Exhibit 99.1

Report on the Brazilian Corporate Governance Code. Itaú Unibanco Holding S.A. July/2020 Itaú Unibanco Holding S.A.

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 2 Partially Compliant Compliant N/A Not Compliant 1.1.1 Partially Compliant Compliant N/A Not Compliant The company’s capital stock should be comprised of common shares only. Our bylaws provide for two types of shares, common (ON) and preferred (PN) shares, both book-entry, with no par value and in a single class. Each common share entitles its holder to one vote at General Meetings. Preferred shares do not grant voting rights, except in specific cases legally provided for, and give their holders priority on the receipt of non-cumulative minimum annual dividends of R$ 0.022 per share, adjusted in the event of a stock split or reverse stock split, and also the right, in the event of a disposal of control, to be included in a public offering for the acquisition of shares, in order to assure a price equal to 80% of the amount paid per voting share, as part of the controlling stockholders, ensuring dividends at least equal to those of common shares. Preferred shares are a legitimate instrument, set forth by law, and their issue has no bearing on the quality of our management, corporate governance level, performance or returns to our Stockholders. Since our incorporation, our controlling Stockholders believe that our capital structure satisfactorily meets our purposes. The Bylaws is available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Bylaws. 1.2.1 Shareholders’ agreements should not bind the exercise of voting rights of any members of management or supervisory and control bodies. Given the merger between Itaú and Unibanco, in 2009, regulation through a Shareholders’ Agreement was necessary, including binding the exercise of the voting rights of members of the Board of Directors. We believe that the definition and regulation of stockholding control, as reflected in the Shareholders’ Agreement, is a positive for the smooth running of the business, and does not harm the interests of investors and Company itself, mainly considering: (i) the fiduciary duty of all management members, who should always vote in the best interests of the Company; (ii) the existence of a highly professional management with broad technical expertise; (iii) the significant number of independent members of the Board of Directors, representing 50% of the total members; and (iv) the existence of rigorous mechanisms, strictly applied by the Company, to prevent conflicts of interest arising in practice. Our Shareholders’ Agreement of IUPAR does not bind the voting rights of any member of the Company’s inspection and control bodies. The Shareholders’ Agreement is available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Others.

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 3 Partially Compliant N/A Not Compliant Partially Compliant Compliant N/A Not Compliant Partially Compliant Compliant N/A Not Compliant Minutes should provide a full understanding of the discussions held at meetings, even if in the form of a summary, and should identify the votes cast by stockholders. 1.4.1 The board of directors should conduct a critical analysis of the advantages and disadvantages of the defense measures and its characteristics, especially triggers and price parameters, if applicable, providing relevant explanations. Provisions that prevent the removal of this measure from the bylaws, or so-called “Eternity Clause”, must not be used. 1.3.2 1.4.2 Partially Compliant Compliant N/A Not Compliant 1.3.1 The executive board must use stockholders’ general meetings to communicate the conduct of the Company’s business, and management should publish an agenda in advance in order to facilitate and encourage attendance at stockholders’ general meetings. Compliant We disclosed the Ordinary General Stockholders’ Meeting Manual a month prior to the Meeting, detailing all matters to be resolved and encouraging the attendance of our stockholders through different communication channels. Exceptionally in 2020, we did not make a presentation to communicate the conduct of the Company’s business during the Meeting due to the health crisis caused by Coronavirus, which requires several precautions, including social distance. Nevertheless, the General Stockholders’ Meeting Manual includes the full text of item 10 of the Reference Form, which details the Executive Officers Comments regarding our business.

