2023 universal registration document

3. Risk factors and risk management

3. Risk factors and risk management

This chapter is based on the work carried out by the Group’s Internal Control and Risk Management departments. It presents the internal control environment of L’Oréal, including the system relating to the preparation and processing of accounting and financial information. It describes the risk factors pursuant to Regulation (EU) 2017/1129 of 14 June 2017 (“Prospectus Directive III”), as well as the associated risk management policy. These risks are presented in four categories: (i) business risks, (ii) industrial and environmental risks, (iii) legal and regulatory risks, (iv) financial and market risks. The main non-financial risks within the meaning of the Non‑Financial Performance StatementAs defined by Articles L. 225-102-1 and L. 22-10-36 of the French Commercial Code.are described in chapter 4. The Vigilance PlanDrawn up pursuant to Article L. 225-102-4 of the French Commercial Code.is also included in this chapter.

3.1. Definition and objectives of Internal Control

3.1.1. Reference work

For the purposes of preparing this Document and defining Internal Control, L’Oréal has used the Reference Framework and its application guide published by the French Financial Markets Authority (AMF) in January 2007, and updated on 22 July 2010.

3.1.2. Internal Control – preventing and controlling risk

At L’Oréal, Internal Control is a system that applies to the Company and its consolidated subsidiaries (the “Group”), which aims at ensuring that:

  • economic and financial targets are achieved in compliance with the laws and regulations in force and the Group’s Ethical Principles and standards;
  • the orientations set by General Management are followed;
  • the Group’s assets and reputation are valued and protected; and
  • the Group’s financial and accounting information is reliable and provides true and fair statements.

By contributing to preventing and managing risks, the Internal Control system promotes the steady and sustainable manufacturing and economic development of the Group within a control environment that is appropriate for the Group’s businesses. However, any system or process has its limitations. These result from a number of factors, in particular the uncertainties of the outside world or malfunctions due to technical or human failures.

The handling of risk should be based in particular on a reasonable informed choice between the challenges to be controlled, the opportunities to be seized, the cost of the risk management measures, and the effects of these measures on the occurrence and impact of the risk.

3.1.3. A process for the continual improvement of the Internal Control system

In 2023, the Group continued its efforts to improve the system of Internal Control by, in particular:

  • constantly adjusting the Group matrix for the segregation of duties and the associated control environment;
  • providing new operational guides to remind employees of the Group’s principles and enable the sharing of best practices (e.g. the update to the “The Way We Work With Healthcare Professionals” guide and the Property Assets Playbook);
  • updating the “Fundamentals of Internal Control” digital library (e.g. on product quality and safety, and information systems);
  • regularly adapting the reference frameworks to address new challenges;
  • updating the Group’s digital referential See subsection 3.2.1.; and
  • revamping of the programme to raise awareness of the risks of fraud.

The deployment of online learning (prevention of corruption, data security, competition, cyber security, personal data protection) is ongoing.