BNP Paribas Fortis : Pillar 3 disclosure – 2022

BNP PARIBAS FORTIS SA/NV

Pillar 3 disclosure for the year 2022

The bank for a changing world

CONTENTS

CONTENTS	2
INTRODUCTION	4
1. RISK MANAGEMENT ORGANISATION	5
1.a. Mission and organisation	5
1.b. BNP Paribas Fortis Risk committees	6
2. RISK MEASUREMENT AND CATEGORIES	7
2.a. Risk measurement	7
2.b. Risk taxonomy	7
3. CAPITAL ADEQUACY	9
3.a. Framework	9
3.b. Breakdown of regulatory capital	9
3.c. Pillar 2 Process	12
4. CREDIT AND COUNTERPARTY CREDIT RISK	13
4.a. Credit risk	13
4.a.1. Exposure to Credit risk	13
4.a.2. General credit policy and control and provisioning procedures	13
4.a.3. The credit lifecycle	13
4.a.4. Internal rating system	14
4.a.5. Portfolio policy	15
4.a.6. Risk mitigation techniques	16
4.a.7. Credit risk rating	19
4.a.8. Loans with forbearance measures	22
4.b. Counterparty Credit Risk	23
4.b.1. Counterparty credit risk valuation	23
4.b.2. Exposure to Counterparty credit risk	27
4.b.3. Bilateral counterparty credit risk	27
4.b.4. Counterparty credit risk exposures on central counterparties for cleared transactions	29
4.b.5. CVA risk	29
4.b.6. Counterparty credit risk management	30
4.b.7. Capital charges and risk-weighted assets	30
BNP PARIBAS FORTIS PILLAR 3 DISCLOSURE 2022	- 2 -

4.c. Securitisation	30
4.d. Equity risk	31
5. MARKET RISK	33
5.a. Capital requirement and Risk-Weighted Assets for market risk	33
5.b. Market risk related to trading activities	34
5.b.1. Introduction	34
5.b.2. Market risk management Organisation	35
5.b.3. Valuation control	36
5.b.4. Market risk exposure	37
5.c. Market risk related to banking activities	42
5.c.1. Currency risk	43
5.c.2. Interest rate risk	44
6. SOVEREIGN RISK	47
7. OPERATIONAL RISK	48
8. COMPLIANCE AND REPUTATIONAL RISK	50
9. LIQUIDITY	51
9.a. Liquidity risk management policy	51
9.b. Liquidity risk management and supervision	52
10. REMUNERATION FOR FINANCIAL YEAR 2022 OF MRT	54
10.a. Governance	54
10.a.1. Compliance, Risk and Finance Committee (CRIF)	54
10.a.2. Risk Committee	54
10.a.3. Remuneration Committee	55
10.a.4. Permanent Control Committee (PCC)	55
10.a.5. Audit and controls	56
10.b. BNP Paribas Fortis remuneration guidelines and policy for MRTs	56
10.b.1. Remuneration guidelines applicable to all employees of the Bank	56
10.b.2. Remuneration policy for MRTs	57
10.b.3. Quantitative information on remuneration awarded to MRTs for the 2022 financial year	61
ABBREVIATIONS	64
APPENDIX: ADDITIONAL PILLAR 3 DISCLOSURE	65

BNP PARIBAS FORTIS PILLAR 3 DISCLOSURE 2022

- 3 -

INTRODUCTION

The purpose of Pillar 3 - market discipline, is to complement the minimum capital requirements (Pillar 1) and the supervisory review process (Pillar 2) with a set of disclosures completing the usual financial disclosures.

The Basel reform measures (known as Basel III), strengthen the ability of banks to withstand economic and financial shocks of all kinds by introducing a series of regulatory provisions. The content of this reform was transposed into European law in Directive 2013/36/EU (CRD) and Regulation (EU) No. 575/2013 of June 26th ,2013 (CRR), supplemented in June 2019 by Directive (EU) No. 2019/878 (CRD 5) and Regulation (EU) No. 2019/876 (CRR 2), which together constitute the corpus of texts known as "Basel III".

In application of article 13 of the CRR, BNP Paribas Fortis (hereinafter also referred to as the 'Bank') is considered as a "significant subsidiary". Being part of the Group BNP Paribas, BNP Paribas Fortis is not subject to a full reporting concerning the Pillar 3 disclosures but can limit its disclosures to the ones required by specific articles of the CRR. These disclosures include quantitative and qualitative information on the capital structure and on the capital requirements. Information on the remuneration policies is also provided.

The information presented in this document, along with the Additional Pillar 3 disclosures, reflects the entirety of the risks carried by BNP Paribas Fortis on a consolidated basis. It provides a comprehensive description of BNP Paribas Fortis' Risk Management organisation and a quantitative and qualitative overview of BNP Paribas Fortis' risk exposure at year-end 2022.

