NATIXIS - 2018 Registration document and annual financial report

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

upskilling the Internal Audit team by upgrading the training a program and revisiting its content (particularly to include regulatory updates); continuing to actively draft and update audit guides, and a implementing a tool for monitoring model risks, carried out jointly with BPCE’s General Inspection. Lastly, Natixis’ Internal Audit Department collaborated with its BPCE counterpart on a number of projects and assignments. The two departments held eight meetings in 2018. These meetings provided a forum for addressing matters related to auditing programs and practices, as well as matters related to risk assessment and assignment evaluation (General Inspections Coordination Committee). Risk management framework 3.2.2.1 Natixis’ risk management is based on independent control functions, each addressing the risks falling within their scope of oversight. The risk management function, carried out by the Risk division, is structured as an independent and global matrix that covers all scopes and geographic areas. It manages the risk appetite framework, recommends risk policies consistent with those of Groupe BPCE to Senior Management for approval, and makes proposals to the executive body on principles and rules in the following areas: risk decision-making procedures; a limit authorizations; a risk measurement; a risk oversight. a It also independently validates models as part of its wider risk model management framework. It plays an essential role within the Committee structure, the highest-level Committee being Natixis’ Global Risk Committee, which meets once per quarter. In addition, it regularly reports on its work, submitting its analyses and findings to Natixis’ executive managers, to Natixis’ supervisory body, and to Groupe BPCE. A risk consolidation team generates a consolidated risk overview using a scorecard that indicates the various risks (credit, market, liquidity, operational, modeling, etc.). To fulfill these responsibilities, the Risk division uses an IT system tailored to the activities of Natixis’ core businesses, applying its modeling and quantification methods for each type of risk. The management and monitoring of Natixis’ structural balance sheet risks are under the authority of the Asset/Liability Management Committee (or “ALM Committee”). The ALM Committee’s monitoring scope includes overall interest rate risk, liquidity risk, structural foreign exchange risk and leverage risk. The Compliance function oversees the compliance risk management system of Natixis S.A. and of its French and international branches and subsidiaries. It is also in charge of fraud risk prevention, information systems security, and business continuity. GOVERNANCE AND RISK 3.2.2 MANAGEMENT SYSTEM

Its operating rules are governed by a charter signed off by the Senior Management Committee. The Compliance Function’s preventative actions—advice, raising awareness and training—are a key driver to improving Natixis’ management of compliance risk. Organization 3.2.2.2 (Data certified by the Statutory Auditors in accordance with IFRS 7) Risk management governance is a structured organization involving all levels of the bank: the Board of Directors and its specialized committees a (Risk Committee, Audit Committee, etc.); the executive managers and the specialized Risk Committees a they chair within the bank; the central divisions, independent of the businesses; a and the businesses (Asset & Wealth Management, Corporate a & Investment Banking, Insurance, Specialized Financial Services). The Board of Directors and its Committees The Board of Directors (and its extension, the Risk Committee) gives the final approval of Natixis’ risk appetite and oversees its application. Under the Natixis Board of Directors’ responsibility, the Risk Committee’s primary duties are: to advise the Board of Directors on the bank’s overall strategy a and risk appetite, both current and future; to assist the Board of Directors when it checks the a implementation of that strategy by the executive managers and by the Chief Risk Officer; to monitor the effectiveness of the internal control and risk a management systems. The Risk Committee met five times in fiscal year 2018. In addition, and since July 2016, the Risk Committee meets as the US Risk Committee as per the US regulatory requirements of the Dodd-Frank Act. The US Risk Committee has the same structure as the Risk Committee, and is responsible for supervising the risks linked to Natixis’ activities on US soil (“Combined US operations”). The duties of Natixis’ Audit Committee are essentially: to monitor the process of preparing financial information (the a financial statements, the management report, etc.) and to make recommendations to guarantee the integrity of this information; to monitor the statutory audit of the quarterly, half-yearly and a annual consolidated financial statements and annual individual financial statements, as well as Natixis’ draft budgets and material off-balance sheet commitments, far enough in advance that they can be presented to Natixis’ Board of Directors, as well as the half-yearly and annual management reports; to monitor the effectiveness of the internal control and risk a management systems with regard to the procedures for preparing and processing accounting and financial information; to ensure the independence of the Statutory Auditors; a

3

119

Natixis Registration Document 2018

Made with FlippingBook HTML5