET1 capital ratio to changes in exchange rates, so that the impact on the CET1 ratio of an appreciation or a depreciation of all currencies against the euro does not exceed a certain threshold in terms of bp by summing the absolute values of the impact of each currency.

Regarding risks to pension and long-service obligations, which are the Bank’s long-term obligations towards its employees, the amount of the provision is monitored for risk on the basis of a specific stress test and an attributed limit. The risk management policy has two main objectives: reduce risk by moving from defined-benefit plans to defined-contribution plans and optimise asset risk allocation (between hedge assets and performance assets) where allowed by regulatory and tax constraints.

Structural risk-liquidity and funding risk

Controlling liquidity risk is based primarily on:

Controlling financing risk is based on:

Model risk

The Group is committed to defining and deploying internal standards to reduce model risk on the basis of key principles, including the creation of three independent lines of defence, the proportionality of due diligence according to each model’s level of risk inherent, the consideration of the models’ entire lifecycle and the appropriateness of the approaches within the Group.

A wrong design, implementation, use or a non rigorous models monitoring can have two mains unfavorable consequences: an under estimation of equity based of models validated by Regulators and/or financial losses.

Risk model appetite is defined for the perimeter of this group of models: credit risk IRB and IFRS 9, market and counterparty risk, market product valuation, ALM, trading model, compliance and granting.

Risk related to insurance activities

The Group conducts Insurance activities (Life Insurance and Savings, Retirement savings, Property & Casualty Insurance, etc.) which exposes the Group to two major types of risks:

Investment risk

The Group has limited appetite for financial holdings, such as proprietary private equity transactions. The investments allowed are mainly related to:

Settlement/Delivery risk

The settlement-delivery risk on financial instruments arises when transactions (over-the-counter in cash or forward) give rise to a time lag (usually of a few hours) between the payment and the delivery of the underlying (securities, raw materials, foreign exchange, etc.) during their settlement.

The Group defines a risk appetite for delivery risk in relation to the quality of the counterparty (via its rating) with larger limits granted to counterparties in the investment grade category (IG).

Risk appetite is determined at Group level and attributed to the businesses and subsidiaries. Monitoring of risk appetite is performed according to the principles described in the Risk Appetite Framework governance and implementation mechanism, which are summarised below.

Governance

As part of the supervision of risk appetite, the Group relies on the following organisation:

The Board of Directors relies primarily on the Risk Committee;

In addition, the main mission of the Risk Department is to draw up the document summarizing the Group’s risk appetite, as well as the implementation of a risk management, monitoring and control system.

The Finance Department contributes to setting this risk appetite in the framework of indicators under the responsibility of the Finance Committee (profitability, solvency, liquidity and structural risks).

The Compliance Department is also responsible for instructing the risk appetite setting for indicators falling within its scope.

Risk identification process

The risk identification process is a key process of the Group risk-management framework. It is a Group-wide process to identify all risks that are or might be material. The approach is comprehensive and holistic: it covers all risk types⁽¹⁾ and all Group exposures.

In addition to the annual review of the Group’s risk taxonomy yearly reviewed and published in the SG Code, risk identification process is based on two pillars in order to ensure a complete and up-to-date view of all the material risks facing the Group:

When a significant risk is identified, a risk management system, which may include a quantitative risk appetite (risk ceiling or threshold) or a risk policy, is implemented.

In addition, where possible, the risk factors underlying a significant risk are identified and combined in a dedicated scenario, and the associated loss is then quantified by means of a stress test (see also section “Risk quantification and stress test system”).

Risk quantification and stress test system

Within the Group, stress tests, a key attribute of risk management, contribute to the identification, measurement and management of risks, as well as to the assessment of the adequacy of capital and liquidity to the Group’s risk profile.

The purpose of the stress tests is to cover and quantify, resulting from the Risk Identification annual process, all the material risks to which the Group is exposed and to inform key management decisions. They thus assess what the behavior of a portfolio, an activity, an entity or the Group would be in a degraded business context. It is essential in building the forward-looking approach required for strategic/financial planning. In this context, they constitute a privileged measure of the resilience of the Group, its activities and its portfolios, and are an integral part of the process of developing risk appetite.

The Group stress testing framework combines stress tests in line with the stress testing taxonomy set by the EBA. Group-wide stress tests should cover all legal entities in the Group consolidation perimeter, subject to risk materiality.

Stress test categories are:

The stress test system within the Group thus includes:

Global Group stress tests cover all activities and subsidiaries that are part of the Group’s consolidation scope (“Group-wide”), as well as all major risks (including credit risk, market risk, operational risks, liquidity risk). They aim at stressing both the Group P&L and key balance sheet metrics, notably capital and liquidity ratios.

The central stress test is the overall group stress test, which is based on a central scenario and on adverse macroeconomic scenarios modeled by the Economic Research Department, under the independent supervision of the Group Chief Economist. Macro-economic scenarios are supplemented by other parameters such as capital market conditions, including assumptions on funding.

