EX-99.1 2 ex99-1.htm EX-99.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Report of theBrazilian CorporateGovernance CodeItaú Unibanco Holding S.A.July / 202520252025 Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 2 Partially compliant Compliant N/A Not compliant 1.1.1 Partially compliant Compliant N/A Not compliant The company’s capital stock should be comprised of common shares only. Our Bylaws provide for two types of shares, common (ON) and preferred (PN) shares, both book-entry, with no par value and in a single class. Each common share entitles its holder to one vote at General Stockholders’ Meetings. Preferred shares carry no voting rights, except in specific cases legally provided for, and give their holders priority on the receipt of non-cumulative minimum annual dividends of R$ 0.022 per share, adjusted in the event of a stock split or reverse stock split, and also the right, in the event of a disposal of control, to be included in a public offering for the acquisition of shares, in order to assure a price equal to 80% of the amount paid per voting share to the controlling group, ensuring dividends at least equal to those of common shares. Preferred shares are a legitimate instrument, set forth by law, and their issue has no bearing on the quality of our management, corporate governance level, performance or returns to our Stockholders. Since our incorporation, our controlling Stockholders believe that our capital structure satisfactorily meets our corporate purposes. The Bylaws are available on our investor relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Bylaws. 1.2.1 Stockholders’ agreements should not bind the exercise of voting rights of any member of management or supervisory and control bodies. Given the merger between Itaú and Unibanco, in 2009, regulation through a Stockholders’ Agreement became necessary, including binding the exercise of the voting rights of members of the Board of Directors. We believe that the definition and regulation of stockholding control, as reflected in the Stockholders’ Agreement, is positive for the smooth running of the business, and does not harm the interests of investors and the Company itself, mainly considering: (i) the fiduciary duty of all management members, who should always vote in the best interests of the Company; (ii) the existence of a highly professional management with broad technical expertise; (iii) the significant number of independent members of the Board of Directors, currently accounting for 53.8% of the total composition and (iv) the existence of rigorous mechanisms, strictly applied by the Company, to prevent actual situations where conflicts of interest may arise. Our Stockholders’ Agreement does not bind the voting rights of any member of the Company’s supervisory and control bodies. The Stockholders’ Agreement is available on our investor relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Policies > Others. Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 3 Partially compliant Compliant N/A Not compliant 1.3.1 The board of officers should use Stockholders’ general meetings to communicate how the company’s business is being conducted, for which reason management should publish a manual aimed at facilitating and encouraging attendance to Stockholders’ general meetings. Partially compliant Compliant N/A Not compliant 1.4.1 The board of directors should conduct a critical analysis of the advantages and disadvantages of the defense measure and its characteristics, especially triggers and price parameters, if applicable, providing relevant explanation. Partially compliant Compliant N/A Not compliant Minutes should provide a full understanding of the discussions held at meetings, even if in the form of a summary, and should identify the votes cast by Stockholders. 1.3.2 Partially compliant N/A Not compliant Provisions that prevent the removal of the measure from the bylaws, the so-called “entrenched clause”, should not be used. 1.4.2 Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 4 Partially compliant N/A Not compliant Partially compliant N/A Not compliant 1.5.1 Transactions involving a direct or indirect disposal of stockholding control should be followed by a tender offer to all Stockholders, at the same price and in the same conditions obtained by the selling stockholder; (I) THE COMPANY’S BYLAWS SHOULD ESTABLISH THAT: (II) Management should state an opinion on the terms and conditions of corporate reorganizations, capital increases and other transactions leading to a change of control, and whether these terms and conditions ensure fair and equitable treatment to the company’s Stockholders. (I) The Brazilian Corporate Law provides for tag-along rights of 80% for minority holders of common shares in the case of a disposal of stockholding control. The Company extends the same 80% tag-along rights to preferred Stockholders. For this reason, the Company is listed on the ITAG – Special Tag-Along Stock Index of B3 – Bolsa, Brasil, Balcão S.A. (“B3”). (II) With respect to the opinion expressed by management members about possible corporate restructurings, the Company understands that management may always express its opinion regardless of statutory provisions. 1.6.1 The bylaws should provide that the board of directors should issue an opinion on any tender offer related to shares and securities convertible into or exchangeable for shares issued by the company, and this should include, among other relevant information, the opinion of the board of directors on any possible acceptance of the tender offer and the company’s economic value. Partially compliant N/A Not compliant If the bylaws provide for a tender offer whenever a stockholder or group of Stockholders directly or indirectly attains a significant interest in the voting capital, the rule for determining the offer price should not impose additional premiums substantially greater than the shares’ economic or market value. 