NATIXIS_PILLAR_III_2017_EN

11 NON-COMPLIANCE RISK Organization of compliance

Organization of compliance 11.1

The Compliance Department oversees the non-compliance risk prevention and mitigation system. It also oversees IT Systems Security and business continuity. Its scope of action encompasses Natixis, its subsidiaries and branches in France and abroad thanks to its functional structure. Natixis’ Compliance Department has several tools for executing its functions.

The Compliance Department reports to the members of Natixis’ Senior Management Committee and the Board of Directors (Risk Committee) on the main risks detected, and on the implementation and effectiveness of the measures to address these risks. It helps draft the reports required by regulators and acts in accordance with the rules set out by Groupe BPCE.

RESPONSIBILITIES

FUNCTIONAL STRUCTURE

The Compliance Department advises and assists all Natixis employees on how to prevent compliance risks when performing their duties. It plays a key role in implementing the principles set out in Natixis’ Code of Conduct ( Chapter 1) , which are also included, as regards compliance, in the Compliance Manual. Accordingly, the Compliance Department participates in establishing standards, policies and procedures, and issues its opinion, particularly regarding supervision of new business, products and organizations. The Compliance Department also performs a regulatory watch and works with the Human Resources Department on staff training. In 2017, it stepped up its training and awareness programs focused on new regulatory developments, including anti-money laundering, terrorist financing, the prevention of corruption, the MiFID II Directive (financial instrument markets), client protection and preventing conflicts of interest. Over 49,000 training and awareness initiatives took place in 2017, either as classroom training or e-learning. The Compliance Department is responsible for coordinating first-level permanent risk controls, and sets up and implements second-level permanent risk controls to ensure that procedures are applied within the business lines and that non-compliance risks are mitigated, as part of a risk-based approach (see 3.2 Organization of Natixis’ internal control system). To this end, the Compliance Department maps non-compliance risk and ensures the resolution of anomalies detected by the relevant business lines.

The Compliance Department reports to the Corporate Secretary and functions independently of the operational departments. At Natixis SA level, the Heads of Compliance report hierarchically to Natixis’ Chief Compliance Officer. At subsidiary and branch level, there is a direct reporting line between the subsidiary and branch compliance heads and Natixis’ Chief Compliance Officer (prior approval for the assignment, appointment or removal of subsidiaries’ compliance heads, participation in annual performance and career advancement reviews, approval of annual work plans and fulfillment of reporting and alert requirements vis-à-vis Natixis’ Compliance Department). The operating rules of the Compliance Department are set out in a charter approved by Natixis’ Senior Management Committee.

TOOLS

The Compliance Department is equipped with a set of tools to cover all the areas within its remit, namely: behavioral analysis tools, used in conjunction with KYC tools, a to detect money laundering and internal fraud and prevent terrorist financing; data-comparison systems to verify client databases and filter a transactions to ensure compliance with embargoes; tools to track sensitive transactions, keep insider lists, manage a conflicts of interest and detect instances of market abuse.

130

NATIXIS Risk report Pillar III 2017