NATIXIS -2020 Universal Registration Document

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

Combined “Global Banking (Damage to Valuables & Fraud) ” & A/ “Professional Civil Liability” policy with a total maximum payout of €215.5 million per year of insurance including: €72.5 million per year, combined “Fraud/Professional Civil a) Liability” insurance available, subordinate to the amounts guaranteed set out in b) and/or c) and/or d) below; €48 million per claim and per year, solely reserved for b) “Global Banking” risk; €25 million per claim and per year, solely reserved for c) “Professional Civil Liability” risk; €70 million per claim and per year, combined “Global d) Banking/Professional Civil Liability” insurance available in addition to or after use of the amounts guaranteed set out in b) and/or c) above. The maximumamount that can be paid out for any one claim under this arrangement is €118.5 million under “Professional Civil Liability” coverage and €119 million under “Fraud” coverage in excess of the applicable deductibles. “Regulated Intermediation Civil Liability” (in three areas: B/ Financial Intermediation, Insurance Intermediation, Real Estate Transactions/Management ) with a total maximum payout of €10 million per claim and per year. “Operating Civil Liability” covering €100 million per claim, as C/ well as a “Subsidiary Owner Civil Liability”/“Post Delivery-ReceptionCivil Liability” coverage extension for up to €35 million per claim and per year of insurance. “Company Directors Civil Liability” for up to €200 million per D/ claim and per year of insurance. “Property Damage to Offices and to their content” (including IT E/ equipment) and the consecutive “losses in banking activities”, for up to €400 million per claim. “Protection of Digital Assets against Cyber-Risks” & the F/ consecutive “losses in banking activities”, for up to €140 million per claim and per year of insurance. This coverage extends worldwide for initial risk or umbrella risk, subject to certain exceptions, mainly in terms of “Professional Civil Liability” where the policy does not cover permanent institutions based in the United States (where coverage is obtained locally by Natixis’ US operations) . All the insurance policies mentioned above were taken out with reputable, creditworthy insurance companies. All the insurance policiesmentionedabove are purchasedwith deductibles (accepted retention level) in accordance with Natixis’ retentioncapacity.

Measures to reduce risk Natixis has implemented measures in every business line and support function to monitor the corrective actions to reduce the Bank’s exposure to operational risks. 70% of the 431 corrective actions initiated in 2020 were implementedby the business lines in charge and are monitored by the business line and central Operational Risk Committees. These actions, defined to reduce and resolve operational risk, are ranked according to three priority levels depending on the risks incurred. An alert system has been set up to prompt assessment by the Natixis Operational Risks Committee of any delays in implementing first-level corrective actions. Risk profile 3.2.6.4 In 2020, a risk analysis was performed on all of Natixis’ business lines and support and control functions. Verifying consistency with the results from General Inspections and the results of permanent controls highlighted the most important risks for each scope and helped prioritize correctivemeasures to be implemented in order to improve the risk management mechanism. The Corporate & Investment Banking and Asset & Wealth Management business lines represent the majority of risks under review owing to the extensive nature of the division’s activities and operations in both France and internationally. Natixis’ risk profile features two main risk categories in terms of high potential impact: business line risk, concentrated under Corporate & Investment Banking, and cross-functional risk (technology including cyber, regulatory or legal) to which the Company as a whole is exposed. Tailored risk management mechanisms have been introduced to cover these risks, including the safeguarding of procedures and controls, raising employee awareness, Business Continuity Plans, IT Systems Security and insurance policies. Operational risk insurance 3.2.6.5 Reporting to the Natixis Insurance division, the Groupe BPCE Corporate Insurance Department is responsible for: analyzing insurable operational risks; and V taking out appropriate insurance coverage (direct insurance V and/or transfer). Natixis and its subsidiaries benefit from the guarantees provided in the following main insurance programs: covering its insurable operational risks; and V which are pooled with Groupe BPCE. V

152

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020