1.4.3 Compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 5 Partially compliant N/A Not compliant Partially compliant N/A Not compliant 1.8.1 The bylaws should clearly and accurately identify the public interest that has justified the creation of the mixed-capital company in a specific chapter. Periodically assess the company’s risk exposure and the effectiveness of its risk management systems, internal controls, and compliance system, and approve a risk management policy in line with these business strategies; (II) 2.1.1 Define business strategies, taking into account the impacts of the company’s activities on society and the environment, aimed at the continuity of the company and the creation of long-term value; WITHOUT PREJUDICE TO OTHER LEGAL OR STATUTORY POWERS AND OTHER PRACTICES SET FORTH IN THIS CODE, THE BOARD OF DIRECTORS SHOULD: (I) 1.8.2 The board of directors should monitor the company’s activities and establish policies, mechanisms and internal controls to verify any costs of serving the public interest and any refunds to the company or other Stockholders and investors by the controlling stockholder. Define the company’s values and ethical principles and ensure the company’s transparency in its relationship with all stakeholders; (III) Partially compliant N/A Not compliant 1.7.1 The company should prepare and disclose a policy on the allocation of earnings defined by the board of directors. Among other aspects, this policy should provide for the frequency of dividend payouts and the reference parameter to be used to define the related amounts (such as percentages of adjusted profit and free cash flows). Compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 6 Partially compliant N/A Not compliant Annually revise the corporate governance system to improve it. (IV) (I) Sustainability is a key topic in the Board of Directors’ agenda and, at least once a year, it is addressed in the Board’s meetings. The Board of Directors is responsible for monitoring the effectiveness of our ESG strategy and Environmental, Social and Climate Responsibility Policy, known as PRSAC, in line with the long-term challenges and trends, with the assistance of the Environmental, Social and Climate Responsibility Committee (ESC Responsibility Committee) and the officers in charge, in addition to promoting the dissemination of key ESG issues and employee engagement. The ESC Responsibility Committee, a joint body, is made up of members of the Board of Directors and its mandate is to define strategies to strengthen the Organization’s environmental, social and climate responsibility, in all its elements, including the decarbonization strategy, initiatives focused on ESG and the private social investment strategy. In 2024, among the topics monitored by the Superior ESG Council and the ESC Responsibility Committee, the highlights were the approval of the ESG strategy and of the decarbonization goals of priority carbon-intensive industries, the monitoring of the Environmental, Social and Climate Responsibility Policy (PRSAC) and climate emergencies, legislative advocacy and new ESG regulations, the private social investment and sponsorship and donation strategy, among others. (II) We have a risk management structure aimed at: (i) identifying risks; (ii) measuring risks (analyzing materiality); (iii) assessing risks; (iv) controlling and responding to (mitigating) risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance framework for policy review applicable to Brazil and the foreign units. Policies basically define institutional guidelines, methodologies and processes, which address regulatory requirements and best market practices. We have internal policies that provide for guidelines and establish risk management governance, as follows: Capital Management, Credit Risk Management and Control, Operational Risk Management, Liquidity Risk Management and Control, Market Risk and IRRBB (Interest Rate Risk in the Banking Book) Management and Control, Compliance and Environmental, Social and Climate Risks. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: https://www.itau.com.br/relacoes-com-investidores/en/ >Menu > Itaú Unibanco > Corporate Governance > Policies > Reports. (III) Itaú Unibanco’s Board of Directors is responsible for defining the Company’s values and ethical principles, ensuring the transparency in its relationship with all stakeholders, and it is the forum responsible for approving the Code of Ethics and Conduct, which guides the ethical conduct of employees and management members, aiming to prevent and address ethical dilemmas and conflicts of interest related to our activities, and preserving transparency, respect and honesty in its relationship with all stakeholders. The Code of Ethics and Conduct is divided into five strategic pillars: “Our corporate identity”, “Our interactions”, “Bona fides and our professional attitude”, “How we manage conflicts of interest” and “Use, management and scope of the Code of Ethics and Conduct”. The Corporate Integrity, Ethics and Conduct Policy complements the Code of Ethics and Conduct, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all management members and employees of Itaú Unibanco. We also have a Supplier Relationship Code that, in addition to being applied to all management members and employees of Itaú Unibanco, is also applicable to direct and indirect suppliers. The Code of Ethics and Conduct, as well as the Corporate Integrity, Ethics and Conduct Policy, are available on our investor relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Integrity and Ethics > Code of Ethics and Conduct. The Supplier Relationship Code is available on: https://www.itau.com.br/relacoes-com-investidores/integridade/en/. The adoption of these practices is monitored by the governance established in the Itaú Unibanco Integrity and Ethics Program, which is described on our Integrity and Ethics page through the link: https://www.itau.com.br/relacoes-com-investidores/integridade/en/. (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy, which is approved annually by the Board of Directors. Its duties include, but are not limited to: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support to the evaluation of the Board of Directors, its members, committees and the Chief Executive Officer, and discussing on the succession of the members of the Board of Directors and of the Chief Executive Officer, as well as making recommendations on this matter. The Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Internal Rules or Policies. Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 7 Partially compliant N/A Not compliant Partially compliant N/A Not compliant 2.3.1 The CEO should not also simultaneously hold the position of chairperson of the board of directors at the same time. That the board of directors should be composed taking into account the availability of its members for the exercise of their duties and the diversity of knowledge, experience, conduct, cultural aspects, age and gender. (II) Our Policy on the Appointment and Succession of Executives sets forth the processes for nominating members for the Board of Directors, its committees and the Board of Officers, including the involvement of the Nomination and Corporate Governance Committee in these processes. This Policy also establishes that the nomination process should consider people with different characteristics and profiles, aiming at the complementarity of skills and diversity, such as gender, race and age criteria, among others. The policy is available on our Investor Relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Policies. 