NATIXIS // 2021 Universal Registration Document

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

The maximumamount that can be paid out for any one claim under this arrangement is €118.5 millionunder “ProfessionalCivil Liability” coverage and €119 million under “Fraud” coverage in excess of the applicable deductibles. “Regulated Intermediation Civil Liability” ( in three areas: B/ Financial Intermediation, Insurance Intermediation, Real Estate Transactions/Management) with a total maximum payout of €10 million per claim and €13 million per year. “Operating Civil Liability” covering €100 million per claim, as C/ well as a “Subsidiary Owner Civil Liability”/“Post Delivery-Reception Civil Liability” coverage extension for up to €35 million per claim and per year of insurance. “Company Directors Civil Liability” for up to €200 million per D/ claim and per year of insurance. “Material Damage” to Buildings and their contents (including IT E/ equipment) & Consecutive “banking business losses”, up to a total of €300 million per claim (sub-limited to consecutive “bank business losses” at a rate of €100 million per claim and €200 million per year). “Protection of Digital Assets against Cyber-Risks” & the F/ consecutive “losses in banking activities”, for up to €140 million per claim and €196.5 million per year of insurance. This coverage extends worldwide for initial risk or umbrella risk, subject to certain exceptions, mainly in terms of “Professional Civil Liability” where the policy does not cover permanent institutions based in the United States (where coverage is obtained locally by Natixis’ US operations). All the insurance policies mentioned above were taken out with reputable, creditworthy insurance companies. All the insurance policiesmentionedabove are purchasedwith deductibles (accepted retention level) in accordance with Natixis’ retentioncapacity. 3.2.8.1 (Data certified by the Statutory Auditors in accordancewith IFRS 7) Natixis is affiliated with the central institution of the Caisses d’Epargne and the Banques Populaires (BPCE) banks, as defined by the FrenchMonetaryand Financial Code. Article L.511-31 of the French Monetary and Financial Code stipulates that central institutions are credit institutions and, as such, they must oversee the cohesion of their network and ensure the proper operation of affiliated institutions and companies. To this end, they take any necessary measures, notably to guarantee the liquidity and capital adequacy of all such institutions and companies as well as the network as a whole. In accordancewith Groupe BPCE’s organizationand the missionsof the central body, the supervision of the management of structural balance sheet risks, ALM policies and strategies are placed under the authority of the Group Strategic ALM Committee. These policies and strategies are applied at the level of each affiliate, including Natixis. Balance sheet 3.2.8 management Governance and organization

Measures to reduce risk Natixis has implemented measures in every business line and support function to monitor the corrective actions to reduce the Bank’s exposure to operational risks. 76% of the 514 corrective actions initiated in 2021 were implementedby the business lines in charge and are monitored by the business line and central Operational Risk Committees. These actions, defined to reduce and resolve operational risk, are ranked according to three priority levels depending on the risks incurred. The Natixis Operational Risk Committee is alerted to any delay in a first-level priority corrective action; a justification for the delay must then be provided. Risk profile 3.2.7.4 In 2021, a risk analysis was performed on all of Natixis’ business lines and support and control functions. The Corporate & Investment Banking and Asset & Wealth Management business lines account for the majority of risks under review owing to the extensive nature of the divisions’ activities and operations in both France and internationally. Natixis’ risk profile features two main risk categories in terms of high potential impact: cross-functional risk (regulatory, pandemic, technological, including cyber, legal and climate) and business line risk, concentrated under Corporate & Investment Banking to which the Company as a whole is exposed. Tailored risk management mechanisms have been introduced to cover these risks, including the safeguarding of procedures and controls, raising employee awareness, Business Continuity Plans, Information Systems Security and insurance policies. 3.2.7.5 Reporting to the Natixis Insurance division, the Groupe BPCE Corporate Insurance Department is responsible for: analyzing insurable operational risks; and V taking out appropriate insurance coverage (direct insurance V and/or transfer). Natixis and its subsidiaries benefit from the guarantees provided in the following main insurance programs: coverage for its insurable operational risks; and V which are pooled with Groupe BPCE. V Combined “Global Banking (Damage to Valuables & Fraud) ” & A/ “Professional Civil Liability” policy with a total maximum payout of €215.5 million per year of insurance including: €72.5 million per year, combined “Global a) Banking/Professional Civil Liability/Cyber-Risks” and mobilizable under the guaranteed amounts indicated in b) and/or c) and/or d) below; €48 million per claim and per year (sub-limited under b) “Fraud” to €35 million per claim), dedicated solely to “Global Banking” risk; €25 million per claim and per year, solely reserved for c) “Professional Civil Liability” risk; €70 million per claim and per year, combined “Global d) Banking/Professional Civil Liability” insurance available in addition to or after use of the amounts guaranteed set out in b) and/or c) above. Operational risk insurance

3

147

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2021