Managing the Group’s activities includes taking into account the principal risks detailed in the table below. The level of criticality of each of these risks (high, intermediate or moderate) was determined on the basis of its probability of occurrence, the anticipated extent of its adverse impact at Group level and in consideration of risk management procedures already in place so as to show the net impact.
This chapter includes a specific description of the impact of the Covid-19 pandemic, which is also summarised in the table below.
| Type of risk | Description | Criticality* | Impacted by Covid-19 | Trend |
|---|---|---|---|---|
| Operational | ||||
| Contracting business | + | |||
| • Before the contract is signed | High | |||
| • After the contract is signed | Intermediate | Yes | ||
| Concessions business | ||||
| • Design phase | Intermediate | |||
| • Construction phase | Intermediate | |||
| • Operating phase | High | Yes | ||
| Property development business | Intermediate | Yes | ||
| Acquisition and disposal of companies | Intermediate | |||
| Legal | ||||
| Contractual relationships | High | = | ||
| Legal and regulatory compliance | Intermediate | |||
| Cyber | ||||
| Cyberattacks | High | Yes | + | |
| Fraud | Intermediate | Yes | ||
| Workforce-related and social | ||||
| Human rights | High | + | ||
| Health, safety and security of employees and subcontractors | High | Yes | ||
| Attracting and retaining talent | Moderate | |||
| Environmental | ||||
| Climate change and increasing scarcity of resources | High | + | ||
| Environmental quality and presence of contaminants | Intermediate | |||
| Ethics | ||||
| Business ethics risks | Moderate | = | ||
| Financial and economic | ||||
| Changes in the economic and tax environment | High | Yes | + | |
| Financial risks | Intermediate | Yes |
*Level of risk determined on the basis of the monitoring frequency and extent of impact (high, intermediate or moderate).
Additionally, with regard to the current situation between Russia and Ukraine, the Group notes that its economic and balance sheet exposure to these two countries is not material:
• In 2021, VINCI Construction generated revenue of around €30 million in Russia and Ukraine.
• VINCI Concessions has several ownership interests in Russia, primarily its 50% stake in the concession company for section 0 of theMoscow–St Petersburg motorway (M11), its 40% stake in the company set up to operate sections 7 and 8 of this same motorway undera public-private partnership, and its 50% stake in a road operations company. These interests, which are accounted for under the equitymethod in the Group’s consolidated financial statements, made only a marginal contribution to VINCI’s income in 2021 and representeda negligible part of its capital employed during the year.
Impact of Covid-19 in 2021
Despite the ramp-up of vaccination campaigns worldwide, 2021 was impacted by the development of the health crisis. The resurgence ofthe pandemic at the beginning and end of 2021 – related in particular to the appearance of new variants – led to the implementation ofnew restrictive measures in many countries: quarantines, bans on social gatherings, closure of non-essential public places, travel restrictions or bans, lockdowns affecting a proportion of the population, curfews, border closings, etc.
Against this background, earnings generated by the Group’s concessions activities were hampered by low levels of air traffic and, to a lesser extent, by the slight decline in motorway traffic levels compared with 2019. By implementing the health and safety recommendationsissued by professional organisations and local authorities, the Group’s Energy and Construction businesses were able to continue tooperate despite the pandemic. Active in buoyant sectors and supported by strong order books, they saw their top line increase comparedwith 2019. As a result, they are reporting wider operating margins than before the crisis – despite the higher costs and raw material andlabour shortages seen in 2021 – thanks to good management of operations and contracts.
In 2021, the pandemic affected the following risk factors:
Operational risks: operating phase for Concessions business
As was the case for the world’s air transport sector as a whole, passenger numbers in the VINCI Airports network were hit hard by theCovid-19 pandemic and the travel restrictions it caused. Nevertheless, after a particularly difficult start to the year, passenger numbers sawa gradual recovery, beginning in the third quarter of 2021. Over the full year, passenger numbers were slightly higher than in 2020 – and significantly below pre-crisis levels – with sharp contrasts from one geographical area to another.
Traffic levels on VINCI Autoroutes’ networks were impacted by the travel restrictions implemented in the first half of 2021 in France,including the curfew in place until 20 June 2021, the lockdown from 3 April to 3 May 2021, including a ban on travelling more than 10 kmfrom the home, the closure of many public places and limitations on travel between countries. When travel restrictions were lifted in June, motorway traffic quickly bounced back. During the second half of 2021, it exceeded that of 2019.
Cyber risks and fraud
As in 2020, remote working in 2021 led to an increase in cyber risks because of the greater number of remote connections, which representa source of vulnerability to malicious activity. By continuing to strengthen its IT security measures, the Group was able to protect itsinformation systems.
Workforce-related and social risks
The public health situation brought about by the pandemic prompted VINCI to be more vigilant about health and safety risks for itsemployees, partners, subcontractors, customers and other stakeholders.