The performance of the overall Group stress test is based on the uniform application of the methodology and assumptions at the level of all entities and at Group level. This means that the risk factors, and in particular the macro-economic assumptions used locally, must be compatible with the macro-economic scenario defined by the Group. Entities must submit macro-economic variables to the Group’s Economic Studies department to check their consistency.

The regulatory stress test conducted periodically by the EBA also covers all entities and risks and is scenario-based. Therefore, its execution globally mirrors the process defined for the internal Group Global Stress Test, with an increased involvement of the Group central teams, except for the scenario design which is defined by the supervisor;

In addition to internal stress test exercises, the Group is part of the sample of European banks participating in major international stress tests programs conducted by the European Banking Authority (EBA) and the European Central Bank (ECB).

Setting and formalisation of risk appetite at Group level

The Group’s risk appetite is formalised in a document (“Risk Appetite Statement”) which sets out:

Regarding the profile of profitability and financial soundness, the Finance Department proposes each year, upstream of the budgetary procedure, to the General Management, limits at Group level, supplemented by alert thresholds and crisis levels according to a “traffic light” approach. These frameworks on financial indicators allow:

The frameworks relating to risk management, also represented via a graduated approach (limits, alert thresholds, etc.), result from a process in which the needs expressed by the businesses are confronted with a contradictory opinion independent from the second line defence. The latter is based on:

For the main risks, the frameworks set make it possible to consolidate the achievement of the Group’s financial targets and to orient the Group’s profitability profile.

Allocation of risk appetite in the organisation

The allocation of risk appetite in the organisation is based on the strategic and financial plan, and on risk management systems:

Implementing a high-performance and efficient risk management structure is a critical undertaking for Societe Generale Group in all businesses, markets and regions in which it operates, as is maintaining a balance between strong awareness of risks and promoting innovation. The Group’s risk management, supervised at the highest level, is compliant with the regulations in force, in particular the order of 3 November 2014 revised by the order of 25 February 2021 on the internal control of companies in the banking sector, Payment Services and Investment Services subject to the control of the French Prudential Supervisory and Resolution Authority (Autorité de contrôle prudentiel et de résolution – ACPR) and the final version of European Regulations Basel 3 (CRR/CRD). (See Board’s Expertise, page 89 of the 2023 Universal Registration Document).

Governance of risk management

Two main high-level bodies govern Group risk management: the Board of Directors and General Management.

General Management presents the main aspects of, and notable changes to, the Group’s risk management strategy to the Board of Directors at least once a year (more often if circumstances so require).

As part of the Board of Directors, the Risk Committee advises the Board on overall strategy and appetite regarding all kinds of risks, both current and future, and assists the Board when the latter verifies that the strategy is being rolled out.

The Board of Directors’ Audit and Internal Control Committee ensures that the risk control systems operate effectively.

Chaired by General Management, the specialised Committees responsible for central oversight of internal control and risk management are as follows:

Along with the Risks Committee, the Major Risks Committee (Comité Grands Risques) is an ad hoc Committee, responsible for approving the sales and marketing strategy and risk-taking with regard to major client groups (Corporates, Insurance Companies and Asset Managers);

Divisions involved in risk management and internal control

The Group’s Corporate Divisions, which are independent from the core businesses, contribute to the management and internal control of risks.

The Corporate Divisions provide the Group’s General Management with all the information needed to perform its role of managing Group strategy under the authority of the Chief Executive Officer. The Corporate Divisions report directly to General Management:

The main role of the Risk Division (RISQ) is to support the development of the Group’s activities and profitability by elaborating the Group’s risk appetite (allocated between the Group’s different business lines) in collaboration with DFIN and the BUs/SUs and establishing a risk management and monitoring system as a second line of defence. In performing its work, the RISQ SU reconciles independence from the businesses with a close working relationship with the BUs, which are responsible in the first instance for the transactions they initiate.

Accordingly, the Risk Division:

The Group Compliance Service Unit is organised around three broad categories of non-compliance risks:

According to the last census carried out on 31 December 2022, the full-time equivalent (FTE) workforce of:

Risk reporting and assessment systems

The Group’s risk measurement systems serve as the basis for the production of internal Management Reports allowing the monitoring of the Group’s main risks (credit risk, counterparty, market, operational, liquidity, structural, settlement/delivery) as well as the monitoring of compliance with the regulatory requirements.

The risk reporting system is an integral part of the Group’s risk management system and is adapted to its organisational structure. The various indicators are thus calculated at the level of the relevant legal entities and Business Units and serve as the basis for the various reportings. Departments established within the Risk, Finance and Compliance sectors are responsible for measuring, analysing and communicating these elements.

Since 2015, the Group has defined architecture principles common to the Finance and Risk functions, the TOM-FIR principles (Target Operating Model for Finance & Risk), in order to guarantee the consistency of the data and indicators used for internal management and regulatory production. The principles revolve around:

The Group produces, via all of its internal reports for internal monitoring purposes by the Business Units and Service Units, a large number of risk metrics constituting a measure of the risks monitored. Some of these metrics are also produced as part of the transmission of regulatory reports or as part of the publication of information to the market.

