NATIXIS - Universal registration document and financial report 2019

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

the review of the General Inspection Department’s internal V structure to improve efficiency and get the audit team more involved in managing assignments and especially staff (recruitment, training and career management); the establishment of a new hiring process that shortens response V times in order to reduce the impact of turnover on available staff. Lastly, Natixis’ General Inspection Department collaborated with its BPCE counterpart on a number of projects and assignments. The two departments held six meetings in 2019. These meetings provided a forum for addressing matters related to audit plans and practices, as well as matters related to risk assessment and assignment evaluation (Joint General Inspection Coordination Committee). Risk governance and 3.2.2 management system Risk management system 3.2.2.1 Natixis’ risk management is based on independent control functions, each addressing the risks falling within their scope of oversight. The risk management function, carried out by the Risk Supervision Division (RSD), is structured as an independent and global matrix that covers all scopes and related geographic areas. In 2019, the risk management function was adjusted to better support Natixis’ transformation and the ever-increasing number of regulator changes. The organization structure was therefore simplified, with the aim of improving the risk oversight system across Natixis as a whole. This new organization structure notably resulted in: the creation of an Enterprise Risk Management (ERM) V Department, focusing on key cross-cutting processes and primarily aimed at centralizing the development of regulatory risk and project management models; the gathering into a single department, MARPL (Market Activities V Risks, P&L and Liquidity), of missions involving the monitoring of market, liquidity, overall interest rate and counterparty risks; the creation of the Supervision of Conglomerate, Insurance and V Asset Management (SCIAM) Department, dedicated to supervising the Insurance and Asset Management business lines risks and whose main purpose is to bolster the framework for managing these risks using a cross-cutting approach. The risk management function steers the risk appetite framework, recommends risk policies consistent with those of Groupe BPCE to Senior Management for approval, and makes proposals to the executive body on principles and rules in the following areas: risk-taking decision procedures; V delegation framework; V risk measurement; V risk oversight. V It also independently validates models as part of its wider risk model management framework. It plays an essential role within the committee structure, the highest-level of which is Natixis’ Global Risks Committee, which meets once per quarter.

In addition, it regularly reports on its work, submitting its analyses and findings to Natixis’ executive managers, to Natixis’ supervisory body, and to Groupe BPCE. A dedicated function generates a consolidated risk overview using a scorecard that indicates the various risks (credit, market, liquidity, operational, modeling, etc.). To fulfill these responsibilities, the Risk Supervision Division uses an IT system tailored to the activities of Natixis’ core businesses, applying its modeling and quantification methods for each type of risk. The management and monitoring of Natixis’ structural balance sheet risks are under the authority of the Asset/Liability Management Committee (or “ALM Committee”). The ALM Committee’s monitoring scope includes overall interest rate risk, liquidity risk, structural foreign exchange risk and leverage risk. The Compliance function oversees the compliance risk management system of Natixis S.A. and of its French and international branches and subsidiaries. It is also in charge of fraud risk prevention, information systems security, and business continuity. Its operating rules are governed by a charter signed off by the Senior Management Committee. The Compliance Function’s preventative actions — advice, raising awareness and training — are a key driver to improving Natixis’ management of compliance risk. Organization 3.2.2.2 (Data certified by the Statutory Auditors in accordance with IFRS 7) Risk management governance is a structured organization involving all levels of the bank: the Board of Directors and its special committees V (Risk Committee, Audit Committee, etc.); the executive managers and the special Risk Committees they V chair within the bank; the central divisions, independent of the businesses; V the business lines (Asset & Wealth Management, Corporate & V Investment Banking, Insurance, and Payments). Risk culture 3.2.2.3 Natixis is defined by its strong risk culture at every level of the organization. The risk culture is central to the risk management function’s guiding principles, as set out in the Risk Charter. Its priorities are twofold: harmonizing best practices within the bank by deploying a V compendium of risk policies, standards and procedures covering all the bank’s major risks (credit, market, operational and model) and outline the bank’s strategic vision and risk appetite; deploying a three-pillar strategy in respect of the bank’s risk V culture: a first pillar seeking to raise awareness and inform, by V strengthening the division’s digital communications (e-letter Risk in Mind, strengthened presence of the Risk Supervision Division on the internal social network, etc.) and implementation of “Lessons learned” sessions, the aim being to learn from past incidents and share the lessons learned;

3

111

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2019