NATIXIS -2020 Universal Registration Document

2020 NON-FINANCIAL PERFORMANCE REPORT Business ethics and safety

Business ethics and safety 6.3

In terms of information systems security, Natixis has a specific departmentattached to the ComplianceDepartment, the Information Systems Security and Business ContinuityDepartment (ITSS-BC). To prevent the risk of cybercrime,which is a priority given the increasing sophistication of cyber-attacks, the ISS-BC Department has set up two lines of defense, shared between the IT Department and the ISS-BC Department, as well as a risk mapping, an extensive ISS awarenessprogramfor all employees. For more information, refer to Chapter [3.2.8.5] “Non-compliance risks - Technological risks”. Representation of interests In 2018, Natixis adopted the Charter for Responsible Lobbying and Advocacy Activities with respect to Governmental Bodies and Officials, which is available on its website : (https://www.natixis.com /natixis/en/our-code-of-conduct-rep_95743.html). With this charter, Natixis ensures the integrity and probity of its lobbying activities in compliance with its Code of Conduct and applicable laws, rules and regulations. It applies to all entities controlled by Natixis and to their employees. It covers lobbying and advocacy activities, which are coordinated by Natixis’ Public Affairs Department and its parent company, BPCE. Natixis believes that dialog and respectful discussionof diverging interests are necessary to ensure the correct functioning of the democratic process. To this end, it engages in dialogue with public and government officials on proposed legislativeand regulatory requirementsthat impact Natixis’ business as well as its ability to serve its clients. Natixis is registered with the competent European and national authorities and undertakes to observe the applicable Codes of Conduct. It has been included in the EuropeanTransparencyRegister since 2017 and is also registered in the French public register of lobbyistswith the High Authority for Transparency in Public Life. The coordination of interest representation issues is monitored by a dedicated team within the Corporate Secretary’s Office, Public Affairs. This year, the major cross-cutting issues that have largely occupied public affairs concerned green finance, in close collaboration with the Group. This year, the public affairs team responded to 13 consultations on this issue on behalf of the Group. Natixis implements control systems to ensure that its transactions comply with tax laws and regulations. All new products and new activitiesmust be approvedwith regard to these laws and regulations. In addition, Natixis reports transparently on its organizational structure and operations, and discloses its revenues and the correspondingtaxes on a country-by-countrybasis for greater clarity on the determiningfactors of its tax expense. It has also adopted the UK HM Revenue & Customs Code of Practice on Taxation for Banks. Combating tax avoidance

Protection of customers and investors

Natixis places great importance on protecting customer’ interests and it regularly enhances its customer information, KYC and complaint handling process. The protection of customers and investors is an integral part of internal processes, particularly in the context of the review and validation of new products and new activities. For more information on these various topics, please refer to Chapter [3.2.8.3] “Non-compliance risks”. Fight against money laundering, terrorist financing and corruption Natixis is determined to act with integrity and in compliancewith its regulatory obligations in the fight against corruption, money laundering and the financing of terrorism. The Financial Security Department reports to the Compliance Department and manages the anti-money laundering and counter-terrorist financing (AML-CTF), corruption and fraud prevention framework , and ensures that Natixis and its branches and subsidiaries comply with financial sanctions and embargoes. In accordance with the regulations, Natixis (like the other entities of the BPCE Group) has the means to detect atypical transactions adapted to their risk classification,making it possible to carry out, if necessary, the strengthened examinations and the necessary declarations to Tracfin (treatment and action against illegal financial circuits) in the shortest possible time. The Group’s risk classification includes the issue of “at-risk” countries, whether in terms of money laundering, terrorism, tax fraud or corruption. With regard to corruption, Natixis has a corruption prevention program whose main rules and procedures are set out in the Anti-corruption policy , applicable to all its entities and employees and available on the website (https://www.natixis.com/upload/ docs/application/pdf/2020-08/politique_anti-corruption_natixis.pdf/) . For more information on these various topics, please refer to Chapter [3.2.8.4] “Non-compliance risks - Financial security”. Cyber risks The risks of interruptionor operational failure of Natixis ‘or third-party information systems or breaches of Natixis’ information systems due to fraudulent activities are recognized as material risks that could have a significant impact on the financial trajectory, strategic or reputational of Natixis.

6

471

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020