2.2.2 The nomination process for the members of the board of directors, including indicating the participation of other corporate bodies of the company in the process; THE BOARD OF DIRECTORS SHOULD APPROVE A NOMINATION POLICY THAT ESTABLISHES: (I) Partially compliant N/A Not compliant 2.2.1 The board of directors should be composed of a majority of external members, with at least one third being independent members; THE BYLAWS SHOULD ESTABLISH THAT: (I) The board of directors should annually assess and disclose the independent members of the board of directors, and indicate and justify any circumstances that might compromise their independence. (II) Compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 8 Partially compliant N/A Not compliant Partially compliant N/A Not compliant 2.4.1 The company should implement an annual performance evaluation process for the board of directors and its committees, as joint bodies, and for the chairperson of the board of directors and board members, individually considered, and the governance department, if any. In accordance with the Internal Charter of the Board of Directors, the evaluation of the Board of Directors itself, its members and Chairperson or Co-chairpersons, the related Committees and the Secretariat of the Body is held annually, in accordance with the best corporate governance practices. The reelection of members of the Board of Directors and committees considers their good performance in the period and the regular attendance at meetings during the previous term of office, as well as their experience and level of independence. The evaluation process comprises the following steps: self-evaluation and cross-evaluation of the members of the Board of Directors (members evaluate one another), evaluation of the Board itself by its members, evaluation of the Chairperson or Co-chairpersons by their Board members, evaluation of the Committees by their members, evaluation of the Board of Directors by the CEO and evaluation of the Secretariat of the Board of Directors by their members. This evaluation is conducted by an independent person, responsible for issuing specific questionnaires to the Board of Directors and to each Committee, as well as for interviewing each of the members of the Board of Directors and the Committees individually. The responses are then analyzed and compared with those from previous years to identify and address possible gaps related to the Board of Directors, the Committees and the Secretariat of the Board of Directors that may be identified by this process, such as deadlines for receiving materials and defining the Board of Directors’ agenda. The Nomination and Corporate Governance Committee provides methodological and procedural support to the evaluation process. This Committee also discusses the evaluation results, as well as the composition and succession plan for the Board of Directors. The Internal Charter of the Board of Directors is available on our Investor Relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu> Itaú Unibanco > Corporate Governance > Internal Rules. 2.5.1 The board of directors should approve and keep updated a CEO succession plan, the preparation of which should be coordinated by the chairperson of the board of directors. Our Policy on the Appointment and Succession of Executives is approved by the Board of Directors, having been updated on June 26, 2025. In addition to issues related to the succession of our management members, including the CEO, it also addresses recruitment, retention and training matters. Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 9 Partially compliant N/A Not compliant Partially compliant N/A Not compliant To integrate new members into the Board of Directors, the Company carries out an induction program to ensure that these members are introduced to key people and get to know our executive departments, for example, through presentations by executives addressing various areas of expertise, as well as their main challenges. 2.6.1 The company should have an integration program for new members of the board of directors, structured in advance, so that such members are introduced to the company’s key people and facilities, and this program should address topics which are key to understanding the company’s business. 2.7.1 The compensation of the members of the board of directors should be proportional to their duties, responsibilities and time demands. Compensation should not be based on meeting attendance, and any variable compensation of the board members should not be bound to short-term results. 2.8.1 The duties of the chairperson of the board of directors; THE BOARD OF DIRECTORS SHOULD HAVE AN INTERNAL CHARTER REGULATING ITS RESPONSIBILITIES, DUTIES AND RULES OF OPERATION, INCLUDING: (I) Rules for replacing the chairperson of the board of directors in the event of absence or vacancy; (II) Measures to be adopted in the event of conflicts of interest; (III) Definition of a deadline with enough time in advance to receive materials for discussion at meetings, in appropriate detail. (IV) Compliant Partially compliant N/A Not compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 10 Partially compliant N/A Not compliant Partially compliant N/A Not compliant Partially compliant N/A Not compliant 2.9.2 The meetings of the board of directors should provide for regular exclusive sessions for external board members, without the presence of the executives and other guests, for the alignment of external board members and discussion of topics that may cause embarrassment. 2.9.1 The board of directors should establish an annual calendar with the dates of annual meetings, which should not be fewer than six or more than twelve, in addition to calling extraordinary meetings, whenever necessary. This calendar should set forth an annual thematic agenda with relevant issues and dates for discussion. 2.9.3 The minutes of the board of directors’ meetings should be clearly drafted and include the decisions made, the names of attendees, and any dissenting votes and abstentions. The Internal Charter of the Company’s Board of Directors expressly establishes in item 6.8 that the minutes of meetings should be clearly drafted and include the decisions made, the names of the attendees, any dissenting votes and abstentions. The Internal Charter of the Board of Directors is available on our Investor Relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Internal Rules. 