Universal Registration Document - Fiscal 2024

COMPETITION	Risk Level: Medium
COMPETITION Impact Sodexo operates in a highly competitive environment. If it cannot meet client needs or expectations, then it may lose contracts to competitors, resulting in a lack of growth of revenues and lower profitability.	Risk Level: Medium Examples of Mitigating Activities Acceleration of the development of advanced food models that integrate new ways of producing and distributing food services. Roll-out of enhanced branded offers to meet client and consumer needs. Investment in digital technology including digital applications, food solutions such as automated kiosks with hot and cold food options, digital retail services, robotics to facilitate cleaning and the use of artificial intelligence helps Sodexo to enhance the consumer experience and take advantage of the opportunities created. Strategic acquisitions to expand Sodexo’s offers. Enhanced purchasing power through Entegra. Strengthening of commercial teams on the ground. Competitor benchmarking. Sector studies.

COMPETITION

Risk Level: Medium

Sodexo faces both established competitors and new industry participants at the local, national and international levels: risk of market share loss and loss of growth momentum.

Category: Clients/Consumers

Impact

Sodexo operates in a highly competitive environment. If it cannot meet client needs or expectations, then it may lose contracts to competitors, resulting in a lack of growth of revenues and lower profitability.

Examples of Mitigating Activities

Acceleration of the development of advanced food models that integrate new ways of producing and distributing food services.
Roll-out of enhanced branded offers to meet client and consumer needs.
Investment in digital technology including digital applications, food solutions such as automated kiosks with hot and cold food options, digital retail services, robotics to facilitate cleaning and the use of artificial intelligence helps Sodexo to enhance the consumer experience and take advantage of the opportunities created.
Strategic acquisitions to expand Sodexo’s offers.
Enhanced purchasing power through Entegra.
Strengthening of commercial teams on the ground.
Competitor benchmarking.
Sector studies.

Download the table

CLIENT CONTRACT EXECUTION, INCLUDING INFLATION MANAGEMENT	Risk Level: High
CLIENT CONTRACT EXECUTION, INCLUDING INFLATION MANAGEMENT Impact Poor service delivery to clients or non-fulfilment of contract obligations could lead to client dissatisfaction, possible contractual penalties and ultimately the loss of the client. Over-delivery of additional services not defined in the contracts and without related invoicing could lead to a shortfall in revenues and loss of profitability on the contract. Poor management of food and labor costs could result in reduced profitability on the contract. In Fiscal 2024, there has been a continued downward trend in food inflation, but it still remains a point of vigilance. As such, if Sodexo is not able to pass inflation through to the client via indexation clauses, or is able to do it, but not quickly enough, then it could result in loss of profitability on contracts.	Risk Level: High Examples of Mitigating Activities Definition of operational standards and best practices that are shared to improve performance (e.g. Innov’Challenge and the Innovhub). Tools such as the Site Management System to ensure proper training of employees and the execution of quality inspections. Robust price revision process to manage contractual inflation with our clients. Active procurement management to limit cost inflation relative to market indices. Active operational mitigation plans in all countries: enhanced labor scheduling, reengineered menus, food waste reduction. Strict monitoring of under performing contracts.

CLIENT CONTRACT EXECUTION, INCLUDING INFLATION MANAGEMENT

Risk Level: High

Risks relating to the execution of a client contract: poor service delivery, non-fulfilment of contractual and performance obligations, over delivery of additional services not defined in the contract, poor management of food and labor costs, inability to pass through inflation.

Category: Operations

Impact

Poor service delivery to clients or non-fulfilment of contract obligations could lead to client dissatisfaction, possible contractual penalties and ultimately the loss of the client.

Over-delivery of additional services not defined in the contracts and without related invoicing could lead to a shortfall in revenues and loss of profitability on the contract.

Poor management of food and labor costs could result in reduced profitability on the contract.

In Fiscal 2024, there has been a continued downward trend in food inflation, but it still remains a point of vigilance. As such, if Sodexo is not able to pass inflation through to the client via indexation clauses, or is able to do it, but not quickly enough, then it could result in loss of profitability on contracts.

