FOUNDATIONS OF INTERNAL CONTROL

Société Générale implements the recommendations given in the AFEP-MEDEF report of September 2002 on the corporate governance of listed companies.

Foundations of internal control

The core principles of Société Générale's internal control is presented below. The Group's policy is set out in full in the bank's 2009 registration document , which is available on the Group's website: www.socgen.com

Strict regulatory framework
Internal controls in French banking establishments are governed by amended regulation No. 97-02 of the French Banking and Financial Regulation Committee.
In June 2004, the Basel Committee defined the four principles – independence, universality, impartiality and sufficient resources – to be applied in the internal audits carried out by credit institutions.
At Société Générale, these principles are applied through various directives governing the management of credit risks, market risks, operating risks, structural risks (interest-rate, exchange rate, liquidity) and compliance risks.
Internal control is defined as all processes and resources that enable the Group’s General Management to ascertain whether transactions carried out and the organization and procedures in place within the company are compliant with the legal and regulatory provisions in force, professional and ethical practices, internal regulations and the policies defined by the company’s executive bodies.
Internal control is designed to:
  • detect and measure the risks borne by the company, and ensure they are adequately controlled,
  • guarantee the reliability, integrity and availability of financial and management data;
  • verify the quality of information and communication systems.
Permanent control
The permanent supervision of their activities by operational staff themselves forms the cornerstone of the permanent control process. The process comprises two elements:
  • day-to-day security: all operational staff are required to permanently comply with the applicable rules and procedures governing transactions,
  • formal supervision: management is required to make regular checks using written procedures to verify that staff comply with the rules and procedures for processing transactions and to ensure day-to-day security is effective.
For the Group's permanent control to function correctly, operating methods need to be formally defined and communicated to all Group staff. Permanent control procedures are also adapted for each Group entity according to an analysis of their individual activities.
In order to reinforce the consistency of this system at a Group level, the Operating Risk Department of the Risk Division has been responsible for coordinating permanent control procedures and consolidating the summary reports drafted by the different Group entities since October 2006.
The functional divisions also contribute to the permanent control of the Group’s operations.
With relays in the Group’s business lines and subsidiaries, the Risk Division is responsible for implementing credit, market and operating risk management Group-wide and for ensuring risks are monitored in a coherent fashion.
The Group decided to restructure its Risk Division in 2008, drawing upon the conclusions from the recent events that affected Société Générale and its environment (financial crisis, fraudulent transactions on market activities) to adjust risk management to the Group’s development.