As part of setting its Risk Appetite, Societe Generale seeks a sustainable development based on a diversified and balanced banking model with a strong European foothold and a global presence targeted on a few areas of strong business expertise. The Group also aims to maintain long-term relationships with its customers built on well-earned trust, and to respond responsibly to the expectations of all of its stakeholders. At 31 December 2022, the indicators of the Group’s risk appetite in terms of solvency, earnings, market risk, cost of risk and non performing loans rate were within the risk appetite levels defined by the Group. They have not reached the tolerance thresholds defined by the Board.


The Group seeks sustainable profitability, relying on a robust financial strength profile, consistent with its diversified banking model. In terms of financial ratios, the Group calibrates its objectives to ensure a sufficient margin of safety in relation to regulatory requirements. As of 31 December 2022, the Group’s CET1 ratio stood at 13.5% compared to 13.7% at the end of 2021, well above the regulatory requirement of 9.35% (“MDA” threshold - Maximum Distributable Amount, calculated at end of Decembre 2022).

The solvency and leverage prudential ratios, as well as the amounts of regulatory capital and RWA featured here take into account the IFRS 9 phasing (fully-loaded CET1 ratio of 13.34% at end 2022, the phasing effect being +17 bps) and the effects of the ECB’s Covid-19 transitional measures ending on 31 December 2022.

As of 31 December 2022, the Group’s leverage ratio stood at 4.4%, taking into account an amount of Tier 1 capital of EUR 58.7 billion compared to a leverage exposure of EUR 1,345 billion. euros (compared to 4.9% as of 31 December 2021, with EUR 57.9 billion and EUR 1,190 billion respectively).

In addition, as of 31 December 2022, the Group has a TLAC (Total Loss Absorbing Capacity) ratio of 33.64% of weighted exposures (compared to 31.1% as of 31 December 2021, for a regulatory requirement of 21.66% at the end of 2022).

Regarding its risk profile, the Group has a balanced distribution of risk-weighted exposures (RWA) between its Global Banking and Investor Solutions divisions (34% as of 31 December 2022), Retail Banking and International Financial Services (31% as of 31 December 2022), Retail Banking in France (29% as of 31 December 2022) and Corporate Center (6% as of 31 December 2022). In terms of change, the Group’s weighted exposures stood at EUR 360.5 billion as of 31 December 2022 compared to EUR 363.4 billion as of 31 December 2021, a decrease of -1%.

Concerning the internal economic approach of the ICAAP, the rate of coverage of the Group’s internal capital requirement by the internal capital the end of 2022 is greater than 100%.

(In EURbn)

Credit and

counterparty credit



Total 31.12.2022

French Retail Banking





International Retail Banking and Financial Services





Global Banking and Investor Solutions





Corporate Centre










(In EURbn)

Credit and

counterparty credit



Total 31.12.2021

French Retail Banking





International Retail Banking and Financial Services





Global Banking and Investor Solutions





Corporate Centre










In addition, the Group presents its unconsolidated structured entities in Note 2.4 of the financial statements of the 2023 Universal Registration Document. Intra-group transactions are governed by a credit granting process respecting different levels of delegation within the Business Units, the Risk Department and the Finance Department. The entities’ structural risk management and oversight systems are also submitted to the Finance Department and the Risk Department.


Weighted exposures for credit risk and counterparty risk represent the Group’s main risk with an amount of risk-weighted exposures (RWA) of EUR 300.7 billion as of 31 December 2022, i.e. 83% of the total RWAs. These weighted exposures decreased by -1.4% compared to 31 December 2021 and are mainly based on the internal model approach (67% of credit and counterparty risk RWA). This decrease is mainly due to a methodology effect (-8 billion euros), a perimeter effect (-6 billion euros) related to the sale of Rosbank, and a volume effect (-4.4 billion euros) partially offset by a model effect update (+7.8 billion euros), a downgrade of assets quality (+3.9 billion euros) and a foreign exchange effect (+2.6 billion euros).

The credit portfolio presents a diversified profile. As of 31 December 2022, exposure to credit and counterparty risk represented an amount of EAD of 1,119 billion euros, up (+4%) compared to the end of 2021, driven in particular by the increase of ” Sovereigns”exposures. The breakdown of the portfolio between main customer categories is balanced: Sovereigns (29%), Corporates (32%), Retail customers (20%), Institutions (9%) and Others (10%).

In terms of geographic breakdown of the portfolio, exposure to emerging countries remains limited: the Group’s exposure is 70% in Western Europe (including 48% in France) and 14% in over North America. In sectoral terms, only the Financial Activities sector represents 7% of the Group’s Corporate exposures, followed by the Real Estate Activities and Business Services sectors.

With regard more specifically to counterparty risk, exposure represents an amount of EAD of 160 billion euros, increased (+11%) compared to the end of 2021, linked to the significant increase in exposure to Sovereigns.

As of 31 December 2022, EAD’s exposure to Russia represented 2.2 billion euros (exc. Private Banking) mainly made up of operations set up as part of the financing activities of Global Banking and Investor Solutions.

(See details in Chapter 6 “Credit risk” and Chapter 7 “Counterparty credit risk”.)

The Group’s net cost of risk in 2022 is EUR 1,647 million, up by 135% compared to 2021. This higher cost of risk compared to a low 2021 reference base is composed by a cost of risk which remains low on defaulted outstandings (stage 3), 17 bp compared to 18 bp in 2021, and provisions on sound outstandings (stage 1/stage 2) of 12 bp in order to maintain a prudent provisioning policy in an environment marked by economic prospects less favorable and in particular the rise in inflation and interest rates.

The cost of risk (expressed in basis points on the average of outstandings at the beginning of the period for the four quarters preceding the closing, including operating leases) thus stands at 28 basis points for the year 2022 compared to 13 basis points in 2021.

In French Retail Banking, the cost of risk is up to 20 basis points in 2022 compared to 5 basis points in 2021. This NCR includes an allocation of 4 bps on sound outstandings (compared to the stage 1/stage 2 recovery of -7bp in 2021).

At 52 basis points in 2022 (compared to 38 basis points in 2021), the cost of risk of the International Retail Banking and Financial Services division increased despite a lower NCR on defaulted outstandings (internship 3) due to an allocation of 15 base points on stage 1/stage 2.

The cost of risk for Global Banking and Investor Solutions posted a level of 23 basis points (compared to 4 basis points in 2021), reflecting a sharp rise in the cost of risk on performing loans (stage 1/ stage 2) at 20 bp, while the NCR on defaulted outstandings remains very moderate (4 bp against 7 bp in 2021).

(See details in section 6 of Chapter 6 “Credit risk”.)

Elements relating to ESG risks are presented in Chapter 14 of this Pillar 3 document.

Within the meaning of Template 1 of Pillar 3 on ESG risks concerning transition risk, exposures towards sectors that highly contribute to climate change(1) (based on the NACE codes provided by the EBA) represent 177 billion euros of gross carrying amount.


In accordance with the Commission delegated regulation EU) 2020/1818 supplementing regulation (EU) 2016/1011 as regards minimum standards for EU Climate Transition Benchmarks and EU Paris-aligned Benchmarks -Climate Benchmark Standards Regulation - Recital 6: Sectors listed in Sections A to H and Section L of Annex I to Regulation (EC) No 1893/2006.

(In EURbn)



Group gross doubtful loans ratio(1)



Doubtful loans (Stage 3)



Stage 3 Provisions



Group gross doubtful loans coverage ratio




Customer loans and advances, deposits at banks and loans due from banks, finance leases, excluding loans and advances classified as held for sale, cash balances at central banks and other demand deposits, in accordance with the EBA/ITS/2019/02 Implementing Technical Standards amending Commission Implementing Regulation (EU) No 680/2014 with regard to the reporting of financial information (FINREP). The NPL rate calculation was modified in order to exclude from the gross exposure in the denominator the net accounting value of the tangible assets for operating lease. Performing and non-performing loans include loans at fair value through profit or loss which are not eligible to IFRS 9 provisioning and so not split by stage. Historical data restated.

(In bps)



Cost of risk




As of 31 December 2022, operational risk-weighted exposures represented EUR 46 billion, or 13% of the Group’s RWA, down -2% compared to the end of 2021 (EUR 46.8 billion). These weighted exposures are mainly determined using the internal model (97% of the total). The total amount of exposures weighted assets decreases in 2022 (-0.8 billion euros, i.e. -1.7%) mainly due to the disposal of activities in Russia.

(See details in section 4 of Chapter 10 “Operational risk”).


Market risk-weighted exposures are mainly determined using internal models (86% of the total at the end of 2022). These weighted exposures amounted to EUR 13.7 billion at the end of 2022, i.e. 3.8% of the Group’s total RWA, up +18% compared to the end of 2021 (EUR 11.6 billion).

Capital requirements for market risk increased in 2022. This increase is reflected in the VaR and the risks calculated under the standard approach:

the VaR gradually increased over 2022, from a historically low level at the end of 2021;

risks calculated under the standard approach are on the rise, mainly due to the currency portion.

(See details in Chapter 9 “Market risk”).

(In EURm)



VaR (1 day, 99%) average value



SVaR (1 day, 99%) average value




The LCR (Liquidity Coverage Ratio) ratio stood at 141% at the end of 2022 (compared to 129% at the end of 2021), corresponding to excess liquidity of EUR 74 billion (compared to EUR 51 billion at the end of 2021), compared to a regulatory requirement of 100%. The increase in the LCR of Société Générale between end of 2021 and end of 2022 reflects a precautionary and anticipatory stance, whereby Société Générale has increased its term deposits in the money market and anticipated a portion of its 2023 funding plan. This was driven by (i) favorable market conditions at the end of the year, (ii) the new context of positive interest rates, that may reduce deposits from corporate clients to monetary supports; (iii) anticipating the reduction in liquidity generated by the end of the TLTRO.

Liquidity reserves amounted to EUR 279 billion as of 31 December 2022 (compared to EUR 229 billion as of 31 December 2021). This variation is mainly due to an increase in HQLA securities available for sale on the market (after discount), partially offset by an increase in central bank deposits (excluding mandatory reserves).

(See details in sections 5 and 6 of Chapter 12 “Liquidity risk”).


In a parallel schock scenario where the interest rate increase, the impact of the changes of EVE (economic value of equity) in 2022 is -2,900 EUR million and 375 EUR million on interest margin. On the contrary, in a parallel schock scenario where the interest rate decrease, the impact of the changes of EVE (economic value of equity) in 2022 is 1,011 EUR million and -1,102 EUR million on interest margin.

(See details in section 2 of Chapter 11 “Structural interest rate and exchange rate risks”).

(In EURm)


Changes of the economic value

of equity (EVE)

Changes of the net interest income


Supervisory shock scenarios*




Parallel up

(2 900)



Parallel down 

1 011

(1 102)



1 875




(2 547)



Short rates up

(2 747)



Short rates down

2 862


(In EURm)


Changes of the economic value

of equity (EVE)

Changes of the net interest income


Supervisory shock scenarios*




Parallel up




Parallel down 












Short rates up




Short rates down




The above 6 shock scenarios are detailed in appendix 3 of the EBA/GL/2018/02 regulation (refer to EBA BS 2018 XXX Proposed final revised IRRBB Guidelines.docx (europa.eu)).


In 2022, the Group finalized the sale of Rosbank in Russia in the context of the russo-ukrainian crisis and the net income was around -3 billion euros. Furthermore, some important milestones have been reached concerning the merger of the retail network in France, in accordance to the schedule, and lead to the legal merger of retail network of Société Générale and Crédit du Nord on January, 1st. The new SG retail bank is launched. Partnership between Société Générale and ING has been finalised, pushing further ahead Boursorama (new clients +1.4 million clients reaching 4.7 million clients at end of 2022). The planned acquisition of LeasePlan by ALD in the mobility sector and Bernstein joint venture deal for our Equities business will create global leaders.


(In EURm)









Common Equity Tier 1 (CET1) capital 







Tier 1 capital 







Total capital 








Total risk-weighted assets








Common Equity Tier 1 ratio (%)







Tier 1 ratio (%)







Total capital ratio (%)







EU 7a

Additional own funds requirements to address risks other than the risk of excessive leverage (%) 






EU 7b

of which to be made up of CET1 capital (%)






EU 7c

of which to be made up of Tier 1 capital (%)






EU 7d

Total SREP own funds requirements (%)








Capital conservation buffer (%)






EU 8a

Conservation buffer due to macro-prudential or systemic risk identified at the level of a Member State (%)







Institution-specific countercyclical capital buffer (%)






EU 9a

Systemic risk buffer (%)







Global Systemically Important Institution buffer (%)






EU 10a

Other Systemically Important Institution buffer







Combined buffer requirement (%)






EU 11a

Overall capital requirements (%)







CET1 available after meeting the total SREP
own funds requirements (%)








Leverage ratio total exposure measure(2)







Leverage ratio







EU 14a

Additional own funds requirements to address
the risk of excessive leverage (%) 






EU 14b

of which to be made up of CET1 capital (%)






EU 14c

Total SREP leverage ratio requirements (%)(3)







EU 14d

Leverage ratio buffer requirement (%)






EU 14e

Overall leverage ratio requirements (%)(3)








Total high-quality liquid assets (HQLA)
(Weighted value – average)






EU 16a

Cash outflows – Total weighted value 






EU 16b

Cash inflows – Total weighted value 







Total net cash outflows (adjusted value)







Liquidity coverage ratio (%)








Total available stable funding







Total required stable funding







NSFR ratio (%)







The own funds requirement applicable to Societe Generale group in relation to Pillar 2 reaches 2.12% (of which 1.19% in CET1) until 31/12/2022 resulting in a total SREP own funds requirements of 10.12%.


Over the whole historical period considered, the measurement of the leverage exposure has been taking into account the option to exempt temporarily some central bank exposures in accordance with the European regulation.


The leverage ratio requirement applicable to Societe Generale group is 3.09% (enhancement of the initial regulatory requirement of 3% in relation to the abovementioned central bank exemption) until 3/31/2022 and then 3% effective 6/30/2022.

(in EURm)









Own funds and eligible liabilities 







Total RWA of the Group







Own funds and eligible liabilities as a percentage of RWA







Total exposure measure of the Group







Own funds and eligible liabilities as percentage of the total exposure measure







Does the subordination exemption in Article 72b(4) of the CRR apply? (5% exemption)







Pro-memo item: Aggregate amount of permitted non-subordinated eligible liabilities in-struments
If the subordination discretion as per Article 72b(3) CRR is applied (max 3.5% exemption)







Pro-memo item: If a capped subordination exemption applies under Article 72b (3) CRR, the amount of funding issued that ranks pari passu
with excluded liabilities and that is recognised under row 1, divided by funding issued that ranks pari passu with excluded Liabilities and that would be recognised under row 1 if no cap was applied (%)







With IFRS 9 phasing effect taken into account over the whole historical period considered.

As at 31 December 2022, the Group presents a TLAC ratio of 33.64% of risk-weighted assets (RWA) with the option of Senior preferred debt limited to 3.5% of RWA (the ratio being 30.47% without this option) for a regulatory requirement of 21.66%, and of 9.02% of the leverage exposure for a regulatory requirement of 6.75%.





This section describes the various types of risks and the risks to which Societe Generale is exposed.


This section identifies the main risk factors that the Group estimates could have a significant effect on its business, profitability, solvency or access to financing.

