2023 universal registration document

3.4.5.2. Monitoring compliance with the Vigilance Plan

Risk hierarchy of non-compliance with the Applicable Rules

The risk hierarchy is used to enhance controls on compliance with the Applicable Rules by defining procedures for monitoring compliance with the Rules that are consistent with the risks, including via a policy of third-party audits, monitoring and evaluation of Suppliers conducted by third-party companies such as EcoVadis. The Group’s vigilance is strengthened in circumstances where conflict is involved, in line with applicable international standards.

As far as Subsidiaries are concerned, the risk hierarchy of non‑compliance with the Applicable Rules was created taking into account the type of activity and, thereafter, the type of Site ⁽¹⁾Type of activity: administration, manufacturing, distribution etc. Type of site: administrative offices, factories, distribution centres, research centres etc.

With respect to the Suppliers, the risk mapping of non‑compliance with the Applicable Rules was created for Human Rights, Fundamental Freedoms, the environment, and health and safety in the workplace using a methodology that takes the following parameters into account:

• The country in which the Supplier’s sites are located: a country is considered vulnerable in terms of Human Rights and Fundamental Freedoms, and environment, health and safety, if it meets at least one of the following criteria:
  1. The country is classified as “High risk” or “Extreme risk” according to the criteria of the consultancy firm Verisk Maplecroft: 12 evaluation indices are used in this methodology and aggregated in a single grade compared with the threshold values set by Verisk Maplecroft; and
  2. The results of social audits conducted by L’Oréal in the country include cases of Zero Tolerance or Need Immediate Action (“NIA” rating that corresponds to the most severe non-conformities).
• The business sector: each Supplier is associated with a sector area according to a governance ranking of Purchases (“Global Purchasing Categories”).
• The nature of operations: the activities most heavily exposed to labour risk are the activities with high manual added value, implying work on a production line.

SUBSIDIARY AUDIT MATRIX