NATIXIS -2020 Universal Registration Document

5 FINANCIAL DATA

Internal control procedures relating to accounting and financial information

Permanent control system relating to accounting 5.5.2 and financial information

As part of its duties, and in keeping with the French Ministerial Order of November 3,2014 on internal control by companies in the banking sector and European supervision by the Single Supervisory Mechanism, Natixis’ General Inspection Department assesses the internal control procedures, with a particular focus on accounting and financial procedures, of all the consolidated entities, whether or not they have credit institution status. The fact that most subsidiaries have their own management and control functions means that internal control procedures are decentralized and are tailored to the organization of each of the consolidated entities, relying on a multi-tier accounting control process: a first line of defense, where first-level permanent and local V controls in operational business lines are integrated into the processing process and formalized in detailed work programs; a second line of defense overseen by each entity’s Financial or V Compliance or Risk Departments where permanent second-level controls, independent of operating processes, are performed to ensure the reliability of accounting and regulatory reporting processes and verify the existence and quality of the first-level controls; finally, a third line of defense, the last level of this system, devolved V to the General Inspection (Natixis or BPCE) in its role of periodic control. For accounting, permanent and periodic controls apply to the completion and/or monitoring of: for justifying accounts, accuracy and veracity checks, such as the V procedures for management/financial account reconciliation (on-balance-sheet outstandings and off-balance sheet commitments), reconciliation of cash accounts and checking and clearing of suspense items; consistency checks through analytical reviews; V checks to make sure income and expenses are allocated to the V correct period; verification that the presentation complies with accountingrules; V correct processing of specific transactions in line with the relevant V principles; verification of financial information (notes to the financial V statements, items of financial communication); adjustment of anomalies identified at the time of these controls as V well as the corresponding analyses and documentation. These controls are conducted using several accounting systems, whose number is being reduced, however, due to the integrationof a significant part of Natixis’ consolidated scope into the target financial information ecosystem.

For prudential and regulatory reporting, permanent and periodic controls apply to the completion and monitoring of: accuracy and veracity checks, such as the management/financial V account base reconciliation processes, as the management data used for preparing reports can come from various sources; controls of the traceability and completeness of data, throughout V the various reporting preparation processes; compliance and presentation controls in respect of the regulatory V requirements specific to each reporting process; quality controls of the data (in accordance with the BCBS 239 V program) needed to produce the reports and the quality of the attributes entered into the databases used, allowing the proper breakdown of accounting or management data; consistency checks between published reports, where possible V and relevant. For all these scopes, Natixis and its subsidiariescontinue to develop their accounting and financial control procedures and to equip themselves with reconciliation and control tools that contribute to the auditability of the processes, with the Finance Department supervising, supporting and monitoring the controls carried out within the subsidiaries. The accounting and financial reporting control system is primarily based on the following fundamental principles: separation of the accounting production and control functions; V homogenization of control procedures and programs within the V various business lines and entities of the Group: method, tool, feedback and timing of processes. It also draws on: the application of the principles defined by BPCE, which specify in V particular the scopes subject to a two-level control process and which provide for centralizedmanagementwithin the Finance, Risk or ComplianceDepartments,operatedby a dedicated function (e.g. permanent financial supervision-LOD2); the implementation of an approach to manage and supervise the V LOD2 financial control teams, in a sector-based approach; two types of tasks. The first is operational and consists of V performing and reviewing first-level controls, as well as any additional second-level controls (for closing periods or as part of periodic assignments). The second is organizational and involves overseeing and adapting the system; formalizeddocumentationas part of the “Accountingand financial V information quality control framework” drawn up by Groupe BPCE. This includes procedures that describe in detail the organizationof the system; risk mapping showing the nature, frequency of occurrence and V responsibilities by level of control across all scopes (accounting and regulatory) and showing the risks covered by each control (accounting and regulatory audit assertions, BCBS 239 assertions and assertions related to the law on the fight againsctorruption); a risk-based approach, enabling the permanent financial control V teams to guide and determine the frequency of their controls with regard to the quality of the internal control processes.

456

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020