The Group selects from these metrics a set of major metrics, able to provide a summary of the Group’s risk profile and its evolution at regular intervals. These metrics concern both the Group’s financial rating, its solvency, its profitability and the main risks (credit, market, operational, liquidity and financing, structural, model) and are included in the reports intended for internal management bodies.

They are also subject to a framework defined and broken down in line with the Group’s risk appetite, giving rise to a procedure for reporting information in the event of breaches.

Thus, the risk reports intended for the management bodies are guided in particular by the following principles:

The main Risk reports for management bodies are:

This reporting is complemented by dashboard for monitoring the Group’s Risk Appetite Statement indicators is also sent quarterly to the Board of Directors. These indicators are framed and presented using a “traffic light” approach (with distinction between thresholds and limits) in order to visually present monitoring of compliance with risk appetite. In addition, a compliance dashboard and a reputation dashboard are sent to the Risk Committee of the Board of Directors and provide an overview of each non-compliance risk;

Although the above reports are used at Group level to monitor and review the Group’s risk profile in a global manner, other reports are transmitted to the Board of Directors or to the General Management in order to monitor and control certain types specific risks.

Ad hoc reports can also be produced. By way of illustration, the Group had to adapt its risk management system from the start of the Covid-19 crisis in March 2020. Dedicated reports had been set up for the General Management, the Board of Directors or the supervisor, on a regular basis and containing indicators adapted to the context.

Additional information on risk reporting and assessment systems by type of risk is also presented in the following chapters.

IN BRIEF

This section describes the framework and application of internal control at Societe Generale.

Internal control is part of a strict regulatory framework applicable to all banking institutions.

In France, the conditions for conducting internal controls in banking institutions are defined in the Order of 3 November 2014 modified by the Order of 25 February 2021. This Order, which applies to all credit institutions and investment companies, defines the concept of internal control, together with a number of specific requirements relating to the assessment and management of the various risks inherent in the activities of the companies in question, and the procedures under which the supervisory body must assess and evaluate how the internal control is carried out.

The Basel Committee has defined four principles – independence, universality, impartiality, and sufficient resources – which underpin the internal control carried out by credit institutions.

The Board of Directors ensures that Societe Generale has a solid governance system and a clear organisation ensuring:

The Board tasks the Group’s General Management with rolling out the Group’s strategic guidelines to implement this set-up.

The Audit and Internal Control Committee is a Board of Directors’ Committee that is specifically responsible for preparing the decisions of the Board in respect of internal control supervision.

As such, General Management submits reports to the Audit and Internal Control Committee on the internal control of the Group. The Committee monitors the implementation of remediation plans when it considers the risk level to be justified.

Internal control is based on a body of standards and procedures.

All Societe Generale Group activities are governed by rules and procedures contained in a set of documents referred to collectively as the “Standard Guidelines”, compiled in the Societe Generale Code, which:

The Societe Generale Code groups together the standard guidelines which, in particular:

The Societe Generale Code has force of law within the Group and falls under the responsibility of the Group Corporate Secretary.

In addition to the Societe Generale Code, operating procedures specific to each Group activity are applied. The rules and procedures in force are designed to follow basic rules of internal control, such as:

Multiple and evolving by nature, risks are present in all business processes. Risk management and control systems are therefore key to the Bank’s ability to meet its targets.

The internal control system is represented by all methods which ensure that the operations carried out and the organisation and procedures implemented comply with:

Internal control in particular aims to:

The internal control system is based on five basic principles:

The internal control framework is based on the “three lines of defence” model, in accordance with the Basel Committee and European Banking Authority guidelines:

Operational management is responsible for risks, their prevention and their management (by putting in place first-level permanent control measures, amongst other things) and for implementing corrective or remedial actions in response to any deficiencies identified by controls and/or process steering;

Within the internal control framework, operational management is responsible for verifying the proper and continuous running of the risk security and management operation functions through the effective application of established standards, defined procedures, methods and requested controls.

Accordingly, these functions must provide the necessary expertise to define in their respective fields the controls and other means of risk management to be implemented by the first line of defence, and to ensure that they are effectively implemented; they conduct second-level permanent control over all of the Group’s risks, based in particular on the controls they have defined, as well as those defined, if necessary, by other expert functions (e.g. sourcing, legal, tax, human resources, information system security, etc.) and by the businesses;

The Chief Executive Officer is responsible for ensuring the overall consistency and effectiveness of the internal control system.

The purpose of the Group Internal Control Coordination Committee (GICCC) is to ensure the consistency and effectiveness of the Group’s internal control, in response in particular to the obligation laid down in Art. 16 of the modified French Order of 3 November 2014.

The Committee is chaired by the Chief Executive Officer, or in his absence, by a Deputy General Manager or by the Deputy Chief Executive Officer tasked with supervising the area under review. When it meets, the CCCIG convenes the Manager responsible for Coordinating the Internal Control function, the Permanent Control function, the Managers of the second line of defence (CPLE and RISQ), the Representatives appointed by the Heads of DFIN and RESG (including the Global CISO), the Manager of the third line of defence (IGAD) and as observers, the Head of Operational Risks, as well as the Heads of the level 2 permanent control central teams (RISQ/CTL, CPLE/CTL, DFIN/CTL).

