Shaped by successive generations of employees and clients, Societe Generale has promoted economic growth for more than 160 years: in the past by supporting the industrial revolution, today and in the future by tackling the modern day challenges of sustainable development and responsible energy transition.

On 4 May 1864, the Societe Generale bank was established by decree. The Bank was founded by a group of industrialists and financiers driven by the ideals of progress. Its mission has always been “to promote the development of trade and industry in France”.

Since its beginnings, Societe Generale has sought to modernise the economy based on the model of a diversified bank at the cutting edge of financial innovation. Its retail banking branch network grew rapidly throughout France, increasing from 46 to 1,500 branches between 1870 and 1940.

During the interwar period, the Bank became France's leading French credit institution in terms of deposits. At the same time, Societe Generale began to expand internationally by financing infrastructures essential to the economic development of a number of countries in Europe, the Americas and North Africa. This expansion was accompanied by the creation of an International Retail Banking network. In 1871, the Bank opened its London branch. 

On the eve of World War I, Société Générale operated in 14 countries, either directly or through one of its subsidiaries. This network was subsequently expanded by opening branches in New York, Buenos Aires, Abidjan and Dakar, and by acquiring stakes in financial institutions in Central Europe.

The Bank was nationalised by law on 2 December 1945 and played an active role in financing the reconstruction of France. 

Societe Generale thrived during the years of the post-war boom and contributed to the increased use of banking techniques by launching innovative products for businesses, including medium-term discountable credit and lease financing agreements, for which it was the market leader.

Societe Generale has demonstrated its ability to adapt to a new economic environment by taking advantage of the banking reforms that succeeded the French Debré Laws of 1966-1967. While continuing to support the businesses it partnered, the Group lost no time in focusing its business on individual clients. In this way, it supported the emergence of a consumer society by diversifying the credit and savings products it offered private households.

In June 1987, Societe Generale was privatised with a successful IPO with a dedicated offer of shares to its staff. The Group developed a global banking strategy, in particular through its Corporate and Investment Banking activities, to support the worldwide development of its clients. In France, it expanded its networks by founding Fimatex in 1995, which later became Boursorama and now BoursoBank, currently France’s leading online bank, and by acquiring Crédit du Nord in 1997. Internationally, it established itself in Central and Eastern Europe through Komerčni Banka in the Czech Republic and BRD in Romania while consolidating its growth in Africa. Building on the professionalism of its teams and the relationship of confidence developed with its clients, the Bank continues its process of transformation by adopting a sustainable growth strategy driven by its core values of team spirit, innovation, responsibility and commitment.

In 2023, the Group completed two major strategic projects: the launch of its new French Retail Banking business resulting from the merger of the Societe Generale and Credit du Nord networks, and the creation of Ayvens, a leader in sustainable mobility resulting from the acquisition of LeasePlan by ALD Automotive.

As part of its new strategic plan initiated in September 2023, Societe Generale is pursuing new projects, including the development of BoursoBank; the creation of the Bernstein joint venture, which is a global leader in equity research and cash equity; the launch of the partnership with Brookfield to create a private debt fund of 10 billion euros; and the acceleration of actions in the field of ESG, in particular the contribution to the energy transition.

The Group currently has a headcount of around 119,000 employees in 62 countries.

The strength of this legacy, inherited from previous generations, enables Societe Generale to face the future with boldness, determination and confidence.

Societe Generale is a top-tier leading European Bank with around 119,000 employees serving more than 26 million clients in 62 countries across the world. The bank has supported economic growth for over 160 years, providing corporate, institutional and individual clients with a wide array of value-added advisory and financial solutions. 

Our long-lasting and trusted relationships with our clients and our cutting-edge expertise, unique innovation, ESG capabilities and leading franchises are part of our DNA and serve our most essential objective - to deliver sustainable value creation for our various stakeholders.

The Group runs three complementary businesses, embedding ESG offerings for all its clients:

• ●French Retail, Private Banking and Insurance, with the retail bank SG and insurance franchise; private banking services; and the leading digital bank BoursoBank;
• ●Global Banking and Investor Solutions, a top-tier wholesale bank offering tailored-made solutions with distinctive global leadership in Equity Derivatives, Structured Finance and ESG;
• ●Mobility, International Retail Banking and Financial Services, comprising well-established universal banks (in Czech Republic, Romania and several African countries); Ayvens (the new ALD – LeasePlan brandname), a global player in sustainable mobility; as well as specialised financing activities.

The Group has a clearly defined strategy to be a rock-solid bank with strong and sustainable performance that contributes to fulfilling the UN's Sustainable Development Goals. Strengthening the Group’s robustness is a priority with a focus on structurally improving operational efficiency and profitability and increasing capital. Based on a simplified and synergised model, the objective is also to develop sustainable and profitable activities, bolstering the value proposition for clients and in particular, contributing to energy, environmental and social transition.

The Group is listed in the main socially responsible investment indices: DJSI (Europe), FTSE4Good (Global and Europe), Bloomberg Gender-Equality Index, Refinitiv Diversity and Inclusion Index, Euronext Vigeo (Europe and eurozone), STOXX Global ESG Leaders indexes, and the MSCI Low Carbon Leaders Index (World and Europe).

The Group is driven by a clear strategy and roadmap to secure its long-term future: to become a rock-solid bank that achieves sound and sustainable performances that contribute to the achievement of sustainable development objectives.

To further strengthen the Bank’s financial profile is a core priority for the Group. This will mainly be achieved by maintaining a high CET1 ratio, with a CET1 ratio target set above 13% under Basel IV throughout 2025. To achieve this target, the Group will allocate and use its capital effectively, improve operational efficiency and simplify its portfolio based on a consistent, integrated and synergy-centric business model leveraging its core franchises, while maintaining best-in-class risk management.

The Group intends to leverage its high-performance, sustainable businesses based on a robust diversified banking model tailored to the needs of more than 26 million corporate, institutional and individual clients, structured around three core businesses:

• ●French Retail, Private Banking and Insurance;
• ●Global Banking and Investor Solutions;
• ●Mobility, International Retail Banking and Financial Services.

Under its French Retail, Private Banking and Insurance business line, the Group plans to leverage the new operating model of its new SG network to boost synergies with the Insurance and Private Banking activities while improving operating efficiency, and accelerate BoursoBank’s development with the aim of reaching more than 8 million clients by 2025 and enhancing long-term value creation. Leveraging a high-impact value offer, the Group intends to be the partner of choice for businesses, professionals and high net worth clients, as well as for digital clients, and at the same time be a responsible bank for its various counterparties.

For the Global Banking and Investor Solutions business line, the Group is pursuing the strategy it initiated in 2021 to further enhance the sustainability and profitability of its model. Building on its positioning as a top-tier European player and trusted partner for its global banking clients, the Group intends to unlock greater value from its leading franchises, notably through innovative action, while continuing to improve operating efficiency and optimising its resources, particularly capital. Recent partnerships with AllianceBernstein and Brookfield as well as the acquisition of a 75% stake in Reed Management are examples of the Group’s ability to create innovative solutions with a view to broadening its offerings and value proposition for its clients.

Within the Mobility, International Retail Banking and Financial Services business line, the main aim of International Retail Banking businesses is to deliver sustainable performances that exceed the cost of capital, notably by implementing a more compact and efficient model that also offers first-rate customer experience. The Group is aiming to become a world leader in the mobility ecosystem through its mobility and leasing activities, chiefly through Ayvens, following the completion of ALD’s acquisition of LeasePlan.

The Group intends to press ahead with  its commercial development by providing its clients with responsible and innovative financial solutions through quality services, value-added and innovation, including digital, to improve client satisfaction. To this end, the Group is pursuing various digital transformation and operational efficiency initiatives.

Another of the Group's priorities is to instill a performance and accountability culture. To this end, it has set targets to increase its employee engagement score, reduce the gender pay gap and promote diversity in senior leadership roles. The Group has also adjusted its financial reporting principles to embed a culture of greater accountability.

Fully committed to the strategic initiatives it announced in September 2023, the SG Group has set the following main financial targets:

• ●a robust CET1 ratio at 13% in 2026, under the Basel IV regulation;
• ●average annual revenue growth between 0% and 2% over 2022-2026;
• ●increased operational efficiency, with a cost-to-income ratio below 60% in 2026;
• ●cost of risk within the 25-30 basis-point range over 2024-2026;
• ●return on tangible equity (ROTE) between 9 and 10% in 2026;
• ●a Liquidity Coverage Ratio (LCR) of at least 130% and a Net Stable Funding Ratio (NSFR) of at least 112% throughout the cycle;
• ●a non-Performing Loans (NPL) ratio target of 2.5-3% in 2026;
• ●a leverage ratio of 4-4.5% throughout the cycle;
• ●a MREL (Minium Required Eligible Liabilities) ratio equal to at least 30% of risk-weighted assets (RWA) throughout the cycle;
• ●implementation of a sustainable distribution policy based on a payout ratio of 50% of net income(1) with a balanced distribution mix between cash dividends and share buybacks from 2024 onwards.

In a world faced with climate change and environmental challenges, Societe Generale has a vital role to play. As part of its ambition to become a leading, rock-solid and sustainable European bank, ESG is central to its strategic roadmap.

The Group’s ESG strategy is based on four pillars: (1) supporting clients in the environmental transition, (2) contributing to positive local impact, (3) the desire to be a responsible employer and (4) promoting a culture of responsibility in all its business sectors.

Societe Generale has reasserted its aim to support environmental transition by:

• ●setting a new target for contributing to sustainable finance of EUR 500 billion in 2024-2030;
• ●aligning its credit portfolios with trajectories in line with the objectives of the Paris Agreement;
• ●developing innovative solutions and partnerships to prepare for the future.

Having achieved its aim of contributing EUR 300 billion to sustainable finance by 2024, the Group has set a new target of EUR 500 billion between 2024 and 2030. This target, which covers a broader scope, will notably help to increase focus on decarbonization in the highest carbon intensive emission sectors for which the Bank has set objectives.

After reaching significant milestones in reducing its exposure to fossil fuels this year, the Group reaffirms its target of reducing its exposure to upstream oil and gas by 80% by 2030(2) versus 2019. This objective is accompanied by a target of reducing greenhouse gas emissions in the oil and gas sector by 70% across the entire activity chain by 2030 versus 2019.

Work has been completed on aligning corporate credit portfolios in the most carbon intensive sectors, setting targets compatible with the objectives of the Paris Agreement in accordance with the timetable set by the Net Zero Banking Alliance (NZBA), of which the Group is a founding member. Alignment is underway with targets set for 10 sectors, focusing each sector on the part of the value chain most responsible for its emissions.

Societe Generale is  preparing for the future by supporting new market players. This year, the Group initiated the EUR 1 billion envelope announced for the energy transition to support emerging leaders, nature-based and impact solutions (including up to EUR 700 million in equity). An initial investment was made through the acquisition of a majority stake in Reed Management, to form REED, a leader in alternative investment in new actors in the energy transition, water and waste sector. To complete this equity investment offer, Societe Generale has set up a debt envelope of EUR 300 million, now well underway, devoted to financing the new leaders of the transition.

As a responsible employer, Societe Generale’s ambition is to enable each employee, current or future, to achieve his or her full potential within the Group, to offer a fulfilling, adapted and efficient working environment and to promote employee engagement and impact. The Group is deploying its ambitions in terms of diversity, fairness and inclusion with the following objectives: (i) to increase the representation of women in the Group’s management bodies with at least 35% of women leaders in the “Group Leaders Circle” (Top 250) by 2026 and (ii) to reduce the potential pay gap between women and men within the Group by 2026 through the mobilisation of EUR 100 million envelope by the end of 2026.

Another priority for the Group is to further embed a culture of performance and accountability. The Group supports its clients in their transition and integrates ESG issues into the management of its activities. Its ESG roadmap also includes an objective of rigorous management of its impact and risks in line with a strongly rooted culture of responsibility.

The Sustainability Statement published this year in the format provided under the European Corporate Sustainability Reporting Directive (“CSRD”), presents detailed information on the assessment of the impacts, risks and opportunities related to material ESG issues (see Chapter 5 “Sustainability statement”).

In 2024, still marked by a complex and uncertain geopolitical, economic and financial context, the Group delivered strong commercial performances in most of its businesses. The Group’s performance was driven by the recovery in the net interest margin in France and by another year of good results in Global Banking and Investor Solutions. At the same time, the Group maintained disciplined cost management.

The Group also successfully passed key milestones in a number of other strategic projects, notably:

• ●the completion of the merger of the Crédit du Nord and Societe Generale networks with the implementation of a new relationship model, improving the quality of the service provided to individual, business and corporate clients. The savings made as part of the merger are also in line with the objectives;
• ●the accelerated development of the Group’s online bank BoursoBank by consolidating its leading position on the French market with over 7.2 million clients;
• ●the continued integration of LeasePlan into Ayvens, creating a global leader in mobility solutions. 2024 marked significant milestones in the operational integration, which is taking place in line with the initial schedule. From 2025 onwards, the new entity will make the transition to the target business model, including the implementation and stabilisation of IT and operational processes;
• ●the official launch of Bernstein, a joint venture that will create a global leader in equity research and cash equity. With Bernstein, the Societe Generale Group significantly increases its value proposition to offer its clients a full range of global services across the entire equity chain;
• ●the acquisition of 75% of Reed Management, an alternative management company founded by energy investment specialists, which marks the first step in the Group’s one billion-euro investment strategy in the energy transition;
• ●the announcement of planned asset disposals to develop a simplified, more synergistic and efficient model, which generated more than 60 basis points of CET1 gains for the Group.

For the Group, the focus in 2025 will be on fulfilling the strategy laid down and on boosting performance. To this end, the following priorities  have been set:

• ●increase in the commercial performance, in particular relying on the successful deployment of the new operating model in SG network and the continued operational integration of LeasePlan into Ayvens;
• ●management of the business portfolio, including the completion of announced asset disposals;
• ●across the board improvement of operational efficiency, with around EUR 350 million of transformation charges remaining out of the EUR 1 billion announced at Capital Markets Day and for which most will be accounted for in 2025;

• ●consolidation of a solid liquidity profile and a high capital ratio with limited organic growth in RWA;
• ●optimisation of the Group’s use of scarce resources and balance-sheet by continuing to develop our asset-light model notably in Global Banking;
• ●maintain disciplined risk management;
• ●continue momentum when rolling out our ESG initiatives and strategies.

From a financial perspective, the Group has set the following targets for 2025:

• ●in 2025, the Group is expected to benefit from increased revenues (excluding impact of disposals) that are above 3% relative to 2024;
• ●costs are expected to decrease in 2025 by more thant -1%  vs. 2024, excluding disposal effects;
• ●the cost-to-income ratio is also expected to improve in 2025 to a level of less than 66%;
• ●the  net cost of risk is anticipated between 25 and 30 basis points in 2025;
• ●the Group aims to maintain a CET1 ratio above 13% post Basel IV throughout 2025;
• ●finally, ROTE for the Group is expected to improve in 2025 to more than 8%.

The Board of Directors approved the distribution policy for the 2024 tax year, aiming to distribute EUR 2.18 per share(3), equivalent to EUR 1.7 billion, of which EUR 872 million in share buy-backs. A cash dividend of EUR 1.09 will be proposed at the General Meeting of Shareholders as at 20 May 2025. The dividend will be detached on 26 May 2025 and paid out on 28 May 2025.

The French Retail Banking (SG Network and BoursoBank), Private Banking and Insurance businesses fall within the same pillar to optimise synergies between these business lines so as to offer a wide range of products and services tailored  to the needs of a diversified client base – Individual, Business and Corporate clients, as well as non-profit organisations and Municipal Councils – who seek varied expertise.

2024 was marked by:

• ●the large-scale deployment of the new operating and relational model of our Retail Banking activities in France under the SG brand name following the successful merger of the Crédit du Nord and Societe Generale networks;
• ●pursuing BoursoBank’s development strategy, exceeding the 7 million customer mark in 2024 and leader in France in its three businesses: online banking, online brokerage and online financial information;
• ●solid commercial and financial performances from the Private Banking and Insurance businesses that provide further continuum in our offers with clients in the Retail Banking networks.

Our networks continue to support the economy and our clients in financing of their projects despite a decrease in average outstanding loans, down from EUR 234 billion in 2023 to EUR 226 billion in 2024, in a context of elevated interest rates. At the same time and in the face of keen competition particularly in the corporate segment, deposit outstandings increased by +1% to EUR 298 billion at the end of December 2024. 

The Societe Generale network in France  develops Retail Banking activities under the SG brandname.

A global bank focused on three domestic market segments: Individual, Business and Corporate clients & NGOs, the SG network offers solutions adapted to the needs of nearly 9 million clients, thanks to:

• ●a comprehensive and diversified range of products and services (day-to-day banking, savings management, financing, methods of payment, etc.);
• ●a comprehensive and innovative omnichannel system (Internet, mobile, landline);
• ●around 1,400 branches for its Individual and Business clients.

As the leader of non-mutual players, SG Bank is ranked among the top players on the market in the “high-end” and “corporate” segments.

In 2024, the Group successfully completed the merger of the Crédit du Nord and Societe Generale networks.

The year was marked by the large-scale deployment of our new operational and relational model:

• ●a bank with local roots in 11 regions, including a national brandname - “SG” - with 10 regional brandnames;
• ●a responsive, accessible and efficient bank thanks to more decisions made at the regional level to increase speed of action and customer satisfaction;
• ●a bank that adapts to the specific needs of each client profile, offering differentiated expertise and services according to each customer segment;
• ●a responsible bank: sustainable development is central to the strategy of the SG network.

At end of 2024, with 28,000 employees, average outstandings amounted to EUR 194 billion for loans and EUR 232 billion for deposits.

Boursorama, a fully-owned subsidiary of Societe Generale, is a pioneer and leader in France in its three main businesses: online banking, online brokerage and online financial information (boursorama.com is ranked No. 1 for economic and financial news).

Accessible to all, regardless of income levels and financial assets, BoursoBank’s purpose is to simplify banking, give its users purchasing power and enable them to manage their finances.

BoursoBank had more than 7 million clients at the end of 2024, a further increase of more than 20% over the year. The business has therefore grown ten-fold in 10 years. This growth is accompanied by an increase in the bank’s overall assets under management of +EUR 9.1 billion over the year, for a total of more than EUR 82 billion at the end of December 2024.

2024 was marked by:

• ●the reach of 7.2 million clients by the end of the year with a new target set at more than 8 million clients by end of 2025;
• ●profitability achieved for the second consecutive year;
• ●the launch of a new BoursoBank brandname platform: “The bank we want to recommend (for ourselves)”.

In addition, BoursoBank continued to enhance its product and service offering in 2024:

• ●launch of two new offers devoted to meeting two customer targets: BoursoBusiness for Businesses (solely owned and one-person businesses) and BoursoFirst for wealthy clients;
• ●gradual transition from a Web and mobile based bank to a fully mobile bank;
• ●entry into the Artificial Intelligence era with the deployment of several use cases that strengthen BoursoBank’s specific operating model.

Ranked the lowest-cost bank for the 17th consecutive year (source Le Monde/Panorabanque – December 2024), BoursoBank continues to obtain the best Net Promoter Score in the sector at +46 (Source Bain et Cie, 2024). Its online portal, www.boursorama.com, is consistently ranked the No. 1 national website for online financial and economic information with ~100 million visits each month (Source ACPM – 2024).

In general, BoursoBank continues to attract a young, urban, active and financially stable client base. 

Societe Generale Private Banking offers global financial engineering and wealth management solutions, in addition to global expertise in structured products, hedge funds, mutual funds, private equity funds and real estate investment solutions. It also offers clients access to capital markets.

Societe Generale Private Banking’s offer is available from three main geographical centres: SGPB France, SGPB Europe (Luxembourg, Monaco, Switzerland) and Kleinwort Hambros (London, Jersey, Guernsey, Gibraltar). At the end of 2024, Private Banking held EUR 154 billion in assets under management.

As part of its strategic roadmap, Societe Generale has signed agreements with UBP (a Swiss bank specialising in wealth and asset management), with a view to the sale of SG Kleinwort Hambros and Societe Generale Private Banking Switzerland based in London and Geneva. The disposal of Societe Generale Private Banking Switzerland was completed in January 2025. The sale of SG Kleinwort Hambros will be finalised in 2025.

Societe Generale Private Banking intends to pursue its development strategy by relying on its leading entities in France and abroad, in Luxembourg and Monaco to support its wealthy clients thanks to its expertise and recognised services.

SGPB Private Banking will also be able to rely on Societe Generale Investment Solutions (formerly Weath Investment Solutions) to position itself as a recognised architect of financial savings solutions and become a key market player. This true One-Stop-Shop offering consolidates the management and structuring skills offered by Investment Management Services, the Market Solutions teams in charge of market solutions and the management entities (located in France(5) and Luxembourg(6)).

The Societe Generale Assurances business is a lynchpin in the Societe Generale Group’s development strategy, in synergy with its retail banking, private banking and financial services businesses. Societe Generale Assurances is also pursuing  the expansion of its distribution model through the development of external partnerships.

Societe Generale Assurances offers a full range of products and services to meet the needs of Individual, Business and Corporate clients in life insurance savings, retirement savings, personal protection and non-life insurance businesses.

Leveraging the expertise of its 3,000 employees, Societe Generale Assurances combines financial strength with dynamic innovation and a sustainable development strategy so as to be a trusted partner for its clients. Gross premiums stood at EUR 18.3 billion in 2024, with the share of unit-linked (UL) funds totalling 32%. Outstandings in life insurance investment savings reached a record level of EUR 146 billion at end-2024, up by 7%, of which UL funds accounted for 40%. In protection (personal and non-life insurance), the activity grew by +4% compared to 2023. 

In 2024, Societe Generale Assurances continued to diversify its distribution model, which is a proven high-potential growth driver in life insurance savings and personal protection, in synergy with the Group’s other businesses, such as BoursoBank, CGI and with external partners.

As a prominent player on the retirement savings market in France, Societe Generale Assurances offers cross-business products to meet the needs of individual clients, corporate clients and their employees through customised solutions, simple and easy-to-use digital pathways, innovative and tailor-made services and bespoke assistance.

Societe Generale Assurances’ financial solidity was confirmed by the success of a second external financing operation by Sogécap totalling EUR 600 million, which was significantly oversubscribed and strengthened the quality of Societe Generale Assurances’ long-term prudential capital.

Societe Generale Assurances actively endorses a policy to strengthen its Corporate Social Responsibility (CSR) commitments, vowing to make it a differentiating factor in its strategy. It has divided its policy into three areas: Being a Responsible Insurer, Being a Responsible Investor and Being a Responsible Employer.

Definitions and details of methods used are provided on page  2.3.6 and on subsequent pages.

Information marked by an asterisk (*) indicates adjustments made for changes in Group structure and at constant exchange rates.

Over 2024, net banking income for the Group increased by +6.7% vs. 2023.

Revenues in French Retail, Private Banking and Insurance rose by +7.5% relative to 2023, mainly due to a rebound of net interest income (+20.9% vs. 2023).

In Global Banking and Investor Solutions, revenues reached a record(1) level of EUR 10,122 million in 2024, up +5.0% vs. 2023, driven by a strong momentum across businesses. Global Markets and Investor Services expanded by +4.5% vs. 2023 owing to strong market activities, mainly on equities. The Financing and Advisory business posted high revenues of EUR 3,566 million in 2024, up by +5.8% vs. 2023.

Over the year, revenues in Mobility, International Retail Banking and Financial Services were stable at -0.6% vs. 2023 on the back of stable activity levels both in International Retail Banking (-0.7%) despite various disposals closed in 2024, mainly subsidiaries in Morocco and Madagascar, and in Mobility and Financial Services activities (-0.4%) including non-recurring items in 2023.

Over 2024, revenues for the Corporate Centre totalled EUR -450 million in 2024 compared with EUR -1,098 million in 2023.

In 2024, operating expenses totalled EUR 18,472 million, slightly down by -0.3% vs. 2023, thanks from rigorous cost management of the Group. The cost-to-income ratio stood at 69.0% (vs. 73.8% in 2023), a level below the target <71% for 2024.

Over 2024, the cost of risk totalled 26 basis points, at the lower end of 2024 guidance set between 25 and 30 basis points.

The Group’s provisions on performing loans amounted to EUR 3,119(2) million, down EUR -453 million relative to 31 December 2023, notably linked to application of IFRS 5 accounting norms on assets held for sale.

The non-performing loan ratio was 2.81%(3) as of 31 December 2024. The net coverage ratio on the Group’s non-performing loans stood at 81%(4) as of 31 December 2024 (after taking into account guarantees and collateral).

As of 31 December 2024, the Group sharply reduced its offshore exposure to Russia to around EUR 0.5 billion of EAD (Exposure at Default) compared with EUR 0.9 billion as at 31 December 2023 (~-45%). The maximum risk exposure on this portfolio is estimated below EUR 0.1 billion before provision. 

Operating income totalled EUR 6,786 million in 2024 compared with EUR 5,555 million in 2023, strongly up (+22.2%) driven by high positive jaws with revenues up by 6.7% and stable costs.

The Group net income for 2024 totalled EUR 4.2 billion, representing ROTE of 6.9%, above 2024 guidance >6%.

As at end of December 2024, the Group's capital position is solid with a CET1 ratio of 13.3%, above 2024 guidance >13%.

The Board of Directors approved the distribution policy for the 2024 fiscal year, aiming to distribute EUR 2.18 per share, equivalent to EUR 1,740 million, of which EUR 872 million in share buyback(5). A cash dividend of EUR 1.09 per share will be proposed at the General Meeting of Shareholders on 20 May 2025. The dividend will be detached on 26 May 2025 and paid out on 28 May 2025.

Societe Generale and IFC, a member of the World Bank Group, have signed a Collaboration Framework Agreement to accelerate on sustainable finance in developing countries, as part of both institutions’ shared ambition to contribute to the UN Sustainable Development Goals (SDGs) and strong commitment to the environmental transition and Sustainability.

As part of this agreement, the two institutions aim to further develop wide-ranging financing solutions such as project co-financings or risk sharing agreements, contributing to private sector mobilization in support of the climate transition. In particular, the agreement will support sustainable finance projects to facilitate access to clean energy, water and other infrastructure and to foster sustainable agribusiness, as well as the financing of projects empowering women entrepreneurs in small and medium sized enterprises (SMEs). Societe Generale and IFC will also share approaches and expertise on methodologies and frameworks aimed at measuring and monitoring impact.

This new Collaboration Framework Agreement builds on a longstanding partnership, solid cooperation track record, as well as a joint commitment towards the SDGs and rigorous environmental, social and governance (ESG) standards. Over the last 10 years, the two institutions have co-financed about 60 transactions with other partners, representing more than US$20 billion in new investment flows into developing countries. IFC has also provided approximately US$ 1.3 billion in financing to Societe Generale, e.g. to enable the scaling up of green vehicle fleets.

