Compliance Policy – Copastur

 

1. INTRODUCTION

Copastur reaffirms its commitment to integrity, ethics, and legal compliance across all its operations and business relationships, both in Brazil and abroad.
This Compliance Policy sets out guidelines and responsibilities aimed at preventing, detecting, and responding to conduct that may violate laws, internal rules, or the organization’s ethical standards.

Aligned with international best practices such as the OECD Guidelines and the anti-corruption conventions to which Brazil is a signatory, this policy seeks to strengthen governance, ensure effective controls, and protect Copastur’s institutional reputation.

Its content is consistent with the Corporate Code of Ethics and Conduct, promoting an organizational culture based on respect, safety, diversity, and integrity.

2. PURPOSE

To establish the principles and guidelines of Copastur’s Compliance Program, focusing on promoting an organizational culture based on integrity, compliance with legal and regulatory standards, and the prevention of ethical and reputational risks.

The policy is grounded in a culture of integrity, expressed in ethical decision-making, transparency in relationships, corporate responsibility, and a preventive approach to potential misconduct or non-compliance.

3. SCOPE

This Policy applies to all employees, interns, apprentices, suppliers, service providers, business partners, and any third parties acting on behalf of or in the interest of Copastur, in Brazil or abroad.

4. REGULATORY BASIS

  • Law nº 12.846/2013 – Brazilian Anti-Corruption Law
  • Law nº 13.709/2018 – General Data Protection Law (LGPD)
  • Law nº 9.613/1998 – Prevention of Money Laundering and Terrorist Financing (AML/CFT)
  • ISO 37301 – Compliance Management Systems
  • ISO 37002 – Whistleblowing Management Systems
  • United Nations Convention against Corruption
  • OECD Guidelines on Integrity and Business Conduct

5. REFERENCES

  • Corporate Code of Ethics and Conduct
  • Corporate Governance Policy
  • Anti-Corruption Policy
  • Anti-Money Laundering Policy
  • Privacy and Data Protection Policy
  • Information Security Policy
  • Non-Retaliation Policy
  • Disciplinary Measures Policy

6. GENERAL GUIDELINES

Copastur structures its Compliance Program based on the following pillars:

  • Commitment of top management
  • Integrity risk assessment and management
  • Updated Code of Conduct and internal policies
  • Secure, confidential, and independent Whistleblowing Channel
  • Timely response to deviations and non-compliance
  • Continuous training and communication
  • Monitoring, audits, and continuous improvement

7. SPECIFIC CONDITIONS

Compliance management may be applied autonomously or integrated with other management systems. Process adaptation must comply with contractual requirements or stakeholders’ needs, provided compliance with current laws and regulations is ensured.

8. DEFINITIONS

Compliance: Derived from the English verb ‘to comply,’ meaning to obey, adhere, or be in conformity. In the corporate context, it refers to the organization’s commitment to fully comply with laws, regulations, internal standards, and other applicable obligations, ensuring that all employees act according to ethical and legal principles, with a focus on preventing irregularities and promoting institutional integrity.

Non-Compliance Risk: Possibility of financial, reputational, or legal losses resulting from failure to comply with laws, standards, or ethical guidelines.

Compliance Program: A structured set of measures that promotes the prevention, detection, and response to illicit acts and misconduct, aligned with the principles of business ethics and good governance.

9. COMPLIANCE FUNCTION SCOPE

The Compliance area at Copastur operates as the second line of defense, ensuring legal, regulatory, and ethical compliance across all company activities. Its role includes:

  • Corporate Governance
  • Reputational risk management
  • Prevention of money laundering and terrorist financing
  • Consumer protection
  • Monitoring of regulatory obligations

The structure is corporate, with a dedicated team, transversal performance, and functional independence.

10. MISSION

To ensure, together with other areas, the application of internal and external regulations, guaranteeing legal and regulatory compliance, promoting corporate ethics, preventing misconduct, and fostering responsible behavior at all levels of the organization.

11. PRINCIPLES OF COMPLIANCE AT COPASTUR

  • Integrity and ethics in all relationships
  • Zero tolerance for corruption and money laundering
  • Transparency and accountability
  • Commitment of Top Management and Leadership
  • Respect for human rights, diversity, and applicable laws

12. RESPONSIBILITIES

Top Management

Lead, support, and provide the resources necessary for the effectiveness of the Compliance Program. Set the ethical tone at the top, promote a culture of integrity, and periodically review the program.

