NATIXIS -2020 Universal Registration Document

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

Lastly, Natixis’ General Inspection Department collaborated with its BPCE counterpart on a number of projects and assignments. The two departments held six meetings in 2020. These meetings provided a forum for addressingmatters related to audit plans and practices, as well as matters related to risk assessment and assignment evaluation (Joint General Inspection Coordination Committee). and management system Risk management system 3.2.2.1 Natixis’ risk management is based on independent control functions, each addressing the risks falling within their scope of oversight. The risk management function, carried out by the risk division, is structured as an independent and global matrix that covers all scopes and related geographic areas. In 2020, the risk management function was slightly adjusted to better support Natixis’ transformation and its target operating model. It is now organized around four main areas: six cross-functional departments (Credit Risk, Market Risk, V Operational Risk, Structural Balance Sheet Risk, Enterprise Risk Management and Model Risk & Risk Governance) covering their specific risks, with Enterprise Risk Management dedicated to risk model development and risk and regulatory project management activities and the newly created Structural Balance Sheet Risk (SBSR) aimed at structural balance sheet risks operations, thereby including a number of tasks that were initially carried out by the MARPL (Market Activities Risks, P&L and Liquidity) Department, known as Market Risk since 2020; three regional departments operating in the geographic areas of V the platforms (Americas, Asia-Pacific and EMEA [Europe, Middle East, Africa]); three departments dedicated to Asset & Wealth Management, V Insurance and Payments; a dedicated IT department. V The risk management function steers the risk appetite framework, recommends risk policies consistent with those of Groupe BPCE to senior management for approval, and makes proposals to the executive body on principles and rules in the following areas: risk-taking decision procedures; V delegation framework; V risk measurement; V risk oversight. V It also independently validates models as part of its wider rismk odel management framework. It plays an essential role within the Committee structure, the highest-level of which is Natixis’ Global Risks Committee, which meets once per quarter. Risk governance 3.2.2

In addition, it regularly reports on its work, submitting its analyses and findings to Natixis’ executive managers, to Natixis’ supervisory body, and to Groupe BPCE. A dedicated function generates a consolidated risk overview using a scorecard that indicates the various risks (credit, market, liquidity, operational, modeling, etc.). To fulfill these responsibilities, the risk division uses an IT system tailored to the activities of Natixis’ core businesses, applying its modeling and quantification methods for each type of risk. The management and monitoring of Natixis’ structural balance sheet risks are under the authority of the Asset/Liability Management Committee (or “ALM Committee”). The ALM Committee’s monitoring scope includes overall interest rate risk, liquidity risk, structural foreign exchange risk and leveragreisk. The Compliance function oversees the non-compliance risk management system of Natixis S.A. and of its French and international branches and subsidiaries. It is also in charge of fraud risk prevention, information systems security, and business continuity. Its operating rules are governedby a charter signed off by the Senior Management Committee. The Compliance Function’s preventative actions – advice, raising awareness and training – are a key driver to improving Natixis’ management of compliance risk. Organization 3.2.2.2 (Data certified by the Statutory Auditors in accordance withIFRS 7) Risk managementgovernance is a structuredorganization involving all levels of the bank: the Board of Directors and its special Committees V (Risk Committee, Audit Committee, etc.); the executive managers and the special Risk Committees they V chair within the bank; the central divisions, independent of the businesses; V the business lines (Asset & Wealth Management, Corporate & V Investment Banking, Insurance, and Payments). Risk culture 3.2.2.3 Natixis is defined by its strong risk culture at every level of the organization. The risk culture is central to the risk function’s guiding principles, as set out in the Risk Charter. Its priorities are twofold: harmonizing best practices within the bank by deploying a V compendiumof risk policies, standards and procedures covering all the bank’s major risks (credit, market, operational and model) and outline the bank’s strategic vision and risk appetite; deploying a three-pillar strategy in respect of the bank’s risk V culture: a first pillar seeking to raise awareness and inform, by V strengthening the division’s digital communications (Risk in Mind digital magazine, strengthened presence of the risk function on Yammer, etc.) and implementation of “Lessons learned” sessions, the aim being to learn from past incidents and share the lessons learned,

124

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020