3.1.1 Follow the risk management policy and, whenever necessary, propose to the board of directors any necessary revisions to this policy, in view of changes to the risks to which the company is exposed; WITHOUT PREJUDICE TO ITS LEGAL AND STATUTORY POWERS AND TO OTHER PRACTICES SET FORTH IN THIS CODE, THE BOARD OF OFFICERS SHOULD: (I) Compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 11 Partially compliant N/A Not compliant Partially compliant N/A Not compliant Partially compliant N/A Not compliant 3.1.2 The board of officers should have a dedicated charter establishing its structure, operation and roles and responsibilities. Implement and maintain effective mechanisms, processes and programs to monitor and disclose the financial and operating performance and the impacts of the company’s activities on society and the environment. (II) 3.2.1 No executive or management positions should be set aside for direct appointment by Stockholders. 3.3.1 The CEO should be evaluated, on an annual basis, in a formal process conducted by the board of directors, based on their achievement of the financial and non-financial performance goals established for the company by the board of directors. Our CEO is annually evaluated by the Board of Directors based on the verification of achievement of financial and non-financial performance targets. The evaluation of the CEO by the Board of Directors was included in the minutes of the meeting held on December 12, 2024. Partially compliant N/A Not compliant Compliant Compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 12 Partially compliant N/A Not compliant Partially compliant N/A Not compliant Partially compliant N/A Not compliant 3.4.1 The compensation of the board of officers should be defined through a compensation policy approved by the board of directors based on a formal transparent procedure that takes into account the costs and risks involved. The other officers are annually evaluated based on the assessment of achievement of financial and non-financial performance goals. The evaluation of our Executive Committee members is annually discussed by the Personnel Committee and reported to the Board of Directors. See explanation in item 3.4.3. 3.3.2 The results of the evaluation of other officers, including the CEO’s proposed goals to be agreed and whether the executives should remain in their positions, be promoted or dismissed, should be submitted to, reviewed, discussed and approved at meetings of the board of directors. 3.4.2 The compensation of the board of officers should be bound to results, with medium and long-term goals clearly and objectively related to the creation of long-term economic value for the company. See explanation in item 3.4.3. Compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 13 Partially compliant N/A Not compliant 3.4.3 A. The incentive structure should be in line with the risk limits established by the board of directors and bar a single person from controlling the decision-making process and its respective supervision. Nobody should decide on their own compensation. Our Management Members’ Compensation and Clawback Policy aims to attract, retain and reward meritocratically the work performed by the management members, in addition to encouraging them to conduct our business in a sustainable way, within appropriate risk limits, and always in line with the interests of our Stockholders and the culture of the organization. Our Compensation Policy takes into account market practices, our strategy and appropriate risk management over time so as not to encourage behaviors that could increase the risk exposure above levels considered prudent. The governance structure that defines the compensation comprises clear and transparent processes. Accordingly, to achieve the aforementioned objectives, and aiming at adopting the best governance practices in Brazil and abroad, as well as ensuring the balance of risk management practices, we have a statutory Compensation Committee reporting to the Board of Directors, whose main duties in accordance with its Internal Charter, are: (i) setting the Compensation Policy for the Itaú Unibanco Conglomerate’s management members, by proposing to the Board of Directors the many forms of fixed and variable compensation, in addition to benefits and special recruitment and termination programs; (ii) discussing, analyzing and overseeing the implementation and operation of the compensation models in place for the Itaú Unibanco Conglomerate, discussing the general principles of the employee Compensation Policy and recommending any corrections or improvements to the Board of Directors; (iii) proposing to the Board of Directors the aggregate compensation amount for management members to be submitted to the Annual General Stockholders’ Meeting; and (iv) preparing the “Compensation Committee Report” on an annual basis. The Compensation Policy and the Compensation Committee Internal Charter are available on our Investor Relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Policies or Internal Rules. 4.1.1 AMONG OTHER DUTIES, THE STATUTORY AUDIT COMMITTEE SHOULD: Advise the board of directors on the monitoring and control of the quality of financial statements, on the internal controls, and on the risk management and compliance; Be made up mostly of independent members coordinated by an independent member; (I) (II) Have at least one independent member with proven experience in the corporate accounting, internal controls, financial and audit areas, on a cumulative basis; (III) Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 14 Partially compliant N/A Not compliant Have its own budget to engage advisors on accounting, legal and other topics, when the opinion of an external expert is required. (IV) 4.2.1 4.2.2 The supervisory council should have a dedicated charter describing its structure, operation, work program, roles and responsibilities, without hindering the performance of its individual members. The minutes of the supervisory council’s meetings should follow the same disclosure rules applicable to the board of directors’ minutes. (I) The Audit Committee is responsible for overseeing the quality and integrity of the financial statements; the compliance with legal and regulatory requirements; performance, independence and quality of the services provided by independent auditors and the Internal