B3 S.A. - Bolsa, Brasil, Balcão recently issued a second report on listed companies to adapt to Novo Mercado´s regulations, focusing on the obligations that will come into force in 2021. In the report, 121 companies listed in the Novo Mercado segment were reviewed.

Companies must fully implement the changes by the time of the general meetings to be held in 2021 (to approve the results for the 2020´s fiscal year). The deadline applies solely to companies that were already listed in the Novo Mercado segment by January 2, 2018. Those companies who joined the Novo Mercado after such date must be in compliance with the new rules as of their listing.

As in its first report issued in February of 2019, B3 pointed out that several companies have not yet made all the changes required (both reports may be found at the b3 website). It is clear, therefore, that B3 is regularly monitoring the implementation of the changes required by the regulations of its premium segment, in which there is a higher bar for corporate governance standards.

In this article, we provide some guidelines on how to adapt in order to comply with the regulations requirements.


Changes in corporate bylaws

Companies need to adapt their bylaws to provide for the board of directors’ composition with at least two independent directors or 20% of the members of the board of directors, whichever is greater (it is mandatory that the independence criteria be in accordance with the new regulation requirements).

Companies will also have to adjust the provisions on transfer of control (articles 37 and 38 of the Novo Mercado Regulation), withdrawal from the Novo Mercado segment (articles 42 to 45 of the Novo Mercado Regulation), arbitration (articles 39 and 40 of the Novo Mercado Regulation), and some other items provided for in the Novo Mercado Regulation.

Official letter 618/2017-DRE issued by B3, is quite useful in the process as it describes examples of provisions that comply with the new regulation. It is available at B3’s website.

As a rule, companies that have gone through the adaptation of their bylaws have adopted the provisions contained in said official letter or have opted for a similar wording as indicated by B3.

Management evaluation

In accordance with article 18 of the Novo Mercado regulation, companies must structure and disclose a process for evaluating their management (board of directors, board of executive officers and committees). In order to comply with this requirement, it is necessary to indicate the management evaluation mechanisms as per item "d" of section 12.1 of the Reference Form.

In general, companies have been quite succinct in the description of their evaluation process. Some choose to describe them by body (below is an example relating to the board of directors):

"The Board of Directors is subject to an evaluation process. It is annual, formal, and structured, conducted by the chairman of the body, and includes two dimensions: global performance by the board of directors and individual performance among its members.

In relation to global performance, the evaluation criteria are grouped into four categories: a) strategic focus of the board; b) knowledge and information about the business; c) independence of the board; and d) organization and operation. In the individual evaluation among members, the items for evaluation are grouped into the following categories: a) impartiality, b) effective contribution to the decision-making process, and c) assertiveness.

The purpose of the process is to facilitate the pondering and a structured discussion over the actions for continuous improvement of the Board of Directors' performance, systematically improving the body's efficiency. The first stage of the process is an individual reflection by each member regarding the board, recorded through a questionnaire. Then there is a consolidation of the individual notes and a conversation between each member of the Board of Directors and its chairman, who conducts interview and feedback processes. The results are consolidated and discussed at a board meeting, which then establishes an action plan for any improvements."

Other companies, as in the example below, describe a joint evaluation for all management bodies:

"The performance evaluations of the management and advisory bodies, as boards, are performed annually, after review and recommendations made by the Corporate Governance Committee to the Board of Directors, contemplating various issues related to the functioning of such bodies during the period under analysis, including the quality of participation and performance. The purpose is to identify opportunities to improve the functioning of the bodies. The evaluations are performed through interviews with the members of each body and the main executives of the company, who also perform a self-evaluation with respect to their performance in the exercise of their functions, without, however, individually evaluating the other members of management and/or other bodies. The company uses the results of these evaluations in the continuous improvement of its corporate governance structure, including the functioning of the Board of Directors, therein making the adjustments necessary so that its practices are always in line with the best local and international practices. The company has already carried out an evaluation of its management in 2019, and there was a discussion with the Board of Directors in May of this year. No outside consulting or advisory services have been engaged by the company related to the subject-matter of this item “d.”

Auditing Committee

Companies must establish an Auditing Committee in accordance with article 22 of the Novo Mercado regulation. The duties of this committee should be exercised in practice by the body, contributing to the corporate governance of the company.

Within the scope of B3’s supervision, however, the evaluation of the adoption of the Auditing Committee is only performed formally, by confirming the description of its operation and responsibilities (according to items 5.1 to 5.4 of the Reference Form), as well as its composition (items 12.5/6 and 12.7/8 of the Reference Form).

The companies that have already established an Auditing Committee generally sought to reconcile their duties with those of the Internal Audit and Compliance areas, which are also related to the company's risk management (and which are required by the regulation).

As a rule, companies have chosen to assign to the Auditing Committee the functions of supervision and risk assessment, as per the examples below:

"Auditing, Risk Management, and Finance Committee: mission to oversee the implementation of internal and external auditing processes, mechanisms, and controls related to risk management; the consistency of financial policies with strategic guidelines; and the risk profile of the business units, also overseeing the review of financial statements and information released to the market."

