3.2 Description of internal control and risk management procedures

3.2.1 PROCEDURES

3.2.1.1 GENERAL ORGANISATION OF THE GROUP

The consolidated financial statements of the Lagardère group included 617 companies in 2019 (the full list of consolidated companies can be found in the notes to the consolidated financial statements).
The Group’s strategy evolved in 2018 to focus on two major business divisions, Lagardère Publishing and Lagardère Travel Retail, while retaining certain media businesses. The Group’s planned disposals of its Lagardère Active and Lagardère Sports and Entertainment divisions are mostly underway and pending completion. Lagardère SCA is the holding company that controls all of the Group’s subsidiaries and investments, draws up its strategy, guides and finances its development, makes the main management decisions to this end, and ensures those decisions are implemented both at the level of the Group’s parent company and of its divisions.

3.2.1.2 THE GROUP’S MANAGEMENT BODIES​

3.2.1.2.1 THE MANAGING PARTNERS​
The General Management of the Company is the responsibility of the Managing Partners, who are appointed by the General Partners with the approval of the Supervisory Board. Each executive corporate officer represents the Company in its relations with third parties and engages its responsibility. The Managing Partners are responsible for:

  • determining the Group’s strategy;
  • guiding development and control;
  • taking the major management decisions required for this and ensuring those decisions are implemented both at the level of the parent company and in the various divisions.

Lagardère Capital & Management employs the executive corporate officers under the conditions set out in sections 2.5 and 2.8.1 of this Universal Registration Document.

3.2.1.2.2 THE EXECUTIVE COMMITTEE AND THE ENLARGED COMMITTEE
The Executive Committee, chaired by Arnaud Lagardère as Managing Partner of Lagardère SCA, holds meetings with the heads of the major central management functions of the Group. Two of them are, along with Arnaud Lagardère, Managing Partners and executive corporate officers.

The members of the Executive Committee are as follows:

Arnaud Lagardère General and Managing
Partner, Chairman of the
Executive Committee		 Managing Partners
Pierre Leroy, Co-Managing Partner,
Secretary General
Thierry Funck‑Brentano Co-Managing Partner,
Chief Human Relations,
Communications and
Sustainable Development
Officer
Ramzi Khiroun Lagardère SCA spokesperson
Chief External Relations Officer		  
Gérard Adsuar, Group Chief Financial Officer  

The role of the Executive Committee is to assist the Managing Partners in performing their duties.
It enlists the help of any of the Group’s senior managers it considers to be of use to accomplish its mission.
The Managing Partners are also supported by the Enlarged Committee, which is made up of the members of the Executive Committee, the division senior executives, the Chief Executive Officer of Lagardère News, and the General Counsel and Corporate Social Responsibility Director of Lagardère SCA. It meets every month.

3.2.1.2.3 GOVERNING, MANAGING AND SUPERVISORY BODIES OF THE DIVISIONS
As at 31 December 2019, operating activities are conducted by legally independent companies grouped together in the following business divisions: Lagardère Publishing, Lagardère Travel Retail, Lagardère Sports and Entertainment (the disposal of which is currently pending completion). Following its strategic refocusing, the Group also retained certain activities of the Lagardère Active division (Europe 1, Paris Match, Le Journal du Dimanche, Virgin Radio and RFM) and the Lagardère Sports and Entertainment division (Lagardère Paris Racing and Lagardère Live Entertainment).
Each division has its own organisation, which has been set up by its senior executive under the Managing Partner’s control. The various companies and resources in each division are functionally grouped together under a specific holding company.
Each division senior executive is responsible for the general management of the holding company.
All the members of these holding companies’ governance, management and supervisory bodies are appointed by Lagardère SCA through its subsidiary Lagardère Media.
The division senior executives and their subsidiaries exercise their responsibilities under the control of their governance or supervisory bodies. The Group appoints the majority of members of the governance and supervisory bodies.

Items appearing in the Annual Financial Report are cross‑referenced with the following symbol AFR

3.2.1.3 INTERNAL CONTROL AND RISK MANAGEMENT FRAMEWORK, RESPONSIBILITIES, OBJECTIVES AND SCOPE

3.2.1.3.1 INTERNAL CONTROL AND RISK MANAGEMENT FRAMEWORK AND ACTIVITIES
The Group applies the Risk Management and Internal Control System – Reference Framework recommended by the French financial markets authority (Autorité des marchés financiers – AMF) to oversee its internal control and risk management systems.
The description below takes up the various points for attention outlined in the Framework and the associated implementation guidelines.

3.2.1.3.2 OBJECTIVES AND LIMITATIONS OF THE INTERNAL CONTROL SYSTEM
Lagardère SCA has introduced a certain number of internal control procedures within the Group designed to ensure:

  • compliance with applicable laws and regulations;
  • application of the instructions and orientations defined by the Managing Partners;
  • proper operation of the Group’s internal processes, particularly regarding safeguarding its assets;
  • reliability of financial information;

and in general to contribute to the control of its businesses, efficiency of operations and efficient use of resources.
Naturally, the effectiveness of the internal control procedures is subject to the limitations inherent to any organisational system.

3.2.1.3.3 SCOPE OF THE INTERNAL CONTROL SYSTEM​
​The procedures described below apply to subsidiaries that are fully consolidated in the Lagardère group’s financial statements. Equity-accounted companies over which Lagardère SCA only exercises significant influence are not covered by the Group’s internal control system, although the Group may have specific rights related to its status as a reference shareholder.
Companies that have recently entered the scope of the Lagardère SCA internal control system must progressively adapt their own internal control procedures for harmonisation with the Group’s system.

3.2.2 DEFINITION OF RESPONSIBILITIES AND POWERS

The role of the Group’s main strategic management bodies is described in section 3.2.1. In order to fulfil their responsibilities, the Managing Partners rely on various committees and the Group’s Corporate Departments.

3.2.2.1 MAIN MANAGEMENT COMMITTEES AND MONITORING ACTIVITY

3.2.2.1.1 FINANCIAL COMMITTEE​
After the Executive Committee, the Financial Committee is the most important entity in terms of monitoring and controlling the Group’s operating activities.
The Financial Committee is chaired by the Group’s Chief Financial Officer, and includes representatives from the Group’s Corporate Departments concerned by the topics discussed in order to bring to bear all the requisite skills to accomplish its mission. Its principal task is to examine and monitor, in cooperation with the main managers of each division concerned, any significant investments (or disposals) and commitments made, e.g., through the acquisition of shareholdings in non-Group companies.

