CVM Transparency

Risk Management Policy

Last updated: January 24, 2026
Back
Important Notice: investments in securities issued by small businesses involve significant risks, including the possibility of total loss of invested capital. Please read this policy and the offering documents carefully before investing.

1. Introduction and Objectives

Alba Invest (Alba Plataforma de Investimentos Alternativos Ltda., Tax ID 43.413.213/0001-58) adopts this Risk Management Policy in strict compliance with article 74 of CVM Resolution No. 88/2022. This document establishes the guidelines for identifying, assessing, monitoring, mitigating, and reporting risks inherent to the platform’s activities.

Our objective is to maintain a robust governance and control framework that enables us to:

  • Proactively identify the risks to which we are exposed;
  • Assess the materiality and likelihood of those risks;
  • Implement appropriate controls and mitigation measures;
  • Continuously monitor the effectiveness of controls;
  • Disclose risks to investors in a transparent manner.

2. Risk Governance Structure

2.1. Responsibilities

  • Board of Directors: approves the policy and oversees the risk management framework;
  • Executive Management: implements the policy, allocates resources, and reports to the Board;
  • Compliance and Risk Area: coordinates risk identification, measurement, and monitoring activities;
  • Business Areas: identify risks in their operations and implement operational controls;
  • Internal Audit: assesses the effectiveness of the risk management framework.

2.2. Risk Management Cycle

We adopt a continuous risk management cycle:

  1. Identification: mapping risks across relevant processes;
  2. Assessment: analysing likelihood, impact, and speed of manifestation;
  3. Treatment: defining strategies to avoid, mitigate, transfer, or accept risks;
  4. Implementation: applying controls and mitigation measures;
  5. Monitoring: ongoing follow-up and reporting.

3. Risks Inherent to the Platform’s Activities

3.1. Credit Risk

Description: the possibility that issuing companies may fail to meet their payment obligations, resulting in delays or partial or total loss to investors.

Main drivers: operational weakness, industry crises, poor management, customer defaults, and adverse external events.

Mitigation:

  • Rigorous due diligence before listing offerings;
  • Assessment of payment capacity and indebtedness;
  • Verification of guarantees when applicable;
  • Ongoing monitoring of issuer obligations;
  • Transparent disclosure of platform default history.

3.2. Liquidity Risk

Description: the offered securities may lack an organised secondary market, making it difficult or impossible for investors to exit before maturity or the scheduled liquidity event.

Mitigation:

  • Clear disclosure regarding the absence of secondary liquidity;
  • Expected redemption or exit timing in offering materials;
  • Guidance for investors to align investment horizon and objectives;
  • A 7-day cooling-off period for withdrawal without penalty where applicable.

3.3. Market Risk

Description: economic, financial, or sector conditions may affect the payment capacity of issuing companies.

Examples:

  • Interest-rate risk: higher rates may increase issuers’ financing costs;
  • FX risk: issuers with foreign currency exposure may be affected by exchange-rate swings;
  • Inflation risk: inflation may erode margins and purchasing power;
  • Commodity risk: input prices may vary substantially;
  • Macroeconomic risk: recession and political instability may affect performance.

Mitigation: sensitivity analysis, sector diversification, and periodic stress tests.

3.4. Operational Risk

Description: losses resulting from failures in processes, people, systems, or external events.

Main sources:

  • Technology failures and service outages;
  • Cyberattacks such as phishing, ransomware, or system intrusion;
  • Human error and inaccurate data input;
  • Natural disasters and widespread emergencies;
  • Internal and external fraud.

Mitigation:

  • System redundancy and resilient infrastructure;
  • Regular and tested backups;
  • Information security controls, encryption, and multi-factor authentication;
  • Business continuity and disaster recovery plans;
  • Insurance coverage where appropriate;
  • Training and segregation of duties.

3.5. Legal and Regulatory Risk

Description: changes in law or regulation may affect the platform’s operations or the economics of investments.

Main aspects:

  • Changes to CVM Resolution No. 88/2022 or related rules;
  • Tax law changes affecting investments;
  • New capital or compliance requirements;
  • Divergent interpretations by supervisory authorities.

Mitigation: ongoing regulatory monitoring, specialised legal advice, and industry participation.

3.6. Fraud and Inaccurate Information Risk

Description: issuers may provide false, misleading, or incomplete information about their financial condition, operations, or projections.