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 4 Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant 1.5.1 Transactions involving a direct or indirect disposal of stockholding control should be followed by a tender offer to all stockholders, at the same price and in the same conditions obtained by the selling stockholder; (I) THE COMPANY’S BYLAWS SHOULD ESTABLISH THAT: (II) Management should state an opinion on the terms and conditions of corporate reorganizations, capital increases and other transactions leading to a change of control, and state whether these ensure fair and equitable treatment for the company’s stockholders. (I) The Brazilian Corporate Law provides for tag along rights of 80% for minority holders of common shares in the case of a disposal of stockholding control. The Company extends the same 80% tag along rights to preferred Stockholders. For this reason, the Company is listed on the ITAG – Special Tag Along Stock Index of B3 – Bolsa, Brasil, Balcão S.A. (“B3”). (II) With respect to the opinion expressed by management members about possible corporate reorganizations, the Company understands that management may always express its opinion regardless of statutory provisions. 1.6.1 The bylaws must provide that the board of directors should issue an opinion on any tender offer related to shares and securities convertible into or exchangeable for shares issued by the company, and this should include, among other relevant information, the opinion of the board of directors on the possible acceptance of the tender offer and the company’s economic value. Partially Compliant N/A Not Compliant If the bylaws provide for a tender offer whenever a stockholder or group of stockholders directly or indirectly attains a significant interest in the voting capital, the rule for determining the offer price should not impose additional premiums substantially greater than the shares’ economic or market value. 1.4.3 Compliant Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 5 Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant 1.8.1 The bylaws must clearly and accurately identify the public interest that has justified the creation of the mixedcapital company in a specific chapter. Periodically assess the company’s risk exposure and the effectiveness of its risk management systems, internal controls, and compliance system, and approve a risk management policy in line with these business strategies; (II) 2.1.1 Define business strategies, taking into account the impacts of the company’s activities on society and the environment, aimed at the continuity of the company and the creation of long-term value; WITHOUT PREJUDICE TO OTHER LEGAL OR STATUTORY POWERS AND OTHER PRACTICES SET FORTH IN THIS CODE, THE BOARD OF DIRECTORS SHOULD: (I) 1.8.2 The board of directors should monitor the company’s activities and establish policies, mechanisms, and internal controls to verify any costs of serving the public interest and any refunds to the company or other stockholders and investors by the controlling stockholder. Define the company’s values and ethical principles and ensure the company’s transparency in its relationship with all stakeholders; (III) Partially Compliant N/A Not Compliant 1.7.1 The company must prepare and disclose a policy on appropriation of earnings defined by the board of directors. Among other matters, this policy should provide for the frequency of dividend payouts and the reference parameters to be used to define the related amounts (such as percentages of adjusted net income and free cash flow). Compliant Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 6 Partially Compliant N/A Not Compliant (IV) Annually revise the corporate governance system in order to improve it. (I) We have incorporated sustainability into our corporate strategy through a governance structure which is integrated with our business. The Board of Directors annually guides, monitors, approves and proposes improvements to the sustainability strategy and policy, based on a long-term vision. Every six months, the Executive Committee discusses how sustainability trends are integrated into our business, as well as promoting and disseminating this information throughout the organization, monitoring corporate sustainability indicators and projects, and ensuring compliance with any voluntary agreements signed. (II) We sustain a risk management structure aimed at: (i) identifying risks; (ii) analyzing materiality; (iii) measuring risks; (iv) responding to risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance process for policy reviews applicable to Brazil and to our international units. Policies mostly define institutional guidelines, methodologies and processes, address regulatory requirements and best market practice. We have internal policies that provides guidelines and establish risk management governance, as follow: Capital Management, Credit Risk Management and Control, Integrated Operational Risk Management and Internal Controls, Liquidity Risk Management and Control, Market Risk Management and Control and Compliance Policy. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Reports. (III) Our Code of Ethics is approved by the Board of Directors and aimed at guiding, preventing and resolving ethical dilemmas and conflicts of interest regarding to our activities, and preserving transparency, respect and honesty in our relationships with all stakeholders. The Code of Ethics is divided into four strategic pillars: “Our corporate identity”, “How we interact with our stakeholders”, “Bona fides and our professional attitude” and “How we manage conflicts of interest”. These principles inspire corporate rules, ensure integrity in operations and are aimed at establishing effective links with stakeholders, ensuring the quality of products and services, assessing the environmental and social impacts of the activity and adopting practices that contribute to the creation of shared value. The Corporate Conduct, Integrity, and Ethics Policy complements the Code of Ethics, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all addressees. We also have a Supplier Relationship Code, in addition to being applied to all management members and employees of Itaú Unibanco, also applies to direct and indirect suppliers. The adoption of these practices is monitored based on the governance established in the Integrity and Ethics Corporate Program. The Code of Ethics, as well as the Corporate Conduct, Integrity, and Ethics Policy, are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Code of Ethics and Conduct. The Supplier Relationship Code is available at: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Integrity and Ethics > Code of Ethics and Policies. (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy which