EDF / 2018 Reference document

3.

ENVIRONMENTAL AND SOCIETAL INFORMATION – HUMAN RESOURCES Ethics, compliance, tax transparency

Integrity checks on business relations Integrity checks on business relations are the subject of a memorandum of instructions which defines the third-party evaluation procedures to be implemented by the Heads of Ethics and Compliance of the entities before any commitment and throughout the course of the relationship. The scope of the checks depends on the third party's risk level. An educational outreach programme on the subject is available on the intranet, which can be accessed by all employees. Risks of corruption are identified in relation to EDF’s departments and subsidiaries when third parties are assessed by the ECOs and their contacts during integrity checks on business relations. For EDF divisions that require enhanced vigilance, these controls systematically take into account information provided by business relationship managers and in-house legal experts specialising in the sector. Feedback is scheduled for 2019, two years after initial implementation, in order to ensure that entities are controlling risks relating to the integrity of partners, and in order to amend the content if necessary, specifically in light of AFA recommendations (Sapin II Law requirement). Accounting controls The control procedures defined in EDF are presented in its supporting guide to the fight against fraud accompanying the memorandum of instructions on the fight against fraud of 18 April 2017. The control procedures defined for the various processes (procurement, sales, treasury, personnel, fixed assets-stock, accounting) meet the objective of the “Sapin II” law. These procedures involve 70 random or automatic tests, including 23 performed on the accounting process. Following a technical analysis between the accounting department and the finance management teams of the operational departments concerned, any anomalies likely to be characterised as fraud are, where applicable, forwarded to the entity’s Ethics and Compliance Officer. In the context of the implementation of the Sapin II law, the Accounting & Consulting Shared Services Center (CSP-2C) has implemented a fraud detection escalation procedure in order to handle situations in which potentially fraudulent anomalies are identified in the implementation of accounting controls. The accounting department has not detected any fraud linked to corruption in recent years, through audits carried out or, where applicable, following spontaneous statements or reports. Anti-corruption training The Group Ethics and Compliance Division is developing prevention and training actions and provides deployment tools for all employees. It coordinates a network of professionals in the various entities and has a dedicated forum on the Group intranet. The Group Ethics and Compliance Division has set up a training course on the “Prevention of the Risk of Corruption”, thus meeting the requirements of the “Sapin II” law. It was defined in detail from mid-2016 for managers, and was then deployed in 2017 and 2018 with regard to managers and staff exposed to such risks. The Group Ethics and Compliance Division has produced awareness-raising videos on the nine subject areas of the Group Ethics & Compliance Policy (PECG) and made them available on the ethics and compliance intranet. The nine subject areas are: insider information; international sanctions; harassment and discrimination; the fight against corruption; the fight against fraud; sector regulations; security of personal data; competition law; and, conflicts of interest. Internal tools have also been developed to raise awareness amongst all employees about conflicts of interest (information document, video and chapter of the code of conduct, Ethics and Compliance to identify high-risk situations, reflexes to adopt and good practices). The Group Ethics and Compliance Division provides generic face-to-face training to certain risk-exposed staff, such as subsidiaries directors or contract managers, as well as more specific training, such as training provided by its ethics and compliance network on the new whistleblowing system and the way in which alerts are handled. The Ethics and Compliance Officers add to certain training courses through their networks of contacts. In addition to the Group Ethics and Compliance Division's training initiatives, the Group Legal Division and Group HR Division offer an e-learning module called “Preventing corruption” designed for all employees: this programme deals operationally with the right conduct to adopt in situations involving business relations, conflicts of interest and gifts.

The scope of application for whistleblowing is as follows: a crime or tort; ■

a serious and clear breach of a legally ratified international commitment ■ approved by France, or of a unilateral act of an international organisation taken on the basis of such a commitment; a breach of a law or regulation; ■ a threat or serious harm to the general interest; ■ a breach of the Group code of conduct, Ethics and Compliance; ■ a serious breach of human rights and fundamental liberties, health and safety, or ■ harm to the environment, as a result of EDF’s and the Group's subsidiaries’ business activities. To facilitate understanding, EDF has defined ten areas in the whistleblowing system that fall within its remit: corruption, conflicts of interest, fraud, financial crime, breaches of antitrust laws, international sanctions and controls on international trade, harassment and discrimination, individuals’ rights and protections, serious environmental breaches and the data privacy. Employees can also ask the Group Ethics and Compliance Division for advice in a secure manner, and exercise their rights over their personal data. The admissibility of an alert is assessed with regard to this scope of application and the whistleblower’s relationship with the Company. This admissibility is independent of whether the alleged facts are well-founded or not, which can only be determined through an alert handling process. Alerts are submitted via a web page of the EDF website (1) . The whistleblowing system is accessible 7 days a week, 24 hours a day, and whistleblowers receive an acknowledgement of receipt, notifying them that their alert is being analysed. In line with the zero tolerance policy, each admissible alert is processed in a secure dedicated tool. Whistleblowers have the option to submit an alert anonymously, as long as the severity of the reported facts is established and the factual elements are provided in precise and sufficient detail, so as to provide evidence for the reality of the reported facts. The Group Ethics and Compliance Division issues a regular report. In 2018, this division recorded 12 requests for advice and 64 alerts, 44 of which were considered whistleblowing, as they were deemed admissible, in the Group whistleblowing system (excluding RTE and Enedis). Whistleblowing alerts are handled by the Group Ethics and Compliance Division (DECG) or its network of experts, in order to determine whether or not the alleged facts are well-founded. Most whistleblowing (48%) relates to harassment/discrimination. Of these 44 alerts: 11 were anonymous; ■ 80% came from Group employees; ■ 40 alerts concerned facts and events occurring in France and 4 abroad (2 in ■ Europe outside France, 1 in North America and 1 in South America); 27 related to EDF and 17 to Group subsidiaries. ■ The consolidated results are included in the annual ethics and compliance report submitted to the Executive Committee and presented to the Governance and Corporate Responsibility Committee of the EDF Board of Directors. Risk mapping In 2016, the Group Ethics and Compliance Division began developing a tool for the ECOs, enabling Group entities and subsidiaries to identify the risks associated with their activities and then view them on a map of ethics and compliance risks. Based on this, the entities draw up action plans appropriate to their operational contexts to prevent and mitigate these risks. For the purpose of simplification under the Cap 2030 strategy, and in order to take feedback from the previous year into account, this tool was modified at the beginning of 2017, becoming part of the annual internal control self-assessment process carried out by the Group Risk Department. In 2018, a specific “corruption” risk map was prepared, which identifies and prioritises, by business sector and country, risks of exposure to corruption. In the event of any significant changes in this risk map, the themes included in the code of conduct, Ethics and Compliance will be updated.

https://www.edf.fr/en/the-edf-group/our-commitments/ethics-compliance/whistleblowing-system (1)

208

EDF I Reference Document 2018