universal registration document 2019 · Document, the French version shall prevail. This Universal...

universal registration document2019

1Universal Registration Document 2019 |

universalregistrationdocument2019

INCORPORATION BY REFERENCE

Pursuant to Article 19 of European Regulation No. 2017/1129 of June 14, 2017, this Universal Registration Document incorporatesthe following information by reference:

► with regard to the fiscal year ended December 31, 2018: annual report, consolidated financial statements and the correspondingStatutory Auditors’ report, appearing in chapters 9, 20.1 and 20.2 respectively of the Reference Document registered with theAMF on April 5, 2019 under number D. 19-0281;

► with regard to the fiscal year ended December 31, 2017: annual report, consolidated financial statements and thecorresponding Statutory Auditors’ report, appearing in chapters 9, 20.1 and 20.2 respectively of the Reference Documentregistered with the AMF on April 10, 2018 under number D. 18-0313.

This document is a free translation of the French language Universal Registration Document that was registered with the Autoritédes marchés financiers (the "AMF") on April 9, 2020. It has not been approved by the AMF. This translation has been preparedsolely for the information and convenience of shareholders of SUEZ. No assurances are given as to the accuracy or completenessof this translation, and SUEZ assumes no responsibility with respect to this translation or any misstatement or omission that maybe contained therein. In the event of any ambiguity or discrepancy between this translation and the French Universal RegistrationDocument, the French version shall prevail.

This Universal Registration Document has been filed on April 9, 2020 with the AMF, as competent authority underRegulation (EU) 2017 / 1129, without prior approval pursuant to Article 9 of the said regulation.

The Universal Registration Document may be used for the purposes of an offer to the public of securities or admission ofsecurities to trading on a regulated market if supplemented by an offering memorandum and, if applicable, a summaryand any amendments to the Universal Registration Document. The whole is approved by the AMF in accordance withRegulation (EU) 2017/1129.

01-02_VA_V15 20/04/2020 14:22 Page1

2 | Universal Registration Document 2019

Contents

1 Persons responsible for information,information from third parties, expertreports and approval by the competentauthority 5

1.1 Person responsible for the Universal RegistrationDocument 5

1.2 Declaration of the person responsible for theUniversal Registration Document 5

1.3 Declaration or report from an expert 51.4 Declaration relating to information from

third parties 51.5 Declaration without prior approval 5

7 Financial review 103

7.1 General information 1047.2 Analysis of income statements 1067.3 Financing and net debt 1117.4 Provisions 1157.5 Contractual commitments 1167.6 Parent Company financial statements 1187.7 Outlook 118

AFR

8 Cash and shareholders’ equity 119

8.1 Company shareholders’ equity 1208.2 Source and amount of the issuer’s cash flows

and description of cash flows 1208.3 Borrowing terms and issuer’s financing

structure 1218.4 Restrictions on the use of capital 1228.5 Expected sources of financing to meet

commitments relating to investment decisions 1228.6 Market risks 1238.7 Management of market risks 127

10 Information on trends 147AFR

9 Legal and regulatory framework 129

9.1 Interdisciplinary regulations 1309.2 Regulations related to business activities 136

11 Profit forecasts or estimates 149

2 Statutory Auditors 7

3 Risk factors 9

3.1 Main risks 103.2 Risk management and control within the Group 173.3 Internal control procedures implemented within

the Company 23

4 Group information 27

4.1 Legal name 284.2 Trade and Company Register and Legal Entity

Identifier (LEI) 284.3 Company’s date of incorporation and term 284.4 Registered address, legal form and applicable

legislation 284.5 Group history 29

AFR

5 Overview of activities 31

5.1 Operational organization chart 335.2 Main activities 345.3 Main markets 395.4 Strategy 515.5 Significant events in the development of the

issuer’s business activities 575.6 Competitive position 575.7 Dependence factors with regards to patents,

licenses, contracts and manufacturing methods 595.8 Investments 605.9 Non-Financial Performance Statement –

Group environmental, corporate and social responsibility policy 61

AFR

6 Organizational Chart 99

6.1 Simplified Group organization as of December 31, 2019 100

6.2 Presentation of the Group’s main subsidiaries 1016.3 Relations with subsidiaries 101

01-02_VA_V15 20/04/2020 14:22 Page2


14 Functioning of governance and management bodies 203

14.1 Terms of office of members of the Board of Directors 204

14.2 Information on service contracts between members of the Company’s governance andmanagement bodies and the Company or any of its subsidiaries 205

14.3 Committees of the Board of Directors 20514.4 Report on corporate governance 20614.5 Future changes to the governance and

management bodies 221

AFR

19 Additional information 371

19.1 General information on share capital 37219.2 Memorandum of association and bylaws 375

AFR

20 Significant contracts 377

21 Documents available to the public 379

21.1 Consultation of documents 37921.2 Financial reporting calendar 379

Glossary 381

Note on methodology 385

Concordance table 387

15 Employees 223

15.1 Human Resources 22415.2 Social information 23815.3 Employee incentives and employee shareholding 24415.4 Pensions and other employee benefit obligations 246

AFR

16 Major shareholders 247

16.1 Breakdown of share capital as of December 31, 2019 248

16.2 Major shareholders’ voting rights 24916.3 Control of the Company 24916.4 Agreement that may result in a change of

control 25016.5 Summary of transactions made by the persons

indicated in Article L. 621 – 18 – 2 of the FrenchMonetary and Financial Code during the year ended December 31, 2019 250

AFR

17 Related- party transactions 253

17.1 Related - party transactions 25417.2 Guarantees and counter - guarantees 25417.3 Statutory Auditors’ Report on related party

agreements 254

AFR

18 Financial information relating to theCompany’s assets, financial situation and results 257

18.1 Consolidated Financial Statements 25818.2 Statutory Auditors’ report on the consolidated

financial statements 33718.3 Parent Company financial statements 34218.4 Statutory Auditors’ Report on the Parent Company

financial statements 36418.5 Dividend distribution policy 36818.6 Legal and arbitration proceedings 36818.7 Significant change in the financial or business

situation 369

AFR

AFR

AFR

AFR

12 Governance, management and supervisory bodies, and General Management 151

12.1 Composition of governance and management bodies 152

12.2 Conflicts of interest within administrative bodies and General Management 173

AFR

13 Compensation and benefits 175

13.1 Compensation and benefits in kind 17613.2 Amounts provisioned by the Company and its

subsidiaries for the payment of pensions, retirement benefits and other benefits to members of the Executive Committee 201

AFR

The items of the Annual Financial Report are clearly identified in the summary subsections using the AFR pictograms AFR

Notice

The Company = SUEZThe Group = the Company and its subsidiariesThe Universal Registration Document serves as theManagement Report (see Concordance Table)

01-02_VA_V15 20/04/2020 14:22 Page3


01-02_VA_V15 20/04/2020 14:22 Page4


Persons responsible forinformation, information fromthird parties, expert reports andapproval by the competent authority1

1

1.1 Person responsible for the UniversalRegistration Document

Bertrand Camus, Chief Executive Officer of SUEZ.

1.2 Declaration of the person responsible for theUniversal Registration Document

“I hereby certify, after taking all reasonable measures to that effect, that the information contained in thisUniversal Registration Document is, to the best of my knowledge, accurate and does not include anyomission that would distort its substance.

I certify that, to the best of my knowledge, the financial statements have been drawn up in accordance withapplicable accounting standards and give a true and fair view of the assets, financial position and results ofthe Company, as well as of that of all the companies included in the consolidation, and that theManagement Report enclosed presents a true and fair picture of the way in which business is developing,the results, and the financial position of the Company, and all the companies included in the consolidation,and that it describes the main risks and uncertainties they face.“

Bertrand CamusChief Executive Officer

1.3 Declaration or report from an expert

None.

1.4 Declaration relating to information fromthird parties

None.

1.5 Declaration without prior approval

The declaration without prior approval is shown on page 1 of this Universal Registration Document.

01-02_VA_V15 20/04/2020 14:22 Page5


01-02_VA_V15 20/04/2020 14:22 Page6


Statutory Auditors2 2

(1) ERNST & YOUNG et Autres is a member of the Compagnie Régionale des Commissaires aux comptes de Versailles.(2) MAZARS is a member of the Compagnie Régionale des Commissaires aux comptes de Versailles.

