NATIXIS - Universal registration document and financial report 2019

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

The Compliance Department reports to the members of Natixis’ Senior Management Committee and the Board of Directors (Risk Committee) on the main risks detected, and on the implementation and effectiveness of the measures to address these risks. It helps draft the reports required by regulators and acts in accordance with the rules set out by Groupe BPCE. Functional structure The Compliance Department reports to the Corporate Secretary and functions independently of the operational departments. At Natixis S.A. level, the business line compliance managers report hierarchically to Natixis’ Chief Compliance Officer. There is a direct reporting line between Natixis’ Chief Compliance Officer and the subsidiary compliance managers, and a strong functional link with the branch compliance managers (particularly for prior approval of the reporting line, appointment or withdrawal of subsidiary compliance managers, participation in annual performance and career advancement appraisals, approval of annual work plans, and with respect to the duty to alert and report to the Compliance Department). The operating rules of the Compliance Department are set out in a charter approved by Natixis’ Senior Management Committee. Tools The Compliance Department is equipped with a set of tools to cover all the areas within its remit, namely: operational analysis tools used in conjunction with KYC tools to V detect money laundering and internal fraud and prevent terrorist financing; data-comparison systems to verify client databases and screen V transactions to ensure compliance with embargoes; tools to track sensitive transactions, keep insider lists, manage V conflicts of interest and detect instances of market abuse. Employees and professional 3.2.8.2 ethics Conflicts of interest Conflicts of interest are prevented by: using risk maps to identify situations posing a risk of conflict of V interest; setting up and monitoring of information barriers; V checking compensation policies; V being compliant with the rules of good conduct applicable to V Natixis staff; and staff training. V Conflict of interest is managed through: compliance with the conflict of interest prevention framework; V cooperation among the business lines, Compliance and V Management in order to identify and manage conflicts of interest; close monitoring by Compliance with the help of a transactional V conflict detection tool; and an escalation process for mediating unresolved conflicts of V interest if needed.

Whenever the risk of compromising a customer’s interests becomes unavoidable in spite of the internal procedures in place, Natixis informs the customer of the nature of the conflict of interest before taking action on the customer’s behalf. This allows the customer to make an informed decision on whether to proceed with the transaction. Circulation of information Information barriers are put in place and reviewed each time the organizational structure changes in order to prevent the unwarranted circulation of confidential information. These barriers function as partitions between business lines and departments. They limit the circulation of information on a need-to-know basis, which means that information is transmitted only in the customer’s interest and only to employees who absolutely require the information to carry out their duties. These barriers may be organizational, physical or electronic and may be permanent or temporary. Natixis has set up a permanent information barrier separating its Asset Management business activities within Natixis Investment Managers from its other activities. Pursuant to regulations in force, the entry of sensitive transactions into a special tool that allows Compliance to rapidly identify issuers to be placed on the watchlist or on the prohibition list, as well as employees to be placed on the insider list. Market integrity In accordance with the requirements of the EU regulation on market abuse, Natixis has set up a framework for detecting transactions likely to constitute market abuse. This framework is incorporated within its internal control system. Alerts are processed and potential cases of market abuse are analyzed by a surveillance tool and dedicated teams. Transactions that could constitute market abuse are reported to the Autorité des Marchés Financiers (AMF — French Financial Markets Authority) or to local regulators, in accordance with the regulations in force. The framework is currently being updated to strengthen its analysis and detection capacity. The version upgrade of the detection tool for Corporate & Investment Banking is also part of this process. Customer protection 3.2.8.3 The protection of customers’ interests is a core concern for Natixis that is reflected in the policies of every entity in France and abroad, as well as being included in its Code of Conduct. In all circumstances, employees are required to serve customers with diligence, loyalty, honesty and professionalism, and to offer financial products and services that are appropriate to customers’ abilities and needs. Accordingly, and in the interest of maintaining a high level of customer protection, Natixis strengthened its procedures and introduced additional controls. This resulted in the implementation of various systems used to manage KYC and other information, establish governance for products offered to clients and preserve their assets. See section 3.2.8.6 for more information on the GDPR and the protection of clients’ personal data. Protection of personal data.

3

147

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2019