Groupe Renault - 2019 Universal Registration Document

RENAULT: A RESPONSIBLE COMPANY

ANNUAL GENERAL MEETING OF RENAULT ON APRIL 24, 2020

GROUPE RENAULT

CORPORATE GOVERNANCE

FINANCIAL STATEMENTS

RENAULT AND ITS SHAREHOLDERS

ADDITIONAL INFORMATION

RISK FACTORS

Risks on residual values Risk factors

Operational risks are assessed annually by process owners within all Group entities and monitored at three levels as indicated in section 1.5.3. The following risk families are presented below: legal and contractual risks and IT risks.

01

The residual value is the vehicle’s estimated value at the end of its lease. Changes in the used vehicles market can entail a risk for the owner of these residual values, who is committed to taking back the vehicle at the end of its lease at a price fixed when the contracts are put in place. This risk is principally borne by the manufacturers or the dealer network and to a marginal extent by RCI Banque. In the specific case of the United Kingdom, RCI Banque is exposed to the residual value risk on finance where there is a commitment to take back the vehicle. Management procedures and principles Developments in the used car market are monitored closely in line with range policy, sales channel mix and the manufacturer’s prices to reduce this risk as much as possible, particularly in cases when RCI Banque takes over the vehicles. Provisions are carefully made for the loan portfolio when the observed market values have fallen below the level of the RCI Banque take back commitments, or if specific future risks have been identified on the used car market. RCI Banque bears any risks arising from the customer insurance business and could therefore suffer losses if reserves are insufficient to cover claims incurred. Management procedures and principles At December 31, 2019, the change in the technical provisions of our life and non-life insurance companies represents €14 million for €377 million in gross premiums written. These technical reserves are intended to cover all future obligations taken on by the insurer in respect of insured persons and are determined in accordance with the actuarial principles applicable to the risk profiles of the insured portfolios. They are periodically reviewed so that their adequacy can be justified at any time. As part of the risk control policy and regulatory requirements, the Group additionally operates strict policy selection, has drawn up underwriting guidelines and uses reinsurance agreements. to Sales Financing RCI Banque is exposed to risks of loss arising either from external events, or from inadequacies and failures of its processes, personnel or internal systems. The operational risk to which RCI Banque is exposed mainly includes risks linked to events that are unlikely to occur but that would have a significant impact, such as the risk of business interruption due to unavailability of premises, staff or information systems. Management procedures and principles RCI Banque has a procedures management tool, an internal delegation system, guidelines for segregation of duties and an operational risk map. Cross-group operational risks linked 1.6.3.4 Risks relating to the insurance activity Risk factors

Legal and contractual risks Risk factors

Any legislative changes impacting credit lending, insurance and related services at the point of sale or through other channels, as well as regulatory changes affecting banking and insurance activities might impact the activity of the RCI Banque group. Management procedures and principles RCI Banque conducts legal analyses on newly distributed products and regularly monitors the regulations to which it is subject in order to ensure compliance. IT risks Risk factors The RCI Banque group’s business depends in part on the smooth running of its IT systems. The IT department at RCI Banque addresses IT-related risks (infrastructure risks, change management, data integrity, cybercrime, etc.) through its governance, security policy, technical architecture, processes and control of outsourcing. Management procedures and principles Risks are controlled, in particular, through the following: integration of IT risk management in the overall RCI risk P management and control system at all levels of the Company, in accordance with best practices, the directives of the EBA (European Banking Authority) and under the supervision of the ECB (European Central Bank); the level of IT network protection at the Group level; P coordination, monitoring and day-to-day management of the P Group’s Information Management Policy; safety training and awareness-raising for all employees P (e-learning, communications, etc.); the actions, support and controls carried out by the RCI Risks, P Compliance and IT Systems Security department, which rely on a network of IT security officers in each subsidiary’s IT Systems department, as well as a network of internal controllers; a Group IT systems security policy that integrates regulatory P requirements (banking, GDPR/personal data, etc.), a global management approach and continuous adaptation of IT systems security; an increasingly stringent intrusion testing and surveillance policy P for both external risks and internal risks; a management system for the disaster recovery plan (DRP) in P place and regular testing of the system that include problems related to cyber-risks; a system and actions rolled out by method liaison officers, P business line and IT managers throughout the Group.

115

GROUPE RENAULT I UNIVERSAL REGISTRATION DOCUMENT 2019