Societe Generale seeks a sustainable development based on a diversified and balanced banking model with a strong European foothold and a global presence targeted on a few areas of strong business expertise. Risk appetite is declined in a global strategy which fulfills the following targets: 

• ●CET 1 ratio at 13% in 2026, under Basel IV;
• ●average annual revenue growth between 0% and 2% over 2022-2026;
• ●increased operational efficiency with cost-to-income ratio below 60% in 2026;
• ●return on tangible equity (ROTE) between 9% and 10% in 2026;
• ●best standards of risk monitoring with a NCR comprised between 25 and 30 bps on 2024-2026, and a non performing loan rate between 2,5% and 3% in 2026;
• ●maintaining a robust liquidity profile with an LCR superior or equal to 130% on 2024-2026 and a NSFR superior or equal to 112% on 2024-2026.

End of 2024, Group risk appetite indicators covering solvency topics, credit risk, market risk and counterparty risk, operational risks and structural risks were within the risk appetite defined by the Group, complying with the limits set by the Board of Directors.

In 31 December 2024, the Group complies with all regulatory requirements relating to solvency. Concerning the internal economic approach of the ICAAP, the rate of coverage of the Group's internal capital requirement by the internal capital the end of 2024 is greater than 100% and respects the risk appetite validated by the Board. 

As of 31 December 2024, operational risk-weighted exposures represented EUR 50.1 billion, same level as 2023. These weighted exposures are mainly determined using the internal model (91% of the total). 

These weighted exposures amounted to EUR 12.2 billion at the end of 2024. The capital requirements for market risk decreased in 2024. This decrease is notably reflected in the risks calculated using the standard approach, and is only partly offset by the increase in risks assessed using the internal model approach:

• ●the risks calculated using the standard approach have decreased mainly due to the foreign exchange risk;
• ●the risks assessed using the internal model approach have increased, primarily due to VaR and SVaR that was partly offset by IRC and CRM:
  • -VAR/SVaR : the capital requirements for VaR and SVaR have increased, mainly due to linear equity activities related to the cash and carry positions of the Group,
  • -IRC/CRM : the capital requirements for IRC and CRM have decreased mainly due to a tightening of credit spreads over the period in the United States and Europe (both for HY and IG issuers).

Market risk-weighted exposures are mainly determined using internal models (77% of the total at the end of 2024). 

The SG LCR is steady between end of 2023 and end of 2024 (from 160% to 162%), the decrease of the numerator (drop of the liquidity buffer of EUR 16 billion following repayments of TLTRO III made in 2024) being compensated by the lower amount of net cash outflows. The liquid reserves are stable (EUR 315 billion end of 2024 versus EUR 316 billion end of 2023), the impact of the lower liquidity buffer being offset by the increase in central bank eligible non-HQLA collateral following the same TLTRO III repayments.
 

In a parallel schock scenario where the interest rates increase, the impact of the changes of EVE (economic value of equity) in 2024 is EUR -2,533 million and EUR 371 million on interest margin. On the contrary, in a parallel schock scenario where the interest rates decrease,  the impact of the changes of EVE (economic value of equity) in 2024 is EUR -1,824 million and EUR -826 million on interest margin.

(See details  of Chapter 11 “Structural Interest Rate and Exchange Rate Risks”). 

On 2 April 2024, Societe Generale finalized the creation of the Bernstein joint venture with Alliance Bernstein in the cash and equity research activities with a capital impact of -6 basis points at the date of completion of the transaction.

Societe Generale also continued this year the initiatives on social and environmental responsibility (CSR) which remains at the heart of its strategy with:

• ●the announcement of the launch of a EUR 1 billion investment fund to accelerate the development of solutions in the energy transition. As such, Societe Generale has acquired a 75% stake in Reed Management SAS, an alternative management company founded by energy investment specialists and has committed to allocating 250 million euros in the inaugural fund.

In addition, various divestiture projects were finalized in 2024, which are fully in line withSociete Generale’s strategic roadmap to shape a simplified, more synergistic and efficient model while strengthening the Group’s capital:

• ●the sale of Societe Generale Tchad to the Coris group was finalized in January 2024;
• ●the sale of Societe Generale Marocaine de Banques including its subsidiaries and La Marocaine Vie to the Saham group was finalized in December 2024 with an estimated positive effect of around 15 basis points on the CET1 ratio of the Group;
• ●the total sale of the group’s shares (70%) in Societe Generale Madagasikara in Madagascar to the BRED Banque Populaire was finalized in December 2024 with a positive impact of around 2 basis points on the group’s CET1 ratio at the date of completion of the transaction.

In addition, the Group finalized two divestiture operations in 2025 and announced in January 2025 the divestiture of the 100% stake in Societe Generale Mauritania:

• ●the sale of Societe Generale Private Banking Switzerland to the Union Bancaire Privée (UBP SA) was completed in January 2025;
• ●the sale of the activities of Societe Generale Equipment Finance to the BPCE Group was finalized on 28 February 2025 with a positive impact of around 30 basis points on the CET1 ratio of the Group.

In 2024, the Group also announced several other strategic projects being finalized with the aim of pursuing this strategy of simplifying the portfolio of activities:

• ●the total sale of the group’s shares (93.43%) in Societe Generale Bénin, including its branch Societe Generale Togo to the Beninese State. This transaction would have a positive impact of approximately 2 basis points on the Group’s CET1 ratio at the expected completion date by the end of the first quarter of 2025;
• ●the divestment of SG Kleinwort Hambros to the Private Banking Union (UBP SA), a Swiss bank specializing in wealth and asset management, expected by the end of the first quarter of 2025. The divestments of private banking activities in Switzerland and the United Kingdom would have a positive impact of around 10 basis points on the Group’s CET1 ratio;
• ●the total sale of the group’s shares (57.93%) in Societe Generale Guinée in Guinea Conakry to the pan-African banking group, Atlantic Financial Group, which would have a positive impact of about 2 basis points on the Group’s CET1 ratio at the expected completion date by the end of the first quarter of 2025.

This section identifies the main risk factors which the Group estimates could have a significant impact on its business activities, profitability, solvency or ability to raise finance.

Societe Generale has updated its risk typology as part of its internal risk management structure. For the purposes of this section, the different  risks  have been grouped into six main categories (4.1.1 to 4.1.6), in accordance with Article 16 of the Regulation (EU) 2017/1129, also known as “Prospectus 3” regulation of 14 June 2017 according to the main risk factors that the Group estimates could impact the risk categories. Risk factors are presented based on an evaluation of their materiality, with the most material risks indicated first within each category.

The diagram below groups the different risks into six categories and identifies the main impacting risk factors.

As a global financial institution, the Group’s activities are sensitive to changes in financial markets and economic conditions in Europe, the United States and elsewhere around the world. The Group generates 41% of its business in France (in terms of net banking income for the financial year ended 31 December 2024), 36% in Europe, 9% in the Americas and 14% in the rest of the world. The Group could face significant worsening of market and economic conditions in particular resulting from crises affecting capital or credit markets, liquidity constraints, regional or global recessions and fluctuations in commodity prices, notably oil and natural gas. Other factors could lead to such deteriorations, such as variations in currency exchange rates or interest rates, inflation or deflation, rating downgrades, restructuring or defaults of sovereign or private debt, adverse geopolitical events (including acts of terrorism and military conflicts), or cybercrime risks. The rapid development of Artificial Intelligence carries risks of fraud and of obsolescence of various technologies.

Plans to ease financial regulations in the United States and the United Kingdom could result in a loss of competitiveness in the Eurozone financial sector. In addition, a health crisis or the emergence of new pandemics similar to Covid-19 cannot be ruled out, nor can unforeseen events or natural disasters.

Such events, which can develop quickly and whose impacts may not have been sufficiently anticipated and hedged, could impact the Group’s operating environment for short or extended periods and have a material adverse impact on its financial position on the market, the cost of risk and its results.

The economic and financial environment is exposed to growing geopolitical risks. The war in Ukraine, which began in February 2022, is causing severe tensions between Russia and Western countries, potentially impacting global growth, raw materials prices, as well as the economic and financial sanctions that have been imposed on Russia by numerous countries, particularly in Europe and the United States. The war between Israel and Hamas, which began in October 2023, as well as tensions with Iran and in the Middle East in general, could have similar impacts or contribute to existing ones.

In the United States, a significant shift in economic policy is expected following the outcome of the recent presidential election, with a more protectionist stance. In France, political uncertainties and government instability due to the lack of a parliamentary majority could be a source of further financial and social tensions. In the medium term, the fragmentation of the European political landscape could undermine the coordination of policies linked to defence and energy transition as well as the banking and capital markets union.

In Asia, relations between the US and China, China and Taiwan and between China and the European Union are fraught with geopolitical and trade tensions, the relocation and offshoring of production sites and the risk of technological breakthroughs.

A context of raised interest rates and sluggish economic growth could have an impact on the valuation of equities, and interest rate-sensitive sectors such as real estate are adjusting, notably in Europe. The US Federal Reserve (Fed) and the European Central Bank (ECB) are expected to maintain relatively tight monetary conditions, even though they have begun a rate-cutting cycle, in line with declining inflation.

These risks and uncertainties could cause high volatility on the financial markets and a significant drop in the price of certain financial assets, potentially leading to payment defaults, with consequences that are difficult to anticipate for the Group.

Considering these uncertainties in terms of their duration and scale, these disruptions could significantly impact the activities and profitability of certain Group counterparties in 2025.

In the longer term, the energy transition to a “low-carbon economy” could adversely impact fossil energy producers, energy-intensive sectors of activity and the countries that depend on them.

Ayvens was created following the merger between ALD and LeasePlan in 2023. As a result, the automotive sector now represents an important exposure for the Group. It is currently undergoing major strategic transformations, including environmental (growing share of electric vehicles), technological, as well as competitive (arrival of Asian manufacturers in Europe on the electric vehicles market), the consequences of which could entail major risks for the Group’s financial results and the value of its assets.

The Group’s results are therefore dependant on economic, financial, political and geopolitical conditions prevailing on the main markets in which the Group operates.

During its Capital Markets Day, the Group presented its strategic plan:

• ●to be a rock-solid bank by streamlining  business portfolios, leveraging capital allocation and utilization, improving operational efficiency and continuing to apply its best-in-class risk management model;
• ●to develop high-performance sustainable businesses: excel at what the Group does best, be a leader in ESG and foster a culture of performance and accountability.

Under its strategic plan, the Group has set the following financial targets:

• ●a robust CET1 ratio of 13% in 2026 after the implementation of Basel IV;
• ●average annual revenue growth of between 0% and 2% over the 2022-2026 period;
• ●an improved operating efficiency, with a cost-to-income ratio lower than 60% in 2026 and ROTE of between 9% and 10% in 2026;
• ●a distribution rate of 50% of reported net income(1), applicable from 2024.

In addition, the Group has announced financial targets for 2025 that are consistent with the targets for 2026:

• ●a solid CET1 ratio superior to 13% throughout 2025 post Basel IV throughout 2025;
• ●revenue growth of at least 3% in 2025 compared to 2024 (excluding assets sold);
• ●decrease in costs above -1% vs. 2024 (excluding sold assets);
• ●improved operating efficiency, with a cost-to-income ratio below 66% in 2025 and a ROTE of more than 8% in 2025;
• ●a solid asset portfolio, with a controlled cost of risk of between 25 and 30 base points in 2025.

Furthermore, Societe Generale has placed Environmental, Social and Governance (ESG) at the heart of its strategy in order to contribute to positive transformations in the environment and the development of local regions. In this respect, the Group made new commitments during its Capital Market Day on 18 September 2023 such as:

• ●an 80% reduction in upstream Oil & Gas exposure by 2030 vs. 2019; with a 50% reduction by 2025;
• ●a EUR 1 billion transition investment fund to accelerate the development of energy transition solutions and nature-based, high-impact projects that contribute to the UN’s Sustainable Development Goals.

In line with this strategy, the Group is fully committed to achieving its on-going strategic milestones, notably:

• ●the Group’s “Vision 2025” project involves a review of the network of branches resulting from the merger of Crédit du Nord and Societe Generale. The year 2024 saw controlled execution in terms of deployment of the new relational and operational model. The realisation of the social trajectory is also on track. However, the merger has had, among other exogenous factors, a negative impact on the sales performance of the French networks in 2024, and could continue to weaken the Group’s position with some of its clients, resulting in loss of revenue;
• ●Mobility and Financial Services are leveraging the creation of Ayvens following the ALD/LeasePlan merger to be a world leader in the mobility ecosystem. However, 2024 was a transitional period, with the implementation of gradual integrations. From 2025 onwards, the new entity will make the transition to the target business model, including the implementation and stabilisation of IT and operational processes. If the integration plan is not carried out as expected or within the planned schedule, this could have adverse effects on Ayvens, particularly by generating additional costs, or by reducing the synergies expected from 2025 onwards.

The joint venture between Bernstein and AllianceBernstein in cash equity and equity research activities was finalised on 2 April 2024 and the capital impact was -6 basis points on CET1 ratio at Q2 24. This transaction is fully aligned with the strategic priorities of the Group’s Global Banking and Investor Solutions franchise.

In 2024 the Group announced a series of divestments under its strategic roadmap aimed at shaping a simplified, more synergised and efficient model, while strengthening the Group’s capital base.

The finalisation of agreements on such strategic transactions depends on several stakeholders and is hence subject to the usual conditions precedent, as well as to the approval by the relevant financial and regulatory authorities. More generally, any major difficulties encountered in implementing the main levers for executing the strategic plan, notably in simplifying business portfolios, allocating and using capital efficiently, improving operating efficiency and managing risks to the highest standards, could potentially weigh on Societe Generale’s share price.

In addition, on 5 April 2024, the Group announced a plan to restructure its head office in France in order to simplify its operations and structurally improve its operating efficiency. Consultation with employee representative bodies took place in the second quarter of 2024, and the implementation of these organizational changes has resulted in around 900 job cuts at head office without forced departures (i.e. around 5% of head office headcount). This project is fully in line with the Group’s operating efficiency objective, with expected gross savings of EUR 1.7 billion by 2026 vs. 2022.

Failure to meet these commitments, and those that the Group may make in the future, could entail legal risks and risks to its reputation. Furthermore, the rollout of these commitments may have an impact on the Group’s business model. Finally, failure to make specific commitments, particularly in the event of changes in market practices, could also generate reputation and strategic risks.

The Group is governed by the laws of the jurisdictions in the countries and territories where it operates. This includes French, European and US legislation as well as other local laws and regulations that govern its cross-border activities,. The application of existing laws and the implementation of future legislation require significant resources that could impact the Group’s performance. In addition, possible failure to comply with laws could lead to fines, damage to the Group’s reputation and public image, the suspension of its operations and, in extreme cases, the withdrawal of operating licences.

