CODE OF BEST CORPORATE PRACTICES - COUNTRY CODE - COLOMBIA Participating entities: ANDI [Asociación Nacional de Empresarios de Colombia – Colombian National Business Association] Asobancaria [Banking Association] Asofiduciarias [Asociación de Fiduciarias de Colombia – Association of Trust Companies of Colombia] Asofondos [Asociación Colombiana de Administadores de Fondos de Pensiones y de Cesantía – Colombian Association of Pension and Severance-pay Funds] Bolsa de Valores de Colombia [Colombia Stock Exchange] Confecámaras [Red de Cámaras de Comercio – Network of Chambers of Commerce] Fasecolda [Federación de Aseguradores Colombianos – Federation of Colombian Insurers] Comité de Emisores de la Bolsa de Valores de Colombia [Issuers Committee of the Colombian Stock Exchange] CAF [Banco de Desarrollo de América Latina – Development Bank of Latin America] Superintendencia Financiera de Colombia [Financial Superintendency of Colombia] 2014 FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 2 CODE OF BEST CORPORATE PRACTICES 2014 COUNTRY CODE INTRODUCTION Background Ever since the Financial Superintendency of Colombia (FSC) published the Code of Best Corporate Practices, through its 2007 External Circular Letter 028, the concern for its actual and effective implementation, by both security issuers and companies at large, remains relevant for the FSC and for other stakeholders of the Colombian business community. Since then until today, there have been remarkable developments in Corporate Governance, both globally and in Latin America, in order to meet new business circumstances. This was particularly true after the world economic crisis, which revealed, among many other things, the deep weaknesses that lingered in the governance of many companies and entities. Today, more than ever, it is evident that Corporate Governance is not an end in itself, which is completed through the implementation of good governance practices through diverse company documents. It must rather be understood as a tool that companies have for adequate management and control amid dynamic and changing processes. Clearly, monitoring the extent of the enforcement of the practices implemented represents a great challenge for companies, supervisors, and investors in the years to come. Several international reports and assessments of Colombia’s standing on diverse worldwide standards1 have highlighted the significant progress that the country has made in concrete Corporate Governance matters in recent times. They have also mentioned areas and possibilities for improvement. Facing this new landscape, the FSC, with the CAF’s financial support, has led a process of discussion with several economic sectors, resource providers, and other representative institutions of the Colombian business environment, in order to update the 2007 Code of Best Corporate Practices. This has been in line with developments on the subject, and has taken as a key referent the CAF’s 2013 publication Lineamientos para un Código Latinoamericano de Gobierno Corporativo [Guidelines for a Latin American Corporate Governance Code]. Indeed, that text, among others that were analyzed, served as a basis for the development of this new Country Code. To attain this objective, the FSC fostered the creation of a Working Table, highly representative of the Colombian securities market and business environment. Such a Table was the vehicle for the discussion processes and the consensus necessary to produce a final Country Code text, which, through its high standards, would create 1 Financial Sector Assessment Program (FSAP); IMF/World Bank Observance of Standards and Codes (ROSC); IOSCO; OECD; Basel Principles, etc. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 3 value for its targets, promote the development of the country’s securities market, and ensure the protection and confidence of investors. It is worth mentioning that the new Country Code illustrates the evolving nature of the Corporate Governance fundamentals, as the OECD has rightly suggested, and the need to adopt them based on the kind of company implementing and enforcing them. Moreover, there is the unavoidable duty to revise them periodically in order to adapt the governance practices to the business environment. In this vein, because the Corporate Governance subjects are dynamic, the FSC and the Working Table that has drafted this Code will have as a task thereafter and permanently, the review of any eventual recommendations. When needed, those recommendations will be implemented or the existing norms modified so that the Country Code will fit the market conditions at all times. Structure of the Code In its formal structure, the new Country Code is similar to its 2007 version. Consequently, it still identifies five (5) major Corporate Governance areas, and within them, thirty-three (33) concrete measures on key governance aspects. For better understanding and progression, some measures are divided into several recommendations, which are enumerated on a sequential basis. Therefore, the Country Code proposes up to one hundred and forty-eight (148) Corporate Governance recommendations. The Corporate Governance areas featured by the Country Code are: I. Shareholder Rights and Equal Treatment. II. General Assembly of Shareholders. III. Board of Directors. IV. Control Architecture. V. Financial and Non-Financial Transparency and Information. The recommendations are presented in a concise and practical way to ease their understanding, the analysis of their convenience and implications, and if appropriate, their formal adoption and actual implementation. Several aspects of the 2007 Country Code have been reviewed, among them, the recommendations on the dynamics and operation of the Board of Directors. Moreover, a new complete area on Control Architecture has been developed (which contemplates risk management and internal control matters). The remuneration of the members of the Board of Directors and of the senior management has been addressed on a separate basis. And some Corporate Governance recommendations have been added, which are particularly applicable to the financial sector and to conglomerates. Such conglomerates feature controlling companies and/or business groups in configurations that are becoming increasingly important. The international experience demonstrates that making progress on good governance practices requires the joint action of authorities, companies, and investors, combining obligatory rules with self-regulatory and voluntary schemes. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 4 The FSC highlights that the new Country Code features voluntary good governance practices, which may eventually become regulated, if the FSC deems it necessary, while performing its supervisory duties. Scope The Country Code in general and the proposed Corporate Governance measures, in particular, are addressed to Colombian security issuers, regardless of their size and level of capitalization. However, some recommendations may be inappropriate for small issuers, and/or their implementation may be difficult to them. In that situation, the corporations with such limitations will explain their reasons and/or alternative to implement or not the recommendations. This does not mean that other types of non-issuing companies or structures2, either private or public, family-owned or not, may not take advantage of the Country Code to strengthen their governance schemes, based on their selective analysis of the recommendations. From this perspective, the ultimate goal of the Country Code is to generate a solid culture of Corporate Governance in Colombia. Such awareness must spread to the country’s entire business milieu, instead of remaining exclusively within the large issuing companies. In line with the 2007 Country Code, and based on the companies’ self-regulatory capacities, the new Country Code for Colombia and the Corporate Governance measures that it features are voluntary. Therefore, each corporation may decide freely which aspects of the Country Code it will adopt and which it will not, depending on its own particular conditions. Nevertheless, every year, the securities issuers have the duty to draft and forward to the FSC, a Reporte de Implementación de Mejores Prácticas Corporativas [Report on the Implementation of Best Corporate Practices]. Its purpose is to describe, in general, their Corporate Governance practices and their adoption of the Country Code recommendations so that shareholders, investors, and the market at large may evaluate them. The methodology that the companies required to draft the Report on the Implementation of Best Corporate Practices must follow obeys the principle of “comply or explain.” Hence, in all cases, the issuers must indicate whether they adopted or not the recommendations during the period reported. In the case of positive answers, the issuers will describe the formal mechanisms through which the actual implementation of a given recommendation took place (such as bylaws, regulations, codes or other internal norms, agreements among shareholders), and the way it was practically enforced. If the issuer did not implement some recommendation during the reported period, it will explain its related reasons. 2 Pension Funds (under either the obligatory or voluntary savings regimes), collective portfolios or investment funds, private capital funds, etc. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 5 The N.A. response can only be provided by the issuer in cases that for legal reasons it is not possible to adopt the recommendation. In this case, the issuer must indicate precisely the rule which prevents it. The issuer will publish the Report on the Implementation of Best Corporate Practices on its web site, and it will update it with the same periodicity that it presents it to the FSC. The FSC, in fulfillment of its powers, may request the corporations to correct any omissions, or data mistaken or not fully based on facts. This document is a guide of the best corporate practices that the security-issuing companies are expected to adopt and implement. Therefore, it must be regarded as a complement to the Corporate Governance practices that Colombian corporations currently carry out. A Glossary is included in the final part of this Code, in which the scope of the definition of certain relevant terms is given for the best understanding of the Recommendations. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 6 I. SHAREHOLDER RIGHTS AND EQUAL TREATMENT From a Corporate Government perspective, acknowledging the rights of shareholders and the mechanisms to enforce them is very relevant, for shareholders, whether they are controlling, significant or minority, are the actual owners of a company, and those who provide the capital for its activities. Consequently, shareholders must have their key property rights acknowledged, among them:  Having an influence in the corporation, basically through their participation and vote in the General Assembly of Shareholders.  Receiving and requesting information.  Participating in the corporation’s benefits (or being liable for losses). Because the administration and management of a corporation are complex activities, which require fast decisions and demand particular abilities, shareholders must not exercise these functions directly (except in the case of very small companies). Commonly, they delegate the administration of a company to the Board of Directors, which, in turn, trusts its ordinary course of business to the members of the senior management. This, then, determines the three (3) key governance levels: the owners (shareholders); the administration (Board of Directors, among others), and the ordinary course of business (senior management). Therefore, when shareholders are only and exclusively shareholders (without being members of the Board of Directors and/or of the senior management), they have a set of rights concerning key property matters. The Corporate Governance approach pays attention to the acknowledgement of those rights, but even more so, to the mechanisms for their equitable enforcement. Measure No. 1: The principle of equal treatment. 1.1. The corporation gives equal treatment to all the shareholders who have similar shares and conditions, without granting access to privileged information to some shareholders above others. 1.2. The Board of Directors has approved concrete procedures to determine the corporation’s ways to relate to the different types of shareholders, regarding matters such as: access to information; answer to information requests; communication channels; interaction between the shareholders and the corporation, its Board of Directors, and the remaining managers. Measure No. 2: Information about shares. 2.1. Through its web site, the corporation informs the public, in a clear, precise, and comprehensive way, the different types of shares issued by the corporation, the quantity issued per type, and the quantity of shares reserved, as well as the rights and obligations inherent to each type of share. Measure No. 3: No capital dilution. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 7 3.1. In transactions that may cause the dilution of the capital of minority shareholders (i.e. a capital increase with a waiver of preemptive rights in the subscription of shares, a merger, a segregation (spinoffs), among others), the corporation will explain them to the shareholders in detail through a previous report of the Board of Directors. Such a report will contain the opinion, about the terms of the transaction, of a renowned external independent advisor appointed by the Board of Directors (fairness opinion). These reports will be made available to the shareholders before the Assembly, within the terms for the exercise of inspection rights. Measure No. 4: Information and communication with shareholders. In the context of the right of shareholders to receive information, and beyond the minimum legal requirements, the corporation promotes the general principle that: “The information must go to the shareholders and not the shareholders to the information,” thereby reinforcing the right of shareholders to receive information, and transforming its provision into an obligation to the corporation. To reach this objective, the following recommendations are proposed: 4.1. The corporation has an institutional web site in Spanish and English, with a link of Corporate Governance, or of relations with shareholders and investors, or equivalent. It will include financial and non-financial information in the terms proposed by recommendations 32.3 and 33.3. Furthermore, under no circumstance, it will include the corporation’s confidential information, or that relative to company secrets, or any other whose disclosure could be used to the detriment of the corporation. 4.2. The corporation has permanent-access mechanisms targeted exclusively to shareholders, such as a web link (only for them), or an office devoted to the relations with shareholders and investors, periodical information sessions, among others. These spaces should permit them state their opinions, concerns or suggestions on the corporation’s development, or about their condition as shareholders. 