Watch Olivier Lepick, Group General Secretary and ESG Lead, and other key Group executives presenting our Governance priorities during an Investor Webinar held in December 2021.
Priority F | Foster a diverse and accountable governance
30% of women in executive leadership positions in 2025
Maintain best-in-class corporate governance
We are committed to governance best practices and policies that serve the long-term interests of Capgemini and our shareholders by also taking into consideration the social and environmental challenges of the Group’s activities.
The Board of Directors of Capgemini SE sets the strategic direction of the Company and the Capgemini Group. It appoints the executive corporate officers responsible for implementing this strategy, approves the financial statements, convenes the Shareholders’ Meeting, and proposes the annual dividend. It makes decisions on the major issues concerning the day-to-day operation and the future of Capgemini.
The Group’s Board of Directors seeks to implement a diverse and accountable governance, reflecting shared interests on Company’s long-term performance. It also takes appropriate measures to nurture a constructive dialogue with shareholders and other stakeholders. It also has the responsibility of monitoring and safeguarding our assets by managing the Group risks, including ESG risks.
The Company’s Board of Directors seeks to implement a balanced governance structure tailored to Capgemini and able to adapt to the circumstances and challenges specific to the Group, as well as changes in best practices in this area.
It chooses between two general management approaches: combining or separating the duties of Chairman of the Board and Chief Executive Officer. The Board of Directors meeting following the Shareholders’ Meeting of May 20, 2020, unanimously decided to separate the duties of Chairman and Chief Executive Officer with immediate effect, as it considered that the separation of the duties of Chairman and Chief Executive Officer was the most appropriate governance model for the Company in the context of the management succession initiated in 2017. During this meeting, Mr. Paul Hermelin was confirmed as Chairman of the Board of Directors for the remainder of his term of office as director, and Mr. Aiman Ezzat was appointed Chief Executive Officer for his term of office as director. The Board wanted the Company to continue to benefit from Mr. Paul Hermelin’s expertise and experience and his in-depth knowledge of the Group, thereby ensuring a smooth management hand-over.
In addition, the Board of Directors also decided to retain the position of Lead Independent Director, a role with specific powers and duties since its creation in 2014, for as long as the duties of Chairman of the Board are assumed by a director who is not independent as defined by the AFEP-MEDEF Code to which the Company adheres. Accordingly, the Group’s governance enjoys an active, diligent and independent Board of Directors with a collective approach to its organization and the vigilant authority of a Lead Independent Director
The Board of Directors also considers that a satisfactory balance of power exists though the existence of four specialized board committees with different remits encompassing – (1) Audit & Risk, (2) Compensation, (3) Ethics & Governance and (4) Strategy & CSR – and the restrictions introduced by the Board of Directors’ Charter on the powers of the Chief Executive Officer, who requires the prior approval by the Board of Directors for major strategic decisions, and decisions likely to have a material impact on the Company.
In accordance with its diversity policy, the Board comprises individuals from diverse and complementary professional and cultural backgrounds, true to the Group’s history and values. This enables the Board to perform its duties collectively and in an open manner. The replacement of a large number of directors in recent years has resulted in a change in the composition of the Board of Directors, increasing the number of independent, international and female directors and reducing the average age. The Board has also included a representative of employee shareholders since 2012 and two employee representatives since September 2016, further contributing to the range of experiences and viewpoints.
The Board of Directors monitors annually the implementation by Group Management of its policy of non-discrimination and diversity, notably with regard to the balanced gender representation in the Group’s management bodies. It has set Executive Corporate Officers objectives to increase female representation in the Group in the variable part of their annual compensation. Since 2018, the Board of Directors includes a criterion applicable to performance shares granted to Executive Corporate Officers and Group managers targeting an increase in the number of women becoming Vice-President.
Capgemini ensures that the directors have sufficient understanding of the Group, its ecosystem and its challenges. The Board members therefore meet regularly with the members of the Group Executive Board during Board and Committee meetings. Furthermore, the Board organizes a range of specific training sessions throughout the year to help directors increase their knowledge of the Group and its competitive environment, as well as recent market disruption trends and technological developments. A formal assessment of the activities of the Board of Directors and its specialized committees is conducted every three years by an external service provider under the responsibility of the Lead Independent Director
The Board works to ensure that the Group’s Strategy is aligned with sustainability in the long-term.
