Following the best practices of Corporate Governance, Risks Management and Compliance was created in 2017 (the latter incorporated, already present at Even since 2012). Its goal is to prepare planning and ensure risks management operationalization in the whole company, performing as facilitator and organizing several agents and initiatives in management and corporate risks mitigation. Besides, it performs as important spokesman between the Audit Committee and the Board of Directors as per the risks and internal control subject matters.

In 2018, the Policy of Risks Management was approved in the Board of Directors (with Audit Committee assistance), with the purpose of establishing the guidelines and responsibilities in risks management, specially for identifying and assessing the ones which may affect the company. It also has the purpose of establishing controls and procedures for monitoring, in order to prevent its occurrence or mitigate its impact.

Even has Risks Management Policy that covers all the processes, areas and employees, Audit Council and Committee included. It contains guidelines related to risks management process, to risks typology to which the company is exposed, to communication process, prioritization, treatment, consulting, monitoring and analysis related to risks management. Such policy was prepared according to the company´s guidelines and its basis are the market best practices, Regulation of the New Market and standards from the Securities and Exchange Commission (“CVM”).

The Policy most recent version was approved by the Board of Directors on May 2019, and is applicable to all the management organisms and departments. Such policy is available at the Relationship with Investors site (https://ri.even.com.br/), at “Statutes and Policies” section. Risks management structure is based on Three Lines defense Model:

1st line: managers are in charge of their area risks management and their holding.
2nd line: with the purpose of supporting the defense first line, so their responsibilities are complied, carrying out risks monitoring, providing suitable knowledge and tools for such process.
3rd line: with the purpose of objective and independent assessment of risks, controls management and the organization governance. The process is based on international metrologies, such as ISO 31.000:2018, COSO ERM and IIA.

The Organizational Structure of Risk Management

In 2019 we started the process of preparing the Risks Roadmap/Matrix to identify and monitor the main risks that impact the company´s and its controlled companies’ strategy and operations. Based on Risks Policy, governance necessary to follow up and develop risks (KRI) governance will be implemented, besides ensuring reduction of exposure withing the levels approved by the Board of Directors.

Since 2016 we have an Audit Committee and Finances Committee, which along with the Executive Board and, mainly with Finances Board, the main one in charge of finances management, searches for the moment of identifying, assessing and protecting the company against eventual financial risks.

To reduce market risks, Even has a Finances Policy approved in the Board of Directors meeting, which has the purpose or ensure the permanent compliance with financial obligations, and specific criteria shall be followed for:

• Financial availability and applications minimum balance measurement and maintenance (“minimum cash”);
• Destination of such balance in financial investments allowed;
• New financing contracting.

In two separate moments, previously to the establishment of any obligations to acquire land and previously to launching any developments, Investments Committee and Launching Committee, respectively, are summoned to approve the conditions proposed by the several managements. During such meetings the following will be assessed:

• Product proposed;
• Construction project and cost;
• Economic feasibility;
• Business and financial terms of the purchase proposal, in case of land acquisition;
• Business conditions and sales table, in case of launching;
• Land and/or development situation as per the legal and regulatory aspects.