Among the laws and regulations that could have a significant influence on the Group:

• ●several regulatory changes are still likely to significantly alter the framework for Market activities:
• (i) the increase in transparency on the implementation of the new requirements and investor protection measures: review of MiFID II/MiFIR, whose final versions were published in the EU’s Official Journal in March 2024 and the implementation texts of which are currently being finalised, the Insurance Distribution Directive (IDD), the European Long-Term Investment Fund Regulation (ELTIF), (ii) the implementation of the fundamental review of the trading book, or FRTB planned for the first quarter of 2026, which may significantly increase requirements applicable to European banks, (iii) possible relocations of clearing activities could be requested despite the European Commission’s decision of 8 February 2022 to extend the equivalence granted to UK central counterparties until 30 June 2025, (iv) the European Commission’s proposal to amend the regulation on benchmarks (European Parliament and EU Council, Regulation (EU) No. 2016/1011, 8 June 2016) with possible changes in scope and charges and (v) the review of the Market Abuse ((EU) n°596/2014 of 16 April 2014) and Prospectus ((EU) 2017/1129 of 14 June 2017) Regulations, under the Listing Act, which came into force on 4 December 2024, it being specified that many provisions are subject to differed application (15, 18 or 24 months following entry into force), (vi) the adoption of new obligations as part of the review of the EMIR regulation (EMIR 3.0); in particular, the obligation for active account funding in a European Union central counterparty, the information requirements for clearing service providers vis-à-vis their clients, the authorization regime for initial margin models, simplification of the conditions for clearing and bilateral margining exemptions for intra-group OTC derivatives transactions, new requirements for entities subject to the reporting obligation to put in place appropriate procedures and systems to guarantee the quality of the data they report;

• ●the Retail Investment Strategy (RIS) presented by the European Commission on 24 May 2023, aimed at prioritising the interests of retail investors and strengthening their confidence in the EU Capital Markets Union, including measures to regulate commission retrocessions in the case of non-advised transactions and to introduce a value-for-money test for investment products;
• ●the Commission’s proposal of 28 June 2023 for a regulation on the establishment of the digital euro, accompanying the initiatives taken by the ECB in this field;
• ●the signature by the Presidents of the European Parliament and European Council, on 21 May 2024, of the regulation on Artificial Intelligence (AI Act), which establishes rules on artificial intelligence systems applicable in all economic sectors, and incorporates a risk-based approach. This regulation will be fully applicable 24 months after its enactment on 1 August 2024. As an exception, six months after its entry into force, the prohibition of certain prohibited artificial intelligence systems will become applicable, and 12 months after its entry into force, the obligations for general-purpose artificial intelligence will come into force;
• ●the proposed Financial Data Access Regulation (FIDA) which, in conjunction with the proposed Payment Services Directive (PSD3) and the proposed Payment Services Regulation (PSR), aims to (i) tackle the risk of fraud and improve client choice and confidence in payments, (ii) improve the functioning of the Open Banking and Open Finance sectors, (iii) increase harmonization of the implementation and execution of payments and the regulation of e-money, and (iv) improve access to payment systems and bank accounts for non-banking Payment Service Providers (PSPs);
• ●the enhancement of data quality and tightening of protection requirements and extending cyber-resilience requirements following the adoption by the Council on 28 November 2022 of the European Directive and regulation package on digital operational resilience for the financial sector (DORA), applicable since 17 January 2025. Added to this is the transposition of the NIS 2 Directive (Network and Information Security Directive, published in the Official Journal of the EU on 27 December 2022), which extends the scope of application of the initial NIS Directive;
• ●the implementation of European regulatory frameworks related to due diligence under the so-called “CS3D” Directive proposal (Corporate Sustainability Due Diligence Directive, which was adopted by the Council on 24 May 2024), as well as to sustainable finance including the regulation on European green bonds, with an increase in non-financial reporting obligations, particularly under the CSRD Directive (Corporate Sustainability Reporting Directive), enhanced inclusion of environmental, social and governance issues in risk management activities and the inclusion of such risks in the supervisory review and assessment process (Supervisory Review and Evaluation Process, or SREP);
• ●new obligations arising from the Basel Committee’s proposed reform of banking regulations (the final text of Basel 3, also called Basel 4). The Regulation (EU) no. 575/2013 of 31 May 2024 (CRR3) which entered into force on 9 July 2024 and is applicable since 1 January 2025, together with the Directive (EU) 2024/1619 of 31 May 2024 (CRD6), constitute the texts implementing the reform in Europe;
• ●the European Commission’s initiative, published on 18 April 2023, aimed at tightening the framework for bank crisis management and deposit insurance (CMDI). This proposal, which was adopted in April 2024 by the plenary session of the European Parliament, could lead to a wider use of the guarantee and resolution funds and thus increase the likelihood of having to bail out these funds in the future;
• ●since 2023, the “Interest Rate Risk in the Banking Portfolio” (IRRBB) guidelines published by the European Banking Authority in October 2022 have applied:
  • -since 30 June 2023 for the IRRBB part,
  • -since 31 December 2023 for the “Credit Spread Risk arising from non-trading Portfolio Activities” (CSRBB) section, requiring banks to calculate and manage the impact of a change in Credit Spread on the Bank’s value and revenues,
  • -for supervisory outlier tests (SOTs), which include a measurement and monitoring of the sensitivity of the Net Interest Income in value and revenue streams, and became mandatory on a quarterly basis from 30 June 2024 – a requirement already implemented by the Group since 2023,
  • -for the production of new detailed reports on IRRBB and CSRBB risks, produced and sent to the regulator (ITS and STE) since 31 December 2023;
• ●new obligations arising from European regulations adopted in June 2024 harmonising and strengthening rules on combating money laundering and the financing of terrorism within the EU, which will enter into force from July 2027, as well as creating a new European agency to combat money laundering, which will be based in Frankfurt and start operating from summer 2025;
• ●the adoption of Regulation (EU) 2023/886 of 13 March 2024, making instant euro payments fully available in the EU and EEA countries, which came into force on 9 January 2025. Among other things, this regulation excludes the screening of instant transfers in euros against European sanction lists, in order to limit the number of rejections, and provides for checks to be carried out at least once every calendar day after any new financial restrictive measure comes into force.

The Group is also subject to complex tax regulations in the countries where it operates. Changes in applicable tax rules, uncertainty regarding the interpretation of certain evolutions or their impacts may have a negative impact on the Group’s business, financial position and costs.

Moreover, as an international bank that handles transactions with US nationals and denominated in US dollars, or involving US financial institutions, the Group is subject to US regulations relating in particular to compliance with economic sanctions, the fight against corruption and market abuse. More generally, in the context of agreements with US and French authorities, the Group largely implemented, through a dedicated programme and a specific organisation, corrective actions to address identified deficiencies and strengthen its compliance programme. In the event of a failure to comply with relevant US regulations, or a breach of the Group’s commitments under these agreements, the Group could be exposed to the risk of (i) administrative sanctions, including fines, suspension of access to US markets, and even withdrawals of banking licences, (ii) criminal proceedings, and (iii) damage to its reputation.

Given its international reach, the Group faces intense competition in the international and local markets in which it operates, from banking or non-banking operators alike. As such, the Group is exposed to the risk of not being able to maintain or develop its market share in its various activities. This competition may also lead to pressure on margins, which would be detrimental to the profitability of the Group’s activities.

Consolidation in the financial services sector could result in competitors bolstering their capital, resources and an ability to offer a broader range of financial services. In France and in the other main markets where the Group operates, the presence of multiple domestic banking and financial operators as well as new market participants (notably neo-banks and online financial service-providers) has increased competition for virtually all products and services offered by the Group. New market participants such as “fintechs” and new services that are automated, scalable and based on new technologies (such as blockchain) are developing rapidly and are radically changing the relationship between consumers and financial services providers, as well as the function of traditional retail bank networks. Competition with these new operators may be exacerbated by the emergence of substitutes for central bank currency (crypto-currencies, digital central bank currency, etc.), which themselves carry risks.

Moreover, competition has increase following the emergence of non-banking operators that, in some cases, may benefit from a regulatory framework that is more flexible and less demanding in terms of equity capital requirements.

Faced with these challenges, the Group has implemented a strategy, notably the development of digital technologies and the creation of commercial or equity partnerships with these new operators. In this context, the Group may have to make additional investments to be able to offer new innovative services and compete with these new operators. Tougher competition could, however, adversely impact the Group’s business and results, both on the French market and internationally.

Directive 2014/59/EU of the European Parliament and of the Council of the European Union of 15 May 2014 (BRRD) establishing a framework for the recovery and resolution of credit institutions and Regulation (EU) No. 806/2014 of the European Parliament and of the Council of the European Union of 15 July 2014 (the Single Resolution Mechanism, or “SRM”) define, respectively, a European Union-wide framework and a Banking Union-wide framework for the recovery and resolution of credit institutions and investment firms. The BRRD provides the authorities with a set of tools to intervene early and quickly enough in an institution considered to be failing so as to ensure the continuity of the institution’s essential financial and economic functions while reducing the impact of the failure of an institution on the economy and the financial system (including exposure of taxpayers to the consequences of the failure). Within the Banking Union, under the SRM Regulation, a centralised resolution authority is established and entrusted to the SRB and national resolution authorities.

The powers granted to the resolution authority under the BRRD and the SRM Regulations include write-down/conversion powers to ensure that capital instruments and eligible liabilities absorb the Group’s losses and recapitalise it in accordance with an established order of priority (the “Bail-in Mechanism”). Subject to certain exceptions, losses are borne first by the shareholders and then by the holders of additional Tier 1 and Tier 2 capital instruments, then by the non-preferred senior debt holders and finally by the senior preferred debt holders, all in the order of their claims in a normal insolvency proceeding. The conditions for resolution provided by the French Monetary and Financial Code implementing the BRRD are deemed to be met if: (i) the resolution authority or the competent supervisory authority determines that the institution is failing or likely to fail; (ii) there is no reasonable perspective that any measure other than a resolution measure could prevent the failure within a reasonable timeframe; and (iii) a resolution measure is necessary to achieve the resolutions’ objectives (in particular, ensuring the continuity of critical functions, avoiding a significant negative impact on the financial system, protecting public funds by minimising the recourse to extraordinary public financial support, and protecting clients’ funds and assets) and the winding-up of the institution under normal insolvency proceedings would not meet these objectives to the same extent.

The resolution authority could also, independently of a resolution measure or in combination with a resolution measure, proceed with the write-down or conversion of all or part of the Group’s capital instruments (including subordinated debt instruments) into Common Equity Tier 1 (CET1) instruments if it determines that the Group will no longer be viable unless it exercises this write-down or conversion power or if the Group requires extraordinary public financial support (except where the extraordinary public financial support is provided in the form defined in Article L. 613-48 III, paragraph 3 of the French Monetary and Financial Code). 

The Bail-in Mechanism could result in the write-down or conversion of capital instruments in whole or in part into ordinary shares or other ownership instruments.

In addition to the Bail-in mechanism, the BRRD provides the resolution authority with broader powers to implement other resolution measures with respect to institutions that meet the resolution requirements, which may include (without limitation) the sale of the institution’s business segments, the establishment of a bridge institution, the splitting of assets, the replacement or substitution of the institution as debtor of debt securities, changing the terms of the debt securities (including changing the maturity and/or amount of interest payable and/or the imposition of a temporary suspension of payments), the dismissal of management, the appointment of a provisional administrator and the suspension of the listing and admission to trading of financial instruments.

Before undertaking any resolution action, including the implementation of the Bail-in Mechanism, or exercising the power to write down or convert relevant capital instruments, the resolution authority must ensure that a fair, prudent and realistic valuation of the institution’s assets and liabilities is made by a third party independent of any public authority.

The application of measures under the French implementing provisions of the BRRD or any suggestion of such application to the Group could have a material adverse impact on the Group’s ability to meet its obligations under its financial instrument and, as a result, holders of these securities could lose their entire investment.

In addition, if the Group’s financial situation worsens, the existence of the Bail-in Mechanism or the exercise of write-down or conversion powers or any other resolution tool by the resolution authority (independently of or in combination with a resolution) if it determines that Societe Generale or its Group will no longer be viable could result in a more rapid decline in the value of the Group’s financial instruments than in the absence of such powers.

Environmental, social and governance (ESG) risks are defined as risks stemming from the current or prospective impacts of ESG factors on counterparties, invested assets of financial institutions or on their own account. ESG risks are seen as potentially aggravating factors to the traditional categories of risks (including credit risk, counterparty risk, market risk, non-financial risks, structural risks, business and strategy risks, and other types and factors of risk). ESG risks are therefore likely to impact the Group’s activities, results and financial position in the short, medium and long-term.

The Group is consequently exposed to environmental risks, including climate change risks, through certain of its financing, investment and service activities.

The Group could be exposed to physical risk resulting from a deterioration in the credit quality of its counterparties whose activity could be negatively impacted by extreme climatic events or long-term gradual changes in climate, and through a decrease in the value of collateral received (particularly in the context of real estate financing in the absence of guarantee mechanisms provided by specialised financing companies). The Group could also be exposed to transition risk through the deterioration in the credit quality of its counterparties impacted by issues related to the process of transitioning to a low-carbon economy, linked for example to regulatory changes, technological disruptions or changes in consumer preferences.

Beyond the risks related to climate change, risks more generally related to environmental damage (such as the risk of loss of biodiversity, water resources or pollution) are also potentially aggravating factors to the Group’s risks. The Group could notably be exposed to credit risk on a portion of its portfolio, on back of lower profitability of some of its counterparties due, for example, to increasing legal and operating costs (due to the implementation of new environmental standards).

In addition, the Group is exposed to social risks, related for example to non-compliance by some of its counterparties with labour laws regarding their employees,  occupational health and safety issues, or consumer laws which may entail or exacerbate reputational and credit risks at the Group level.

Similarly, governance related risks as implemented by the Group’s counterparties and stakeholders (suppliers, service-providers), such as an inadequate management of environmental and social issues, could generate credit and reputational risks for the Group.

Beyond the risks related to its counterparties or invested assets, the Group could also be exposed to risks related to its own activities. Hence, the Group is exposed to physical climate risk through certain of its activities in regions impacted by extreme climatic events (flooding, etc.).

The Group also remains exposed to specific social and governance risks, relating for example to the operational cost of implementation of regulations (in particular related to labour laws) and the management of its human resources.

All of these risks could potentially impact the Group’s core businesses, operating results and reputation in the short, medium and long term.

For more details on ESG risks refer to the chapter 5 of the 2025 Universal Registration Document.

Because of its international activities, the Group is exposed to the aggravating factor of country risks.

A country risk arises whenever an exposure (receivables, securities, guarantees, derivatives) is likely to be adversely impacted by changes in the country’s regulatory, political, economic, social or financial conditions.

Strictly speaking, the concept of country risk refers to political and non-transfer risk, which includes the risk of non-payment resulting either from acts or measures taken by the local public authorities (e.g. decision by the local authorities to prohibit the debtor from fulfilling its commitments, nationalisation, expropriation or non-convertibility), or from internal (riot, civil war, etc.) or external (war, terrorism, etc.) events.

More broadly, a deterioration in the ranking of a given country, in its sovereign credit rating or business activities can entail a commercial risk, with a particular deterioration in the credit quality of all counterparties in a given country as a result of an economic or financial crisis in the country, irrespective of the specific financial situation of each counterparty. This could be the result of a macroeconomic shock (sharp slowdown in activity, systemic crisis in the banking system, etc.), a currency devaluation or a sovereign default on its external debt, possibly leading to other defaults.

The Pillar 3 report, published under the remit of Societe Generale Group’s Senior Management, sets out, in accordance with the CRR regulation, the quantitative and qualitative information on Societe Generale’s capital, liquidity and risk management to ensure transparency towards the various market operators. This information has been prepared in compliance with internal control procedures approved by the Board of Directors during approval of the Group Risk Appetite Framework and Group Risk Appetite Statement and are based on the annual review, by General Management in the Group Internal Control Coordination Committee (GICCC) and by the Risk Committee of the Board of Directors, of Societe Generale’s Risk division, particularly in its ability to exercise its role as the second line of defense for the entire Group.

The risk management framework is based on a three-pronged organization and comprehensive comitology, notably at the level of the Management Board and General Management, to cover all risks. It is based on the definition and monitoring of a risk appetite and the assessment of risks through the conduct of stress tests in accordance with a defined framework and principles.

Audited I Risk management is one of the foundations of the banking business and Societe Generale group pays particular attention to it. Societe Generale Group has a robust organisation to manage all the risks to which it is exposed. It is based on three lines of defence and on the dissemination of a risk culture at all levels, in all geographies and in all business lines. The risk management, which is managed at the highest level, is carried out in compliance with the regulations in force, in particular the order of 3 November 2014 revised by the order of 25 February 2021 on the internal control of companies in the banking sector, payment services and investment services sector subject to the supervision of the French Prudential Supervisory and Resolution Authority (Autorité de Contrôle Prudentiel et de Résolution – ACPR) and the finalised European Basel 3 Regulations (Capital Requirements Regulation/Capital Requirements Directive – CRR/CRD).

The Board of Directors and General Management ensure a well-defined division of labor within the Group and the definition and implementation of an effective risk management framework. The Group is organised according to a three-line model of defence, with responsibilities defined and separated in accordance with applicable regulations and guidelines as well as industry best practices.

The business lines (the Group BUs and SUs), which are the first line of defence, take risks and are responsible for their operational management directly and permanently. The BUs and SUs are primarily responsible for risk assessment, control and supervision within their respective scopes and have appropriate processes and controls in place to ensure that risks are kept within the limits of the risk appetite and that business activities are in line with external and internal requirements.

The Finance Department (DFIN) coordinates the Finance Management Function and is responsible for the Group’s financial management, oversight and production. DFIN also ensures that performance indicators and financial information are given a coherent overview.

The Group General Secretariat (SEGL) is tasked with, under its terms of reference, protecting the bank in order to promote its development. It assists the General Management on the subject of the Group’s governance. In addition it manages the Group’s overall security, together with the GCOO Service Unit in respect of IT systems security, of information systems and designs and implements the risk insurance policy for the entire Group and its staff. It oversees public affairs and institutional relations/advocacy initiatives within the Societe Generale group.

The Group Human Resources Division (HRCO) is responsible for defining and implementing the Group’s Human Capital policy in line with the Group’s overall strategy. HRCO is responsible for the management and supervision of Societe Generale's entire Human Resources (HR) sector. As a partner of the business lines and it is a key player in the Group’s transformation.

The Group Chief Operating Office (GCOO) manages the Group's resources, supports the digital transformation and contributes to the development of the Group's operational efficiency.

The Sustainable Development Division which reports to the General Management, assists the Deputy Chief Executive Officer in charge of the whole ESG policies and their effective translation into the business lines and functions trajectories. It supports the Group ESG transformation to make it a major competitive advantage, in the business development as well as in the ESG (Environmental & Social & Governance) risks management.
 

