NATIXIS - Universal registration document and financial report 2019

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

Organization of Natixis' internal control system

INTERNAL CONTROL COORDINATION COMMITTEE (3CIG) AND SPECIAL COMMITTEES

COMPLIANCE FUNCTION

ITSS-BC FUNCTION

RISKS FUNCTION

INTERNAL AUDIT FUNCTION

FINANCE REVIEW FUNCTION

BPCE

Coordination of Permanent Controls

Board of Directors (Risk Committee, Audit Committee)

Executive managers

CONTROL FUNCTIONS COORDINATION COMMITTEE (CCFC)

3

Periodical controls

Internal Audit Department

Level 3

Permanent control

General Secretary

Finance

Person responsible for the Permanent

Financial Review*

Level 2

Compliance

ITSS-BC

Risks

control: General secretary

SPECIAL COMMITTEES ON RISKS

Operational departments Controls1.1(operational)and1.2(hierarchicaland/orfunctional)

Level 1

#EEQWPVKPI ƒUECN CPF TGIWNCVQT[ EQPVTQNU RGTHQTOGF D[ VJG (KPCPEG 4GXKGY FGRCTVOGPV TGRQTVKPI JKGTCTEJKECNN[ VQ VJG #EEQWPVKPI CPF 4CVKQU FGRCTVOGPV YKVJKP (KPCPEG CPF HWPEVKQPCNN[ VQ VJG %QORNKCPEG &GRCTVOGPV

The conclusions of controls carried out under this system, supplemented with the results of external audits (carried out by BPCE’s Inspection Générale, the Statutory Auditors, the regulators/supervisors, etc.) are reported to the Board of Directors via its extensions, the Audit Committee and the Risk Committee. 3.2.1.3 First-level permanent controls are carried out by operational or functional staff on the transactions they perform, following internal procedures and legal and regulatory requirements. Transactions may be subject to a control by operational staff themselves (level 1.1) and to a separate control by the chain of command or by a functional department responsible for validating these transactions (level 1.2). The first-level controls are centrally managed through a dedicated tool that is used to consolidate results, identify areas at risk and produce reports. The Compliance Department helps the operational departments or support functions define and update these controls. At December 31, 2019, 18,409 first-level (1.2) controls were assessed. First-level permanent controls

The Control Functions

3.2.1.2

Coordination Committee The Control Functions Coordination Committee (CFCC) is chaired by the Natixis Chief Executive Officer or his substitute, the Corporate Secretary. Its members are the Heads of Risk Monitoring, Compliance and General Inspection, as well as the Head of the Regulatory and Accounting Review team, the Corporate Secretary of BPCE’s Risk, Compliance and Permanent Control division and, as required, certain operational or functional managers. The CFCC coordinates the entire internal control system by: addressing all issues pertaining to the organization and planning V of control services; highlighting areas of emerging or recurring risk within the scope V under consideration and reporting any significant anomalies observed to the executive body (for example, monitoring the backlog of the main corrective measures); and providing the executive body with updates on ongoing controls V performed by internal or external control functions or by regulators, and ensuring that the conclusions from these undertakings are taken into account by the operational business lines. The CFCC met four times in 2019.

109

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2019