Senior Leadership

Apply and reinforce the Compliance Program guidelines within their areas.
Act as ethical role models, support training and communication, ensure compliance with internal policies, and collaborate in identifying and mitigating integrity risks.

Ethics Committee

Advisory body to leadership, responsible for supporting ethical governance, evaluating sensitive cases, and recommending corrective measures.

Duties include:

  • Promote a culture of integrity and ethical conduct
  • Evaluate and improve internal standards
  • Monitor reports of misconduct

Report activities and recommendations to Top Management
📧 Contact: etica@copastur.com.br

Compliance Area

Led by the Compliance Manager. Responsibilities include:

  • Develop, review, and disseminate internal policies
  • Conduct training and communication
  • Monitor legislation and ensure regulatory adherence
  • Support audits and track corrective action plans
  • Evaluate effectiveness of controls and compliance indicators
  • Ensure adequate resources (human, financial, technological)
  • Identify recurrent non-compliance risks and propose corrective actions

Act in synergy with corporate committees (Ethics, Information Security & Privacy, Diversity & Inclusion)
📧 Contact: compliance@copastur.com.br

Compliance Officer

Formally appointed by Top Management, responsible for coordinating the program and ensuring its effectiveness.

13. CODE OF ETHICS AND CONDUCT

The Corporate Code of Ethics and Conduct complements this Policy by establishing behavioral standards expected of all employees, interns, apprentices, suppliers, service providers, and business partners, in Brazil and abroad.

14. ETHICS CHANNEL

The Ethics Channel is an internal online platform (Feedz), managed by the Ethics Committee, designed for Copastur executives and employees to report behaviors or actions that violate the guidelines of the Corporate Code of Ethics and Conduct, internal policies, or procedures, in a simple, secure, and anonymous manner.

Copastur guarantees full anonymity, confidentiality, and protection against retaliation for good-faith whistleblowers. The Ethics Channel is available to all employees, accessible through the company’s website with 24-hour availability. Copastur believes that the success of a Compliance Program depends on everyone’s participation.

For external stakeholders, reports may be submitted via email: etica@copastur.com.br, published on our official channels.

All reports are handled with confidentiality, impartiality, and independence, and are reviewed by the Ethics Committee and/or Top Management, depending on the nature of the case.

We emphasize that retaliation against good-faith whistleblowers will not be tolerated, in accordance with our Non-Retaliation Policy. Likewise, unfounded or bad-faith reports may be subject to investigation and accountability under our disciplinary framework.

15. TRAINING AND COMMUNICATION

Copastur promotes regular training on:

  • Compliance and corporate ethics
  • Anti-corruption practices
  • Anti-money laundering and counter-terrorist financing (AML/CFT)
  • Data protection and privacy

The Compliance area ensures continuous communication and engagement from leadership and employees to reinforce ethical conduct in day-to-day activities.

16. DUE DILIGENCE AND THIRD-PARTY RELATIONSHIPS

Copastur conducts integrity due diligence on relevant third parties to mitigate reputational, legal, and compliance risks.

17. DOCUMENT MANAGEMENT

Policies, procedures, and internal records follow a formal flow of drafting, approval, and periodic review to ensure effectiveness, accuracy, and alignment with current standards.

18. MONITORING AND CONTINUOUS IMPROVEMENT

The Compliance Program is continuously monitored through annual evaluations, internal audits, and reviews whenever necessary, focusing on continuous improvement and adherence to best practices.

19. RESPONSIBILITIES

It is the duty of all employees to be familiar with the content of this Policy and to understand their respective obligations regarding its application.

Top Management and Senior Leadership must ensure compliance with the guidelines described herein, as well as promote updates whenever necessary, in line with the evolution of internal processes or regulatory changes.

Situations of non-compliance with this Policy must be immediately reported to managers and/or directly to the Compliance area, which is responsible for ensuring appropriate handling of reported cases.

20. PENALTIES

Failure to comply with the guidelines established in this Policy will subject the violator to disciplinary sanctions as provided in the Corporate Code of Ethics and Conduct and applicable legislation.
Sanctions will be applied in accordance with Copastur’s Disciplinary Measures Policy, ensuring proportionality, due process, and consistency.
Accountability may also extend to service providers, suppliers, and other third parties involved.

21. EFFECTIVENESS AND UPDATES

This Policy becomes effective on the date of its approval and must be reviewed every two (2) years, or earlier if significant legal, regulatory, or organizational changes occur.