Skip links

What are you looking for?

Contact us
Exponens

Compliance & Internal Control:

Meeting your regulatory obligations

To provide you with support tailored to your industry, we offer you a comprehensive range of compliance and internal control services.

Whether you operate in the asset management (SGP, CGP, PSI, PSAN, Corporate Finance), insurance, banking or services/industry sectors, your organizations are faced with an increasingly technical and regulated environment. These regulatory requirements call for tailor-made support.

Contact us

Asset management

Who are you?

  • A portfolio management company (“PMC”)
  • An asset management consultant (“CGP”)
  • An investment services provider (“ISP”)
  • A digital asset service provider (“DASP”)
  • A non-regulated company (Corporate Finance)

Approvals and

support

Exponens is an independent firm specializing in compliance and internal control for the financial and asset management sectors.

Approval file (AMF/ACPR) / Approval extension (AMF/ACPR) / Approval exemption (ACPR)

We support you during the preparation of your application and throughout the appraisal period, right up to the company’s approval by the supervisory authority: assistance with drafting and updating approval files, with any responses required during the appraisal process in the event of additional requests, and so on.

We are also present throughout the corporate life of investment vehicles, as close as possible to changes: assistance in preparing approval or transfer files.

Organization and strategies

Our team can support you in organizing and structuring your operational compliance system:

  • Feasibility analysis of certain projects in line with regulatory developments
  • Implementation of best practices
  • Review of documents and files communicated to regulatory authorities
  • Assistance in drafting and updating normative documentation (procedures, policies, regulatory and operational mapping)
  • Temporary replacement of RCCI/RCSI

Consulting services

Our team can also be at your side for certain tasks, such as reviewing sales documentation, customer reporting, answering any questions you may ask us, studying potential or proven conflicts of interest, etc., which do not fall within the scope of the RCCI’s control functions, and which must therefore be excluded from the number of days allocated to outsourced RCCI tasks, as declared in the program of activities and in the “FRA-RAC” report.

Assistance with guardianship inspections

We can support and assist you in the event of inspections by regulatory authorities and professional associations.

Regulatory watch and requirements

Thanks to our constant monitoring of regulatory developments, our team keeps you regularly informed of your regulatory obligations.

What’s more, our team can provide you with specific support in the development of sustainable finance (ESG, taxonomy, SFDR, CSRD) and cybersecurity measures, which have become major challenges.

Risk management

  • Mapping and definition of alerts
  • Implementation or overhaul of the company’s risk management system
  • Review of management/investment processes

Internal

control

Exponens assists regulated and non-regulated companies with their internal control systems.

Compliance and Internal Control Delegation

  • Assistance with PCCI design and implementation
  • Formalization of permanent control work
  • Periodic control missions according to the points and periods selected
  • Formalization of summary reports on work performed
  • Holding of compliance and internal control committees and presentation of work performed

Assistance with the compliance and internal control mission

Our team assists you in structuring your compliance, internal control and risk management systems, in carrying out the company’s control work in accordance with the points and periods defined in the PCCI, and in formalizing the reports to be sent to the AMF.

Compliance audits

At your request, our team can draw up a diagnosis of the state of compliance and internal control for your regulated activities.

Training

Our team can offer you training courses to help your staff master all aspects of the financial market, its developments and its regulatory challenges.

  • Raising awareness of compliance and internal controls
  • Fight against money laundering and terrorist financing
  • Market Abuse
  • Sustainable finance
  • Cybersecurity
  • Exam preparation for the RCCI professional card

Inssurance

Who are you?

  • An insurance company or mutual insurer governed by the French Insurance Code (Code des assurances)
  • A mutual insurer governed by the French Mutual Code (including mutual insurers governed by books II and III)
  • A provident institution governed by the Social Security Code
  • A supplementary occupational pension fund governed by the French Insurance Code
  • A mutual insurance company and union for supplementary occupational retirement plans governed by the French Mutual Insurance Code (Code de la Mutualité)
  • A supplementary pension fund governed by the Social Security Code
  • Insurance intermediaries: brokers, insurance agents, insurance representatives and insurance intermediary representatives

Reporting to supervisory authorities

Under the third pillar of the Solvency II directive, insurance companies are required to disclose certain information to the public and to the supervisory authorities.