The Committee meets approximately 20 times a year to deal with cross-cutting topics as well as the annual review of each BU/SU.

Its objectives are:

It is chaired by the Chief Executive Officer, or, in his absence, by a Deputy Chief Executive Officer or by the Deputy General Manager in charge of supervising the area under review, the Group Internal Control Coordination Committee brings together the Head of the Coordination of Internal Control and the Permanent Control Framework, the Heads of the second line of defence (see A.305, CPLE, RISQ), the Representatives designated by the Head of DFIN and RESG (including the Global CISO), the Head of the third line of Defence (IGAD) and, as observers, the Head of Operational Risks, as well as the Heads of the level 2 permanent control central teams (RISQ/CTL, CPLE/CTL, DFIN/CTL).

Permanent control system

The Group’s permanent control system comprises:

In 2018, General Management initiated a transformation programme of the Group’s permanent control system, which is under its direct supervision. Through a set of actions focusing on areas such as standards, methods, tools, procedures and training, the programme served to consolidate the control culture and optimise risk control, and thus helps to improve the quality and the reliability of services provided to our customers and partners. In 2021, this programme has been finalised and closed, and the transfer of the long-term activities to operating teams has been completed.

FIRST-LEVEL PERMANENT CONTROL

Permanent Level 1 controls, carried out on operations performed by BUs and the SUs, ensure the security and quality of transactions and the operations. These controls are defined as a set of provisions constantly implemented to ensure the regularity, validity, and security of the operations carried out at operational level.

The permanent Level 1 controls consist of:

Defined by a Group entity within its scope, Level 1 controls include controls (automated or manual) that are integrated into the processing of operations, proximity controls included in operating procedures, safety rules, etc. They are carried out in the course of their daily activities by agents directly in charge of an activity or by their managers. These controls aim to:

Permanent Level 1 controls are set by management and avoid, as far as possible, situations of self-assessment. They are defined in the procedures and must be traced without necessarily being formalised, e.g. preventive automated controls that reject transactions that do not comply with system-programmed rules.

In order to coordinate the operational risk management system and the permanent Level 1 control system, the BUs/SUs deploy a specific department called CORO (Controls & Operational Risks Office Department).

SECOND-LEVEL PERMANENT CONTROL

The permanent Level 2 control ensures that the Level 1 control works properly:

The permanent level 2 control, control of the controls, is carried out by teams independent of the operational.

These controls are performed centrally by dedicated teams within Risk Service Unit (RISQ/CTL), Compliance Service Unit (CPLE/CTL) and Finance Service Unit (DFIN/CTL) and locally by the second-level control teams within the BU/SUs or entities.

Internal audit

The Group’s Internal Audit function is delivered by the Service Unit Inspection and Internal Audit (“IGAD”), which brings together the Group’s Inspection and Internal Audit Departments. The Group’s Head of Inspection and Audit has a Group-wide responsibility for the internal audit function.

The Internal Audit function is part of the Group’s internal control set-up. It provides the third and last line of defense and performs periodical controls. The third line of defense is strictly independent from the businesses and other lines of control.

The internal audit mandate delivered by IGAD, defined in line with the IIA Standards (Institute of Internal Auditors), is an independent and objective activity that provides the Group with an assurance as to how effectively it is controlling its risks and operations, advises on improvements and contributes to the creation of added value. By carrying out this mandate, Inspection and Internal Audit help the Group to achieve its targets by evaluating systematically and methodically its processes for risk management, control and corporate governance and making recommendations to increase their efficiency.

IGAD’s internal audit mandate covers Societe Generale SA and all of the Group’s entities and business activities. All businesses, operations and processes without exceptions can be subject to an audit carried out by either Inspection or Internal Audit. This being said, entities within which the Group holds a minority stake are excluded, even if the Group has a significant influence, except in cases where such situation is likely to have a significant impact for the Group on its risk management.

Outsourced activities are also included in the scope of the mandate of IGAD as the Group’s internal audit function.

The Group Head of Inspection and Audit reports directly to the Group Chief Executive Officer.

He meets on a regular basis with the Chair of the Board of Directors. As mentioned in the Internal Rules of the Board, updated in August 2022, the Group Head of Inspection and Audit reports on the execution of the internal audit mandate to the Board of Directors on the basis of presentations made to the Group’s Audit and Internal Control Committee. He presents the Group’s audit and inspection plan, approved by the Chief Executive Officer, to the Board of Directors following its examination by the Group’s Audit and Internal Control Committee.

The Group Head of Inspection and Audit attends all meetings of the Board’s Audit and Internal Control Committee and provides the Committee on regular basis with a presentation of the activity of Internal Audit and General Inspection as well as on the status of implementation of recommendations issued both by IGAD and by supervisors (ECB and ACPR). He also attends all meetings of the Board’s Risk Committee. Both the Audit and Internal Control Committee and the Risk Committee hear the Group Head of Inspection and Audit, possibly at his request.

