EN 
PT Governance
A better life for the business
Corporate Governance
GRI 2-9 | 2-10 | 2-11 | 2-12 | 2-14 | 2-17 | 3-3
Aché is a privately-held company committed to following the best corporate governance practices. We strive to work transparently and ethically as a way of establishing lasting relationships with our publics. We adopt internal policies and processes that go beyond compliance with our legal requirements, and for which we rely on independent auditing for accountability.
Administrative Council
GRI 2-9 | 2-10 | 2-12 | 2-14 | 2-18
The Administrative Council (CA, Conselho de Administração) is formed by four shareholders and six independent directors who are responsible for establishing the guidelines that guide the decisions and the vision of the Company’s future.
The Council is elected by the shareholders. Each elected member has a unified term in office of two years, evaluated annually and with the possibility of re-election. The Administrative Council is the body that guides the conduct and governance of the business and considers the positive and negative impacts it generates on society and the environment. The Council meets periodically to discuss, approve and evaluate strategic planning initiatives and economicfinancial results, and is advised by the Innovation, Digital Transformation, People & ESG, and Finance & Risk Management executive committees.
In 2022, the M&A committee (Mergers and Acquisitions) was created, which has invited external members who are experts in their areas to contribute to the Company’s strategic decisions.
Executive Board
GRI 2-9 | 2-12
Aché’s Executive Board is responsible for: implementing the strategic plan that is approved by the Administrative Council; ensuring the practice of corporate culture; creating the conditions necessary for sustainable business growth; and complying with the Company’s governance model. To support them in these functions, the Board has eight committees: Internal Audit and Risk Management; Innovation; Market; People & ESG; Strategic Planning; Portfolio and Quality; Financial Results and Digital Transformation and Technology.
Senior Management Compensation
GRI 2-19 | 2-20 | 2-21
The Company’s compensation policies are approved at a general meeting after being discussed in the People & ESG Executive Committee of the Administrative Council.
Sectoral compensation surveys are regularly evaluated to ensure the Company’s competitiveness in attracting talent.
• AC’s Remuneration: compensation is a fixed amount and reflects market practices, especially for the same functions performed by other AC members in the pharmaceutical sector.
• Remuneration of the Executive Board: executive compensation is in accordance with the Compensation Policy and includes benefits, as well as the fixed and variable portions. Variable compensation is composed of multiple salaries and bonuses for achieving targets, which are based on the results of the Company and the business units.
GRI 2-13 | 2-15 | 2-16 | 205-2 | SASB HC-BP-510a.2
Risk management governance is guided by the assumptions and concepts of the COSO methodology, which are internationally recognized and aligned with ISO 31001. These practices are managed by the Company’s Risk and Compliance area. We have risk identification and analysis policies and continuously conduct internal training on risk analysis and the preparation of mitigation plans.
The Company has an Operational and Strategic Risk Map, which considers the impact and probability of a risk materializing. Each risk has a current action plan that is constantly updated in accordance with changes in the Company’s internal and external scenarios. The topic is reported and discussed monthly in the higher committees.
In 2022, we took another step towards mitigating risks in our operations by enhancing remediation plans for key strategic risks as an early response to potential business interruptions.
The Internal Audit and Internal Controls areas carry out an independent and systematic evaluation of the main processes in order to verify that they are in compliance with current legislation and with internal policies and procedures. Audits are also carried out on critical processes, following the Company’s risk classification matrix. In 2022, we identified no relevant material weakness.
Aché’s Code of Corporate Conduct was revised in 2022 with the objective of expressing the Company’s ESG approach and best governance practices in a clearer way.
The document presents our employees and other stakeholders who relate to the Company with guidelines in how to mitigate risk. We use compliance standards when hiring suppliers and employ technical and ethical criteria to ensure transparent competitive aspects.
Our performance in risk management is established by the Three Lines of Defense model (reference: adaptation of ECIIA with Ferma’s Guidance on the 8th EU Company Law Directive), which resulted in a higher level of security in our environment, which enabled business areas, such as Risks and Compliance, Internal Controls and Internal Audit, to operate in an integrated and synergistic manner.
Three tines of defense
Transparency and Integrity
GRI 2-15 | 2-23 | 2-24 | 2-25 | 2-26 | 3-3 | 205-2 | 205-3
We are committed to integrity and the promotion of an ethical, transparent and respectful culture of human rights.
Our operations have controls that are audited both internally and externally, and they are tested by specialist teams that assess the security of the control environment. We have an ombudsman channel that is prepared to receive internal or external complaints about any suspected illegal practices, including corruption. We have a zero tolerance policy in relation to corruption, bribery or any practice that may constitute corporate wrongdoing.
Aché’s Code of Conduct deals with issues that may characterize a conflict of interest and presents the rules and principles of behavior to be adopted by employees and other Company stakeholders.
Revised in 2022, the Code contains important updates on topics such as diversity, inclusion and good governance practices. It also includes new chapters related to suppliers, business partners and service providers, demonstrating how we work with different stakeholders.
The Code of Conduct is aligned with our Way of Being. These principles guide our decisions and reinforce Aché’s image as an ethical, fair, and responsible company, committed to its purpose of bringing a better life to people wherever they are.
There were no cases of corruption in 2022. We continuously reinforce anti-corruption training and campaigns to disseminate our Code of Conduct.We also ensure that the direct communication channel with the Aché Generation is kept active to answer questions about our relationship with employees, doctors, consumers, shareholders and suppliers. It also deals with topics such as conflict of interest, anti-corruption practices, hiring suppliers and receiving gifts. Last year we communicated with all of our employees with regard to our anti-corruption policy. To combat bribery and corruption we also developed specific training for the sales team that deals with the general public and trained 19 people.
Data Privacy
GRI 3-3 | 418-1
Since 2021 we have evolved our information security maturity plan. With the support of a data protection management consultancy firm, we carried out an analysis to ensure the prevention of possible risks and impacts. Based on this, we produced a safety plan, which includes a communication channel with patients, customers and other stakeholders.
We produced our Data Protection Policy in 2022, which emphasizes Aché’s commitment to transparency and respect in its relations with its users. The policy establishes the guidelines to be observed and clarifies the general conditions for the collection, use, storage, treatment, and protection of data on websites, platforms and the Internet. Aché’s Code of Corporate Conduct also has a specific topic on information security, with guidelines aligned with the GDPR.
We have received no warnings or sanctions from external parties and/or regulatory agencies related to the violation of the privacy of customers’ personal data, and we recorded no proven complaints through our service channels.
In the last year we integrated the data protection mechanisms with all areas in the Company, including having the Aché Generation sign an addendum. For the integration we mapped out each area in the company and appointed a GDPR ambassador as a focal point of information. We used an innovative tool called Hacker Rangers to train and engage with these ambassadors.
Ombudsman Channel
GRI 3-3 | 2-25 | 2-26
The management of our Ombudsman Channel is outsourced, which ensures secrecy and impartiality. To speed up the handling of anonymous complaints about irregularities and attitudes that are not aligned with the guidelines of our Code of Corporate Conduct, changes were introduced in the channel management model in 2022. Currently, the complaints we receive are investigated internally by a specialist team and relevant cases are presented to the Ethics Committee to determine the sanction applicable. The indicators so generated are fed back into our training system, which seeks to guide and prevent recurrence.