Audit function; and the quality and effectiveness of the internal control and risk management systems. (II) All members of the Audit Committee are independent, according to Brazilian National Monetary Council (CMN) regulations, and the Board of Directors will terminate the term of office of any member of the Audit Committee if their independence is affected by any actual or potential conflict of interest. The Chairwoman of the Audit Committee is also an independent member of the Company’s Board of Directors. (III) The Audit Committee members are annually elected by the Board of Directors from among its members or professionals with renowned competence and outstanding knowledge, taking into consideration that at least one of the members of this Committee will be a designated Financial Expert and must have proven knowledge in the accounting and auditing areas. (IV) The Audit Committee Charter sets forth that the Board of Directors shall define the compensation of the Committee’s members, as well as the budget intended to cover the expenses on its operation, including a forecast of the engagement of external experts to help the Committee comply with its duties. The Regulation is available on our investor relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Policies > Regulations. Partially compliant N/A Not compliant Partially compliant N/A Not compliant Compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 15 Partially compliant N/A Not compliant Partially compliant N/A Not compliant Partially compliant N/A Not compliant 4.3.2 The independent audit team should report to the board of directors, through the audit committee, if any. The audit committee should monitor the effectiveness of the independent auditors’ work, as well as their independence. It should also assess and discuss the independent auditor’s annual work plan and submit it for appreciation of the board of directors. 4.3.1 The company should establish a policy to engage non-audit services from its independent auditors, approved by the board of directors, to bar the engagement of non-audit services that might compromise the auditors’ independence. The company should not engage independent auditors who have provided internal audit services to the company for the last three years. 4.4.1 The company should have an internal audit function reporting directly to the board of directors. The Internal Audit Department is subordinated, at the administrative level, to the Chairpersons of the Board of Directors, and its activities are supervised by the Audit Committee. The purpose of the Internal Audit Department is to evaluate the activities carried out by the Conglomerate, using audit techniques, enabling management to assess the adequacy of controls, the effectiveness of risk management, the reliability of the financial statements and the compliance with rules and regulations. The Internal Audit Department has an agenda to report to the bodies of our Governance, which includes meetings with the Audit Committee, the Executive Committee and the Board of Directors. Compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 16 Partially compliant N/A Not compliant Partially compliant N/A Not compliant 4.5.1 The company should adopt a risk management policy, approved by the board of directors, that includes a definition of the risks for which protection is sought, the instruments used accordingly, the organizational structure for risk management, the assessment of the adequacy of the operational structure and internal controls to verify its effectiveness, in addition to defining guidelines to establish acceptable limits for the company’s exposure to these risks. 4.4.2 If this activity is outsourced, the internal audit services must not be provided by the same firm that audits the financial statements of the company. The company should not engage internal audit services from any independent auditors who have provided internal audit services for the company for the last three years. 4.5.2 The board of directors should ensure that the board of officers has mechanisms and internal controls to get to know, assess and control risks to keep these risks at levels consistent with the defined limits, including a compliance program aimed at complying with the laws, regulations, and external and internal rules. See explanation in item 4.5.3. See explanation in item 4.5.3. Compliant Partially compliant N/A Not compliant Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 17 4.5.3 The board of officers should assess at least once a year the effectiveness of the risk management and internal control policies and systems, as well as the compliance program, and report this assessment to the board of directors. The Board of Directors is the highest authority with respect to the Company’s risk management. To help the Board of Directors, a Risk and Capital Management Committee (CGRC) was established, whose duty is to support the Board of Directors with the performance of its responsibilities related to the Company’s risk and capital management, submitting for the Board’s consideration reports and recommendations on topics such as, but not limited to: approval and review, at least once a year, of the policies, strategies and risk management limits (including on conformity and compliance); definition of the Company’s Risk Appetite, pursuing alignment with the strategy, including acceptable tolerance levels and types of risk to which the Company may be exposed, as well as the supervision of compliance with the terms of the Company’s Risk Appetite, and oversight of the risk management and control activities, aiming at ensuring their adequacy to the risk levels assumed and to the complexity of operations; assessment of the level of adherence of the risk management structure processes to the policies established, and the promotion of the improvement of the Company’s risk culture. Risk Appetite structures the Board of Directors’ set of guidelines on strategy and risk taking, by defining the nature and level of risks acceptable to the organization, and taking into account management capability in an effective and conservative way, strategic goals, competition conditions and the regulatory environment. It was segmented into dimensions that combine supplementary measurement types to obtain a comprehensive view of the exposures to the types and levels of acceptable risks, which are translated into indicators that can be monitored by means of metrics that capture the main risks incurred by the institution. Permanent interactions between the executives and the Board of Directors are required to