Exponens is committed to offering sustainable solutions and supporting you in your reporting missions:

  • Customer protection questionnaire
  • ORSA report (Own Risk and Solvency Assessment)
  • SFCR report (annual report on solvency and financial situation)
  • RSR report (regular report to the controller)
  • Report on outsourcing of important activities or functions
  • Notification to the ACPR of managers, executives and heads of key functions

Organizing and improving compliance

The insurance organization sector has faced many challenges in recent years with regard to the multiplication of regulatory requirements. Since the Solvency II Directive came into force in 2016, insurance organizations have been required to set up four key functions: compliance, risk management, internal audit and actuarial.

At the heart of these key functions, the administrative, management or supervisory body (AMSB) plays a key role, guaranteeing a sound and prudent management system. Exponens is committed to helping you in :

  • Implementation of written policies (compliance, risk management, risk mapping, prevention of conflicts of interest, etc.)
  • Legal monitoring and formalization of impact analyses (Solvency II, DDA, etc.)
  • Compliance assignments on specific topics: cloud service providers, LCB-FT, Social Security Finance Act, onegate certificates, etc.
  • Activity report for key compliance function
  • Formalization of non-compliance risk assessment sheets
  • Preparation of activity reports for directors
  • Compliance of general terms and conditions or mutualist regulations, pre-contractual and contractual documents, IPID documents (insurance product information document).
  • Compliance notices for new product offerings

Internal control

Exponens can support managers of key functions, such as compliance, risk management, actuarial and internal audit, involved in implementing the internal control system.

After the essential stage of self-control, internal control is divided into three levels. For each level, our teams can help you set up a system adapted to regulatory requirements, operational efficiency and the level of each risk:

  • First-level control is performed by operational staff. Exponens can help you define the type and frequency of controls to be carried out, build a control monitoring dashboard and create an incident database.
  • Exponens can support you in carrying out second-level controls, or can act as your delegate.

Our approach focuses on ensuring that rules and procedures are in line with regulations, and that they are properly applied by the insurance organization. We carry out the following tasks:

  • Transmission of the main written policies as part of the application for approval, and review of these policies
  • Determination of alert thresholds within the risk management policy.
  • Declaration to the ACPR of all outsourcing of critical or important functions.
  • Risk mapping
  • Centralized recording of anomalies and incidents
  • A compliance plan validated by the Board of Directors.
  • The implementation of the LCB-FT system in this respect

Training

Our training courses are designed for both operational staff and administrators.

Examples of training courses offered:

LCB-FT, Solvency II, Insurance Distribution Directive, Taxonomy, FICOVIE, 100% health, infra-annual termination, RGPD, ICT governance, directors’ liability,..

Bank

Who are you?

  • A credit institution
  • An investment services provider (“ISP”) other than a portfolio management company (“PMC”)

Compliance

Our team can help you organize and structure your operational compliance system.

Optimizing and assisting the Compliance function

Our team will support and assist you in organizing and structuring your operational compliance and internal control system. To this end, we can carry out studies of the impact of regulations on your activities, draw up a body of documentation (procedures, policies, charters, etc.), and propose appropriate solutions for emerging issues (ESG, cybersecurity, digitalization, etc.).

If required, we can also provide your establishment with collaborators to lighten the load on your teams.

Prevent the risk of non-compliance

  • Diagnosis of fraud mechanisms (internal and external)
  • Monitoring operations and movements of funds
  • Knowledge of customers (KYC) and suppliers (KYS)
  • Anti-money laundering and combating the financing of terrorism (AML/CFT)
  • Suspicious transactions

Monitoring regulatory developments

We support you in the operational implementation of regulations (e.g. DORA, RGPD, AMLD, CSRD, Basel / CRD, Sapin 2, Eckert, MIFID2) and their impacts in terms of:

  • Governance
  • Organization
  • Reporting
  • Procedure

Support in dealings with regulatory authorities

We can support you throughout the application process, right up to the point of obtaining approval, approval extension or exemption from approval by the supervisory authority (ACPR).

