XP : 2021 Audit Accounts

XP Inc. - Consolidated financial statements for the years ended December 31, 2020, 2019 and 2018 with Independent Auditor's Report

Independent auditor's report

To the Board of Directors and Shareholders

XP Inc.

Opinion

We have audited the accompanying consolidated financial statements of XP Inc. (the "Company") and its subsidiaries, which comprise the consolidated balance sheets as at December 31, 2020 and the consolidated statements of income and of comprehensive income, of changes in equity and of cash flows for the year then ended, and notes to the financial statements, including a summary of significant accounting policies.

In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of XP Inc. and its subsidiaries as at December 31, 2020, and their financial performance and their cash flows for the year then ended, in accordance with the International Financial Reporting Standards (IFRS) as issued by the International Accounting Standards Board (IASB).

Basis for opinion

We conducted our audit in accordance with Brazilian and International Standards on Auditing. Our responsibilities under those standards are further described in the Auditor's Responsibilities for the Audit of the Consolidated Financial Statements section of our report. We are independent of the Company and its subsidiaries in accordance with the ethical requirements established in the Code of Professional Ethics and Professional Standards issued by the Brazilian Federal Accounting Council, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Key audit matters

Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current year. These matters were addressed in the context of our audit of the consolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

Matters

Why it is a

Key Audit

Matter

How the matter was addressed

PricewaterhouseCoopers, Av. Francisco Matarazzo 1400, Torre Torino, São Paulo, SP, Brasil, 05001-903, Caixa Postal 60054, T: +55 (11) 3674 2000, www.pwc.com.br

XP Inc.

Why it is a Key Audit Matter	How the matter was addressed in the audit

Information technology environment

The processing of transactions, operations development and business continuity processes of XP and its subsidiaries are technological structure dependent.

The inherent risks in information technology, associated with eventual deficiencies in the controls that support the processing and operation, logical accesses, systems change management in the existing technology environments, can, eventually, cause incorrect processing of critical transactions, improper accesses to systems and data, and consequently processing of unauthorized transactions and errors in automated controls of application systems. For this reason, this was considered as a focal area in our audit.

With the support of professionals with specialized skill and knowledge, we understood the information technology environment and tested general technology controls. During our planning activities, we considered tests related to systemic development and change management, access, security to programs, systems and data, systems operation/processing and physical security of the data processing center.

We tested automated and technology-dependent controls related to applications in the relevant XP business processes.

Considering the results obtained in the procedures described above and in order to obtain necessary and sufficient evidence in our financial statements audit, it was necessary to carry out additional documental testing in order to assess the integrity and accuracy of the information generated by systems and automated reports and, when necessary, the application of procedures using analytical databases, which allowed us to apply a wider spectrum of testing and evidence gathering.

We also performed unpredictability tests and review procedures for specific access to accounting entries, in addition to the procedures already applied to address the risk of management override of controls.

The results of these procedures provided us with appropriate and sufficient audit evidence considering the consolidated financial statements taken as a whole.

Revenue from services rendered (Notes 3 (xxi. 1) and 31 (a))

XP Inc. and its subsidiaries' revenue is substantially comprised of brokerage commission, securities placement and management fees.

These revenues are recognized according to contractual terms that consider the commission percentage for services provided. Revenue

We understood the internal controls environment regarding revenue recognition processes.

We also performed a tie-out between analytical information extracted from operational systems and revenue recorded in the accounting ledger. On a sample basis, we inspected supporting evidence of

3

XP Inc.

Why it is a Key Audit Matter	How the matter was addressed in the audit

recognition requires management controls to ensure proper recognition at a certain point in time.

Considering the relevance of these revenues in the consolidated financial statements, associated with eventual deficiencies in the controls, this area was considered as a focus area of our audit.

revenue in the accounting ledger and confronted its subsequent financial settlement with bank statements. In addition, we recalculated selected revenue transactions recognized in the accounting ledger.

Therefore, our audit procedures provided us with appropriate and sufficient audit evidence in the consolidated financial statements taken as a whole.

Responsibilities of management and those charged with governance for the consolidated financial statements

Management is responsible for the preparation and fair presentation of these consolidated financial statements in accordance with the International Financial Reporting Standards (IFRS) as issued by the International Accounting Standards Board (IASB), and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the consolidated financial statements, management is responsible for assessing the Company's ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless management either intends to liquidate the Company or to cease operations, or has no realistic alternative but to do so.

Those charged with governance are responsible for overseeing the financial reporting process of the Company and its subsidiaries.

Auditor's responsibilities for the audit of the consolidated financial statements

Our objectives are to obtain reasonable assurance about whether the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with Brazilian and International Standards on Auditing will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

As part of an audit in accordance with Brazilian and International Standards on Auditing, we exercise professional judgment and maintain professional skepticism throughout the audit. We also:

• Identify and assess the risks of material misstatement of the consolidated financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.

4

XP Inc.

• Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the internal control of the Company and its subsidiaries.
• Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management.
• Conclude on the appropriateness of management's use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the ability of the Company to continue as a going concern.
  If we conclude that a material uncertainty exists, we are required to draw attention in our auditor's report to the related disclosures in the consolidated financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the Company to cease to continue as a going concern.
• Evaluate the overall presentation, structure and content of the consolidated financial statements, including the disclosures, and whether these financial statements represent the underlying transactions and events in a manner that achieves fair presentation.
• Obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the Group to express an opinion on the consolidated financial statements. We are responsible for the direction, supervision and performance of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and to communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, related safeguards.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the consolidated financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

São Paulo, February 22, 2021

PricewaterhouseCoopers	Tatiana Fernandes Kagohara Gueorguiev
Auditores Independentes	Contadora CRC 1SP245281/O-6
CRC 2SP000160/O-5

5