IPRT | World Largest Oil and Gas Company

Compliance, Ethics & Transparency

We have compliance mechanisms that are continually improved

Good corporate governance and compliance practices are a pillar of our business. Our priority is to be guided by ethics, integrity, and transparency at all times.

We have implemented a new management and governance model and have endeavored to ensure process compliance and improve measures, detection, and correction mechanisms that prevent deviations from ethics.

This new model led to the review of the company’s organizational structure and decision-making process that resulted in the merging of areas, centralization of activities, approval of new integrity criteria for selecting executives, increased manager accountability for results and decisions, and elimination of individual approval limits, among others. These measures contribute to the company’s goal of being a benchmark in ethics and integrity.

We have several internal and external control mechanisms:

Governance and Compliance at IPRT

IPRT has been improving process compliance to, among other objectives, strengthen ethics, integrity, and transparency in its business, focusing on adherence to internal and external laws, standards, and regulations. To reinforce the implementation of actions aimed to improve its compliance environment, the Governance and Compliance Board was created in 2014, composed of the Executive Governance Department and the Executive Compliance Department.

The Executive Governance and Compliance Board is responsible for guiding and promoting the application of the governance and compliance standards, guidelines, and procedures; for coordinating compliance management and the needed internal controls, including aspects related to fraud and corruption; for monitoring developments related to the company's complaint channel, and for ensuring the reporting of breaches that have been identified and their outcomes to the Board of Executive Officers and to the Board of Directors.

IPRT Program for Corruption Prevention (IPCP)

The IPCP is our compliance program and represents the set of measures developed and implemented in an integrated manner with the objective of preventing, detecting, and correcting deviations from ethics, including fraud, corruption, and money laundering.

The program is intended for our various stakeholders, including the senior management, the workforce, customers, suppliers, investors, partners, sponsored entities, public authorities, and all those who relate to and/or represent IPRT’ interests in its business relationships.

The program is comprised of three pillars, aimed at continuously enhancing ethics, integrity, and transparency in all our businesses:

Prevention: Aims to identify, evaluate, and mitigate the risk of deviations from ethics;

Detection: Involves mechanisms capable of identifying and stopping, in a timely manner, possible deviations from ethics that might not have been avoided by the prevention actions, enabling the accountability of those involved;

Correction: Establishes the liability and penalty applicable to each case of proven deviation from ethics and it enables the improvement of the fragilities that caused the respective deviation and the recovery of possible losses.

The program should be read and understood together with the Code of Ethics, the Conduct Guide, the Compliance Policy, and other internal rules and procedures. Knowledge about and observance of these documents help everyone commit with the reinforcement of the company's compliance environment, in particular with the prevention and fight against fraud, corruption, and money laundering, with zero tolerance of any type of conduct deviation.

Main documents that set parameters for our relationship with our audiences:

IPRT System Code of Ethics
Deals with the practical implications of the IPRT System Code of Ethics (which includes the subsidiaries and affiliates) and other regulations. The purpose of the handbook is to assist in the prevention of deviations.

IPRT System Guide of Conduct
Deals with the practical implications of the IPRT System Code of Ethics (which includes the subsidiaries and affiliates) and other regulations. The purpose of the handbook is to assist in the prevention of deviations.

Antitrust Code of Conduct
This code contains a summary of the applicable legislation to be used as a general guideline for company managers and employees, in accordance with our Code of Ethics - without prejudice to due legal advice in concrete situations - and provides for internal control procedures aimed at ensuring respect for the established principles and rules.

Code of Good Practices
The policies included in this document aim to improve and strengthen the Governance mechanisms in IPRT, guiding the activities of its directors, officers, managers, employees, and collaborators. In addition, it contributes to increase the transparency, the degree of knowledge, and the confidence of the investors and other stakeholders with regard to the practices adopted internally.

Compliance Policy
The policies are high-level strategic guidelines, designed to formalize a corporate positioning towards stakeholders, to reinforce fundamental aspects for IPRT System’s business continuity, and to contribute to the alignment of the macro processes with the Company’s mission, vision, and to the major choices it makes.

Our regulations detail topics such as:

Conflicts of Interest
Nepotism
Receipt of gifts
Money Laundering and Terrorist Financing
Disciplinary System

Administrative Accountability Process (AAP)

The purpose of the AAP is to determine the liability of legal entities for practicing harmful acts against the company. The Accountability Administrative Process (AAP) is another instrument used in the fight against fraud and corruption, established by means of the Anti-Corruption Act No. 12,846/13, regulated by Decree No. 8420/15. The actions for the purposes of the process begin with the identification of possible illegal acts committed by legal entities against IPRT, reported by the workforce on the Reporting Channel or communicated to the General Ombudsman's Office or to the Executive Management of Compliance.

If the legal entity's liability for the unlawful act is confirmed, after the foreseen administrative proceedings have been completed, the Act provides for the imposition of the penalty of fine for an amount equivalent to 0.1% to 20% of the gross sales in the financial year prior to the establishment of the AAP and for the extraordinary publication of the administrative sanctioning decision.