ERNST & YOUNG et Autres – Principal StatutoryAuditor

1/2, place des Saisons92400 Courbevoie – Paris-La Défense 1 – France

Appointed by decision of the Combined Shareholders’ Meeting of December 21, 2007 and reappointed bythe Shareholders’ Meetings of May 24, 2012 and then May 17, 2018 for a six - year term expiring at the closeof the Ordinary Shareholders’ Meeting convened in 2024 to approve the financial statements for the fiscalyear ending December 31, 2023. Represented by Stéphane Pedron(1).

MAZARS – Principal Statutory Auditor

61, rue Henri Regnault – Tour Exaltis92400 Courbevoie – France

Appointed by decision of the Combined Shareholders’ Meeting of July 15, 2008 and reappointed by theShareholders’ Meeting of May 22, 2014 for a six - year term expiring at the close of the OrdinaryShareholders’ Meeting convened in 2020 to approve the financial statements for the fiscal year endingDecember 31, 2019. Represented by Dominique Muller and Achour Messas(2).

The Shareholders’ Meeting of May 12, 2020 will be asked to renew the term of office of principal StatutoryAuditor, Mazars, for a term of six years, until the end of the Ordinary Shareholders’ Meeting called toapprove the financial statements in 2026 for fiscal year ending December 31, 2025.

CBA – Deputy Statutory Auditor

61, rue Henri Regnault – Tour Exaltis92400 Courbevoie – France

Appointed by decision of the Combined Shareholders’ Meeting of July 15, 2008 and reappointed by theShareholders’ Meeting of May 22, 2014 for a six - year term expiring at the close of the Ordinary Shareholders’Meeting convened in 2020 to approve the financial statements for the fiscal year ending December 31, 2019.

Its reappointment will not be submitted for approval to the Shareholders’ Meeting of May 12, 2020, asArticle L. 823 - 1-I 2nd paragraph of the French Commercial Code (Code de commerce) now only requires theappointment of a deputy Statutory Auditor when the principal Statutory Auditor is an individual orsingle - member company.

The fee schedule for the Statutory Auditors is found in Note 26 to the Consolidated Financial Statements, inchapter 18.1 of this Universal Registration Document.

01-02_VA_V15 20/04/2020 14:22 Page7


01-02_VA_V15 20/04/2020 14:22 Page8

3

3.2 Risk management and control within the Group 17

3.2.1 General framework for Group risk management and control 173.2.2 Management of industrial and environmental risks 183.2.3 Management of IT risks 203.2.4 Ethics Program 203.2.5 Management and Financing of Insurable Risks 22

3.3 Internal control procedures implemented within the Company 23

3.3.1 Group objectives and standards for internal control 233.3.2 Steering of operations and implementation of internal control and

risk management objectives 233.3.3 Changes in 2019 and outlook 26

Risk factors

Universal Registration Document 2019 | 9

3

3.1 Main risks 10

3.1.1 Emerging risks 103.1.2 Strategic risks 113.1.3 Operational risks 14

03_VA_V15 20/04/2020 14:22 Page9

Risks related to the COVID-19 public health crisisImpacts from the Covid - 19 public health crisis are not quantifiableas of the date of this Universal Registration Document, but theycould have a material impact on the Group. The main risk factorsrelated to this pandemic are already being monitored. They areprimarily related to health, safety and security risk, risk related toservice continuity, risk related to an economic downturn, andconstruction risk, which are mentioned in sections 3.1.2 and3.1.3 below.

As a result, in terms of measures taken by authorities in differentcountries where the Group operates, the Group may face impactsrelated to employee health and availability. This is why the Group

has made business continuity a priority, since SUEZ providesessential services for people around the world (supplying drinkingwater, wastewater treatment, waste recycling, and recovery). SUEZalso cares about the health of its employees. SUEZ is putting in placebusiness continuity plans in line with public authorities designed tosafeguard employee health, and to maintain the Group’s ability tooperate.

In addition, in relation to the public health crisis, the Group mayhave to deal with decisions that government authorities make inthe various countries in which the Group operates. These decisionscould have an impact on the Company’s revenue and financialposition, if applicable: closure of certain industrial sites (as this wasthe case in China in the first few months of the year), the decision to

Emerging risks Exposure level

Risks related to the Covid - 19 public health crisis Significant-SUEZ is currently monitoring and assessing the situation

Strategic risks Exposure level

Risk of economic downturn Significant

Risk of lower volumes and prices Significant

Risks related to delays in implementing regulatory compliance measures Significant

Risks associated with the competitive environment and delays in innovation Significant

Risks related to the Group’s transformation and performance plan Significant

Reputation and opinion risk Significant

Risks related to changes in environmental regulations and to their implementation Moderate

Operational risks Exposure level

Risk of not achieving synergies and integration Significant

Construction risk Significant

Risks related to cybersecurity, data protection and IT system outages Significant

Environmental and industrial risks Moderate

Health, security and safety risks Moderate

Hiring, skills and succession risks Moderate

Risks related to service continuity Moderate

3.1.1 Emerging risks

Among the many risks identified and monitored by the Group,those described below are likely to have a significant impact on theGroup’s earnings, financial position, business or image. Theserisks are reviewed annually when the Group builds its risk mapping.

These risks are categorized below into emerging risks, strategicrisks and operational risks. In accordance with European RegulationEU 2017 / 1129 of June 14, 2017, in each category, the biggest risk interms of exposure appears first.

The level of risk considered is a residual risk, after taking intoaccount risk management systems and how well they aremanaged, without actually being a net risk level, meaning takingspecific action plans into account that can be set up on acase - by - case basis.

These risks are assessed using a three - level exposure scale:moderate risk, significant risk and critical risk.

Main risks

3.1 Main risks

Risk factors3


03_VA_V15 20/04/2020 14:22 Page10

Risk of an economic downturnThe level of public debt in several developed countries is very high,interest rates have hit record lows and a number of uncertaintiesare leading to an economic slowdown. Public or privateorganizations such as the IMF, OECD, the European Central Bankor the Blackrock Institute are encouraging global coordination ofmonetary and fiscal policies, including coordinating fiscal stimulusmeasures on an international scale to limit the impacts of the nextmajor recession.

This type of recession would have a significant impact on some ofthe Group’s business activities, such as WTS or the Recycling andRecovery business in both France and Northern Europe, whichprimarily includes industrial or commercial customers. Customercredit risk could also increase as a byproduct of an economicdownturn.

On the other hand, certain businesses are less vulnerable andmore resilient in a crisis – the regulated “water” business in NorthAmerica or in Chile as well as public service delegations in France.

Risks of decline in volumes and pricesIn the supply of drinking water in some developed countries, adecrease is being observed in volumes consumed mainly due tosocial factors and because water is a resource that needs to bepreserved. For example, in France, the Group estimates that billedwater volumes are declining structurally by approximately 1% peryear on average. To respond to this decline in volumes, the Group isachieving productivity gains, providing in certain contracts for atariff share independent of the volumes consumed, developinghigher value - added services, particularly by supporting publicauthorities in their obligation to meet changing regulations, andmaking tariff adjustments. However, if these developments areinsufficient in the future to offset the reduced volume, there may bea negative impact on the Group’s activity, earnings and outlook.

Water volumes consumed also depend on weather changes. As aresult, exceptional rainfall could negatively impact the Group’sactivity and earnings.

Regarding rates, regulatory changes, such as the proposed Actamending the Water Code in effect in Chile, which is currentlyunder review, could also have an impact on prices, margins,investments, operations and consequently the Group’s businessactivities, earnings and outlook. Pricing risk is also significant inSpain where municipalities require price reductions or call intoquestion contractual indexation formulas. The Group carries outmost of its business activities under long - term contracts withterms of up to 30 years or more. The conditions for performingthese long - term contracts may be different from those that existedor that were anticipated at the time the contract was entered intoand may change its financial balance. SUEZ makes every effort to

obtain contractual mechanisms that allow it to adjust the balanceof the contract in response to changes in certain significanteconomic, social, technical or regulatory conditions. However, notall long - term contracts entered into by the Group have suchmechanisms. Moreover, when the contracts entered into by theGroup contain such adjustment mechanisms, it is not certain thatthe contractual partner will agree to implement them or that theywill be effective in re - establishing the financial balance of thecontract. The absence or potential ineffectiveness of theadjustment mechanisms provided for by the Group in its contractsor the refusal of a contractual partner to implement them couldhave a negative impact on the Group’s financial position, earningsand outlook.