The main aim of the Risk Management Department (RISQ) is to contribute to the definition of the strategy and the sustainable development of the Societe Generale Group’s activities and profitability. To this end, the Risk Management Function (i) proposes to the General Management and the Board of Directors, and with the contribution of the Finance Department, the Group's risk appetite based on its independent analysis of all existing and potential risks; (ii) is involved in all important risk management decisions through an effective challenge; (iii) defines, implements, and monitors the effectiveness of an holistic, relevant and robust risk management framework, validated by the Board of Directors, to ensure the compliance with risk appetite and to provide the General Management and the Board of Directors with an independent analysis and advice on group-wide and holistic view of all the existing and forecasted risks the Group is facing; (iv) proposes adjustment and corrective measures, if necessary.

In particular, the Risk Management Function, as an independent second line of defence, contributes to the embedment of a risk culture by reporting a holistic view of risks and how they are managed, and ensuring that Business Units and Services Units are aware of their risks and the risk appetite in which they must operate.

The Risk Division reports to the Group's Chief Executive Officer.

According to EBA’s guidelines on internal governance and French regulations, the non-compliance risk is defined as being the risk of judicial, administrative or disciplinary sanctions, significant financial loss or reputational damage resulting from non-compliance with provisions specific to banking and financial sectors. Its main missions are to i) ensure that all risks of non-compliance are identified and that the Group complies with all regulatory and supervisory obligations, ii) assess the impact of regulatory and legal changes on the Group’s activities and the compliance framework, iii) advise and inform the General Management and the Board of Directors on the risks of non-compliance.

THE THIRD LINE OF DEFENCE (LoD3) is provided by the General Inspection & Audit Division (IGAD), which includes Internal Audit and General Inspection. Strictly independent from the business lines as well as permanent control, it carries out a periodic control mission.

The Risk Identification Process is a key effective tool of the Group risk-management framework since it allows to identify all risks that are or might become material at the Group level. This process, which is continuously performed by Business Units and Service Units, should be comprehensive to cover all Group exposures and all risk categories defined in the Risk Taxonomy.

The outcome of the annual Risk Identification process is approved annually by the Group CORISQ and presented to the Group Board of Directors.

Once the physical risks have been identified, the Group defines its risk appetite, i.e. the level of risk that the Group is prepared to accept, as part of its business and strategy, on the types of risk identified as physical. The governance of risk appetite determination and risk appetite monitoring are described in the following paragraphs.

The main elements of the Group’s risk profile as of 31 December 2024 are detailed in the “Risk and Capital Adequacy” chapter of this document, respectively:

• ●credit risk: Chapter 4.5;
• ●market risk: Chapter 4.7;
• ●liquidity risk: Chapter 4.9;
• ●structural risk (rate, foreign exchange rate): Chapter 4.8;
• ●non-financial risks and non-compliance risks: Chapter 4.10 and Chapter 4.11.

Within the Group, stress tests, which is a key part of risk management, contribute to the identification, measurement and management of risks, as well as to the assessment of the adequacy of capital and liquidity to the Group’s risk profile.

The purpose of the stress tests is to cover and quantify, resulting from the Risk Identification annual process, all the material risks to which the Group is exposed and to inform key management decisions. They are therefore used to evaluate the performance of a given portfolio, an activity or entity of the Group in an adverse business context. It is essential in building the forward-looking approach required for strategic/financial planning. In this context, they constitute a privileged measure of the resilience of the Group, its activities and its portfolios, and are an integral part of the process of developing risk appetite.

The Group stress testing framework combines stress tests in line with the stress testing taxonomy set by the EBA. Group-wide stress tests should cover all legal entities in the Group consolidation perimeter, subject to risk materiality. Stress test categories are:

• ●stress tests based on scenarios: application of historical and/or hypothetical conditions but which must remain plausible and in conjunction with the Economic and Sector Studies Department, to a set of risk factors (interest rates, GDP, etc.);
• ●sensitivity stress tests: assessment of the impact of the variation of an isolated risk factor or of a reduced set of risk factors (a shock in rates, credit rating downgrade, equity index shock, etc.);
• ●reverse stress tests: start with a pre-defined adverse outcome, such as a level of a regulatory ratio, and then identifies possible scenarios that could lead to such an adverse outcome.

The system of stress tests within the Group therefore includes:

• ●global stress tests:
• Global Group stress tests cover all activities and subsidiaries that are part of the Group’s consolidation scope (“Group-wide”), as well as all major risks (including credit risk, market risk, non-financial risk and structural risk). They aim at stressing both the Group P&L and key balance-sheet metrics, notably capital and liquidity ratios.
• The central stress test is the Global group stress test, which is based on a central scenario and on adverse macroeconomic scenarios modelled by the Economic Research Department, under the independent supervision of the Group Chief Economist. Macroeconomic scenarios are supplemented by other parameters such as capital market conditions, including assumptions on funding.
• The performance of the Global Group stress test is based on the uniform application of the methodology and assumptions at the level of all entities and at Group level. This means that the risk factors, and in particular the macroeconomic assumptions used locally, must be compatible with the macroeconomic scenario defined by the Group. Entities must submit macroeconomic variables to the Group’s Economic Studies Department to check their consistency.
• The regulatory stress test conducted periodically by the EBA also covers all entities and risks and is scenario-based. Therefore, its execution globally mirrors the process defined for the internal Group Global Stress Test, with an increased involvement of the Group central teams, except for the scenario design which is defined by the supervisor;
• ●specific stress tests which assess a specific type of risk (market risk, credit risk, liquidity risk, interest rate risk, etc.):
  • -credit risk stress tests complement the global analysis with a more granular approach and allow fine-tuning of the identification, assessment and management of risk, including concentration,
  • -market stress tests estimate the loss resulting from a severe change in financial market risk factors (equity indexes, interest rates, credit spreads, exotic parameters, etc.). They apply to all Group’s market activities and rely on adverse historical and hypothetical scenarios,
  • -the operational risk assessment relies on an analysis of historical losses, factoring in internal and external loss data as well as the internal framework and the external environment. This includes losses incurred by international financial institutions, and hypothetical forward-looking “scenario analyses” for all operational risk categories,
  • -liquidity stress tests which include: (i) a market-wide scenario that attempts to capture a crisis in which financial markets would undergo an extreme market liquidity disruption causing systemic stress event, and (ii) an idiosyncratic scenario that attempts to capture a firm-specific crisis potentially triggered by a material loss, reputational damage, litigation, executive departures,
  • -stress tests which assess the sensitivity to structural interest rate risk concerning the banking book. The exercise focuses on rate variations by stressing (i) the net present value of the positions or (ii) the interest margin and on foreign exchange rate fluctuations on the residual foreign exchange positions,
  • -a stress test on employment benefits which consists of simulating the impact of variations in market risk factors (inflation, interest rates, etc.) on the Group’s net position (dedicated investments minus the corresponding employment benefits),
  • -stress tests on the risk linked to insurance activities defined in the risk appetite of the Insurance Business Unit, which puts stress on risk factors specific to financial and insurance activities to measure and control the main risks relating thereto,
  • -Residual Value Risk Stress Tests where ALD/Ayvens performs various shocks on leasing-specific risk factors to measure and control its major risks like residual value risk,
  • -climate stress tests based on climate risk scenarios at least once a year. These stress tests may encompass both transition and/or physical risk and may cover short term to medium-long term horizons,
  • -reverse stress tests, both as part of the risk appetite and the recovery plan. The impact of these stress tests is typically defined via a breaking point in the solvency ratio or liquidity indicator, which poses a significant threat to the Bank. Hypothetical scenarios leading to this breaking point are then constructed in order to identify new weaknesses and to test the availability and feasibility of managerial/remediation measures.

In addition to internal stress test exercises, the Group is part of the sample of European banks participating in major international stress tests programmes conducted by the European Banking Authority (EBA) and the European Central Bank (ECB).

In accordance with the modified French Decree of 3 November 2014, the Group has implemented an internal control framework for SG SA and the Group’s entities included in the scope of application. The Board of Directors and the executive officers are jointly responsible for the governance of internal control. General Management establishes and presents to the Board of Directors a series of control processes and frameworks corresponding to the risk strategy approved by said Board in connection with the risk appetite. It oversees the implementation and effectiveness thereof.

The Audit and Internal Control Committee reports to the Board of Directors. It is responsible for preparing the decisions of the Board in respect of internal control supervision.

As part of their remit, the General Management and Risks Division submits reports to the Audit and Internal Control Committee on the internal control of the Group. The Committee monitors the implementation of remediation plans when it considers the risk level to be justified.

Internal control is based on a body of standards and procedures.

All SG Group activities are governed by the rules and procedures contained in documents collectively referred to as the “Standard Guidelines” and are included in SG's Code, which:

• ●set out the rules for action and conduct applicable to Group staff;
• ●define the structures of the businesses and the sharing of roles and responsibilities;
• ●describe the management rules and internal procedures specific to each business and activity.

The Societe Generale Code groups together the standard guidelines which, in particular:

• ●define the governance of the SG Group, the structures and duties of its Business Units and Services Units, as well as the operating principles of the cross-business systems and processes (Codes of Conduct, charters, etc.);
• ●lay down the operating framework of an activity and the management principles and rules applicable to products and services rendered, and also define internal procedures.

The Societe Generale Code has force of law within the Group and falls under the responsibility of the Group Corporate Secretary.

By their very nature, risks take different forms and evolve over time. They exist in all business processes and activities. They need to be managed and controlled, as part of a global, dynamic framework focused on prevention, and integrated at all levels of the organisation as part of the Bank’s day-to-day management. The internal control framework is key to this approach. Such framework is made up of all methods used to ensure that the operations carried out and the organisation and procedures implemented comply with:

• ●legal and regulatory provisions;
• ●professional and ethical practices;
• ●internal rules and guidelines defined by the Board of Directors.

In particular, the internal control framework aims to:

• ●prevent malfunctions;
• ●assess the risks involved, and exercise sufficient control to ensure they are managed;
• ●ensure the adequacy and effectiveness of internal processes, particularly those which help safeguard assets;
• ●detect irregularities;
• ●guarantee the reliability, integrity and availability of financial and management information; and
• ●check the quality of information and communication systems.

The internal control framework is designed to limit risk to an acceptable level. Its implementation must therefore be managed in line with the risk appetite.

The SG Group’s internal control framework is based on the following fundamentals:

• ●the completeness of the scope of controls, which concern all risk types and apply to all the Group’s entities;
• ●the individual responsibility of each employee and each manager in managing the risks they take or supervise, and in overseeing the operations they handle or are responsible for;
• ●the responsibility of the second line of defence services (LOD2), defined below, in light of their expertise and independence, in defining the control needs of so-called normative controls – with the support of the first line of defence services (LOD1), defined below, in their respective areas of expertise if necessary – reviewing the control results, and reporting on a consolidated risk overview;
• ●the exercise of level 2 permanent control by the independent control teams, in particular through the RISQ/CTL, CPLE/CTL, DFIN/CTL Departments;
• ●the proportionality of controls to the magnitude of the risks involved;
• ●the independence of internal audit and the independence of the second line of defence vis-à-vis the core businesses.

The three lines of defense model is the model advocated by the Basel Committee and the EBA for assigning responsibilities for internal control and risk management framework within a financial institution. This model is broken down at Societe Generale as follows:

• ●the “Internal audit”, represented by the General Inspection and the Audit (IGAD), is the third line of defense;
• ●the second line of defense is composed by the compliance function and the risk management function;
• ●the first line of defense is made up of the other BUs and SUs.

The level 1 permanent controls, carried out in the context of operations within the BUs and the SUs, ensure the security and quality of trades and operations. These controls are defined as a set of provisions constantly implemented to ensure, at the operational level, the regularity, validity, and security of the operations carried out.

The level 1 of permanent controls consists of:

• ●any combination of actions and/or frameworks that may limit the probability of a risk occurring or reduce its consequences for the Company: these include controls carried out on a regular and permanent basis by businesses or by automated systems during trades processing, automated or non-automated security rules and controls that are part of the transaction processing, or controls included in operational procedures. Organisational frameworks (e.g., separation of functions) or governance, training actions, when they directly contribute to controlling certain risks, also fall into this category;
• ●controls carried out by managers: line managers control the correct functioning of the frameworks under their responsibility. As such, they are obliged to apply formal procedures on a regular basis to ensure that employees comply with rules and procedures and that Level 1 controls are carried out effectively.

In order to coordinate the operational risk management and the level 1 permanent control framework, the BU/SU deploy a specific department so-called CORO for Controls & Operational Risks Office function (Operational Risks Controls and Management Department).

The level 2 permanent controls are designed to ensure that the Level 1 controls are effective:

• ●the defined scope includes all permanent Level 1 controls, including managerial supervision controls and controls carried out by dedicated teams;
• ●this review and these verifications aim to give an opinion on (i) the effectiveness of Level 1 controls, (ii) the quality of their implementation, (iii) their relevance (including, in terms of risk prevention), (iv) the definition of their modus operandi, (v) the relevance of remediation plans implemented following the detection of anomalies, and the quality of their follow-up, and thus contribute to the evaluation of the ieffectiveness of Level 1 controls.

The Level 2 permanent control is carried out by teams independent from operational personnel.

These controls are performed centrally by dedicated teams within Risk Service Unit (RISQ/CTL), Compliance Service Unit (CPLE/CTL) and Finance Service Unit (DFIN/CTL) and locally by the second-level control teams within the BU/SUs or entities.

Numerous stakeholders are involved in the production of financial data:

• ●the Board of Directors, and more specifically its Audit and Internal Control Committee, is tasked with examining the draft financial statements which are to be submitted to the Board, as well as verifying the conditions under which they were prepared and ensuring not only the relevance but also the consistency of the accounting principles and methods applied. The Audit and Internal Control Committee’s remit also is to monitor the independence of the Statutory Auditors, and theimpactiveness of the internal control, measurement, supervision and control systems for risk related to the accounting and financial processes. The Statutory Auditors meet with the Audit and Internal Control Committee during the course of their engagement;
• ●the Group Finance Department gathers the accounting and management data compiled by the subsidiaries and the Business Units/Services Units in a set of standardised reports. It consolidates and verifies this information so that it can be used in the overall management of the Group and disclosed to third parties (supervisory bodies, investors, etc.). It also has a team in charge of the preparation of the Group regulatory reports.
• Under the terms of their missions, they are responsible for:
  • -monitoring the financial aspects of the Group’s capital transactions and its financial structure,
  • -managing its assets and liabilities, and consequently defining, managing and controlling the Group’s financial position and structural risks,
  • -ensuring that the regulatory financial ratios are respected,
  • -defining accounting and regulatory standards, frameworks, principles and procedures for the Group, and ensuring that they are observed,
  • -verifying the accuracy of all financial and accounting data published by the Group;
• ●the Finance Departments of subsidiaries and Business Units/Services Units carry out certification of the accounting data and entries booked by the back offices and of the management data submitted by the front offices. They are accountable for the financial statements and regulatory information required at the local level and submit reports (accounting data, finance control, regulatory reports, etc.) to the Group Finance Department. They can perform these activities on their own or else delegate their tasks to Shared Service Centre operating in finance and placed under Group Finance Department governance;
• ●the Risk Department consolidates the risk monitoring data from the Group’s Business Units/Services Units and subsidiaries in order to control credit, market and operational risks. This information is used in Group communications to the Group’s governing bodies and to third parties. Furthermore, it ensures in collaboration with the Group Finance Department, its expert role on the dimensions of credit risk, structural liquidity risks, rates, foreign exchange rates, on the issues of recovery and resolution and the responsibility of certain closing processes, notably the production of solvency ratios;
• ●the Back offices are responsible for all support functions to front offices and ensure contractual settlements and deliveries. Among other responsibilities, they check that financial transactions are economically justified, book transactions and manage means of payment.

Audited I Since January 2014, Societe Generale has been applied the new Basel III regulations implemented in the European Union under the terms of the relevant CRR Regulation and CRD Directive.

The general framework defined by Basel III is structured around three pillars:

• ●Pillar 1 sets the minimum solvency, leverage and liquidity requirements and defines the rules that banks must use to measure risks and calculate the related capital requirements, according to standard or more advanced methods;
• ●Pillar 2 concerns the discretionary supervision implemented by the competent supervisory authority, which allows it – through constant dialogue with the credit institutions it supervises – to assess the capital adequacy calculated in accordance with Pillar 1 and to calibrate additional capital requirements taking into account all the risks faced by these institutions;
• ●Pillar 3 promotes market discipline by developing a set of reporting requirements, both quantitative and qualitative, that enable market participants to better assess the capital, risk exposure, risk assessment procedures and hence the capital adequacy of a given institution.

Several amendments to European regulatory standards were adopted in May 2019 (CRR2/CRD5). The majority of the provisions came into impact in June 2021.