At the end of 2018, the Board of Directors entrusted the Strategy & Investment Committee, subsequently renamed the Strategy & CSR Committee, with a specific duty relating to the monitoring of the Group’s Corporate Social Responsibility (CSR) strategy, ensuring consistency in the consideration of social and environmental aspects in the Group’s main strategic orientations and decisions. The Board studies the Group’s mid- and long-term strategic focus, considering the social and environmental issues associated with its activities and major technological and competitive trends and developments.
The compensation policies for the Chairman and the Chief Executive Officer are aligned with best practices and the Group’s interests. Compensation components are disclosed in detail as part of the Say on Pay procedure. The Compensation Committee refers, in particular, to comparative studies to ensure the consistency and competitiveness of both the compensation level, and structure and calculation methods with market practice. These principles are regularly reviewed and discussed by the Compensation Committee which submits a report on its work and its resulting proposals to the Board of Directors for approval.
The Chief Executive Officer compensation policy strikes a balance between short-term and long-term performance to ensure the sustainable development of the Company and aims for consistency between changes in overall compensation and Company performance trends. Through its compensation policy, the Group seeks to promote the sustainable and responsible growth of the company and recognize individual and collective performance in line with the Group’s results. Capgemini ensures the roll-out of a competitive and inclusive compensation and benefits policy, in order to attract, motivate and retain talent and, more particularly, Group executive management.
As for all its stakeholders, the Group strives to communicate regularly with its shareholders and investors, in order to understand and take account of their expectations. Capgemini shareholders are regularly consulted in the same way as the Group’s other stakeholders, on various occasions: for example, they were involved in Group discussions on its Purpose in 2020 and on the update of its materiality matrix in 2021.
are fundamental to carrying out Capgemini’s strategy and to achieving its long-term goals. The Group’s internal control and risk management systems seek to create and protect the Group’s value, assets and reputation, to identify, assess and monitor the critical risks to which the Group is exposed, anticipate and foresee changes in these risks, and finally implement risk prevention and transfer residual risk measures. Ultimately, the Board of Directors of Capgemini SE has overall responsibility for risk management and for reviewing the effectiveness of internal control, internal audit and risk management approaches. It relies on the work of the Audit & Risk Committee to that effect.
Priority G | Maintain high ethical standards at all times for mutual growth
Maintain over 80% of the workforce with Ethics Score between 7-10
By 2030, suppliers covering 80% of the purchase amount of the previous year, will have committed to our ESG standards
At Capgemini, we are dedicated to delivering profitable and sustainable growth by working together with our business partners to deliver value through our expertise and our business integrity. Every day, as a global company, we strive to operate in an exemplary manner and uphold the laws and regulations of the countries in which we operate to earn the trust of our customers, suppliers, the communities we serve, and the governments that represent them. Capgemini is a signatory to the UN Global Compact and also supports local and global initiatives and business standards to build up the communities in which it lives and operates and to work in a sustainable and ethical manner.
Capgemini has relentlessly opposed disloyal business behaviors and corruption. Since 1967, Capgemini’s success has relied on its core Values, including honesty and trust. These values lead the Group to constantly strengthen its ethical culture and compliance approach, both within the organization and with regard to third parties. Our Code of Business Ethics was drawn in 2009 at the initiative of the Board of Directors to that effect.
Maintaining high ethical standards in business is about acting in line with our Values-based ethical framework and favoring responsible behaviors in business for mutual growth by ensuring that everyone in the Group respects the rights and the differences of all those who work with us: employees, clients, business partners and other stakeholders.
Our Values and Ethics are at the heart of our identity. Unique and human, our seven values – Honesty, Boldness, Trust, Freedom, Fun, Modesty and Team Spirit inspire and guide our team members, who each contribute to our ethical culture. Capgemini’s founder, Serge Kampf, was deeply convinced that sound ethics is an essential foundation for profitable and sustainable business. From the outset, this belief in doing business ethically and our commitment to our core Values has distinguished us from competitors. Our Values unite and inspire our Group’s international workforce, across nearly 50 countries. The natural outcome is our shared ethical culture, which we actively nurture through our ethical framework. We have a longstanding formal Ethics program, supported by 5 main levers, to create and maintain awareness among employees, enabling them to make decisions aligned with our core values:
The Code of Business Ethics forms the basis for our Compliance program, mainly covering competition and anti-trust laws, the fight against corruption and money laundering, duty of care and human rights, sanctions and embargos, and data privacy.