We can also assist you with inspections ordered by the supervisory authorities and professional associations.

PUPA/PCA organization

Our team can help you define, organize and test your PUPA/PCA system. Our information systems security experts can also intervene and carry out an audit, as well as defining action plans if required.

Our main compliance

topics

Our team can help you organize and structure your operational compliance system.

Financial security

We can analyze your financial security system, risk classification, transaction monitoring tools, PEPs, asset freezes and TRACFIN declarations. We can help you to identify the LCB-FT risks linked to your business or that of your customers, to put in place relevant systems with regard to your customers’ behavior, and to optimize your warning system.

Right to account, banking inclusion and inactive accounts

We can carry out a review of inactive contracts, beneficiaries and customer communications. We can also support you in optimizing your mechanism for detecting consumers in situations of financial fragility, or in detecting and processing dormant assets.

RGPD

We can support you in managing your RGPD activity, by reconciling it with the regulations and other compliance activities, and by implementing tools. We can also act as DPO for outsourced activities.

Complaints management

Our teams can support you in setting up and optimizing the complaints handling process, and its follow-up.

Internal

control

Our teams will support you throughout the process of defining, optimizing and deploying internal control at your facility.

Organization of internal control systems

We can set up a level 1 and 2 permanent control plan, and make recommendations in line with regulatory requirements and best practices.
Our teams can also help you produce internal and regulatory reports (RACI, QPC, etc.).

We can also support you in setting up a periodic control plan (audit), or more broadly in organizing the periodic control function.

We can also provide permanent and/or periodic control services as part of an outsourcing or operational reinforcement project.

Optimising, automating and documenting internal control

New internal organization, accelerated external growth or a merger between two entities – are you looking to streamline your internal control system? Or do you simply need an external perspective on regulatory requirements and best practice?

We can provide you with a diagnosis of your existing system, in search of appropriate and effective coverage of your risks.

The introduction of a new internal control tool can also be an opportunity to review the internal control documentation base: risk mapping, control plan, control sheet.

Training

Our teams will support you throughout the process of defining, optimizing and deploying internal control at your facility.

Our team can offer you training courses to help your staff master the regulatory challenges.

  • Raising awareness of compliance and internal controls
  • Fight against money laundering and terrorist financing
  • Market Abuse
  • Sustainable finance
  • Cybersecurity

Services & Industry

Who are you?

A company or a subsidiary of a group in the transport, retail, real estate, information, communication, construction, food, pharmaceutical, etc. sectors.

Compliance

Our teams can support and assist you in organizing and structuring your operational compliance system.

We can carry out studies of the impact of regulations on your activities, draw up a body of documentation (procedures, policies, charters, etc.), and propose appropriate solutions for emerging issues (ESG, cybersecurity, digitalization, etc.).

Internal control

Our teams will support you throughout the process of defining and deploying internal control within your establishment, in line with regulatory requirements and best practices.

New internal organization, accelerated external growth or a merger between two entities – are you looking to streamline your internal control system?
We can provide you with a diagnosis of your existing system, in search of appropriate and effective coverage of your risks.

The introduction of a new internal control tool can also be an opportunity to review the internal control documentation base: risk mapping, control plan, control sheet.

Exponens can intervene in a variety of fields, including:

  • The fight against corruption (Sapin 2)
  • The fight against fraud
  • Combating money laundering and the financing of terrorism (LCB/FT)
  • Protection of personal data
  • Competition law
  • CSR (corporate social responsibility)
  • Safety, health and working conditions

Tools for Risk, Control and Compliance functions

For departments that have decided to equip themselves with an integrated and coherent tool for risk, control, compliance and audit management, Exponens provides independent support in the choice of your future GRC tool.