Financial and economic risks
The health crisis had repercussions on the financial positions of some of Group’s subsidiaries that could affect their credit ratings.This type of exceptional event carries a temporary risk of non-compliance with the covenants of their financing agreements, as was thecase for London Gatwick airport, which nevertheless obtained a waiver of its financial covenants in September 2021.
In addition, in this uncertain context, VINCI is paying particular attention to the impairment tests performed on assets to ensure that theirrecoverable amount remains higher than their carrying amount.
Risk factors
The risks that may affect VINCI’s performance are identified, assessed and handled at the different organisational levels (holding company, business line, subsidiary), within the framework of VINCI’s decentralised organisation.
Group companies might be subject to risks related to the environmental and social conditions in the areas where they operate. As VINCI is a major participant in the economy, any risk that materialises could tarnish the entire Group’s image.
Operational risks
Depending on its business, each Group company is exposed to specific operational risks, which are prevented, controlled and managed differently.
One of the key elements of VINCI’s risk management system is the existence of risk committees at each level of the organisation, and inparticular at the holding company level. These committees examine, at the preliminary phase, all proposals that involve commitments tonew projects as part of the decision-making process followed by the business lines for investments exceeding certain thresholds. Thesethresholds are defined in the general guidelines provided to the various managers of the Group’s entities. The operating procedure forthese committees and their composition are described in paragraph 3.4.3, page 169.
Business risks
ENERGY AND CONSTRUCTION
The Group’s Energy and Construction businesses serve a large number of public and private entities in 100 or so countries and operateunder fixed-term contracts covering periods of a few weeks to several years.
Performance under these contracts includes a design phase followed by a construction phase, which ends with the handover of thefinished project.
| Risk identification | Risk management procedures |
|---|---|
| Before the contract is signed - Poor evaluation of the country, customer or project - Errors in design and cost estimates - Errors in interpreting contract clauses - Overestimation of available internal resources - Poor evaluation of subcontracting costs Possible consequences: - Organisational, technical, contractual, administrative or regulatory difficulties affecting performance under the contract that could impact lead times, costs, cash flow, quality or the Group’s reputation | - Prior analysis as part of a project selection meeting - Presentation to the Risk Committee before a bid is submitted (see paragraph 3.4.3, pages 169 to 181)., with risk scorecards - Negotiation with the customer for a balanced sharing of risk - Assessment of the proper size of the teams in charge - Taking into account of feedback from previous projects during the design phase |
| After the contract is signed - Insufficient preparation time - Errors in the selection of equipment and methods - Insufficient or poorly adapted human resources or supplies - Difficult relationship with the customer - Unexpected events and obstacles - Changes imposed by the customer during construction - Poor contract management - Cost inflation - Default of partners (co-contractors, suppliers, subcontractors) or customers - Customer disagreement on invoicing and the final breakdown of expenses Possible consequences: - Organisational, technical, contractual, administrative or regulatory difficultiesaffecting performance under the contract that could impact lead times, costs, cash flow or quality - Damage caused to third parties - Damage to the Group’s reputation | - Organisation of worksite preparation - Specific risk management systems tailored to the business line (Codex at VINCI Energies, Kheops at Eurovia, Orchestra at VINCI Construction) - Application of price adjustment formulas - Transfer of risk to subcontractors and suppliers - Prior selection of robust solutions or equipment to deal with uncertainties - Discussions with the customer, amicable settlement committees and legal action if necessary - Payment guarantees, contract clauses - Insurance policies (see paragraph 3.5, pages 170 to 171) |
CONCESSIONS
The risks of a concession contract, whose duration can vary from a few years to several decades, are carefully evaluated before bid submission during the design phase, which is generally much longer than it is in the Energy and Construction businesses.
The main risks on the operation of concession assets relate to changes in traffic or passenger numbers, the level of toll charges andcollection, as well as the operating, maintenance and repair costs set in the concession contract. Traffic levels on motorway concessionsare correlated to economic activity and are generally affected by changing fuel prices. Toll increases are determined by set formulas,the main aim of which is to offset the risk of inflation. For airport concessions, passenger numbers may be impacted by a variety of events, including natural events or harsh weather conditions as well as terrorist attacks or threats. Rates are set in accordance with the regulation applicable to the contract, which may or may not make reference to a return on invested capital.
Experience has shown that social incidents can disrupt concession operation and lead to acts of vandalism, as was the case at the end of2018 and in 2019 with the “yellow vests” movement in France. A health crisis such as Covid-19 can also have a very significant impact ontraffic levels and passenger numbers due to travel restrictions.