3.2.2.1.2 OTHER COMMITTEES​
Monthly business reviews are conducted for each division to monitor activity. The General and Managing Partner, the Group’s Chief Financial Officer, as well as the senior executive and Chief Financial Officer of the division concerned, generally take part in these reviews.
The Budget Committee reviews and monitors on an annual basis the budget for the coming year and the three-year plan. It includes the General and Managing Partner, the Group Chief Financial Officer, as well as the senior executive and Chief Financial Officer of the division concerned.
The Reporting Committee, chaired by the Group’s Chief Financial Officer, conducts a monthly review with all the divisions’ finance managers of the results achieved against the budget and the new budgetary forecasts, to enable the Managing Partners to monitor the progress and financial position of each division and take any necessary corrective action.
Each month the Cash Flow Reporting Committee, chaired by the Group’s Chief Financial Officer, examines a detailed analysis of cash flows and balances for each division, and a breakdown of the bank covenants described in note 30 to the consolidated financial statements, presented in chapter 5 of this Universal Registration Document.
Lastly, the Counterparty Risks Committee, chaired by the Group’s Chief Financial Officer, regularly analyses these risks, as described in note 30 presented in chapter 5 of this Universal Registration Document.

3.2.2.2 GROUP CORPORATE DEPARTMENTS​

The Managing Partners are supported by the Group’s Corporate Departments in implementing, monitoring and following up their decisions. The Group’s Corporate Departments had the following missions in 2019:

  • providing expert technical support to the Managing Partners and to the Executive Committee within the scope of their strategic management of the Group;
  • establishing standards and recommending best practices for the entire Group to strengthen control of its operations;
  • organising reporting for the purposes of the Group’s financial management and the monitoring of the divisions’ operations;
  • ensuring that the Group complies with its regulatory requirements;
  • making divisions aware of certain regulatory issues and offering them relevant technical and methodological support;
  • offering the divisions support regarding technical issues or special operations;
  • since March 2011, managing the Human Resources Department of Lagardère Sports and Entertainment.

At the end of 2018, the Managing Partners launched a process to reorganise the Group’s Corporate Departments as part of Lagardère’s strategic refocusing and in view of fast-paced changes in their environment.
This reorganisation, prepared throughout 2019 and being rolled out in 2020, aims to refocus the Corporate Departments’ work on the specific activities of Lagardère SCA as a listed holding company, while reinforcing their supervisory role as regards financial issues, risk management, and corporate social responsibility for the Group as a whole.
Most of the Group’s Corporate Departments, their teams and material resources are grouped together within Lagardère Ressources, a wholly-owned subsidiary of Lagardère SCA chaired by the Group General Counsel.
The reorganisation of these departments has led to a reduction of approximately 30% in Lagardère Ressources staff numbers under a phased employment protection plan.
The procedures described later in this document reflect those in place at 31 December 2019, which are set to evolve in 2020 in line with the details provided in section 3.2.1 – Control environment. Depending on their functional responsibilities, the Corporate Departments report to the Secretary General, Chief Human Relations, Communications and Sustainable Development Officer, or to the Chief Financial Officer, all three of whom are members of the Executive Committee. The Group Audit Department reports directly to Arnaud Lagardère in his capacity as General and Managing Partner.
It serves Lagardère SCA as well as all of the Group’s subsidiaries. Some of the Corporate Departments are more specifically involved in the implementation of internal control and risk management within the Group, particularly the Group Audit Department, the Group Legal Department (including the Compliance Department), the Management Control Department, the Accounting Department, the Group IT Department, the Risk and Internal Control Department, the Sustainable Development and CSR Department and the Corporate Communications Department.

3.2.3 HUMAN RESOURCES POLICY AND SKILLS MANAGEMENT

The Lagardère group’s performance depends directly on the skills of its employees and the suitability of its resources. The Group’s divisions manage their human resources independently, under shared principles and commitments (in particular the Group talent management policy) defined and formally established at Group level jointly with the divisions’ Human Resources Directors. This point is discussed in more detail in chapter 4 – Non-financial statement and duty of care plan of this Universal Registration Document.
Succession planning for the Group’s main executives is essential to the Group’s future success, as it guarantees continuity of leadership in case of a planned or unforeseen change in a key position, and, more generally, builds an internal team of managers capable of steering the Group through its long-term growth strategy.
In accordance with best corporate governance practices, existing succession planning and review processes will be strengthened to better address these needs.

  • Preparation of succession plans
    Each succession plan will be designed to cover different time frames:​
    • unforeseen situations (resignations, incapacity, death);
    • planned medium-term situations (retirement, expiry of term of office);
    • longer-term plans focused on identifying, partnering and training high-potential employees within the Group.
      ​Given the characteristics specific to the French partnership Lagardère SCA, succession planning comes under the responsibility of different management bodies, depending on the executives concerned:
    • plans concerning the Managing Partners are drawn up by the General Partners, Arnaud Lagardère and Arjil Commandité‑Arco, which, by virtue of the Articles of Association, are exclusively empowered to nominate and ensure the duties of executive corporate officers in the interim should a vacancy occur;
    • succession plans for members of the Executive Committee are drawn up by the Managing Partners;
    • succession plans for divisional top management and key roles within the Group’s Corporate Departments are drawn up by the Executive Committee;
    • lastly, as part of the talent management policy in place within the Group for the past few years, development plans for employees identified as high potential are prepared and implemented under the aegis of the Group Chief Human Relations, Communications and Sustainable Development Officer, also a Co-Managing Partner.

In the context of their work, the Managing Partners and the Executive Committee ensure that these plans are coherent, that the recommendations formulated are pertinent, and that the preparatory measures put in place are appropriate.
Similar processes are put in place in the divisions to prepare succession plans for key positions.
In 2018, Lagardère Publishing successfully implemented the procedure set out in the detailed succession plan.

  • Review of succession plans
    Reviews of succession plans fall within the remit of the Supervisory Board, assisted as appropriate by the Appointments, Remuneration and CSR Committee.
    In this respect, periodic reviews of succession plans are carried out by a special working group comprising members of the Supervisory Board. The due diligence procedures performed and the resulting conclusions are presented to the Appointments, Remuneration and CSR Committee, which subsequently reports on the matter to the Supervisory Board.
    In the context of these reviews, the working group, Executive Committee and Supervisory Board ensure that succession plans are effectively implemented and regularly updated, that they are coherent with Group and market practices, that the recommendations formulated are pertinent, and that the preparatory measures put in place are appropriate.
    The succession plans were assessed in 2019 and reviews will take place every year going forward.

