Anti-Corruption Policy

Introduction

Integrity, ethics and transparency are essential values for maintaining the trust and reputation of our organization. In line with the Information Security Management System (ISMS) and meeting the requirements of ISO 27001:2022, this Policy establishes guidelines for preventing, identifying and combating any forms of corruption and bribery.

Our commitment is to ensure that all internal activities and processes are aligned with the best governance practices, promoting a healthy and sustainable business environment. The policy therefore reinforces the importance of acting responsibly and in compliance, protecting our information assets and ensuring the trust of employees, partners and other stakeholders.

Objective

To establish the main guidelines and ratify Dengine Informática's position on repudiating and combating any form of corruption, including but not limited to extortion and bribery.

Scope

All managers (directors), employees and suppliers of the company Dengine Informática, hereinafter referred to as “Dengine Informática” or “Company”. All of Dengine Informática's partners and stakeholders must define their directions based on the guidelines set out in this Policy, their specific needs and the legal and regulatory aspects to which they are subject.

Terms and Definitions

In order to make it easier to understand the legal terms and practices that Dengine Informática wishes to combat, we present some important definitions:

Public Administration: The set of bodies, services and entities of the direct and indirect public administration (foundations, autarchies, public companies and mixed-capital companies), and their respective agents. This concept, for the purposes of this Policy, encompasses the entire state apparatus, at all levels (Federal, State and Municipal) and powers (Executive, Legislative and Judiciary) for the provision of public services, the management of public goods and the interests of the community, as well as their respective representatives.

Public Agent: Any individual who represents the public authorities, whether they are a civil servant or not, whether they are paid or not, whether they are in temporary or permanent service. It is anyone who exercises, even temporarily or without remuneration, by election, appointment, designation, hiring or any form of investiture or bond, mandate, position, employment or public function. Anyone who works for a private company contracted or agreed to carry out a typical Public Administration activity is considered a Public Agent.

Politically Exposed Person (PEP): Politically exposed persons are considered to be public agents who hold or have held, in the last 5 (five) years, in Brazil or in foreign countries, territories, and dependencies, relevant public positions, jobs, or functions, as well as their representatives, family members, and other people with whom they have a close relationship. In addition, situations that characterize a close relationship and result in the classification of a client as a politically exposed person include direct or indirect control of a legal entity client.

Injurious Acts: These are any acts or omissions that cause direct or indirect damage to the public interest and/or assets to the detriment of the interests of third parties and that contravene the principles of Public Administration (e.g. impersonality, morality, efficiency, legality and publicity) and the international commitments assumed by Brazil.

Ethics Channel: The Ethics Channel is the channel made available by Dengine Informática for stakeholders and any third parties to anonymously report or provide information on conduct they believe to be contrary or potentially offensive to the Company's values or the legislation in force, including the Anti-Corruption Law.

Code of Ethical Conduct: This is the set of rules, according to the version periodically updated by Dengine Informática, through which the Company enforces respect for its values and prohibits the practice of acts that characterize disrespect for ethics, the Company's values or the legislation in force, including the Anti-Corruption Law.

Corruption: The act or effect of corrupting, offering something to a Public or Private Agent with the aim of obtaining an undue advantage for oneself or others.

Tender: The formal administrative procedure for contracting services or acquiring products by direct or indirect Public Administration entities. In Brazil, Bids are generally regulated by Law No. 8.666/93 (the General Bidding Law), although there are also more specific rules applicable to certain situations. Examples are: Law No. 10.520/02 (which regulates public tenders); Decree No. 5.450/05 (which regulates electronic public tenders) and Law No. 13.303/16.

Affiliated Companies: These are companies in which the Company has significant influence, and, under the terms of article 243, §4 and §5 of the Brazilian Corporation Law, (i) there is significant influence when the Company holds or exercises the power to participate in the financial or operational policy decisions of a company, without, however, controlling it; and (ii) significant influence will be presumed when the Company holds 20% (twenty percent) or more of the voting capital of the respective company, without, however, controlling it.

