SOPRA_STERIA_REGISTRATION_DOCUMENT_2017

CORPORATE RESPONSIBILITY Ethics & Compliance

4. Ethics & Compliance 4.1. Background and key events Key events p Creation of the new Corporate Governance & Risk Management Department. The main responsibility of this central department is to update principles guiding the Group’s policy on compliance

and ethics by taking into account new regulatory requirements (the Sapin II Act and the duty of care, or devoir de vigilance in French)

and ongoing changes in the Group’s scope. p Compliance programme launched in 2017. p Revisited core rules and procedures.

4.2. Challenges and key achievements

2017 challenges/targets

Achievements in 2017

Ambitions for 2018

ETHICS & VALUES p Strengthen rules and procedures

p Set up Corporate Governance & Risk Management department. p Code of Ethics supplemented by a stock market code of ethics and conduct. p Core Group rules revisited.

Roll out new arrangements within the Group, notably in light of changes in the Group’s scope. Continue with compliance programme in 2018 to supplement existing arrangements.

within the Group following the merger (including compliance and control issues)

DATA PROTECTION p Strengthen data protection arrangements

p Prepare new data protection programme.

Roll out GDPR implementation programme across entire Group.

4.3. Governance and organisation To ensure that ethical and compliance issues are addressed and regulatory challenges met as effectively as possible, senior management has opted to bring together compliance, internal control and risk management within a single department: Corporate Governance & Risk Management. This department reports to the Group’s Executive Management. The structure is designed to bring compliance issues, compliance controls, and alerts and risks under a unified governance framework. The department oversees compliance issues across the Group and coordinates all stakeholders involved in compliance. To manage these issues, it is supported both by correspondents in the Group’s various subsidiaries and entities and by the Group’s functional departments, which have expertise in their respective fields and are in turn supported by their own correspondents who cover compliance issues in the various entities. Under this governance structure, the department is headed up by the Group Compliance Officer, who is also the primary reference point for the alert system and is supported by a network of compliance officers in the Group’s various entities and geographies, who act as contact points and ensure close links with local teams. The Risk Committee conducts monthly Group-level reviews of compliance issues, risks, points to watch and alerts fed back by the Group’s various entities and geographies. The Risk Committee is made up of the Industrial Director, responsible for operational reviews and alerts and projects, the Finance Director, the Legal Director, the Human Resources Director, the Security Director and the Corporate Governance & Risk Management Director. The Corporate Governance & Risk Management and Audit Departments undertake regular joint updates, notably concerning the audit plan and the identification of risks. All compliance issues are regularly presented to the Audit Committee, which is a subcommittee of the Board of Directors.

A Stock Market Ethics Committee has also been formed. This committee meets as often as necessary, and in any event no less than once a month. Risk management and control within the Group, and the relationship with the Audit Department and external auditors, are described in more detail in Chapter 1, Section 9.1 of the 2017 Registration Document. 4.4. A Code of Ethics and core values supported at the highest levels of the Group The Sopra Steria Code of Ethics expresses the Group’s values and is based on shared ethical principles that apply to all Group entities, including in particular the core values of respect, integrity and transparency. The principles of the Group’s Code are founded on compliance with legislation and regulations in all countries in which Group entities operate, and on entities’ commitments to conduct their business as efficiently and effectively as possible. At the local level, depending on legislation in force in the countries in which the Group operates, additional charters and rules on business ethics are in place and regularly monitored. Under its Code of Ethics, Sopra Steria is committed to ensuring that the Group and its employees abide by the following: p human rights and fundamental freedoms; p local laws and customs; p rules on the prevention and refusal of all forms of active or passive corruption, whether direct or indirect, and conflicts of interest; p competition rules; p confidentiality of information to which employees have access in the course of their duties and activities.

99

SOPRA STERIA REGISTRATION DOCUMENT 2017