ISO 27001 Standard Certification

During the month of September 2022, DCV successfully achieved the ISO 27001 recertification for Information Security. This is the principal international standard on this matter and seeks to protect and preserve the confidentiality, integrity and availability of information from a wide range of threats.

What DCV achieves with this certification is to ensure the integrity, reliability and availability of information; implement international standards associated with information security; develop an adequate security policy aligned with the business; and develop, adopt and promote measures to reduce the impact of a security incident.

The certification is valid for three years but considers reviews each year.

Internal Auditing QA (Quality Assessment) Certification

In November 2022, DCV and its subsidiaries obtained an international certification for their internal auditing process from the Institute of Internal Auditors of Spain. This entity is authorized by the Global Institute of Internal Auditors (IIA), the highest authority in the subject matter in the world.

The Quality Assessment process reflects the Controllership Department Management's team commitment to meeting International Standards for Internal Auditing Professional Practices and continuously improving their quality, professionalism, and best practices.

This recertification confirms that DCV is a company constantly seeking to fulfill global best practices and standards. The Controllership Department Management obtained its first certification in 2017, and this process is to be renewed every five years.

Thomas Murray A+

In 2014, DCV reengaged Thomas Murray services, a British company specializing in rating the risk of entities that form part of the capital markets’ infrastructure globally, with the purpose of performing an update of the rating carried out in 2011.

The assessment of the global risk performed that year has positioned DCV in a low-risk level by ratifying the A+ rating over the average risk of depositories in America, surpassed only by Brazil in Latin America, and by Canada and the United States in North America.

The measurement considered six risk dimensions and in this occasion, two new ones have been added: Asset Commitment Risk and Governance and Transparency Risk (G&T Risk). “Asset Commitment Risk” considers the risk involved by the time where the securities or the money are withheld until it is received by the counterparty. In turn, “Governance and Transparency Risk (G&T Risk)” reflects the risk of a participant incurring in loss on account of DCV not acting according to the laws or regulations, or not submitting complete or accurate information concerning its activities or the securities market activities.

These two new assessments have affected the global results of the Company, so maintaining the A+ rating obtained in 2011 has resulted in significant progress for DCV.

The assessment implies a global revision of DCV processes, projects and environment, including controlling entities and participants, who through interviews, provide information for the global assessment.

Certification to ISO 22301

During September 2022, DCV successfully achieved recertification with Worldwide recognized at a global leveltion in the ISO 22301:2012 standard “Corporate security – Business continuity management systems – Requirements”, held by the British Standards Institution (BSI).

ISO 22301 is an international standard for business continuity management, identifies the fundamentals, establishing the process, principles and terminology of business continuity management. It provides a foundation for understanding, developing, and implementing business continuity within your organization.

This certification confirms at a global level that DCV is a company that, added to its experience, is capable of responding quickly and efficiently when faced with a threat of unexpected and potentially devastating interruption in operations, protecting its business and its reputation, as well as preserve the interests of its stakeholders.

In addition, we have certified audit professionals for a better audit of our Operational Continuity Management System.

Certificate of adoption and implementation of the crime prevention model

Between the months of January and September 2022, after a process of diagnosis, monitoring and review, BH Compliance Limitada, has certified that the Depósito Central de Valores and DCV Registros have a Crime Prevention Model implemented according to the requirements dictated by Laws N ° 20,393 and N ° 21,121, in relation to its situation, size, business, income level and complexity.

The certification establishes that the crime prevention model adopted and implemented by the company has, in all its significant aspects, the elements indicated in the law, according to the specific needs of the company and that it is known by the entire organization.

This certification gives directors a record of compliance with their duty of supervision vis-à-vis the CMF, shareholders and the Public Ministry, reducing the risks of sanctions, fines and public exposure.

SSAE-18

Since 2009, DCV has presented this report, which is prepared, and evaluated by an external auditing company.

SSAE-18 is an independent report on the internal control structure of the organization that provides services to third parties, especially those that affect the internal control structure of the user organization.

DCV and DCVR issue a TYPE II report which certifies the controls put in place and the evidence on the operational effectiveness of these controls. The controls are tested for a specific period, not less than 11 months, with which it is possible to conclude with reasonable certainty if they have functioned or not during that period of time.

The benefits this report brings to DCV are:

• Provides an independent evaluation of the organization’s control procedures.
• Provides the organization a level of “reasonable certainty” of the integrity of the controls established in the different business processes and systems.
• Minimizes the number of audits on “internal controls” of the service organization requested by the different clients and auditing firms thereof.
• Identifies the more critical processes.
• Permits the demonstration of an adequate control environment and the seriousness of the organization.
• Permits being on the cutting edge of compliance with the international standards.

The processes evaluated in this report are, among others:

DCV

Custody and Withdrawal of securities, Administration of capital events, transfer of securities, customer service desk (MAC), Central registry of issuances, limit control, Collection of SADE remuneration, Agreements; International custody.

DCV Registros

Stock transfer, stockholdings, securities management, management of issuers, Stock inquiries, Generation and payment of dividends, Payment to Firefighters, Corporate events, Preemptive offer.

CGTI Processes

(General coordination of information technologies) Organization and administration, Development and maintenance, Change control of infrastructure and applications, Physical access control and environmental controls, Logical access control, Operation and support.

AT-205

CISA
In 2009 the Information Systems Audit and Control Association (ISACA) certifies DCV’s internal audit team, obtaining a CISA (Certified Information Systems Auditor) certification. This certification distinguishes the internal audit team as professionals with proven training in audit, control and information systems security, in conformity with standards and guidelines that are accepted worldwide, allowing us to make sure that the IT of the companies and the business systems are controlled, monitored and assessed properly and efficiently.

This certification is based on an international standard, accredited by the American National Standards Institute (ANSI) and approved by the Department of Defense of the United States (DoD) in the category of Technical Information Assurance (DoD 8570.01-M).

ISO 31000

During 2016, internal audit staff (3) obtained the certification to evaluate with respect to this standard that provides the generic principles and guidelines on risk management