is approved annually by the Board of Directors. The Committee’s duties include: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support for evaluations by the Board of Directors, members, committees and Chief Executive Officer, and discussing the succession of members of the Board of Directors and the Chief Executive Officer, as well as making recommendations on these matters. The Capital and Risk Management Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 6 Partially Compliant N/A Not Compliant (IV) Annually revise the corporate governance system in order to improve it. (I) We have incorporated sustainability into our corporate strategy through a governance structure which is integrated with our business. The Board of Directors annually guides, monitors, approves and proposes improvements to the sustainability strategy and policy, based on a long-term vision. Every six months, the Executive Committee discusses how sustainability trends are integrated into our business, as well as promoting and disseminating this information throughout the organization, monitoring corporate sustainability indicators and projects, and ensuring compliance with any voluntary agreements signed. (II) We sustain a risk management structure aimed at: (i) identifying risks; (ii) analyzing materiality; (iii) measuring risks; (iv) responding to risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance process for policy reviews applicable to Brazil and to our international units. Policies mostly define institutional guidelines, methodologies and processes, address regulatory requirements and best market practice. We have internal policies that provides guidelines and establish risk management governance, as follow: Capital Management, Credit Risk Management and Control, Integrated Operational Risk Management and Internal Controls, Liquidity Risk Management and Control, Market Risk Management and Control and Compliance Policy. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Reports. (III) Our Code of Ethics is approved by the Board of Directors and aimed at guiding, preventing and resolving ethical dilemmas and conflicts of interest regarding to our activities, and preserving transparency, respect and honesty in our relationships with all stakeholders. The Code of Ethics is divided into four strategic pillars: “Our corporate identity”, “How we interact with our stakeholders”, “Bona fides and our professional attitude” and “How we manage conflicts of interest”. These principles inspire corporate rules, ensure integrity in operations and are aimed at establishing effective links with stakeholders, ensuring the quality of products and services, assessing the environmental and social impacts of the activity and adopting practices that contribute to the creation of shared value. The Corporate Conduct, Integrity, and Ethics Policy complements the Code of Ethics, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all addressees. We also have a Supplier Relationship Code, in addition to being applied to all management members and employees of Itaú Unibanco, also applies to direct and indirect suppliers. The adoption of these practices is monitored based on the governance established in the Integrity and Ethics Corporate Program. The Code of Ethics, as well as the Corporate Conduct, Integrity, and Ethics Policy, are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Code of Ethics and Conduct. The Supplier Relationship Code is available at: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Integrity and Ethics > Code of Ethics and Policies. (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy which is approved annually by the Board of Directors. The Committee’s duties include: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support for evaluations by the Board of Directors, members, committees and Chief Executive Officer, and discussing the succession of members of the Board of Directors and the Chief Executive Officer, as well as making recommendations on these matters. The Capital and Risk Management Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 6 Partially Compliant N/A Not Compliant (IV) Annually revise the corporate governance system in order to improve it. (I) We have incorporated sustainability into our corporate strategy through a governance structure which is integrated with our business. The Board of Directors annually guides, monitors, approves and proposes improvements to the sustainability strategy and policy, based on a long-term vision. Every six months, the Executive Committee discusses how sustainability trends are integrated into our business, as well as promoting and disseminating this information throughout the organization, monitoring corporate sustainability indicators and projects, and ensuring compliance with any voluntary agreements signed. (II) We sustain a risk management structure aimed at: (i) identifying risks; (ii) analyzing materiality; (iii) measuring risks; (iv) responding to risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance process for policy reviews applicable to Brazil and to our international units. Policies mostly define institutional guidelines, methodologies and processes, address regulatory requirements and best market practice. We have internal policies that provides guidelines and establish risk management governance, as follow: Capital Management, Credit Risk Management and Control, Integrated Operational Risk Management and Internal Controls, Liquidity Risk Management and Control, Market Risk Management and Control and Compliance Policy. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Reports. (III) Our Code of Ethics is approved by the Board of Directors and aimed at guiding, preventing and resolving ethical dilemmas and conflicts of interest regarding to our activities, and preserving transparency, respect and honesty in our relationships with all stakeholders. The Code of Ethics is divided into four strategic pillars: “Our corporate identity”, “How we interact with our stakeholders”, “Bona fides and our professional attitude” and “How we manage conflicts of interest”. These principles inspire corporate rules, ensure integrity in operations and are aimed at establishing effective links with stakeholders, ensuring the quality of products and services, assessing the environmental and social impacts of the activity and adopting practices that contribute to the creation of shared value. The Corporate Conduct, Integrity, and Ethics Policy complements the Code of Ethics, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all addressees. We also have a Supplier Relationship Code, in addition to being applied to all management members and employees of Itaú Unibanco, also applies to direct and indirect suppliers. The adoption of these practices is monitored