These amendments manly concern:

• ●leverage ratio: the minimum requirement of 3% to which is added since January 2023, 50% of the buffer required as a systemic institution;
• ●derivatives counterparty risk (SA-CCR (2)): the “SA-CCR” method is the Basel method replacing the old CEM (3) method for determining the prudential exposure to derivatives in the standardised approach;
• ●large Exposure: the main change is the calculation of the regulatory limit (25%) on Tier 1 capital (instead of total capital), as well as the introduction of a specific cross-limit on systemic institutions (15%);
• ●TLAC: the ratio requirement for G-SIBs is introduced in CRR. In accordance with to the Basel text, G-SIBs must comply with an amount of capital and eligible debts equal to the highest between 18% + risk-weighted assets buffers and 6.75% leverage from 2022.

In December 2017, the Group of Central Bank Governors and Heads of Banking Supervision (GHOS), which oversees the Basel Committee on Banking Supervision, approved regulatory reforms to complement Basel III.

The transposition into European law of the finalisation of Basel III in the CRR3 and CRD6 texts was completed through publication in the EU Official Journal in June 2024. The new rules will be applicable mainly from 1 January 2025.

One of the main novelties is the introduction of a global output floor: the Group’s Risk-Weighted Assets (RWA) will be subject to a floor corresponding to a percentage of the standard method (credit, market and operational). The output floor level will gradually increase from 50% in 2025 to 72.5% in 2030.

Regarding FRTB, for the Standard Approach (SA-Standard Approach), the reporting has been effective since the third quarter of 2021. The full implementation of FRTB, including the rules on the boundary between the banking and trading book, should be aligned with the entry into force of CRR3. Nevertheless, the European legislators reserve the right to postpone this application (up to 2 years) depending on how it is applied in other jurisdictions (in particular in the US). ▲

Audited I As part of its capital management, the Group ensures, under the supervision of the Finance Department and control of the Risk Department, that its solvency level is always compatible with a view to:

• ●maintaining its financial strength while respecting risk appetite;
• ●preservation of its financial flexibility to finance its internal and external development;
• ●appropriate allocation of capital between its various business lines in accordance with the Group’s strategic objectives;
• ●maintaining the Group’s resilience in the event of stress scenarios;
• ●meeting the expectations of its various stakeholders: supervisors, debt and capital investors, rating agencies and shareholders.

The Group therefore determines its internal solvency target, in accordance with these objectives and compliance with regulatory thresholds.

The Group has an internal capital adequacy assessment process that measures and explains changes in the Group’s capital ratios over time, taking into account future regulatory constraints where appropriate. ▲

This process is based on a selection of key metrics for measuring risk and capital measurement such as CET1, Tier 1 and Total Capital ratios. These regulatory indicators are supplemented by an assessment of the coverage of internal capital needs by available internal capital and thus confirming via an economic perspective, the relevance of the targets set in the risk appetite. Besides, this assessment takes into account the constraints arising from the other metrics of the risk appetite, such as rating, MREL and TLAC or leverage ratio.

All of these indicators are measured on a forward-looking basis in relation to their target on a quarterly or even monthly basis for the current year. During the preparation of the financial plan, they are also assessed on a quarterly or annual basis within a three-year timeframe according to at least a baseline and two adverse scenarios, in order to demonstrate the resilience of the bank’s business model against adverse macroeconomic and financial uncertain environments. Capital adequacy is continuously monitored by the Executive Management and by the Board of Directors as part of the Group’s corporate governance process and is reviewed in depth during the preparation of the financial plan. It ensures that the bank always complies with its financial target and that its capital level is above the “Maximum Distributable Amount” (MDA) threshold.

Besides, the Group maintains a balanced capital allocation among its three strategic core businesses:

• ●French Retail Banking, Private banking, Insurance;
• ●Mobility, International Banking and Financial Services;
• ●Global Banking and Investor Solutions.

Each of the Group’s core businesses accounts for around a third of total Risk-Weighted Assets (RWA), with a predominance of credit risk (84% of total Group RWA, including counterparty credit risk).

As of 31 December 2024, Group RWA were relatively stable at EUR 389.5 billion, compared with EUR 388.8 billion at the end of December 2023.

RWA is central to the bank's capital trajectory and is based on a deep understanding of the different variation drivers. Where appropriate, the General Management may decide, upon a proposal from the Finance Department, to implement managerial actions to increase or reduce the share of the core businesses, for example by validating the execution of synthetic securitisation or disposals of performing or non-performing portfolios. The Group Capital Committee and the contingency capital plan provide General Management with framework analysis, governance and several levers in order to adjust the capital management trajectory.

The Group’s scope of prudential reporting includes all fully consolidated entities according to accounting rules except for insurance entities, which are subject to separate capital supervision.

Whenever relevant, subsidiaries may be excluded from prudential reporting scope notably if the sum of balance-sheet and off balance-sheet commitments are lower than EUR 10 million or 1% of the total balance-sheet and off balance-sheet of the legal entity owning the equity. Legal entities excluded from the prudential reporting scope are subject to periodic reviews, at least annually.

All the Group's regulated entities comply with their prudential commitments on an individual basis.

The following table lists the main differences between the accounting scope (at consolidated Group level) and the prudential scope (Banking Regulation requirements).

The following table provides a reconciliation between the consolidated balance-sheet and the accounting balance-sheet within the prudential scope. The amounts presented are accounting data, not a measure of RWA, EAD or prudential capital. Prudential filters related to entities and holdings not associated with an insurance activity are grouped together on account of their non-material weight (< 0.1%).

As reported in accordance with International Financial Reporting Standards (IFRS), Societe Generale’s regulatory capital consists of the following components:

According to the applicable regulations, Common Equity Tier 1 capital mainly comprises the following:

• ●ordinary shares (net of repurchased shares and treasury shares) and related share premium accounts;
• ●retained earnings;
• ●components of other comprehensive income;
• ●other reserves;
• ●minority interests limited by CRR/CRD.

Deductions from Common Equity Tier 1 capital essentially involve the following:

• ●estimated dividend payments;
• ●goodwill and intangible assets, net of associated deferred tax liabilities;
• ●unrealised capital gains and losses on cash flow hedging;
• ●income on own credit risk;
• ●deferred tax assets on tax loss carry forwards;
• ●deferred tax assets on refundable tax credit;
• ●deferred tax assets resulting from temporary differences beyond a threshold;
• ●assets from defined benefit pension funds, net of deferred taxes;
• ●any positive difference between expected losses on client loans and receivables managed under the internal ratings-based (IRB) approach, and the sum of related value adjustments and collective impairment losses;
• ●Pillar 1 NPL backstop;
• ●value adjustments resulting from the requirements of prudent valuation;
• ●securitisation exposures weighted at 1,250%, when these positions are excluded from the calculation of RWA;
• ●delivery risk;
• ●equity stake within the financial sector beyond the regulatory franchise.

The Basel III Accord has established the rules for calculating minimum capital requirements in order to more accurately assess the risks to which banks are exposed, taking into account the risk profile of transactions via two approaches intended for determining RWA: a standardised approach and an advanced one based on internal methods modelling the counterparties’ risk profiles.

As of 31 December 2024, RWA (EUR 389.5 billion) were distributed as follows:

• ●credit and counterparty credit risks accounted for 84% of RWA (of which 35% for Mobility, International Retail Banking and Financial Services);
• ●market risk accounted for 3% of RWA (of which 88% for Global Banking and Investor Solutions);
• ●operational risk accounted for 13% of RWA (of which 59% for Global Banking and Investor Solutions).

The Total Loss Absorbing Capacity (TLAC) requirement which applies to Societe Generale has been 18% of RWA since 1 January 2022, to which the conservation buffer of 2.5%, the G-SIB buffer of 1% and the countercyclical buffer must be added. As of 31 December 2024, the TLAC requirement therefore stood at 22.3% of Group RWA.

The TLAC rule also provides for a minimum ratio of 6.75% of the leverage exposure since January 2022.

As of 31 December 2024, Societe Generale reached a phased-in TLAC ratio of 29.72% excluding senior preferred debts. 

The TLAC ratio expressed as a percentage of leverage exposure is 8.03%.

The Minimum Requirement for own funds and Eligible Liabilities (MREL) has applied to credit institutions and investment firms within the European Union since 2016.

Contrary to the TLAC ratio, the MREL requirement is tailored to each institution and regularly revised by the resolution authority. This requirement amounts to 27.6% in 2024. Throughout the year, Societe Generale complied with its requirements while MREL ratio as a percentage of RWA stands at 34.2% at the end of 2024.

Moreover, the MREL requirement as a percentage of leverage exposure amounted to 6.23% while the ratio stands at 9.2% at the end of 2024.

The Group calculates its leverage ratio according to the CRR2 rules applicable since June 2021.

Managing the leverage ratio means both calibrating the amount of Tier 1 capital (the numerator of the ratio) and controlling the Group’s leverage exposure (the denominator of the ratio) to achieve the target ratio levels that the Group sets for itself. To this end, the leverage exposure of the different businesses is monitored by the Finance Division.

The Group aims to maintain a consolidated leverage ratio that is significantly higher than the 3.6% minimum set in the Basel Committee’s recommendations, implemented in Europe via CRR2, including leverage pillar 2 add-on and a fraction of the systemic buffer which is applicable to the Group.

As of 31 December 2024, the phased leverage ratio of Societe Generale stood at 4.34% taking into account a Tier 1 capital amount of EUR 62.6 billion compared with a leverage exposure of EUR 1,442 billion (versus 4.25% as of December 2023, with EUR 60.5 billion and EUR 1,422 billion, respectively).

The CRR incorporates the provisions regulating large exposures. As such, Societe Generale must not have any exposure towards a single beneficiary which exceeds 25% of the Group’s capital.

The final rules of the Basel Committee on large exposures, transposed in Europe through CRR2, have been applicable since June 2021. The main changes compared with CRR concern the calculation of the regulatory limit (25%), henceforth expressed as a proportion of Tier 1 (instead of cumulated Tier 1 and Tier 2), and in the introduction of a cross-specific limit on systemic institutions (15%).

The Societe Generale Group, also identified as a “Financial conglomerate”, is subject to additional supervision from the ECB.

As of 31 December 2024, Societe Generale’s financial conglomerate equity covered the solvency requirements for both banking and insurance activities.

As of 30 June 2024, the financial conglomerate ratio was 131.8%, consisting of a numerator “Own funds of the Financial Conglomerate” of EUR 78.8 billion, and a denominator “Regulatory requirement of the Financial Conglomerate” of EUR 59.8 billion.

As of 31 December 2023, the financial conglomerate ratio was 135.2%, consisting of a numerator “Own funds of the Financial Conglomerate”of EUR 77.6 billion, and a denominator “Regulatory requirement of the Financial Conglomerate” of EUR 57.4 billion.

Audited I Business Units and entities translate the principles laid out in this section as necessary into credit policies, which must comply with all the following rules:

• ●the credit policy that defines lending criteria and, usually, limits on risk-taking by sector, type of loan, country/geographic area or by customer/customer segment. These rules are defined in particular by the CORISQ and Credit Risk Committees (CRCs) and drawn up in consultation with the Business Units concerned;
• ●the credit policy is in line with the Group's risk management strategy in accordance with its risk appetite validated by the Board of Directors;
• ●credit policies are based on the principle that any commitment involving credit risks depends on: 
  • -in-depth knowledge of the customer and its business,
  • -an understanding of the purpose and nature of the transaction structure as well as sources of income that will generate fund repayment,
  • -the adequacy of the transaction structure, in order to minimise the risk of loss in the event of counterparty default,
  • -the analysis and the validation of the files, involving respectively and independently the responsibility of the Primary Customer Responsibility Unit (PCRU-SSC) and the dedicated risk units within the risk management function. In order to ensure a consistent approach in the Group’s risk- taking, this PCRU-SSC and/or risk unit reviews all applications for authorisation relating to a given customer or category of customers (except in the case of credit delegations granted by the PCRU- SSC and RISQ to certain Societe Generale entities), the monitoring being conducted on a consolidated customer basis for all these authorisations. The PCRU-SSC and risk unit must operate independently of each other,
  • -the allocation of a rating or a score, which is a key criterion of the granting policy on the non-retail perimeter. These ratings are validated by the dedicated risk unit. Particular attention is paid to the regular review of these ratings. On retail perimeter, cf infra “Specificities of retail portfolios”,
  • -on the non-retail perimeter, a delegation of authority regime, mainly based on the internal rating of counterparties, provides decision-making authority on the risk units on one hand and the PCRU- SSC on the other,
  • -proactive management and monitoring of counterparties whose situation has deteriorated to contain the risk of loss given a default of a counterparty.

Credit risk is framed through a set of limits that reflect the Group’s risk appetite.

The appetite for credit risk is tracked through credit principles, policies and limits alongside pricing policies, at the group, business unit and business line level:

• ●the projected level of the net cost of risk in the bank’s budget and in the strategic and financial plans over a minimum three-year horizon, based on the central and stressed scenarios. In this regard, special attention is paid to concentration risk and the Societe Generale Group regularly assesses portfolio risk in stress scenarios;
• ●an acceptable level of coverage of credit loss risk per interest margin product, through pricing policies that are differentiated in relation to the degree of risk. ▲

Audited I Since 2007, Societe Generale has been authorised by its supervisory authorities to apply, for the majority of its exposures, the internal method (Internal Rating Based method – IRB) to calculate the regulatory capital required for credit risk.

The remaining exposures subject to the Standard approach mainly concern the retail and SME portfolios of the International Retail Banking activities. For exposures processed under the standard method excluding retail customers, the Group mainly uses ratings from the Standard & Poor’s, Moody’s and Fitch rating agencies and the Banque de France. In the event that several ratings are available for a third party, the second-best rating is applied.▲

Societe Generale has revised its overall IRB framework and established a coherent group wide strategy, based on objective and well-defined criteria to determinate the most appropriate approach (IRB or standardised approach) for calculating own funds requirements, thereby ensuring better overall coherence of the framework. This strategy considers the availability of sufficient representative data for developing models fulfilling all regulatory requirements. The requests for changes in approach resulting from this strategy, have been submitted to the ECB for authorization. In parallel, the application of CRR3 will also require some changes in approach from 2025, such as the use of the IRB-Foundation approach on exposures to very large corporate and financial institutions.

Moreover, in accordance with the documents published by the EBA as part of the “IRB Repair” program and following the review missions carried out by the ECB (TRIM – Targeted Review of Internal Models), the Group is pursuing its remediation on internal models, in particular by:

• ●the simplification of the models architecture;
• ●improving the quality of data and its traceability throughout the chain;
• ●the correct application of the roles and responsibilities of the LOD1 (first line of defense) and LOD2 (second line of defense) teams, particularly with regard to design, approval and monitoring of the models performance;
• ●the rationalization and improvement of certain IT application, particularly the models referential;
• ●the establishment of a more complete normative base, and a closest relationship with the supervisor.

As part of compliance with IRB Repair, evolutions to the rating systems and models have been and will be submitted to the ECB for approval.

Audited I To calculate its capital requirements under the IRB (Internal Rating Based) method, Societe Generale estimates the Risk-Weighted Assets (RWA) and the Expected Loss (EL) based on the nature of the transaction, the quality of the counterparty (via internal rating) and any measures taken to mitigate risk.

The calculation of RWA is based on the Basel parameters, which are estimated from the internal risk measurement system:

• ●the Exposure at Default (EAD) value is defined as the Group’s exposure in the event that the counterparty should default. The EAD includes exposures recorded on the balance sheet (such as loans, receivables, accrued income, etc.), and a proportion of off-balance sheet exposures calculated using internal or regulatory Credit Conversion Factors (CCF);
• ●the Probability of Default (PD): the probability that a counterparty will default within one year;
• ●the Loss Given Default (LGD): the ratio between the loss on an exposure in the event a counterparty defaults and the amount of the exposure at the time of the default.

The estimation of these parameters is based on a quantitative evaluation system which is sometimes supplemented by expert or business judgment. Where the credit quality of a counterparty is not accurately reflected in the score calculated by the model, the user of the model may modify the proposed credit quality in accordance with a framed scheme and subject to validation of the LOD2.

In addition, a set of procedures defines the rules relating to ratings (scope, frequency of review, approval procedure, etc.) and model life cycle.

The Group also takes into account:

• ●the impact of guarantees and credit derivatives, where applicable by substituting the PD, the LGD and the risk-weighting calculation of the guarantor for that of the obligor (the exposure is thus considered to be a direct exposure to the guarantor) in the event that the guarantor’s risk weighting is more favorable than that of the obligor;
• ●collateral (physical or financial) taken into account via the LGD level.

Societe Generale can also apply an IRB Foundation approach (where only the PD parameter is estimated by the Bank, while the LGD and CCF parameters being set by the supervisor) to some specialised lending exposures, booked in subsidiaries such as Franfinance Location, Sogelease and Star Lease, or when mandatory required by regulation.

