Governance

Since 1997, Western Union services have been available in Brazil through a network of Authorized Agents offering the service on behalf of Western Union Canada, a Western Union Group company. Following authorization to operate as a financial institution from the Central Bank of Brazil in May 2011, through Banco Western Union do Brasil S/A, in coordination with Western Union Corretora de Câmbio S/A and other banking correspondents, Western Union can now offer a full portfolio of its products and services to the Brazilian market.

Corporate Governance

Western Union’s corporate governance structure is responsible for defining strategies and making decisions, ensuring sustainable value generation for the institution and society as a whole.

Governance and Risk Management Structure

Western Union adheres to sound corporate governance practices, adopting transparency, accountability, honesty, and corporate responsibility as its main guidelines. This ensures shareholders have strategic control over their management and oversight of their internal processes. The main tools that ensure management control are:

Risk Committee

Compliance with the principles of good corporate governance begins with the Risk Committee, whose objective is to provide for adequate integrated risk management and good corporate governance practices, as well as define the risk management strategy and assess risk appetite levels. All directors, superintendents and the president of Banco Western Union do Brasil S/A. and Western Union Corretora de Câmbio S/A. are part of the Risk Management Committee. It is the responsibility of this Committee:

• To supervise the activities and performance of the CRO;
• To supervise compliance, by the institution’s managers, with the terms of the RAS;
• To assess the degree of adherence of the risk management structure processes to the established policies;
• To approve, review and monitor the Institution’s risk appetite;
• To approve new products and services and review existing ones, when there is any critical change;
• To monitor Operational and Socio-environmental losses;
• Monitor and follow up on Audit and Regulatory points, in general;
• Formally discuss emerging risks;
• Disseminate the culture, doctrine and standards of Integrated Risk Management and Operational Risk;
• Approve policies and procedures, related to requirements arising from current regulations;
• Analyze quarterly risk reports and annual internal control reports.

Consumer Protection, Fraud and Intermediaries Committee

This Committee is responsible for evaluating customer complaints, forwarded to the Customer Service and Ombudsman’s Office, and fraud, in addition to the monitoring process based on performance and quality indicators.

Compliance, PLD and Ethics Committee

The Compliance, AML and Ethics Committee aims to ensure the implementation of the Compliance, Prevention and Combat of Money Laundering Program and the Institution’s Code of Ethics, discussing related matters necessary for their full implementation.

Western Union Code of Conduct

The Western Union Code of Conduct emphasizes the spirit with which employees uphold the company’s values. While no document can replace informed decision-making by our employees, the Code provides guidance in promoting honest and ethical conduct. It defines the expectations we have for ourselves and our businesses around the world, and guides us on how to recognize and address ethical issues, and what resources are available when needed.

Commercial Committee

Its objective is to detail the area’s activities, aligned with Western Union Corretora de Cambio S/A’s plan for developing business in the region, following Western Union Corretora de Cambio S/A’s policies and procedures and the guidelines of the Central Bank of Brazil and other regulatory bodies. The commercial committee includes all directors, superintendents and the President of Banco Western Union do Brasil S/A and Western Union Corretora de Cambio S/A, as well as Western Union Corretora de Cambio’s commercial consultants. The commercial committee is responsible for:

• Proposing, on a bimonthly basis, recommendations to the Executive Board on Commercial area matters related to its responsibilities;
• Defining the area’s strategy;
• Evaluating the degree of adherence of the area’s processes to established policies;
• Keeping records of its deliberations and decisions;
• Reviewing existing products and services when there is any critical change;
• Monitoring operational losses;
• Monitor and follow up on Audit and Regulatory issues in general;
• Formally discuss emerging risks;
• Promote the Company’s long-term success and ensure its sustained competitiveness in a manner consistent with its fiduciary responsibilities, which is exercised in the best interest of the Company, its shareholders and other stakeholders.
• Approve policies and procedures related to requirements arising from current regulations;
• Analyze quarterly risk reports and annual internal control reports.

Política da Segurança Cibernética

1. In addition to its Information Security Policy and the global Cybersecurity program, Western Union Corretora de Câmbio S.A. and Banco Western Union do Brasil S.A. (together, “WU Brasil”) establish in their Cybersecurity Policy (“Policy”) a cyber defense guide, with the aim of ensuring that its services and the information present in its environment and in the environment of third parties have the best applicable protection treatment against virtual attacks, information leaks, criminal organizations and accidents. The Policy aims to define the main guidelines for implementing and maintaining a cybersecurity management process in order to guarantee the protection, maintenance of privacy, integrity, availability and confidentiality of the information owned and/or under its care, in addition to preventing, detecting and reducing vulnerability to incidents related to the cyber environment.
2. The Policy is the responsibility of the Information Security area SIRT of WU Brasil.
3. WU Brasil bases its security controls and processes on Western Union’s global information security policies, standards and processes.
4. In accordance with Resolution 4,658/2018 of the National Monetary Council, for the contracting of data processing and storage and cloud computing services, WU Brasil ensures an effective procedure for adherence to the rules set out in the regulations in force through its Internal Policies and Procedures.
5. The management of information security incidents guarantees a response plan for incident scenarios considered in the Business Continuity and Disaster Recovery Plan. The plan guarantees the identification, containment and treatment of the incident and its respective effects, in line with the global incident response process and policy.
6. The business continuity process is implemented through the Business Continuity and Disaster Recovery Security Policy to reduce the impacts and losses of information assets after a critical incident to an acceptable level by mapping critical processes, analyzing business impacts, and conducting periodic disaster recovery tests. This process includes business continuity for contracted cloud services and planned testing for cyberattack scenarios.
7. Through the Cybersecurity Awareness Program, WU Brasil establishes training with minimum frequency and adherence tests for all WU Brasil employees.

Ombudsman

The Western Union Ombudsman’s Office ensures that all customer complaints can be reviewed by a higher authority. That is, after the customer contacts the Customer Service Center, they are handled promptly and appropriately within 10 business days. The data collected and analyzed should serve as the basis for correcting problems, helping to identify areas where the company needs to improve, whether to remain competitive or to protect its image, reputation, and customer rights.