establish and maintain this entire framework.At the executive level, risk and capital management is carried out by Senior Councils, chaired by the CEO of Itaú Unibanco, as well as by several councils linked to the Executive Committee, which support the management of specific risks. Through the council and committee hierarchy, risks are discussed at different levels of authority in the organization. Councils and committees use materials that include recurring and specific risk and capital management reports, including elements relevant to each joint body. The main risk and capital report is the Risk Appetite report, which is submitted monthly to the Risk and Capital Management Committee, to the Board of Directors and, periodically, to the Audit Committee. With respect to the Integrity and Ethics Program, its indicators are periodically reported to the Integrity and Ethics joint bodies, made up of members of the Executive Committee and officers from the business and supporting areas of the bank. These joint bodies are also responsible for defining the guidelines and practices of the program, and for monitoring their compliance and the other actions required to manage the program.With respect to the regulatory or compliance risk at Itaú Unibanco, it is managed through a structured process, which aims at identifying the changes in the regulatory environment, analyzing the impacts on the Institution’s areas and monitoring the actions focused on the adherence to external or internal regulatory requirements. The Board of Directors approves the guidelines, strategies and policies aiming at ensuring a clear understanding of the roles and responsibilities of all levels of Itaú Unibanco. Partially compliant N/A Not compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 18 Partially compliant N/A Not compliant Clearly define the scope and reach of actions intended to determine the existence of transactions construed to have been made based on insider information (e.g.: use of insider information for business purposes or for gaining the upper hand when trading securities); (III) Establish that contracts, agreements, proposals to amend bylaws, as well as policies that guide the entire company, should be negotiated based on ethical principles, and establish a maximum value for goods or services from third parties that management members and employees may accept as gifts or gratuities. (IV) 5.1.2 Govern the internal and external relations of the company, by expressing the commitment expected from the company, its directors, officers, Stockholders, employees, suppliers and stakeholders, with the adoption of proper conduct standards; PREPARED BY THE BOARD OF OFFICERS, SUPPORTED BY THE CONDUCT COMMITTEE AND APPROVED BY THE BOARD OF DIRECTORS, THE CODE OF CONDUCT SHOULD: (I) Manage conflicts of interest and provide for abstentions of the member of the board of directors, the audit committee and/or the conduct committee, if they are deemed conflicted; (II) Compliant Partially compliant N/A Not compliant 5.1.1 The company should have an independent and self-governing conduct committee, reporting directly to the board of directors, responsible for implementing, disseminating, training, reviewing and updating the code of conduct and the whistleblowing channel, as well as for carrying out inquiries and proposing corrective measures in connection with any violations of the code of conduct. The Audit Committee is the forum that reports to the Board of Directors and is designated as responsible for monitoring the actions of the Corporate Integrity and Ethics Program, by means of reports from the Internal Audit, Operational Risk and Compliance, in addition to the Corporate Security Office and Ombudsman Superintendence, as well as through other mechanisms available. The Audit Committee reports directly to the Board of Directors and is made up of independent members, as set forth by the Brazilian National Monetary Council (CMN) regulation. Additionally, this governance includes the Integrity and Ethics joint bodies, which monitor the guidelines of the Code of Ethics and Conduct and the Corporate Integrity, Ethics and Conduct Policy through the Corporate Integrity and Ethics Program. Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 19 5.1.3 The whistleblowing channel should be independent, self-contained and unbiased, operating working guidelines defined by the executive board and approved by the board of directors. It should be operated in an independent and unbiased way, and preserve the anonymity of its users, in addition to timely investigate and take the measures required. This service may be carried out by a reputable third party. We provide public whistleblowing channels for grievances and complaints about misconduct, crimes, offenses, non-compliance with rules, abuse, harassment, discrimination and other behavioral deviations. Our channels are also described in the Code of Ethics and Conduct, a public document approved by the Board of Directors and applied without distinction to all management members and employees of the Conglomerate in Brazil and abroad. This document encourages the prompt reporting of actual or suspected violations of guidelines, laws, regulations or standards, and advises that each employee’s commitment to the Code’s guidelines is the foundation of the Company’s soundness and continuity. The Code discloses the whistleblowing and/or guidance channels, each with its own specifications. The guidelines for all of these channels are as follow: The secrecy of the investigation should be maintained; anonymity should be ensured for those who want it; investigations should be carried out on an independent and unbiased way; unsubstantiated charges or accusations should be dismissed; malicious charges or accusations aimed at harming a person should be subject to disciplinary sanctions; and disciplinary sanctions should be applied to any attempted retaliation. We ensure the protection of the whistleblowers, and allow no retaliation against those who, in good faith, complains or reports a complaint, suspicion, question or concern regarding possible violations of the guidelines of our Code of Ethics and Conduct and corporate policies. These guidance channels have the following attributes: a. Ethics Consultancy: a channel available to management members and employees for guidance and solving doubts on ethical issues, such as conflicts of interest and ethical dilemmas, in addition to doubts on the Corporate Integrity, Ethics and Conduct Policy, the Corporate Corruption Prevention Policy, and the Conflict of Interest Procedure. b. Inspector’s Office Whistleblowing Channel a channel available to management members, employees, suppliers, partners and external stakeholders for reporting unlawful acts and frauds of any nature. c. Audit Committee: a channel available to management members and employees and external stakeholders to receive reports on suspected or actual noncompliance with legal and regulatory provisions and internal rules, frauds and errors in audit, accounting and internal control activities that may jeopardize the organization’s continuity. d. Internal Ombudsman’s Office: a channel available to management members and employees to receive and handle reports, suspicions, complaints and grievances on interpersonal conflicts and conflicts of interest in the workplace. 