FacilitaPay's Compliance Policy aims to establish and regulate the Compliance Program for the management, mitigation, and control of Compliance Risks.

FacilitaPay has a Compliance Program, which encompasses FacilitaPay's Integrity Program, and aims to ensure FacilitaPay's adherence to legislation, its internal policies, and the requirements of regulatory authorities, supervisors, external agents, and recommendations from the Internal Compliance Area, Head of Compliance, and Senior Management.

FacilitaPay's Compliance Program was structured based on the following principles and guidelines for conducting its activities:

• Risk Management
• Risk Monitoring and Prevention
• Senior Management Support for the Integrity Program
• Dissemination of the Compliance Policy for Awareness and Promotion of Ethical Culture
• Reporting and Remediation and/or Accountability for Occurred Irregularities
• Formalization of Internal Policies and Manuals

As part of risk management, each service or business area must have its functions segregated from others with which it may have conflicts of interest and interdependent operations. This segregation and autonomy are the basis for establishing the line of defense, indicated below:

• 1st line of defense: Commercial and Business Area and Registration Area
• 2nd line of defense: Internal Compliance, Internal Controls, and Risk Management Areas
• 3rd line of defense: Internal Audit Area

Finally, all FacilitaPay employees, including Senior Management, the Head of Compliance, the Internal Compliance Area, the Commercial and Business Area, the Registration Area, in addition to following their specific responsibilities, must ensure faithful compliance with the Compliance Policy and related documents, as well as immediately report via the Whistleblowing Channel any suspicious situation of money laundering, terrorism financing and/or proliferation of weapons of mass destruction, as well as any other cases related to Compliance Risks.