For all concession infrastructure under operation, provisions are taken to cover the cost of renovating installations – particularly motorway road surfaces and airport runways – as well as the cost of building maintenance, based on maintenance expense plans (see Note H.19.3 to the consolidated financial statements, page 313to 314).
| Risk identification | Risk management procedures |
|---|---|
| Design phase - Erroneous business plan - Poor estimate of required investment - Difficulties in finalising the financial structure - Constraints relating to the applicable regulation - Lack of robustness of the contractual environment - Poor estimate of environmental impact - Legal or tax uncertainties Possible consequences: - Cost overruns and delays - Late delivery, project deterioration - Unprofitable project - Challenges to contract by the concession grantor - Damage to the Group’s reputation | - Presentation to the Risk Committee before a bid is submitted - Transaction structured as a special purpose vehicle (SPV): to limit the Group’s commitments and the amount it invests in the SPV, share capital and control may be shared with one or more partners. In this case, a majority of the financing is comprised of debt with no recourse or only limited recourse to shareholders. - Some risks may remain with the concession-granting authority, in particular in relation to making land available. - Recourse to the expertise of the Group’s Contracting business - Involvement of lenders from the preliminary phase - Use of outside consultants – Analysis of the project’s environmental and social impacts |
| Construction phase - Poor choice of contractor and other companies - Difficulties or unexpected events during construction - Disturbances caused by project opponents Possible consequences: - Cost overruns and delays - Penalties - Late delivery, project deterioration - Unprofitable project | - Special attention paid to the preparation phase, management of relations with stakeholders including the implementation of best practices in line with the Cooperate initiative - Fixed-price construction contracts based on a back-to-back principle |
| Operating phase - Lower-than-expected traffic levels or passenger numbers – Difficulties in concession management with the concession-granting authority, regulatory authorities and/or end users - Legislative or tax changes - International sanction(s) against a partner or a country in which the Group operates - Damage to the infrastructure - Significant deterioration in financial markets - Climate change, extreme climate events Possible consequences: - Unprofitable project - Difficulty in refinancing the project at favourable terms - Unilateral decision by the concession-granting authority to challenge the terms of the contract - Financial difficulties at airlines - Infrastructure unavailability that could cause loss of revenue and contractual penalties - Damage to the Group’s reputation | - In-depth review of the wording of the initial contract and the periodic economic regulation contracts - Quality of service to end users - Strict application of surveillance and maintenance procedures (in France, this relates to the review and implementation of the rules laid down in the set of official documents comprising the technical instructions for the monitoring and maintenance of civil engineering structures, known by its French acronym ITSEOA). - Analysis of airline credit risk |
PROPERTY DEVELOPMENT
The Group’s property development activities are exposed to numerous administrative, technical, commercial, tax and economic uncertaintiesas well as to the potential business failure of partners or subcontractors (builders). The Group’s property development operations arecarried out essentially in France by VINCI Immobilier. Some VINCI Construction subsidiaries may also participate in property transactions or property development programmes, with a limited assumption of risk. Any commitment exceeding defined thresholds must be authorisedin advance by the VINCI Risk Committee. The Group’s policy is to undertake a new project only after it has reached a minimum pre-sale rate.
| Risk identification | Risk management procedures |
|---|---|
| - Cyclical business - Risk of obtaining permits; recourse to third parties - Poor project and programme definition (number and size of residential units, quality category) - Poor choice of partner and subcontractor companies - Deterioration in the financial condition of investors and buyers - Less favourable lending terms - Defects in workmanship Possible consequences: - Overvaluation of land – Construction permit not obtained - Programme not in line with market preferences - Buyers cannot obtain bank financing - Lack of demand - Insufficient occupancy (offices, residential) - Risk of unsold properties - Cost overruns, delays or abandonment of certain projects - Damage to the Group’s reputation | - Presentation to the Risk Committee prior to acquisition of the land and/or launch of property development operations - Separation into three areas of expertise: residential, business property, property services - Conditions precedent in land purchase contracts (obtaining building permit, pre-sale percentage, etc.) - Limiting transactions with no reservations; minimum pre-sale threshold required - Strengthening controls for assigning and tracking construction work - Developing a strategy to ensure that no reservations are raised at the handover for quality programmes |
Acquisition and disposal of companies
| Risk identification | Risk management procedures |
|---|---|
| - The Group’s growth has long been based on a proactive acquisition policy, focusing on companies of all sizes, in all its business lines. Risks related to these acquisitions: - Reliability of the financial information provided and the business plan drawn up by the sellers - Corporate governance continuity and integration of newly acquired companies - Potential hidden disputes - Corporate culture compatibility between buyer and seller - Damage to the Group’s reputation - Compliance issues | Proposed acquisitions and disposals are submitted to the VINCI Investment Committee for approval. The largest projects are also submitted to the Strategy and CSR Committee of the Board of Directors (see chapter C, “Report on corporate governance”, paragraph 3.4.2, page 137) and in some cases to VINCI’s Board of Directors (see chapter C, “Report on corporate governance”, section 2, beginning on page 121). A procedure for the acquisition and sale of financial assets and a risk analysis based on specific criteria are applied to these projects.VINCI’s external growth policy is to: - target companies with which synergies can be created due to their expertise, their market positioning or their geographic location; - generally, take a majority interest in the share capital of target companies in order to limit risks associated with their integration and to be able to quickly apply the Group’s management principles; - seek out corporate culture compatibility in order to facilitate the integration of newacquisitions into the Group. |
Legal risks
Contractual relationships
As a general rule, the Group’s contracts are subject to the laws of the countries in which the projects are executed, supplemented where possible by the arbitration clause of the International Chamber of Commerce, in particular for countries where the legal system might not offer sufficient protection.