As foreseen in the Internal Rules of the Board, if necessary, in the event of changes in the risks affecting or likely to affect the Company, the Group Head of Inspection and Audit may report to the Board of Directors, directly or through the Audit and Internal Committee, without referring to the Effective Senior Managers.

To fulfill its mandate, the Group’s IGAD Service Unit has adequate resources from a qualitative and quantitative point of view. The Group’s Inspection and Audit Service Unit has about 1,000 employees located at Head Office and within affiliates and branches (France and overseas).

The Service Unit IGAD operates as a hierarchically integrated division. General Inspection, based at Head Office, has a Group-wide mandate. The various Audit Departments are each in charge of a defined scope of businesses or risks. Whether they are based at Head Office or within entities (affiliates or branches), Audit Departments are all reporting to the IGAD Service Unit. A matrix organisation allows to cover important transversal topics at Group level. Depending on resources and skills required, an audit mission can bring together auditors from different departments. IGAD may decide to send any audit team to carry out a mission within the Group.

General Inspection and Audit carry out their mandate on the basis of missions. Beyond audit missions defined in the yearly plan, General Inspection can be called to perform analysis and study missions or contribute to due diligence work in cases of acquisitions or divestments of Group entities or activities. A specific framework is in place to monitor such work and ensure there are no conflict of interest.

General Inspection and Audit define their respective workplans on a risk-based approach. Internal Audit combines this approach with the requirement to comply with a five-year audit cycle and determines the frequency of review based on the risk level of the audited entities.

In 2022 General Inspection and Internal Audit continued to perform an independent follow-up on recommendations issued by supervisors (ECB, ACPR) with regular status updates presented - in coordination with the Group’s General Secretariat - to General management and the Board’s Audit and Internal Control Committee.

As required by international auditing standards, IGAD is subject to an external quality assessment. IGAD’s certification was maintained following a second certification by the certification institute of the IFACI (Institut Français de l’Audit et du Contrôle Interne – French branch of the IIA) completed in 2022.

The context in 2022 allowed IGAD to resume business travel and on-site missions to a larger extent whilst maintaining remote auditing methods developed during the sanitary crisis. Audit missions carried out in 2022 were split on all categories of risks. Changes made to the audit plan during the year remained limited (reduction of 8% of man-days on audit missions with a total of 586 audit missions carried out this year), reflecting mainly the impact of a higher level of turnover in certain geographies and a shift in a number of projects initially planned to be subject to an audit. Such tensions also led to reschedule a few Inspection missions this year.

In 2022 IGAD initiated works required in response to recommendations issued by the European Central bank and IFACI on the internal audit function. Such work pertained mainly to (i) governance, being IGAD’s internal governance, the set-up with regards to the interactions between the internal Audit function and the Group’s governance at General management and Board level and the governance for the audit function at local level; (ii) the redesign, to be completed by end of 2024, of its independent risk assessment exercise and (iii) the establishment of a multi-year audit plan. The implementation of these action plans will remain a priority over 2023 and 2024 for the internal audit function. In addition, the restructuring of the audit recommendations issuance and monitoring process was initiated: all Business Units and Service Units will be engaged in the process, which will enable IGAD to focus its work on the most important risks in line with a strategic goal to optimize the layering of controls within the Group’s internal control framework.

On the operational side, internal audit departments (i) further developed their ability to provide independent assurance on the performance of permanent control departments; (ii) reinforced their auditing methods on topics such as “conduct” or “ESG” and (iii) increased the use of data analytics in the audit missions.

The participants involved

There are many participants in the production of financial data:

In the framework of these missions, it is in charge of:

Accounting and regulatory standards

Local financial statements are drawn up in accordance with local accounting standards, and the consolidated Group financial statements are prepared in accordance with the standards defined by the Group Finance Department, which are based on IFRS as adopted by the European Union.

The applicable standards on solvency and liquidity, promulgated by the Basel Committee, were translated into European law by a directive (CRD4) and a regulation (CRR). They were rounded out by the Regulation CRR2 and the Directive CRD5 which entered into force on 28 June 2019. These texts are supplemented by several delegated acts and implementation technical standards. As the Societe Generale Group is identified as a “financial conglomerate”, it is subjected to additional supervision.

The Group Finance Department has dedicated teams that monitor the applicable standards and draft new internal standards to comply with any changes in the accounting and regulatory framework.

Procedures for producing financial and accounting data

Each entity in the consolidation scope of the Group prepares its own accounting and management statements on a monthly basis. This information is then consolidated each month at Group level and published for the markets on a quarterly basis. Data reported are subject to analytical reviews and consistency checks performed by Finance Department or delegated to financial shared service centers acting under their responsibility and sent to the Group Finance Department. The Group Finance Department forwards the consolidated financial statements, Management Reports and regulatory statements to General Management and any interested third parties.

Internal control procedures governing the production of financial and accounting data

Accounting data are compiled independently of the front offices and the sales teams.

