2021 Universal Registration Document

4 CORPORATE RESPONSIBILITY

Engaging our stakeholders to meet their needs better

The code of ethics is publicly available from the Ethics and Compliance page of Sopra Steria’s corporate website at www.soprasteria.com. Core rules and Group procedures The code of ethics is supplemented by an anti-corruption code of conduct, a code of conduct for stock market transactions, a suppliers’ charter and a common core of rules and procedures. (See Chapter 2, “Risk factors and internal control”, of this Universal Whistleblowing procedure

Registration Document on pages 37 to 50.) As part of the compliance programme, work was undertaken at Group level in 2021 to continuously improve existing rules and clarify guidelines and procedures to ensure that regulatory changes are taken into account, best practice is adopted and these procedures are applied and controlled within the Group on an ongoing basis. For example, ten or so rules relating to compliance issues were either added to or further clarified within the Group Rules, which constitute the Data security, integrity and confidentiality are assured. Sopra Steria guarantees that all information exchanged, including the identity of the whistleblower and any other relevant persons, will remain confidential. Anonymous whistleblowing is possible but not recommended. Anonymous reports can be dealt with if sufficient detail is provided and the gravity of the situation can be established. Sopra Steria can better protect whistleblowers against reprisals of any kind if they disclose their identity. Under the Group’s whistleblowing procedure, reports received are assessed for admissibility before a decision is made as to whether to conduct an internal investigation. Reports are handled within a reasonable time frame, according to the severity and/or complexity of the allegations. Records of reports received under the whistleblowing procedure are kept in accordance with applicable legislation and/or regulations. GOVERNANCE AND ORGANISATION 4.4.2. Sopra Steria has decided to bring together compliance, internal control and risk management within the Internal Control Department, which reports directly to the Group’s Executive Management. This department appears before the Audit Committee and the Nomination, Governance, Ethics and Corporate Responsibility Committee at regular intervals. This structure allows for centrally coordinated, Group-wide governance to deal with compliance issues, compliance controls, risks and potential whistleblowing. The Internal Control Department oversees compliance issues and p coordinates all stakeholders involved in compliance and internal control across the Group. The Internal Control Director is the primary reference point for the whistleblowing system in her capacity as Group Compliance Officer; This department is supported by the network of Internal Control p & Compliance Officers. They are appointed to work with local teams in each Group entity; It also works with the Group-level functional and operational p departments, each with expertise in its own area (Human Resources Department, Legal Department, Finance Department, Purchasing Department, Industrial Department, and Corporate Responsibility and Sustainable Development Department). To ensure that all compliance issues are covered, each of these departments has its own correspondents within the Group’s various entities. operating fundamentals applicable to all Group entities.

Whistleblowing procedure

Protection from all forms of retaliation

Group employee

Third party

Whistleblowing system

Supervisor or department manager

Entity whistleblowing system

Group whistleblowing system

Consideration of admissibility

The report is handled within a reasonable time frame, according to the severity and/or complexity of the allegations.

Processing

The whistleblowing procedure can be used to flag up serious situations and risks relating to legal or regulatory requirements, ethical principles or internal policies, notably in the following areas: corruption and influence peddling, fraud, insider trading, breaches of competition law and infringements of the duty of care (human rights and fundamental freedoms, health and safety, environment). Employees may bring any concerns they have to the attention of their line manager, their line manager’s manager, their entity’s Compliance Officer, the Compliance Officer of the functional division to which their entity belongs or the Group Compliance Officer, as they see fit. As an alternative to these usual communication channels, they may choose to use Sopra Steria’s whistleblowing procedure. An e-mail address is provided within each entity, managed by a designated individual approved by the Group’s Internal Control Department, which is responsible for the whistleblowing procedure. Concerns can also be raised directly with the Group’s Internal Control Department by writing to the following e-mail address: ethics@soprasteria.com. This reporting channel is also open to all external stakeholders, including in particular the Group’s clients, suppliers, subcontractors and business partners. It is also available on the Ethics and Compliance page of the Group’s website at www.soprasteria.com.

142

SOPRA STERIA UNIVERSAL REGISTRATION DOCUMENT 2021