NATIXIS_PILLAR_III_2017_EN

5 CREDIT RISK

Credit risk control organization

Credit risk control organization 5.1

The risk control framework is driven by the Risk division with the active involvement of all the bank’s businesses and support functions. All the internal standards, policies and procedures are consistent with BPCE’s framework and are reviewed periodically to take into account the results of internal controls, regulatory changes and the bank’s risk appetite. Credit risk management and control are performed in accordance with the segregation of duties. Accordingly, together with the other divisions, the Risk division is in charge of monitoring credit risk through various sections that: define the credit risks policies and internal credit risk a management procedures; set credit risk limits and exposure thresholds; a issue transaction authorizations after a counter-analysis of the a credit risk and the counterparty risk in line with the processes for credit approval and limit authorization; define methodologies and internal rating models; a

implement second-level permanent controls; a monitor exposures and report to Natixis Senior Management. a Working with the businesses, the main duty of the Risk division is to draw on all relevant and useful information to provide an opinion on the risks taken by the bank. Credit decisions are made within the limit authorizations granted jointly to the businesses and to certain members of the Risk function, and are approved personally by the Chief Executive Officer or any other person he authorizes to that end. They are sized by counterparty category and internal credit rating, and by the nature and duration of the commitment. Furthermore, these authorizations can be exercised only when the transaction satisfies the different criteria set out in the risk policy of each sector and activity. In conjunction with BPCE, Natixis has defined the rating methods applicable to the asset classes held jointly.

Credit policy 5.2

GENERAL POLICY 5.2.1

The quantitative framework is generally based on: commitment ceilings by business line or sector; a commitment sub-limits by type of counterparty, type of a product, or sometimes by geographic region. This framework helps to monitor the concentration of the banks’ commitments in relation to a given sector or type of risk. The qualitative framework is for its part structured around the following criteria: business sectors: preferred sectors, banned sectors; a targets: customers to be targeted or excluded based on a various criteria (size, rating, country of operation, etc.); structuring: maximum durations, financial ratios, contractual a clauses, collateral arrangement, etc.; products. a Checks are carried out as required during the individual processing of loan applications to ensure that the risk policy is being applied correctly. Overall monitoring also takes place on a quarterly basis (checking of compliance with ceilings and number of deviations) and is presented to the Global Risk Committees.

Natixis’ risk policies have been defined as a component of the bank’s overall risk appetite and credit risk control and management framework. The policies are the product of consultation between the Risk division and the bank’s various business lines, and are intended to establish a framework for risk-taking while outlining risk appetite and Natixis’ strategic vision by business line or by sector. Natixis now has nearly 20 risk policies, which are regularly revised and cover the various Corporate & Investment Banking business lines (corporate, LBO, aircraft finance, real estate finance, project finance, commodities finance, banks, insurance, etc.) and the subsidiaries’ various activities (e.g. leasing for Natixis Lease and factoring for Natixis Factor, etc.). The framework these risk policies set out makes a distinction between recommendations based on good practices, and strict (qualitative or quantitative) supervisory criteria, any deviation from which affects the decision-making process and the usual system of limit authorizations.

58

NATIXIS Risk report Pillar III 2017