PSA_GROUP_REGISTRATION_DOCUMENT_2017

GROUPE PSA Risk Management and internal Control Procedures

The departments’ results from the METRIC self-assessment „ campaign are reported once a year to the Executive Committee. Appropriate action plans are put in place by the entities with the objective of continuous improvement and their proper implementation can be assessed later through Internal Audits. Internal audit oversight The Executive Committee initiated the internal control system. Its oversight is based on the following points: an annual review by the Management Committee, presenting the „ entity’s self-assessment findings; an annual submission to the Executive Committee of the „ internal-control activity, providing concise information to Group managers on the degree of maturity of internal control; an annual presentation to the Audit and Finance Committee of „ the Supervisory Board detailing the major risks of the Group, the associated audit plan and the level of maturity of the Group regarding internal controls. The ICRM network meets periodically. These meetings are supplemented, as needed, by the creation of working groups and the deployment of awareness-raising efforts and training. A continued improvement approach Internal Audit oversight is part of a process of continuous improvement. Its purpose is to continually improve processes and create a coherent set of methods and tools to give management an integrated view of any findings and adjustments. It is based on the following principles: producing and updating internal control reference guides, in close „ collaboration with the operating units to support Group policy; listening to the various business lines to streamline and optimise „ internal controls; adjusting controls based on changes in risks. „ BANQUE PSA FINANCE 1.4.4.3. Banque PSA Finance (BPF) has introduced an internal control system which complies with regulation No. 97-02 relating to the internal control of credit institutions. This system is described in BPF’s Annual Report, which is available on its website (www.banquepsafinance.com). FAURECIA 1.4.4.4. Faurecia’s risk management and internal control procedures are presented in its 2017 Registration Document, which can be found on its website (www.faurecia.com).

A total of 60 audits were carried out in 2017 across the entire Group. The Supervisory Board’s control and oversight role . The Finance and Audit Committee of the Supervisory Board ensures that the risk management and internal control system operates effectively. The General Secretary reports to the Supervisory Board on the systems in place and their degree of maturity, as well as the “Top Group Risks” map, with particular emphasis on risks which could have an impact on the Company’s financial and accounting information. The Board also reviews the Internal Audit Department’s organisational and operating principles, expresses an opinion on the Internal Audit plan and is informed of the findings of (i) the Internal Audits performed as part of the plan and (ii) the follow-up audits to check that departments have implemented the recommendations. AT THE GROUP AND AUTOMOTIVE 1.4.4.2. DIVISION LEVELS FOR INTERNAL CONTROLS Audit environment To better meet regulatory requirements and consumer expectations, the Group has appointed four compliance officers in the areas of competition, anti-corruption, personal data and approval to take care of and integrate these concerns internally. Similar to regulatory bodies, each one is responsible in its field for internally communicating external restrictions and obligations (laws, regulations, consumer commitments) in the form of internal rules applicable to the Company’s operational processes. As needed, they rely on a network of internal control and risk managers (ICRMs) established in 2016. These managers are responsible within their departments for leveraging the Group’s rules and adapting them to their department’s activities. The ICRMs identify the risks specific to their department and keep them under control. They oversee the drafting and maintenance of business line reference guides and major processes, and ensure they are consistent with the Group’s rules (including compliance rules). They conduct self-assessments of their departments. Control activities Control activities are designed to ensure the application of the standards, procedures and recommendations from audits that ensure the implementation of the Executive Management’s guidelines. All departments reporting to the Chairman of the Managing Board have annual self-assessment process. The tool supporting the METRIC programme allows departments „ to self-assess and evaluate their compliance with the Group’s internal rules. It also allows the necessary action plans to be followed when necessary.

22

GROUPE PSA - 2017 REGISTRATION DOCUMENT