Doing Business in Brazil

5. Corporate Governance



Corporate Governance is the system by which companies and other organizations are directed, monitored, and encouraged, involving the relationship between partners, board and controlling bodies and other interested parties.

Best Corporate Governance practices convert basic principles into objective recommendations, aligning interests with the purpose of preserving and optimizing the organization’s long-term economic value, facilitating its access to resources, and contributing to the quality of the organization’s management, its longevity, and the public welfare.

In short, Corporate Governance is the sum of corporate practices that aim to sustain the organization’s activities at all levels, in order to add value to its capital and mitigate risks.

Knowing and/or revisiting the best Governance practices, carrying out an integrated vision with Risk Management and Compliance is essential to ensure both good corporate administration and to inhibit and deal with deviations and illegal acts committed through the structures of organizations.

The expression “Corporate Governance” gained strength in Brazil in the 1990s, with the founding, in 1995, of the Brazilian Institute of Corporate Governance (initially called the Brazilian Institute of Boards of Directors), publishing its first version of the Brazilian Code of Best Governance Practices Corporate in 1999 (currently in its 5th edition), following the example of the OECD, which in the same year published its first version of the Corporate Governance Principles of the G20 and the OECD.

Such publications help decision makers to assess and improve the legal, regulatory, and institutional framework for corporate governance, and also provide guidance for stock exchanges, investors, corporations amongst others with a role in the process of developing good governance. of companies. Still, they seek to encourage the conscious and effective use of governance instruments, focusing on the essence of good practices, explaining the importance of ethics in business.

Corporate Governance is grounded on four principles: 

(i) Transparency, as the desire to make available to interested parties’ information that is of interest to them;

(ii) Equity, as the fair treatment of all partners and other interested parties;

(iii) Corporate Responsibility, as the pursuit of sustainability; and

(iv) Accountability, as holding agents accountable.

Corporate Governance had its beginning only and solely focused on the corporate and investor relations aspects of a company. However, its four pillars were extended to other specific areas of the companies, such as Information Technology, Contracts, also serving as a basis and impulse for issues related to Risk Management, Compliance and Ethical Channels.


Governance Bodies

For efficient Corporate Governance, it is necessary for companies to maintain an infrastructure composed of bodies, areas and regulations that ensure an effective system of checks and balances in the organization:

  1. General Meeting/Shareholders Meeting;
  2. Advisory Board;
  3. Board of Directors;
  4. Fiscal Council;
  5. Executive Board;
  6. Governance or Board Secretariat;
  7. Board Committees (Sustainability, Risks, People, Audit and others); It is
  8. Management Committees.


Strategic Planning and Corporate Governance 

It is a plan developed and thought out to bring a comprehensive risk analysis of the company, with the approval of Senior Management. In this sense strategic planning refers to:

  1. long-term organizational performance and effects;
  2. decisions in the best interests of stakeholders; and
  3. creation of value in a sustainable and shared way, through high standards of governance. 

The implementation of a good governance system, as an organizational strategy, refers to the diagnosis of the current situation and mapping of governance gaps, through the steps of a work plan that should identify the main critical points of the organization’s governance. 


This assessment should include:

  1.  a quantitative approach: objective indicators based on governance code recommendations, best practices, internal guidelines, among others, for a structured understanding of the evolution of the internal governance environment); and
  2. a qualitative approach: structured diagnosis, interviews with leaders, key themes, understanding critical points, carrying out benchmarking, strengths and opportunities for improvement). 

An important initiative within strategic planning is the creation of a governance agenda, by defining practices to be implemented in the short, medium and long term, initiatives to be developed, benefits and costs associated with identified gaps, assessment of the internal environment and external and ethical and organizational culture in force.