This partnership will draw on the complementary strengths of the two institutions. Societe Generale will bring its leading expertise in structured finance and ESG, its ability to distribute assets to investors and its global reach. IFC will leverage its experience as the largest global development institution focused on the private sector in developing countries, including its balance sheet strength and in-depth knowledge of developing economies.

Slawomir Krupa, Chief Executive Officer of Societe Generale, comments:

“I am delighted to strengthen our cooperation with IFC with the signing of this Partnership Framework Agreement, building on solid relationships between our institutions established over time. By joining forces, our ambition is to increase our contribution to sustainable projects in developing countries, in relation with the UN Sustainable Development Goals. As part of our strategic plan and ESG commitments, developing partnerships with the most relevant stakeholders helps us design the best solutions to address the challenges of the environmental transition and the need for sustainable infrastructures in developing countries.”

Makhtar Diop, Managing Director, IFC, says:

“This agreement will deepen the long-standing relationship between IFC and Societe Generale, allowing us to work together to deploy scalable private sector investments in emerging markets. We look forward to an enhanced partnership to provide the critical financing needed for projects with a transformative impact on people and local economies.”

The objective of the Group’s financial policy is to optimise the use of shareholders’ equity in order to maximise short- and long-term return for shareholders, while maintaining a level of capital ratios (Common Equity Tier 1, Tier 1 and Total Capital ratios) consistent with the market status of Societe Generale and the Group’s target rating. 

Since 2010, the Group has launched a major realignment programme, strengthening capital and focusing on the rigorous management of scarce resources (capital and liquidity) and proactive risk management in order to apply the regulatory changes related to the implementation of Basel 3 regulations.

Group shareholders’ equity totalled EUR 70.3 billion at 31 December 2024. Net asset value per share was EUR 75.0 and net tangible asset value per share was EUR 66.1 using the new methodology disclosed in Chapter 2 of this Universal Registration Document, on page  2.3.6. 

Total equity includes EUR 10.5 billion in deeply subordinated notes.

As at 31 December 2024, Societe Generale held, directly or indirectly, 3.8 millions of Societe Generale shares, representing 0.48% of the capital (excluding shares held for trading purposes). 

Under the liquidity contract implemented on 22 August 2011 with an external investment services provider, Societe Generale acquired 3,652,102 shares in 2024, with a value of EUR 87.8 million and sold 3,652,102 shares with a value of EUR 87.9 million. The liquidity contract was temporarily suspended from 27 May to 25 June 2024 when during the share buyback period.

The information concerning the Group’s capital and shareholding structure is available in Chapter 7 of this Universal Registration Document (p  Share, share capital and legal information).

The group maintained a targeted acquisition and disposal policy, in line with its strategy focused on its core businesses and the management of scarce resources.

Ongoing investments will be financed using the Group’s usual sources of funding.

The gross book value of the Societe Generale group’s tangible operating fixed assets amounts to EUR 83.9 billion as of 31 December 2024. This comprises land and buildings (EUR 5.1 billion), right of use (EUR 3.7 billion), assets leased by specialised financing companies (EUR 69.2 billion), investment property (EUR 0.7 billion) mainly related to insurance activities) and other tangible assets (EUR 5.2 billion).

The net book value of the tangible operating assets and investment property amounts to EUR 58.0 billion, representing only 3.7% of the consolidated balance sheet as of 31 December 2024. 

Owing to the nature of the businesses of Societe Generale, property and equipment are not material at Group level.

None.

Since the end of the last financial period, no significant change in the financial performance of the Group occurred other than those described in the present Universal Registration Document filed with the AMF on 12 March 2025.

The article L. 511-45 of the Monetary and Financial Code modified by Order No. 2014-158 of 20 February 2014, require credit institutions to communicate information about the locations and activities of their entities included in their consolidation scope, in each State or territory

Societe Generale publishes below the information relative to staff and the financial information by countries or territories.

The list of locations is published in the Note 8.4 of the notes to the consolidated financial statements.

The list of geographic locations is published in Note 8.4 of consolidated financial statements.

The Board of Directors discussed the Bank’s purpose in 2019 following the introduction of French Act No. 2019‑486 on 22 May 2019, referred to as the Pacte Law and defined it with the following wording  “Building together, with our clients, a better and sustainable future through responsible and innovative financial solutions”. From a formal standpoint, it was decided not to include the purpose in the By‑laws. However, at its Extraordinary General Meeting of 2020, Societe Generale modified its By‑laws to specify that the Board determines the Company’s strategy and supervises its implementation in accordance with its corporate interests, taking into account the social and environmental stakes of its activity (see Chapter 5). In May 2021, the first sentence of the preamble of the Board of Directors’ internal rules was also modified to take account of this change.

(As of 1 January 2025)

The composition of the Board of Directors is presented on page  Composition of the Board of Directors, changes in 2024 of the present document. The internal rules of the Board of Directors, which define the Board of Directors’ powers, are provided in this Universal Registration Document, on pages  3.3. The Board of Directors’ work is presented on pages  The Board of Directors' work.

The composition of General Management and of the Executive Committee is presented in the relevant sections of this report (see pages  3.1.3 - Presentation of General Management officers and  Group Executive Committee).

The Group’s Cross-functional and Risk Committees and the main Business Committees are indicated in section 3.1.4 on page  Main Committees.

The powers of the Board of Directors and of its various Committees, along with the report on their work, are presented on pages  The Board of Directors' work and subsequent pages, and notably cover:

• ●Role of the Chairman and report on his activities, p. Role of Chairman of the Board of Directors;
• ●Audit and Internal Control Committee, p. AUDIT AND INTERNAL CONTROL COMMITTEE;
• ●Risk Committee, p. Risk Committee;
• ●Compensation Committee, p. Compensation Committee;
• ●Nomination and Corportate Government Committees p. Nomination and Corporate Governance Committee.

In addition, the non-voting Director’s role and a report on his activities appear on p. Non-voting Director.

On 15 January 2015, the Board of Directors decided, in accordance with Article L. 511-58 of the French Monetary and Financial Code (Code monétaire et financier), that the offices of Chairman and Chief Executive Officer would be separated following the Shareholders’ Meeting of 19 May 2015. As of that date, Mr Lorenzo Bini Smaghi became Chairman of the Board of Directors, and Mr Frédéric Oudéa remained Chief Executive Officer until the General Meeting of 23 May 2023. Mr Lorenzo Bini Smaghi was reappointed Chairman of the Board of Directors, following the renewal of his term of office as a Director at the Annual General Meeting held on 17 May 2022, for a term equal to that of his term of office as a Director, i.e., until the Annual General Meeting called to approve the financial statements for the 2025 financial year.

On 23 May 2023, the Board of Directors appointed Mr. Slawomir Krupa as Chief Executive Officer, following his appointment as a Director by the General Meeting of 23 May 2023.

Mr Slawomir Krupa was assisted until 1 November 2024 by two Deputy Chief Executive Officers, Mr Pierre Palmieri and Mr Philippe Aymerich: On the proposal of the Chief Executive Officer, the Board of Directors met on 30 October 2024 approved the reduction of the number of corporate officers of the General Management to two members (Mr Slawomir Krupa, Chief Executive Officer and Mr Pierre Palmieri, Deputy Chief Executive Officer) as of 1 November 2024, with Mr Philippe Aymerich’s term of office as Deputy Chief Executive Officer having thus ended on 31 October 2024.

Societe Generale refers to the AFEP-MEDEF Corporate Governance Code for listed companies (hereinafter the “AFEP-MEDEF Code”). The document is available on the https://hcge.fr website. In accordance with the “comply or explain” principle, Societe Generale states that it applies all recommendations from the AFEP-MEDEF Code, with the exception of recommendation 23.1 governing the termination of a Chief Executive Officer’s employment contract due to this exceptional length of service with the Company (24 years) and the related benefits (described on page  Suspension of the Chief Executive Officer’s employment contract and related rights)

A set of internal rules and procedures amended on 5 February 2025 (hereinafter referred to as the “internal rules and procedures”) governs the functioning of the Board of Directors and its Committees. The Company’s internal rules are in the Universal Registration Document on pages  3.3 and the Company’s By-laws appear in Chapter 7.4 “Rules” of the Universal Registration Document.

Annual General Meeting for the approval of the financial statements for the year ended 31 December 2024

This is a free translation into English of the Statutory Auditors’ special report on related party agreements issued in French and is provided solely for the convenience of English-speaking readers. This report should be read in conjunction with, and construed in accordance with, French law and professional auditing standards applicable in France.

Société Générale
29, Boulevard Haussmann
75009 Paris, France

To the Shareholders,

In our capacity as Statutory Auditors of Société Générale, we hereby report to you on related party agreements.

It is our responsibility to report to shareholders, based on the information provided to us, on the main terms and conditions of agreements that have been disclosed to us or that we may have identified as part of our engagement, as well as the reasons given as to why they are beneficial for the Company, without commenting on their relevance or substance or identifying any undisclosed agreements. Under the provisions of Article R.225-31 of the French Commercial Code (Code de commerce), it is the responsibility of the shareholders to determine whether the agreements are appropriate and should be approved.

Where applicable, it is also our responsibility to provide shareholders with the information required by Article R.225-31 of the French Commercial Code in relation to the implementation during the year of agreements already approved by the Annual General Meeting.

We performed the procedures that we deemed necessary in accordance with professional standards applicable in France to such engagements.

We were not informed of any agreements authorised and entered into during the year to be submitted for the approval of the Annual General Meeting pursuant to the provisions of Article L.225-38 of the French Commercial Code.

(Amended on 5 February 2025)

This English translation is for the convenience of English-speaking readers. However, only the French text has any legal value. Consequently, the translation may not be relied upon to bring any legal claim, nor should it be used as the basis of any legal opinion. Societe Generale expressly disclaims all liability for any inaccuracy herein.

The Board of Directors collectively represents all shareholders and acts in the corporate interest of Societe Generale (the “Company”), considering the social and environmental stakes of its activity. Each Director, regardless of the manner in which he/she was appointed, must act in the Company’s corporate interest in all circumstances.

Societe Generale applies the AFEP-MEDEF corporate governance code for listed companies.

As a credit institution listed on a regulated market, Societe Generale is subject to the provisions of the regulations, directives and other European texts applicables to the banking and financial sectors, the French Commercial Code ("code de commerce"), the French Monetary and Financial Code ("code monétaire et financier") and the recommendations or guidelines of the European Banking Authority (the “EBA”) included in national law, the French Prudential Supervisory and Resolution Authority ("Autorité de Contrôle Prudentiel et de Résolution" – “ACPR”) and the Autorité des Marchés Financiers (the “AMF”).

The purpose of these Internal Rules is to define the Board of Directors’ organisation and operating procedures and to specify the rights and duties of its members (the “Internal Rules”).

The Board of Directors ensures that Societe Generale has a solid governance system including, in particular, a clear organisation with shared responsibilities in a well-defined, transparent and consistent manner, effective procedures for the detection, management, monitoring and reporting of risks to which the Company is or could be exposed, an adequate internal control system, sound administrative and accounting procedures and compensation policies and practices enabling and promoting sound and effective risk management.

This section identifies the main risk factors which the Group estimates could have a significant impact on its business activities, profitability, solvency or  ability to raise finance.

Societe Generale has updated its risk typology as part of its internal risk management structure. For the purposes of this section, the different  risks  have been grouped into six main categories (4.1.1 to 4.1.6), in accordance with Article 16 of the Regulation (EU) 2017/1129, also known as “Prospectus 3” regulation of 14 June 2017 according to the main risk factors that the Group estimates could impact the risk categories. Risk factors are presented based on an evaluation of their materiality, with the most material risks indicated first within each category.

The diagram below groups the different risks into six categories and identifies the main impacting risk factors.

As a global financial institution, the Group’s activities are sensitive to changes in financial markets and economic conditions in Europe, the United States and elsewhere around the world. The Group generates 41% of its business in France (in terms of net banking income for the financial year ended 31 December 2024), 36% in Europe, 9% in the Americas and 14% in the rest of the world. The Group could face significant worsening of market and economic conditions in particular resulting from crises affecting capital or credit markets, liquidity constraints, regional or global recessions and fluctuations in commodity prices, notably oil and natural gas. Other factors could lead to such deteriorations, such as variations in currency exchange rates or interest rates, inflation or deflation, rating downgrades, restructuring or defaults of sovereign or private debt, adverse geopolitical events (including acts of terrorism and military conflicts), or cybercrime risks. The rapid development of Artificial Intelligence carries risks of fraud and of obsolescence of various technologies.

Plans to ease financial regulations in the United States and the United Kingdom could result in a loss of competitiveness in the Eurozone financial sector. In addition, a health crisis or the emergence of new pandemics similar to Covid-19 cannot be ruled out, nor can unforeseen events or natural disasters.

Such events, which can develop quickly and whose impacts may not have been sufficiently anticipated and hedged, could impact the Group’s operating environment for short or extended periods and have a material adverse impact on its financial position on the market, the cost of risk and its results.

The economic and financial environment is exposed to growing geopolitical risks. The war in Ukraine, which began in February 2022, is causing severe tensions between Russia and Western countries, potentially impacting global growth, raw materials prices, as well as the economic and financial sanctions that have been imposed on Russia by numerous countries, particularly in Europe and the United States. The war between Israel and Hamas, which began in October 2023, as well as tensions with Iran and in the Middle East in general, could have similar impacts or contribute to existing ones.

In the United States, a significant shift in economic policy is expected following the outcome of the recent presidential election, with a more protectionist stance. In France, political uncertainties and government instability due to the lack of a parliamentary majority could be a source of further financial and social tensions. In the medium term, the fragmentation of the European political landscape could undermine the coordination of policies linked to defence and energy  transition as well as the banking and capital markets union.

In Asia, relations between the US and China, China and Taiwan and between China and the European Union are fraught with geopolitical and trade tensions, the relocation and offshoring of  production sites and the risk of technological breakthroughs.

A context of raised interest rates and sluggish economic growth could have an impact on the valuation of equities, and interest rate-sensitive sectors such as real estate are adjusting, notably in Europe. The US Federal Reserve (Fed) and the European Central Bank (ECB) are expected to maintain relatively tight monetary conditions, even though they have begun a rate-cutting cycle, in line with declining inflation.

These risks and uncertainties could cause high volatility on the financial markets and a significant drop in the price of certain financial assets, potentially leading to payment defaults, with consequences that are difficult to anticipate for the Group.

Considering these uncertainties in terms of their duration and scale, these disruptions could significantly impact the activities and profitability of certain Group counterparties in 2025.

In the longer term, the energy transition to a “low-carbon economy” could adversely impact fossil energy producers, energy-intensive sectors of activity and the countries that depend on them.

Ayvens was created following the merger between ALD and LeasePlan in 2023. As a result, the automotive sector now represents an important exposure for the Group. It is currently undergoing major strategic transformations, including environmental (growing share of electric vehicles), technological, as well as competitive (arrival of Asian manufacturers in Europe on the electric vehicles market), the consequences of which could entail major risks for the Group’s financial results and the value of its assets.

The Group’s results are therefore dependant on economic, financial, political and geopolitical conditions prevailing on the main markets in which the Group operates.

During its Capital Markets Day, the Group presented its strategic plan:

• ●to be a rock-solid bank by streamlining  business portfolios, leveraging capital allocation and utilization, improving operational efficiency and continuing to apply its best-in-class risk management model;
• ●to develop high-performance sustainable businesses: excel at what the Group does best, be a leader in ESG and foster a culture of performance and accountability.

Under its strategic plan, the Group has set the following financial targets:

• ●a robust CET1 ratio of 13% in 2026 after the implementation of Basel IV;
• ●average annual revenue growth of between 0% and 2% over the 2022-2026 period;
• ●an improved operating efficiency, with a cost-to-income ratio lower than 60% in 2026 and ROTE of between 9% and 10% in 2026;
• ●a distribution rate of 50% of reported net income(1), applicable from 2024.

In addition, the Group has announced financial targets for 2025 that are consistent with the targets for 2026:

• ●a solid CET1 ratio superior to 13% throughout 2025 post Basel IV throughout 2025;
• ●revenue growth of at least 3% in 2025 compared to 2024 (excluding assets sold);
• ●decrease in costs above -1% vs. 2024 (excluding sold assets);
• ●improved operating efficiency, with a cost-to-income ratio below 66% in 2025 and a ROTE of more than 8% in 2025;
• ●a solid asset portfolio, with a controlled cost of risk of between 25 and 30 base points in 2025.

Furthermore, Societe Generale has placed Environmental, Social and Governance (ESG) at the heart of its strategy in order to contribute to positive transformations in the environment and the development of local regions. In this respect, the Group made new commitments during its Capital Market Day on 18 September 2023 such as:

• ●an 80% reduction in upstream Oil & Gas exposure by 2030 vs. 2019; with a 50% reduction by 2025;
• ●a EUR 1 billion transition investment fund to accelerate the development of energy transition solutions and nature-based, high-impact projects that contribute to the UN’s Sustainable Development Goals.

In line with this strategy, the Group is fully committed to achieving its on-going strategic milestones, notably:

• ●the Group’s “Vision 2025” project involves a review of the network of branches resulting from the merger of Crédit du Nord and Societe Generale. The year 2024 saw controlled execution in terms of deployment of the new relational and operational model. The realisation of the social trajectory is also on track. However, the merger has had, among other exogenous factors, a negative impact on the sales performance of the French networks in 2024, and could continue to weaken the Group’s position with some of its clients, resulting in loss of revenue;
• ●Mobility and Financial Services are leveraging the creation of Ayvens following the ALD/LeasePlan merger to be a world leader in the mobility ecosystem. However, 2024 was a transitional period, with the implementation of gradual integrations. From 2025 onwards, the new entity will make the transition to the target business model, including the implementation and stabilisation of IT and operational processes. If the integration plan is not carried out as expected or within the planned schedule, this could have adverse effects on Ayvens, particularly by generating additional costs, or by reducing the synergies expected from 2025 onwards.

The joint venture between Bernstein and AllianceBernstein in cash equity and equity research activities was finalised on 2 April 2024 and the capital impact was -6 basis points on CET1 ratio at Q2 24. This transaction is fully aligned with the strategic priorities of the Group’s Global Banking and Investor Solutions franchise.

In 2024 the Group announced a series of divestments under its strategic roadmap aimed at shaping a simplified, more synergised and efficient model, while strengthening the Group’s capital base.

The finalisation of agreements on such strategic transactions depends on several stakeholders and is hence subject to the usual conditions precedent, as well as to the approval by the relevant financial and regulatory authorities. More generally, any major difficulties encountered in implementing the main levers for executing the strategic plan, notably in simplifying business portfolios, allocating and using capital efficiently, improving operating efficiency and managing risks to the highest standards, could potentially weigh on Societe Generale’s share price.

In addition, on 5 April 2024, the Group announced a plan to restructure its head office in France in order to simplify its operations and structurally improve its operating efficiency. Consultation with employee representative bodies took place in the second quarter of 2024, and the implementation of these organizational changes has resulted in around 900 job cuts at head office without forced departures (i.e. around 5% of head office headcount). This project is fully in line with the Group’s operating efficiency objective, with expected gross savings of EUR 1.7 billion by 2026 vs. 2022.

Failure to meet these commitments, and those that the Group may make in the future, could entail legal risks and risks to its reputation. Furthermore, the rollout of these commitments may have an impact on the Group’s business model. Finally, failure to make specific commitments, particularly in the event of changes in market practices, could also generate reputation and strategic risks.

The Group is governed by the laws of the jurisdictions in the countries and territories where it operates. This includes French, European and US legislation as well as other local laws and regulations that govern its cross-border activities. The application of existing laws and the implementation of future legislation require significant resources that could impact the Group’s performance. In addition, possible failure to comply with laws could lead to fines, damage to the Group’s reputation and public image, the suspension of its operations and, in extreme cases, the withdrawal of operating licences.

Among the laws and regulations that could have a significant influence on the Group:

• ●several regulatory changes are still likely to significantly alter the framework for Market activities:
• (i) the increase in transparency on the implementation of the new requirements and investor protection measures: review of MiFID II/MiFIR, whose final versions were published in the EU’s Official Journal in March 2024 and the implementation texts of which are currently being finalised, the Insurance Distribution Directive (IDD), the European Long-Term Investment Fund Regulation (ELTIF), (ii) the implementation of the fundamental review of the trading book, or FRTB planed for the first quarter of 2026, which may significantly increase requirements applicable to European banks, (iii) possible relocations of clearing activities could be requested despite the European Commission’s decision of 8 February 2022 to extend the equivalence granted to UK central counterparties until 30 June 2025, (iv) the European Commission’s proposal to amend the regulation on benchmarks (European Parliament and EU Council, Regulation (EU) No. 2016/1011, 8 June 2016) with possible changes in scope and charges and (v) the review of the Market Abuse ((EU) n°596/2014 of 16 April 2014) and Prospectus ((EU) 2017/1129 of 14 June 2017) Regulations, under the Listing Act, which came into force on 4 December 2024, it being specified that many provisions are subject to differed application (15, 18 or 24 months following entry into force), (vi) the adoption of new obligations as part of the review of the EMIR regulation (EMIR 3.0); in particular, the obligation for active account funding in a European Union central counterparty, the information requirements for clearing service providers vis-à-vis their clients, the authorization regime for initial margin models, simplification of the conditions for clearing and bilateral margining exemptions for intra-group OTC derivatives transactions, new requirements for entities subject to the reporting obligation to put in place appropriate procedures and systems to guarantee the quality of the data they report;

• ●the Retail Investment Strategy (RIS) presented by the European Commission on 24 May 2023, aimed at prioritising the interests of retail investors and strengthening their confidence in the EU Capital Markets Union, including measures to regulate commission retrocessions in the case of non-advised transactions and to introduce a value-for-money test for investment products;
• ●the Commission’s proposal of 28 June 2023 for a regulation on the establishment of the digital euro, accompanying the initiatives taken by the ECB in this field;
• ●the signature by the Presidents of the European Parliament and European Council, on 21 May 2024, of the regulation on Artificial Intelligence (AI Act), which establishes rules on artificial intelligence systems applicable in all economic sectors, and incorporates a risk-based approach. This regulation will be fully applicable 24 months after its enactment on 1 August 2024. As an exception, six months after its entry into force, the prohibition of certain prohibited artificial intelligence systems will become applicable, and 12 months after its entry into force, the obligations for general-purpose artificial intelligence will come into force;
• ●the proposed Financial Data Access Regulation (FIDA) which, in conjunction with the proposed Payment Services Directive (PSD3) and the proposed Payment Services Regulation (PSR), aims to (i) tackle the risk of fraud and improve client choice and confidence in payments, (ii) improve the functioning of the Open Banking and Open Finance sectors, (iii) increase harmonization of the implementation and execution of payments and the regulation of e-money, and (iv) improve access to payment systems and bank accounts for non-banking Payment Service Providers (PSPs);
• ●the enhancement of data quality and tightening of protection requirements and extending cyber-resilience requirements following the adoption by the Council on 28 November 2022 of the European Directive and regulation package on digital operational resilience for the financial sector (DORA), applicable since 17 January 2025. Added to this is the transposition of the NIS 2 Directive (Network and Information Security Directive, published in the Official Journal of the EU on 27 December 2022), which extends the scope of application of the initial NIS Directive;
• ●the implementation of European regulatory frameworks related to due diligence under the so-called “CS3D” Directive proposal (Corporate Sustainability Due Diligence Directive, which was adopted by the Council on 24 May 2024), as well as to sustainable finance including the regulation on European green bonds, with an increase in non-financial reporting obligations, particularly under the CSRD Directive (Corporate Sustainability Reporting Directive), enhanced inclusion of environmental, social and governance issues in risk management activities and the inclusion of such risks in the supervisory review and assessment process (Supervisory Review and Evaluation Process, or SREP);
• ●new obligations arising from the Basel Committee’s proposed reform of banking regulations (the final text of Basel 3, also called Basel 4). The Regulation (EU) no. 575/2013 of 31 May 2024 (CRR3) which entered into force on 9 July 2024 and is applicable since 1 January 2025, together with the Directive (EU) 2024/1619 of 31 May 2024 (CRD6), constitute the texts implementing the reform in Europe;
• ●the European Commission’s initiative, published on 18 April 2023, aimed at tightening the framework for bank crisis management and deposit insurance (CMDI). This proposal, which was adopted in April 2024 by the plenary session of the European Parliament, could lead to a wider use of the guarantee and resolution funds and thus increase the likelihood of having to bail out these funds in the future;
• ●since 2023, the “Interest Rate Risk in the Banking Portfolio” (IRRBB) guidelines published by the European Banking Authority in October 2022 have applied:
  • -since 30 June 2023 for the IRRBB part,
  • -since 31 December 2023 for the “Credit Spread Risk arising from non-trading Portfolio Activities” (CSRBB) section, requiring banks to calculate and manage the impact of a change in Credit Spread on the Bank’s value and revenues,
  • -for supervisory outlier tests (SOTs), which include a measurement and monitoring of the sensitivity of the Net Interest Income in value and revenue streams, and became mandatory on a quarterly basis from 30 June 2024 – a requirement already implemented by the Group since 2023,
  • -for the production of new detailed reports on IRRBB and CSRBB risks, produced and sent to the regulator (ITS and STE) since 31 December 2023;
• ●new obligations arising from European regulations adopted in June 2024 harmonising and strengthening rules on combating money laundering and the financing of terrorism within the EU, which will enter into force from July 2027, as well as creating a new European agency to combat money laundering, which will be based in Frankfurt and start operating from summer 2025;
• ●the adoption of Regulation (EU) 2023/886 of 13 March 2024, making instant euro payments fully available in the EU and EEA countries, which came into force on 9 January 2025. Among other things, this regulation excludes the screening of instant transfers in euros against European sanction lists, in order to limit the number of rejections, and provides for checks to be carried out at least once every calendar day after any new financial restrictive measure comes into force.

The Group is also subject to complex tax rules in the countries where it operates. Changes in applicable tax rules, uncertainty regarding the interpretation of certain evolutions or their impacts may have a negative impact on the Group’s business, financial position and costs.

Moreover, as an international bank that handles transactions with US nationals and denominated in US dollars, or involving US financial institutions, the Group is subject to US regulations relating in particular to compliance with economic sanctions, the fight against corruption and market abuse. More generally, in the context of agreements with US and French authorities, the Group largely implemented, through a dedicated programme and a specific organisation, corrective actions to address identified deficiencies and strengthen its compliance programme. In the event of a failure to comply with relevant US regulations, or a breach of the Group’s commitments under these agreements, the Group could be exposed to the risk of (i) administrative sanctions, including fines, suspension of access to US markets, and even withdrawals of banking licences, (ii) criminal proceedings, and (iii) damage to its reputation.