5.2.1 The company’s governance rules should ensure the clear segregation and definition of functions, roles and responsibilities associated with the mandates of all governance agents. The levels of authority for decision making at each level should also be defined to minimize possible sources of conflicts of interests. Ours governance rules are published in our Corporate Governance Policy, which sets forth clear segregation and definitions of the functions of all governance agents. Additionally, the Code of Ethics and Conduct and the Corporate Integrity, Ethics and Conduct Policy have specific provisions on conflicts of interest, including the mechanisms adopted by us to prevent them. All these documents are available on our Investor Relations website: https://www.itau.com.br/relacoes-com-investidores/en/> Menu > Itaú Unibanco > Corporate Governance. Partially compliant N/A Not compliant Compliant Partially compliant N/A Not compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 20 Partially compliant N/A Not compliant Partially compliant N/A Not compliant 5.2.2 5.2.3 The company’s governance rules should be made public and determine that any person who is not independent in relation to the issue under discussion or resolution in the company’s management or supervisory bodies should state, on a timely basis, their conflicts of interest or interest in particular. If they fail to do so, these rules should provide for that another knowing person may bring such conflict to light and that, as soon as this conflict of interest regarding a specific topic is identified, the involved person keeps away, including physically, from such discussions and resolutions. These rules should set forth that this temporary seclusion be recorded in the minutes. The company should have mechanisms to manage conflicts of interest in relation to votes at general Stockholders’ meetings, to receive and deal with alleged conflicts of interest, and to annul votes cast in such conflicting situations, even if this takes place subsequently to voting. The Company’s General Stockholders’ Meeting Manual expressly provides that during the General Meeting, as is the case at meetings of the Company’s management and supervisory bodies, attending Stockholders should bring to light any conflicts of interest in any matters under discussion or resolution, in which their independence may be compromised. Also, any attending Stockholder aware of a conflicting situation in relation to another Stockholder and to the subject matter of the resolution must speak up thereon. When the conflict of interest is brought into light, the conflicted Stockholder shall abstain from taking part in the resolution of the related matter. If the conflicted Stockholder refuses to abstain from taking part in the resolution, the Chairperson of the General Stockholders’ Meeting will determine that the conflicted votes cast be annulled, even if it is to occur after the meeting. The General Stockholders’ Meeting Manuals are available on our Investor Relations website: https://www.itau.com.br/relacoes-com-investidores/en/ Menu > Itaú Unibanco > Corporate Governance > General Stockholders’ Meetings. The Corporate Policy on Integrity and Ethics establishes as a fundamental principle that all employees of the Conglomerate must proactively observe and prevent conflicts of interest, avoiding any situation that could compromise Itaú’s objectivity, impartiality, or reputation; they must report any potential conflicts and refrain from participating in discussions and decisions involving them. The Charter of the Board of Directors includes an express provision establishing rules to prevent possible conflicts, such as prohibiting members of the Board of Directors from taking part in resolutions related to topics with which their interests conflict with those of the Company. Each member should report to the Board of Directors any conflict of interest they have as soon as the matter is included in the agenda or proposed by the Board of Directors’ Chairperson and, in any case, before the beginning of any discussion on each topic. Furthermore, the Bylaws provide that the Board of Directors shall terminate the term of office of any member of the Audit Committee if their independence has been affected by any actual or potential conflict of interest. Finally, the Transactions with Related Parties Policy expressly provides that, in situations where a member involved in the approval of the transaction is prevented from resolving on the matter due to a potential conflict of interest, the said member must declare themselves impeded, explaining their involvement in the transaction and providing details of the transaction and the parties involved. The impediment must be reported in the document containing the resolutions on the transaction. The policy is available on our Investor Relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Policies. Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 21 Partially compliant N/A Not compliant Partially compliant N/A Not compliant (I) 5.3.1 The bylaws should define which transactions with related parties should be approved by the board of directors, with the exclusion of any members with potentially conflicting interests. 