TELEPERFORMANCE_Registration_document_2017

RISKS AND CONTROL

2

2.1 Risk factors

Electronic fraud cases have continued to increase throughout the world, as evidenced by the most significant cases published in the international press. In addition, many other incidents are settled confidentially, in the normal course of business. In December 2016, Teleperformance entered into a settlement agreement with a Group client who had claimed that Teleperformance was liable for damages related to incidents of improper access to customer information that occurred in 2014 in three of the Group’s contact centers. A portion of the settlement was reimbursed by one of Teleperformance’s insurers, and Teleperformance is pursuing additional potential insurance coverage in connection with this matter. Risk management In 2015, the Group implemented a set of security rules (“Global Essential Compliance and Security Policies” or “GECSPs”), designed to anticipate possible risks of fraud or violation of legal security rules. The Group established an internal compliance audit function, which reviews our operational sites on a rotating 24-month schedule for adherence to the GECSPs and client requirements. In addition, external auditors carry out audits of selected sites in order to assess compliance with the GECSPs and other security processes implemented in our sites. In addition, a Global Compliance and Security Council, chaired by the Global Deputy Chief Compliance Officer and Chief Privacy Officer meets monthly to review security incidents, if any, ensure regular compliance with the GECSPs, and quarterly to review results of the internal and external audits and other compliance matters. AsbTeleperformance places special attention on security matters, all regional CEOs and relevant operational and compliance officers attend the Global Compliance and Security Council meetings. Also, as of Februaryb1 st , 2016, Teleperformance appointed a Worldwide Chief Legal Officer and Chief Compliance Officer, who reports directly to the Group Chairman and CEO. Teleperformance also appointed a Global Deputy Chief Compliance Officer and Chief Privacy Officer, who reports to the Chief Legal Officer and Chief Compliance Officer. These officers provided a report of activities to the Board in 2017band, beginning in 2018, will provide reports of activities to the Audit and Compliance Committee of the Board. As part of the Group’s ongoing efforts to manage these functions proactively, we have also created the Global Privacy Office. This office is comprised of the Global Deputy Chief Compliance Officer and Chief Privacy Officer, along with 3bregional Senior Vice-Presidents heads of Privacy/Data Protection Officers. The Global Privacy Office is responsible for implementing the Group’s global privacy policy and ensuring that Teleperformance is in full compliance with privacy regulations around the world, such as the European Commission’s General Data Protection Regulation (“GDPR”), which goes into effect as from Mayb25 th , 2018. Also in 2017, Teleperformance created the Global Technology and Privacy Committee, which is chaired by the Chief Information Security Officer. The members of this Committee are the Global Chief Information Officer and all regional Chief Information Officers, as well as the Global Deputy Chief Compliance Officer

2.1.1.5 Fostering customer loyalty

Risk identification Teleperformance’s activity depends on its ability to retain and renew contracts with existing clients and to successfully win and negotiate new contracts. This ability is generally assessed in light of various criteria such as quality, security, cost and any item enabling differentiation from competitors. Risk management At Decemberb 31 st , 2017, the average duration of a client relationship is 10-12byears. This loyalty is the result of a highly client-focused Group culture, reflected in rigorous procedures, a good understanding of client expectations and a highly responsive company structure: specific management of strategic accounts, regular activity reports, a marketing research laboratory, regular and detailed client satisfaction surveys and introduction of rapid response operational teams. Risk identification Teleperformance delivers its services to clients through a complex technological platform that integrates various aspects of information technologies: powerful telephone technology, hardware and software. Risk management All of the Group’s subsidiaries and workstations delivering Core services are currently networked via dedicated data connections and phone lines. The Group ensures that the requisite security measures and insurance cover are applied in the context of its activities. Each subsidiary adheres to internal data security and protection standards, as well as to international security and quality standards, in particular ISOb27001band ISOb22301. In addition, Teleperformance complies with PCI Data Security standards whenever it is required to do so by its clients. Risk identification The Group’s activity requires subsidiaries, acting as data controllers, to collect, process and transfer personal data regarding our employees. When acting on behalf of its clients, Teleperformance acts as a data processor and collects and processes personal data of the customers of its clients. The Group must not only meet legal requirements as well as any contractual commitments to its clients, but also more than 300bcompliance criteria in the field of security. Non-compliance with statutory and contractual requirements could lead to adverse consequences for the Group’s performance. 2.1.1.6 Risks relating to data security and protection Securing the technological platform Personal data protection and security

34

Teleperformance bb - bb Registration documentbb 2017