BIC - 2020 Universal Registration Document

RISKS MANAGEMENT

Description and mitigation of main risk factors

Risk related to the non-respect of Human Rights and ir Practices Non-compliance with fundamental human rights such as child labor, discrimination or forced labor. • Corruption and unfair practices. •

Level of risk: medium Potential Impact on BIC:

Examples of Risk Mitigation:

Legal action against BIC and major consequences in terms of reputation and attractiveness.

To ensure respect for Human Rights at work, BIC has adopted a Code of Conduct, consisting of a set of professional and social principles derived from the standards of the International Labor Organization (ILO). The Group is committed to socially responsible behavior in all its activities. The Code of Conduct applies to BIC factories as well as contract manufacturers. BIC regularly monitors its implementation through audits and tools. Moreover, BIC’s reliance on contract manufacturing is relatively low. Overall, 92% of its net sales are generated by products made in its own factories. 87% of its factories are located in countries with no Human Risk, according to FreedomHouse. The Group works with subcontractors primarily for Stationery products in the Consumer business and for Advertising and Promotional Products. Subcontracting gives BIC greater flexibility. More information is available in § 3.5. of Chapter 3 Our environmental, social and societal responsibility (§ 3.5.1.2 Ensuring respect of Human Rights in the workplace). Compliance with ethical principles and the fight against all forms of corruption, active or passive, are stipulated among the standards of the BIC Code of Conduct (issued in 2020 and which regroups the former Code of Ethics and Code of Conduct), and BIC Anti-Corruption Policy (updated in 2020). BIC’s Code of Conduct has defined the fundamental ethical principles that the Group asks all of its teammembers to follow under all circumstances and everywhere in the world. The objective is to build and sustain an authentic corporate culture of integrity, honesty, and fairness. Since 2017, BIC has been developing and deploying tools (training, reporting systems, etc.) to facilitate the identification, evaluation, mitigation, monitoring and quantification of the potential risks of corruption and unfair practices. More information on the fight against corruption is available in Chapter 3, § 3.5. (§ 3.5.3 Ethics and the fight against corruption).

Risks related to IT Security The Group is exposed to risks stemming from cyberattacks and risks related to IT and telecommunications system failure. Personal data protection regulations, including the General Data Protection Regulations (GDPR) have increased the risks related to regulatory non-compliance.

Level of risk: medium Potential Impact on BIC: Loss of strategic or confidential information. • IT and telecommunication system failure. Disruption of the normal of business operations. • Cyber Security risks have grown over time and increased during the Covid-19 pandemi c.

Examples of Risk Mitigation: Dedicated IT Security & Data governance processes have been • established, including the creation of a Security Council and the appointment of an IT Risk Manager. Cyber Security mitigation has been aligned with BIC’s internal control • framework and updates are reported out regularly to the Audit Committee. IT Security policies & standards have been implemented across the • organization. information and training sessions are organized to raise teammembers • awareness of Cyber risks.

56

• BIC GROUP - 2020 UNIVERSAL REGISTRATION DOCUMENT •