PSA - 2019 Universal Registration Document

GROUPE PSA Risk management and internal control procedures

RISK MANAGEMENT AND INTERNAL 1.4. CONTROL PROCEDURES

Note that Section 1.4providesdetails on Groupe PSA’sglobal risk Lastly, Sections 1.6and 2 are designedto comply with regulatory managementpolicy. Section 1.5discusses the major risks, termed requirementsconcerning the processingof environmental,social the “Group Top-Risks” to which the Group is exposed, and the andsocietal risks. remedial measures the Group institutes to reduce that exposure.

Internal control objectives for the Group

1.4.1.

As part of its commitmentto preventand limit the effectof internal and externalrisks, includingCSR risks, the Group has put in place risk management and internal control systems to provide reasonableassuranceconcerningthe achievementof the following objectives: compliance with laws andregulations; n applicationof the GlobalExecutiveCommittee’s instructionsand n guidelines;

efficient internal processes, particularly those that help to n safeguardthe assets ofGroupcompanies; reliable financial and operationalreporting. n These procedures and processes help manage the Group’s businesses,boost the effectivenessof its operations and ensure efficientuse of its resources.Nevertheless, internalcontrolscannot give an absoluteguaranteethat the Company’sobjectiveswill be achieved.

Reference framework 1.4.2.

The Group’srisk managementand internalcontrolsystemcomplies with and functionsaccordingto the rules of the eighthdirectiveon Statutory Audits, the Autorité des Marchés Financiers (AMF) ReferenceFrameworkfor Risk Managementand Internal Control Systems issued in January 2007,and the Report of the working groupon AuditCommitteespublishedby the AMFon 22 July2010. The systemnow complieswith (EU) regulation 2017/1129 and (EU) delegated regulation 2019/980, known as the “Prospectus 3 Regulation”.

The Group’s banking arm uses a specialised system for credit institutions that complies with Regulation 97-02of the French Banking and Financial RegulationsCommitteeconcerninginternal control increditinstitutions. Faurecia’ssharesare tradedon a regulatedmarketand it actsunder the responsibilityof its own Board of Directors;it has a separate internal control systemwhich it applies independentlyfrom other Groupdivisions.

Internal control principles 1.4.3.

The internal control system in force within the Group is based on the following principles: engagementat the highest level; n accountability of all actors at allevels of theorganisation; n reliance on self-assessmentsof complianceand deploymentof n processes; analysis of self-assessmentfindings to improve efficiency and n compliance ofGroupactivities.

To do this, the Group’sGlobalExecutiveCommitteedecidedin 2016 to strengthenthe internalcontrolsby structuringtheir organisation anddeploymentas partof a processof continued improvement. This mission was entrusted to the Group Protection, Audit and Risk ManagementDepartment(DPAR),which is attachedto the General Secretary, which developedand set up the METRIC programme (Management of Ethics,Risks,InternalControl& Compliance) in 2017. As needed, they rely on a network of ComplianceOfficers and Internal Control, Compliance and Risk Coordinators (ICRCs) establishedin 2016. These managers are responsiblewithin their departmentsfor leveragingthe Group’srules and adaptingthemto their department’sactivities.The ICRCsidentifythe risks specificto their department and keepthemundercontrol.

21

GROUPE PSA - 2019 UNIVERSAL REGISTRATION DOCUMENT