CRESCIMENTO SUSTENTÁVEL

Compliance and Risk Management

Algar Telecom has a Code of Conduct and a number of corporate policies, such as Internal Controls, Relations with Government Agencies, Spokesmen, Institutional Representation, Giveaways and Tax Incentives. In addition, internal audits are carried out to check the level of compliance with existing controls, in-class and online training is given on ethics and integrity, and communication and awareness campaigns are conducted. Our executives play a crucial role in the Compliance Program, leading by example and practicing what they preach.

Our Code of Conduct underlies the behavior we expect in relationships with various stakeholders – is shared with all our employees when they join the company. Annually, employees formally attest that they have understood the guidelines, which ensures that periodic revisions in the document do not go unnoticed, and all are properly updated. The Code of Conduct covers topics such as combating corruption, rules for online behavior, working relationships and human rights, including non-acceptance of child labor and labor analogous to slavery by the Company and our partners.

Anyone who identifies a practice that may represent a departure from the Code of Conduct and/or laws and regulations may report the situation to the Ombudsman’s Office, which assesses the origin, the criticism of the complaint, investigates and deals with occurrences. Confirmed deviations are reported to the Integrity Committee. We guarantee confidentiality and anonymity, and will not tolerate any kind of reprisal.

Risk management

Risk management is handled by Algar Telecom’s Financial Board, which coordinates the work with the Company’s other areas and is supervised by the Audit and Risk Management Committee, one of the advisory committees to the Board of Directors. Algar Telecom’s Corporate Risk Management Policy defines the overall guidelines for this work, based on standards such as those of the internationally recognized COSO-ERM (Committee of Sponsoring Organizations of the Treadway Commission).

The procedure is in four stages, is cyclical and is continuously updated:

• IIdentification of risk factors (causes);
• Assessment (calculation of the impact on the projected results and the probability of occurrence);
• Definition of the risk appetite of shareholders;
• Development of action plans.

One of the instruments that support the prioritization of risks to be addressed is the Risk Matrix, which provides a comparative view of the risks according to the classification of impact and probability by the Board of Executive Officers and its classification. See the chart below summarizing the most important risks of Algar Telecom, for which the organization seeks mitigation.

Digital Rupture/Innovation – We operate in a highly dynamic business segment, where technological transformations can cause the breakdown of consolidated markets. Changes in consumer behavior do not only affect the supply of new products, as well as can modify the entire dynamic of a market – as has been the case with collaborative platforms for public transport and hotel accommodation. This is why we are aligned with digital changes and attuned to innovation. We have an Innovation Management area, a Transformation Board and an ITC Services Routines area, we are founding partners of Brain, an institute of science and technology inspired by the model of open innovation and we have Estação to provide the change of mindset of Algar Telecom employees.

Competition – The entry of new competitors in the area of activity, as well as the increase of competitiveness are inherent risks to the business and can impact the fulfillment of our objectives. For this reason, we constantly monitor the competition environment, evaluate scenarios and potential impacts and then define strategies to defend the concession area and maintain growth in the expansion area.

Exchange Rates – There is possibility of fluctuations in the exchange rates of foreign currencies that we use for the acquisition of equipment and supplies. A part of the investments is made in foreign currency when equivalent national equipment is lacking. We maintain our updated foreign exchange exposure balance, monitor exchange rate fluctuations, negotiate better foreign exchange conditions in advance, and analyze the volume of investments in the country’s macroeconomic context, among other factors.

Interest Rates and Inflation – Indebtedness is monitored periodically through Sensitivity Analysis which allows us to simulate the possible scenarios of exposure of financial instruments (loans, financing and debentures), as well as the impact on financial expenses and payment capacity. We permanently monitor indebtedness levels in accordance with market standards and compliance with covenants provided for in loan, financing and debenture agreements, which must be maintained for the duration of the respective documents. We also have our own indexes, which are even more stringent than those required in financial contracts.

Default – Exposure to default risk is affected by the individual characteristics of each client. However, the Management also considers these risks, considering the region, segment, macroeconomic scenario and history of doubtful debts, continuously monitoring them. In the sale of post-paid services, the customer is subjected to a careful analysis before the product activation. We also adopt procedures that help reduce risks, such as payment of the bill by automatic debit and customer loyalty actions. These and a several number of procedures have ensured that the risk remains within the projected limits.

Data Security – We have a portfolio with systems exposed to cyber security risks. To minimize these risks, we have solutions to protect us against intentional or accidental contamination, malware and viruses; a structure for detecting anomalies in our internal and external networks, cyber-attacks and anomalous traffic; and tools for controlling access to confidential data. In line with the objectives of Law 13,709 (General Law on Personal Data Protection), we began an effort to adapt processes and systems to ensure compliance with legal requirements and reinforce the cybersecurity environment.

Continuity of Operation – The continuity of the Company’s operations involves a set of technologies, systems, processes and people, in which eventual failures may occur, reducing or rendering us unable to provide adequate services to our customers. To reduce the risk of disruption in networks and services, the main internal or external factors causing outages are identified by analyzing occurrences of incidents previously detected in networks and telecommunications systems. The availability of network elements and services is continuously monitored through a Network Operations Center with technologies, systems and professionals trained to identify and treat incidents in the shortest possible time, reducing service downtime and impacts to customers and the Company.

Project Execution – The strategy is implemented through a portfolio of projects, which are managed through methodologies recognized by the market. This way, the risks inherent in the projects are mapped, mitigated and monitored. The Project Management Office (PMO) periodically reports the progress of the strategic projects to the Company’s Board of Executive Officers.

Regulatory – Regulatory risk is monitored from three viewpoints, which feed into each other: (I) regulatory changes (legislative topics affecting the sector); (II) management of grants (obligations to be met which are subject to oversight); and (III) management of penalties imposed by the sector regulatory agencies, Anatel and Ancine (administrative and judicial proceedings). Algar Telecom continues to participate in and contribute to the sector debates, in order to collaborate with the development of regulations in Brazil and the resulting benefits for society.

Tax – Tax risk, in an analogous way, is also monitored in three perspectives: (I) tax movements – draft laws that may impact the business upon becoming a applicable obligation, including, for example, the increase in charges; (II) management of existing obligations, which must be fulfilled and are subject to supervision at the municipal, state and federal levels; (III) management of tax penalties and contingencies, constituted in accordance with accounting practices and audited periodically by independent auditors.