As mentioned above in paragraph 2.1, “Operational risks” (see page 159), disputes may arise during the performance of said contracts. Detailed information on the principal disputes and arbitrations in which the Group is involved can be found in Note M to the consolidated financial statements, pages 342 to 344. These disputes are examined on the date the financial statements are approved and, if necessary, provisions are constituted to cover the estimated risks.
| Risk identification | Risk management procedures |
|---|---|
| - Different interpretations of new items arising during the performance of the contract - Change in the contracting authority’s governance - New jurisprudence - Misinterpretation of contractual clauses | The Group’s policy is to limit its risk during the proposal phase by seeking to negotiate terms with contracting authorities that: - pass onto the customer the extra costs and/or additional time stemming from changes implemented at the customer’s request after the contract is signed; - halt construction in the event of non-payment; - exclude indirect damages; - exclude or limit liability relating to existing pollution; - limit its contractual responsibility for the total project to a reasonable percentage of the contract amount; - cap delay and performance penalties at an acceptable percentage of the contract amount; - stipulate contractual provisions allowing for adjustments (price and time schedule) to account for legal, tax or regulatory changes; - obtain protection via a force majeure clause (against political risk, a unilateral decision of the customer or concession-granting authority, economic upheaval, poor weather conditions) or for early contract termination; - obtain an international arbitration clause; - keep an eye on the activation of insurance cover. |
Legal and regulatory compliance
Given the diversity of their activities and geographical locations, the Group’s companies operate within specific legal and regulatory environments that vary depending on the place where the service is provided and on the sector involved. Laws in effect in some countries may have an extraterritorial scope that could apply to the Group’s companies. In particular, Group companies must comply with rules relating to:
- the terms of agreement and performance of public and private sector contracts and orders;
- laws governing construction activities and in particular the applicable technical rules governing the delivery of services, supplies and works;
- environmental law, commercial law, labour law, competition law, and financial and securities law;
- personal data protection;
- duty of vigilance and accident prevention (especially the Sapin 2 and duty of vigilance laws in France);- international sanctions in force, in particular by way of specific due diligence and an active regulatory watch on the regulations involved.
| Risk identification | Risk management procedures |
|---|---|
| With respect to concessions, aside from the legislative, regulatory and tax policy changes that are always possible during such long-term contracts, the Group is dependent on public authorities that may, as is the case in France, have the right to unilaterally alter the terms and conditions of public service, PPP or concession contracts during their execution phase or even terminate the contract itself, subject to compensation. In the performance of their activities, Group companies could be held civilly or criminally liable and thus suffer the financial or administrative consequences thereof. Similarly, Group executives and employees may be held criminally liable. A large share of the risks of non-compliance is therefore likely to lie primarily with senior executives and with employees to whom responsibility has been delegated, but may also lie with legal entities. The consequences may be financial (fines) or criminal penalties (conviction and/or being banned from operating). In environmental law, the emergence of new regulations regarding climate change, such as RE2020 in France or the European taxonomy, can constitute risks with financial consequences (loss of contracts in competitive bidding, fines, impact on the profitability of projects underway), non-financial costs and damage to the Group’s reputation. | The main measures relating to legal and regulatory controls are presented in paragraph 2.3, “Respect for human rights”, page 199, and paragraph 2.4, “Business ethics”, page 201, of chapter E, “Workforce-related, social and environmental information”. The financial risks relating to the potential invoking of the third-party liability of Group companies are covered within certain limits by the insurance policies described in paragraph 3.5, “Insurance cover against risks”, pages 170 to 171. Owing to its ability to adapt to new regulations and track changes in standards, the Group actively monitors legal and regulatory compliance risks. |
Cyber risks
Protecting VINCI’s informational capital is of major strategic importance, particularly now that all its businesses are becoming digital. Cyber risks are one of VINCI’s major concerns. The Group is constantly working to strengthen its IT system security and raise awareness among all employees.
Cyberattacks
New collaborative practices have made it possible to work in the office, at construction sites and remotely in a more fluid and efficient manner. In today’s hyper-connected world, those same technologies have become a source of vulnerability, because they are both essential to the Group’s operational efficiency and exposed to cyberattacks. These attacks can be very diverse and have become increasingly sophisticated.$ Major international groups are frequently subject to sometimes massive cyberattacks as well as fraud attempts. This trend intensified in 2021, especially during lockdown periods, during which remote working was encouraged and its use expanded considerably.
