technicolor - 2020 Universal Registration Document

RISKS, LITIGATION, AND CONTROLS RISK FACTORS

BUSINESS CONTINUITY

GRI [102-34] Risk identification

Risk monitoring and management

Risk that critical processes are impacted or even forced to cease operations by natural disasters (e.g. pandemic, earthquake, floods, etc .) and/or man-made incidents are not identified and mitigated in a Business Continuity Plan (BCP). The lack of visibility on the maturity of BCPs in the Divisions, as well as, at Group level, may significantly handicap the Group in returning to operations quickly, and may ultimately have a significant impact on its financial situation. Not updating BCPs with lessons learnt from this pandemic crisis could put the Group in the same situation in the future. This is not only applicable to the Group, but also to all our third parties. Risk that climate and environmental changes (Covid-19) could lead to an economic recession, thus impacting our key partners’ operations (customers and suppliers) given governmental decisions. In addition, risk that IT Disaster Recovery (DR) does not sufficiently anticipate the information systems capabilities necessary to restore IT applications and services in an orderly and timely manner following a major incident. Risk of poor coordination between IT DR and BCP (operations) may compromise the efficiency of the continuity solutions, such as the implementation of work from home solutions. Lack of tabletop exercises may leave potential opportunities for improvement should the risk materialize.

A common framework with strong governance, supported by a defined matrix organization and leadership team by Division exists across Technicolor, supported by the Technicolor Security Office. Crisis Management and Employee Safety (CMES) programs are established along with significant business incident (SBI) tools and an underpinning process with HR and TSO. Tools, process and resources are in place to anticipate the unforeseen risks (i.e. pandemic). BCP programs were effectively rolled out in 2020 and post pandemic refinement of such plans and processes have been defined across the Group with updated governance and central view of BCPs across the Group.

3

PHYSICAL SECURITY

GRI [103-1 Customer privacy] [103-2 Customer privacy] Risk identification

Risk monitoring and management

The Group is exposed to physical security risks via its contractual obligations to protect customers’ content across the businesses (e.g. DVD supply chain services provided by the Division, from receipt and storage of content masters, to replication onto optical media, and through the successful delivery of finished products into retail). Any illegal copies and/or stolen finished goods can result in material economic loss for the customer. Therefore, any physical security failures by the Division may result in financial penalties, loss of customer contracts, and damage to the Group’s image and reputation. In addition, the Group is also exposed to physical security risks at all its locations to protect its employees and systems. Insufficient measures in place and maintenance support may result in potential security issues and damage the Group’s image and reputation with its employees and customers.

Rigorous security policies and controls have been implemented by a dedicated team (i.e . Loss Prevention Department, Security, etc.) and are enforced on all sites that handle customer content. Risk assessments and associated mitigation actions are performed annually and upon environmental changes. Employees are provided with security awareness training and are a part of the Division’s security network. Several customers and industry associations regularly audit these security procedures on a recurring basis (see Cybersecurity). The facilities are guarded by effective perimeter controls, alarms and extensive surveillance devices. All personnel and visitors are subject to strict security access controls, and upon exit, higher risk sites require searches using handheld metal detectors and/or full body scanners, and all personal belongings are inspected. All third-party service providers (such as transportation and janitorial services providers) are thoroughly vetted to ensure compliance with Technicolor security standards. In addition, insurance coverage for theft of products are in place (including Property and Cargo policies).

53

TECHNICOLOR UNIVERSAL REGISTRATION DOCUMENT 2020