Given its international reach, the Group faces intense competition in the international and local markets in which it operates, from banking or non-banking operators alike. As such, the Group is exposed to the risk of not being able to maintain or develop its market share in its various activities. This competition may also lead to pressure on margins, which would be detrimental to the profitability of the Group’s activities.

Consolidation in the financial services sector could result in competitors bolstering their capital, resources and an ability to offer a broader range of financial services. In France and in the other main markets where the Group operates, the presence of multiple domestic banking and financial operators as well as new market participants (notably neo-banks and online financial service-providers) has increased competition for virtually all products and services offered by the Group. New market participants such as “fintechs” and new services that are automated, scalable and based on new technologies (such as blockchain) are developing rapidly and are radically changing the relationship between consumers and financial services providers, as well as the function of traditional retail bank networks. Competition with these new operators may be exacerbated by the emergence of substitutes for central bank currency (crypto-currencies, digital central bank currency, etc.), which themselves carry risks.

Moreover, competition has increase following the emergence of non-banking operators that, in some cases, may benefit from a regulatory framework that is more flexible and less demanding in terms of equity capital requirements.

Faced with these challenges, the Group has implemented a strategy, notably the development of digital technologies and the creation of commercial or equity partnerships with these new operators. In this context, the Group may have to make additional investments to be able to offer new innovative services and compete with these new operators. Tougher competition could, however, adversely impact the Group’s business and results, both on the French market and internationally.

Directive 2014/59/EU of the European Parliament and of the Council of the European Union of 15 May 2014 (BRRD) establishing a framework for the recovery and resolution of credit institutions and Regulation (EU) No. 806/2014 of the European Parliament and of the Council of the European Union of 15 July 2014 (the Single Resolution Mechanism, or “SRM”) define, respectively, a European Union-wide framework and a Banking Union-wide framework for the recovery and resolution of credit institutions and investment firms. The BRRD provides the authorities with a set of tools to intervene early and quickly enough in an institution considered to be failing so as to ensure the continuity of the institution’s essential financial and economic functions while reducing the impact of the failure of an institution on the economy and the financial system (including exposure of taxpayers to the consequences of the failure). Within the Banking Union, under the SRM Regulation, a centralised resolution authority is established and entrusted to the SRB and national resolution authorities.

The powers granted to the resolution authority under the BRRD and the SRM Regulations include write-down/conversion powers to ensure that capital instruments and eligible liabilities absorb the Group’s losses and recapitalise it in accordance with an established order of priority (the “Bail-in Mechanism”). Subject to certain exceptions, losses are borne first by the shareholders and then by the holders of additional Tier 1 and Tier 2 capital instruments, then by the non-preferred senior debt holders and finally by the senior preferred debt holders, all in the order of their claims in a normal insolvency proceeding. The conditions for resolution provided by the French Monetary and Financial Code implementing the BRRD are deemed to be met if: (i) the resolution authority or the competent supervisory authority determines that the institution is failing or likely to fail; (ii) there is no reasonable perspective that any measure other than a resolution measure could prevent the failure within a reasonable timeframe; and (iii) a resolution measure is necessary to achieve the resolutions’ objectives (in particular, ensuring the continuity of critical functions, avoiding a significant negative impact on the financial system, protecting public funds by minimising the recourse to extraordinary public financial support, and protecting clients’ funds and assets) and the winding-up of the institution under normal insolvency proceedings would not meet these objectives to the same extent.

The resolution authority could also, independently of a resolution measure or in combination with a resolution measure, proceed with the write-down or conversion of all or part of the Group’s capital instruments (including subordinated debt instruments) into Common Equity Tier 1 (CET1) instruments if it determines that the Group will no longer be viable unless it exercises this write-down or conversion power or if the Group requires extraordinary public financial support (except where the extraordinary public financial support is provided in the form defined in Article L. 613-48 III, paragraph 3 of the French Monetary and Financial Code). 

The Bail-in Mechanism could result in the write-down or conversion of capital instruments in whole or in part into ordinary shares or other ownership instruments.

In addition to the Bail-in mechanism, the BRRD provides the resolution authority with broader powers to implement other resolution measures with respect to institutions that meet the resolution requirements, which may include (without limitation) the sale of the institution’s business segments, the establishment of a bridge institution, the splitting of assets, the replacement or substitution of the institution as debtor of debt securities, changing the terms of the debt securities (including changing the maturity and/or amount of interest payable and/or the imposition of a temporary suspension of payments), the dismissal of management, the appointment of a provisional administrator and the suspension of the listing and admission to trading of financial instruments.

Before undertaking any resolution action, including the implementation of the Bail-in Mechanism, or exercising the power to write down or convert relevant capital instruments, the resolution authority must ensure that a fair, prudent and realistic valuation of the institution’s assets and liabilities is made by a third party independent of any public authority.

The application of measures under the French implementing provisions of the BRRD or any suggestion of such application to the Group could have a material adverse impact on the Group’s ability to meet its obligations under its financial instrument and, as a result, holders of these securities could lose their entire investment.

In addition, if the Group’s financial situation worsens, the existence of the Bail-in Mechanism or the exercise of write-down or conversion powers or any other resolution tool by the resolution authority (independently of or in combination with a resolution) if it determines that Societe Generale or its Group will no longer be viable could result in a more rapid decline in the value of the Group’s financial instruments than in the absence of such powers.

Environmental, social and governance (ESG) risks are defined as risks stemming from the current or prospective impacts of ESG factors on counterparties, invested assets of financial institutions or on its own operations. ESG risks are seen as potentially aggravating factors to the traditional categories of risks (including credit risk, counterparty risk, market risk, non-financial risks, structural risks, business and strategy risks, and other types and factors of risk). ESG risks are therefore likely to impact the Group’s activities, results and financial position in the short, medium and long-term.

The Group is consequently exposed to environmental risks, including climate change risks, through certain of its financing, investment and service activities.

The Group could be exposed to physical risk resulting from a deterioration in the credit quality of its counterparties whose activity could be negatively impacted by extreme climatic events or long-term gradual changes in climate, and through a decrease in the value of collateral received (particularly in the context of real estate financing in the absence of guarantee mechanisms provided by specialised financing companies). The Group could also be exposed to transition risk through the deterioration in the credit quality of its counterparties impacted by issues related to the process of transitioning to a low-carbon economy, linked for example to regulatory changes, technological disruptions or changes in consumer preferences.

Beyond the risks related to climate change, risks more generally related to environmental damage (such as the risk of loss of biodiversity, water resources or pollution) are also potentially aggravating factors to the Group’s risks. The Group could notably be exposed to credit risk on a portion of its portfolio, on back of lower profitability of some of its counterparties due, for example, to increasing legal and operating costs (due to the implementation of new environmental standards).

In addition, the Group is exposed to social risks, related for example to non-compliance by some of its counterparties with labour laws regarding their employees,  occupational health and safety issues, or consumer laws which may entail or exaccerbate reputational and credit risks at the Group level.

Similarly, governance related risks as implemented by the Group’s counterparties and stakeholders (suppliers, service-providers), such as an inadequate management of environmental and social issues, could generate credit and reputational risks for the Group.

Beyond the risks related to its counterparties or invested assets, the Group could also be exposed to risks related to its own activities. Hence, the Group is exposed to physical climate risk through certain of its activities in regions impacted by extreme climatic events (flooding, etc.).

The Group also remains exposed to specific social and governance risks, relating for example to the operational cost of implementation of regulations (in particular related to labour laws) and the management of its human resources.

All of these risks could potentially impact the Group’s core businesses, operating results and reputation in the short, medium and long term.

For more details on ESG risks refer to the chap 5-  CORPORATE SOCIAL RESPONSiBILITY section of the 2025 Universal Registration Document, in particular sections 5.1.3.2 “Description of the processes to identify and assess material IROs”, 5.3.5 “Climate Risk management”, 5.4.2 “Consumers and end-users” and 5.5.2 “Management of material risks related to business conduct”.

Because of its international activities, the Group is exposed to the aggravating factor of country risks.

A country risk arises whenever an exposure (receivables, securities, guarantees, derivatives) is likely to be adversely impacted by changes in the country’s regulatory, political, economic, social or financial conditions.

Strictly speaking, the concept of country risk refers to political and non-transfer risk, which includes the risk of non-payment resulting either from acts or measures taken by the local public authorities (e.g. decision by the local authorities to prohibit the debtor from fulfilling its commitments, nationalisation, expropriation or non-convertibility), or from internal (riot, civil war, etc.) or external (war, terrorism, etc.) events.

More broadly, a deterioration in the ranking of a given country, in its sovereign credit rating or business activities can entail a commercial risk, with a particular deterioration in the credit quality of all counterparties in a given country as a result of an economic or financial crisis in the country, irrespective of the specific financial situation of each counterparty. This could be the result of a macroeconomic shock (sharp slowdown in activity, systemic crisis in the banking system, etc.), a currency devaluation or a sovereign default on its external debt, possibly leading to other defaults.

The risk management framework is based on a three-pronged organization and comprehensive comitology, notably at the level of the Management Board and General Management, to cover all risks. It is based on the definition and monitoring of a risk appetite and the assessment of risks through the conduct of stress tests in acccordance with a defined framework and principles.

Audited I Risk management is one of the foundations of the banking business and Societe Generale group pays particular attention to it. Societe Generale Group has a robust organisation to manage all the risks to which it is exposed. It is based on three lines of defence and on the dissemination of a risk culture at all levels, in all geographies and in all business lines.

The risk management, which is managed at the highest level, is carried out in compliance with the regulations in force, in particular the order of 3 November 2014 revised by the order of 25 February 2021 on the internal control of companies in the banking sector, payment services and investment services sector subject to the supervision of the French Prudential Supervisory and Resolution Authority (Autorité de Contrôle Prudentiel et de Résolution – ACPR) and the finalised European Basel 3 Regulations (Capital Requirements Regulation/Capital Requirements Directive – CRR/CRD).

The Board of Directors and General Management ensure a well-defined division of labor within the Group and the definition and implementation of an effective risk management framework. The Group is organised according to a three-line model of defence, with responsibilities defined and separated in accordance with applicable regulations and guidelines as well as industry best practices.

The business lines (the Group BUs and SUs), which are the first line of defence, take risks and are responsible for their operational management directly and permanently. The BUs and SUs are primarily responsible for risk assessment, control and supervision within their respective scopes and have appropriate processes and controls in place to ensure that risks are kept within the limits of the risk appetite and that business activities are in line with external and internal requirements.

The Finance Department (DFIN) coordinates the Finance Management Function and is responsible for the Group’s financial management, oversight and production. DFIN also ensures that performance indicators and financial information are given a coherent overview.

The Group General Secretariat (SEGL) is tasked with, under its terms of reference, protecting the bank in order to promote its development. It assists the General Management on the subject of the Group’s governance. In addition it manages the Group’s overall security, together with the GCOO Service Unit in respect of IT systems security, of information systems and designs and implements the risk insurance policy for the entire Group and its staff. It oversees public affairs and institutional relations/advocacy initiatives within the Societe Generale group.

The Group Human Resources Division (HRCO) is responsible for defining and implementing the Group’s Human Capital policy in line with the Group’s overall strategy. HRCO is responsible for the management and supervision of Societe Generale's entire Human Resources (HR) sector. As a partner of the business lines and it is a key player in the Group’s transformation.

The Group Chief Operating Office (GCOO) manages the Group's resources, supports the digital transformation and contributes to the development of the Group's operational efficiency.

The Sustainable Development Division which reports to the General Management, assists the Deputy Chief Executive Officer in charge of the whole ESG policies and their effective translation into the business lines and functions trajectories. It supports the Group ESG transformation to make it a major competitive advantage, in the business development as well as in the ESG (Environmental & Social & Governance) risks management.

The main aim of the Risk Management Department (RISQ) is to contribute to the definition of the strategy and the sustainable development of the Societe Generale Group’s activities and profitability. To this end, the Risk Management Function (i) proposes to the General Management and the Board of Directors, and with the contribution of the Finance Department, the Group's risk appetite based on its independent analysis of all existing and potential risks; (ii) is involved in all important risk management decisions through an effective challenge; (iii) defines, implements, and monitors the effectiveness of an holistic, relevant and robust risk management framework, validated by the Board of Directors, to ensure the compliance with risk appetite and to provide the General Management and the Board of Directors with an independent analysis and advice on group-wide and holistic view of all the existing and forecasted risks the Group is facing; (iv) proposes adjustment and corrective measures, if necessary.

In particular, the Risk Management Function, as an independent second line of defence, contributes to the embedment of a risk culture by reporting a holistic view of risks and how they are managed, and ensuring that Business Units and Services Units are aware of their risks and the risk appetite in which they must operate.

The Risk Division reports to the Group's Chief Executive Officer.

According to EBA’s guidelines on internal governance and French regulations, the non-compliance risk is defined as being the risk of judicial, administrative or disciplinary sanctions, significant financial loss or reputational damage resulting from non-compliance with provisions specific to banking and financial sectors. Its main missions are to i) ensure that all risks of non-compliance are identified and that the Group complies with all regulatory and supervisory obligations, ii) assess the impact of regulatory and legal changes on the Group’s activities and the compliance framework, iii) advise and inform the General Management and the Board of Directors on the risks of non-compliance.

THE THIRD LINE OF DEFENCE (LoD3) is provided by the General Inspection & Audit Division (IGAD), which includes Internal Audit and General Inspection. Strictly independent from the business lines as well as permanent control, it carries out a periodic control mission.

The SG Group manages risks under a system of governance through committees that report to the Board of Directors and to General Management.

• ●The Board of Directors approves the policies implemented by the control functions (risk appetite, compliance policy, audit charter, audit plan, etc.). It approves the overall strategy and appetite for management of all kinds of risks and monitors their implementation. To this end, it shall approve and regularly review strategies and policies governing the taking, management, monitoring and reduction of risks to which the Group is or may be exposed. The Board is also informed through the Risk Committee on the main risks incurred by the business and significant incidents revealed by the internal control and risk management systems. It ensures the effectiveness of the corrective measures taken in the event of failures.
• ●The Risk Committee (CdR) advises the Board of Directors on the overall strategy and the appetite regarding all kinds of risks, to which the bank is or is likely to be exposed, and assists the Board in monitoring the implementation of this strategy.
• ●The Board of Directors’ Audit and Internal Control Committee (CACI) ensures the proper functioning of the internal risk control systems.

In terms of risk management, bank’s executive committee, is responsible for assisting the General Management is ensuring that the Group has an efficient risks management framework in place and for supervising and monitoring this. This committee validates the Risk Appetite Statement (RAS) before submitting it to the Societe Generale Board of Directors.

Chaired by the General Management, the Committees responsible for central oversight of internal control and risk management are as follows:

• ●the Group Risk Committee (Group CORISQ), approves the Group’s main cross-cutting risk management tools, in particular the Group’s risk taxonomy, risk identification, risk appetite framework (RAF) and stress testing. It is also tasked with developing risk appetite for credit, counterparty, market, operational, model, ESG(7) and Country risk factors within the group’s business lines;
• ●along with the Risks Committee, the Large Exposures Committee (CGR), is an ad hoc Committee, responsible for approving the sales and marketing strategy and risk appetite with regard to the major client groups (Corporates, Insurance Companies and Asset Managers);
• ●the Finance Group Committee (COFI) is responsible for Societe Generale Group’s financial strategy and for steering Societe Generale Group’s strategic financial targets;
• ●the Group Assets and Liabilities Management Committee (ALCO),is responsible for the management of SG Group’s structural risks;
• ●the Group Provisions Committee (COPRO), aims to present and validate the Group’s net cost of risk (impairment and provisions for credit risk) that will be record for the quarter in question;
• ●the Group Internal Control Coordination Committee (GICCC) ensures the consistency and effectiveness of the Group’s internal controls, in particular in as laid down in Article 16 of the amended French Order of 3 November 2014;
• ●the Responsible Commitments Committee (CORESP), deals with any subject falling within the Group’s environmental and social remits, or with any other subject having an impact on the Group’s responsibility or reputation and not already covered by an existing Executive Management Committee;
• ●the Compliance Committee (COMCO), reviews the risks of non-compliance, the main issues and defines the Group’s compliance principles and ensures the annual monitoring of the quality of the Sanctions & Embargoes risk management system; ▲
• ●the Group Information Systems Committee (“ISCO”), chaired by the CEO, is responsible for SG Group’s Information System (“IS”) strategy and for steering SG Group’s strategic IS targets;
• ●the Data Quality and Aggregation Strategy Committee, chaired by a Deputy Chief Executive Officer, oversees initiatives and makes decisions on the Group’s data, metrics, and reports quality.

According to the findings of last census carried out on 31 December 2024, the full-time equivalent (FTE) workforce of:

• ●the Group’s Risk Department for the second line of defence represents approximately 4,176 FTEs (1,818 within the Group’s Risk Department itself and 2,358 for the rest of the Risk function);
• ●the Compliance Department or the second line of defence represents approximately 2,785 FTEs;
• ●the Information System Security Department totals approximately 632 FTEs.

The Group’s risk measurement systems serve as the basis for the production of internal Management Reports allowing the monitoring of the Group’s main risks (credit risk, counterparty, market, operational, liquidity, structural, settlement/delivery) as well as the monitoring of compliance with the regulatory requirements.

Thus, the risk reports intended for the management bodies are guided in particular by the following principles:

• ●coverage of all significant risks;

• ●combination of a global and holistic view of risks and a more in-depth analysis of the different types of risk;
• ●overview supplemented by focus on certain specific scopes, forward-looking elements (based in particular on the presentation of elements on the evolution of the macroeconomic context) and elements on emerging risks;
• ●balance between quantitative data and qualitative comments.

For all the risk monitoring Committees listed above (at senior management or Board level), dedicated reporting is provided to ensure comprehensive monitoring of the risks covered by these Committees.

Although these reports are used at the Group level to monitor and review the Group’s risk profile in a holistic manner, further reports are provided to the Executive Board or senior management to monitor and control specific types of risk. Ad hoc reporting can also be done.

In accordance with the modified French Decree of 3 November 2014, the Group has implemented an internal control framework for SG SA and the Group’s entities included in the scope of application. The Board of Directors and the executive officers are jointly responsible for the governance of internal control. General Management establishes and presents to the Board of Directors a series of control processes and frameworks corresponding to the risk strategy approved by said Board in connection with the risk appetite. It oversees the implementation and impactiveness thereof.

The Audit and Internal Control Committee reports to the Board of Directors. It is responsible for preparing the decisions of the Board in respect of internal control supervision.

As part of their remit, the General Management and Risks Division submits reports to the Audit and Internal Control Committee on the internal control of the Group. The Committee monitors the implementation of remediation plans when it considers the risk level to be justified.

Internal control is based on a body of standards and procedures.

All SG Group activities are governed by the rules and procedures contained in documents collectively referred to  as the “Standard Guidelines” and are included in SG's Code, which:

• ●set out the rules for action and conduct applicable to Group staff;
• ●define the structures of the businesses and the sharing of roles and responsibilities;
• ●describe the management rules and internal procedures specific to each business and activity.

The Societe Generale Code groups together the standard guidelines which, in particular:

• ●define the governance of the SG Group, the structures and duties of its Business Units and Services Units, as well as the operating principles of the cross-business systems and processes (Codes of Conduct, charters, etc.);
• ●lay down the operating framework of an activity and the management principles and rules applicable to products and services rendered, and also define internal procedures.

The Societe Generale Code has force of law within the Group and falls under the responsibility of the Group Corporate Secretary.

By their very nature, risks take different forms and evolve over time. They exist in all business processes and activities. They need to be managed and controlled, as part of a global, dynamic framework focused on prevention, and integrated at all levels of the organisation as part of the Bank’s day-to-day management. The internal control framework is key to this approach. Such framework is made up of all methods used to ensure that the operations carried out and the organisation and procedures implemented comply with:

• ●legal and regulatory provisions;
• ●professional and ethical practices;
• ●internal rules and guidelines defined by the Board of Directors.

In particular, the internal control framework aims to:

• ●prevent malfunctions;
• ●assess the risks involved, and exercise sufficient control to ensure they are managed;
• ●ensure the adequacy and impactiveness of internal processes, particularly those which help safeguard assets;
• ●detect irregularities;
• ●guarantee the reliability, integrity and availability of financial and management information; and
• ●check the quality of information and communication systems.

The internal control framework is designed to limit risk to an acceptable level. Its implementation must therefore be managed in line with the risk appetite.

The SG Group’s internal control framework is based on the following fundamentals:

• ●the completeness of the scope of controls, which concern all risk types and apply to all the Group’s entities;
• ●the individual responsibility of each employee and each manager in managing the risks they take or supervise, and in overseeing the operations they handle or are responsible for;
• ●the responsibility of the second line of defence services (LOD2), defined below, in light of their expertise and independence, in defining the control needs of so-called normative controls – with the support of the first line of defence services (LOD1), defined below, in their respective areas of expertise if necessary – reviewing the control results, and reporting on a consolidated risk overview;
• ●the exercise of level 2 permanent control by the independent control teams, in particular through the RISQ/CTL, CPLE/CTL, DFIN/CTL Departments;
• ●the proportionality of controls to the magnitude of the risks involved;
• ●the independence of internal audit and the independence of the second line of defence vis-à-vis the core businesses.

The three lines of defense model is the model advocated by the Basel Committee and the EBA for assigning responsibilities for internal control and risk management framework within a financial institution. This model is broken down at Societe Generale as follows:

• ●the “Internal audit”, represented by the General Inspection and the Audit (IGAD), is the third line of defense;
• ●the second line of defense is composed by the compliance function and the risk management function;
• ●the first line of defense is made up of the other BUs and SUs.

The level 1 permanent controls, carried out in the context of operations within the BUs and the SUs, ensure the security and quality of trades and operations. These controls are defined as a set of provisions constantly implemented to ensure, at the operational level, the regularity, validity, and security of the operations carried out.

The level 1 of permanent controls consists of:

• ●any combination of actions and/or frameworks that may limit the probability of a risk occurring or reduce its consequences for the Company: these include controls carried out on a regular and permanent basis by businesses or by automated systems during trades processing, automated or non-automated security rules and controls that are part of the transaction processing, or controls included in operational procedures. Organisational frameworks (e.g., separation of functions) or governance, training actions, when they directly contribute to controlling certain risks, also fall into this category;
• ●controls carried out by managers: line managers control the correct functioning of the frameworks under their responsibility. As such, they are obliged to apply formal procedures on a regular basis to ensure that employees comply with rules and procedures and that Level 1 controls are carried out impactively.

In order to coordinate the operational risk management and the level 1 permanent control framework, the BU/SU deploy a specific department so-called CORO for Controls & Operational Risks Office function (Operational Risks Controls and Management Department).

The level 2 permanent controls are designed to  ensure that the Level 1 controls are effective:

• ●the defined scope includes all permanent Level 1 controls, including managerial supervision controls and controls carried out by dedicated teams;
• ●this review and these verifications aim to give an opinion on (i) the impactiveness of Level 1 controls, (ii) the quality of their implementation, (iii) their relevance (including, in terms of risk prevention), (iv) the definition of their modus operandi, (v) the relevance of remediation plans implemented following the detection of anomalies, and the quality of their follow-up, and thus contribute to the evaluation of the impactiveness of Level 1 controls.

The Level 2 permanent control is carried out by teams independent from the operationals.

These controls are performed centrally by dedicated teams within Risk Service Unit (RISQ/CTL), Compliance Service Unit (CPLE/CTL) and Finance Service Unit (DFIN/CTL) and locally by the second-level control teams within the BU/SUs or entities.

The internal audit function is performed by the General Inspection and Internal Audit Service Unit (“IGAD”) under the responsibility of the Group’s General Inspector.

The SG Group’s internal audit function constitutes the third line of defense and provides assurance over the impactiveness of the systems of internal control It is strictly independent of the core businesses, Support Units and other internal control functions.

The internal audit function performed by IGAD, defined in accordance with IIA (Institute of Internal Auditors) standards has the role to provide independent, objective, reliable and timely assurance to the Audit and Internal Control Committee, SG Group Management, and, where applicable, external auditors and regulators over the impactiveness of controls, risk management, and governance activities to mitigate risk and enhance the control culture within the Group.

IGAD’s scope of operations includes Societe Generale SA and all Group entities excluding entities where the Group holds a minority interest, irrespective of level of influence of SG Management over entity activities and decisions except where such a participation is likely to have a significant impact on the Group’s risk profile. All Group activities, operations and processes without exception may be the subject of a mission led by IGAD.

Outsourced activities also fall within the scope of the internal audit function, according to the appropriate provisions of the contract between the Group or one of its legal entities and the external provider of the outsourced activities.

The Group’s General Inspector reports directly to the Group’s Chief Executive Officer.

He meets regularly with the Chairman of the Board of Directors. The Internal Rules of the Board of Directors provide that the General Inspector shall report to the Board of Directors on his mission on the basis of presentations made beforehand to the Audit and Internal Control Committee. He presents the audit and inspection plans approved by the Group’s Chief Executive Officer for validation to the Board of Directors, after review by the Audit and Internal Control Committee.

The General Inspector is a permanent member of the Audit and Internal Control Committee, to which he regularly presents a summary of the activity of IGAD as well as the review of the follow-up of the implementation of the recommendations issued by both the Audit and the General Inspection and the supervisors. The General Inspector is also a permanent member of the Risk Committee. He may be heard on any subject by these Committees at their request or on its initiative.

Finally, pursuant to the Board of Directors’ internal rules, the General Inspector may, if necessary, in the event of an actual or potential deterioration of risks, report to the Board of Directors, directly or through the Audit and Internal Control Committee, without referring to the Executive Managers.

In order to achieve its objectives, the General Inspection and Internal Audit Service Unit is provided with appropriate resources, proportionate to the challenges, both in terms of quality and quantity. In total, it comprises around 875 employees based at the Group’s head office, subsidiaries or branches (France and abroad).

The IGAD Service Unit is a hierarchically integrated unit. The General Inspection Department, based at headquarters, operates throughout the Group. The Internal Audit Departments are each responsible for a defined scope of activities or risks. Whether located at headquarters or within entities (branches or subsidiaries), the audit teams are all attached to the IGAD Service Unit. Thanks to a matrix organisation, the main cross-cutting topics at Group level are covered.

The General Inspection and Internal Audit Departments carry out their work from missions. In addition to the missions listed in its tour plan, the General Inspection may be asked to carry out specific studies or contribute to “due diligence” reviews in the event of the acquisition or disposal of entities or activities by the Group. This work is governed by procedures ensuring that the Inspection Department cannot subsequently find itself in a conflict-of-interest situation.

