NATIXIS -2020 Universal Registration Document

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

The mechanism is managed by Natixis’ Operational Risk Committee which determines the operational risk policy, monitors Natixis’ operational risk exposure and makes final decisions on hedging and reduction. It is the operational extensionof the executivebody and of which it has full decision-makingpowers for issues within its area of responsibility. This Committee meets quarterly and is attended by the finance department, the compliance department, ITSS-BC (information technology systems security and business continuity) and the General Inspection Department. It is chaired by the Chief Executive Officer, the chief risk officer (his substitute), with the Head of the Operational Risk Departmentacting as secretary. The standing members of the Operational Risk function, apart from the Head of the department, are the departments’ Heads of Operational Risk and the Data, Methods & Projects Officer. The Operational Risk Committees of the business lines and support functions are offshoots of Natixis’ Operational Risk Committee, which closely manages the operational risk exposure of each scope. These Committees are organized according to the function’s governancematrix (location and business lines). They are facilitated by the Head of the Operational Risk Department acting as Committee secretary. Each Committee is chaired by the Head or manager of the Scope (business line or support function, depending on the entity) with the participationof operationalmanagers, support function representatives and the dedicated compliance managers. The structure of the function mirrors the organization of: the divisions under the responsibility of the operational risk V managers; the foreign offices under the responsibility of the operational risk V managersof the Americas, EMEA and Asia-Pacificplatforms. They report hierarchically to the local chief risk officer, and functionally to the head of operational risk; the support and control functions under the responsibility of an V operational risk manager covering – in addition to the activities within his or her remit – overall and systematic operational risks (loss of access to premises or information systems, or loss of employee availability) to which Natixis is exposed.

The functionhas nearly 70 FTEsdedicatedto Natixis’ operational risk management. Within their designated scopes (subsidiary, business line or support function), they are responsible for instilling the operational risk culture, recording and analyzing incidents, mapping risks, proposing and following up corrective actions, compiling reports and escalating information to management. Analyses are carried out across the Bank where the support or control functions are involved, or where the processes have an impact on teams, whether in the front, middle or back office. This framework is managed using a single information system that has been deployedacross the Company’sentities, business lines and support functions in France and internationally. This internal tool is available in French and English and hosts all the components of the operational risk oversight system (incidents, mapping of quantified potential risks, risk management systems, key risk indicators, corrective actions, Committees, etc.). The accuracy of the information entered or approved by the operational risk managers is ensured through reconciliation with informationfrom other functions (accounting, compliance, legal, IT Systems Security, data quality, insurance, etc.). The capital requirementsfor operational risk are calculatedusing the standardized approach for all of Natixis’ operational divisions. For the purposes of managing its economic capital, Natixis uses an internal methodology to obtain an overall estimation of its level of exposure to operational risk by business line entity, geographic region and certainmajor risk situations. The methodologyrelies on a value at risk (VaR) calculation based on risk mapping, factoring in identified incidents for backtesting and known external losses.

3

149

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020