PSA - 2019 Universal Registration Document

DECLARATION ON EXTRA-FINANCIAL PERFORMANCE Societal commitment to sustainable development

Consumer credit The distributionof retail credit, which accountsfor nearly 70% of loansdistributedby BanquePSAFinancesubsidiariesand branches (approximately70% of retail credits for customersand companies and 30% to dealers), has been subject to specific legislation to protect consumerrights, particularlyin the EuropeanUnion since the adoptionof the ConsumerCreditDirective 2008/48/EC, which has now been transposed into national law by the various EU member states. This directive creates stricter obligations for advertising, pre-contractualinformation, solvency studies of borrowers and contractualinformation,all of which have been implementedby Banque PSA Finance and its affected subsidiaries and/or branches.

Groupe PSAhas participatedto UNCybersecurityRegulationPhase Test for evaluation on CybersecurityManagement System. The objective was to evaluate the level and quality of Cybersecurity ManagementProcessesfor “DesignPhase”and also “Lifetime”with remediation plan. The test was done with 2 independent laboratories (UTAC and IDIADA) to evaluate effort for homologation when regulation will be applied, post2023. Groupe PSAplans to be auditedevery year until 2022 to converge to objectivesto be compliantwith ISO 21434Standardand world Regulations.

CONSUMER PROTECTION 2.3.2.2. Protectionof personal data

Ethical practices – 2.3.3. anti-corruption  DPEF.37   DPEF.45 

For Groupe PSA,the collectionand processingof personaldata is essential to build, maintain and personalise the link between customers and the organisation,to enable us to offer them the servicesand productstheywant.Theseprocessesmustrespectthe principlesof lawfullness,fairness and transparency,to ensure that consumerstrust the use that will be made of their data, in the context of the new European privacy regulation (General Data Protectionregulation - GDPR) which applies ince 25 May2018. For many years, Groupe PSAcommittedto an active processwith the French Data ProtectionCommission,CNIL. The Group is also represented in local or Europeanbodiessuch as CCFA( Comitédes Constructeurs Automobiles Français ), VDA ( Verband Der Automobilindustrie ), ACEA (European AutomobileManufacturers’ Association),in order to work with the European authorities to define howthe GDPR will be applied to car manufacturers’ activities. Groupe PSAhas designatedtwo Group Data ProtectionOfficers (DPO).They are in chargeof monitoringcompliancewith the rules of protection of personal data, to inform, advise and issue recommendations,establishthe respectivedata protectionculture and cooperate with the respective responsible authorities of supervision( e.g. CNILin France)on issuesrelatedto the processing of personaldata. Two networks of in-house representatives back upthe GroupDPOs: one dedicated to business divisions: the network of Internal n Control andRisk managers; and one for European National Sales Companies: the Privacy n Champions. Managers of Groupe PSA ensure integration by design for the protectionof personal data and compliancewhen processingthe affectedactivities,evenwhenworkingwith externalsubcontractors or services. Each employee is involved in respectingthe Group’s DataProtectionPolicyand is able to find relevantsupportby using dataprotectionguidelines and training. Groupe PSApublished an internal Group Data Protection Policy whosepurposeis to ensureto set up appropriategovernanceand control structures, methods and procedures, regarding the protection of personal data.

The Group’shistoryhas engendereda corporateculturebased on respectand responsibility.This ethicaloutlookis formalisedthrough policies,signingof agreements(GlobalFrameworkAgreement)and adheringto internationalstandards(GlobalCompact).Groupe PSA reaffirmsits ambitionto be the industrybenchmarkfor responsible development.This ambitionimplies complianceby leaders and all employees with shared ethical rules ofconduct.

THE GROUP’S ETHICS POLICY AND ITS REFERENCE DOCUMENTS

TheGroupethicsandcomplianceorganisationpolicyis set out in its Code of Ethics, organised around the following requirements: respectfor the law,respectfor peopleandthe environment, respect for customers and respectfor the Company. The Code of Ethics includes detailed information regarding the prohibition of anti-competitive practices and corruption, the preventionof conflictsof interest, gifts and non-interferencewith politicalactivities.The Code is expandedand includesa foreword on the formal commitment made by the Group’s executive managers,whichhas beensignedby the ExecutiveCommittee.The Code is accompaniedby an illustrativedocument“Daily ethics”,an operational guide comprising examples of situations that might occurin respectto eachrule. Thesedocumentsare availableon the Group’s intranet and internet site. They form part of the new employee documents givento allnewstaff. Groupe PSA also adopted an Anti-corruptionCode of conduct annexedto the internalrules and applicableto all employees.The Code sets out the Group’s zero tolerance policy with regard to corruption in all its forms: active corruption, passive corruption, director indirect,influencepeddling,corruptionin publicor private organisations, facilitatingpayments,favouritism,extortion,collusion with a supplier, client or partner, money laundering, misappropriationof funds, excessivegifts or advantages,given or received, which may compromise the impartiality of a supplier, customer orpartner.

75

GROUPE PSA - 2019 UNIVERSAL REGISTRATION DOCUMENT