NATIXIS_PILLAR_III_2017_EN

2 GOVERNANCE AND RISK MANAGEMENT ORGANIZATION Governance

In accordance with the financial communication requirements of the third pillar of the Basel Committee on Banking Supervision, the information in this chapter concerns risk.

Governance 2.1

THE BANK’S EXECUTIVE MANAGERS 2.1.2 AND SPECIAL COMMITTEES ON RISK

The risk management governance is a structured organization involving all the levels of the bank: the Board of Directors and its specialized committees a (Risk Committee, Audit Committee, etc.); the Executive managers and the specialized risk committees a they chair within the bank; the central divisions, independent of the businesses; a the businesses (Asset & Wealth Management, Corporate & a Investment Banking, Insurance, Specialized Financial Services).

The Executive managers, under the supervision of the Board of Directors, are responsible for implementing Natixis’ internal control system in its entirety. Accordingly, they designate the persons in charge of the Risk Management, Permanent Control and Compliance Control functions, who report to them on their assignments. At least one of the bank’s executive managers chair the Bank’s main Special Committees on risk: the Global Risk Committee (CRG), the Credit Committee, the a Market Risk Committee, the Operational Risk Committee, the Watchlist and Provisions Committee; the ALM Committee; a the Control Functions Coordination Committee; a the Natixis Investment Committee. a The executive managers regularly inform the Board of Directors of all significant risks, risk management policies and changes made thereto. Reporting to the Chief Financial and Strategy Officer, the Accounting and Ratios Division is responsible for a accounting and regulatory information; the Financial Management Division oversees ALM and its a framework (standards, limits, etc.); the Financial and Taxation Oversight Division is in charge of a the budget process and ensures adherence to tax laws. The Risk Division , which reports to the Chief Executive Officer since October 1, 2017, is responsible for measuring, monitoring and managing the risks inherent to the business activities, in particular market risk, credit risk and operational risk; The Compliance Department , reporting to the Corporate Secretary, is responsible mainly for managing non-compliance risk and for overseeing the control system. The Legal Department , also reporting to the Corporate Secretary, ensures legal regulatory compliance. The Internal Audit Department reports to the Chief Executive Officer and performs audits that give rise to an assessment of existing points of control in the audited processes and an evaluation of the risks in respect of the audited activities. CENTRAL DIVISIONS 2.1.3

THE BOARD OF DIRECTORS 2.1.1 AND ITS COMMITTEES

The Board of Directors (and its extension, the Risk Committee) gives the final approval of Natixis’ risk appetite and supervises its application. Under the Natixis Board of Directors’ responsibility, the Risk Committee’s primary duties are: to advise the Board of Directors on the bank’s overall strategy a and risk appetite, both current and future; to assist the Board of Directors when it checks the a implementation of that strategy by the executive managers and by the Chief Risk Officer. The Risk Committee met seven times in fiscal year 2017. In addition, and since July 2016, the Risk Committee meets as the US Risk Committee as per the US regulatory requirements of the Dodd-Frank Act. The US Risk Committee has the same structure as the Risk Committee, and is responsible for the supervision of the risks linked to Natixis’ activities on US soil (“Combined US operations”). The key duties of Natixis’ Audit Committee are: to check the clarity of information published by Natixis and a assess the relevance of the accounting methods adopted for the creation of Natixis’ individual and consolidated financial statements; and to assess the quality of internal control, specifically the a consistency of the systems for measuring, monitor and control risk, and, as and when needed, propose implementation of supplementary actions in this sense. The Audit Committee met five times in fiscal year 2017.

12

NATIXIS Risk report Pillar III 2017