QUADIENT - 2020 Universal Registration Document

4 RISK FACTORS AND INTERNAL CONTROL Risk factors

Risk factors 4.1

4.1.1

RISK ASSESSMENT

The Group has implemented a mapping process for its risks. The risk map was updated in January 2020 and in March 2020 to take into account the COVID-19 crisis. This was done by holding discussions with key Group managers and subsidiary management teams (selection of the 20 top managers) under the supervision of the head of Internal Control. A list of risks classified by theme was then drawn up and rated by the persons interviewed, based on two criteria: impact and likelihood. Ratings have then been updated in February 2021. The risk map is presented to the Chief Executive Officer, the audit committee and the management team. A number of operational action plans are introduced across the Group, overseen by clearly identified individuals and monitored on a regular basis at the highest level. In addition to the review carried out by the audit committee at the end of March 2021, risks are reviewed by the Board of Directors before taking any major decision (new acquisitions, restructuring, new credit lines, etc.). Risks are discussed by the Board from a Group-wide perspective when the three-year plan is drawn up, during which: Quadient’s Chief Executive Officer presents market ● conditions: change in regulation, market trends, competition; the Chief Financial Officer presents the Group strategy ● and financial objectives (by country, business line, etc.). Risks are also assessed as part of the preparation and presentation of the budget.

Regarding the CSR (Corporate Social Responsibility)/ non-financial risks, they have been assessed with the same methodology. They are presented in the risk mapping for the highest ones and in a more detailed way in chapter 5 “Non-financial performance statement” of the present document. In addition, the risks and opportunities related to the Group’s external environment are analyzed every year during preparation of the three-year strategic plan. Finally, the directors of operating entities are responsible for identifying and assessing the risks associated with the activities they supervise. The results of their assessments are sent to the Group management and reviewed and discussed during operational reviews. Highlighting “red flags” risk areas is always part of the process.

86

UNIVERSAL REGISTRATION DOCUMENT 2020