Since 2005 several initiatives have been adopted to ensure the best practices in Corporate Governance, among these worthy of mention: independent Members in the Board of Directors, different executives occupying the Chairman and the CEO positions, a permanent Fiscal Council, a People Committee, Social Entrepreneurial Responsibility and Sustainability Committee, the Manual for Participation in Shareholders’ Meetings, dedicated internal charters for the Board of Directors, Fiscal Council, Committees and Executive Officers, mechanisms for the formal appraisal of the Board of Directors, Chairman of the Board, Executive Officers and the Committees and the creation of the post of Company Secretary to the Board of Directors.
Inside Corporate Governance there are specific departments such as: Compliance – created in 2010 to ensure alignment with the guidelines of regulatory bodies for financial products and its scope was expanded in 2016 for Corporate action, with a more strategic coverage and serving all the subsidiaries of Lojas Renner; Legal – this department coordinates and monitors topics related to regulations and laws in force; Loss Prevention – this department has the purpose of ensuring full operation of the Loss Prevention Program, assisting in management and acting in the prevention and reduction of losses caused by unlawful acts and administrative and operating mistakes. These departments jointly oversee the decision making process through the integrated assessment of risks and their respective impacts.
Furthermore, it is also important to mention the Investor Relations department – which establishes the relationship with the stock market and interacts on a daily basis with every company investor and shareholder. The company periodically monitors the performance of businesses and transactions in order to prevent threats that may compromise the good results of business. Risk management processes are integrated into the Corporate Governance system (see chart) and include internal audits and external audits.
In 2015, we celebrated ten years as the first corporation in Brazil, with 100% of its shares traded on the stock exchange, in accordance with the best international practices of corporate governance. Still in 2015, the Company’s Board of Directors approved two important policies: firstly, Related Parties, establishing rules for ensuring that decisions involving related parties and situations with a potential conflict of interests, be adopted in view of the interests of Lojas Renner and its shareholders. Secondly, in relation to Governance, Risks and Conformity in order to improve the organization’s performance through the identification of opportunities for gains and a reduction in the probability and/or impact of losses, establishing greater rigor than compliance with the standard regulatory requirements alone.
In 2016, Renner continued to observe the most advanced practices of Corporate Governance. Among these, it implemented a series of improvements to its Manual for Participation in Shareholder Meetings, a document aligned with international practices for proxy voting.In 2017, Renner continued to update its Corporate Governance practices through various studies encompassing B3’s Novo Mercado Listing Regulations, the Brazilian Corporate Governance Code as well as other domestic and international practices. Also, with the intention of contributing to the further development of the strictest Corporate Governance segment in the Brazilian capital markets, the Company discussed during a series of public hearings jointly with B3, changes to the Novo Mercado Listing Regulations, at the end of which, voting in favor of the Basic Regulation proposed and the four rules put forward by B3. In 2018, the Company revised its entire system of Corporate Governance wherein new practices were adopted such as individual elections to the Board of Directors, while other existing practices were refined. Lojas Renner was the first Brazilian corporation to publish the “Report on the Brazilian Code of Corporate Governance”, and with just two items to be explained among the 54 in the document. Also in 2018, the Company created the Corporate Governance Area, to support the corporate governance activities, attending and relationship with shareholders and proxy voting agencies, including for the matters relating to meetings as well as proposing and implementing corporate governance processes, always promoting the best practices.
The Board of Directors’ critical analysis of defense mechanisms in the Company’s Corporate Bylaws
As is common knowledge, in 2005, the Company became the first listed joint stock company to have all its shares traded on the stock exchange. Consequently, from then on, it ceased to be a company with controlling shareholders, adopting the model which is characteristic of major North American corporations in this respect.
In 2005, there were no Brazilian benchmarks to give comfort to the Company and its shareholders as to this new corporate model. The inclusion of a poison pill clause in the Corporate Bylaws such that a shareholder acquiring a 20% or more stake would have to make a public offering of shares (POS), was one of the ways of guaranteeing to remaining shareholders that there would be no significant changes in the company. And in the event that such a contingency occurred, the shareholder would not be harmed since the offer would have to be extended indistinctly to all holders of Renner’s equities at already predetermined terms and prices. In this context, the provisions to articles 39 and 40 of our Corporate Bylaws favor the maintenance this structure.
