NATIXIS - 2018 Registration document and annual financial report

CORPORATE GOVERNANCE Management and oversight of corporate governance

Risk Committee 2.3.2.2 A – Organization In 2018, the Risk Committee had five members. At March 1, 2019 these members were:

counterparty risks, prepared at the behest of the Company’s CEO; monitoring the effectiveness of the internal control and risk a management systems; assisting the Board of Directors in determining guidelines and a verifying that the executive managers have properly implemented the supervisory mechanisms, especially in terms of the separation of duties and the prevention of conflicts of interest, that ensure the Company is effectively and prudently managed; reviewing, pursuant to its remit, whether the prices of a products and services proposed to clients are compatible with Natixis’ risk strategy. If these prices do not correctly reflect the risks, the Committee presents the Board of Directors with an action plan to remedy the situation; reviewing, without prejudice to the responsibilities of the a Compensation Committee, whether the incentives set out by Natixis’ compensation policy and practices are compatible with this latter’s situation with regard to the risks to which it is exposed, its capital, its liquidity and the probability and scheduling of the expected benefits; assisting the Board of Directors in reviewing the a aforementioned governance mechanism, assessing its effectiveness and ensuring that corrective measures have been taken to remedy any shortcomings; regularly examining the strategies and policies governing the a taking, management, monitoring and reduction of the risks to which Natixis is or could be exposed, including risks created by the economic environment. To that end, at least once a year the Risk Committee analyzes the documents used to define and monitor Natixis’ risk appetite, namely the Risk Appetite Statement and the Risk Appetite Framework. The Risk Committee studies all limit changes that took place between two annual reviews, including changes to industry-based limits; examining compliance risk monitoring-related items at least a once a year, pursuant to Article 253 of the French Ministerial Order of November 3, 2014 on internal control of banking sector businesses, payment services, and investment services; giving its opinion on the appointment or dismissal of the Head a of Internal Audit at Natixis; ensuring that the findings of assignments carried out by the a Internal Audit Department and by regulatory and supervisory authorities (specifically the Autorité de Contrôle Prudentiel et de Résolution, ACPR—French Prudential Supervisory Authority for the Banking and Insurance Sector) are followed up on; to that end, a summary of Internal Audit Department reports on Natixis and its subsidiaries is prepared for the Risk Committee, which also receives all reports from the regulatory and supervisory authorities (specifically the ACPR) on Natixis and its subsidiaries; addressing Natixis’ annual internal audit program, including a audits of subsidiaries, with this program being presented to the Committee at least one week prior to its approval. At the proposal of the Chairman, the Risk Committee may, if deemed appropriate by the Committee and after consulting the Chairman of the Board of Directors, invite to its meetings any Natixis manager (including managers of one of the main subsidiaries or the Chairman of its Risk Committee) who is able to shed light on issues handled by the Risk Committee. It can also invite the Chief Financial Officer, the Chief Risk Officer, the Corporate Secretary, the Natixis Head of Internal Audit, the BPCE Head of Inspection Générale, and Natixis’ Statutory Auditors. The Chief Risk Officer, the Compliance Officer, and the Natixis Head of Internal Audit have permanent direct access to the Risk Committee.

2

Bernard Oppetit

Chairman Member

Catherine Halberstadt (position previously held by Marguerite Bérard-Andrieu until January 1, 2018) Nicole Etchegoïnberry (position previously held by Stéphanie Paix until November 12, 2018)

Member

Catherine Pariset

Member Member

Christophe Pinault (position previously held by Alain Denizot until December 20, 2018)

Two of the five members are independent members (Catherine Pariset and Bernard Oppetit). Note that the opinions and recommendations of the Risk Committee are adopted if the majority of members present, including the Chairman, vote for them. The Chairman and the members of the Risk Committee have an enhanced understanding of Natixis’ risk management and internal control as a result of their extensive expertise gained over the course of their professional careers. Changes made to the Risk Committee in 2018 and since January 1, 2019:

Director

Capacity

Date of change Replaced by

Marguerite Bérard-Andrieu

Member, BPCE Permanent Representative

01/01/2018 Catherine Halberstadt

Alain Denizot

Member

20/12/2018 Christophe Pinault

Stéphanie Paix Member

20/12/2018 Nicole

Etchegoïnberry

Over the course of the 2018 fiscal year, and in compliance with the US Dodd-Frank Act, the US Risk Committee met four times. On December 6 and 7, 2018, the US Risk Committee met in New York so that Committee members could be in closer contact with the local teams. The US Risk Committee's membership is the same as the Risk Committee. It is tasked with monitoring the management of risks related to Combined US Operations. B – Role and powers Natixis’ Risk Committee has internal rules specifying its powers and its operating procedures, the latest version of which was approved by the Board of Directors on November 7, 2017. Under the authority of the Natixis Board of Directors, the Risk Committee’s primary duties are: advising the Board of Directors on the bank’s overall strategy a and risk appetite, both current and future; assisting the Board of Directors when it checks the a implementation of that strategy by the executive managers and by the Head of Risk Management; issuing an opinion on the procedures established by Natixis a that are used to ensure compliance with regulations as well as risk monitoring and control; to that end, it receives the reports of Natixis’ Risk Committees and those of its subsidiaries, as well as the reports on risks, specifically operational, market or

79

Natixis Registration Document 2018