| Risk identification | Risk management procedures |
|---|---|
| - Cyberattacks: attacks on information systems - Data leak: loss or disclosure of data - Cyber spying: eavesdropping or theft of confidential data Possibles consequences: - Damage to the Group’s reputation - Financial loss - Information system unavailability - Non-compliance | In 2021, VINCI stepped up the rollout of its overall IT security policy, under theimpetus of the Executive Committee member serving as the Group’s cybersecurity coordinator. The principal activities carried out were as follows: - regular presentations by the Information Systems Department and the Chief Information Security Officer (CISO) to the Executive Committee on the stage of completion of projects that are part of the Group’s cybersecurity programme; - update of the multi-year cybersecurity plan with representatives of each of the business lines; - strengthening, both centrally and in the business lines, of VINCI-CERT, the Group’s computer emergency response team, whose role is to identify threats to information systems and those systems’ vulnerabilities, as well as to bring its expertise to bear in the event of a cyber incident; - monitoring of the application of IT system security directives, which specify mandatory security rules for each area of the information system; - update of VINCI’s cybersecurity radar, which measures the level of cybersecurity maturity in all of the Group’s entities; - standardisation and rollout of workstation securitisation and digital identity management mechanisms; - rollout of numerous initiatives to raise awareness among all employees; - intrusion tests on the Group’s critical infrastructure; - resilience improvements for IT infrastructure essential to the Group’s businesses(redundancy, recovery); - simulation of cyber crises at Group level and by business line; - internal cybersecurity audits performed with the holding company’s Internal Audit and Information Systems departments. |
Fraud
| Risk identification | Risk management procedures |
|---|---|
| Fraud: intentional act by an employee or a third party aimed at embezzling Group assets The systems of a group as decentralised and diversified as VINCI are exposed to the risk of both internal and external fraud, especially as regards payment systems. Attempts at fraud generally target the individuals involved in external payment processes. Possibles consequences: - Financial loss - Damage to the Group’s reputation | External fraud prevention involves several Finance Department, Security Department and Information Systems Department units. The core system includes reporting via an online platform (with a link on VINCI’s intranet), enabling central services to react immediately and facilitating analysis of fraud attempts. In addition, a set of fraud prevention measures has been made available on the Group’s intranet. These include instructions specifying correct conduct in the event fraud is suspected, guidelines concerning means of payment, and awareness-raising measures to be taken in regard to the key personnel faced with this kind of situation. Specific information and recommendations are regularly distributed to CFOs and anti-fraud coordinators. A fact sheet detailing remote working procedures was distributed to all Group employees. Internal fraud prevention is based on the Code of Ethics and Conduct as well as on specific training or awareness initiatives. It is described in chapter E, “Workforcerelated, social and environmental information”, page 201. In addition, a new procedure entitled “Preventing and combating fraud at VINCI SA” was published on the Group’s intranet. This document covers internal and external fraud and lists the Group personnel involved in combating fraud, as well as providing an overview of all systems implemented to prevent and combat fraud effectively. |
Workforce-related and social risks
The Group’s workforce-related and social risks are set out in full in which reports on the duty of vigilance planThe information provided in this section includes both the effects of VINCI’s activities on workforce-related and social issues and, vice versa, the impact of those issues on the Group’s risks.
Group companies are subject to risks related to the working conditions of their employees. They must also deal with the significant impact they have on the stakeholders and residents of the territories in which they are active. These workforce-related and social risks are taken into account at every stage of the project and are analysed far upstream so as to identify local issues and the expectations of stakeholders, including employees and their representatives. Appropriate measures are implemented as a result of this analysis. Similar analyses are carried out regularly throughout the life of each project.
Human rights
VINCI companies have strong roots in the regions where they operate; these areas have very different labour standards. The companies must also meet international standards of human rights: the Global Compact, which VINCI signed in 2003, the UN Guiding Principles on Business and Human Rights and the eight fundamental ILO conventions.
Group companies ensure that they uphold human rights in their operations and place great importance on their employees’ working conditions and those of their subcontractors. They remain exposed to allegations brought or controversies raised by human rights organisations, local communities and residents, international organisations or financial institutions. These can affect the Group’s image.
| Risk identification | Risk management procedures |
|---|---|
| - Risks inherent to the nature of the construction business: labour-intensive, cyclical character and multiplicity of participants in the value chain (subcontractors, temporary staff) - Lack of personnel training and/or clear guidelines, non-compliance with Group rules - Expropriation of local populations by public stakeholders Possible consequences: - Deterioration in relationships with stakeholders - Legal proceedings and potential conflicts with employee representative bodies, human rights organisations and other NGOs - Lack of credit with investors and international organisations - Damage to the Group’s reputation |
- Developing and disseminating VINCI’s Guide on Human Rights, identifying Group-level risks and the related guidelines in favour of human rights - Identifying potential sources of project controversy and risks incurred in the region - Implementing the appropriate legal, management and coordination tools (clauses for subcontractors, election of employee representatives, dialogue with local communities, etc.) - Evaluating human rights in subsidiaries - Implementing training and raising awareness among managers and their team members - Taking part in sectoral and collaborative human rights initiatives |
Health, safety and security of employees and subcontractors
Health and Safety
Employees of VINCI companies and subcontracting companies are required to work on the often complex projects and operations that the Group carries out. This can threaten their health, safety, hygiene and the quality of their life at work. The health and safety coordinators of the Group’s business lines have identified several major risks.
