CODE OF ETHICAL CONDUCT

Banco Santander Brasil

GENERAL CODE OF CONDUCT

1. Message from the Ethics and Compliance Committee

2. Our corporate culture

3. A tool for your daily routine

3.1 What is the Code of Conduct?

3.2 Who must follow it?

3.3 What happens if the Code is breached?

4. We count on your commitment

4.1 Principles that guide your behavior

5. Open Channel. We listen to you

5.1 What is it and how does it work?

6. The Code in practice. We are a benchmark for conduct

6.1 The relationship with your coworkers

6.2 Your relationship with Santander

6.3 The relationship with customers, suppliers, and intermediaries

6.4 Your relationship with society

7. Behind the Code of Conduct. Teams involved

At Santander, we share a common culture: the Santander Way. This is what sets out:

We do all this while always considering the risks and compliance we must adhere to (referred to "Risk Pro") and embracing the corporate behaviors encapsulated by the acronym T.E.A.M.S.

This new Code of Ethical Conduct is yet another important pillar of our culture. All our work-related actions and behaviors must be based on it. Honesty, transparency, and ethics are everyone's responsibility. Only then will we continue to be a company that our employees, customers, and partners can trust.

It is the duty of all employees, in addition to carefully reading this document:

With all the changes we have faced in recent years, it is increasingly important to believe in and respect our corporate culture. This way, we will continue to innovate and drive transformations in the market – always with ethical responsibility in everything we do.

We count on you. Your conduct matters.

Ethics and Compliance Committee

A strong and inclusive culture: the foundation for building a more responsible bank

The Santander Way

It is our approach for running the business, which establishes:

Simple: We utilize straightforward language and enhance our processes each day.

Personal: We treat our customers in a personalized manner. We want everyone, both customers and employees, to feel valued and unique.

Fair: We are honest and treat others as we would like to be treated.

To be a Simple, Personal, and Fair bank, our corporate behaviors are summed up in the word TEAMS, which serves as a guide for how everyone should act and behave:

We also have our own way of managing risks through the Risk Pro platform, a shared, attentive, and robust management system in which the entire team participates – from store employees to the Board of Directors.

The Santander Way is the cornerstone for establishing a more responsible bank.

You are a representative for the Santander Group. Your behavior is what makes us a Simple, Personal, and Fair bank that we are working for every single day.

This document outlines the behaviors and standards of conduct that must be followed by everyone who is part of the Santander Group.

To build a fair and ethical company, it is essential that we behave in an exemplary manner. This Code is a dependable instrument to help you during your journey towards growth and transformation in the business world – and society at large. It serves as a tool to prevent various risks, including criminal ones, to which Santander and its employees are exposed.

The Code of Conduct applies to everyone: employees, members of senior management, and members of governance bodies overseeing the companies that make up the Santander Group. Nevertheless, this does not relieve you of your obligation to comply with the specific codes of conduct pertaining to your role.

Failure to comply with any obligation stipulated in this document, or the regulations derived from this Code, may result in disciplinary actions, in addition to criminal and administrative sanctions.

In your day-to-day work, you may encounter situations that raise questions about certain behaviors. That is why, in addition to this Code, you can rely on the Compliance department.

If you detect any breaches or irregularities, notify the manager of your department or directly contact the VP of People. You also have the Open Channel at your disposal.

When I am unsure of what to do, I follow this mind map:

1. DOES MY DECISION HARM SANTANDER'S REPUTATION IN ITS RELATIONSHIP WITH CUSTOMERS?

If the answer is:

YES à STOP

If NO, then:

2. IF I COULD SHARE THIS DECISION AT THE SUNDAY LUNCH TABLE WITH MY FAMILY AND FRIENDS, WOULD THEY APPROVE IT?

If the answer is:

NO à STOP

If YES, then:

3. IF I COULD PUBLISH THIS DECISION ON THE FRONT PAGE OF MY CITY'S NEWSPAPER, WOULD IT BE WELCOMED?

If the answer is:

NO à STOP

If YES, then:

4. BY OMITTING MYSELF, AM I PROTECTING SOMEONE WHO HAS DONE SOMETHING WRONG?

If the answer is:

YES à STOP

If NO, then:

5. DOES MY DECISION FULLY COMPLY WITH SANTANDER'S CODE OF ETHICAL CONDUCT?

If the answer is:

NO à STOP

If, after questioning yourself, you still have doubts, contact your manager, review the specific policies pertaining to each issue, or use the Open Channel.