As part of its internal risk management, Societe Generale has updated its risk typology. For the purposes of this section, these different types of risks have been grouped into six main categories (4.1 to 4.1.6), in accordance with Article 16 of the Regulation (EU) 2017/1129, also known as “Prospectus 3” regulation of 14 June 2017, according to the main risk factors that the Group believes could impact the risk categories. Risk factors are presented based on an evaluation of their materiality, with the most material risks indicated first within each category.

The diagram below illustrates how the categories of risks identified in the risk typology have been grouped into the six categories and which risk factors principally impact them.

2.1.1 RISKS RELATED TO THE MACROECONOMIC, GEOPOLITICAL, MARKET AND REGULATORY ENVIRONMENTS The global economic and financial context, geopolitical tensions, as well as the market environment in which the Group operates, may adversely affect its activities, financial position and results of operations.

As a global financial institution, the Group’s activities are sensitive to changes in financial markets and economic conditions generally in Europe, the United States and elsewhere around the world. The Group generates 49% of its business in France (in terms of net banking income for the financial year ended 31 December 2022), 32% in Europe, 7% in the Americas and 12% in the rest of the world. The Group could face significant deteriorations in market and economic conditions resulting from, in particular, crises affecting capital or credit markets, liquidity constraints, regional or global recessions and fluctuations in commodity prices (notably oil and natural gas). Other factors could explain such deteriorations, such as variations in currency exchange rates or interest rates, inflation or deflation, rating downgrades, restructuring or defaults of sovereign or private debt, or adverse geopolitical events (including acts of terrorism and military conflicts). In addition, the Covid-19 crisis continues to have an impact mainly in China, where the so-called “Zero Covid” policy has begun to be relaxed. Such events, which can develop quickly and whose effects may not have been anticipated and hedged, could affect the Group’s operating environment for short or extended periods and have a material adverse effect on its financial position, cost of risk and results of operations.

The economic and financial environment is exposed to intensifying geopolitical risks. The war in Ukraine which began in February 2022 has led to high tensions between Russia and Western countries, with significant impacts on global growth, energy and raw materials prices, as well as on a humanitarian level. The economic and financial sanctions imposed by a large number of countries, particularly in Europe and the United States, against Russia and Belarus could significantly affect operators with direct or indirect links to Russia, with a material impact on the Group’s risks (credit and counterparty, market, reputation, compliance, legal, operational, etc.). The Group will continue to analyse in real time the global impact of this crisis and to take all necessary measures to comply with applicable regulations.

In Asia, US-China relations are fraught with trade tensions and the risk of technological fractures.

After a long period of low interest rates, the current inflationary environment is leading the major central banks to raise rates. The entire economy will need to adapt to a context of higher interest rates. In addition to the impact on the valuation of equities, interest rate-sensitive sectors such as real estate will have to adjust. The US Federal Reserve and the European Central Bank (ECB) are expected to continue to tighten monetary conditions in the first half of 2023 before taking a break as inflation recedes according to our predictions. In the meantime, inflation in the US and Europe continues to impact the price of services, food and energy.

This crisis could generate strong volatility on the financial markets and a significant drop in the price of certain financial assets, potentially leading to payment defaults, with consequences that are difficult to anticipate for the Group. In France, after the long period of low interest rates which fostered an upturn of the housing market, a reversal of activity in this area could have an adverse effect on the Group’s asset value and on business, by decreasing demand for loans and resulting in higher rates of non-performing loans. More generally, the higher interest rates environment in a context where public and private debts have tended to increase is an additional source of risk.

Considering the uncertainty generated by this situation, both in terms of duration and scale, these disruptions could persist throughout 2023 and have a significant impact on the activity and profitability of certain Group counterparties.

Against the backdrop of the continuing war in Ukraine, the reduction in Russian gas imports and the introduction of an embargo on Russian oil on 5 December 2022, the European energy sector is facing a more difficult and uncertain situation. Gas prices have risen and remain highly volatile. A total halt in Russian gas supplies combined with a post-Covid-19 economic recovery in China could lead to a further spike in gas prices, affecting European economic growth.

In the longer term, the energy transition to a “low-carbon economy” could adversely affect fossil energy producers, energy-intensive sectors of activity and the countries that depend on them.

With regard to financial markets, in the context of Brexit, the topic of non-equivalence of clearing houses (central counterparties, or CCPs) remains a point of vigilance, with possible impacts on financial stability, notably in Europe, and therefore on the Group’s business. In addition, capital markets (including foreign exchange activity) and securities trading activities in emerging markets may be more volatile than those in developed markets and may also be vulnerable to certain specific risks, such as political instability and currency volatility. These elements could negatively impact the Group’s activity and results of operations.

On the mobility market, due to the shortage of new car supply, demand for used vehicles has risen, pushing up resale prices sharply. As a result, ALD has recorded a historically high result on used vehicle sales for the past year. The Group is exposed to a potential loss in a financial year from (i) resale of vehicles related to leases which expire during the period whose resale value is lower than their net carrying amount and (ii) additional impairment during the lease period if residual value drops below contractual residual value. Future sales and estimated losses are impacted by external factors such as macroeconomic conditions, government policies, tax and environmental regulations, consumer preferences, new vehicle prices, etc. The Group anticipates for 2023 that supply chains may not return to normal immediately, which could support the resale prices of used vehicles.

The Group’s results are therefore exposed to the economic, financial, political and geopolitical conditions of the main markets in which the Group operates. The Group’s failure to achieve its strategic and financial objectives disclosed to the market could have an adverse effect on its business, results of operations and the value of its financial instruments.

The Group is fully on track to achieving its strategic milestones and has set targets for profitable and sustainable growth out to 2025 with:

average annual revenue growth of 3% or greater over the 2021-2025 period by focusing on growth in the most profitable businesses;

an improved cost to income ratio equal to or lower than 62% in 2025 and ROTE of 10% based on a targeted CET1 ratio of 12% in 2025;

disciplined management of scarce resources, in addition to keeping a tight rein on risks, will help strengthen and improve the quality of the Bank’s balance sheet;

stringent loan portfolio management with cost of risk of around 30 basis points in 2025;

increased use of new technologies and digital transformation;

commitments in Environmental, Social and Governance areas.

More precisely, the Group’s “Vision 2025” project anticipates the merger between the Retail Banking network of Societe Generale in France and Crédit du Nord. Although this project has been designed to achieve controlled execution, the merger could have a short-term material adverse effect on the Group’s business, financial position and costs. System reconciliations could undergo delays, thereby postponing part of the expected merger benefits. The project could lead to some staff departures, requiring replacements and training efforts which could potentially generate additional costs. The merger could also lead to the departure of some of the Group’s customers, resulting in loss of revenue. The legal and regulatory aspects of the transaction could prompt delays and additional costs.

Following ALD’s announcement on 6 January 2022 of its plan to acquire LeasePlan, Societe Generale and ALD announced on 22 April 2022 the signing of a framework agreement, with the aim of creating a global leader in mobility solutions. The acquisition is subject to receiving certain regulatory approvals and to the performance of other standard conditions precedent.

The Group also announced in November 2022 the signing of a letter of intent with AllianceBernstein to combine the equity research and execution businesses in a joint venture to create a leading global franchise in these activities. This announcement was followed by the signature of an acquisition agreement in early February 2023.

The conclusion of final agreements on these strategic transactions depends on several stakeholders and, accordingly, is subject to a degree of uncertainty. The inability to close on the transactions would not have an immediate impact on the Group’s activity, but could potentially weigh on the share price, at least temporarily.

Societe Generale has placed Environmental, Social and Governance (ESG) at the heart of its strategy in order to contribute to positive transformations in the environment and the development of local regions. In this respect, the Group has made a certain number of commitments (see Chapter 2, page 46 and following and Chapter 5, page 289 and following). Failure to comply with these commitments, and those that the Group may make in the future, could harm its reputation. Furthermore, the rollout of these commitments may have an impact on the Group’s business model. Last, failure to make specific commitments could also generate reputation and strategic risk.

The Group may face execution risk on these strategic projects, which are to be carried out simultaneously. Any difficulty encountered during the process of integrating the activities (particularly from a human resources standpoint) is likely to generate higher integration costs and lower-than-anticipated savings, synergies and benefits. Moreover, the process of integrating the acquired operational businesses into the Group could disrupt the operations of one or more of its subsidiaries and divert General Management’s attention, which could have a negative impact on the Group’s business and results. The Group is subject to an extended regulatory framework in each of the countries in which it operates and changes to this regulatory framework could have a negative effect on the Group’s businesses, financial position and costs, as well as on the financial and economic environment in which it operates.

The Group is subject to the laws of the jurisdictions in which it operates. This includes French, European and US legislation as well as other local laws in light of the Group’s cross-border activities, among other factors. The application of existing laws and the implementation of future legislation require significant resources that could affect the Group’s performance. In addition, possible failure to compliance with laws could lead to fines, damage to the Group’s reputation, force the suspension of its operations or, in extreme cases, the withdrawal of operating licences.

Among the laws that could have a significant influence on the Group:

several regulatory changes are still likely to significantly alter the framework for Market activities: (i) the possible strengthening of transparency constraints related to the implementation of the new requirements and investor protection measures (review of MiFID II/MiFIR, IDD, ELTIF (European Long-Term Investment Fund Regulation)), (ii) the implementation of the fundamental review of the trading book, or FRTB, which may significantly increase requirements applicable to European banks and (iii) possible relocations of clearing activities could be requested, despite the European Commission’s decision of 8 February 2022 to extend the equivalence granted to UK central counterparties until 30 June 2025;

new requirements resulting from the EU banking regulation reform proposal presented on 27 October 2021 by the European Commission. The reform consists of several legislative instruments to amend the directive on capital requirements (European Parliament and EU Council, Directive 2013/36/EU, 26 June 2013) as well as the regulation on capital requirements (CRR) (European Parliament and EU Council, regulation (EU) No. 575/2013, 26 June 2013);

in the United States, the implementation of the Dodd-Frank Act has almost been finalised. The Securities and Exchange Commission’s (SEC) regulations relating to security-based swap dealers have been implemented and Societe Generale has been registered with the SEC as a Securities Based Swap Dealer;

european measures aimed at restoring banks’ balance sheets, especially through active management of non-performing loans (“NPLs”), which are leading to a rise of prudential requirements and an adaptation of the Group’s strategy for managing NPLs. More generally, additional measures to define a framework of good practices for granting (e.g., loan origination orientations published by the European Banking Authority) and monitoring loans could also have an impact on the Group;

the strengthening of data quality and protection requirements and a future strengthening of cyber-resilience requirements in relation to the adoption by the Council on 28 November 2022, which completes the legislative process, of the European directive and regulation package on digital operational resilience for the financial sector;

the implementation of the European sustainable finance regulatory framework, with an increase in non-financial reporting obligations, enhanced inclusion of environmental, social and governance issues in risk management activities and the inclusion of such risks in the supervisory review and assessment process (Supervisory Review and Evaluation Process, or SREP);

the strengthening of the crisis prevention and resolution regime set out in the Bank Recovery and Resolution Directive of 15 May 2014 (“BRRD”), as revised, which gives the Single Resolution Board (“SRB”) the power to initiate a resolution procedure towards a credit institution when the point of non-viability is considered reached. In this context, the SRB could, in order to limit the cost to the taxpayer, force some creditors and the shareholders of the Group to incur losses in priority. Should the resolution mechanism be triggered, the Group could, in particular, be forced to sell certain of its activities, modify the terms and conditions of the remuneration of its debt instruments, issue new debt instruments, accept a depreciation of its debt instruments or convert them into equity securities.

New legal and regulatory obligations could also be imposed on the Group in the future, such as:


the ongoing implementation in France of consumer-oriented measures affecting retail banking,


the potential requirement at the European level to open more access to banking data to third-party service providers,


new obligations arising from a package of proposed measures announced by the European Commission on 20 July 2021 aiming to strengthen the European supervisory framework around the fight against money laundering and terrorist financing, as well as the creation of a new European agency to fight money laundering;

from 2023, new regulatory texts will enter into force concerning rate risk of Banking Book (stress on IM, caps on maturity of deposits flows, ...) and credit rate of banking portfolio. These new texts could constrain certain aspects of rate and credit risk monitoring.

The Group is also subject to complex tax rules in the countries where it operates. Changes in applicable tax rules, uncertainty regarding the interpretation of certain evolutions or their effects may have a negative impact on the Group’s business, financial position and costs.

Moreover, as an international bank that handles transactions with US persons, denominated in US dollars, or involving US financial institutions, the Group is subject to US regulations relating in particular to compliance with economic sanctions, the fight against corruption and market abuse. More generally, in the context of agreements with US and French authorities, the Group largely implemented, through a dedicated programme and a specific organisation, corrective actions to address identified deficiencies and strengthen its compliance programme. In the event of a failure to comply with relevant US regulations, or a breach of the Group’s commitments under these agreements, the Group could be exposed to the risk of (i) administrative sanctions, including fines, suspension of access to US markets, and even withdrawals of banking licences, (ii) criminal proceedings, and (iii) damage to its reputation. Increased competition from banking and non-banking operators could have an adverse effect on the Group’s business and results, both in its French domestic market and internationally.

Due to its international activity, the Group faces intense competition in the international and local markets in which it operates, whether from banking or non-banking actors. As such, the Group is exposed to the risk of not being able to maintain or develop its market share in its various activities. This competition may also lead to pressure on margins, which would be detrimental to the profitability of the Group’s activities.

Consolidation in the financial services industry could result in the competitors benefiting from greater capital, resources and an ability to offer a broader range of financial services. In France and in the other main markets where the Group operates, the presence of major domestic banking and financial actors, as well as new market participants (notably neo-banks and online financial services providers), has increased competition for virtually all products and services offered by the Group. New market participants such as “fintechs” and new services that are automated, scalable and based on new technologies (such as blockchain) are developing rapidly and are fundamentally changing the relationship between consumers and financial services providers, as well as the function of traditional retail bank networks. Competition with these new actors could be exacerbated by the emergence of substitutes for central bank currency (crypto-currencies, digital central bank currency, etc.), which themselves carry risks.

Moreover, competition is also enhanced by the emergence of non-banking actors that, in some cases, may benefit from a regulatory framework that is more flexible and in particular less demanding in terms of equity capital requirements.

To address these challenges, the Group has implemented a strategy, in particular with regard to the development of digital technologies and the establishment of commercial or equity partnerships with these new actors (such as Lumo, the platform offering green investments, or Shine, the neobank for professionals). In this context, additional investments may be necessary for the Group to be able to offer new innovative services and to be competitive with these new actors. This intensification of competition could, however, adversely affect the Group’s business and results, both on the French market and internationally. Environmental, social and governance (ESG) risks, in particular related to climate change, could have an impact on the Group’s activities, results and financial situation in the short-, medium- and long-term.

Environmental, social and governance (ESG) risks are defined as risks stemming from the current or prospective impacts of ESG factors on counterparties or invested assets of financial institutions. ESG risks are seen as aggravating factors to the traditional categories of risks (credit risks, counterparty risks, market risks, structural risks (including liquidity and funding risks), operational risks, reputational risks, compliance risks and risks related to insurance activities) and are likely to impact the Group’s activities, results and financial position in the short, medium and long-term.

The Group is thus exposed to environmental risks, and in particular climate change risks through certain of its financing, investment and service activities. Concerning climate risks, a distinction is made between (i) physical risk, with a direct impact on entities, people and property stemming from climate change and the multiplication of extreme weather events; and (ii) transition risk, which results from the process of transitioning to a low-carbon economy, such as regulatory or technological disruptions or changes in consumer preferences.

