Euronext - 2019 Universal Registration Document

Risk Management & Control Structure

Control Structure

Compliance processes are established as follows:

Euronext’s code of business conduct and Ethics sets and reaffirms Euronext’s high standards of ethical conduct and reinforces its business ethics, policies and procedures. Compliance with the Code is required of all board members (Managing Board, Supervisory Board and any other board) and all employees including consultants, contractors and temporary employees. The Code of Business Conduct and Ethics, which is supplemented by nine corporate compliance policies, governs without exception all business activities of the Company. The code of business conduct and Ethics is available on the Euronext website. The availability of the Code of Business Conduct and Ethics as well as the compliance policies at all times, in local languages on the Company intranet, in addition to general training and awareness sessions and communication targeting all Company employees as well as targeted training for employees in sensitive roles that require additional awareness and training determine the effectiveness of the Code. The Code of Business Conduct and Ethics is also supported by an external confidential reporting system that enables employees to report, in an anonymized manner should they choose, alleged breaches of a general, operational and financial nature. Relevant policy and procedures ensure that reporters in good faith are free to do so without fear of retaliation in accordance with the laws in the countries where Euronext operates. The Company protects anyone who reports an alleged breach of laws or Company policies in good faith and ensures that they shall in no way be put at a disadvantage by the Company as a result of the report. Guidelines and procedures are defined notably to ensure that anti- money laundering and sanctions, bribery and fraud and conflicts of interest concerns are managed and that business is always conducted in a fair manner. The Code of Business Conducted is linked to other internal compliance policies covering money laundering and sanctions, gifts meals and entertaining and prevention of bribery, persona trading and the prevention of fraud are maintained by the Compliance department (for a complete list of internal compliance policies please refer to section 3.7 of this Universal Registration Document). Staff training and awareness sessions are conducted regularly in all Company locations to promote compliance and ethics standards. Finally, given the dual positions of Euronext as amarket operator and a listed issuer on the Euronext markets, the Compliance department has imposed strict personal dealing rules and a conflicts of interest procedure to ensure that neither the staff nor the Company itself could take undue benefits from this situation.

Risk mitigation thought policies and procedures

Staff training and awareness

Monitoring of policies and procedures

Dialogue with businesses

2

More information on Euronext’s commitment to Ethics are provided in Chapter 3 of this Universal Registration Document.

2.1.1.4 Chief Risk and Compliance Officer The Chief Risk and Compliance Officer is appointed by the Managing Board, reports to the Chief Executive Officer and has a line of communication to the Audit Committee of the Supervisory Board. This reporting ensures the necessary independence of the Compliance department activities. Compliance Officers are located in countries where Euronext conducts its activities and are supported as necessary by local legal staff in order to benefit from the local expertise and knowledge of the local business and environment.

2.1.2

INTERNAL AUDIT – THIRD LINE OF DEFENSE

As a third line of defense, Internal Audit has no operational responsibilities over the entities/processes it reviews. The objectivity and organisational independence of the internal audit function is achieved through the Head of Internal Audit not performing operational management functions and reporting directly to the Chairman of the Audit Committee. He also has a dotted reporting line to the CEO. Validated by the Audit Committee at least annually, the internal audit plan is developed based on prioritization of the audit universe using a risk-based methodology, including input of senior management. For each audit, a formal report is issued and circulated. This includes recommendations for corrective actions with an implementation plan and the comments of the auditees. Implementation of accepted corrective actions is systematically followed up, documented and reported to the Audit Committee.

57

2019 UNIVERSAL REGISTRATION DOCUMENT