Moreover, the Group has authorisation from the supervisor to use the IAA (Internal Assessment Approach) method to calculate the regulatory capital requirement for ABCP (Asset-Backed Commercial Paper) securitisation.

In addition to the capital requirement calculation under the IRBA method, the Group’s credit risk measurement models contribute to the management of the Group’s activities. They also constitute tools to structure, price and approve transactions and contribute to the setting of approval limits granted to business lines and the Risk function. ▲

If capital requirement is calculated using the standard method when an external rating is available, the corresponding exposure is converted into risk weighted exposures according to the mapping tables provided in the CRR (Articles 120-121-122) more specifically in the tables published by the French supervisor ACPR (link: https://acpr.banque-france.fr/sites/default/
files/media/2021/07/08/20210707_notice_crdiv_college_clean.pdf).

Audited The Group uses credit risk mitigation techniques for both market and commercial banking activities. These techniques provide partial or full protection against the risk of debtor insolvency.

There are two main categories:

• ●personal guarantees are commitments made by a third party to replace the primary debtor in the event of the latter’s default. These guarantees encompass the protection commitments and mechanisms provided by banks and similar credit institutions, specialised institutions such as mortgage guarantors, monoline or multiline insurers, export credit agencies, states in the context of the health crisis linked to Covid-19 and consequences of Ukraine conflict, etc. By extension, credit insurance and credit derivatives (purchase of protection) also belong to this category;
• ●collateral may consist of physical assets in the form of personal or real property, commodities or precious metals, as well as financial instruments such as cash, high-quality investments and securities, and also insurance policies.

Appropriate haircuts are applied to the value of collateral, reflecting its quality and liquidity.

In order to reduce its risk-taking, the Group is pursuing active management of its securities, in particular by diversifying them: physical collateral, personal guarantees and other collateral (including credit derivatives).

For information, the mortgage loans of retail customers in France benefit overwhelmingly from a guarantee provided by the financing company Crédit Logement, ensuring the payment of the mortgage to the bank in the event of default by the borrower (under conditions of compliance with the terms of collateral call defined by Crédit Logement).

During the credit approval process, an assessment is performed on the value of guarantees and collateral, their legal enforceability and the guarantor’s ability to meet its obligations. This process also ensures that the collateral or guarantee successfully meets the criteria set forth in the Capital Requirements Directive (CRD) and in the Capital Requirements Regulation (CRR).

The guarantors are subject to an internal rating updated at least annually. Regarding collateral, regular revaluations are made based on an estimated disposal value composed of the market value of the asset and, in some cases, a discount. The market value corresponds to the value at which the good should be exchanged on the date of the valuation under conditions of normal competition. It is preferably obtained based on comparable assets, failing this by any other method deemed relevant (example: value in use). This value is subject to haircuts depending on the quality of the collateral and the liquidity conditions.

Regarding collateral used for credit risk mitigation and eligible for the RWA calculation, it should be noted that 95% of guarantors are investment grade. These guarantees are mainly provided by Crédit Logement, export credit agencies, the French State (within the “Prêts Garantis par l’Etat” framework of the loans guaranteed by the French State) and insurance companies.

In accordance with the requirements of European Regulation No. 575/2013 (CRR), the Group applies minimum collateralisation frequencies for all collateral held in the context of commitments granted (financial collateral, commercial real estate, residential real estate, other security interests, leasing guarantees).

More frequent valuations must be carried out in the event of a significant change in the market concerned, the default or litigation of the counterparty or at the request of the risk management function.

In addition, the effectiveness of credit risk hedging policies is monitored as part of the assessment of losses in case of default (Loss Given Default – LGD).

It is the responsibility of the risk management function to validate the operational procedures put in place by the business lines for the periodic valuation of collateral (guarantees and collateral), whether automatic valuations or on an expert opinion and whether during the credit decision for a new financing or during the annual renewal of the credit file.

The amount of guarantees and collateral is capped at the amount of outstanding loans less impairment, i.e. EUR 365.1 billion as of 31 December 2024 (compared with EUR 374.2 billion as of 31 December 2023), of which EUR 144.8 billion for retail customers and EUR 220.3 billion for other types of counterparties (compared with EUR 152.8 billion and EUR 221.4 billion as of 31 December 2023, respectively).

The outstanding loans covered by these guarantees and collateral correspond mainly to loans and receivables at amortised cost, which amounted to EUR 277.6 billion as of 31 December 2024, and to off-balance sheet commitments, which amounted to EUR 78.4 billion (compared with EUR 290.6 billion and EUR 74.4 billion as of 31 December 2023 respectively).

The amounts of guarantees and collateral received for performing outstanding loans (Stage 1) and under-performing loans (Stage 2) with payments past due amounted to EUR 3.7 billion as at 31 December 2024 (EUR 3.8 billion as at 31 December 2023), including EUR 1.7 billion on retail customers and EUR 2 billion on other types of counterparties (versus EUR 1.2 billion and EUR 2.6 billion as at 31 December 2023 respectively).

The amount of guarantees and collateral received for non-performing outstanding loans as of 31 December 2024 amounted to EUR 5.6 billion (compared with EUR 5.6 billion as of 31 December 2023), of which EUR 1.4 billion on retail customers and EUR 4.2 billion on other types of counterparties  (compared  with EUR 1.5 billion  and  EUR 4.1 billion  respectively  as  of 31 December 2023). These amounts are capped at the amount of outstanding.

Information on impairment can be found in Note 3.8 to the consolidated financial statements, which is part of Chapter 6 of the present Universal Registration Document.

In this section, the measurement used for credit exposures is the EAD – Exposure At Default (on- and off-balance sheet). Under the Standardised Approach, the EAD is calculated net of collateral and provisions. 

The grouping used is based on the main economic activity of counterparties. The EAD is broken down according to the guarantor’s features, after taking into account the substitution effect (unless otherwise indicated).

The main metrics used in the following tables are:

• ●Exposure corresponding to all assets (e.g. loans, receivables, accruals, etc.) associated with market or clients transactions, recorded in the bank 's on and off-balance sheet;
• ●EAD (Exposure At Default) defined as the bank’s exposure (on and off-balance sheet) in the event of a counterparty default. Unless otherwise specifically indicated to the contrary, the EAD is reported post-CRM (Credit Risk Mitigation), after factoring in guarantees and collateral. Under the Standardised approach, EADs are presented net of specific provisions and financial collateral;
• ●Risk-Weighted Assets (RWA): are computed from the exposures and associated level of risk dependent on the debtors’ credit status;
• ●Expected Loss (EL): potential loss incurred, given the quality of the structuring of a transaction and any risk mitigation measures such as collateral. Under the AIRB method, the following equation summarises the relationship between these variables: EL = EAD x PD x LGD (except for defaulted exposures).

Audited I Counterparty credit risk is framed through a set of limits that reflect the Group’s appetite for risk.

The business development strategy of the Group for market activities is primarily focused on meeting clients’ needs, with a comprehensive range of products and solutions. The counterparty risk resulting from these market activities is strictly managed through a set of limits, in particular stress tests. The Market Risk Department is responsible for the assessment and validation of the limit requests submitted by the different business lines. These limits ensure that the Group complies with the counterparty risk appetite approved by the Board of Directors.

The choice and calibration of these limits ensure the operational transposition of the Group’s counterparty risk appetite through its organisation:

• ●these limits are allocated at various levels of the Group’s structure and/or at the counterparties’ level;
• ●their calibration is determined using a detailed analysis of the risks related to the supervised portfolio. This analysis may include various elements such as market conditions, specifically liquidity, position manoeuvrability, credit quality of the counterparty, risk/rewards analysis, ESG criteria, etc.
• ●regular reviews make it possible to manage risks according to the prevailing market conditions and the counterparties’ credit quality;
• ●specific limits, or even bans, may be put in place to manage risks for which the Group has limited or no risk appetite.

For its counterparty risk management, the Group uses valuation models as well as models for the calculation of economic or regulatory metrics. The Group implements an appropriate policy for managing the risks inherent in the use of these models.

Societe Generale calculates a stress-testing measure of its counterparty risk to take into account exceptional market disturbances. Counterparty stress tests are a fundamental aspect of risk management. They help design the forward-looking approach needed for strategic and financial planning. The objective of stress tests is to identify and quantify, at the end of the annual risk identification process, all the significant risks to which the Group is exposed and to guide the strategic decisions of the DGLE.

The entire risk control framework is based on standardised measures of counterparty risk, adapted to each type of risk and enabling an assessment to be made at the level of each counterparty, or at an aggregate portfolio level.

Audited I The measure of replacement risk is based on an internal model that determines the Group’s exposure profiles. As the value of the exposure to a counterparty is uncertain and variable over time, we estimate the potential future replacement costs over the lifetime of the transactions. ▲

The future fair value of market transactions with each counterparty is estimated from Monte Carlo models based on a historical analysis of market risk factors.

The principle of the model is to represent the possible future financial markets conditions by simulating the evolutions of the main risk factors to which the institution’s portfolio is sensitive. For these simulations, the model uses different diffusion models to account for the features inherent in the risk factors considered and uses a four-year history for calibration.

The transactions with the various counterparties are then revalued according to these different scenarios at the different future dates until the maturity of the transactions, taking into account the terms and conditions defined in the contractual legal framework agreed and the credit mitigants, notably in terms of netting and collateralisation only to the extent we believe that the credit mitigants provisions are legally valid and enforceable.

The distribution of the counterparty exposures thus obtained allows the calculation of regulatory capital for counterparty credit risk and the economic monitoring of positions.

The Risk Department responsible for Model Risk Management at Group level, assesses the theoretical robustness (review of the design and development quality), the compliance of the implementation, the suitability of the use of the model and continuous monitoring of the relevance of the model over time. This independent review process ends with (i) a report that describes the scope of the review, the tests carried out, the results of the review, the conclusions or recommendations and (ii) review and approval Committees. This model review process gives rise to (i) recurring reports to the Risk Management Department within the framework of various Committees and processes (Group Model Risk Management Committee, Risk Appetite Statement/Risk Appetite Framework, monitoring of recommendations, etc.) and (ii) a yearly report to the Board of Directors (CORISQ).

Audited I With respect to the calculation of capital requirements for counterparty credit risk, the ECB, following the Targeted Review of Internal Models (TRIM), has renewed the approval for using the internal model described above to determine the Effective Expected Positive Exposure (EEPE) indicator.

For products not covered by the internal model as well as for entities in the Societe Generale group that have not been authorised by the supervisor to use the internal model, the Group uses the market-price valuation method for derivatives (5) and the general financial security-based method for securities financing transactions (SFT).

The effects of compensation agreements and collateralisation are taken into account either by their simulation in the internal model when such credit risk mitigant or guarantees meet regulatory criteria, or by applying the rules as defined in the market-price valuation method or the financial security-based method, by subtracting the value of the collateral.

These exposures are then weighted by rates resulting from the credit quality of the counterparty to compute the Risk Weighted Assets (RWA). These rates can be determined by the standard approach or the advanced approach (IRBA).

As a general rule, when EAD is modelled in EEPE and weighted according to IRB approach, there is no adjustment of the LGD according to the collateral received as it is already taken into account in the EEPE calculation. ▲

The RWA breakdown for each approach is available in the “Analysis of Counterparty Credit Risk Exposure by Approach” table in Section 4.6.3.4 “Quantitative Information”.

Audited I The Group uses various techniques to reduce this risk:

• ●the signing, in the most extensive way possible, of close-out netting agreements for over-the-counter (OTC) transactions and Securities Financing Transactions (SFT);
• ●the collateralisation of market operations, either through clearing houses for eligible products (listed products and certain of the more standardised OTC products), or through a bilateral margin call exchange mechanism which covers both current exposure (variation margins) but also future exposure (initial margins).

The Group’s standard policy is to conclude master agreements including provisions for close-out netting with its counterparties.

These provisions allow on the one hand the immediate termination (close out) of all transactions governed by these agreements when one of the parties’ defaults, and on the other hand the settlement of a net amount corresponding to the total value of the portfolio, after netting of mutual debts and claims at current market value. This balance may be the subject of a guarantee or collateralisation. It results in a single net claim owed by or to the counterparty.

In order to reduce the legal risk associated with documentation and to comply with key international standards, the Group documents these agreements under the main international standards as published by National or International professional associations such as International Swaps and Derivatives Association (ISDA), International Capital Market Association (ICMA), International Securities Lending Association (ISLA), French Banking Federation (FBF), etc.

These contracts establish a set of contractual terms generally recognised as standard and give way to the modification or addition of more specific provisions between the parties in the final contract. This standardisation reduces implementation times and secures operations. The clauses negotiated by clients outside the bank’s standards are approved by the decision-making bodies in charge of the master agreements standards – Normative Committee and/or Arbitration Committee – made up of representatives of the Risk Division, the Business Units, the Legal Division and other decision-making departments of the bank. In accordance with regulatory requirements, the clauses authorising global close-out netting and collateralisation are analysed by the bank’s legal departments to ensure that they are enforceable under the legal provisions applicable to clients.

The elements relating to ESG risk factors are presented in Chapter 5 of the 2025 Universal Registration Document, in the Sustainability Statement relating to the application of the European CSRD (Corporate Sustainable Reporting Directive).

In particular, the elements relating to counterparty credit risks are presented in sections 5.1.3 “Impacts, risks and opportunities (IROs)” and 5.3.1.2 “Description of climate change-related material IROs” in the 2025 Universal Registration Document.

Counterparty credit risk is broken down as follows:

The tables present data excluding the CVA (Credit Valuation Adjustment) which amounts to EUR 2,7 billion of risk-weighted assets (RWA) as of 31 December 2024 (vs. EUR 3 billion as of 31 December 2023).

This section presents information on Société Générale’s securitisation activities, acquired or carried out for proprietary purposes or for its customers. It describes the risks associated with these activities and the management of those risks. Finally, it contains quantitative information to describe these activities during 2023 as well as the capital requirements for the Group’s regulatory banking book and trading book within the scope defined by prudential regulations.

As defined in prudential regulations, the term securitisation refers to a transaction or scheme, whereby the credit risk associated with an exposure or pool of exposures is divided into tranches with the following characteristics :

• ●the transaction achieves significant risk transfer, in the case of origination;
• ●payments in the transaction or scheme are contingent on the performance of the exposure or pool of exposures;
• ●subordination of certain tranches determines the distribution of losses during the ongoing life of the transaction or risk transfer scheme.

Securitisation transactions are  stated as laid down in the regulatorions in force:

• ●Regulation (EU) No 2017/2401 amending Regulation (EU) No 575/2013 relating to the capital requirements applicable to credit institutions and to credit and investment firms;
• ●Regulation (EU) No 2017/2402 creating a general framework for securitisation as well as a specific framework for simple, transparent, and standardised securitisations (STS).

Regulation 2017/2401 presents the hierarchy of methods for weighting securitisation positions (see section 8.6). The floor weighting rate is 15% (10% for STS securitisations).

Regulation 2017/2402 defines the criteria to be met when identifying “simple, transparent and standardised” (STS) securitisations to which specific and lower capital charges are applicable. The regulation also specifies the authorisation procedure for third-party organisations that will be involved in ensuring compliance with requirements relating to STS securitisations. The risk retention requirement for the transferor is set at a minimum level of 5%.

The securitisatin framework has been amended by 2 new regulations published on April 6th, 2021:

• ●Regulation (EU) 2021/557 amending regulation (EU) 2017/2402 and creating a specific STS framework for synthetic on-balance sheet securitisations;
• ●Regulation (EU) 2021/558 amending regulation (EU) No 575/2013, a specific prudential framework for non-performing exposures (NPE) securitisations.

The technical authorities, the ESMA and the EBA have issued guidelines or  Regulatory Technical Standards (RTS) with the aim of clarifying certain aspects of the level 1 European regulations.

The securitisation transactions that Societe Generale invests in (i.e. the Group invests directly in certain securitisation positions, is a liquidity provider or a counterparty of derivative exposures) are recognised in accordance with Group accounting principles, as set out in the notes to the consolidated financial statements included in the 2024 Universal Registration Document.

In the financial statements, securitisation positions are classified under accounting categories depending on their contractual cash flow features and on the way the entity manages those financial instruments.

When analysing the contractual cash flow of financial assets issued by a securitisation vehicle, the entity must analyse the contractual terms, as well as the credit risk of each tranche and the exposure to credit risk in the underlying pool of financial instruments. To that end, the entity must apply a “look-through approach” to identify the underlying instruments that generate the cash flows.

Contractual flows that solely represent payments of principal and interest on the principal amount outstanding are consistent with a basic lending arrangement (SPPI flows: Solely Payments of Principal and Interest).

