Hermès // 2021 Universal Registration Document

4

RISK FACTORS AND MANAGEMENT RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

Internal control officers

measures so that they can be implemented in the entities. They also check that existing control systems comply with Group procedures. The main operational contacts involved participate in these committees with the audit and risk management department. Its role is to facilitate the identification of risks and the associated action plans. Every two months, the Information Systems Security Committee brings together the main players, namely the Director of Group Cybersecurity, the information systems department, the audit and risk management department, the Group safety department and the digital projects and e-commerce department, as well as a member of the Group Executive Committee. Its purpose is to detail the progress of the action plans and to draw lessons from any incidents in terms of cyber risks. A Hermès Product Transportation Safety Committee, made up of the Group safety department, the transportation department, the insurance department and the departments of the relevant métiers , meets regularly to define the necessary actions. Its objective is to improve transportation safety, in a practical way according to the risks specific to the products transported and any difficulties encountered. The committee meeting held in April 2021 made it possible to take stock of the actions taken in 2020, in the context of the health crisis, and to strengthen the support of operational staff in 2021. The Compliance and Vigilance Committee is made up of representatives from the legal department, including compliance, the sustainable development department, the industrial affairs department, the audit and risk management department, the commercial department, the finance department and the labour law department. It participates in, monitors and oversees the implementation, effectiveness and control of compliance programmes. Its duties are detailed in chapter 2 "Corporate social responsibility", § 2.8.1.2.2. The Group Safety Committee makes decisions on cross-functional safety issues identified during the specialised committee meetings. It also reviews the main safety incidents in order to adapt the overall system. This committee is composed of the Executive Vice-President of Corporate Development and Social Affairs, the Director of Human Resources, the General Counsel, the Director of Group Safety, the Director of Group Cybersecurity, the Managing Director of Hermès Group Services and the Director of Audit and risk management. If necessary, it can call on experts on specific issues. The Senior Executives, the major functional and operating departments, and members of the Management Committees of the Group’s various entities are responsible for internal control and risk management; as the main beneficiaries and also key contributors to its proper application. The control activities carried out at the level of each entity are the joint responsibility of the Managing Director and the Chief Financial Officer. A letter of confirmation relating to Hermès’ internal control objectives and the quality of the controls in place within the entity is signed annually. This letter includes the results of an annual self-assessment questionnaire on the implementation of internal control. The Group’s operational staff

Internal control officers oversee the implementation of the internal control system within their scope, métiers , distribution subsidiaries or support functions. They report locally to the Chief Financial Officer of their entity, and functionally to the audit and risk management department. They work according to an annual plan, shared with their department and the audit and risk management department, taking into account the Group’s internal control priorities and the risks specific to their scope. Their main duties are as follows: identify major risks and adapt the organisation of internal control s accordingly; verify the implementation of Group procedures in accordance with the s activity and local regulations; participate in self-assessment of internal control work; s spread the culture of internal control to all employees; s monitor the risk mapping action plans; s follow up on the audit recommendations of the audit and risk s management department; in general, contribute in all their actions to improving risk s management. In 2020 and 2021, they were the main contacts to ensure the proper implementation of health measures at Hermès premises. They are also the contacts responsible for the rollout of systems to prevent corruption and cybersecurity risk.

Specialised committees

Transportation Safety Committee

Treasury Safety Committee

Group Safety Committee

Compliance and Vigilance Committee

IT Safety Committee

The Hermès Group has deployed specific processes to monitor certain risks through specialised committees or working groups. These committees meet on a regular basis. For example, committees focusing on safety, IT risks, treasury risks and compliance risks analyse the issues, and study the appropriate corrective

350 2021 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL