QUADIENT - 2019 Universal Registration Document

4 RISK FACTORS AND INTERNAL CONTROL Risk factors

Risk factors 4.1

4.1.1

RISK ASSESSMENT

The Group has implemented a mapping process for its risks. The risk map was updated between the end of 2019 and the beginning of 2020 under the supervision of the head of internal control. This was done by holding discussions with key Group managers and subsidiary management teams (selection of the 20 top managers). It has been updated afterwards to take into account the COVID-19 crisis. A list of risks classified by theme was then drawn up and rated by the persons interviewed, based on two criteria: impact and likelihood. The risk map is then presented to the Chief Executive Officer, the audit committee and the management team. A number of operational action plans were introduced across the Group, overseen by clearly identified individuals and monitored on a regular basis at the highest level. In addition to the review carried out by the audit committee at the end of March 2020, risks are reviewed by the Board of directors before taking any major decision (new acquisitions, restructuring, new credit lines, etc.). Risks are discussed by the Board from a Group-wide perspective when the three-year plan is drawn up, during which: Quadient's Chief Executive Officer presents market ● conditions: change in regulation, market trends, competition; the Chief Financial Officer presents the Group strategy ● and financial objectives (by country, business line, etc.). Risks are also assessed as part of the preparation and presentation of the budget.

Regarding the CSR (Corporate Social Responsibility)/ non-financial risks, they have been assessed with the same methodology. They are presented in the risk mapping for the highest ones and in a more detailed way in chapter 5 “Non-financial performance statement” of the present document. In addition, the risks and opportunities related to the Group’s external environment are analyzed every year during preparation of the three-year strategic plan. Finally, the directors of operating entities are responsible for identifying and assessing the risks associated with the activities they supervise. The results of their assessments are sent to the Group management and reviewed and discussed during operational reviews. Highlighting “red flags” risk areas is always part of the process.

80

UNIVERSAL REGISTRATION DOCUMENT 2019