In the financial statements, the basic securitisation positions (SPPI) are classified under two categories, depending on the business model used to manage them:

• ●when they are managed under a “Collect and Sell” business model, the positions are classified as “Financial assets at fair value through other comprehensive income”. Accrued or earned income on these positions is recorded in the profit or loss account based on the effective interest rate, under Interest and similar income. At the reporting date, these instruments are measured at fair value, and changes in fair value, excluding income, are recorded under Unrealised or deferred gains and losses. Furthermore, as these financial assets are subject to impairment for credit risk, changes in expected credit losses are recorded in profit or losses under Cost of risk with a corresponding entry to Unrealised or deferred gains and losses;
• ●when they are managed under a “Hold to Collect” business model, the positions are measured at amortised cost. Subsequent to initial recognition, these positions are measured at amortised cost using the effective interest method, and their accrued or earned income is recorded in the income statement under Interest and similar income. Furthermore, as these financial assets are subject to impairment for credit risk, changes in expected credit losses are recorded in the profit or loss account under Cost of risk with a corresponding impairment of amortised cost under balance sheet assets.

Non basic securitisation positions (non–SPPI) are assessed at fair value through profit or loss, regardless of the business model whereby they are held.

At the balance sheet date, these assets are recorded in the balance sheet under Financial assets at fair value through profit or loss and changes in the fair value of these instruments (excluding interest income) are recorded in the income statement under Net gains or losses on financial instruments at fair value through profit or loss.

Interest income and expense are recorded in the income statement under Interest and similar income and Interest and similar expense.

Securitisation positions classified among financial assets at amortised cost or among financial assets at fair value through other comprehensive income, are systematically subject to impairment or a loss allowance for expected credit losses. These impairments and loss allowances are booked upon initial recognition of the assets, without waiting for objective evidence of impairment.

To determine the amount of impairment to be recorded at each reporting date, these assets are classified into one of three categories based on the increase in credit risk observed since initial recognition. Stage 1 exposures are impaired for the amount of credit losses that the Group expects to incur within 12 months; Stages 2 and 3 exposures are impaired for the amount of credit losses that the Group expects to incur during the life of the exposures.

For securitisation positions measured at fair value through profit or loss, their fair value includes already the expected credit loss, as assessed by the market participant, on the residual lifetime of the instrument.

Reclassification of securitisation positions is only required in the exceptional event that the Group changes the business model used to manage these assets.

Synthetic securitisations in the form of Credit Default Swaps comply with accounting recognition rules specific to trading derivatives.

The securitisation transactions are derecognised when the contractual rights to the cash flows on the asset expire or when the Group has transferred the contractual rights to receive the cash flows and substantially all the risks and rewards linked to the ownership of the asset. Where the Group has transferred the cash flows of a financial asset but has neither transferred nor retained substantially all the risks and rewards of its ownership and has effectively not retained control of the financial asset, the Group derecognises it and, where necessary, recognises a separate asset or liability to cover any rights and obligations created or retained because of transferring the asset. If the Group has retained control of the asset, it continues to recognise it in the balance sheet to the extent of its continuing involvement in that asset.

Securitisation of securitised assets recognised in the Group balance sheet are stated in the same way for accounting purposes as described above.

When a financial asset is entirely derecognised, a gain or loss on disposal is recorded in the income statement for an amount equal to the difference between the carrying value of the asset and the payment received for it, adjusted where necessary for any unrealised profit or loss previously recognised directly under in equity.

A structured entity is an entity that has been designed so that voting or similar rights are not the dominant factor in deciding who controls the entity.

When assessing the existence of control over a structured entity, all facts and circumstances shall be considered, including:

• ●the activities and objects of the entity;
• ●the structuring of the entity (especially, the power to manage the relevant activities of the entity);
• ●the risks to which the entity is exposed by way of its design and the Group’s exposure to some or all of these risks;
• ●the potential benefits provided by the entity to the Group.

Unconsolidated structured entities are those that are not exclusively controlled by the Group.

Within the scope of consolidation of structured entities controlled by the Group, the shares of those entities that are not held by the Group are recognised under “Debt” in the balance sheet.

When customer loans are securitised and partially sold to external investors, the entities carrying the loans are consolidated if the Group retains control and remains exposed to the majority of the risks and benefits associated with these loans.

Any financial support outside of any binding contractual arrangement provided to unconsolidated entities, over securitised assets, would be recognised as a liability on balance sheet if it met the relevant IFRS criteria, or gave rise to a provision under IAS 37, and must be disclosed.

The management of risks associated with securitisation operations follows the rules established by the Group depending on whether these assets are recorded in the banking book (credit and counterparty credit risks) or in the trading book (market risk and counterparty credit risk).

The securitisation risk is monitored by the Client Relations and Financing and Advisory Solutions department (Global Banking & Advisory - GLBA) and, in respect of own account transactions, by the Group Treasury Department of the Financial Department in LoD1 and supervised in the credit risk management system by the “Corporate and Investment Banking” division (CIB) of the Risks department in LoD2.

Only the Asset-Backed Products division of GLBA is mandated to deal with transactions generating securitisation risk.

These operations consist in:

• ●structuring and/or primary distribution of ABS (Asset-Backed Securities), which can take the form of RMBS (Residential Mortgage-Backed Securities), CMBS (Commercial Mortgage-Backed Securities) and CLOs (Collateralised Loan Obligations), structured or co-arranged by Societe Generale, for the benefit of issuers (companies and specialised financial companies) also called “public securitisation”. These transactions do not generate any securitisation risk for the Group if no exposure is retained by Societe Generale;
• ●financing of customer needs, via commercial paper backed by assets issued by Societe Generale conduits or, marginally, on the balance sheet, also called “private securitisation”. These activities generate credit risk for Societe Generale and are overseen by the “Corporate and Investment Banking” (CIB) division of the Risk Department;
• ●structuring of securitisation own account transactions (i.e., the underlying portfolio consisting of receivables booked on the Group’s balance sheet). This activity does not generate additional credit risk for the Group; the role of the Corporate and Investment Banking (CIB) division of the Risk Department [RISQ/CIB] is to ensure that the structure is robust;
• ●securitised products are also used as underlying on the secondary market in collateralised financing and trading transactions. These transactions generate both credit risk and market risk for the Group and are overseen by the “Corporate and Investment Banking” (CIB) and the Risks on Market Activities divisions of the Risk Department.

Securitisation activities allow the Group to raise liquidity or manage risk exposures, for own account purposes or on behalf of customers. Within the framework of these activities, the Group can act as an originator, a sponsor/arranger or an investor:

• ●as an originator, the Group directly or indirectly participates in the initial agreement on assets which subsequently serve as underlying in securitisation transactions, primarily for refinancing purposes;
• ●as a sponsor, the Group establishes and manages a securitisation programme used to refinance customers’ assets, mainly via the Antalis and Barton conduits and via certain other special purpose vehicles;
• ●as an investor, the Group invests directly in certain securitisation positions, is a liquidity provider or a counterparty of derivative exposures.

This information must be considered within the context of the specific structure of each transaction and vehicle, which cannot be described in this report.

Recourse to securitisation is part of the portfolio management program. Securitisation is an efficient tool for optimizing capital management and for managing credit risk exposure while maintaining a strong commercial dynamic. Several transactions with significant risk transfer (SRT) have been executed since mid-2019, mostly in a synthetic format and on different portfolios, to manage underlying credit risks and the associated capital requirement. The SRT policy is documented in terms of internal governance, control framework as well as ongoing monitoring and reporting.

Taken separately, the level of payments past due or in default does not provide sufficient information on the types of exposures securitised by the Group, mainly because the default criteria may vary from one transaction to another. Furthermore, these data reflect the situation of the underlying assets.

In securitisation transactions, past due exposures are generally managed via structural mechanisms that protect the most senior positions.

Impaired exposures belong mainly to CDOs of US subprime residential mortgages, dating back to 2014.

As part of its securitisation activities, the Group does not provide any implicit support in accordance with Article 250 of revised CRR (regulation (UE) 2017/2401).

It should be noted that since the protection purchased is financed, there is no counterparty credit risk on the vendor of the insurance. The Group has no plans to purchase unfunded protection at this stage.

In the trading book, securitisation positions are exclusively high ranking and mezzanine tranches. As of 31 December 2024, 80.8% of these positions are high ranking positions. 

In the banking book senior thanches are more than 97% of securitisation exposures retained or purchased as of 31 December 2024.

Whenever traditional or synthetic securitisations, for which sponsorship, origination, structuring or management of Societe Generale is involved, achieve a substantial and documented risk transfer compliant with the regulatory framework, the underlying assets are excluded from the bank’s calculation of risk-weighted exposures for traditional credit risk.

For the securitisation positions that Societe Generale decides to hold either on- or off-balance sheet, capital requirements are determined based on the bank’s exposure, irrespective of its underlying strategy or role.

Institutions use one of the methods described in the hierarchy below to calculate the weighted exposure amounts:

• ●SEC-IRBA (approach based on internal ratings), when certain conditions are met;
• ●when the SEC-IRBA cannot be used, the institution uses the SEC-SA (standardised approach);
• ●when the SEC-SA cannot be used, the institution uses the SEC-ERBA (approach based on external ratings) for positions with an external credit rating or those for which it is possible to infer such a note.

The unrated liquidity lines granted to ABCP programmes can be determined using the Internal Assessment Approach (IAA). Regarding the liquidity lines that the bank grants to the securitisation conduits it sponsors, Societe Generale obtained approval in 2009 to use the internal assessment approach. As such, Societe Generale has developed a rating model (IAA approach), which estimates the expected loss (Expected Loss - EL) for each Group’s exposure to securitization conduits, which automatically leads to a capital weighting by application of a correspondence table defined by the regulations. The IAA model mainly applies to underlying assets such as trade receivables, auto loans and auto lease. An annual review of the model makes it possible to verify that the performance and conservatism of the model. Also, in-depth analyses are carried out on inputs (transaction details such as default, dilution, or reserve rates), model parameters (transition matrices, PD, LGD) and an EL backtest. The backtest of the outputs themselves being not feasible due to the limited number of transactions, the backtest of the IAA model consists in the backtest of the inputs (including for example default rate and default rate standard deviation) and the parameters as well as a model behaviour analysis. Methodological benchmarks are also regularly carried out in order to validate our internal approach in comparison with the best practices of the market. The relevance of the IAA approach is regularly monitored and reviewed by the Risk Department responsible for Model Risk Management at Group level, as second line of defense. The independent review process ends with (i) review and approval Committees and (ii) an independent review report detailing the scope of the review, the tests performed and their outcomes, the recommendations, and the conclusion of the review.

In the other cases, the securitisation positions receive a risk weight of 1,250%.

List of SSPEs which acquire exposures originated by institutions(1):

List of SSPEs sponsored by the institutions:

List of SSPEs and other legal entities for which institutions provide securitisation-related services, such as advisory, asset servicing or management services:

Regarding SGSS, other asset managers provide different categories of funds other than securitisation.

List of legal entities affiliated with institutions and that invest in securitisations originated by institutions or in securitisation positions issued by SSPEs sponsored by institutions:

List of SPPEs with the scope of regulatory consolidation

Audited I While the primary responsibility for risk management lies with those responsible for the activities of the trading rooms (front office), the supervisory system is based on an independent department within the Risk Department.

In this context, the main missions of this department are:

• ●the definition and proposal of the Group's market risk appetite;
• ●the proposal to the Group Risk Committee (CORISQ) of market limits for each of the Group's activities;
• ●the assessment of all the requests for limits made by the various activities, within the framework of the global authorisations granted by the Board of Directors and the General Management and their level of use;
• ●the permanent verification of the existence of an effective market risk monitoring framework for the activity by appropriate limits;
• ●the coordination of the review by the Risk department of the strategic initiatives of the Market Risk department;
• ●the definition of the indicators used to monitor market risk;
• ●the daily calculation and certification of risk indicators and the P&L resulting from the Group's market activities, based on formal and secure procedures, as well as the reporting and analysis of these indicators;
• ●the daily monitoring of compliance with the limits notified to each activity;
• ●the risks assessment of new products or new market activities.

In order to carry out these various missions, the Risk department in charge of monitoring market operations defines the architecture principles and functionalities of the information system for the production of risk indicators and P&L on market operations and ensures that these principles and functionalities are properly adapted to business needs. ▲

This department contributes to the detection of possible rogue trading operations through a monitoring mechanism based on alert levels (on gross nominal value of positions for example) applied to all instruments and desks.

Audited I The internal VaR model was introduced at the end of 1996 and has been approved by the supervisor within the scope of the regulatory capital requirements. This approval was renewed in 2020 at the Target Review of Internal Models (TRIM).

The Value at Risk (VaR) assesses the potential losses on positions over a defined time horizon and for a given confidence interval (99% for Societe Generale). The method used is the “historical simulation” method, which implicitly takes into account the correlation between the various markets, as well as general and specific risk. It is based on the following principles:

• ●storage in a database of the risk factors that are representative of Société Générale’s positions (i.e. interest rates, share prices, exchange rates, commodity prices, volatility, credit spreads, etc.). Controls are regularly performed in order to check that all major risk factors for the trading portfolio of the Group are taken into account by the internal VaR model;
• ●definition of 260 scenarios corresponding to one-day variations in these market parameters over a rolling one-year period; these scenarios are updated daily with the inclusion of a new scenario and the removal of the oldest scenario. There are three coexisting methods for modelling scenarios (relative shocks, absolute shocks and hybrid shocks), the choice between these methods for a given risk factor is determined by its nature and its historical trend;
• ●the application of these 260 scenarios to the market parameters of the day;
• ●revaluation of daily positions, on the basis of the 260 sets of adjusted market parameters: in most cases, this calculation involves a full re-pricing. Nonetheless, for certain risk factors, a sensitivity- based approach may be used.

Within the framework described above, the one-day 99% VaR, calculated according to the 260 scenarios, corresponds to the weighted average(4) of the second and third largest losses computed, without applying any weighting to the other scenarios.

The day-to-day follow-up of market risk is performed via the one-day VaR, which is calculated on a daily basis at various granularity levels. Regulatory capital requirements, however, oblige us to take into account a ten-day horizon, thus we also calculate a ten-day VaR, which is obtained by multiplying the one-day VaR aggregated at Group level by the square root of 10. This methodology complies with regulatory requirements and has been reviewed and validated by the supervisor.

The VaR assessment is based on a model and a certain number of conventional assumptions, the main limits of which are as follows:

• ●by definition, the use of a 99% confidence interval does not take into account losses arising beyond this point; VaR is therefore an indicator of the risk of loss under normal market conditions and does not take into account exceptionally significant fluctuations;
• ●VaR is computed using closing prices, meaning that intra-day fluctuations are not taken into account;
• ●the use of a historical model is based on the assumption that past events are representative of future events and may not capture all potential events.

The Market Risk Department monitors the limitations of the VaR model by measuring the impacts of integrating a risk factor absent from the model (RNIME (5)process). Depending on the materiality of these missing factors, they may be capitalised. Other complementary measures also allow to control the limitations of the model.

The same model is used for the VaR computation for almost all of Global Banking and Investor Solution’s activities (including those related to the most complex products) and the main market activities of Retail Banking and Private Banking.

The few activities not covered by the VaR method, either for technical reasons or because the stakes are too low, are monitored using stress tests, and capital charges are calculated using the standard method or through alternative in-house methods. For example, the currency risk of positions in the banking book is not calculated with an internal model because this risk is not subject to a daily revaluation and therefore cannot be taken into account in a VaR calculation.

The relevance of the model is checked through continuous backtesting in order to verify whether the number of days for which the negative result exceeds the VaR complies with the 99% confidence interval. The results of the backtesting are audited by the Risk Department in charge of the validation of internal models, which, as a second line of defence, also assesses the theoretical robustness (from a design and development standpoint), the correctness of the implementation and the adequacy of the model use. The independent review process ends with: (i) review and approval committees and (ii) an audit report detailing the scope of the review, the tests performed and their outcomes, the recommendations and the conclusion of the review. The model control mechanism gives rise to reporting to the appropriate authorities.

In compliance with regulations, the backtesting compares the VaR to the (i) actual and (ii) hypothetical change in the portfolio’s value:

• ●in the first case (backtesting against “actual P&L”), the daily P&L(6) includes the change in book value, the impact of new transactions and of transactions modified during the day (including their sales margins) as well as provisions and values adjustments made for market risk;
• ●in the second case (backtesting against “hypothetical P&L”), the daily P&L(7) includes only the change in book value related to changes in market parameters and excludes all other factors. ▲

In 2024, we observed three backtesting breaches against hypothetical P&L, one occurred in Q1 and the other two in Q4.

Audited I The VaR was less risky in 2024 (EUR 19 million versus EUR 23 million in 2023 on average), mainly due to to the exclusion from market scenarios related to the banking crisis in March 2023. The risk reduction is notably observed in rate and credit activities. ▲

Audited I The Internal Stressed VaR model (SVaR) was introduced at the end of 2011 and has been approved by the Regulator within the scope of the regulatory capital requirements on the same scope as the VaR. As with the VaR model, this approval was renewed in 2020 at the Target Review of Internal Models (TRIM).