Priority H | Protect and secure data, infrastructure and identity
Be recognized as a front leader on data protection and cybersecurity
The Group Data Protection and Cybersecurity teams ensure that we have a data breach and security incident management policy, as well as relevant tools to ensure effective implementation of data, infrastructure and identity protection obligations. They are also working together to continue raising awareness on data and cybersecurity matters worldwide.
For Capgemini, strengthening digital trust is a journey focused on constant improvement. The Group perform a holistic cycle of actions to proactively prevent and effectively respond to threats from all sources.
Capgemini is committed to protecting all personal data entrusted to it as part of its activities both on its own behalf (as a Data Controller) and on behalf of its clients (as a Data Processor).
As an international group with entities located in more than 50 countries, it is important to Capgemini that information flows in a compliant and secure manner. Providing an appropriate level of protection to the personal data wherever they are processed within the group, is one of the reasons why Capgemini has chosen to implement Binding Corporate Rules (BCR) which were first approved by the European data protection authorities, in March 2016 and updated to comply with the European General Data Protection Regulation 2016/679 (GDPR). Capgemini’s BCR define indeed not only the principles with which it shall comply with when processing personal data on its behalf and on behalf of its clients, but also specify the procedures designed to address Capgemini’s compliance with applicable data protection laws and in particular with the GDPR.
To support an effective implementation of Capgemini BCR, Capgemini rolls out the Group Data Protection Program (GDPP) and has defined a strong organization lead by the Group Data Protection Officer (GDPO) who relies on Regional Data Protection Officers and Local Data Protection Officers. In addition, Data Protection Champions are appointed to represent each Group function and Global Business Line (GBL) to ensure that functions and GBL specificities are taken into account in the GDPP implementation.
Capgemini Data Protection Program is built to ensure a continuous improvement in all Group functions with a focus on Delivery, Sales, Finance, Human Resources and IT. We deploy different Privacy by Design (PbD) checklists, operational guidelines and maturity assessments. Privacy by design is an approach to systems engineering that seeks to ensure protection for the privacy of individuals by integrating considerations of privacy issues from the very beginning of the development of products, services, business practices, and physical infrastructures. Additional mechanisms have also been put in place in relation to suppliers.
Capgemini monitors the effective implementation of the above through different procedures and controls such as (1) Data subjects’ rights management; (2) Data transfers; (3) Data processing register; (4) Data breach management procedure; and (5) Data protection training program.
Capgemini Group Cybersecurity strongly contributes to build an Ecosystem Trust with our employees, clients and partners by securing internal activities and preventing external threats to deliver trusted digital services. We have responded to the surge in cybersecurity challenges with a comprehensive, board-sponsored cybersecurity strategy and governance, composed of four cyber-risk management pillars:
This strategy is deployed consistently across the organization and our cyber-risk management approach is operationalized via the Capgemini Cybersecurity Management System, which is modelled on NIST (National Institute for Standards and Technology) framework and includes aspects of the NIS (Network and Information System Security) European Directive.
Capgemini Group Cybersecurity department is tasked with anticipating cyber threats, mitigating cyber risks, preventing cyber incidents, and responding well in all circumstances. This dedicated structure is headed by the Group Chief Cyber Security Officer (CCSO), reporting to a member of the Group Executive Board. The Cyber Risk mapping is consolidated and reported to the Group Risk and Audit Committee twice a year.
The Group Cybersecurity Community is the foundation of Capgemini operating model and involves the Group CCSO and team, the Chief Information Security Officers in Strategic Business Units (SBUs) and Global Business Lines (GBLs), Cybersecurity Officers in the BUs in each country where the Group operates, who support the BUs and liaise with local authorities. Our Acculturation program based on mandatory awareness courses (since 2016) has been complemented with Phishing tests associated to specific awareness modules. We organize annual Cybersecurity Month in October and a Cyber Culture Challenge to award the most effective / engaged Business Units.
Capgemini Group Cybersecurity Policy framework is a series of documented requirements aimed to define and enforce (1) the Strategy and Governance model, (2) the Baseline Policy (100 minimum and mandatory controls based on ISO 27001, NIS Directive and GDPR) associated to management policy documents used for ISO certification, and (3) Technical policies to secure data, endpoints, networks, systems, applications. We have deployed the new Baseline Policy (revised bi-annually) including annual compliance review which contributes to very consistent practices across the units. New policies have been defined such as: data security policy, PenTest policy, security incident and data breach management policy, 3rd Party security management policy, log management policy.