NATIXIS - Universal registration document and financial report 2019

RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

Furthermore, the a priori AML-CTF referral criteria used by Natixis S.A.’s Financial Security were strengthened and redefined as part of reinforcing monitoring across the consolidated scope of Natixis S.A. and its subsidiaries. Accordingly, before a transaction or financing can be prepared, an opinion on cases that meet one or more criteria on the list of referral criteria must be provided by Natixis S.A.’s Financial Security. As for counter-terrorist financing, Natixis continued its work on the CTF risk map based on an assessment of the exposure of Natixis’ business lines, branches and subsidiaries. In addition, the geopolitical watch report is distributed internally, thereby keeping people informed of the latest developments in this area and providing them with guidelines on implementing appropriate vigilance measures and dedicated controls. Natixis has a framework of internal policies and procedures, screening tools, training and permanent supervision controls ensuring compliance with the financial sanction and embargo regulations to which it is subject. The framework draws on measures for verifying client databases and screening transactions with a view to identifying, on an ongoing basis, any person or entity subject to financial sanctions, specifically account freezes or restricted access to bank financing. It makes it possible to freeze the accounts of Natixis customers as quickly as possible. It is also able to prevent any transactions linked to sectors, goods or technologies that are subject to restrictions or bans pursuant to embargo measures. Jurisdictions subject to embargo undergo constant supervision and heightened diligence as part of a prudent and restrictive approach. A team of experts dedicated to financial sanctions provides specific assistance and advice to the Bank’s business lines and entities. In 2019, Natixis continued to enhance its international sanction compliance framework by improving screening tools within the framework of projects steered by the Financial Security Department. Prevention of fraud Anti-fraud measures are steered by the Anti-fraud Coordination Unit in collaboration with the relevant business lines. This unit is also in charge of drafting and implementing standards and principles for fraud risk management and of coordinating the anti-fraud officers’ network across Natixis’ branches and subsidiaries in France and abroad. More specifically, risk linked to capital market activities is closely monitored and subject to specific first- and second-level controls overseen and implemented by a dedicated team within CIB Compliance. Social engineering-type payment fraud is also subject to constant vigilance and specific prevention measures, including dedicated training. Lastly, the risk of information leaks, which has become a major risk, is subject to specific controls and investigations employing the expertise of fraud and IT security experts as well as the legal and HR functions as necessary. Compliance with financial sanctions and embargoes

Prevention of corruption In accordance with the requirements set out in Article 17 of the law of December 9, 2016 on transparency, the prevention of corruption and the modernization of the economy (known as “Sapin II”), Natixis has strengthened and added certain rules and procedures to its compliance framework to align them with the highest international standards in corruption prevention. Natixis’ Chief Executive Officer is responsible for the corruption prevention program. The anti-corruption framework as a whole is managed and coordinated by a dedicated team within Compliance’s Financial Security Department. It relies on a network of anti-corruption officers within all of Natixis’ business lines, subsidiaries and branches, in France and abroad. Governance is provided through existing Risk Management and Control Committees and through the introduction of specific Committees. standards and procedures. This includes a policy intended to V prevent and detect corruption that is shared with all employees, as well as internal rules on this theme. The various high-risk situations are also managed through dedicated procedures, such as the procedures for preventing and managing conflict-of-interest situations, conducting anti-corruption due diligence when initiating business relationships with third parties and prior to forming partnerships or carrying out merger and acquisition transactions, and supervising recruitment. High-risk practices, including giving/accepting gifts or invitations, patronage initiatives, sponsoring, donations and third-party compensation, are also governed by specific procedures; a control system. The corruption aspects are fully incorporated V within the existing permanent control system, particularly through specific controls covering high-risk situations and practices; a whistleblowing system. The corruption prevention program is V based on Natixis’ alert system. Natixis employees can use the alert system to report any facts or events they encounter that may indicate corruption or influence peddling; a training system. To ensure that these rules and procedures are V disseminated and adopted, compulsory e-learning training has been rolled out and specific training sessions have been held for the members of Natixis’ Executive Committee and employees who are most likely to be exposed to corruption risk. In addition to the French regulations that apply to all Natixis entities, Natixis ensures strict compliance with the local regulations applicable to its foreign operations, such as the UK Bribery Act and the US Foreign Corrupt Practices Act. The main corruption prevention program rules and procedures can be found in Natixis’ anti-corruption policy, available at www.natixis.com. The anti-corruption framework includes: a regularly updated corruption risk map ; V

3

149

www.natixis.com

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2019