Summary - Corporate Risk Policies

May 18, 2021

Credit Risk Policy

May 18, 2021

The Credit Risk Policy establishes the principles and framework for the control and management of credit risk in a consolidated manner for the NEOENERGIA group, understanding as credit risk any counterparty risk that may generate economic or financial loss for the Group in non-compliance of contractual obligations.

Credit risk exposure occurs through different channels, depending on the type of relationship with the counterparty, which materializes in the costs of settlement, replacement or amortization. Particularly, the Credit Risk Policy establishes the identification and segmentation into homogeneous groups by type of credit exposure within the Group, the application of corporate credit criteria for admission of counterparties and the assignment of risk limits according to credit quality criteria, adapted to the characteristics of different business types.

Energy Market Risk Policy

May 18, 2021

The Energy Market Risk Policy establishes the principles and framework for controlling and managing energy market risk on a consolidated basis for the NEOENERGIA group, understanding as market risk any potential loss of margin and/or value due to adverse movements of the factors that determine the prices of energy commodities, CO2 emission rights, environmental certificates, electricity and natural gas prices, and the exchange rate.

This policy applies to the activities of the liberalized business, including renewables, and networks, in the purchase and sale of energy that generate exposure to the market risk of the Neoenergia Group and should be reproduced by its subsidiaries, observing its applicability.

Operational Risk Policy in Market Transactions

May 18, 2021

The Operational Risk Policy in Market Transactions covers operational, regulatory and reputational risks and is applied to all market transactions with third parties in energy and treasury management that generate exposure to operational risks in businesses of the NEOENERGIA group, as a result of possible inappropriate processes, technological errors, human failures, fraud, as well as any other internal or external event.

This Policy is based on the following basic principles:

  1. Solid risk culture;
  2. Adequate segregation of duties;
  3. Formalization of clear policies and processes;
  4. Safe and flexible information systems.

Insurance Policy

May 18, 2021

The Insurance Policy establishes the basic principles and the framework for the control and management of Insurance, in order to mitigate the Group's exposure against operational, construction and transportation risks and the respective civil liability risks of all NEOENERGIA group businesses.

The Insurance Policy defines the coverage limits for insurance policies for, among others:

  1. Materials damage
  2. Civil responsibility
  3. Cybernetic risks
  4. Environmental civil liability
  5. Operational risks.

Investment Policy

May 18, 2021

The Investment Policy sets the principles and operational milestone for the analysis, monitoring, control of management in risks associated with Neoenergia Group's new investment and divestment projects.

In particular, the Investment Policy establishes limits in terms of profitability and risk for each project, as well as its fit in the Group's strategy.

Financial Risk Policy

May 18, 2021

The Financial Risk Policy establishes the basic principles and the general framework of action for the control and management of financial risks applicable to all businesses of the NEOENERGIA group.

The NEOENERGIA group must develop a financial risk management strategy that allows obtaining the necessary resources to meet operational and investment needs, within the law, under optimal cost and term conditions, minimizing the associated risks:

  1. Ensure liquidity with a minimum of financial expense;
  2. Establish adequate levels of risk, seeking the best risk-return ratio within the established limits;
  3. Transfer to third parties the financial risks that should not be assumed by the Group;
  4. Maintain solvency and leverage indicators at levels that support a good NEOENERGIA credit rating in accordance with the objectives established by the shareholders; and
  5. Comply with the requirements of local regulators and applicable tax rules.

Treasury Stock Policy

May 18, 2021

The Treasury Stock Policy establishes the basic principles and the general framework of action for the control and risk management of operations with shares issued by Neoenergia, performed directly by the Company.

This Policy, together with the General Corporate Risk Management Policy of the NEOENERGIA group, the other internal regulations, Law No. 6.404, of 1976, as amended ("S.A. Law") and the regulations of the Brazilian Securities Commission ("CVM") and B3 S.A. - Brasil, Bolsa, Balcão

("B3"), as applicable, constitute the risk management framework related to trading with own shares that the companies belonging to the NEOENERGIA group must follow.

Transactions with Treasury Shares must always have legitimate purposes, thus comprehending, for example, the following purposes:

  1. Provide investors with adequate liquidity and transparency in the trading of the Company's shares;
  2. Perform programs for the purchase of own shares, approved by the NEOENERGIA Board of Directors or by the General Meeting and, in particular, allow the Company to access the shares that allow it to fulfill its commitments to deliver shares previously contracted due to issues of securities or corporate operations, such as share-based compensation plans for officers, managers or employees;
  3. Fulfill other legitimate commitments previously assumed; and
  4. Any other permissible purposes in accordance with applicable regulations.

Likewise, Treasury Stock Transactions will be carried out always seeking the best interest of NEOENERGIA, in accordance with its strategic objectives and mitigating the risk associated with these operations.

Purchasing Policy

May 18, 2021

The Purchase Policy establishes the global milestone for the control and management of market, credit, business, regulatory, operational, reputational, criminal and cybersecurity risks in the purchase of materials, equipment and contracting of works and services throughout Neoenergia Group, with special emphasis in the compliance with ethical commitments of the NEOENERGIA Group and its suppliers.