3.2.4 APPLICABLE LAWS AND STANDARDS

The Group’s business is governed by specific laws and regulations, as set out in section 1.5 of this Universal Registration Document. As explained in section 4.2.2 – CSR players and governance, the Lagardère group endeavours to respect a certain number of rules established by national and international bodies regarding business enterprises.
The Lagardère group has drawn up a number of charters, codes and policies to supplement national and international regulations, in order to provide a framework for its activities and the conduct of its employees and partners.
The Responsible Procurement Policy and Responsible Supplier Charter seek to involve all external partners in respecting the Group’s values and commitments.
The Lagardère group Code of Conduct sets out a collection of guidelines at Group level, directly transcribing Lagardère’s values and providing a set of shared ethical standards for all Lagardère employees.
The Confidentiality and Market Ethics Charter Applicable to Lagardère Group Associates, in addition to the provisions of the Lagardère group Code of Conduct on confidentiality and securities transactions, defines the rules under which Group employees may trade in the Lagardère share, and implements preventative measures to limit situations that could give rise to insider misconduct.
The Information System Security Policy sets out the practices to be complied with and the resources to be implemented to protect information systems throughout the Group. The Commitment Procedure defines certain best practices and sets out the process and criteria for validating projects involving significant investments, disposals and commitments within the Lagardère group.
The General Financing Policy of the Lagardère Group and Subsidiaries organises the financing of transactions and Group entities. The Anti-Corruption/Anti-Bribery Policy is an integral part of the compliance and anti-corruption programme.
The International Economic Sanctions Policy is an integral part of the compliance programme for matters relating to economic sanctions. as set out in section 1.5 of this Universal Registration Document. As explained in section 4.2.2 – CSR players and governance, the Lagardère group endeavours to respect a certain number of rules established by national and international bodies regarding business enterprises.
The Lagardère group has drawn up a number of charters, codes and policies to supplement national and international regulations, in order to provide a framework for its activities and the conduct of its employees and partners.
The Responsible Procurement Policy and Responsible Supplier Charter seek to involve all external partners in respecting the Group’s values and commitments.
The Lagardère group Code of Conduct sets out a collection of guidelines at Group level, directly transcribing Lagardère’s values and providing a set of shared ethical standards for all Lagardère employees.
The Confidentiality and Market Ethics Charter Applicable to Lagardère Group Associates, in addition to the provisions of the Lagardère group Code of Conduct on confidentiality and securities transactions, defines the rules under which Group employees may trade in the Lagardère share, and implements preventative measures to limit situations that could give rise to insider misconduct. The Information System Security Policy sets out the practices to be complied with and the resources to be implemented to protect information systems throughout the Group.
The Commitment Procedure defines certain best practices and sets out the process and criteria for validating projects involving significant investments, disposals and commitments within the Lagardère group.
The General Financing Policy of the Lagardère Group and Subsidiaries
organises the financing of transactions and Group entities. The Anti-Corruption/Anti-Bribery Policy is an integral part of the compliance and anti-corruption programme.
The International Economic Sanctions Policy is an integral part of the compliance programme for matters relating to economic sanctions. A set of policies provides a framework for managing personal data processing.
Lastly, the Group is rolling out a policy to improve the prevention, detection and processing of cases of fraud.
The Group generally adapts its procedures or develops new ones in accordance with legislative or regulatory requirements which set out the framework for new obligations applicable to French companies. Where necessary, these various charters and principles can be adapted to the specificities of the Group’s divisions. Internal and external principles specific to the Group’s businesses are also applied. The self-assessment internal control questionnaire described in section 3.2.10.2 provides the entire Group with a set of key points on the various components of internal control.
The production of financial and accounting information is also governed by standards and guidelines.
These standards and guidelines define the common principles for preparing the consolidated financial statements and monitoring budgets to forecasts, and must be applied by all persons involved in the Group’s financial reporting process. Among them, the Lagardère Group Reporting Manual includes guidelines for consolidation procedures, and a set of definitions of the main indicators used in the consolidated reporting package. User and operator guides for the management system used throughout the Group are available and provide details of the corresponding tasks.
Other key documents are provided to all concerned by the preparation of the consolidated financial statements, mainly supporting changes in accounting standards or in the application of accounting standards. In 2019, a new tool was set up to measure right-of-use assets and lease liabilities, which must now be reported in the consolidated financial statements under the new accounting standard on leases (IFRS 16). Information input into this tool is then used to populate the consolidation software. Data on right-of-use assets and lease liabilities was previously compiled and included in off-balance sheet commitments.
The divisions prepare their own equivalent documentation for their specific systems, in keeping with the Group’s principles.

3.2.5 INFORMATION SYSTEMS

The Group’s information systems comprise:

  • communication systems such as messaging and collaborative software (intranet);
  • business monitoring systems, particularly financial and accounting systems;
  • audiovisual production systems such as broadcasting and antenna systems in radio activities; systems for editorial chains in magazine publishing; and tools for creation and storage of digital content as well as dedicated tools for websites.

The divisions are responsible for managing their own information systems. However, there are also Group-wide applications, such as the consolidation system presented below in section 3.2.6.8 – Financial reporting.
The IT Department supervises these systems and ensures they are in line with the Group’s objectives in the long term. It works in liaison with the Risk and Internal Control Department on the management of IT risks in light of objectives regarding reliability and continuity of operation, legal and regulatory compliance, and data confidentiality.

3.2.5.1 CONSOLIDATION SYSTEM FOR CONSOLIDATED FINANCIAL AND ACCOUNTING INFORMATION

As explained below in section 3.2.6.8 – Financial reporting, the overall financial reporting cycle for management and accounting data is based on common principles and on a single database (the consolidation system) shared by all teams in the finance departments within the Group Corporate Department and divisional Corporate Departments.

3.2.5.2 RELIABILITY OF DATA ENTRY​

The consolidation system used to produce consolidated management data and accounting data to be published is interfaced with the various accounting programmes used by the consolidated entities. The system includes blocking controls which help prevent incidents and anomalies, and improve the reliability of data entry. Monthly reporting is reviewed by management control teams.

