NATIXIS // 2021 Universal Registration Document

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

ensure compliance with the limits and take all necessary specific V actions via the Credit Risk Limits Supervisory Committee; decide on the monitoring of counterparties and their level of V provisioning, carry out enhanced monitoring of these counterparties via the Watchlist and Provisions Committee; validate the fair value measurement of overholding transactions V following the unfinished distribution process according to IFRS rules and the ECB guidelines via the Fair Market Valuation Committee; record credit risk decisions on matters not relating to individual V counterparties within the framework of the Natixis Credit Risk Committee; validate sector, country and sovereign ratings, recommending the V probabilities attached to IFRS 9 scenarios, presenting and validating internal stress-test scenarios, presenting analyzes on topics identified by Senior Management via the Geo-Sector Committee. Risk profile 3.2.4.2 Natixis’ risk profile is governed by the risk appetite and risk policies, which include the sector limits set by Natixis and the various country caps. Natixis is exposed to credit, counterpartyand distributionrisk as part of its activities with its large corporate customers in 27 countries: financing activities: V via the origination, arrangement and syndication of traditional V “plain vanilla” financings, and the management of the portfolio of all these financings under the “originate-to-distribute”model, via the origination, arrangement and syndication of strategic V financing and acquisitions (acquisition financing, LBO financing) but also financing on the primary bond and equity markets, via financial engineering on investments and advice on financial V structure; market activities: through interest rate hedging, foreign exchange, V commodity, equity or repurchase agreements; trade finance activities; V specialized financing activities organized around three main V business lines: “Infrastructure& Energy”, “Real Estate & Hospitality” and “Aviation”; securitization and structured credit activities. V Objectives and risk policy 3.2.4.3 Natixis’ risk policies have been defined as a componentof the bank’s overall risk appetite and credit risk control and management framework. The policies are the product of consultationbetween the Risk division and the bank’s various business lines. They are intended to establish a framework for risk-taking while applying risk appetiteand Natixis’ strategic vision by business line or by sector. Natixis now has some 20 risk policies, which are regularly revised and cover the various Corporate & Investment Banking business lines (corporates, LBO, aircraft finance, real estate finance, project finance, commodities finance, banks, insurance, etc.) and those of the subsidiaries.

Specific stress tests The specific stress test exercises run by the Natixis Risk division are detailed in the dedicated sections of this document (and in particular the credit stress tests detailed in section 3.2.4, subsection 4.2.3.10 “Commitment monitoring framework”, as well as the market stress tests detailed in section 3.2.6, subsection 3.2.6.3 “Market risk measurement methodology”). Credit and counterparty 3.2.4 risks Organization 3.2.4.1 The risk control framework is overseen by the Risk division with the active involvement of all the bank’s business lines and support functions. All the internal standards, policies and procedures are consistent with BPCE’s framework and are reviewed periodically to take into account the results of internal controls, regulatory changes and the bank’s risk appetite. Credit risk management and control are performed in accordance with the segregation of duties. Accordingly, together with the other divisions, the Risk division is in charge of monitoring credit risk through various departments that: define the credit risks policies and internal credit risk management V procedures; set credit risk limits and exposure thresholds; V issue transaction authorizations after a counter-analysis of the V credit risk and the counterparty risk in line with the processes for credit approval and limit authorization; monitor exposures and report to Natixis’ Senior Management. V Working with the business lines, the main duty of the Risk division is to provide an opinion, based on all relevant and useful information, on the risks taken by the bank. Credit decisions are made within the limit authorizations granted jointly to the business lines and to certain members of the risk function, and are approved personally by the Chief Executive Officer or any other person they authorize to that end. They are sized by counterparty category and internal credit rating, and by the nature and duration of the commitment. Furthermore, these authorizations can be exercised only when the transaction satisfies the criteria set out in the risk policy of each sector and activity. In conjunction with BPCE, Natixis has defined the rating methods applicable to the asset classes held jointly. The credit risk monitoring system is based on the establishment of a number of Committees whose main objectives are as follows: make individual risk decisions on limits, ratings and LGDs of all V types of counterpartiesand all types of transactionsvia the Natixis Credit Committee (CCN) or the Regional Credit Committee (CCR) in accordance with the level of the delegation established by Natixis; define internal rating methodologies and models; V implement second-level permanent controls; V

122

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2021