Compagnie des Alpes // 2020 Universal Registration Document

2 RISK FACTORS

Risk management procedures

In accordance with regulation (EU) 2017/1 129 of 14 June 2017, revising the Prospectus Directive and published in the Official Journal of the European Union on 30 June 2017, Compagnie des Alpes has complied with the new regulatory requirements in terms of the clarity and the simplification of the presentation of risk-related information. Compagnie des Alpes is presenting a risk classification based on the Group’s new risk mapping, highlighting the 12 priority risks identified through our top-down risk assessment approach. To identify and evaluate risks, Compagnie des Alpes relies largely on the work of its Group Risk Committee, which meets several times a year in the presence of all members of the Executive Committee.

The Group has reviewed the risks that might have a significant negative impact on its business, its financial position or results, and has concluded that there are no specific or material risks other than those presented below. As of the March 2020 Risk Committee, a new risk has been added to the map of major risks: the “Epidemic-pandemic” risk, as a priority 2, bringing the number of the Group’s priority risks to 13. This chapter defines the risk management procedures, along with the processes and internal organisation put in place in this regard. It also details the main risks to which Compagnie des Alpes may be exposed, classed into five categories: strategic risks, operational risks related to its activities, human risks, regulatory and compliance risks, and financial risks.

2.1 Risk management procedures

The Group’s experts provide support to the definition and implementation of the action plans. They are consulted and coordinated by the Risk, Insurance and Crisis Management Department. This enables them to share their methods and take charge of cross- functional assignments. Steering of risk management procedures A Group Risk Committee, chaired by the Chairman and Chief Executive Officer: l meets quarterly; l includes all members of the Executive Committee, the Human Resources Director and the Audit and Internal Control Director; l is prepared and led by the Director of Risk, Insurance and Crisis Management. It is responsible for the steering of the risk management procedures. It examines the progress of the action plans relating to the key risks identified and the incidents that occurred over the previous period. It then decides on the approaches to be adopted and, if necessary, acts as an arbitrator. Lastly, it takes decisions on certain risks that are not considered a priority, either as a result of the economic or social environment, changes in indicators or weak signals that require particular attention. Specialist Committees complete this system and allow operational risks (risks linked to IT systems) or specific issues (risks linked to intangible assets) to be monitored more closely, as required. Procedures and Steering of risk management The CDA Group carried out detailed risk mapping for its entities and the holding company over several years, based on an assessment of potential impacts, the likelihood of a risk arising and the degree of control present. Risk mapping initially relies on the gathering of information from operating subsidiaries in order to assess their risk potential. Since 2016, the Group Risk Committee has reviewed and defined the 8 new priority risks of the Group and its subsidiaries. In parallel with these bottom-up risk mapping measures, in 2018/2019 the Group initiated a top-down risk assessment procedure, to round off the existing approach, which is still used in 2020.

CDA Group’s risk management is handled by the Risk, Insurance and Crisis Management Department. It aims to identify, analyse, assess, monitor and control the main risks to which the Group and its subsidiaries are exposed, thus helping to: l protect the value, assets and reputation of the Group; l secure decision-making and processes to help ensure targets are met; l ensure that the Company’s preventive actions are consistent with its values; l mobilise Group employees around a common vision of risks. These procedures are based on: l an organisational framework defining roles and responsibilities; l a risk management process comprising the steps of risk identification, Driven by Executive Management and implemented by the Risk, Insurance and Crisis Management Department, these procedures are applied to the holding company and all entities. As is the case with any control procedure, while providing a structured, cross-cutting vision of the risks, the risk management procedures cannot provide an absolute guarantee that the Company’s targets will be met. Organisation The Executive Management of the CDA Group decides on: l the objectives and values of the Group; l the risk management policy; l the organisation and responsibilities in the area of risk monitoring; l the risks to be addressed as a matter of priority and the acceptable risk level. The corporate officers of the entities are the final risk owners of the risks and are responsible for implementing action plans for all risks under their responsibility. As defined during the risk mapping process, the risk owner is responsible for the action plan and for monitoring the reduction of an identified risk that may be linked to the Company’s various activities. risk analysis and risk management; l management of the procedures.

34

Compagnie des Alpes I 2020 Universal registration document