![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0034.jpg)
PRESENTATION OF THE GROUP AND ITS ACTIVITIES
1.7 Risk analysis
1
32
Registration Document 2016 — Capgemini
Contracts
Risk factors
guarantees, when there is no liability protection clause in relation
to services affecting health and safety or the environment, and
when the rights of third parties are not respected.
liability in certain circumstances, comprises a risk. Contractual
risks may notably arise when the Group’s liability for failing to fulfill
certain obligations is unlimited, on the acceptance of financial
The acceptance of unfavorable conditions, such as unlimited
management systems
complexity. Group Review Board is the only entity authorized to
approve derogatory clauses following a thorough review of.
in the event of derogation from accepted standard positions.
Criteria determining when it is necessary to report to the Group
Review Board have also been defined for contracts identified by
the Group as presenting a high level of risk due to their size or
The Group has established a Contract Clause Negotiating Guide,
which identifies clauses exposing the Group to risk and requires
information to be reported to the Group Legal Affairs Department
Compliance with legislation
Risk factors
around the world and are subject to numerous and constantly
changing laws and regulations. These mainly include, for example,
anti-corruption laws, import and export controls, anti-trust laws,
sanctions, immigration rules, safety obligations and employment
legislation.
The Group is a multinational company operating in several
countries and providing services to clients who, in turn, operate
fraud committed by employees. As stringent as they may be, the
legal precautions taken by the Group both at a contractual and an
operational level to protect its activities or to ensure adherence by
employees to internal rules can only provide reasonable assurance
and never an absolute guarantee against such risks.
different culture to their own - and to the risk of indiscretion or
The sheer diversity of local laws and regulations applicable and
the constant changes therein, exposes the Group to a risk of
infringement of such laws and regulations by under-informed
employees especially those working in countries that have a
Risk management systems
Business Ethics, an anti-corruption policy and an anti-trust policy
and calls on a network of Legal Counsels who double-up as
Ethics & Compliance Officers and participate in identifying risks
and train and monitor employees in order to guarantee
compliance.
The Group has a Legal Department with an established presence
in the main geographic areas. Its role is to monitor changes in
legislation relevant to the Group’s activities and provide training in
the main legal issues. The Group has also adopted a Code of
activities
Failure to comply with regulations governing our
Risk factors
our clients’ activities, particularly in the financial sector, sometimes
require us to comply with regulations imposed on them, or in rare
cases, make us comply with other regulations.
While the Group’s activities are not generally regulated, certain of
to a client or third-party.
Due to the nature of its activities, the Group must comply with
various international and local regulations regarding data privacy
protection. The Group could be held liable in the event of voluntary
or involuntary disclosure of all or part of personal data belonging
governing our activities, failure to take account of regulations or an
error in interpreting such regulations, would expose the Group to
financial and reputation risks.
activities or our reputation of non-compliance with regulations
Even if measures are taken to limit any negative impact on our
Risk management systems
obtained.
and, where appropriate, any necessary authorizations to be
To ensure compliance with regulations applicable to its clients, the
Group analyses the related obligations, which are then monitored
by teams in the Production/Methods and Support Department.
This analysis also enables the identification of regulated activities
authorities and our Group, as a major sub-contractor, must also
comply with these regulations.
regulations governing the protection of personal data, CNIL acting
on behalf of European Union authorities on data privacy protection
approved the Capgemini Binding Corporate Rules (BCR) defining
the processing of personal data by the Group throughout the
In March 2016, with regards to the various international and local
world, on its behalf and for its clients. A large number of our
clients have been identified as operators of vital importance by
their national authorities or by Europe. The security of their
information systems must therefore by approved by these
the Group performs a due diligence review of the target or an
analysis of the activity as well as applicable regulations.
Finally, during acquisitions or on the launch of a new business line,
Litigation
Risk factors
Having developed a vast network of contractual relationships, the
Group is not immune from litigation and legal action.
other than those that are recognized in the financial statements or
disclosed in the notes thereto (see Note 25 to Capgemini’s
statements).
legal or arbitration proceedings, including any proceedings of
which the Group is aware, that are pending or liable to arise,
which are likely to have or have had in the last 12 months a
material impact on the Group’s financial position or profitability
Nonetheless, at the date of this report, there are no governmental,
Risk management systems
any threats of this nature.
other disputes and government inquiries. The local Legal
Departments also regularly inform the Group Legal Department of
A procedure has been implemented for reporting information to
the Group Legal Department on actual and potential litigation and