Subsidiaries: These are companies in which the Company, directly or indirectly, holds partner or shareholder rights that permanently assure it a preponderance in company resolutions and the power to elect the majority of managers, under the terms of article 243, paragraph 2 of the Brazilian Corporation Law.

Stakeholders: These are all relevant stakeholders with interests pertinent to the company, or individuals or entities that assume some kind of direct or indirect risk in relation to the company. These include: shareholders, investors, employees, society, customers, suppliers, creditors, governments, regulatory bodies, competitors, the press, associations and trade associations, users of electronic means of payment and non-governmental organizations.

Conflict of Interest: A situation in which a person is involved in a decision-making process whose outcome has the power to influence and/or direct, ensuring a gain and/or benefit for them, a close family member, a company they control or a third party with which they are involved, or is in a situation that could interfere with their capacity for impartial judgment. This definition includes situations in which the objectives and interests of Dengine and its Partners in specific matters are at stake.

Undue advantage: Any type of profit, privilege, gain or benefit contrary to the legislation and regulations in force, even if not of an economic or patrimonial nature.

Anything of Value: Anything of tangible or intangible value, broadly defined, in any form, including but not limited to cash, cash equivalents (such as gift cards, gift certificates and discounts), scholarships, gifts, travel, meals, hospitality, entertainment, per diems, favors, compliance with a request to provide anything of value to a third party (such as a close family member of a Public Official), contributions to charity or other non-profit organization, promotional sponsorships, business or employment opportunities, or any other consideration or benefit, even if it is not of an economic or patrimonial nature. Note that the value is based on the benefit an item provides to the person receiving it, rather than the financial cost of that benefit to the company.

Anti-Corruption Legislation

The main guideline of the Policy is to ensure that SCORB and its Employees, Suppliers, Third Parties and Business Partners act ethically and in compliance with applicable anti-corruption legislation, including compliance with the FCPA, the UK Bribery Act and Brazilian law, and do not carry out acts in violation of these laws, such as Acts against Public Administration.

Brazilian anti-corruption legislation provides for sanctions for those who violate it, which must be applied even if the act of corruption does not take place, since the mere intention is already punishable. Some examples of sanctions provided for in the anti-corruption legislation for legal entities are:

• Payment of a fine that may vary between 0.1% and 20% of the gross revenue of the financial year prior to the start of the administrative process, excluding taxes, it being certain that (a) the fine will never be less than the advantage gained, when it is possible to estimate it based on the gross revenue of the legal entity; and (b) if it is not possible to use the criterion of the value of the gross revenue of the legal entity, the fine may vary between R$ 6,000.00 and R$ 60,000,000.00;

• Publication in a widely circulated newspaper, by the convicted legal entity, of the condemnatory decision;

• Full reparation of the damage caused;

• Forfeiture of the assets, rights or values that represent the advantage directly or indirectly obtained from the infraction, safeguarding the right to compensation of the injured party or third party in good faith;

• Suspension or partial ban on the legal entity's activities;

• Prohibition from receiving incentives, subsidies, grants, donations or loans from public bodies or entities and from public financial institutions or those controlled by the government, for a minimum of one and a maximum of five years.

• Compulsory dissolution (extinction) of the legal entity;

• Registration of companies punished by the law in the National Register of Punished Companies (CNEP), which will publicize the sanctions applied by government agencies, the leniency agreements signed, as well as whether or not they have been complied with;

• Registration of companies punished in the National Register of Ineligible and Suspended Companies (CEIS).

