Worldline - 2019 Universal Registration Document

F

RISK ANALYSIS Risk management activities

The Group operates in a constantly evolving environment and is exposed to risks that, if materialized, may have a material adverse effect on its business, prospects, customers, partners, reputation, financial condition including operating results and cash flows. The Group relies on a continuous process of identification and analysis of risks, their impact and probability of occurrence in order to identify those likely to affect the achievement of its objectives. Risk assessment and management is an integral part of the Group’s operational and strategic management. Risks are assessed and monitored through business lines and functions. Internal Audit, risk management, Compliance, Legal, Insurance, Security and Finance departments can be cited as Functions playing a key role in identifying and controlling the main risks, among other. Risk assessment and management is based on a multi-level organization, which is detailed below. Risks are also appraised through the Internal Control initiatives and Internal Audit assignments (see Section F.5 "Internal Control" of this Universal Registration Document). In addition to integrated process of risk management, dedicated activities are also deployed for transversal internal risk management (see Section F.1 "Risk management activities" of this Universal Registration Document). Investors should carefully consider all the information set forth in this Universal Registration Document, including the risk factors set forth in this chapter. Risks described in Sections F.2 are, as of the date of this Universal Registration Document, the risks that the Group believes, were they to occur, could have a material adverse effect on its business, results of operations, financial condition or prospects. Investors should note that there may be other risks that have not yet been identified as of the date of this Universal Registration Document, or whose occurrence as of the date hereof is not considered likely to have a material adverse effect on the Group’s business, results of operations, reputation, financial condition or prospects. The extra-financial performance analysis assesses on a yearly basis, risks related to the four top areas underlined through the Corporate Responsibility and Sustainability program highlighted in Section D.1.1. This materiality assessment is aligned with the Enterprise risk management exercise described in Section F.1.1. The main extra-financial risks identified are “Building customer trust” (i.e. Cyber-attack, security of systems and data protection, innovative portfolio; competitors landscape; service delivery quality and business continuity), “Being a Responsible employer” (i.e. People). Other risks relate to mergers & acquisitions, expansion to new markets, regulatory and legal risks, clients, suppliers, intellectual property, commercial acquiring business, macro-economic changes and country risks and financial risks. Their magnitude varies in terms of impact on the Group’s business or results and/or likelihood to occur. Please refer to the mapping tables in Section F.2. for a description of those risks and the mitigation actions.

Risk management activities F.1

Risk assessment and management is an integral part of the risks embedded in each process, dedicated activities are also Group’s operational and strategic management and is deployed for a transversal management of risks. described in the paragraphs below. In addition to managing the

F.1.1

Enterprise risk management (ERM)

A risk mapping is revised each year under the sponsorship of general management. The selected methodology involves the most senior managers of the Group through workshops and questionnaires, to collect their perception of the main risks, their relative importance (inherent risk) and mitigation effectiveness (residual risk). This assessment covers potential risks related to: External (external events, stakeholders’ eco system, market ● environment);

The organization & business development (organization ● alignment, ability to innovate, go-to-market); Services and product delivery (people, internal system ● performance, delivery); and Compliance and information used for decision making ● (Laws & Regulations, Corporate Social Responsibility, financial performance).

328

Universal Registration Document 2019