XP : Relatório de Auditoria Anual FS XP Inc 2021 *

CONSOLIDATED FINANCIAL STATEMENTS

for the years ended December 31, 2021, 2020 and 2019

www.pwc.com.br

XP Inc.

Consolidated financial statements at December 31, 2021

and independent auditor's report

Independent auditor's report

To the Board of Directors and Shareholders

XP Inc.

Opinion

We have audited the accompanying consolidated financial statements of XP Inc. (the "Company") and its subsidiaries, which comprise the consolidated balance sheets as at December 31, 2021 and the consolidated statements of income and of comprehensive income, of changes in equity and of cash flows for the year then ended, and notes to the financial statements, including significant accounting policies and other explanatory information.

In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of XP Inc. and its subsidiaries as at December 31, 2021, and their financial performance and their cash flows for the year then ended, in accordance with the International Financial Reporting Standards (IFRS) as issued by the International Accounting Standards Board (IASB).

Basis for opinion

We conducted our audit in accordance with Brazilian and International Standards on Auditing. Our responsibilities under those standards are further described in the Auditor's Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Company and its subsidiaries in accordance with the ethical requirements established in the Code of Professional Ethics and Professional Standards issued by the Brazilian Federal Accounting Council, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Key Audit Matters

Key Audit Matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current year. These matters were addressed in the context of our audit of the consolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on

these matters.

Matters

Why it is a

Key Audit

Matter

How the matter was addressed

PricewaterhouseCoopers, Av. Francisco Matarazzo 1400, Torre Torino, São Paulo, SP, Brasil, 05001-903, Caixa Postal 60054, T: +55 (11) 3674 2000, www.pwc.com.br

XP Inc.

Why it is a Key Audit Matter	How the matter was addressed in the audit

Information technology environment

The processing of transactions, operations development and business continuity processes of XP and its subsidiaries are technological structure dependent.

The inherent risks in information technology, associated with eventual deficiencies in the controls that support the processing and operation, logical accesses, systems change management in the existing technology environments, can, eventually, cause incorrect processing of critical transactions, improper accesses to systems and data, and consequently processing of unauthorized transactions and errors in automated controls of application systems. For this reason, this was considered as a focal area in our audit.

With the support of professionals with specialized skill and knowledge, we understood the information technology environment and tested general technology controls. During our planning activities, we considered tests related to systemic development and change management, access, security to programs, systems and data, systems operation/processing and physical security of the data processing center.

We tested automated and technology-dependent controls related to applications in the relevant XP business processes.

Considering the results obtained in the procedures described above and in order to obtain necessary and sufficient evidence in our financial statements audit, it was necessary to carry out additional documental testing in order to assess the integrity and accuracy of the information generated by systems and automated reports and, when necessary, the application of procedures using analytical databases, which allowed us to apply a wider spectrum of testing and evidence gathering.

We also performed unpredictability tests and review procedures for specific access to accounting entries, in addition to the procedures already applied to address the risk of management override of controls.

The results of these procedures provided us with appropriate and sufficient audit evidence considering the consolidated financial statements taken as a whole.

Revenue from services rendered (Notes 3(xxiii.1) and 28(a))

XP Inc. and its subsidiaries' revenue is substantially comprised of brokerage commission, securities placement and management fees.

These revenues are recognized according to contractual terms that consider the commission percentage for services provided. Revenue recognition requires management

We understood the internal controls environment regarding revenue recognition processes.

We also performed a tie-out between analytical information extracted from operational systems and revenue recorded in the accounting ledger. On a sample basis, we inspected supporting evidence of revenue in the accounting ledger and confronted its subsequent financial settlement

3

XP Inc.

Why it is a Key Audit Matter	How the matter was addressed in the audit

controls to ensure proper recognition at a certain point in time.

Considering the relevance of these revenues in the consolidated financial statements, associated with eventual deficiencies in the controls, this area was considered as a focus area of our audit.

with bank statements. In addition, we recalculated selected revenue transactions recognized in the accounting ledger.

Therefore, our audit procedures provided us with appropriate and sufficient audit evidence in the consolidated financial statements taken as a whole.

Responsibilities of management and those charged with governance for the consolidated financial statements

Management is responsible for the preparation and fair presentation of these consolidated financial statements in accordance with the International Financial Reporting Standards (IFRS) as issued by the International Accounting Standards Board (IASB), and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the consolidated financial statements, management is responsible for assessing the Company's ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless management either intends to liquidate the Company or to cease operations, or has no realistic alternative but to do so.

Those charged with governance are responsible for overseeing the financial reporting process of the Company and its subsidiaries.

Auditor's responsibilities for the audit of the consolidated financial statements

Our objectives are to obtain reasonable assurance about whether the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with Brazilian and International Standards on Auditing will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

As part of an audit in accordance with Brazilian and International Standards on Auditing, we exercise professional judgment and maintain professional skepticism throughout the audit. We also:

• Identify and assess the risks of material misstatement of the consolidated financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
• Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the internal control of the Company and its subsidiaries.
• Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management.

4