Positive Governance Agenda – Brazilian Institute of Corporate Governance (“IBGC”):

  1. Ethics and Integrity: It is a moral imperative – and a decisive factor for business continuity – that the leaders of organizations promote a culture of integrity, in which people practice trust, respect, empathy and solidarity; 
  2. Diversity and Inclusion: A corporate culture based on diversity and inclusion, in addition to ensuring a fundamental human value – respect for diversity – is a permanent source of creativity and longevity. Leaders must act with urgency and commit to ensuring fair treatment and equal opportunities for all, particularly in promoting gender and race equity; 
  3. Environmental and Social: The performance of leaders in the management of environmental and social impacts must go beyond the institutional agenda. It is essential to integrate these issues into the business model and promote the organization’s articulation with the various sectors of society; 
  4. Innovation and Transformation: Innovation must be the basis of a vision of the future that aims at the sustained development of the organization. Leaders must make decisions consistent with the purpose and strategy of the business, manage process risks and have the discipline to reap the results of actions at the right time and generate value for all stakeholders; 
  5. Transparency and Accountability: Leaders must promote transparency and accountability for their actions based on an open dialogue with the different stakeholders, identifying their interests and expectations, in order to obtain more confidence and better results; 
  6. Boards of the Future: In order to act as agents of transformation and catalysts for the adaptability and agility of organizations, boards must be composed with greater focus on diversity and socio-emotional skills. Willingness to question, listen actively, respect other views, dare, unlearn, and relearn are essential conditions for exploring new ways of generating value and enabling the necessary transformations.


ABNT NBR ISO 3700:2022 Standards – Corporate Governance

The norms under discussion aim to provide guidance on principles of governance and long-term sustainability, which are:

  1. Purpose: Reason for existence of all perspectives;
  2. Value creation: The elements that make up the creation and generation of value necessary to fulfill the purpose;
  3. Strategy: Direct and engage strategies according to the value generation model;
  4. Supervision: Oversee organizational performance and ensure that the organization meets all expectations;
  5. Rendering of Accounts: To be responsible due to the mandate given to it; 
  6. Stakeholder Engagement: Engage and meet expectations;
  7. Leadership: Ethical and effective leadership arrangements;
  8. Data and decisions: Data as a resource for decision-making;
  9. Risk governance: The effect of uncertainty on organizational purpose and strategic outcomes; 
  10.  Social Responsibility: Transparent decision-making aligned with broader societal expectations;
  11. Viability and performance over time: Viability over time without compromising current and future generations.


Corporate Aspects applied to Corporate Governance

In the Brazilian legislative and regulatory scenario, when dealing with corporate aspects, in addition to the Civil Code itself, the Brazilian Corporation Law, 6,404/76, must be observed, given that it establishes, for example: 

  1. in its article 109, item III, that the right of inspection constitutes an essential right of the shareholder; 
  2. in its article 133, mandatory for companies to make available to shareholders, annually, some documents that reflect their operations (management report, financial statements and opinions of the independent auditors and the Fiscal Council); and
  3. in article 294, that companies with shareholders’ equity in excess of BRL 1,000,000.00 must publish their financial statements. 

As good practices of Corporate Governance, the regulation of the Brazilian Securities and Exchange Commission (CVM) for publicly traded companies are pointed out, all this without prejudice to the elaboration of internal regulations, agreement of partners/shareholders, creation of committees, such as audit, with emphasis on the creation of a governance secretariat, in order to improve the control system adopted by the company, all in compliance with current legislation.

One more example of the importance that the Brazilian market attaches to good Corporate Governance practices is the creation, by B3 (Brasil Bolsa Balcão) of listing segments with different levels of Corporate Governance — Novo Mercado, N2, N1 and Bovespa Mais— and the sustainability indices — Corporate Governance Index (IGC), Corporate Sustainability Index (ISE) and Carbon Efficient Index (ICO2). 