Examples of Mitigating Activities

Definition of operational standards and best practices that are shared to improve performance (e.g. Innov’Challenge and the Innovhub).
Tools such as the Site Management System to ensure proper training of employees and the execution of quality inspections.
Robust price revision process to manage contractual inflation with our clients.
Active procurement management to limit cost inflation relative to market indices.
Active operational mitigation plans in all countries: enhanced labor scheduling, reengineered menus, food waste reduction.
Strict monitoring of under performing contracts.

Download the table

TECHNOLOGY & INFORMATION SECURITY	Risk Level: Medium
TECHNOLOGY & INFORMATION SECURITY Impact On a daily basis, Sodexo IT systems process the data of 423,000 Sodexo employees and 80 million consumers in the Foodservices business. Additionally, with the increasing need for reliable data to be available any time and anywhere, Sodexo’s systems are becoming more complex and more interconnected. Sodexo may also be a target of external cyber threats, such as phishing and malware attacks, with the potential to disrupt key systems or underlying infrastructure, potentially impacting its ability to deliver services to clients. Within this challenging environment, information security issues such as poor data integrity, loss of data confidentiality and lack of availability of key systems, or collaborative services, could result in high cost and/or high-volume impacts such as: operational disruption; contractual penalties; regulatory fines; reputational damage with shareholders, clients, consumers, suppliers and employees.	Risk Level: Medium Examples of Mitigating Activities Group Information and Systems Security Policy aligned to ISO 27001 framework, with detailed security directives on key topics (e.g. cloud services, incident management). Investment in security infrastructure, tools and services such as multi- factor authentication, laptop encryption, anti-malware, global proxy deployment, email monitoring and endpoint detection and response. Events and incidents monitored through a Security Operations Centre. Vulnerability scanning deployed. Global cyber incident management and response process. Global cloud strategy focused on using trusted partners to provide secure and efficient services. Security awareness training for users using phishing simulation campaigns. Company-wide collaboration on security and compliance topics such as data privacy, cyber threats, new technologies and IT Internal Controls facilitated by formal governance Committees and cross entity network.

TECHNOLOGY & INFORMATION SECURITY

Risk Level: Medium

Risks around managing the confidentiality, availability and integrity of Sodexo’s information assets; managing cloud systems and third- party suppliers, managing Sodexo and client/consumer data; risks from external cyber threats.

Category: Operations

Impact

On a daily basis, Sodexo IT systems process the data of 423,000 Sodexo employees and 80 million consumers in the Foodservices business.

Additionally, with the increasing need for reliable data to be available any time and anywhere, Sodexo’s systems are becoming more complex and more interconnected.

Sodexo may also be a target of external cyber threats, such as phishing and malware attacks, with the potential to disrupt key systems or underlying infrastructure, potentially impacting its ability to deliver services to clients.

Within this challenging environment, information security issues such as poor data integrity, loss of data confidentiality and lack of availability of key systems, or collaborative services, could result in high cost and/or high-volume impacts such as:

operational disruption;
contractual penalties;
regulatory fines;
reputational damage with shareholders, clients, consumers, suppliers and employees.

Examples of Mitigating Activities

Group Information and Systems Security Policy aligned to ISO 27001 framework, with detailed security directives on key topics (e.g. cloud services, incident management).
Investment in security infrastructure, tools and services such as multi- factor authentication, laptop encryption, anti-malware, global proxy deployment, email monitoring and endpoint detection and response.
Events and incidents monitored through a Security Operations Centre.
Vulnerability scanning deployed.
Global cyber incident management and response process.
Global cloud strategy focused on using trusted partners to provide secure and efficient services.
Security awareness training for users using phishing simulation campaigns.
Company-wide collaboration on security and compliance topics such as data privacy, cyber threats, new technologies and IT Internal Controls facilitated by formal governance Committees and cross entity network.

Download the table

Universal Registration Document - Fiscal 2024

Introduction