NATIXIS -2020 Universal Registration Document

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

Organization of Natixis' internal control system

BPCE

GROUP INTERNAL CONTROL COORDINATION COMMITTEE ˜3CIG°

FINANCIAL PERMANENT CONTROL LOD2 FUNCTION

COMPLIANCE FUNCTION

ISS˛BC FUNCTION

RISK FUNCTION

IGG ˝ INTERNAL AUDIT FUNCTION

Permanent Controls Coordination

CONTROL FUNCTIONS COORDINATION COMMITTEE ˜CFCC° NATIXIS

Executive Managers

Board of Directors

1 ST LINE OF DEFENSE

2 ND LINE OF DEFENSE

3 RD LINE OF DEFENSE

Risk Committee

OPERATIONAL SERVICES Controls 1.1 (operational) Controls 1.2 (hierarchical / functional)

COMPLIANCE

GENERAL INSPECTION&AUDIT

Audit Committee

ISS-CA

Compensation Committee

RISK

FINANCIALPERMANENT CONTROL LOD2

Permanent control under the responsibility of the Corporate Secretary

Periodic control

The Control Functions

First-level permanent control 3.2.1.3 First-level permanent controls are carried out by operational or functional staff on the transactions they perform, following internal procedures and legal and regulatory requirements. Transactions may be subject to a control by operational staff themselves (level 1.1) and to a separate control by the chain of command or by a functional department responsible for validating these transactions (level 1.2). The first-level controls are centrally managed through a dedicated tool that is used to consolidate results, identify areas at risk and produce reports. The ComplianceDepartment helps the operational departmentsor support functions define and update these controls.

3.2.1.2

Coordination Committee The Control Functions Coordination Committee (CFCC) is chaired by the Natixis Chief ExecutiveOfficer or his substitute, the Corporate Secretary. It brings together the Chief Risk Officer, the Head of Compliance, the Inspector General, the ISS-BCmanager, the Head of the PermanentFinancial Control Department,a representativeof the BPCE General Secretariat and, as necessary, certain managers, operational or functional. The CFCC coordinates the entire internal control system by: addressing all issues pertaining to the organization and planning V of control services; highlighting areas of emerging or recurring risk within the scope V under consideration and reporting any significant anomalies observed to the executive body (for example, monitoring the backlog of the main corrective measures); and providing the executive body with updates on ongoing controls V performed by internal or external control functions or by regulators, and ensuring that the conclusions from these undertakings are taken into account by the operational business lines. The CFCC met four times in 2020. The conclusions of controls carried out under this system, supplemented with the results of internal and external audits are reported to the Board of Directors via its extensions, the Audit Committee and the Risk Committee.

122

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020