4.3. The corporation organizes events to present quarterly results to its shareholders and to market analysts. These may be in person or through distant- communication media (conference, video conference, etc.). 4.4. The corporation organizes or takes part in presentations, events, or fora on fixed-yield instruments, mostly addressed to debt-security investors and market analysts. These events offer updates on the issuer’s business indicators, the management of its liabilities, its financial policy, its ratings, its behavior concerning covenants, etc. 4.5. The corporation’s bylaws provide that a shareholder or group of shareholders, representing at least five percent (5%) of the capital, may request the performance of Specialized Audits on matters other than those pertaining to the audits carried out by the corporation’s Statutory Auditor (Revisor Fiscal). Depending on its capital structure, the corporation may determine a proportion below five percent (5%). 4.6. For the exercise of this right, the corporation has a written procedure that specifies: FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 8 i. The reasons why the corporation defined a proportion below five percent (5%). ii. The applicable requirements to request a Specialized Audit. iii. The corporation’s duty to reply in writing, through its Board of Directors, to the applicant shareholders as soon as possible. iv. The mechanism to appoint the respective auditor. v. Who should assume the cost of a Specialized Audit. vi. Precise terms for each of the stages or steps of the procedure. Measure No. 5: Behavior of managers before takeovers or transactions to change the corporation’s control. 5.1. The members of the Board of Directors and of the senior management have agreed expressly, in their letters of acceptance or contracts, that as soon as they learn of a take-over bid or other relevant transactions, such as mergers or segregation (spinoffs), there will be periods during which they will not negotiate, directly or indirectly through a third party, any shares of the corporation. Measure No. 6: Listing of corporations clustered in conglomerates. In some cases, the goals and interest of a conglomerate and those of the companies that it comprises are not fully aligned; therefore, there may be potential conflicts of interest. This is mostly the case in related-party transactions among conglomerate companies that involve the participation of subsidiary enterprises that have external shareholders, usually minority, different from those of the holding company. To manage these situations, the following recommendations are made: 6.1. Without prejudice to the independence of every single company of the conglomerate and to the responsibilities of its management bodies, the conglomerate has an organizational structure that defines for the three (3) governance levels (Shareholders Assembly, Board of Directors, and senior management), the key bodies and individual positions and the relations between them. Such a structure is public, evident, and transparent; it determines clear responsibility and communication channels; it facilitates the conglomerate’s strategic direction, and its effective supervision, control, and management. 6.2. Under the previous provision, the holding company and its most important subordinates have defined a framework for institutional relations through the subscription of an agreement. Such an agreement is public, has been approved by the Board of Directors of each of the companies, and it regulates: i. The definition of the interest of the conglomerate to which they belong, understood as the primary interest that all the companies must pursue and defend. ii. The recognition and use of synergies between conglomerate’s companies, under the premise of respect for the minority shareholders. iii. The respective areas of activity and the eventual businesses between them. iv. The common services provided by the holding company, a subordinate, and/or by third parties. v. The criteria or way to set price and conditions to the businesses between companies of the conglomerate, and to the common services provided by any of them or by third parties. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 9 vi. The search for the conglomerate’s cohesion, through a shared perspective of the key elements of its Control Architecture, such as the internal and external auditing, and the management of risks. vii. The performance and coordination of the committees of the Board of Directors of the holding company, and the committees that it may be convenient or mandatory to appoint within the Boards of Directors of the subordinates. viii. The mechanisms foreseen to solve any possible conflicts of interest between the companies. ix. The taking of precautions so that when there are related-party transactions between a subordinate issuer of securities and its holding company, whether it is an issuer company or not, the conflict-of-interest policies will be applied with particular care and rigor to ensure, among other aspects, that the transactions lean toward market prices and conditions. Measure No. 7: Conflict resolution. 7.1. Except for the disputes between shareholders, or between shareholders and the corporation or its Board of Directors that by explicit legal mandate must be settled necessarily before the ordinary jurisdiction, the corporation’s bylaws include conflict-resolution mechanisms such as direct agreements, amiable composition, settlement, or arbitration. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 10 II. GENERAL ASSEMBLY OF SHAREHOLDERS The General Assembly of Shareholders3 is the sovereign and supreme governance body of corporations. Moreover, it is the first and most important tool to provide information to shareholders. However, the General Assembly of Shareholders is more than a space to gather information. From a Corporate Governance perspective, it might be said that the key competence of the General Assembly of Shareholders is the exercise of an effective control by the shareholders over the corporation’s progress, and consequently, over the performance of the Board of Directors. This competence is even more critical regarding the General Assemblies of Shareholders of issuing companies listed on the stock exchange. In these Assemblies, the existence of many shareholders as passive individual investors (included in the so- called Floating Capital or free float, as mere capital providers), instead of that of true shareholders devoted to the company, has progressively eroded the active role of the General Assembly of Shareholders as a key body for control. In light of these facts, there has been a whole set of recommendations worldwide, which, through good Corporate Governance, seeks to revitalize the role of the General Assembly of Shareholders as an effective body for governance and control available to managers. The idea is to move the shareholders from an apathetic to an activist shareholding attitude. These recommendations are very aligned with an increased use of new technologies within corporations. There must be an optimal access to information, to the existing channels of communication between the corporation and its shareholders, to the voting or representation mechanisms, and to the shareholders associations. It must be said that, except for any exceptions herein mentioned, these recommendations are applicable to both the meetings of the ordinary assembly and those of extraordinary assemblies. Measure No. 8: Functions and competence. 8.1. Besides other functions assigned to the General Assembly of Shareholders by the legal framework, the bylaws explicitly confer the following functions upon it, and emphasize their exclusive and non-delegable nature: i. Approving the general compensation policy for the Board of Directors; and, in the case of the senior management, if a variable remuneration component tied to the value of the shares will be granted. ii. Approving the succession policies for the Board of Directors. iii. The acquisition, sale, or encumbrance [gravamen] of strategic assets that the Board of Directors deems essential to the performance of activities, or when those transactions might actually and effectively modify the corporate purpose. iv. Approving the corporation’s segregation-spinoffs (escisión impropia). 3 In the case of non-corporate issuers, this Code’s reference to the General Assembly of Shareholders and to the Board of Directors will apply to the bodies that fulfill those duties. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 11 Measure No. 9: Regulation of the General Assembly of Shareholders. 9.1. The corporation has a regulation for the General Assembly of Shareholders, which set up norms for any tasks within its competence. They range from its meeting calls, to the preparation of the information intended for shareholders, their attendance, the development and exercise of their political rights, so that they are fully aware about the regime that governs the Assembly’s sessions. Measure No. 10: Meeting Call for the Assembly. The meeting call for the General Assemblies of Shareholders have many facets. From a good Corporate Governance perspective, the following set of related recommendations applies to them: - Term of the meeting call. 10.1. To ease the shareholders’ exercise of their information rights, the bylaws provide that the meeting call for the ordinary General Assembly of Shareholders must take place no less than thirty (30) common days in advance; in the case of the extraordinary meetings, the call will take place with at least fifteen (15) common days of anticipation. This will be without prejudice to the legal terms set forth for company restructuring (e.g. mergers, segregation (spinoffs), or transformations). - Media to convey the meeting call. 10.2. Besides the traditional and obligatory media set forth within the legal framework, the corporation ensures the widest communication and publicity for the meeting call. This will be done by using e-media, such as the corporate web site, individual alerting e-mails, and even the social networks if deemed appropriate. - Contents of the meeting call. 10.3. For increased transparency during the decision-making process of the General Assembly, besides its Agenda, stating point by point the subjects for discussion, the corporation ensures that simultaneously with the meeting call, or at least fifteen (15) common days before the meeting, the shareholders receive the Agreement Proposals that the Board of Directors will submit to the General Assembly of Shareholders concerning each of those points. - Agenda for the meeting. The points on the Agenda should be precise to facilitate their understanding and analysis. The block voting of subjects or Agreement Proposals that should be decided individually must be avoided. For these purposes, the corporation adopts the following recommendations: 10.4. The General Assembly of Shareholders will analyze and approve the corporation’s segregation (spinoffs) (escisión impropia) only when this subject had been included explicitly in the respective meeting call. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 12 10.5. The Agenda that the Board of Directors is proposing features the subjects for discussion accurately. It does not permit that any significant issues become obscured under imprecise, nonspecific, overly general, or very wide expressions such as “others” or “proposals and miscellaneous.” 10.6. In the case of amendments to the bylaws, each article or group of articles substantially different will be voted separately. In any case, an article will be voted separately if any shareholder or group of shareholders, representing at least five percent (5%) of the corporate capital, request it during the Assembly. The shareholders will be informed of this right beforehand. - Power to include subjects on the Agenda of the ordinary General Assembly of Shareholders. 10.7. Without prejudice to the article 182 of the Code of Commerce, to strengthen and ensure the shareholders’ rights of inspection and information before the Assembly, the bylaws recognize their right to propose the inclusion of one or more points for discussion within the Agenda of the General Assembly of Shareholders, regardless of the size of their stock participation. This will take place within reasonable period of time and provided that their request includes a justification. The shareholders will make such a request within five (5) common days following the publication of the meeting call. 10.8. If the Board of Director refuses the request, it must reply in writing to those requests supported by at least five percent (5%) of the corporate capital, or a lower proportion as provided by the company based on its degree of ownership concentration. In such a reply, it will explain the reasons for its decision, and inform the shareholders of their right to make proposals during the Assembly, under the provisions of the abovementioned article 182 of the Code of Commerce. 10.9. If the Board of Directors accepts the request, once expired the shareholders’ term to propose subjects –as set forth in the preceding recommendations, a complement to the meeting call for the General Assembly of Shareholders will be published at least fifteen (15) common days before the meeting. 10.10. Within the same term provided in the paragraph 10.7, the shareholders may submit new and well-grounded Agreement Proposals to matters previously included on the Agenda. For these requests, the Board of Directors will act according to the provisions of the paragraphs 10.8 and 10.9 above. - Shareholders’ right to information. 10.11. The corporation will use e-media, and particularly the institutional web site available only to shareholders, to convey to them the documents and information related to each of the points of the Agenda for the meeting. 10.12. The corporation bylaws recognize the shareholders’ right to request the information or clarification that they deem appropriate with enough anticipation, either through traditional channels and/or, if suitable, through new technologies, or to express in writing their questions on the subjects of the Agenda, the documentation received, or the public information issued by the corporation. Depending on the term of the corporation to call for a General Assembly of Shareholders, it will determine the period within which the shareholders will exercise this right. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 13 10.13. The corporation foresees that the requested information may be denied if, based on internal procedures, it may be considered: i) non-reasonable; ii) irrelevant to learn about the corporation’s progress or interests; iii) confidential, which will include reserved information within the securities market; business secrets; and transactions in progress, whose success for the company will be contingent upon their secrecy; iv) any other information that if disclosed will compromise imminently and seriously the competitiveness of the company. 