In turn, the CVM regulates the effectiveness of the fundamental principles of Corporate Governance, for example:

(i) with CVM Instruction 555, which provides for the publicity of acts of incorporation, administration, operation and disclosure of investment funds;

(ii) with CVM Instruction 476, which provides for public offerings of securities distributed with restricted efforts;

(iii) with CVM Instruction 578, which provides for the constitution, operation and management of Equity Investment Funds, establishing Corporate Governance rules to be followed, such as the establishment of a unified mandate of up to two years for the entire Board of Directors , when existing.



Exercising the role of inspection and control of good governance practices, we have internal and external control bodies, the latter composed of companies specifically contracted for this purpose.

Controls are all the policies and procedures adopted by organizations with the aim of mitigating risks and improving internal processes, with a focus on prevention, continuous review and updating, with a view to protecting the company’s assets and reputation, providing adequate information, generating reliability, promoting operational effectiveness and adherence to applicable laws and regulations.


There are different types of controls: 

  1. preventatives regarding unwanted outcomes and reducing the possibility of occurrence and rapid detection;
  2. detectives in relation to facts that have already occurred;
  3. corrections of the effects of an undesirable fact and the causes of the detected risk;
  4. directives or orientations in order to provoke or encourage the occurrence of desirable facts;
  5. compensating for control weaknesses in key areas.

In this sense, Compliance rules and procedures are an essential part of good Corporate Governance. From the English verb “to comply”, which means to comply, execute, satisfy, adhere to, comply with something or in accordance with something, such as complying with legislation and regulations, complying with the Code of Conduct, being in compliance with compliance with the Organization’s Specific Policies, comply with the company’s image protection and integrity standards.

As success factors for a compliance program and consequently the strengthening of good Corporate Governance practices we can mention the top down culture, the ability and willingness to control external events, understanding the existence of vulnerabilities, adequate internal controls, monitoring, awareness and training.

Obedience to the principle of Corporate Governance integrity ensures that companies are aligned with their strategic objectives; adaptation to the external and internal legal and regulatory environment; standards of ethics, conduct, sustainability and transparency; culture of controls aligned with the organization’s vision, mission and values; risks mapped and controlled; formalized policies and procedures; protection against loss, fraud and abuse; anticipation and response to crisis situations; trained employees; protection of the executive board; enhancement and protection of the brand, image and reputation with stakeholders; greater competitiveness and attractiveness of the business; appropriate practices with customers, products and services.


Data Governance and Protection

In addition to Corporate Governance applied to corporate and regulatory, anti-corruption and compliance aspects, the adoption of technologies and the intensive use of the internet by companies made it necessary to apply the concepts of Corporate Governance to Information Security, which we will call Corporate Governance IT (Information Technology), which consists of a set of rules, methodologies and practices, but applied to the company’s technology scenario.

Implementing risk management plans for technology adoption requires board and executive involvement for approval. However, sometimes the board members do not have the necessary expertise, resulting in the need for an IT Governance figure.

Among the standards that regulate IT Governance is ABNT NBR ISO/IEC 27014:2013, prepared by the Brazilian Committee on Computers and Data Processing, which provides guidance on concepts and principles for information security governance, through which organizations can evaluate, direct, monitor and communicate activities related to information security within the organization. 

This standard deals with the desired results for efficient IT Governance: 

  1. top management visibility into the information security situation;
  2. agile approach to decision making on information risks;
  3. efficient and effective investments in information security; and
  4. compliance with external requirements (legal, regulatory or contractual).

Enacted in 2018 and effective in 2020, the General Law for the Protection of Personal Data – Law 13,709/2018 – (“LGPD”) provides for the protection of personal data and requires strict control over the personal data that companies store, determining in its articles 50 and following the Rules of Good Practices and Governance. 