Our customers trust the Santander Group because we trust you.

As an employee of the Santander Group, make sure you have the necessary knowledge and are aware of the responsibilities required by your position. Perform your work with impartiality, judgment, and diligence.

You are a Santander flame, which is why it is important that you commit and pay close attention to the following:

The commitment to social and corporate responsibility undertaken by the Santander Group – such as the initiatives within the Be Healthy program – fosters the improvement of the quality of life of our professionals and their families.

We strive for a safe work environment that is compatible with personal development while helping professionals to balance, as best as possible, their work commitments with their personal and family lives.

We also believe that health and safety are crucial to building a safe and comfortable workplace.

We promote open, transparent, and constructive dialogue with employee representation organizations to strengthen relationships with our staff.

At Santander, we work to protect the planet. We adhere to social and environmental regulations, crafting and implementing policies and principles on sustainability, human rights, climate change, and other activities that may be harmful to the environment.

As a Santander Group professional, we need you to fulfil these commitments by applying our corporate behaviors (T.E.A.M.S.) and employing Risk Pro as core components of the Santander Way. Open Channel is available to all employees, suppliers, customers, shareholders, or any third parties associated with the Santander Group.

Failure to adhere to our Code of Conduct leads to internal penalties, termination, or even legal action. Do not be deceived: there are no shortcuts. In the past, we have had instances of employees who, for instance, received funds related to credit operations – a practice that is strictly forbidden – or enabled the Santander ID of customers on their own personal mobile devices. Regardless of the reason, no matter how good the intention may be, never take the wrong path.

We want you to speak up, as this generates trust and builds teams.

We uphold an open and honest work culture. Our aim is to foster an ethical, responsible, and transparent environment.

To ensure that individuals feel comfortable expressing themselves openly and safely, we rely on Open Channel. This platform is available 24 hours a day, seven days a week, to receive reports, complaints, suggestions, and allegations through an electronic form accessible on NOW or by email at canalaberto@santander.com.br.

All communications are received and channeled by the Compliance department, ensuring the confidentiality and anonymity of those who reach out, with retaliation, discrimination, or any other unfair treatment of whistleblowers being strictly prohibited.

Through the Open Channel, you can report:

Open Channel can be accessed by any employee, supplier, customer, shareholder, or third party associated with the Santander Group.

It is prohibited to make threats or retaliate against anyone who has filed a report. This does not exclude the possibility of disciplinary measures being taken if an internal investigation concludes that the report was filed with malicious intent or in bad faith.

In the management and handling of communications received through Open Channel, the rights and guarantees of the individuals involved are preserved.

If you know, suspect, or believe there is any conduct that could compromise our reputation as an ethical, responsible, and fair company, raise your hand and speak up.

#YourConductMatters

I would feel more comfortable reporting the situation in person. Is that possible?

Yes. Through the Compliance department, it is possible to request an in-person meeting with those in charge of Open Channel, while maintaining the same confidentiality guarantees.

I'm not sure if what I've witnessed constitutes a situation that should be communicated through Open Channel. What should I do?

Go to Open Channel and report it anyway, even if it is merely a suspicion.

Can my report be filed anonymously?

You can, but Open Channel has been so efficient and discreet that most of the reports received have identification.

More than just a set of rules, this Code is part of our Culture.

We hire professionals based on their talent, training, skills, and experience. Personal achievement and merit are the only factors that influence our decision.

When you are involved in a selection, recruitment, or promotion process, guided yourself by the principle of equal opportunities.

It is prohibited to discriminate based on sexual orientation or gender identity, race, religion and beliefs, political ideologies, membership or non-membership in unions, disability, place of origin, age, language, marital status, social status, or any other personal characteristics.

