QUADIENT - 2019 Universal Registration Document

4 RISK FACTORS AND INTERNAL CONTROL

Internal control and internal audit procedures

Ethical reference framework

To comply with the legal requirements, Quadient group ensure that: the code of ethic is made available to and understood ● by all employees; sanctions are imposed for breaching the code of ● conduct and notably for corruption and influence peddling.

The integration of new activities and the strategic shift that the Group has made in recent years has led him to redefine its values to better reflect its organizational identity: THE GROUP’S ETHICAL PRINCIPLES The Group put in place its Code of ethic and published it early 2017. Based on Quadient’s new corporate values, the Code of ethic lays down the main ethical standards and behaviours that the Group wants to promote in its relations with its customers, suppliers, investors, partners and employees. The Group’s Code of ethic lays out the key values which are then rolled out at each subsidiary. It is then the responsibility of each subsidiary to follow through with the necessary reminders to observe local regulations and practices in effect. The code of ethic covers the following topics: respect for fundamental human rights; ● commitment to employees (health, work safety, ● diversity, open dialog, employability, etc.); business integrity: antitrust regulation, conflict of ● interest, bribery, insider trading, relation with third party; Group assets and third party assets: asset protection, ● confidential data and data protection, intellectual property; responsible citizenship and commitment. ● A person in charge has been appointed for each topic: employee (Group human resources), fraud and conflict of interest (director of internal control), bribery and competition (Group legal counsel), responsible citizenship and commitment (Group director of quality). A whistle-blowing procedure has been set up at each level. Operational management of each entity is in charge of communicating and applying of code of ethics. APPLICATION OF THE SAPIN 2 LAW French Sapin 2 law which went into force on 1 June 2017 requires large companies to implement an anti-corruption compliance program within all their subsidiaries. The anti-corruption compliance program involves the adaptation of the Code of ethic in order to define and illustrate prohibited acts and behaviours likely to characterize acts of corruption or of influence peddling. Such Code of ethic have been incorporated into internal applicable rules and regulations of each Group company.

Information Systems

Within the technology and innovation department, the information systems teams are continuing the harmonization of the ERP (1) /CRM (2) within the Group. Moreover, to support the deployment of SaaS-based Communication and Shipping Solutions (CSS), the Group’s platform has been enhanced to offer subscription models to clients. The security of information systems is a major focus for Neopost. This need for security is even greater with the deployment of new SaaS solutions. With that in mind, the Group established a specialized structure whose purpose is to ensure the roll out of the security policy and ultimately to ensure the compliance of all structures marketing digital offers under ISO 27001. At the core of information systems, data management is paramount. By harnessing Big Data technologies, Neopost is developing solutions to improve internal operations and providing solutions to clients. In this regard, the Group is ensuring that employee or client data management is compliant with the new GDPR regulations which will become effective from May 2018. To ensure such compliance, a focused structure was established in 2017 with the support of an expert in the field. PREPARATION AND RELIABILITY CONTROL OF INFORMATION Each Group subsidiary has a team which reports to the local chief financial officer who is a member of the subsidiary’s management committee. Each team includes a management control structure and is responsible for preparing accounting and management data as part of the monthly reporting process. The Group finance department is responsible for identifying changes in operating conditions in order to anticipate any possible impacts these may have on the Group’s accounting principles. Group management is also informed about significant local developments at regular operational reviews, and during other visits to subsidiaries. The Group financial controlling department has the role of coordinator in this domain. Accounting and financial information

(1)

Enterprise Resource Planning.

(2)

Customer Relationship Management.

92

UNIVERSAL REGISTRATION DOCUMENT 2019