Euronext - 2019 Universal Registration Document

Risk Management & Control Structure 2 Control Structure

ERM FRAMEWORK GOVERNANCE The ERM framework and governance is designed to allow the Managing Board and the Supervisory Board, as part of Euronext’s business model (1) , to identify and assess the Company’s principal risks to enable strong decision making with regards to the execution of the stated strategy. Reporting is made and consolidated on a regular basis to support this process. The ERM also enables the Supervisory Board and Managing Board to maintain and attest to the effectiveness of the systems of internal control and risk management as set out in the Dutch Corporate Governance Code. Governance Structure and related responsibilities for ERM process are as follows: n the Supervisory Board, through the Audit Committee, supervises the effectiveness of the ERM system, including management actions to mitigate the risks inherent in the Group’s business activities;

n the Group’s Chief Executive Officer (“CEO”), backed by the Managing Board and supported by the Chief Financial Officer (“CFO”) and the Chief Risk Officer (“CRO”), is responsible for an effective ERM system; n the Group’s CRO has primary responsibility for the ERM strategy, priorities, process design, culture development and related tools; the risk management organisation is structured cross-division, networked with risk owners on different organisation levels and drives a proactive risk management culture; n the Group’s CFO has primary responsibility for the controls over financial reporting and regulatory capital requirements; n the senior management of the Company assume responsibility for the operation andmonitoring of the ERM system in their respective areas of responsibility, including appropriate responses to reduce probability and impact of risk exposures and increase probability and impact of opportunities.

Supervisory Board Approves strategic objectives and validates risk appetite Reviews Euronext's risk management and internal control systems Assesses these systems effectiveness through its Audit Committee

Managing Board

External Auditors Regulator

Oversees the suitable design and sustainable implementation of Enterprise Risk Management (ERM) and internal control systems across the Company Defines and allocates risk appetite within the Group

1 st Line of Defence

2 nd Line of Defence

3 rd line of Defence

Business and Operations Management

Risk Management Internal Control Compliance Specialist Functions

Internal Audit

Identifies and manages risks for its scope and responsibility Maintains effective internal control day-to-day

Develops and promotes the ERM framework to support management in the identification, assessment, management, monitoring and reporting of risks Facilitates consistent and periodic reviews of the design and implementation of internal control systems

Provides independent assurance of effectiveness of risk management and internal control frameworks and activities in the Group

Euronext’s internal risk management and control is a process executed by the Managing Board, management and other employee stakeholders. It is designed to provide reasonable assurance regarding the achieving of objectives in the following categories: n effectiveness and efficiency of operations; n reliability of financial and non-financial information;

n compliance with laws, regulations and internal policies; n safeguarding of assets, and identification and management of liabilities; and n strategic and business objectives.

(1) For more information on Euronext activities see section 1.3.1 “Business Overview”.

54

www.euronext.com

2019 UNIVERSAL REGISTRATION DOCUMENT