Given the diversity of their activities and geographical locations, the Group’s companies operate within specific legal and regulatory environments that vary depending on the place where the service is provided and on the sector involved.
Laws in effect in some countries may have an extraterritorial scope that could apply to the Group’s companies.
In particular, Group companies must comply with rules relating to:
Risk identification | Risk management procedures |
---|---|
With respect to concessions, aside from the legislative, regulatory and tax policy changes that are always possible during such long-term contracts, the Group is dependent on public authorities that may, as is the case in France, have the right to unilaterally alter the terms and conditions of public service, PPP or concession contracts during their execution phase or even terminate the contract itself, subject to compensation. In the performance of their activities, Group companies could be held civilly or criminally liable and thus suffer the financial or administrative consequences thereof. Similarly, Group executives and employees may be held criminally liable. A large share of the risks of non-compliance is therefore likely to lie primarily with senior executives and with employees to whom responsibility has been delegated, but may also lie with legal entities. The consequences may be financial (fines) or criminal penalties (conviction and/or being banned from operating). In environmental law, the emergence of new regulations regarding climate change, such as RE2020 in France or the European taxonomy, can constitute risks with financial consequences (loss of contracts in competitive bidding, fines, impact on the profitability of projects underway), non-financial costs and damage to the Group’s reputation. |
With respect to concessions, aside from the legislative, regulatory and tax policy changes that are always possible during such long-term contracts, the Group is dependent on public authorities that may, as is the case in France, have the right to unilaterally alter the terms and conditions of public service, PPP or concession contracts during their execution phase or even terminate the contract itself, subject to compensation. In the performance of their activities, Group companies could be held civilly or criminally liable and thus suffer the financial or administrative consequences thereof. Similarly, Group executives and employees may be held criminally liable. A large share of the risks of non-compliance is therefore likely to lie primarily with senior executives and with employees to whom responsibility has been delegated, but may also lie with legal entities. The consequences may be financial (fines) or criminal penalties (conviction and/or being banned from operating). In environmental law, the emergence of new regulations regarding climate change, such as RE2020 in France or the European taxonomy, can constitute risks with financial consequences (loss of contracts in competitive bidding, fines, impact on the profitability of projects underway), non-financial costs and damage to the Group’s reputation. Risk management procedures The main measures relating to legal and regulatory controls are presented in paragraph 2.3, “Respect for human rights”, page 199, and paragraph 2.4, “Business ethics”, page 201, of chapter E, “Workforce-related, social and environmental information”. The financial risks relating to the potential invoking of the third-party liability of Group companies are covered within certain limits by the insurance policies described in paragraph 3.5, “Insurance cover against risks”, pages 170 to 171. Owing to its ability to adapt to new regulations and track changes in standards, the Group actively monitors legal and regulatory compliance risks. |
Protecting VINCI’s informational capital is of major strategic importance, particularly now that all its businesses are becoming digital. Cyber risks are one of VINCI’s major concerns. The Group is constantly working to strengthen its IT system security and raise awareness among all employees.
New collaborative practices have made it possible to work in the office, at construction sites and remotely in a more fluid and efficient manner. In today’s hyper-connected world, those same technologies have become a source of vulnerability, because they are both essential to the Group’s operational efficiency and exposed to cyberattacks. These attacks can be very diverse and have become increasingly sophisticated. Major international groups are frequently subject to sometimes massive cyberattacks as well as fraud attempts. This trend intensified in 2021, especially during lockdown periods, during which remote working was encouraged and its use expanded considerably.
Risk identification | Risk management procedures |
---|---|
|
Risk management procedures In 2021, VINCI stepped up the rollout of its overall IT security policy, under the impetus of the Executive Committee member serving as the Group’s cybersecurity coordinator. The principal activities carried out were as follows:
|