UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 6-K
REPORT OF FOREIGN PRIVATE ISSUER PURSUANT TO RULE 13a-16 OR 15d-16 UNDER THE SECURITIES EXCHANGE ACT OF 1934
For the month of January 2022
Commission File Number: 001-39169
Natura &Co Holding S.A.
(Exact name of registrant as specified in its charter)
Avenida Alexandre Colares, No. 1188, Sala A17-Bloco A
Parque Anhanguera
São Paulo, São Paulo 05106-000, Brazil
(Address of principal executive office)
Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F:
| Form 20-F |
X |
Form 40-F |
Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(1):
| Yes | No |
X |
Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(7):
| Yes | No |
X |
NATURA &CO HOLDING S.A.
TABLE OF CONTENTS
| ITEM | |
| 1. | Policy for Transactions with Related Parties and Management of Conflicts of Interest of Natura &Co Holding S.A. |
| 2. | Enterprise Risk Management Policy of Natura &Co Holding S.A. |
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
|
NATURA &CO HOLDING S.A.
| ||
| By: |
/s/ Guilherme Strano Castellan | |
| Name: | Guilherme Strano Castellan | |
| Title: | Principal Financial Officer | |
| By: |
/s/ Itamar Gaino Filho | |
| Name: | Itamar Gaino Filho | |
| Title: | Chief Legal and Compliance Officer | |
Date: January 24, 2022
Item 1
Policy for Transactions with Related Parties and Management of Conflicts of Interest of Natura &Co Holding S.A.
NATURA &CO HOLDING S.A.
POLICY FOR TRANSACTIONS WITH RELATED PARTIES AND MANAGEMENT OF CONFLICTS OF INTEREST
| 1. | PURPOSE AND SCOPE |
1.1. This Policy for Transactions with Related Parties and Management of Conflicts of Interest (“Policy”) establishes the rules that shall be complied with in all business transactions of Natura &Co Holding SA (“Company”) involving its Related Parties (as defined below), as well as for the management of other situations involving possible conflicts of interest.
1.2. The purpose of this Policy is to provide guidelines for Transactions with Related Parties (as defined in this Policy) and other situations involving potential conflicts of interest.
1.3. This Policy covers and regulates: (i) the procedures for identifying Related Parties;(ii) the criteria that shall be met to carryout a Transaction with Related Parties; (iii) the procedures to assist in the identification and resolution of individual situations that may involve conflicts of interest; and (iv) the instances for approval of a Transaction with Related Parties, depending on the amount involved or the transaction being carried out within or outside the normal course of business.
1.4 This Policy is subject to the Bylaws, Law No. 6,404, of December 15, 1976, as amended (“Corporations Law”), to the regulations issued by the Brazilian Securities and Exchange Commission (“CVM”) on this subject, to the Technical Pronouncement of the Accounting Pronouncement Committee No. 05 (RI) (“CPC 05”), as amended, on transactions between Related Parties, to the relevant rules for listing on the Novo Mercado and Law No. 13.709 of August 14, 2018 (Law on Data Protection, –“LGPD”).
| 2. | DEFINITIONS |
2.1. General Definitions
For the purposes of this Policy:
“Control” is when an investor, regardless of the nature of its involvement with the entity (investee), is exposed to, or has rights to, variable returns arising from its involvement with the investee and has the ability to affect these returns through its power over the investee.
“Joint Control” is the contractually agreed sharing of business control, which only exists when decisions regarding relevant activities require the unanimous consent of the parties sharing the control.
“Personal Information” means any information associated with an identified or identifiable natural person.
“Close Family Members” are those family members who can be expected to exert influence or be influenced by the person in business with the Company, including, but not limited to,
(i) their spouse or partner, and children; (ii) child of their spouse or partner; and (iii) their dependents and those of their spouse or partner.
“Significant Influence” means the power to participate in the financial and operational decisions of an entity, even when having no control over such decisions. Significant Influence may be obtained through corporate interest, provisions in the bylaws or in a shareholders’ agreement.
“Related Party” means any natural or legal person, or any other entity that is related to the Company, as indicated below:
(a) A person, or a close family member, is deemed related to the Company if said person:
(i) has full Control or shared Control of the Company;
(ii) has Significant Influence over the Company; or
(iii) is a member of the Key Management Personnel of the Company or its Parent Company.