5.3.2 Prior to the approval of specific transactions or guidelines for entering into transactions, the board of directors should request from the board of officers market alternatives to the transaction with the related party, adjusted to reflect the risk factors involved; THE BOARD OF DIRECTORS SHOULD APPROVE AND IMPLEMENT TRANSACTIONS WITH RELATED PARTIES POLICY, WHICH SHOULD INCLUDE, AMONG OTHER PROVISIONS: Bar any type of remuneration to advisors, consultants or intermediaries that could give rise to conflicts of interest with the company, management members, Stockholders or classes of Stockholders; Bar any loans granted to the controlling party and management members; (II) (III) Any transactions with related parties that should be supported by independent appraisal reports prepared without the participation of any party involved in this operation, whether a bank, lawyer, or specialized consulting company, among others, based on realistic assumptions and information supported by third parties; (IV) Corporate restructuring involving related parties should ensure equitable treatment for all Stockholders. (V) Our Transactions with Related Parties Policy, approved by the Board of Directors, is in line with the guidelines of the Brazilian Corporate Governance Code, except for the prohibition against loans in favor of the controlling Stockholder and the management members, which are allowed under Law 4,595/64 and Resolution of the National Monetary Council No. 4,693/18, as they represent the core business of a financial institution, provided they are in line with market conditions and the limits established by the regulation in force. Our Transactions with Related Parties Policy defines the concept of a related party based on the accounting rules, and establishes the rules and procedures for this type of transaction. This policy establishes that such transactions must be executed in writing, under market conditions, in accordance with our internal policies (such as the guidelines specified in our Code of Ethics and Conduct) and disclosed in our financial statements, according to the materiality criteria defined by accounting standards. Transactions or sets of related transactions with related parties involving amounts higher than R$2 million within a period of twelve (12) consecutive months must be approved by our Related Parties Committee, which is entirely composed of independent members of the Board of Directors. Additionally, these transactions will be reported to the Board of Directors on a quarterly basis. The full text of the Transactions with Related Parties Policy is available on our Investor Relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Policies. Compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 22 Partially compliant N/A Not compliant We have a Policy for Trading Securities that sets out the guidelines and procedures to be followed by the Company and persons related to the Company for the trading of securities issued by the Company and its controlling companies in Brazil, including the sanctions applicable in the event of any violation. The Policy sets out that persons bound by the policy are responsible for, among others: (i) keeping secret information related to material facts pertaining to the Company and its controlled companies, and refraining from using such information to gain the upper hand, for their own benefit or the benefit of others, in the securities market, ensuring that subordinates and third parties they trust keep secret such information and refrain from using it, being held jointly and severally liable for any noncompliance therewith; and (ii) making exclusive use of the Conglomerate’s brokers to trade the securities under this Policy, which have controls in Brazil to prevent trading during blackout periods. The Compliance department monitors adherence with the Policy in relation to the trading of securities issued by the Conglomerate. Any noncompliance is investigated and submitted to our Integrity and Ethics Committee and Disclosure and Trading Committee accordingly. The Policy for the Disclosure of Material Acts or Facts also sets out other mechanisms to control information secrecy in connection with material facts, such as: (i) bound persons should ensure the safe storage and transmission of material information (emails, files, etc.), avoiding any type of unauthorized access, and should also restrict the forwarding of information not properly protected to third parties. Material information should always be discussed in restricted and non-public places; and (ii) together with the process that gave rise to the material fact, a list of the bound persons who had knowledge of the information before its disclosure should be filed accordingly. 5.4.1 The company should adopt, as resolved by the board of directors, a policy for trading securities issued by the company, which, without prejudice to compliance with the CVM rules, establishes controls to achieve the monitoring of trades executed, as well as investigations into and sanctions against any party who does not comply with the policy. 5.5.1 In order to ensure greater transparency in the use of the company’s resources, a policy should be prepared on voluntary contributions, including those related to political activities, to be approved by the board of directors and carried out by the board of officers, including clear and objective principles and rules. In addition to other corporate policies, such as the Donations Policy and the Sponsorships Policy, the Government and Institutional Relations Policy, updated on August 30, 2024, establishes that it is prohibited, in election years, in Brazil or abroad, the contribution by officers of the Itaú Unibanco Conglomerate, as well as by members of the Board of Directors who are part of the Company’s controlling group, and their spouses, to political parties, candidates for public office and election campaigns of any type, promoted by the Brazilian Electoral Courts, as well as for supplementary elections held or not held in election years. With respect to electoral donations by Itaú Unibanco as a legal entity, it is worth mentioning Law No. 13,165/15, which addressed the Electoral Reform and prohibited any type of electoral donation by legal entities. This rule is also reflected in the Corporate Integrity, Ethics and Conduct Policy. The Government and Institutional Relations Policy is available on our Investor Relations website: https://www.itau.com.br/relacoes-com-investidores/en/ > Menu > Itaú Unibanco > Corporate Governance > Policies. Compliant Partially compliant N/A Not compliant Compliant Itaú Unibanco Holding S.A. Report of the Brazilian Corporate Governance Code. 23 Partially compliant N/A Not compliant Partially compliant N/A Not compliant 5.5.3 The policy on voluntary contributions of government-controlled companies or companies with recurring, material business relations with the government should bar any contributions or donations to political parties or persons bound to the latter, even if permitted by law. 5.5.2 This policy should set forth that the board of directors is the body responsible for approving all expenditure related to political activities. Compliant Compliant