10.14. When an answer provided to a shareholder may grant him some advantage, the corporation guarantees the access to that answer to the other shareholders, on a concomitant basis, according to the mechanisms set forth for that purpose, and under the same conditions. Measure No. 11: Norms on representation. 11.1. Without prejudice to the limits set forth in the article 185 of the Code of Commerce, the External Circular 24 of 2010, and the regulations which may amend, supplement, or substitute them, the corporation does not limit the shareholder’s right to be represented at the General Assembly of Shareholders, including the delegation of his vote to any other person, whether it is a shareholder or not. 11.2. The corporation minimizes the use of blank-voting representatives or those without voting instructions by promoting actively the use of a standard letter of representation that the company conveys to the shareholders or publishes on its web site. The model features the points of the Agenda and the respective Agreement Proposals, determined under the procedures previously set forth, which will be submitted to the shareholders for consideration. The purpose is that shareholders, as they deem appropriate, may instruct their representatives about their voting on each case. Measure No. 12: Attendance of other persons besides the shareholders. 12.1. To revitalize the General Assembly’s role in defining the corporate will, and to turn it into a much more participatory body, its regulation require that the members of the Board of Directors and particularly the presidents of the Board committees and the President of the corporation attend the Assembly to address the shareholders’ concerns. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 14 III. BOARD OF DIRECTORS One of the basic requirements for the good operation of security issuers is the existence of a collective, administrative body that gets together more frequently than the General Assembly of Shareholders. Such a body must have clearly defined functions but also wide delegation capacities. In general, it is desirable that, through its individual members, the Board of Directors’ composition keeps certain symmetry with the corporation’s shareholding structure. In that structure, there may be shareholders of a diverse profile such as controlling, significant, institutional, or minority. From this standpoint, having a Board of Directors as a corporate administrative body brings advantages such as: considering diverse points of view and opinions, for it is a deliberative body; having a more skilled management; preparing the company to interact with different shareholders; institutionalizing it as a precaution to generational transitions, in the case of family-owned enterprises; plurality in the company's decision- making processes and, undoubtedly, enhanced formality and professional standards within the corporation. Moreover, companies may adopt very diverse models for the organization and performance of their Board of Directors, particularly in regard to their ordinary course of business, which is assumed, in general, by the senior management. This Country Code does not intend to promote any specific model. It seeks to motivate issuers to delegate the functions of the Board of Directors in a balanced way, ensuring the fulfillment of all essential and inalienable duties. Among them are the so-called general strategic-definition functions, the supervision of key matters, and the control of the ordinary course of business and governance. Keeping in mind that, as the highest corporate administrative body, the Board of Directors is fully competent to order the performance or subscription of a given act or agreement, to sanction the disposition of any assets, and to instruct the execution of whatever transaction necessary for the attainment of the corporate purpose. To fulfill its functions and to take decisions, the Board of Directors, if it deems it appropriate, may request the advice or technical support of its specialized committees. It might also delegate to those committees formally the performance of specific duties. Measure No. 13: Functions of the Board of Directors. 13.1. The bylaws specify explicitly the functions that will not be delegated to the senior management, among them: i. Approving and monitoring periodically the strategic and business plans, the management objectives, and the corporation’s annual budgets. ii. Defining the corporation’s structure. In the case of a conglomerate, the Board of Directors of the holding company will define the structure and/or governance model for it. iii. Approving the financial and investment guidelines or policies of the corporation or conglomerate. iv. Approving the compensation and assessment policies for the senior management. They will be tied to the attainment of long-term objectives, FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 15 and to the levels of risk assumed. Except if the General Assembly performs this function by virtue of the provisions of the paragraph i) of the measure 8.1. v. Approving the investments, disinvestments, or transactions of any kind that, because of their amount and/or characteristics, may be deemed strategic, or may affect corporation’s strategic assets or liabilities. Except if such an approval is a prerogative of the General Assembly of Shareholders, in which case, the Board of Directors will only propose and justify the given transaction. vi. Approving the Corporate Governance policy. vii. Approving the Corporate Governance Annual Report. viii. Approving the policy for information and communication with the different types of shareholders, markets, interest groups, and the public in general. ix. Approving the risk policy; identifying and monitoring periodically the corporation’s main risks, including those assumed in off-balance sheet transactions. x. Approving, implementing, and monitoring appropriate internal control systems; this includes those of transactions with offshore companies that must be carried out under the procedures, risk-control and alarm systems approved by the same Board of Directors. xi. Approving the succession policies for the senior management. xii. Proposing to the General Assembly the succession policies for the Board of Directors. xiii. Approving the policies related to anonymous-tip systems or “whistle- blowers.” xiv. In general, approving any other policies that the corporation deems necessary, and proposing them the General Assembly when appropriate. xv. Appointing, deciding the compensation of, assessing, and dismissing the President of the corporation. xvi. Upon the proposal of the President of the corporation, appointing the members of the senior management, and in some cases, dismissing them. xvii. Approving the compensation systems for the senior management members, as well as their indemnity clauses. xviii. Creating the committees of the Board of Directors, i.e. Audit, Risk, Nomination and Compensation, Corporate Governance. Approving the internal regulations for the operation of these committees. xix. Proposing to the General Assembly of Shareholders the compensation policy for the Board of Directors. xx. Proposing to the General Assembly the policy for own stock repurchase. xxi. Proposing to the General Assembly the recruitment of the Statutory Auditor, upon analyzing his experience, time availability, human and technical qualifications, as required for his duties. xxii. Creating or acquiring participations in special-purpose entities or those domiciled in countries or territories that are considered as tax havens, as well as other similar transactions or operations that, given their complexity, may compromise the corporation’s transparency. xxiii. Identifying and managing any conflicts of interest between the corporation and the shareholders, members of the Board of Directors, and senior managers. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 16 xxiv. Identifying and if they cause any material impact, approving any transactions that the corporation makes with: controlling or significant shareholders, as defined based on the company’s ownership structure, or those represented at the Board of Directors; with members of the Board of Directors and other managers, or with individuals related to them (related- party transactions); and with companies of the conglomerate to which the corporation belongs. xxv. Organizing the annual assessment of the Board of Directors, both as a collective administrative body and that of its members individually considered. This will be done through generally accepted self-assessment or assessment methodologies, and may involve the participation of external advisors. xxvi. Acting as a liaison between the corporation and its shareholders, creating appropriate tools for the delivery of truthful and timely information on the issuer’s progress. xxvii. Supervising the comprehensiveness and reliability of the internal accounting and information systems, based, among others, on the internal audit reports and those of the legal representatives. xxviii. Supervising the financial and non-financial information that the corporation must disclose to the public periodically, within the framework of its information and communication policies, and because it is an issuing company. xxix. Supervising the independence and effectiveness of the internal audit function. xxx. Supervising the effectiveness of the Corporate Governance practices implemented, and the extent to which the ethical standards and the code of conduct adopted by the corporation are being met. xxxi. Controlling periodically the corporation’s performance and its ordinary course of business. Learning about the assessment of the performance of the senior management members. xxxii. Ensure that the process of election and appointment of the members of the Board of Directors complies with all the formalities foreseen by the corporation. 13.2. Without prejudice to the autonomy of the governance bodies of the subordinated companies, when the corporation acts as the holding company of a conglomerate, these functions of the Board of Directors keep a group perspective and are implemented through general policies, guidelines, or information requests that respect the balance between the interests of the holding company, those of the subordinates, and those of the conglomerate as a whole. Measure No. 14: Regulation of the Board of Directors. 14.1. The Board of Directors has approved internal regulation for its organization, operation, the rights and duties of its members, its President, and its Secretary. This regulation is informed to the shareholders, and they are binding upon the members of the Board. Measure No. 15: Size of the Board of Directors. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 17 The size of the Board of Directors will be addressed as a critical aspect for its dynamic performance. It has been demonstrated that the Boards of Directors with too many members may lose effectiveness significantly, and those which are very small may have difficulties in appointing committees. 15.1. In its bylaws, the corporation has decided not to have alternate members in its Board of Directors. Measure No. 16: Appointment of the Board of Directors. Appointing the Board of Directors is a dynamic process that ends with the election of its members by the General Assembly of Shareholders. This is done through the application of the electoral quotient, provided that no alternative mechanisms were approved. From a Corporate Governance perspective, there are several recommendations for the different stages of this process, so that there is increased transparency in the appointment of the Board of Directors, and the principle of the fitness of the candidates has priority over other considerations throughout their election. The recommendations related to the appointment of the Board of Directors are the following: 16.1. Departing from the premise that, once elected all the members of the Board of Directors act in the corporation’s best interest, the corporation, enforcing the highest transparency, identifies the origin of the different members of the Board, based on the following scheme: i. Executive members: They are the legal or senior-management representatives who take part in the corporation’s day-to-day operations. ii. Independent members are those who, at least, meet the independence requirements set forth by the Law 964 of 2005, or the norms that modify or substitute it, and any other corporate internal regulations to consider them as such, regardless of the shareholder(s) who nominated them and/or elected them by a vote. iii. Proprietary members [miembros patrimoniales] are those who are not independent members. They are shareholders (whether legal or natural persons), or individuals explicitly appointed by such shareholders, or by group of them, to be members of the Board of Directors. 16.2. The corporation has procedures, implemented through the Nomination and Compensation Committee, or some other with similar functions, which enable the Board of Directors, based on its own dynamics and the findings of the annual assessments, reach the following objectives: i. Identify the tentative composition of functional profiles (related to aspects such as expertise and professional experience) that the Board needs in every circumstance. ii. Identify the personal profiles (related to background, reputation, prestige, availability, leadership, teamwork, etc.) most convenient for the Board of Directors. iii. Assess the time and commitment necessary for an adequate performance of their duties. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 18 16.3. The Board of Directors informs the shareholders about the professional profiles deemed necessary so that the different stakeholders (mainly any controlling, significant, or institutional shareholders, any groups of shareholders or families, if there are any, and the Board itself) may identify the most appropriate candidates. 16.4. The corporation considers that the mere review of the résumés by the shareholders is not enough to decide on the candidates’ fitness. Consequently, it has internal procedures to assess any legal incompatibilities and inabilities, as well as a candidate’s appropriateness to the needs of the Board of Directors. These procedures evaluate a set of criteria that the candidates’ functional and personal profiles must meet, and verify their compliance with some objective requirements to become a member of the Board of Directors, and some additional requisites to become an independent member. 16.5. Besides the independence requirements set forth by the Law 964 of 2005, the corporation has voluntarily adopted a more rigorous definition for this concept than that of the said law. Such definition has been accepted as a reference framework through the regulation of the Board of Directors; it includes, among other requirements to be assessed, that of the relationships or links of any kind of a candidate to become an independent member with any controlling or significant shareholders or their related parties, either domestically or abroad. Furthermore, it requires a double statement of independence: (i) that of the candidate before the corporation, its shareholders, and senior-management members, expressed in his letter of acceptance, and (ii) that of the Board of Directors with respect to the candidate’s independence. 