NATIXIS - 2018 Registration document and annual financial report

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

The third line of defense is the Internal Audit Department, which annually reviews internal rating models and compliance with the risk model management framework and the correct application by Model Risk Management of its own policies and procedures. The findings and results of the model validation process performed at Natixis are presented to the Risk Model Oversight Committee for confirmation, then submitted to the Model Risk Management Committee for approval before being sent to the Standards and Methods Committee of the Groupe BPCE Risk, Compliance and Permanent Control division for final validation and possible submission to the regulator. The Risk Model Oversight Committee is chaired by the Head of the Model Risk & Risk Governance Department; the Risk Model Management Committee is chaired by Natixis’ Chief Risk Officer who is a member of the Senior Management Committee. Backtesting and benchmarking are an integral part of the model validation process. Backtesting and performance monitoring programs are used at least once a year to ensure the quality and reliability of rating models, LGD estimates and probability of default scales. They include a detailed analysis based on a range of indicators, e.g. differences in terms of severity and migration compared with agency ratings, observed defaults and losses and changes in ratings prior to default, and the performance measurements of LGD models, based on the quantitative analysis of historical data and supplemented by qualitative analysis. Rating tool performance monitoring and backtesting Rating method performance monitoring and backtesting of PD The rating methods are periodically checked and undergo external benchmarking to ensure the consistency of ratings produced using expert appraisal methods, as well as their robustness over time according to regulatory requirements. The monitoring methods are defined through a backtesting procedure tailored to each type of model. For Natixis, the Corporate (including Structured Finance), Interbank and Sovereign portfolios, which are handled using dedicated rating tools, have the lowest default rates (Low Default Portfolios). These portfolios are backtested in accordance with their specific nature, namely the low number of defaults and the difficulty in creating and maintaining a PD scale based on internal data. The backtesting procedure, which draws on these data (and sometimes external data in the case of backtesting of the banking model or the Major Corporate rating grids particularly), consists of two stages: an analysis of the absolute performance, which is based on the default rate and internal migrations, and an analysis of the relative performance, which is based on a comparison with external ratings. Alerts are triggered by performance rules and indicators as necessary. These checks are carried out through several processes, such as quarterly meetings of the Rating Analysis Committee (CANO) and the backtesting of the various rating models, which is carried out between once and four times a year depending on the scope.

External rating system For outstandings measured using the standardized approach, Natixis uses external rating systems of the agencies Fitch Ratings, Standard & Poor's and Moody's. The reconciliation of the external rating agencies’ alphanumeric credit rating scales and the risk weighting coefficients is performed in accordance with the note published by the ACPR: Method for calculating prudential ratios within the CRD IV (Capital Requirements Directive IV). When a bank portfolio exposure does not have a directly applicable external credit rating, the Bank’s customer standards allow—on a case-by-case basis and after analysis—the application of a rating based partially on an internal or exposure rating of the issuer (or of the guarantor, if applicable). In accordance with regulatory requirements, Natixis has established internal model validation policies and procedures for evaluating credit and counterparty risk. This independent model validation policy is part of its wider risk model management framework. Within the Model Risk & Risk Governance Department which reports to the Chief Risk Officer, Model Risk Management is responsible for the governance and standards applicable to a model’s life cycle. The various stages of a model’s life cycle—design, IT development, validation, and use—are clearly presented and the roles and responsibilities of each participant specified and detailed. Internal rating models are validated by the validation team of the Groupe BPCE Risk, Compliance and Permanent Control division or, acting with the authorization of the Groupe BPCE Group Modeling Committee, by the Natixis Risk division’s Model Risk Management team. Pursuant to BPCE’s validation charter, the validation covers a review of the relevance, consistency and integrity of models and the reliability of input and output. The validation process comprises four steps: quantitative analysis: analysis of proxies, sizing methods, risk a indicators, aggregation rules, etc.; performance and governance analysis: model backtesting and a benchmarking, precision and consistency analysis, stress tests, etc.; analysis of data quality and implementation of the model: a analysis of the quality and representativeness of data, integrity of controls, error reports, comprehensiveness of data, etc.; usage test: the validation team ensures that the internal a models are used by qualified staff, that usage procedures are documented and up to date, that ex-post controls are performed, etc. The design, modification and ongoing management of the model (including backtesting) are performed by the model designers on behalf of the model owner. Model Risk Management, an independent entity, is called upon for all new models as well as for all modifications or improvements to existing models. On an annual basis, this team regularly reviews the rating models which cover the analysis of backtesting and usage tests. Validation of internal models 3.2.3.6 Validation of models

3

127

Natixis Registration Document 2018