2.4 CORPORATE CODE OF CONDUCT AND BEST PRACTICE POLICIES

2.4.1 Conflict of interests

Euronext N.V. shares are listed on the Eurolist Market (until recently the Premier Marché of Euronext Paris) and are traded, but not listed, on the Euronext platforms in Brussels (Trading Facility) and Amsterdam, under conditions agreed with the regulators before the offering date. These procedures are designed in order to prevent confidential data concerning the market for Euronext shares being circulated within the company.

No suspension of listing occurred during 2004, and listing interruptions were managed in compliance with the rules governing other issuers.

A share buy-back programme was authorized by the Annual General Meeting on 26 May 2004 to allow the company to intervene on the market. Reports on these transactions were provided periodically to regulators.

The liquidity agreement concluded in 2001 to improve trading conditions for Euronext N.V. shares on Eurolist (the former Premier Marché of the Paris marketplace) was continued in 2004 with Exane, a subsidiary of the original external party, BNP Paribas, which was authorized to intervene as necessary.

Finally, Euronext N.V. is included in the SBF 120, SBF 250 and Euronext 100 indices.

2.4.2 Prevention of insider trading

The Code of Conduct adopted as part of the Initial Public Offering (IPO) of Euronext N.V. with the approval of the regulators, which defines the rules aimed at preventing insider trading that apply to all staff of the Euronext group, is fully implemented at Euronext locations.
This code supplements the ethical provisions that already existed locally.
In particular, the rules state that employees involved in the listing, supervision or trading of Euronext N.V. shares and of Euronext N.V. options (which were launched on Monep, the French equity derivatives market, on 23 November 2003) must refrain from any transactions in these securities and must authorize a recognized institution to manage transactions on their behalf.

As for other members of staff, transactions are authorized under certain circumstances.
• They may only be done during open periods. These periods, set by the Managing Board, start after the publication of the quarterly, half-yearly and annual financial results of Euronext N.V., and last for four weeks.
• All transactions must be reported to the compliance officer.
• A period of six months must pass between any two opposing transactions.

Finally, persons in sensitive positions are required to notify the local regulator of any transactions. This applies in particular to members of the Supervisory Board and Managing Board as well as to officers of subsidiaries, and other members of staff who are likely to have confidential information.

Since the IPO, there have been twelve open periods. The most recent one started on 10 December 2004 and ended on 21 December 2004 (instead of 6 January 2005), the day that Euronext announced it was holding discussions with the London Stock Exchange (LSE).
In addition, specific ethical provisions have been established for staff transactions concerning the Euronext Growth Fund, which was established to handle staff subscriptions at the time of the IPO and invests exclusively in Euronext N.V. shares. In agreement with the regulators, it was decided that staff transactions in the Euronext Growth Fund are permitted throughout the year, with the exception of abstention periods, which cover the period leading up to the announcement of the company's quarterly, half-yearly and annual results. Abstention periods last three weeks (quarterly and half-yearly results) or six weeks (annual results).

In 2005, the first abstention period was scheduled to start on 2 February and to end on 15 March, as the scheduled date for the announcement of the financial results for 2004 is 15 March 2005. On 21 December 2004, following the announcement by Euronext confirming discussions with LSE, and in order to comply with the UK City Code on Takeovers and Mergers (the Takeover Code) and with articles 12 and 14 of the Euronext N.V. Rules concerning inside information (the Code of Conduct), it was decided that staff and contractors would be prohibited from dealing in Euronext N.V. shares and any related financial instruments with immediate effect.

The same restriction applied also to the Euronext Growth and Parisbourse funds and to the exercising of stock options. In addition, staff were restricted from dealing in the securities of the LSE and Deutsche Börse (which made a bid for LSE).

These restrictions on personal share dealing, either directly or indirectly, in the securities mentioned above apply until further notice and override any scheduled open period and abstention period calendar that previously applied to trading in Euronext N.V. shares, the Euronext Growth and Parisbourse funds and any stock option plan rules.
In accordance with the ethical rules laid down in the Code of Conduct, Euronext has published on its website details of transactions in its securities executed by shareholders in sensitive positions.

A special procedure on conflicts of interest has been prepared and included in the file which has been submitted to the French regulator in order to obtain its non-opposition to the listing of options on Euronext N.V. shares.

Pursuant to article 2 of the Euronext N.V. Code of Conduct, staff members are not authorized to trade derivatives on Euronext N.V. shares.

As mentioned in section 5.1.13, the AFM has established new provisions concerning the publication of details of securities held by members of the supervisory boards and managing boards of listed Dutch companies. These provisions, which came into effect on 1 September 2002, stipulate that any transactions in the company's shares must be reported immediately to the AFM (the Dutch authority for the financial markets) for publication on its website. These provisions also apply in the event of the granting and/or acceptance of equity options. The members of the Managing Board of Euronext N.V. have complied with these provisions.

