NATIXIS_REGISTRATION_DOCUMENT_2017

5 FINANCIAL DATA

Internal control procedures relating to accounting and financial information

PERMANENT CONTROL SYSTEM 5.5.2 RELATING TO ACCOUNTING AND FINANCIAL INFORMATION As part of the regulatory process introduced by the Single SupervisoryMechanismregardingthe internalcontrolsystemsof credit institutions, Natixis’ Internal Audit Department uses the results of the periodic audits it performs to assess internal control procedures.There is a particularfocus on accountingand financial procedures of all consolidatedentities, whether or not they have credit institutionstatus. The fact that most subsidiarieshave their own managementand control functions means that internal control procedures are decentralizedand are tailored to the organizationof each of the consolidated entities, relying on a multi-tier accounting control process: a first-level control where permanent and local controls in a operational business lines are integrated into the operating processand formalizedin detailedcontrolprograms; an intermediate level overseen by each entity’s financial or a compliance or risk departmentswhere second-level controls, independentof operating processes, are performed to ensure the reliability of accountingand regulatoryreporting processes and verify the existenceand qualityof the first-levelcontrols; a final level of control carried out by the Internal Audit a Departmentas part of its regularaudits. For accounting, permanent and periodic controls apply to the completionand monitoringof: for justifying accounts, accuracy and veracity checks, such as a the procedures for management/financial account reconciliation (outstandings and income statement), reconciliation of cash accounts and checking and clearing of suspenseitems; consistencychecksthroughanalyticalreviews; a checksto make sure incomeand expensesare allocatedto the a correctperiod; verification that the presentation complies with accounting a rules; correct processing of specific transactions in line with the a relevantprinciples; verification of financial information (notes to the financial a statements,items of financialcommunication); adjustment of anomalies identified at the time of these a controls as well as the corresponding analyses and documentation. These controls are conducted using the currently diversified accounting systems which are due to be streamlined for a significantpart of Natixis’consolidatedscope. For regulatory reporting, permanent and periodic controls apply to the completionand monitoringof: accuracy and veracity checks, such as the a management/financial account reconciliation processes, as managementdata can come fromvarioussources;

controls of the traceability and completeness of data, a throughoutthe variousreportingpreparationprocesses; compliance and presentation controls in respect of the a regulatoryrequirementsspecificto each reportingprocess; quality controls of the data (in accordancewith the BCBS 239 a program) needed to produce the reports and the quality of the attributesentered into the databasesused, allowingthe proper breakdownof accountingor managementdata; consistency checks between published reports, where a possibleand relevant. For all these scopes,Natixis and its subsidiariesare continuingto upgrade their accounting and financial control procedures and equip themselveswith suitable audit trail tools. In this respect, Natixis’ Finance Department supervises, assists and monitors the variouscontrolsperformedby the subsidiaries. The accountingand financialreportingcontrol system is primarily basedon the followingfundamentalprinciples: separationof the accountingproductionand controlfunctions; a and the standardizationof controlprocesseswithin the Group’s a different business lines and entities: methods, software, reportingand frequency; It also drawson: the application of the principles defined by BPCE, i.e. the a scopes governed by the two-level control processes and implementingthe coordinationof the controlteams; two kinds of assignments(operationalor organizational)to be a carried out either as part of the account closing process or in periodicassignments; formalized documentation as part of the “Accounting and a financial information quality control framework” drawn up by GroupeBPCE. It includesproceduresthat describein detail the organizationof the system; risk mapping showing the nature, the frequencyof occurrence a and the responsibility by control level across all scopes (accountingand regulatory); centralized oversight within the financial or accounting a departments, performed by the dedicated Regulatory and AccountingReviewteam, which also review first-levelcontrols and performssecond-levelcontrols; a risk-basedapproach,enablingthe Reviewteams to guide and a determine the frequency of their controls given the quality of the internalcontrolprocesses. For Natixis,the systemis organizedbasedon: accountingor regulatoryproductionteams,within the business a lines or centralized within the Accounting and Ratios Department,that handle all work related to the correct entry of transactions and the collection of data required for regulatory reportingand the implementationof day-to-daycontrols; first-level controls under the hierarchical and/or functional a authorityof the Accountingand RatiosDepartmentincludingall monthly and quarterly controls that make these reports more reliable;

388

Natixis Registration Document 2017