QUADIENT - 2020 Universal Registration Document

4 RISK FACTORS AND INTERNAL CONTROL Risk factors

CSR RISKS

Risks

Risk management system

High risks Attraction and retention of talents

Intellectual and human capital is a real source of value creation and talent management has become essential. In a constantly changing employment market, it is essential to retain and motivate talents. Some positions require particular attention due to their key role in the organization and the associated specific skills.

To avoid risk of losing key employees, the Group has put in place retention incentives such as phantom shares and free shares. It has also implemented contingency plans for all major key positions at all the Group’s entities. These plans are regularly updated and reviewed by the remuneration and nomination committee. The head of IT security reports to the Chief Digital Officer and is in charge of the definition and of the application of IT security policies within the Group. In terms of security, postal audits were conducted successfully in all countries concerned in 2019, and continuous improvement plans are designed to meet postal requirements every year. The Group security policy has been updated. Based on the ISO 27001 standard, the policy started to be rolled-out early 2017, particularly in markets that commercialize SaaS offerings. Requirements relating to the GDPR ruling has also been addressed in these planned roll-outs to ensure compliance as of May 2018. Low risks The code of ethics covers human rights, health and safety at work, diversity and human development, ethic and fair business relationship, environment and social responsibility. A whistle blowing procedure has been enforced. Training have been performed in 2020 for all employees. An anti-fraud policy was prepared and sent out in September 2014 to local Chief Financial Officers and managing directors. The policy includes theoretical and practical recommendations to prevent fraud. If there is an attempted fraud using new methods, the head of internal control notifies local managing directors and Chief Financial Officers where necessary. Quadient S.A. has taken out a specific insurance policy to enhance its protection against this type of risk. As part of the planned Group ethics charter, the Group internal control department introduced a procedure for managing conflicts of interest since October 2012 (refer to chapter 2 of this universal registration document, section “By-laws for the Board and committees).

Data privacy

Quadient decentralized organization and growth by acquisitions lead to great diversity in terms of data base.

Ethics and compliance

A code of ethics has been set up. No matter in which entity or country we are operating, rules and principles have been defined.

As all companies, Quadient is exposed to risk of fraud and especially due to the development of cybercriminality. The Group has rolled out an initiative with managers of subsidiaries to ensure this risk is fully understood, to gather information on best practice and ensure standard practices are disseminated throughout the Group.

Environment

Quadient has analyzed the potential effects of climate change on its activities. Three risks that could have a medium- or long-term impact have been identified. Please refer to the social and environmental information detailed in chapter 5 of this universal registration document.

Aware of the consequences of climate change, Quadient is committed to reducing its carbon footprint and has defined its low carbon strategy and set targets in line with the "well below 2°C" trajectory.

Intellectual property

The Group is the owner of its trademarks and has about 304 families of patents published. The geographical coverage of these patents is essentially European and American.

Quadient is not dependent on any single patent which might bring the Group’s level of business or profitability into question.

94

UNIVERSAL REGISTRATION DOCUMENT 2020