(b) An entity is related to the Company if any of the following conditions applies:
(i) the entity and the Company are members of the same economic group (which means that the parent and each subsidiary are related to one another, and that the entities under common control are related to one another);
(ii) an entity is an affiliate or joint venture of the Company (or an affiliate or joint venture of an entity that is a member of an economic group of which the Company is a member);
(iii) both the entity and the Company joint ventures of a third entity;
(iv) one entity is a joint venture of a third entity if the Company is an affiliate of the third entity;
(v) the entity is a post-employment benefit plan for the benefit of employees of both entities, the Company and the entity related to it;
(vi) the entity is fully or jointly controlled by a person identified in letter (a);
(vii) a person identified in letter (a)(i) of this item 4.1 has Significant Influence over the entity or is a member of the Key Management Personnel of the entity (or of a parent of the entity); or
(viii) the entity, or any member of a group of which it is a part, provides Key Management Personnel services to the Company or its parent.
“Key Management Personnel” are the persons having authority and responsibility for the planning, management, and Control of the company’s activities.
“Key Management Personnel of the Company” are the members of the Board of Directors, Board of Officers, the Audit, Risk Management and Finance Committee (the “Audit Committee”, the Organization and People Committee, the Strategy Committee, the Corporate Governance Committee and the Group Operating Committee.
“Transaction with a Related Party” means a Transaction with a Related Party including the transfer of resources, services or obligations between the Company and a related party, regardless of whether a price is charged as consideration therefor.
2.2. Conflicts of Interests
A conflict of interest is understood as an event or circumstance in which a Related Party is involved in a certain decision-making process, business or potential transaction, in which such Related Party has the power to influence or direct the result of this process and, thus, ensure a benefit for themselves or for a Close Family Member, harming the best interest of the Company and/or its subsidiaries.
2.3. Market Conditions
For the purposes of this Policy, “Market Conditions” means those conditions for which the principles of competitiveness have been observed during the negotiation (prices and conditions of services compatible with those practiced in the market); compliance (service is in compliance with the contractual terms and responsibilities practiced by the Company, as well as with the proper information security controls); and transparency (adequate reporting of the conditions agreed upon, with due application, as well as the reflection thereof in the Company’s financial statements).
2.4. Relevant Amount
For the purposes of this Policy, “Relevant Amount” means the total transaction amount or set of Related Transactions (as defined below), of up to ten million reais (BRL 10,000,000.00); “Relevant Amount Escalation Audit Committee” means the total transaction amount or set of Related Transactions (as defined below), from ten million reais (BRL 10,000,000.00) to fifty million reais (BRL 50,000,000.00); and “Relevant Amount Escalation Board of Directors” means the total transaction amount or set of Related Transactions (as defined below) above fifty million reais (BRL 50,000,000.00).
2.5. Related Transactions
For the purposes of this Policy, “Related Transactions” means the set of similar transactions having a logical relationship to each other by virtue of their object and their parties, such as:
(a) subsequent transactions arising from the first transaction already carried out. provided that such first transaction has established its main conditions, including the amounts involved; and
(b) transactions of a continued duration that encompass periodic installments, provided that the amounts involved are already known.
2.6. Related Parties WG
2.6.1. For the purposes of this Policy, “Related Parties WG” means the Working Group formed by at least one (1) representative of each of the following departments of the
Company: (i) LegaI, Ethics and Compliance; (ii) Controllership; and (iii) Risks and Internal Controls.
2.6.2. The convening of the Related Parties WG to act under the terms of this Policy will be carried out by any of the above mentioned departments, whenever such department receives information that a certain transaction potentially involves one or more Related Parties.
| 3. | PROCEDURES AND APPROVALS FOR TRANSACTIONS WITH RELATED PARTY |
3.1. Identification of Related Parties and classification of transactions as Transactions with Related Parties
3.1.1. Each manager of the Company shall complete, at the time of his/her appointment as a member of the Board of Directors or other statutory collegiate committees, or upon his/her hiring or promotion as Key Management Personnel of the Company (“Signatory to the Form related to the Policy for Transactions of Related Parties and Management of Conflicts of Interest”) a form containing a questionnaire created to collect information about the Parties Related to him/her, in accordance with the definitions contained in this Policy.
3.1.2. The proposing department, the Procurement department and each Signatory to the Form related to the Policy for Transactions of Related Parties and Management of Conflicts of Interest shall also inform the Company’s Legal, Ethics and Compliance department, so that it can call the Related Parties WG regarding any planned transaction of which they become aware that may be qualified as a Transaction with Related Parties. Each Signatory to the Form related to the Policy for Transactions of Related Parties and Management of Conflicts of Interest will also be responsible for obtaining relevant information from Close Family Members and updating the relevant information periodically.
