QUADIENT - 2019 Universal Registration Document

RISK FACTORS AND INTERNAL CONTROL Risk factors

CSR RISKS

Risks

Risk management system

High risks Attraction and retention of talents

Intellectual and human capital is a real source of value creation and talent management has become essential. In a constantly changing employment market, it is essential to retain and motivate talents. Some positions require particular attention due to their key role in the organization and the associated specific skills.

To avoid risk of losing key employees, the Group has put in place retention incentives such as phantom shares and free shares. It has also implemented contingency plans for all major key positions at all the Group's entities. These plans are regularly updated and reviewed by the remuneration and nomination committee. The head of IT security reports to the Chief Digital offcer and is in charge of the definition and of the application of IT security policies within the Group.In terms of security, postal audits were conducted successfully in all countries concerned in 2019, and continuous improvement plans are designed to meet postal requirements every year. The Group security policy has been updated. Based on the ISO 27001 standard, the policy started to be rolled-out early 2017, particularly in markets that commercialize SaaS offerings. Requirements relating to the GDPR ruling has also been addressed in these planned roll-outs to ensure compliance as of May 2018. Low risks The code of Ethic covers human rights, health and safety at work, diversity and human development, ethic and fair business relationship, environment and social responsability. A wistle blowing procedure has been been enforced. An anti-fraud policy was prepared and sent out in September 2014 to local chief financial officers and managing directors. The policy includes theoretical and practical recommendations to prevent fraud. If there is an attempted fraud using new methods, the head of internal control notifies local managing directors and chief financial officers where necessary. Neopost S.A. has taken out a specific insurance policy to enhance its protection against this type of risk. As part of the planned Group ethics charter, the Group internal control department introduced a procedure for managing conflicts of interest since October 2012 (refer to chapter 2 of this universal registration document, section “By-laws for the Board and committees.”.

Data privacy

Quadient decentralized organization and growth by acquisitions lead to great diversity in terms of data base.

4

Ethical and compliance

A code of Ethic has been set up. No matter in which entity or coutry we are operating, rules and principles have been defined.

As all companies, Quadient is exposed to risk of fraud and especially due to the development of cybercriminality. The Group has rolled out an initiative with managers of subsidiaries to ensure this risk is fully understood, to gather information on best practice and ensure standard practices are disseminated throughout the Group.

Environment

Given the nature of the Group’s assembly and distribution businesses, the Group is not aware of any environmental risk or risk related to climate change that might have a material impact on its financial position, business or results. Please refer to the social and environmental information detailed in chapter 5 of this universal registration document.

Regarding industrial risks, the Group updates a Disaster Recovery Plan every year. This plan allows the Group to assert that these risks would not have a material impact on its financial position, business or results.

Intellectual property

The Group is the owner of its trademarks and has about 320 families of patents published. The geographical coverage of these patents is essentially European and American.

Quadient is not dependent on any single patent which might bring the Group’s level of business or profitability into question.

87

UNIVERSAL REGISTRATION DOCUMENT 2019