Cap Gemini - Registration Document 2016

1

PRESENTATION OF THE GROUP AND ITS ACTIVITIES

1.7 Risk analysis

Contracts

activities Failure to comply with regulations governing our

Risk factors

Risk factors

guarantees, when there is no liability protection clause in relation to services affecting health and safety or the environment, and when the rights of third parties are not respected. liability in certain circumstances, comprises a risk. Contractual risks may notably arise when the Group’s liability for failing to fulfill certain obligations is unlimited, on the acceptance of financial The acceptance of unfavorable conditions, such as unlimited complexity. Group Review Board is the only entity authorized to approve derogatory clauses following a thorough review of. in the event of derogation from accepted standard positions. Criteria determining when it is necessary to report to the Group Review Board have also been defined for contracts identified by the Group as presenting a high level of risk due to their size or The Group has established a Contract Clause Negotiating Guide, which identifies clauses exposing the Group to risk and requires information to be reported to the Group Legal Affairs Department around the world and are subject to numerous and constantly changing laws and regulations. These mainly include, for example, anti-corruption laws, import and export controls, anti-trust laws, sanctions, immigration rules, safety obligations and employment legislation. The Group is a multinational company operating in several countries and providing services to clients who, in turn, operate The sheer diversity of local laws and regulations applicable and the constant changes therein, exposes the Group to a risk of infringement of such laws and regulations by under-informed employees especially those working in countries that have a fraud committed by employees. As stringent as they may be, the legal precautions taken by the Group both at a contractual and an operational level to protect its activities or to ensure adherence by employees to internal rules can only provide reasonable assurance and never an absolute guarantee against such risks. different culture to their own - and to the risk of indiscretion or Business Ethics, an anti-corruption policy and an anti-trust policy and calls on a network of Legal Counsels who double-up as Ethics & Compliance Officers and participate in identifying risks and train and monitor employees in order to guarantee compliance. The Group has a Legal Department with an established presence in the main geographic areas. Its role is to monitor changes in legislation relevant to the Group’s activities and provide training in the main legal issues. The Group has also adopted a Code of management systems Compliance with legislation Risk factors Risk management systems

our clients’ activities, particularly in the financial sector, sometimes require us to comply with regulations imposed on them, or in rare cases, make us comply with other regulations. While the Group’s activities are not generally regulated, certain of to a client or third-party. Due to the nature of its activities, the Group must comply with various international and local regulations regarding data privacy protection. The Group could be held liable in the event of voluntary or involuntary disclosure of all or part of personal data belonging activities or our reputation of non-compliance with regulations Even if measures are taken to limit any negative impact on our governing our activities, failure to take account of regulations or an error in interpreting such regulations, would expose the Group to financial and reputation risks. obtained. and, where appropriate, any necessary authorizations to be To ensure compliance with regulations applicable to its clients, the Group analyses the related obligations, which are then monitored by teams in the Production/Methods and Support Department. This analysis also enables the identification of regulated activities regulations governing the protection of personal data, CNIL acting on behalf of European Union authorities on data privacy protection approved the Capgemini Binding Corporate Rules (BCR) defining the processing of personal data by the Group throughout the In March 2016, with regards to the various international and local world, on its behalf and for its clients. A large number of our clients have been identified as operators of vital importance by their national authorities or by Europe. The security of their information systems must therefore by approved by these authorities and our Group, as a major sub-contractor, must also comply with these regulations. the Group performs a due diligence review of the target or an analysis of the activity as well as applicable regulations. Finally, during acquisitions or on the launch of a new business line, Risk factors Having developed a vast network of contractual relationships, the Group is not immune from litigation and legal action. legal or arbitration proceedings, including any proceedings of which the Group is aware, that are pending or liable to arise, which are likely to have or have had in the last 12 months a material impact on the Group’s financial position or profitability Nonetheless, at the date of this report, there are no governmental, other than those that are recognized in the financial statements or disclosed in the notes thereto (see Note 25 to Capgemini’s statements). any threats of this nature. other disputes and government inquiries. The local Legal Departments also regularly inform the Group Legal Department of A procedure has been implemented for reporting information to the Group Legal Department on actual and potential litigation and Risk management systems Litigation Risk management systems

32

Registration Document 2016 — Capgemini