The Group could be exposed to physical risk resulting from a deterioration in the credit quality of its counterparties whose activity could be negatively impacted by extreme climatic events or long-term gradual changes in climate, and through a decrease in the value of collateral received (particularly in the context of real estate financing in the absence of guarantee mechanisms provided by specialized financing companies).

Beyond the risks related to climate change, risks more generally related to environmental degradation (such as the risk of loss of biodiversity) are also aggravating factors to the Group’s risks. The Group could notably be exposed to credit risk on a portion of its portfolio, linked to lower profitability of some of its counterparties due, for example, to increasing legal and operating costs (for instance due to the implementation of new environmental standards).

In addition, the Group is exposed to social risks, related for example to non-compliance by some of its counterparties with labour rights or workplace health and safety issues, which may trigger or aggravate reputational and credit risks for the Group.

Similarly, risks relating to governance of the Group’s counterparties and stakeholders (suppliers, service providers, etc.), such as an inadequate management of environmental and social issues, could generate credit and reputational risks for the Group.

Beyond the risks related to its counterparties or invested assets, the Group could also be exposed to risks related to its own activities. Therefore, the Group is exposed to physical climate risk with respect to its ability to maintain its services in geographical areas impacted by extreme events (floods, etc.).

The Group also remains exposed to specific social and governance risks, relating for example to the operational cost of implementation of regulations related to labour laws and the management of its human resources.

All of these risks could have an impact on the Group’s business, results and reputation in the short-, medium- and long-term. The Group is subject to regulations relating to resolution procedures, which could have an adverse effect on its business and the value of its financial instruments.

The BRRD and Regulation (EU) No. 806/2014 of the European Parliament and of the Council of the European Union of 15 July 2014 (the Single Resolution Mechanism, or “SRM”) define a European Union-wide framework for the recovery and resolution of credit institutions and investment firms. The BRRD provides the authorities with a set of tools to intervene early and quickly enough in an institution considered to be failing so as to ensure the continuity of the institution’s essential financial and economic functions while reducing the impact of the failure of an institution on the economy and the financial system (including the exposure of taxpayers to the consequences of the failure). Under the SRM Regulation, a centralized resolution authority is established and entrusted to the SRB and national resolution authorities.

The powers granted to the resolution authority under the BRRD and the SRM Regulations include write-down/conversion powers to ensure that capital instruments and eligible liabilities absorb the Group’s losses and recapitalize it in accordance with an established order of priority (the “Bail-in Tool”). Subject to certain exceptions, losses are borne first by the shareholders and then by the holders of additional Tier 1 and Tier 2 capital instruments, then by the non-preferred senior debt holders and finally by the senior preferred debt holders, all in the order of their claims in a normal insolvency proceeding. The conditions for resolution provided by the French Monetary and Financial Code implementing the BRRD are deemed to be met if: (i) the resolution authority or the competent supervisory authority determines that the institution is failing or likely to fail; (ii) there is no reasonable perspective that any measure other than a resolution measure could prevent the failure within a reasonable timeframe; and (iii) a resolution measure is necessary to achieve the resolutions’ objectives (in particular, ensuring the continuity of critical functions, avoiding a significant negative effect on the financial system, protecting public funds by minimizing the recourse to extraordinary public financial support, and protecting customers’ funds and assets) and the winding up of the institution under normal insolvency proceedings would not meet these objectives to the same extent.

The resolution authority could also, independently of a resolution measure or in combination with a resolution measure, proceed with the write-down or conversion of all or part of the Group’s capital instruments (including subordinated debt instruments) into equity if it determines that the Group will no longer be viable unless it exercises this write-down or conversion power or if the Group requires extraordinary public financial support (except where the extraordinary public financial support is provided in the form defined in Article L. 613-48 III, 3° of the French Monetary and Financial Code).

The Bail-in Tool could result in the write-down or conversion of capital instruments in whole or in part into ordinary shares or other ownership instruments.

In addition to the Bail-in Tool, the BRRD provides the resolution authority with broader powers to implement other resolution measures with respect to institutions that meet the resolution requirements, which may include (without limitation) the sale of the institution’s business segments, the establishment of a bridge institution, the split of assets, the replacement or substitution of the institution as debtor of debt securities, changing the terms of the debt securities (including changing the maturity and/or amount of interest payable and/or the imposition of a temporary suspension of payments), the dismissal of management, the appointment of a provisional administrator and the suspension of the listing and admission to trading of financial instruments.

Before taking any resolution action, including the implementation of the Bail-in Tool, or exercising the power to write down or convert relevant capital instruments, the resolution authority must ensure that a fair, prudent and realistic valuation of the institution’s assets and liabilities is made by a third party independent of any public authority.

The application of any measure under the French implementing provisions of the BRRD or any suggestion of such application to the Group could have a material adverse effect on the Group’s ability to meet its obligations under its financial instrument and, as a result, holders of these securities could lose their entire investment.

In addition, if the Group’s financial condition deteriorates, the existence of the Bail-in Tool or the exercise of write-down or conversion powers or any other resolution tool by the resolution authority (independently of or in combination with a resolution) if it determines that Societe Generale or the Group will no longer be viable could result in a more rapid decline in the value of the Group’s financial instruments than in the absence of such powers.




This section describes Societe Generale’s risk management approaches and strategies. It describes how the functions in charge of risk management are organised, how these functions guarantee their independence and how they broadcast the risk culture within the Group.


The Pillar 3 report, published under the responsibility of Societe Generale Group’s Senior Management, sets out, in accordance with the CRR regulation, the quantitative and qualitative information on Societe Generale’s capital, liquidity and risk management to ensure transparency in respect of the various market players. This information has been prepared in compliance with the internal control procedures approved by the Board of Directors in the course of the validation of the Group Risk Appetite Framework and Group Risk Appetite Statement, and are based, among other things, on the annual review, by General Management in the Group Internal Control Coordination Committee (GICCC) and by the Risk Committee of the Board of Directors, of Societe Generale's Risk division, particularly in its ability to exercise its role as the second line of defense for the entire Group.


Risk appetite is defined as the level of risk that the Group is prepared to accept to achieve its strategic and financial goals.

The Group’s ambition is to push ahead with sustainable development based on a diversified and balanced banking model with a strong European anchor and a targeted global presence in selected areas of strong business expertise. The Group also wishes to maintain long-term relationships with its clients built on the mutual confidence deserved and to meet the expectations of all of its stakeholders by providing them with responsible and innovative financial solutions.

This is reflected in:

an organisation with 14(1) Business Units offering various products and services to the Group’s clients in different geographic locations;

balanced selective capital allocation between activities:


a preponderance of retail banking activities in France and abroad, which currently represent more than 50% of risk weighted assets (“RWA”) of the Group,


limitation of Business Unit Global Markets’ share in the RWA of the Group. In accordance with its client-focused development strategy, the Group ceased its trading activities for its own account(2) in 2019, and finalised its project to simplify the products processed in 2021,


non-bank services activities, in particular Insurance and operating leasing activities are conducted in line with the business strategy; they demonstrate a disciplined risk profile and thus generate profitability compliant with the Group’s expectations;

a geographically balanced model:


in Retail Banking, the Group focuses on international development (excluding Russia) where it benefits from a historical presence, extensive market knowledge and top-tier positions, in Retail Banking activities,


as regards Global Banking and Investor Solutions, apart from historical establishments, the Group targets activities for which it can leverage international expertise;

a targeted growth policy, favoring existing areas of expertise, the sound quality business fund and the search for synergies in the diversified banking model;

a positive and sustainable contribution to the transformations of our economies, in particular with regard to the technological revolution, and economic, social and environmental transitions; CSR concerns are therefore at the heart of its strategy and the Group’s relationships with stakeholders (internal and external);

a strong vigilance as regards its reputation, deemed by the Group to be a high-value asset which must be protected.

The Group seeks to achieve sustainable profitability, relying on a robust financial profile consistent with its diversified banking model, by:

aiming for profitable and resilient business development;

maintaining a rating allowing access to financial resources at a cost consistent with the development of the Group’s businesses and its competitive positioning;

calibrating its capital and hybrid debt monitorings to ensure:


meeting the minimum regulatory requirements on regulatory capital ratios,


compliance with the financial conglomerate ratio which considers the combined solvency of the Group’s banking and insurance activities,


one-year coverage of the “internal capital requirement” using available CET1 capital,


a sufficient level of creditor protection consistent with a debt issuance program that is particularly hybrid consistent with the Group’s objectives in terms of rating and regulatory ratios such as Tier 1, TLAC (“Total Loss Absorbing Capacity”), MREL (“Minimum Required Eligible Liabilities”), and the leverage ratio;


Fourteen BUs, as CDN and BDDF have merged on 1 January.


In accordance with French Banking Law, the few residual trading activities of the Group unrelated to clients were isolated in a dedicated subsidiary called Descartes Trading.

ensuring resilience of its liabilities, which are calibrated by taking into account a survival horizon in a liquidity stress ratio, compliance with LCR (Liquidity Coverage Ratio) and NSFR (Net Stable Funding Ratio) regulatory ratios and the level of dependence on short-term fundings and the foreign exchange needs of the Group’s businesses, particularly in dollars;

controlling the leverage ratio.

Credit risk appetite is managed through a system of credit policies, risk limits and pricing policies.

When it takes on credit risk, the Group focuses on medium- and long-term client relationships, targeting both clients with which the Bank has an established relationship of trust and prospects representing profitable business development potential over the mid-term.

Acceptance of any credit commitment is based on in-depth client knowledge and a thorough understanding of the purpose of the transaction.

In particular, concerning the underwriting risk, the Group, mainly through GLBA, makes a “steadfast commitment” to transactions at a guaranteed price as debt financing arranger, prior to syndicating them to other banking syndicates and institutional investors. If market conditions deteriorate or markets close while the placement is under way, these transactions may create a major over-concentration risk (or losses, if the transaction placement requires selling below the initial price).

The Group limits the cumulative amount of approved underwriting or underwriting positions in order to limit its risk in the event of a prolonged closure of the debt markets.

In a credit transaction, risk acceptability is based first on the borrower’s ability to meet its commitments, in particular through the cash flows which will allow the repayment of the debt. For medium and long-term operations, the funding duration must remain compatible with the economic life of the financed asset and the visibility horizon of the borrower’s cash flow.

Security interests are sought to reduce the risk of loss in the event of a counterparty defaulting on its obligations, but may not, except in exceptional cases, constitute the sole justification for taking the risk. Security interests are assessed with prudent value haircuts and paying special attention to their actual enforceability.

Complex transactions or those with a specific risk profile are handled by specialised teams within the Group with the required skills and expertise.

The Group seeks risk diversification by controlling concentration risk and maintaining a risk allocation policy through risk sharing with other financial partners (banks or guarantors).

Counterparty ratings are a key criterion of the credit policy and serve as the basis for the credit approval authority grid used in both the commercial and risk functions. The rating framework relies on internal models. Special attention is paid to timely updating of ratings (which, in any event, are subject to annual review)(1).

The risk measure of the credit portfolio is based primarily on the Basel parameters that are used to calibrate the capital need. As such, the Group relies for the internal rating of counterparties on Balois models allowing the assessment of credit quality, supplemented for “non-retail” counterparties, by expert judgment. These measures are complemented by an internal stress-sized risk assessment, either at the global portfolio level or at the sub-portfolio level, linking risk measures and rating migration to macro-economic variables most often to say expert. In addition, the calculation of expected losses under the provisions of IFRS 9, used to determine the level of impairment on healthy outstandings, provides additional insight into assessing portfolio risk.

In consultation with the Risk Department, the businesses implement, most of the time, pricing policies that are differentiated according to the level of risk of counterparties and transactions. The purpose of pricing a transaction is to ensure acceptable profitability, in line with the objectives of ROE (Return on Equity) of the business or entity, after taking into account the cost of the risk of the transaction in question. The pricing of an operation can nevertheless be adapted in certain cases to take into account the overall profitability and the potential customer relationship development. The intrinsic profitability of products and customer segments is subject to periodic analysis in order to adapt to changes in the economic and competitive environment.

Proactive management of counterparties whose situation has deteriorated is key to containing the risk of final loss in the event of counterparty failure. As such, the Group has put in place rigorous procedures for monitoring non retail counterparties and/or for closer monitoring of retail counterparties whose risk profiles are deteriorating. In addition, the businesses and entities, in conjunction with the Risk and Finance Departments, and through collaborators specialising in recovery and litigation, work together to effectively protect the Bank’s interests in the event of default.

Concerning ESG risks (Environmental, Social & Governance), the assessment and management of the impact of ESG risk factors on credit risk is based in particular on the establishment of exclusion lists, portfolio alignment indicators (oil and gas and electricity production for example) and sensitivity analyses (in particular transition risk via the CCVI or Corporate Climate Vulnerability Index).

In general, credit granting policies must comply with the criteria defined within the framework of the Group’s Social and Environmental Responsibility (CSR) policy, which is broken down through:

the general environmental and social principles and the sectoral and cross-cutting policies appended to them. Sector policies cover sectors considered potentially sensitive from an environmental, social or ethical point of view;

the targets for alignment with the objectives of the Paris agreement, which the Group has set itself, starting with the sectors with the highest CO2 emissions;

commitment to granting sustainable financing classified as Sustainable and Positive Impact Finance and to sustainability linked transactions.

Risks related to climate change (physical and transition risks), which are an aggravating factor in the types of risks facing the Bank must be taken into account in risk assessment processes. An assessment of climate vulnerability (particularly in terms of transition risk) must be provided by the Business Unit for certain specific sectors and may have an impact on the internal rating so that it incorporates the client’s adaptation strategy (See also section 4.13 “Environmental, social and governance risks” of this Universal Registration Document).


For non-automated processes.

The future value of exposure to a counterparty as well as its credit quality are uncertain and variable over time, both of which are affected by changes in market parameters. Thus, counterparty credit risk management is based on a combination of several types of indicators:

indicators of potential future exposures (potential future exposures, or PFE), aimed at measuring exposure to our counterparties:


the Group controls idiosyncratic counterparty credit risks via a set of CVaR(1) limits. The CVaR measures the potential future exposure linked to the replacement risk in the event of default by one of the Group’s counterparties. The CVaR is calculated for a 99% confidence level and different time horizons, from one day until the maturity of the portfolio,


in addition to the risk of a counterparty default, the CVA (Credit Valuation Adjustment) measures the adjustment of the value of our portfolio of derivatives and repos account the credit quality of our counterparties;

the abovementioned indicators are supplemented by stress test impacts frameworks or on nominal ones in order to capture risks that are more difficult to measure:


the more extreme correlation risks are measured via stress tests at different levels (wrong-way risk, stress monitoring at sector level, risk on collateralised financing activities and agency),


the CVA risk is measured via a stress test in which representative market scenarios are applied, notably involving the credit spreads of our counterparties;

exposures to central counterparty clearing houses (CCP) are subject to specific supervision:


the amount of collateral posted for each segment of a CCP: the initial posted margins, both for our principal and agency activities, and our contributions to CCP default funds,


in addition, a stress test measures the impact linked to (i) the default of an average member on all segments of a CCP and (ii) the failure of a major member on a segment of a CCP;

the Global Stress Test on market activities includes cross market-counterparty risks, it is described in more detail in the “Market risk” section;

besides, a specific framework that has been set up aims to avoid individual concentration related to counterparty risk in market operations.

The Group’s market activities are carried out as part of a business development strategy primarily focused on meeting client requirements through a full range of products and solutions.