Risks related to delays in implementing regulatorycompliance measuresLaws and regulations have been enacted over the last few yearsthat have created corresponding compliance obligations and risksif the Group is slow to implement compliance action plans.

In France, the law on transparency, anti - corruption and economicmodernization, also known as the Sapin 2 Law, primarily aims tofight corruption, which covers a wide range of practices includinginappropriate management behavior, corruption, competition ruleviolations, data confidentiality and improper handling ofconfidential information. Violating this law would expose the Groupto fines or criminal sanctions from the French Anti - corruptionAgency (AFA) as well as to major risk to its image and reputation.The Group identified specific vigilance areas concerningpartnerships and intermediaries in certain geographic areas:Africa, the Middle East, Central and Eastern Europe, Latin America.

The law relating to the duty of vigilance of parent companies andcontractors requires setting up an effective Vigilance Plan toidentify and prevent risks of human rights and environmentalviolations. The law applies not only to the company’s own businessactivities, but also to the business activities of the companiescontrolled directly or indirectly by the Group as well assubcontractors and suppliers the Group has an establishedbusiness relationship with. Violating this law would expose theGroup to legal penalties: formal notice, financial penalties,incurring civil liability, as well as significant risk to its reputation.The Group’s very high number of suppliers and subcontractorsrequires the Group to be particularly vigilant.

The General Data Protection Regulation (GDPR), a European Unionregulation, aims to both increase safeguards for data subjects byprocessing their personal data and to make those who process thedata more accountable. In case of violations of GDPR, the Groupwould be subject to administrative penalties, criminal penalties,civil liability and negative impact on its image and reputation. Theincrease in the number of complaints as well as fines imposed onoffender companies by regulatory authorities on the one hand, plus

3.1.2 Strategic risks

Main risksRisk factors

defer water invoice payments (as proposed in France), and staffunavailability (leading to a delay in facility construction).

Lastly, even if the Group is still currently operating normally insome countries and for some industrial sectors the Group is

exposed to, the measures taken to contain Covid - 19, particularly inEurope, North America and Latin America, could have an impacton raw material volumes and prices if the measures persist, andcould impact the Company’s revenue and financial position as aresult.

3


3

03_VA_V15 20/04/2020 14:22 Page11

Main risks

the amount of data generated by the Group and the growing threatin terms of cybersecurity on the other, all contribute to anincreased risk for the Group.

Embargo measures or economic sanctions have been set up bymany jurisdictions. They could change, or new measures could beapplied. If the Group experiences a delay in complying with thesechanges, it would expose the Group to administrative penalties aswell as have a negative impact on its image and reputation.

Risks associated with the competitive environmentand delays in innovationThe Group’s core businesses continue to face strong competitionfrom major international operators and, in some markets, from“niche” players. New industrial companies (equipment manufacturers,builders) and financial players (Asian conglomerates) have beenadopting aggressive strategies to invest in markets or repositionthemselves within the value chain, by diversifying into the servicebusiness. In addition, the Group also faces competition from publicsector operators in some markets, such as the semi - publiccompanies in France. Finally, some cities may want to retain orassume direct management of water and waste services (notably inthe form of public control, régie) instead of depending on privateoperators in both France and Spain. This strong competitivepressure, which could increase in a context of consolidation amongprivate entities (in the waste sector in Europe, for example), mayput pressure on the commercial development and prices of theservices offered by the Group, which are exacerbated in (i) thewaste treatment sector in some countries, where the Group couldsee the profitability of its facilities fall due to a reduction in theutilization rate resulting from the development of overcapacity andin (ii) the water treatment engineering sector due to the rampingup of new Spanish and South Korean players, in the context of acontraction of the European municipal market related to theworsening financial health of local public entities and a risk of alack of competitiveness.

Regarding contractual risks, the contracts entered into by theGroup with public authorities make up a significant share of itsrevenues. However, in most of the countries in which the Groupoperates, including France, Spain and Morocco, local publicentities have the right, under certain circumstances, to amend oreven terminate the contract unilaterally, subject to compensation.If a contract is unilaterally canceled or amended by the contractingpublic authority, the Group may not be able to obtain compensationthat fully offsets the resulting loss of earnings. Moreover, theGroup does not always own the assets that it uses in its operationsunder a public service delegation contract (primarily through publicservice concessions or leases). SUEZ cannot guarantee that thecontracting authority will renew each of its existing public servicedelegation contracts or that the financial conditions of the renewalwill be the same as the initial delegation. This situation couldnegatively impact the Group’s operations, financial position,earnings and outlook.

Within the Group, the risk of losing competitiveness mainly impactsthe construction businesses, as well as the AMEI region (Africa,Middle East, India). This risk is in large part due to an increase inand worldwide spread of competition, particularly from Spanishand Chinese competitors, as well as competitors from other Asianand emerging countries. The Group cannot guarantee it will beagile enough to adapt if needed in terms of market intelligence,technological innovation, competitive costs, performance andquality. This risk can result in not being able to win planned projects,or in a decrease in the margins necessary to stay competitive,especially in the Design Build Operate (DBO) business.

In addition, in order to offer comparable or better performingservices than those offered by competitors, or to win new markets,the Group may be led to innovate and develop new technologiesand services, particularly in the “digital” domain. This would helpgenerate additional revenue, but would also be a source of newrisks – time - to - market could be too long for new products andservices, there could be delays in developing a “digital” offeringcompared to the competition, or uncontrolled development costscould have an adverse impact on the Group’s financial position andearnings.

Risks related to the Group’s transformation andperformance planThe Group has launched a transformation plan that includes severalcomponents:

► reorganizing into multi - service Business Units;

► setting up smart and digital solutions;

► launching transformation projects in France in the operationalentities like in the support functions;

► beginning infrastructure transformation projects for the GroupIT and Procurement functions.

At the same time, the Group started a multi - annual operatingperformance improvement plan that involves optimizing operating,purchasing and overhead costs. To carry out this performanceplan, the Group needs to completely transform its operating modelin critical areas such as governance or talent management.

Any transformation delay, and specifically in advancing the projectsdescribed above, could adversely affect the Group.

Additionally, even if transformation plans have been rolled out,there is still a risk that they will not end up being as effective ashoped, will not save as much money as planned or will not growthe business enough.

Reputation and opinion riskSince the advent of the single SUEZ brand, and given the globalreach of the Group’s business activities, the reputation risk the

Risk factors3


03_VA_V15 20/04/2020 14:22 Page12


Group faces after any incident occurs in one of its operatingentities, such as water supply accidentally being cut off, allegedwrongdoing, an ethics problem, fraud, a cyber - attack, is higher.Other events like repeated beach closures due to wastewatertreatment plant overflows after heavy rain could also heighten risk.This risk could be increased by whistleblowers being active onsocial media where information is shared widely and immediately.This reputation risk is compounded by using temporary workers,which happens more frequently during periods of transformationand is less due to operating procedures.

In addition, business activities specific to the Group (watertreatment, incineration, etc. ) pose risks to its reputation in relationto a number of sensitive societal issues: health, air quality, waterquality, micropollutants, plastic use, management of commongoods and access to essential services. At WTS, the risk ofLegionnaires’ disease is identified and closely monitored.Regarding water quality, the Group cannot control privately ownedinterior pipes that may be the source of some quality issues withtap water, for instance, such as the presence of lead. Anyoverstepping of the regulatory standard for drinking water,whatever its origin, could have a negative impact on the Group’simage. Lastly, actions by staff, Corporate Officers or representativesviolating the ethical principles affirmed by the Group could exposeit to legal and civil penalties as well as lead to loss of reputation.

Risks related to changes in environmentalregulations and to their implementationClimate change regulations are on the rise: in France, the EnergyTransition for Green Growth Act of August 17, 2015; in Europe, “TheClimate and Energy Package”; and more recently, in 2018, “TheClean Energy Package” and amendment of the Directive on theEU-Emissions Trading system. Some European states announcedtheir intention to tax thermal waste recovery activities, whichspecifically affects the Solid Recovered Fuel (SRF) market or theRefuse Derived Fuel (RDF) market. Such measures would have asignificant impact on the Group’s waste treatment business modelin Europe.

