NATIXIS - 2018 Registration document and annual financial report

5 FINANCIAL DATA

Internal control procedures relating to accounting and financial information

PERMANENT CONTROL SYSTEM 5.5.2 RELATING TO ACCOUNTING AND FINANCIAL INFORMATION As part of its duties, and in keeping with the French Ministerial Order of November 3, 2014 on internal control by companies in the banking sector and European supervision by the Single Supervisory Mechanism, Natixis’ Internal Audit Department assesses the internal control procedures, with a particular focus on accounting and financial procedures, of all the consolidated entities, whether or not they have credit institution status. The fact that most subsidiaries have their own management and control functions means that internal control procedures are decentralized and are tailored to the organization of each of the consolidated entities, relying on a multi-tier accounting control process: a first-level control where permanent and local controls in a operational business lines are integrated into the operating process and formalized in detailed control programs; an intermediate level overseen by each entity’s financial or a compliance or risk departments where second-level controls, independent of operating processes, are performed to ensure the reliability of accounting and regulatory reporting processes and verify the existence and quality of the first-level controls; a final level of control carried out by the Internal Audit a Department as part of its regular audits. For accounting, permanent and periodic controls apply to the completion and/or monitoring of: for justifying accounts, accuracy and veracity checks, such as a the procedures for management/financial account reconciliation (outstandings and income statement), reconciliation of cash accounts and checking and clearing of suspense items; consistency checks through analytical reviews; a checks to make sure income and expenses are allocated to the a correct period; verification that the presentation complies with accounting a rules; correct processing of specific transactions in line with the a relevant principles; verification of financial information (notes to the financial a statements, items of financial communication); adjustment of anomalies identified at the time of these a controls as well as the corresponding analyses and documentation. These controls are conducted using several accounting systems, whose number is being reduced, however, due to the integration of a significant part of Natixis’ consolidated scope. For regulatory reporting, permanent and periodic controls apply to the completion and monitoring of: accuracy and veracity checks, such as the a management/financial account reconciliation processes, as management data can come from various sources;

controls of the traceability and completeness of data, a throughout the various reporting preparation processes; compliance and presentation controls in respect of the a regulatory requirements specific to each reporting process; quality controls of the data (in accordance with the BCBS 239 a program) needed to produce the reports and the quality of the attributes entered into the databases used, allowing the proper breakdown of accounting or management data; consistency checks between published reports, where a possible and relevant. For all these scopes, Natixis and its subsidiaries are continuing to upgrade their accounting and financial control procedures and equip themselves with suitable audit trail tools. In this respect, Natixis’ Finance Department supervises, assists and monitors the various controls performed by the subsidiaries. The accounting and financial reporting control system is primarily based on the following fundamental principles: separation of the accounting production and control functions; a and the standardization of control processes within the Group’s a different business lines and entities: methods, software, reporting and frequency; It also draws on: the application of the principles defined by BPCE, i.e. the a scopes governed by the two-level control processes and implementing the coordination of the control teams; two kinds of assignments (operational or organizational) to be a carried out either as part of the account closing process or in periodic assignments; formalized documentation as part of the “Accounting and a financial information quality control framework” drawn up by Groupe BPCE. This includes procedures that describe in detail the organization of the system; risk mapping showing the nature, the frequency of occurrence a and the responsibility by control level across all scopes (accounting and regulatory); centralized oversight within the financial, risk or compliance a departments, performed by the dedicated Regulatory and Accounting Review team, which reviews first-level controls and also performs second-level controls; a risk-based approach, enabling the Review teams to guide and a determine the frequency of their controls given the quality of the internal control processes. For Natixis, the system is organized based on: accounting or regulatory production teams, within the business a lines or centralized within the Accounting and Ratios Department, that handle all work related to the correct entry of transactions and the collection of data required for regulatory reporting and the implementation of day-to-day controls; first-level controls under the hierarchical and/or functional a authority of the Accounting and Ratios Department including all monthly and quarterly controls that make these reports more reliable;

448

Natixis Registration Document 2018