NATIXIS -2020 Universal Registration Document

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

The Compliance Department coordinates first-level permanent controls of compliance risks. In addition, it sets up and implements second-level permanent controls to ensure that procedures are applied within the business lines and that compliance risks are managed, as part of a risk-based approach (see 3.2.1 Natixis internal control system) . To this end, Compliance maps non-compliance risks. Lastly, it ensures that any dysfunctions noted by the businesses concerned are corrected. Governance The Compliance Department performs its duties independently of the operational departments. It reports to the Secretary General of Natixis, a member of the General Management Committee, who is responsible for permanent control declared to the ACPR (French Prudential Supervisory Authority for the banking and insurance sector). Natixis’ Head of Compliance is a member of the Executive Committee. The Compliance Department reports to the members of Natixis’ Senior Management Committee and the Board of Directors (Risk Committee) on the main risks detected, and on the implementation and effectiveness of the measures to address these risks. It participates in the preparation of various reports for theregulators. The compliance function applies the operating and reporting principles of Groupe BPCE. The operating rules of the Compliance Department are set out in a charter approved by Natixis’ Senior Management Committee. This charter, updated in 2020, constitutes the minimum framework to be applied by the entire sector. Global oversight Natixis organizes its control functions on a global basis in order to ensure that the internal control mechanismis consistent throughout the Company. This organizationaims to ensure compliancewith the principle of strict independence between, on the one hand, the operationaland functional units responsiblefor initiatingand validating transactions, and, on the other hand, the units that contrhoelm. The Natixis Compliance Department provides guidance, leadership and oversight to the compliancemanagers of the entities as part of its operations. This role is carried out through hierarchical reporting to Natixis, the parent company, and direct links to the branches and subsidiaries. The compliance function is deployed across all Natixis entities, whether or not the activities or entities are regulated, provided that the entities concerned are under sole or joint control. At least one Compliance Officer is appointed for each country in which Natixis operates. Tools The ComplianceDepartment is equippedwith a set of tools to cover all the areas within its remit, namely: operational analysis tools used in conjunction with KYC tools to V detect money laundering and internal fraud and prevent terrorist financing; data-comparison systems to verify client databases and screen V transactions to ensure compliance with embargoes; tools to track sensitive transactions, keep insider lists, manage V conflicts of interest and detect instances of market abuse; tools to ensure all permanent level 2 controls incumbent on the V compliance function.

Employees 3.2.8.2

and Professional Ethics

Conflicts of interest Conflicts of interest are prevented by: using risk maps to identify situations posing a risk of conflict of V interest; setting up and monitoring of information barriers; V checking compensation policies; V being compliant with the rules of good conduct applicable to V Natixis staff; and staff training. V Conflict of interest is managed through: compliance with the conflict of interest prevention framework; V cooperation among the business lines, Compliance and V Management in order to identify and manage conflicts oifnterest; close monitoring by Compliance with the help of a transactional V conflict detection tool; and an escalation process for mediating unresolved conflicts of V interest if needed. Whenever the risk of compromisinga customer’s interests becomes unavoidable in spite of the internal procedures in place, Natixis informs the customer of the nature of the conflict of interest before taking action on the customer’s behalf. This allows the customer to make an informed decision on whether to proceed with the transaction. Circulation of information Information barriers are put in place and reviewed each time the organizationalstructure changes in order to prevent the unwarranted circulation of confidential information. These barriers function as partitions between business lines and departments. They limit the circulation of information on a “need-to-know” basis, which means that information is transmitted only in the customer’s interest and only to employees who absolutely require the information to carry out their duties. These barriers may be organizational, physical or electronic and may be permanent or temporary. Natixis has set up a permanent information barrier separating its Asset Management business activities within Natixis Investment Managers from its other activities. Pursuant to regulations in force, the entry of sensitive transactions into a special tool that allows Compliance to rapidly identify issuers to be placed on the watchlist or on the prohibition list, as well as employees to be placed on the insider list. Market integrity In accordancewith the requirementsof the EU Regulationon market abuse, Natixis has set up a framework for detecting transactions likely to constitute market abuse. This framework is incorporated within its internal control system. Alerts are processed and potential cases of market abuse are analyzed by a surveillance tool and dedicated teams. Transactions that could constitute market abuse are reported to the Autorité des Marchés Financiers (AMF – French Financial Markets Authority) or to local regulators, in accordance with the regulations in force.

3

161

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020