The Purchasing Policy follows the following basic principles:

  1. Promote a solid risk culture and the development of an ethical business culture throughout the organization that sustain the professional and ethically responsible behavior of all employees, in accordance with the strict application of the Code of Ethics, the Anti-Corruption and Fraud Policy and the Crime Prevention Policy, Cybersecurity Risk Policy and Personal Data Protection Policy;
  2. Establish, in a coordinated manner, the standards and controls related to the NEOENERGIA group's purchasing activities, ensuring full adherence to the corporate governance model;
  3. Implement the necessary mechanisms for purchasing decisions, ensuring in all cases the appropriate balance between technical competence, quality, price, qualification and reputation of the supplier;
  4. To seek a relationship with suppliers based on the principles of business ethics and transparency, seeking continuous improvement, fostering innovation and development in order to improve and implement new products, services and ways of acting;
  5. Promote the motivation and active participation of employees, the necessary training to develop their tasks and their continuous education;
  6. Establish procedures for selecting suppliers in line with standards of impartiality and equal opportunities, guaranteeing in all circumstances the professionalism of employees of the NEOENERGIA group;
  7. Require suppliers to strictly comply with the contractual terms and conditions and laws in force, as well as the principles of action contained in the Code of Ethical Conduct for Suppliers;
  8. Promote a relationship with the supplier and carry out all purchasing processes in accordance with the principle of transparency and integrity, respecting the values and principles of conduct established in the Code of Ethics, the Anti-Corruption and Fraud Policy and "zero tolerance" for illegal acts, corruption, bribery, money laundering and any situations that involve the practice of fraud or illegal conduct;
  1. Maintain the good reputation of the NEOENERGIA group, as a market participant, performing all operations based on solid and documented principles, in accordance with the obligations entered into with counterparties.

Information Technology (IT) Policy

May 18, 2021

The IT Policy establishes a governance model, basic principles and a general risk management structure for IT and associated telecommunication systems, which make up the IT of the NEOENERGIA group. This Policy covers the management of risks associated with the use, ownership, operation, participation, influence and adoption of certain information technologies or their management and control processes.

The IT policy defines the integrated management milestone that enables a global technology focus and seeks to ensure proper management of information technologies and associated risks, driving value creation through effective and innovative use of information technologies and satisfaction of internal and external users with the level of commitment and services provided, maintaining a balance between benefit generation, risk level optimization and sufficient use of resources.

Cybersecurity Risk Policy

May 18, 2021

The Cybersecurity Policy sets the principles and the milestone for the control and management of risks arising from threats and vulnerabilities of the Neoenergia Group's control or information and communication systems or any other assets comprising the Group's Cyber Infrastructure, including information assets.

Neoenergia is aware of the relevance of digital transformation in the electricity sector, a process that constitutes a lever to maximize the creation of value, therefore, it is essential to properly manage cybersecurity risks.

In addition, it establishes the guidelines for a common cybersecurity management model for the entire Group coordinated by a Cybersecurity Committee based on the development of global norms and rules for application in all businesses and corporate functions to foster a solid cybersecurity culture.

In particular, importance will be given to Cybersecurity in the scope of the processing of personal data under the terms of the General Data Protection Law - Law 13.709/2018 that came into force on September 18, 2020, and of the critical infrastructures operated by the Neoenergia group.

The Cybersecurity Risk Policy is based on the following basic principles:

  • Make all employees, suppliers and collaborators aware of cybersecurity risks and ensure that they have the knowledge, skills, experience and technological capabilities necessary to support the NEOENERGIA group's cybersecurity objectives;
  • Ensure that the information and communications systems of the NEOENERGIA group have an appropriate level of Cybersecurity and Cyber-resilience and apply the most advanced standards to those that support the operation of critical Cyber-infrastructures;
  • Promote the existence of cybersecurity and cyber-resilience mechanisms suitable for systems and operations managed by third parties that provide services to the NEOENERGIA group;
  • Strengthen capacities for prevention, detection, reaction, analysis, recovery, response, investigation and coordination in relation to terrorism and delinquency activities in Cyberspace;
  • Have procedures and tools that allow you to adapt quickly to the constant changes in the technological environment and to the new threats that appear in Cyberspace;
  • Collaborate with relevant government agencies and bodies, aiming to contribute to the improvement of Cybersecurity at the international level;
  • Promote the principles established in the Corporate Security Policy in relation to Cybersecurity, internally and in the companies of the Neoenergia group;
  • Protect information about critical cyber infrastructures and cybersecurity systems of the NEOENERGIA group;
  • Implement cybersecurity measures based on efficiency criteria and that contribute to the functionality of key systems and services;
  • Act in accordance with current legislation and the NEOENERGIA Group's Code of Ethics.

Reputational Risk Policy

May 18, 2021

The Reputational Risk Policy sets the principles and the milestone for managing opportunities for favorable behavior and reputation risk management, which is part of the Neoenergia Group's value creation cycle.

There is a direct relationship between this Policy and the Policy on Relationship with Interest Groups, a document approved by the Board of Directors in 2018, with the purpose of promoting a framework of relationships, supported by bidirectional communication, involvement and collaboration, as well as in the principles of transparency, active listening and equal treatment, allowing us to take into account all of its legitimate interests and effectively disseminating information about the NEOENERGIA group's activities and businesses, building relationships of trust on an ongoing basis with different interest groups.

The Policy deals with reputational impact when negative advertising, whether true or false, disseminated by opinion leaders, is triggered as a result of certain events that compromise the company's reputation and results. Opinion makers are understood as individuals, groups or organizations or entities with a high power of influence and credibility who express their opinion through traditional media or via the internet and social networks, and which can impact the reputation of companies, the country and different sectors of activity.

Occupational Health and Safety Policy

May 18, 2021

The Occupational Health and Safety Policy establishes the basic principles and the general framework of action for the control and management of health and safety risks.

The NEOENERGIA Board of Directors, recognizing the importance of risks associated with health and safety at work, undertakes to recommend the necessary actions to provide safe and auditable conditions at work appropriate to the purpose, size and context of each organization of the NEOENERGIA group, as well as its environment of influence, contributing to

This is an excerpt of the original content. To continue reading it, access the original document here.

Attachments

  • Original document
  • Permalink

Disclaimer

COELBA - Companhia de Eletricidade do Estado da Bahia published this content on 18 May 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 25 May 2021 18:26:02 UTC.