16.6. Based on its internal regulations, the corporation considers that the Board of Directors, through its President and with the support of the Nomination and Compensation Committee, or that which fulfill its duties, is the most appropriate body to centralize and coordinate the process to appoint the Board before the General Assembly. In this way, the shareholders that wish to become Board members based on their stock participation, may learn about the Board’s needs, express their aspirations, and negotiate any stock-based balances and distribution among the different types of members. Moreover, they may present their candidates and agree that the Nomination and Compensation Committee assess their fitness before the vote during the General Assembly of Shareholders. 16.7. Regulation of the Board of Directors foresees that the assessment of the candidates’ suitability must take place before the General Assembly of Shareholders. Consequently, the shareholders will have, with enough anticipation, sufficient information on the proposed candidates (personal qualities, suitability, background, experience, integrity, etc.) to evaluate them well. Measure No. 17: Functional structure of the Board of Directors. The Board of Directors must encompass an adequate breadth of knowledge and experience to fulfill its duties with effectiveness, objectivity, and independence. The members of the Board of Directors may have diverse interests, sensitivities and even incentives, based on the origin of their appointment. However, this will not hinder the Board, as a collective administrative body, to align any particular positions that its members may have in the common search of the corporate interest. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 19 Therefore, the following concrete recommendations are made: 17.1. Regulation of the Board of Directors provides that the independent and proprietary members are always a majority with respect to the executive members whose number, if they are included in the Board of Directors, will be the minimum necessary to meet the information and coordination requirements that exist between the Board of Directors and the corporation’s senior management. 17.2. Beyond the minimum rate of twenty-five percent (25%) of independent members set forth by the Law 964 of 2005, the corporation analyzes and adjusts upwardly their number on a voluntary basis. Not being a fixed rule, this occurs in a way that the proportion of proprietary and independent members within the Board of Directors is comparable with the stock participation of the controlling and significant shareholders, and that of the floating capital, where the minority shareholders are. Measure No. 18: Organization of the Board of Directors. The organization of the Board of Directors is particularly relevant for it facilitates its members’ commitment and the Board’s empowerment before the senior management. Ultimately, it permits that the Boards be active and empowered bodies able to exert their command. - The President of the Board of Directors. The President of the Board of Directors must fulfill his duties with a leadership and effectiveness that enhance the system of checks and balances set up between the corporation’s diverse governance levels. Hence, from a Corporate Governance perspective, the position of the Board’s President must be strong so that he may act as the true leader of this administrative body, and not just as a debate moderator, or someone who merely meets the formalities of the existing legislation. To meet this objective, the following recommendations are proposed: 18.1. The bylaws specify the functions of the President of the Board of Directors, and his leading responsibilities are the following: i. Ensure that the Board of Directors sets forth and implements the corporation’s strategic direction effectively. ii. Encourage the corporation’s governance actions, being a liaison between the shareholders and the Board. iii. Coordinate and plan the operation of the Board of Directors through an annual work program based on assigned functions. iv. Call for meetings, either directly or through the Secretary of the Board of Directors. v. Prepare the Agenda for the meetings in coordination with the President of the corporation, the Secretary of the Board of Directors, and the remaining members. vi. Ensure an adequate and timely information delivery to the members of the Board of Directors, either directly or through the Board’s Secretary. vii. Chair the meetings and moderate the debates. viii. Ensure the implementation of the agreements of the Board of Directors and monitor their respective requests and decisions. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 20 ix. Monitor the active participation of the Board members. x. Lead the annual assessment process of the Board of Directors and its Committees, except for his own evaluation. 18.2. The corporation’s internal regulations foresee the possibility that the President of the Board of Directors may have a different treatment than that of the other members, both in his obligations and his remuneration, because of the scope of his specific functions and his increased time commitment. - The Secretary of the Board of Directors. As it is the case of the President of the Board of Directors, in many companies, and particularly in small ones, the functions of the Secretary are limited to the drafting of minutes, the custody of the corporation’s documents, and matters related to the transfer of shares. The following recommendations are proposed to help strengthen the Secretary’s position, for his role is crucial to the appropriate performance of the Board of Directors. 18.3. The bylaws specify the norms for the appointment of the Secretary of the Board of Directors, among them: i. When he acts exclusively as Secretary of the Board of Directors, his appointment and dismissal correspond to the Board of Directors, with a previous report by the Nomination and Compensation Committee, if there is one. ii. When the position of Secretary of the Board of Directors coincides with other executive positions within the corporation, his independence before the President of the corporation is safeguarded, hence his appointment and dismissal correspond to the Board of Directors upon the proposal of the President of the corporation, with a previous report by the Nomination and Compensation Committee, if there is one. iii. Having or not the possibility of becoming a member of the Board of Directors. 18.4. Regulation of the Board of Directors set forth the Secretary’s functions, among them: i. Call for meetings, based on the annual plan. ii. Perform an adequate and timely delivery of information to the members of the Board of Directors. iii. Keep the corporation’s documentation, register appropriately in the books of records the development of the sessions, and attest the agreements of the corporate bodies. iv. Ensure that the acts of the Board of Directors abide by the law, and that its procedures and governance rules are respected and revised regularly, based on the bylaws and other corporate internal regulations. - The committees of the Board of Directors. The Board of Directors may consider the convenience of creating specialized committees within it, in light of the size and complexity of the corporation’s businesses, and the wide functions that the regulations and bylaws assign to the Board. Such FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 21 committees are bodies that study and provide support on specific matters, sometimes of great technical complexity. They may submit proposals to the Board and assume certain functions upon their delegation. They may be temporary or permanent. When the creation of committees within the Board of Directors becomes advisable from a Corporate Governance perspective, those committees are regarded as an extension of the Board. That means that they are not independent bodies, and that their functions will be determined by the Board itself. In this vein, if the Board decides that its committees will only be for study and support, it will determine the subjects assigned to every one of them, based on its best judgment and practices (the functions finally assigned to every committee will be recorded on its respective internal regulation). These committees will be restricted to present reports or proposals on concrete matters to the Board of Directors, which will take the pertinent decisions in every case. Under this model, the committees of the Board of Directors do not impose obligations on the corporation or issue instructions to the senior management. Conversely, the Board of Directors may delegate explicitly to any of its committees the performance of given functions. In this case, the committees with delegated functions will take decisions on behalf of the Board of Directors, without exonerating it from its responsibility. 18.5. The Board of Directors has created a Nomination and Compensation Committee. 18.6. The Board of Directors has created a Risk Committee. 18.7. The Board of Directors has created a Corporate Governance Committee. 18.8. If the corporation considers that it is unnecessary to create all these committees, their functions are distributed among the committees that do exist, or they are performed by the Board of Directors at large. 18.9. Each of the committees of the Board of Directors has its internal regulation for its creation, its functions, the subjects in which the committee must work, and its operation. They pay special attention to the channels of communication between the committees and the Board of Directors; and in the case of conglomerates, to the tools for the interaction and coordination between the committees of the Board of Directors of the holding company and those of the subordinate companies, if they exist. 18.10. The committees of the Board of Directors are comprised exclusively by independent or proprietary members exclusively; they have a minimum of three (3) members, and are chaired by an independent member. In the case of the Nomination and Compensation Committee, the independent members are always a majority. 18.11. The committees of the Board of Directors may have the support, specific or permanent, of senior management members, with experience in the matters of the committee’s competence, and/or that of external experts. 18.12. In the creation of its committees, the Board of Directors takes into account the profiles, knowledge, and professional experience of their members, with regard to the committee’s subject matter. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 22 18.13. The committees draft minutes of their meetings and send a copy of them to all the members of the corporation’s Board of Directors. If the committees have delegated functions that enable them to take decisions, the minutes will comply with the requirements of the articles 189 and 431 of the Code of Commerce. 18.14. Except if the applicable legal or regulatory framework demands their creation, in the case of conglomerates, the internal regulations foresee that the Boards of Directors of the subordinate companies may decide not to create specific committees to deal with certain matters, and those matters may be assumed by the committees of the Board of Directors of the holding company. However, this will not imply a transfer of the responsibilities of the Boards of Directors of the subordinate companies to the holding company. - Audit Committee. 18.15. The main duty of the Audit Committee is to assist the Board of Directors in its supervisory functions through the assessment of the accounting procedures, the interaction with the Statutory Auditor and, in general, the monitoring of the corporation’s Control Architecture, including its risk management system. 18.16. The members of the Audit Committee are knowledgeable in accounting, finance, and other related matters. This enables them to treat the committee’s subject matters with accuracy, and with an adequate understanding of their scope and complexity. 18.17. Upon request of the President of the Assembly, the President of the Audit Committee informs the General Assembly of Shareholders of concrete aspects of the committee’s work, for instance, the analysis of the scope and contents of the Report of the Statutory Auditor. 18.18. The committee’s internal regulation assigns the following functions to it: i. During the General Assembly of Shareholders, provide information on any issues that the shareholders may raise concerning matters within its competence. ii. Propose candidates for the Statutory Auditor position and its hiring conditions to the Board of Directors, so that it may present them to the General Assembly of Shareholders, or when appropriate, the dismissal or non-renewal of the current auditor, based on the results of the evaluation cited in the next numeral. iii. Oversee the Statutory Auditor services, including the evaluation of its quality and effectiveness. iv. Interact and keep a regular contact with the Statutory Auditor; assess any situations that may limit his access to information or compromise his independence and tell the Board of Directors about them, as well as about any other situations related to the audit plan or the financial audit, and take care of any communications foreseen within the financial audit regulations and technical standards. v. Receive the final report on the financial audit and review the financial statements to submit them to the Board of Directors, without prejudice to the functions assigned in the bylaws to the Statutory Auditor and to the FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 23 Senior Management. In the case that they feature qualifications [salvedades] or unfavorable opinions, explain their contents and scope to the shareholders and to the public securities market, through the issuer’s web site. Moreover, verify that the senior management considers the recommendations of the Statutory Auditor, and if appropriate, lead the process to reply to the observations included in his report. vi. Ensure that at any given time, the current accounting criteria are employed appropriately in the preparation of the financial statements that the Board of Directors submits to the General Assembly, and in the preparation of internal information reliable for decision-making. vii. Learn about and assess the process to prepare, submit, and disclose the financial information. viii. Oversee the operation of the corporation’s web site as well as other tools to convey information (if there isn’t a Corporate Governance Committee). ix. Oversee the effectiveness of the regulation-compliance function and LA/FT [Spanish acronym: Lavado de Activos