NATIXIS_REGISTRATION_DOCUMENT_2017

RISKS AND CAPITAL ADEQUACY Governance and risk management system

Governance and 3.3

risk management system

GENERAL ORGANIZATION 3.3.1

The Audit Committeemet five times in fiscal year 2017. The Bank’s executive managers and Special Committees on risk The ExecutiveManagers, under the supervisionof the Board of Directors, are responsible for implementing Natixis’ internal controlsystemin its entirety. At least one of the bank’s executivemanagerschairs the Bank’s main SpecialCommitteeson risk: the Global Risk Committee (GRC), the Credit Committee, the a Market Risk Committee,the OperationalRisk Committee,the Watchlistand ProvisionsCommittee; the ALMCommittee; a the ControlFunctionsCoordinationCommittee; a the NatixisInvestmentCommittee. a The Board of Directors is regularly kept informed, by the Executive Managers, of all significant risks, risk management policiesand changesmade thereto. Central divisions Reportingto the Chief Financialand StrategyOfficer, the Accounting and Ratios division is responsible for a accountingand regulatoryinformation; the Financial Management division oversees ALM and its a framework(standards,limits, etc.); the Financialand TaxationOversightdivision is in charge of a the budgetprocessand ensuresadherenceto tax laws. The Risk Division , which reports to the Chief ExecutiveOfficer since October 1, 2017, is responsiblefor measuring,monitoring and managing the risks inherent to the business activities, in particularmarketrisk, credit risk and operationalrisk; The Compliance Department, reporting to the Corporate Secretary, is responsible mainly for managing non-compliance risk and for overseeingthe controlsystem. The Legal Department, also reporting to the Corporate Secretary, ensures the security and legal regulatory compliance of the businesses. The Internal Audit Department reports to the Chief Executive Officer and performs audits by reviewing existing control points in the audited processes and in assessing the risks incurred by the businessesunder review.

3

(Data certified by the statutory Auditors in accordance with IFRS 7) The risk management governance is a structured organization involvingall the levels of the bank: the Board of Directors and its specialized Committees (Risk a Committee,Audit Committee,etc.); the ExecutiveManagers and the specializedRisk Committees a they chair withinthe bank; the centraldivisions,independentof the businesses; a and the businesses(Asset& WealthManagement,Corporate& a InvestmentBanking,Insurance,SpecializedFinancialServices). The Board of Directors and its Committees The Board of Directors (and its extension, the Risk Committee) gives the final approvalof Natixis’risk appetiteand supervisesits application. Under the Natixis Board of Directors’ responsibility, the Risk Committee’sprimarydutiesare: to advise the Board of Directors on the bank’s overall strategy a and risk appetite,both currentand future; to assist the Board of Directors when it checks the a implementation of that strategy by the executive managers and by the Chief Risk Officer. The Risk Committeemet seven times in fiscal year 2017. In addition, and since July 2016, the Risk Committeemeets as the US Risk Committeeas per the US regulatoryrequirementsof the Dodd Frank Act. The US Risk Committee has the same structure as the Risk Committee, and is responsible for the supervision of the risks linked to Natixis’ activities on US soil (“CombinedUS Operations”). The key dutiesof Natixis’Audit Committeeare: to check the clarity of information published by Natixis and a assess the relevance of the accountingmethods adopted for the creation of Natixis’ individual and consolidated financial statements;and to assess the quality of internal control, specifically the a consistencyof the systemsfor measuring,monitorand control risk, and, as and when needed, propose implementation of supplementaryactionsin this sense.

113

Natixis Registration Document 2017