WORLDLINE_REGISTRATION_DOCUMENT_2017

Corporate Social Responsibility report Being an ethical and fair player in business

Additionally, Atos recently enhanced the compliance governance framework with several concrete measures initiated and implemented by the Group Legal Compliance Team, such as: Creation of a Global Legal Compliance Board involving all ● the General Counsels of Atos, aiming to strengthening local leadership in compliance matters under the guidance of the Group Compliance Team; Development of country compliance dashboards , ● composed of compliance KPIs, aiming to improve the reporting to the Group Compliance Steering Committee, and the monitoring of the effectiveness of the compliance programs within the GBU compliance Committees; Improving the role of the compliance function including ● clarification of the scope of responsibilities and duties; Enhancing compliance leadership and the overall Group ● compliance culture by greater visibility of the compliance program through presentations and trainings on a variety of key compliance topics; Communicating on the milestones and ● accomplishments related to the Group Compliance Program to the Group Executive Committee. Thus, a triple line of defense is in place in all countries where Worldline operates and this defense articulates responsibility for risk and compliance matters, as follows: Front line staff and operational management . Internal 1) control and systems as well as the culture developed and implemented by these business units is crucial in ensuring compliance; Risk management and compliance functions . These 2) functions provide the oversight and the tools, systems and advice necessary to support, challenge and monitor the front line in identifying, managing and monitoring risks and ensuring compliance; Internal audit function . This function provides a level of 3) independent assurance that the risk, compliance management and internal control framework works as designed. [GRI 102-33][GRI102-34] Any suspected non-compliance detected within the Company must be reported to the Head of Legal and Compliance and/or to the Head of Internal Audit (both within Worldline and Atos), who will launch the Non-Compliance Response process [GRI 102-33]. The Non-Compliance Response process is an internal process (defined in the Group’s anti-fraud policy) to be followed in the event of breaches of the Code of Ethics, and/or infringements of the applicable laws and regulations. This process defines how to investigate, report and take decisions, such as remediation actions in a measureable and consistent manner, in case of non-compliant behaviors. Compliancemonitoring D.4.1.1.2

Any case investigated by the Non-Compliance Response Team is reported to the Group Chief Compliance Officer, who will report to the Group Executive Committee any case investigated at Group level through the Non-Compliance Response Process and confirmed as a critical concern. All governance matters as far as compliance is concerned are described in in Sections F.7 and G.5 in this Registration Document. [GRI 102-17] As a signatory of the United Nations Global Compact since 2010, and as an affiliate of the Atos group, Worldline has implemented several internal policies to prevent compliance risks such as bribery, corruption, and violations of competition laws and export control laws, and fraud in general. The policies available across the Atos group are the following: Assessment of partners’ ethical behaviors; ● Anti-fraud policy. ● Since 2016, Worldline is a signatory of the United Global Compact at its own initiative. Assessment of partners’ ethical behavior : any intermediaries, consortium partners or consultants assisting Worldline in developing/retaining its business are screened before the beginning of any business relationship (using a specific piece of software, the business Partner Tool): their behavior and knowledge of ethics are essential criteria that are verified in advance. Anti-Fraud policy: Worldline has also rolled out an anti-fraud policy (as part of the Atos group’s policy), that defines roles and responsibilities of the management and support for prevention of fraud. This policy also, prohibits Worldline from any discriminatory or disciplinary measure against workers who report illegal practices in good faith to line management or, if applicable, to the competent public authorities. If an allegation of fraud/non-compliance is raised by an employee or assumed by an internal control, the Group Compliance Team of Atos in coordination with Worldline’s General Counsel is responsible for internal investigations. Business related Fraud risk management : the Group, as an issuer processor, has taken all necessary measures, in accordance with best practices in place (e.g. PCI certification) to minimize the risk of data breaches. In its role as commercial acquirer, the Group must ensure compliance with payment security rules established by the organizations that issue PCI certifications and address money laundering risks. The Group’s Fraud risk management department has implemented various policies and procedures to address these risks. For example, Worldline SA/NV, the Group's Belgian subsidiary, has had an anti-money laundering (AML) policy in place since 2011 (overseen by the local banking regulator). It sets out the general principles of AML, the “Know Your Customer” (KYC) principle as applied at Worldline SA/NV, and the allocation of responsibility between the Sales and Marketing (S&M) and the Customer Services (CS) Divisions. The Group has also developed a Fraud Detection & Reaction (FD&R) application that allows the detection of fraud in near real time based on a data analysis application. Furthermore, the Group’s risk mitigation process has been enhanced with additional features to better manage residual risks, such as geo-blocking, real time blocking, fall back de-activation and back-up systems. Policies to prevent compliance risks D.4.1.1.3

D

131

Worldline 2017 Registration Document