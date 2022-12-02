Advanced search
B3 S A Brasil Bolsa Balcão : Corporate Risk Policy

12/02/2022 | 04:46pm EST
CORPORATE RISK MANAGEMENT POLICY

March 3rd, 2022

PUBLIC INFORMATION

CORPORATE RISK MANAGEMENT

POLICY

TABLE OF CONTENTS

1

PURPOSE ...........................................................................................................

3

2

SCOPE ................................................................................................................

3

3

REFERENCES ....................................................................................................

3

4

CONCEPTS .........................................................................................................

4

5

GUIDELINES .......................................................................................................

5

6

RESPONSIBILITIES............................................................................................

8

7

FINAL PROVISIONS .........................................................................................

11

2

PUBLIC INFORMATION

CORPORATE RISK MANAGEMENT

POLICY

1 PURPOSE

The purpose of this Policy is to establish the principles, guidelines and responsibilities to be observed in the process of managing corporate risks, so asto enable their adequate identification, assessment, treatment, monitoring and communication.

2 SCOPE

This Policy applies to executive officers, employees, and interns, of B3 S.A. - Brasil, Bolsa, Balcão, its subsidiaries abroad, Cetip Info Tecnologia S.A, B3 Social, and other members ("Company"). Credit, liquidity and market risks relating to the activities of the Company's clearinghouses in their role as central counterparty are covered in the Central Counterparty Risk Management Policy, as well as in the clearinghouses' rulebooks and manuals as approved by the Central Bank of Brazil, the Securities and Exchange Commission of Brazil (CVM) and, specifically in the case of rulebooks, also by B3's Board of Directors, and lie outside the scopeof this Policy.

3 REFERENCES

  • Corporate Bylaws.
  • Code of Conduct and Ethics.
  • COSO - ERM: Committee of Sponsoring Organizations of the Treadway Commission - Enterprise Risk Management Framework.
  • CVM Instruction No. 461/2007.
  • Compliance and Internal Control Policy.
  • Disclosure Policy.

3

PUBLIC INFORMATION

CORPORATE RISK MANAGEMENT

POLICY

  • Securities Trading Policy.
  • Information Security Policy.
  • Policy on Related Party Transactions and other Potential Conflict of Interest Situations.
  • Socio-environmentalResponsibility and Governance Policy.
  • Executive Board Advisory Committee Bylaws.
  • ABNT Standard NBR ISO 31000:2009 - Risk Management: Principles and Guidelines.

4 CONCEPTS

  • Risk appetite: The level of risk that the Company is willing to undertake in order to achieve its strategic objectives. The assessment ranges from
    "intolerable" to "propensity for risk". Risk appetite is a qualitative measure.
  • Risk: The possibility of an event that negatively affects the Company's ability to achieve its objectives or to operate its processes.
  • Corporate risk: The strategic, operational, financial and regulatory risks associated with the Company's activities and its ability to achieve its business objectives.
  • Strategic risk: The possibility of implementing an unsuccessful or ineffective strategy that fails to achieve the intended returns. Additionally, issues related to the Company's business objectives, its image, its socio- environmental management, people and standards of ethics and of conduct are considered strategic.
  • Operational risk: The possibility of losses due to faults, deficiencies or

inadequacies in internal processes, people, and technological environments, or external events. Includes legal risk, associated with inadequacies or

4

PUBLIC INFORMATION

CORPORATE RISK MANAGEMENT

POLICY

deficiencies in contracts signed by the Company, penalties due to infringement of legal provisions, and third-party claims for compensation arising from the

Company's activities. Events involving operational risk include internal and external fraud, labor litigation and workplace health and safety noncompliance, inadequate practices relating to customers, products and services, damage to physical assets, and any events causing interruptions to the Company's activities and information technology system and infrastructure failures.

  • Financial risk: The possibility of the Company being exposed to fines and

other penalties due to incomplete, inaccurate or untimely reports on matters relating to finances, management, regulation, taxation, statutory requirements and sustainability. This macro-category encompasses credit risk, liquidity risk and market risk related to the Company's cash management.

  • Regulatory risk: The possibility of changes to rules and regulations or action by local and international regulators that may result in growing competitive pressure and significantly affect the Company's ability to manage its businessefficiently.
  • Risk tolerance: The definition of the risk level that the Company is willing to assume to meet strategic goals. Risk tolerance is a quantitative metric measured by indicators.

5 GUIDELINES

Based on the COSO ERM framework, the structure of the Company's risk management comprises the following six components:

5.1 Internal Environment

The basis for all other components of the internal control structure, establishing its design, management, monitoring and discipline for executive officers, employees, and interns in relation to the internal control structure.The internal environment includes the organizational structure, human and physical

5

PUBLIC INFORMATION

This is an excerpt of the original content. To continue reading it, access the original document here.