It is the view of this Body, that the totally dispersed capital stock model contributes greatly to ensuring that the Company continues its constant search to be a benchmark for best corporate governance practice. There are several examples of Renner’s pioneering initiatives in this respect: we were the first Company in Brazil to put out a Manual for Participation in Shareholders’ Meetings, the first to issue a Public Request for a Power of Attorney pursuant to the rules of ICVM 481/09 and, for some years now, no longer requiring signatures on powers of attorney to be notarized/consularized. We also have a large number of independent directors with seats on the Board, a percentage much higher than is mandatory under Novo Mercado Listing Regulations.
Furthermore, it is worth pointing out that the Company is not insensitive to eventual criticisms of this poison pill mechanism and more especially, its trigger of 20% or more of the capital stock, such criticisms being made to the effect that this percentage could be increased as an incentive for those institutional shareholders believing in the Company to increase their stake. However, while this issue, not uncommonly, is the subject of discussions at Board level where due consideration is given to eventual shareholder wishes, the overriding opinion is that it is healthy to maintain a high degree of liquidity through the existing widely held corporate model.
To the present time, the sentiment of this Board is to endeavor to maintain the status quo for reasons already mentioned, protecting minority shareholders and guaranteeing a high degree of share liquidity.
In 2000, B3 – Brasil, Bolsa, Balcão implemented three special listing segments known as Levels 1 and 2 of Differentiated Practices of Corporate Governance, and the Novo Mercado (New Market). The purpose was to create a secondary market in securities issued by open capital Brazilian companies that adhere to the best practices of corporate governance. The listing segments are designed for the trading of equities issued by companies that voluntarily undertake to comply with good corporate governance practice and stricter requirements for disclosing information in relation to those already required by Brazilian corporate law. In general, these rules enhance shareholder rights and improve the quality of the information supplied to the shareholders.
Renner’s shares are traded on the Novo Mercado. The Novo Mercado is a special segment of B3 – Brasil, Bolsa, Balcão´s equity market destined exclusively for companies that meet the minimum requirements and agree to adhere to the differentiated corporate governance rules. The following items summarize the principal points characterizing the Novo Mercado and are applicable to the Company:
- the capital stock must be held exclusively in common shares;
- the Company’s free float (shares trading in the market) represent at least 25% of the capital stock (and may not be held by the controlling shareholder);
- the same conditions applicable to the controlling shareholder, including the same price in the disposal of the Company’s control, irrespective of whether this is in the form of successive sales or otherwise, shall be extended to minority shareholders (“tag-along”);
- establishment of a one-year unified mandate for the entire Board of Directors, which must have at least five members;
- cash flow statement in the ITRs and in the annual account statements;
- as from the second fiscal year following adhesion to the New Market rules, disclosure of account statements also in English and according to US GAAP or IFRS standards becomes mandatory;
- the corporate calendar of events shall be announced annually;
- in case of exit of the company from the Novo Mercado, a public offer for the acquisition of shares (“OPA”) at fair value, and at least 1/3 of the holders of the outstanding shares must accept the “OPA” or agree to segment;
- the obligation to hold a tender offer at the economic value as a condition for delisting from the Novo Mercado;
- monthly disclosure of the trading of securities issued by the company by the controlling shareholders;
- installation of Internal Audit area, Compliance function and Audit Committee (statutory or non-statutory);
- adhesion to the Market Arbitration Panel.
- preparation and dissemination of policies of (i) remuneration; (ii) appointment of members of the board of directors, its advisory committees and statutory board of executive officers; (iii) risk management; (iv) transaction with related parties; and (v) securities trading, with minimum content (except for the remuneration policy).
The Brazilian capital markets are regulated by the CVM (Brazilian Securities and Exchange Commission), which has general authority over the stock exchanges and the capital markets, as well as by the CMN (National Monetary Council) and by Bacen (Central Bank of Brazil), which have, among other powers, the authority to license brokers, at the same time, regulating foreign investment and foreign exchange transactions. The Brazilian capital markets are governed by Law 6385/76, Law 6404/76 and instructions, resolutions and other normative acts published by the CVM.
