NATIXIS // 2021 Universal Registration Document

CORPORATE GOVERNANCE Management and oversight of corporate governance

assisting the Board of Directors in determining guidelines and V verifying that the executive officers have properly implementedthe supervisorymechanisms, (especially in terms of the separation of duties and the prevention of conflicts of interest, that ensure the Company is effectively and prudently managed); reviewing, pursuant to its remit, whether the prices of products and V services proposed to clients are compatible with Natixis’ risk strategy. If these prices do not correctly reflect the risks, the Committee presents the Board of Directors with an action plan to remedy the situation; reviewing, without prejudice to the responsibilities of the V Compensation Committee, whether the incentives set out by Natixis’ compensationpolicy and practicesare compatiblewith the latter’s situation with regard to the risks to which it is exposed, its capital, its liquidity and the probability and scheduling of the expected benefits; assisting the Board of Directors in reviewing the aforementioned V governance mechanism, assessing its effectiveness and ensuring that corrective measures have been taken to remedy any shortcomings; regularly examining the strategies and policies governing the V taking, management, monitoring and reduction of the risks to which Natixis is or could be exposed, including risks created by the economic environment. To that end, at least once a year the Risk Committee analyzes the documents used to define and monitor Natixis’ risk appetite, namely the Risk Appetite Statement and the Risk Appetite Framework. The Risk Committee also studies the results of internal stress tests as well as measures of consumption of economic capital. The Risk Committee studies all limit changes between two annual reviews, including changes to industry-based limits; examining compliance risk monitoring-related items at least once V a year, pursuant to Article 253 of the French Ministerial Order of November 3, 2014 on internal control of banking sector businesses, payment services, and investment services;

giving its opinion on the appointment or dismissal of the Head of V General Inspection at Natixis; ensuring that the findings of assignments carried out by the V General Inspection and by regulatory and supervisory authorities (specifically the French Prudential Supervisory Authority) are followed up on. To that end, a summary of General Inspection Department reports on Natixis and its subsidiaries is prepared for the Risk Committee, which also receives all reports from the regulatory and supervisory authorities (specifically the ACPR) on Natixis and its subsidiaries; addressing Natixis’ annual internal audit program, including audits V of subsidiaries, with this program being presented to the Committee at least one week prior to its approval. At the proposal of the Chairman, the Risk Committeemay, if deemed appropriate by the Committee and after consulting the Chairman of the Board of Directors, invite to its meetings any Natixis manager (including managersof one of the main subsidiariesor the Chairman of its Risk Committee)who is able to shed light on issues handled by the Risk Committee. It can also invite the Chief Financial Officer, the Chief Risk Officer, the General Secretary, the Natixis Head of General Inspection, the BPCE Head of General Inspection, and Natixis’ Statutory Auditors. The Chief Risk Officer, the Compliance Officer, and the Natixis Head of General Inspection have permanent direct access to the Risk Committee. C – Work of the Risk Committee in 2021 The Risk Committee met eight times in fiscal year 2021. The attendance rate was 88% for the year as a whole. Each director’s individual attendance rate at Risk Committee Meetings is provided in section 2.1.4 of this chapter (see directors’ individual fact sheets) . Within a reasonable amount of time before a CommitteeMeeting, a file containing the items on the agenda is sent to each director via a secure digital platform for review and analysis in preparation for the meeting.

2

In 2021, the Risk Committee’s duties focused on the followinigtems:

Risk management

Key points from the risk dashboard and the bank’s risk environment outlook V Regular monitoring of the autocalls action plan V Summary of the main changes in risk policies V Annual review of the risk appetite framework (RAF) and the indicators and alert thresholds defined in accordance V with the decree of November 3, 2014 Regular updates on the risk appetite framework (notification of threshold breaches and indicator limits, review V of thresholds with regard to temporary operational limits) Presentation of the risk appetite framework of the US and APAC platforms V Examination of the adequacy of the prices of products and services offered to customers with the risk strategy V Projected cost of risk for 2021 V Model risk management update V Updates on BCBS 239 principles V Presentation of the ICAAP report V Update on internal stress test results V Review of liquidity risk tolerance V Review of strategies, policies, procedures, systems, tools and limits with regard to liquidity risk and underlying V assumptions Results of alternative stress scenarios V Results of reviews and analyses of changes in the liquidity situation V Review of the ALM standards V Annual analysis of contingency plans, particularly in light of the results of alternative scenarios regarding liquidity V positions and risk mitigation factors Check that the compensation policy is compatible with the risks V

77

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2021