based on the governance established in the Integrity and Ethics Corporate Program. The Code of Ethics, as well as the Corporate Conduct, Integrity, and Ethics Policy, are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Code of Ethics and Conduct. The Supplier Relationship Code is available at: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Integrity and Ethics > Code of Ethics and Policies. (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy which is approved annually by the Board of Directors. The Committee’s duties include: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support for evaluations by the Board of Directors, members, committees and Chief Executive Officer, and discussing the succession of members of the Board of Directors and the Chief Executive Officer, as well as making recommendations on these matters. The Capital and Risk Management Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 6 Partially Compliant N/A Not Compliant (IV) Annually revise the corporate governance system in order to improve it. (I) We have incorporated sustainability into our corporate strategy through a governance structure which is integrated with our business. The Board of Directors annually guides, monitors, approves and proposes improvements to the sustainability strategy and policy, based on a long-term vision. Every six months, the Executive Committee discusses how sustainability trends are integrated into our business, as well as promoting and disseminating this information throughout the organization, monitoring corporate sustainability indicators and projects, and ensuring compliance with any voluntary agreements signed. (II) We sustain a risk management structure aimed at: (i) identifying risks; (ii) analyzing materiality; (iii) measuring risks; (iv) responding to risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance process for policy reviews applicable to Brazil and to our international units. Policies mostly define institutional guidelines, methodologies and processes, address regulatory requirements and best market practice. We have internal policies that provides guidelines and establish risk management governance, as follow: Capital Management, Credit Risk Management and Control, Integrated Operational Risk Management and Internal Controls, Liquidity Risk Management and Control, Market Risk Management and Control and Compliance Policy. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Reports. (III) Our Code of Ethics is approved by the Board of Directors and aimed at guiding, preventing and resolving ethical dilemmas and conflicts of interest regarding to our activities, and preserving transparency, respect and honesty in our relationships with all stakeholders. The Code of Ethics is divided into four strategic pillars: “Our corporate identity”, “How we interact with our stakeholders”, “Bona fides and our professional attitude” and “How we manage conflicts of interest”. These principles inspire corporate rules, ensure integrity in operations and are aimed at establishing effective links with stakeholders, ensuring the quality of products and services, assessing the environmental and social impacts of the activity and adopting practices that contribute to the creation of shared value. The Corporate Conduct, Integrity, and Ethics Policy complements the Code of Ethics, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all addressees. We also have a Supplier Relationship Code, in addition to being applied to all management members and employees of Itaú Unibanco, also applies to direct and indirect suppliers. The adoption of these practices is monitored based on the governance established in the Integrity and Ethics Corporate Program. The Code of Ethics, as well as the Corporate Conduct, Integrity, and Ethics Policy, are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Code of Ethics and Conduct. The Supplier Relationship Code is available at: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Integrity and Ethics > Code of Ethics and Policies. (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy which is approved annually by the Board of Directors. The Committee’s duties include: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support for evaluations by the Board of Directors, members, committees and Chief Executive Officer, and discussing the succession of members of the Board of Directors and the Chief Executive Officer, as well as making recommendations on these matters. The Capital and Risk Management Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 6 Partially Compliant N/A Not Compliant (IV) Annually revise the corporate governance system in order to improve it. (I) We have incorporated sustainability into our corporate strategy through a governance structure which is integrated with our business. The Board of Directors annually guides, monitors, approves and proposes improvements to the sustainability strategy and policy, based on a long-term vision. Every six months, the Executive Committee discusses how sustainability trends are integrated into our business, as well as promoting and disseminating this information throughout the organization, monitoring corporate sustainability indicators and projects, and ensuring compliance with any voluntary agreements signed. (II) We sustain a risk management structure aimed at: (i) identifying risks; (ii) analyzing materiality; (iii) measuring risks; (iv) responding to risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance process for policy reviews applicable to Brazil and to our international units. Policies mostly define institutional guidelines, methodologies and processes, address regulatory requirements and best market practice. We have internal policies that provides guidelines and establish risk management governance, as follow: Capital Management, Credit Risk Management and Control, Integrated Operational Risk Management and Internal Controls, Liquidity Risk Management and Control, Market Risk Management and Control and Compliance Policy. