PRESENTATION OF THE GROUP AND ITS ACTIVITIES

1.7 Risk analysis

1

32

Registration Document 2016 — Capgemini

Contracts

Risk factors

guarantees, when there is no liability protection clause in relation

to services affecting health and safety or the environment, and

when the rights of third parties are not respected.

liability in certain circumstances, comprises a risk. Contractual

risks may notably arise when the Group’s liability for failing to fulfill

certain obligations is unlimited, on the acceptance of financial

The acceptance of unfavorable conditions, such as unlimited

management systems

complexity. Group Review Board is the only entity authorized to

approve derogatory clauses following a thorough review of.

in the event of derogation from accepted standard positions.

Criteria determining when it is necessary to report to the Group

Review Board have also been defined for contracts identified by

the Group as presenting a high level of risk due to their size or

The Group has established a Contract Clause Negotiating Guide,

which identifies clauses exposing the Group to risk and requires

information to be reported to the Group Legal Affairs Department

Compliance with legislation

Risk factors

around the world and are subject to numerous and constantly

changing laws and regulations. These mainly include, for example,

anti-corruption laws, import and export controls, anti-trust laws,

sanctions, immigration rules, safety obligations and employment

legislation.

The Group is a multinational company operating in several

countries and providing services to clients who, in turn, operate

fraud committed by employees. As stringent as they may be, the

legal precautions taken by the Group both at a contractual and an

operational level to protect its activities or to ensure adherence by

employees to internal rules can only provide reasonable assurance

and never an absolute guarantee against such risks.

different culture to their own - and to the risk of indiscretion or

The sheer diversity of local laws and regulations applicable and

the constant changes therein, exposes the Group to a risk of

infringement of such laws and regulations by under-informed

employees especially those working in countries that have a

Risk management systems

Business Ethics, an anti-corruption policy and an anti-trust policy

and calls on a network of Legal Counsels who double-up as

Ethics & Compliance Officers and participate in identifying risks

and train and monitor employees in order to guarantee

compliance.

The Group has a Legal Department with an established presence

in the main geographic areas. Its role is to monitor changes in

legislation relevant to the Group’s activities and provide training in

the main legal issues. The Group has also adopted a Code of

activities

Failure to comply with regulations governing our

Risk factors

our clients’ activities, particularly in the financial sector, sometimes

require us to comply with regulations imposed on them, or in rare

cases, make us comply with other regulations.

While the Group’s activities are not generally regulated, certain of

to a client or third-party.

Due to the nature of its activities, the Group must comply with

various international and local regulations regarding data privacy

protection. The Group could be held liable in the event of voluntary

or involuntary disclosure of all or part of personal data belonging

governing our activities, failure to take account of regulations or an

error in interpreting such regulations, would expose the Group to

financial and reputation risks.

activities or our reputation of non-compliance with regulations

Even if measures are taken to limit any negative impact on our

Risk management systems

obtained.

and, where appropriate, any necessary authorizations to be

To ensure compliance with regulations applicable to its clients, the

Group analyses the related obligations, which are then monitored

by teams in the Production/Methods and Support Department.

This analysis also enables the identification of regulated activities

authorities and our Group, as a major sub-contractor, must also

comply with these regulations.

regulations governing the protection of personal data, CNIL acting

on behalf of European Union authorities on data privacy protection

approved the Capgemini Binding Corporate Rules (BCR) defining

the processing of personal data by the Group throughout the

In March 2016, with regards to the various international and local

world, on its behalf and for its clients. A large number of our

clients have been identified as operators of vital importance by

their national authorities or by Europe. The security of their

information systems must therefore by approved by these

the Group performs a due diligence review of the target or an

analysis of the activity as well as applicable regulations.

Finally, during acquisitions or on the launch of a new business line,

Litigation

Risk factors

Having developed a vast network of contractual relationships, the

Group is not immune from litigation and legal action.

other than those that are recognized in the financial statements or

disclosed in the notes thereto (see Note 25 to Capgemini’s

statements).

legal or arbitration proceedings, including any proceedings of

which the Group is aware, that are pending or liable to arise,

which are likely to have or have had in the last 12 months a

material impact on the Group’s financial position or profitability

Nonetheless, at the date of this report, there are no governmental,

Risk management systems

any threats of this nature.

other disputes and government inquiries. The local Legal

Departments also regularly inform the Group Legal Department of

A procedure has been implemented for reporting information to

the Group Legal Department on actual and potential litigation and