These regulations do not include the waste management sector inan emissions tax mechanism, even though some Group businessactivities related to energy production or secondary raw materials(Solid Recovered Fuel, chemical products) could be eligible for it. Atthis stage, different scenarios are possible, with positive and negativeoutcomes depending on the scenario considered. The Group’s mostenergy - hungry activities will nevertheless be increasingly coveredaround the world by carbon pricing mechanisms, such as in theUnited Kingdom, where industries using more than 6 GWh of energyper year are subject to a tax per ton of greenhouse gas emitted, or inAustralia, where the Australian Safeguard Mechanism establishesan authorized emissions cap for the facilities that emit the mostgreenhouse gas.

Furthermore, the work in progress for the EU Action Plan forSustainable Finance Growth, which aims to create a classificationsystem by 2022 that can determine economic activities that can beconsidered environmentally “sustainable” could, over time, helpfocus investments on only one part of the waste management andrecovery business, according to its results.

Generally speaking, the Group’s businesses are subject toenvironmental protection, public health, and safety rules that areincreasingly strict and differ from country to country. These rulesapply to water discharge, drinking water quality, waste treatment,long - term monitoring of landfills, soil and water table contamination,air emissions quality, compliance of equipment and chemicalproducts, and greenhouse gas emissions.

Despite managing these regulatory risks within the Group, thereare still many risks that result from the vagueness of someregulatory provisions or the fact that regulatory bodies can amendtheir enforcing instructions and that major developments in thelegal framework may occur. In addition, the relevant regulatorybodies have the power to bring administrative or legal proceedingsagainst the Group, which could lead to the suspension orrevocation of permits or authorizations the Group holds,injunctions to cease or abandon certain activities or services, fines,civil penalties, or criminal convictions, which could negatively andsignificantly affect the Group’s public image, activity, financialposition, earnings and outlook. These administrative authorizationscan be difficult to obtain or renew and often involve a long, costlyand unpredictable procedure. Finally, the conditions attached toauthorizations and permits that the Group has obtained could bemade substantially more stringent by the relevant authorities.

Amending or strengthening regulatory provisions could result inadditional costs or investments for the Group. Subsequently, theGroup might have to reduce, temporarily interrupt, or evendiscontinue one or more activities with no assurance that it will beable to offset the corresponding losses. As a result, the “NationalSword” policy put in place by China in 2017, which aimed to limit orprohibit imports of certain types of recyclable waste into thecountry (plastic, paper and other materials) had an impact on salesvolumes and prices for recyclable materials in Europe. In 2018, anamendment to the Australian Heavy Vehicle National Law requiresevery participant in the vehicle transport supply chain to ensuretransportation activities are safe. At the end of 2018 still, the NewSouth Wales Australia Environment Protection Authority revokedthe resource recovery order that authorized the use of Mixed WasteOrganic Outputs in compost for land use. The decision at leasttemporarily puts an end to the agricultural use of compost and could,in the medium - term, significantly impact the Group’s Australianwaste treatment business.

The applicable regulations involve investments and operating costsnot only for the Group, but also for its customers, and particularlycontracting local or regional public authorities, notably due tocompliance obligations. Failure by the customer to meet itsobligations could injure the Group as operator and harm itsreputation and ability to grow.

3


3

03_VA_V15 20/04/2020 14:22 Page13

Main risks

Risk of not achieving synergies and integrationAcquisitions, and particularly the purchase of GE Water (whichbecame the WTS business unit) on September 29, 2017, couldinvolve risks related to integration and not achieving the gains theGroup hoped for.

Another major possible cause would be difficulties creating thedesired growth synergies due to the market not being asenthusiastic as anticipated to the Group offering combined serviceswith WTS.

Difficulty in generating the expected synergies and reductions ofcosts in purchases or support functions, for example, and theemergence of unexpected liabilities or costs also contribute to theserisks. The occurrence of one or more of these risks could have anegative impact on the operations, financial position, earnings oroutlook of the Group.

Construction riskThe Group is involved in the design and construction of certaininstallation projects.

These risks are related to the completion of fixed - price turnkeycontracts. Under the terms of such contracts, the subsidiaries agreeto engineer, design and build operation - ready plants for a fixed price.Actual expenses resulting from performing a turnkey contract can varysubstantially from initial projections for a variety of reasons, such as:

► unforeseen increases in the cost of raw materials, equipment orlabor;

► not obtaining the necessary construction or operating licensesor authorizations;

► unexpected construction conditions;

► delays due to weather and/or natural phenomena (particularlyearthquakes, floods and pandemics) ;

► not achieving expected performance or unforeseen technicaldifficulties;

► non - performance by partners, suppliers or subcontractors.

The terms of a fixed - price turnkey contract do not necessarilymake it possible to increase prices to reflect elements that weredifficult to predict when the bid was submitted. For these reasons,it is impossible to determine with certainty the final costs ormargins of a contract at the time the bid was submitted, or even atthe start of the contract’s performance phase. If costs were toincrease for any of these reasons, the subsidiaries carrying out thistype of business could see their margins shrink, potentially causingthem to sustain a significant loss on the contract.

Engineering, Procurement and Construction projects can encounterproblems that may entail a reduction in revenues, disputes orlawsuits. These projects are generally complex, and require majorpurchases of equipment and large - scale project management.Schedule delays could occur, and the subsidiaries could encounterdifficulties in design, engineering, the supply chain, constructionand/or installation. These factors could have an impact on theirability to complete certain projects by the original deadline.

Certain terms of the contracts entered into require the client toprovide particular design or engineering - related information, inaddition to the materials or equipment to be used for the project.These contracts may also require the client to compensate themfor additional work done or expenses incurred, if (i) the clientchanges its instructions, or (ii) the client is unable to provide themwith adequate design or engineering information or appropriatematerials or equipment for the project. In such cases, thesesubsidiaries usually negotiate financial compensation with theirclients for the additional time and money spent due to the client’sfailure to meet its contractual obligations. However, the Groupcannot guarantee that it will receive sufficient compensation tooffset the extra costs incurred, even if it takes the dispute to courtor arbitration.

The Group, as part of the guarantees given to cover its subsidiaries’commitments, may be required to pay financial compensation if itbreaches contractual deadlines or other contractual stipulations.For example, the new facility’s performance may not comply withproject specifications, a subsequent accident may invoke theGroup’s civil or criminal liability, or other problems may arise (nowor in the future) in the performance of the contract that may alsosignificantly impact the Group’s operating income.

Risks related to cybersecurity, data protection and IT system outagesInformation systems are critically important in supporting all theGroup’s business processes.

Increasingly, they are interconnected and cut across businesssegments. Any failure could lead to loss of business, loss of data orbreach of confidentiality, and could negatively impact the Group’soperations, financial position and earnings.

The implementation of new applications may require considerabledevelopment, with risks relating to development costs, quality anddeadlines.

Risks due to cybersecurity and malicious intrusions into informationsystems are increasing. Cyber - attacks are getting larger, moresophisticated and potentially costly. These risks are a threat to datasecurity and can lead to acts of fraud or customer relationship

Risk factors3


3.1.3 Operational risks

03_VA_V15 20/04/2020 14:22 Page14


management (CRM) data breaches. They also heighten thevulnerability of supervisory control and data acquisition (SCADA)systems, which could result in, for instance, losing partial control ofa water or waste treatment plant. Rapid technological changes – andespecially the rise of the Cloud and the internet of Things – haveincreased the level of potential threats as well as the risk of losingcontrol of the Group’s IT systems. The lack of efficient patchmanagement processes or vulnerability management processesmay lead to the development of security gaps, especially whenequipment and software are not updated or when vulnerabilitiesidentified are not corrected.

Insufficient investments or updates in IT equipment or infrastructuremake the Group vulnerable to system failures or outages.

Office and industrial Information Technology is increasingly connectedto the internet, which in turn makes the systems increasingly openand vulnerable. Not only has the risk of fraud grown, but corporateand personal data breaches have as well, resulting in an additionalrisk of not complying with the General Data Protection Regulation(GDPR), which could lead to considerable financial penalties.

Group employees having a relatively low level of IT security maturityis also a compounding factor for these risks.