3.1.3. Annually, the Company will request that each Signatory to the Form related to the Policy for Transactions of Related Parties and Management of Conflicts of Interest update the information granted by him/her as per the form.
3.1.4. Each Transaction with potential Related Parties reported to the Company’s Legal, Ethics and Compliance department shall contain all the necessary information to allow the Related Parties WG to carry out the necessary analysis and evaluation provided for in clause 3.5 below.
3.1.5. Each Transaction with potential Related Parties reported to the Legal, Ethics and Compliance department shall be analyzed by the Related Parties WG, which shall determine whether it in fact constitutes a Transaction with Related Parties subject to the procedures of this Policy. The Related Parties WG shall classify the Transactions with Related Parties considering (i) the amount involved (as well as the amount is above 50% (fifty percent) of the total assets of the Company as per the last approved balance sheet. and (ii) whether they relate to a transaction within the normal course of business, or not, in order to determine the competent bodies responsible for their evaluation and analysis and, if applicable, the approval by such bodies in accordance with this Policy. The Related Parties WG may first consult the Audit Committee regarding the classification of Transactions with
Related Parties under this Policy, as well as with respect to any reputational aspect or characteristics that may impact the Company’s image negatively.
3.1.6. If the analysis leads to the conclusion that a Transaction with Related Parties shall be informed to the Company’s Audit Committee and/or to the Board of Directors, the Related Parties WG shall transmit to the Company’s Audit Committee and the Board of Directors, in advance, all the relevant information that allows the Company’s Audit Committee and then the Board of Directors to analyze the Transaction with Related Parties in accordance with the guidelines set forth in clause 3.5 below.
3.2. Formalization
3.2.1. Once approved, a Transaction with Related Parties shall be concluded in writing, specifying its main terms and conditions, such as: consideration under the terms of the agreement, duration and conditions for termination, representations and warranties, indemnities, liability, among others.
3.3. Competences and approvals of Transactions with Related Parties
3.3.1. Before entering into any Transaction with Related Parties, the procedure described below shall be followed.
3.3.2. The procedure for approving Transactions with Related Parties will start by identifying the Related Party according to the Company’s database. Once the Transaction in question is classified as a Transaction with a Related Party, it shall be approved, subject to the provisions of this Policy.
3.3.3. The execution of a Transaction with Related Parties whose amount corresponds to more than fifty percent (50%) of the Company’s total assets included in the last balance sheet approved, or as otherwise required by law, shall be formally and previously approved by the Company’s shareholders at a general meeting. In this case, the Related Parties WG shall submit the transaction directly to the Board of Directors, so that the measures provided for in item 3.3.10 below can be taken.
3.3.4. All Transactions with Related Parties to be entered into in the normal course of business not involving Relevant Amounts shall be formally and previously approved by the Related Parties WG by reporting it to the Audit Committee, on a six-months basis, after the execution of the Transaction with Related Parties. Normal course of business is understood to be the Company’s and its controlled company’s ordinary and recurrent transactions, except transactions related to the purchase of, direct investment into, subscription of capital or convertible debt or options to purchase equity stake in a legal entity.
3.3.5. Transactions with Related Parties to be entered into (i) outside the normal course of business, provided they do not involve any Relevant Amounts; and (ii) inside the normal course of business which involve Relevant Amounts Escalation Audit Committee, shall be approved formally and in advance by the Related Parties WG based on a previous opinion prepared by the Audit Committee.
3.3.6. Transactions with Related Parties involving Relevant Amounts Escalation Board of Directors, whether entered into in the normal course of business or not, shall be formally
and previously approved by the Company’s Board of Directors based on a prior opinion prepared by the Audit Committee and the Related Parties WG.
3.3.7. The Board of Directors, the Audit Committee and the Related Parties WG shall (i) have access to all relevant and necessary documentation regarding specific transactions or guidelines for contracting transactions; and (ii) request the Board of Officers to analyze market alternatives to the Transaction with Related Parties in question, adjusted to the risk factors involved, as well as any expert opinions or technical reports deemed necessary to provide their opinion or make their decision.
3.3.8. The Board of Directors or the Related Parties WG, as the case may be, may approve a Transaction with Related Parties if it finds, in good faith, that the transaction is carried out under Market Conditions or with adequate compensation payment and in the interest of the Company and/or its subsidiaries.
3.3.9. The Board of Directors or the Related Parties WG, at its discretion, may establish, as a condition to approve a Transaction with Related Parties, any modification it deems necessary for the transaction to be concluded on an equitable basis and in the interest of the Company and/or its subsidiaries.
