Euronext - 2019 Universal Registration Document

Risk Management & Control Structure 2 Control Structure

ProgramDevelopment – Euronext continues to drive improvements to its risk management process and the quality of risk information generation, while at the same time maintaining a simple and practical approach. The roadmap for 2018–2019 for the ERM evolution included 3 key elements: n embedding culture of risk management: Risk appetite discussions with the first line, key risk indicator discussions, ongoing training at various levels of the organization; n involvement in key initiatives related to Optiq® technology platform, MiFID II compliance, Data Governance/GDPR and Agility for Growth initiatives; n reporting/operation: ongoing risk appetite evolution, enhanced management reporting, impactful scenario analysis, risk tool implementation, further alignment of risk management and internal control approach for addressing risk and identifying controls. The 2020–2021 roadmap will continue with the topics above and will additionally focus on risk tool implementation, training program maturity and ongoing integration of new acquisitions. Euronext seeks to continuously evaluate and improve the operating effectiveness of the ERM process. 2.1.1.2 Internal Control Euronext has established a strong framework of internal control across its business areas and functions. This framework is based on ethical principles, established procedures and training of the key personnel who are responsible for implementing and overseeing it. The internal control function as a second line of defence, aims at ensuring, in a permanent manner that identified risks are mitigated by controls, that controls are effective, documented and reported and that internal procedures exist and are updated on a regular basis. Euronext is strongly committed to conducting its business with integrity, excellence and responsibility and to adhering to high standards of ethical conduct. Euronext’s culture promotes accountability and responsibility and an open culture of dialogue and is bolstered by the corporate Compliance department. The role of Corporate Compliance is to establish and maintain a first class compliance culture within the Company and to ensure that Euronext’s business approach is in line with the highest ethical standards. The Compliance department supports Euronext and its employees in complying with applicable laws and regulations and promotes ethical standards in accordance with good Corporate Governance. The Compliance department raises awareness among employees by articulating the responsibilities of the Company and its employees through policies and training and themonitoring of those policies and by providing a path for communication for employees. Compliance with applicable rules and principles and ethics is key to Euronext’s success and it is the obligation of every employee to support this effort. 2.1.1.3 Corporate Compliance – Code of Conduct and Ethics

Risk Reporting – The Supervisory and Managing Boards and a Business Risk Group (BRG), made up of Senior Managers, are informed in a timely and consistent manner about material risks, whether existing or potential, and about related risk management measures in order to take appropriate action. Reports are issued to the above mentioned groups of the Company on a regular basis. Ad hoc reports may be issued when a new risk or the development of an existing risk warrants escalation to the relevant Committees of the Company.

Set and launch objectives & strategies (commercial, financial & operational)

Identify & assets risks

Sustain & improve processes & infrastructure

Create and preserve value for stakeholders

Determine risk responses

Design & implement control

Monitor, report & escalate risks

Business Continuity Management – A component of efficient risk management is understanding that the identification of each risk that may be faced is an insurmountable task, therefore business continuity arrangements are necessary in order to respond to unforeseen events as quickly as possible, in the event of any disruption to our working environment. Effective Business Continuity Management and Disaster Recovery are vital in protecting and underpinning the reputation, efficiency, resilience and competitiveness of the Company, as well as the Company’s stakeholders. Business Continuity at Euronext is supported by the Business Continuity Steering Group and consists of representatives from the Company’s major departments. Its role is to approve the Business Continuity & Disaster Recovery and Crisis Management policies and procedures and to provide guidance to the BCM team in the development of its function. The Business Continuity framework and its implementation at Euronext is based on internationally recognized business continuity principles including those developed by the Disaster Recovery Institute International (DRII), the International Organization for Standardization (ISO) and the Business Continuity Institute (BCI). Our Crisis Management framework includes escalation and communications rules, guidelines for action, and clearly defined roles and responsibilities. In 2019, in addition to regular training, testing and exercises, work was undertaken to help improve, mature and embed Business Continuity at Euronext. In 2019 we sawmaturing of the BCM program at Euronext through new and clear BCM reporting mechanisms and more maturing crisis management trainings.

56

www.euronext.com

2019 UNIVERSAL REGISTRATION DOCUMENT