Under the FCPA, for each violation of the anti-bribery provisions, companies are subject to a criminal fine of up to $2 million and a civil fine of up to $16,000 per violation. Individuals, including Officers, Directors, Shareholders and Agents of Companies, are subject to a criminal fine of up to $250,000 and a prison sentence of up to five years, and a fine of up to $16,000 per violation (which may not be paid by their employer) . For each violation of the accounting provisions, companies are subject to a criminal fine of up to $25 million and individuals are subject to a criminal fine of up to $5 million and a prison sentence of 9 to 20 years, as well as a civil fine not to exceed the greater of the gross monetary gain to the defendant from the violation, or a dollar limit specified based on the notoriety of the violation (up to $150,000 for individuals and $725,000 for companies). Courts may also impose criminal fines significantly higher than those established in the FCPA - up to twice the benefit obtained by the defendants in making the corrupt payment. The UK Bribery Act punishes both natural and legal persons, whether public or private. The law covers the following crimes: active and passive corruption (soliciting, offering, paying or receiving a bribe, kickback or undue advantage) of public or private individuals with the intention of inducing them to conduct themselves improperly; Offering bribes to foreign public officials; Failure to prevent (through negligence or fault) acts of corruption on the part of companies or those acting on their behalf.

Therefore, the Policy will explain that:

This Policy will cover not only those who have directly committed a potential infraction, but also those who can be considered to be in a position to know (or should have known) of the possibility of the act of corruption occurring and are able to take action to prevent it.

The liability of the legal entity will not exclude the individual liability of its administrators, managers or any natural person who has participated in the conduct;

The liability of the legal entity will subsist even if there is a contractual change, transformation, incorporation, merger or corporate spin-off; and

Under Brazilian law, the company benefiting from the unlawful acts committed, with its consent or not, and regardless of its knowledge, will be held responsible and punished, under the terms of the rules of strict liability, regardless of its actual intention or guilt.

Guidelines

General Prohibition

Administrators (directors), employees, and suppliers of Dengine Informática are strictly prohibited from receiving, offering, promising, paying, providing, or authorizing the provision of anything of value to or from any person, whether a Public Agent or not, to influence or reward any action or decision of such person and/or to obtain or retain business or any advantage for themselves or the company or to pursue any improper purpose.

Guidelines regarding the anti-corruption law and practices related to contributions to public entities

A. Harmful Acts: Dengine Informática does not adopt, encourage, and/or allow any conduct that constitutes or results in harmful acts to national or foreign Public Administration and other private companies, in compliance with Law No. 12.846/2013 (“Anti-Corruption Law”), according to the exhaustive and non-explanatory list:

• Promise, offer or give, directly or indirectly, undue advantage to a public agent or a third party related to them;
• Finance, fund, sponsor or otherwise subsidize the practice of the illegal acts provided for in this law;

• Make use of an intermediary natural or legal person to conceal or disguise their real interests or the identity of the beneficiaries of the acts committed;

• Regarding bids and contracts;

• Frustrate or defraud, through agreement, collusion, or any other expedient, the competitive nature of a public bidding procedure;

• Prevent, disrupt, or defraud the execution of any act of a public bidding procedure;

• Remove or attempt to remove a bidder through fraud or the offer of any kind of advantage;

• Defraud a public bidding process or the contract resulting from it;

• Fraudulently or irregularly create a legal entity to participate in a public bidding or enter into an administrative contract;

• Obtain undue advantage or benefit, fraudulently, from modifications or extensions of contracts entered into with the public administration, without authorization in law, in the public bidding notice, or in the respective contractual instruments; or

• Manipulate or defraud the economic-financial balance of contracts entered into with the public administration.

• B. Contact with Public Agents: The contact between administrators and employees, as well as in the case of suppliers acting as representatives of Dengine Informática with public agents, must occur in accordance with the guidelines established in internal regulations governing relations with the Public Administration.

• C. Political contributions, donations, and sponsorships: Dengine Informática does not contribute, directly or indirectly, whether through donation or loan of assets, use or assignment of physical or advertising space, event sponsorship, assignment of labor and/or any other resource, leaflet distribution, sending of electronic messages, posting of posters, or in any other way, to political campaigns, political parties, candidates for public office, or any other type of organization that carries out political activity. Although donations by individuals are not prohibited by law, Dengine Informática recommends that all those who hold prominent positions in the Company (Management) refrain from making personal donations to electoral campaigns, including those within their circle of economic dependence. Dengine Informática only sponsors projects after proper evaluations and approvals, in accordance with the guidelines established in internal regulations. The donation of goods is permitted and carried out following proper evaluations and approvals, in accordance with the guidelines established in internal regulations.