Market risk is managed through a set of limits for several indicators (such as stress tests, Value at Risk (VaR) and stressed Value at Risk (SVaR), “Sensitivity” and “Nominal” indicators). These indicators are governed by a series of limits proposed by the business lines and approved by the Risk Division during the course of a discussion-based process.

The choice of limits and their calibration reflect qualitatively and quantitatively the fixing of the Group’s appetite for market risks. A regular review of these frameworks also enables risks to be tightly controlled according to changing market conditions with, for example, a temporary reduction of limits in case of a deterioration. Warning thresholds are also in place to prevent the possible occurrence of overstays.

Limits are set at different sub-levels of the Group, thereby cascading down the Group’s risk appetite from an operational standpoint within its organisation.

Within these limits, the Global Stress Test limits on market activities and the Market Stress Test limits play a pivotal role in determining the Group’s market risk appetite; in fact, these indicators cover all operations and the main market risk factors as well as risks associated with a severe market crisis which helps limit the total amount of risk and takes account of any diversification effects.

Non-financial risks are defined as non-compliance risk, risk of inappropriate conduct, IT risk, cybersecurity risk, other operational risks, including operational risk associated with credit risk, market risk, model risk, liquidity and financing, structural and rate risk. These risks can lead to financial losses.

Governance and a methodology have been put in place for the scope of non-financial risks.

As a general rule, the Group has no appetite for operational risk or for non-compliance risk. Furthermore, the Group maintains a zero-tolerance policy on incidents severe enough to potentially inflict serious harm to its image, jeopardise its results or the trust displayed by customers and employees, disrupt the continuity of critical operations or call into question its strategic focus.

The Group underscores that it has is no or very low tolerance for operational risk involving the following:

internal fraud: the Group does not tolerate unauthorised trading by its employees. The Group’s growth is founded on trust, as much between employees as between the Group and its employees. This implies respecting the Group’s principles at every level, such as exercising loyalty and integrity. The Group’s internal control system must be capable of preventing acts of major fraud;

cybersecurity: the Group has zero tolerance for fraudulent intrusions, disruption of services, compromise of elements of its information system, in particular those which would lead to theft of assets or theft of customer data. The Bank aims to put in place effective means to prevent and detect this risk. It has a barometer that measures the degree of maturity of the cybersecurity controls deployed within its entities and the appropriate organisation to deal with any incidents;

data leaks: trust is the main asset of the Societe Generale Group. Consequently the Group is committed to deploying the necessary resources and implementing controls to prevent, detect and remediate data leaks. It does not tolerate any leaks of its most sensitive information, in particular that of customer data;


The CVaR economic indicator is built on the samemodeling assumptions as the regulatory Effective Expected Positive Exposure (EEPE) indicator used to calculate RWAs.

business continuity: the Group relies heavily on its information systems to perform its operations and is therefore committed to deploying and maintaining the resilience of its information systems to ensure the continuity of its most essential services. The Group has very low tolerance for the risk of downtime in its information systems that perform essential functions, in particular systems directly accessible to customers or those enabling to conduct business on financial markets;

outsourced services: the Group seeks to achieve a high degree of thoroughness in the control of its activities entrusted to external service providers. As such, the Group adheres to a strict policy of reviewing its providers the frequency of which depends on their level of risk;

managerial continuity: the Group intends to ensure the managerial continuity of its organisation to avoid the risk of a long-term absence of a manager that would question the achievement of its strategic objectives, which might threaten team cohesion or disrupt the Group’s relationships with its stakeholders;

physical security: the Societe Generale Group applies security standards to protect personnel, tangible and intangible assets in all the countries where it operates. The Group Security Department ensures the right level of protection against hazards and threats, in particular through security audits on a list of sites that it defines;

execution errors: the Societe Generale Group has organized its day-to-day transaction processes and activities through procedures designed to promote efficiency and mitigate the risk of errors. Notwithstanding a robust framework of internal control systems, the risk of errors cannot be completely avoided. The Group has a low tolerance for execution errors that would result in very high impacts for the Bank or its clients.

The Group measures and strictly controls structural risks. The mechanism whereby rate risk, foreign exchange risk and the risk on pension/long-service obligations is controlled is based on sensitivity or stress limits which are broken down within the various businesses (entities and business lines).

There are four main types of risk: rate level risk, curve risk book, optional risk (arising from automatic options and behavioral options) and basis risk, related to the impact of relative changes in interest rates indices. The Group’s structural interest rate risk management primarily relies on the sensitivity of Net Present Value (“NPV”) of fixed-rate residual positions (excesses or shortfalls) to interest rate changes according to several interest rate scenarios. The limits are established either by the Board of Directors or by the Finance Committee, at the Business Unit/Service Unit and Group levels. Furthermore, the Group measures and controls the sensitivity of its net interest margin (“NIM”) on different horizons.

The Group’s policy in terms of structural exchange rate risks consists of limiting as much as possible the sensitivity of its CET1 capital ratio to changes in exchange rates, so that the impact on the CET1 ratio of an appreciation or a depreciation of all currencies against the euro does not exceed a certain threshold in terms of bp by summing the absolute values of the impact of each currency.

Regarding risks to pension and long-service obligations, which are the Bank’s long-term obligations towards its employees, the amount of the provision is monitored for risk on the basis of a specific stress test and an attributed limit. The risk management policy has two main objectives: reduce risk by moving from defined-benefit plans to defined-contribution plans and optimise asset risk allocation (between hedge assets and performance assets) where allowed by regulatory and tax constraints.

Controlling liquidity risk is based primarily on:

compliance with regulatory liquidity ratios, with precautionary buffers: LCR (liquidity coverage ratio) ratios that reflect a stress situation and NSFR (net stable funding ratio);

compliance with a minimum survival horizon under combined market and idiosyncratic stress;

framing of transformation and anti-transformation positions (price risk).

Controlling financing risk is based on:

maintaining a liability structure to meet the Group’s regulatory constraints (Tier1, Total Capital, Leverage, TLAC, NSFR, MREL) and complying with rating agencies’ constraints to secure a minimum rating level;

recourse to market financing: annual long-term issuance programs and a stock of moderate structured issues and short-term financing raised by supervised treasuries.

The Group is committed to defining and deploying internal standards to reduce model risk on the basis of key principles, including the creation of three independent lines of defence, the proportionality of due diligence according to each model’s level of risk inherent, the consideration of the models’ entire lifecycle and the appropriateness of the approaches within the Group.

A wrong design, implementation, use or a non rigorous models monitoring can have two mains unfavorable consequences: an under estimation of equity based of models validated by Regulators and/or financial losses.

Risk model appetite is defined for the perimeter of this group of models: credit risk IRB and IFRS 9, market and counterparty risk, market product valuation, ALM, trading model, compliance and granting.

The Group conducts Insurance activities (Life Insurance and Savings, Retirement savings, Property & Casualty Insurance, etc.) which exposes the Group to two major types of risks:

subscription risk related to pricing and fluctuations in the claims ratio;

risks related to financial markets (interest rate, credit and equity) and asset-liability management.

The Group has limited appetite for financial holdings, such as proprietary private equity transactions. The investments allowed are mainly related to:

commercial support for the network through the private equity activity of the Societe Generale and Crédit du Nord network and certain subsidiaries abroad;

taking stakes, either directly or through investment funds, in innovative companies via SG Ventures;

the takeover of stakes in local companies: Euroclear, Crédit Logement, etc., which does not have limit.

The settlement-delivery risk on financial instruments arises when transactions (over-the-counter in cash or forward) give rise to a time lag (usually of a few hours) between the payment and the delivery of the underlying (securities, raw materials, foreign exchange, etc.) during their settlement.

The Group defines a risk appetite for delivery risk in relation to the quality of the counterparty (via its rating) with larger limits granted to counterparties in the investment grade category (IG).


Risk appetite is determined at Group level and attributed to the businesses and subsidiaries. Monitoring of risk appetite is performed according to the principles described in the Risk Appetite Framework governance and implementation mechanism, which are summarised below.

As part of the supervision of risk appetite, the Group relies on the following organisation:

the Board of Directors:


approves each year the Group Risk Appetite Statement and the Group Risk Appetite Framework, as well as the Group Risk Appetite Framework,


approves in particular the main Group risk appetite indicators (Board of Directors indicators) validated beforehand by General Management,


ensures that risk appetite is relevant to the Group’s strategic and financial objectives and its vision of the risks of the macro-economic and financial environment,


reviews quarterly the risk appetite dashboards presented to it, and is informed of risk appetite overruns and remediation action plans,


sets the compensation of corporate officers, sets out the principles of the remuneration policy applicable in the Group, especially for regulated persons whose activities may have a significant impact on the Group’s risk profile, and ensures that they are in line with risk management objectives.

The Board of Directors relies primarily on the Risk Committee;

General Management:


approves the document summarizing the Group’s risk appetite Statement and its Risk Appetite Framework based on the proposal of the Chief Risk Officer and the Chief Financial Officer,


regularly ensures that risk appetite is complied with,


ensures the effectiveness and integrity of the risk appetite implementation system,


ensures that the risk appetite for the Group’s Business Units and eligible subsidiaries/branches is formalised and translated into frameworks consistent with the Group’s risk appetite,


ensures internal communication of risk appetite and its transposition in the Universal Registration Document.

In addition, the main mission of the Risk Department is to draw up the document summarizing the Group’s risk appetite, as well as the implementation of a risk management, monitoring and control system.

The Finance Department contributes to setting this risk appetite in the framework of indicators under the responsibility of the Finance Committee (profitability, solvency, liquidity and structural risks).

The Compliance Department is also responsible for instructing the risk appetite setting for indicators falling within its scope.

The risk identification process is a key process of the Group risk-management framework. It is a Group-wide process to identify all risks that are or might be material. The approach is comprehensive and holistic: it covers all risk types(1) and all Group exposures.

In addition to the annual review of the Group’s risk taxonomy yearly reviewed and published in the SG Code, risk identification process is based on two pillars in order to ensure a complete and up-to-date view of all the material risks facing the Group:

risk management governance and key Committees such as CORISQs or COFI (at Group or Business Unit level), COMCO and New Product Committees making it possible to monitor changes in the risk profile for all types of risk (credit, market, operational, etc.). In addition to monitoring well-identified risks, this governance can also generate a debate between risk experts and senior management on emerging risks. This debate is fueled by the latest market news, early warning signals, internal alerts, and more;


Risks are classified on the basis of the Group’s risk taxonomy, which names and defines risk categories and their possible sub-categories.

a series of exercises aimed at identifying additional risks, for example arising from changes in macroeconomic or sectoral conditions, financial markets, regulatory constraints, competitors or market pressure, business model (concentration effects) and changes in banking organisations. These additional identification exercises are also organised by risk types, but include some identification of cross-risk effects (e.g. credit and market or credit and operational). For a given type of risk, these exercises analyse and segment the Group’s exposure along several axes (Business Unit, activity, customer, product, region, etc.). The underlying risk factors are identified for the perimeters where this risk is assessed as being significant.

When a significant risk is identified, a risk management system, which may include a quantitative risk appetite (risk ceiling or threshold) or a risk policy, is implemented.

In addition, where possible, the risk factors underlying a significant risk are identified and combined in a dedicated scenario, and the associated loss is then quantified by means of a stress test (see also section “Risk quantification and stress test system”).

Within the Group, stress tests, a key attribute of risk management, contribute to the identification, measurement and management of risks, as well as to the assessment of the adequacy of capital and liquidity to the Group’s risk profile.

The purpose of the stress tests is to cover and quantify, resulting from the Risk Identification annual process, all the material risks to which the Group is exposed and to inform key management decisions. They thus assess what the behavior of a portfolio, an activity, an entity or the Group would be in a degraded business context. It is essential in building the forward-looking approach required for strategic/financial planning. In this context, they constitute a privileged measure of the resilience of the Group, its activities and its portfolios, and are an integral part of the process of developing risk appetite.

The Group stress testing framework combines stress tests in line with the stress testing taxonomy set by the EBA. Group-wide stress tests should cover all legal entities in the Group consolidation perimeter, subject to risk materiality.

Stress test categories are:

stress tests based on scenarios: application of historical and/or hypothetical conditions but which must remain plausible and in conjunction with the Economic and Sector Studies department, to a set of risk factors (interest rates, GDP, etc.);

sensitivity stress tests: assessment of the impact of the variation of an isolated risk factor or of a reduced set of risk factors (a shock in rates, credit rating downgrade, equity index shock, etc.);

reverse stress tests: start with a pre-defined adverse outcome, such as a level of a regulatory ratio, and then identifies possible scenarios that could lead to such an adverse outcome.

The stress test system within the Group thus includes:

global stress tests

Global Group stress tests cover all activities and subsidiaries that are part of the Group’s consolidation scope (“Group-wide”), as well as all major risks (including credit risk, market risk, operational risks, liquidity risk). They aim at stressing both the Group P&L and key balance sheet metrics, notably capital and liquidity ratios.

The central stress test is the overall group stress test, which is based on a central scenario and on adverse macroeconomic scenarios modeled by the Economic Research Department, under the independent supervision of the Group Chief Economist. Macro-economic scenarios are supplemented by other parameters such as capital market conditions, including assumptions on funding.

The performance of the overall Group stress test is based on the uniform application of the methodology and assumptions at the level of all entities and at Group level. This means that the risk factors, and in particular the macro-economic assumptions used locally, must be compatible with the macro-economic scenario defined by the Group. Entities must submit macro-economic variables to the Group’s Economic Studies department to check their consistency.

The regulatory stress test conducted periodically by the EBA also covers all entities and risks and is scenario-based. Therefore, its execution globally mirrors the process defined for the internal Group Global Stress Test, with an increased involvement of the Group central teams, except for the scenario design which is defined by the supervisor;

specific stress tests which assess a specific type of risk (market risk, credit risk, liquidity risk, interest rate risk, etc.):


credit risk stress tests complement the global analysis with a more granular approach and allow fine-tuning of the identification, assessment and management of risk, including concentration,


market stress tests estimate the loss resulting from a severe change in financial market risk factors (equity indexes, interest rates, credit spreads, exotic parameters, etc.). They apply to all Group’s market activities and rely on adverse historical and hypothetical scenarios,


the operational risk assessment relies on an analysis of historical losses, factoring in internal and external loss data as well as the internal framework and the external environment. This includes losses incurred by international financial institutions, and hypothetical forward-looking “scenario analyses” for all operational risk categories,


liquidity stress tests which include: (i) a market-wide scenario that attempts to capture a crisis in which financial markets would undergo an extreme market liquidity disruption causing systemic stress event, and (ii) an idiosyncratic scenario that attempts to capture a firm-specific crisis potentially triggered by a material loss, reputational damage, litigation, executive departures,


stress tests which assess the sensitivity to structural interest rate risk concerning the banking book. The exercise focuses on rate variations by stressing (i) the net present value of the positions or (ii) the interest margin and on exchange rate fluctuations on the residual exchange positions,


a stress test on employment benefits which consists of simulating the impact of variations in market risk factors (inflation, interest rates, etc.) on the Group’s net position (dedicated investments minus the corresponding employment benefits),


stress tests on the risk linked to insurance activities defined in the risk appetite of the Insurance Business Unit, which puts stress on risk factors specific to financial and insurance activities to measure and control the main risks relating thereto,


climate stress tests based on climate risk scenarios at least once a year. These stress tests may encompass both transition and/or physical risk and may cover short term to medium-long term horizons. These annual climate stress tests can be either global (covering all group exposures) or cover only specific portfolio. Historically, on climate risk, the Group voluntarily participated in exploratory climate stress exercises organized  by the ACPR (Prudential Control and Resolution Authority) and the European Banking Authority in 2020. In 2022, the Group also participated in a stress test coordinated by the European Central Bank (ECB) during the first half of the year (see also Chapter 14 “Environmental, social and governance risks” ),


reverse stress tests, both as part of the risk appetite and the recovery plan. The impact of these stress tests is typically defined via a breaking point in the solvency ratio or liquidity indicator, which poses a significant threat to the Bank. Hypothetical scenarios leading to this breaking point are then constructed in order to identify new weaknesses.