3.2.6 PROCEDURES, METHODS, TOOLS AND PRACTICES

3.2.6.1 COMMITMENTS, INVESTMENTS AND DIVESTMENTS

The Group’s commitment procedure applies to:

  • financial investments and divestments;
  • acquisitions and disposals of significant property, plant and equipment or intangible assets;
  • significant financial commitments (particularly off-balance sheet commitments and contractual obligations);
  • guarantees issued;
  • all financing operations (loans or advances to third parties).

Limits may be set based on the type of operation. Planned acquisitions and disposals are reviewed by the Financial Committee, which is chaired by the Group’s Chief Financial Officer. The Financial Committee issues an opinion by any appropriate means to the Managing Partners, after assessing a summary of the benefits of the proposed transaction for the Group and division concerned, verifying that the risks generated by the transaction are known and can be managed, and validating the underlying assumptions used to analyse profitability, based on the methodology and criteria defined by the Group’s Finance Department.
This procedure does not apply to cash management or to capital increases by companies consolidated and/or controlled through incorporation of current account advances.

3.2.6.2 FINANCE AND CASH MANAGEMENT​

The Treasury and Financing Department has a policy to define the circumstances in which it uses banks for external financing or cash management services.

3.2.6.2.A EXTERNAL FINANCING​
As a general rule, only Lagardère SCA uses medium- or long-term bank or market financing, and finances the divisions itself. Apart from the financing of normal business operations, the divisions retain responsibility for some previously-negotiated transactions, or specific operations such as securitisation; however, these operations require advance authorisation and are reported to the Group’s Finance Department on a regular basis.

3.2.6.2.B CASH MANAGEMENT
Cash investments must be in fixed-income instruments issued by high-quality entities, with maturities appropriate to the planned duration of the investment. Speculative or high-risk investments are not permitted.

3.2.6.2.C HEDGING POLICY AND MARKET RISK MONITORING
The hedging policy and market risk monitoring is described in note 30 to the consolidated financial statements presented in chapter 5 of this Universal Registration Document.
The Group’s General Management and the divisions’ finance managers regularly adjust the hedging policy and the corresponding control system in light of the resulting priorities.

3.2.6.3 PURCHASING, SALES AND SALES ADMINISTRATION
The practices and procedures for purchasing and sales are defined by the Group’s divisions under their responsibility, in compliance with the Group’s shared principles, particularly regarding the segregation of duties.
The Purchasing and Real Estate Department is part of the Group’s Finance Department and manages the Group’s purchasing policy.

3.2.6.4 COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS

3.2.6.4.A COMPLIANCE WITH THE MAIN LAWS AND REGULATIONS APPLICABLE TO LAGARDÈRE SCA​
The Group Legal Department, which reports to the Group Secretary General, is responsible for ensuring compliance with the laws and regulations applicable to Lagardère SCA.
In particular, this department examines mergers and acquisitions (partnerships, acquisitions, disposals, internal restructurings, etc.) that are significant for Lagardère SCA, and supervises Lagardère SCA’s financing operations and off-balance sheet commitments. The Group Legal Department also ensures that any regulations that may concern Lagardère SCA and its various divisions (competition law, etc.) are properly applied.
It is involved in all legal aspects of the business of Lagardère SCA and the companies at the head of each business division. In this capacity, it monitors the application of stock exchange regulations, as Lagardère SCA is listed on Euronext Paris Compartment A. This includes keeping various internal procedures on market abuse up to date to ensure that they are in line with French and European legislation in this area.
A central database has also been set up at the instigation of the Group Legal Department, to centralise corporate information on virtually all of the Group’s French and foreign entities.

3.2.6.4.B COMPLIANCE WITH THE MAIN LAWS AND REGULATIONS APPLICABLE TO THE DIVISIONS​
The Group Legal Department is informed of all procedures introduced in each division to ensure compliance with the laws and regulations specific to their activity, and these procedures are regularly monitored by these divisions’ management bodies via their Legal Department or their external advisors.

3.2.6.5 BUSINESS ETHICS​

The Lagardère group attaches the utmost importance to maintaining business ethics in all its activities and regions. On the initiative of the Managing Partners and under the responsibility of the Legal Department, in 2013 it set up a Compliance function to design Group-wide programmes common to all business activities and aimed at identifying, preventing and handling certain business ethics-related risks.
Designed to support the operating teams in their daily activities, these programmes are supervised at Group level and implemented on the ground by each division’s Compliance Department through the international Compliance Correspondent network. The network is made up of experienced and recognised professionals, mainly drawn from support functions such as legal, human resources and finance. Each Compliance Correspondent covers a geographic area and one or more businesses for which he or she serves as the point of reference. The composition of the network changes according to businesses and international developments.
The Group is continually improving its programmes, training its employees and applying the procedures aimed at preventing and handling the potential risks associated with its international presence and the diversity of its operations.
In the course of 2019, the Group Compliance Department worked closely with the divisions to pursue its activities in the following areas:

  • Anti-corruption: the Group applies a zero tolerance policy in respect of corruption. It prohibits any form of corruption, active or passive, regardless of whether the contact person is a public or private individual.
    The anti-corruption programme is an all-encompassing system that incorporates the standards in this area, as reflected by international regulations (OECD’s 1977 Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, European anti-corruption conventions, the United Nations Convention against Corruption, the 2003 African Union Convention on Preventing and Combating Corruption, etc.) as well as national legislation (updated version of the 1977 US Foreign Corrupt Practices Act, the 2010 UK Bribery Act and the 2016 French Sapin II law). The Group also endeavours to comply with the regulations in force in the countries in which it operates. The Group’s anti-corruption policy and specific procedures are accessible to employees via the Group’s intranet. In addition, training sessions and awareness actions are organised at all levels for employees most exposed to such risks.
    Among the procedures in force, those related to contracts with third parties provide for checks on potential partners prior to contractualising the relationship.
    In 2019, Group Compliance organised a workshop on corruption risk for all of the Group’s functional and operating departments.
  • Compliance with international economic sanctions: operating on five continents, the Group closely monitors international economic sanctions and takes steps to comply with any applicable sanctions. This includes conducting project feasibility studies and running checks on a certain number of potential partners.
    The use of the tools created in 2016 (a management dashboard, a consolidated external database of the different sanctions and the insertion of standard clauses) continued in 2019.
    Lastly, training sessions in this area were organised as well in order to raise awareness among the employees most exposed to these risks.
  • Personal data protection: amid the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018, the Group designed a Compliance Pack on personal data for all of its employees. This tool outlines the challenges of each phase in the personal data life cycle, the main rules and good habits to develop.