In case of accident or near miss, the affected company’s business can be slowed considerably, and appropriate corrective measures must be implemented before it can be restarted.
Security
Given the large number of countries where the Group operates, some activities may be affected by various forms of social and political instability (terrorism, armed conflict, embargo, seizure of bank accounts or equipment, etc.), as well as malicious acts such as vandalism and theft on construction sites, or criminal acts such as physical attacks or kidnapping.
| Risk identification | Risk management procedures |
|---|---|
| Health and safety Given the complexity and increasing constraints imposed on worksites, the major identified risks are related to: - moving objects (equipment, vehicles); - falling objects; - working at height; - electrical equipment; - handheld mechanical tools; - traffic risks; - health crises (epidemics or pandemics). Possible consequences: - Deterioration in health and safety conditions for employees and subcontractors - Longer lead times due to work stoppages and business operating losses - Damage to the Group’s reputation |
Analysing risks as far upstream as possible and at the start of operations - Supplying appropriate personal protective equipment - Implementing prevention and operating procedures deriving from the evaluation of risks (markers, guardrails, stairways, etc.) - Performing dedicated audits and obtaining certifications (OHSAS, ISO 45001) - Organising training and awareness-raising events - Implementing reporting tools, in particular digital tools - Creating partnerships with outside organisations such as France’s Institute for an Industrial Safety Culture (ICSI) - Including dedicated clauses in contracts with subcontractors - Implementing remote working solutions for employees whose physical presence is not required - Adhering to public health guidelines implemented by local authorities, such as the guide put out by the French Professional Agency for Risk Prevention in Building and Civil Engineering (OPPBTP) |
| Security The local geopolitical context is linked to the economic, social and political issues present in the region, influencing the security conditions of employees and subcontractors. Possible consequences: - Deterioration in security conditions for employees - Threat to business continuity with potential contractual consequences |
- Constant surveillance of geopolitical and security-related issues and dissemination of information about evolving risks to Group companies and projects - Providing drivers in high-risk areas - Specific recommendations for protection of people and property - Awareness programmes for travelling employees and expatriates - Audits and special protection plans - Crisis management measures - Dialogue with customers about terms of partial or full shutdown of activity - Detailed analysis during VINCI risk committee meetings before acceptance of contracts in countries at risk |
Attracting and retaining talent
It is essential for the Group to be able to attract and retain talent. Worksite activity changes very quickly, and companies that have specialised skills and expertise have a competitive advantage in responding to calls for tender.
| Risk identification | Risk management procedures |
|---|---|
| - Unattractive Group businesses; little awareness of the employer brand associated with Group companies - Lack of inducement and professional advancement Possible consequences: - Difficulty in retaining qualified employees trained in the Group’s specific business lines - Difficulty in responding to project needs - Project delays or cancellations - Damage to the Group’s reputation in the event of deficient work quality due to a lack of proper skills |
- Improvement of the skills of Group employees according to a human capital development cycle (training and development objectives in the annual performance review) - Implementing a training programme for every employee - Developing programmes that foster internal job mobility - Forging local partnerships with economic, social, institutional, academic and non-profit entities - Developing the skills of locally recruited employees, especially those hired under programmes to help people integrate the workforce - Promoting diversity among employees by combating discrimination in Group companies - Employee profit-sharing (Group level) - Encouraging community outreach among Group employees |
Environmental risks
Group companies might be subject to risks related to the environmental conditions in the projects and regions where they operate,in particular risks related to climate change and the potential contamination of natural environments.
These risks are analysed during the tendering phase with respect to the human, technical, financial and legal issues they generate. Solutions are devised and scaled with the development teams so as to take these issues into account as far upstream as possible. VINCI analyses the situation so as to determine how best to protect the environment in the region concerned. If necessary, VINCI supplements this analysis through consultation with local stakeholders and regularly re-evaluates the risks depending on how business activities evolve. VINCI then implements the technical and organisational solutions it can to reduce these risks. Insurance companies are also involved in the analysis, in order to adapt their policies to the project’s residual risks.
How these risks are taken into consideration changes over the course of a project’s life, including during the infrastructure asset’s operating phase. The cost of reconstruction following major weather events may be partly covered by insurance companies. Environmental risks go beyond economic aspects and extend to VINCI’s image and reputation, as operations can suffer long-term consequences if a risk event occurs. Taking a longer-term view, regulatory changes related to ecological transition can constitute a risk factor (see paragraph 2.2.2,“Legal and regulatory compliance”, page 162).
The environmental risks related to the Group’s activities and their potential consequences on the environment are detailed at greaterlength in the non-financial performance statement, presented in chapter E, “Workforce-related, social and environmental information”, pages 203 to 233.