Environmental and industrial risksThe facilities that the Group owns or manages on behalf of thirdparties carry risks to the surrounding environment (air, water, soil,habitat and biodiversity) and may pose risks to the health ofconsumers, local residents, employees, or even subcontractors.These health and environmental risks, which are governed by strictnational and international regulations, are regularly monitored bythe Group’s teams and by the public authorities. These changingregulations with regard to environmental responsibility andenvironmental liabilities carry the risk of increasing the Company’svulnerability in relation to its activities. This vulnerability must beassessed for older facilities (such as closed landfills) and for sitesin operation. It may also involve damage caused to habitats orspecies.

As part of its activities, the Group must handle, or even generate,hazardous products or by - products. This is the case, for example,with certain chemicals used in water treatment. In wastetreatment, some Group facilities treat special industrial or medicalwaste that may be toxic or infectious.

In waste management, gas emissions to be considered includegreenhouse gases, gases that induce acidification of the air,noxious gases and dust. In water activities, potential air pollutantsmainly include chlorine or gaseous by - products resulting fromaccidental emissions of water treatment products. Wastewatertreatment and waste treatment activities can also cause odorproblems or produce limited but dangerous quantities of toxic gasor micro - organisms.

In the absence of adequate management, the Group’s activitiescould have an impact on water in the natural environment:leachates from poorly monitored landfills, discharges of heavymetals into the environment, and aqueous discharges from fluegas treatment systems at incineration plants. These various typesof emissions could pollute water tables or watercourses.Wastewater treatment plants discharge decontaminated water intothe natural environment. For various reasons, these plants maytemporarily fail to meet discharge standards in terms of organic,nitrogen, phosphorus or bacteriological load.

Soil pollution issues could arise in the event of accidental spills ofstored hazardous products and liquids, leaks from processesinvolving hazardous liquids and the storage and spread of sludge.

Non - compliance with these standards can lead to contractualfinancial penalties or fines.

There are risks related to the operation of waste treatmentfacilities, water treatment facilities, water supply networks andcertain services rendered in industrial settings. These risks canlead to industrial accidents such as fires or explosions, designfaults, and external events beyond the Group’s control (actions bythird parties, landslides, earthquakes, floods, hurricanes, etc. ).Such industrial or health accidents may cause injuries, loss ofhuman life, significant damage to property or to the environment,as well as business interruption and loss of output.

Although the Group has premium civil liability and environmentalrisk insurance, it may still be held liable above the amount of itscoverage or for items not covered in the event of claims involvingthe Group. Moreover, the amounts provisioned or covered may beinsufficient if the Group incurs environmental liability, given theuncertainties inherent in forecasting expenses and liabilitiesrelated to health, safety and the environment. Therefore, theGroup’s liability for environmental and industrial risks could have asignificant negative impact on its public image, activity, financialposition, earnings and outlook.

Specific risks related to operating high - risk sites(“Seveso” sites)According to Directive 2012/18/EU of July 4, 2012, SUEZ operatesSeveso - designated sites within the European Union.

SUEZ operates other hazardous industrial sites for which it iscommitted to applying the same high industrial safety standards.

Any incident at these sites could cause serious harm to employeesworking at the site, neighboring populations and the environment,and expose the Group to significant consequences. The Group’sinsurance coverage could turn out to be insufficient. Any suchincident could, therefore, have a negative impact on the publicimage, activity, financial position, earnings and outlook of the Group.

3


3

03_VA_V15 20/04/2020 14:22 Page15

Main risks

Health, security and safety risksThe Group is very aware of the risks of deteriorations in employees’and subcontractors’ health. It takes measures to protect theirHealth and Safety and closely monitors the relevant indicators(frequency and severity rate) in each business unit. It also takesgreat care to remain in compliance with legal and regulatoryHealth and Safety provisions at its various sites. However, it may beconfronted with occupational illnesses that could lead to legalaction against the Group and, potentially, to the payment ofdamages, which could be significant.

Personnel working at water production and distribution facilitiesand on hazardous industrial waste treatment sites may be exposedto chemical risks.

Many Group vehicles travel on public roads, resulting in risks oftraffic accidents.

In the area of security, and despite security measures taken by theGroup as part of the operation of its water and waste facilities, thepossibility remains that the facilities could be affected by maliciousacts and acts of terrorism, with consequences for public health orharm to employees, equipment or sites. In addition, some of theGroup’s employees work or travel in countries where the risks ofterrorism or kidnapping may be high, especially in emergingcountries in which the Group intends to grow its internationalbusiness activities.

The occurrence of such acts could have a significant negativeimpact on the public image, activity, financial position, earningsand outlook of the Group.

Hiring, skills and succession risksThe Group employs specialists and executives with a broad rangeof expertise applied to its various businesses. In order to preventthe loss of key skills, the Group must anticipate labor shortages incertain businesses. In addition, the Group’s international growthand changes in its businesses require new know - how and a greatdeal of mobility among its staff, particularly its executives.

In particular, SUEZ identified risks such as shortages in criticalskill sets (e.g. sales teams for the industrial sector, large scaleproject managers or Big Data experts) and in new businessactivities for the Group, such as smart cities or digital technologies,difficulties defining succession plans that can have an influence onoperational continuity or project management, and an agingworkforce due to demographics in some countries.

The Group’s success depends upon its ability to map existing skillsand to hire, train and retain a sufficient number of employees,including managers, engineers, technicians and sales professionals,with experience in industrial markets who have the required skills,expertise and local knowledge. Competition for this kind of profileis strong.

Risks related to service continuityThese risks are first and foremost related to water serviceinterruptions caused by events such as accidental pollution or alack of maintenance. For business activities related to recyclingand waste recovery, the Group could also be impacted by serviceinterruptions at collection or treatment centers.

The main risks identified concern Chile and Australia. Due to thesingle “SUEZ” brand, the impact on the Group’s reputation would beamplified by such events. Contractual penalties could also apply.

In general, in a world where climate change and its proven impactsare rapidly gaining momentum, increased drought frequency andintensity could lead to a localized decrease in the availability ofgroundwater and surface water resources. This increasing scarcityof water resources, in combination with demographic andmetropolitanization pressures, could reduce or interruptproduction capacity. Moreover, the increase of drought phenomenacould increase the risk of saltwater intrusion into groundwater.

Likewise, the increasing occurrence of significant rainfall events,as well as an increase in their intensity, creates a growing risk incoming decades of flooding in Group - managed facilities, generatingservice interruptions and overloading storm sewer networks.Meanwhile, the disruption of transportation systems by floodingcould affect power supply, waste collection and the delivery ofreagents for water treatment.

Some Group companies depend on raw water, treated water orprimary energy suppliers for their distribution activities. Suchdependence is generally imposed by regulation or local technicalconfigurations, leading to the de facto monopoly of these suppliers.It is always possible that such suppliers may fail to meet theirobligations due to technical issues (breakdowns), pollution or forother reasons, causing a risk of service interruption.

Risk factors3


03_VA_V15 20/04/2020 14:22 Page16

Management of the risks the Group is facing involves identifyingand assessing such risks and putting in place the appropriateaction plans and hedges.

The Group has adopted an integrated corporate risk managementpolicy, which aims to provide a complete overview of the riskportfolio through the use of methods and tools common to allsubsidiaries and functional departments.

The Chief Risk Officer (CRO) is responsible for coordinating thisintegrated approach. He is supported by a network of Risk Officerswho are responsible for seamlessly and consistently executing therisk assessment and management techniques at the varioussubsidiaries. The network is headed by the Chief Risk Officer.

A risk - mapping process for the whole Group has been in place forseveral years. Risks are identified, classified by category (strategic,financial or operational), assessed (by significance, frequency, andexposure), and quantified wherever possible. The method forhandling them is then reviewed, which provides information foraction plans at different levels of the Company.

This process, which is overseen centrally by the Chief Risk Officerand at the subsidiaries by the network of Risk Officers, makes itpossible, in particular, to draw up an annual summary of the majorrisks for the Group. It includes steps to select significant individualrisks and, if applicable, aggregate homogeneous risks and to takeinto account possible links. The summary is discussed andvalidated by the Executive Committee.

