Managing legal, regulatory or ethical risks

Complying with all the regulations, protecting ourselves against fraud, combatting money laundering or the financing of terrorism, offering our customers high-quality service over the long term, guaranteeing the continuity of essential services, etc… all these actions go well beyond the simple question of “reputational risk”.

The functions managed by BPCE

BPCE is the central institution of the cooperative banking group comprised of the Banque Populaire and Caisses d’Epargne retail banking networks in addition to other affiliated credit institutions. It serves the development of the Group and its businesses, and is responsible to the regulator for Groupe BPCE’s capital adequacy, liquidity, and risk management. 
Within this framework, BPCE ensures that the Group’s different entities remain in strict compliance with all relevant laws, regulations, and good business practices. The Compliance function ensures the effective implementation of all these rules, thereby helping to earn the trust of all stakeholders.

Professional ethics

Professional ethics form an integral part of our compliance system, the main principles of which are laid down by BPCE and subsequently implemented by each Group entity according to the specific nature of its activities. Compliance with the rules of good conduct by employees enables each entity to pursue its activities in an honest, fair and professional manner, and to serve its customers’ best interests.

Our Group has drawn up a Code of Conduct and Ethical Standards to ensure that we act in the best interests of our customers, employees, and society as a whole.  

To download the Code of Conduct:

To download the Code of Conduct:

Code of Conduct and Ethical Standards


Download 709 Ko

We have set up a mechanism for monitoring and managing the disclosure of confidential and privileged information. Respect for bank secrecy or professional secrecy is a principle that brooks no exceptions. Confidential, i.e. non-public, information about a customer or company is subject to special monitoring. As the Group owns several listed subsidiaries, procedures for monitoring and controlling privileged information have been put in place. Special provisions have been made to cover securities transactions on the Group or non-Group listed companies carried out by employees enjoying access to privileged information on a permanent or occasional basis.

The continuous drive to train and sensitize our employees to the need to respect ethical rules in the exercise of their functions is of vital importance. The Group has been running a professional certification system for several years that enables it to verify that actions related to the presentation, recommendation, and sale of financial products and services to customers are carried out by staff possessing the appropriate professional qualifications.

Managing conflicts of interest

Groupe BPCE is committed to serving its customers’ interests and to acting in a totally open and transparent manner. A conflict of interests that is left unmanaged or badly managed could harm the Group’s public image and the personal interests of everyone concerned. Therefore, in application of MiFID regulations, Groupe BPCE has adopted a policy to prevent and manage conflicts of interest, a summary of which is available for download below.

To download:

To download:

Summary of BPCE's policy on management of conflicts of interest


Download 114 Ko

Whistleblower reporting process

We are determined to promote, in all circumstance, the respect of ethical standards in the decisions and behavior of employees, by setting benchmarks known to all. We must take the duties we owe to our customers and cooperative shareholders and apply them to ourselves and each other. Every employee embodies our company’s image and is duty bound to respect it. 

It is vital that we retain the trust of our customers, cooperative shareholders, partners, employees, and society at large. We are fully aware, however, that reprehensible acts may occur. Groupe BPCE employees have the opportunity to report any misconduct via the internal whistleblowing mechanism set up in each Group entity before this misconduct becomes a serious risk. The Group protects whistleblowers. Under no circumstances may they be subject to any disciplinary sanction or legal proceedings provided they act in good faith and in a disinterested manner.

A platform is provided so that everyone can report a serious breach to the code of conduct, to a law, to safety, in case of environmental impact, or any inappropriate behavior in the workplace : link to the whistleblower reporting hotline

To download:

To download:

Whistleblower Reporting System


Download 118 Ko

The fight against corruption and influence peddling

We are committed to fighting against all forms of corruption, including influence peddling and facilitating payments. This commitment finds concrete expression in our adoption of anti-corruption rules of conduct that comply with the requirements of the French law dated December 9, 2016 on transparency, the fight against corruption and the modernization of economic life (the so-called “Sapin 2” law). These rules concern all Group employees and require them to remain vigilant in situations involving risk. These risk situations have been identified in a mapping exercise. Failure to comply with these rules may lead to disciplinary action. The prevention of corruption is also encouraged by the compulsory completion of an e-learning course that includes practical case studies.

To download the anticorruption code of conduct:

To download the anticorruption code of conduct:

Anti-corruption code of conduct


Download 131 Ko

Protection of our customers

  • Control of commercial practices

Groupe BPCE places the protection of its customers at the heart of its business activities and, working through its Compliance department, has drawn up rules compliant with current regulations and any possible updates. These rules cover the validation of products sold, sales processes (irrespective of the sales channel used: direct sales, online sales, telephone sales, etc.) and advertising. 

