NATIXIS // 2021 Universal Registration Document

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

carried out with all Natixis Risk division teams in close collaboration with the business lines and the ESR teams; three regional departments operating in the geographic areas of V the platforms (Americas, Asia-Pacific and EMEA [Europe, Middle East, Africa]); three departments dedicated to Asset & Wealth Management, V Insurance and Payments; a dedicated IT department. V The risk management function steers the risk appetite framework, recommends risk policies consistent with those of Groupe BPCE to Senior Management for approval, and makes proposals to the executive body on principles and rules in the following areas: risk-taking decision procedures; V the delegation framework; V risk measurement; V risk oversight. V It also independentlyvalidatesmodels as part of its wider risk model management framework. It plays an essential role within the Committee structure, the highest-level of which is Natixis’ Global Risks Committee, which meets once per quarter. In addition, it regularly reports on its work, submitting its analyses and findings to Natixis’ executive officers, to Natixis’ supervisory body, and to Groupe BPCE. A dedicated function generates a consolidated risk overview using a scorecard that indicates the various risks (credit, market, liquidity, operational, modeling, etc.). To fulfill these responsibilities, the Risk division uses an IT system tailored to the activities of Natixis’ businesses, applying its modeling and quantification methods for each type of risk. The managementand monitoringof Natixis’ structural balance sheet risks are under the authority of the Asset/Liability Management Committee (or “ALM Committee”).The ALM Committee’smonitoring scope includes overall interest rate risk, liquidity risk, structural foreign exchange risk and leverage risk. The Compliancefunction oversees the compliancerisk management system of Natixis S.A. and of its French and international branches and subsidiaries. It is also in charge of fraud risk prevention, information systems security, and business continuity. Its operating rules are governed by a charter signed off by the Senior Management Committee. The Compliance function’s preventative actions – advice, raising awareness and training – are a key driver to improving Natixis’ management of compliance risk.

Organization 3.2.3.2 (Data certifiedby the Statutory Auditors in accordance with IFRS 7) Risk management governance is a structured organization involving all levels of the bank: the Board of Directors and its Special Committees V (Risk Committee, Audit Committee, etc.); the executive officers and the Special Risk Committees they chair V within the bank; central departments, independent of the business lines; V the business lines (Asset & Wealth Management, Corporate & V Investment Banking, Insurance, and Payments). Risk culture 3.2.3.3 Natixis is defined by its strong risk culture at every level of the organization. The risk culture is central to the risk function’s guiding principles, as set out in the Risk Charter. The risk culture framework is based on two main pillars: harmonizing best practices within the bank by deploying a V compendium of risk policies, standards and procedures covering all the bank’s major risks (credit, market, operational and model) and outlining the bank’s strategic vision and risk appetite; deploying a three-pillar strategy in respect of the bank’s risk V culture: a focus on awareness-raising and communication with a V reinforcement of the digital communication of the sector (Risk in Mind digital magazine, Risk Meeting Point newsletter, reinforcement of the Risk division’s presence on the internal social network, deployment of Risk in Mind, Sharepoint) and the implementation of “lessons learned” sessions aimed at disseminating knowledge of past incidents and sharing lessons learned. In addition, the visual identity of the Risk division has been reviewed and modernized to increase the penetration of risk culture awareness messages, a focus on training aspects with, in addition to mandatory V e-learning, the promotionof training for all employeeson specific topics related in particular to changes in regulations, and onboarding sessions for newcomers, a “career path” pillar incorporating “risk culture” as a recruitment V criterion, the introduction of cross-over business/risk pathways and the inclusion of “risk culture” as an employee appraisal criterion. The Code of Conduct adopted by Natixis in December 2020 is another effective means of inculcating the risk culture, as it defines the rules of conduct applicable to all employees, and encourages greater involvement and accountability.Four guiding principles serve as the building blocks of Natixis’ DNA and are adapted to each profession and function. The rules fall into the following themes: being client-centric; V behaving ethically; V acting responsibly towards society; V protecting Natixis’ and Groupe BPCE’s assets and reputation. V

3

117

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2021