QUADIENT // 2021 Universal Registration Document

RISK FACTORS AND INTERNAL CONTROL Risk factors

CORRUPTION AND BRIBERY RISK MAPPING In March 2022, the Company has updated its risk assessment of corruption and bribery. About 20 different risk scenarios have been identified with different impact and probability of occurrence depending on the regions/countries and the functions involved. The results will be presented to the Risk Commitee in April 2022 and will be circulated to the Audit Committee in May 2022. COMPETITION RISK MAPPING The Company has also decided to perform a detailed risk assessment of its competition risks at the same time that updating the detailed risk assessment of corruption and bribery. About 8 different risk scenarios have been identified. As for the risk assessment related to corruption and bribery, the results of this assessment will be presented to the risk committee in April 2022 and will be circulated to the Audit committee in May 2022. THIRD PARTY RISK MAPPING In 2021, the Company implemented a platform to its manage the risks related to the 3rd party partners. This platform enables the compliance team to perform integrity checks and assess the risk with third party based on several criteria such as spendings, Corruption Perception Index, 3rd party category, etc. Based on the risk level, the Company has set various questionnaires that will be used for its due diligence procedures.

use the results from the internal audits carried out to ● enhance the risk assessments conducted within the Company. By verifying the Company’s key processes, the Internal Audit team provides assurance that internal control and risk management procedures have been implemented and are effective. RISK COMMITTEE The Risk Committee brings together the Chief Executive Officer, the Chief People Officer, the Chief Financial Officer, the Chief Transformation Officer, the VP of Internal Control and Internal Audit and the VP of CSR and Compliance. The Risk Committee is responsible for validating and monitoring the effectiveness of the action plans covering the major risks identified in the risk mapping. It ensures and supports the proper functioning of the risk management systems and may also decide on which risks are unacceptable within the context of the business.

Main programs of the risk management system

CSR RISK MAPPING Regarding the CSR / non-financial risks, they have been assessed with the same methodology. They are presented in the risk mapping for the highest ones and in a more detailed way in chapter 5 “non-financial performance statement” of the present document.

4

4.1.2

DESCRIPTION OF RISK FACTORS

Summary of the risk factors

Each year, the Company updates its global risk mapping which summarizes the main risks in terms of impact and probability. The risks are classified in the following categories: risks relating to the company strategy, organization and ● governance, risks relating to the company operations, and ● risks relating to finance, regulatory changes, ethics and ● legal. These categories are not set out in order of importance. Instead, within each category, the risk factors are set out in decreasing order of importance determined by the

Company as of the date of this Universal Registration Document, on the basis of an assessment of their probability and potential impact. The assessment made by the Company of this ranking in terms of importance may however be modified at any time, in particular, in response to new events outside or within the Company. Moreover, even a risk that is currently considered to be of lesser importance could have a significant impact on the Company, should it occur at a future date. The chart below represents the major risks identified this year during the last risk assessment. This global risk mapping has been reviewed by the Audit Committee of the Company as well

as the Board of Directors.

87

UNIVERSAL REGISTRATION DOCUMENT 2021