1. Purpose
This Revolut Compliance Policy ("Policy") has been developed to ensure the effective management of compliance risk, following the standards set by the Central Bank of Brazil.
2. Scope
This Policy applies, without restriction, to all individuals (hereinafter referred to as 'employees'), regardless of the type of relationship they have with Revolut. This includes administrators, partners, employees, interns, and any other person who provides services to Revolut, even on a one-off basis, such as service providers and suppliers.
3. Structure and Independence of the Compliance Area
The Revolut Compliance area is responsible for ensuring compliance with all applicable laws and regulations. In partnership with the employees, it manages compliance risk, preventing sanctions, financial losses, and reputational damage resulting from non-compliance with these rules. To this end, it acts in the detection, guidance, and treatment of deviations in conduct or non-conformities.
It operates in a completely impartial and independent manner from the institution's other areas, especially the Business sectors and Internal Audit. To perform its duties, it has free and unrestricted access to all areas, communication channels, as well as all necessary data and documents. Furthermore, it has a well-defined organizational structure, composed of a qualified team and adequate material and technological resources. Personnel are allocated in sufficient numbers, and the professionals possess the required training and experience to perform their duties. This set of factors ensures the effectiveness of controls and fosters a culture of integrity and compliance throughout the institution.
4. Key Responsibilities of the Compliance Area
The Compliance team is fundamental to ensuring compliance and ethics within the institution. Its main responsibilities can be summarized into five areas:
1. Dissemination of a Culture of Compliance and Ethics
The culture of integrity and ethics is strengthened through the training of all employees. This initiative aims to ensure that they not only understand but also follow the applicable rules and regulations.
2. Regulatory Monitoring and Support
The Compliance area continuously monitors the regulatory environment, keeping senior management and all employees updated on new requirements and regulatory changes.
3. Implementation and Compliance Assessment
In partnership with other areas, the Compliance team ensures compliance with regulatory requirements. Tests and assessments are conducted on Revolut's adherence to laws, regulations, and recommendations from supervisory bodies.
4. Relationship with Regulatory Bodies and Audits
The team is responsible for managing interactions and responding to the demands of regulatory bodies and audits. Its function is to ensure the timely fulfillment of regulatory obligations and maintain adequate communication with the authorities.
5. Governance and Reporting
The Compliance area acts independently and has unrestricted access to all necessary information. An annual report is prepared for senior management, detailing the activities carried out, the recommendations issued, and the measures adopted.
5. Structure and Control Mechanism (Lines of Defense)
Revolut uses the Three Lines of Defense (3LD) model to manage its risks in a clear and structured manner. The objective is to define the responsibilities of each employee in risk management and control.
5.1. First Line of Defense
The First Line of Defense is comprised of the business areas — such as Product, Operations, Credit, and Finance — which are considered the risk owners. These areas are directly responsible for assessing, controlling, and mitigating the risks arising from their own activities.
5.2. Second Line of Defense
The Second Line of Defense is formed by areas such as Risk, Compliance, and Internal Controls. These areas have the function of monitoring and consolidating procedures, in addition to supporting managers in identifying risks and developing controls to mitigate their impacts.
5.3. Third Line of Defense
The Third Line of Defense is the responsibility of Internal Audit. Operating in a completely independent manner, this area evaluates the activities of the First and Second Lines, offering an objective opinion on the effectiveness of controls and the adequacy of risk identification.
6. Whistleblowing Channel
Revolut encourages all employees to report any concerns related to misconduct, whether suspected or confirmed. This includes crimes, violations of laws, regulations, or internal policies. The incident may have occurred in the past, be happening now, or be something the employee believes could occur in the future.
All employees have the responsibility to help detect, prevent, and report irregularities. For this purpose, the Whistleblowing Channel (Speak Up Portal) ensures confidentiality, impartiality, and, if requested, the anonymity of the whistleblower. All investigations are conducted fairly and confidentially to protect the identity of the person making the report.
Revolut adopts a zero-tolerance stance against retaliation, strictly prohibiting any form of revenge, intimidation, or hostility against whistleblowers. Any act of retaliation will be considered a serious violation of internal policies.