The quality and objectivity of the accounting and management data are ensured by the separation of sales functions and all the functions of operational processing and follow-up of the operations: back offices and middle offices integrated into Resources Department and teams in charge of result production integrated into Finance Department. These teams carry out a series of controls defined by Group procedures on financial and accounting data, in particular:

Given the increasing complexity of the Group’s financial activities and organisation, staff training and IT tools are regularly upgraded to ensure that the production and verification of accounting and management data are effective and reliable.

SCOPE OF CONTROL

In practice, the internal control procedures implemented in the Group’s businesses are designed to guarantee the quality of financial and accounting information, and notably to:

CONTROL BY THE FINANCE DEPARTMENTS

The Finance Department of each subsidiary checks the accuracy and consistency of the financial statements with respect to the relevant accounting frameworks (local standards and IFRS for subsidiaries, as well as French standards for branches). It performs checks to guarantee the accuracy of the information disclosed.

The data received for consolidation from each subsidiary are drawn from corporate accounting data by the subsidiaries after they have been locally brought into compliance with Group accounting principles.

Each subsidiary must be able to explain the transition from the Company financial statements to the financial statements reported through the consolidation tool.

The Finance Departments of the Business Units/Services Units have a dedicated department for financial management and control.

The Finance Departments also rely on shared service centers that perform level 1 controls necessary to ensure the reliability of accounting, tax and regulatory information on the financial statements they produce in accordance with local and IFRS standards and notably data quality and consistency checks (equity, securities, foreign exchange, financial aggregates from the balance sheet and income statement, deviations from standards), justification and certification of the financial statements under their responsibility, intercompany reconciliation of the financial statements, regulatory statement checks and verification of evidence of tax charges and balances (current, deferred and duties).

These controls are declared as part of the managerial supervision and Group accounting certification processes.

These controls allow the Shared Services Centers to provide all necessary information to the Finance Departments of Business Units/Services Units and the Group Finance and Accounting Department to ensure the reliability and consistency of the accounts prepared.

These shared service centers are located in Paris, Bangalore and Bucharest.

CONTROLS BY ALL OPERATIONAL STAFF INVOLVED IN THE PRODUCTION OF ACCOUNTING, FINANCIAL AND MANAGEMENT DATA

The operational staff monitor their activity via a permanent supervision process under the direct responsibility of their management teams, repeatedly verifying the quality of the controls carried out on completeness of accounting data and the associated accounting treatment.

SUPERVISION BY THE GROUP FINANCE DEPARTMENT

Once the financial statements prepared by the entities have been restated according to Group standards, they are entered into a central database and processed to produce the consolidated statements.

The service in charge of consolidation in the Group Accounting Officer Department checks that the consolidation scope complies with the applicable accounting standards and performs multiple checks on data received for consolidation purposes. These checks include:

Last, this service ensures that the overall consolidation process has been conducted properly by performing analytical reviews of the summary data and verifying the consistency of the main aggregates of the financial statements. These verifications are complemented by transversals analysis such as analysis of changes in shareholders’ equity, goodwill, provisions and consolidated deferred taxes.

A team in this department is in charge of managing and coordinating the Group accounting certification framework to certify first-level controls on a quarterly basis (internal control certification).

The Group Finance Department has also a dedicated team, it which is responsible for ensuring second-level permanent controls on all Finance processes and for implementing the framework within the Group. Its mission is to ensure the effectiveness, quality and relevance of the Level 1 control framework by assessing it through process or activity reviews, testing controls and quarterly certifications. The team, reporting directly to the Group Finance Department, also reports to the Head of Permanent & Internal Control Division of Societe Generale Group.

Controls through audits and specialized audit teams of the internal audit division

Internal Audit and the General Inspection define their audits and inspections using a risk-based approach and define an annual work program (Inspection and Audit plan schedule – plan de tournée). As part of their assignments, teams may verify the quality of the control environment contributing to the quality of the accounting and management data produced by the audited entities. They may check a certain number of accounts and assess the reconciliations between accounting and management data, as well as the quality of the permanent supervision procedures for the production and control of accounting data. They also assess the performance of IT tools and the accuracy of manual processing.

The department in charge of auditing the Group’s Central Departments is responsible for auditing the Group Finance Department. Within that department, a distinct team, placed under the responsibility of a dedicated Audit Business Correspondent monitors and animates audit work related to accounting and financial matters on a Group-wide basis. The team provides expertise in identifying the Group’s main accounting risks and develops training sessions and methodologies to help share expertise in the auditing of accounting risks.

Audit missions pertaining to accounting matters are carried out by that team, for the subjects considered as the most material for the accuracy of the Group’s accounting information, as well as by Audit Departments based in the Group’s entities.

Based on their findings, these teams issue recommendations to the parties involved in the production and control of accounting, financial and management data. Departments being assigned these recommendations are responsible for their implementation. A monitoring is performed by IGAD.

IN BRIEF

This section provides details on capital resources, regulatory requirements and the composition of the leverage ratio.

Evolution of CET1 capital

-€1.2bn*

(between 2021 and 2022)

Evolution of total regulatory capital

+€1.2bn*

CET1 ratio at end 2022

13.5%*

* Figures taking into account the phasing under IFRS 9 (CET1 ratio of 13.34% at end-2022 without phasing, a phasing effect of +17 bp) and the effects of the transitional Covid-19 measures taken by the ECB and ending on 31 December 2022.

