COMPLIANCE AND INTERNAL CONTROLS POLICY

06/25/2021

PUBLIC INFORMATION

COMPLIANCE AND INTERNAL CONTROLS POLICY

CONTENTS

1

PURPOSE

3

2

SCOPE

3

3

REFERENCES

3

4

CONCEPTS

4

5

GUIDELINES

4

6

RESPONSIBILITIES

7

7

FINAL PROVISIONS

11

8

CONTROL INFORMATION

11

2

PUBLIC INFORMATION

COMPLIANCE AND INTERNAL CONTROLS POLICY

1 PURPOSE

The purpose of this Policy is to set out concepts, rules and responsibilities governing the functioning of the compliance and internal control framework of B3 S.A. - Brasil, Bolsa, Balcão.

2 SCOPE

This Policy applies to all administrators, employees and interns of B3 S.A. - Brasil, Bolsa, Balcão, its subsidiaries abroad, BSM Market Supervision, Cetip Info Tecnologia S.A., B3 Social, and other associations (Company).

3 REFERENCES

The references for this Policy are the main national and international normative instruments that deal with concepts, rules and responsibilities relating to compliance and internal control frameworks, including:

  • The Company's Anti-Corruption and Fraud Prevention Policy;
  • The Company's Corporate Risk Management Policy;
  • Brazilian Federal Law 4595/1964;
  • Brazilian Federal Law 4728/1965;
  • Brazilian Federal Law 6385/1976;
  • Brazilian Federal Law 10214/2001;
  • Brazilian National Monetary Council (CMN) Resolution 2554/1998;
  • CMN Resolution 2882/2001; and
  • Brazilian Securities and Exchange Commission (CVM) Instruction 461/2007.

3

PUBLIC INFORMATION

COMPLIANCE AND INTERNAL CONTROLS POLICY

4 CONCEPTS

4.1 Regulatory environment

The set of legal, normative and regulatory provisions issued by the bodies that regulate the Company's activities.

4.2 Internal control system

The set of procedures and activities established by the Company to reduce the likelihood of financial losses and damage to its institutional image, enhance the quality of its accounting information and assure compliance with the applicable legislation and regulations.

5 GUIDELINES

5.1 Implementation, assessment and maintenance of internal control activities

The Governance and Integrated Management Department is responsible for assessing and monitoring whether the control activities: (i) are being carried out by the Company's operating areas and (ii) are sufficient, effective and efficient in mitigating risks.

Control activities are assessed from time to time based on the legislation and regulations in force and on best practices in corporate governance, embodied in the standards and methodologies established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Control Objectives for Information and Related Technology (COBIT) framework.

The results of assessments and tasks are duly documented and forwarded to the operating areas responsible for control activities.

Internal control activities must be properly documented by business area managers. The nature and extent of this documentation may take various forms, containing at least:

4

PUBLIC INFORMATION

COMPLIANCE AND INTERNAL CONTROLS POLICY

  • Duly formalized policies and procedures;
  • Formalization of the responsibility of each professional involved in the relevant business processes, with the appropriate segregation of functions and approval authorities, where applicable. This formalization may take the form of organization charts, responsibility matrices, job descriptions and/or narratives;
  • Business process flow charts pinpointing all controls; and
  • Supporting documentation for decisions taken regarding the implementation of controls, including cost-benefit assessments.

In addition, the Governance and Integrated Management Department is responsible for complying with the requirements of the Central Bank of Brazil (BCB), particularly in respect to CMN Resolution 2554/1998, and with external auditors in matters relating to the assessment of the Company's control environment.

To this end, business areas must provide the requisite information to the Governance and Integrated Management Department so that it can produce reports on internal controls for approval by the Board of Directors.

5.2 Action plan follow-up

Concerns raised in the work of internal and external audit and internal controls teams, in the assessments performed by the corporate risks team, in the regulatory monitoring conducted by the Governance and Integrated Management Department and in inspections by regulators shall be verified by business areas, which are responsible for producing and executing action plans to address deficiencies and noncompliance.

The Governance and Integrated Management Department shall test the deployment of plans when completed, except those resulting from concerns raised by internal audit, which will be reviewed by the area itself.

5

PUBLIC INFORMATION

Attachments

  • Original Link
  • Original Document
  • Permalink

Disclaimer

B3 SA Brasil Bolsa Balcao published this content on 31 March 2023 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 31 March 2023 21:38:34 UTC.