The General Inspection and Internal Audit Departments draw up their respective audit plans based on a risk-based approach. Internal Audit combines this approach with the requirement to comply with a five-year audit cycle and determines the frequency of its interventions according to the level of risk of the scopes to be audited. While the General Inspection Department is not required to comply with an audit cycle, its work is considered for the compliance with the audit cycle.

The General Inspection and Internal Audit Departments are also involved in monitoring the implementation of supervisors’ recommendations as part of their independent positioning within the Group.

As required by international standards governing  internal controls and audits, IGAD is subject to independent external certification by IFACI (French Institute of Audit and Internal Control).

RISQ/NFR is tasked with permanent control framework and internal control coordination and contributes to the Risk Management Framework (RMF) of the Group. In such respect, it liaises with the Service Units in charge of second-level permanent control (DFIN, RISQ, CPLE), the Heads of first-level permanent control within the Business Units and Service Units, and the General Inspection & Audit Service Unit (IGAD) at all times.

The Group ICCC, Pillar ICCCs and BU/SU ICCCs work with each other to form the internal control coordination framework at Societe Generale.

The BU ICCCs and PICCCs form an integrated framework in which the first, besides their role as the oversight bodies for internal control at BU/SUs and subsidiary, contribute to the efficiency of annual PICCC reviews by leaving the PICCC free to prioritise issues requiring special attention. The BU ICCC will have to be positioned approximately six months later than the date of the PICCC so as to ensure that the BU has two major periods of review of the Permanent Control system and Internal Control Coordination per year.

BU ICCCs are the basic vehicles through which the Heads of BU/SU and subsidiary carry out their permanent control duties. In this context the dossiers are archived in full and the whole scope is documented.

The PICCC, for its part, takes a double approach: supervision of the correct exercise of control by the responsible services and in-depth consideration of special watchpoints.

Audited I Since January 2014, Societe Generale has been applied the new Basel III regulations implemented in the European Union under the terms of the relevant CRR Regulation and CRD Directive.

The general framework defined by Basel III is structured around three pillars:

• ●Pillar 1 sets the minimum solvency, leverage and liquidity requirements and defines the rules that banks must use to measure risks and calculate the related capital requirements, according to standard or more advanced methods;
• ●Pillar 2 concerns the discretionary supervision implemented by the competent supervisory authority, which allows it – through constant dialogue with the credit institutions it supervises – to assess the capital adequacy calculated in accordance with Pillar 1 and to calibrate additional capital requirements taking into account all the risks faced by these institutions;
• ●Pillar 3 promotes market discipline by developing a set of reporting requirements, both quantitative and qualitative, that enable market participants to better assess the capital, risk exposure, risk assessment procedures and hence the capital adequacy of a given institution.

Several amendments to European regulatory standards were adopted in May 2019 (CRR2/CRD5). The majority of the provisions came into impact in June 2021.

These amendments manly concern:

• ●Leverage ratio: the minimum requirement of 3% to which is added since January 2023, 50% of the buffer required as a systemic institution;
• ●Derivatives counterparty risk  (SA-CCR (2)): the “SA-CCR” method is the Basel method replacing the old CEM (3) method for determining the prudential exposure to derivatives in the standardised approach;
• ●Large Exposure: the main change is the calculation of the regulatory limit (25%) on Tier 1 capital (instead of total capital), as well as the introduction of a specific cross-limit on systemic institutions (15%).

TLAC: the ratio requirement for G-SIBs is introduced in CRR. In accordance with to the Basel text, G-SIBs must comply with an amount of capital and eligible debts equal to the highest between 18% + risk-weighted assets buffers and 6.75% leverage from 2022.

In December 2017, the Group of Central Bank Governors and Heads of Banking Supervision (GHOS), which oversees the Basel Committee on Banking Supervision, approved regulatory reforms to complement Basel III.

The transposition into European law of the finalisation of Basel III in the CRR3 and CRD6 texts was completed through publication in the EU Official Journal in June 2024. The new rules will be applicable mainly from 1 January 2025.

One of the main novelties is the introduction of a global output floor: the Group’s Risk-Weighted Assets (RWA) will be subject to a floor corresponding to a percentage of the standard method (credit, market and operational). The output floor level will gradually increase from 50% in 2025 to 72.5% in 2030.

Regarding FRTB, for the Standard Approach (SA-Standard Approach), the reporting has been effective since the third quarter of 2021. The full implementation of FRTB, including the rules on the boundary between the banking and trading book, should be aligned with the entry into force of CRR3. Nevertheless, the European legislators reserve the right to postpone this application (up to 2 years) depending on how it is applied in other jurisdictions (in particular in the US). ▲

Audited I Business Units and entities translate the principles laid out in this section as necessary into credit policies, which must comply with all the following rules:

• ●the credit policy that defines lending criteria and, usually, limits on risk-taking by sector, type of loan, country/geographic area or by customer/customer segment. These rules are defined in particular by the CORISQ and Credit Risk Committees (CRCs) and drawn up in consultation with the Business Units concerned;
• ●the credit policy is in line with the Group's risk management strategy in accordance with its risk appetite validated by the Board of Directors;
• ●credit policies are based on the principle that any commitment involving credit risks depends on: 
  • -in-depth knowledge of the customer and its business,
  • -an understanding of the purpose and nature of the transaction structure as well as sources of income that will generate fund repayment, 
  • -the adequacy of the transaction structure, in order to minimise the risk of loss in the event of counterparty default, 
  • -the analysis and the validation of the files, involving respectively and independently the responsibility of the Primary Customer Responsibility Unit (PCRU-SSC) and the dedicated risk units within the risk management function. In order to ensure a consistent approach in the Group’s risk- taking, this PCRU-SSC and/or risk unit reviews all applications for authorisation relating to a given customer or category of customers (except in the case of credit delegations granted by the PCRU- SSC and RISQ to certain Societe Generale entities), the monitoring being conducted on a consolidated customer basis for all these authorisations. The PCRU-SSC and risk unit must operate independently of each other,
  • -the allocation of a rating or a score, which is a key criterion of the granting policy on the non-retail perimeter. These ratings are validated by the dedicated risk unit. Particular attention is paid to the regular review of these ratings. On retail perimeter, cf infra “Specificities of retail portfolios”,
  • -on the non-retail perimeter, a delegation of authority regime, mainly based on the internal rating of counterparties, provides decision-making authority on the risk units on one hand and the PCRU- SSC on the other,
  • -proactive management and monitoring of counterparties whose situation has deteriorated to contain the risk of loss given a default of a counterparty.

Credit risk is framed through a set of limits that reflect the Group’s risk appetite.

The appetite for credit risk is tracked through credit principles, policies and limits alongside pricing policies, at the group, business unit and business line level:

• ●the projected level of the net cost of risk in the bank’s budget and in the strategic and financial plans over a minimum three-year horizon, based on the central and stressed scenarios. In this regard, special attention is paid to concentration risk and the Societe Generale Group regularly assesses portfolio risk in stress scenarios;
• ●an acceptable level of coverage of credit loss risk per interest margin product, through pricing policies that are differentiated in relation to the degree of risk. ▲

The main aim of the Risk Department is to draw up the document formalising and defining with the Finance Department the Group’s risk appetite, a mechanism aimed at defining the acceptable level of risk given the Group’s strategic objectives.

The Risk Department is responsible for implementing the system to manage and monitor risks, including cross-Group risks. The Risk Department exercises hierarchical and functional oversight of the Risk management function in charge of Group credit risk giving it a comprehensive view of all the Group’s credit risks.

The Risk Department helps define risk policies in light of each core business targets and the associated risk issues. It defines or approves the methods and procedures used to analyse, measure, approve and monitor risks and the risk IT system and makes sure these are appropriate to the core businesses’ needs. As second line of defence, various Risk Departments (for Retail Banking, Corporate and Investment Banking and Market activities) are also in charge of credit risk and as such responsible for the independent control as second line of defence. These consist in independently reviewing and comparing any credit application that exceeds the authority delegated to core businesses or local Risk Department teams. The Risk Department also assesses the quality of first-level credit reviews and takes any remedial action necessary.

Finally, as part of its responsibilities as a second line of defence, the Risk Department carries out permanent controls of credit risks. As such, the Risk Department provides independent control as a second line of defence on the detection and monitoring of the overshoot resolution.

The monthly Risk Monitoring Report presented to CORISQ by the Risk Department comments among others on the evolution of the Group’s credit portfolio and ensures compliance with the guidelines. Changes in the credit portfolio, changes in credit policy validated by CORISQ and respect for the Group’s risk appetite are presented at least quarterly to the Risk Committee of the Board of Directors.

Audited I As part of the quarterly reporting to the Board of Directors and the Risk Committee of the Board of Directors, an overview of the main credit risk metrics supplemented by details on thresholds and limits where applicable is presented. The following metrics are in particular the subject of a presentation with a quarterly history: net cost of risk, NPL rate (non-performing loans), coverage rate, average credit quality of portfolios, corporate outstanding placed under surveillance (watchlist), supervision of corporate exposures by sector of activity, Grands Risques Réglementaires (major regulatory risk exposures), etc.

A monthly report to the Risk Committee of the Board of Directors also provides additional information that involves an overview of the exposure down to a Business Unit/Entity level or more granular level of financing activities. A summary of the CORISQ by theme is also presented, providing recurring details on retail and non-retail perimeters and activities, and on sectoral limits and country risks.

As part of the monthly CORISQ report to the General Management, a summary of the main credit files is presented. Thematic presentations also provide recurring clarifications on certain perimeters and activities. ▲: personal real estate loans, consumer credit, non-retail credit risk, sector limits, country risks, major regulatory risks (Grands Risques Réglementaires), etc.

Audited I Individual and professional portfolios (retail portfolios) have specific features in terms of risk management. This management is based in particular on a statistical approach and on the use of tools and methods in the industrialisation of processes.

The retail portfolio is made up of a sum of exposures of low unit amounts, validated in a partially automated manner, which cumulatively constitute significant outstanding at Group level and therefore a high level of risk.

Given the high number and standardisation of retail clients commitments, there is a need for aggregated monitoring at all levels of the Risk function in charge of credit risk. This mass monitoring of retail customer exposure is based on the use of a statistical risk approach and monitoring by homogeneous risk class or according to other relevant axes (economic sectors for the Professionals for instance).

Under these circumstances, the risk monitoring system for the retail portfolio cannot be totally similar to that dedicated to corporates, both in terms of procedures and tools.

For instance, any change in marketing policy (shortening probationary period on loyalty, delegation of lending decisions to brokers, increase in margin rates, etc.) can have a rapid and massive impact and must therefore be monitored in a system that allows all actors (i) to identify as soon as possible where any deterioration in exposures is coming from and (ii) to take remedial action.

Although IFRS 9 standard authorises a collective approach and the Group has a statistical approach on retail customers for the evaluation of the expected loss, the increase in credit risk for the purposes of the staging is identified on an individual basis for this clientele. The available parameters (operation of accounts and late payments) generally allow for the assessment of the significant increase in credit risk at the level of individual exposure. The collective approach is currently used only in a very small number of instances in the Group.
 

The Risk management function must also support Business Units and subsidiary managers in managing their risks with a view to assessing:

• ●the effectiveness of credit policies;
• ●the quality of the portfolio and its development over the entire life of exposures (from granting to recovery).

Risk Department structures its supervision around the following four processes:

• ●Granting: this decision-making process is mainly automated depending on the nature and complexity of the transactions, and hence the associated risk;
• ●Monitoring: different entities use different systems for granting and managing retail risks systems (scoring, expert systems, rules, etc.) and an appropriate monitoring system must be in place for each to assess the appropriateness of the grant rules applied (notably via monitoring);
• ●Recovery: recovery is an essential step in the life cycle of Retail portfolio credits and makes a decisive contribution to our control of cost of risk. Regardless of the organisation adopted (outsourcing, in-house collection, etc.), the establishment of an effective collection process in place is an essential element of good risk management. It makes a decisive contribution to controlling the cost of risk and limiting the level of our non-performing loans. In case of outsourced debt collection, it must comply with the Group’s regulations governing outsourcing;
• ●Provisioning: impairment and provisions against the retail portfolio are mostly evaluated in a statistical way. They are calculated according to the methodologies and governance methods defined and validated by the Risk Department. ▲

Societe Generale complies with regulations governing large exposures (large regulatory risk exposure limit at 25% of eligible own funds). In addition, the Group has set a more restrictive internal limit of 10% of consolidated equity for exposures on a client group. Since 1st of August 2023, the French High Council for Financial Stability (HCSF) has imposed a supplementary capital requirement (buffer for the systemic sectorial risk) if the Group’s exposure toward highly indebted non-financial French companies exceeds a limit of 5% of its Tier 1 funds.

Internal systems are implemented to identify and manage the risks of individual concentrations, notably at credit origination. For example, concentration thresholds, based upon the internal rating of counterparties, rating of counterparties, are validated by a dedicated Credit Risk Committee. The governance for validating limits on Clients Groups falling under individual concentration monitoring is defined by reference to these thresholds. Exposures to groups of clients which are considered material are reviewed by the Large Exposure Committee (“CGR”), chaired by the General Management or by the Head of the Risk department, depending on the rating category (Investment Grade or not). 

As part of the identification of its risks, the Group also carries out loss simulations by type of customer on significant individual exposures.

The Group uses credit derivatives and insurances to reduce some exposures considered to be overly significant. Furthermore, the Group systematically seeks to share the risk with other banking partners, at origination or through secondary sales, to avoid keeping a too large share in the banking pool, notably for large transactions.

Global country risk limits and/or exposure monitoring are established on the basis of internal ratings and country governance indices (the highest rated countries are not monitored by limits).

The country limits are validated annually by the General Management. They can be revised downwards by the Risk Management Division at any time depending on the deterioration or anticipation of the deterioration of a country’s situation.

The procedure for placing a country under alert can be triggered by the Risk Management Division at any time in the event of a deterioration in the country risk or in anticipation of such a deterioration. In this case, any proposed operation generating risk in this country is systematically subject to prior approval from the Risk Management Division, and any risk delegation is suspended.

The Group regularly reviews its global credit portfolio through periodic or ad hoc studies by economic sectors. Whenever appropriate, the Group frames this exposure through portfolio limits and/or specific credit-granting criteria. The limits are monitored either at General Management level in a dedicated CORISQ, at Risk Division level (Credit Risk Committees, or CRC) or at Business Unit management level, depending on the materiality and risk profile of each portfolio.

In particular, the following credit portfolios are monitored by some Group CORISQ:

• ●the Individual and Professional clients in metropolitan France;
• ●the oil and gas sectors;
• ●the commercial Real Estate sector;
• ●the leveraged finance;
• ●the automotive value chain;
• ●Commodity traders;
• ●financial sponsors;
• ●securitization.

Some sectors/segments (such as aircraft, shipping, banks, private insurers…) not reviewed by a CORISQ are periodically reviewed in a CRC.

Finally, syndication risks are supervised by a CORISQ and subsequently by a dedicated monthly committee.

To capture, monitor and manage the credit risks, the Risk Department performs, with the collaboration of the business lines, some specific stress tests which may relate to a country, a subsidiary or a business. These exercises are based on, on the one hand, some recurring stress tests, related to some portfolios related to some risks, and, on the other hand, some ad hoc stress tests, designed to capture and quantify some specific or emerging risks. With regards to the sectors followed by a CORISQ, these stress tests results are presented to the CORISQ and are used to frame these businesses/activities.

For the Group, ESG risk factors do not constitute a new risk category but represent an aggravating factor of credit risk. Their integration is based on the governance and existing framework and follows a classical approach: Identification, Quantification, Definition of the risk appetite, monitoring, reporting, Control and Mitigation of the risk.

ESG risk management is presented in Chapter 5 “Sustainability statements” of this document., in the State of Sustainability relating to the application of the European CSRD (Corporate Sustainable Reporting Directive).

The elements relating to ESG risk factors are presented in Chapter 5 of this document, in the Sustainability Statement relating to the application of the European CSRD (Corporate Sustainable Reporting Directive). In particular, the elements relating to credit risks are presented in sections  5.1.3 / Impacts, risks and opportunities (IROs);  5.3.5 / Climate Risk Management;  5.4.2 / Consumers and end-users;  5.5.2 / Management of Material risks related to business conduct.

Audited I Counterparty credit risk is framed through a set of limits that reflect the Group’s appetite for risk.

The business development strategy of the Group for market activities is primarily focused on meeting clients’ needs, with a comprehensive range of products and solutions. The counterparty risk resulting from these market activities is strictly managed through a set of limits, in particular stress tests. The Market Risk Department is responsible for the assessment and validation of the limit requests submitted by the different business lines. These limits ensure that the Group complies with the counterparty risk appetite approved by the Board of Directors.

The choice and calibration of these limits ensure the operational transposition of the Group’s counterparty risk appetite through its organisation:

• ●these limits are allocated at various levels of the Group’s structure and/or at the counterparties’ level;
• ●their calibration is determined using a detailed analysis of the risks related to the supervised portfolio. This analysis may include various elements such as market conditions, specifically liquidity, position maneuverability, credit quality of the counterparty, risk/rewards analysis, ESG criteria, etc.
• ●regular reviews make it possible to manage risks according to the prevailing market conditions and the counterparties’ credit quality;
• ●specific limits, or even bans, may be put in place to manage risks for which the Group has limited or no risk appetite.

For its counterparty risk management, the Group uses valuation models as well as models for the calculation of economic or regulatory metrics. The Group implements an appropriate policy for managing the risks inherent in the use of these models.

Societe Generale calculates a stress-testing measure of its counterparty risk to take into account exceptional market disturbances. Counterparty stress tests are a fundamental aspect of risk management. They help design the forward-looking approach needed for strategic and financial planning. The objective of stress tests is to identify and quantify, at the end of the annual risk identification process, all the significant risks to which the Group is exposed and to guide the strategic decisions of the DGLE.

The entire risk control framework is based on standardised measures of counterparty risk, adapted to each type of risk and enabling an assessment to be made at the level of each counterparty, or at an aggregate portfolio level.

Counterparty credit risk management mainly relies on dedicated first and second lines of defence as described below: 

• ●the first lines of defence (LoD1) notably include the business lines that are subject to counterparty credit risk, the Primary Client Responsibility Unit that is in charge of handling the overall relationship with the client and the group to which it belongs, dedicated teams within Global Banking & Advisory and Global Markets Business Units responsible for monitoring and managing the risks within their respective scope of activities;
• ●the Risk Department acts as a second line of defence (LoD2) through the setup of a counterparty credit risk control system, which is based on standardised risk measures, to ensure the permanent and independent monitoring of counterparty credit risks.

The fundamental principles of limit granting policy are:

• ●dedicated LoD1 and LoD2 must be independent of each other;
• ●the Risk Department has a division dedicated to counterparty credit risk management in order to monitor and analyse the overall risks of counterparties whilst taking into account the specificities of counterparties;
• ●a system of delegated authorities, mainly based on the internal rating of counterparties, confers decision-making powers to LoD1 and LoD2;
• ●the limits and internal ratings defined for each counterparty are proposed by LoD1 and validated by the dedicated LoD2(12) (7). The limits may be set individually, at the counterparty level, or globally through framing a (sub)set of counterparties (for example: supervision of stress test exposures).

These limits are subject to annual or ad hoc reviews depending on the needs and changing in market conditions.

A dedicated team within the Risk Department is in charge of production, reporting and controls on risk metrics, namely:

• ●ensuring the completeness and reliability of the risk calculation by taking into account all the transactions booked by the transaction processing department;
• ●producing daily certification and risk indicator analysis reports;
• ●controlling compliance with defined limits, at the frequency of metrics calculation, most often on a daily basis: breaches of limits are reported to Front Office and dedicated LoD2 for remediation actions. 

In addition, a specific monitoring and approval process is implemented for the most sensitive counterparties or the most complex categories of financial instruments.

While not a substitute for CORISQ or for the Risk Committee of the Board of Directors (see the section on Risk management governance), the Counterparty Credit Risk Committee (CCRC) closely monitors counterparty credit risk through:

• ●a global overview on exposure and counterparty credit risk metrics such as the global stress tests, the Potential Future Exposure (PFE), etc., as well as focuses on specific activities such as collateralised financing, or agency business;
• ●dedicated analysis on one or more risks or customer categories or frameworks or in case of identification of emerging risk areas.

This Committee, chaired by the Risk Department on a monthly basis, brings together representatives from the Global Banking and Investment Solutions (GBIS), from the Market Activities and the Global Banking and Advisory Business Units, but also departments that, within the risk management function, are in charge of monitoring counterparty credit risks on market transactions and credit risk. The CCRC also provides an opinion on the changes to the risk frameworks within its authority. The CRCC also identifies key CCR topics that need to be escalated to the management. ▲

The Group frames the replacement risk by limits that are defined by credit analysts and validated by LoD2 based on the Group’s risk appetite.

The limits are defined at the level of each counterparty and then aggregated at the level of each client group, each category of counterparties and finally consolidated at the entire Societe Generale Group portfolio level.

The limits used for managing counterparty credit risk are:

• ●consolidated across all products types authorised with the counterparty;
• ●established by maturity buckets to control future exposure using the Potential Future Exposure (PFE) measure also known as CVaR within Societe Generale;
• ●calibrated according to the credit quality and the nature of the counterparty, the nature/maturity of the financial instruments contemplated (FX transactions, repos transactions, security lending transactions, derivatives, etc.), and the economic understanding, the contractual legal framework agreed and any other risk mitigants.

The Group also considers other measures to monitor replacement risk, notably:

• ●a multifactor stress test on all counterparties, which allows to holistically quantify the potential loss on market activities following market movements which could trigger a wave of defaults on these counterparties;
• ●a set of single-factor stress tests to monitor the general wrong-way risk (see section 4.6.3.3 on Wrong Way Risk).

Audited I In addition to the replacement risk, the CVA (Credit Valuation Adjustment) measures the adjustment of the value of the Group’s derivatives and repos portfolio in order to take into account the credit quality of the counterparties facing the Group (see dedicated section).

Positions taken to hedge the volatility of the CVA (credit, interest rate or equity instruments) are monitored through:

• ●sensitivity limits;
• ●stress test limits: scenarios representative of the market risks impacting the CVA (credit spreads, interest rates, exchange rates and equity) are applied to carry out the stress test on CVA.

The different indicators and the stress tests are monitored on the net amount (the sum of the CVA exposure and of their hedges). ▲

Audited I Clearing of transactions is a common practice for Societe Generale  as part of its market activities (listed and OTC derivatives, repo transactions, securities purchases), on its own behalf and on behalf of its clients.

As a member of the clearing houses with which it operates, the Group contributes to their risk management framework through deposits into the defaults funds, in addition to margin calls.

The counterparty credit risk stemming from the clearing of derivatives and repos with central counterparties (CCP) is subject to a specific framework on:

• ●initial margins;
• ●the Group’s contributions to the CCP default funds (guarantee deposits);

• ●a stress test limit defined to frame the potential loss from a CCP member defaulting. ▲

See table “EAD and RWA on central counterparties” of section 4.6.3.4 “Quantitative Information” for more information.

Audited I Governance and principles for RDL management are the same as for those governing CCR. ▲

Audited I While the primary responsibility for risk management lies with those responsible for the activities of the trading rooms (front office), the supervisory system is based on an independent department within the Risk Department.

In this context, the main missions of this department are:

• ●the definition and proposal of the Group's market risk appetite;
• ●the proposal to the Group Risk Committee (CORISQ) of market limits for each of the Group's activities;
• ●the assessment of all the requests for limits made by the various activities, within the framework of the global authorisations granted by the Board of Directors and the General Management and their level of use;
• ●the permanent verification of the existence of an effective market risk monitoring framework for the activity by appropriate limits;
• ●the coordination of the review by the Risk department of the strategic initiatives of the Market Risk departement;
• ●the definition of the indicators used to monitor market risk;
• ●the daily calculation and certification of risk indicators and the P&L resulting from the Group's market activities, based on formal and secure procedures, as well as the reporting and analysis of these indicators;
• ●the daily monitoring of compliance with the limits notified to each activity;
• ●the risks assessment of new products or new market activities.

In order to carry out these various missions, the Risk department in charge of monitoring market operations defines the architecture principles and functionalities of the information system for the production of risk indicators and P&L on market operations and ensures that these principles and functionalities are properly adapted to business needs. ▲

This department contributes to the detection of possible rogue trading operations through a monitoring mechanism based on alert levels (on gross nominal value of positions for example) applied to all instruments and desks.

Audited I Market risks oversight is provided by various Committees at different levels of the Group:

• ●The Risk Committee of the Board of Directors(16) is informed of the Group’s major market risks; in addition, it issues a recommendation on the most substantial proposed changes in terms of market risk measurement and framework (after prior approval by the CORISQ); this recommendation is then referred to the Board of Directors for a decision.
• ●The Group Risk Committee(17) (CORISQ), chaired by the Chief Executive Officer of the Group (DGLE), is regularly informed of Group-level market risks. Moreover, upon a proposal from the Risk Department, it validates the main choices with regard to market risk measurement, as well as the key developments on the architecture and implementation of the market risk framework at Group level. The global market risk limits with the DGLE delegation level or above are reviewed in CORISQ at least once a year.
• ●The market risks of the Group are reviewed during the Market Risk Committee(18) (MRC) led by the Market Risk Department, chaired by the Risk Department and attended by the Head of the Global Banking and Investor Solutions Division and the Head of the Global Markets Division. This Committee provides information on risk levels for the main risk indicators as well as for some specific activities pointed out depending on market or business driven events. It also provides an opinion on the market risk framework changes falling under the remit of the Risk Department. In this context, a systematic review of all the limits with a Head of the Risk Division level is organised at least once a year.
• ●During these Committees, several metrics for monitoring market risks are reported:
  • -stress test measurements: Global Stress Test on market activities and Market Stress Test,
  • -regulatory metrics: Value-at-Risk (VAR) and Stressed Value-at-Risk (SVAR);
• ●In addition to these Committees, detailed and summary market risk reports, produced on a daily, weekly, monthly or quarterly basis, either related to various Group levels or geographic areas, are sent to the relevant business line and risk function managers.

