NATIXIS_REGISTRATION_DOCUMENT_2017

2 CORPORATE GOVERNANCE

Management and oversight of corporate governance

to examine compliance risk monitoring-relateditems at least a once a year, pursuant to Article 253 of the French Ministerial Order of November 3, 2014 on internal control of banking sectorbusinesses,paymentservices,and investmentservices; to give its opinionon the appointmentor dismissalof the Head a of InternalAudit at Natixis; to see to it that the findings of assignments by the Internal a Audit Departmentand by regulatoryand supervisoryauthorities (specifically the Autorité de Contrôle Prudentiel et de Résolution,ACPR –FrenchPrudentialSupervisoryAuthorityfor the Banking and InsuranceSector) are followed up on; to that end, a summaryof reportsby the InternalAudit Departmenton Natixis and its subsidiaries is made to the Risk Committee which also receives all reports from the regulatory and supervisory authorities (specifically the ACPR) on Natixis and its subsidiaries; to address Natixis’ annual internal audit program, including a audits of subsidiaries,with this programbeing presentedto the Committeeat least one week prior to its approval. At the proposal of the Chairman, the Risk Committee may, if deemed appropriateby the Committee and after consulting the Chairman of the Board of Directors, invite to its meetings any

Natixis manager (including managers of one of the main subsidiariesor the Chairmanof its Risk Committee*)who is able to shed light on the work of the Risk Committee,as well as the Chief Finance and Strategy Officer, the Chief Risk Officer, the CorporateSecretary,the NatixisHead of InternalAudit, the BPCE Head of InternalAudit, and Natixis’StatutoryAuditors. The Chief Risk Officer, the ComplianceOfficer, and the Natixis Head of Internal Audit have permanentdirect access to the Risk Committee. – Work of the Risk Committee in 2017 C The Risk Committee met seven times in fiscal year 2017. Its members’attendancerate was 89% for the year as a whole (vs. 67% in 2016). Each director’s attendance at the Risk Committee’s Meetings appears in Section 2.2 of this chapter (see directors’ individual fact sheets) . Within a reasonable amount of time before each Committee Meeting, each director received a file via a secure website containing the items on the agenda for review and analysis in preparationfor the meeting.

In 2017, the Risk Committee’sdutiesfocusedon the followingitems in particular:

Risk management

Review of the monthly consolidated risk monitoring scorecard (regular updates on credit, market liquidity and a operational risks and insurance risk) Review of the provisions of the French Ministerial Order of November 3, 2014, and of the Risk Appetite a Framework (RAF) indicators Annual review of the Risk Appetite Framework a Presentation of the RAF of the APAC platform a Review of the risk model governance a Check that the compensation policy is compatible with the risks a Meetings on the stress tests (EBA and internal) a Presentation of the final results of the internal stress tests a Presentation on ICAAP (Internal Capital Adequacy Assessment Process) a Presentation on IRRBB (Interest Rate Risk on Banking Book) a Liquidity follow-up: Annual analysis of contingency plans, particularly in light of the results of the alternative a scenarios regarding liquidity positions and risk mitigation factors Follow-up on the BCBS 239 project a Evaluation of the effectiveness of the internal control framework and the procedures in place (risk view) a FRTB project a Appointment of the new Chief Risk Officer a Review of the business risk system of the Specialized Financial Services (SFS) division a Review of whether the product and service prices offered to clients are in line with Natixis’ risk strategy. a Follow-up on the risks of the New Dimension strategic plan a Review of Natixis and BPCE Internal Audit assignments conducted during the fiscal year a Monitoring implementation of recommendations made by the Internal Audit Departments of Natixis and BPCE a Review of the Chairman’s draft report on the work of the Board and on Internal Control in 2016 a Presentation of reports on internal control and risk measurement and monitoring a Approval of the new Natixis Audit Charter a Presentation of the proposed audit program for 2018 a Supervision of non-compliance risk a Compliance control activity and results a Evaluation of the effectiveness of the internal control framework and the procedures in place (compliance a view) Review of the business continuity mechanism a Presentation of the latest developments a Updates to the Internal Rules of the Risk Committee a Presentation of the follow-up letters from BPCE to Natixis and Natixis’ response to these letters a

Internal control

Compliance

Other items

76

Natixis Registration Document 2017