LGPD also requires the position of the Data Protection Officer, as well as provides that the controller will be able to implement a privacy governance program that, at least: 

  1. demonstrates the controller’s commitment to adopt internal processes and policies that ensure comprehensive compliance with rules and good practices related to the protection of personal data;
  2. is applicable to the entire set of personal data under its control, regardless of how it was collected;
  3. be adapted to the structure, scale and volume of its operations, as well as the sensitivity of the data processed;
  4. establish adequate policies and safeguards based on a systematic assessment process of impacts and risks to privacy;
  5. has the objective of establishing a relationship of trust with the holder, through transparent action and which ensures mechanisms for the holder’s participation;
  6. is integrated into its overall governance structure and establishes and enforces internal and external oversight mechanisms;
  7. have incident response and remediation plans in place; and
  8. is constantly updated based on information obtained from continuous monitoring and periodic evaluations.


The Role of Governance in the ESG Agenda:

ESG (Environmental, Social and Governance) can be seen as a development or improvement of the initial concepts applied by Compliance, when it emerged as a corporate concern, that is, at first, the Compliance areas, emerged as multidisciplinary teams to adjust the processes of companies, notably linked to compliance with legislation and adequacy of policies to cogent norms and which, once sedimented, develop into genuine concerns about going beyond legal compliance, seeking solutions, preventing and even anticipating needs and social trends and environmental, enabling corporate responsibility through governance structures precisely structured by the Compliance pillar.

In this sense, Corporate Governance, already largely based on Compliance, plays a fundamental role in the ESG agenda, acting:

  1.  understanding of vulnerabilities;
  2.  in the assessment of hybrid risks (energy, water scarcity, food, pandemics, etc.);
  3.  as an active actor in prevention;
  4.  with intense board participation and the support and involvement of all senior management;
  5.  guided by transparent dialogue with all stakeholders;
  6.  focused on materiality (identifying relevant metrics for the business);
  7.  creating action plans connected with the operational, financial strategy;
  8.  ESG risk management integrated with the business; and
  9.  disseminating the ESG culture in the operation and indicator criteria.


Final considerations

We have that the Corporate Governance systems have been evolving over time, and constitute true living and dynamic systems, since they adapt and transform as the characteristics of the markets change, not only the Brazilian market, but also the legislation Brazilian market and market regulators recognize good Corporate Governance practices as an essential ingredient for the success of companies.

Additionally, not only publicly held companies envision advantages from the application of good Corporate Governance practices. There is a whole movement of smaller companies towards the adoption of good governance practices to achieve the perpetuity and sustainability of the businesses, with a view to organizing all their sectors and areas.

In other words, the Brazilian market sees Corporate Governance as something capable of helping companies to resist the passage of time and cross generations with the same health and with the same good impetus that led them to be constituted.

Transparency, equity, social responsibility and accountability are principles of Corporate Governance, but they can be applied, without contraindication, in any type of relationship: business, political and even personal.

Brazil also recognizes this holistic dimension of Corporate Governance, which takes the form of a behavioral and educational example not only for companies, but for the main raw material common to all of them: the human being; endowed with flaws, ambition and aggressiveness, but which, inserted in a transparent, upright and accountable environment, is capable of surprising results, functioning as propelling agents and socioeconomic transformers.

We evolved and are building in Brazil, through the dissemination and assimilation of good Corporate Governance practices, healthier and safer environments for doing business in the country, as well as more qualified and skilled professionals to face the challenges of everyday business in an environment globally integrated and digitized.

Good Corporate Governance practices show reliability, which generates credibility for companies, ensuring healthier and safer environments for doing business in the country, as well as professionals who are more qualified and able to face challenges and guarantee reputation and compliance.

Author: Renata Assalim Fernandes Souza – Coordinator of the Contracts and Compliance Area at De Vivo, Castro, Cunha e Whitaker Advogados.

De Vivo, Castro, Cunha, Ricca e Whitaker Advogados

Rua Leopoldo Couto de Magalhães Jr., 758
9º e 10º andares – Itaim Bibi
04542-001 São Paulo – SP
Tel.: (11) 3048 3266
E-mail: [email protected]