Worldline - 2020 Universal Registration Document

D

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Ensuring business ethics within our value chain

Meeting structure

Scope

Participants & topics addressed

Audit, Risk and Compliance Committee

At the highest level in the Group, the Group Compliance Function reports to this Committee taking place twice a year. This latter aims to oversee Worldline’s effectiveness in internal control, risk management and internal & external compliance and to communicate on the milestones related to the Group Compliance Programme.

Chaired by the Deputy CEO and Head of Group Internal Audit, this Committee gathers the GBL heads, the CFO, Group Head of HR, Head of Legal Compliance and Contract Management, the CIO and the Head of Quality, Security, Risk and Compliance.

In 2020, no significant fine for non-compliance [GRI 419-1] or claim related to corruption [GRI 205-3] was reported for Worldline. In 2020, no cases deemed critical were reported at global level [GRI 102-34] . With the acquisition of Ingenico, the organisation and structure of the Compliance Function has been revisited. The increased importance of compliance subjects in the enlarged organisation, with more regulated entities, required an enforced team to ensure group and local compliance coverage. Expertise has been increased assigning teams globally and on business line level on following key subjects: Financial Security (money-laundering, sanctions, export controls), Ethics and Third Party Management and Regulatory Compliance. The Group Chief Compliance Officer has a direct reporting line to the Worldline CEO. Meeting structures have been kept for the year 2020, and evolved towards an extended Compliance structure on global level, reporting directly to the Worldline CEO and as such sharing Compliance topics with the highest level of management. Worldline Duty of Care (Vigilance Plan) D.4.2.2.1 [102-11] [GRI 102-5] and [GRI 102-15] The French law on Duty of Care applies to any company having its head office in France which, at the end of two consecutive financial years, employs at least 5,000 employees by itself and in its direct or indirect subsidiaries whose head offices are also located in France, as well as to any company having its head office in France and employing at least 10,000 employees itself or in its direct or indirect subsidiaries regardless of where their head offices are located. Such company establishes and effectively implements a vigilance plan relating to the activity of the company and of all the subsidiaries or companies it controls. It can therefore notice that these risks and infringements must be identified not only with regard to the company’s own activities, but, also and, more challenging, to the activities of directly or indirectly controlled companies, as well as the activities of subcontractors and suppliers with whom a commercial relationship is established. The plan includes reasonable vigilance measures designed to identify risks and prevent serious violations of human rights and fundamental freedoms, human health and safety and the environment, resulting from the activities of the company and those of the companies it controls. However, it is important to

underline that the law does not apply to corruption, which is now governed by the new “Sapin II” law, published on December 10, 2016. Beyond French and European Regulations, other national Duty of Care laws exist. In this context, and as required by the Modern Slavery Act in the UK, and by the Child Labour Due Diligence Law in the Netherlands, statements have been published on Worldline web-sites in the different countries. At the EU level, according to the Directive 2014/95/EU also called the non-financial reporting directive (NFRD), large companies have to publish reports on the policies they implement in relation to (i) environmental protection; (ii) social responsibility and treatment of employees; (iii) respect for human rights; (iv) anti-corruption and bribery and (v) diversity on company boards (in terms of age, gender, educational and professional background) Worldline Group ensures its compliance with the Duty of Care law through the four following main actions which meet all the key components of a “duty of care” plan. A risk mapping of suppliers D.4.2.2.2 and partners [GRI 102-9 Supply Chain] [GRI 102-5] Worldline analyses different types of supplier risks at two levels: At supplier level: compliance and legal risks (legal ● convictions, presence on sanctions lists, identification of a Political Exposed Person, adverse media), financial stability related risk, inherent CSR risks relating to the purchase category and to the operational countries of the supplier (including the country’s exposure to corruption); Order level: risks relating to profitability, substitutability, ● security, business continuity, data protection, specific regulated services, etc. Please refer to this document, Section D.4.4.2: Ensure due diligence through its suppliers’ risk assessments. An assessment procedure for suppliers D.4.2.2.3 Worldline’s business partners, including suppliers, are subject to a due diligence and validation process. Furthermore, Worldline performs a specific CSR assessment of its critical and strategic suppliers through the EcoVadis extra-financial rating.

174

Universal Registration Document 2020