WORLDLINE_REGISTRATION_DOCUMENT_2017

Corporate Social Responsibility report Being an ethical and fair player in business

D.4.1.1.6

Awhistleblowing procedure and

The level of risk assessment will identify the appropriate validation process, ranging from a simple approval process by the Head of Sales for low-risk business partners, to complex approval processes by the Group CFO and Group General Counsel, for high-risk business partners. In addition, Worldline closely complies with international laws, regulations and sanctions and in the event a business partner is on any of the main international sanction lists, it is rejected by the BPT. In addition, in 2015, the business partner contract templates developed by the Group's Compliance department were revised to reflect best practices in the area of business partner management. The Dawn Raids policy : Worldline also has a “Dawn Raids” policy that provides a list of rules and procedures to be followed in the event of inspection by local authorities. Prevention of fraud and non-compliance with Worldline values and the Code of Ethics is a key Group priority. As detailed above, the Non-Compliance Response Procedure sets out the management process and the action to be taken in response to non-compliance alerts. To support this objective, and more generally enhance the compliance framework, Atos group Compliance focuses on several key actions: To redesign Worldline legal risk mapping to better identify ● and manage legal and compliance risks throughout the chain of global operations; To strengthen the compliance culture throughout global ● operations by improving the governance framework, and in particular by implementing the Global Legal Compliance Board; Acquire greater visibility on the strength of the compliance ● culture in each country through the deployment of the country compliance dashboards and compliance KPIs, permitting targeted enhancements and trainings to improve the overall compliance culture of the Group; Benchmark Worldline compliance with the ISO 37001 ● standard related to Anti-Bribery and Corruption management Systems has been conducted by ISO in late 2016. Worldline aims to build and maintain a strong compliance culture through appropriate dissemination of these policies, including through a comprehensive training part of Worldline’s compliance program. In the first example, Worldline has implemented a thorough deployment plan for its compliance policies: all compliance policies, such as the policy on gifts, entertainment and other benefits need to be presented to local management and personnel representative bodies, which makes the policies’ content enforceable within the Group. The next step of this deployment plan is the launch of mandatory global and local communication to the employees of the new compliance policies. Improving awareness, creating and enforcing a culture of compliance [GRI 102-16] and [GRI 205-2] D.4.1.1.8

Internal Investigations [GRI 103-2 Anti-Corruption]

The Atos Code of Ethics establishes the right for all employees to raise an alert in the event of a suspected non-compliance with the values and principles of the Code of Ethics. The Code of Ethics alert system has been established in compliance with the requirements of the French Data Protection Authority [GRI 102-17]. Local General Counsels, management, and Group Compliance are points of contact for any employee who raises an alert, and ensure that the rights of employees, the sender or subject of the alert, are protected accordingly. Any allegations of non-compliance detected within the Company must be reported to the Head of Compliance and/or to the Group Head of Internal Audit, who will launch the Internal Investigations procedure [GRI 102-33]. Such procedure was reviewed in 2016 in order to: Reinforce the governance of any internal investigation; ● Enhance collaboration between global function and local ● teams; Provide clear guidelines on how to conduct an internal ● investigation. Such Internal Investigations are properly tracked at corporate level, and communicated to the Group Executive Committee, through the annual review of internal investigations during a Group Compliance Steering Committee meeting. In the light of the Sapin 2 Law, which will come into force in 2018 regarding alert systems, a reviewed alert system will be launched in January 2018 within the entire Group, including the Worldline Group. To stay within the scope of the CNIL’s unique authorization “AU-004,” the updated alert system will process all the matters listed within the AU-004. It will be made available to internal and external employees, as well as partners, and will be communicated individually to all employees and to a broader audience through the Atos website. The Ethics Committee was consulted on the evolution of Atos group Alert System, in order to determine whether outsourcing of the procedure is necessary or if it is believed to be best handled internally by the Group Legal Compliance Team. Worldline has implemented several measures to prevent bribery and corruption, in support of its Code of Ethics principles relating to business integrity, in line with the practice followed within the Atos group [GRI 205-3]. Implementation of a business Partner Tool (BPT): Worldline's business partners, including agents, intermediaries, consortium partners and consultants assisting Worldline in developing and retaining its business are subject to a due diligence and validation process. In 2015, the former paper-based review and validation process was replaced by an automated tool, the BPT, applicable across the entire Atos group. BPT uses a series of questions and documents to gather the different items of information needed to perform a risk assessment on business partners, as well as to perform the required validation process. Improved compliance tools and processes [GRI 103-2 Anti-Corruption] [GRI 205-3] D.4.1.1.7

D

133

Worldline 2017 Registration Document