3.3.10. If a Transaction with Related Parties has to be approved by the shareholders at a general meeting in accordance with applicable law, this transaction shall be submitted to the shareholders accompanied by a proposal submitted by the Company’s Board of Directors, supported by an independent appraisal report, independent technical report or independent specialist opinion, prepared without the participation of any party involved in the transaction in question, be it a bank, a lawyer, a specialized consulting company, among others, based on realistic assumptions and information endorsed by third parties.
3.3.11. The Board of Directors shall ensure that corporate restructuring involving Related Parties ensure equitable treatment to all shareholders.
3.4. Situation of conflict of interests
3.4.1. In situations in which any Transaction with Related Parties requires prior approval under this Policy, the person involved in the approval process, who is in a personal situation of conflict of interests, shall inform such situation to the Related Parties WG and, if pertinent, to the Board of Directors and to the Audit Committee, which is responsible for the analysis and/or approval and shall explain their involvement in the transaction and, upon request, provide details and explanations regarding the terms and conditions of the transaction and the situation thereof
3.4.2. If necessary, the person in a personal situation of conflict may partially take part in in the discussion on the Transaction with Related Parties, seeking exclusively to provide more information on the transaction and the parties involved. However, such person shall not exert any influence in the approval process of the Transaction with Related Parties.
3.4.3. The Signatories of the Form related to the Policy for Transactions of Related Parties and Management of Conflicts of Interest that are in a situation of personal conflicting interest shall inform the Legal, Ethics and Compliance department of their
impediment and ensure it is stated, in the minutes of the Board of Directors or Board of Officers meetings, the nature and extension of their impediment.
3.4.4. In case any Signatory to the Form related to the Policy for Transactions of Related Parties and Management of Conflicts of Interest, who may have a personal conflicting interest, fails to report on such conflict of interests, any other member of the body to which he/she belongs and who has knowledge of the situation shall do so.
3.4.5. The lack of voluntary pronouncement on the part of a manager is deemed a violation of this Policy. Such violation will be reported to the Related Parties WG and to the Audit Committee for assessment, being subject to the proposition of any corrective action by the Board of Directors.
3.5. Criteria for approving Transactions with Related Parties
3.5.1. In analyzing Transactions with Related Parties and providing its decision or opinion on the merits on the Transaction with Related Parties, as applicable, the Related Parties WG, the Audit Committee and/or the Board of Directors, if pertinent, shall consider the criteria they deem relevant for the analysis of the transaction, in particular:
(a) whether there are justifiable reasons, from the commercial point of view of the Company and/or its controlled companies, for completing a Transaction with Related Parties;
(b) whether the transaction was dealt with on Market Conditions;
(c) whether there are any market alternatives to the Transaction with Related Party in question, adjusted by the risk factors involved;
(d) whether there has been a pricing procedure, a competitive process or any other attempt to carry out this transaction with third parties and for its outcome;
(e) the valuation methodology used and other possible approaches to appraise the transaction;
(f) possible provisions or limitations imposed on the Company and/or its subsidiaries resulting from the execution of the transaction or whether the transaction poses any potential risk to the Company and/or its controlled companies (including reputational risk); and
(g) extent of the Related Party’s participation in the transaction, considering the amount involved in the transaction, the Related Party’s general financial situation, the direct or indirect nature of the Related Party’s participation in the transaction and the continuous or non-continuous nature of the transaction, among other aspects that they deem pertinent.
| 4. | PROHIBITED TRANSACTIONS |
| 4.1. | The Transactions with Related Parties described below are expressly prohibited: |
(a) transactions carried out under conditions other than on Market Conditions;
(b) forms of remuneration of advisors, consultants or intermediaries that cause conflict of interest with the Company, its managers. shareholders or classes of shareholders;
(c) granting loans in favor of the controller and the managers, except if such loan is granted within the scope of the integrated member incentive program, if the manager or controller appears as an integrated member, and in accordance with the same terms and conditions that were granted to the other integrated members in that fiscal year;
(d) with Related Parties that are not performing activities commonly performed by them; and
(e) transactions or businesses that are foreign to the corporate purpose and interests of the Company and/or its controlled companies, such as sureties, guarantees, endorsements and any other guarantee in favor of third parties.