When making decisions, be objective, tolerant, and promote diversity: make sure that your only goal is to find the right person for the right position.

We do not offer jobs or employment contracts to authorities or public officials involved (or who have recently been involved) in matters that directly affect our interests.

We want to ensure that the Santander Group is a safe place to work, an environment where everyone can be themselves while enjoying the same opportunities.

We do not tolerate our employees, suppliers, or customers being discriminated against based on their sexual orientation or gender identity, race, religion and beliefs, political ideologies, union membership or non-membership, disability, place of origin, age, language, marital or social status. Therefore, comments or actions that undermine our culture of respect will not be tolerated. We expect you to be tolerant and set an example.

Any form of abuse, intimidation, harassment (whether moral or sexual), disrespect, or attitude that affects the dignity of professionals affiliated with us is prohibited, particularly negative behaviors towards personal traits, whether visible or not.

Should you witness or experience any of these situations in the workplace, report it immediately. Access the Open Channel or speak directly to your manager (if possible), as well as the Compliance and/or People departments.

If you have any family ties with partners, leaders, or heads of the Santander Group who possess considerable influence over your work situation, inform your direct manager, as well as the Compliance and People departments. This applies to hiring processes, promotions, or improvements in working conditions, including salary increases.

What do we mean by family ties?

It refers to spouses or relatives (parents, children, siblings, aunts or uncles, nieces or nephews, sisters-in-law and brothers-in-law). It also encompasses relationships akin to those previously mentioned.

What do we mean by friendship?

It refers to close friendships with any senior management member that could give rise to favoritism.

If you and a family member happen to be assigned to the same unit and one of you is the other's hierarchical or functional superior, one of you will be transferred to a different unit within one year. If the hierarchical relationship is indirect, the Regulatory and Reputational Compliance and People departments will analyze the case. The department manager will be informed about the decision to be taken.

You can purchase the products or services that we offer under regular market conditions or in accordance with the terms established for employees.

You cannot purchase or lease, either directly or through individuals with whom you have ties, assets or goods from the Santander Group or vice versa. In other words, Santander cannot purchase or lease assets or goods belonging to you or individuals with whom you have ties, nor can you engage in these transactions directly with Santander. However, there are two exceptions to this rule:

In these instances, the transactions will be supervised to ensure transparency and equality for all stakeholders. The objective is to guarantee that negotiations occur under market conditions and without conflicts of interest or the use of insider information.

If you are interested in investing in a business in which we have a capital stake, a direct stake (co-investment), or even in a business in which we no longer hold a stake, it will be necessary to obtain prior authorization from your manager and the Compliance department. This authorization will be granted when it has been confirmed that there is no conflict of interest, both now and in the future. You must refrain from initiating the investment process until you have obtained both authorizations in writing.

All information that we have not made public must be treated as completely confidential. It is imperative to protect the privacy of any personal data to which you have access in the course of your work or because of it. This also applies even if you stop working at Santander.

You must only use such information and personal data in the fulfillment of your duties. Use only the strictly necessary data and information. Make sure you have the authorization to do so.

When dealing with personal data, make sure that the necessary technical and organizational measures have been taken to ensure the proper level of security at all times.

A regrettable instance: a young professional, who incidentally possessed remarkable talent, attempted to irregularly obtain customer data. However, the controls in place are becoming increasingly strict and secure... before he could complete the action, he was caught in the act and arrested by the police.

If a judicial body, the public administration, or any other competent authority requests information, imposes an embargo, or blocks customer positions, provide only the data that has been requested. If you have any questions, please contact the Compliance department.

Do not share information, comments, or rumors about us or any third parties publicly.

Refer journalists and media inquiries to the Communications department.

If you have been invited to deliver a speech or are contemplating an interview on topics related to our corporate objective or your professional role within our organization, you must first request authorization from your manager, as well as the Compliance and Communication departments.

When participating in public forums, social media, or similar platforms, exercise caution when sharing your personal opinions on topics that may be politically or ideologically biased, at the risk of compromising the neutrality of the Santander Group. Refrain from emphasizing your status as a Group professional, making it explicitly clear that you are speaking on your own behalf.

