NATIXIS -2020 Universal Registration Document

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

operational risk , due to its nature, is present across all the bank’s V business lines and functions. It is managed through a system, which has been rolled out across the business lines and geographic regions, using a shared data collection tool to map risks on an annual basis and provide feedback on losses and incidents, in collaboration with the other control functions, which enables to implement corrective and preventive action plans accordingly; As a rule, Natixis has no particular appetite for operational risk and manages it very closely; Natixis is exposed to non-compliancerisks in respect of banking V and financial regulations,which it is committed to control through the implementation of a Code of Conduct and strict compliance with the laws, regulationsand standardsgoverning its activities, in France and internationally, in the realm of financial security, ethics and client protection; Natixis’ most important asset is its reputation and its relationship V with its clients. Clients’ interests are therefore put first and the bank – irrespective of the business activity, entity or geographic region – is dedicated to operating at the highest level of ethical standards, and in line with the best transaction execution and security. This risk arising from the existence of other “direct” risks such as financial, legal or operational risks is closely using indicators that combine an ex-ante/ex-post approach; model risk concerns both internal models within the meaning of V Directive 2013/36/EU (CRD IV) and all other models by the bank (including those used for the valuation of financial products) within the meaning of the definition of a model under Directive SR 11-7 of the Board of Governorsof the Federal Reserve System. It mainly concerns the Corporate & Investment Banking market activities and is subject to specific governance and monitoring through ad hoc indicators; Natixis brings together the risks related to Insurance activities V (Natixis Assurances), Asset Management (Natixis Investment Managers) and those related to Payments activities, under specific scopes. With regard to Insurance activities , the main risks incurred by the bank concern underwriting risk, in particular for non-life risks and market risks arising from the investmentsof insurance companies (interest rate risk, equity risk, spread risk, real estate risk and foreign currency risk). Risk Appetite Framework Each risk identified and considered material for the bank is monitored using an indicator and tolerance thresholds: a threshold setting the risk exposure allocated to each business V line; and a limit stating the maximum risk that, if exceeded, would pose a V risk to Natixis’ business continuity and/or stability (in terms of solvency, liquidity, results and reputation). Any breach of the tolerance thresholds (thresholds and limits) defined in the Risk Appetite Framework is subject to a notification and escalation procedure with executive managers and subsequently the supervisory body. This operational framework is applied by type of risk (credit and counterparty risk, market risk, structural balance-sheet risks, including liquidity risk and leverage risk, operational risk, solvency risk, etc.) and draws on Natixis’ pre-existing measuring and reporting systems.

It is regularly reviewed, consolidated and presented to the Senior Management Committee and the Board of Directors’ Risk Committee. The risk appetite framework forms part of Natixis’ main processes, especially regarding: risk identification:every year risks are mapped to give an overview V of the risks to which Natixis is or could be exposed (by business line and type of risk). With this approach it is possible to identify material risks, the indicators of which are included in the risk appetite framework; the budget process and overall stress tests. V In accordance with regulations concerning systemically important financial institutions, Groupe BPCE has drawn up a recovery prevention plan (PPR). Risk typology 3.2.2.5 (Data certified by the Statutory Auditors in accordance with IFRS 7) Natixis is exposed to a set of risks inherent to its activities, which may change, particularly as a result of regulatoryrequirements. Credit and counterparty risk Credit risk is the risk of financial loss due to a debtor’s inability to honor its contractual obligations. Assessing the probability of default and, in such cases, how much we can expect to recover is a key component of measuring credit quality. Credit risk increases in periods of economic uncertainty, insofar as such conditions may lead to a higher rate of default. Counterpartyrisk is the risk of exposure to a counterpartydefaulting on market transactions. Counterparty risk evolves as market parameters fluctuate. Natixis is exposed to these risks because of the transactions it executes with its customers (for example, loan activities, over-the-counter derivatives [swaps, options, etc.], and repurchase agreements). Securitization risk Securitizationsare transactionswhereby credit risk inherent to a set of exposures is housed in special-purpose entities (generally a special-purposeentity (SPE) or “conduit”), which is then divided into tranches, usually for the purpose of selling them to investors. The SPE issues units that may in some cases be subscribed for directly by investors, or by a multi-seller conduit which refinances the purchasesof its shares by issuing short-maturitynotes (treasury notes or commercial paper). Rating agencies assess the creditworthiness of available-for-sale units for investors. In general, securitizations have the following characteristics: they result in a material transfer of risk where the transaction is V originated by Natixis; payments made in the course of the transaction depend on the V performance of the underlying exposures; the subordination of tranches, defined by the transaction, V determines the distribution of losses over the term of the risk transfer.

126

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020