The calculation method used for the 99% one-day SVaR is the same as the one for the VaR. It consists in carrying out an historical simulation with one-day shocks and a 99% confidence interval. Contrary to VaR, which uses 260 scenarios for one-day fluctuations over a rolling one-year period, SVaR uses a fixed one-year historical window corresponding to a period of significant financial tension.

Following a validation of the ECB obtained at the end of 2021, a new method for determining the fixed historical stress window is used. It consists in calculating an approximate SVaR for various risk factors selected as representative of the Societe Generale portfolio (related to equity, fixed income, foreign exchange, credit and commodity risks): these historical shocks are weighted according to the portfolio’s sensitivity to each of these risk factors and aggregated to determine the period of highest stress for the entire portfolio(11). The historical window used is reviewed annually. In 2024 this window was “September 2008-September 2009”.

The ten-day SVaR used for the computation of the regulatory capital is obtained, as for VaR, by multiplying the one-day SVaR by the square root of ten.

As for the VaR, the Market Risk Department controls the limitations of the SVaR model by measuring the impact of integrating a risk factor absent from the model (RNIME process). Depending on the materiality of these missing factors, they may be capitalised. Other complementary measures also control the limitations of the model.The continuous backtesting performed on VaR model cannot be replicated to the SVaR model as, by definition, it is not sensitive to the current market conditions. However, as the VaR and the SVaR models rely on the same approach, they have the same advantages and limits.

The relevance of the SVaR is regularly monitored and reviewed by the Model Risk Department that is second line of defence regarding the validation of internal models. The independent review process ends with (i) an Audit Report detailing the scope of the review, the tests performed and their outcomes, the recommendations and the conclusion of the review and (ii) review and approval Committees. The model control mechanism gives rise to recurrent reporting to the appropriate authorities.

SVaR increased on average in 2024 (EUR 41 million versus EUR 36 million in 2023). Slightly up over the year the SVaR has evolved with a variability comparable to that of 2023. The level and the variability of the SVaR are mainly explained by the indexing action and financing activities, as well as by the Interest Rate perimeters . ▲

At end-2011, Societe Generale received approval from the Regulator to expand its internal market risk modelling system by including IRC (Incremental Risk Charge) and CRM (Comprehensive Risk Measure), for the same scope as for VaR. As with the VaR model, the approval of the IRC(12) model was renewed in 2020 at the Target Review of Internal Models (TRIM).

They estimate the capital charge on debt instruments that is related to rating migration and issuer default risks. These capital charges are incremental, meaning they are added to the charges calculated based on VaR and SVaR.

In terms of scope, in compliance with regulatory requirements:

• ●IRC is applied to debt instruments, other than securitisations and the credit correlation portfolio. In particular, this includes bonds, CDS and related derivatives;
• ●CRM exclusively covers the correlation portfolio, i.e. CDO tranches and First-to-Default products (FtD), as well as their hedging using CDS and indices.

Societe Generale estimates these capital charges using internal models(13). These models determine the loss that would be incurred following especially adverse scenarios in terms of rating changes or issuer defaults for the year that follows the calculation date, without ageing the positions. IRC and CRM are calculated with a confidence interval of 99.9%: they represent the highest risk of loss obtained after eliminating 0.1% of the most unfavourable scenarios simulated.

The internal IRC model simulates rating transitions (including default) for each issuer in the portfolio, over a one-year horizon(14). Issuers are classified into five categories: US-based companies, European companies, companies from other regions, financial institutions and sovereigns. The behaviours of the issuers in each category are correlated with one other through a systemic factor specific to each category. In addition, a correlation between these five systemic factors is integrated to the model. These correlations, along with the rating transition probabilities, are calibrated from historical data observed over the course of a full economic cycle. In case of change in an issuer’s rating, the decline or improvement in its financial health is modelled by a shock in its credit spread: negative if the rating improves and positive in the opposite case. The price variation associated with each IRC scenario is determined after revaluation of positions via a sensitivity approach, using the delta, the gamma as well as the level of loss in the event of default (Jump to Default), calculated with the market recovery rate for each position.

The CRM model simulates issuer’s rating transitions in the same way as the internal IRC model. In addition, the dissemination of the following risk factors is taken into account by the model:

• ●credit spreads;
• ●basis correlations;
• ●recovery rate excluding default (uncertainty about the value of this rate if the issuer has not defaulted);
• ●recovery rate in the event of default (uncertainty about the value of this rate in case of issuer default);
• ●First-to-Default valuation correlation (correlation of the times of default used for the valuation of the First-to-Default basket).

These dissemination models are calibrated from historical data, over a maximum period of ten years. The price variation associated with each CRM scenario is determined thanks to a full repricing of the positions. In addition, the capital charge computed with the CRM model cannot be less than a minimum of 8% of the capital charge determined with the standard method for securitisation positions.

The internal IRC and CRM models are subject to similar governance to that of other internal models meeting the Pillar 1 regulatory requirements. More specifically, an ongoing monitoring allows to follow the adequacy of IRC and CRM models and of their calibration. This monitoring is based on the review of the modelling hypotheses at least once a year. This review includes:

• ●a check of the adequacy of the structure of the rating transition matrices used for IRC and CRM models;
• ●a backtesting of the probabilities of default used for these two models;
• ●a specific backtesting of the amount of IRC in relation to any losses incurred as a result of the defaults or rating migrations noted;
• ●a check of the adequacy of the models for the dissemination of recovery rates, spread dissemination and dissemination of basic correlations used in the CRM calculation.

Regarding the checks on the accuracy of these metrics:

• ●the IRC calculation being based on the sensitivities of each instrument – delta, gamma – as well as on the level of loss in the event of default (Jump to Default) calculated with the market recovery rate, the accuracy of this approach is checked against a full repricing every six months;
• ●such a check on CRM is not necessary as its computation is performed following a full repricing;
• ●these metrics are compared to normative stress tests defined by the regulator. In particular, the EBA stress test and the risk appetite exercise are performed regularly on the IRC metric. These stress tests consist of applying unfavourable rating migrations to issuers, shocking credit spreads and shocking rating transition matrices. Other stress tests are also carried out on an ad hoc basis to justify the correlation hypotheses between issuers and those made on the rating transition matrix;
• ●a weekly analysis of these metrics is carried out by the production and certification team for market risk metrics;
• ●the methodology and its implementation have been initially validated by the French Prudential and Resolution Supervisory Authority (Autorité de Contrôle Prudentiel et de Résolution – ACPR). Thereafter, a review of the IRC and the CRM is regularly carried out by the Risk Department in charge of the approval of internal models as second line of defence. This independent review process ends with (i) review and approval Committees and (ii) an Audit Report detailing the scope of the review, the tests performed and their outcomes, the recommendations and the conclusion of the review. The model control mechanism gives rise to recurrent reporting to the appropriate authorities.

Moreover, regular operational checks are performed on the completeness of the scope’s coverage as well as the quality of the data describing the positions.

The on- and off-balance sheet items must be allocated to one of the two portfolios defined by prudential regulations: the banking book or the trading book.

The banking book is defined by elimination: all on- and off-balance sheet items not included in the trading book are included by default in the banking book.

The trading book consists of all positions in financial instruments and commodities held by an institution either for trading purposes or in order to hedge other positions in the trading book. The trading interest is documented as part of the traders’ mandates.

The prudential classification of instruments and positions is governed as follows:

• ●the Finance Department’s prudential regulation experts are responsible for translating the regulations into procedures, together with the Risk Department for procedures related to holding period and liquidity. They also analyse specific cases and exceptions. They share these procedures to the business lines;
• ●the business lines comply with these procedures as 1st line of defence (LOD1). In particular, they document the trading interest of the positions taken by traders;
• ●the Risk Department is the 2nd line of defense (LOD2).

The following controls are implemented in order to ensure that activities are managed in accordance with their prudential classification:

• ●new product process: any new product or activity is subject to an approval process that covers its prudential classification and regulatory capital treatment for transactions subject to approval;
• ●holding period: the Market Risk Department has designed a control framework for the holding period of certain instruments;
• ●liquidity: on a case-by-case basis or on demand, the Market Risk Department performs liquidity controls based on certain criteria (negotiability/transferability, bid/ask size, market volumes, etc.);
• ●strict process for any change in prudential classification, involving the business line and the Finance and Risk Divisions;
• ●internal audit: through its various periodic assignments, Internal Audit verifies or questions the consistency of the prudential classification with policies/procedures as well as the suitability of the prudential treatment in light of existing regulations.

Management risk related to the valuation of financial products relies jointly on the Markets Department and the team of valuation experts (Valuation Group) within the Finance Department that both embody the first line of defence and by the team of independent review of valuation methodologies within the Market Risk Department.

Governance on valuation topics is enforced through three valuation Committees, both attended by representatives of the Global Markets Division, the Market Risk Department and the Finance Division:

• ●the Valuation Risk Committee meets quarterly to monitor and approve changes in the valuation risk management framework; monitor indicators on this risk and propose or set a risk appetite; evaluate the control system and the progress of recommendations; and finally, prioritize the tasks. This Committee is chaired by the Risk Department and organised by its independent review team of valuation methodologies;
• ●the Valuation Methodology Committee gathers whenever necessary to approve financial products valuation methodologies. This Committee, chaired by the Risk Department and organised by its independent review team of valuation methodologies, has global accountability with respect to the approval of the valuation policies;
• ●the MARK P&L Explanation Committee monthly analyses the main sources of economic P&L as well as changes in reserves and other accounting valuation adjustments. The analytical review of adjustments is carried out by the Valuation Group, which also provides a quarterly analytical review of adjustments under regulatory requirements for prudent valuation.

Lastly, a corpus of documents describes the valuation governance and specify the breakdown of responsibilities between the stakeholders.

Controlling operational risks is a major challenge for the Group:

• ●regulatory issues: to comply with the requirements of regulators;
• ●reputation issues: to limit damage to the Group’s reputation;
• ●financial challenge: to contain operational losses and prudential capital requirements.

The Group specifies its zero or very low tolerance to operational risk for: internal fraud, cyber security, data leakage, business continuity, outsourced service delivery, physical security, execution errors.

Furthermore, the Group has no tolerance for incidents whose severity is likely to seriously harm its image, threaten its results or the confidence of its customers and employees, prevent business continuity on its critical activities or challenge its strategic orientations.

The management of operational risk is an integral part of the tasks of all employees. It is based on:

• ●the existence of secure processing processes;
• ●the risk culture of employees;
• ●specific preventive measures, including rules on sound project management;
• ●the internal control system.

The Group’s main frameworks for controlling operational risks are as follows:

• ●collection and analysis of internal operational losses and significant incidents that do not have a financial impact;
• ●risk and control self-assessment (RCSA);
• ●oversight of key risk indicators (KRI);
• ●development of scenario analyses;
• ●analysis of external losses;
• ●framework of new products and significant changes;
• ●management of outsourced services;
• ●crisis management and business continuity;
• ●management of risks related to information and communication technologies (ICT);
• ●the second line of defence on risk data aggregation and risk reporting.

Internal losses and significant incidents without any financial impact are compiled throughout the Group. The process:

• ●monitors the cost of operational risks as they have materialised in the Group and establishes a historical data base for modelling the calculation of capital to be allocated to operational risk;
• ●learns from past events to minimise future losses.

External losses are operational losses data shared within the banking sector. These external data include information on the amount of actual losses, the importance of the activity at the origin of these losses, the causes and circumstances and any additional information that could be used by other establishments to assess the relevance of the event as far as they are concerned and enrich the identification and assessment of the Group’s operational risk.

Under the Risk and Control Self-Assessment (RCSA), each manager assesses the exposure to operational risks of its activities within its scope of responsibility, in order to improve their management.

The method defined by the Group consists of taking a homogeneous approach to identifying and evaluating operational risks and frameworks to control these risks, in order to guarantee consistency of results at Group level. It is based notably on Group repositories of activities and risks in order to facilitate a comprehensive assessment.

The objectives are as follows:

• ●identifying and assessing the major operational risks (in average amount and frequency of potential loss) to which each activity is exposed (the intrinsic risks, i.e. those inherent in the nature of an activity, while disregarding prevention and control systems). Where necessary, risk mapping established by the functions (e.g. Compliance, Information Systems Security, etc.) contributes to this assessment of intrinsic risks;
• ●assessing the quality of major risk prevention and mitigation measures;
• ●assessing the risk exposure of each activity that remains once the risk prevention and mitigation measures are taken into account (the “residual risk”), while disregarding insurance coverage;
• ●remedying any shortcomings in the prevention and control systems, by implementing corrective action plans and defining key risk indicators; if necessary, in the absence of an action plan, risk acceptance will be formally validated by the appropriate hierarchical level;
• ●adapting the risk insurance strategy, if necessary.

The exercise includes, in particular, risks of non-compliance, tax risks, accounting risks, risks related to information systems and their security, as well as those related to human resources.

Key risk indicators (KRIs) supplement the overall operational risk management system by providing a dynamic view (warning system) of changes in business risk profiles.

Their follow-up provides managers of entities with a regular measure of improvements or deteriorations in the risk and the environment of prevention and control of activities within their scope of responsibility.

KRIs help BU/SU/Entities and the Senior Management proactively and prospectively manage their risks, taking into account their tolerance and risk appetite.

An analysis of Group-level KRIs and losses is presented to the Group’s Executive Committee on a quarterly basis in a specific dashboard.

The analyses of scenarios serve two purposes: informing the Group of potential significant areas of risk and contributing to the calculation of the capital required to cover operational risks.

These analyses make it possible to build an expert opinion on a distribution of losses for each operational risk category and thus to measure the exposure to potential losses in scenarios of very severe severity, which can be included in the calculation of the prudential capital requirements.

In practice, various scenarios are reviewed by experts who gauge the severity and frequency of the potential impacts for the Group by factoring in internal and external loss data as well as the internal framework (controls and prevention systems) and the external environment (regulatory, business, etc.). Analyses are performed either at Group level (cross-business scenarios) or at business level.

Governance is established in particular to:

• ●enable approval of the annual scenarios update program by Senior Management through the Group Risk Committee (CORISQ);
• ●enable approval of the scenarios by the businesses (for example during the Internal Control Coordination Committees of the BUs and SUs concerned or during ad hoc meetings) and a challenge of scenario analyses by LoD2;
• ●conduct an overall review of the Group’s risk hierarchy and of the suitability of the scenarios by CORISQ.

Each division submits its plans for a new product and services to the New Product Committee. The Committee, jointly coordinated by a representative of the Group Risk Division and a representative of the relevant businesses division, is a decision-making body which decides the production and marketing conditions of new products and services to clients.

The Committee aims to ensure that, before the launch of any product or service, or before any relevant changes to an existing product or service, all types of induced risks (among them, credit, market, liquidity and refinancing, country, operational, legal, accounting, tax, financial, information systems risks as well as the risks of non-compliance, reputation, protection of personal data, corporate social and environmental responsibility risks, etc.) have been identified, assessed and, if necessary, subjected to mitigation measures allowing the acceptance of residual risks.

Some banking services are outsourced outside the Group or within the Group (e.g. in our shared service centres). These two subcontracting channels are supervised in a manner adapted to the risks they induce.

The management framework for outsourced services ensures that the operational risk linked to outsourcing is controlled, and that the terms imposed by the Group under the sub-contracting agreement are respected.

The objectives are to:

• ●decide on outsourcing with knowledge of the risks taken; the entity remains fully responsible for the risks of the outsourced activity;
• ●monitor outsourced services until they are completed, ensuring that operational risks are controlled;
• ●map the Group’s outsourcing activities with an identification of the activities and BUs concerned in order to prevent excessive concentrations on certain service providers.

Crisis management and business continuity measures aim to minimise as much as possible the impact of potential disasters on clients, staff, activities or infrastructures, and thus to preserve the Group’s reputation and image as well as its financial strength.

Business continuity is managed by developing in each Societe Generale Group entity, organisations, procedures and resources that can deal with natural or accidental damage, or acts of deliberate harm, with a view to protect their personnel, assets and activities and to allow the provision of essential services to continue, if necessary, temporarily in reduced form, then restoring service to normal.

Since 2004, Societe Generale has used the Advanced Measurement Approach (AMA) allowed by the Capital Requirements Directive to measure operational risk. This approach, implemented across the main Group entities, notably makes it possible to:

• ●identify the businesses that have the greatest risk exposures;
• ●identify the types of risk that have the greatest impact on the Group’s risk profile and overall capital requirements;
• ●enhance the Group’s management of operational risks.

With specific regard to information and communication technology (ICT) risks, RISQ/NFR acts as a second line of defence and is responsible, in conjunction with GCOO/ISR and SEGL/DSG, for policies to manage these risks, while respecting the roles of SEGL/DSG and RISQ/NFR. As such, RISQ/NFR shall review, inter alia, the ICT risk management framework, at least annually and in the event of major ICT incidents, express instructions from supervisors or need revealed by digital operational resilience tests or audit results.

