Ethical Conduct

Cogna is a company committed to ethics, transparency, respect and integrity in all its relationships. To guide our employees and other stakeholders with whom we interact on the way we operate, we rely on Cogna’s Code of Conduct, updated in 2023. In the document, we include the expected behaviors and values of the Company when dealing with its business. We also have an Anti-Corruption Policy, in line with Brazilian (12,846/2013) and United States (Foreign Corrupt Practices Act/FCPA) anti-corruption legislation.

In 2023, we reinforced our actions with several initiatives:

• Establishment of the Conduct Committee, which is the body responsible for deliberating and defining the disciplinary measure to be applied to complaints investigated by Compliance, whose investigation results were valid;
• Holding the company’s first Compliance Week, covering all employees through online, hybrid and in-person events on relevant topics, such as harassment and discrimination, Code of Conduct, Anti-Corruption, LGPD and Sharing on Social Networks;
• Conducting a Compliance Workshop for the company’s leadership on forms of harassment and discrimination, to train them on the topics and direct them to the confidential channel if they become aware of any case;
• Achievement of 97% of eligible employees trained regarding the Code of Conduct and Anti-Corruption Policy;
• Launch of mandatory training forms of discrimination harassment;
• We distribute, monthly, the Compliance Bulletin, with topics such as harassment, discrimination and anti-corruption practices;
• Certification of the Pro Ethics Seal of our Compliance Program, which aims to encourage the adoption of integrity measures by companies. Próética is a pioneering initiative in Latin America created by the Ministry of Justice, through a partnership with the Comptroller General of the Union (CGU);
• Adherence to the 100% Transparency Movement of the UN Global Compact, aiming to strengthen transparency and integrity mechanisms in companies. In addition to membership, Cogna was also awarded an award for good practices in relation to our governance and compliance structure.

Compliance Program

We have a robust Compliance Program, based on 10 pillars.

• Due Diligence: Avaliação de parceiros de negócio, fornecedores, representantes e outros terceirizados antes e depois da contratação;
• Auditoria e Monitoramento: Processo tempestivo para identificar se o programa de Compliance está aderente às regras da companhia;
• Senior Management Support: Support from the company’s main executives for the Program;
• Risk Assessment: Analysis of risks that may have negative impacts on the Company;
• Code of Conduct and Compliance Policies: Formalization of the main behaviors expected by the Company when dealing with its business;
• Internal Controls: Existence of mechanisms that mitigate the company’s risks and ensure the Company’s accounting and financial records;
• Training and Communication: Prevision of training actions and communication campaigns for employees about the rules, compliance tools and the role of each person in ensuring the success of the Program;
• Reporting Channel: Providing means for employees, third parties, customers, students and other interested parties to report violations of the Code of Conduct or other rules that violate the Company’s guidelines;
• Internal Investigations: Structured process for investigating reports of inappropriate behavior and non-compliant processes;
• Due Diligence: Evaluation of business partners, suppliers, representatives and other third parties before and after hiring;
• Audit and Monitoring: Timely process to identify whether the Compliance program adheres to the company’s rules;
• Diversity and Inclusion: Ensure that the conditions to promote diversity and inclusion in the Company are ensured.

Compliance Governance

The management of the compliance program is carried out by the Compliance Department, which reports administratively to the company’s CFO, but reports independently to the Audit Committee.

GOVERNANCE STRUCTURE

As responsible for compliance at Cogna, Mr. Nelson Guimarães has worked in the area for 23 years, the last 12 years at Cogna. He joined the company at the invitation of the Audit Committee to structure the compliance program and since then he has sought to improve the program in accordance with the best market practices and current legislation.

Risk management

We constantly monitor risks that could compromise the achievement of Cogna’s objectives in the short, medium and long term. The Risk Management process is guided by the Risk Management Policy, whose methodology is guided by the best market practices, such as COSO-ERM (Committee of Sponsoring Organization of the Treadway Commission – Enterprise Risk Management Framework) and ISO 31000/2018, as well as the guides from the Brazilian Institute of Corporate Governance (IBGC).

Our risk matrix is built together with the Company’s executives and includes topics such as finance, regulatory, data, management, ethics, transparency, integrity, ESG, among others, whose monitoring for mitigation is considered fundamental for the continuity of the Company’s operations .

Information Security and Data Management

We have adopted a high degree of digitalization in our business and, therefore, constantly invest in robust information security and data management tools. Our policies in this area are based on international standards, such as the NIST CSF (framework on cybersecurity risks from the National Institute of Standards and Technology, in the United States).

Among the main instruments are:

• Information Security Policy;
• Cybersecurity program focused on preventive actions;
• Information Security Master Plan;
• Mandatory internal training on information security.

We act in compliance with the Brazilian General Personal Data Protection Law (LGPD). We provide a Privacy Portal, through which our audiences can request information about stored data, blocking/deletion of registration data, updating data, revoking consent, etc.