2021 UNIVERSAL REGISTRATION DOCUMENT

VINCI’s anti-corruption arrangements

• Whistleblowing procedure

All employees have access to several channels for reporting their concerns. They can refer matters to their managers, use their business unit’s local whistleblowing procedure or contact the Group’s Ethics Officer directly. They can also use the VINCI Integrity platform, which makes it possible to process whistleblowing reports concerning serious infringements of the Group’s rules and commitments set out in the reference guides on human rights, health and safety, business ethics and the environment.

This platform is also available to external stakeholders via the Group’s website.

•  Risk assessments

The assessment of business ethics-related risks is an integral part of the policy for managing risks that might affect the Group’s global performance or image. The findings of this assessment, based on a collaborative process and carried out by working closely with the teams on the ground, are mapped and the risks identified are ranked in relation to the relevant organisational level. It is incorporated into both the project analysis process (Risk Committee) and the external growth process (Investment Committee). Key customers, suppliers and subcontractors, as well as any commercial intermediaries, are assessed before the Group starts doing business with them and/or during their contractual relationship thanks to various measures, including multidisciplinary questionnaires and specific platforms.

• Accounting controls and audits

The accounting processes put in place help prevent corruption. The internal audit plans and self-assessment processes, overseen by the finance teams, include a series of questions aimed at ensuring the existence and effectiveness of the arrangements for preventing corruption.

• Assessment of the Group’s GDPR maturity

With regard to personal data protection, VINCI decided to carry out an audit to assess the Group’s GDPR (General Data Protection Regulation) maturity, with support from a leading consulting firm. This assessment looked at the key areas in line with the recommendations of the French data protection authority (CNIL) and market standards (including ISO 27701). The audit found that the Group’s maturity is slightly higher than the market. Nevertheless, an action plan was drawn up to reinforce compliance in the areas for improvement identified.

2.4.3 Tax measures put in place

VINCI’s highly decentralised organisation is structured around business lines and operating subsidiaries, rather than by country or geographical area. The Group’s substantial expense relating to taxes, fees and other compulsory payments represents a significant portion of its contribution to the economies of the countries where it operates. The Group meets its tax obligations, in full compliance with applicable local and international laws and in line with VINCI’s intangible and universal commitments.

In accordance with VINCI’s Code of Ethics and Conduct, as well as its general guidelines, strict compliance with applicable laws and regulations is a core principle for the Group, one that must be followed in all circumstances by every employee and every business unit in the countries where they operate.

Due to the specific features of VINCI’s business model and its activities, which are primarily local, the Group’s entities tend to favour local suppliers for their purchases of goods and services. For this reason, cross-border transactions between its various companies are limited and not material, as they primarily concern umbrella brand royalties, parent company services and short- or medium-term financing for operational requirements or external growth. The invoicing principles applied follow the OECD Transfer Pricing Guidelines. These guidelines incorporate the recommendations resulting from the OECD/G20 Base Erosion and Profit Shifting (BEPS) Project, and in particular Actions 8-10 “Aligning Transfer Pricing Outcomes with Value Creation”, supplementing the Group’s adherence to the arm’s length principle.