Eurazeo / 2018 Registration document

GOVERNANCE Risk management, internal control and main risk factors

Risks relating to legal, regulatory 3.4.2.7 and tax constraints Identification of risks As a private equity investor and a listed company on a regulated market, Eurazeo could be adversely affected by changes to the legislative, regulatory and tax environments. For instance, private equity transactions could lose their appeal in the event of very unfavorable changes in the tax environment. Generally speaking, increases in corporate taxation in the countries where the investments operate is liable to alter the performance of subsidiaries in the countries concerned. Majority-owned investments operate throughout the world, and are subject to national and regional laws and regulations, depending on the country. The activities of these investments are liable to be affected by a wide range of texts (certain with extraterritorial application) primarily relating to corporate law, tax law, employment law, anti-trust law, consumer law, environmental law, export controls and the fight against corruption. All the investments have mechanisms in place to minimize the risk of non-compliance with these texts. For some regulations, such as anti-trust law, Eurazeo's liability as controlling entity may be triggered. Finally, in the course of their various operations, the investments are liable to become involved in litigation, or in legal, arbitration or administrative procedures. Risk management Eurazeo and its investments ensure the implementation of efficient compliance programs adapted to the challenges. The post-acquisition projects generally offer portfolio companies the opportunity to strengthen their compliance programs based on the risk assessment performed during the due diligence phase. As part of its monitoring of the investments, each Audit Committee then fully plays its role when monitoring the efficiency of the compliance systems. Risks relating to corporate social 3.4.2.8 responsibility Identification of risks In the same way as the recent law in France on the duty of vigilance (which seeks to introduce an obligation of vigilance for parent companies and contracting companies with respect to subsidiaries, sub-contractors and suppliers), or the new regulation on the Non-financial Performance Statement, a trend can be observed towards making transnational companies accountable for the actions of their subsidiaries and even their sub-contractors. This accountability seeks to prevent the occurrence of tragedies in France and abroad and to obtain compensation for victims in the event of human rights violations or environmental damage. Over and above a potential attempt to trigger Eurazeo's liability should this type of risk arise in one of its subsidiaries or their sub-contractors, there is a risk to Eurazeo's reputation.

Depending on the location and nature of the activity, the impacts of climate change may be identified as material and a source of financial risk. The potential impacts may touch production, the health and safety of employees, operating costs or insurance: direct physical risks in the short-term (e.g. floods resulting in • damage or an activity shut-down) or the longer term (long-term success, quality of access to and supply of critical resources: raw materials, water or energy; relocation of the business due to rising sea levels, etc.); transition risks: ability of the Company to adapt to the impact of • climate change depending on the resilience of its activity, its business model and its industrial model. Risk management Eurazeo is careful not to interfere in the management of its investments and strives to respect the autonomy of the legal entities in which it invests. Eurazeo informs its portfolio companies of changes in regulations and helps them implement CSR approaches. In addition to assisting them with CSR issues (see page 82), the CSR Department ensures the communication of good practices to the portfolio companies. As part of its CSR strategy, Eurazeo is committed to performing CSR due diligence on 100% of prospective acquisitions undergoing advanced review. Through the new regulation on the Non-Financial Performance Statement and as a responsible investor, Eurazeo has developed its analysis of CSR challenges representing risks and opportunities, highlighting 13 priority challenges detailed in Section 2.2, Non-Financial Performance Statement. Risks relating to technology and data 3.4.2.9 Identification of risks In the conduct of its activities, Eurazeo uses IT infrastructures and applications to collect, process and produce data and, in particular, confidential and strategic data. Technical failures (equipment, software, network, etc.) or IT attacks (malware, intrusions, etc.) could impair the availability, integrity and confidentiality of data and have negative consequences for the Company's business and reputation. Risk management IT security is a priority for the Eurazeo Information Systems Department. A disaster recovery plan based on redundant infrastructure located at two remote sites has therefore been implemented; this should enable Eurazeo to continue its activities in the event of an IT incident and avoid data loss. IT security audits and intrusion tests are regularly performed and corrective action is taken where vulnerabilities are identified. Eurazeo has also taken out a cyber-insurance policy.

3

Eurazeo

199

2018 Registration Document