According to Law 6404/76, companies may be open capital – an example being Lojas Renner – or closed capital. A company is deemed to be an open capital company when the securities it issues are authorized for trading on the stock exchanges or on the over-the-counter market. All open capital companies are registered with the CVM and must submit periodical information and reports. An open capital company’s securities are eligible for trading on the Brazilian stock exchanges or on the Brazilian over-the-counter market. The shares of a listed company can also be traded privately with certain restrictions.
The over-the-counter market is divided into two categories: (i) the organized over-the-counter market in which trading activities are supervised by self-regulatory entities authorized for this purpose by the CVM; and (ii) the non-organized over-the-counter market in which trading activities are not supervised by self-regulatory entities authorized by the CVM. In either case, transactions on the over-the-counter market consist in direct trading between persons, outside the stock exchange environment, through the intermediary of a financial institution authorized by the CVM. No special licenses are required other than a CVM registration (and, in the case of organized over-the-counter markets, registration on the specific market itself) for a listed company’s securities to be traded on the over-the-counter market with the proviso that all business conducted on these markets must be reported to the CVM by the respective intermediating institutions.
B3 – Brasil, Bolsa, Balcão may suspend trading in a particular security in anticipation of the announcement of a material fact. Trading may also be suspended on the initiative of B3 – Brasil, Bolsa, Balcão or the CVM for, among other reasons, if there is suspicion that a company has provided inappropriate information with respect to the material fact. Suspension may also be declared where inappropriate replies have been given to any eventual investigation by the CVM or the stock exchange.
Law 6385/76, Law 6404/76 and the regulations issued by the CVM provide for undertakings among others, in respect to the disclosure of information, restrictions on trading based on insider information and price manipulation, as well as protection for minority shareholders.
Trading on the Brazilian stock exchanges by non-residents is subject to certain restrictions according to the Brazilian legislation on foreign investments.
The Joint Stock Companies Law, the regulations published by the CVM and the Novo Mercado Listing Regulations require that a listed company shall supply the CVM and B3 – Brasil, Bolsa, Balcão with certain information on a periodical basis. This information will include annual and quarterly information and quarterly management discussion and analysis reports as well as the report of the independent auditors. These rules also make it mandatory for Renner to file shareholders agreements and convening notices for general meetings together with the minutes of these meetings with the CVM.
In 1967, Renner opened its capital. The B3 – Brasil, Bolsa, Balcão is the principal market for trading the Company’s shares, negotiation of which began in 1972. At an Extraordinary General Meeting held on May 25 2005, the following resolutions were approved, among others: (i) conversion of all company preferred shares to common shares, (ii) the reverse stock split of our shares in the proportion of 253 old shares to 1 new unit of capital; and (iii) the amendment to the Company’s Bylaws to adjust them to B3 – Brasil, Bolsa, Balcão’s requirements for a Novo Mercado listing.
Renner is a benchmark in corporate governance:
- The Company is the first one in Brazil with a free float of 100% in common shares;
- A listing on B3 – Brasil, Bolsa, Balcão’s Novo Mercado;
- Board of Directors with 7, of its seven 8 members, independent directors of the Company;
- Different executives occupying the Chairman and the CEO positions;
- Permanent Fiscal Council;
- Board Administration and Management Committees;
- Alignment of interests of management with those of the shareholders – stock options plan and restricted shares and participation in the results;
- Mechanisms for encouraging diffused shareholding (details in Frequently Asked Questions);
- Mechanism for protecting shareholders in the event of a takeover (details in Frequently Asked Questions).
- Board of Directors and Committees Portals;
- Board and Committees Secretaries;
- Formal Appraisal of the Board of Directors and Executive Officers;
- Corporate policies, like Anti-corruption, Related Party Transactions and Governance, Risks and Compliance Policies.
- Internal regiments(Board of Directors, Fiscal Committee, Committees and Executive Officers);
- Joining the Women on Board (WOB), committing to keep two women on the Board of Directors;
- Corporate Governance Area.
1. How does Lojas Renner S.A. address data security issues?
Data security is one of the pillars of Lojas Renner S.A. and part of the fundamental commitments in the Code of Conduct. The Company has a strong focus on mitigating cyber risks and protecting confidential and personal data. In this context, Renner has a formal Data Security Policy, a formal and disclosed Privacy and Personal Data Protection Policy, two structured areas focused on Cyber Security in the Company, the technique Information Security Area, from the IT board, and the Information Security Risks and Compliance Area, from the Risk board, a multidisciplinary Cyber Risk and Fraud Committee, and the Corporate Compliance area that has a vertical focus on Privacy and Personal Data Protection.
