NATIXIS -2020 Universal Registration Document

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk factors

During the COVID-19 health crisis, credit spreads reflecting issuer creditworthinessunderwent significant changes. After widening very rapidly in early March, indicating the deterioration of the perception of issuers’ credit quality, credit spreads gradually narrowed from the end of May, albeit not to pre-crisis levels. Given the quality of assets held as part of its liquid asset buffers, the fair value variations of shares were mostly contained, and remained in compliancewith the risk appetite Natixis set for itself for this kind of risk. The resurgence of a crisis (especially the COVID-19crisis) could cause credit spreads to deteriorate further. At 31/12/2020, the credit risk of securitiesheld as part of the liquidity reserve has not increased significantly. Non-financial risks Should Natixis fail to comply with applicable laws and regulations, it could be exposed to heavy fines and other administrative and criminal sanctions likely to have a material adverse effect on its financial position, business and reputation Non-compliancerisk is defined as the risk of legal, administrativeor disciplinary sanctions, but also of financial loss or reputational damage, resulting from a failure to comply with the legislative and regulatory provisions, Codes of Conduct and standards of good practice specific to banking and Insurance activities, whether national or international. The banking and insurancesectors are subject to sectoral regulation, both in France and internationally, aimed in particular at regulating the financial markets and relations between investment service providers and clients or investors. These regulations have major impacts on the Company’s operational processes. In addition, the banking and insurance sector is also subject to dedicated supervision by the competent French and supranationaluthorities. Non-compliance risk includes, for example, the use of inappropriate means to promote and market the bank’s products and services, inadequatemanagement of potential conflicts of interest, disclosure of confidential or privileged information, or failure to comply with new client or supplier due diligence procedures, particularly with respect to financial security (including anti-money laundering and counter terrorist financing, compliance with embargoes, anti-fraud and corruption). Natixis’ compliancedepartmentoversees compliancerisk prevention and mitigation (see section 3.2.8 of this universal registration document) . Natixis nevertheless remains exposed to the risk of fines or other major sanctions imposed by regulatory and supervisory authorities, as well as civil or criminal legal proceedings that could have a material adverse effect on its financial position, business and reputation.

In the course of business, Natixis is exposed to employee or third-party actions and behaviors

that are unethical or violate laws and regulations, and that could damage its reputation and expose it to sanctions

Applicable to all Natixis employees, Natixis’ Code of Conduct formalizes the general principles of conduct in force at Natixis, and establishesguidelines for all employees regardingexpectedbehavior when carrying out their duties and responsibilities. Any person working at Natixis, or at an entity at least 50%-owned by Natixis, must comply with the Code of Conduct, whether working on a permanent or temporary basis. This requirement is in addition to commitments to comply with applicable internal rules, and with national and international laws and regulations. Natixis also requires its suppliers and contractors to comply with the key principles of the Code of Conduct. To implement the Code of Conduct on a day-to-day basis, Natixis has established a conduct framework with its own Committee (the Global Culture and Conduct Committee) and training program. For a detailed description of the Code of Conduct and the conduct framework, see section 6.2 of this 2020 universal registration document. But even with the adoption of a Code of Conduct and the creation of a conduct framework, Natixis is exposed to potential actions or behaviorsby employees, suppliers and contractors that are unethical or not in clients’ interest, that do not comply with the laws and regulations on corruption or fraud, or that do not meet financial security or market integrity requirements. Such actions or behaviors could have negative consequences for Natixis, damage its reputation or shareholder value, and expose Natixis, its employees or stakeholders to criminal, administrative or civil sanctions likely to adversely affect its financial position and business. An operational failure, or an interruption or failure of Natixis’ third-party partners’ information systems, or a breach of Natixis’ information systems could result in losses or reputational damage Natixis is exposed to several types of operational risks, including process and procedural weaknesses, acts of fraud (both internal and external), system failures or unavailability, as well and cybercrime, and an operational failure related to a health risk. Like most of its competitors, Natixis is highly dependent on its communication and information systems, as its activities require it to process a large number of increasingly complex transactions. Although Natixis has made data transmission quality a priority, any breakdown, interruption or failure of these communication and information systems could result in errors or interruptions to the systems it uses for customer relationshipmanagement, the general ledger, deposit and loan processing transactions, and/or risk management. To the extent that interconnectivity increases, Natixis is exposed to the risk of a breakdown or operational failure of its clearing agents, foreign exchange markets, clearing houses, custodians or other financial intermediaries or external service providers. Like the other control functions, the Operational risk function contributes to the assessment of risks borne by suppliers as part of the Group’s compliance programwith EBA regulations on outsourcing.

114

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020