NATIXIS // 2021 Universal Registration Document

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

31/12/2020

1 year to 2 years

2 years to 5 years

Less than 1 month

1 to 3 months

3 to 6 months

6 months to 1 year

Over 5 years

(in billions of euros)

Total Demand

Undated

0.0

0.0

Due to central banks

Other financial liabilities held for trading purposes – excluding trading derivatives

131.8

4.3 4.3 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0

81.0 80.6

8.9 7.9 0.0 0.3 6.0 0.0 0.0 2.5 0.0 0.0

2.4 1.3 0.0 0.0 2.5 0.0 0.0 2.4 0.0 0.0 1.4 0.8 0.0 6.6 0.0

4.0 0.9 0.0 -0.0 3.6 0.0 0.0 3.6 0.0 0.0

2.0 0.2 0.0 -0.0 4.4 0.0 0.0 4.4 0.0 0.0 7.9 0.9 0.2 0.0 0.7 0.3

4.3 0.0 0.0 0.0 8.7 0.0 0.0 8.7 0.0 0.0 0.0 0.2 0.0 0.6 0.5

4.2 0.1 0.0 0.0 1.6 0.0 0.0 1.4 0.0 0.0 1.1 0.0 1.1 0.0 1.4 0.3

20.6

95.3

0.0 0.0 0.0 0.0 0.0 0.0 0.0

o/w repurchase agreements

Secured debt Unsecured debt

0.0 0.3

0.0 0.0

Financial liabilities at fair value through profit or loss o/w repurchase agreements

27.9

1.1 0.0 0.0 1.0 0.0 0.0 3.7 4.5 2.9 0.0 6.6 0.0

0.0 0.1

Secured debt Unsecured debt

23.9 49.9

Trading derivatives Hedging derivatives Amounts due to credit institutions

49.9

0.5

0.5

84.7

12.8

17.5

10.1

14.1

17.4

0.1 0.0 1.3 0.0 0.0 0.0

9.1

0.0

1.2 0.2 0.0

1.0 0.9 0.0 8.0 0.1

o/w repurchase agreements Amounts due to customers o/w repurchase agreements

30.2

20.7

0.0

0.0 0.0 0.0

Debt securities

35.7

11.8

o/w covered bonds

1.3

0.0

Revaluation adjustments on portfolios hedged against interest rate risk

0.2 4.1

0.0 0.0

0.0 0.0

0.0 0.0

0.0 0.9

0.0 0.6

0.0 1.1

0.0 1.0

0.0 0.2 9.7

0.2 0.3

Subordinated debt

TOTAL

365.1

37.8

95.3

46.3

23.2

31.2

16.3

32.2

73.0

The information contained in the above table excludes Insurance activities.

Compliance risk 3.2.9

For a definition of compliance risk, refer to section [3.2.3.6] Ristkypology.

the complianceof the products or services provided, the integrity of the markets, financial security and the prevention of fraud, the supervision of technological risks and the processingof personal data. In this context, the Compliance Department participates in the implementation of standards, policies and procedures and issues opinions, in particular for the management of new activities, new products or new organizations by ensuring their compliance with the applicable texts. The Compliance Department also monitors regulations and carries out training and awareness-raising actions on the numerous regulatory changes, particularly concerning the fight against money laundering and the financing of terrorism, tax evasion and information security. The Compliance Department coordinates first-level permanent controls of compliance risks. In addition, it sets up and implements second-level permanent controls to ensure that procedures are applied within the business lines and that compliance risks are managed, as part of a risk-based approach (see 3.2.1 Organization of Natixis internal control system) . To this end, Compliance maps non-compliance risks. Lastly, it ensures that any dysfunctions noted by the businesses concerned are corrected.

Compliance organization 3.2.9.1 The Compliance Department is responsible for managing the risk of non-compliance, coordinating the first-level permanent control system and is responsible for carrying out second-level controls. It also includes IT risk supervision and business continuity (Global Technology Risks Management – G-TRM), as well as personal data protection. Its scope of action encompasses Natixis and its subsidiaries and branches in France and abroad, thanks to its functional structure. Responsibilities The Compliance Department advises and assists all Natixis employees on how to prevent compliance risks when performing their duties. It positions itself as a key player in the operational implementation of the principles set out in the Natixis Code of Conduct (www.natixis.com/natixis/en/governance) which, with respect to compliance, are included in Natixis’ compliance policies and procedures. The scope of the compliance function covers non-financial risks and, in particular, the legislative and regulatory provisions specific to banking and financial activities, as well as professional standards aimed at preventing any risk of non-compliance. It includes

154

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2021