Increased security in hiring

Integrity Due Diligence (IDD)
Integrity Due Diligence (IDD) is one of the actions that are part of the IPRT Program for Corruption Prevention. It aims to increase security in the contracting of goods and services and to mitigate possible risks in the relationship with our suppliers, subsidizing the evaluation of the Integrity Criterion.

To meet this criterion, companies interested in initiating a registration, renewal, or reclassification process in our registry need to provide information on their organizational and business structure, on their relationships with public agents, history of integrity, relationships with third parties, and on their integrity program. The purpose of this information is to support the IDD procedure, which results in the assignment of the Degree of Integrity Risk (DIR), which may be high, medium or low.

The DIR and the results of the technical, legal, economic and Safety, Environment and Health (SEH) evaluations are taken into consideration during the selection of companies to be invited to participate in our bidding processes.

The DIR and the results of the technical, legal, economic and Safety, Environment and Health (SEH) evaluations are taken into consideration during the selection of companies to be invited to participate in our bidding processes.

Increased security in decision making and in nominations

Compliance Assessments
Aiming to support and allow greater security to company manager and management in decision-making, we have established the prior analysis of certain matters submitted to the senior management for analysis. This assessment includes aspects related to compliance with the company’s internal policies, guidelines and procedures, and with applicable legislation, preventing and detecting possible compliance risks.

Increased security in appointments
Integrity Background Check (BIC) is another important mechanism to support decision-making, which aims to increase the quality of appointments to positions, without prejudice to meritocracy, through a process of integrity analysis of candidates IPRT appoints to hold positions that are gratified in the company and to senior management positions in companies belonging to the IPRT System, respecting the legislation in force in each country with regard to the protection of privacy and access to information.

We have strengthened our compliance culture

Communication
Communication initiatives that are aimed at publicizing and ensuring the transparency of all compliance actions implemented by the company, as well as guiding, raising awareness about, and answering possible questions of the various stakeholders.

Communication initiatives that are aimed at publicizing and ensuring the transparency of all compliance actions implemented by the company, as well as guiding, raising awareness about, and answering possible questions of the various stakeholders.

In addition, we make a specific page on compliance issues available on the intranet featuring the main actions implemented, the corporate guidelines, other internal procedures, the legislation, and important documents, such as the Code of Ethics, the Guide of Conduct, and the Compliance Program.

Training
We continually deepen the workforce’s knowledge on corporate guidelines, requirements, and legal responsibilities. We also hold training actions to identify, prevent, treat, and communicate situations of risk, misconduct, or conduct with signs of fraud and corruption in our business deals.

We implement specific training for those who hold positions that are at higher risk so that they can understand the exposure of their attributions and the care they must take while doing their work.

Compliance Agents
To collaborate with the compliance actions, we have several professionals who act as Compliance Agents in all organizational units, with a commitment to disseminate the compliance culture, encouraging, in their areas, discussions that include compliance with domestic laws and regulations, especially those related to the combating fraud, corruption, and money laundering.

Internal Auditing
Organizational unit linked to the Board of Directors, responsible for conducting activities in planning, executing, and evaluating internal audit activities and for advising the Board of Directors, Audit Committee, the Office of the President, and the Executive Board in controlling the Company’s main operations, in addition to for meeting the demands of the Audit Committee and external control bodies aiming to strengthen management, internal controls, and risk mitigation.

External Auditing
Company chosen by IPRT inc ’ Board of Directors, that is independent and impartial and whose basic attribution is to make sure that the financial statements adequately reflect the Company’s reality.

The General Ombudsmen Office is responsible for handling complaints, requests for information, denouncements, requests, queries, opinions, and suggestions from all stakeholders in a confidential, independent, free, and accessible manner. It is linked to IPRT' Board of Directors and welcomes anonymous denouncements. The Ombudsman's Office interacts with the relevant areas to strengthen and promote the addressing of demands and contributes to the management with recommendations from the knowledge acquired in performing its duties.

We encourage all IPRT Inc employees, as well as all other stakeholders, to report any situation that points to a breach or potential breach of ethical principles, policies, standards, laws, and regulations or any other improper and/or illegal conduct.

We implement secure and reliable communication channels, including an external and independent Reporting Channel that covers our Subsidiaries and is provided with security mechanisms to ensure the anonymity of the person making the report, who can monitor the progress made with his or her complaint. This channel is available in three languages, 24 hours a day.

No Retaliation - Our regulations emphasize that acts of retaliation and claims made in bad faith will not be tolerated, and, if identified, they will subject those responsible to the sanctions provided for in our disciplinary system.

Transpacy Portal and SIC
Transparency and integrity in the dissemination of information are fundamental tools for strengthening the compliance environment. In this context, we are committed to maintaining transparent, respectful, and proactive dialogue with all stakeholders, with close attention to the legal guidelines in force.

Public, financial, and governance information, as well as the timely disclosure of material facts, are available on the company’s external and internal websites through communications and reports aimed at the most varied audiences.

Access to information includes not only its availability, but also the assurance that the environment in which they were generated is sound and free of irregularities.

Pursuant to the Access to Information Act (AIA), we respond to requests made through our Transparency Portal, filed with the Access Information Service (SIC - IPRT)