Physical risks related to climate change
Climate change has made extreme climate events more frequent and more severe, making environmental risks more significant for theGroup’s activities. These risks include:
• “storms”, a general term that includes weather events causing high winds and precipitation (rain, snow and hail);
• wide variations in temperature (heat or cold waves);
• flooding, from rivers overflowing their banks, run-off from heavy precipitation, or rising sea levels, which can cause landslides and exacerbate erosion;
• rockslides or other ground movements, such as the expansion and contraction of clay, which can affect buildings and infrastructure.
| Risk identification | Risk management procedures |
|---|---|
| - Extreme weather events Possible consequences: - Damage to installations and equipment - Deterioration in health and safety conditions for employees - Financial impact resulting from increased expenses necessary to maintain or repair damaged infrastructure and equipment, operating losses and construction delays - Impact on the Group’s image and reputation in the event of deficient quality of service, such as substandard work or missed delivery deadlines | Prior identification of the risks affecting the specific area and implementation of technical facilities to mitigate extreme weather events (cofferdams, pumps, retention basins, cooling equipment, etc.) - Establishing a business continuity plan (BCP) for certain concession assets (e.g. airports) - Emergency procedures, in cooperation with local actors, to respond to extreme climate events (inclement weather work stoppages for employees, equipment removal, etc.) and cooperation with local officials to implement appropriate emergency and work resumption measures - Managing unplanned events with the appropriate insurance company departments |
Physical risks related to climate change
Climate change has made extreme climate events more frequent and more severe, making environmental risks more significant for theGroup’s activities. These risks include:
• “storms”, a general term that includes weather events causing high winds and precipitation (rain, snow and hail);
• wide variations in temperature (heat or cold waves);
• flooding, from rivers overflowing their banks, run-off from heavy precipitation, or rising sea levels, which can cause landslides and exacerbate erosion;
• rockslides or other ground movements, such as the expansion and contraction of clay, which can affect buildings and infrastructure.
| Risk identification | Risk management procedures |
|---|---|
| - Extreme weather events Possible consequences: - Damage to installations and equipment - Deterioration in health and safety conditions for employees - Financial impact resulting from increased expenses necessary to maintain or repair damaged infrastructure and equipment, operating losses and construction delays - Impact on the Group’s image and reputation in the event of deficient quality of service, such as substandard work or missed delivery deadlines | Prior identification of the risks affecting the specific area and implementation of technical facilities to mitigate extreme weather events (cofferdams, pumps, retention basins, cooling equipment, etc.) - Establishing a business continuity plan (BCP) for certain concession assets (e.g. airports) - Emergency procedures, in cooperation with local actors, to respond to extreme climate events (inclement weather work stoppages for employees, equipment removal, etc.) and cooperation with local officials to implement appropriate emergency and work resumption measures - Managing unplanned events with the appropriate insurance company departments |
Increasing scarcity of resources
At the same time that the natural climate balance is changing, certain raw materials (minerals, rare metals, fossil fuels) are becomingmore scarce, and regions subject to water stress are expanding. For some of the Group’s activities that depend on the availability of these resources, their increasing scarcity has a direct impact on the Group’s ability to obtain the materials it needs for its projects and concessions.
| Risk identification | Risk management procedures |
|---|---|
| - Increasing scarcity of resources – Expansion of areas of water stress Possible consequences: - Financial impact resulting from possible increases in the cost of certain materials – Impact on the Group’s image and reputation in the event of deficient quality of service, such as substandard work or missed delivery deadlines | – Implementing ecologically designed solutions to reduce the use of certain raw materials and to reuse or recycle construction materials after demolition in a circular economy approach – Identifying project sites in areas of water stress so as to adapt construction and operation methods – Reducing water consumption and development of solutions to reuse water at certain sites – Adapting processes |
Environmental quality and presence of contaminants
The risk of working on a deteriorated or polluted parcel of land is substantial in the urban environment, where past industrial installations may have had a negative impact on soil quality and functions or other aspects of the natural environment. If it is impossible to determine who caused the deterioration, the developer is often responsible for site remediation so as to ensure the durability of the new buildings and infrastructure. Filling in old quarries, decontaminating soil and treating waste are activities that entail significant costs and extend the lead times of certain worksites and development projects. In addition, before recycling or treating materials, it is necessary to check that there are no contaminants, including invasive plant species.
| Risk identification | Risk management procedures |
|---|---|
| - Risk of working on a deteriorated or polluted parcel of land Possible consequences: - Financial impact resulting from increased expenses necessary to remediate sites and from construction delays – Deterioration in health and safety conditions for employees – Impact on the Group’s image and reputation in the event of deficient quality of service, such as substandard work or missed delivery deadlines | – Identifying polluted and degraded land and estimating treatment costs – Managing unplanned events with the appropriate insurance company departments – Protecting employees working on land exposed to risks – Implementing techniques and procedures to decontaminate and reprocess polluted or degraded components |
Business ethics risks
Group companies work autonomously in an international environment with a multitude of stakeholders who participate in or are impactedby the Group’s operations: project managers and their representatives, concession-granting authorities, regulatory authorities, contractors, architects, design offices, joint contractors, subcontractors, suppliers (including local suppliers of construction materials, concrete, aggregates and water, etc.), service providers (inspectors, transporters, freight forwarders, charterers, insurers, bankers, etc.), local residents, communities, users, etc.