The Group’s Legal Department has suitable expertise to ensure compliance with competition law and reviews major Group projects as part of the commitment procedure. It also provides day-to-day support for the operating staff concerned and rolls out initiatives to raise their awareness of the issues at stake.

3.2.6.6 PROTECTION OF BRANDS AND INTELLECTUAL PROPERTY RIGHTS

The Group’s divisions own a large number of very well-known brands, which they directly manage and protect. As the Lagardère brand is used through the Group’s activities, and due to the resulting exposure, Lagardère SCA is careful about protecting the brand and regularly extends international protection to cover areas where the Group is currently developing or expanding. Accordingly, protection for the Lagardère brand is established in all the continents.
Furthermore, Lagardère SCA implemented brand licensing agreements for use by the four divisions in the ordinary course of their operations.

3.2.6.7 SECURITY OF INFORMATION SYSTEMS​

The Group’s IT Department updates and distributes an information system security policy within the Group proposing guidelines, practices and resources to be implemented within each entity to protect the information systems and data they contain. The operating entities are responsible for rolling out this policy locally. The Group’s IT Department makes tools available to Group entities to assist with strengthening the protection of their information systems and data.

3.2.6.8 REPORTING SYSTEM: FREQUENCY AND TIMING

3.2.6.8.A OPERATION, FREQUENCY AND TIMING OF REPORTING
The Lagardère group’s financial reporting system is broken down by division, each of which is responsible for the data it reports. The financial and non-financial information collected and consolidated using the Lagardère group’s reporting system must comply with legal requirements and satisfy the Group’s own control and management needs. This information includes an income statement by activity and by function as well as management indicators specific to each business type.
The overall reporting cycle is based on common principles and uses a database and consolidation system that are shared by all teams in the finance departments in charge of financial data reporting, whether it is for management reporting or intended for publication. This unified organisation of the cycle relies on the finance departments of each division, and the Group Finance Department.
Under the supervision of the latter, the reporting system is designed to meet management control needs and also to guarantee the relevance and quality of the financial information published, thus fostering greater coherence between the various reporting systems, the business activities covered and the consolidation methods used.

3.2.6.8.B PREPARATION OF BUDGETS​
During the final quarter of the calendar year, the Group’s divisions establish their three-year budgets, which are submitted to the Managing Partners for discussion.
These data are integrated into the consolidation systems referred to above, and used in preparing the Group’s annual budget and three-year plan.

3.2.6.8.C MONTHLY GROUP REPORTS, INTERNAL REPORTING​
Each Group company’s finance department enters data from its own monthly accounts into the Group’s financial database. For each entity, these data include a balance sheet, an income statement and a statement of cash flows with notes, and the principal key indicators from the income statement. Careful attention is paid to regular updates to forecast figures such as year-end estimates.
These data are included in a Monthly Group Report established by the Group’s Management Control Department and submitted to the Managing Partners and Group’s principal executives. This management report is presented to the Group’s Chief Financial Officer before issuance.
In addition, each month as part of the “Cash Flow Reporting Committee”, the Finance Department prepares a detailed analysis of cash flows and balances for each division, and a breakdown of the bank covenants described in note 30 to the consolidated financial statements (see chapter 5). Through its Counterparty Risks Committee, the Finance Department also produces regular analyses of the counterparty risks described in note 30 (see chapter 5).

3.2.6.8.D INTERIM AND ANNUAL CONSOLIDATED FINANCIAL STATEMENTS
Additional information is supplied for the preparation of the interim and annual consolidated financial statements for publication. Chapter 5 of this Universal Registration Document contains a description of the principles and methods used in preparing the consolidated financial statements. For certain types of information, such as discount rates used in impairment tests, off-balance sheet commitments and the measurement of derivatives, procedures are set out in memos applicable to all Group companies.

3.2.6.8.E RELATIONS WITH THE STATUTORY AUDITORS​
Each year, the Managing Partners receive assurance from the Statutory Auditors that they have had access to all of the information necessary for their engagement and that their work has progressed sufficiently at the year-end to allow them to make any significant remarks.

3.2.7 INFORMATION AND COMMUNICATION

The persons concerned by decisions of the Managing Partners are informed by all available means, particularly internal memos and announcements.
All of the Group’s announcements and the principal rules applicable are available on the Group’s intranet portal.
Applications and collaborative software packages are also available through the Group’s intranet portal, so that information can be appropriately communicated to everyone according to their needs, both in the Corporate Departments and the divisions.

3.2.8 RISK MANAGEMENT PROCEDURES

Like all companies, Lagardère is exposed to a variety of risks in the course of its business activities. The principal exposures identified are described in section 3.1 – Risk factors of this Universal Registration Document. Risks are managed by the business divisions as well as at central level, where summary reports are prepared.

3.2.8.1 ORGANISATION OF RISK MANAGEMENT

3.2.8.1.A BASIC PRINCIPLES​
The Group accepts exposure to a controlled level of business risk in the course of its business activities.
Risk management procedures are therefore designed to provide reasonable assurance that the level of risk taken by the Group is not likely to compromise the results expected by the Managing Partners. These procedures help both to manage the risks inherent to the Group’s business and to reduce undesirable additional risks.
However, given the limitations inherent to addressing contingencies, these procedures cannot guarantee that all the risks the Group may encounter in the future have been correctly analysed or even identified.

3.2.8.1.B ORGANISATION AND DEFINITION OF RESPONSIBILITIES
In compliance with the Group’s general organisational structure, the operational and functional managers remain in charge of the risks related to their respective fields of activity. General Management at headquarters focuses particularly on monitoring risks that can only be assessed at Group level or that are considered significant at Group level due to their individual or cumulative scale.
As a rule, risk management is an integral part of the Group’s management procedures.
However, certain specific procedures are dedicated, for example, to risk mapping or setting up insurance coverage. The Corporate Departments play a support, monitoring and coordination role in this respect.
Within the Finance Department, the Risk and Internal Control Department is tasked with drafting and managing the risk management policy. Working closely with the other Corporate Departments and the divisions, the Risk and Internal Control Department provides methodological support and advice, particularly for the identification, analysis and quantification of risks. It is responsible for preparing a report summarising the Group’s risks. In addition, the Group takes internal measures to strengthen the risk control culture through information-sharing and awareness-raising, and to reinforce the specific visibility of certain emerging risks and the capacity to cope with potential crises.

