LOREAL_Registration_Document_2017

Corporate governance * RISK FACTORS AND CONTROL ENVIRONMENT

their potential areas for improvement by the Office of the Chief Ethics Officer. The Senior Vice-President and Chief Ethics Officer regularly visits the Group’s entities all over the world to meet employees at all levels of the Company. In addition, a tool enables the Subsidiaries to identify and prioritise potential risks in terms of human rights and fundamental freedoms. The environment, health and safety The Management Committees of L’Oréal Sites have self-assessment tools for their practices based on the audit standards provided to them, which enables them to implement an improvement plan, if required. Whistle-blowing mechanism and 2.8.4.4. reporting system L’Oréal’s “Open Talk” policy enables employees to namely report serious abuses of human rights and fundamental freedoms and breaches of rules related to health and safety and respect for the environment, notably via a secure Internet site (ethics whistle-blowing line) directly to the Senior Vice-President and Chief Ethics Officer. It is planned to open the Group’s ethics whistle-blowing line (www.lorealethics.com) to all of the Group’s stakeholders in 2018. A new procedure to collect and handle reports will also be published. Definitions and general framework 2.8.5.1. In L’Oréal, the system of management of risks (events or situations of which the realisation, which is uncertain, has a positive or negative impact) applies to the Company and its consolidated subsidiaries (“the Group”). Risk management consists in identifying, managing and controlling risks that may affect the smooth running of the Company. It also participates in value creation by promoting the good use of resources to minimise the impact of negative events and maximise the realisation of opportunities. Risk management therefore goes beyond a strictly financial framework. RISK FACTORS AND RISK 2.8.5. MANAGEMENT

In order to ensure the sustainability of its development and the achievement of its objectives, the Group strives to anticipate and manage the risks to which it is exposed in its different areas of activity. In addition, the Internal Rules of the Board of Directors specify the role played by the Audit Committee which “must make sure that the General Management has at its disposal the means to enable it to identify and manage the economic, financial and legal risks facing the Group inside and outside France in carrying out its normal or exceptional operations”. On the basis of the work by the Internal Audit Department, the analysis of major accounting and financial risks, in conjunction with the processes used by subsidiaries, makes it possible to identify Internal Control improvements and update the Group’s standards. Risk mapping 2.8.5.2. The risk mapping for all of L’Oréal’s activities is updated periodically: this process of identification and analysis of the significant risks and processes enhances knowledge of the Group’s risks by formalising and consolidating the work already done to date. The results of this work were presented to the Audit Committee. It is the responsibility of the Risk Management and Compliance Department to lead this process which makes it possible to prepare the appropriate action plans and it makes a presentation to the Audit Committee every year on the main progress made. The main risks to which the Group is exposed are described below. Risk factors 2.8.5.3. The Group operates in a changing environment. Like any company, it is necessarily exposed to risks which, if they were to materialise, could have a negative impact on its business activities, its financial situation and its assets, particularly in terms of reputation and image. This chapter describes the main risks to which the Group considers that it is exposed: risks specific to L’Oréal’s activities, followed by legal, industrial and environmental risks, and finally risks of an economic and financial nature. Faced with these risks, L’Oréal has set up an Internal Control system to prevent and manage them more effectively. The Internal Control and risk management procedures are therefore described in this chapter as provided for by Article L. 225-100-1 of the French Commercial Code. However, a wholly risk-free environment cannot be guaranteed. Moreover, the Group could be adversely impacted by other risks of which it is not currently aware or which it does not consider material at the date of this Document.

2

REGISTRATION DOCUMENT / L'ORÉAL 2017

119