In addition to internal stress test exercises, the Group is part of the sample of European banks participating in major international stress tests programs conducted by the European Banking Authority (EBA) and the European Central Bank (ECB).


Central scenario

The central scenario is based first of all on a set of observed factors such as recent economic situation and economic policy shifts (budgetary, monetary and exchange-rate policies). From these observed factors, economists calculate the most likely trajectory of economic and financial variables for the desired forecast horizon.

Stressed scenario

The severity of the stressed scenario, which is determined by the deviation of the GDP trajectory from the central scenario, is based on the magnitude of the 2008-2009 crisis, of the eurozone sovereign crisis, and has been adjusted to take into account the impacts – health, economic and financial – of the Covid-19 crisis on the basis of current knowledge. The severity is constantly compared to that of various adverse scenarios produced by reputable institutions such as the ECB, the Bank of England or the Federal Reserve. In 2022, the Group stress test scenario has been set up in order to take into account the risk of a stagflationary shock.

The Group’s risk appetite is formalised in a document (“Risk Appetite Statement”) which sets out:

the strategic profile of the Group;

its profile of profitability and financial soundness;

the frameworks relating to the management of the Group’s main risks (qualitative, through risk policies, and quantitative, through indicators).

Regarding the profile of profitability and financial soundness, the Finance Department proposes each year, upstream of the budgetary procedure, to the General Management, limits at Group level, supplemented by alert thresholds and crisis levels according to a “traffic light” approach. These frameworks on financial indicators allow:

to respect, with a sufficient safety margin, the regulatory obligations to which the Group is subject (in particular the minimum regulatory solvency, leverage and liquidity ratios), by anticipating as best as possible the implementation of new regulations;

to ensure, via a safety margin, sufficient resistance to stress scenarios (stress standardised by regulators or stress defined according to a process internal to the Group).

The frameworks relating to risk management, also represented via a graduated approach (limits, alert thresholds, etc.), result from a process in which the needs expressed by the businesses are confronted with a contradictory opinion independent from the second line defence. The latter is based on:

independent analysis of risk factors;

the use of prospective measures based on stress approaches;

the proposal for a framework.

For the main risks, the frameworks set make it possible to consolidate the achievement of the Group’s financial targets and to orient the Group’s profitability profile.

The allocation of risk appetite in the organisation is based on the strategic and financial plan, and on risk management systems:

based on recommendations by the Finance Department to General Management, the financial targets defined at Group level are broken down into financial frameworks(1) at business line level, as part of financial management;

the breakdown of frameworks and risk policies is based on an understanding of the needs of the businesses and their business prospects and takes into account the profitability and financial strength targets of the Business Unit and/or the entity.


A Group framework can be broken down into the businesses through a different indicator; for example, the capital ratios are broken down in the business lines into weighted assets: “RWA”.


Implementing a high-performance and efficient risk management structure is a critical undertaking for Societe Generale Group in all businesses, markets and regions in which it operates, as is maintaining a balance between strong awareness of risks and promoting innovation. The Group’s risk management, supervised at the highest level, is compliant with the regulations in force, in particular the order of 3 November 2014 revised by the order of 25 February 2021 on the internal control of companies in the banking sector, Payment Services and Investment Services subject to the control of the French Prudential Supervisory and Resolution Authority (Autorité de contrôle prudentiel et de résolution – ACPR) and the final version of European Regulations Basel 3 (CRR/CRD). (See Board’s Expertise, page 89 of the 2023 Universal Registration Document).

Two main high-level bodies govern Group risk management: the Board of Directors and General Management.

General Management presents the main aspects of, and notable changes to, the Group’s risk management strategy to the Board of Directors at least once a year (more often if circumstances so require).

As part of the Board of Directors, the Risk Committee advises the Board on overall strategy and appetite regarding all kinds of risks, both current and future, and assists the Board when the latter verifies that the strategy is being rolled out.

The Board of Directors’ Audit and Internal Control Committee ensures that the risk control systems operate effectively.

Chaired by General Management, the specialised Committees responsible for central oversight of internal control and risk management are as follows:

the Risk Committee (CORISQ), which met 18 times during the 2022 financial year, aims to:


validate the main risk management mechanisms (taxonomy, risk identification, stress testing and Risk Appetite Framework),


for credit, counterparties, market, operational, model and environmental risks:

validate the Group’s risk appetite prior to its proposal to the Board of Directors for approval,

then define the Group’s main risk policy guidelines in the context of the risk appetite previously approved by the Board of Directors,

respect the Group’s risk appetite as defined and declined.

Along with the Risks Committee, the Major Risks Committee (Comité Grands Risques) is an ad hoc Committee, responsible for approving the sales and marketing strategy and risk-taking with regard to major client groups (Corporates, Insurance Companies and Asset Managers);

the Finance Committee (COFI), chaired by the Chief Executive Officer, is responsible for setting out the Group’s financial strategy and for ensuring the management of scarce resources (capital, liquidity, balance sheet, tax capacity) and the management of structural risks. COFI oversees all aspects of the management of the structural risks of the Group and its main entities, including the management of liquidity and financing risks, as well as the management of banking book market risks: interest rate, credit spread, exchange and shares, financial management of scarce resources (liquidity and capital), the dividend policy, monitoring the rating assigned to Societe Generale by credit rating agencies, the recovery and resolution plans, monitoring of the Group’s tax capacity, financial management of Corporate Centre and intra-group re-invoicing;

the Compliance Committee (COMCO), chaired by the Chief Executive Officer, reviews the risks of non-compliance, the main issues and defines the Group’s compliance principles. It ensures, on an annual basis, the monitoring of the quality of the Embargoes & Sanctions risk management framework. The Committee also reviews the main compliance incidents of the period and the main information related to Supervisor relationships. It reviews and challenges compliance indicators on each area of non-compliance risk. Finally, it validates the compliance risk appetite criteria, the annual roadmap for mandatory Group trainings, the new modules for all employees, and on an ad hoc basis certain Group compliance topics. In addition, twice a year, a session dedicated to the review of the regulatory system is organized. Its objective is to ensure the consistency and effectiveness of the compliance system with banking and financial regulations;

the Digital Transformation Committee (DTCO), is Chaired by the Deputy General Manager. The purpose of this Committee, in line with the decisions of the Group Strategic Committee, is to initiate and monitor the transformations of the information system and the associated operating model which require, by their transversal nature or by the extent of the transformation envisaged, a decision of the General Management;

the Group Internal Control Coordination Committee (GICCC), is chaired by the Chief Executive Officer or, in his absence, by a Deputy Chief Executive Officer or by the Deputy Chief Executive Officer in charge of supervising the area under review. The purpose of the GICCC is to ensure the consistency and effectiveness of the Group’s internal control, in response in particular to the obligation laid down in Art. 16 of the modified French Order of 3 November 2014. The Committee meets approximately 20 times a year to deal with cross-cutting topics as well as the annual review of each BU/SU;

the Non Financial Risks Steering Committee, chaired by the Head of DGLE/PIC assisted as co-sponsors by the CRO and CCO, aims to develop and instruct the orientations taken by the Group Internal Control Coordination Committee (GICCC) and resulting from the Audit and Internal Control Committee (CACI), to ensure the consistency, efficiency and effectiveness of the transformations of non-financial risk control (NFR) frameworks, to set targets with regard to roadmaps, to validate, coordinate and manage the evolution of NFR frameworks throughout the Group, to highlight risks and alerts related to NFR frameworks, to provide resources, prioritize and decide on their allocation, by making any necessary arbitrations;

the Responsible Commitments Committee (CORESP), chaired by the Deputy Chief Executive Officer in charge of overseeing the ESG policy, deals with all matters falling within the Group’s responsibility in Environmental and Social matters, or those having an impact on the Group’s responsibility or reputation and not already covered by an existing Executive Management Committee. The Committee is decision-making and has authority over the entire Group. Its objective is to (i) arbitrate complex transaction/client cases presenting a high reputational risk or non-alignment with the Group’s standards in terms of CSR, Culture & Conduct, ethics or reputation; (ii) examine subjects with very high CSR, ethical or reputational risks; (iii) make new Group commitments or change the Group’s E&S standards (including sectoral policies); (iv) monitor the implementation of the Group’s E&S commitments; (v) examine opportunities for the development of sustainable and positive impact financing or investments, requiring the opinion or validation of the General Management;

the Group Provisions Committee (COPRO), chaired by the Chief Executive Officer, meets quarterly and is tasked with presenting and validating the Group’s net risk expense (provisions for the credit risk) that will be accounted for the quarter in question.

The Group’s Corporate Divisions, which are independent from the core businesses, contribute to the management and internal control of risks.

The Corporate Divisions provide the Group’s General Management with all the information needed to perform its role of managing Group strategy under the authority of the Chief Executive Officer. The Corporate Divisions report directly to General Management:

the Risk Division

The main role of the Risk Division (RISQ) is to support the development of the Group’s activities and profitability by elaborating the Group’s risk appetite (allocated between the Group’s different business lines) in collaboration with DFIN and the BUs/SUs and establishing a risk management and monitoring system as a second line of defence. In performing its work, the RISQ SU reconciles independence from the businesses with a close working relationship with the BUs, which are responsible in the first instance for the transactions they initiate.

Accordingly, the Risk Division:


provides hierarchical and functional supervision for the Group’s Risk Management Function


addresses the guidance, with the Finance Service Unit, for setting the Group’s risk appetite as submitted to General Management,


identifies all Group risks,


implements a governance and monitoring framework for these risks, including cross-business risks, and regularly reports on the nature and extent thereof to General Management, the Board of Directors and the banking supervisory authorities,


contributes to the definition of risk policies, taking into account the aims of the core businesses and the relevant risk issues,


defines or validates methods and procedures for the analysis, assessment, approval and monitoring of risk,


implements a second-level control to ensure the correct application of these methods and procedures,


assesses and approves transactions and limits proposed by business managers,


defines or validates the architecture of the central risk information system, ensures its suitability to business requirements;

the Finance Service Unit (DFIN) coordinates the Finance Management Function and is responsible for the Group’s financial management, oversight and production through several complementary tasks:


fuelling General Management’s discussions on strategic and financial aspects. To this end, DFIN takes care to provide a consistent overview of performance indicators and financial information,


managing, at consolidated level for Societe Generale SA and for certain subsidiaries, the establishment and analysis of financial, tax and regulatory statements (regulatory indicators regarding scarce resources, regulatory reports, ICAAP and ILAAP documentation) in compliance with applicable standards and obligations,


monitoring and overseeing P&L performance, profitability and scarce resources (capital, liquidity, balance sheet) in line with strategic objectives and in accordance with regulatory obligations,


supporting the Business Units and Service Units with financial and strategic oversight,


managing liquidity, in particular through the implementation of financing and resilience plans, in accordance with the objectives set by the Group and in compliance with the Group’s risk appetite,


maintaining financial crisis management plans tailored to the Group’s configuration,


ensuring the management and first-level monitoring of structural interest rate, foreign exchange and liquidity risks as defined in Book B Title V Chapter 6. RISQ assuming the role of second line of defence,


performing regulatory watch with respect to scarce resources, accounting and finance, and participating in institutional relations and advocacy with its main peers and with banking federations,


acting as enterprise architect for all activities performed by the Group’s Finance Divisions;

the Group Compliance Division is responsible for the definition and consistency of the non-compliance risk prevention and control framework, related to banking and financial regulation and for coordinating the framework aimed at preventing, identifying, assessing and controlling non-compliance risk across the entire Group. It ensures that roles and responsibilities are identified with the appropriate level of expertise so that the regulatory watch framework and related normative documentation, including its deployment, are operational. In particular, it takes care to harmonise procedures and optimise (in conjunction with the BU/SUs) international resources in order to ensure the framework’s effectiveness and compliance with its rules. Within this framework, it has hierarchical and functional authority over the compliance teams of Group entities.

The Group Compliance Service Unit is organised around three broad categories of non-compliance risks:


financial security: know your customer (KYC); compliance with the rules and regulations on international sanctions and embargoes; countering money laundering and terrorist financing (AML/CTF), including reporting suspicious transactions to the appropriate financial intelligence authority when necessary,


regulatory risks: customers protection; integrity of the financial markets; countering bribery and corruption, ethics and good conduct; compliance with regulations related to tax transparency (based on knowledge of clients’ tax profile); compliance with regulations on social and environmental responsibility and the Group’s commitments,


protection of data, including personal data and in particular those of customers;

the Corporate Secretary within its fields of expertise, is assigned with the mission of protecting the Bank in order to further its development. Together with the SUs, BUs and other Societe Generale Group entities, it ensures the administrative, legal and tax compliance of the Group’s activities, both in France and abroad. It is in charge of managing legal and tax risks. It also oversees global Group security (together with the RESG SU in respect of IT systems security), designs and implements the risk insurance policy for the entire Group and its staff, and provides assistance in developing insurance products for the Group’s clients. It devises and oversees the development of corporate social responsibility and public affairs and institutional relations/advocacy initiatives within the Societe Generale Group. Lastly, it handles the Group’s central administration and offers support to the Secretary of the Board of Directors as necessary;

the Human Resources is tasked with defining and implementing the general and individual policies designed to enable the Group to develop the skills and talent needed for its strategy to succeed. The Division’s role as partner to the businesses is key to the Group’s adaptation to its environment;

the Corporate Resources and Innovation Department accompanies the digital transformation and promotes operational efficiency for the Group. It supervises the Resource Management Functions (Information Systems, Sourcing and Property);

the Group Internal Audit and General Inspection Department, under the authority of the General Inspector, is in charge of internal audit; finally

the Sustainable Development Department attached to the general Management, the Group Sustainable Development Division (DGLE/RSE) assists the Deputy Chief Executive Officer in charge of the whole ESG policies (Environmental, Social and Governance) (RSE – Corporate Social Responsibility-) and their actual translation in the business lines and functions trajectories. It supports the Group ESG transformation to make it a major competitive advantage, in the business development as well as in the ESG (Environmental & Social) risks management. DGLE/RSE provides an advising mission to the General Management through three main tasks:


the definition and strategic steering of the Group’s ESG ambition,


the support of the BUs and SUs ESG transformation,


the contribution to promoting the Group’s ESG reach. 

According to the last census carried out on 31 December 2022, the full-time equivalent (FTE) workforce of:

the Group’s Risk Department for the second line of defence represents approximately 4,475 FTEs (1,671 within the Group’s Risk Department itself and 2,804 for the rest of the Risk function);

the Compliance Department or the second line of defence represents approximately 2,934 FTEs;

the Information System Security Department totals approximately 549 FTEs.

The Group’s risk measurement systems serve as the basis for the production of internal Management Reports allowing the monitoring of the Group’s main risks (credit risk, counterparty, market, operational, liquidity, structural, settlement/delivery) as well as the monitoring of compliance with the regulatory requirements.

The risk reporting system is an integral part of the Group’s risk management system and is adapted to its organisational structure. The various indicators are thus calculated at the level of the relevant legal entities and Business Units and serve as the basis for the various reportings. Departments established within the Risk, Finance and Compliance sectors are responsible for measuring, analysing and communicating these elements.

