Foreign Filer Report • Jun 21, 2022
Preview not available for this file type.
Download Source File6-K 1 MainDocument.htm 6-K
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
Form 6-K
Report o f Foreign Private Issuer
Pursuant t o Rule 13a-16 Or 15d-16 Of
The Securities Exchange Act Of 1934
For the month of June 20 2 2
Commission File Number: 001-14950
ULTRAPAR HOLDINGS INC.
(Translation of Registrant’s Name into English)
Brigadeiro Luis Antonio Avenue , 1343, 9 th Floor
São Paulo, SP, Brazil 01317-910
(Address of Principal Executive Offices)
Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F:
Form 20-F _ X Form 40-F _
Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(1):
Yes _ No _ X
Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(7):
Yes _ No _ X
ULTRAPAR HOLDINGS INC.
TABLE OF CONTENTS
ITEM
Corporate Risk Management Policy
1
| TABLE OF CONTENTS | |
|---|---|
| 1. PURPOSE | 3 |
| 2. DEFINITIONS | 3 |
| 3. PRINCIPLES OF RISK MANAGEMENT IN THE ULTRA GROUP | 4 |
| 3.1. Transparency | 4 |
| 3.2. Dimension and periodicity | 4 |
| 3.3. Responsibility | 4 |
| 3.4. Monitoring | 4 |
| 4. DUTIES AND RESPONSIBILITIES | 4 |
| 4.1. Board of Directors | 5 |
| 4.2. Audit and Risks Committee | 5 |
| 4.3. Ultrapar Board of Executive Officers | 5 |
| 4.4. Business Risk Owners | 6 |
| 4.5. Risk Owners | 6 |
| 4.6. Risk Theme Managers | 6 |
| 4.7. Compliance / Internal Control / Business Risk Management | 7 |
| 4.8. Risk, Compliance and Audit department | 7 |
| 4.9. Areas in charge of specific Risks | 7 |
| 5. GUIDELINES FOR THE INTEGRATED RISK MANAGEMENT | 7 |
| 5.1. Ultra Group's Systemic Risk Matrix | 7 |
| 5.2. Risk Theme approach | 8 |
| 5.3. Risk Theme Quantification | 8 |
| 5.4. Preparation of Action Plans (risk response) | 8 |
| 5.5. Risk Levels (monitoring) | 8 |
2
The purpose of this Policy is to set the guidelines, responsibilities and principles to be complied with during the risk management process in Ultra Group.
This Policy applies to all companies controlled by Ultra Group. In companies where the control is shared or where it holds minority interest, Ultra Group will endeavor its best efforts to ensure that the principles and guidelines of this Policy will be applied.
This Policy shall be read in conjunction with the Code of Ethics and other Corporate Policies defined by the Ultra Group. In the event of conflict, the Risk, Compliance and Audit Department shall be consulted.
The risks the Ultra Group may face were separated into 5 (five) categories:
Strategic and Sustainability Risk s - Diffuse risks arising from external and internal factors that may hinder or impact Ultra Group from achieving its goals. Some of these risks involve political and economic influences, actions undertaken by political and regulatory agents, dependency on monopolistic suppliers, the performance of the competition, new players, substitute products and services, changes in consumer behavior, sustainability (social and environmental impacts), capital allocation decisions, disruptive innovations, matters of attracting, retaining and replacing talents to keep the Business ongoing, among others. Corporate Policies approved by the Board of Directors that can help managing these risks: (i) Corporate Policy of Investments, and (ii) Corporate Policy of Mergers, Acquisitions and Development. The Sustainability Policy also provides guidelines concerning this matter.
Operating Risks - Risks related to the execution of processes and procedures adopted to achieve the goals provided by the Business plan. These risks are present in the daily activities of each Business — in safety, environmental and quality procedures, in the relationship with suppliers and customers, in logistics and administrative processes.
Financial and Capital Market Risks - Specific risks related to governance, relationship with shareholders and investors, accounting and financial management of the Ultra Group, including level of indebtedness, investment analysis, budget and cash flow management, preparation of financial statements, perception of credit risk from financial counterparties and credit-rating agencies as well as other interactions with the financial and capital markets. These Risks are approached by the following Corporate Policies approved by the Board of Directors: (i) Corporate Policy of Financial Risk Management, (ii) Material Notice Disclosure Policy and Securities Trading Policy, (iii) Corporate Policy of Insurance Management, and (iv) Ipiranga's Corporate Policy of Trading Risks.
Compliance Risks - Specific behavioral and regulatory risks involving misconduct from employees of the Ultra Group and illegal business practices that could result in regulatory sanctions, financial losses, administrative, civil and/or criminal consequences and/or place the credibility and reputation of the Ultra Group in jeopardy. The Ultra Group's Ethics and Compliance Program addresses these Risks, which are also approached by the following documents and Corporate Policies approved by the Board of Directors: (i) Code of Ethics, (ii) Corporate Policy on Anti-Corruption and the Relationship with the Public and Private Sector, (iii) Corporate Competition Policy, and (iv) Conflict of Interest and Related Party Transactions Corporate Policy.
