NATIXIS_REGISTRATION_DOCUMENT_2017

3 RISKS AND CAPITAL ADEQUACY

Organization of Natixis’ internal control system

Internal Control Coordination Committee (3CIG) and special committees

Compliance

ITSS-BC

Risks

Finance Review Internal Audit

BPCE

Coordination of permanent controls

Board of Directors: (Audit Committee - Risk Committee

Executive Managers

Control Functions Coordination Committee (CCFC)

Internal Audit Department

Periodical controls

Level 3

General Secretary

Finance and Strategy

Permanent controls

Financial Review*

Compliance

ITSS-BC

Risks

Level 2

Person responsible for the Permanent control: General secretary

Special Committees on Risk

Operational departments Controls 1.1 (operational) and 1.2 (hierarchical and/or functional)

Level 1

* Accounting, scal and regulatory controls performed by the Finance Review department, reporting hierarchically to the Accounting and Ratios department within Finance and Strategy, and functionally to the Compliance Department.

CONTROL FUNCTIONS 3.2.2

The conclusions of controls carried out under this system, supplemented with the results of external audits (carried out by BPCE's Internal Audit Department, the Statutory Auditors, the regulators/supervisors, etc.) are reported to the Board of Directors via its extensions, the Audit Committee and the Risk Committee.

COORDINATION COMMITTEE

The Control Functions Coordination Committee (CFCC) is chaired by the Natixis Chief Executive Officer or his substitute, the Corporate Secretary. Its members are the Heads of Risk, Compliance, Internal Audit, as well as the Head of the Regulatory and Accounting Review Team, the Corporate Secretary of the Risk Department, Compliance and Permanent Controls of BPCE and, as required, certain operational or functional managers. The CCFC coordinates the entire internal control system by: addressing all issues pertaining to the organization and a planning of control services; highlighting areas of emerging or recurring risk within the a scope under consideration and report any significant anomalies observed to the executive body (for example, monitoring the backlog of the main corrective measures); and providing the executive body with updates on ongoing a controls performed by internal or external control functions, or by regulators, and ensure that the conclusions from these undertakings are taken into account by the operational business lines. The CFCC met four times in 2017.

FIRST-LEVEL PERMANENT 3.2.3 CONTROLS

First-level permanent controls are carried out by operational or functional staff on the transactions they perform, following internal procedures and legal and regulatory requirements. Transactions may be subject to a control by operational staff themselves (level 1.1.) and to a separate control by line management or by a functional department responsible for validating these transactions (level 1.2). The first-level controls are centralized in a dedicated tool that is used to consolidate results, identify areas at risk and produce reports. The Compliance Department helps the operational or functional departments define and update these controls. At December 31, 2017, 2,152 level 1.2 controls were reported (mostly on a quarterly basis).

110

Natixis Registration Document 2017