Since 2015, the Group has defined architecture principles common to the Finance and Risk functions, the TOM-FIR principles (Target Operating Model for Finance & Risk), in order to guarantee the consistency of the data and indicators used for internal management and regulatory production. The principles revolve around:

Risk and Finance uses, whether at the local level and at the various levels of consolidation subject to an organised system of “golden sources”, with a collection cycle adapted to the uses;

common management rules and language to ensure interoperability;

consistency of Finance and Risk usage data, via strict alignment between accounting data and management data.

The Group produces, via all of its internal reports for internal monitoring purposes by the Business Units and Service Units, a large number of risk metrics constituting a measure of the risks monitored. Some of these metrics are also produced as part of the transmission of regulatory reports or as part of the publication of information to the market.

The Group selects from these metrics a set of major metrics, able to provide a summary of the Group’s risk profile and its evolution at regular intervals. These metrics concern both the Group’s financial rating, its solvency, its profitability and the main risks (credit, market, operational, liquidity and financing, structural, model) and are included in the reports intended for internal management bodies.

They are also subject to a framework defined and broken down in line with the Group’s risk appetite, giving rise to a procedure for reporting information in the event of breaches.

Thus, the risk reports intended for the management bodies are guided in particular by the following principles:

coverage of all significant risks;

combination of a global and holistic view of risks and a more in-depth analysis of the different types of risk;

overview supplemented by focus on certain specific scopes, forward-looking elements (based in particular on the presentation of elements on the evolution of the macro-economic context) and elements on emerging risks;

balance between quantitative data and qualitative comments.

The main Risk reports for management bodies are:

monthly reporting to the Risk Committee of the Board of Directors aims to provide an overview of changes in the risk profile.

This reporting is complemented by dashboard for monitoring the Group’s Risk Appetite Statement indicators is also sent quarterly to the Board of Directors. These indicators are framed and presented using a “traffic light” approach (with distinction between thresholds and limits) in order to visually present monitoring of compliance with risk appetite. In addition, a compliance dashboard and a reputation dashboard are sent to the Risk Committee of the Board of Directors and provide an overview of each non-compliance risk;

monthly reporting to the Group Risk Committee (CORISQ), for the general management, aims to regularly provide this Committee with a risk analysis under its supervision, with a greater level of detail than reporting to the Risk Committee of the Board of Directors. In particular, a summary of the main credit files over the period covered by the reporting is presented;

reporting to the Finance Committee (COFI) for General Management gives rise in particular to the following two reports: a “Scarce resources trajectory” report allowing budget execution to be monitored and a “Structural risk monitoring (ALM)” report making it possible to monitor compliance with the thresholds and limits relating to liquidity risks and structural interest and exchange rate risks;

the quarterly reporting of the Group Compliance Committee (COMCO) to General Management: the COMCO provides via dedicated reporting an overview of the main non-compliance risks, raises points of attention on compliance topics Group, decides on the main orientations and defines the Group principles in terms of compliance;

the quarterly reporting of the Provisions Committee (COPRO) to General Management is intended to provide an overview of changes in the level of provisions at Group level. In particular, it presents the change in the net charge of the cost of risk by pillar, by Business Unit and by stage;

reporting by the Group Internal Control Coordination Committee (GICCC) to General Management: this Committee reviews, on the basis of a standardised dashboard for all Business Units/Service Units, the efficiency and the consistency of the permanent control system implemented within the Group, as well as, within the framework of the Risk Internal Governance Assessment (RIGA) process, the ability of the Risk function to exercise its role as the 2nd line of defence in the whole group. Finally, the Risk Department contributes, as a permanent member, to all GICCC meetings, through position papers on the subjects under review.

Although the above reports are used at Group level to monitor and review the Group’s risk profile in a global manner, other reports are transmitted to the Board of Directors or to the General Management in order to monitor and control certain types specific risks.

Ad hoc reports can also be produced. By way of illustration, the Group had to adapt its risk management system from the start of the Covid-19 crisis in March 2020. Dedicated reports had been set up for the General Management, the Board of Directors or the supervisor, on a regular basis and containing indicators adapted to the context.

Additional information on risk reporting and assessment systems by type of risk is also presented in the following chapters.


Presentation of the reform

The interest rate benchmark reform (IBOR: InterBank Offered Rates), initiated by the Financial Stability Board in 2014, aims at replacing these benchmark rates with alternative rates, in particular the Risk-Free Rates (RFR). This reform accelerated on 5 March 2021, when the British Financial Conduct Authority (FCA), the supervisor of LIBOR, announced the official dates for the cessation and loss of representativeness of these benchmarks:

EUR LIBOR and CHF LIBOR (all terms); GBP LIBOR and JPY LIBOR (terms: overnight, one week, two months and twelve months); USD LIBOR (terms: one week and two months): the publication of these benchmark settings has permanently ceased as of 1 January 2022;

GBP LIBOR and JPY LIBOR (terms: one, three and six months): these settings have not been contributed by banks since 1 January 2022 and have been published in a synthetic form; their use is thus restricted to the run-off management of legacy positions. Nonetheless, the FCA has announced the cessation of these synthetic benchmarks as follows:


JPY LIBOR (terms: one, three and six months): end December 2022,


GBP LIBOR (terms: one and six months): end March 2023,


GBP LIBOR (term: three months): end March 2024;

USD LIBOR (terms: overnight, one, three, six and twelve months): the cessation of the publication of these benchmark settings contributed by a panel of banks is scheduled for end June 2023.

In parallel, other indices based on USD LIBOR will be phased out at end June 2023: USD LIBOR ICE SWAP RATE, MIFOR (India), PHIREF (Philippines), SOR (Singapore) and THBFIX (Thailand).

Furthermore, the announced cessation date for the publication of the MosPrime (Russia) is 30 June 2023.

Regarding the major interest rate benchmark indices of the euro area:

EURIBOR: EMMI (European Money Markets Institute), the administrator of the index, does not plan to cease its publication. The EURIBOR will thus be maintained in the coming years;

EONIA: its publication definitively ceased on 3 January 2022. The successor benchmark rate recommended by the European Central Bank working group on the euro area interest rates is the €STR on which the EONIA had been based since end 2019.

Impact of the reform for the Societe Generale Group

The Societe Generale Group supports these reforms and takes an active part in the working groups set up by the central banks of the currencies concerned. The Group is actively preparing for these changes, through a specific transition program set up in the Summer of 2018 and supervised by the Finance Division.

For this purpose, the Group has undertaken active awareness and communication campaigns for its customers, supplemented by a monthly newsletter and a Frequently Asked Questions (FAQ) page on the IBOR transition publicly available on the Societe Generale website. To prepare for the announced cessation dates of LIBOR and other transitioning benchmarks, the public authorities and the working groups set up by the central banks issued recommendations to the banking industry. These recommendations aim at stopping the production of new contracts referencing these indices as well as at migrating the existing contracts referencing said indices to alternative benchmark rates.

To ensure a consistent approach throughout the Societe Generale Group, an internal Committee has been formed. Its role is to issue periodical orientations reflecting the market developments and the recommendations from regulators and their working groups. Several internal guidelines have been issued covering four main themes:

strengthening of the new contracts through the inclusion of fallback clauses and risk warnings;

cessation of the production of new transactions referencing ceasing benchmarks (with some exceptions provided for by regulators) and use of alternative solutions;

fair and homogenous treatment of customers through the involvement of the compliance teams in the renegotiations of contracts;

reporting obligation, and restrictions related to the use of certain interest rates as alternatives to LIBOR.

At this stage, all directives are being applied and widely circulated among the Group’s staff.

In order to build the capacity to deal on products referencing RFRs or some term RFRs and thus ensure the continuity of its business after the phasing out of IBOR, the Societe Generale Group updated its tools and processes in line with the major calculation methods recommended by the relevant working groups or professional associations. Nevertheless, the Group continues monitoring developments in the use of RFRs and other alternative rates in order to implement any new convention and meet its customers’ needs.


Until the end of 2021, the Group primarily centred its work on renegotiating transactions with its clients and transitioning all the contracts indexed on the benchmarks terminated or not representative anymore at the end of 2021.

Since Q2 2022, the Societe Generale Group has finalised the transition of all the contracts indexed on the above-mentioned benchmarks.


The Societe Generale Group has initiated the migration of its stock of operations indexed on USD LIBOR and USD LIBOR ICE SWAP RATE aiming to finalise it by June 2023.

To do this, the Group employs interactions with its customers to offer a proactive transition to alternative solutions.

The Group’s customers most concerned by the transition of their contracts are, primarily, customers of the investment banking and Financing and Advisory activities and, to a lesser extent, some of the customers of the Group’s French and International retail networks.

The identification of the contracts concerned and the strategy for transitioning the transactions indexed on USD LIBOR have been finalised for all products:

loans and credit lines are migrated mostly through a bilateral negotiation, and so are the related hedging instruments, in order to maintain their effectiveness;

the migration of interest rate derivatives is scheduled to be implemented in large part in the first half of 2023, in line with the key milestones set by the clearing houses or by the activation of fallback clauses (ISDA Protocol to which Societe Generale has been adhering since 2020, in particular for USD LIBOR). However, some derivatives contracts are renegotiated bilaterally; lastly

current accounts and other similar cash products are migrated through an update of their general conditions.

The operational migration of the contracts referencing the USD LIBOR makes use of the processes and tools already developed for the migration of the contracts referencing IBOR interest rates ending at end 2021, as well as of the experience gained. The clearing houses’ transition plan is known in advance and based on the experience gained from previous migrations.

Other benchmark rates migration (MIFOR, PHIREF, SOR, THBFIX and MosPrime)

For these rates, the identification of the customers and transactions has been completed. The impact is much smaller than for USD LIBOR. At the level of the Societe Generale Group, these benchmark transitions impact only investment banking products.

The migration strategies are nevertheless similar to those applicable to the USD LIBOR as described above.

The Societe Generale Group keeps monitoring the announcements from regulators and administrators in other jurisdictions in order to react proactively and adapt its migration strategy accordingly.

The table below presents an estimate of the exposures, as at 31 December 2022, related to the contracts impacted by the benchmark reform and whose term is scheduled beyond the official cessation dates.

This table has been produced based on the project monitoring data and on the legal status of the contracts migration.

(In EURbn)




Current interest rate benchmarks(5)

New risk-free rates liable to replace

the current interest rate benchmarks


end date

Outstanding principal







by the







by the




by the


EONIA – Euro OverNight Index Average

Euro Short-Term Rate (€STR)





LIBOR – London Interbank Offered Rate – GBP

Reformed Sterling Overnight Index Average (SONIA)





LIBOR – London Interbank Offered Rate – CHF

Swiss Average Rate Overnight (SARON)





LIBOR – London Interbank Offered Rate – JPY

Tokyo OverNight Average (TONA)





LIBOR – London Interbank Offered Rate – EUR

Euro Short-Term Rate (€STR)





LIBOR – London Interbank Offered Rate – USD

Secured Overnight Financing Rate (SOFR)





USD LIBOR Ice Swap rate (CMS)

USD SOFR Ice Swap rate (CMS)





SOR – Singapore Dollar Swap Offer Rate

Singapore Overnight Rate Average (SORA)






Modified MIFOR






No alternative rate defined
by regulators


















Notional used in combination with an interest rate benchmark in order to calculate derivative cash flows.


Including accounts receivable, loans, securities received under repurchase agreements, debt securities bearing interest at variable rates.


Including deposits, borrowings, transactions on securities delivered under repurchase agreements, debt issued in the form of securities bearing interest at variable rates.


Including firm instruments (swaps and futures) and conditional instruments.


Only the major interest rate benchmarks impacted by the IBOR reform are presented in this table.


The risks related to the IBOR reform are now mainly limited to USD LIBOR for the period running until June 2023. They are managed and monitored within the governance framework dedicated to the IBOR transition. They have been identified as follows:

program governance and execution risk, liable to cause delays and loss of opportunities, is monitored as part of the work of regular Committees and arbitration bodies;

legal documentation risk, liable to lead to post-transition litigations, is managed through fallback clauses inserted in the contracts depending on the availability of market standards;

market risk, with the creation of a basis risk between the rate curves associated with the different indexes, is closely monitored and supervised;

operational risks in the execution of the migration of transactions depend in particular on the willingness and preparedness of our counterparties, the volume of transactions to be migrated and their spread over time;

regulatory risk is managed according to the Group guidelines in line with the recommendations of the regulators and working groups on the LIBOR transition;

conduct risk, related to the end of LIBOR, is notably managed through:


specific guidelines on the appropriate conduct detailed by business line,


training of the teams,


communications to customers (conferences, events, bilateral discussions in particular with the less informed customers) are organised on the transition-related risks, the alternative solutions that may be implemented, and on how they might be affected.





This section describes the framework and application of internal control at Societe Generale.


Internal control is part of a strict regulatory framework applicable to all banking institutions.

In France, the conditions for conducting internal controls in banking institutions are defined in the Order of 3 November 2014 modified by the Order of 25 February 2021. This Order, which applies to all credit institutions and investment companies, defines the concept of internal control, together with a number of specific requirements relating to the assessment and management of the various risks inherent in the activities of the companies in question, and the procedures under which the supervisory body must assess and evaluate how the internal control is carried out.

The Basel Committee has defined four principles – independence, universality, impartiality, and sufficient resources – which underpin the internal control carried out by credit institutions.

The Board of Directors ensures that Societe Generale has a solid governance system and a clear organisation ensuring:

a well-defined, transparent and coherent sharing of responsibilities;

effective procedures for the detection, management, monitoring and reporting of risks to which the Company could be exposed.

The Board tasks the Group’s General Management with rolling out the Group’s strategic guidelines to implement this set-up.

The Audit and Internal Control Committee is a Board of Directors’ Committee that is specifically responsible for preparing the decisions of the Board in respect of internal control supervision.

As such, General Management submits reports to the Audit and Internal Control Committee on the internal control of the Group. The Committee monitors the implementation of remediation plans when it considers the risk level to be justified.

Internal control is based on a body of standards and procedures.

All Societe Generale Group activities are governed by rules and procedures contained in a set of documents referred to collectively as the “Standard Guidelines”, compiled in the Societe Generale Code, which:

set out the rules for action and behavior applicable to Group staff;

define the structures of the businesses and the sharing of roles and responsibilities;

describe the management rules and internal procedures specific to each business and activity.

The Societe Generale Code groups together the standard guidelines which, in particular:

define the governance of the Societe Generale Group, the structures and duties of its Business Units and Services Units, as well as the operating principles of the cross-business systems and processes (Codes of Conduct, charters, etc.);

set out the operating framework of an activity and the management principles and rules applicable to products and services rendered, and also define internal procedures.

The Societe Generale Code has force of law within the Group and falls under the responsibility of the Group Corporate Secretary.

In addition to the Societe Generale Code, operating procedures specific to each Group activity are applied. The rules and procedures in force are designed to follow basic rules of internal control, such as:

segregation of functions;

immediate, irrevocable recording of all transactions;

reconciliation of information from various sources.

Multiple and evolving by nature, risks are present in all business processes. Risk management and control systems are therefore key to the Bank’s ability to meet its targets.

The internal control system is represented by all methods which ensure that the operations carried out and the organisation and procedures implemented comply with:

legal and regulatory provisions;

professional and ethical practices;

the internal rules and guidelines defined by the Company’s management body of the undertaking in its executive function.