  • Gathering and drafting requirements
  • Identification of existing market tools
  • Help in selecting a short list
  • Drafting and launching the call for tenders
  • Organize and assist in the evaluation of bids

Training

Our team can offer you training courses to help your staff master the regulatory challenges.

  • Raising awareness of compliance and internal controls
  • Fight against money laundering and terrorist financing
  • CSR (climate law, taxonomy, etc.)
  • Cybersecurity
  • Sapin 2

Contact our expert partners

All our expert partners
Partner, Chartered Accountant and Statutory Auditor
Master’s degree in Management Sciences from Paris XII University
+33 (0)1 85 34 16 57
nathalie.lutz@exponens.com

Nathalie Lutz preforms legal and contractual audits of listed and unlisted groups. She has developed a specialisation in life insurance, property and casualty insurance, personal insurance, as well as in professional organisations.

She also coordinates the IS Audit, Internal Control and Financial Compliance activities of companies subject to AMF supervision.

Nathalie Lutz is Vice-President of the Development Commission of the National Board of Statutory Auditors (CNCC), as well as a member of the insurance Commission and delegated quality controller of the CNCC.

Within Exponens, Nathalie is a member of the Executive Committee and the Quality & Ethics Committee.

Nathalie Lutz



See CV

Partner, Head of Risk Management and Insurance, Certified Actuary
Graduate of École Polytechnique and the National School of Statistics and Economic Administration (ENSAE)
+33 (0)1 70 64 08 14
philippe.delerive@exponens.com

Philippe Delerive began his career with UAP in corporate pensions and then transferred to UAP’s Group Policies Department as technical manager of personal protection and health plans. In 1998, he joined AXA France’s Health Innovation Department and contributed to the health experimentation project and, in 2001, became AXA Courtage’s Technical and Financial Director for the retail and business market. In 2002, he joined GAN Assurances as Head of Personal Insurance before successively becoming Head of the Paris-Centre-Picardie region in 2007, Deputy CEO in 2011 and finally Chief Executive Officer of GAN Assurances from 2012 to 2016.

In 2017, he joined Exponens as a partner and became head of the Risk and Insurance Department.

Within Exponens, Philippe is a member of the Executive Committee and the Quality & Ethics Committee.

Philippe Delerive

See CV

Partner, Risk, Controls, Compliance
Graduate of Paris-Sorbonne University, post-graduate degree (DEA) in industrial strategy
+33 (0)1 41 31 77 03
sophie.calvez@exponens.com

During her initial professional experience with a consulting firm, Sophie Calvez developed expertise in project owner assistance, providing support for finance departments during migration of their information systems, and coordinating change management assignments.

She then provided assistance to permanent control managers in optimising their control processes and in implementing and monitoring regulatory projects. She also headed remediation missions.

She most frequently provides services to systemic French banks, but also to the industrial, real estate and healthcare sectors, as well as to smaller entities.

Sophie Calvez


See CV

Sophie Breton

Partner, Chartered Accountant
Graduate of SKEMA Business School Nice

+33 (0)1 49 29 55 38

Paris Gare de Lyon

langues

Sophie Breton joined Exponens in 1994 after two years with KPMG. After taking charge of chartered accountancy assignments in a variety of fields, she set up the real estate department in 2005, providing accounting and tax assistance (bookkeeping, auditing, reporting, tax compliance, due diligence, etc.) for French and foreign real estate companies and investment funds.

In 2008, she initiated the development within the Exponens group of specific expertise in OPCI accounting, which today enables her to offer a range of services specifically dedicated to this type of real estate vehicle. Sophie Breton regularly runs professional training courses on this subject, and participates in the work of the accounting committee of the Association Française des Sociétés de Placement Immobilier (ASPIM).

Within Exponens, Sophie is a member of the Quality & Ethics Committee.

Here is the high-end advice.

A need, a question, an advice? Do not hesitate to contact us.
Our experts will be happy to answer you.

How to contact us