Worldline - Registration Document 2016

A

Corporate and social responsibility report Annex III - Being an ethical and fair good player in business

A.4.1.1.5

[GRI 205-1] Risk assessment andmapping process

between the Sales and Marketing (S&M) and the Customer applied at Worldline SA/NV, and the allocation of responsibility principles of AML, the “Know Your Customer” (KYC) principle as (overseen by the local banking regulator). It sets out the general Services (CS) Divisions. anti-money laundering (AML) policy in place since 2011 Worldline SA/NV, the Group’s Belgian subsidiary, has had an the organizations that issue PCI certifications and address ensure compliance with payment security rules established by breaches. In its role as commercial acquirer, the Group must in place (e.g. PCI certification) to minimize the risk of data taken all necessary measures, in accordance with best practices Fraud risk management: the Group as an issuer processor has Detection & Reaction (FD&R) application that allows the to address these risks. The Group has developed a Fraud department has implemented various policies and procedures money laundering risks. The Group’s Fraud Risk Management de-activation and back-up systems. risks, such as geo-blocking, real time blocking, fall back enhanced with additional features to better manage the residual application. The Group’s risk mitigation process has been detection of fraud in near real time based on a data analysis January 1, 2011. been included in every employee’s employment contract since approved by the Board of Directors. This Code of Ethics has of Ethics, which was overhauled in 2015, after having been The Company’s Code of Ethics is based on the Atos group Code and Worldline corporate values, establishing ethical practices as The Code of Ethics introduces a direct reference to Atos group the backbone of the Group’s corporate strategy: responsibility, to clients, innovation, wellbeing at work and excellence. trust, sustainable competitiveness, service quality and listening function in providing leadership and guidance to global The Code of Ethics enhances the role of the compliance actions deemed inconsistent with the values and principles of the right of any Group employee to disclose behaviors or sustainable business. Additionally, the Code of Ethics introduces operations, to protect the Worldline brand and to ensure the Code of Ethics. operations in early 2016. Strong involvement by the Human The Code of Ethics began to be rolled out across all global several European countries. representatives of employee councils to be involved, such as implementation, particularly in countries requiring Resources department has ensured a consistent and thorough adopted a slightly modified Code of Ethics, particularly with laws and regulations. Consequently, certain countries have content of the Code of Ethics to ensure alignment with local Additionally, the Legal department of each country reviewed the Ethics will continue throughout 2017. whistleblowing systems. The deployment of the new Code of respect to issues carrying legal implications, such as national The Code of Ethics A.4.1.1.4

Contract Management department and relevant non-legal well to understand how the risks identified are perceived within implement adequate remediation actions where necessary as risks (i.e. risks with a legal cause) that allows Atos entities to stakeholders (Human Resources, IT, security) of a series of legal the organization. evaluation by members of the Atos Legal, Compliance and management in 2016. This risk management exercise consists in the Audit Committee of the Group, with a clear mapping of the results of the legal risk management exercise are presented to As integrated to the Atos enterprise risk management, the legal risks of the Group. business opportunities is an important part of the overall risk In addition, the review of core compliance issues in assessing Rainbow Process, which sets out defined steps and escalation systems for credit, commercial and legal risks, through the transactions is well established within Atos, similar to the review assessment framework. The compliance review process of procedures [GRI 205-1]. process, which was fully integrated to the enterprise risk Atos has put in place a legal and compliance risk management raise an alert in the event of a suspected non-compliance with internal control system, establishes the right of all employees to Atos Code of Ethics, as described in 16.6.1.3 Components of the 102-17]. Local General Counsels, management, and Group requirements of the French Data Protection Authority [GRI Ethics alert system has been established in compliance with the the values and principles of the Code of Ethics. The Code of subject of the alert, are protected accordingly. alert, and ensuring that the rights of employees, the sender or Compliance are points of contact for any employee raising an Investigations procedure [GRI 102-33]. Such procedure was to the Group Head of Internal Audit, who will launch the Internal Company are to be reported to the Head of Compliance and/or Any allegations of non-compliance detected within the conduct internal investigation. and local teams and provides clear guidelines on how to investigation, enhance collaboration between global function reviewed in 2016, to reinforce the governance of any internal Group Compliance Steering Committee. through the annual review of internal investigations during a level, and communicated to Group Executive Committee, Such Internal Investigations are properly tracked at corporate Anti-Corruption] Internal Investigations [GRI 103-2 Awhistleblowing procedure and A.4.1.1.6

A.4.1.1.7

processes [GRI 103-2 Anti-Corruption] Improved compliance tools and

Worldline has implemented several measures to prevent bribery within the Atos group [GRI 205-3]. relating to business integrity, in line with the practice followed and corruption, in support of its Code of Ethics principles

320

Worldline 2016 Registration Document