Internal control in particular aims to:

prevent malfunctions;

assess the risks involved, and exercise sufficient control to ensure they are managed;

ensure the adequacy and effectiveness of internal processes, particularly those which help safeguard assets;

detect irregularities;

guarantee the reliability, integrity and availability of financial and management information;

check the quality of information and communication systems.

The internal control system is based on five basic principles:

the comprehensive scope of the controls, which cover all risk types and apply to all the Group’s entities;

the individual responsibility of each employee and each manager in managing the risks they take or supervise, and in overseeing the operations they handle or for which they are responsible;

the responsibility of functions, in line with their expertise and independence, in defining normative controls and, for three of them, exercising second-level permanent control;

the proportionality of the controls to the materiality of the risks involved;

the independence of internal auditing.

The internal control framework is based on the “three lines of defence” model, in accordance with the Basel Committee and European Banking Authority guidelines:

the first line of defence comprises all Group employees and operational management, both within the Business Units and the Services Units in respect of their own operations.

Operational management is responsible for risks, their prevention and their management (by putting in place first-level permanent control measures, amongst other things) and for implementing corrective or remedial actions in response to any deficiencies identified by controls and/or process steering;

the second line of defence is provided by the risk and compliance functions.

Within the internal control framework, operational management is responsible for verifying the proper and continuous running of the risk security and management operation functions through the effective application of established standards, defined procedures, methods and requested controls.

Accordingly, these functions must provide the necessary expertise to define in their respective fields the controls and other means of risk management to be implemented by the first line of defence, and to ensure that they are effectively implemented; they conduct second-level permanent control over all of the Group’s risks, based in particular on the controls they have defined, as well as those defined, if necessary, by other expert functions (e.g. sourcing, legal, tax, human resources, information system security, etc.) and by the businesses;

the third line of defence is provided by the Internal Audit Department, which encompasses the General Inspection and Internal Audit functions. This department performs periodic internal audits that are strictly independent of the business lines and the permanent control function;

internal control coordination, which falls under the responsibility of the Chief Executive Officer, is also provided at Group level and is rolled out in each of the departments and core businesses.

The Chief Executive Officer is responsible for ensuring the overall consistency and effectiveness of the internal control system.

The purpose of the Group Internal Control Coordination Committee (GICCC) is to ensure the consistency and effectiveness of the Group’s internal control, in response in particular to the obligation laid down in Art. 16 of the modified French Order of 3 November 2014.

The Committee is chaired by the Chief Executive Officer, or in his absence, by a Deputy General Manager or by the Deputy Chief Executive Officer tasked with supervising the area under review. When it meets, the CCCIG convenes the Manager responsible for Coordinating the Internal Control function, the Permanent Control function, the Managers of the second line of defence (CPLE and RISQ), the Representatives appointed by the Heads of DFIN and RESG (including the Global CISO), the Manager of the third line of defence (IGAD) and as observers, the Head of Operational Risks, as well as the Heads of the level 2 permanent control central teams (RISQ/CTL, CPLE/CTL, DFIN/CTL).

The Committee meets approximately 20 times a year to deal with cross-cutting topics as well as the annual review of each BU/SU.

Its objectives are:

to give a consolidated view of the Group’s internal control to the General Management;

to evaluate the Group’s permanent control system in terms of effectiveness, consistency and completeness;

to evaluate the functioning of the Group’s permanent control framework based on the review of the Group’s quarterly dashboard of permanent controls, supplemented by cross-cutting thematic reviews and by the independent review of RISQ and CPLE in the exercise of their role as the second line of defence for the Group;

to examine and validate the Group’s annual internal control report (ICR);

to define the roles and responsibilities of the stakeholders of the permanent control and of the GICCC and CCCI and to validate the operational principles of permanent control and governance;

to validate the sections dealing with internal control in the SG Code (in particular, Title IV of Book A);

to validate the decisions of the Committee in terms of permanent control framework;

to review and challenge the permanent control framework of BU/SU;

to review other cross-cutting topics related to the permanent control of the Group.

It is chaired by the Chief Executive Officer, or, in his absence, by a Deputy Chief Executive Officer or by the Deputy General Manager in charge of supervising the area under review, the Group Internal Control Coordination Committee brings together the Head of the Coordination of Internal Control and the Permanent Control Framework, the Heads of the second line of defence (see A.305, CPLE, RISQ), the Representatives designated by the Head of DFIN and RESG (including the Global CISO), the Head of the third line of Defence (IGAD) and, as observers, the Head of Operational Risks, as well as the Heads of the level 2 permanent control central teams (RISQ/CTL, CPLE/CTL, DFIN/CTL).

The Group’s permanent control system comprises:

the first-level permanent control, which is the basis of the Group’s permanent control, is performed by the businesses. Its purpose is to ensure the security, quality, regularity and validity of transactions completed at operational level;

the second-level permanent control, which is independent of the businesses and concerns three departments, i.e. the Compliance, Risk and Finance Departments.

In 2018, General Management initiated a transformation programme of the Group’s permanent control system, which is under its direct supervision. Through a set of actions focusing on areas such as standards, methods, tools, procedures and training, the programme served to consolidate the control culture and optimise risk control, and thus helps to improve the quality and the reliability of services provided to our customers and partners. In 2021, this programme has been finalised and closed, and the transfer of the long-term activities to operating teams has been completed.

Permanent Level 1 controls, carried out on operations performed by BUs and the SUs, ensure the security and quality of transactions and the operations. These controls are defined as a set of provisions constantly implemented to ensure the regularity, validity, and security of the operations carried out at operational level.

The permanent Level 1 controls consist of:

any combination of actions and/or devices that may limit the likelihood of a risk occurring or reduce the consequences for the Company: these include controls carried out on a regular and permanent basis by the businesses or by automated systems during the processing of transactions, automated or non-automated security rules and controls that are part of transaction processing, or controls included in operational procedures. Also falling into this category are the organisational arrangements (e.g., segregation of duties) or governance, training actions, when they directly contribute to controlling certain risks;

controls performed by managers: line managers control the correct functioning of the devices for which they are responsible. As such, they must apply formal procedures on a regular basis to ensure that employees comply with rules and procedures, and that Level 1 controls are carried out effectively.

Defined by a Group entity within its scope, Level 1 controls include controls (automated or manual) that are integrated into the processing of operations, proximity controls included in operating procedures, safety rules, etc. They are carried out in the course of their daily activities by agents directly in charge of an activity or by their managers. These controls aim to:

ensure the proper enforcement of existing procedures and control of all risks related to processes, transactions and/or accounts;

alert management in the event of identified anomalies or malfunctions.

Permanent Level 1 controls are set by management and avoid, as far as possible, situations of self-assessment. They are defined in the procedures and must be traced without necessarily being formalised, e.g. preventive automated controls that reject transactions that do not comply with system-programmed rules.

In order to coordinate the operational risk management system and the permanent Level 1 control system, the BUs/SUs deploy a specific department called CORO (Controls & Operational Risks Office Department).

The permanent Level 2 control ensures that the Level 1 control works properly:

the scope includes all permanent Level 1 checks, including managerial supervision checks and checks carried out by dedicated teams;

this review and these audits aim to give an opinion on (i) the effectiveness of Level 1 controls, (ii) the quality of their implementation, (iii) their relevance (including, in terms of risk prevention), (iv) the definition of their modus operandi, (v) the relevance of remediation plans implemented following the detection of anomalies, and the quality of their follow-up, and thus contribute to the evaluation of the effectiveness of Level 1 controls.

The permanent level 2 control, control of the controls, is carried out by teams independent of the operational.

These controls are performed centrally by dedicated teams within Risk Service Unit (RISQ/CTL), Compliance Service Unit (CPLE/CTL) and Finance Service Unit (DFIN/CTL) and locally by the second-level control teams within the BU/SUs or entities.

The Group’s Internal Audit function is delivered by the Service Unit Inspection and Internal Audit (“IGAD”), which brings together the Group’s Inspection and Internal Audit Departments. The Group’s Head of Inspection and Audit has a Group-wide responsibility for the internal audit function.

The Internal Audit function is part of the Group’s internal control set-up. It provides the third and last line of defense and performs periodical controls. The third line of defense is strictly independent from the businesses and other lines of control.

The internal audit mandate delivered by IGAD, defined in line with the IIA Standards (Institute of Internal Auditors), is an independent and objective activity that provides the Group with an assurance as to how effectively it is controlling its risks and operations, advises on improvements and contributes to the creation of added value. By carrying out this mandate, Inspection and Internal Audit help the Group to achieve its targets by evaluating systematically and methodically its processes for risk management, control and corporate governance and making recommendations to increase their efficiency.

IGAD’s internal audit mandate covers Societe Generale SA and all of the Group’s entities and business activities. All businesses, operations and processes without exceptions can be subject to an audit carried out by either Inspection or Internal Audit. This being said, entities within which the Group holds a minority stake are excluded, even if the Group has a significant influence, except in cases where such situation is likely to have a significant impact for the Group on its risk management.

Outsourced activities are also included in the scope of the mandate of IGAD as the Group’s internal audit function.

The Group Head of Inspection and Audit reports directly to the Group Chief Executive Officer.

He meets on a regular basis with the Chair of the Board of Directors. As mentioned in the Internal Rules of the Board, updated in August 2022, the Group Head of Inspection and Audit reports on the execution of the internal audit mandate to the Board of Directors on the basis of presentations made to the Group’s Audit and Internal Control Committee. He presents the Group’s audit and inspection plan, approved by the Chief Executive Officer, to the Board of Directors following its examination by the Group’s Audit and Internal Control Committee.

The Group Head of Inspection and Audit attends all meetings of the Board’s Audit and Internal Control Committee and provides the Committee on regular basis with a presentation of the activity of Internal Audit and General Inspection as well as on the status of implementation of recommendations issued both by IGAD and by supervisors (ECB and ACPR). He also attends all meetings of the Board’s Risk Committee. Both the Audit and Internal Control Committee and the Risk Committee hear the Group Head of Inspection and Audit, possibly at his request.

As foreseen in the Internal Rules of the Board, if necessary, in the event of changes in the risks affecting or likely to affect the Company, the Group Head of Inspection and Audit may report to the Board of Directors, directly or through the Audit and Internal Committee, without referring to the Effective Senior Managers.

To fulfill its mandate, the Group’s IGAD Service Unit has adequate resources from a qualitative and quantitative point of view. The Group’s Inspection and Audit Service Unit has about 1,000 employees located at Head Office and within affiliates and branches (France and overseas).

The Service Unit IGAD operates as a hierarchically integrated division. General Inspection, based at Head Office, has a Group-wide mandate. The various Audit Departments are each in charge of a defined scope of businesses or risks. Whether they are based at Head Office or within entities (affiliates or branches), Audit Departments are all reporting to the IGAD Service Unit. A matrix organisation allows to cover important transversal topics at Group level. Depending on resources and skills required, an audit mission can bring together auditors from different departments. IGAD may decide to send any audit team to carry out a mission within the Group.

General Inspection and Audit carry out their mandate on the basis of missions. Beyond audit missions defined in the yearly plan, General Inspection can be called to perform analysis and study missions or contribute to due diligence work in cases of acquisitions or divestments of Group entities or activities. A specific framework is in place to monitor such work and ensure there are no conflict of interest.

General Inspection and Audit define their respective workplans on a risk-based approach. Internal Audit combines this approach with the requirement to comply with a five-year audit cycle and determines the frequency of review based on the risk level of the audited entities.

In 2022 General Inspection and Internal Audit continued to perform an independent follow-up on recommendations issued by supervisors (ECB, ACPR) with regular status updates presented - in coordination with the Group’s General Secretariat - to General management and the Board’s Audit and Internal Control Committee.

As required by international auditing standards, IGAD is subject to an external quality assessment. IGAD’s certification was maintained following a second certification by the certification institute of the IFACI (Institut Français de l’Audit et du Contrôle Interne – French branch of the IIA) completed in 2022.

The context in 2022 allowed IGAD to resume business travel and on-site missions to a larger extent whilst maintaining remote auditing methods developed during the sanitary crisis. Audit missions carried out in 2022 were split on all categories of risks. Changes made to the audit plan during the year remained limited (reduction of 8% of man-days on audit missions with a total of 586 audit missions carried out this year), reflecting mainly the impact of a higher level of turnover in certain geographies and a shift in a number of projects initially planned to be subject to an audit. Such tensions also led to reschedule a few Inspection missions this year.

In 2022 IGAD initiated works required in response to recommendations issued by the European Central bank and IFACI on the internal audit function. Such work pertained mainly to (i) governance, being IGAD’s internal governance, the set-up with regards to the interactions between the internal Audit function and the Group’s governance at General management and Board level and the governance for the audit function at local level; (ii) the redesign, to be completed by end of 2024, of its independent risk assessment exercise and (iii) the establishment of a multi-year audit plan. The implementation of these action plans will remain a priority over 2023 and 2024 for the internal audit function. In addition, the restructuring of the audit recommendations issuance and monitoring process was initiated: all Business Units and Service Units will be engaged in the process, which will enable IGAD to focus its work on the most important risks in line with a strategic goal to optimize the layering of controls within the Group’s internal control framework.

On the operational side, internal audit departments (i) further developed their ability to provide independent assurance on the performance of permanent control departments; (ii) reinforced their auditing methods on topics such as “conduct” or “ESG” and (iii) increased the use of data analytics in the audit missions.


There are many participants in the production of financial data:

the Board of Directors, and more specifically its Audit and Internal Control Committee, has the task of examining the draft financial statements which are to be submitted to the Board, as well as verifying the conditions under which they were prepared and ensuring not only the relevance but also the consistency of the accounting principles and methods applied. The Audit and Internal Control Committee’s remit also is to monitor the independence of the Statutory Auditors, and the effectiveness of the internal control, measurement, supervision and control systems for risk related to the accounting and financial processes. The Statutory Auditors meet with the Audit and Internal Control Committee during the course of their assignment;

the Group Finance Department gathers the accounting and management data compiled by the subsidiaries and the Business Units/Services Units in a set of standardised reports. It consolidates and verifies this information so that it can be used in the overall management of the Group and disclosed to third parties (supervisory bodies, investors, etc.). It also has a team in charge of the preparation of the Group regulatory reports.

In the framework of these missions, it is in charge of:


monitoring the financial aspects of the Group’s capital transactions and its financial structure,


managing its assets and liabilities, and consequently defining, managing and controlling the Group’s financial position and structural risks,


ensuring that the regulatory financial ratios are respected,


defining accounting and regulatory standards, frameworks, principles and procedures for the Group, and ensuring that they are observed,


verifying the accuracy of all financial and accounting data published by the Group;

the Finance Departments of subsidiaries and Business Units/Services Units carry out certification of the accounting data and entries booked by the back offices and of the management data submitted by the front offices. They are accountable for the financial statements and regulatory information required at the local level and submit reports (accounting data, finance control, regulatory reports, etc.) to the Group Finance Department. They can perform these activities on their own or else delegate their tasks to Shared Service Centers operating in finance and placed under Group Finance Department governance;

the Risk Department consolidates the risk monitoring data from the Group’s Business Units/Services Units and subsidiaries in order to control credit, market and operational risks. This information is used in Group communications to the Group’s governing bodies and to third parties. Furthermore, it ensures in collaboration with the Group Finance Department, its expert role on the dimensions of credit risk, structural liquidity risks, rates, exchange rates, on the issues of recovery and resolution and the responsibility of certain closing processes, notably the production of solvency ratios;

the Back offices are responsible for all support functions to front offices and ensure contractual settlements and deliveries. Among other responsibilities, they check that financial transactions are economically justified, book transactions and manage means of payment.

