PSA - 2019 Universal Registration Document

GROUPE PSA Risk management and internal control procedures

Internal Control management The Global Executive Committee initiated the internal control system. Itsoversight isbasedon the following points: periodicimplementationof the ICRC network,supplementedby n specific working roups asrequired; an annualreviewby the ManagementCommittee,presentingthe n entity’sself-assessment findings; an annual submissionto the Global ExecutiveCommitteeof the n internal-controlactivity,providingconcise informationto Group managerson thedegreeof maturity of internal control; an annual presentationto the Audit and FinanceCommitteeof n the SupervisoryBoarddetailingthe majorrisks of the Group,the associated audit plan and the level of maturity of the Group regardinginternal controls. A continued improvement approach Internal Control managementis part of a process of continuous improvement.Its purposeis to continuallyimproveprocessesand createa coherentset of methodsand toolsto givemanagementan integratedview of any findingsand adjustments.It is basedon the following principles: producingandupdatinginternalcontrolreferenceguides,in close n collaboration with the operatingunits tosupport Grouppolicy; listeningto the variousbusinesslines to streamlineand optimise n internal controls; adjusting controls based onchangesin risks. n

Theyalso receivesupportfromthe LegalAffairsDepartment,which provides expertise for the various Complianceprogrammes,and fromthe DPAR,whichassistswith auditsand investigations.Lastly, the ICRC network is responsible for rolling out the Compliance system. This structure, guided by the need to protect the Company, guarantees its operation within an increasingly high-pressure regulatory framework and its transparency, in line with the expectationsexpressedby regulators.It also increasesoversightof the Group’s Compliance system and coordinates compliance programmes and their implementation. Control activities The goal of the controlactivitiescarriedout by the departments is to ensurethatthe rulesare being enforced. Using the tool that is part of the METRIC programme, the n departmentscan assess their own processesfor monitoringthe necessary action plans, where applicable. The departments’ resultsfrom the METRICself-assessmentcampaignare reported once a year to the Global Executive Committee. Appropriate action plans are instituted by the entities with a goal of continuous improvement. Internal Audits can be used to assess whether they are being n implementedcorrectly.

SUPERVISORY BOARD Finance and Audit Committee/Appointments, Compensation and Governance Committee

COMPLIANCE AT BOARD LEVEL Governing bodies Review policies and results and initiate the tone at the top.

GLOBAL EXECUTIVE COMMITTEE CHAIRMAN OF THE MANAGING BOARD

ETHICS & COMPLIANCE COMMITTEE • Determine guidelines, reference documents (charter, rules, guides, etc.) • Determines and oversees mechanisms

EXECUTIVE & TOP MANAGEMENT FOR COMPLIANCE

EXTERNAL AUDITS SURVEY

INTERNAL AUDITS AND TOP RISKS

Ethics & Compliance Committee decides on policy orientations, red flag cases and sanctions. Group Compliance O ce animates and coordi- nates the compliance programs. Compliance O cers are responsible for the compliance programs in their areas and they report on their work to the Group Compliance O ce.

• Coordinates relay networks in the Group Departments

GROUP COMPLIANCE OFFICE Policy, animation, coordination

10 COMPLIANCE OFFICERS Competition, Anti-corruption, export control, data privacy, type approval

CORPORATE SECRETARY (METRIC) Risks, compliance, internal control, fraud, ethics

COMPLIANCE SUPPORT General Secretary

INTERNAL CONTROL RISK & COMPLIANCE COORDINATORS (ICRC)

DEPARTMENT LEVEL • Department reviews • Fraud reporting and prevention • Monitoring of personal data protection • Monitoring and application of audit results, etc.

COMPLIANCE IN BUSINESS

Group Executive Management, led by the Corporate Secretary with the Internal Control Risk & Compliance Coordinators (ICRC) and in coordination with the Legal A airs Department and Human Resources Department.

HUMAN

RESSOURCES

LEGAL AFFAIRS DEPARTMENT

DEPARTMENT

23

GROUPE PSA - 2019 UNIVERSAL REGISTRATION DOCUMENT