In terms of governance, within the Market Risk Department, the main functional and transversal subjects are dealt with during Committees organised according the nature of activity in question. ▲

Audited I The business development strategy of the Group for market activities is primarily focused on meeting clients’ needs through a comprehensive range of products and solutions. The risk resulting from these market activities is strictly managed through a set of limits for several indicators:

• ●Value at Risk (VaR) and Stressed Value at Risk (SVaR): these global indicators are used for market risk calculations for RWA and for the day-to-day monitoring of the market risks incurred by the Group within the scope of its trading activities;
• ●Stress test measurements, based on decennial shock-type indicators, which make it possible to restrict the Group’s exposure to systemic risk and exceptional market shocks. These measurements can be global, multi-risk factor (based on historical or hypothetical scenarios), by activity or risk factor in order to take into account extreme risks on a specific market, or event-driven, to temporarily monitor a particular situation;
• ●sensitivity and nominal indicators used to manage the size of positions: 
  • -sensitivities are used to monitor the risk incurred locally on a given type of position (e.g. sensitivity of an option to changes in the underlying asset),
  • -while nominal indicators are used for significant positions in terms of risk;
• ●additional indicators such as concentration risk or holding period, maximum maturity, etc. ▲

The Market Risk Department is responsible for the assessment and validation of the limit requests submitted by the different business lines. These limits ensure that the Group complies with the market risk appetite approved by the Board of Directors.

Audited I The choice and calibration of these limits ensure the operational transposition of the Group's appetite for market risk through its organisation:

• ●these limits are allocated at various levels of the Group's structure and/or by risk factor;
• ●their calibration is determined using a detailed analysis of the risks of the managed portfolio. This analysis may include various elements such as market conditions, including liquidity, the maneuverability of positions, the income generated in relation to the risks taken, ESG criteria, etc.;
• ●their regular review makes it possible to manage risks according to the evolution of market conditions;
• ●specific limits or even prohibitions may be put in place to regulate risks for which the Group has limited or no appetite. ▲

The desk mandates and Group policies stipulate that the traders must have a sound and prudent management of positions and must respect the defined frameworks. The allowed transactions, as well as risk hedging strategies, are also described in the desk mandates. The limits set for each activity are monitored daily by the Market Risk Department. This continuous monitoring of the market risk profile is the object of regular discussions between the risk and business teams, further to which various risk hedging or mitigation initiatives may be taken by the front office in order to remain within the defined limits. In the event of a breach of the risk framework, and in compliance with the limits follow-up procedure, the front office must detail the reasons, and take the necessary measures to return within the defined framework, or otherwise request a temporary or permanent increase of limit if the client’s request and if market conditions justify such a course of action.

The management and good understanding of the market risk to which the Group is exposed are thus ensured on the one hand (i) through the governance in place between the different sub-departments within the Risk Department and the business lines, but also on the other hand (ii) through the daily monitoring of consumption of the various limits in place, to which products/solutions distributed to customers contribute as well as various market-making activities.

Audited I The principles and standards for managing these risks are defined at the Group level. The ALMT (Asset and Liability Management and Treasury) department within the Group’s Finance Division leads the control framework of the first line of defence while the Risk Department Management assumes the role of second line of defence  supervision.

The general principle for managing structural interest rate and exchange rate risks within consolidated entities is to ensure that movements in interest and foreign exchange rates do not significantly threaten the Group’s financial base or its future earnings in the framework of the Risk Appetite defined by the Group through its dedicated various rate and FX metrics.

Within the entities, commercial and corporate center operations booked in the banking book balance sheet must therefore be matched in terms of interest rates and exchange rates as much as possible to immunise the patrimonial value of the Bank to rate and exchange rate variations. In addition, hedges may be entered into to reduce the dependence of future interest margins to interest rate fluctuations. With regards to exchange rate risk, in accordance with the relevant regulatory provisions, a structural foreign exchange position is maintained at the financial center level, in order to minimise the variation of the Group's Common Equity Tier 1 (CET1) ratio to exchange rates fluctuations.

The purpose of the Group ALM Committee is to:

• ●validate and ensure the adequacy of the system for monitoring, managing and supervising structural risks; 
• ●review changes in the Group's structural risks through consolidated reporting; 
• ●review and validate the measures and the adjustments proposed by the Group's Finance Department.

The Group ALM Committee tasks the Global Rate Forex Committee chaired by the Finance Department and the Risk Division to approve frameworks not exceeding defined amounts.

The ALMT Department is responsible for:

• ●defining the structural risk policies for the Group and formalising risk appetite to structural risks;
• ●analysing the Group’s structural risk exposure and defining hedging strategies;
• ●monitoring the regulatory environment concerning structural risk;
• ●defining the ALM principles for the Group;
• ●defining the modelling principles applied by the Group’s entities regarding structural risks;
• ●identifying, consolidating and reporting on Group structural risks;
• ●monitoring compliance with structural risk limits.

Within the Risk Division, the ALM Risk Department oversees structural risks and assesses the management system for these risks. As such, this department is in charge of:

• ● interest and foreign exchange rates risks identification of the Group;
• ●defining the steering indicators and overall stress test scenarios of the different types of structural risks and setting the main limits for the business divisions and the entities and Business Units (BU)/Service Units (SU);
• ●defining the normative environment of the structural risk metrics, modelling and framing methods;

In addition, by delegation of MRM, this department ensures the validation of ALM models for which it organises and chairs the Validation Committee of Models.

Finally, he chairs the Model Validation Committee and the ALM Standards Validation Committee and thus ensures that the regulatory framework is correctly read and properly adapted to Societe Generale environment.

Each entity, each BU/SU, manages its structural risks and is responsible for regularly assessing risks incurred, producing the risk report and developing and implementing hedging options. Each entity, each BU/SU is required to comply with Group standards and to adhere to the limits assigned to it. 

As such, the entities and the BUs/SUs apply the standards defined at Group level and develop the models, with the support of the central modelling teams of the Finance Department.

An ALM manager reporting to the Finance Department in each entity is responsible for monitoring these risks. This manager is responsible for reporting ALM risks to the Group Finance Department. All entities have an ALM Committee responsible for implementing validated models, managing exposure to interest rate and exchange rate risks and implementing hedging programs in accordance with the principles set out by the Group and the limits validated by the ALM Committee and the BU/SU ALM Committees. ▲

Audited I Funding risk is defined as the risk that the Group will no longer be able to finance its activities with appropriate volumes of resources and at a reasonable costhe liquidity and funding management set up at Societe Generale aims at ensuring that the Group can:

(i) fulfil its payment obligations at any moment in time, during normal course of business or under lasting financial stress conditions (management of liquidity risks); 

(ii) sustainably finance the development of its activities at a reasonable cost (management of funding risks). Doing so, the liquidity and funding management ensures compliance with risk appetite and regulatory requirements.

To achieve these objectives, Societe Generale has adopted the following guiding principles:

• ●liquidity risk management is centralised at Group level, ensuring pooling of resources, optimisation of costs and consistent risk management. Businesses must comply with static liquidity deadlocks in normal situations, within the limits of their supervision and the operation of their activities, by carrying out operations with Corporate Centre, where appropriate, according to an internal refinancing schedule. Assets and liabilities with no contractual maturity are assigned maturities according to agreements or quantitative models proposed by the Finance Department and by the business lines and validated by the Risk Division;
• ●funding resources are based on business development needs and the risk appetite defined by the Board of Directors (see section 2);
• ●financing resources are diversified by currencies, investor pools, maturities and formats (vanilla issues, structured or secured notes, etc.). Most of the debt is issued by the parent company. However, Societe Generale also relies on certain subsidiaries to raise resources in foreign currencies and from pools of investors complementary to those of the parent company;
• ●liquid reserves are built up and maintained in such a way as to respect the stress survival horizon defined by the Board of Directors. Liquid reserves are available in the form of cash held in central banks and securities that can be liquidated quickly and housed either in the banking book, under direct or indirect management of the Group Treasury. in the trading book within the market activities under the supervision of the Group Treasury;
• ●the Group has options that can be activated at any time in a stressful situation, through an Emergency Financing Plan (EFP) at Group level (except for insurance activities, which have a separate contingency plan), defining leading indicators for monitoring the evolution of the liquidity situation, operating procedures and remedial actions that can be activated in a crisis situation.

The main liquidity risk governance bodies are as follows:

• ●the Board of Directors, which:
  • -sets yearly the level of liquidity risk tolerance as part of the Group’s risk appetite, based on a set of key metrics, which includes both internal and regulatory metrics, in particular the period of time during which the Group can operate under stressed conditions (“survival horizon”),
  • -approves financial indicators framing including the scarce resources indicators framing (financing program definition),
  • -reviews at least quarterly the Group’s liquidity and funding situation: key liquidity metrics, including stressed liquidity gap metrics as evaluated through Societe Generale group models, the regulatory metrics LCR and NSFR, the pace of execution of the funding plan and the related cost of funds;
• ●General Management, which: 
  • -allocates liquidity and funding targets to the various Business Units and the Group Treasury entity, upon proposal from the Group Finance division,
  • -defines and implements the liquidity and funding risk strategy, based on inputs from the Finance and Risk Divisions and the Business Units. In particular, the General Management chairs the Finance Committee, held every 6 weeks and attended by representatives from the Finance and Risk Divisions and Business Units, which is responsible for monitoring structural risks and managing scarce resources:
    • •validation and monitoring of the set of limits for structural risks, including liquidity risk,
    • •monitoring of budget targets and decisions in case of a deviation from the budget,
    • •definition of principles and methods related to liquidity risk management (e.g. definition of stress scenarios),
    • •assessment of any regulatory changes and their impacts; 
• ●the Group Finance Division, which is responsible for the liquidity and funding risks as First Line of Defence, interacting closely with Business Units. Within the Group Finance Division, there are three main departments involved respectively in the preparation and implementation of decisions taken by the abovementioned bodies: 
  • -the Strategic and Financial Steering Department is responsible for framing and steering the Group’s scarce resources, including liquidity, within the Group’s risk appetite and financial indicators framing;

• ●the Group ALM and Treasury Department is in charge of:
  • -all aspects of the operational management of liquidity and funding across the Group, including managing the liquidity position, executing the funding plan, supervising and coordinating treasury functions, providing operational expertise in target setting, managing the liquidity reserves and the collateral used in funding transactions, managing the corporate centre,
  • -the definition of modelling and monitoring structural risks, including liquidity risk alongside interest rate and foreign exchange risks in the Banking Book,
  • -also sitting with the Group Finance Division, the Metrics Production Department runs the management information system regarding liquidity and funding risks across the Group. For liquidity metrics, the Group relies on a centralised system architecture, with all Business Units feeding a central data repository from which all metrics are produced, either regulatory metrics (e.g. the LCR or the NSFR) or metrics used for internal steering (e.g. stress test indicators);
• ●the ALM Risk Department, which perform as the second line of defence functions, ensure the supervision of liquidity risks and evaluates the management system for these risks. As such, it is in charge of:
  • -the definition of liquidity indicators and the setting of the main existing limits within the Group,
  • -the definition of the normative framework for measuring, modelling methods and monitoring these risks.

In addition, by delegation of Model Risk Management, this department ensures the validation of ALM models for which it organises and chairs the Validation Committee of Models.

Finally, it ensures the correct interpretation of the regulatory framework as well as an adequate implementation in the Societe Generale environment. ▲

Controlling operational risks is a major challenge for the Group:

• ●regulatory issues: to comply with the requirements of regulators;
• ●reputation issues: to limit damage to the Group’s reputation;
• ●financial challenge: to contain operational losses and prudential capital requirements.

The Group specifies its zero or very low tolerance to operational risk for: internal fraud, cyber security, data leakage, business continuity, outsourced service delivery, physical security, execution errors.

Furthermore, the Group has no tolerance for incidents whose severity is likely to seriously harm its image, threaten its results or the confidence of its customers and employees, prevent business continuity on its critical activities or challenge its strategic orientations.

The management of operational risk is an integral part of the tasks of all employees. It is based on:

• ●the existence of secure processing processes;
• ●the risk culture of employees;
• ●specific preventive measures, including rules on sound project management;
• ●the internal control system.

The Group operational risk management framework, other than non-compliance risks detailed in Chapter 4.11 “Compliance risk” is structured around a three-level system comprising:

• ●a first line of defence in each core Business Units/Service Units, responsible for applying the framework and putting in place controls that ensure risks are identified, analysed, measured, monitored, managed, reported and contained with the limits set by the Group-defined risk appetite;
• ●a second line of defence, namely the Non-Financial Risk and permanent control Department in the Group’s Risk Division, in charge of the management of operational risks frameworks.
• As such, the Non-Financial Risk and permanent control Department:
  • -conducts a critical examination of the BU/SUs management of operational risks (including fraud risk, risks related to information systems and information security, and risks related to business continuity and crisis management),
  • -sets regulations and procedures for operational risk systems and production of cross Group analyses,
  • -produces risk and oversight indicators for operational risk frameworks.
• To cover the entire Group, the Non-Financial Risk and permanent control Department has a central team supported by regional hubs. The regional hubs report back to the department, providing all information necessary for a consolidated overview of the Bank’s risk profile that is holistic, prospective and valid for both internal oversight purposes and regulatory reporting.
• The regional hubs are responsible for implementing the Operational Risk Division’s briefs in accordance with the demands of their local regulators.
• The Non-Financial Risk and permanent control Department communicates with the first line of defence through a network of operational risk correspondents in each Business/Service Units.
• Concerning risks specifically linked to business continuity, crisis management and information, of persons and property, the Non-Financial Risk and permanent control Department carries out the critical review of the management of these risks in connection with the Group Security Division. Specifically, regarding IT risks, the Non-Financial Risk and permanent control Department carries out the critical review of the management of these risks in connection with GCOO (Group Chief Operating Office);
• ●a third line of defence in charge of internal audits conducted by the General Inspection and Audit Division.

The implementation and monitoring of the operational risk management framework is part of the Group’s internal control framework:

• ●level 1 control is performed as part of operations within each SG Group BU/SU/entity, including managerial supervision and operational controls. This permanent control framework is supervised by the Normative Controls Library (NCL), which brings together, for the entire Group, the control objectives defined by the expertise functions, the business lines, in connection with the second lines of defence;
• ●level 2 control is carried out by dedicated teams in the Risk Division to carry out this mission on operational risks covering the risks specific to the various businesses (including operational risks related to credit and market risks), as well as the risks associated with purchases, communication, real estate, human resources and information system.

Protecting persons and property, and compliance with the laws and regulations governing security are major objectives for Societe Generale Group. It is the mission of the Group Security Division to manage human, organisational and technical frameworks that guarantee the smooth operational functioning of the Group in France and internationally, by reducing exposure to threats (in terms of security and safety) and reducing their impact in the event of crisis.

The security of persons and property encompasses two very specific areas:

• ●security, which comprises all the human, organisational and technical resources combined to deal with technical, physical, chemical and environmental accidents that can harm people and property;
• ●safety, which comprises all the human, organisational and technical resources combined to deal with spontaneous or premeditated acts aimed at harming or damaging the Bank with the intent of obtaining psychological and/or financial profit.

The management of all the above risks is based on an operational risk system. A second line of defence is provided by the Risk Department.

Given the importance for the Group of its information system and the data it conveys and the continuous increase in the cybercriminal threat, the risks related to information and communication technologies (ICT) and to security are major for Societe Generale. Their supervision, integrated into the general operational risk management system, is steered as the first line of defence by a dedicated area of expertise (Information and Information Systems Security – ISS) and the second line of defence is provided by the Risk Department. They are subject to specific monitoring by the management bodies through sessions dedicated to Group governance (Risk Committee, CORISQ, CCCIG, ISCO) and a quarterly dashboard which presents the risk situation and action plans on the main information and communication technologies risks.

The Group Security Department, housed within the General Secretariat, is responsible for protecting information. The information provided by customers, employees and also the collective knowledge and know-how of the bank constitute Societe Generale’s most valuable information resources. To this end, it is necessary to put in place the human, organisational and technical mechanisms which make it possible to protect the information and ensure that it is handled, communicated to and shared by only the people who are authorised to know.

The person in charge of risks related to information and communication technologies (ICT) and security of information systems is housed at GCOO (Group Chief Operating Office). Under the functional authority of the Head of Group Security, he recommends the strategy to protect digital information and heads up the IT Security Department. The IT security framework is aligned with the market standards (NIST, ISO 27002, ISO 27001, ISO 27035), and implemented in each Business/Service Unit. Societe Generale policies and process tend to be compliant with their requirements and conducts regular control on this compliance.

Risk management associated with cybercrime is carried out through the tri-annual Information Systems Security (ISS) master plan.

In order to take into account the development of the cyber threat, in a sustainable way on SG Group and in line with the Group strategy, with a budget of EUR 1 billion is allocated over the four coming years, the 2024-2026 cyber security strategy is structured around five pillars that guide actions out to 2026:

• ●decrease the SG Group’s exposure to cyber risk by increasing protection levels and response capacity. In particular, by improving the deployment of key cyber risk controls through a commitment of Executive Committee members on results;

• ●empower SG staff with regard to cyber security, ensuring that core security rules are fully enforced, in particular by ensuring production of Group’s assets are secured by design;
• ●improve the operational efficiency of cyber security teams by optimizing more automated and more preventive cyber controls, to reduce the run cost and deploy additional protection measures;
• ●support business transformation with the appropriate involvement of cyber security teams, to anticipate new trends (e.g. Artificial Intelligence or blockchain);
• ●improve the human resources management of the sector, in particular on developing the skills and attractiveness of the Group’s security function.

At the operational level, the Group relies on a CERT (Computer Emergency Response Team) unit in charge of incident management, security watch and the fight against cybercrime. This team uses multiple sources of information and monitoring, both internal and external. Since 2018, this unit has also been strengthened by the establishment of an internal Red Team whose main tasks are to assess the effectiveness of the security systems deployed and to test the detection and reaction capabilities of the defence teams (Blue Teams) during an exercise simulating a real attack. The services of the Red Team enable the Group to gain a better understanding of the weaknesses in the security of the Societe Generale information system, to help in the implementation of global improvement strategies, and also to train cybersecurity defence teams. CERT works closely with the Security Operation Center (SOC), which is in charge of detecting security events and processing them.

A team at the Resources and Digital Transformation Department is in charge of ensuring the consistency of the implementation of operational risk management systems and their consolidation for IT processes. The main tasks of the team are as follows:

• ●identify and evaluate the major IT risks for the Group, including extreme risk scenarios (e.g. cyberattack, failure of a provider), to enable the Bank to improve its knowledge of its risks, be better prepared for extreme risk scenarios and better align their investments with their IT risks;
• ●produce the indicators that feed the IT risks monitoring dashboard, intended for management bodies and Information Systems Directors. They are reviewed regularly with the second line of defence in order to remain aligned with the IS and SSI strategy and their objectives;
• ●more generally, ensure the quality and reliability of all devices addressing IT operational risks. Particular attention is paid to the permanent control system for its IT risks, which is based on the definition of normative IT and security controls and the support of the Group in the deployment of managerial supervision on this topic. Since 2022, the SSI normative controls were reviewed, i.e. around 200 controls covering cyber topics in addition to the IT controls already in place. The IS/SSI Departments monitor the deployment of these controls across the Group, the progress of which is aligned with the objectives set by the Group.

In terms of awareness, a multilingual online training module on information security is mandatory for all internal Group staff and for all service providers who use or access our information system. It was updated in early 2023 in order to incorporate changes to the new Group Information Security Policy.

The supervision of fraud risk, whether internal or external, is integrated into the general operational risk management framework which allows the identification, assessment, mitigation and monitoring of the risk, whether it is potential or actual.

It is steered in the first line of defence by dedicated expert teams working on fraud risk management, in addition to the teams in charge of operational risk management specific to each of the banking businesses. These teams are in charge of the definition and operational implementation of the means of raising awareness, preventing, detecting and dealing with frauds. The second line of defence is provided by the Non-Financial Risks and permanent control Department with a fraud risk manager. The second line defines and verifies compliance with the principles of fraud risk management in conjunction with the first line teams, and ensures that the appropriate governance is in place.

Finally, the teams, whether they are in the first or second line of defence, work jointly with teams of experts in charge of information security, the fight against cyber crime, know your client (KYC), anti-money laundering and combating corruption. Likewise, the teams work closely with the teams in charge of credit risk and market risk. The sharing of information contributes to the identification and increased responsiveness in the presence of a situation of proven fraud or weak signals. This active collaboration makes it possible to initiate investigative measures, blocking attempted fraud or initiating the recovery of funds or the activation of associated guarantees and insurance payments in the event of successful fraud.

Compliance risk is considered a non-financial risk, in line with the Group’s Risk taxonomy.

Acting in compliance means understanding and observing the external and internal rules that govern our banking and financial activities. These rules aim to ensure a transparent and balanced relationship between the Bank and all its stakeholders. Compliance is the cornerstone of trust between the Bank, its customers, its supervisors and its employees.

Compliance with rules is the responsibility of all Group employees, who must demonstrate compliance and integrity on a daily basis. The rules must be clearly expressed, and staff have been informed and/or trained to understand them properly.

The compliance risk prevention system is based on shared responsibility between the operational entities and the Group Compliance Department:

• ●the operational entities (BUs and SUs) must incorporate into their daily activities compliance with laws and regulations, the rules of professional best practice and the Group’s internal rules;
• ●the Compliance Department manages the Group’s compliance risk prevention and management system. It ensures the system’s consistency and efficiency, while also developing appropriate relationships (liaising with the General Secretariat) with bank supervisors and regulators. This independent department reports directly to General Management.

To support the businesses and supervise the system, the Compliance Department is organised into:

• ●Standards and Consolidation teams responsible for defining the normative system and oversight guidelines, consolidating them at Group level, as well as defining the target operational model for each compliance risk.
• ●Core Business/business line Compliance teams which are aligned across the Group’s major business lines (Corporate and Investment Bank, French Retail Banking, International Retail Banking, Private Banking and Corporate Divisions), responsible for the relationship with BU/SUs, including deal flow, advisory, and risk oversight of BU/SUs;
  • -teams responsible for cross-business functions,
  • -teams responsible for second-level controls.

The Compliance Department is organised into three main compliance risk categories, for which it plays a standard-setting role:

• ●financial security: know your customer; fight against corruption, compliance with the rules and regulations on international sanctions and embargoes; anti-money laundering and combating the financing of terrorism, including reporting suspicious transactions to the appropriate financial intelligence authority when necessary;
• ●regulatory risks, which cover in particular: customer protection, ethics and conduct, compliance with tax transparency regulations (based on knowledge of the customers’ tax profile), compliance with corporate social responsibility regulations and Group commitments, financial market integrity, compliance with prudential regulations in collaboration with the Risk Department, joint coordination with HRCO of the Group’s Culture and Conduct issues (Conduct in particular);
• ●protection of data, including personal data and in particular those of customers.

Compliance has set up an extensive compulsory training programme for each of these risk categories, designed to raise awareness of compliance risks among all or some employees. The completion rates for these training modules are monitored closely by the Group at the highest level.

In addition to its LOD2 function regarding the aforementioned risks, Compliance oversees the regulatory system for all regulations applicable to credit institutions, including those implemented by other departments, such as prudential regulations.

In terms of customer knowledge, Societe Generale’s KYC system is now generally robust. 2024 saw its consolidation in parallel with the tightening reinforcement of the methods of continuous detection of customers or beneficial owners who have acquired the status of Politically Exposed Person (PEP) or Close to PEP, the generalisation to all banking entities of an automated solution for identifying Negative News on customers, as well as the deployment of a Group tool supporting the Quality Assurance process on relationships and periodic reviews.

In addition, following the publication of the European Union’s 6th anti-money laundering package in June 2024, which introduces new KYC due diligence obligations applicable from 10 July 2027, the Group took the first steps in a multi-year compliance programme at the end of the year.

The Group implements all the measures related to the 5th Anti-Money Laundering Directive and the Order of 6 January 2021 on the AMF/CFT system and internal control.

It has also actively worked to comply with European Regulation 2023/1113 on information accompanying transfers of funds and certain crypto-assets, applicable since 30 December 2024.

Internal initiatives to strengthen the system also continued in 2024, particularly in terms of risk detection capabilities related to crypto-assets or the circumvention of international sanctions. In general, the development of more sophisticated tools for detecting suspicious or atypical transactions, based on technologies such as Big Data and Machine Learning, is a priority for the Group as part of a multi-year investment programme.

The strengthening of sanctions imposed on Russia by various jurisdictions (the European Union, the US, the UK, etc.) on account of the war against Ukraine continued in 2024. The implementation of these sanctions remains very complex and may generate high operational risk for financial institutions. In this context, Societe Generale Group maintains close control over any operation involving Russia.

Following the dismissal of the Deferred Prosecution Agreement in December 2021 by the US authorities, the Group took further measures to bolster its Embargoes/Sanctions system, which continues to be regularly reviewed by an independent consultant appointed by the FRB.

Refer to section 5.4.2.2.1.2. “Marketing practices for products and services that respect customers’ interests”/“Complaint handling and mediation”, page  Marketing practices for products and services that respect customers’ interests; 5.4.2.2.2.2. “Actions related to responsible business practices/Complaint handling and mediation”, page  Actions related to responsible marketing practices.

Refer to section 5.4.2.2.1.2. “Marketing practices for products and services that respect customers’ interests”/“Prevention of conflicts of Interest”, page  Marketing practices for products and services that respect customers’ interests.

Refer to section 5.4.2.2.1.2. “Marketing practices for products and services that respect customers’ interests”, page  Marketing practices for products and services that respect customers’ interests.

Refer to section 5.4.2.2.1.2. “Marketing practices for products and services that respect customers’ interests”/“Supporting customers in situations of financial fragility”, page  Marketing practices for products and services that respect customers’ interests; 5.4.2.2.2.2. “Actions related to responsible business practices”/“Financial fragility”, page  Actions related to responsible marketing practices.

The regulatory changes of recent years concerning market integrity are integrated into the implementation of a robust risk hedging framework within the Societe Generale Group. The rules of conduct, the organisational principles and the oversight and control measures are in place, regularly assessed and improved. Moreover, extensive training and awareness-raising programmes are provided to all Group employees.

This scheme has been further improved in 2024, including:

• ●by strengthening the regulatory framework and controls concerning the system for recording and storing electronic communications for persons subject to the orders issued by the US authorities (SEC and CFTC) against several banking institutions including Societe Generale;
• ●by strengthening the normative framework and controls concerning the system for preventing market abuse and its detection with the launch of a project to improve our supervision of transactions executed via trading venues;
• ●by integrating regulatory requirements into the normative framework and controls concerning the derivatives framework and regulatory reporting;
• ●by integrating the Group’s strategic projects into our system.

Societe Generale Group’s principles on combating tax evasion are governed by the Tax Code of Conduct. This Code is updated periodically and approved by the Board of Directors after review by the Executive Committee. It is public and accessible via the Bank’s institutional portal (https://www.societegenerale.com/sites/default/files/documents/ Code-conduite/code_de_conduite_fiscale_groupe_societe_generale_fr.pdf). The current version was updated in December 2023.