• D. Offering gifts, hospitality, or anything of value: Business decisions must be based on competitive factors. Offering or accepting gifts or business entertainment may create the appearance that business decisions are being influenced by other factors. Gifts or business entertainment can never be offered or accepted for improper purposes. Reimbursement of expenses directly related to the promotion or demonstration of the Company’s commercial services or products may be accepted if reasonable and not made to secure an undue advantage. However, nothing should be offered to a Public Agent or any person if it could be understood as an attempt to influence a business or official decision and/or obtain or retain unfair business or any advantage, or if it negatively affects the Company's reputation. The underlying principles of this policy must be followed regardless of the monetary value of anything given to a Public Agent or any other third party. All gifts and business entertainment:

• They must be consistent with the Company's business interests;

• They must not be excessive, in accordance with local or industry standards;

• They must be given or accepted without expectation of reciprocity;

• They must be consistent with all laws and regulations; and

• They must comply with pre-approval requirements, as described below.

The offering or receiving of gifts, hospitality, and/or anything of value must follow the rules established by the Gifts, Hospitality, and Events Procedure, available in the employee handbook, and must be approved by the Legal and Compliance Department, as applicable.

Important: If a Public Agent or PEP offers the item of value, the Employee must submit it for Compliance approval, under the terms specified in the Gifts, Hospitality, and Events Procedure, regardless of value.

E. Corporate Restructuring: During any merger and acquisition process in which Dengine Informática participates, due diligence must be conducted on the target Company to ensure, among other aspects, compliance with the requirements of the Anti-Corruption Law. The purchase and sale contract or any other document with the same purpose must contain specific anti-corruption clauses, and in the case of merger and incorporation, it must be stated that the transferee is responsible for acts and events occurring before the date of the merger or incorporation, except in cases of simulation or evident intent to defraud, duly proven. Any violations identified in the merger and acquisition process must be reported to the Board for analysis and risk assessment.

Encouragement to Report Harmful Acts, Whether Provable or Not, Against the Public Administration, Committed by Employees, Administrators of Dengine Informática, and Other Stakeholders of This Policy:

• Dengine Informática encourages and supports the reporting of any act or omission that may constitute a violation of the Code of Ethical Conduct or current legislation, including the Anti-Corruption Law, committing to investigate, punish, and/or inform the competent authorities of any misconduct reported to the Company, with the utmost rigor, while respecting the whistleblower's confidentiality.

• The report should preferably be made through the Ethics Channel, available on the SCORB Portal, without excluding any other means or channel available to the whistleblower in case of inability to access the referred channel.

• All reports received and processed through the Ethics Channel, even when not anonymous, will be treated confidentially. The management of these reports' reception and investigation is handled by Dengine Informática's Internal Audit, without prejudice to the notification and collaboration of an independent company and other competent authorities, as necessary.

Disclosure

• This Policy and its respective updates will be communicated to all stakeholders, without exception, at least annually. This Policy is available on Dengine Informática's intranet and website.

• All administrators, employees, interns, and apprentices must sign the adhesion term to the Anti-Corruption Policy, and suppliers must accept the adhesion term to the guidelines established by Dengine Informática.

Training

All administrators, employees, interns, and apprentices must complete the mandatory online training annually and sign the adhesion term of this policy.

Consequence Management

Employees, suppliers, or other stakeholders who observe any deviations from the guidelines of this Policy may report the matter to Management through the People and Management Portal, under the Ethics and Ombudsman Channel option, which is a permanent channel for suggestions, complaints, and reports, available at https://scorb.com.br/gente_gestao, with the option of identification or maintaining anonymity. Internally, non-compliance with the guidelines of this Policy will result in the application of accountability measures for those who violate it, according to the severity of the non-compliance.