Cybersecurity Risks - Risks related to (i) stability of the computer processing of Ultra Group's transactions, (ii) events of noncompliance towards the data protection legislations, security rules for access, use, processing and storage of information and data of the Ultra Group, its employees and other stakeholders, (iii) breach, contamination or degradation of servers, systems and software, among other events related to technological resources that compromise or may compromise Business operational continuity, which may lead to interruption of transactions that are essential to Ultra Group. These Risks are addressed by the Information Security Policy and the Personal Data Protection and Privacy Corporate Policy.
3
3.1. Transparency
A basic principle in risk management is transparency as it requires that all Risks must be timely identified, measured and shared among several management levels of the Ultra Group, enabling to develop reasonable prevention measures and decisions adapted to each situation.
3.2. Dimension and periodicity
Every Risk Theme shall be quantified by its level of vulnerability and potential impact, which shall be reviewed every year or whenever there are material changes to the internal and/or external environments.
3.3. Responsibility
Regardless of their hierarchical position, the Risk Theme Managers are the primary responsible for managing the Risks and they shall set the proper methodology to identify and share them with those in higher positions until reaching the Risk Owner. The Risk Owner must maintain the Business Risk Owner informed about the Risk levels and how to mitigate them.
The integrated management of risks is a tool to collect information on the Ultra Group's Risks and its impacts and vulnerabilities. This management constitutes an executive panel board to monitor the themes by the Ultrapar Board of Executive Officers, Audit and Risks Committee and Board of Directors.
3.4. Monitoring
The Board of Directors, supported by the Audit and Risks Committee and the Risks, Compliance and Audit department, must systematically and independently monitor the assessment of Ultra Group's Risk Themes.
For an integrated management of Risks in the Ultra Group, the areas involved have the following responsibilities:
4
4.1. Board of Directors
Board of Directors is responsible for the following:
4.2. Audit and Risk s Committee
Audit and Risks Committee is responsible for the following:
4.3. Ultrapar Board of Executive Officers
Ultrapar Board of Executive Officers is responsible for the following:
5
4.4. Business Risk Owners
Business Risk Owners are responsible for the following:
4.5. Risk Owners
Risk Owners are responsible for the following:
4.6. Risk Theme Managers
Risk Theme Managers in the Business are responsible for the following:
6
4.7. Compliance / Internal Control / Business Risk Management
Business Compliance/Internal Control/Business Risk Managers are responsible for the following:
4.8. Risk, Compliance and Audit department
Risk, Compliance and Audit department is responsible for the following:
4.9. Areas in charge of specific Risks
Risks which management is under specific areas of Ultrapar, such as Financial, Investments and Insurance etc., shall be determined by means of specific corporate policies or procedures, which shall be aligned with this Policy.
5.1. Ultra Group's Systemic Risk Matrix
To ensure the relevance, connection and completeness of the matters assessed, Ultra Group developed a Systemic Risk Matrix encompassing the five (5) categories of Risks the Ultra Group may face, informed in the Risk Themes.
7
Each theme shall be assessed on its own for every Business, setting a standard to assess and compare Risks and Business, helping Ultrapar Board of Executive Officers, the Audit and Risks Committee and the Board of Directors to focus their attention on the most relevant risks.
The Themes listed in Ultra Group's Systemic Risk Matrix may also be reviewed in case the Risk environment changes or upon request from the Business Risk Owners, the Audit and Risks Committee and the Board of Directors.
5.2. Risk Theme a pproach
The approach to the themes must be aligned with the Business strategy to guide the discussions and Action Plans for the most relevant Risk Scenarios. The Business Board of Executive Officers shall discuss the theme with enough quantitative and qualitative information to describe the current Risk status.
5.3. Risk Theme Quantification
The quantification of the Risk Theme must reflect the Business self-assessment in terms of Impact and Vulnerability based on discussions with the Risk, Compliance and Audit department. This self-assessment must consider how the relevance of the Theme among the others already assessed.
The quantification of the Impact must be based on a Risk Scenario that leads to the highest damage possible to the theme.
The quantification of Vulnerability must be based on the level of preparation and/or prevention of the Business to avoid any Risk Scenario to materialize.
The graphic visualization of the quantification of each Theme in the Risk Matrix, based on four (4) qualitative levels (low, medium, high and very high), reflects the profile of the Business Risk and must be used as basis to discuss the priority actions to be taken.
5.4. Preparation of Action Plans ( r isk response )
Once the Risk is quantified and discussed, the Business must assess the necessity to prepare initiatives or Action Plans to manage the exposure to the Risk. These measures aim to: (i) avoid the Risk, (ii) reduce the Impact and/or Vulnerability, and/or (iii) transfer the Risk. Action Plans must have a due date and an owner.
5.5. Risk Levels ( m onitoring )
According to the Risk Theme and based on the availability of quantitative indicators, acceptable levels of Risk could be proposed by the Business to be approved by the Board of Directors, whenever applicable.
For this purpose, monitoring tools and procedures must be developed to assure the risk limits are not exceeded.
8
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
Date: June 21, 2022
| ULTRAPAR HOLDING INC. |
|---|
| By: /s/ Rodrigo de Almeida Pizzinatto |
| Name: Rodrigo de Almeida Pizzinatto |
| Title: Chief Financial and Investor Relations Officer |
( Corporate risk management policy )
Building tools?
Free accounts include 100 API calls/year for testing.
Have a question? We'll get back to you promptly.