NATIXIS - 2018 Registration document and annual financial report

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

review their serious incidents and decide on the application of corrective actions, determine the deadlines and associated deliverables, and monitor the progress of these actions. The entities and business lines can decide to apply these measures to their own threshold, which is lower than that of Natixis and consistent with its activity and level of risk. Most operational risk incidents occur frequently and have a low impact per incident. Overall trend of reported incidents In 2018, nearly 3,800 incidents that occurred in the year (representing 7,400 single incidents) were reported a single incident potentially comprising several individual incidents) were entered into the recording tool by the Natixis business lines. The application of reporting threshold has helped to reduce the number of declarations made since 2016, particularly in the Specialized Financial Services and Asset & Wealth Management business lines and the cross-business functions.

Identifying losses and incidents Recording and analyzing incidents

Incidents are recorded as they occur. Starting from an optional reporting threshold of €5,000 for the Corporate & Investment Banking and Asset Management business lines, and €1,500 for Specialized Financial Services, Insurance and Private Banking. A single definition of “serious incident” is used, in compliance with Groupe BPCE standards (€300,000 gross). All serious incidents (above the defined threshold or deemed serious by the business line and the Operational Risk Department) are reported immediately to the business line’s management and to Natixis’ Chief Risk Officer. Following an investigation involving all relevant parties, the operational risk manager of the business line compiles a standardized full report, including a factual description of the event, the analysis of the initial cause, the description of the impact and the proposed corrective actions. At every level of the Company, the business line Operational Risk Committee

3

BREAKDOWN OF REPORTED INCIDENTS BY BUSINESS AND DATE ■

3,500

3,000

2,500

2016 2017 2018

2,000

1,500

1,000

500

0

Corporate & Investment Banking

Asset & Wealth Management

Functional Departments

Payments

Insurance

Corporate Center

Specialized Financial Services

BREAKDOWN OF REPORTED INCIDENTS BY NET AMOUNT BY DATE AND BASEL CATEGORY ■

80%

70%

60%

50%

2016 2017 2018

40%

30%

20%

10%

0%

Execution, delivery and procedures

External fraud

Internal fraud Commercial customers, products and practices

Employment and safety practices

Business interruption and Information System deficiencies

Damage to property plant and equipment

145

Natixis Registration Document 2018