NATIXIS - 2018 Registration document and annual financial report

2 CORPORATE GOVERNANCE

Management and oversight of corporate governance

Within a reasonable amount of time before a Committee meeting, a digital file containing the items on the agenda is sent to each director via the secure DiliTrust electronic platform for review and analysis in preparation for the meeting.

C – Work of the Risk Committee in 2018 The Risk Committee met seven times in fiscal year 2018. The attendance rate was 87% for the year as a whole. Each director’s individual attendance rate for Risk Committee meetings is provided in Section 2.2 of this chapter (see directors’ individual fact sheets) .

In 2018, the Risk Committee’s duties focused on the following items in particular:

Risk management

Review of the monthly consolidated risk monitoring dashboard (regular updates on credit, market liquidity a and operational risks and insurance risk) Review of the provisions of the French Ministerial Order of November 3, 2014, and of the Risk Appetite a Framework (RAF) indicators Follow-up on the ECB's market and credit TRIM (Targeted Review of Internal Models) a Risk Appetite Framework and update of limits a Adjustment of the Risk Appetite Framework a Review of risk model governance a Follow-up on the risks of the Leverage Lending business a Follow-up on internal stress tests a Presentation of the final results of the 2018 internal stress tests and progress made on the 2019 internal a stress tests Follow-up on the ICAAP (Internal Capital Adequacy Assessment Process) a Follow-up on overall interest rate risk measurement —IRRBB (Interest Rate Risk on Banking Book) a Liquidity follow-up: Annual analysis of contingency plans, particularly in light of the results of the alternative a scenarios regarding liquidity positions and risk mitigation factors / review of ALM standards Evaluation of the effectiveness of the internal control framework and the procedures in place (risk view) a Summary of major changes to risk policies a FRTB project a Basel 3 follow-up a Review of the VaR limits and alert threshold and of the operational risk indicators defined as part of the RAF a Review of whether the product and service prices offered to clients are in line with Natixis’ risk strategy. a Follow-up on Equity Derivatives in Asia a Follow-up on current and future risks related to the macroeconomic and geographic environment a Reorganization of the Risk division a Review of assignments conducted by Natixis Internal Audit and BPCE Inspection Générale during the fiscal a year Monitoring of the implementation of recommendations made by Natixis Internal Audit and BPCE Inspection a Générale Monitoring of compliance risks / Compliance control activity and results a General Data Protection Regulation (GDPR) a Follow-up on cybersecurity a Update to the Compliance Department Charter a Evaluation of the effectiveness of the internal control framework and the procedures in place (compliance a view) Review of the MiFID 2 complaint management procedure a Review of the business continuity mechanism a Presentation of the latest developments a Check that the compensation policy is compatible with the risks a Presentation of the AMF’s follow-up letter to Natixis and the response by Natixis to that letter a Presentation of the internal control report (formerly CRBF- 97-02) a Validation of the update to Natixis’ 2018 internal audit charter a Presentation of the proposed audit program for 2018 a Presentation of the Natixis Internal Audit Department's budget a

Internal control

Compliance

Other items

the review and monitoring of the US Chief Risk Officer’s a priorities for 2018; the examination and approval of the frameworks that define a what to do in a major crisis, such as the Emergency Financing Plan or the US Resolution Plan; the periodic review of changes to the business and risks of the a US platform, including compliance risks;

Over the 2018 fiscal year, the US Risk Committee worked on the following: the review and annual approval of the documents formally a setting out the risk management and governance systems: review of the Committee’s charter, updating of Enterprise Risk Management, definition of the Risk Appetite Framework, the compliance risk mitigation system;

80

Natixis Registration Document 2018