| 5. | TRANSACTIONS WITH RELATED PARTIES EXEMPT FROM THE PROCEDURES OF THIS POLICY |
5.1. The Transactions with Related Parties below are not subject to the procedures set forth in this Policy:
| (a) | compensation of managers; |
| (b) | transactions with controlled companies of the Company (intercompany transactions), including, but not limited to, input supply agreements, lease agreements, loan for use, service provisions, surety, “aval” guarantee, credit facilities, transfer of assets, corporate restructurings, among others; |
| (c) | renewals of Transactions with Related Parties already approved by the Related Parties WG or by the Board of Directors, as applicable, provided that such renewals are under the same pre-existing terms and conditions or have been approved as per the past existing policy; |
| (d) | reimbursement of travel and training expenses; |
| 6. | NON-COMPLIANCE WITH THE PROVISIONS OF THIS POLICY |
6.1. If any Transaction with Related Parties has not been submitted to the approval procedures provided for in this Policy before its execution and/or implementation, such transaction shall be reported to the Related Parties WG for analysis and approval by the Board of Directors or by the Related Parties WG itself, as applicable. This body shall conduct the analysis provided for in this Policy and shall also consider all options available to the Company, including the ratification, amendment or termination of the Transaction with Related Parties.
6.2. The Related Parties WG, the Audit Committee and, as the case may be, the Board of Directors, shall also examine the facts and circumstances related to the nonsubmission of the Transaction with Related Parties for approval under the terms of this Policy and shall perform the acts they deem appropriate, in order to ensure the effectiveness of the Policy.
| 7. | DISCLOSURE OF TRANSACTIONS WITH RELATED PARTIES |
7.1. In accordance with the terms of the Corporations Law and regulation issued by the CVM, the Company shall disclose Transactions with Related Parties in its financial statements, by providing sufficient details to identify the Related Parties and all essential
terms of such transactions. The disclosure of this information shall be made, in a clear and precise manner, in the notes to the Company’s financial statements, in accordance with the applicable accounting rules.
7.2. The Company shall also disclose Transactions with Related Parties in accordance with applicable CVM regulations and the B3 S.A - Brasil, Bolsa, Balcão Listing Rules.
| 8. | TREATMENT OF PERSONAL INFORMATION |
The individuals classified as Related Parties will present personal information to the Company so it may comply with its legal obligations. Such data will be processed solely for the purposes set out in this Policy and in compliance with LGPD and as per the Form related to the Policy for Transactions of Related Parties and Management of Conflicts of Interest, which should be read together with this Policy.
| 9. | POLICY UPDATES |
9.1. The Company’s Board of Directors is authorized to update this Policy whenever necessary, including due to any change in the applicable laws. regulations and guidelines issued by competent authorities.
| 10. | EFFECTIVENESS |
10.1 This Policy was approved by the Board of Directors and is effective as of the date hereof and it may only be amended upon resolution of the Company’s Board of Directors.
São Paulo. December 14, 2021.
*****
Item 2
Enterprise Risk Management Policy of Natura &Co Holding S.A.
1 Second - Quarter 2021 Results August 13, 2021
NATURA &CO HOLDING S.A.
ENTERPRISE RISK MANAGEMENT POLICY
| 1. | Purpose |
The purpose of this Enterprise Risk Management Policy (“Policy”) is to set standard guidelines and define the principles, roles and responsibilities regarding Enterprise Risk Management (ERM) practices for Natura &Co, supporting decision making-processes and providing relevant insights considering the balance of risk and performance.
| 2. | Scope and Application |
This Policy applies to all entities of Natura &Co Group, including, for the avoidance of doubt, all the subsidiaries of Emeis Holdings Pty Ltd (“Aesop”), The Body Shop International Limited (“TBS”), Natura Cosméticos and Avon Products, Inc (“Avon”), irrespective of the country of incorporation, registration or office location.
| 3. | Definitions |
Action Plan: An action, or a set of actions, developed to reduce a Risk Exposure.
Company or Group: Natura &Co Holding S.A. and its controlled companies, known as Business Units (BUs), namely Emeis Holdings Pty Ltd (“Aesop”), The Body Shop International Limited (“TBS”), Natura Cosméticos and Avon Products, Inc (“Avon”).
Committee of Sponsoring Organizations of the Treadway Commission (COSO): Joint initiative composed by specialized and recognized organizations of the private sector, dedicated to providing thought leadership through the development of frameworks and guidance on Enterprise Risk Management, Internal Control and Fraud deterrence.
Emerging Risks: Risks that may have its exposure increased, despite of its current levels as stated in the current Risk Map, due to an abrupt change of internal and/or external factors that affect its scenario.