Group employees are obliged to undergo training in view of their decisive role in customer protection. They are responsible for conveying offers in a transparent and proper manner within the framework of a trusting relationship with their customers. Customer protection must be effective at every stage in the relationship: when the initial pre-contractual information is given, when the employee offers the customer his or her advice and, lastly, during the life and final termination of the contract.
Groupe BPCE has issued recommendations to Group entities allowing each institution to define, according to its own specific characteristics, a clear and transparent procedure for handling customer complaints. A regular monitoring of complaints, analyzed per type of dysfunction by quality indicators (processing times, etc.) is carried out by the Quality and Compliance Departments of the entities in question as part of a continuous improvement process for the products and services provided.
In addition, each Groupe BPCE entity has an independent ombudsman, whose contact details are clearly indicated on the documents given to customers as well as on the website accessible to their clientele.

  • Protection of personal data

To better protect the personal data of individuals and grant them new rights concerning how their digital information is used is the goal pursued by the General Data Protection Regulation (GDPR). This new European regulation is based on the principles of transparency and the accountability of the various actors involved. Its application concerns all companies, wherever they are based, as long as they collect, process or host the personal data of individuals resident in the European Union.
Groupe BPCE undertakes to ensure that the personal data processing operations it carries out are fully compliant with the GDPR and the French Informatique et Libertés Data Protection Act. The Group pays particular attention to the responsible use of data and its employees are given training at regular intervals to heighten their awareness about GDPR compliance and the Privacy by Design approach.

The information leaflet has been drafted to provide our customers with detailed information on how BPCE, acting in its capacity as a data controller, protects their personal details when processing personal data relating to security, compliance, audit, marketing, communications, finance, and risk. 

In addition, all Groupe BPCE entities provide their customers and employees with an information leaflet on the protection of personal data.

Financial security

We are engaged in the prevention of financial crimes, which includes the fight against money laundering and the financing of terrorism, but also the respect of the sanctions against certain countries, persons or entities decided by France, the European Union, the United States or the UN, and any other applicable regulations given the geography of the Group’s business presence.

All of our companies ensure compliance with the principles and rules laid down in relevant legislation in accordance with the standards defined, in particular, by the FATF1, the United Nations or EU institutions2.

The principles and frameworks are defined by BPCE and are applied by all of its entities. The operational teams are regularly sensitized to issues related to financial security, whether new forms of financial crime or legislative and regulatory developments in this area; dedicated training materials are used by all Groupe BPCE employees.

The prevention of money laundering and the financing of terrorist activities is based on the principle of ‘Know Your Customer’ complemented by constant vigilance exercised with regard to financial activities, calling on the assistance of the retail banking networks as well as the Group employees directly assigned to the management of these issues.

1- FATF, or the Financial Action Task Force (FATF), leads the global effort to combat money laundering and the financing of terrorism and the proliferation of these activities.      2- Directives and regulations issued by the European Commission or the Council of the EU.

KYC/USA Patriot Act BPCE

The KYC 2020 BPCE-SA is also available on the SWIFT "BIC REGISTRY" platform.

The KYC 2020 BPCE-SA is also available on the SWIFT “BIC REGISTRY” platform.

Wolfsberg’s Correspondent Banking Due Diligence Questionnaire – BPCE SA


Download 1 Mo



Download 3 Mo



Download 394 Ko

Wolfsberg’s Correspondent Banking Due Diligence Questionnaire – BPCE International


Download 6 Mo

KYC 2023 BPCE International


Download 4 Mo

Business continuity

Like any business organization, Groupe BPCE companies may be affected by events or crises serious enough to affect the smooth running of their organization and, consequently, the quality of the services provided. In such circumstances, the teams in charge of business continuity identify and validate alternative solutions to be implemented with a view to:
•    Reducing exposure to certain events or disasters,
•    Managing crisis situations and limiting the impact of losses,
•    Ensuring that the essential activities of Groupe BPCE’s companies resume as quickly as possible,
•    Maintaining a minimum level of service by all available means,
•    Restoring a normal operating mode as soon as possible.

All financial institutions in the Group, and the structures contributing to the pursuit of financial activities, have developed a continuity mechanism that can be activated, notably in the event of a major disaster.
All our employees are involved to varying degrees and are liable to participate in the implementation of continuity solutions. These solutions are derived from previously identified loss scenarios and their validity is ensured by a recurrent test policy involving the active participation of the Group’s employees, by regular controls, and by a periodic review of continuity requirements, available resources, and related procedures.

Other regulations

Article L221-5 of the French Monetary and Financial Code requires that financial institutions distributing Livret A and Sustainable Development passbook savings accounts to publish an annual report specifying how the funds deposited on these two savings accounts (and not centralized at the Caisse des Dépôts) are used. This report, which may be downloaded below, demonstrates compliance by the financial institutions belonging to Groupe BPCE with the regulatory obligations for the re-use of decentralized funds deposited on the Livret A and Sustainable Development passbook savings accounts.

To download the Report pursuant to Article L221-5 of the French Monetary & Financial Code (in French only):

To download the Report pursuant to Article L221-5 of the French Monetary & Financial Code (in French only):

Rapport L221-5 CMF exercice 2023


Download 203 Ko