Since January 2014, Societe Generale has applied the Basel III regulations implemented in the European Union through a regulation and a directive (CRR and CRD4 respectively).

The general framework defined by Basel III is structured around three pillars:

Several amendments to European regulatory standards were adopted in May 2019 (CRR2/CRD5). The majority of these provisions entered into force in June 2021.

The amendments include:

With regard to the implementation of the market risk reform (FRTB), after the publication of the first revised standard in January 2016 and of the consultation in March 2018 on this subject, the Basel Committee published in January 2019 its final text: BCBS457. In March 2020, the Basel Committee announced a one-year delay in the implementation of FRTB (1 January 2023 instead of 1 January 2022 as originally planned in the January 2019 text).

The European FRTB calendar would be as follows:

In December 2017, the Group of Central Bank Governors and Heads of Supervision (GHOS), the Basel Committee’s oversight body, endorsed the regulatory reforms aiming to complete Basel 3.

A first version of the transposition text was published by the European Commission on 27 October 2021 (“CRR3 – CRD6”) and will serve as support for the European Trialogue where this version will be combined with the Council text published in November 2022 and the Parliament text. The trialogue is expected to be finalized in the summer of 2023. It will then have to be voted by Parliament to become applicable.

These new rules, which were to take effect from 2022, have been postponed to January 2025 with an overall output floor: the risk-weighted assets (RWA) will be floored to a percentage of the standard method (credit, market and operational). The output floor level will increase gradually, from 50% in 2025 to 72.5% in 2030.

Throughout 2022, Societe Generale complied with the minimum ratiorequirements applicable to its activities.

As part of its capital management, the Group (under the managment of the Finance Department and the supervision of Risk Department) ensures that its solvency level is always compatible with the following objectives:

The Group determines its internal solvency targets in accordance with these objectives and regulatory thresholds.

The Group has an internal process for assessing the adequacy of its capital that measures and explains the evolution of the Group’s capital ratios over time, taking into account any future regulatory constraints and changes in the scope. 

This process is based on a selection of key metrics that are relevant to the Group in terms of risk and capital measurement, such as CET1, Tier 1 and Total Capital ratios. These regulatory indicators are supplemented by an assessment of the coverage of internal capital needs by available CET1 capital and an economic perspective, thus confirming the relevance of the targets set in the risk appetite. Besides, this assessment takes into account the constraints arising from the other metrics of the risk appetite, such as rating, MREL and TLAC or leverage ratio.

All of these indicators are measured on a forward-looking basis in relation to their target on a quarterly or even monthly basis for the current year. During the preparation of the financial plan, they are also assessed on an annual basis over a minimum of three-year horizon according to at least a baseline and adverse scenarios, in order to demonstrate the resilience of the bank’s business model against adverse macroeconomic and financial uncertain environments. Capital adequacy is continuously monitored by the Executive Management and by the Board of Directors as part of the Group’s corporate governance process and is reviewed in depth during the preparation of the financial plan. It ensures that the bank always complies with its financial target and that its capital level is above the “Maximum Distributable Amount” (MDA) threshold.

Besides, the Group maintains a balanced capital allocation among its three strategic core businesses:

Each of the Group’s core businesses accounts for around a third of total Risk-Weighted Assets (RWA), with a predominance of credit risk (83% of total Group RWA, including counterparty credit risk).

At 31 December 2022, Group RWA were down 1% to EUR 360 billion, compared with EUR 363 billion at end-December 2021.

The evolution of the business lines’ RWA lies at the core of the operational management of the Group’s capital trajectory based on a detailed understanding of the vectors of variations. Where appropriate, the General Management may decide, upon a proposal from the Finance Department, to implement managerial actions to increase or reduce the share of the business lines, for instance by validating the execution of synthetic securitisation or of disposals of performing or non-performing portfolios.

The Group’s prudential reporting scope includes all fully consolidated entities, with the exception of insurance entities, which are subject to separate capital supervision.

All regulated entities of the Group comply with their prudential commitments on an individual basis.

Non-regulated entities outside of the scope of prudential consolidation are subject to periodic reviews, at least annually.

The following table provides the main differences between the accounting scope (consolidated Group) and the prudential scope (Banking Regulation requirements).

The following table provides a reconciliation between the consolidated balance sheet and the accounting balance sheet within the prudential scope.The amounts presented are accounting data, not a measure of RWA, EAD or prudential capital. Prudential filters related to entities and holdings notassociated with an insurance activity are grouped together on account of their non-material weight (< 0.1%).

The main Group companies outside the prudential reporting scope are as follows:

Generally, all regulated Group undertakings are subject to solvency requirements set by their respective supervisory authorities. Regulated financial entities and affiliates outside of Societe Generale’s prudential consolidation scope are all in compliance with their respective solvency requirements. As a general principle, all banks should be under a double supervision, on a standalone basis and on a consolidated basis but the CRR allows, under specific conditions, waivers from the requirements on an individual basis granted by the competent authorities.