3.2.8.2 RISK IDENTIFICATION AND ANALYSIS PROCESS
A certain number of the Group’s procedures contribute to risk identification, particularly:

  • the commitment procedure, which includes a section specifically dedicated to risks, and more generally pre-acquisition or pre-sale audits;
  • internal audits;
  • surveys to assess the security of the IT systems and networks;
  • review and regular renegotiation of insurance programmes;
  • reporting activities described in section 3.2.6.8 - Financial reporting, particularly impairment tests and monitoring of off-balance sheet commitments;
  • legal reporting, as described in section 3.2.9.2.B – Monitoring legal affairs
  • risk intelligence activities by the various Corporate Departments and divisions;
  • thematic reviews conducted as and when necessary.

Lagardère SCA and its divisions regularly undertake general risk mapping exercises in order to rank the main risks to which the Group could consider itself exposed. The factors taken into account for risk analysis include: potential severity, likelihood of occurrence, possible scenarios, internal and external limiting or aggravating factors, current and proposed control measures.
These items are subject to formal reporting procedures, the results of which are presented each year to the Managing Partners and to the Audit Committee.

3.2.8.3 MANAGEMENT PROCEDURES FOR THE PRINCIPAL RISKS

3.2.8.3.A RISKS ASSOCIATED WITH THE GROUP’S BUSINESS ACTIVITY
Management of the risks associated with the Group’s business activity described in section 3.1.1 of this Universal Registration Document is an integral part of the Group’s strategic decisionmaking process.
Among other duties, General Management of each division is responsible for monitoring risks related to the contracts with high unit value, economic risks specific to their businesses, and risks relating to changes in consumer behaviour, technological developments and market players.
In addition, as part of the management of risks related to contracts with a high unit value, the Group carries out a regular review of major contracts in order to monitor any developments and the contracts’ profitability prospects.
The Group has a strategic plan for each division, primarily covering the risks referred to above. Its presence in different sectors and on various continents also helps to mitigate risks associated with its business activity.
Specifically in terms of implementing the Group’s strategy of refocusing on two major businesses, the divestment process is managed by the Group Corporate Department and investments are subject to the commitment procedure outlined above.

3.2.8.3.B LEGAL RISKS​
B.1 Adverse changes in regulations applicable to the Group​
The Lagardère group strives to defend its interests by participating in professional associations which provide industry feedback to the competent national or international authorities when preparing and supervising regulations affecting the Group’s businesses. For example, Lagardère Publishing is an active member of the French national publishing union (SNE), which helped defend the interests of the publishing industry at the time the EU Directive on Copyright in the Digital Single Market was being drafted.

B.2 Risks associated with litigation in process​
The Group Legal Department manages all litigation involving Lagardère SCA and the divisions, and any litigation involving the divisions when the potential consequences in financial or image terms are considered significant for the Group. All other division‑level litigation is handled by the Legal Department of the division concerned.
The main litigation cases involving the Group are presented in note 35 to the 2019 consolidated financial statements (see chapter 5). To the best of the Group’s knowledge, in the 12 months immediately preceding publication of this Universal Registration Document, there were no other governmental, legal or arbitration proceedings (including pending or threatened proceedings, of which the Group is aware) which may have or have had a significant impact on its financial position or profitability.

3.2.8.3.C OPERATIONAL RISKS​
C.1 Risks associated with business ethics​
The measures taken by the Group to mitigate these risks are described in section 3.2.6.5.

C.2 Risk associated with products distributed​
The Lagardère Travel Retail division is implementing a series of measures to ensure compliance with the regulations and professional standards that apply in the countries where its Foodservice business operates. These measures are subject to centralised supervision by the Foodservice business line and are supplemented by regular external audits organised at the points of sale.
Similarly, the Lagardère Publishing division ensures that the products it distributes comply with applicable local standards by entering into agreements with its suppliers, raising employee awareness, and through internal audit reviews.

C.3 Business interruption risk​
This risk is covered by specific measures for the different scenarios envisaged, including operating contingency plans allowing non-optimal modes of operation, crisis communication procedures, and insurance policies to mitigate the associated financial impacts. Nevertheless, the Group cannot protect itself against all possible scenarios, or guarantee that it would be able to neutralise the impact of any operating incidents that may affect it.

C.4 Risks associated with data security​
As mentioned in section 3.2.6.7, the Group’s IT Department regularly updates and circulates an information system security policy that the operating entities are responsible for rolling out locally. This policy, based on ISO 27001 requirements, is accompanied by technical tools and awareness-raising media.
In addition, the Group’s IT Department, together with the Risk and Internal Control Department, carry out recurring internal assessment surveys for IT system and network security, which are included in the Group’s internal control self-assessment system. The last survey was conducted in 2018 and monitored in 2019.
All measures to preserve data confidentiality, protect information systems against intrusion and minimise the risk of system breakdown are adjusted based on the results of these surveys and the monitoring thereof. Group entities also receive recommendations based on the results of the surveys.
The Lagardère group is also implementing a programme relating to personal data protection which aims to ensure the compliance of the Group’s operations with the General Data Protection Regulation (GDPR) (EU 2016/679), which came into force on 25 May 2018. The programme is managed by the Group Data Protection Officer in conjunction with the Data Protection Officers of each division.

3.2.8.3.D FINANCIAL RISKS​
The principal methods used to manage financial risks are described in detail in notes 30.1 and 30.2 to the consolidated financial statements.

3.2.8.4 INSURANCE POLICIES – RISK COVERAGE

The financial consequences of certain risks can be covered by insurance policies when this is justified by their scale and providing that insurance coverage is available at acceptable conditions. Within the Treasury and Financing Department, the Insurance Department is in charge of overseeing the use of insurance in the Group, and plays a coordination and advisory role in this respect.