The second line of defence on risk data aggregation and risk reporting, in coordination with the GCOO/CDO 1LOD Transversal Expert function, ensures that data management policies, controls and monitoring of their deployment are ensured and validated; that data aggregation and risk reporting capabilities are regularly and independently assessed; that “fire drills” are conducted to assess ad hoc reporting capacity; that anomalies are monitored and closed and that management is regularly informed.

Société Générale’s capital requirements for operational risk are mainly calculated using the Advanced Measurement Approach (AMA) via its internal model (91% in 2024).

The total amount of RWA in 2024 is stable compared to 2023.

The following table breaks down the Group’s risk-weighted assets and the corresponding capital requirements at 31 December 2024.

Since 1993, Societe Generale has implemented a global policy of hedging Group operational risks through insurance.

This consists of searching the market for the most extensive cover available for the risks incurred and enabling all entities to benefit from such cover wherever possible. Policies are taken out with leading insurers. Where required by local legislation, local policies are taken out, which are then reinsured by insurers that are part of the global program.

In addition, special insurance policies may be taken out by entities that perform specific activities.

A Group internal reinsurance company intervenes in several policies in order to pool high-frequency, low-level risks between entities. This approach contributes to the improvement of the Group’s knowledge and management of its risks.

Audited I The principles and standards for managing these risks are defined at the Group level. The ALMT (Asset and Liability Management and Treasury) department within the Group’s Finance Division leads the control framework of the first line of defence while the Risk Department Management assumes the role of second line of defence  supervision.

The general principle for managing structural interest rate and exchange rate risks within consolidated entities is to ensure that movements in interest and foreign exchange rates do not significantly threaten the Group’s financial base or its future earnings in the framework of the Risk Appetite defined by the Group through its dedicated various rate and FX metrics.

Within the entities, commercial and corporate center operations booked in the banking book balance sheet must therefore be matched in terms of interest rates and exchange rates as much as possible to immunise the patrimonial value of the Bank to rate and exchange rate variations. In addition, hedges may be entered into to reduce the dependence of future interest margins to interest rate fluctuations. With regards to exchange rate risk, in accordance with the relevant regulatory provisions, a structural foreign exchange position is maintained at the financial center level, in order to minimise the variation of the Group's Common Equity Tier 1 (CET1) ratio to exchange rates fluctuations.

Audité I The Supervisory Outlier Test (SOT) regulatory metrics are calculated and monitored at Group level by applying the rate shocks as specified in EBA's RTS 2022/10 (including the post-shock rate floor). The Group's standards provide for the inclusion of commercial margins in the calculation of value metrics. For regulatory income metrics based on constant outstanding, outstandings migration assumptions are made, in particular between non-interest-bearing deposits and interest-bearing deposits.

Societe Generale uses several further indicators to measure the Group's overall interest rate risk. The most important indicators are:

• ●the sensitivity of the net present value (NPV) to the risk of interest rate mismatch. It is measured as the variation of the net present value of the static balance sheet to a change in interest rates. This measure is calculated for all currencies to which the Group is exposed;
• ●the sensitivity of the interest margin measured over two years to changes in interest rates in various interest rate scenarios. It takes into account the variation generated by future commercial production;
• ●the sensitivity of the market value (MVC: Market Value Change) of instruments recognised at fair value (mainly government bonds as well as derivatives not documented as hedging instruments from an accounting perspective) in various interest rate scenarios, is measured over two years;
• ●the sensitivity of NPV to basis risk (risk associated with decorrelation between different variable rate indices);
• ●the sensitivity of the NPV calculated for some balance sheet items (notably the banking book security portfolio) to a credit spread shock.

Limits on these indicators are applicable to the Group, the BUs/SUs and the various entities. All of these metrics are also calculated on a monthly basis for the significant perimeters, and the limit framework respect is checked at the same frequency at Group level.

Limits are set for shocks at ± 0.1% and for stressed shocks (± 1% for value variation and ± 2% for income variation) without floor application. The measurements are computed monthly (with the exception of the months of January and July for which no Group-level closing is achieved). For value metrics, some limits are set for measurements made by taking into account only negative variations. An additional synthetic measurement of value variation – considering all currencies – is framed for the Group. In addition, a stressed value metric (application of an upward or downward shock differentiated by currency) is defined at Group level.

To comply with these frameworks, the entities combine several possible approaches:

• ●orientation of the commercial policy in such a way as to offset interest rate positions taken in assets and liabilities side;
• ●implementation of a swap operation or – failing this in the absence of such a market – use of loans and borrowings transactions;
• ●purchase/sale of options on the market to cover optional positions taken towards our clients.

Assets and liabilities are analysed without a prior allocation of resources to uses. Maturities of outstanding amounts are determined by taking into account the contractual characteristics of the transactions, adjusted for the results of customer behaviour modelling (in particular for demand deposits, savings and early loan repayments), as well as a certain number of disposal agreements, in particular on affiliates securities and shareholders' equity items. The discount rate used for value steering metrics includes liquidity spreads for on-balance sheet products.

As at 31 December 2024, the main models applicable for the calculation of interest rate risk measurements are models – sometimes dependent rates notably for deposits – on part of the deposits without a maturity date leading to an average duration of less than 5 years– the schedule may in some cases to reach the maximum maturity of 20 years.

The automatic balance sheet options are taken into account:

• ●either via the Bachelier formula or possibly from Monte-Carlo type calculations for value variation calculations;
• ●or by taking into account the pay-offs depending on the scenario considered in the income variation calculations.

Hedging transactions are mainly documented in the chart of accounts, this can be carried out either: 

• ●as micro-hedging (individual hedging of commercial transactions);
• ●as macro-hedging under the IAS 39 “carve-out” arrangement (global backing of portfolios of similar commercial transactions within a Treasury Department; macro-hedging concerns essentially French retail network entities).

Macro-hedging derivatives are mainly interest rate swaps in order to maintain networks’ net asset value and result variation within limit frameworks, considering hypotheses applied. For macro-hedging documentation, the hedged item is an identified portion of a portfolio of commercial client or interbank transactions. Conditions to respect in order to document hedging relationships are reminded in Note 3.2 to the consolidated financial statements.

The Group also measures and controls its change in value due to the Credit Spread in the Banking Book for a shock of +0.1% applied to items measured at fair value and to all bond portfolios within the scope of consolidation. A shock differentiated according to the quality of the counterparty is under consideration as well as a review of the scope.

Finally, the Group measures and monitors the difference between the fair value and amortised cost of fixed-income securities of the banking book. ▲

Audited I The liquidity and funding management set up at Societe Generale aims at ensuring that the Group can (i) fulfil its payment obligations at any moment in time, during normal course of business or under lasting financial stress conditions (management of liquidity risks); (ii) sustainably finance the development of its activities at a reasonable cost (management of funding risks). Doing so, the liquidity and funding management ensures compliance with risk appetite and regulatory requirements.

To achieve these objectives, Societe Generale has adopted the following guiding principles:

• ●liquidity risk management is centralised at Group level, ensuring pooling of resources, optimisation of costs and consistent risk management. Businesses must comply with static liquidity deadlocks in normal situations, within the limits of their supervision and the operation of their activities, by carrying out operations with Corporate Centre, where appropriate, according to an internal refinancing schedule. Assets and liabilities with no contractual maturity are assigned maturities according to agreements or quantitative models proposed by the Finance Department and by the business lines and validated by the Risk Division;
• ●funding resources are based on business development needs and the risk appetite defined by the Board of Directors (see section 2);
• ●financing resources are diversified by currencies, investor pools, maturities and formats (vanilla issues, structured or secured notes, etc.). Most of the debt is issued by the parent company. However, Societe Generale also relies on certain subsidiaries to raise resources in foreign currencies and from pools of investors complementary to those of the parent company;
• ●liquid reserves are built up and maintained in such a way as to respect the stress survival horizon defined by the Board of Directors. Liquid reserves are available in the form of cash held in central banks and securities that can be liquidated quickly and housed either in the banking book, under direct or indirect management of the Group Treasury. in the trading book within the market activities under the supervision of the Group Treasury;
• ●the Group has options that can be activated at any time in a stressful situation, through an Emergency Financing Plan (EFP) at Group level (except for insurance activities, which have a separate contingency plan), defining leading indicators for monitoring the evolution of the liquidity situation, operating procedures and remedial actions that can be activated in a crisis situation.

Audité I The key operational steps of liquidity and funding management are as follows:

• ●risk identification is a process which is set out and documented by the Risk Division, in charge of establishing a mapping of liquidity risks. This process is conducted yearly with each Business Unit and within the Group Treasury Department, aimed at screening all material risks and checking their proper measurement and capturing the control framework. In addition, a Reverse Stress Testing process exists, which aims at identifying and quantifying the risk drivers which may weigh most on the liquidity profile under assumptions even more severe than used in the regular stress test metrics;
• ●definition, implementation and periodic review of liquidity models and conventions used to assess the duration of assets and liabilities and to assess the liquidity profile under stress. Liquidity models are managed along the overall Model Risk Management governance, also applicable to other risk factors (market, credit, operational), controlled by the Group Risk division;
• ●yearly definition of the definition of Risk Appetite. The Board of Directors approves the elements proposed by the General Management, in this case the framework for financial indicators. Liquidity Risk Appetite covers the following metrics:
  • -key regulatory indicators (LCR, Adjusted LCR excess in USD, and NSFR),
  • -the footprint of the Group in Short-Term Wholesale funding markets,
  • -the net liquidity position under several stress scenarios (systemic, idiosyncratic, combined), at a given survival horizon that vary with the scenario (from 3 months to one year). With the scenarios, the idiosyncratic shock is characterised by one of its main consequences, which would be an immediate 2 to 3-notch downgrade of Societe Generale’s long-term rating. In such adverse or extreme scenarios, the liquidity position of the Group is assessed over time, taking into account the negative impacts of the scenarios, such as deposit outflows, drawing by clients of the committed facilities provided by Societe Generale, increase in margin calls related to derivatives portfolios, etc. The survival horizon is the moment in time when the net liquidity position under such assumptions becomes negative,
  • -the overall transformation position of the Group (static liquidity deadlock in normal situation matured up to a maturity of 10 years),
  • -the amount of free collaterals providing an immediate access to central bank funding, in case of an emergency (only collaterals which do not contribute to the numerator of the LCR are considered, i.e. non-HQLA collaterals);
• ●the financial trajectories under baseline and stressed scenarios are determined within the framework of the funding plan to respect the risk appetite. The budget’s baseline scenario reflects the central assumptions for the macro-economic environment and the business strategy of the Group, while the stressed scenario is factoring both an adverse macro-economic environment and idiosyncratic issues;
• ●the funding plan comprises both the long-term funding program, which frames the issuance of plain vanilla bonds and structured notes, and the plan to raise short-term funding resources in money markets;
• ●the Funds Transfer Pricing (FTP) mechanism, drawn up and maintained within the Group Treasury, provides internal refinancing schedules that enable businesses to recover their excess liquidity and finance their needs through transactions carried out with its own management;
• ●production and broadcasting of periodic liquidity reports, at various frequencies (daily indicators, weekly indicators, monthly indicators), leveraging in most part on the central data repository, operated by a dedicated central production team. The net liquidity position under the combined (idiosyncratic and market/systemic) stress scenario is reassessed on a monthly basis and can be analysed along multiple axes (per product, Business Unit, currency, legal entity). Each key metric (LCR, NSFR, transformation positions, net liquidity position under stress) is reviewed formally on a monthly basis by the Group Finance and Risk divisions. Forecasts are made and revised weekly by the Strategic and Financial Steering Department and reviewed during a Weekly Liquidity Committee chaired by the Head of Group Treasury. This Weekly Liquidity Committee gives tactical instructions to Business Units, with the objective to adjust in permanence the liquidity and funding risk profile, within the limits and taking into account business requirements and market conditions;
• ●preparation of a Contingency Funding Plan, which is applicable Group-wide, and provides for: (i) a set of early warning indicators (e.g. market parameters or internal indicators); (ii) the operating model and governance to be adopted in case of an activation of a crisis management mode (and the interplay with other regimes, in particular Recovery management); (iii) the main remediation actions to be considered as part of the crisis management. 

These various operational steps are part of the ILAAP (Internal Liquidity Adequacy Assessment Process) framework of Societe Generale. 

Every year, Societe Generale produces for its supervisor, the ECB, a self-assessment of the liquidity risk framework in which key liquidity and funding risks are identified, quantified and analysed with both a backward and a multi-year forward-looking perspective. The adequacy self-assessment also describes qualitatively the risk management set up (methods, processes, resources…), supplemented by an assessment of the adequacy of the Group’s liquidity.

Regulatory requirements for liquidity risk are managed through two ratios:

• ●the Liquidity Coverage Ratio (LCR), which aims to ensure that banks hold sufficient liquid assets or cash to survive to a significant stress scenario combining a market crisis and a specific crisis and lasting for one month The minimum regulatory requirement is 100% at any time;
• ●the Net Stable Funding Ratio (NSFR), a long-term ratio of the balance sheet transformation, which compares the financing needs generated by the activities of institutions with their stable resources; The minimum level required is 100%.

An asset shall be treated as encumbered if it has been pledged or if it is subject to any form of arrangement to secure, collateralise or credit enhance any transaction from which it cannot be freely withdrawn.

Total Group encumbrance amounts to 33.2% over 2024, measured according to the EBA(1) definition Securities encumbrance is 72.9%, while loan encumbrance is 11.3%.

The majority of the Group's encumbered assets (83.4%) is in the form of securities as a result of the relative size of capital market activities, mainly through repos, reverse repos and collateral swaps.

Securities encumbrance is concentrated in Societe Generale parent entity and its branches, where Group market activities are located.

The main sources of encumbrance are repo-like operations and debt securities issued. Encumbrance of assets in US dollars stems mainly from debt securities.

The level of encumbered loans varies among Group entities mainly due to their respective business models, funding strategies and the type of underlying loans, as well as to the law governing them. The main sources of loans encumbrance are in EUR and to a lesser extent in USD. The following key points are to be noted:

• ●within Société Générale's parent entity, the loan encumbrance rate amounts to 20%(2) at 2024 year-end, stemming mainly from housing rea estate. Encumbered loans are affected as collateral for the ECB’s TLTRO operations as well as long-term refinancing mechanisms which are broadly used by banks for covered bonds (SG Société de Financement de l’Habitat, SG Société de Crédit Foncier and Caisse de Refinancement de l’Habitat), securitisations or specific mechanisms;
• ●within the subsidiaries, the loan encumbrance rate stands at 16%(2) overall, with variance between entities due to different funding strategies. The highest levels of secured funding relate to entities which contribute to the pooling scheme (see below) or have implemented external funding programmes through securitisations such as BDK (Bank Deutsches Kraftfahrzeuggewerbe) and Ayvens, or other forms of secured funding.

As far as loan encumbrance is concerned, there is a pooling scheme in which subsidiaries (Boursorama, Sogefinancement, and to a lesser extent BFCOI, Genefim, and Sogefimur) bring a share of their loan portfolio to the Group in order to supply refinancing schemes (such as the SG Société de Financement de l’Habitat Covered Bond vehicle). Not all the assets brought to Covered Bond vehicles are effectively encumbered from a Group-consolidated perspective, because Covered Bonds issued are in part self-retained by Societe Generale as opposed to being distributed to investors. The portion of the subsidiary loan portfolio encumbered at subsidiary level but not encumbered from a Group-consolidated perspective amounts to EUR 7.5 billion.

In 2024 (median level over the year), Societe Generale held EUR 32.5 billion of self-issued Covered Bonds and EUR 16.3 billion of self-issued Asset Back Securities, with underlying collateral portfolios of respectively EUR 41 and 17.8 billion. These underlying collateral portfolios were indirectly encumbered in proportions of respectively 37.9% for Covered Bond assets and 44.5% for Asset Back Securities assets, through TLTRO drawings whose last redemption took place in September 2024 or market repurchase transactions.

With respect to the two main Covered Bond vehicles of the Societe Generale Group, namely SG Société de Crédit Foncier et and SG Société de Financement de l’Habitat, their level of over-collateralisation was respectively at 146% and 120% at the end of 2024.

Regarding SG Société de Financement de l’Habitat, collaterals are made of mortgage loans guaranteed by Crédit Logement. 

Regarding SG Société de Crédit Foncier, collaterals related to counterparty exposures in the public sector.

The unencumbered “Other Assets” (excluding loans), in the EBA template, include derivatives and options positions (interest rate swaps, cross currency swaps, currency options, warrants, futures, forward contracts…) in an amount of EUR 105 billion as of the end of 2024, as well as some other assets that cannot be encumbered in the normal course of business, including goodwill, fixed assets, deferred tax, adjustment accounts, sundry debtors and other assets. Overall, assets that cannot be encumbered (derivatives products and other assets listed above) represent 20% of the total balance sheet as of end 2024.