The Additional Pillar 3 disclosures at year-end 2022 of BNP Paribas Fortis are also available under the following link: https://www.bnpparibasfortis.com/investors/financial-reports.

BNP Paribas Fortis' risk measures are presented according to the Basel III principles under the prudential scope of consolidation. These risks are calculated using methods approved by the banking regulator, i.e. the National Bank of Belgium (NBB) and the European Central Bank (ECB), and are measured and managed as consistently as possible with the BNP Paribas risk methodologies.

Further details on the BNP Paribas Group's approach to the measuring and managing of risks resulting from banking activities can be found in the Universal Registration Document and Annual Financial Reports of BNP Paribas under the following link: https://invest.bnpparibas.com/en/registration-documents-annual-financial-reports.

The format and references of the Pillar 3 tables meet the various technical standards published by the European Commission and European Banking Authority which aimed at improving the comparability of information published by the institutions. All amounts in the tables of the Pillar 3 report are denominated in millions of euros, unless stated otherwise.

Attestation

I, the undersigned Pierre Bouchara, Chief Financial Officer (CFO) of BNP Paribas Fortis, confirm that, after having taken all reasonable measures, the information included in this disclosure complies to my knowledge to all requirements set out in part 8 of Regulation EU n° 2019/876 (CRR2).

Brussels, the 12th of April 2023.

BNP PARIBAS FORTIS PILLAR 3 DISCLOSURE 2022

- 4 -

1. RISK MANAGEMENT ORGANISATION

1.a. Mission and organisation

Risk management is key in the banking business. At BNP Paribas Group, operating methods and procedures throughout the organisation are geared towards addressing risks effectively. The entire process is supervised primarily by the RISK department, which is responsible for measuring and controlling risks at Group level. RISK is independent from the Core Business divisions, Business Lines and territories and reports directly to Group Executive Management.

The guiding principles of the mission and organisation of BNP Paribas Fortis' RISK department are aligned:

• with the mission of BNP Paribas RISK namely to:
• • advise the Bank's management on risk appetite and policy;
  • provide a 'second pair of eyes' so that risks taken by the Bank are aligned with its policies and are compatible with its profitability and solvency objectives;
  • report to and alert Bank management, Core Business division heads and the special committee of the Board of directors on the status of the risks to which the Bank is exposed;
  • ensure compliance with banking regulations in the risk area, in liaison with other relevant group functions.
• and with its organisational principles:
• • a single integrated RISK entity, which is responsible for risk aspects across all businesses;
  • independent from business-line management;
  • organised with local and global reporting lines (matrix principle).

The BNP Paribas Fortis RISK department was integrated into the BNP Paribas RISK function in November 2009. The Chief Risk Officer (CRO) of BNP Paribas Fortis is a Member of the Executive Board and also has a reporting line to the BNP Paribas Head of RISK Domestic Markets. The CRO has no hierarchical link to the heads of businesses or heads of countries. This structure is designed to:

• ensure objective risk control;
• ensure that swift, objective and complete information is provided in the event of increased risk;
• maintain a single set of high-quality risk management standards throughout the Bank;
• ensure that the Bank's risk professionals implement and further develop methods and procedures of the highest quality in line with its international competitors' best practices.

The CRO heads the various RISK functions:

• RISK Enterprise Risk Architecture is responsible for the regulatory affairs, RISK analytics and modelling, RISK strategic analysis, reporting and provisioning, RISK ALM - treasury and liquidity;
• RISK CIB is tasked to provide full transparency and a dynamic analysis of market & counterparty risks to all BNP Paribas Fortis businesses and is responsible for the management of credit risks on Financial Institutions, on Sovereigns and on Corporates belonging to BNP Paribas Fortis CIB;
• RISK Belgian Retail Banking is responsible for the management of credit risks arising from all Business Lines within the perimeter of BNP Paribas Fortis (Retail & Private Banking Belgium, Corporate Banking excluding CIB);
• RISK Function COO is responsible for operational permanent control (ensuring second-line control of the RISK function and of business continuity), the Risk Operating Office (coordinating the non-core support functions) and communication;
• Tribe Risk & Credits is responsible for products, processes, IT assets and data related to credit and risk management;
• RISK IRC (RISK Independent Review & Control) is responsible for model risk management and the independent review of models in the area of 1) credit risk, 2) market- and counterparty risk and 3) operational risk;
• RISK ORM (Operational Risk Management) BNP Paribas Fortis Belgium provides reasonable assurance of the existence and the efficient functioning of an operational permanent control framework within BNP Paribas Fortis in Belgium that meets the supervisory requirements of BNP Paribas Fortis as well as those of BNP Paribas Group;

BNP PARIBAS FORTIS PILLAR 3 DISCLOSURE 2022

- 5 -