NEOPOST - 2018 Registration document

5

Non-financial performance statement

Social, societal and environmental information

Prevention of and fight against fraud and corruption

managers in question are required to sign a conflict of interest form every year as part of the internal control process. Anti-trust laws and fair competition The Group does not tolerate anti-competitive practices, including pricing, the rigging of tenders and responses to tenders, or sharing customers, markets or territories. Neopost forbids its staff from entering into any agreement with competitors intended to restrict the nature or quantity of products and services offered for sale, as well as any agreement with suppliers or other partners to obstruct fair competition, or the exchange of information with competitors on corporate strategy on products or pricing.

In accordance with its code of ethics, Neopost complies with the anti-corruption laws of the countries in which it operates and has a zero tolerance policy for corrupt practices, including in particular giving or accepting bribes, either by an employee or a third party acting on behalf of the Company. It rejects all forms of corruption, and prohibits demanding, accepting, offering or giving bribes, gifts or other benefits, either directly or indirectly. It provides information and training to its employees on the prevention of fraud and corruption. The fact that more than two-thirds of the Board is made up of independent directors, the Board’s by-laws and the establishment of a Conflict of Interest Policy and a fraud prevention procedure in 2012 minimize the risk of abuse and misdeeds. In addition, the Whistle-blowing procedures A whistle-blowing procedure called Neopost Outreach is in place to facilitate confidential reporting of sensitive issues at Neopost USA and Neopost Canada. The Neopost Outreach service is managed by an independent body and accessible online or by phone. Neopost USA and Neopost Canada employees may inquire as to what may constitute a breach of the code of ethics, report any breach of its rules, or seek advice on how to handle such a suspected breach. These concerns could include: accounting, auditing, billing and internal financial controls, conflict of interest, discrimination or harassment, illegal or fraudulent conduct, violation of company or regulatory policy, violence, threats or others. In addition to the local whistle blowing procedures present in most of the Group's entities, a Group whistle blowing procedure has also been defined. Use of the procedure is optional for employees who seek to raise the alarm and all employees must give preference to reporting through the management line. However, if an employee considers that informing their direct line manager could cause difficulties (for example, if the direct line manager was involved in the alleged misconduct) or that the alert notified may not be properly followed-up, they may directly contact one of the five appointed Group coordinators directly. Human Rights Neopost runs its business with great respect for the fundamental principles set forth in the United Nations Universal Declaration of Human Rights and the labor standards of the International Labor Organization. The Group strongly condemns modern slavery and the trafficking of human beings, all forms of illegal, forced or compulsory labor, in particular child labor, discrimination in respect of employment and occupation, restriction of freedom of association and the right to collective bargaining. Initiatives Results Code of ethics

Code of ethics implemented worldwide across all Group entities • In 2018, 30% of employees had an internal training on the code of ethics •

Neopost supports these principles in its Code of ethics, in its position on labor relations, in our employment practices and in its relationships with partners, suppliers and customers. The Group ensures that its operations comply with its Code of ethics through its procedures and internal control systems including regular operating reviews, risk management, internal audits and suppliers’ assessments. Data protection and information security In addition to smart equipment designed to handle physical mail, the Group’s offer also includes software solutions enabling digital communication between a company and its customers via different channels (mail, email, web applications, mobile applications, etc.). Other software solutions for handling and tracking parcel shipments complete its offer. Huge amounts of confidential and non-confidential data pass through the Group's systems and infrastructures every day, over the Internet and through the cloud. Threats from cyber-attacks, negligence or obtaining illegal access could result in the corruption, theft, loss or leakage of all or part of the Company’s data or personal data or lead to business disruption. The protection of its systems and infrastructure is one of the Group's major concerns. In response, the Group has defined security policies that detail the requirements for correct and secure use of its own data and that entrusted to Neopost by its stakeholders such as staff, customers, suppliers and other partners. These security policies have been rolled-out across all countries in which the Group operates. They are mandatory and apply to all the entities and staff but also to all service providers and consultants working on the Group's sites or with access to its systems. A governance body has been put in place to manage the applicable policies on information security. It consists of a Chief Information Security Officer, a business unit manager and a network of 33 local experts across the Group’s various sites. Its role is to monitor the roll-out of security policies, analyze security incidents and performance and adapt these policies accordingly.

94

REGISTRATION DOCUMENT 2018 / NEOPOST