Executive Leadership: Represented by the Executive Management of Group and Business Units as well as by the members of the Group’s Committees, such as ExCom, ELT, Comex, Summit. They are responsible for managing the Company and conducting the business and its operational and financial processes.
IIA (The Institute of Internal Auditors): International professional association and authority for Internal Audit, Enterprise Risk Management, Corporate Governance, Internal Control, and Information Technology Audit matters.
Impact: The extent to which a Risk might affect the Company. A potential consequence of a Risk materialization measured in financial and/or non-financial terms.
ISO (International Organization for Standardization): Worldwide federation that prepares consensus-based and market relevant International Standards through technical committees.
ISO 31000: International Standard issued by ISO with guidelines for Risk Management.
Likelihood: Probability of an event occurring. In Risk Management terminology, it is used to refer to the chance that something will happen, regardless of being defined, measured, or determined in an objective or subjective, qualitative or quantitative way, or being described with the use of general or mathematical terms, such as probability or frequency during a certain period.
Risk: The possibility that events will occur and affect the achievement of strategy and business objectives, hindering creation or even destroying existing value, or potentially contributing to the decision-making process for a strategic or business opportunity.
Risk Appetite: Aggregate level of exposure and types of Risk the company is willing to assume in order to achieve its strategic objectives.
Risk Exposure: Combination of Impact and Likelihood that represents adverse effects from Risks.
Risk Map: Graphic representation of Risk Exposure levels in two axes of analysis (Impact and Likelihood), comprising a 4x4 matrix.
Risk Management: Set of activities and procedures defined to manage Risks and opportunities. In the context of this Policy, refers specifically to the Group’s Enterprise Risk Management (ERM) approach.
Risk Owners: Managers or executives who have the accountability and authority to manage Risks and opportunities in different business and operational areas within the Company. They are designated by the Executive Leadership as responsible for the identification and effective application of Risk Management procedures in line with the agreed Risk Appetite.
Risk Response: Position taken when a Risk is identified, upon the decision of mitigating, rejecting or retaining it. The Group’s overall ERM strategy indicates mitigate as the preferred Risk Response, which will outcome the need of defining an Action Plan to mitigate that Risk.
| 4. | Principles and Guidelines |
The Group is committed to keep a robust and integrated governance model to ensure, in the benefit of its stakeholders, the achievement of corporate goals and performance of its responsibilities with accountability, compliance, disclosure and fairness.
Risk Management practices, which includes the identification of opportunities and threats, is seen by the Group as a core component of the commitment stated herein. It is a constant and transparent process incumbent upon all professionals who work for the Group in every hierarchical level. Each one is responsible for becoming aware of Risks involved in their area, considering short, medium and long term aspects, along with managing and reporting them in accordance with concepts, guidelines and instructions shortly described in this Policy and detailed in its supplementary documents.
Natura &Co ERM methodological approach is based on the integrated framework suggested by COSO and guidelines defined on ISO 31000 for Risk Management, also observing the concepts established on the Three Lines Model, developed by the IIA, which is illustrated below in figure 1.
Figure 1 – Adapted from the IIA’s Three Lines Model
The IIA’s Three Lines Model ensures there is segregation between direct accountability for: Risk decisions (First Line); independent oversight on Risk decisions along with definitions for the Risk Management framework (Second Line); and independent assurance on the effectiveness of Risk Management, control and governance processes (Third Line).
The First Line is most directly aligned with decision-making for business strategy, and therefore in charge of daily execution of Risk ownership, and it is formed by the business areas, including affiliates and controlled companies. The Second Line works through independent structures supporting the business and is formed by areas such as Risk Management and Internal Control, Compliance, Regulatory, and Information Security, who provide instruments for the First Line managers to effectively manage Risks with a preventive approach. The Third Line is formed by Internal Audit, working with an independent look to verify the effectiveness of the model with a detective focus. More comprehensive roles and responsibilities of each line can be found in item 5 (Roles and Responsibilities) of this Policy.
| 4.1 | Natura &Co ERM Framework |
The Group’s ERM methodology is summarized in the framework showed in figure 2. It is a continuous process that encompasses four main steps: i) Identification and Analysis; ii) Assessment; iii) Response; iv) and Oversight. The framework contemplates ISO 31000 guidelines segregated in different great group of activities.
Figure 2 – Graphic representation of Natura &Co Risk Management Framework
Where:
Identification and Analysis
Identification and Analysis is an iterative process, that contemplates the verification of internal and external factors that contribute on the debate of events that may affect the scope of business goals, in short, medium and long term aspects from a preventive perspective during decision-making processes, as well as assessing their implications.