The five main principles of the Code are as follows:

• ●Societe Generale has a responsible tax policy that forms part of its overall strategy;
• ●Societe Generale ensures compliance with the applicable tax rules in all countries where the Group operates, in accordance with international conventions and national laws;
• ●in its customer relationships, Societe Generale ensures that customers are informed of their tax obligations relating to transactions carried out with the Group (insofar as this information is authorised by the applicable laws and regulations). The Group complies with the reporting obligations that apply to it as bookkeeper and in any other way;
• ●in its relations with the tax authorities, Societe Generale is committed to strictly respecting tax procedures and ensures that it maintains responsible and transparent relations;
• ●Societe Generale prohibits tax evasion and the abuse of rights, whether in the Group or by its subsidiaries, and does not encourage or facilitate tax evasion for its customers. Societe Generale also prohibits any transaction not based on sound economic grounds and driven solely by tax considerations, whether for its own account or for its customers.

The tax strategy and its guiding principles are approved by the Board of Directors. Measures for monitoring compliance with the tax strategy and risks are presented to the Board of Directors (or a delegate Committee) at least once a year.

The Group is committed to a strict policy with regard to tax havens. No new Group entity may be established in a state or territory on the official French list of ETNCs (États et territoires non coopératifs in French)(35). Moreover, the Group undertakes to cease operating entities in said countries unless their activities are mainly regional in nature. Internal rules have also been in place since 2013 to monitor an expanded list of countries or territories.

The Group adheres to the Organisation for Economic Co-operation and Development’s (OECD) Transfer Pricing recommendations and applies the principle of competitive neutrality in order to ensure that its intra-group transactions are made under arm’s length conditions and do not result in the transfer of any indirect benefits. However, where local regulations differ from these recommendations, the former shall prevail in all relations with the relevant government and be properly documented.

The Group publishes information on its entities and activities annually on a country-by-country basis (Section 2.12 – pages  2.12) and confirms that its presence in a number of countries is for commercial purposes only, and not to benefit from special tax provisions. The Group complies with the tax transparency rules for its own account (CbCR – Country-by-Country Reporting) and has included the principle of transparent tax communications in its Code of Conduct. Societe Generale complies with customer tax transparency standards. The Common Reporting Standard (CRS) enables tax authorities to be systematically informed of income received abroad by their tax residents, including where the accounts are held in asset management structures. Societe Generale also complies with the requirements of the United States FATCA (Foreign Account Tax Compliance Act), which aims to combat tax evasion involving foreign accounts or entities held by US taxpayers. The Group has implemented the European Directive DAC6, which requires the reporting of cross-border tax planning arrangements. Lastly, the Group is studying the new tax transparency standards on digital assets ahead of their upcoming implementation, in particular the CARF (Crypto-Asset Reporting Framework), changes to the CRS standard, and the new European Directive in this regard, known as DAC8 (Directive on Administrative Cooperation 8).

Importantly, the account-keeping entities of the Private Banking business line are established exclusively in countries with the strictest tax transparency rules imposed by G20 member countries and the OECD. Assets deposited in Private Banking books are subject to enhanced scrutiny using comprehensive due diligence procedures to ensure they are tax compliant.

In accordance with regulatory requirements, Societe Generale also includes tax fraud in its anti-money laundering procedures.

Refer to section 5.5.1.2. “Prevention and detection of corruption and bribery”, page  Internal mechanisms for the prevention and detection of corruption.

European financial regulations have seen significant changes from a social and environmental perspective, in particular with:

• ●the entry into force in March 2021 of Regulation (EU) 2019/2088 – SFDR on Sustainability-related disclosures in the financial services sector;
• ●the Taxonomy Regulation (EU) 2020/852 on the establishment of a framework to facilitate sustainable investment; and
• ●the entry into force in January 2022 of the Delegated Regulation of 4 June 2021 supplementing the Taxonomy Regulation and in August 2022 of Delegated Act 2021/1253 integrating Sustainability into MiFID.

The Compliance Department is developing the normative framework relative to the European Union regulations on sustainable investment and producing deliverables pertaining to normative documentation, training, controls and supervision to help the business lines to comply with regulations. An e-learning module on sustainable investment was made compulsory for more than 30,000 Group employees.

In addition to regulations, the Group makes voluntary public commitments in this area. To manage the implementation of the environmental and social risk management system and ensure the Group’s commitments are upheld, the Compliance Division introduced the following measures:

• ●development of prescriptive controls and key risk indicators;
• ●deployment of an e-learning module on environmental and social risk management. The training was made compulsory for all employees having a direct or indirect relationship with corporate customers and was distributed to more than 70,000 Group employees;
• ●definition of escalation procedures on the perimeter of corporate clients and on that of financial institutions and sovereigns, to describe the criteria that oblige business lines to request the Compliance Department and, where applicable, the Arbitration Committee chaired by the General Management, to enter into a relationship with an entity or to carry out transactions in situations that may present risks of non-compliance or environmental and social reputation issues.

Refer to section 5.4.2.2.1.3. “Customer privacy policies”/“Protection of customer personal data”, page  Privacy protection policies; 5.4.2.2.2.3. “Privacy protection”/“Data protection”, page  Actions for privacy protection.

Refer to section 5.4.2.2.2.3. “Privacy actions”/“Archiving”, page  Actions for privacy protection.

Management of reputational risk is coordinated by the Compliance Department, which:

• ●supports the Compliance Control Officers of the businesses in their strategy for preventing, identifying, assessing and controlling reputation risk;
• ●develops a reputational risk dashboard that is communicated quarterly to the Risk Committee of the Board of Directors, based on information from the BU/SU (in particular the Human Resources, Communications, Legal, Corporate Social Responsibility, etc.);
• ●performs the Secretariat role for the Customer Acceptance Committee (CAC) whose role is to approve the onboarding or continuing relationship with certain customers which are subject to an arbitration request between the businesses and control functions and/or who present a high risk;
• ●performs the Secretariat role for the Complex Transactions and Reputation Risk Committee (CTRC), tasked with reviewing and approving the legal, regulatory, tax, compliance and/or high reputation risk that may arise from the involvement of a Group entity in a complex transaction or from a product, transaction, service or activity with a customer or counterparty.

Moreover, Chief Compliance Officers dedicated to Business Units take part in the various bodies (New Product and Significant Change Committees or NPSC, ad hoc committees, etc.) organised to approve new types of transactions, products, projects or customers, and formulate a written opinion as to their assessment of the level of risk of the planned initiative, and notably the reputation risk.

In addition to its role as a second line of defence in the aforementioned areas, the Compliance Department has continued to strengthen the supervision of the Group’s regulatory system in coordination with the Risk, Finance, Legal and Human Resources Departments. This oversight relies on the Corporate Compliance Framework approach, which aims to ensure the Group’s compliance with all banking and financial regulations, including those implemented by other departments, namely control functions or independent expert functions. To this end, on each theme concerned, a document setting out the Compliance function’s roles and responsibilities for the implementation of the missions is formalised and approved by the stakeholders. The Corporate Compliance system is now mature and robust.

Audited IIn accordance with regulatory requirements, the Societe Generale Group has a system to centrally manage compliance incidents which is governed by a regularly updated body of standards.

The procedure for reporting incidents is governed by an ad hoc governance, together with Compliance Incident Committees (CIC). These are held monthly with an intermediate level for the business lines and a consolidated level for the Group, which addresses the most significant incidents. These bodies promote information sharing between members regarding any malfunctions that may occur, and the methods used to resolve them.

The presentation of these incidents in the CICs for the purposes of compliance risk supervision and steering is routinely accompanied by long-term remedial action plans to prevent future incidents from recurring. Once all the remedial action plans have been finalised, a compliance incident may be closed upon formal approval by the CIC.

Major compliance incidents within the Group are reported on a quarterly basis:

• ●to the executive arm of the Group Compliance Committee;
• ●to the supervisory arm of the Board of Directors’ Risk Committee in a Group Compliance dashboard;
• ●to the Autorité de Contrôle Prudentiel et de Résolution (the French Prudential Supervisory Authority).

In June 2018, Societe Generale entered into agreements with the US Department of Justice (DOJ) and the US Commodity Futures Trading Commission (CFTC) to resolve their investigations into IBOR submissions, and with the DOJ and the French Financial Prosecutions Department (Parquet National Financier – PNF) to resolve their investigations into certain transactions involving Libyan counterparties.

In November 2018, Societe Generale entered into agreements with the US authorities to resolve their investigations into certain US dollar transactions involving countries, persons or entities subject to US economic sanctions. As part of these agreements, the Bank committed to enhance its compliance system in order to prevent and detect any violation of anticorruption and bribery, market manipulation and US economic sanction regulations, and any violation of New York state laws. The Bank also committed to enhance corporate oversight of its economic sanction compliance programme. Against this background, the Bank defined and rolled out a programme to implement all these commitments and strengthen its compliance system in the relevant areas.

On 30 November and 2 December 2021, after three years of remediation, the US Federal Court terminated legal proceedings by the DOJ, which confirmed that Societe Generale had complied with obligations relating to the deferred prosecution agreements (DPA) of June and November 2018. In December 2020, the PNF resolved proceedings against Societe Generale and acknowledged that Societe Generale had fulfilled its obligations with respect to the public interest judicial convention.

In terms of OFAC sanctions, the closure of the judicial component did not put an end to the Order signed in 2018 with the Federal Reserve Bank, which continues to regularly monitor the Bank’s full compliance with its obligations.

On 14 December 2017, Societe Generale SA and its New York branch (SGNY) on the one hand, and the Board of Governors of the Federal Reserve System (Federal Reserve Board) on the other hand, agreed to a Cease-and-Desist order regarding the SGNY compliance programme to adhere to the Bank Secrecy Act (BSA) and its anti-money laundering (AML) obligations (the Anti-Money Laundering Compliance Program), and regarding some aspects of its Know Your Client (KYC) programme. On 26 February 2024, the Federal Reserve Board (FRB) terminated its 2017 BSA/AML Cease and Desist Order, acknowledging that Societe Generale SA and SGNY had fulfilled their obligations under this framework.

On 17 December 2019, Societe Generale SA and SG New York (SGNY) signed an agreement with the Federal Reserve Bank of New York (FRBNY) regarding SGNY’s compliance risk management programme. Under this agreement, Societe Generale SA and SGNY have agreed, among other things, to submit (a) a written governance plan to strengthen the oversight of SGNY’s non-compliance risk management programme; (b) a written plan to improve SGNY’s non-compliance risk management programme; and (c) improvements to SGNY’s audit programme with respect to the audit of the compliance risk management programme. Societe Generale SA and SGNY continue to comply with all the requirements of the written agreement.

The Group is fully committed to maintaining a solid governance system in terms of model risk management in order to ensure the efficiency and reliability of the identification, design, implementation, modification monitoring processes, independent review and approval of the models used. An MRM (“Model Risk Management”) Department in charge of controlling model risk was created within the Risk Department in 2017. Since then, the model risk management framework has been consolidated and structured and is based today on the following device.

The model risk management system is implemented by the three independent lines of defence, which correspond to the responsibility of the business lines in risk management, to the review and independent supervision and evaluation of the system and which are segregated and independent to avoid any conflict of interest.

The mechanism in place is as follows:

• ●the first line of defence (LoD1), which brings together several teams with diverse skills within the Group, is responsible for the development, implementation, use and monitoring of the relevance over time of the models, in accordance with model risk management system; these teams are housed in the Business Departments or their Support Departments;
• ●the second line of defence (LoD2) is made up of governance teams and independent model review teams, and supervised by the “Model Risk” Department within the Risk Department;
• ●the third line of defence (LoD3) is responsible for assessing the overall effectiveness of the model risk management system (the relevance of governance for model risk and the efficiency of the activities of the second line of defence) and independent audit of models: it is housed within the Internal Audit Department.

A MRM Committee chaired by the Risk Director meets at least every three months to ensure the implementation of the management system and monitor the risk of models at Group level. Within the second line of defence and the “Model risk” Department, a governance team is in charge of the design and management of the model risk management system at Group level.

As such:

• Normative framework applicable to all of the Group’s models is defined, applied when necessary to the main families of models to provide details on the specifics, and maintained while ensuring the consistency and homogeneity of the system, its integrity and its compliance with regulatory provisions; this framework specifies in particular the definition of expectations with regard to LoD1, the principles for the model risk assessment methodology and the definition of guiding principles for the independent review and approval of the model;
• ●Identification, recording and updating of information of all models within the Group (including models under development or recently withdrawn) are carried out in the model inventory according to a defined process and piloted by LoD2;
• ●Monitoring and reporting system relating to model risk incurred by the Group in Senior Management has been put in place. The appetite for model risk, corresponding to the level of model risk that the Group is ready to assume in the context of achieving its strategic objectives, is also formalised through statements relating to risk tolerance, translated under form of specific indicators associated with warning limits and thresholds.

For each model, risk management is based on compliance with the rules and standards defined for the entire Group by each LoD1 player, it is guaranteed by an effective challenge from LoD2 and a uniform approval process.

The need to examine a model is assessed according to the level of model risk, its model family and applicable regulatory requirements. The independent review by the second line of defence is triggered in particular for new models, periodic model reviews, proposals to change models and transversal reviews in response to a recommendation:

• ●it corresponds to all the processes and activities which aim to verify the conformity of the functioning and use of the models with respect to the objectives for which they were designed and to the applicable regulations, on the basis of the activities and controls implemented by LoD1;
• ●it is based on certain principles aimed at verifying the theoretical robustness (evaluation of the quality of the design and development of the model), the conformity of the implementation and use, and the relevance of the monitoring of the model;
• ●it gives rise to an Independent Review Report, which describes the scope of the review, the tests carried out, the results of the review, the conclusions or the recommendations.

The approval process follows the same approval scheme for all models, the composition of governance bodies being able to vary according to the level of model risk, the family of models, the applicable regulatory requirements and the Business Units/Service Units in which model is applicable. Responsible for LoD2, the approval process consists of two consecutive instances:

• ●the Review Authority which aims to present the conclusions identified by the review team in the Independent Review Report and to discuss, allowing for a contradictory debate between LoD1 and LoD2. Based on the discussions, LoD2 confirms or modifies the conclusions of the Review Report, including the findings and recommendations, without being limited thereto;
• ●the Approval Authority, a body which has the power to approve (with or without reservation) or reject the use of a model, changes made to the existing model or continuous monitoring of the relevance of the model along the time proposed by the LoD1, from the Independent Review Report and the minutes of the Review Authority.

Following the application of the CSRD (Corporate Sustainability Reporting Directive) regulation which came into force on 1 January 2024, information relating to environmental, social and governance risks is now presented in Chapter 5 Corporate social responsability of this document, and mainly in the following sections:

• ●5.1.3 “Impacts, Risks and Opportunities (IROS)”;
• ●5.1.4.3 “The roles and responsibilities of governance bodies as regards sustainability”;
• ●5.1.4.8 “Risk management and internal controls over sustainability reporting”;
• ●5.3.3 “Management of material impacts on climate change mitigation”;
• ●5.4.2 “Consumers and end-users”;
• ●5.5.2 “Management of material risks related to business conduct”.

Refer to Financial Statements in Chapter 6 - Note 4.3 Insurance activities.

• (1)Report on the certification of sustainability information and verification of the disclosure requirements under Article 8 of Regulation (EU) 2020/852

For the first time in 2024, Societe Generale goup publishes a sustainability statement as required by the European CSRD (Corporate Sustainability Reporting Directive), transposed into French law. The main objective of this Directive is to harmonize sustainability reporting and to improve the availability and quality of ESG data published through the obligation to produce and publish a sustainability statement that meets standards applicable to companies in all sectors.

The European Sustainability Reporting Standards (ESRS) mandate the disclosure of the sustainability statement on environmental, social and business conduct topics.

The sustainability statement is certified (limited assurance) by external auditors. This mission is subject to guidelines published by the French National Authority for Auditing (H2A) in France, specifying the work expected of auditors and the way in which they express their conclusions, pending a European standard governing this new assurance mission.

Societe Generale has prepared its consolidated sustainability statement for the year ended 31 December 2024, in accordance with:

• ●Order No. 2023-1142 of 6 December 2023 (“the order transposing the CSRD”) on the transposition into French law of Directive (EU) 2022/2464 of 14 December 2022, commonly known as the Corporate Sustainable Reporting Directive (CSRD); and
• ●Commission Delegated Regulation (EU) 2023/2772 of 31 July 2023 setting out the sustainability reporting standards (European Sustainability Reporting Standards, commonly referred to as “ESRS”).

The Group is also subject to various regulations, standards and frameworks, both French and European, that overlap with the topics covered by the sustainability statement. When this is the case, it will be specifically mentioned in the relevant section.

The information presented in this sustainability statement were prepared in a first time application context of the legal, regulatory and normative requirements mentioned above. This first time application is marked by uncertainties on interpretation of the texts, and a first analysis of double materiality carried out in the absence of established practices and comparative data.

In this context, and for the purposes of verifiability and understandability, the Group focused on applying the normative requirements set out in the ESRS and on reporting on the basis of the information available at the date of approval of this sustainability statement by the Executive Board, which leads to:

• ●estimations (section 5.1.1.2.2 “Estimates and uncertainties”), for which the methodologies and assumptions could be fine-tuned when data availability and quality will increase and
• ●limitations of the perimeter on: 
  • -activities covered by the materiality assessment (section 5.1.3.1. “Outcomes of the IROs assessment in relation to the strategy and business model”),
  • -the identification of eligible and aligned activities under European Taxonomy (Part 5.2 and related annexes),
  • -activities covered by the Climate Change Mitigation Transition Plan (section 5.3.2.1 “Overview of the climate change mitigation transition plan”),
  • -the underlying assets of the Group selected for the calculation of greenhouse gas emissions (section 5.3.4.2 “Scope of calculation of GHG emissions  attributed to the Group”),
  • -entities with more than 10 employees in respect of the Group's own-account operations.

Finally, considering the underlying evolving path of CSRD and ESRS and in  a continuous improvement approach, the Group could if necessary, adapt in the coming years the content of its sustainability statement, its data collection, disclosure processes and its internal control framework to take account of:

• ●the evolution of the regulatory and normative framework;
• ●issuing additional guidelines or questions and answers to facilitate a better understanding of the requirements;
• ●interpretations of regulatory and normative requirements and best practices;
• ●greater availability of data in particular as a result of the increase in the number of companies subject to sustainable information disclosure requirements.

The consolidated sustainability statement presents sustainability-related information at Group level. This information relates to the parent company Societe Generale, its controlled entities as included in the scope of accounting consolidation, including subsidiaries required to publish their own sustainability statement, and its holdings in joint ventures and associates in France and abroad.

It covers all of the Group’s activities on its value chains which were identified as material during the assessment of impacts, risks and opportunities, with, however, limitations as presented above. The outcome of this materiality assessment is presented in section 5.1.3.1 “Results of the evaluation of the IROs in relation to the strategy and the business model”.

The following European subsidiaries prepare their own sustainability statement: 

• ●AYVENS SAS (France);
• ●BRD – Groupe Societe Generale SA (Romania);
• ●Komerční Banka AS (Czech Republic).

The following European subsidiaries, qualify for the exemption from publishing an individual or consolidated sustainability statement for their own scope:

• ●Boursorama SA (France);
• ●Compagnie générale de location d'équipements SA (France);
• ●Fiditalia SPA (Italy);
• ●Franfinance SA (France);
• ●GEFA Bank GmbH (Germany);
• ●Société Générale Luxembourg SA (Luxembourg);
• ●Sogecap SA (France).

However, some information will be provided by those exempt subsidiaries in their management report, including an exemption statement and a reference to the consolidated sustainability statement of the parent company Societe Generale.

The option provided for in the articles L. 232-6-3 and L. 233-28-4 of the French Commercial Code has been exercised. This allows the undertaking to be exempt from disclosure, in the sustainability statement, of impending developments or matters under negotiation.

ESRS 1 ‘General requirements’ provides for the use of different time horizons. The Group has therefore adopted the following time periods:

• ●short-term: up to one year;
• ●medium term: one to five years;
• ●long term: beyond five years.

These time horizons are retained for the information disclosed in the sustainability statement. When the time horizons deviate from these periods, the exception is mentioned in the relevant section.

Generally, sustainable information could be subject to uncertainties linked to the state of scientific or economic knowledge and to the quality of internal and external data used for example for the value chain (developments below). This information may also be affected by possible future events with uncertain outcomes and consequences. In addition, some information, as prospective information, non-available data and the quantification of some sustainable information in peculiar environment information, are subject to estimations and judgement notably based on Group experience and on international recognized referential for sustainability matters. These estimates are sensitive to the methodological choices made and the assumptions used in their preparation.

Metrics are presented in the sustainability statement, in particular regarding the Group’s value chain information such as the calculation of greenhouse gas emissions, which are based on estimates, averages or assumptions, and are sources of uncertainties with regard to their volatility and the quality of input data. Indeed, a metric constitutes an estimate by construction when it cannot be measured directly by the Group since the underlying data come either directly from customers or from external data providers. As a result, an uncertainty can arise on measurement. In the absence of available information, sector and geographical averages are used, which may not reflect the profile of the Group’s customer portfolio, nor contain sufficiently precise information. For some metrics, such as greenhouse gas emissions attributed to financing activities, multiple data sources are combined. In addition, emission factors which convert activities data in greenhouse gas emissions (GHG, expressed in tons of carbon dioxide equivalent - tCO2eq), are themselves subject to variations depending on sources used or application contexts. By nature, GHG emissions in the value chain cover a large panel of categories, including equipment and services supply, travel management, use of sold products, each containing their own uncertainties. Finally, the absence of consensus in methodological practices and the continuing evolving regulatory environment are also a source of complexity and uncertainty for the global estimation of GHG emissions.

Metrics published in the sustainability statement may be accompanied by explanations, in particular about the nature or limitations of the data or estimates (proxies) used. These explanations are mentioned in the description of the metric.

In that context the Group has put its best efforts to apply the more advanced practices and methodologies. They should be continuously improved in the future, subject to the gradual release of standardised and qualitative data by the Group’s external partners and data suppliers.

The sustainability statement contains objectives and other forward-looking statements that reflect the Group’s ambitions. Such forward-looking information requires careful consideration regarding its use in decision-making. The Group’s ambitions are based on its current convictions and expectations and are influenced by economic expectations. This forward-looking information is therefore subject to risks and significant hazards, including the occurrence of possible future events, the results of which are difficult to assess as they stand, and that are mostly not under the Group’s control. They are therefore subject to significant uncertainties and do not constitute guarantees that the ambitions will be achieved. This sustainability statement reflects, in accordance with the obligations under the CSRD and the ESRS, the Group’s trajectory and not definite outcome. 

The implementation in each jurisdiction where the Group operates of policies, actions and targets as presented in this sustainability statement is subject to the respect of local regulatory and legal provisions.

Since 2017, sustainability-related information has been presented in the extra-financial performance statement (“DPEF”) published on the basis of the provisions transposed into national law of Directive 2014/95/EU (Non-Financial Reporting Directive – NFRD).

The entry into force of the CSRD Directive, transposed into French law by the order transposing the CSRD, changed the presentation and content of sustainability-related information. The disclosure requirements have been considerably tightened, with the obligation to produce a sustainability statement divided into four parts:

• ●general information;
• ●environmental information;
• ●social information;
• ●governance information.

The sustainability statement is based on the standards applicable to all business sectors. The sector-specific standards for financial institutions should only be available and applicable from the 2026 financial year at the earliest.

Although the ESRS form the basis of the disclosures in the sustainability statement, other elements may be included, provided that they are considered material. Material and Group-specific sustainability matters have thus been integrated into the sustainability statement, in the disclosure on thematic standards.

The Group discloses information required by the ESRS in its sustainability statement (included in this Chapter 5 of the Universal Registration Document), which is a specific section of the Management Report.

However, some information is incorporated by reference. The sustainability statement may therefore be based on information contained in other chapters of the Universal Registration Document. These references relate to the following disclosure requirements:

• ●GOV-1 – The role of the administrative, management and supervisory bodies;
• ●GOV-2 – Information provided to and sustainability matters addressed by the undertaking’s administrative, management and supervisory bodies;
• ●GOV-3 – Integration of sustainability-related performance in incentive schemes;
• ●additionnal specific information regarding cybersecurity.

In addition, when, in accordance with IFRS, the topics covered by ESRS have material consequences on the consolidated financial statements, information is provided in the notes to the consolidated financial statements.

The environmental information in this Sustainability Statement includes the information on the activities eligible and aligned with the European Taxonomy presented in this section as well as the information related to climate change presented in the next section (5.3).

Since 2021, in accordance with the (EU) 2020/852 Regulation on taxonomy, Societe Generale has disclosed its exposure to Taxonomy-eligible sectors and to Taxonomy-aligned activities. The Regulation was amended by the European Commission Delegated Regulation 2021/2178 of 6 July 2021 and by the European Commission Delegated Regulation 2023/2486 of 27 June 2023 establishing reporting obligations for financial undertakings and defining performance indicators (KPIs) and additional information to be disclosed from 1 January 2024, supplemented by the European Commission’s FAQs.

The Green Asset Ratio (GAR) is a performance indicator for credit institutions: it expresses the proportion of exposures related to the Taxonomy-aligned activities of these institutions in relation to total covered assets.

For reasons related to its definition, the GAR is structurally low for European banks with diversified business models, and in particular for banks such as Societe Generale whose activities extend internationally outside of the EU and include corporate and investment banking and financing for SMEs.

According to the current methodology the covered scope of the taxonomy ratios excludes as of today from the numerator (but includes nevertheless in the numerator) all exposures to SMEs (as they are not subject to the NFRD’s reporting requirements) and the exposure to non-EU domiciled companies to which the NFRD does not apply, meaning that the Bank’s exposure to these companies can be neither eligible nor aligned.

Furthermore, the Taxonomy climate objectives provide a classification system that identifies activities that are already close to or near the target of carbon neutrality. It partially takes into account the decarbonisation efforts of companies to reach this target. Therefore, the GAR (as currently defined) does not account for Societe Generale’s significant efforts and progress in supporting customers in their transition.

The application of Taxonomy Regulation help to shape strategic thinking on activities that can contribute to Societe Generale’s objective on sustainable finance target. Despite the KPIs representing the Taxonomy’s key performance indicators (KPIs) remain limited in their design and dependent on availability and quality of data, they are not fully representative of the Bank’s sustainable finance activities at this stage: as these limitations resolve and data gaps close their relevance to the Group’s business strategy may evolve positively.

The resilience of the Group’s strategy and business model is assured by both the materiality analysis and the Business Environment Scan (BES). The role of these two processes in resilience analysis is detailed in section 5.1.3.1 “Outcomes of the IRO assessment in relation to the strategy and business model”.