"Lastly, the Auditing Committee, the body of the company's governance structure responsible for assessing the effectiveness and sufficiency of the internal controls and risk management structure, considers that the procedures aimed at increasing the effectiveness of the internal controls and risk management processes currently adopted are adequate, according to the Auditing Committee Report disclosed in the Financial Statements of December 31, 2018."

The regulation requires that the Auditing Committee: (i) have autonomy and budget approved by the Board of Directors; (ii) have a coordinator indicated in the Reference Form; (iii) have internal rules (the full text of which must be made available on the CVM’s IPE Online system); (iv) have the minimum responsibilities and composition stipulated by the regulation; (v) release a report at least once a year on its main subjects and recommendations; and (vi) report its activities on a quarterly basis to the Board of Directors and the Company must publish the minutes of the Board of Directors' meeting in which such information is analyzed.


Audit Department

Another obligation related to the audit structure is the creation of a specific department to perform this function in the company (article 23 of the regulation).

To confirm the implementation of this structure, B3 will also evaluate items 5.1 to 5.4 of the Reference Form. As a rule, companies have chosen to describe the Audit department as the one responsible for performing operational activities related to risk assessment and to provide to the Auditing Committee and the Board of Directors the information necessary to improve management tools. The Internal Audit department has also been assigned the role of monitoring complaints or other activities carried out in cooperation with the Compliance teams:

"The scope of Internal Audit is (i) to issue an opinion on the conformity of the processes; and (ii) to investigate processes in cases of complaints, with reporting to the Auditing Committee, an advisory body to the Board of Directors.”

"Internal Audit Board, reporting to the Auditing, Risk Management, and Finance Committees, responsible for carrying out work on different business processes, in accordance with the audit plan validated annually by the committee.”

"The company also has an Internal Audit Board, subordinated to the Auditing Committee (body of the Board of Directors), which serves in the independent evaluation of the processes and investigation of potential violations."

"Audit Board: its mission is to provide the Board of Directors, the Auditing Committee, and the Board of Executive Officers with independent, impartial, and timely assessments of the effectiveness of the risk management and governance processes, as well as the adequacy of internal controls and compliance with the rules and regulations associated with the operations of the company and its subsidiaries. Internal Audit functionally reports to the Board of Directors and the Auditing Committee, and the Auditing Committee is responsible for periodically evaluating the performance of the Audit Officer, after hearing the considerations of the Board of Executive Officers."

Under the terms of the sole paragraph of article 23 of the Novo Mercado regulation, the company may engage an auditor registered with the CVM to perform this function, in lieu of the obligation to create it internally.

Compliance, internal controls, and corporate risks

B3 assesses compliance with this requirement based on an analysis of items 5.1 to 5.4 of the Reference Form, in which companies describe their Compliance departments with the following functions:

"Compliance: assist in the fulfillment, compliance, and application of internal and external regulations imposed on the company's activities.”

"Compliance Board, subordinate to the Legal and Compliance Vice-Presidency: responsible for the compliance program against corruption and bribery, applied and updated according to the characteristics and current risks of the company's activities."

Under the terms of B3's regulation, the functions of Compliance, internal controls, and corporate risks cannot be accumulated with operational activities (among others, those conducted by the legal, controllership, internal audit, and investor relations areas are considered non-operational activities).


Disclosure of policies and rules required by the regulation

The Novo Mercado regulation, in different articles, require companies to present certain policies, codes, and regulations, as indicated below:

  • Internal rules of the Board of Directors (article 25)
  • Internal rules of the Auditing Committee and other committees (article 22, II, and article 25)
  • Internal rules of the Auditing Committee (article 25)
  • Code of professional conduct (article 31)
  • Remuneration policy (article 32, I)
  • Policy for appointing members of the Board of Directors, its advisory committees, and executives under the bylaws (article 32, II)
  • Risk management policy (article 32, III)
  • Related parties transaction policy (article 32, IV)
  • Securities trading policy (article 32, V)

The existence of policies, codes, and rules is evaluated by B3 based on documents made available by the companies on the CVM portal through the Empresas Net system.

Each company prepares these documents to meet the minimum requirements of the regulation and adapt it to its own reality. For companies that still need to prepare these documents, there are good examples available for consultation on the CVM’s system.



The preparation of regular reporting demonstrates the importance that B3 has been giving to the issue, as well as its initiative to guide and assist companies in the process of compliance with the regulation. It is expected, therefore, that compliance with the provisions will be subject to intense monitoring by B3.

In this sense, companies should pay special attention to the changes, even if such changes provide a reasonable grace period for companies to adapt. It is important to emphasize that structural changes required to meet the obligations of the regulation are not always easy to implement. One example of the implementation of internal audit and compliance departments, which needs to be evaluated outright, as it may require a separate budget and hiring of specialized personnel.