Compagnies des Alpes // 2019 Universal Registration Document

2 RISK FACTORS

Risk management procedures

In accordance with regulation (EU) 2017/1 129 of 14 June 2017, revising the Prospectus Directive and published in the O ffi cial Journal of the European Union on 30 June 2017, Compagnie des Alpes has complied with the new regulatory requirements in terms of the clarity and the simpli fi cation of the presentation of risk-related information. Compagnie des Alpes is presenting a risk classi fi cation based on the Group’s new risk mapping, highlighting the 12 priority risks identi fi ed through our top-down risk assessment approach. To identify and evaluate risks, Compagnie des Alpes relies largely on the work of its Group Risk Committee, which meets several times a year in the presence of all members of the Executive Committee.

The Group has reviewed the risks that might have a signi fi cant negative impact on its business, its fi nancial position or results, and has concluded that there are no speci fi c or material risks other than those presented below. This chapter de fi nes the risk management procedures, along with the processes and internal organisation put in place in this regard. It also details the main risks to which Compagnie des Alpes may be exposed, classed into fi ve categories: strategic risks, operational risks related to its activities, human risks, regulatory and compliance risks, and fi nancial risks.

2.1 Risk management procedures

The Group’s experts provide support to the definition and implementation of the action plans. They are consulted and coordinated by the Risk, Insurance and Crisis Management Department. This enables them to share their methods and take charge of cross- functional assignments. Steering of risk management procedures A Group Risk Committee, chaired by the Chairman and Chief Executive O ffi cer: l meets quarterly; l includes all members of the Executive Committee, the Human Resources Director and the Audit and Internal Control Director; l is prepared and led by the Director of Risk, Insurance and Crisis Management. It is responsible for the steering of the risk management procedures. It examines the progress of the action plans relating to the key risks identi fi ed and the incidents that occurred over the previous period. It then decides on the approaches to be adopted and, if necessary, acts as an arbitrator. Lastly, it takes decisions on certain risks that are not considered a priority, either as a result of the economic or social environment, changes in indicators or weak signals that require particular attention. Specialist Committees complete this system and allow operational risks (risks linked to IT systems) or speci fi c issues (risks linked to intangible assets) to be monitored more closely, as required. Procedures and Steering of risk management The CDA Group carried out detailed risk mapping for its entities and the holding company over several years, based on an assessment of potential impacts, the likelihood of a risk arising and the degree of control present. Risk mapping initially relies on the gathering of information from operating subsidiaries in order to assess their risk potential. Since 2016, the Group Risk Committee has reviewed and de fi ned the 8 new priority risks of the Group and its subsidiaries. In parallel with these bottom-up risk mapping measures, in 2018/2019 the Group initiated a top-down risk assessment procedure, to round o ff the existing approach. This methodology, which is essentially based on interviews with the Company’s main executives, aims to analyse the situations and scenarios that may have a medium/long-term impact on the Company’s value and strategy.

CDA Group’s risk management is handled by the Risk, Insurance and Crisis Management Department. It aims to identify, analyse, assess, monitor and control the main risks to which the Group and its subsidiaries are exposed, thus helping to: l protect the value, assets and reputation of the Group; l secure decision-making and processes to help ensure targets are met; l ensure that the Company’s preventive actions are consistent with its values; l mobilise Group employees around a common vision of risks. These procedures are based on: l an organisational framework de fi ning roles and responsibilities; l a risk management process comprising the steps of risk identi fi cation, Driven by Executive Management and implemented by the Risk, Insurance and Crisis Management Department, these procedures are applied to the holding company and all entities. As is the case with any control procedure, while providing a structured, cross-cutting vision of the risks, the risk management procedures cannot provide an absolute guarantee that the Company’s targets will be met. Organisation The Executive Management of the CDA Group decides on: l the objectives and values of the Group; l the risk management policy; l the organisation and responsibilities in the area of risk monitoring; l the risks to be addressed as a matter of priority and the acceptable risk level. The corporate o ffi cers of the entities are the fi nal risk owners of the risks and are responsible for implementing action plans for all risks under their responsibility. As de fi ned during the risk mapping process, the risk owner is responsible for the action plan and for monitoring the reduction of an identi fi ed risk that may linked to the Company’s various activities. risk analysis and risk management; l management of the procedures.

32

Compagnie des Alpes I 2019 Universal registration document