3.2.8.4.A INSURANCE POLICIES SUBSCRIBED​
The major insurance policies cover property damage and in some cases business interruption, liability and cyber risks. Depending on the type of risk, coverage consists of permanent or temporary policies.
The Group generally seeks to insure all assets for their estimated value, and business interruptions for their estimated cost, in keeping with the relevant best practices.
In 2019, Lagardère and its divisions were able to renew insurance coverage in 2020 for their activities throughout the world. The Group selects its insurers carefully and regularly reviews their creditworthiness.
However, given the diversity of situations in all of the divisions and the local specificities of the insurance market, it cannot be considered that the Group will be covered by insurance in all circumstances, nor that existing insurance coverage will always be effective.

3.2.8.4.B COVERAGE LEVEL​
Many insurance policies are subscribed at the level of the divisions and their sites. Given the wide diversity of situations, it is not possible to give full details of all the coverage limits.

3.2.8.4.C INSURANCE FOR PROPERTY DAMAGE AND BUSINESS INTERRUPTION

  • Risks covered
    Insurance policies notably cover the risks of fire/explosion, lightning, water damage or storms, natural disasters, and terrorism. When specific national legislation applies to these risks, the coverage is implemented in compliance with the laws in force in each country concerned.
  • Limits of coverage
    As a general rule, insurance for property damage is subscribed for the replacement value of the property and, where applicable, business interruption is subscribed for the gross margin. In some cases, these amounts may include limits agreed with the insurer.

​For 2020, the highest insurance coverage limit subscribed by the Group is €400 million for certain Lagardère Publishing facilities. Lower limits of coverage for certain risks may also apply within these overall limits (e.g., for storms, earthquakes or flooding).

3.2.8.4.D LIABILITY INSURANCE

  • Risks covered
    Liability insurance policies, depending on the nature of the business and local regulations, include coverage for public, product and professional liability in the event of bodily injury, material damage or consequential loss caused to third parties.
  • Limits of coverage
    Regarding liability, maximum exposure is difficult to assess, and the level of insurance for the divisions and their sites depends on the availability of coverage and an acceptable economic cost.
    For 2020, except in the United States, Canada and countries under an international embargo, the highest amount of coverage subscribed stands at €80 million, while in the United States the highest limit is around €69 million.
    Sub-limits specific to certain types of insurance coverage may also apply within these overall limits.

3.2.8.4.E CYBER RISK INSURANCE​

  • Risks covered
    Cyber insurance covers the consequences of either a breach of data held and/or managed, or damage to information systems. It offers damage coverage that includes research, resolution and notification costs. It also offers liability coverage including losses caused to third parties.
  • Limits of coverage
    For 2020, the highest insurance coverage limit subscribed by the Group is €20 million for certain Lagardère Publishing facilities. Sub-limits specific to certain types of insurance coverage may also apply.

3.2.8.4.F PREMIUMS​
In 2020, the overall budget for the main permanent insurance policies subscribed by the Group was estimated at 0.15% of sales (excluding collective insurance).

3.2.9 CONTROL ACTIVITIES

Control activities are designed to ensure that the necessary measures are in place to control the risks that may have an impact on achieving objectives.

3.2.9.1 CONTROL BY DIVISIONS OF THEIR OPERATIONAL PROCESSES

The divisions implement their own internal control systems to cover their day-to-day activities. These systems are made up of a combination of resources and take various forms depending on the organisation of the division as well as its business lines, size, geographic location and the regulatory constraints of its operating entities.
Some of these control activities are described in the self-assessment questionnaire common to the entire Group referred to in section 3.2.10.2, and cover the following areas:

  • compliance with applicable laws and regulations;
  • application of the instructions and orientations defined by the Managing Partners;
  • proper operation of the Group’s internal processes, particularly regarding safeguarding its assets;
  • reliability of financial information.

The information systems self-assessment questionnaire is rolled out separately, as described in section 3.2.8.3.C4.

3.2.9.2 CONTROL BY THE CORPORATE DEPARTMENTS OF PROCESSING CARRIED OUT WITHIN THE GROUP​

3.2.9.2.A THE GROUP’S FINANCIAL MANAGEMENT​
The consolidated financial statements are drawn up at the end of each month (except for January and July), which allows the Corporate Department responsible for consolidation to regularly review the financial information reported by the divisions. The Group’s Chief Financial Officer monitors the divisions’ and the Group’s cash flow position each month, with the assistance of certain Corporate Departments, and at the same time, the Lagardère group’s bank covenants. The Group’s Chief Financial Officer reviews the divisions’ and the Group’s counterparty risks on a regular basis, with the assistance of certain Corporate Departments. This review provides details, by division and at Group level, of the counterparty risks relating particularly to customers, the investment portfolio and hedging instruments.
At year-end the Budget Committee also validates the annual budget and the three-year plan proposed by each of the divisions. Each month the Reporting Committee is responsible for verifying that the budget is adhered to by each of the divisions. Lastly, as stipulated in the Group’s investment procedure, the Financial Committee reviews any significant investments, divestments and commitments.

3.2.9.2.B MONITORING LEGAL AFFAIRS
The Group Legal Department is informed by the divisions of any exceptional transactions planned, reported under the procedure described in section 3.2.4, and is therefore represented at all Financial Committee meetings. Exceptional transactions include:

  • planned financial investments and divestments;
  • contractual commitments which individually involve financial commitments or off-balance sheet commitments that are significant at Group level;
  • legal restructuring plans involving major operational entities.

Within the scope of the Group’s Legal Reporting, the Group Legal Department also requires the divisions to provide, whenever necessary and in real time, information and documents relating in particular to the following topics:

  • relations with national or supranational administrative bodies;
  • exceptional transactions, above and beyond those submitted to the Financial Committee;
  • disputes representing an individual or annual financial impact of more than €5 million or involving a risk for the Group’s image;
  • non-competition commitments;
  • change of control and key man clauses;
  • insolvency, bankruptcy and administration procedures.

3.2.9.2.C OTHER AREAS​
The Corporate Departments have also put in place exchanges with the divisions allowing them to receive information about the processes carried out within the Group, particularly as regards information systems, sustainable development, human resources management, the roll out of Group Compliance programmes, risk management and internal control. These exchanges generally take place with the General Management of each division and in certain cases the relevant operating entities. The exchanges involve implementing policies and reporting process, and are based on a network of correspondents who liaise with the operating entities.