If you engage in personal transactions on financial markets (including securities and financial instruments), bear in mind the special rules that may apply to you in the Code of Conduct in Securities Markets - CCMV (157034). Even if you are not subject to the Code of Conduct in Securities Markets, you must comply with our principles at all times:

What should I do if I receive insider information?

If you have accessed insider information without being on the list of authorized individuals and you are not involved in the related project, or if you have accessed the information by mistake, contact the Compliance department, unless you have received this information as part of your work and the project manager has authorized your access. Nonetheless, we recommend that you confirm your inclusion on the list of individuals with access to said information.

What is insider information?

It refers to sensitive information regarding securities or financial instruments (including their issuers) traded on a market, organized trading system, or about to be admitted for trading. For this information to be deemed insider, it has not yet been made public and, in case of data leakage, its market price could be affected.

Compete fairly in the business activities in which you participate.

Encourage free competition to benefit the market, customers, and everyone with whom you maintain business or professional relationships.

Comply, at all times, with the internal competition rules applicable to each specific activity.

Report any anti-competitive practices that you may have detected when dealing with competitors. If you have any doubts or suspicions, check with the Legal or Compliance & Conduct departments. For further details, carefully read the Antitrust Policy - Competition Defense (161607).

Cybersecurity is everyone's responsibility. Our Cybersecurity Rules Policy to protect Santander (164820) regulates the proper use of Information Technology systems (computers, mobile phones, email, internet access, social media, etc.).

If you engage in a professional activity involving a very specific use of our IT systems requiring special privileges (e.g., if you are a developer or system administrator), in addition to the Cybersecurity Policy, you must comply with the Cybersecurity Requirements Policy for Technical Users (164823).

You must avoid malicious practices or inappropriate behaviors that could lead to severe security breaches, such as the use of unauthorized software, breaches by technical users, data exfiltration, or information leakage.

Always bear in mind the five Cyber Defender principles:

While the personal use of social media is the individual's responsibility, keep in mind that your association with Santander creates reputational or cybersecurity risks – as well as other types of risks – for the Group. Therefore, we recommend that you handle your online profiles and the content you post on social media responsibly and conscientiously.

Read the Policy on the Personal Use of Social Media by Employees and follow its basic principles.

Can I express my opinion on posts from our corporate profiles?

Of course. You can share your opinion through your own posts or by participating in ours, but you must always do so transparently, honestly, and as an individual, making sure not to disclose any confidential information, respecting intellectual property, and following the principles of the Policy on the Personal Use of Social Media by Employees.

Protect and look after our assets (properties, goods, estates, etc.) and do your best to prevent them from being damaged.

Use the assets properly and for the intended purpose for which they were provided to you and follow the internal control procedures we have in place for protecting them. Notably, electronic devices (mobile phones, computers, etc.) designated for professional use may be subject to inspection.

Unless you have your manager's authorization to do so, do not create or allow any liens on assets – do not sell, transfer, dispose of or pledge assets, or enter into agreements that may have a similar effect.

Do not sell, transfer or retain the assets of our property to evade liabilities to our creditors.

This information is the responsibility of every Santander Group employee, which is why it must be processed and presented with rigor and accuracy. It refers to all the accounting and financial data presented to our customers, shareholders, investors, auditors, and supervisory authorities.

When handling financial information, make sure that the data being collected exists, is complete, and complies with the applicable regulations.

Always bear in mind the internal control procedures in place and follow them. If you detect a breach, inform your manager or report it through the Open Channel.

As part of your professional activity, you may incur personal expenses, such as when you need to travel for work, attend training sessions, cover meal costs, etc.

In these instances:

Likewise, keep in mind the guidelines outlined in the Administrative Services Policy: Reimbursement of Expenses, Transportation, Pantry Services, and Other Services for Employees.

At the Santander Group, we have intellectual property and/or usage rights regarding original works, courses, programs, IT systems, processes, technology, know-how, and, in general, they cover any work developed or created within the Group – whether derived from your professional activity or that of a third party.