These teams prepare periodic reports for the Audit and Risk Management Committee, all of its members being independent directors.
2. How does Lojas Renner S.A. protect itself from cyber attacks?
One of the risks that has challenged companies most is that of attacks and intrusion by hackers (or crackers).
Renner has several processes for defending itself and involving three principal macro operational structures supported by specialized partner companies: (i) SOC – Security Operation Center focused on the protection at the Internet perimeter level, event correlation and incident response; (ii) Ethical Hacking with repeated penetration testing in the corporate environment; and (iii) Brand Protection, that monitors Lojas Renner S.A.’s leading brands on the Internet.
The Company has a cybernetic risks and technological vulnerabilities management structure as well as having a cybernetic security insurance policy in place since 2020.
3. How does Lojas Renner S.A. protect customer data?
The risk of data leakage is undoubtedly a relevant challenge faced by companies, especially large retailers.
Lojas Renner S.A. places a strong focus on protecting customer data. Since 2012, the Company has recertified annually with the PCI DSS (Payment Card Industry Data Security Standard), a data security standard for organizations that handle branded credit and debit cards (Visa, Master and others) . Renner has also been using data protection techniques for databases and active DLP (Data Loss Prevention) tools to monitor and prevent the leakage of confidential and personal data.
4. How does Lojas Renner S.A. handle the privacy of customer data?
Following the approval of the General Data Protection Law (LGPD) in 2018, the Company has undertaken a Project of adjustment of the processes with operations involving the personal data of customers, employees, suppliers and third parties, establishing an area of Corporate Compliance as responsible entity for the implementation and effective management of the Law’s requirements.
The area has a structure with a focus on privacy and protection of personal data and responsible for a continuous process of disseminating the culture of Privacy in the Company, involving good practices such as use of “Privacy by Design” methodology, which establishes that privacy be thought from conception/origin of any system, process, project, product or any other purpose which involves the handling of personal data. Privacy by Design presents seven foundational principles which guarantee the security of this data in all phases of its life cycle:
1. Proactive not reactive; Preventive not remedial.
2. Privacy as a default setting.
3. Privacy embedded into design.
4. Total Functionality – Positive Sum, not Zero Sum.
5. End-to End Security – Full Life Cycle Protection.
6. Visibility and Transparency.
7. Respect for user privacy.
A hundred employees have also been trained as Privacy Agents, in a range of different areas, which, in short are the link of the business and the Corporate Compliance areas helping the dissemination of the Culture of Privacy in the Company.
5. How does Lojas Renner S.A. manage identities and accesses?
Another challenge is Identity and Access Management (IAM), also known as the “Triple A” of data security: authentication, authorization, and accounting. Risks related to weaknesses in internal controls in this respect are commonly detected by internal and external audits in organizations of all sizes.
Lojas Renner S.A. and partner companies have an employee identity and access management platform covering the most relevant systems and the access accounts. The platform is based on RBAC (Role-Based Access Control) concepts, Single Sign-On, and complementary processes.
6. How does Lojas Renner S.A. address the “security awareness” of people?
Market research indicates that most security incidents are caused by internal staff or third parties who have authorized access to confidential and personal data.
Lojas Renner S.A. believes that its employees and staff from partner companies form the most important link in our ecosystem’s information protection network. Our People corporate value (“hiring, developing and retaining the best people”) underscores this point. In this context, we have a corporate program run jointly with the Human Resources department and focused on education and security awareness, that counts on:
- Information security Plan: the program has information security lectures at integration for new employees held monthly; a week dedicated to information security awareness, called Cyber Week, held annually; an Information Security Program made available online at Renner University (degreed) that employees expect to perform annually; as well as education campaigns on topics such as cyber risks, phishing, care with passwords, information classification, security by design, among others.
- Personal data protection and privacy program: we also have a plan developed with the main points to be observed due to privacy and data protection (LGPD) online at Renner University (degreed). It contains several contents related to the theme and the following tracks:
- the LGPD
- the Advanced LGPD
- the Personal Data Life Cycle
- Privacy by Design