Euronext // 2021 Universal Registration Document

Risk management & Control Structure 2 Control Framework

The Corporate Compliance policies that supplement the Code of Business Conduct and Ethics cover the prevention of money laundering, sanction violations, corruption and fraud, managing conflict of interest, confidential and inside information and personal trading (please refer to Section 3.7 of this Universal Registration Document for additional details on the Corporate Compliance policies). Further, guidelines and procedures ensure that anti-money laundering and sanctions, bribery, fraud and conflicts of interest concerns are managed and that business is always conducted in a fair manner. Staff training and awareness sessions are conducted regularly in all Company locations to promote compliance and ethical standards. Finally, given the dual positions of Euronext as a market operator and a listed issuer on the Euronext markets, the Compliance department has imposed strict personal dealing rules and a conflicts of interest procedure to ensure that neither the staff nor the Company itself could take undue benefits from this situation. Compliance processes are established as follows:

The system of control is built along permanent control and periodic control. Controls are performed at first level in the Business Units and at second level by specialized teams notably in Risk and Compliance Departments on an ongoing basis. The third line of defence is the Internal Audit Department. It performs controls on a multi-year basis on a risk-based approach. See section 2.3.3. 2.3.2.6 Corporate Compliance Euronext is strongly committed to conducting its business with integrity, excellence and responsibility and to adhering to high standards of ethical conduct. Euronext’s culture promotes accountability, responsibility, an open culture of dialogue, and is bolstered by the Corporate Compliance department. The role of Corporate Compliance is to establish and maintain a first class compliance culture within the Company and to ensure that Euronext’s business approach is in line with the highest ethical standards. The Corporate Compliance department supports Euronext and its employees in complying with applicable laws and regulations and promotes ethical standards in accordance with excellent Corporate Governance. Corporate Compliance raises awareness among employees by articulating the responsibilities of the Company and its employees through policies and training, the monitoring of those policies, and serving as a point of contact for compliance matters for employees. Compliance with applicable rules, regulations, and ethical principles is key to Euronext’s success and it is the obligation of every employee to support this effort. Euronext’s Code of Business Conduct and Ethics sets and reaffirms Euronext’s high standards of ethical conduct and reinforces its business ethics, policies, and procedures. All board members (Managing Board, Supervisory Board and any other board) and all employees including consultants, contractors and temporary employees are required to be compliant with the Code. The Code of Business Conduct and Ethics, which is supplemented by nine corporate compliance policies, governs, without exception, all business activities of the Company. The Code of Business Conduct and Ethics is available on the Euronext website. The effectiveness of the Code of Business Conduct and Ethics is ensured by the availability of the Code as well as the compliance policies at all times on the Company intranet, in addition to general training and awareness sessions and communication targeting all Company employees as well as targeted training for employees in sensitive roles that require additional awareness and training. The Code of Business Conduct and Ethics is also supported by confidential reporting system that enables employees to report, in an anonymised manner should they choose, alleged breaches of a general, operational and financial nature. Relevant policy and procedures ensure that reporting employees, in good faith, are free to do so without fear of retaliation in accordance with the laws in the countries where Euronext operates. The Company protects anyone who reports an alleged breach of laws or Company policies in good faith, and ensures that they shall, in no way, be put at a disadvantage by the Company as a result of the report.

Risk mitigation thought policies and procedures

Staff training and awareness

Monitoring of policies and procedures

Dialogue with businesses

More information on Euronext’s commitment to Ethics are provided in Chapter 3 of this Universal Registration Document

2.3.2.7 Data Protection In addition to the Corporate Compliance department the Group has an independent Data Protection department that works closely with Compliance to ensure that data privacy and compliance with General Data Protection Regulation (“GDPR”) is maintained. New arrivals must complete GDPR training upon arrival, in addition all employees undergo mandatory annual GDPR training. Those with roles that handle potentially sensitive data, may undergo specified training. Processes that handle sensitive personal data are reviewed by the Group DPO to ensure that they are compliant with the Group’s data privacy obligations. Further information and details on Euronext’s commitment to GDPR are provided in Section 3 Euronext, a Sustainable Exchange , of this Universal Registration Document. 2.3.2.8 Chief Risk and Compliance Officer The Chief Risk and Compliance Officer is appointed by the Managing Board, reports to the Chief Executive Officer and has a line of communication to the Risk Committee of the Supervisory Board. This reporting structure provides the necessary independence of the Compliance department activities. Compliance Officers are located in countries where Euronext conducts its activities and are supported as necessary by local legal staff in order to benefit from the local expertise and knowledge of the local business and environment.

68

2021 UNIVERSAL REGISTRATION DOCUMENT