Ethics #&# Risk Management

Denis Mercier

Deputy General Manager Fives

In 2020, in an unusual context which required more vigilance than ever, we further reinforced our risk management system. We continue to organize ourselves and to acquire tools which make Fives a strong group when faced with all types of challenges, including cyber risks.

How can we manage instability, protect ourselves against new threats and remain vigilant regarding risks, while ensuring business continuity?

In the highly unusual context of 2020, Fives quickly realized the very wide range of risks that the Group could face (health risks, contract interruptions, etc.) and the urgency of providing appropriate responses to minimize them. Its customers have themselves become more demanding as to the soundness of their suppliers' fundamentals, and attentive to their speed of adaptation to health conditions and to maintaining the quality of their products and services.

The work to reinforce protection systems against different risks - which were mapped in 2018 - has continued, to be able to look to the future with confidence.

Organizing the risk management approach

This approach is based on two pillars: on the one hand, constant dialog between the Group Headquarters and Subsidiaries, and on the other hand, a system comprising:

  • a risk committee which monitors control of the Group’s major risks;
  • Group Directives which are a collection of rules applicable to all Group Subsidiaries;
  • an internal audit team which carries out assignments at Senior Management’s and the risk committee’s request to assess major risk management systems, notably in the context of monitoring the application of Directives.

Making business ethics a core priority for our business

In 2020, new internal actions to promote anti-corruption measures were organized. During International Anti-Corruption Day, Group executives and managers reiterated Fives’ firm commitment to combatting all forms of corruption. Work to reinforce Group third-party review processes has begun, in order to control compliance issues linked to third parties.



Training to raise general awareness regarding risks

Fives took advantage of the slowdown in activity during lockdown to train employees remotely, notably in preventing corruption, compliance of Group export operations and cybersecurity. This training initiative was supplemented by e-learning tools.

Streamlining international operations

Fives launched a customs certification process for several of its companies, as part of the deployment of its internal compliance program. Alongside this, the Group organized its approach, with the creation of local units and communities (logistics staff, internal customs staff), in order to encourage cooperation between Subsidiaries.

Revised Directives to consider new Group challenges

The Directives, a risk control and management tool for Subsidiary management committees, were updated in order to take into account changes to the Group in terms of organization, size and business lines. Webinars, e-learning and working sessions helped with deployment.

Objective: resilience against cyber attacks

For greater resilience against the risk of cyberattacks, the Group has established a roadmap to organize its approach and has implemented an action plan: risk analysis at Group level, appointing a point of contact within each Division and implementation of a monthly committee.

Cybersecurity: crucial for industry 4.0

The cyber threat is growing, both in terms of sophistication and numbers. Cyberattacks rose in 2020, as the difficult period led users to lower their guard. Fives is concerned on two grounds.  

On the one hand, the Group must protect its industrial secrets and data. It therefore carries out actions to secure information systems and raise employees’ awareness of this issue (regular communication, phishing exercises, etc.).  

On the other hand, industrial equipment with a long life cycle is vulnerable. Industrial players have become more developed in terms of cybersecurity and require an increasing number of guarantees regarding the security of their production data. Fives adapts its offer and its approach. Fives Landis Ltd began a certification approach based on a specific framework to work with a car manufacturer, while Fives Intralogistics SpA became ISO 27001 certified at the request of its customer FEDEX. The Group has also established a partnership with WALLIX to protect data generated by connected industrial machines.