NATIXIS - 2018 Registration document and annual financial report

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

ORGANIZATION OF NATIXIS' INTERNAL CONTROL SYSTEM ■

Internal Control Coordination Committee (3CIG) and special committees

Compliance function

ITSS-BC function

Risks function

Finance Review function

Internal Audit function

BPCE

Coordination of Permanent Controls

3

Board of Directors (Risk Committee, Audit Committee)

Executive managers

Control Functions Coordination Committee (CCFC)

Internal Audit Department

Periodical controls

Level 3

General Secretary

Finance

Permanent control

Financial Review*

Compliance

ITSS-BC

Risks

Level 2

Person responsible for the Permanent control: General secretary

Special Committees on Risks

Operational departments Controls 1.1 (operational) and 1.2 (hierarchical and/or functional)

Level 1

* Accounting, fiscal and regulatory controls performed by the Finance Review department, reporting hierarchically to the Accounting and Ratios department within Finance, and functionally to the Compliance Department.

The Control Functions Coordination 3.2.1.2 Committee The Control Functions Coordination Committee (CFCC) is chaired by the Natixis Chief Executive Officer or his substitute, the Corporate Secretary. Its members are the Heads of Risk, Compliance, Internal Audit, as well as the Head of the Regulatory and Accounting Review Team, the Corporate Secretary of the Risk Division, Compliance and Permanent Controls of BPCE and, as required, certain operational or functional managers. The CFCC coordinates the entire internal control system by: addressing all issues pertaining to the organization and a planning of control services; highlighting areas of emerging or recurring risk within the a scope under consideration and reporting any significant anomalies observed to the executive body (for example, monitoring the backlog of the main corrective measures); and providing the executive body with updates on ongoing a controls performed by internal or external control functions, or by regulators, and ensuring that the conclusions from these undertakings are taken into account by the operational business lines. The CFCC met three times in 2018. The conclusions of controls carried out under this system, supplemented with the results of external audits (carried out by

BPCE's General Inspection, the Statutory Auditors, the regulators/supervisors, etc.) are reported to the Board of Directors via its extensions, the Audit Committee and the Risk Committee. First-level permanent controls 3.2.1.3 First-level permanent controls are carried out by operational or functional staff on the transactions they perform, following internal procedures and legal and regulatory requirements. Transactions may be subject to a control by operational staff themselves (level 1.1.) and to a separate control by line management or by a functional department responsible for validating these transactions (level 1.2). The first-level controls are centralized in a dedicated tool that is used to consolidate results, identify areas at risk and produce reports. The Compliance Department helps the operational or functional departments define and update these controls. At December 31, 2018, 2,286 level 1.2 controls were reported (mostly on a quarterly basis). Second-level permanent controls 3.2.1.4 Second-level permanent controls are performed by four departments that are independent of operational staff.

117

Natixis Registration Document 2018

Made with FlippingBook HTML5