The national notification rules may be modified in 2005 as a consequence of the implementation in national law of the EU directive on market abuse and the related implementing measures.

2.4.3 Personal dealing policies

The company has implemented a Code of Conduct across the board with regard to ownership of and transactions in investments other than Euronext N.V. share (personal dealing rules). This harmonized set of rules replaces the various local corporate codes and is applicable to all staff members, including Managing Board members. Due to their positions within the company, the members of the Managing Board have opted for portfolio management by an independent third party. This option goes beyond what is required in the provision of the Dutch Corporate Governance Code.

Staff members, irrespective of their location, are governed by the same corporate codes, the personal dealing rules for investments other than Euronext N.V. share and the Euronext N.V. Code of Conduct which applies to their investments in Euronext N.V. securities.

In accordance with the Dutch Corporate Governance Code, the members of the Supervisory Board have adopted internal compliance rules that include an obligation to report all holdings and trades in Dutch securities to the local compliance officer.

2.4.4 Other best practice policies

In order to comply with the Dutch Corporate Governance Code, Euronext's Managing Board approved a whistle-blowing policy during 2004. This policy is aimed at enabling staff members to report alleged irregularities of a general, operational and financial nature without jeopardizing their position within the company. The arrangements for the application of this policy will be posted on the company's website. This policy was approved by Euronext's works council in early 2005 and was subsequently implemented.

As a listed company, Euronext N.V. and its staff members must take great care to avoid the partial or accidental dissemination of information which might affect share prices. In 2004, Euronext developed rules to be followed by staff members in order to prevent the improper dissemination of price-sensitive information.

2.5 RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM

2.5.1 Introduction

The Managing Board is responsible for managing risks and for ensuring that the company complies with all relevant legislation and regulations. It reports on and accounts for the internal risk management and control systems to the Audit Committee and the Supervisory Board. The risk factors and the internal risk management system are described in greater detail in section 3.4 of this report.

2.5.1.1 Scope of risk management and control
Euronext has adopted an enterprise-wide risk management approach across all its activities, covering all types of risks. This is a structured, consistent and continuous process across the whole organization for identifying, assessing, responding to and reporting on opportunities and threats that affect the achievement of the Group's objective. Therefore, the system of risk management and internal control covers not only the financial controls that are significant for the proper and timely reporting of the financial condition of the Group, but equally covers all other operations that are significant to the achievement of the business objectives of Euronext.
The company's risk management and control framework is designed to provide reasonable assurance that strategic objectives are met. It makes management responsible for identifying the critical business risks and the implementation of fit-for-purpose risk responses.

GL Trade, a separately listed Group company, followed its own process for risk management and control in 2004.
Harmonisation with the Euronext risk management and control system will take place in 2005.

2.5.1.2 External references
Euronext aims to comply as far as possible with the corporate governance codes of the Netherlands, France and the UK. This requires the company to set up an adequate internal risk management and control system. The Managing Board is committed to adopting best practice in corporate governance as far as possible and where there is no conflict between national codes. Although Euronext already had an internal risk management and internal control system in place, the company launched a project early in 2004 to review and, where necessary, modify the current risk management and internal control system. The key elements of the current risk management and control system that are aimed at compliance with the corporate governance codes are described below.

Euronext aims to maintain and develop a risk management process that not only meets corporate governance needs, but also helps it to achieve its goals. The enterprise-wide risk management system developed in-house, taking account of best practices in this field. Although not designed as such, many of the key principles of the recently updated COSO (Committee of Sponsoring Organizations of the Treadway Commission) guidelines on enterprise risk management are already in place.

2.5.1.3 Risk assessment
Risks are identified in the context of achieving Group and SBU objectives and assessed for impact on the achievement of those objectives and probability of occurrence, based upon common parameters identified in the Euronext risk management strategy. Risk profiles are produced for each SBU and the risks are reported to the appropriate level of management, as defined by that strategy, together with the management response. The 4Ts principle is used, risks are responded to by Treating the risk, Terminating the activity giving rise to the risk, Transferring the risk or Tolerating the risk. The latter primarily involves controls to reduce impact or reduce probability of occurrence.

2.5.2 Changes in 2004

2.5.2.1 Process and procedures
During 2004, the company launched a project to introduce a new risk management and control assurance framework across the Group. This was designed to meet the Tabaksblat corporate governance requirements. The new risk management and control assurance framework was in place throughout the Group during the second half of 2004. In the first half-year, risk management and control framework was in place across the Group, but the approach was not harmonized.

The risk management and control assurance framework is supported by management assurance from the heads of all SBUs and independent assurance from Internal Audit Services Management assurance is facilitated by Group Risk Management. This is based upon establishing risk profiles for each SBU, which set out the inherent risks to achieving operational and financial objectives, controls and other measures to mitigate those risks, residual risks and actions to mitigate them. This also includes a detailed risk profile for all financial processes in each location.

