NATIXIS -2020 Universal Registration Document

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

a pillar focused on training with, in addition to mandatory V e-learning modules, efforts to promote the training of all employees in specific subjects, notably relating to regulatory changes, onboarding sessions for new colleagues and a “discovery” program to give insight into the business lines and control functions, a “career path” pillar incorporating“risk culture” as a recruitment V criterion, the introduction of cross-over business/risk pathways and the inclusion of “risk culture” as an employee appraisal criterion. Initiatives aimed at inculcating the risk culture are run throughout the year. 2020 was marked by the first edition of the Risk Meeting Point newsletter and by the overhaul of the risk intranet tool, which was replaced by a sharepoint aimed at increasing and facilitating access to risk-related information through more interactive environment. The Code of Conduct adopted by Natixis in December 2017 is another effective means of inculcating the risk culture, as it defines the rules of conduct applicable to all employees, and encourages greater involvement and accountability. Four guiding principles serve as the building blocks of Natixis’ DNA and are adapted to each profession and function. The rules fall into protecting Natixis’ and Groupe BPCE’s assets and reputation. V An e-learning module was made mandatory for all employees and was rolled out after adapting the performance indicators and dashboards to each entity. An analysis was then presented at Conduct Committee Meetings held for each entity. They are four-party Committees that bring together the business line, human resources, compliance and the risk division. Lastly, Natixis’ compensation policy is structured in a way that encourages the long-term commitment of the Company’s employees while ensuring appropriate risk management. Risk appetite 3.2.2.4 (Data certified by the Statutory Auditors in accordance with IFRS 7) Natixis’ risk appetite is defined as the nature and the degree of risk that the bank is willing to take within the bounds of its business model and strategy. It is consistent with Natixis’ strategic plan, budget process and business activities, and falls within Groupe BPCE’s general framework on risk appetite which is based on two items: the Risk Appetite Statement (RAS), which sets out, in 1. qualitative and quantitative terms, the risks that the Bank is prepared to take based on its business model; the Risk Appetite Framework (RAF), which describes the 2. interface between the organization’s key processes and the implementation of the governance that puts the RAS into action. Risk appetite is reviewed annually by senior management and approved by the Board of Directors after consultation by the Risk Committee. the following themes: being client-centric; V behaving ethically; V acting responsibly towards society; V

Risk Appetite Statement Natixis’ risk appetite principles result from the selection and control of the types of risks that the Bank is prepared to take in pursuit of its business model. They ensure consistency between Natixis’ overarching strategic guidelines and its capacity to managreisks. The businessmodel developedby Natixis is based on its recognized areas of expertise (corporate financing, capital market activities, Asset & Wealth Management, Insurance and Payments), in response to the needs of its clients and those of Groupe BPCE. The Bank seeks sustainable and consistent profitability in balance with its consumption of scarce resources (capital, liquidity, balance sheet). It declines any engagement with activities that it does not master. Activities with high risk/profitability ratios are subject to strict selection and oversight.Market risk management in particular has a highly selective investmentapproach, coupledwith limited tolerance for extreme risk, and very close monitoring. Natixis incurs risks that are intrinsic to its Corporate & Investment Banking, Asset & Wealth Management, Insurance and Payments business activities: credit risk generated by Corporate & Investment Banking is V managed under specific risk policies adapted by business and subsidiary, concentration limits defined by counterparty, country (mature and emerging), sector, and through extensive portfolio monitoring with stress tests and segment reviews. The system allows for the selective management of issuance commitments through independent analyses (business lines/risk function) conducted by the various Credit Committees; the bank’s market activities – which aim to meet the needs of its V clients and exclude all forms of proprietary trading – incur market risk . The market risk supported thereby is managed according to a body of risk policies and specific qualitative and quantitative indicators (e.g. list of authorized instruments, VaR measurement, stress tests, sensitivity); leverage risk and liquidity risk are monitored by financial V management and are subject to specific oversight by senior management within a dedicated governance body (ALM Committee every two months). These two risks require setting specific objectives for managing scarce resources using a dedicated framework and management objectives for leverage required for business lines. In addition, liquidity risk is monitored in collaborationwith BPCE, the “ultimate lender” for affiliates and responsible for MLT issues of public “vanilla” funding transactions. Within structural balance sheet risks, Natixis is exposed to credit spread risk; the bank’s solvency trajectory is set by senior management and V overseenby the accountingand ratios department,which sets the target levels of capital and regulatory capital requirements. This trajectory takes into account changes in the bank’s scope and activity, methodological changes, particularly with regard to regulatory capital requirements, as well as debt issuance or equity;

3

125

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020