Groupe Renault - 2019 Universal Registration Document

RENAULT: A RESPONSIBLE COMPANY

ANNUAL GENERAL MEETING OF RENAULT ON APRIL 24, 2020

GROUPE RENAULT

CORPORATE GOVERNANCE

FINANCIAL STATEMENTS

RENAULT AND ITS SHAREHOLDERS

ADDITIONAL INFORMATION

RISK FACTORS

The maturity of these systems is still variable; audits are in place to guarantee compliance, as well as reinforcement and implementation of digital processes in the Group’s various entities. The protection system, implemented in addition to prevention, is based on: an end-to-end vision of risks; P risk management at the appropriate levels of the organization; P the development of cross-functional working methods to adopt a P consistent approach in the different regions. This overall prevention and protection system aims to give the Group proper control over its risks, both on a daily basis and in the long term. Risk of accidental harm to the physical integrity of the operating sites The Group’s operating sites, whether manufacturing sites, engineering and testing centers, logistics platforms or even commercial sites are exposed to the risk of industrial accidents, fires, explosions and machine breakdowns. A certain number of facilities are also subject to risks of natural disasters (earthquakes, flooding, submersions, etc.). The materialization of any one of these risks could harm the physical integrity of the sites in question, lead to major disturbances to their capacity to operate, potentially damaging the assets and/or the overall performance of the Group (sales, revenues, the income statement or balance sheet) due in particular to manufacturing interdependencies that could be far-reaching, as well as possible adverse impacts on the people employed at these sites or the site environments. For many years, the Group has focused on controlling these risks. For more than 25 years, the Company has thus, in consultation with its insurers, put in place an ambitious and rigorous prevention policy that covers personal safety as well as that of property and business continuity. As a result, most existing industrial plants have achieved a high level of prevention and protection, recognized via the “Highly Protected Risk” (HPR) rating, an international standard awarded by insurance companies that verify the application of prevention and protection rules every year across nearly 60 sites. More than 94% of the assets in the industrial, engineering and logistics scope covered by Groupe Renault “property damage and business interruption” insurance program have been awarded the HPR label by the Group’s insurance companies, thus attesting to the results obtained. This high degree of control over risks, which is recognized by insurers, has a direct positive impact on the terms at which the Group is able to buy insurance cover.

Furthermore, the Group has been working for several years to increase its resilience capacity in the face of natural disasters through regular updates of risk and stakes assessments, protection programs for people and property, monitoring and crisis management systems and business continuity plans. For example, a specific plan is being rolled out to optimize procedures covering major seismic risks (Chile, Turkey, Romania, Colombia, Slovenia, Morocco, etc.). This multi-year program is based on actions to strengthen buildings and facilities, training of staff on the steps to be taken in the event of an earthquake, the establishment of specific means of communication, the organization of crisis management systems, research and preparation of solutions to ensure business continuity and a customized insurance program. The Group’s activities depend permanently and to an increasing extent on the proper functioning of its IT systems. The main risks that could adversely affect the Group’s IT systems or those related to the connected services offered to its customers are related to: incidents that could affect the continuity of services hosted in our P infrastructures and those of our partners; cybercrime: global computerized attacks or attacks targeting the P Group’s interests or, as a side effect, national interests. Such attacks may aim to access sensitive data ( i.e. , products, services or personal information), steal or alter it, cause a denial of service or bring down the Group’s intranet; non-compliance with IT standards or practices required by P legislation, external authorities or contracts with suppliers. The materialization of these risks could have major financial impacts related to the temporary suspension of the Group’s activities – of all types – (revenues, earnings) or to penalties. Adverse impacts could also affect the Group’s image, the confidence of third parties and customers toward the Group and its brands. In addition, the Group’s increased marketing of connected vehicles and services is accompanied by the emergence of risks of a comparable nature, for which insufficiently robust and sustainable management could lead to adverse impacts on safety and the reliability of data, services or vehicles. The general control of these risks is provided by: at operational level: P deployment of the Group’s security policies and continuous P enrichment of the process of defining security requirements according to the level of criticality of the applications and data handled, deployment of an adaptable action plan based on a security P master plan and annual risk mapping that includes: regular protection upgrades to the Group’s IT network, P Risks related to cross-group functions 1.6.1.3 Risk of failure of information systems

01

103

GROUPE RENAULT I UNIVERSAL REGISTRATION DOCUMENT 2019