EDF / 2018 Reference document

ENVIRONMENTAL AND SOCIETAL INFORMATION – HUMAN RESOURCES Ethics, compliance, tax transparency

The anti-corruption compliance 3.5.1.2 programme

In 2018, the code of conduct was integrated within most of the internal rules at EDF establishments and subsidiaries. Given that the Group Ethics & Compliance Policy (PECG) has deemed preventing risks of corruption a priority, the DECG has strengthened its framework for gifts and entertainment, the rules of which are set out in the code of conduct. In 2017, the DECG published a practical guide for monitoring gifts and entertainment, as well as a support video to assist entities and subsidiaries in deploying this guide within their remit. In 2018, the Company developed and deployed an application (DECI) enabling employees to register any gifts and entertainment received, offered or refused. The code of conduct prohibits the payment of incentives and expressly states that donations made to a foundation or non-profit must not be used for corrupt purposes. It will be regularly updated in accordance with changes in the Company’s risk mapping. Whistleblowing system Since 2016, the whistleblowing system has included compliance-related themes. In December 2017, the EDF Executive Committee decided to upgrade its system in order to strengthen data security and maintain whistleblowers’ anonymity. It decided to set up a single alert system for all alerts under the Sapin II Law and the law on “duty of care” (“devoir de vigilance”). The DECG is the system’s contact for the Group. This system benefits all Group entities, including subsidiaries that already have an alert system. Subsidiaries in the regulated sector, Enedis and RTE (1) , have indicated that they are setting up their own whistleblowing system. Alerts in relation to these regulated infrastructure subsidiaries will therefore be referred on to their own systems. The upgrade plan was presented to the EDF CWC (Central Work Council) for the first time on 18 January 2018, and the CWC’s opinion was received on 2 March 2018. The new system went live on 10 September 2018. The DECG assesses the admissibility of alerts, then handles those deemed admissible together with the Ethics and Compliance Officer and other experts, if required. EDF has decided, following a call for tenders, to purchase a tool to store alerts within a completely secure framework (Sapin II and GDPR compliant), in order to ensure that all employees and third parties can process their data internally and confidentially, with a system that is completely disconnected from the Company’s information systems. The interface of the Group’s ethics and compliance whistleblowing system is available in several languages (French, English, Italian, Portuguese, Dutch and Mandarin) in France and abroad, and the whistleblower can submit their alert in the language of their choosing. This tool complies with local regulations everywhere the EDF group operates. The external alert system is ISO 27001 certified and has the European Privacy Seal. It was audited by the EDF IT departments prior to being deployed. The system undergoes regular intrusion tests. It is also possible to contact DECG direct by postal service. The Group Ethics and Compliance Division has published two bilingual guides, in French and English: “The whistleblower’s guide”, intended for all employees, in order to assist them should they wish to submit a report; and, “The processing guide” for all Responsibles for Treatment, in order to show them the methods for processing alerts, from receipt to the completion of their analysis, as well as any resulting actions or procedures. The EDF group ethics and compliance whistleblowing system allows Group employees and external staff (temporary workers, service provider employees, etc.) or occasional employees (fixed-term contracts, apprentices, trainees, etc.), as well as third parties, to report actions of which group EDF or its employees are the culprits or victims, in accordance with the “Sapin II” and “Duty of Care” laws.

The French law of 9 December 2016 on transparency, the fight against corruption and the modernisation of the economy, known as the “Sapin II” Law, brought France’s legislative arsenal in line with the best international standards regarding the prevention and elimination of corruption and other ethical breaches. Companies like EDF, having met size and revenue criteria, must to set up an anti-corruption compliance programme comprising eight requirements: a code of conduct included with the internal rules, an internal whistleblowing system, a risk map, third-party evaluation procedures, accounting audit procedures, a training system, a disciplinary mechanism and a control and internal evaluation system for the measures put in place. In 2017, the Group Ethics and Compliance Division (DECG) and its network of Ethics and Compliance Officer (ECOs) drew up and deployed an anti-corruption programme within the EDF group, in order to meet the eight requirements set out in Article 17 of the Sapin II Law. In 2018, EDF was not the subject of any sanctions or convictions, penalties or fines by French or foreign authorities for acts of corruption. The code of conduct Ethics and Compliance In the second half of 2017, EDF published its code of conduct Ethics and Compliance following social dialogue launched in late 2016, as well as an opinion issued by the Central Works Council (CWS-"Comité central d'entreprise" (CCE) in French) on 1 June 2017, the date on which the law came into force. In accordance with the law’s requirements and the recommendations of the French Anti-Corruption Agency (AFA) this code of conduct, which is binding on all employees, defines and illustrates, through practical cases, the different types of behaviour employees are likely to face as a result of the Company’s business activities and organisation, and which should be prohibited given that they may constitute acts of corruption or influence peddling. It defines rules for all the themes identified during the risk mapping process: prevention of corruption; integrity checks on business relations; gifts and entertainment; prevention of conflicts of interest; combating fraud; prevention of market abuse; prevention of the risk of money laundering and financing of terrorism; prevention of breaches of antitrust laws; respect for international sanctions and monitoring of international trade. In order to prevent the risk of corruption and to provide employees with a framework and guidelines for assessing what does and doesn’t constitute misconduct, EDF’s code of conduct identifies, for each of the nine themes mentioned above, appropriate behaviours under a paragraph entitled “we must”, and prohibited behaviours under a paragraph entitled “we must not”. For educational purposes, it also illustrates “high-risk situations” and the “right reflexes” to adopt. The code of conduct was applied at the subsidiaries by adopting the rules of the EDF code. The code of conduct, Ethics and Compliance has benefited from the serious commitment made by top management, both in terms of its drafting and deployment. It was distributed to all employees in an email from the Chairman in summer 2017, and a print version was then sent to employees’ homes in November 2017. The Code can be viewed by third parties in French and English on www.edf.fr. In addition to the code of Ethics and Compliance, managers receive a deployment kit, and employees undergo an awareness programme, including the publication of dedicated articles and an educational video, available on the VEOL ethics and compliance community and the EDF website. A serious game was developed by the Group Ethics and Compliance Division (DECG) in 2018, enabling employees to take the content of the code of conduct on Board in a fun and interactive way, and to assess employees’ understanding of its provisions. The game will be available in 2019.

3.

Distribution network operator Enedis and transmission operator RTE are managed independently. (1)

207

EDF I Reference Document 2018