From a risk perspective, resilience is mainly analysed using the financial materiality assessment exercise, in particular, by performing the stress tests described below. In the absence of stress tests, an analysis based on expert opinion is carried out.

In 2022, the Group approved the principle of incorporating a scenario-based climate stress test into the Group’s stress tests. It is produced at least once a year, over the short to medium-long term, and covers transition and physical risks across a global scope or a specific portfolio.

As part of the stress test exercise, the main assumptions primarily concern the long-term scenarios used, which are the “Current Policies”, “Below 2°C” and “NZE 2050” scenarios. They are broken down by sector and geography. Physical and/or transition shocks are also applied to these scenarios in the short, medium and long terms.

Stress test work on credit risk and counterparty risk is based, in particular, on the transition and physical ICVI indicators, presented below in section 5.3.5.3 “Quantifying climate risks”.

The financial materiality assessment work was carried out on all risk categories and factors.

The elements below focus on credit risk, counterparty risk and business risk, identified as material from a climate perspective:

• ●regarding credit risk, the scope covers the Group’s Corporate and Retail Banking portfolios;
• ●regarding counterparty risk, the scope covers all counterparties with which the Group enters into derivatives and securities financing transactions;
• ●regarding business risk, the scope covers all of the Group’s activities.

The work on stress tests and the business environment scan was carried out between the end of 2023 and the beginning of 2024, as part of the annual financial materiality assessment. A new exercise was launched at the end of 2024 and completion is expected in the second quarter of 2025.

The main macroeconomic climate assumptions made as part of the stress test work related, first and foremost, to the scenarios used.

For credit risk, the Group proceeded as follows:

• ●a stress test performed using 3 macroeconomic scenarios detailed in the section 5.1.3.2.2 “Description of the process to identify and assess material IROs in relation to topical ESRS” in relation to topical ESRS over a long-term time horizon (2040 and 2050): “Below 2°C” used as the reference scenario, “NZE 2050” and “Current Policies”;
• ●two stress tests respectively for short- and medium-term shocks (time horizons from 2023-2024 to 2026 and 2030 respectively), incorporating plausible adverse economic slowdowns triggered by negative climate change-related effects (incorporating a particular focus on transition issues and climate hazards).

The impact of climate change on counterparty risk was assessed from six market stress tests (an “NZE 2050” scenario and a “Current policies” scenario, spread over the three time horizons 2025, 2030 and 2040), and the use of stressed default probabilities for corporate clients in sectors exposed to climate risks.

The results of the stress tests are especially used as part of the financial materiality assessment process, these two exercises then feed into other works including those related to Risk Appetite, the Business Environment Scan, the budget exercise and the ICAAP.

In addition to the stress tests, the estimated expected financial effects are also then used in the context of the Risk Appetite exercise, the annual budget exercise and the ICAAP.

The results of the resilience analysis are detailed in section 5.3.1.2 “Description of climate-related material IROs”.

By definition, stress tests are necessarily constructed on the basis of uncertain data. The inclusion of climate components into these stress tests inevitably adds uncertainties, linked in particular to the fact that time horizons relating to the climate issues studied can be long, historical data remain limited (as climate issues are expected to become increasingly significant over time), some data is still not robust and certain methodologies are still intended to be improved and standardised over time. In addition, it is still difficult to accurately establish the link between climate risks and different risk categories.

Climate change-related material IROs mainly concern financing and investment activities in the downstream value chain.

The material impacts identified in the short, medium and long terms in connection with climate change are as follows:

• ●within corporate and investment banking, on the financing of counterparties operating in the highest-emitting sectors and which have a potentially negative impact on climate change;
• ●within the life insurance business, on issues associated with investing in corporate equities and bonds that have a potentially negative impact on climate change.

Material climate change-related risks are detailed below. Credit, counterparty and business risks are identified as material in the sense of financial materiality.

Credit risk is the risk of counterparty default as well as the associated risk of loss. From a climate perspective, the credit risk of the Group’s various customer portfolios can be accentuated by both transition risk and physical risk aspects.

The Group has also determined, through a systematic analysis of transmission channels, that transition and physical risks are likely to affect credit risk primarily through revenues, costs, assets and equity, despite the impact through interest rates remaining limited.

In terms of transition risks, in a world where transition efforts are accelerating in line with the objectives of the Paris Agreement, the Group’s Corporate clients will face increasing transition risks arising from the shift to an economy compatible with net-zero greenhouse gas emissions and more respectful of planetary boundaries.

The risk identification exercise showed that, with regard to climate, policies and regulations as well as technology, are relevant transition risk factors for corporate credit risk, with a potentially major effect in the short and medium term, while behavioural changes can have a more indirect and medium- to long-term effect on corporate credit risk.

Certain sectors of activity (such as Real Estate, Oil and Gas, Automotive or Aviation) are particularly affected by transition risk.

With regard to physical risks, the risk identification exercise also showed that, regarding to climate, in a scenario where the transition is too slow to occur, physical risks will become a growing concern for the Group’s Corporate counterparties.

The frequency and intensity of severe weather hazards are expected to increase, while chronic physical hazards such as heat stress and rising sea levels are expected to become more prevalent. To date, the Group has determined, taking a conservative approach, that all climate-related physical risks are relevant risk factors with a long-term effect in a “Current Policies” scenario and potential short- and medium-term effects in the event of a negative economic shock.

As regards individual and professional customer counterparties, the main risk is related to the repayment capacity of households and professionals. This capacity depends on households’ disposable income as well as on profitability for professionals, factors that may be affected by climate change (decrease or loss of business, increase in charges and costs). In addition, climate risk could also reduce the value of assets taken as collateral (damaged, abandoned assets) and so reduce the banks’ ability to recover their loan amounts in the event of a customer default (increased risk of loss).

After assessing materiality, the credit risk for individual and professional customers was considered moderate. As a result, the financial materiality assessment for these individual and professional customers concluded, on the basis of the assumptions adopted, that there was a non-material risk, in the short, medium and long term.

Counterparty risk depends on the counterparty’s probability of default, on the one hand, and on the exposure at the time of default, on the other. The variability of counterparty risk exposure, notably measured via GASEL (Global Adverse Stressed Loss), can therefore be affected by the following two elements:

• ●the effect on the probability of default: the Group considers that the most significant effects are those affecting costs, revenues and assets that directly affect the counterparties’ solvency. The climate risk identification exercise showed that policy and regulation, as well as technology, are relevant transition risk factors from the short term to the long term, while behavioural changes can have a more indirect effect in the medium and long term. In addition, the Group believes that all types of physical risks will become a growing concern for companies in the medium and long term with the increase in the frequency and intensity of climate events, potentially impacting companies’ financial health;
• ●exposure at default (or stressed exposure): The climate risk factor can, in fact, change the value of derivatives insofar as it has an effect on the value of the underlying assets in these transactions (share prices, exchange rates and interest rates). In this process, the most significant effects will primarily result from changes in carbon prices (transition), especially in the long term in a physical stress scenario. Exposure at default can be partially mitigated via the margin call mechanisms that are put in place for the majority of exposures.

Regarding counterparty risk, climatic factors are considered material over short, medium and long term horizons.

Business risk is the risk related to the loss of value due to fluctuations in volumes, margins, commissions and operating expenses that are not already recognised under other categories of risk (such as the IRRBB, insurance activity-related risks, etc.). It is currently measured and managed as the risk of deviation from the budget. The budgetary trajectory is based on a narrative and on macroeconomic metrics, which include assumptions of a “Below 2°C” climate scenario.

The main financial effects of transition risks identified concern:

• ●unforeseen policy and regulatory changes generated by climate change, which could lead to a revision of the Group’s strategic plan and/or reduce its profitability;
• ●changes in the behaviour of investors, customers or employees who could negatively judge companies considered to be contributing to climate change, which could have a negative impact on the Group’s ability to execute its strategic plan, implement its business plan due to its inability to retain its employees, customers or investors as a result of a deterioration in its image or its inability to allocate scarce resources efficiently.

Given the existing framework, climate transition risk factors are considered, on the basis of expert judgement, as material risk factors for business risk, in the short, medium and long term.

Physical risks could also have a long-term effect if resources are allocated to geographical areas that are seriously affected by climate change. In fact, the deterioration of the climate could lead to an increase in general costs, reduce business opportunities or even require the discontinuation of activities.

Regarding business risk, climatic factors are considered material over short, medium and long term horizons.

Climate change-related opportunities related were assessed as being material, mainly with regard to financing activities. They are detailed in section 5.3.6 “Material climate change-related opportunities” and section 5.1.3.1 “Results of the evaluation of the IROs in relation to the strategy and the business model”.

The Group acts as a responsible employer in the management of Human Capital through all the policies and tools implemented within the company to attract, recruit, integrate, train and engage employees. The term Human Capital refers to the Group's employees and non-employees working on behalf of the Group (excluding service providers who are workers in the value chain).

The Group operates in more than 60 countries and has around 119,000 employees worldwide.

• ●The scope of employees covers permanent contracts (known in France as “CDI”) and fixed-term contracts (“CDD”) including work-study participants, according to the regulations applicable locally;
• ●the genders “women” and “men” are reported, as current capacities do not yet allow for the identification of “undeclared” and “other” genders at Group level;
• ●the workforce figures are taken from the Group’s Human Resources Department’s information systems and supplemented by local HR teams as part of data collection campaigns;
• ●the figures in this section are to be considered in headcount rather than full-time equivalents (FTEs) and relate to the 2024 financial year;
• ●the data in this section relates to the consolidated scope, including entities with ten or more employees, captured in the context of the social information collection campaign for the year ended 31 December 2024.

In addition, there are a total of 7 non-guaranteed hours contracts (including 4 women and 3 men) accross Switzerland, Sweden and the Netherlands.

The Group interacts with its employees in accordance with the values and principles set out in the following main international conventions:

• ●the Universal Declaration of Human Rights and its related covenants;
• ●the ten conventions as well as the declaration on Fundamental Principles and Rights at Work, recognised as fundamental texts by the International Labour Organisation (ILO);
• ●the UNESCO (United Nations Educational, Scientific and Cultural Organisation) World Heritage Convention;
• ●the OECD (Organisation for Economic Co-operation and Development) Guidelines for Multinational Enterprises;
• ●the United Nations Guiding Principles on Business and Human Rights.

The double materiality analysis has identified potential material impacts on Human Capital. Employees and non-employees are considered as a whole, without distinction or specific characteristics. This analysis has identified potential negative impacts in the short and medium terms on Human Capital, before taking into account any mitigation policies and actions deployed by the Group, concerning the following matters:

• ●diversity, equity and inclusion;
• ●employment and inclusion of people with disabilities;
• ●training and skills development;
• ●inappropriate behaviour and harassment;
• ●occupational health and safety;
• ●work-life balance and respect for privacy;
• ●fair compensation;
• ●social dialogue;
• ●freedom of association and collective bargaining rights.

Furthermore, the Group has a positive material impact on its employees and society through the philanthropic activities of its Foundation.

This double materiality analysis did not highlight any material risks and opportunities, nor material impact on forced labour and child labour. These results, and their links to the strategy and business model, are presented in section 5.1.3.1 “Results of the assessment of IROs in relation to the strategy and business model”.

Potential material impacts on Human Capital were qualified following the double materiality assessment methodology defined by the Group. The result of this assessment is based on internal Human Resources expert reviews and on analysis of the opinions of stakeholders such as employees (via the employee satisfaction survey), civil society, clients, extra-financial rating agencies and investors.

Data points regarding the topics ‘employment and inclusion of people with disabilities’, ‘training and skills development’, ‘occupational health and safety’, and ‘work-life balance and respect for privacy’ are not published in this sustainability report because they are not mandatory for this first year of application.

The Responsible Employer strategy is approved by the Human Resources Department and gives rise to quarterly meetings with human resources experts to manage indicators.

Objectives for 2026 were set in 2023: an ambition in terms of gender equality of at least 35% of women leaders within the Group Leaders Circle (or Top 250), as well as the reduction of any pay gaps between women and men within the Group by mobilizing a budget of 100 million euros. These are regularly monitored by the Executive Committee of the Human Resources Department.

Alongside the aspects defined in this Responsible Employer strategy, other issues have been identified within the framework of a common base and further details are contained in this Sustainability report: the remuneration policy, measures against violence and harassment in the workplace, etc.

All of the Group’s policies are centralised in internal standards documentation, applying to all employees. Some of these policies are developed in specific parts of the Sustainability report.

In order to prevent and mitigate these potential impacts, the Group defines specific guidelines for the various issues identified, as well as a set of policies applicable to the entire Group, implemented by the Business Units and Service Units, including:

• ●the definition of five priority areas to combat all forms of discrimination: gender diversity, the inclusion of people with disabilities or those who are neuroatypical, diversity of ethnic, cultural or socio-economic origin, intergenerational inclusion and the inclusion of LGBTI people;
• ●a health policy that is operational in all the Group’s entities, as a result of the support of dedicated local teams (HR, logistics managers, occupational medicine, etc.) and takes into account national legislation and local contexts. In addition, as a responsible employer, the Group is committed to maintaining decent working hours that respect work-life balance;
• ●renewal of the Group’s global agreement on employee rights with the international federation, UNI Global Union. This agreement, covering 100% of the Group’s employees, improves trade union rights and establishes new rights for the Group’s employees;
• ●attractive compensation that nurtures employee loyalty and boosts the Group’s long-term performance;
• ●a skills development offer aimed at guaranteeing the employability of employees throughout their professional career within the Company.

These actions are supported by commitments, presented below, and are monitored by the Executive Committee of the Human Resources Department. In addition, the Group consults all employees on these material topics through the employee barometer, an annual survey that gives them the opportunity to express themselves freely and anonymously on these subjects.

The Group has made commitments to employability prospects in order to attract and retain talent and is implementing actions to promote personalised career opportunities adapted to future challenges.

The Group has launched a Strategic Workforce Planning (SWP) initiative worldwide. The aim is to adapt policies, particularly in terms of training and filling positions, to the evolving skills required by the business lines and which are strategic challenges of the Group. This initiative provides employees with the means to boost their employability.

This initiative is in place for all of the Group’s key businesses and in 2024 covered virtually all Business and Service Units, representing the foundation of an effective strategy for acquiring new skills and guiding the development of those skills already existing within the Group.

The Group offers many career opportunities to its employees across business lines and sectors of activity. The principles underpin the Group’s policies on internal mobility and filling positions, and they apply to all Group entities. They focus on:

• ●ensuring transparency as regards vacant positions, by systematically posting offers on the internal job exchange (Job@SG), in entities using this tool;
• ●filling positions from within the Group where possible;
• ●maintaining a community skilled in recruitment practices, in France and internationally, so that best practices and information can be shared;
• ●strict adherence to the recruitment process defined by the Human Resources Department to avoid any potential risk of corruption or conflict of interest, or any form of discrimination or favouritism;
• ●the permanent adaptation of employees’ skills to rapid changes in their environment. In addition to being able to apply for vacancies advertised internally, employees can also be contacted by managers looking to fill a position. Employees’ skills are matched with those sought by hiring managers thanks to the ACE skills self-reporting platform, which includes an AI-based recommendation engine that managers can use to quickly identify employees whose profiles meet their needs. ACE is deployed for more than 76,800 of the Group’s employees, in 80 entities and 30 countries, covering 65% of the Group’s employees.

The Group has also offered reskilling programmes since 2020. Developed with business line experts, these programmes aim to offer employees who want to change jobs the opportunity to reorient themselves professionally within the Group towards professions that are growing, or where employees are in short supply, with an emphasis on the promise of internal mobility for employees. These programmes frequently involve the awarding of certificates or diplomas, combining theoretical learning via academic partnerships with practical experience through a mentorship process, thus facilitating the employee’s integration into their new team. Since 2020, more than 860 employees have engaged in 90 diversified reskilling programmes, particularly on Data, ESG and Agile Project topics.

The skills development training offered by various departments (corporate centre or academies specific to Business or Service Units or subsidiaries) come in a variety of formats (e-learning, face-to-face, MOOC, videos, etc.) and target:

• ●business skills, in particular in market activities and corporate finance;
• ●the culture of risk, responsibility and compliance of employees. Compulsory training for all Group employees covers the following subjects: information security, anti-corruption measures, Code of Conduct (including the right to whistleblow and the fight against inappropriate behaviour), the General Data Protection Regulation, international sanctions, anti-money laundering and counter-terrorism financing, conflicts of interest and harassment;
• ●data and artificial intelligence skills;
• ●CSR skills;
• ●managerial and leadership skills;
• ●behavioural skills (improving operational efficiency, collaboration, change management, etc.).

The average number of hours of training per employee per year in 2024 was 38.2 hours, with 38 hours for women and 38.4 hours for men. All skills development initiatives (such as distance and face-to-face training, including mandatory training, coaching or mentoring initiatives) have been taken into consideration when counting these training hours.

The Group monitors every employees’ performance throughout their careers, particularly through development plans and annual performance reviews. Employee assessment is a three-stage process and is structured around two interviews between the manager and the employee: the setting of objectives at the beginning of the year, in line with the Group’s strategy (“Direct”) and the end-of-year review (“Review”). Between these two interviews there is a monitoring and support phase throughout the year (“Mobilise”). The process is based on the use of a dedicated tool deployed across all the Group’s entities, guaranteeing uniformity and consistency in the methodology used during performance reviews.

In addition, for permanent Group employees, the appraisal interview is completed by a professional meeting with their line manager during which they can discuss prospects for professional evolution over the medium and long term.

The Group offers personal and professional development opportunities to its employees to improve employability, increase the internal mobility rate and better control the rate of departures, which was 12.4%(3) in 2024, i.e. 13,853 employees with a permanent contract who left the Group.

With around 119,000 employees from 145 nationalities working in more than 60 different countries, and with 53% of its workforce based outside of France, the Group confirms its commitment to making Diversity, Equality and Inclusion (DE&I) a reality for all employees and a managerial priority for the Group.

The Group has defined five priority areas to combat all forms of discrimination: gender diversity, the inclusion of people with disabilities or those who are neuroatypical, diversity of ethnic, cultural or socio-economic origin, intergenerational inclusion and the inclusion of LGBTI people.

The Group has a range of policies, actions and other processes in place to counter the risk of discrimination, including:

• ●a DE&I policy, reflecting the Group’s determination to recognise and promote all talents, regardless of their beliefs, age, disability, parental status, nationality, gender identity, sexual orientation, membership of a political, religious or trade union organisation, or any other factors on the basis of which they could be discriminated against. It is made available to all stakeholders on the Group’s institutional website. It aims to create the conditions for an inclusive organisation and to uphold fair and equal treatment practices;
• ●sponsorship at the highest level of the organisation, led by the Group’s Deputy Chief Executive Officer;
• ●a DE&I Committee, made up of twelve members from the Group Management Committee and a DE&I expert to guide discussions and proposals;
• ●a dedicated team that relies on an international network of DE&I managers within the Group and the Group’s networks of committed employees;
• ●an ambition represented by a gender equality target of increasing the percentage of women within the Group Leaders Circle (or Top 250) to at least 35% by 2026;
• ●the reduction of potential pay gaps between women and men within the Group by 2026 through the allocation of a budget of EUR 100 million;
• ●public commitments that have been strengthened over recent years with, in particular:
  • -the signing in 2023 of the new Global Agreement on Fundamental Rights with UNI Global Union, including provisions reflecting the Group’s DE&I commitment,
  • -in France, the renewal of the Charter of the Other Circle in October 2024,
  • -in France, a collective agreement on gender equality in the workplace in 2023,
  • -in France, signing of the OneInThreeWomen Charter to raise awareness of violence against women in 2022,
  • -the signing of a new Corporate Parenthood Charter, to support parents in all family configurations in France (single parents, same-sex parents, etc.) in 2022,
  • -the signing of the Towards the Zero Gender Gap initiative during “Women’s forum 2021”.

The Group’s commitment to implementing a strong diversity policy is also based on a set of initiatives, including:

• ●hosting the first international summit on diversity, equity and inclusion. This event brought together 45 employee networks from the Group’s key locations to work on the five priorities of DE&I;
• ●specific monitoring indicators for women and international employees, i.e., their representation within high-potential pools and succession plans, their promotions, pay rises, grades and classifications, etc.;
• ●an e-learning course on understanding and preventing discrimination in the hiring process, which is mandatory for HR staff and managers;
• ●the facilitation of “Diversity Fresque” training workshops;
• ●all French and international job offers, published on the careers.societegenerale.com recruitment site, includes a paragraph relating to the Group’s DE&I commitments;
• ●an in-house resource hub (the DE&I SharePoint) available to all Group employees and containing articles, benchmark studies, reports and more;
• ●support for in-house employee networks set up to promote inclusion: women’s networks, in particular, women in digital, WAY (We Are Young), Pride&Allies (LGBTI), Great Minds (neurodiversity), networks supporting diversity of origin such as “Be Me Network” in the UK, “Black Leadership Network”, “Vamos” and “Asian Professionals Network” in the US, “Cultural Diversity Network” in Asia, etc.

In 2024, 100% of the Group’s employees were covered by a DE&I policy and 98% had local initiatives or programmes in at least one of the five priority areas.

Below are the main Diversity, Equity and Inclusion-related indicators.

Top management is understood here as the Top 250 within the Group (Group Leaders Circle).

30% were women and 70% men as of 31 December 2024.

The indicators shown for the breakdown of employees by age correspond to the Group’s data at the end of 2024, with the exception of US entities where dates of birth are not permitted to be stored in IT systems:

The Group has multiple actions to promote the employment of people with disabilities or who are neuroatypical, such as:

• ●the renewal, for the sixth time, of the three-year agreement 2023-2025 promoting the employment and occupational integration of people with disabilities in France;
• ●the launch of awareness-raising campaigns during the European Week for the Employment of People with Disabilities;
• ●the provision of a conversation guide called “All together for an inclusive environment with people with disabilities”;
• ●work on digital accessibility (particularly for clients) and physical accessibility on the Group’s premises;
• ●the setting up of an Academy in Romania to train people with disabilities to improve their employability.

The Group’s occupational health and safety policy, applicable groupwide, aims to provide each employee with a safe working environment – taking into consideration both the physical workplace and working practices – that guarantees their safety and their physical and psychological well-being. The Group complies with all local labour laws and legal obligations for occupational health and safety in all of its entities worldwide.

This health, safety and prevention policy is based on three main players:

• ●the Group Security Department, responsible for implementing a safety awareness programme within the Group via a dedicated community, including a representative in each Business and Service Unit;
• ●human resources for mental and physical health, within the context of improving quality of life and conditions at work;
• ●managers, guarantors of continuous risk monitoring on a daily basis.

The Group’s long-standing commitment to offering the best possible working conditions means:

• ●a global approach to security rolled out by the Group Security Division, with the aim of assessing risk levels and unifying all protection measures in order to be able to respond in an optimal manner to multiple exogenous and endogenous threats (cybercrime, terrorism, geopolitical risks, health risks, climate risks);
• ●continuous awareness with Security Hours, monthly events for all Group employees;
• ●a safety and security master plan, prepared by the Group’s Security Division for France and shared with the international entities and subsidiaries as standard practice, to be applied in addition to all local safety and security rules;
• ●continuous risk monitoring by a specialised team with a network of experts and in conjunction with the authorities in France and abroad.

As the profession is potentially exposed to robbery and incivility, the Group takes great care to ensure the safety of its employees. By way of example, the Group partners with France Victime to offer anonymous psychological support for any employees who are victims of offensive or aggressive behaviour or armed robbery.

As the Group is legally responsible for, and guarantees the safety of, its employees on business trips, including international trips, it has developed a security policy to reduce exposure to potential security risks and reduce the impact in the event of a crisis likely to affect the physical safety of employees travelling internationally. The Group has a partnership agreement in place for the purposes of ensuring health and safety, and repatriation services.

Particular attention is paid to working hours, notably through:

• ●compliance with local laws on hours of work;
• ●the inclusion of a workload discussion between the employee, the line manager or HR manager during the annual evaluation;
• ●awareness raising and support for managers and employees to promote an optimal organization of work;
• ●work-life balance initiatives.

The Group also considers each entity’s local context when implementing measures to promote a healthy work-life balance, such as:

• ●social benefits covering their children;
• ●support for employees who are caregivers and schemes for the donation of days between employees;
• ●in France more specifically:
  • -expanded eligibility for parental leave to take into account all family configurations,
  • -support for employees suffering from chronic illness and/or returning to work after a lengthy period of sick leave,
  • -signature to a new Parenthood Charter.

In addition, the renewal of the agreement with UNI Global Union in 2023 permits the gradual implementation, across all Group entities, of a minimum of 14 weeks maternity leave and one week paternity leave. These two measures are complemented by a guarantee in the event of the employee’s death of a minimum of two years’ salary in an approach aimed at ensuring a minimum level of social protection, in terms of health, life and disability insurance, for all employees worldwide.

In November 2022, the Human Resources Division signed an agreement with the French trade unions on workplace wellbeing. The aim was to instil new momentum to improve working conditions and prevent occupational risks. This agreement came into effect on 1 January 2023 for a three-year term and centres on six areas: work-life balance, new ways of working (remote/hybrid working), individual and collective freedom of expression, workload, living and working with cancer or another chronic illness, and the prevention of psychosocial risks (PSR) particularly within the context of the fight against isolation and occupational marginalisation. The goal is to focus on wellbeing in the workplace on a broad level, using all possible levers to achieve it.

95% of the Group’s employees benefit from a remote working system with arrangements appropriate to their local context and 92,268 people were remote working within the Group at the end of 2024.

In January 2021, General Management signed an open-ended Remote Working Agreement with the French trade unions. The agreement makes remote working available to all employees (i.e., whether on permanent or temporary contracts and including trainees, work-study students and new hires). The agreement establishes the principle of regular remote working, setting two days of remote working per week as the standard. Each Business and Service Unit can adjust the number of remote working days so that the system is implemented in a collective manner. In implementing this agreement, the Group’s entities adhere to all principles of equality, rules on working hours, the right to disconnect, and health and safety requirements for staff working from home.

The total remuneration(4) taken into account when calculating the pay gap indicators between women and men and total remuneration includes:

• ●contractual fixed remuneration on an annual basis on a full-time equivalent basis and bonuses comparable to fixed remuneration;
• ●variable remuneration (including long-term incentives) awarded in 2024 for the 2023 performance year;
• ●profit-sharing scheme for Societe Generale SA employees in France.

The scope used to calculate these two indicators comprises employees paid under permanent or fixed-term employment contracts(5).