The subsidiaries maintain responsibility for implementing the mostappropriate risk management policy for their particular activities.However, certain trans-Group risks are directly managed by thecorporate departments involved:

► within the Office of the General Secretary:

– the Legal Department analyzes and manages the Group’slegal risks, based, in particular, on periodic reporting from thesubsidiaries and their network of in - house legal counsel,

– the Internal Audit, Risk and Investments Department ensures:

– that internal audits are conducted on all the Group’sactivities around the world. It proposes its annual audit planbased on an analysis of the operational and financial risksof Group companies. This audit plan is approved by GeneralManagement. The objectives of the internal audit are toassess the contribution of the audited entities in relation totheir commitments, validate their risk analysis and control,assess their internal control system and verify that theGroup’s procedures, guidelines and charters are followed.At the end of every assignment, the Internal Audit Departmentcommunicates its conclusions and recommendations forcorrective actions,

– that the overall Enterprise Risk Management process iscarried out and the networks/communities concerned aremanaged: Risk Officers, Contract Managers,

– that the Group’s and subsidiaries’ main projects in terms ofinvestments, acquisitions and disposals, in particular, areanalyzed in collaboration with the Planning and ControlDepartment and the Legal Department;

– the Insurance Department, in conjunction with the subsidiaries,is the contracting authority for the Group’s insuranceprograms for industrial and environmental damage, businessinterruption, and liability (third - party, professional, etc. ).Specifically, it monitors risks of fire and machinery breakdownby implementing an annual prevention and protectionprogram for the Group’s key sites,

– the General Secretary, acting as the Ethics Officer for theGroup, is responsible for the prevention and management ofethical risks. He relies on the Ethics and ComplianceDepartment, which identifies and manages risks related toethics violations and compliance gaps. It also has a networkof compliance officers;

► within the Finance Department, the Treasury and CapitalMarkets Department, together with the subsidiaries, analyzesthe Group’s main financial risks (interest rates, major currenciesand banking counterparties), develops instruments formeasuring positions and sets policy for hedging such risks. ThePlanning and Control Department performs critical analyses ofthe subsidiaries’ actual and forecast financial performancethrough the monthly review of operating and financial indicators.It develops the Group’s short- and medium - term financialforecasts and contributes to the analysis of development projectsby the Group and its subsidiaries. The Internal ControlDepartment has rolled out a documentation, improvement andannual internal control assessment program at the mainsubsidiaries of the Group in collaboration with the Group’sfunctional and operational management teams. The TaxDepartment’s primary responsibility is to identify and analyze theGroup’s tax risks. The Accounting and Consolidation Departmentensures compliance with accounting standards;

► the Human Resources Department analyzes the main laborrisks, gaps in terms of skills, corporate culture, and employeemobilization and engagement. It develops action plans forrecruiting local talent and skills development. The Health andSafety Department monitors and ensures the prevention ofoccupational illnesses and accidents related to the Group’sbusinesses. It ensures the implementation of warning and crisismanagement procedures within SUEZ Group entities toestablish a culture of prevention at all levels, which furtherenhances the quality and continuity of operations;

► the Performance Department:

– studies and monitors environmental and industrial risks andcoordinates the actions needed to strengthen risk control andcompliance with requirements in this area. To do so, itimplements a schedule of environmental audits and coordinatesa network of Environmental and Industrial Risk Officers

Risk management and control within the Group

3.2 Risk management and control within the Group

3.2.1 General framework for Group risk management and control

Risk factors 3


3

03_VA_V15 20/04/2020 14:22 Page17

Controlling environmental and industrial risks is a priority for theGroup. For this reason, a specific management policy for theserisks was enacted in 2014. It addresses risks which may be ofaccidental or natural origin. They may be due to human ororganizational factors, equipment accidents or malicious acts. Thescope of this policy covers all types of pollution (air, soil, aquaticenvironments) and environmental nuisance (noise, vibration, odor,visual discomfort, etc. ). It also covers environmental damage aswell as property damage and personal injury caused by fire,explosion, machine breakage, natural disaster, the collapse ofstructures, etc.

In 2016, this policy was clarified to include the management of thecybersecurity risk for Industrial Control Systems, consistent withthe IT Security policy.

This policy is consistent with the Global Risk Management, Healthand Safety, and Security policies.

A structured management system ensures that the managementprinciples it contains are applied across all business unitsinternationally.

3.2.2.1 Governance

Within their organizations, SUEZ and each of its business unitseach appoint an Environmental and Industrial Risk Officer (EIRO) toensure the coordinated functional management of these risks atevery level of the organization. The Group EIRO reports to thePerformance Department. This individual is responsible forcoordinating the network of EIROs in the business units.

Commitments are formalized with the business units or otheroperating entities based on the principle of subsidiarity with theaim of continuously improving the management of environmentaland industrial risks. The annual Compliance Letter procedure isused to draft a report of each business unit’s environmental andindustrial risks, determine areas for improvement and relatedaction plans, disclose significant risks identified and report on themeasures taken as a result. Depending on the nature of the risk,action plans may be developed over one or more years. However,action plans seeking to mitigate significant risks must bedeveloped within a limited time frame to minimize the risk of majoraccidents. This document is signed by the CEO of each businessunit, based on the Compliance Memorandum of its EIRO.

3.2.2.2 Management Rules and Operational Rules

A series of management rules offer guidance on how to apply theSUEZ Environmental and Industrial Risk Management Policy.Compliance with local regulations is required in all cases. Anybusiness unit, subsidiary or facility with industrial operations, andover which the Group has a dominant influence on technicaloperations, must comply with these management rules. They alsoapply to any service performed on behalf of a third party at theirfacilities.

The management rules make it possible to roll out the maincomponents of the Environmental and Industrial Risk ManagementPolicy in the business units and operating entities. The maincomponents of the policy are as follows: organization, risk

3.2.2 Management of industrial and environmental risks

Risk management and control within the Group

charged with rolling out the environmental risk managementpolicy uniformly and consistently at each main subsidiary,

– studies the operating risks associated with the Group’sproduction systems and assists the subsidiaries in resolvingoperational issues at their sites, establishes and distributesbest practices and operational benchmarks to thesubsidiaries, and prepares solutions for a certain number ofemerging risks by developing suitable research programs;

► the IT Department analyzes and manages risks relating to ITsystems to guarantee the availability, integrity and confidentialityof information;

► the Security Department: the Group has developed specificsecurity know - how over a long period of time through variouslarge projects in Central America, South America, Africa, theMiddle East and Asia. Faced with increasingly complex andunstable security conditions, the Group has developed its ownupstream analysis system for potential risks and an overallsecurity management system based on scalable solutions thatare adapted to the specific local and regional context. In thisway, the Group continually analyzes unstable situations so as toidentify early signs of deterioration. This internal system isoperational, as we saw several times through the proactivemanagement of crises particularly in Africa and the Middle East;

► the Engagement and Communications Department analyzes andmanages primarily image and reputation risks and prepares andimplements suitable crisis communication plans in connectionwith the subsidiaries. The Best Practices Charter of the SUEZcommunications network reminds employees of the confidentialnature of information held by some employees and the internalobligations relating to the dissemination of information.

In addition, the Treatment Infrastructures business line activelycontributes to managing risks related to design and construction.

Aside from these functional departments, the Board of Directors isassisted by an Audit Committee whose assignments in terms ofrisks are as follows:

► obtain regular updates on the Group’s financial position, cashposition and significant commitments and risks;

► examine the risk control policy and the procedures selected toevaluate and manage these risks;

► evaluate the efficiency of the Group’s internal control system.

The results for 2019 of the overall risk management policy werepresented on October 25, 2019.

Internal control is implemented according to the risks identifiedwithin the Group’s activities as part of the risk-mapping process.

Risk factors3


03_VA_V15 20/04/2020 14:22 Page18

management, design, operation and modification of facilities,standards, reporting, training, subcontractor management,integration of new companies or operation agreements, managementand communication of accidents and near accidents, as well asother actions. They also lay down the roles and responsibilities forits implementation and the monitoring systems in place.

In addition, a series of environmental and industrial operationalrules define the mandatory rules for all Group operations. Thebusiness units’ management systems must take into account andadhere to the principles of these operational rules.

The purpose of the operational rules is to enable operating entitiesor subsidiaries to check that the operations under their controlcomply with the Group’s established criteria. Failure by existingentities or newly acquired companies to comply with the operationalrules must be addressed through an action plan to return them tocompliance within an appropriate time frame.

The operational rules are accompanied by Practical Guides that offerguidance and examples for the practical application of these rules.The practices are supplemented depending on accident analysisfeedback in collaboration with insurance company claims experts.

A series of external training modules is available on the Group trainingplatform to spread awareness of these operational rules. Groupexperts also organize face-to-face training sessions on this topic.