Moreover, the Group’s international expansion, in particular through acquisitions, accentuates the risk of exposure to internal or external fraud, to infringements of the Group’s ethical principles or of regulations, in particular with regard to corruption. If such infringements were committed, VINCI would be subject to fines, exclusion from public contracts, remedial action or contract cancellation. Such infringements could also tarnish the Group’s image or reputation, erode the trust of investors, customers and partners, and reduce its ability to respond to calls for tender.
| Risk identification | Risk management procedures |
|---|---|
| - Infringement of the Group’s ethical principles - Infringement of anti-corruption regulations - Infringement of competition rules Possible consequences: - Damage to the Group’s image and reputation – Erosion in the trust of investors, customers or partners – Exclusion from public contracts – Fines – Remedial action or contract cancellation – Difficulty in responding to calls for tender | - Strong commitment of management at the highest level – Structured governance: • The seven-member Ethics and Vigilance Committee (of whom five are members of the Executive Committee) supervises the deployment of compliance procedures covered by the paragraph 2.4, “Business ethics”, of chapter E, “Workforce-related, social and environmental information”, page 201. |
Financial and economic risks
Changes in the economic and tax environment
| Risk identification | Risk management procedures |
|---|---|
| Deterioration of the economic environment in markets where VINCI operates: – Weakening of demand – Rising levels of competition | – Diversification of the Group’s business lines – Geographical diversification of the Group’s activities – Potential order intake tracking – Monitoring of order book and margins – Responsiveness and agility of Group companies |
| Unanticipated changes in tax policy – Impact on bids submitted to customers, margins for Group companies and the valuation of external growth transactions – Tax compliance risks (late filing of returns, inaccurate returns or omissions in returns) or technical tax risks (lack of formalisation, misinterpretation of rules, etc.) that may have a reputational impact as well as adverse financial consequences | – Commitment by the Group to meet its tax obligations, in full compliance with applicable local and international laws – Monitoring of changes in tax policy by Finance departments at Group companies and the holding company |
Financial risks
| Risk identification | Risk management procedures |
|---|---|
| a) Liquidity risk relating in particular to: – obligations to repay existing debt; – commitments to finance investment programmes of concession companies; – general requirements of the Group. Some financing agreements include early repayment clauses applicable in the event of non-compliance with financial covenants. | – Maintenance of credit ratings (see c below) – Extension of debt maturity – Diversification of financing sources – Centralised cash management – Ensuring a minimum level of centrally managed net cash at all times – Arrangement of confirmed and undrawn backup credit facilities – Implementation of a Group reporting procedure to monitor changes in financial covenants and negotiate if necessary with lenders to prevent a potential event of default triggered by non-compliance with covenants |
| b) Market risk – Interest rate risk: changes in interest rates and spreads applied by lenders – Exchange rate risk for activities and investments outside the eurozone – Commodity risk for supplies (bitumen, fuel, concrete, metals, timber, etc.) and on revenue streams for certain customers – Equity risk: investments in listed entities, treasury shares, assets covering retirement benefit obligations, etc. – Inflation risk – Small scale of capital markets in emerging countries – Non-transfer risk | – Centralisation of market transactions (front office) – Policy on conversion of net debt from fixed to floating rate (in line with an Ebitda multiple), with the remainder of net debt maintained at fixed rate to better manage the Group’s borrowing costs – Policy on the hedging of transactional exchange rate risk (always hedged) and asset-related exchange rate risk (relevance analysed on an individual currency basis) – Management on a case-by-case basis of commodity price risk (advances at the start of operations, agreements with suppliers, use of derivative financial instruments) – Periodic review of assets covering retirement benefit obligations |
| c) Credit rating downgrade risk for the Group entities assigned such ratings (VINCI SA, ASF, Cofiroute, London Gatwick) as a result of: – events materially affecting the financial position of VINCI or its subsidiaries, – a significant change in the Group’s business mix, – changes in methodology introduced by rating agencies. The Group’s financing terms could thus become dearer and its access to financing could even be made more difficult. | – Monitoring procedure for financial ratios (both actual and projected) tracked by theagencies and contributing to the determination of the rating – Regular dialogue with rating agencies and tracking of any agency methodology changes that might have an impact on the Group’s rating – When the Group is considering a major acquisition, submission of financial projections to rating agencies for their opinion regarding the potential impact on the rating assigned to the Group |
| d) Counterparty risk stemming from contracts and financial instrumentscontracted with banks and other financial institutions, should the debtor be unable to honour all or part of its commitment | – Centralisation of cash management and financing requirements of business lines– Cash investments in short-term and liquid vehicles with banking partners (minimum rating criteria) and in money market UCITS, with centralised monitoring of exposure limits and control ratios |