y Financiación del Terrorismo –asset laundering, and funding of terrorism]. x. Ensure that the information regularly offered to the market is prepared with the same professional principles and practices employed in the annual accounting, and review such information before its dissemination. xi. Propose to the Board of Directors the structure, procedures, and methodologies needed for the operation of the internal control system. xii. Learn about and assess the corporation’s internal control system. xiii. Oversee the effective enforcement of the corporation’s risk policy and inform the Board of Directors regularly about it, so that the main financial and non-financial risks, on and off the balance sheet, may be identified, managed, and communicated appropriately. xiv. Supervise the internal audit services and keep the Board of Directors informed. xv. Propose to the Board of Directors the selection, appointment, compensation, reelection, and dismissal of those responsible for the internal audit service. xvi. Analyze and approve the annual internal audit work program and the annual activity report. xvii. Ensure the independence and effectiveness of the internal audit function, receive regular information about its activities, and verify that the senior management considers the conclusions and recommendations of its reports. xviii. Monitor the enforcement of the actions and measures brought about by the reports or inspection activities of the supervisory and control authorities. xix. Assess and keep the Board of Directors informed about any conflicts of interest, temporary or permanent, that may be affecting, directly or indirectly, or through a related party, any significant shareholder, members of the Board of Directors and senior management, making any needed proposals to manage the situation. xx. In the case of conglomerates, assess and keep the Board of Directors of the holding company informed about any conflicts of interest that may arise between the holding company and its subordinate companies, or between FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 24 the subordinates, or with their managers and related parties, making any needed proposals to manage the situation. xxi. Before the Board of Directors authorizes them, examine and inform the Board about any transactions that the corporation performs, directly or indirectly, with Board members, controlling or significant shareholders, senior managers, or about transactions between companies of the conglomerate, or individuals related to them, that because of their amount, nature, or conditions may entail a risk to the corporation or the conglomerate. xxii. Monitor regularly the extent of the compliance with the code of ethics and the effectiveness of the anonymous-tip system or “whistle blowers,” assess any unethical behaviors and the contents of any complaints received, and make pertinent recommendations to the Board of Directors. - Nomination and Compensation Committee. 18.19. The main goal of the Nomination and Compensation Committee is to support the Board of Directors in its advising and decision-making duties relative to the appointment and compensation of Board members and senior managers. In addition, it must monitor regularly the observance of Corporate Governance norms, recommendations, and principles (in those cases when this function is not assigned explicitly to another corporate committee). 18.20. Some members of the Nomination and Compensation Committee are knowledgeable in strategy and human resources (selection, recruitment, hiring, training, staff management), compensation policies and related matters, so that they understand their scope and complexity within the corporation. 18.21. Upon request of the President of the Assembly, the President of the Nomination and Compensation Committee may inform the General Assembly of Shareholders on the concrete tasks that the committee has performed, such as monitoring the compensation policies for the Board of Directors and senior managers. 18.22. The internal regulation of the Nomination and Compensation Committee assign it the following functions: i. Inform the General Assembly of Shareholders about its actions, and address any issues that the shareholders raise on matters within its competence. ii. Assess regularly the competences, knowledge, and experience of the members of the corporation’s Board of Directors. iii. Propose and review the criteria for the composition of the Board of Directors and assess the suitability of the candidates to become Board members suggested by the shareholders. iv. When appropriate, inform about the independence qualifications of candidates to become members of the Board of Directors, so that either the Board or the shareholders directly may propose them to the General Assembly of Shareholders. v. In cases of reelection or ratification of Board members, draft a proposal containing an assessment of the work that the given member has been FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 25 performing, and his effective dedication to the position over the previous term. vi. Inform the Board of Directors about any members that may affect negatively the operation of the Board or the reputation of the corporation, particularly when they fall within any incompatibility, inability, or legal prohibition provisions. vii. Propose to the Board of Directors the succession policy for the Board members, the senior managers, and any other key management staff. viii. Assess the candidates, and propose the appointment and dismissal of the President of the corporation. ix. Propose the objective criteria that the corporation applies to hire and compensate its key management staff. x. Propose to the Board of Directors the compensation policy for its members, which will be approved by the General Assembly, as well as the compensation policy for the senior management. xi. Within the compensation policy approved by the General Assembly, propose to the Board of Directors the individual compensation amounts of its members, including those of the President of the Board and of the executive members, if there were any, for the performance of duties beyond those of Board members, and any other conditions relative to their work contracts. xii. Ensure the compliance with the compensation policy for the members of the Board of Directors and other managers, as well as transparency and the disclosure of their remuneration (if this function is not assigned explicitly to another committee). xiii. Review the compensation plans for the Board members and senior managers regularly, and make pertinent recommendations to the Board of Directors. xiv. Draft the annual report on the annual compensation policy for Board members, and the compensation policy for senior managers. xv. Provide support to the President of the Board of Directors in the annual assessment of the Board, examine the results of the process, and make suggestions for the Board’s improvement (if this function is not assigned explicitly to another committee). xvi. Propose the corporation’s human-resource policy. - Risk Committee. 18.23. The main objective of the Risk Committee is to assist the Board of Directors in its responsibility to oversee the management of risks. 18.24. Upon request of the President of the Assembly, the President of the Risk Committee may inform the General Assembly of Shareholders on the concrete tasks that the committee has performed. 18.25. Given any necessary adjustments to distinguish between corporations of the financial sector and those of the economy’s real sector, and without prejudice to the functions prescribed to this committee by the norms in force, the Risk Committee’s internal regulation assign it the following functions: FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 26 i. At the General Assembly of Shareholders, provide information on issues that the shareholders raise on matters within the committee’s competence. ii. Examine and assess the comprehensiveness and adequacy of the corporation’s risk management function. iii. Examine the adequacy of the economic and regulatory capital of each company, when appropriate, and their assignment to the different lines of business and/or products. iv. Examine the risk limits and the reports on risks; make pertinent recommendations to the Board of Directors and/or Audit Committee. v. Propose to the Board of Directors the risk policy for the corporation. vi. Assess systematically the corporation’s risk strategy and general policies, as they translate into the setting of limits by types of risk and business, with the level of disaggregation set forth for businesses, business or economic groups, customers, and areas of activity. vii. Analyze and assess the corporation’s ordinary risk management, in terms of limits, risk profile (expected loss), profitability, and map of capitals (capital at risk). viii. Analyze and assess the corporation’s risk-control systems and tools. ix. Recommend any improvement initiatives deemed necessary for the risk- control and risk management internal systems and infrastructure. x. Submit to the Board of Directors any proposed norms to delegate the approval of different types of risks that the Board or lower corporate levels must assume. xi. Inform to the Board of Directors about transactions that it must authorize, when those transactions exceed the powers granted to other corporate levels. xii. Upon request of the Board of Directors, provide it with information on transactions that it must authorize under the law, regulations, internal or external dispositions. xiii. Assess and comply with any guidelines issued by the supervisory authorities in fulfillment of their duties. xiv. Promote the adjustment of the corporation’s risk management to an advanced model that permits the setting of a risk profile consistent with the strategic objectives as well as monitoring the coherence of the risks assumed with that profile. - Corporate Governance Committee. 18.26. The main objective of the Corporate Governance Committee is to assist the Board of Directors in its functions to propose and supervise the corporation’s governance measures. 18.27. The internal regulation of the Corporate Governance Committee assigns it the following functions: i. Ensure that the shareholders and the market in general have a complete, truthful, and timely access to the information that corporation must disclose. ii. Review and assess the way in which the Board of Directors complied with its duties throughout the term. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 27 iii. Oversee the compliance with the requirements and procedures for the election of the corporation’s Board members and, in the case of conglomerates, those of the subordinate companies (i.e., competences, inabilities, and limitations, among others). iv. Coordinate the process of induction of the new Board members. Promote their training and updating in matters related to the Board’s competences. v. Ensure that the company’s governance practices, its business and management behavior, comply with the Corporate Governance code and with any other regulations and internal norms. vi. Review the proposals to reform the bylaws and the Corporate Governance code, related to the company’s good governance, and present the amendments, updates, and repeals of the dispositions on Corporate Governance. vii. Monitor periodically the transactions of Board members and managers with shares issued by the corporation or by other issuing companies of the same conglomerate. Monitor, in general, their performance within the securities market. viii. Reply to any complaints of shareholders and investors regarding the company’s breach of its Corporate Governance policies, within the ten (10) common days following their reception. ix. Learn about any behaviors of the corporation’s Board members that might be contrary to the dispositions of the bylaws, the Board’s regulation, and any other internal norms. These will be informed to the Board when the committee deems it necessary. Measure No. 19: Operation of the Board of Directors. The methodical organization of the meetings of the Board of Directors and their members’ diligent preparation beforehand contribute to the effectiveness of the sessions. This lessens the risk of holding merely informative gatherings, or those just to ratify the proposals of the senior management. 19.1 The President of the Board of Directors with the assistance of the Secretary and of the President of the corporation prepares a work plan for the Board, for the period under assessment. This tool helps to determine a reasonable number of ordinary meetings per year, and their estimated length. 19.2. The Board of Directors of the corporation holds between eight (8) and twelve (12) ordinary meetings per year; except for the entities subject to surveillance, which must hold at least one (1) meeting per month because of their regime. 19.3. One (1) or two (2) of the Board’s meetings per year make a distinctive emphasis on the definition and monitoring of the corporation’s strategy. 19.4. The Board of Directors approves a concrete calendar for its ordinary sessions. However, it may also meet, on an extraordinary basis, as many times as necessary. 19.5. At least five (5) common days before the meeting, the Board members receive, simultaneously with the meeting call, the documents or information FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 28 related to each of the points on the Agenda. This ensures their active participation and their well-thought decision-making. 19.6. The President of the Board of Directors, with the support of the Board’s Secretary, assumes the ultimate responsibility for the timeliness and usefulness of the information delivered to the members. Consequently, in the set of documents provided (the dashboard of the Board of Directors) the quality will be most important than the quantity. 19.7. The ultimate responsibility to prepare the Agenda for the meetings of the Board of Directors corresponds to the Board’s President and not to the President of the corporation. The structure of the Agenda follows given parameters that ensure a logical order for the presentation of the subjects and for the debates. 19.8. On the Annual Corporate Governance Report and on the institutional web site, the company publishes the attendance of the Board members to the meetings of the Board of Directors and to its committees. 19.9. Every year, the Board of Directors assesses the effectiveness of its work as a collective body, that of its committees, and that of its members individually considered, including peer evaluation. Furthermore, it evaluates the reasonableness of its internal regulations, and the dedication and performance of its members, proposing changes in its organization and operation deemed pertinent. In the case of conglomerates, the Board of Directors of the holding company demands that the assessment process takes place also within the Boards of Directors of the subordinate companies. 