3.2.2.3 Control

The operating entities to which this policy applies must follow theSUEZ Environmental and Industrial Risk Management system andits three - step approach: risk identification; risk assessment; andimplementation of risk management measures.

The operating entities must introduce an appropriate method (or acombination of different methods) to identify potential environmentaland industrial risks associated with their activities or specific totheir facilities. Several risk identification methods are accepted:internal audits, self - assessment questionnaires, hazard studiesconducted as part of applications for authorization to operate,process risk studies, risk prevention programs carried out by thirdparties (e.g. specialized risk prevention companies on behalf ofinsurance companies), site visits by management or by functionaldepartments, and integration or acquisition of new facilities.

In addition, audits are conducted by the Performance Department(including a general audit of the environmental and industrial riskmanagement system and audits on selected operational sites).These audits are intended to verify the business units’ ability toidentify environmental and industrial risks, to determine measuresfor controlling such risks and to guarantee efficiency of thesemeasures over time. Failure to apply the management rules andstandards is reported to the appropriate management level foranalysis and decision - making on the measures to be implemented.

A summary of the reported gaps is presented annually to theGroup’s General Management.

3.2.2.4 Crisis alert and management

A crisis alert and management procedure is in place to anticipateand manage accidents or any unforeseen and sudden events thatmay have a negative impact on the environment, operating or thirdparty assets, business continuity or Group reputation, as well asassociated impacts on employees and local residents. Suchmeasures serve to ensure immediate and reliable communicationabout emergency situations to appropriate levels of the organization(alert) and to prepare and implement a “crisis organization” that isable to decide, communicate, and respond locally and globally,even in situations made worse by events. The procedure specifiesthe type of events that must be communicated through SUEZ’semergency stand - by team and the severity thresholds that shouldtrigger an alert.

Each of the Group’s subsidiaries has emergency plans in place thatinvolve two modes of intervention: a local emergency stand - byteam that issues the alert and mobilizes crisis managementresources, and a dedicated crisis management system that canhandle the crisis effectively over time. This system provides inparticular for the creation of crisis management units that arecapable of taking into account internal or external impacts,whether technical, social, health related, economic or reputational.

3.2.2.5 Consideration of feedback

Following an environmental or industrial accident, the operatingentities must analyze the event to determine the facts andunderstand the technical, organizational and human causesleading to the event. This analysis allows management to takeappropriate measures to prevent a reoccurrence; update the riskanalyses and reassess the robustness of risk control measures;and improve understanding about safety issues and the Group’ssafety culture by sharing feedback.

In the case of severe accidents, a news flash is circulatedthroughout the organization by the EIROs and via a post on Yammer(the Group’s internal social media network). A review panel mayalso be set up. Chaired by a representative of the Group’s GeneralManagement, these panels aim to ensure that the causes of theaccident have been correctly analyzed and appropriate correctivemeasures have been taken at the business unit level to prevent arepeat of such an accident; to propose any additional measures orinvestigations; to decide on possible actions at the Group level; todecide on the classification of the accident and the possibleconsequences for the people involved (employees and managers),and to decide on how to communicate about the event.

Risk management and control within the GroupRisk factors 3


3

03_VA_V15 20/04/2020 14:22 Page19

Ethical values have always been a fundamental component ofSUEZ’s strategy and development. The Group pays particularattention to sharing and adhering to ethical values as well asapplicable regulations. As a result, ethics and integrity are corecomponents of the values SUEZ reaffirmed in its “Shaping SUEZ2030” plan.

The Group also adheres to the Global Compact Initiative based onthe ten United Nations Global Compact principles and is a GlobalCompact Advanced Level company. In addition, SUEZ is a memberof the French division of Transparency International and Entreprisespour les Droits de l’Homme (Businesses for Human Rights).

SUEZ is making ethics an indispensable element of its overallperformance improvement. Adherence to these values is essentialin all the Group’s activities, both in internal relationships within theCompany and in its relationships with clients, partners, suppliersand all external stakeholders. For this purpose, the Group has setup a structured Ethics Program that includes a specific anti -corruption plan.

Managing the Ethics Program within SUEZ GroupThe Group Executive Committee regularly monitors the EthicsProgram and anti - corruption plan. At the Board of Directors level,it is monitored by its CSR, Ethics, Water and Sustainable PlanetCommittee, which is responsible in particular for ensuring that thenecessary procedures to prevent and detect corruption and influencepeddling are set up (for a description of the CSR, Ethics, Water and Sustainable Planet Committee along with its missions andactivities, see chapter 14.4, section 3 of this Universal RegistrationDocument). This Committee sends reports of its work to the Boardof Directors.

The Group’s Ethics Program is rolled out under the responsibility ofthe General Secretary, acting as the Group Ethics Officer, whorelies on the Ethics and Compliance Department in order to achievethis mission. Note that the Group Head of Ethics and Compliance isa member of the Leadership Group, a group formed under theSUEZ 2030 plan, which includes members of the ExecutiveCommittee and around 70 members who review the Group’sstrategic objectives and help roll them out.

3.2.4 Ethics Program

Development of major IT projects: the Group has introduced apolicy for managing major IT projects and is progressively rollingout a method aimed at addressing any possible deviations.

Cybersecurity risk: this risk concerns the operation of industrialsites managed by the Group and the protection of data relating tothe Group, its employees and its customers. Based onrecommendations from a series of international standards, suchas ISO 27000, and the guide on industrial systems cybersecuritypublished by the French National Information System SecurityAgency (ANSSI), the Group has defined a policy and set up agovernance structure, a SOC(1) and a SIEM(2), and in 2017 hired aGroup Chief Information Security Officer, an Industrial ControlSystems Risk Officer and a Data Privacy Officer to analyze risks, setstandards and ensure the Group remains in compliance withregulatory obligations. Local employees at the various BUs assistthem in carrying out their duties. The cybersecurity action planincludes the following measures:

In order to enhance IT security management, the Group took out acomprehensive cybersecurity insurance policy covering all legalentities in mid - 2018. New BUs have been added to the cybersecuritynetwork and all BUs actively participate in the new dashboard. Withregard to Operational Technology (OT), the Group has rolled out tenoperation security rules at all the BUs that include a secure ITarchitecture model in compliance with local businesses andregulations.

The Group is also gradually applying a uniform security level. In2018, SUEZ rolled out a cybersecurity crisis management governancestructure throughout the entire Group. In 2019, the Group was ableto test out this structure by conducting its second crisis exercise at

some twenty industrial sites in three different countries. A SUEZdigital footprint monitoring and analysis solution was also developed.In 2019, the Group expanded its Cybersecurity Center of Expertise,founded in early 2018. It now assists the international BUs withsecurity incidents and supports Group Security services with theBUs (SOC, ISSO, DPC, etc. ).

The Group is continuing the employee outreach program launchedin 2018 by rolling out a phishing simulation platform and videosraising awareness of cyber risks for all SUEZ employees.Regarding OT, after developing a list of critical sites, a cybersecurityreadiness self - assessment grid and the Group’s first employeeoutreach e - learning module, the Group launched a campaign toraise awareness of cybersecurity by airing videos showing real - lifescenarios to the entire Group.

Rolling out Group tools such as the SIEM/SOC to monitor andmake job postings, the network and Office 365 secure improveddata monitoring and protection within the Group. The Group hasbeen able to detect and stop several attempted attacks on theGroup’s infrastructure with these tools.

Lastly, SUEZ is continuing to roll out measures concerning theGDPR, including the review and roll - out of IT project risk analyses.This review and roll - out have been supplemented by a PrivacyImpact Assessment for projects involving private data. AnInsurance and Security plan, which includes GDPR requirements,has been drawn up and signed with suppliers. The Project Securitymethodology has been applied and includes data security from theproject outset (Privacy by Design) as well as throughout the entirelength of the project until production. The Group has also raisedawareness and trained employees on the GDPR.

Risk management and control within the GroupRisk factors3


3.2.3 Management of IT risks

(1) SOC: Security Operations Center.(2) SIEM: Security Information and Event Management.

03_VA_V15 20/04/2020 14:22 Page20

Risk management and control within the GroupRisk factors

The Ethics and Compliance Department coordinates a network ofcompliance officers who are responsible for ensuring that theprogram is implemented within their scope. As part of their duty,these compliance officers must ensure that employees are sufficientlyaware of the program, and that questions and concerns aboutethics are answered with sufficient independence.