3.2.10 PERMANENT MONITORING OF INTERNAL CONTROL AND RISK MANAGEMENT SYSTEMS

The Lagardère group continuously works to strengthen the monitoring of its internal control and risk management frameworks. To this end, a Risk Management and Internal Control Committee, whose members include the Group’s Chief Financial Officer, the Chairman of the division concerned and the persons in the division and in the Group responsible for risk management and internal control, meets once a year and is tasked with monitoring the effectiveness of risk management and internal control with each division.

3.2.10.1 PERMANENT MONITORING OF THE RISK AND INSURANCE MANAGEMENT SYSTEM

The Risk and Internal Control Department develops and manages the Lagardère group’s risk management policy. As part of its work, it is responsible for preparing a report summarising the Group’s risks, monitoring and alerting the Managing Partners and the divisions, and analysing the Group’s cross-business risks.
More specifically:

  • the Risk and Internal Control Department provides methodological support and advice, particularly for the identification, analysis and quantification of risks;
  • the Department provides support to the Managing Partners by analysing the Group’s cross-business or specific risks;
  • it is involved, as necessary, in helping implement control measures for specific risks identified within the Group;
  • the Department is responsible for establishing risk mapping for each division, particularly by defining a shared methodology.
  • The Risk and Internal Control Department monitors the main risks identified and puts in place related control measures.

In order to fulfil its duties, the Risk and Internal Control Department collaborates with the Corporate Departments and a network of correspondents within the divisions, particularly their Chief Financial Officers.
Within the Treasury and Financing Department, the Insurance Department coordinates insurance programmes for Group entities, employees and corporate officers. It also provides its technical expertise to Group entities requesting assistance in managing their own insurance programmes (i.e., taken out in their own name). Certain entities also call on the Insurance Department to manage all or part of their insurance programme.

3.2.10.2 PERMANENT MONITORING OF THE INTERNAL CONTROL SYSTEM
The Risk and Internal Control Department manages the Group’s internal control system. The department has a correspondent in each division – the Internal Control Manager – who is responsible for coordinating the internal control system. He or she reports to a member of the division’s General Management, usually the Chief Financial Officer. This organisation ensures effective monitoring of the internal control system throughout the Group.
An internal self-assessment procedure is implemented each year for internal control within Lagardère SCA’s main entities/subsidiaries. This procedure draws on dedicated IT tools, is managed by the Internal Control Managers and is consolidated by the Risk and Internal Control Department. It helps the continuous improvement process for the control and efficiency of processing within the Lagardère group’s entities.
The self-assessment is based on defining a Group reference framework shared with all the divisions. It aims to identify the applicability, efficient implementation and traceability of each of these points of control, and to establish a stronger formal definition of internal control procedures and ensure their adoption by all operational managers. The Internal Control Managers analyse the results of the self-assessment for their respective divisions, and a report is presented to the Managing Partners and the Audit Committee for the entire Group. This information is used by operational management in their quality assessment of the internal control procedures that they oversee, and for the implementation of improvement plans. It is included in the scope of audits carried out by the Group’s Audit Department.
This internal control self-assessment also includes the internalassessment surveys for IT system and network security described in section 3.2.8.3.C4.
Each division senior executive also sends a detailed annual report to the Chairman of the Supervisory Board on risk management and internal control within their division.

3.2.10.3 PERMANENT MONITORING OF INFORMATION SYSTEMS

3.2.10.3.A SECURITY
As described in section 3.2.8.3.C4, the Group’s IT Department, together with the Risk and Internal Control Department, carries out regular surveys to self-assess the security of the IT systems and networks, thereby helping to improve their security.
Based on these surveys, the IT Department makes recommendations to the entities concerned to ensure that the level of security is satisfactory based on the Lagardère group’s IT security policy. It also presents the results of an annual review of these recommendations to the senior executives of each division and the Managing Partners. A survey was conducted in 2018 and monitored in 2019.

3.2.10.3.B UPGRADES TO THE CONSOLIDATION SYSTEM
The consolidation system described in section 3.2.6.8 – Financial reporting, as well as its configuration, are upgraded to the latest versions as often as necessary Specific resources (as described in section 3.2.5) are dedicated to data integrity, availability and confidentiality.

3.2.10.4 AUDIT OF THE SYSTEMS​

The Group’s Audit Department, supervised by the Managing Partners, audits the internal control and risk management systems, as well as the related reporting processes, as set out within the Lagardère group. Audits are conducted as part of the annual audit plan or following specific requests from the Managing Partners, the Group’s Finance Department or from the division senior executives. The Audit Department’s Scope of intervention includes all fully-consolidated companies. Equity-accounted companies which are jointly-controlled by the Group may also be audited. The audit plan is established on a multi-annual basis and includes:coverage of Group entities on a rotating basis;

  • taking into account the needs of Group and division senior executives;
  • audits of the risk management and internal control systems that need to be reviewed based on the risk mapping or analyses performed by the Group’s Risk and Internal Control Department;
  • audits of cross-functional themes relevant to the divisions and/or their subsidiaries;
  • audits related to the internal control self-assessment system.

The Group’s Audit Department may also conduct consulting or operational assistance assignments on specific projects at the request of the Managing Partners or the divisions, specific assignments involving reviews of operational and financial risks, audits relating to merger/acquisition projects, or ad hoc audits with entities facing incidents involving fraud. Audit assignments are conducted following a standard process, involving in particular monitoring by the Department of the action plans resulting from its audits.
The mission of the Group Audit Department, its powers and responsibilities are set out in an internal audit charter. The Group Audit Department presents to the Audit Committee the annual audit plan, a summary of the work carried out, the resulting conclusions and details of their application, as well as business indicators that make it possible to assess the effectiveness of its work. The Group Audit Department uses a recruitment policy in order to maintain its technical skills (e.g., related to computerised audits) and language skills (to be able to work in the languages that are used the most within the Group). The Department helps spread the risk management and internal control culture within the Group through its audits, as well as through professional mobility for its employees.

3.2.10.5 ACTION IN RESPONSE TO THE STATUTORY AUDITORS’ WORK

The Group’s Chief Financial Officer ensures that the Statutory Auditors have reviewed the accounting principles and options that have a material impact on the financial statements.
They obtain from the Statutory Auditors details of the audit scope and methods, and are also informed of the conclusions of the audit. The Managing Partners are informed of any significant risks and material weaknesses in internal control, as communicated by the Statutory Auditors, that could have a significant influence on the published financial and accounting information, and ensure that these factors are taken into consideration in the corrective action taken by the Group.