19.10. The Board of Directors alternates internal evaluation techniques with external evaluation performed by independent advisors. Measure No. 20: Duties and rights of the members of the Board of Directors. From the perspective of good Corporate Governance, companies must not only be protected against the possible incompetence or negligence of Board members, but also, and very importantly, against the misappropriation of company assets by their administrators who, sometimes, put their personal interests before the corporate interests. 20.1. Regulation of the Board of Directors complements the dispositions of the company’s regulatory framework regarding the duties and rights of the Board members. 20.2. Regulation of the Board of Directors develops the company’s understanding of the following duties of the Board members: i. Duty of care or diligence. ii. Duty of loyalty. iii. Duty of non-competition. iv. Duty of secrecy. v. Duty of non-use of corporate assets. 20.3. Regulation of the Board of Directors develops the contents of the following rights of the Board members: FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 29 i. Right to information. ii. Right to have the assistance of experts. iii. Right to compensation. iv. Right to induction and permanent training. Measure No. 21: Conflicts of interest. 21.1. In its internal regulations, the corporation has a clear and formal policy and procedure for the identification, management, and resolution of conflicts of interest, whether direct or indirect through related parties, that may affect the members of the Board of Directors and other managers. 21.2. The procedure for the management of conflicts of interest makes a distinction about their nature as occasional or permanent. If they are occasional, the applicable procedure indicates the rules and steps to be followed, which should be relatively easy to implement and hard to avoid for those affected. In the case of permanent conflicts of interest, the procedure stipulates that if the situation affects the corporation’s overall operations, it must be regarded as a cause for the obligatory resignation of those affected, for it makes it impossible for them to hold the position. 21.3. The members of the Board of Directors, legal representatives, senior managers, and other administrators of the corporation inform the Board periodically about any relationships, whether direct or indirect, that they keep between them, or with other entities or structures of the conglomerate to which the issuer belongs, or with the issuer, or with providers, or clients, or any other stakeholders, out of which given conflicts of interest might arise, or that might influence their opinion or vote, thereby building up the managers’ “map of related parties.” 21.4. Any relevant conflict-of-interest situations, understood as those that would force the affected to refrain from attending a meeting and/or voting, involving the members of the Board of Directors and remaining managers, are featured in the public information that the corporation posts every year on its web site. 21.5. For these purposes, the definition of Related Party that the corporation applies is consistent with the International Accounting Standard No. 24 (IAS 24). Measure No. 22: Related Party Transactions. The conflicts of interest may also entail a transaction or operation with a related party, in which the transaction’s matter may be shares of the corporation or any other good or service, such as financial operations, supplies, rentals, guarantees, the purchase-sale of assets, etc. The way of handling this type of transactions between the corporation and the Board members, the controlling or significant shareholders, the senior managers, or the related parties of any of them, or between the companies of a conglomerate, sets the difference between good or poor Corporate Governance practices. Related-party transactions are more frequent in contexts of shareholding control. In the case of conglomerates, they may pose difficulties, particularly when the holding company does not control one hundred percent (100%) of the subordinate’s capital. In legal frameworks that focus on individual companies, the Board members of the subordinates may be in a hard position when assessing the related-party transactions if FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 30 they place the conglomerate’s general interest above that of the subordinate, or vice versa. Related-party transactions are not negative per se. They may even be economically advantageous and generate value. However, in some cases, they may entail risks of abuse or misappropriation to the detriment of the minority shareholders. That is why the IFRS devote special attention to them. The following recommendations are made with respect to the related-party transactions: 22.1. The corporation has a policy that specifies the concrete procedures for the assessment, approval, and disclosure of related-party transactions, including any pending balances, and the relationships among those transactions. 22.2. The corporation’s policy on related-party transactions addresses the following matters: i. Assessment: The Audit Committee learns about and assesses the transaction. The assessment conclusions are recorded on a committee’s report to the Board of Directors that contains: a) The qualitative or quantitative criteria used to determine the transaction’s materiality. b) The transaction’s respect for the equal treatment to shareholders. c) The transaction’s price or value and the respect for market conditions. d) The timing of the disclosure. ii. Approval: The Board of Directors approves the related-party transactions without the participation of the interested parties. Depending on the volume or complexity of the transaction, the policy may provide the option of requesting the explicit authorization of the General Assembly of Shareholders. Beyond the abovementioned report, the approval of these transactions requires that of a qualified majority within the Board of Directors, at least for the most relevant operations. This majority consists of three-quarters of the Board plus the positive vote of the independent members. iii. Disclosure: For the subsequent disclosure of related-party transactions within the ordinary course of business, that are recurrent and at market prices, the corporation provides information to the market beyond the scheme proposed by the IFRS, and it does so at least once a year through the financial statements. 22.3. The policy foresees that the Board of Directors does not need to authorize explicitly the related-party transactions if they are recurrent and pertain to the ordinary course of business, and performed by virtue of contracts of adhesion or master agreements, whose conditions are fully standardized, are applied massively, and carried out at market prices that have been set, on a general basis, by those who provide the given good or service, and the individual amount of which is not relevant to the corporation. Measure No. 23: Compensation of members of the Board of Directors. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 31 One of the most controversial Corporate Governance matters is that of the compensation of members of the Board of Directors and senior managers. Having a Board of Directors “sufficiently compensated” is regarded as a best practice for a company’s adequate operation. It rewards the time commitment, available qualifications, and responsibility relative to managerial positions. From this perspective, a very small or testimonial compensation limits the possibility to demand the commitments accepted by the Board member, whereas an extremely large compensation may compromise the independence of his opinions. In the context of the information transparency expected from corporations, the current trend is to disclose the compensation of members of the Board of Directors and senior managers. The following recommendations apply in regard to Board compensation matters: 23.1. The corporation has a compensation policy for the Board of Directors approved by the General Assembly of Shareholders that is reviewed every year. It identifies all the compensation elements that may be actually met. These elements may be fixed or variable. They may include fixed honoraria for being a Board member, honoraria for attending the Board sessions and/or its committee meetings, and other allowances of any type earned throughout the appointment, for whatever cause, either in cash or in kind. They also include any obligations assumed by the corporation in terms of pension or life-insurance payments, or other items, awarded to senior or newer members, as well as any liability-insurance coverage (Directors and Officers – D&O policies) that the company acquires for its Board members. 23.2. If the corporation adopts any variable compensation systems related to the company’s progress in the medium and long terms, the compensation policy sets limits to the amounts that may be distributed to the Board of Directors. If the variable component is related to the corporation’s profits or other management indicators by the closing of the term assessed, whatever qualifications [salvedades] made by the Statutory Auditor in his report, which could lessen the term’s results, will be considered. 23.3. The proprietary and independent members of the Board of Directors are explicitly excluded from compensation schemes that include stock options or from a variable compensation linked to absolute changes in share prices. 23.4. Within the compensation policy, for every term assessed, the General Assembly of Shareholders approves a maximum cost for the Board of Directors, including all the compensation elements authorized. 23.5. The shareholders know the complete actual cost of the Board of Directors during the term assessed, including all the compensation elements awarded to the Board members plus any spending reimbursements. Furthermore, it is published on the corporation’s web site, itemized and detailed as the Board approves. Measure No. 24: The President of the corporation and the senior management. 24.1. The corporation’s governance model creates an effective separation between the corporation’s administration or governance (represented by the FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 32 Board of Directors) and the ordinary course of business (in the hands of the senior management and led by the President of the corporation). 24.2. In general, the policy of the Board of Directors consists of delegating the ordinary course of business to the senior management team, thereby focusing its activities on the overall strategy, supervisory, governance, and control functions. 24.3. As a general rule, the President of the corporation identifies, assesses, and appoints the senior management members directly, for they are his immediate staff. Otherwise, the corporation may have the Board of Directors appoint the senior management members upon the proposal of the President of the company. However, no matter who makes the final appointment, the Board’s Nomination and Compensation Committee will get to know and assess the candidates to hold key executive positions within the company, and it will issue its opinion. 24.4. The corporation has a clear policy to delegate functions approved by the Board of Directors and/or a power scheme that permits to assess the degree of empowerment of the President of the corporation, and that of the remaining members of the senior management. 24.5. The Board of Directors, through the Nomination and Compensation Committee, or whoever fulfills its functions, leads annually the performance assessment of the President of the corporation, and learns about the assessments of the other senior management members. 24.6. The corporation has a compensation policy for the President of the company, and for the remaining senior management members approved by the Board of Directors. It identifies all the compensation elements that may be actually met, bound to the attainment of long-term objectives and to risk levels. 24.7. If the compensation of the President of the corporation includes fixed and variable components, its technical design and method of calculation impede that the variable component may surpass the maximum limit set forth by the Board of Directors. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 33 IV. CONTROL ARCHITECTURE Control Architecture is a comprehensive concept that involves all the aspects related to an environment of control, risk management, internal control systems, compliance, information and communication, and monitoring. It allows the company (from the Board of Directors and the senior management to the staff at large) to have a structure, policies, and procedures that ensure reasonable safety in the attainment of the company’s objectives, facilitating, in the case of conglomerates, the cohesion of the companies that comprise it. In general, from a Corporate Governance standpoint, issuing companies are invited to devise their Control Architecture in line with the COSO4 approach to the subject. This is a well-known international standard that provides the leading guidelines for the implementation, management, and control of an internal control system (COSO I), and a risk management system (COSO II). Some of the leading advantages of the COSO are:  It facilitates the implementation of coherent and aligned procedures.  It improves the monitoring of performance with respect to strategic objectives.  It increases the capacity to manage adequately the risks inherent to the business strategy.  It eases the understanding of risks in decision-making processes.  It strengthens the control over the set of risks to which the organization is exposed. According to the COSO, the Control Architecture may be divided into five (5) leading components: (i) environment of control, (ii) risk management, (iii) control activities, (iv) information and communication, and (v) monitoring. The intensity of the Architecture of Control will be different based on factors such as size, the complexity of the company’s businesses or processes, geographic dispersion, and mostly, the nature of the risks that it faces. Measure No. 25: Environment of control. The environment of control is the essential component of the Architecture of Control, for it defines the company’s philosophy on control matters and on the management of risks, as well as the tone or importance granted to these subjects within the organization. 25.1. The Board of Directors is ultimately responsible for the existence of a sound environment of control within the corporation, adapted to its nature, size, complexity, and risks, in a way that: i. A risk and control culture is promoted throughout the corporation, and extends to the whole organization. 4 COSO: Committee of Sponsoring Organizations of the Treadway Commission. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 34 ii. The roles and responsibilities relative to risk management, internal control, and assessment are defined, and have clearly established reporting lines. iii. The risks involved in the corporation’s strategic definition and business processes are considered, so that they are monitored, assessed, and managed appropriately. 