The supervisory authority accepted that some Group entities may be exempted from the application of prudential requirements on an individual basis or, where applicable, on a sub-consolidated basis. Terms and conditions of waiver of requirements granted by supervisors include a commitment to provide these subsidiaries with the Group’s support to ensure their overall solvency and liquidity, as well as a commitment to ensure that they are managed prudently according to the applicable banking regulations.

The conditions for applying waivers regarding monitoring on an individual basis for a Parent Institution, as far as solvency and large exposure ratios are concerned, are defined by the CRR, which stipulates that two conditions have to be met:

Accordingly, for instance, Societe Generale SA is not subject to prudential requirements on an individual basis.

Any transfer of equity or repayment of liabilities between the parent company and its entities is carried out in compliance with capital and liquidity requirements that are locally applicable. The obligation to comply with such requirements may affect the capacity of subsidiaries to transfer funds to the parent company. Every year, in compliance with local capital and liquidity regulatory requirements, the Group reviews the capitalization of its subsidiaries (direct and indirect) and proposals for appropriation of their allocating their net income (payment of dividends, retained earnings, etc.). In addition, the Group studies requests from its subsidiaries relating to changes in their equity or eligible liabilities (capital increases or decrease, distributions of exceptional dividends, loan issues or repayments). These reviews and studies show that, as long as subsidiaries comply with their regulatory constraints, there is no significant obstacle to transfer funds from Societe Generale to them or vice versa.

The financing process of subsidiaries within the Group allows rapid repayments of loans between the parent company and its subsidiaries. In 2022, the embargo on Russia was a significant to the rapid repatriation of the funds generated by the sale of Rosbank, which could nevertheless be repatriated. Moreover, the war in Ukraine is disrupting remittances, but the Group is not significantly affected.

The outline of the differences in the scopes of consolidation (entity byentity) is available on the website www.societegenerale.com, section“Universal Registration Document, Pillar 3” This informationcorresponds to table LI3 of EBA instructions (EBA/ITS/2020/04).

Reported in accordance with International Financial Reporting Standards (IFRS), Societe Generale’s regulatory capital consists of the following components.

Common Equity Tier 1 capital

According to the applicable regulations, Common Equity Tier 1 capital is made up primarily of the following:

Deductions from Common Equity Tier 1 capital essentially involve the following:

Additional Tier 1 capital

According to CRR/CRD regulations, Additional Tier 1 capital is made up of deeply subordinated notes that are issued directly by the Bank, and have the following features:

Deductions of Additional Tier 1 capital essentially apply to the following:

Tier 2 capital

Tier 2 capital includes:

Deductions of Tier 2 capital essentially apply to the following:

All capital instruments and their features are detailed online (www.societegenerale.com/en/measuring-our-performance/information-and-publications/registration-documents).

Solvency ratios

The solvency ratios are set by comparing the Group’s equity (Common Equity Tier 1 (CET1), Tier 1 (T1) or Total Capital (TC)) with the sum of risk-weighted exposures for credit risk and the capital requirement multiplied by 12.5 for market and operational risks.

Each quarter, the ratios are calculated following the accounting closing and then compared to the supervisory requirements.

The Pillar 1 regulatory minimum capital requirement is set at 4.5% for CET1, 6% for T1 and 8% for TC. This minimum remains stable over time.

The minimum Pillar 2 requirement (P2R) is set by the supervisor following the Supervisory Review and Evaluation Process (SREP). It has been standing at 2.12% until 31 December 2022, this level will stand at 2.14% including the additional requirement regarding Pillar 2 prudential expectations on the provisioning of non-performing loans granted before 26 April 2019.

In addition to these requirements comes the overall buffer requirement which is the sum of:

As at 31 December 2022, taking into account the combined regulatory buffers, the phased-in CET1 ratio level that would trigger the Maximum Distributable Amount (MDA) mechanism stands at 9.35%. It will stand at 9.39% from 1 January 2023.

The solvency ratio as at 31 December 2022 stood at 13.5% in Common Equity Tier 1 (13.7% at 31 December 2021) and 16.3% in Tier 1 (15.9% at 31 December 2021) for a total ratio of 19.3% (18.8% at 31 December 2021).

Group shareholders’ equity at 31 December 2022 totalled EUR 66.4 billion (compared with EUR 65.1 billion at 31 December 2021).

After taking into account non-controlling interests and regulatory adjustments, CET1 regulatory capital was EUR 48.6 billion at 31 December 2022, vs. EUR 49.8 billion at 31 December 2021. The Additional Tier One deductions mainly regard authorisations to buy back own Additional Tier 1 capital instruments as well as subordinated bank and insurance loans.

The prudential deductions and restatements included in the “Other” category essentially involve the following:

The Basel III Accord has established the rules for calculating minimum capital requirements in order to more accurately assess the risks to which banks are exposed, taking into account the risk profile of transactions via two approaches intended for determining RWA: a standardised approach and an advanced one based on internal methods modelling the counterparties’ risk profiles.

Change in risk-weighted assets and capital requirements