L'Oréal - 2018 Registration Document

2 Corporate Governance

RISK FACTORS AND CONTROL ENVIRONMENT

Suppliers were requested to implement such policies, which will be checked in future audits. Working hours: 22% of non-conformities ; . The cases of (v) non-compliance concern non-compliance with the Applicable Rules, and also the absence of sufficient documents to ensure a correct monitoring of the Applicable Rules on working hours. In all of these cases, action plans have been implemented and follow-up audits are planned. Salary deductions and undue charges: the audits did not (vi) note any salary deductions and undue charges. When an audit notes a case of non-cmpliance with regard to the correct settlement of wages, social benefits or the correct payment of overtime, even though these are not undue salary deductions, the Suppliers are requested to correct the situation and a follow-up audit is planned. Sexual and moral harassment: 2.5% of non-conformities ; . (vii) Most of these cases of non-compliance concerned the absence of a written policy prohibiting moral and sexual harassment or the absence of an internal system allowing the situation to be reported without negative consequences for the concerned employee. Suppliers were requested to draft these policies, which will be checked in future audits. The other cases of non-compliance did not concern serious breaches of the Applicable Rules. 2.2. On Health, Safety and the Environment. 37% of the cases of non-compliance concerned the Applicable Rules on Health, Safety and the Environment ; . Most of these cases concerned (i) the lack of training in emergency evacuation, extinguisher handling or the use of protection equipment, (ii) the lack or closure of over 50% of emergency exits or (iii) the absence of stair hand-rails. The main corrective measures were the implementation of training in emergency evacuation and extinguisher handling. Similarly, compliance of emergency exits, the addition of hand-rails and training in protection equipment were organised. AND RISK MANAGEMENT Definitions and general framework 2.8.5.1. In L’Oréal, the risk management system (events or situations of which the occurrence, which is uncertain, has a positive or negative impact) applies to the Company and its consolidated subsidiaries (“the Group”). RISK FACTORS 2.8.5.

Risk management consists of identifying, assessing and controlling risks that may affect the smooth running of the Company. It also participates in the Group’s development by promoting the good use of resources to minimise the impact of negative events and maximise the realisation of opportunities. In order to ensure the sustainability of its development and the achievement of its objectives, the Group strives to anticipate and manage the risks to which it is exposed in its different areas of activity. In addition, the Internal Rules of the Board of Directors specify the role played by the Audit Committee which “must make sure that General Management has at its disposal the means to enable it to identify and manage the economic, financial and legal risks facing the Group inside and outside France in carrying out its normal or exceptional operations”. On the basis of the work by the Internal Audit Department, the analysis of major accounting and financial risks, in conjunction with the processes used by subsidiaries, makes it possible to identify Internal Control improvements and update the Group’s standards. Risk mapping 2.8.5.2. The risk mapping for all of L’Oréal’s activities is updated periodically. This process of identification and analysis of the significant risks and processes enhances knowledge of the Group’s risks by formalising and consolidating the work already done to date. The results of this work were presented to the Audit Committee. It is the responsibility of the Risk Management & Compliance Department to lead this process which makes it possible to prepare the appropriate actions plans; it makes a presentation to the Audit Committee every year on the main areas of progress. The main risks to which the Group is exposed are described below. Risk factors 2.8.5.3. The Group operates in a changing environment. Like any company, it is necessarily exposed to risks which, if they were to materialise, could have a negative impact on its business activities, its financial situation and its assets, particularly in terms of reputation and image. This chapter describes the main risks to which the Group considers that it is exposed: risks specific to L’Oréal’s activities, followed by legal, industrial and environmental risks, and finally risks of an economic and financial nature. Faced with these risks, L’Oréal has set up an Internal Control system to prevent and manage them more effectively. The Internal Control and risk management procedures are therefore described in this chapter as provided for by Article L. 225-100-1 of the French Commercial Code. However, a wholly risk-free environment cannot be guaranteed. Moreover, the Group could be adversely impacted by other risks of which it is not currently aware or which it does not consider material at the date of this Document.

; The Statutory Auditors have expressed a reasonable assurance with regard to this indicator.

REGISTRATION DOCUMENT / L'ORÉAL 2018

126