NATIXIS - 2018 Registration document and annual financial report

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

procedures, and in line with legislative and regulatory requirements. The controls can be performed by a functional department tasked with approving the relevant transactions. Risk culture 3.2.2.3 Natixis is defined by its strong risk culture at every level of its organizational structure. The risk culture is central to the Risk function’s guiding principles, as set out in the Risk Charter. Its priorities are threefold: harmonizing best practices within the bank by deploying a a compendium of risk policies, standards and procedures that cover all the bank’s major risks (credit, market and operational) and outline the bank’s strategic vision and risk appetite; running global awareness campaigns (posters, golden rules, a information on the intranet), and implementing a new e-learning module—now mandatory for all staff—on operational risks; promoting all-staff training on key subjects relating to a regulatory developments. Furthermore, the new Code of Conduct adopted by Natixis in December 2017 is an effective means of inculcating the risk culture, as it defines the rules of conduct applicable to all employees and encourages greater involvement and accountability. Four guiding principles serve as the building blocks of Natixis’ DNA and are adapted to each profession and function. The rules fall into the following themes: protecting Natixis' and Groupe BPCE’s assets and reputation. a Mandatory e-learning for all employees was established. The platform was operationally implemented through the definition of performance indicators and dashboards adapted to each entity. An analysis was then presented at conduct Committee Meetings held for each entity. These Committees have four parts, bringing together the business line, Human Resources, Compliance and the Risk division. Lastly, Natixis’ compensation policy is structured to encourage the long-term commitment of the Company’s employees while ensuring risk is managed appropriately. Risk appetite 3.2.2.4 (Data certified by the Statutory Auditors in accordance with IFRS 7) Natixis’ risk appetite is defined as the nature and the level of risk that the bank is willing to take within the bounds of its business model and strategy. It is consistent with Natixis’ strategic plan, budget process and business activities, and falls within Groupe BPCE’s general framework on risk appetite, being client-centric; a behaving ethically; a acting responsibly towards society; a

to monitor the Statutory Auditors’ performance of their duties. a The Audit Committee met five times in fiscal year 2018.

The Bank’s executive managers and Special Committees on risk

The executive managers, under the supervision of the Board of Directors, are responsible for implementing Natixis’ internal control system in its entirety. At least one of the Bank’s executive managers or one of his or her delegates chair the main Special Committees on risk: the Global Risk Committee (CRG), the Natixis Credit a Committee, the Market Risk Committee, the Operational Risk Committee, the Watchlist and Provisions Committee; the ALM Committee; a the Control Functions Coordination Committee. a The executive managers regularly inform the Board of Directors of all significant risks, risk management policies and changes made thereto. Central divisions Reporting to the Chief Financial Officer: the Accounting and Ratios division is responsible for a accounting and regulatory information; the Financial Management division oversees ALM and its a framework (standards, limits, etc.); the Financial Oversight division is in charge of the budget a process; the Taxation division ensures adherence to tax laws. a The Risk division , which reports to the Chief Executive Officer, is responsible for measuring, monitoring and managing the risks inherent to the business activities, in particular market and liquidity risk, credit and counterparty risk, and operational and model risk. The Compliance Department, reporting to the Corporate Secretary, is responsible mainly for managing compliance risk and for running the associated control system. The Legal Department , also reporting to the Corporate Secretary, ensures legal regulatory compliance. The Internal Audit Department reports to the Chief Executive Officer and performs audits on existing control points in the audited processes and evaluate the risks generated by the activities under audit. The Human Resources Department is involved in the compensation policy and oversees its application. The central divisions provide senior management with necessary information on risk developments and on the management of the bank. The business lines Each Natixis entity is responsible for the first-level management of its risks within its scope. Operational staff performs level-one permanent controls on the transactions they carry out in accordance with internal

120

Natixis Registration Document 2018