NATIXIS_REGISTRATION_DOCUMENT_2017

3 RISKS AND CAPITAL ADEQUACY Governance and risk management system The Human Resources Department is involved in the compensationpolicy and overseesits application. The central departments provide senior management with necessary information on the risk developments and the managementof the bank. The businesses Each Natixis entity is responsiblefor the first-level management of its riskswithin its scope. Level-onepermanentcontrols are performedby operationalstaff on the transactions carried out in accordance with internal procedures and legislative and regulatory requirements. The controls can be performed by a functional department tasked with approvingthe relevanttransactions. Natixis is defined by its strong risk culture at every level of its organization. The risk culture is centralto the Risk Division’sguidingprinciples, as set out in the Risk Charter.It has four areas of focus: harmonizinggood practiceswithin the bank throughthe roll-out a of a body of risk policies, standardsand proceduresthat cover all the bank's major risks (credit, market and operational) and outlinethe bank'sstrategicvision and risk appetite; running global communication campaigns (posters, golden a rules, informationon the Intranet and radio), and implementing a new e-learningmodule— now mandatoryfor all staff — on operationalrisks; setting up mandatorytraining on matters relating to model risk a management(model life cycles); promoting all-staff training on key subjects relating to a regulatorydevelopments. Furthermore, the new Code of Conduct adopted by Natixis in December 2017 is an effective means of inculcating the risk culture, as it defines the rules of conduct applicable to all employees and encourages greater involvement and accountability. Four guiding principles serve as the building blocks of Natixis’ DNA and are adapted to each profession and function.The rules are dividedinto the followingthemes: RISK CULTURE 3.3.2

RISK APPETITE 3.3.3

(Data certified by the statutory Auditors in accordance with IFRS 7) Natixis’ risk appetite is definedas the nature and the level of risk that the bank is willing to take within the bounds of its business modeland strategy. It is consistent with Natixis’ strategic plan, budget process and business activities, and falls within Groupe BPCE’s general frameworkon risk appetite,comprisingtwo components: the Risk Appetite Statement (RAS), which sets out, in 1. qualitative and quantitativeterms, the risks that the bank is preparedto take; the Risk Appetite Framework (RAF), which describes the 2. interface between the organization’skey processes and the implementation of the governance that puts the RAS into action. Risk appetite is reviewed annually by Senior Management and approvedby the Board of Directorsafter consultationby the Risk Committee. Risk Appetite Statement Natixis’ risk appetite principles result from the selection and control of the types of risks that the bank is prepared to take in pursuit of its business model, and ensure consistencybetween Natixis’ overarching strategic guidelines and its capacity to managerisks. The business model developed by Natixis is based on its recognized areas of expertise (corporate financing, market activities,Asset & WealthManagement,Insurance,Servicesand SpecializedFinancing),respondingto the needs of its clients and those of GroupeBPCE. The bank seeks sustainableand consistentprofitabilityin balance with its consumption of scarce resources (capital, liquidity, balance sheet). It declines any engagementwith activities that it does not master. Activities with high risk/profitability ratios are subject to strict selection and oversight. Market risk management in particular has a highly selective investmentapproach,coupledwith limited tolerancefor extremerisk, and very closemonitoring. Natixis incurs risks intrinsically as part of its Corporate & Investment Banking, Asset Management, Insurance and SpecializedFinancialServicesactivities: credit risk generated by Corporate & Investment Banking, a lending activities from Specialized Financial Services is managed under specific risk policies adapted by business and subsidiary,concentrationlimits defined by counterparty,sector and country, and through extensive monitoring of portfolio. Natixis ensures the selective management of issuance commitmentsthrough independentanalysesand various credit Committees;

be client-centric; a behaveethically; a act responsiblytowardssociety; a

protectNatixis'and GroupeBPCE’sassetsand reputation. a A Conduct Committeewas also formed at the top-most level of the Bank and involves members of the Senior Management Committee. Lastly, Natixis’ compensationpolicy is structured to encourage the long-term commitment of the Company’s employees while ensuringthe appropriaterisk management.

114

Natixis Registration Document 2017