Worldline - 2019 Universal Registration Document

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Ensuring business ethics within our value chain [GRI 102-9] [GRI 103-3 Social compliance]

Worldline Duty of Care (Vigilance D.4.2.3 Plan) [102-11] [GRI 102-5] and [GRI 102-15] French Corporate law on the “Duty of Care N° 2017-399” obliges the Group to prevent environmental, social and corruption risks in its activities, including among its subsidiaries, but also those of its subcontractors and suppliers, all along its supply chain. Beyond French and European Regulations, other Duty of Care laws exist. In this context, and as required by the Modern Slavery Act in the UK, statements have been published on Worldline web-sites in the different countries. Worldline due diligence approach relies on the application of the French “Sapin II Law”, Order No. 2017-1162 of July 12, 2017 dedicated to the fight against corruption and on the French transposition of the European Directive 2014/95/EU focused on the reporting of extra-financial information ( i.e. social, Human Rights, corruption and environmental related topics). Worldline Group ensures its compliance with the Duty of Care law through the four following main actions which meet all the key components of a “duty of care” plan. A risk mapping of our suppliers and D.4.2.3.1 partners [GRI 102-9 Supply Chain] [GRI 102-5] In addition to the legal risk mapping that encompasses the categories “Human Rights”, “Health and Safety” and “Environment”, Worldline has included these risk categories into its Enterprise Risk Management. In 2019, the Company also worked on a risk evaluation specific to its supply chain to classify and prioritize suppliers, and thus better monitor and address risk mitigation in the supply chain (refer to this document, Section D.4.4.2). According to best practices and to fit with legal requirements, Worldline performs a yearly compliance risk assessment leading to a compliance risk heat map. This allows the Compliance Function, at global and local level, to identify the main compliance risks in their area of responsibility and to define and implement related mitigating actions. A compliance review is also established through the Rainbow Process, which sets out defined steps and escalation procedures. This process will be replaced in 2020 by the Arrow process, dedicated to Worldline but covering the same compliance areas. During the 2019 transition period, existing Atos compliance policies remained valid till publication of the Worldline ones. Worldline's business partners, including agents, intermediaries, consortium partners and consultants assisting Worldline in developing and retaining its business are subject to a due diligence and validation process. Furthermore, Worldline performs a specific CSR assessment of its partners through the EcoVadis rating for rank 1. A new evaluation platform will be implemented in 2020 to further enhance the assessment process (refer to this document, Section D.4.4.2.3). An assessment procedure for D.4.2.3.2 subcontractors and suppliers

Actions to mitigate these risks D.4.2.3.3 In 2019, Worldline procurement and CSR teams updated the Business partner’s commitment to integrity to dedicate it to the Group, following the separation with the Atos group. This charter integrates all the obligations related to the Duty of Vigilance (addressing human rights, health & safety and environment topics). This charter for partners is shared as an annex in all contracts with them. For more information, refer to this document Section D.4.4.2.2). Worldline whistleblowing procedure D.4.2.3.4 and system [GRI 103-2 Anti-Corruption] [GRI 103-2 Indirect Economic Impacts] [GRI 102-16] [GRI 102-17] [GRI 102-33] and [GRI 205-2] On an internal level though the Code of Ethics, and on an external level through the Business partner’s commitment to integrity charter, -both documents being available on Worldline’s website, Worldline gives the right to its employees and partners to report breaches with the Company’s commitments on Human Rights, –including harassment and discrimination issues, Health & Safety and Environmental commitments. The whistleblowing procedure takes the form of the Compliance alert system, in which the setting of a unique email address, communicated to employees and partners, allows these latter to first report breaches: ComplianceWorldline@worldline.com . The procedure is similar for employees and partners (refer to this document Section D.4.2.1). In 2019, the Group Chief Compliance Officer reviewed the internal Compliance alert process in order to: Reinforce the governance of any internal investigation; ● Enhance collaboration between global function and local ● teams; Provide clear guidelines on how to conduct an internal ● investigation, report and take decisions, such as remediation actions in a measureable and consistent manner, in case of non-compliant behaviours. Any case subject to the Group Compliance Alert Process is reported to the Group Chief Compliance Officer, who will report to the Audit Risk and Compliance Committee any case investigated and confirmed as a critical concern at Group level. All governance matters as far as compliance is concerned are described in Chapter F. Risk Factors in this document. The Compliance Alerts Policy gives an overview on how the Group acts on prevention, detection and reaction of compliance breaches including as well the protection of the person raising the alert. Roles and responsibilities are clearly set and guidelines on confidentiality and information management included. In 2019, five alerts were reported and handled in Worldline Compliance alert system.

D

161 Universal Registration Document 2019