To establish the context for identification, it is important to consider both internal and external environments, captured and reflected in the Group’s strategy. Internal factors to be observed include the Company’s vision and mission, strategic objectives, initiatives to support the achievement of goals, corporate governance (standards, procedures and guidelines), relationship with internal stakeholders and contractual matters, organizational culture and structures, data and processes. External factors comprehend the circumstances that surrounds the Company in the international, national, regional and local contexts, such as social, cultural, political, legal, regulatory, financial, technological, economic, environmental factors and relationship with external stakeholders.
Risk Owners, jointly with other corporate areas, and taking into account their capacity to contribute with relevant information, shall proceed with the analysis of Risks to identify root causes, processes and areas that might be affected in case of materialization, aligned with potential causes and consequences for the Company.
Assessment
Risk assessments will look at potential Impact and Likelihood of a materialization, which will define the level of Risk Exposure. The graphic representation of the Company’s Risks Exposure levels will comprise a 4x4 matrix (Risk Map) to support the decision-making process and prioritization of themes.
Risks must be properly identified, assessed and prioritized in order to ensure that the most relevant themes will be periodically monitored in the adequate governance forums, the response initiatives will be timely addressed, and the exposures will be managed within acceptable levels.
Response
Response refers to the response strategy for Risks, or how the Company will choose to handle Risks. It shall be aligned to the Company’s Risk Appetite, oriented by Risk Exposure levels, as their positioning on the Risk Map. The definition of actions and initiatives for Risk Response and mitigation design will aim at a mindful decision-making for best response alternatives, considering short, medium and long term outcomes. The timeframe for mitigation must be compatible with the severity and speed of onset of each risk, in order to allow for an adequate reduction of exposure.
The responses must be the optimal alternative of reaction in light of the possibilities, considering Company’s Risk Appetite, which will best balance the reduction of exposure and related costs. Upon the implementation of a Risk Response, it is important to consider forward mitigation initiatives (Action Plans) proposed and performed by the Risk Owners.
The Action Plans will be implemented, executed and managed by the First Line, will be monitored and supported by the Second Line, and will be discussed in governance forums when applicable.
Oversight
Oversight involves monitoring and performing a critical analysis means the verification, supervision, critical observation and improvement implementation processes based on the identification of changes in the required or expected level of performance. Forums where Risks are overseen are initially defined by considering the origin of each risk and functional knowledge.
It is important that all aspects of the Risk management process are monitored in order to (i) ensure that the controls and management practices are effective and efficient in the design and operation; (ii) gather information that may improve the Risk assessment process; (iii) improve the process through the analysis of events, changes, trends, successes and failures; (iv) identify changes in the external and internal contexts, which may even have an influence on past response choices and priorities; (v) identify emerging Risks.
| 5. | Roles and Responsibilities |
| 5.1 | Board of Directors |
| · | To define the Risk management philosophy of the organization in line with the mission, values, and principles set; |
| · | To set the Group’s levels of Risk Appetite based on the short-, mid- and longterm business goals; |
| · | To review and approve the general definitions of Risk management strategies, including this Policy; |
| · | To monitor critical alignments: strategy, Risks, controls, compliance, incentives, and people; |
| · | To periodically acknowledge and assess whether the corporate Risk management processes, including scenarios that have been prioritized, allow the Board of Directors to achieve its Risk supervision goals, and recommend alterations if required. |
| 5.2 | Audit, Risk Management and Finance Committee |
| · | To supervise the suitability of processes related to risk management and to the internal controls system, in line with the guidelines set by the Board of Directors; |
| · | To support managers in the formulation of concepts and methodologies used in the management of Corporate Risk, as well as the Risk Map, which classifies them in accordance with the severity of their potential impacts; |
| · | To assess and monitor the Company’s risk exposures; |
| · | To track the evolution of the management of identified risks, as well as the compliance with the applicable legislation, policies, rules and procedures of the Group, and the effectiveness of controls and addressed response actions; |
| · | To assess the suitability of the human and financial resources allocated to the Corporate Risk management process of the Group; |
| · | To keep the Board of Directors properly informed of the effectiveness of the Risk management processes, including prioritized scenarios, as well as, whenever necessary, to recommend changes to the concepts and risk appetite levels. |
| 5.3 | Executive leadership (Group and Business Units) |