25.2. In the case of conglomerates, the Board of Directors of the holding company will foster a comprehensive and formal Control Architecture covering all the subordinate companies. It will establish responsibilities for the related policies and guidelines throughout the conglomerate and define clear reporting lines. All this will promote an all-inclusive perspective of the conglomerate’s risks as well as the adoption of pertinent control mechanisms. Measure No. 26: Risk management. Risk management entails the definition of risk policies, and the implementation of processes to identify, assess, estimate, manage, monitor, and report the given risks. The following recommendations are made in regard to risk management: 26.1. The corporation’s risk management objectives are: i. Identifying the risks derived from the strategy defined by the corporation. ii. Assessing the risks and estimating the degree of exposure to them. iii. Managing risks effectively, this includes taking decisions concerning their avoidance, mitigation, sharing, or acceptance. iv. Monitoring risks, understood as assessing whether any risk-taking decisions are aligned with the risk policy approved by the Board of Directors, and with the maximum limits of exposure established by it. v. Reporting on risk management periodically to the Board of Directors and to the senior management. 26.2. The corporation has a map of risks, understood as a tool to identify and monitor the financial and non-financial risks to which it is exposed. 26.3. The Board of Directors is responsible for defining a risk management policy, and for setting maximum limits of exposure for each risk identified. 26.4. The Board of Directors knows about, and supervises periodically, the corporation’s actual exposure to the maximum risk limits determined, and it proposes corrective and follow-up actions in case of deviations. 26.5. Within the risk management policy framework, the senior management performs the processes and is responsible for managing the risks; therefore, it must identify, assess, estimate, control, monitor, and report them. In doing so, it defines methodologies and ensures that the management of risks is coherent with the risk strategies and policies set forth, and with the top limits approved. 26.6. The corporation has la policy to delegate risks approved by the Board of Directors. It establishes the limits of risk that may be managed directly at each of its levels. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 35 26.7. Within conglomerates, there must be a comprehensive management of risks, so that there is cohesion among the belonging companies and control of them. 26.8. If the corporation has a complex and diverse structure for business and transactions, there is a risk management post (CRO Chief Risk Officer). In the case of companies integrated in control configurations and/or business groups, the incumbent has faculties over the conglomerate at large. Measure No. 27: Control activities. To reach top effectiveness and add increased value, the management of risks requires the existence of an internal control system intended to ensure that: i. Based on the company’s risk policy and culture, there is an adequate management of each of the risks identified within its diverse processes, for which there are some specific controls. ii. In practice, there is an actual implementation of any risk management policies, processes, controls, and measures developed. The following recommendations are made in regard to the control activities: 27.1. The Board of Directors is responsible for ensuring that there is an adequate internal control system, adjusted to the corporation and its complexity, and coherent with the risk management in force. 27.2. The Board of Directors is responsible for overseeing the effectiveness and suitability of the internal control system. This could be delegated to the Audit Committee, with no lessening of the Board’s supervisory responsibilities. 27.3. The corporation applies and demands the self-control principle. It is understood as the ability of the individuals who participate in the various processes to consider control as an inherent part of their responsibilities, fields of activity, and decision-making. Measure No. 28: Information and communication. Among other elements, effective risk management and internal control systems require an organizational culture in which both the senior management and the staff at large manage the risks derived from their own activities, and design the pertinent controls. The following recommendations are made in regard to information and communication: 28.1. Within the corporation, there is top-down and horizontal communication about the culture, philosophy, and policies concerning risk, and about the limits of exposure approved, so that the staff at large regards the risks and control activities within their functions. 28.2. Within the corporation, there is a bottom-up mechanism to report information (toward the Board of Directors and the senior management) reliable, clear, and complete, which provides support and permits an informed decision-making, risk management, and control. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 36 28.3. The corporation’s mechanisms for communication and report of information: i. Allow the senior management to engage the corporation as a whole, highlighting its responsibility in risk management and the setup of controls. ii. Enable the corporation’s personnel to understand their role in risk management and the identification of controls, as well as their individual contribution in connection with the work of others. 28.4. There are internal anonymous-tip systems or “whistle blowers” through which the employees may inform anonymously any illegal or unethical behaviors, or those that may contravene the corporation’s risk management and control culture. The Board of Directors receives a report on these claims. Measure No. 29: Monitoring of the Control Architecture. Through a monitoring system, the Board of Directors gains an objective certainty that a corporation’s risk management is effective. This helps to ensure that the key risks of the business are being managed adequately, and that the company’s internal control system is being operated effectively. The following recommendations are made with respect to monitoring: 29.1. The Board of Directors, through the Audit Committee, is responsible for overseeing the effectiveness of the different components of the corporation’s Control Architecture. 29.2. The corporation’s monitoring activities, aimed at confirming the effectiveness of the Control Architecture, involve, in a special way, the cooperation of the internal audit functions and of the Statutory Auditor in matters within their competence, and particularly those regarding the company’s financial information. 29.3. The corporation’s internal audit function has bylaws approved by the Audit Committee. They describe explicitly the scope of its duties, and should comprise: i. The autonomy and independence required to fulfill its functions. ii. The assessment and assurance of the risk management processes. iii. The assessment and assurance that the risks are being evaluated adequately. iv. The assessment of the report mechanisms for the key risks of the business. v. The review of the management of key risks by those responsible of them. 29.4. The head director of the internal audit remains professionally independent of the senior management of the corporation or conglomerate that has hired him, by being functionally dependent from the Audit Committee exclusively. 29.5. The corporation’s Board of Directors is responsible for appointing and dismissing the head of the internal audit upon the proposal of the Audit Committee. The market is informed of his dismissal or resignation. 29.6. The Statutory Auditor of the corporation or conglomerate is clearly independent of them. The respective audit report makes a statement about this capacity. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 37 29.7. If the corporation is the holding company of a conglomerate, the Statutory Auditor is the same for all the companies, including those that are offshore. 29.8. The corporation has a policy to appoint the Statutory Auditor approved by the Board of Directors and communicated to the shareholders. It contains: i. Given rules to select the Statutory Auditor, based on professionalism, experience, and honorability criteria; they foresee that the Board of Directors will not propose to the General Assembly of Shareholders the appointment of any firms disabled, suspended, or otherwise sanctioned irrevocably by reason of exercising financial audit, by a judge or regulatory or supervisory authority of the countries in which the conglomerate operates. ii. The maximum term of the contract and any applicable extensions. iii. The configuration and qualifications of the Statutory Auditor’s team work. 29.9. The corporation sets forth a maximum contract term with the auditing firm that ranges between five (5) and ten (10) years, in order to avoid excessive proximity with such a firm and/or its teams, and to safeguard its independence. Regarding Statutory Auditor-natural person without contract with any auditing firm, the maximum contract term is 5 years. 29.10. Within the maximum contract term, halfway through it, the corporation promotes the turnover of the auditing-firm associates assigned to it, and that of their work teams. At the end of such term, the turnover of the firm itself must obligatorily take place. 29.11. The corporation extends the existing prohibition to avoid contracting with the Statutory Auditor any professional services other than the financial auditing and related functions sanctioned by the current regulations, to individuals or entities related to the auditing firm. This includes companies within the group of the auditing firm, and companies of which a large number of shareholders and/or administrators coincide with those of the auditing firm. 29.12. In its public information, the corporation discloses the total amount of the contract with the Statutory Auditor, as well as the proportion that these honoraria have for the auditing firm in relation to the total income associated to the firm’s financial auditing activity. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 38 V. FINANCIAL AND NON-FINANCIAL TRANSPARENCY AND INFORMATION The issuer’s leading tool for contact with its stakeholders and with the market at large is the disclosure of financial and non-financial information. Such information intends to provide those groups with an adequate understanding of the issuers’ progress and situation, and sufficient facts to take informed decisions. The recommendations offered in this chapter apply to the information different to that which the shareholders are entitled to, under their rights of inspection and information. Transparency has become a fundamental Corporate Governance principle; one that company shareholders, the market at large, diverse stakeholders, and concerned third parties demand. In this vein, transparency has been evolving from being a “requirement” or a “right” of shareholders –which, beyond any minimum legal dispositions, the companies met voluntarily– towards becoming a corporate “mandate.” Measure No. 30: Information disclosure policy. 30.1. The Board of Directors has approved an information disclosure policy that features, at least, the following: i. The corporation’s department or unit responsible for developing the information disclosure policy. ii. The information that must be disclosed. iii. The way in which the information must be disclosed. iv. To whom should the information be disclosed. v. Mechanisms to ensure the maximum quality and representativeness for the disclosed information. vi. Procedures to label the information as privileged or confidential, and for its handling vis-à-vis the disclosure requirements of the existing regulations. 30.2. In the case of conglomerates, the disclosure of information to third parties is comprehensive and transversal in regard to the group of companies, so that those external parties may have a well-grounded idea of the conglomerate’s facts, organization, complexity, activity, size, and governance model. Measure No. 31: Financial statements. 31.1. If there are qualifications [salvedades] in the Statutory Auditor’s report, these, and any possible corporate actions to solve the situation, will be explained to the shareholders gathered at the General Assembly, by the president of the Audit Committee. 31.2. If the Board of Directors considers that it must keep its own opinion vis-à- vis the Statutory Auditor’s qualifications [salvedades] or “emphasis paragraphs”, these are explained and justified appropriately to the General Assembly through a written report that specifies the contents and scope of the discrepancy. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 39 31.3 The public financial information contains a detailed description of transactions with or between related parties. These include transactions between conglomerate companies that the corporation deems material through objective parameters such as their volume, percentage on assets, sales or other indicators. There is also a reference to any offshore transactions. Measure No. 32: Information to the markets. 32.1. In the context of the information disclosure policy, the Board of Directors (or the Audit Committee), adopts the necessary measures to ensure that the financial and capital markets receive all the financial and non-financial information on the corporation required by the regulations in force, plus any other that it considers relevant for investors and clients. 32.2. The corporation’s web site is user-friendly. The visitor finds any Corporate Governance information easily. 32.3. In this vein, the corporation’s web site includes, at least, the following links or similar ones: i. About the corporation –history, main data, vision and values, business model, company structure, governance approach; in the case of conglomerates, the relations between the holding company and the subordinates, etc. ii. Shareholders –current price [cotización]; capital; analysts’ remarks; relevant facts informed to the RNVE [Spanish acronym: Registro Nacional de Valores y Emisores – National Registry of Securities and Issuers]; financial information (financial statements audited, and report or assessment by the Statutory Auditor, annual report, management report, intermediate-results report, economic and financial indicators, etc.); shareholder’s agenda (information meetings, assemblies, dividend payments, etc.); General Assembly (notice of meeting, Agenda, Agreement Proposals, information related to the points on the Agenda, model letter for representation, etc.); history of dividends paid by share; contact information for the shareholders-service office; frequent questions, etc. iii. Relationships with investors –results; reports (of results, transactions, conferences, events, etc.); financial reports (annual report, management report, quarterly reports, risk management report, information to supervisory authorities, significant news, periodical public information, etc.); characteristics of current debt issuances; rating reports, etc. iv. Corporate Governance –bylaws; General Assembly of Shareholders and its regulation; Corporate Governance Code; composition of the Board of Directors and its regulation; committees of the Board of Directors; Corporate Governance Annual Report; reports of the committees; information rights; shareholder agreements; Code of Conduct; Code of Ethics; copy of the last five (5) Country Code Surveys [Encuestas Código País] answered, and/or Implementation Report; the corporation’s leading policies, etc. v. Sustainability - Corporate social responsibility policies; relationships with stakeholders, community, the environment, etc. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 40 32.4. In general, the supporting documents through which the corporation conveys information to the markets are files easy to share, download, and print. 32.5. If the corporation is sizable and complex, it publishes every year on its web site, an explanatory report on the organization, methods, and procedures of its Control Architecture. It seeks to provide accurate and reliable financial and non- financial information, and to protect the company’s assets as well as the safety and effectiveness of its transactions. A risk management report complements the above information. Measure No. 33: Annual Corporate Governance Report. 33.1. The company prepares an Annual Corporate Governance Report. The Board of Directors is responsible for its contents, after their review and a favorable concept by the Audit Committee. This report accompanies the remaining documents of the closing of the accounting period. 33.2. The company’s Annual Corporate Governance Report is not a mere transcription of the governance norms included in the bylaws, internal regulations, good-governance codes, or other company documents. It does not intend to describe the corporation’s governance model, but rather explain how it actually works and any relevant changes during the accounting period. 33.3. The company’s Annual Corporate Governance Report describes, at the end of the accounting period, how the company enforced, throughout the year, the governance recommendations it adopted as well as the leading resulting changes. The structure of the company’s Annual Corporate Governance Report coincides with the following scheme: i. Ownership structure of the corporation or conglomerate. a) The corporation’s capital and ownership structure. b) Identity of the shareholders with significant participations, direct and indirect. c) Information on the shares owned by members of the Board of Directors either directly (in their own name), or indirectly (through corporations or other vehicles), and on the voting rights that they represent. d) Relationships –family, commercial, contractual, or corporate, that exist among the owners of significant participations, or between them and the corporation. e) The transactions that the members of the Board of Directors, senior managers, and other administrators have performed with the shares and other securities issued by the corporation. f) A summary of known agreements between shareholders. g) Own stock in control of the corporation. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 41 ii. Administrative structure of the corporation or conglomerate. a) Composition of the Board of Directors and description of the origin of each of its members, and of its committees. Dates of first and subsequent appointments. b) Résumés of the members of the Board of Directors. c) Changes in the Board of Directors throughout the accounting period. d) Members of the Board of Directors of the holding company that are Board members of the subordinate companies, or that hold executive positions in them (in the case of conglomerates). e) Policies approved by the Board of Directors during the period under report. f) Process to appoint the members of the Board of Directors. g) Compensation policy for the Board of Directors. h) Compensation of the Board of Directors and senior managers. i) Quorum of the Board of Directors. j) Data on attendance to meetings of the Board of Directors and committees. k) President of the Board of Directors (functions and key subjects). l) Secretary of the Board of Directors (functions and key subjects). m) Relationships of the Board of Directors with the Statutory Auditor, financial analysts, investment banks, and rating agencies throughout the year. n) External advice received by the Board of Directors. o) Management of information by the Board of Directors. p) Activities of the committees of the Board of Directors. q) Information on the performance of processes to assess the Board of Directors and the senior management, and summary of their results. iii. Related-party transactions. a) Powers of the Board of Directors over this type of transactions and conflict of interest situations. b) Description of the most important related-party transactions, including those between companies of the conglomerate, in the opinion of the corporation. c) Conflicts of interest faced, and actions by the members of the Board of Directors. d) Mechanisms to solve conflicts of interest between the companies of the conglomerate, and their application during the accounting period. iv. Risk management systems of the corporation or conglomerate. e) Explanation of the internal control system (ICS) of the corporation or conglomerate and its changes during the accounting period. f) Description of the risk policy and its implementation during the accounting period. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 42 g) Risks materialized during the accounting period. h) Plans to meet and oversee the leading risks. v. General Assembly of Shareholders. a) Concerning the Assembly’s operation, the differences between the minimum requirements of the norms in force, and those defined by the corporation’s bylaws and by the Assembly’s regulation. b) Measures adopted during the accounting period to encourage the participation of shareholders. c) Information and communication with shareholders. d) The number and subjects of information requests made by shareholders to the corporation. e) Data on attendance to the General Assembly of Shareholders. f) Description of the main agreements reached. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 43 VI. GLOSSARY5 Minority shareholder It is a shareholder with a limited amount of shares who has no capacity to control, directly or indirectly, the corporation, or to influence the taking of decisions. The shareholder defined as such by the company’s bylaws or by the norms in force. Significant shareholder It is a shareholder that either alone or by virtue of agreements with other shareholders, has a voting right above a certain limit (currently set at 10% of the total voting rights), and whose participation has a stable purpose. Senior management These are individuals at the highest hierarchical administrative or corporate level of the company. They are responsible for the ordinary course of business of the corporation and must conceive, execute, and control its objectives and strategies. The general or corporate secretary and the internal auditor also belong to it. Control architecture It is a comprehensive concept that involves all the aspects related to an environment of control, risk management, internal control systems, information and communication, and monitoring. It allows the company (from the Board of Directors and the senior management to the staff at large) to have a structure, policies, and procedures that ensure reasonable safety in the attainment of the company’s objectives. External auditor It is a professional, or a network of professional services comprised by legally separate entities, which provide assurance services (financial statement audits, Statutory Auditing, IFRS, compliance, specialized audits, etc.), consulting, legal and tax advice, outsourcing, and others. Specialized audit It is the review, analysis, and issuance of an opinion about a given subject. A group of shareholders may request it under the conditions provided by the corporation for such a procedure. The specialized auditor will observe confidentiality with respect to the themes consulted, and the information supplied for the development of the contract. Floating Capital Percentage of a corporation’s total capital which is much dispersed. It may be transacted regularly for it is not held by controlling, significant, or institutional 5 The scope of the term definitions provided in this Glossary is that of this Code of Best Corporate Practices exclusively. While it does not intend to replace any legal definitions, it does not contravene them. FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 44 shareholders, or by the members of the Board of Directors. Also known as free float, it is the sphere of minority shareholders. Letter of acceptance It is the document that a member of the Board of Directors signs when he is elected or reelected. It summarizes the commitments that the new Board member accepts with respect to the corporation. It includes matters such as: term of appointment; rights and duties; estimated time commitment; induction program; compensation; expenses; return of documentation; end of appointment; D&O [Directors and Officers] policies; estimated meetings; conflicts of interest; acceptance of the corporation’s internal norms (bylaws, regulations, Corporate Governance code). In the case of the independent members, the letter of acceptance will include their statement of independence and compliance with the corporation’s requirements for belonging to this category. Conglomerate Set of companies integrated in situations of control and/or business groups. Early dissolution It is the possibility of shareholders to dissolve the corporation for causes other than those established by the law. It will require the payment of the external liabilities, and thereafter, the distribution of any remaining assets. The decision to opt for an early dissolution must follow the respective procedures set forth by the company’s bylaws or by the law. Offshore companies These are companies created in financial centers with very low tax burdens, also known as tax havens. Ordinary course of business It is the set of decisions and transactions that must be carried out to implement the company’s strategy, and reach its business objectives. Usually, the senior management team is responsible for it, under the leadership of the President of the corporation. Stakeholders These are all the persons that are related to the issuer of securities, and therefore, have an interest in it. Among them are the public at large, the shareholders, the employees, the clients and users, the economic and tax authorities, and the official supervisor. Uncertainty It is a situation whose outcome is uncertain by the date of a balance, because it is contingent on the occurrence of a future event, or the absence of it. Therefore, its impact on the corporation’s financial FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 45 statements may not be estimated. Hence, the term implies a “lack of certainty” for the corporation. Working Table These are all the representatives of the different groups, infrastructure providers, guilds, and institutions that develop on a joint, regular, and dynamic basis the Code of Best Corporate Practices. Material finding An economic fact is material when, because of its nature or amount, its knowledge or absence of it, and given its particular circumstances, it may alter significantly the economic decisions of the information users. When preparing financial statements, the materiality must be determined in regard to the total assets, the total liabilities, the current liabilities, the working capital, the net worth, or the accounting period results, as applicable. Material information It is, by way of example, that information related to corporate reorganization processes such as mergers; segregation (spinoffs); loans between parent companies and subordinates; transfers of assets, liabilities and other items, which might affect the issuer. This information must be registered in a document that summarizes the event’s impact on the issuer. Investor For the purposes of the Country Code, these are natural or legal persons that invest in fixed-yield instruments, thereby channeling their funds through the securities market with the aim of making a profit. Holding company It is a corporation that has control or decision-making authority over another company or companies called subordinates. Relevant transactions These are facts of significance to the issuer, to its business, to its listed securities, and/or to the offering of those securities to the market, according to the criteria set forth by the article 1.1.2.18 of the Decree 3139 of 2006. Significant participation A significant participation in a corporation will correspond to ten percent (10%) or more of the outstanding stock. President of the corporation It is an individual position within the corporation that reports to the Board of Directors. The President is the person ultimately responsible for the corporation’s ordinary course of business, and the majority of the members of the senior management report to him directly. Also called the General Manager, he usually FINANCIAL SUPERINTENDENCY OF COLOMBIA Page 46 acts as the company’s top legal representative or its head [titular]. Agreement Proposal It is a text prepared by the Board of Directors that accompanies each of the points on the Agenda for the General Assembly of Shareholders. It literally describes the subject that the Board is submitting to the shareholders for a vote, and it may include the Board’s suggestion on how they should vote. Segregation A segregation (spinoffs) [escisión impropia] is a transaction by which a “segregating” corporation assigns one or several parts of its equity to the constitution of one or more companies, or to the capital enhancement of existing enterprises, which are called the “beneficiaries.” In compensation, the segregating corporation receives shares, quotas, or interest participations from the beneficiaries. An in- kind contribution will be regarded as segregation when it delivers a business line or a commercial outlet, or when it introduces significant changes to the corporate purpose of the segregating company. Such a change in the corporate purpose is presumed as significant when the net worth of the assets delivered corresponds to twenty-five percent (25%) or more of the total equity of the segregating company, or when the assets delivered generate thirty percent (30%) or more of its operational revenues, based on the financial statements of the previous accounting period. Market prices These are the transfer prices set forth in the Chapter XI of the Tax Statute. Related parties Those identified in the IAS 24.