NATIXIS_REGISTRATION_DOCUMENT_2017

3 RISKS AND CAPITAL ADEQUACY Credit and counterparty risks

VALIDATION OF INTERNAL MODELS 3.5.5

Risk Governance Department, while the Model Risk ManagementCommitteeis chairedby Natixis’Chief Risk Officer, who is a memberof the SeniorManagementCommittee. Rating tool performance monitoring and backtesting Backtestingand benchmarkingare an integral part of the model approval process. Backtesting and performance-monitoring programsare used at least once a year to ensure the quality and reliability of rating models, LGD estimates and probability of default scales. They include a detailed analysis based on a range of indicators, e.g. differences in terms of severity and migration comparedwith agency ratings, observeddefaultsand losses and changes in ratings prior to default, and the performance measurements of LGD models, based on the quantitative analysis of historical data and supplemented by qualitative analysis. Rating method performance monitoring and backtesting of PD The rating methods are periodically checked and undergo external benchmarking to ensure the consistency of ratings produced using expert appraisal-based approaches, as well as their robustness over time according the regulatory requirements. The monitoring methods are defined through a backtestingproceduretailoredto each type of model. For Natixis, the Corporate (including structured finance), Interbank and Sovereign portfolios, which are handled using dedicatedrating tools, have the lowestdefaultrates (LowDefault Portfolios). These portfolios are backtested in accordance with their specific nature, namely the low number of defaults and the difficultyin creatingand maintaininga PD scale based on internal data. The backtesting procedure, which draws on these data (and sometimes external data in the case of backtesting of the banking model or the Major Corporate rating grids particularly), consistsof two stages: an analysis of the absoluteperformance, which is based on the defaultrate and internalmigrations,and an analysis of the relative performance, which is based on a comparison with external ratings. Alerts are triggered by performancerules and indicatorsas necessary. These checks are carried out throughseveral processes,such as quarterly meetings of the Rating Analysis Committee (CANO) and the backtestingof the variousratingmodels,which is carried out between once and four times a year depending on the scope. The role of this Committeeis to: provide a forum for the presentation of the results of a performanceand stabilitymeasurements; analyze the indicators whose alert thresholds have been a exceeded; decide on any measures to be taken to correct any deviations a or anomalies. These measures may take different forms, including changes to rating practices, methodologies, performanceanalysesor alert thresholdvalues.

Validation of models In accordance with regulatory requirements, Natixis has establishedinternal model validation policies and proceduresfor evaluating credit and counterparty risk. This independent validation of models is part of the broader framework of model risk management. Within the Model Risk & Risk Governance Department, which reports to the Chief Risk Officer, the Model Risk Management team is in charge of model life cycle governanceand standards. The various stages of a model’s life cycle (design, IT development,validationand use) are clearly documentedand the roles and responsibilitiesof everyone involved in the model are specifiedin detail. Internal rating models are validatedby the validationteam of the GroupeBPCE Risks, Complianceand PermanentControl division or, acting with the authorization of the Groupe BPCE Group Modeling Committee, by the Natixis Risk division’s Model Risk Management team. In accordance with Groupe BPCE’s validation charter, validation covers a review of the relevance, consistency and integrity of models as well as the accuracy of input and output data used. The validation process comprises four steps: quantitative analysis: analysis of proxies, sizing methods, risk a indicators,aggregationrules, etc.; performanceand governance analysis: model backtesting and a benchmarking analysis, precision and consistency analysis, stresstests; analysis of data quality and implementation of the model: a analysis of the quality and representativenessof data, integrity of controls,error reports,comprehensivenessof data, etc.; use test: the validation team ensures that the internal models a are used by qualified staff, that usage procedures are documented and up to date, that ex post controls are performed, etc. The design,modificationand ongoingmanagementof the model (includingbacktesting)are performedby the model designerson behalf of the model owner. Model Risk Management, an independent unit, is consulted on any new model or any adjustmentor update to an existingmodel. Each year, this team conducts a periodic review of ratings, covering, among other things,analysisof backtestingand use tests. The third line of defense, represented by the Internal Audit Division, performs annual reviews of the internal rating models as well as compliance with the model risk management framework and the correct application by Model Risk Managementof its own policiesand procedures. The findings and results of the model validation process performedat Natixis are presentedto the Risk Model Oversight Committee for confirmation,then submitted to the Model Risk Management Committee for approval before being sent to the Standards and Methods Committeeof the Groupe BPCE Risks, Compliance and Permanent Control division for final validation and possible submission to the regulator. The Risk Model OversightCommitteeis chairedby the Head of the Model Risk &

130

Natixis Registration Document 2017