During the first half of 2004, a Risk Committee of the Managing Board was established. This committee sets a Group-wide risk management strategy, monitors the adequacy and effectiveness of risk management and implementation of the risk management strategy throughout the Group, and makes decisions on risk appetite in relation to the achievement of Group objectives. The minutes of the Risk Committee are reported to the Audit Committee of the Supervisory Board. The Risk Committee receives reports from Group Risk Management, SBUs and Group support departments on risks to achieving corporate goals and actions taken by management to respond to them. It also receives management assurance from the heads of SBUs and Group support departments.

2.5.2.2 Organization
Within the system of risk management and internal control, the other key responsibilities are as follows.
The Managing Board is responsible for ensuring that the appropriate control and management framework is in place to carry out their duty of care and stewardship of the shareholders' funds and corporate resources. It is ultimately responsible for achieving corporate goals. The Managing Board will convey the objectives of Euronext to its business units, as appropriate.

Line and project managers within SBUs take ownership and responsibility for risk management as part of achieving business objectives. Managers should be able to identify, evaluate and take the necessary steps to manage risks effectively.

The Group Risk Management reports to the Risk Committee of the Managing Board. It develops and maintains the Euronext risk management and control assurance framework and provides enterprise-wide risk management. The Group Risk Management is made up of eight employees and also provides services to the SBUs. It seeks to promote risk awareness and co-ordinate risk management efforts Group-wide, aiding management and supporting corporate governance. It also provides central monitoring of risks and outcomes. Group Risk Management works with management to ensure that residual risks are reported to the appropriate level in accordance with the risk management strategy agreed by the Risk Committee of the Managing Board. It also provides support to help ensure projects identify and manage their risks effectively.

Internal Audit Services reports to the Audit Committee of the Supervisory Board and provides independent, objective assurance and advice in order to add value and improve Euronext's operations. It aims to help Euronext achieve its objectives by providing a systematic, disciplined approach which evaluates and improves efficiency of risk management, control and governance processes. Internal Audit Services consists of 19 employees and undertakes audits in the area of information technology and other activities at all the various locations where the Group operates.
Risk profiles help Internal Audit Services to focus the planning and scope of its audits, which in turn underpin the risk profiles with independent assurance.

Euronext continues to work towards its overall objective of embedding risk management into its culture, processes and operations and fostering high awareness of business risks and internal controls.

2.5.2.3 Summary of key business controls
Risk management
Group Risk Management together with the SBUs and Group support departments prepares at least twice a year risk profiles of their entities. These profiles and a Group summary profile are discussed in the Risk Committee of the Managing Board. In 2004 the Risk Committee of the Managing Board met four times.

Management accountability for risk management and control is underpinned by internal letters of representation produced annually by each SBU and Group support department and countersigned by the director of Group Risk Management.

Monitoring the quality of the business controls through risk-based operational audits, inspections of financial reporting controls and compliance audits have been entrusted to the internal auditors. The quality of the risk management and control framework and the findings of internal and external audits are reported to and discussed by the Audit Committee of the Supervisory Board.

Codes of conduct
The company has implemented a set of rules of behaviour that employees have to observe in each country. There is also a Group whistle-blowing policy, a Group-wide code on dealing with price-sensitive information and rules for the prevention of insider trading. In 2004 Euronext harmonized its local corporate codes of conduct with regard to ownership of and transactions in financial instruments other than Euronext N.V. shares. For additional information on the Corporate Code of Conduct, see section 2.4.

Financial reporting and monitoring
Euronext publishes its financial statements and annual report in English, Dutch and French. The financial statements are prepared in accordance with International Financial Reporting Standards (IFRS) and in accordance with accounting principles generally accepted in the Netherlands. They also comply with the financial reporting requirements included in part 9 of Book 2 of the Dutch Civil Code.

Procedures have been drawn up for the internal and external reporting processes. Under the supervision of the Chief Financial Officer, the Finance departments of all Group entities are responsible for issuing local financial statements and corresponding reports. This information is sent out to the Group's consolidation department so that it can produce Group consolidated financial statements and the related financial communication.

Group consolidation department particularly checks the consistency of the financial information that the Finance departments of all Group entities use for preparation of the consolidated statements, together with other financial information submitted to internal and external reporting purposes.

These procedures are evaluated periodically to ensure they take account of changing requirements. Verifying compliance with these procedures has been entrusted to the internal and external auditors. Findings hereon are reported to the Managing Board and the Audit Committee of the Supervisory Board.

Strengthing fundamentals controls over financial reporting, the company uses common ERP system (CODA) and a standard chart of accounts that supports IFRS and local General Accepted Accounting Principles (GAAP). At the end of 2004, Hyperion Financial Management was implemented to enable the Group to replace time-consuming manual controls with embedded automated controls in the financial reporting consolidation process.