The scope and composition of this network is reviewed on a regularbasis to make sure it is in line with the Group’s operational structure.As of December 31, 2019, there were 17 “first - tier” compliance officerscovering all the Group’s Business Units. Additionally, local complianceofficers are appointed for Business Units that have a particularlylarge number of employees or that are spread out geographically. As of December 31, 2019, the entire network had a total of 75 peopleunder the hierarchic or operational responsibility of the GeneralSecretary, Group Ethics Officer.

Reference DocumentsSUEZ’s ethical values are defined in the SUEZ Ethics Charter. ThisCharter is available in nine languages (French, English, Spanish,German, Dutch, Czech, Italian, Russian and Polish) and supplementedby an Ethics How-To Guide. It takes into account applicableregulations, standards, and rules on ethics and professionalconduct issued by international institutions (such as the GlobalCompact, the International Labour Organization Conventions andthe OECD Guidelines for Multinational Enterprises).

These documents have been developed as a reference framework forall employees in terms of behavior and action, whether it be collectiveor individual.

In order to strengthen its anti - corruption plan, in 2015 the Groupadopted a Code of Conduct entitled “Ethics Guide for BusinessRelationships”, available in nine languages. This guide is signed by theChief Executive Officer, like the Ethics Charter. This Code of Conductwas approved by the Board of Directors CSR, Innovation, Ethics,Water and Sustainable Planet Committee during its creation. Itstates that the Group has a zero - tolerance policy toward corruptionand it defines and illustrates the different types of behaviors toprohibit as they are likely to characterize acts of corruption orinfluence peddling. Anti - corruption rules are also listed andillustrated in the guide in a detailed and practical way. This guidealso handles conflicts of interest, the Group’s policy on gifts andinvitations as well as competition rules. In accordance with therequirements of the Sapin 2 Law, this Code of Conduct is includedin the Internal Regulations of the entities concerned.

The Ethics Charter and how - to guides can be consulted by all Groupemployees on the SUEZ intranet site. These ethics documents arealso provided to all employees who join the Group. Furthermore,new hires commit to adhere to these rules under the terms andconditions of their employment contract or via equivalent mechanismsif necessary. As a result, in 2019, around 9,000 employees receivedethics documents and formally committed to complying with theGroup’s ethics principles.

In addition, procedures aiming to mitigate ethics risks, andespecially corruption risk, have been defined and verificationmeasures are in place:

► a specific procedure frames contract signings with business orinstitutional consultants. In particular, it defines due diligencemeasures to take prior to the conclusion of these contracts andprior approval mechanisms;

► due diligence measures are implemented when selectingco - investors, co - contractors and subcontractors;

► procedure for sponsorship initiatives define applicable sponsorshipprinciples and prior approval mechanisms;

► a charter on Ethical and Responsible Lobbying was developed toserve as a reference to employees involved in representing theGroup’s interests.

Risk assessmentIn accordance with Sapin 2 Law requirements, a corruption riskmapping was created in 2017.

This mapping was updated once again in 2019. It has beenapproved by the Group Executive Committee, then presented to theBoard’s CSR, Innovation, Ethics, Water and Sustainable PlanetCommittee.

TrainingFace-to-face training and e - learning modules are rolled out on a regularbasis to increase prevention of ethics risks and ensure employees arewell versed in anti - corruption and anti - competition rules. Thisroll - out is based on training programs defined upstream. Employeesthat are the most exposed to risks are prioritized for training.

Consequently, throughout 2019, around 9,000 employees receivedtraining on ethics topics, and 5,000 of them were specifically trainedon anti - corruption rules (mainly employees deemed to be sensitive).

The ethics whistleblower systemThe Group has a system to collect and report Group rule violations.This system is open to all Group employees and third parties. Itguarantees confidentiality and lack of retaliation againstwhistleblowers acting selflessly and in good faith. Note that someGroup entities have also set up local systems specific to their needs.

In 2019, 147 emails with allegations of unethical behavior werereceived via the Group email ([email protected]) and the Groupentities’ dedicated email addresses. On top of that, a large numberof whistleblower reports were sent to other Group departments orsenior managers first.

3


3

03_VA_V15 20/04/2020 14:22 Page21

The roll - out of the industrial risk management policy described insection 3.2.2 helps to further reduce the occurrence or effects ofaccidental events.

To limit the impact of certain events on its financial position, or tomeet contractual or legal requirements, the Group has createddedicated insurance programs to cover its main risks of damage toproperty, civil liability, and personal insurance.

The policy for transferring risk to the insurance market is approvedevery year and updated as necessary in order to reflect not onlychanges in the Group, its activities and the risks it faces, but alsochanges in the insurance market.

The Insurance Department organizes the policy defined by theGroup: selection of the brokers and insurers, monitoring of thepolicies and, if necessary, control of the prevention or protectionpolicies. For this purpose, it works with a network of specialists oragents at the Group’s subsidiaries.

In each of the traditional insurance domains (namely propertydamage and interruption of business, civil liability and employeebenefits), the Group transfers risks to the insurance market oruses self - financing plans:

► the transfer of risk to the insurance market is performed asoften as possible through Group - wide programs in areas thatare considered strategic because of either the potential severityof the risks covered or the economies of scale generated byGroup - wide programs;

► the financing of low or moderate intensity random risk reliesmostly on self - financing schemes, particularly through riskretentions, or through the captive non - life reinsurancesubsidiary SUEZ Ré, whose activities consist of reinsuring all orpart of the risks transferred by SUEZ Groupe and itssubsidiaries to non - life insurers. Its expert - led Technical andFinancial Committees validate each commitment and monitormanagement transactions.

In 2019, the premiums (including taxes and retentions) relating tothe main insurance programs established by the Group in theareas of asset protection (covering property damage and

interruption of business) and third - party claims amounted toapproximately 0.4% of Group consolidated revenues, consideringthe changes in scope.

Property damage and interruption of businessThe protection of Group assets covers property the Group owns aswell as property that it leases or that has been entrusted to it.

Facilities are covered by programs that are generally underwrittenat the Group level. However, insurance policies are also taken outby subsidiaries and, under exceptional circumstances, by sites, ifjustified by contractual requirements. These local insurancepolicies are identified and checked by the Insurance Department.

The underwriting limits for property damage cover the maximumloss assessed for each site.

With respect to interruption of business resulting from propertydamage, the coverage periods take into account an estimate of theconsequences of the total or partial shutdown of a site (repairperiod, amount of daily losses, additional expenses andredundancy).

Construction projects are covered by a “Construction All Risks”policy taken out by the project manager, the general contractor orthe main company involved.

Civil liabilityThe Group’s third - party civil liability is covered by various types ofcivil liability insurance.

General civil liability, product liability, professional liability or civilliability for environmental damage coverage fall under aninsurance program underwritten and managed by SUEZ Groupe onbehalf of its subsidiaries.

The maximum coverage under this policy was EUR 350 million in 2019.

3.2.5 Management and Financing of Insurable Risks

When ethical concerns arise, the Head of Ethics and Complianceand/or the concerned Ethics Officer is either involved directly orimmediately notified. This individual can decide to examine them if necessary in close collaboration with the Legal and HumanResources departments. The most serious cases are subject to aninternal audit or specific external audit.

ControlsThe Group’s Ethics Program is monitored as part of an annualcompliance procedure. At this time, the Ethics Officers send areport on the application of the Ethics Program at their subsidiaryto their General Management team as well as to the Group EthicsOfficer and Group Head of Ethics and Compliance. A complianceletter signed by the Chief Executive Officer of each business unit orsignificant entity is also submitted to the Group Chief Executive

Officer and the Group Ethics Officer. Lastly, the Group Ethics Officerproduces an Annual Report on the Group’s Ethics Program for theGroup Chief Executive Officer and for the Chairman of the Board ofDirectors. It is then sent to the CSR, Innovation, Ethics, Water andSustainable Planet Committee, which then reports on it to theBoard of Directors.

The SUEZ ethics and anti - corruption program is also included inthe Group’s internal control system.

Lastly, the Internal Audit Department regularly examines how welland how effectively the Group’s Ethics Program has beenimplemented. As a result, the annual internal audit plan, which isdefine

universal registration document 2019 · Document, the French version shall prevail. This Universal...

Documents

Transcript of universal registration document 2019 · Document, the French version shall prevail. This Universal...