Mitigation:

  • Enhanced due diligence and documentary verification;
  • Background checks of controllers and managers;
  • Site visits when feasible;
  • Independent audit requirements for larger offerings;
  • Representation and warranty clauses in contractual documentation.

3.7. Concentration Risk

Description: excessive exposure to a single investor, issuer, sector, or geographic region.

Mitigation: diversification policies, issuer limits, investor limits, and correlation analysis.

3.8. Reputational Risk

Description: damage to the image and credibility of the platform due to negative internal events or events involving issuers or investors.

Mitigation: rigorous issuer selection, transparent crisis communication, and a robust compliance programme.

4. Due Diligence Process

Before publishing any offering, we perform a structured multi-layer due diligence process:

4.1. Legal Review

  • Corporate organisation and amendments;
  • Tax authority, registry, and corporate filing regularity;
  • Existence of judicial, administrative, or arbitral proceedings;
  • Intellectual property and material assets;
  • Relevant contracts with suppliers, customers, and lenders.

4.2. Financial Review

  • Financial statements when available;
  • Cash flow analysis and projections;
  • Debt and repayment capacity review;
  • Revenue and customer concentration;
  • Operating cycle and working capital needs.

4.3. Business Review

  • Business model and value proposition;
  • Market and competitive analysis;
  • Technical and operational feasibility;
  • Corporate governance and management experience;
  • ESG considerations where relevant.

4.4. Risk Review

  • Issuer- and sector-specific risk matrix;
  • Stress scenarios and contingency planning;
  • Due diligence on partners and managers;
  • Background verification.

5. Risk Classification and Scales

We use a risk matrix considering:

  • Probability: remote, unlikely, possible, likely, almost certain;
  • Impact: insignificant, minor, moderate, major, catastrophic;
  • Result: low, medium, high, or critical risk.

Risks classified as high or critical receive priority attention from senior management.

6. Exposure Limits and Controls

6.1. Regulatory Limits

  • Maximum fundraising amount per offering according to applicable regulation;
  • Investment limits for non-qualified investors as established by law;
  • Minimum dispersion and participation rules where applicable.

6.2. Internal Control Limits

  • Maximum exposure per issuing company relative to total offerings;
  • Sector concentration ceilings;
  • Minimum approval standards according to risk bands.

7. Ongoing Monitoring and Alerts

7.1. Post-Fundraising Monitoring

  • Periodic receipt of operational and financial reports from issuers;
  • Verification of payment obligations;
  • Review of early warning indicators;
  • Proactive communication to investors about relevant events.

7.2. Red Flag Indicators

  • Delays in payments to suppliers or employees;
  • Sudden changes in management or corporate structure;
  • Material litigation not previously disclosed;
  • Divergence between reports and public information;
  • Tax domicile changes without notice;
  • Default on other financial obligations.

7.3. Actions in Case of Default

  • Immediate notification to affected investors;
  • Attempted renegotiation of terms and deadlines;
  • Acceleration of obligations and enforcement of guarantees when applicable;
  • Publication on the defaulting companies list when required;
  • Collection efforts or judicial action as appropriate.

8. Risk Disclosure to Investors

We are committed to:

  • Comprehensive risk descriptions in offering documents;
  • Clear visual prominence for risk alerts;
  • Mandatory suitability assessment before investment;
  • Educational materials on alternative investment risks;
  • A 7-day reflection period where applicable under regulation.

9. Reporting and Escalation

Risk events are reported according to severity:

  • Level 1 (Low): reporting to the risk area;
  • Level 2 (Medium): reporting to executive management;
  • Level 3 (High): immediate reporting to the Board and the CVM when required;
  • Level 4 (Critical): emergency reporting to relevant stakeholders and, where applicable, public communication.

10. Review of this Policy

This Risk Management Policy is:

  • Reviewed annually by senior governance bodies;
  • Updated whenever there are significant changes in the risk profile;
  • Reassessed after material risk events;
  • Adjusted to comply with structural regulatory changes where applicable.

The latest review date is indicated as January 24, 2026. The next review will occur on an annual basis or earlier if justified by relevant events.

Alba Plataforma de Investimentos Alternativos Ltda. — Tax ID 43.413.213/0001-58 — Electronic participatory investment platform authorised by the Brazilian Securities and Exchange Commission (CVM) pursuant to CVM Resolution No. 88/2022.