Employ these resources and knowledge exclusively to conduct your professional activities at the Santander Group and return all materials upon our request.

Always use the name, image, and brands of the Santander Group appropriately and only do so while you are working with us.

Similarly, respect the intellectual and industrial property rights of third parties or companies. Do not use information or materials obtained during previous employment with these entities or without consent.

If you are involved in any stage of the development and sales process, bear in mind the internal regulations pertaining to sales and consumer protection. Our customers must be treated in an honest, impartial, transparent, and professional manner.

Develop products and services to meet our customers' needs, while balancing risks, costs, and profitability. Mitigate conflicts of interest.

Take advantage of the training we provide to gain knowledge, skills, and experience, which will help your customer relationships and your ability to make sales.

Provide information and sell our products and services to the appropriate target market, while remaining transparent and straightforward throughout the process.

Our card portfolio, for instance, is the most comprehensive on the market. We are the only bank that offers WAY, alongside the Esfera platform, providing customers with numerous benefits. In other words, there are plenty of reasons to sell well. There is no justification, however, for an unsolicited and/or improperly formalized sale.

Handle customer requests, incidents, and complaints fairly and diligently.

When selling a product or service to a customer, remember that you are not allowed to give tax planning advice. Only provide them with the tax information that the specific product and/or service offers. Inform them that it is solely the customer's responsibility to be aware of their tax obligations regarding the products or services that they have purchased.

Include this disclaimer notice in the presentations or documents for the products you sell.

To learn more, please refer to the Customer Conduct Risk Management Model (164897).

In our business, we interact with many people in different ways. As a responsible bank, we seek like-minded employees, suppliers, and intermediaries who promote social responsibility, ethical business practices, human rights in the workplace, and environmental sustainability. At the same time, we ensure that their activities align with our values and ethical standards.

When interacting with suppliers and intermediaries, check the Procurement Management Conduct Policy (161485) and follow its guidelines.

Make sure that the selection process is fair, unbiased, and impartial.

Avoid conflicts of interest. If you come across a potential conflict, contact the Compliance department.

When performing your professional duties, do not request, accept, promise, or offer payments, commissions, gifts, compensations, invitations, loans, or financial benefits to take advantage of your position within the Group for your own personal gain.

What should I do if a customer or supplier offers me tickets to a sporting or entertainment event?

Refer to our Anti-Bribery and Corruption (ABC) Policy, in which we outline the criteria for accepting or rejecting third-party invitations. If you are still unsure, check with the Compliance department.

When faced with situations like these, and if you are unsure whether to accept or offer a gift or invitation, check with the Compliance & Conduct department. They are there to help you.

Financial crime causes dangerous situations and brings serious harm to society, which is why we must contribute to the prevention and repression of such illegal activities.

All professionals have the obligation to avoid and not facilitate crimes, whether by providing the means or information to customers that could be misused. We also fully cooperate with authorities in all locations where we operate in the fight against financial crimes – and we all bear the responsibility to prevent, deter, and detect.

We count on your unwavering commitment to reducing the risk that our products and services may be used in criminal activities or to facilitate them.

Within the scope of financial crime prevention, we fight against money laundering, terrorism financing, breaches of international sanctions, bribery, and corruption.

Follow the Anti-Money Laundering and Counter-Terrorist Financing Corporate Framework (160119), its related policies and procedures:

We respect the right to free political association. However, you must make it clear that your participation is on a personal basis and does not involve Santander.

If you have been offered a public office and are considering accepting it, before deciding, inform your manager and check with the People and Compliance departments. It is important that we first verify that they are compatible and that it will not compromise your position within the Group.

We have zero tolerance for tax evasion. All our entities fulfill their tax obligations and follow the principles outlined in our tax strategy.

Do not engage in any practice related to the illegal evasion of tax obligations in your professional activity. You must follow the Internal Regulations regarding this matter.

When interacting with public authorities or their representatives, be transparent and respectful: cooperate.

IN CASE OF DOUBT, WHO CAN HELP

If you have any questions, these are the departments that can assist you: