EURAZEO_REGISTRATION_DOCUMENT_2017

GOVERNANCE Risk management, internal control and main risk factors

Risks relating to legal, regulatory and 3.4.2.6 tax constraints Identification of risks As a private equity investor and a listed company on a regulated market, Eurazeo could be adversely affected by changes to the legislative, regulatory and tax environments. For instance, private equity transactions could lose their appeal in the event of very unfavorable changes in the tax environment. Generally speaking, increases in corporate taxation in the countries where the investments operate is liable to alter the performance of subsidiaries in the countries concerned. Majority-owned investments operate throughout the world, and are subject to national and regional laws and regulations, depending on the country. The activities of these investments are liable to be affected by a wide range of texts (certain with extraterritorial application) primarily relating to corporate law, tax law, employment law, anti-trust law, consumer law, environmental law, export controls and the fight against corruption. All of the investments have mechanisms in place to minimize the risk of non-compliance with these texts. For some regulations, such as anti-trust law, Eurazeo’s liability as controlling entity may be triggered. Finally, in the course of their various operations, the investments are liable to become involved in litigation, or in legal, arbitration or administrative procedures. Risk management Eurazeo and its investments ensure the implementation of efficient compliance programs adapted to the challenges. The post-acquisition projects generally offer portfolio companies the opportunity to strengthen their compliance programs based on the risk assessment performed during the due diligence phase. As part of its monitoring of the investments, each Audit Committee then fully plays its role when monitoring the efficiency of the compliance systems. Risks relating to corporate social 3.4.2.7 responsibility Identification of risks In the same way as the recent law in France on the duty of vigilance (which seeks to introduce an obligation of vigilance for parent companies and contracting companies with respect to subsidiaries, sub-contractors and suppliers), a trend can be observed towards making transnational companies accountable for the actions of their subsidiaries and even their sub-contractors. This accountability seeks to prevent the occurrence of tragedies in France and abroad and to obtain compensation for victims in the event of human rights violations or environmental damage. Over and above a potential attempt to trigger Eurazeo’s liability should this type of risk arise in one of its subsidiaries or their sub-contractors, there is a risk to Eurazeo’s reputation.

Depending on the location and nature of the activity, the impacts of climate change may be identified as material and a source of financial risk. The potential impacts may touch production, the health and safety of employees, operating costs or insurance: direct physical risks in the short-term (e.g. floods resulting in • damage or an activity shut-down) or the longer term (long-term success, quality of access to and supply of critical resources: raw materials, water or energy; relocation of the business due to rising sea levels, etc.); transition risks: ability of the Company to adapt to the impact of • climate change depending on the resilience of its activity, its business model and its industrial model. Risk management First and foremost, Eurazeo is careful not to interfere in the management of its investments and strives to respect the autonomy of the legal entities in which it invests. Eurazeo informs its portfolio companies of changes in regulations and helps them implement vigilance/compliance programs. In addition to assisting the investments with CSR issues (see p. 94), the CSR Department ensures the communication of good practices to the subsidiaries, particularly with respect to sub-contractor and supplier due diligence. Eurazeo uses a risk assessment tool encompassing, notably, CSR challenges. This tool is used during the acquisition phase and should be progressively rolled-out in all the subsidiaries. Climate change risks are analyzed for all opportunities studied. Specific due diligence procedures may be performed to determine the extent of the Company’s exposure to physical risks, as well as transition risks. Actions plans are drawn up where appropriate following an analysis of these risks. The monitoring and roll-out of these actions plans is presented in Section 2.1.3 p. 93 to 95. Risks relating to technology and data 3.4.2.8 Identification of risks In the conduct of its activities, Eurazeo uses IT infrastructures and applications to collect, process and produce data and, in particular, confidential and strategic data. Technical failures (equipment, software, network, etc.) or IT attacks (malware, intrusions, etc.) could impair the availability, integrity and confidentiality of data and have negative consequences for the Company’s business and reputation. Risk management IT security is a priority for the Eurazeo Information Systems Department. A disaster recovery plan based on redundant infrastructure located at two remote sites has therefore been implemented; this should enable Eurazeo to continue its activities in the event of an IT incident and avoid data loss. In addition, IT security audits and intrusion tests are regularly performed and corrective action is taken where vulnerabilities are identified.

3

197

Eurazeo

2017 Registration document