NATIXIS - 2018 Registration document and annual financial report

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

launched in order to communicate widely on this area with staff and provide guidelines on implementing appropriate vigilance measures and dedicated controls. The CIB's framework was also reviewed from a tax viewpoint to reflect the various regulatory changes seen in 2018. The business lines’ exposure to tax risk was assessed in order to produce a risk map. This work resulted in the introduction of specific tax-related vigilance criteria for the most exposed business lines and the teams responsible for analyzing customer identification documents. The next phase of the action plan is in progress. Natixis has a framework of internal policies and procedures, screening tools, training and permanent supervision controls ensuring compliance with the financial sanction and embargo regulations to which it is subject. The framework draws on measures for verifying client databases and screening transactions with a view to identifying, on an ongoing basis, any person or entity subject to financial sanctions, specifically account freezes or restricted access to bank financing. It allows the introduction of account freezes against Natixis customers as quickly as possible. It is also able to prevent any transactions linked to sectors, goods or technologies that are subject to restrictions or bans pursuant to embargo measures. Jurisdictions subject to embargo undergo constant supervision and heightened diligence as part of a prudent and restrictive approach. A team of experts dedicated to financial sanctions provides specific assistance and advice to the Bank’s business lines and entities. A preliminary study was carried out between mid-2017 and September 2018 to assess our international financial sanction compliance framework. This identified areas for improvement, for some of which action has already been taken, and resulted in the launching of three projects to strengthen the framework, including one in coordination with BPCE regarding transaction screening. Prevention of fraud Anti-fraud measures are steered by the Anti-Fraud Coordination Unit in collaboration with the relevant business lines. This unit is also in charge of drafting and implementing standards and principles for fraud risk management and of coordinating the anti-fraud officers’ network across the subsidiaries and branches of Natixis in France and abroad. More specifically, risk linked to capital market activities is closely monitored and subject to specific first- and second-level controls overseen and implemented by a dedicated team within the CIB Compliance Department. Social engineering-type payment fraud is also subject to constant vigilance and specific prevention measures, including dedicated training. Lastly, the risk of information leaks, which has become a major risk, is subject to specific controls and investigations employing the expertise of fraud and IT security experts as well as the legal and HR functions as necessary. Compliance with financial sanctions and embargoes

Market integrity In accordance, with the requirements of the EU regulation on market abuse, Natixis has set up a framework for detecting transactions likely to constitute market abuse, incorporated within its internal control system. Alerts are processed and potential cases of market abuse are analyzed by a surveillance tool and dedicated teams. Transactions that could constitute market abuse are reported to the French Financial Markets Authority (AMF) and to local regulators, in accordance with the regulations in force. The framework is currently being updated, a process that should be completed by the end of 2019, to strengthen its analysis and detection capacity. The version upgrade of the Actimize tool (MSE) for CIB is also part of this process. Financial security 3.2.8.4 Natixis’ financial security was ramped up in numerous ways in 2018: its teams were expanded and a project team tasked with a managing key projects was created; initiatives aimed at safeguarding international financial sanction a compliance systems were launched or maintained; the Financial Security Supervisory Committee (AMLSOC) for a France and abroad, the parent company, subsidiaries and branches continued to gain momentum. Reporting to Compliance management, the Financial Security Department manages the anti-money laundering and counter-terrorist financing (AML/CTF), corruption and fraud prevention framework, and ensures the compliance of Natixis and its subsidiaries with financial sanctions and embargoes. Anti-money laundering and counter-terrorist financing As part of its efforts to combat money laundering and terrorist financing, in 2018 Natixis enhanced its AML-CTF framework by integrating the new requirements resulting from the transposition into French law of the 4th EU AML-CTF Directive. Accordingly, Natixis’ AML-CTF framework includes: KYC and due diligence obligations, in line with a risk-based a approach, on customer onboarding, periodic reviews and throughout the business relationship; a transaction monitoring and control system based on a automated tools or requests that escalates alerts and suspicions to Natixis’ Financial Security Department; a procedure for reporting “suspicious” transactions to the a relevant financial intelligence unit in a timely manner; appropriate training and regular information for employees to a ensure compliance with these obligations. The counter-terrorist financing aspect of the framework was strengthened in 2018. The CTF risk map was updated, based on an assessment of the exposure of Natixis’ functions and subsidiaries. This took into account the most recent typological information disseminated particularly by FATF, the French Treasury and Tracfin. A bimonthly geopolitical watch was

156

Natixis Registration Document 2018