| · | To submit the general guidelines on the management of risks and limits of exposure for approval of the Audit, Risk Management and Finances Committee and the Board of Directors; |
| · | To assess the performance of the Risk management process; |
| · | To ensure the resources required for the implementation of the general guidelines on Risk management; |
| · | To validate the periodic reviews of the Risk map with an Impact on the Group’s strategies; |
| · | To monitor the behavior of exposures of priority Risks. |
| 5.4 | Chief Executive Officers (Group and Business Units) |
| · | To promote the integration between ERM and the cycles of review and construction of the Group’s and Business Unit´s strategic plan |
| 5.5 | Enterprise Risk Management and Internal Controls Area (Group and Business Units) |
The Risk and Internal Controls Area assumes several responsibilities regarding its Enterprise Risk Management, Internal Controls and Insurance structure. Its main responsibilities are:
| · | Developing and implementing the Enterprise Risk Management strategy and methodology in compliance with the applicable laws, regulations, policies, rules, internal procedures and best management practices. |
| · | Jointly with 2nd and 3rd lines, to reconcile the risk measures, impact and probability so the same Risk classification concepts are used for all activities; |
| · | Keeping this Policy, the Enterprise Risk Management Procedure and other supplementary Risk documents updated (Risk Map, etc.). |
| · | Promoting an Enterprise Risk management culture in the organization; |
| · | Providing tools for Risk owners to properly and timely identify, analyze, assess Risk and give the best set of responses; |
| · | Periodically monitoring the levels of exposure to Risks; |
| · | Reporting to the Executive Leadership and the Audit, Risk Management and Finances Committee the levels of potential exposure of the main Risks; |
| · | Monitoring the implementation of the Risk owners’ action plans, whenever applicable, in order to verify their mitigation or reduction, reporting it to the Executive Leadership and the Audit, Risk Management and Finances Committee. |
| 5.6 | Internal Audit |
| · | Assessing the reliability of information, reviewing the effectiveness and efficiency of transactions and information produced by these, and protecting the Company’s assets ensuring compliance with laws, regulations and contracts; |
| · | Examining the internal controls system, providing an assessment of its effectiveness to the senior management; |
| · | Providing advice to the Group Chief Executive Officer and to the Board of Directors, through the Audit, Risk Management and Finances Committee, monitoring, examining, assessing, informing, and recommending improvements for the internal environment and effectiveness of the Enterprise Risk Management process; |
| · | Identifying and indicating the Risks that may not have been mapped by the organization, by means of an independent assessment of the internal controls’ environment; |
| · | Assessing the quality and effectiveness of the enterprise risk management processes of the Company, periodically monitoring the risk mitigating actions and the frailties recorded in the audit reports and feed the enterprise risk management model with information. |
| 5.7 | Risk Owners |
| · | Identifying, assessing, mitigating and monitoring the Risks of the processes and business under their responsibility, based on the criteria set by the Group; |
| · | Defining and implementing mitigating actions and management practices for the exposure to Risks; |
| · | Creating and updating the key indicators used to monitor Risks; |
| · | Ensuring the performance and effectiveness of existing Internal Controls used to mitigate Risks; |
| · | Formalizing occasional exposures to Risks identified due to the monitoring of transactions that are unknown to Management. |
| 6. | Risk Reporting |
The forums to share and monitor exposures are initially defined considering each risk’s classification, as described below:
| Level of Exposure of the Risk | Sharing and Monitoring Forum |
| 4. Severe | Board of Directors, Audit, Risk Management and Finances Committee and Executive Leadership |
| 3. High | Audit, Risk Management and Finances Committee, Executive Leadership and Vice-presidencies responsible for the business unit(s) |
| 2. Moderate | Officers responsible for the business units |
| 1. Low | Officers responsible for the business units |
The forums created may, at any time, request that risk subjects are registered for monitoring and acknowledgement, regardless of the indicated levels of exposure, and the owners of the subjects (risks) shall prepare documentation that will allow the timely understanding of the current exposures, the stage of implementation of the actions and the deadline for completion of those actions, as well as restrictions or extraordinary events responsible for occasional extensions.
| 7. | Final Considerations |
Due to the size of the Group, its business particularities, complexity of structures, diverse operational contexts and geographical locations, along with different jurisdictions and regulatory environments where the Business Units operates, this Policy may be complemented by specific procedures (ERM procedure, and other supplementary documents) applicable and/or required.
This Policy was approved on December 14, 2021 by the Board of Directors of Natura &Co Group, replacing its prior version, becoming effective immediately, on the date of its publishing and disclosure, and shall remain in force for an indefinite term, until it is resolved otherwise.