NATIXIS -2020 Universal Registration Document

3 RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management

Stress test results for the Natixis scope (Data certified by the Statutory Auditors in accordance with IFRS 7)

Overall stress test levels reached an average level o€f17.5 million at December 31, 2020, versus +€16 million aDt ecember 31, 2019. The historical stress test replicating the sovereign debt crisiisn 2011 gave the maximum loss (-€82 million at December 312,020).

Overall stress tests at December 31, 2020

(in €M)

100

Historical stress tests

100

Hypothetical stress tests

64

48

50

31

24 31

25

23

21

20

8

2

0

-27

-26

-50

-82

-100

Liquidity

Commodities

2008 Lehman

2007 FED action

1997 Asian Crisis

Default by a bank

2002 Credit crash

2011 Sovereign crisis

2008 Corpo/ABS/MBS

Emerging market crisis

Increase in Interest rate

1994 Bond Market Crash

1987 Stock market crash

Influential Issuer default

Fall in stock market indices

Operational risk 3.2.6 Targets and policy 3.2.6.1

Organization 3.2.6.2 The function in charge of operational risk ensures the monitoring and management of risks arising from failures attributable to operating procedures, employees and internal systems or arising from outside events. Its duties as described in the operational risk policies and procedures validated by the Natixis Operational Risk Committee include: recording incidents via a network of Operational Risk Officers V across all business lines and support functions; analyzing serious incidents using an escalation process; V mappingpotential risks, both qualitativelyand quantitatively,based V on a risk self-assessment and audits carried out by the business lines; links with other control functions; V establishing key risk indicators and environmental variables of a V predictive nature.

As part of the definition of its risk appetite, and in accordance with article 98 of the French Ministerial Order of November 3, 2014, Natixis defined its operational risk tolerance policy with a view to limiting losses related to operational risks and regularly reviewing actions to reduce risks. The policy sets out the governance established, the quantitative and qualitative managemenftramework, and the monitoring performed thus far. It defines the operational risk management criteria, including: quantitative indicators: one historical indicator measuring the cost V of risk, one individual indicator identifying the occurrence of major incidents to be reported to the regulator (Article 98), a specific individual indicator raising the alert on internal fraud events, and an operational risk management indicator measuring the progress of corrective actions; a qualitative indicator regarding the compliance of the governance V of the system; specific indicators monitoring Information and Communication V Technology (ICT) risk, including cyber risk. The operational risk management system identifies, measures, monitors and controls the level of operational risks for all the Company’s business lines and support functions in France and abroad.

148

NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2020