The compliance framework (organisation, procedures, training programmes) creates an environment favourable to the enhancement of ex ante controls within the Group. Nonetheless, when preventive measures do not play their expected role and a dysfunction occurs, it is important that it is:
The centralisation of reported dysfunction events allows an assessment of non-compliance risk to be carried out at the highest level of Crédit Agricole S.A..
The Compliance Officers of each entity report the state of observed dysfunctions to the Compliance department, which is responsible for informing the Compliance Management Committee. This Committee takes note of the situation and approves proposals aimed at remedying the dysfunction.
Crédit Agricole S.A. develops the compliance framework for all its subsidiaries in France, in accordance with the rules of the Commission nationale de l’informatique et des libertés (CNIL), the national data protection authority; these rules relate to the protection of personal data, be it of employees, customers or third parties in relationships with Group entities. For the purpose of harmonising mandatory reports made to the CNIL, Crédit Agricole S.A. has implemented a pooling and exchange process with Group entities, under which they can be included in the consolidated reporting and covered by the authorisations requested from the CNIL. A shared approach with the Regional Banks is also in progress. As a general rule, every new information system or application must be designed from the outset to meet the data protection rules for personal information and bank secrecy regarding customers and third parties generally.
A new training program is available and adapted for each of the Group’s business lines (Retail banking, Corporate banking, Asset management, Insurance, etc.). A handbook entitled “The Keys to Fides” dealing with major compliance issues is also available in three languages (French, English, Italian).