On this basis:

• ●the total pay gap between women and men, defined as the difference between the average total remuneration of male and female employees expressed as a percentage of the average total remuneration of male employees and calculated groupwide, is 34%;
• ●the total pay gap between women and men, defined as the difference between the median total remuneration of male and female employees expressed as a percentage of the median total remuneration of male employees and calculated groupwide, is 22%;
• ●the ratio of the total annual remuneration of the highest paid person to the average total annual remuneration of all employees (excluding the highest paid person) and calculated at group level is 69;
• ●the ratio of the total annual remuneration of the highest paid person to the median total annual remuneration of all employees (excluding the highest paid person) and calculated at group level is 97.

These gaps and ratios are indicators of gross pay gaps between women and men that do not take into account differences in pay between countries or financial markets, fields of activity, professions and functions.

As regards the total remuneration ratios, they are explained in particular by the fact that approximately three quarters of staff are active in either retail banking (a significant proportion of which is in Central and Eastern Europe and Africa), mobility and leasing, or a shared service centre in India and Romania, where levels of remuneration are lower than in investment banking activities in the major financial centers in Europe, the United States and Asia and in the corporate functions of the Group.

The total pay gaps between women and men can be explained, in particular, by the fact that there are proportionally significantly more men than women working in activities and professions associated with higher salaries (such as sales or trading in investment banking or IT professions). Women are in the majority in the retail banking workforce, where remuneration is lower. This difference is accentuated by the fact that a significant percentage of the Group’s retail banking activities are located in Central Europe (Czech Republic and Romania) where compensation is lower than in Western Europe and North America.

The calculation of the gross pay gaps between women and men reflects the gender distribution within the Group’s various business lines and geographical scopes. The Group has launched numerous groupwide initiatives as part of the diversity, equity and inclusion policy to increase the representation of women in the highest-paid activities, professions and functions and to make progress in terms of parity, recruitment, promotions, talent pool, career management, etc. (initiatives detailed in Chapter 5.4.1.3.1 “Providing the conditions for an equitable and inclusive culture”).

In addition, the Group has enshrined the principle of gender pay neutrality in its remuneration policy and regularly monitors its implementation groupwide to ensure equal treatment between women and men. A budget of EUR 100 million has been allocated groupwide to close the gender pay gap as part of the Group’s strategic plan.

The Group strives to offer attractive, fair and sustainable remuneration to nurture employee loyalty and boost the Group’s performance over the long term. Within this context, the Group has incorporated the notion of an adequate wage into its approach to remuneration since 2023, taking into account the living wage references developed for each country and region of the world by the Fair Wage Network, a globally recognised NGO.

This living wage is defined as remuneration that allows employees to meet their essential needs and that of their family (food, housing, transport, children’s education, health costs, etc.) as well as allowing them to participate in social and cultural life and to build up precautionary savings. The level of the living wage for each country is determined according to the local context and criteria such as the size of the household and the average number of people likely to bring income into the household(6). The levels are readjusted regularly to take account of changing circumstances.

As a continuation of the work carried out previously, the Group analysed the fixed remuneration(7) of its employees(8) for 2024 worldwide, in the countries where the Group operates. Some deviations from the Fair Wage Network’s benchmark were identified during these analyses (in three subsidiaries) and corrective measures were decided upon and implemented.

At the end of 2024, there was no gap between employees’ fixed remuneration and the adequate wage, as determined in accordance with the applicable benchmarks (based on the living wages provided by the Fair Wage Network). In addition, no gap was reported in relation to the minimum wage set by national legislation or by collective bargaining if no minimum wage has been set by national legislation.

In 2023, maintaining the importance of social dialogue, the Group signed the renewal of a global agreement on the Group’s employee rights with the international federation UNI Global Union based on the previous agreements of 2015 and 2019. This agreement, valid for four years, reinforces the role of UNI Global Union in the Bank’s duty of care plan, introduces new rights for the Group’s employees, improves trade union rights and recognises the commitments made by the Bank in the light of the rise of new labour and human rights organisations. Under this agreement, the Group regularly communicates with UNI Global Union and an annual meeting to monitor commitments is held between UNI Global Union representatives, the management of the Group’s Human Resources Department, and representatives from the Group’s trade unions. A number of working meetings were held in 2024, the last of which was in October 2024.100% of the Group’s employees are covered by this global agreement.

Staff representation within the Group is organised as follows:

• ●a European Group Committee: a forum for information, dialogue and exchange of views on economic, financial and social issues of strategic importance and of a transnational nature, which meets twice a year;
• ●a Central Social and Economic Committee, with authority to take decisions in relation to Societe Generale SA in France. It meets at least five times a year and is responsible, in particular, for ensuring that employees express themselves collectively. It is informed of corporate projects in France and is also consulted on issues relating to knowledge of the Company’s general situation (strategic guidelines, strategic workforce planning, general training guidelines), the Company’s economic and financial situation and its social policy;
• ●Social and Economic Committees within Societe Generale SA in France and within French subsidiaries, which can be consulted or informed about projects at an institutional level, as well as listening to employees’ concerns, in a spirit of continuous dialogue.

Specific means are made available to representative trade unions to communicate with employees, in accordance with the legislation in force in the various countries. For example, within Societe Generale SA in France, these include:

• ●the distribution of leaflets to employees;
• ●bulletin boards displaying union communications in the workplace;
• ●each representative trade union organisation website can be accessed via the Company’s intranet;
• ●union information meetings held with employees on working hours without loss of pay for the employee;
• ●the option for employees to subscribe to representative trade union organisations’ mailing lists and to receive trade union communications via their work or personal email.

In terms of social dialogue, the Group demonstrates its commitment by signing a number of collective agreements with social partners, covering remuneration and employee benefits, working conditions (working hours, employment conditions, remote working, etc.), strategic company projects, labour relations practices and equality in the workplace. The content of these agreements is communicated to employees via internal communication campaigns and made available to employees on the Group’s intranet.

In 2024, 191 local agreements were signed within the Group, covering 68% of the workforce. Moreover, in France (the only country in the European Economic Area accounting for more than 10% of the Group’s workforce), 99.9% of employees are represented by trade unions or other forms of employee representative (such as Social and Economic Committees, elected committees, Works Councils, staff delegations, etc.).

In 2024, 99.3% of employees were in entities that considered social dialogue to be good or very good.

The Group has set up systems to enable employees to express their opinions, in particular via the employee satisfaction survey and through a culture of dialogue.

The Group measures employee engagement through its Employee Satisfaction Survey, an annual, anonymous internal survey conducted throughout the Group. Employees are asked to freely express their opinion and impressions on a range of topics related to life at work. All answers are strictly confidential. The results are shared with employees and serve as the basis for drawing up action plans and putting together working groups involving employees in each of the Business and Service Units, with a view to continuous improvement. These action plans are then submitted to the Board of Directors.

The 2023 results led to actions on the following issues in the 2024 financial year:

• ●engaging with Group strategy;
• ●improving operational efficiency;
• ●promoting wellbeing at work.

In 2024, 76% of the Group’s employees responded to the survey, a significant increase (+3 points) compared to the previous year. This new version of the survey gave the option of evaluating issues of commitment, efficiency, responsibility and prospects, with the following key figures:

• ●the Group’s engagement rate increased slightly to 65%. This rate is included in the common objectives of the members of the Group Management Committee;
• ●in terms of diversity, equality and inclusion, 88% of employees feel included and accepted for who they are;
• ●75% of employees feel that they have a good work-life balance;
• ●83% of respondents would systematically exercise their right to whistleblow if they witnessed, or were confronted with, inappropriate behaviour.

The Group also invites all employees to have the courage to speak up, with the dual objective of identifying the best ideas and more easily detecting risks. In order to foster freedom of expression and active listening, mandatory training is provided together with workshops to raise awareness, guidelines on maintaining a culture of dialogue and practical fact sheets. Regular feedback is also practised within the Group to build an environment that is conducive to dialogue.

The Group is vigilant when it comes to complying with regulations, internal rules and procedures, and the ethical principles governing its business activities. These principles are detailed in the Group’s Code of Conduct.

Having, in particular, coordinated the Group’s Culture and Conduct programme since 2021 alongside the Compliance Division, the Human Resources Department is particularly active in promoting ethical and responsible conduct on the part of individuals and teams that will translate into ethical and responsible business for the Group as a whole. To this end, it organises annual campaigns involving training, workshops, videos, articles and the like, designed to foster an environment in which appropriate conduct prevails, in line with the Group’s values (see section 5.5.1.1.1 “Ethics in business conduct”).

Introduced in 2019, a Group policy to combat inappropriate behaviour aims to prevent and combat any behaviour that contravenes the principles set out in the Group’s Code of Conduct. As part of its drive to stamp out inappropriate conduct, the Group has adopted a zero-tolerance stance on psychological harassment, sexual harassment and sexism in the workplace. It organises information campaigns and encourages employees to speak up to their line managers and/or to human resources contacts if they become aware of or experience any form of harassment. All Group employees receive mandatory training on the prevention of inappropriate behaviour. At the same time, the Group has put in place a plan focused on awareness and training involving, in particular, specific workshops for managers and employees to raise awareness of methods of preventing inappropriate behaviour. Human resources teams are trained to prevent, and deal with, these situations as best as possible. This policy is designed to ensure that people are aware that such behaviour is subject to disciplinary action (criminal sanctions in certain cases) and dismissal where required.

Set up for the entire Group, the Whistleblowing procedure allows employees, members of the management bodies, Board Directors, shareholders or non-employees to confidentially report any situations of which they are aware that either breach the Group’s ethical standards or rules of business or could be illegal or contrary to applicable legislation (described in section 5.5.1.1.1 “Whistleblower protection”). This right to whistleblow can cover situations of inappropriate behaviour or supposed threats to the health and safety of people.

Published in 2019, the global disciplinary policy formalises the Group’s principles and best practices in relation to sanctions (recognition of the right to make a mistake but zero tolerance on misconduct, collective decision-making on sanctions, proportionality, managers’ ultimate responsibility in upholding principles and enforcing sanctions, sanctions paired with corrective actions). This global policy translates into operating procedures and a record of disciplinary actions imposed in each Group entity. Key indicators relating to disciplinary actions are communicated to General Management.

In 2024, 310 alerts of inappropriate behaviour (psychological and sexual harassment, sexist behaviour, discrimination, violence at work, health and safety) were filed.

Alerts (or complaints) within the meaning of the right to whistleblow are analysed following a very strict process (see section 5.5.1.1.2 on the right to whistleblow). After examination of the alerts, the analysis determines whether or not there has been a breach either of the Group's internal rules or of a legal or regulatory obligation applicable to the Groupe, referred to as “incident”.

In 2024, 63 incidents were recorded and addressed within the Group on the grounds of discrimination, sexist acts, psychological and sexual harassment. They have all resulted in action plans, including disciplinary sanctions.

No human rights incidents were reported through internal whistleblowing channels or by trade unions.

The total amount of fines, penalties and compensation for damages related to cases of psychological harassment or discrimination within Societe Generale SA in France (resulting from convictions where judgments are final and no longer subject to appeal) was EUR 47,000 in 2024, i.e. two convictions for psychological harassment (EUR 35,000 and EUR 12,000). For entities outside France, operational constraints do not allow the collection of this data below a certain threshold.

The Group offers employees the opportunity to participate in solidarity initiatives, via skills-based sponsorship programmes. In France, employees are allocated three days a year to spend with the Societe Generale Foundation’s partner associations working within its three fields of action (youth education and workplace integration, culture and environmental protection) or with a non-profit supported by one of the Group’s entities. The Group also held solidarity events such as those under the “Move for Youth” association: this internal sports and solidarity challenge was held for the fourth time in 2024 and mobilised nearly 22,000 employees in 62 countries (i.e. more than 17% of the Group’s employees) with the aim of supporting non-profits that work to advocate for young people and workplace integration.

The Group considers skills-based sponsorship as an opportunity to promote the commitment of its employees to show solidarity, in particular by working for the common good. In addition, skills-based sponsorship is also open to employees at the end of their careers via a specific scheme that allows for a long-term commitment (senior part-time). For example, at Societe Generale SA in France, 58 employees spent 15,187 days with non-profit organisations.

The number of days spent by employees on solidarity actions amounted to 11,364 for 11,513 employees within the Group.

In addition, Societe Generale encourages those who wish to join the army reserve forces and allows specific “civil service” leave for this purpose. Any Societe Generale SA employee in France can take leave for this purpose and must obtain the agreement of their manager if this leave surpasses ten days a year. Under an agreement signed by Societe Generale and the Ministry of the Armed Forces dated 10 December 2019, the Group goes beyond its regulatory requirements by continuing to pay compensation for the first ten days of leave for this purpose per year, whether consecutive or not.

The Group oversees that business is conducted in an ethical and responsible manner. This matter is placed at the highest level of the Group’s governance. The Board of Directors:

• ●determines the Group’s Activity Guidelines, ensures their implementation and reviews them at least once a year. These include the Group’s Code of Conduct, which it endorses;
• ●reviews at least twice a year the activity and results of internal control, notably compliance monitoring, including compliance incidents and action plans;
• ●shall also have all the relevant information on the evolution of risks, in particular in the fight against money laundering and the financing of terrorism (AML/CFT) and shall determine to this end the volume, form and frequency of the information transmitted to it. More specifically, it regularly reviews the AML/CFT policy, risk classification, systems and procedures, and their effectiveness, It is informed, at least once a year, of the activity and results of the internal controls in this area, of incidents and deficiencies, and of the corrective measures taken. It approves the report on internal control dedicated to AML/CFT. Debates in these different areas are prepared in advance by the Audit and Internal Control Committee;
• ●ensures that a system for the prevention and detection of corruption and influence peddling is in place and receives all the necessary information for this purpose;
• ●is informed of the “whistleblower” system in place and its development.

The Risk Committee is responsible for reviewing the results of the Compliance function’s annual exercises and reviewing Culture and Conduct indicators. It regularly reviews the dashboards on reputational and compliance risks as well as significant incidents that may affect the institution with regard to reputational and compliance risks. It also examines, at least semi-annually, the risks related to financial security, the AML/CFT policy, the arrangements and procedures put in place to address significant incidents and deficiencies in relation to AML/CFT and asset freezes.

The Audit and Internal Control Committee provides an annual update on matters related to customer protection; the integrity of markets and the implementation of GDPR (General Data Protection Regulation) obligations; It is also responsible for reviewing compliance incidents and related action plans.

The Nomination and Corporate Governance Committee prepares for the Board of Directors’ consideration of issues relating to corporate culture.

The Group seeks to establish a culture of responsibility and apply strict control and compliance standards. It commits its employees to acting with integrity and in accordance with applicable law in all its activities.

Societe Generale has built a strong corporate culture based on its values, its Leadership Model and its Code of Conduct.

The Group relies on four core values (Team Spirit, Innovation, Commitment, Responsibility) to nurture and promote a culture of responsibility and ethical behaviour throughout the Group, which are essential factors to achieve its strategic objective of sustainable performance.

These values feed into the Group’s Leadership Model, which defines the expected behaviours and skills that can be observed and assessed, tailored for each corporate level (executives, managers, employees) in order to align results and objectives.

The four values are translated into key competencies:

Employees’ annual objectives are set based on the four values of the Group’s Leadership Model. One of the values is attached to each behavioural objective, and employees can use the Leadership Model to formulate their annual objectives.

The Group conducts its operations in line with the values set out in the following major international conventions:

• ●the Universal Declaration of Human Rights and its additional commitments;
• ●the fundamental conventions of the International Labour Organization (ILO);
• ●the UNESCO Convention concerning the protection of the world cultural and natural heritage;
• ●the OECD (Organisation for Economic Co-operation and Development) Guidelines for Multinational Enterprises;
• ●the United Nations Guiding Principles on Business and Human Rights (UNGP).

These values are embedded in the Code of Conduct policy document covering all of the Group’s activities and countries in which it operates. Available in the main languages spoken in the Group, the Code of Conduct sets out a common framework for all activities. It forms the basis of professional ethics within the Group and formalises commitments to all internal and external stakeholders and the individual and collective professional behaviours expected. The Code of Conduct promotes respect for human rights and the environment and specifies the individual and collective professional behaviours expected through sections dealing with respect for confidentiality, the market integrity, the management of conflicts of interest, relations with all its stakeholders: customers, suppliers, supervisors and other supervisory authorities, and finally civil society. It also lays down principles on the prevention of corruption risks, the fight against money laundering, the financing of terrorism and tax evasion.

The Group nurtures and promotes its corporate culture by integrating the Culture and Conduct dimensions into the activities of the Business Units and Service Units with annual roadmaps aligned with their strategic and risk management objectives. The Human Resources and Compliance functions ensure a steering role for the system and a solid and sustainable governance of the corporate culture. The Group strengthened its set up in 2024 creating a new role of Group Head of Culture and Conduct, reporting to General Management and responsible for supervising and promoting the design, implementation and application of ethical programmes and standards across the Group.

The Group deploys training, awareness-raising and communication initiatives on the themes of Culture and Conduct in various formats. The themes covered focused in particular on the promotion of the culture of dialogue.

The culture of responsibility is integrated into human resources, with the conduct of employees taken into account in their performance assessment, and the formalisation since 2019 of a disciplinary sanctions policy setting out the principles applicable to the management of misconduct and the recognition of the right to make mistakes.

Finally, the Group assesses its corporate culture through regular reviews of organisational maturity, risk management and indicators related to Culture and Conduct (employer barometer, training, whistleblowing right, conduct incidents). An annual presentation is made to the Board of Directors and regular reviews are carried out at the level of the Executive Committee to supervise the implementation and monitoring of the measures. 

These reviews are based in particular on:

• ●an assessment of maturity in terms of corporate Culture and Conduct risk management taking into account the organisational focuses, communication, conduct risk management and processes influencing the corporate culture;
• ●and indicators relating to both corporate culture (selection of results from the employer barometer, completion of training, use of the whistleblowing right) and conduct (conduct incidents, follow-up of alerts from the whistleblowing procedure).

Conduct incidents can be identified by management or through controls or the exercise of the whistleblowing right.

The process of reporting compliance incidents is governed by an ad hoc governance that makes it possible to report malfunctions that have occurred and to avoid the occurrence of incidents of the same nature, as presented in Chapter 4.11 “Compliance incidents”.

When conduct incidents are identified, they are investigated by teams with the means and expertise required for this type of investigation, either directly by experts or by the audit or general inspection (3rd line of defence) for complex cases or when the required investigative acts (e.g. access to certain tools, access to employee data, etc.) require it. The incidents actually identified as a result of these investigations are reviewed through Committees, such as the Compliance Incident Committee and the Audit and Internal Control Committee. All conduct incidents are also analysed as part of the annual Culture and Conduct report, presented to the Board of Directors.

The annual training of employees on Culture and Conduct has been strengthened with the creation of a training course on ethics and conduct, consisting of three modules (Code of Conduct, Culture of Dialogue and Exercise of the Whistleblowing Right) distributed since December 2023. It complements the mandatory training courses carried out on all of the Group’s risks (corruption, money laundering and terrorist financing, market abuse, psychosocial risks, inappropriate conduct, etc.).

The Group’s whistleblowing system, accessible via the corporate website and the intranet, has been set up in France and internationally. It meets all French and international legal obligations, in particular the law of 9 December 2016, known as “Sapin 2” on transparency, the fight against corruption and the modernisation of economic life, as amended by the Waserman law of 21 March 2022, transposing Directive 2019/1937 of the European Union, aimed at improving the protection of whistleblowers, and also the law of 27 March 2017 on the duty of vigilance of parent companies and contracting companies.

The Group’s whistleblowing system allows the parties involved to report suspected violations or attempted cover-ups related to human rights, health, safety, the environment or situations contrary to the Group’s Code of Conduct. This mechanism is open to employees, management, shareholders, business partners and other stakeholders who have a relationship with the Group. It is complementary to and does not replace the complaints and mediation system set up exclusively for the Bank’s customers.

The Group prohibits all forms of retaliation or discriminatory measures against whistleblowers in good faith, in particular by respecting the choice of anonymity of the issuer of a report and by ensuring strict confidentiality regarding the identity of whistleblowers. The awareness campaigns on the whistleblowing right carried out for all employees recall the measures that the Group is taking to guarantee the protection of whistleblowers.

The Group deploys annual training and awareness raising campaigns to inform employees about the whistleblowing system and its challenges. All employees receive training on the whistleblowing right at least once a year. These training sessions explain the protection afforded to whistleblowers and include a module on ethics and conduct, helping employees to report incidents through the appropriate channels. Managers and whistleblowing managers undergo detailed training on the management of reports, focusing on best practices (confidentiality, anonymity, prohibition of retaliation).

The whistleblowing system ensures that alerts are handled securely, regardless of whether they are made anonymously or not, via a confidential reporting channel on a dedicated external platform (WhistleB tool) that ensures the protection of personal data. All alerts are reviewed and investigated by qualified experts (Compliance, Audit, Human Resources), in application of the “need to know” principle. In the event of identified incidents, thorough investigations are carried out by specialised teams with the necessary resources and corrective actions are implemented. 

Societe Generale is fully committed to fighting corruption, in particular by participating in the Wolfsberg Group and the UN Global Compact. The Group promotes a culture of compliance in which no form of corruption or influence peddling is tolerated. The management body’s commitment to zero tolerance for the risk of corruption is regularly expressed in communications to the Group' staff.

The code governing the fight against corruption and influence peddling is integrated into the Group’s Internal Rules. It defines and illustrates the situations to be avoided and those that should alert as being likely to characterise acts of corruption. This code is aligned with Societe Generale’s values and the United Nations Convention against Corruption.

As part of its system for preventing corruption risks, the Group has identified the employees most exposed to the risk of corruption in order to provide them with appropriate training.

The criteria for defining the employees most exposed to the risk of corruption are described in the Group’s internal normative documentation. It details the employees concerned among:

• ●the governing bodies;
• ●sales managers;
• ●employees in charge of purchasing;
• ●employees with notarial power of attorney or who are identified as interest representatives.

In addition to these criteria, it is specified in the Societe Generale Code that other criteria may be added at the level of each Business Unit, Service Unit or Legal Entity depending on the results of their risk mapping and their specificities.

The Group’s system for preventing and detecting cases of corruption includes (1) a Code of Conduct, (2) a risk mapping, (3) a training system, (4) third-party evaluation procedures, (5) accounting control procedures, (6) a control framework, (7) a disciplinary regime and (8) a whistleblowing system.

Prevention is based on the definition of a normative framework, the implementation of risk mapping and the deployment of a training and awareness-raising policy.

The Group defines strict principles through the Code of Conduct, a framework applicable to all of the Group’s activities and subsidiaries and the Code Governing the Fight Against Corruption and Influence Peddling, which are available on the Group’s corporate website. This Code defines and illustrates the situations to be proscribed and those that should alert as being likely to characterise acts of corruption.

The principles defined through these codes are set out in internal policies and procedures formalised in the Group’s Normative Documentation and reviewed annually. Their deployment within the Group is ensured through a dedicated tool (called “MyP&P”).

Internal norms and policies governing the fight against corruption covers the following areas:

• ●the obligations to evaluate third parties through the requirement of specific due diligence, whether they are customers, suppliers or partners (in particular beneficiaries of patronage and sponsorship actions);
• ●contractual policy;
• ●mergers and acquisitions activities;
• ●interest representation activities;
• ●the rules applicable to business gifts and external events;
• ●human resources (recruitment, mobility, professional assessment, remuneration, disciplinary framework);
• ●conflict of interest situations.

The set up of third-party assessments, including screening and analysis processes implemented at the start of the relationship and then on a periodic basis, aim to enable appropriate risk management decisions to be taken, including termination of the relationship if necessary.

The detection systems are based on monitoring mechanisms (operational controls and specific accounting controls), second-level controls carried out by independent teams and the work of the Group Inspection and Audit Department. The alert system is also a detection channel.

The systems for managing and reporting compliance incidents deal with cases of corruption. The process for reporting compliance incidents is based, in particular, on the Compliance Incident Committees held at intermediate levels for the business pillars and at the consolidated level for the Group. The presentation of incidents (suspected or proven cases) is systematically accompanied by corrective action plans with the aim of preventing the occurrence of new incidents of the same nature. The monitoring indicators and rules for reporting incidents through these Committees allow the various governance bodies to be informed. The Group Compliance Incidents Committee informs the following bodies of major incidents: the executive body through the Group Compliance Committee, the Board of Directors’ Risk Committee in the Group Compliance dashboard and the Supervisor where applicable.

The Group also has several tools at its disposal, such as the Gifts and Hospitality Reporting tool (GEMS), the Whistleblowing management tool (WhistleB), the annual conflict of interest declaration tool (DACI), the Risky Manual Ledger Entry Selection tool (OSERIS) and the Standards Deployment Monitoring tool (MyP&P).

Societe Generale has set up a structured training programme to raise awareness and equip its employees to deal with corruption risks, by offering modules adapted to their level of exposure.

Societe Generale has set up a training plan for the fight against corruption, consisting of five modules:

• ●“All staff” training;
• ●training of employees most exposed to corruption risks (Most Exposed Persons);
• ●training of employees in charge of mitigating the risk of corruption;
• ●training of Board Directors of SG SA and subsidiaries;
• ●training of the Group’s Accounting and Finance Departments.

Basic training, covering the fundamental principles of the fight against corruption, is provided in an e-learning format, which is mandatory for all employees.

For At-risk functions, the Group identifies the categories of employees most exposed to the risk of corruption in order to provide them with appropriate training. These categories are defined on the basis of the following criteria: membership of the governing bodies, sales managers, purchasing managers, employees with notarial power or who are among the interest representatives.

Employees identified as “Most Exposed Persons” benefit from in-depth training, face-to-face or e-learning, tailored to their specific industries and responsibilities. Accounting auditors also receive training in the form of e-learning every three years, to strengthen their understanding and role in anti-corruption governance, thus contributing to rigorous supervision and control within the Group. Employees responsible for risk mitigation functions (Anti-Bribery and Corruption (ABC) Managers, ABC Compliance Officers and other Anti-Bribery Compliance staff) attend certification training, such as the Association of Certified Anti-Money Laundering Specialist (ACAMS) modules.

For the Directors of the SG SA entity, the training is required every two years and is provided by the Group’s ABC Manager.

The figures for employees trained as of 30 September 2024 correspond to a training campaign started and finished in 2024.

Societe Generale has not been convicted or fined for any acts of corruption in 2024.

The Sourcing Function, led by the Group Head of Sourcing, handles the commercial and contractual aspects of all of the Group’s external commitments other than payroll expenses.

Societe Generales’s Sourcing Function plays an important role in implementing the Group’s CSR strategy. It helps give tangible form to the Group’s values and strives to ensure the Group’s environmental and social (E&S) commitments are achieved.

In place since 2006, the responsible sourcing policy covers all stakeholders in the value chain (vendors, buyers and suppliers, including SMEs) and has two main strands: