2021 Universal Registration Document

RISKS MANAGEMENT

Description and mitigation of main risk factors

Risks related to IT Security The Group is exposed to risks stemming from cyberattacks and IT and telecommunications system failure. Personal data protection regulations, including the General Data Protection Regulations (GDPR), have increased the risks related to regulatory non-compliance. The ciurrrent crisis in Ukraine has increased the risk of cyberattack. Level of risk impact: medium Potential Impact on BIC: Examples of Risk Mitigation:

loss of strategic or confidential information; • IT and telecommunication system failure; • disruption of the normal of business operations. •

dedicated IT Security & Data Governance resources and processes • have been established, including creating a Security Council and the appointment of an IT Risk Manager; Cyber Security mitigation has been aligned with BIC’s internal control • framework, and updates are reported out regularly to the Audit Committee; IT Security policies & standards have been implemented across the • organization; information and training sessions are organized to raise teammembers’ • awareness of Cyber risks.

Risk related to the non-respect of Human Rights and Unfair Practices This risk includes non-compliance with fundamental human rights such as child labor, discrimination or forced labor, as well as corruption and unfair practices. Level of risk impact: medium Potential Impact on BIC: Examples of Risk Mitigation: legal actions against BIC and significant consequences in terms of • reputation and attractiveness. to ensure respect for Human Rights at work, BIC has adopted a Code of • Conduct, consisting of a set of professional and social principles derived from the standards of the International Labor Organization (ILO). The Group is committed to socially responsible behavior in all its activities.

The Code of Conduct applies to BIC factories as well as contract manufacturers. BIC regularly monitors its implementation through audits and tools; BIC’s reliance on contract manufacturing is relatively low. Overall, 91% • of its net sales are generated by products made in its factories. 65% of its factories are located in countries with no Human Risk, according to Freedom House. The Group works with subcontractors primarily for Stationery products in the Consumer business and for Advertising and Promotional Products. Subcontracting gives BIC greater flexibility; BIC also reinforces its expectations of its suppliers and business • partners to comply with applicable national and international legislation, including laws regarding anti-corruption, anti-trust, anti-bribery and fair competition, and human rights in its Supplier Code of Conduct issued in 2020. More information is available in Chapter 3 Non-financial performance statement: our environmental, social and societal responsibility ( § 3.5.1.2 Ensuring respect of Human Rights in the workplace ). compliance with ethical principles and the fight against all forms of • corruption, active or passive, are stipulated among the BIC Code of Conduct issued in 2020 and BIC Anti-Corruption Policy (updated in 2020). BIC’s Code of Conduct has defined the fundamental ethical principles that the Group asks all of its teammembers to follow under all circumstances and everywhere in the world. The objective is to build and sustain an authentic corporate culture of integrity, honesty, and fairness. Since 2017, BIC has been developing and deploying tools (training, reporting systems, etc.) to facilitate the identification, evaluation, mitigation, monitoring, and quantification of the potential risks of Corruption and unfair practices. More information on the fight against Corruption is available in Chapter 3, § 3.5. ( § 3.5.3 Business conduct and combatting corruption ).

55

• BIC GROUP - 2021 UNIVERSAL REGISTRATION DOCUMENT •