The methodology for risk mapping was based upon many interconnected sources: recommendations of the main relevant standards, such as ● ISO 31000 which provides a methodological framework to risk management; external stakeholders’ expectations ( e.g. , French ● Anti-Corruption Agency, NGO, clients) and internal stakeholders; requirements of the “Sapin 2” law and the European ● Directive 2014/95/EU (on non-financial performance statement) in terms of risk identification and prevention; recommendations issued by the United Nations and the OECD ● guidelines in terms of due diligence. Both groups worked to identify the major risks and the relevant actions on the four topics covered by the Law as well as business ethics through around sixty topics intended to sharpen the analysis and to establish action plans. This risk mapping (supply chain and the Group activities) is regularly updated. Perimeter “Responsible Purchasing” working group proceeded to the identification of major risks which now includes Cello Pens, by purchasing category: plastics, ink & chemicals, gas, metal, services (utilities and other services), logistics, subcontractors (licensed manufacturers, contract manufacturers), etc. The risk identification by purchasing category, considering the products and services life cycle, allowed the understanding of the risk positioning in the supply chain, considering the various operators of the supply chain. “BIC Activities” working group identified the major risks arising from manufacturing operations, sales, and from the administrative sites of the Group. Stakeholders consultation The Group involved stakeholders to the elaboration of the risk mapping: internal stakeholders: purchasers of the different purchasing ● categories, Anti-Corruption Officer, domain experts (EH&S, industrial facility, sales in different geographical areas, HR, etc.); external stakeholders: some suppliers (plastics). ● BIC will keep associating and consulting the stakeholders to the Vigilance Plan in 2021.
In accordance with French law no. 2017-399 of March 27, 2017, concerning the duty of care for parent companies (“the Law”), BIC developed and implements the following Vigilance Plan. This Plan contains due diligence measures sufficient to identify risks
and to help prevent infringements and damage to: Human Rights and fundamental freedoms; ● health and safety; and ● environment. ●
It targets the major risks arising from the Group activities and from the activities of its subcontractors and suppliers with whom is maintained an established business relationship to the extent these activities are connected to this relationhip.
Representatives of various departments, Sustainable Development, Purchasing, Legal, Risks, and Internal Control, continued working in 2020 to implement the Vigilance Plan. A member of this working group is responsible for ensuring that the steps are followed in accordance with the Law. The Executive Committee monitors the key extra-financial performance indicators.
Methodology Two working groups carried a risk mapping to identify major risks: one, supervised by the Sustainable Development Department ● and the Legal Department, focused on BIC’s activities; another one, supervised by the Purchasing Department, ● focused on BIC’s supply chain, as part of Writing The Future, Together commitments program. The working groups assessed the existing or potential major risks on our supply chain, as well as opportunities aiming at value creation for the stakeholders and for the Group. An external service provider, specialized in corporate social responsibility and responsible purchasing, supported each working group in developing the risk mapping tools and setting up action plans. The tools included the same rating scale as the one used for the Group risk mapping (presented in § 2.4 Risk management and internal control procedures implemented by the Company and Insurance).
• BIC GROUP - 2020 UNIVERSAL REGISTRATION DOCUMENT •