NATIXIS_REGISTRATION_DOCUMENT_2017

RISKS AND CAPITAL ADEQUACY Non-compliance risk

Non-compliance risk 3.10

See 3.3.4 "Risk typology”for a definitionof non-compliancerisk

ORGANIZATION OF COMPLIANCE 3.10.1

Functional structure The ComplianceDepartmentreports to the Corporate Secretary and functions independentlyof the operational departments.At Natixis S.A. level, the Complianceheads report hierarchicallyto Natixis’ Chief ComplianceOfficer. At subsidiaryand branch level, there is a direct reportingline betweenthe subsidiaryand branch compliance heads and Natixis’ Chief Compliance Officer (prior approval for the assignment, appointment or removal of subsidiaries’ compliance heads, participation in annual performance and career advancement reviews, approval of annual work plans and fulfillment of reporting and alert requirementsvis-à-visNatixis’ComplianceDepartment). The operatingrules of the ComplianceDepartmentare set out in a charterapprovedby Natixis’SeniorManagementCommittee. Tools The ComplianceDepartment is equipped with a set of tools to cover all the areaswithin its remit, namely: behavioral analysis tools, used in conjunctionwith KYC tools, a to detect money laundering and internal fraud and prevent terroristfinancing; data-comparisonsystems to verify client databases and filter a transactionsto ensurecompliancewith embargoes; tools to track sensitivetransactions,keep insider lists, manage a conflictsof interestand detect instancesof marketabuse. Conflicts of interest Conflictsof interestare preventedby: settingup and monitoringof informationbarriers; a using risk maps to identifysituationsposing a risk of conflictof a interest; checkingcompensationpolicies; a being compliant with the rules of good conduct applicable to a Natixisstaff. Conflictof interestis managedthrough: compliancewith the conflictof interestpreventionframework; a cooperation among the business lines, Compliance and a Management in order to identify and manage conflicts of interest; close monitoring by Compliance with the help of a a transactionalconflictdetectiontool; and EMPLOYEES AND PROFESSIONAL 3.10.2 ETHICS

3

The Compliance Department oversees the non-compliancerisk prevention and mitigation system. It also oversees IT Systems Security and Business Continuity. Its scope of action encompassesNatixis,its subsidiariesand branchesin Franceand abroad thanks to its functional structure. Natixis’ Compliance Departmenthas severaltools for executingits functions. Responsibilities The Compliance Department advises and assists all Natixis employeeson how to preventcompliancerisks when performing their duties. It plays a key role in implementingthe principlesset out in Natixis’ Code of Conduct (see Chapter 1) , which are also included,as regardscompliance,in the ComplianceManual. Accordingly, the Compliance Department participates in establishing standards, policies and procedures, and issues its opinion, particularly regarding supervision of new business, productsand organizations. The Compliance Department also performs a regulatory watch and works with the Human Resources Department on staff training. In 2017, it stepped up its training and awareness programs focused on new regulatory developments, including anti-money laundering, terrorist financing, the prevention of corruption, the MiFID II Directive (financial instrumentmarkets), client protectionand preventingconflictsof interest.Over 49,000 training and awareness initiatives took place in 2017, either as classroomtrainingor e-learning. The Compliance Department is responsible for coordinating first-level permanent risk controls, and sets up and implements second-levelpermanent risk controls to ensure that procedures are applied within the business lines and that non-compliance risks are mitigated, as part of a risk-based approach (see 3.2 Organizationof Natixis’ internal control system) . To this end, the ComplianceDepartmentmaps non-compliancerisk and ensures the resolution of anomalies detected by the relevant business lines. The ComplianceDepartmentreports to the members of Natixis’ SeniorManagementCommitteeand the Board of Directors(Risk Committee) on the main risks detected, and on the implementationand effectiveness of the measures to address these risks. It helps draft the reports required by regulators and acts in accordancewith the rules set out by GroupeBPCE.

163

Natixis Registration Document 2017