Local financial statements are drawn up in accordance with local accounting standards, and the consolidated Group financial statements are prepared in accordance with the standards defined by the Group Finance Department, which are based on IFRS as adopted by the European Union.

The applicable standards on solvency and liquidity, promulgated by the Basel Committee, were translated into European law by a directive (CRD4) and a regulation (CRR). They were rounded out by the Regulation CRR2 and the Directive CRD5 which entered into force on 28 June 2019. These texts are supplemented by several delegated acts and implementation technical standards. As the Societe Generale Group is identified as a “financial conglomerate”, it is subjected to additional supervision.

The Group Finance Department has dedicated teams that monitor the applicable standards and draft new internal standards to comply with any changes in the accounting and regulatory framework.

Each entity in the consolidation scope of the Group prepares its own accounting and management statements on a monthly basis. This information is then consolidated each month at Group level and published for the markets on a quarterly basis. Data reported are subject to analytical reviews and consistency checks performed by Finance Department or delegated to financial shared service centers acting under their responsibility and sent to the Group Finance Department. The Group Finance Department forwards the consolidated financial statements, Management Reports and regulatory statements to General Management and any interested third parties.

Accounting data are compiled independently of the front offices and the sales teams.

The quality and objectivity of the accounting and management data are ensured by the separation of sales functions and all the functions of operational processing and follow-up of the operations: back offices and middle offices integrated into Resources Department and teams in charge of result production integrated into Finance Department. These teams carry out a series of controls defined by Group procedures on financial and accounting data, in particular:

verification of the economic justification of all information reported;

reconciliation of accounting and management data, using specific procedures, respecting the specified deadlines;

for market activities, reconciliation between the accounting result, produced by the Finance Department and the economic result, produced by a dedicated expert department in the Risk Department.

Given the increasing complexity of the Group’s financial activities and organisation, staff training and IT tools are regularly upgraded to ensure that the production and verification of accounting and management data are effective and reliable.

In practice, the internal control procedures implemented in the Group’s businesses are designed to guarantee the quality of financial and accounting information, and notably to:

ensure that the transactions entered in the Group’s accounts are exhaustive and accurate;

validate the valuation methods used for certain transactions;

ensure that transactions are correctly assigned to the corresponding fiscal period and recorded in the accounts in accordance with the applicable accounting regulations, and that the accounting aggregates used to prepare the Group financial statements are compliant with the regulations in force;

ensure the inclusion of all entities that must be consolidated in accordance with Group regulations;

check that the operational risks associated with the production and transmission of accounting data through the IT system are correctly controlled, that the necessary adjustments are accurately performed, that the reconciliation of accounting and management data is satisfactory, and that the flows of cash payments and other items generated by transactions are exhaustive and adequate.

The Finance Department of each subsidiary checks the accuracy and consistency of the financial statements with respect to the relevant accounting frameworks (local standards and IFRS for subsidiaries, as well as French standards for branches). It performs checks to guarantee the accuracy of the information disclosed.

The data received for consolidation from each subsidiary are drawn from corporate accounting data by the subsidiaries after they have been locally brought into compliance with Group accounting principles.

Each subsidiary must be able to explain the transition from the Company financial statements to the financial statements reported through the consolidation tool.

The Finance Departments of the Business Units/Services Units have a dedicated department for financial management and control.

The Finance Departments also rely on shared service centers that perform level 1 controls necessary to ensure the reliability of accounting, tax and regulatory information on the financial statements they produce in accordance with local and IFRS standards and notably data quality and consistency checks (equity, securities, foreign exchange, financial aggregates from the balance sheet and income statement, deviations from standards), justification and certification of the financial statements under their responsibility, intercompany reconciliation of the financial statements, regulatory statement checks and verification of evidence of tax charges and balances (current, deferred and duties).

These controls are declared as part of the managerial supervision and Group accounting certification processes.

These controls allow the Shared Services Centers to provide all necessary information to the Finance Departments of Business Units/Services Units and the Group Finance and Accounting Department to ensure the reliability and consistency of the accounts prepared.

These shared service centers are located in Paris, Bangalore and Bucharest.

The operational staff monitor their activity via a permanent supervision process under the direct responsibility of their management teams, repeatedly verifying the quality of the controls carried out on completeness of accounting data and the associated accounting treatment.

Once the financial statements prepared by the entities have been restated according to Group standards, they are entered into a central database and processed to produce the consolidated statements.

The service in charge of consolidation in the Group Accounting Officer Department checks that the consolidation scope complies with the applicable accounting standards and performs multiple checks on data received for consolidation purposes. These checks include:

confirmation that the data collected are properly aggregated;

verification of recurring and non-recurring consolidation entries;

exhaustive treatment of critical points in the consolidation process;

treatment of any residual differences in reciprocal or intercompany statements.

Last, this service ensures that the overall consolidation process has been conducted properly by performing analytical reviews of the summary data and verifying the consistency of the main aggregates of the financial statements. These verifications are complemented by transversals analysis such as analysis of changes in shareholders’ equity, goodwill, provisions and consolidated deferred taxes.

A team in this department is in charge of managing and coordinating the Group accounting certification framework to certify first-level controls on a quarterly basis (internal control certification).

The Group Finance Department has also a dedicated team, it which is responsible for ensuring second-level permanent controls on all Finance processes and for implementing the framework within the Group. Its mission is to ensure the effectiveness, quality and relevance of the Level 1 control framework by assessing it through process or activity reviews, testing controls and quarterly certifications. The team, reporting directly to the Group Finance Department, also reports to the Head of Permanent & Internal Control Division of Societe Generale Group.

Internal Audit and the General Inspection define their audits and inspections using a risk-based approach and define an annual work program (Inspection and Audit plan schedule – plan de tournée). As part of their assignments, teams may verify the quality of the control environment contributing to the quality of the accounting and management data produced by the audited entities. They may check a certain number of accounts and assess the reconciliations between accounting and management data, as well as the quality of the permanent supervision procedures for the production and control of accounting data. They also assess the performance of IT tools and the accuracy of manual processing.

The department in charge of auditing the Group’s Central Departments is responsible for auditing the Group Finance Department. Within that department, a distinct team, placed under the responsibility of a dedicated Audit Business Correspondent monitors and animates audit work related to accounting and financial matters on a Group-wide basis. The team provides expertise in identifying the Group’s main accounting risks and develops training sessions and methodologies to help share expertise in the auditing of accounting risks.

Audit missions pertaining to accounting matters are carried out by that team, for the subjects considered as the most material for the accuracy of the Group’s accounting information, as well as by Audit Departments based in the Group’s entities.

Based on their findings, these teams issue recommendations to the parties involved in the production and control of accounting, financial and management data. Departments being assigned these recommendations are responsible for their implementation. A monitoring is performed by IGAD.





This section provides details on capital resources, regulatory requirements and the composition of the leverage ratio.

Evolution of CET1 capital


(between 2021 and 2022)

Evolution of total regulatory capital


CET1 ratio at end 2022


* Figures taking into account the phasing under IFRS 9 (CET1 ratio of 13.34% at end-2022 without phasing, a phasing effect of +17 bp) and the effects of the transitional Covid-19 measures taken by the ECB and ending on 31 December 2022.


Since January 2014, Societe Generale has applied the Basel III regulations implemented in the European Union through a regulation and a directive (CRR and CRD4 respectively).

The general framework defined by Basel III is structured around three pillars:

Pillar 1 sets the minimum solvency, leverage and liquidity requirements and defines the rules that banks must use to measure risks and calculate the related capital requirements, according to standard or more advanced methods;

Pillar 2 concerns the discretionary supervision implemented by the competent authority, which allows them – based on a constant dialogue with supervised credit institutions – to assess the adequacy of capital requirements as calculated under Pillar 1, and to calibrate additional capital requirements taking into account all the risks to which these institutions are exposed;

Pillar 3 encourages market discipline by developing a set of qualitative or quantitative disclosure requirements which will allow market participants to better assess a given institution’s capital, risk exposure, risk assessment processes and, accordingly, capital adequacy.

Several amendments to European regulatory standards were adopted in May 2019 (CRR2/CRD5). The majority of these provisions entered into force in June 2021.

The amendments include:

NSFR: The text introduces the regulatory requirements for the NSFR ratio. A ratio of 100% is respected since June 2021;

Leverage ratio: the minimum requirement of 3% to which is added, since January 2023, 50% of the buffer required as a systemic institution;

Derivatives counterparty risk (SA-CCR): the “SA-CCR” method is the Basel method replacing the “CEM” method for determining prudential exposure to derivatives in a standard approach;

Large Risks: the main change is the calculation of the regulatory limit (25%) on Tier 1 (instead of total own funds), as well as the introduction of a specific cross-limit on systemic institutions (15%);

TLAC: The ratio requirement for G-SIBs is introduced in CRR. In accordance with the Basel text, G SIBs must respect an amount of own funds and eligible debt equal to the highest between 18%+risk-weighted buffers and 6.75% leverage since 2022.

With regard to the implementation of the market risk reform (FRTB), after the publication of the first revised standard in January 2016 and of the consultation in March 2018 on this subject, the Basel Committee published in January 2019 its final text: BCBS457. In March 2020, the Basel Committee announced a one-year delay in the implementation of FRTB (1 January 2023 instead of 1 January 2022 as originally planned in the January 2019 text).

The European FRTB calendar would be as follows:

regarding reporting requirements:


the Standardised Approach (SA) has been effective since Q3 2021,


for the Internal Model Approach (IMA), for the approved banks, reporting should start three years after the publication in the Official Journal of the European Union (OJEU) of three technical standards (RTS) of the EBA, which entered in force on the 15th of November 2022;

capital requirements for FRTB: Expected by 1 January 2025 at this stage, which would make the IMA reporting obsolete; a 2-year delay (i.e. 1 January 2027) could be applied in the event of unlevel playing field with other major jurisdictions In December 2017, the Group of Central Bank Governors and Heads of Supervision (GHOS), the Basel Committee’s oversight body, endorsed the regulatory reforms aiming to complete Basel 3.

In December 2017, the Group of Central Bank Governors and Heads of Supervision (GHOS), the Basel Committee’s oversight body, endorsed the regulatory reforms aiming to complete Basel 3.

A first version of the transposition text was published by the European Commission on 27 October 2021 (“CRR3 – CRD6”) and will serve as support for the European Trialogue where this version will be combined with the Council text published in November 2022 and the Parliament text. The trialogue is expected to be finalized in the summer of 2023. It will then have to be voted by Parliament to become applicable.

These new rules, which were to take effect from 2022, have been postponed to January 2025 with an overall output floor: the risk-weighted assets (RWA) will be floored to a percentage of the standard method (credit, market and operational). The output floor level will increase gradually, from 50% in 2025 to 72.5% in 2030.

Throughout 2022, Societe Generale complied with the minimum ratiorequirements applicable to its activities.


As part of its capital management, the Group (under the managment of the Finance Department and the supervision of Risk Department) ensures that its solvency level is always compatible with the following objectives:

maintaining its financial strength and respecting the risk appetite;

preserving its financial flexibility to finance organic growth and growth through acquisitions;

allocating adequate capital to the various businesses, according to the Group’s strategic objectives;

maintaining the Group’s resilience in the event of stress scenarios;

meeting the expectations of its various stakeholders: supervisors, debt and equity investors, rating agencies, and shareholders.

The Group determines its internal solvency targets in accordance with these objectives and regulatory thresholds.

The Group has an internal process for assessing the adequacy of its capital that measures and explains the evolution of the Group’s capital ratios over time, taking into account any future regulatory constraints and changes in the scope. 

This process is based on a selection of key metrics that are relevant to the Group in terms of risk and capital measurement, such as CET1, Tier 1 and Total Capital ratios. These regulatory indicators are supplemented by an assessment of the coverage of internal capital needs by available CET1 capital and an economic perspective, thus confirming the relevance of the targets set in the risk appetite. Besides, this assessment takes into account the constraints arising from the other metrics of the risk appetite, such as rating, MREL and TLAC or leverage ratio.

All of these indicators are measured on a forward-looking basis in relation to their target on a quarterly or even monthly basis for the current year. During the preparation of the financial plan, they are also assessed on an annual basis over a minimum of three-year horizon according to at least a baseline and adverse scenarios, in order to demonstrate the resilience of the bank’s business model against adverse macroeconomic and financial uncertain environments. Capital adequacy is continuously monitored by the Executive Management and by the Board of Directors as part of the Group’s corporate governance process and is reviewed in depth during the preparation of the financial plan. It ensures that the bank always complies with its financial target and that its capital level is above the “Maximum Distributable Amount” (MDA) threshold.

Besides, the Group maintains a balanced capital allocation among its three strategic core businesses:

French Retail Banking;

International Retail Banking and Financial Services;

Global Banking and Investor Solutions.

Each of the Group’s core businesses accounts for around a third of total Risk-Weighted Assets (RWA), with a predominance of credit risk (83% of total Group RWA, including counterparty credit risk).

At 31 December 2022, Group RWA were down 1% to EUR 360 billion, compared with EUR 363 billion at end-December 2021.

The evolution of the business lines’ RWA lies at the core of the operational management of the Group’s capital trajectory based on a detailed understanding of the vectors of variations. Where appropriate, the General Management may decide, upon a proposal from the Finance Department, to implement managerial actions to increase or reduce the share of the business lines, for instance by validating the execution of synthetic securitisation or of disposals of performing or non-performing portfolios.


The Group’s prudential reporting scope includes all fully consolidated entities, with the exception of insurance entities, which are subject to separate capital supervision.

All regulated entities of the Group comply with their prudential commitments on an individual basis.

Non-regulated entities outside of the scope of prudential consolidation are subject to periodic reviews, at least annually.

The following table provides the main differences between the accounting scope (consolidated Group) and the prudential scope (Banking Regulation requirements).

Type of entity

Accounting treatment

Prudential treatment

Entities with a finance activity

Full consolidation

Full consolidation

Entities with an Insurance activity

Full consolidation

Equity method

Holdings with a finance activity by nature

Equity method

Equity method

Joint ventures with a finance activity by nature

Equity method

Proportional consolidation

The following table provides a reconciliation between the consolidated balance sheet and the accounting balance sheet within the prudential scope.The amounts presented are accounting data, not a measure of RWA, EAD or prudential capital. Prudential filters related to entities and holdings notassociated with an insurance activity are grouped together on account of their non-material weight (< 0.1%).

ASSETS at 31.12.2022

(In EURm)

Balance sheet as

in published





linked to




linked to



Balance sheet

under regulatory

scope of


Reference to

table 14 (CC1)

Cash, due from banks






Financial assets at fair value through profit or loss






Hedging derivatives






Financial assets at fair value through other comprehensive income






Securities at amortised cost






Due from banks at amortised cost






o.w. subordinated loans to credit institutions






Customer loans at amortised cost






Revaluation differences on portfilios hedged against interest rate risk






Investment of insurance activities






Tax assets






o.w. deferred tax assets that rely on future profitability excluding those arising from temporary differences






o.w. deferred tax assets arising from temporary differences






Other assets






o.w. defined-benefit pension fund assets






Non-current assets held for sale






Investments accounted for using the equity method






Tangible and intangible assets






o.w. intangible assets exclusive of leasing rights



















Restatement of entities excluded from the prudential scope and reconsolidation of intra-group transactions relating to these entities.

LIABILITIES at 31.12.2022

(In EURm)

Balance sheet as

in published





linked to




linked to



Balance sheet

under regulatory

scope of


Reference to

table 14 (CC1)

Due to central banks






Financial liabilities at fair value through profit or loss