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Reports. (III) Our Code of Ethics is approved by the Board of Directors and aimed at guiding, preventing and resolving ethical dilemmas and conflicts of interest regarding to our activities, and preserving transparency, respect and honesty in our relationships with all stakeholders. The Code of Ethics is divided into four strategic pillars: “Our corporate identity”, “How we interact with our stakeholders”, “Bona fides and our professional attitude” and “How we manage conflicts of interest”. These principles inspire corporate rules, ensure integrity in operations and are aimed at establishing effective links with stakeholders, ensuring the quality of products and services, assessing the environmental and social impacts of the activity and adopting practices that contribute to the creation of shared value. The Corporate Conduct, Integrity, and Ethics Policy complements the Code of Ethics, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all addressees. We also have a Supplier Relationship Code, in addition to being applied to all management members and employees of Itaú Unibanco, also applies to direct and indirect suppliers. The adoption of these practices is monitored based on the governance established in the Integrity and Ethics Corporate Program. The Code of Ethics, as well as the Corporate Conduct, Integrity, and Ethics Policy, are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Code of Ethics and Conduct. The Supplier Relationship Code is available at: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Integrity and Ethics > Code of Ethics and Policies. (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy which is approved annually by the Board of Directors. The Committee’s duties include: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support for evaluations by the Board of Directors, members, committees and Chief Executive Officer, and discussing the succession of members of the Board of Directors and the Chief Executive Officer, as well as making recommendations on these matters. The Capital and Risk Management Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 6 Partially Compliant N/A Not Compliant (IV) Annually revise the corporate governance system in order to improve it. (I) We have incorporated sustainability into our corporate strategy through a governance structure which is integrated with our business. The Board of Directors annually guides, monitors, approves and proposes improvements to the sustainability strategy and policy, based on a long-term vision. Every six months, the Executive Committee discusses how sustainability trends are integrated into our business, as well as promoting and disseminating this information throughout the organization, monitoring corporate sustainability indicators and projects, and ensuring compliance with any voluntary agreements signed. (II) We sustain a risk management structure aimed at: (i) identifying risks; (ii) analyzing materiality; (iii) measuring risks; (iv) responding to risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance process for policy reviews applicable to Brazil and to our international units. Policies mostly define institutional guidelines, methodologies and processes, address regulatory requirements and best market practice. We have internal policies that provides guidelines and establish risk management governance, as follow: Capital Management, Credit Risk Management and Control, Integrated Operational Risk Management and Internal Controls, Liquidity Risk Management and Control, Market Risk Management and Control and Compliance Policy. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Reports. (III) Our Code of Ethics is approved by the Board of Directors and aimed at guiding, preventing and resolving ethical dilemmas and conflicts of interest regarding to our activities, and preserving transparency, respect and honesty in our relationships with all stakeholders. The Code of Ethics is divided into four strategic pillars: “Our corporate identity”, “How we interact with our stakeholders”, “Bona fides and our professional attitude” and “How we manage conflicts of interest”. These principles inspire corporate rules, ensure integrity in operations and are aimed at establishing effective links with stakeholders, ensuring the quality of products and services, assessing the environmental and social impacts of the activity and adopting practices that contribute to the creation of shared value. The Corporate Conduct, Integrity, and Ethics Policy complements the Code of Ethics, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all addressees. We also have a Supplier Relationship Code, in addition to being applied to all management members and employees of Itaú Unibanco, also applies to direct and indirect suppliers. The adoption of these practices is monitored based on the governance established in the Integrity and Ethics Corporate Program. The Code of Ethics, as well as the Corporate Conduct, Integrity, and Ethics Policy, are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Code of Ethics and Conduct. The Supplier Relationship Code is available at: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Integrity and Ethics > Code of Ethics and Policies. (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy which is approved annually by the Board of Directors. The Committee’s duties include: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support for evaluations by the Board of Directors, members, committees and Chief Executive Officer, and discussing the succession of members of the Board of Directors and the Chief Executive Officer, as well as making recommendations on these matters. The Capital and Risk Management Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 6 Partially Compliant N/A Not Compliant (IV) Annually revise the corporate governance system in order to improve it. (I) We have incorporated sustainability into our corporate strategy through a governance structure which is integrated with our business. The Board of Directors annually guides, monitors, approves and proposes improvements to the sustainability strategy and policy, based on a long-term vision. Every six months, the Executive Committee discusses how sustainability trends are integrated into our business, as well as promoting and disseminating this information throughout the organization, monitoring corporate sustainability indicators and projects, and ensuring compliance with any voluntary agreements signed. (II) We sustain a risk management structure aimed at: (i) identifying risks; (ii) analyzing materiality; (iii) measuring risks; (iv) responding to risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance process for policy reviews applicable to Brazil and to our international units. Policies mostly define institutional guidelines, methodologies and processes, address regulatory requirements and best market practice. We have internal policies that provides guidelines and establish risk management governance, as follow: Capital Management, Credit Risk Management and Control, Integrated Operational Risk Management and Internal Controls, Liquidity Risk Management and Control, Market Risk Management and Control and Compliance Policy. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Reports. (III) Our Code of Ethics is approved by the Board of Directors and aimed at guiding, preventing and resolving ethical dilemmas and conflicts of interest regarding to our activities, and preserving transparency, respect and honesty in our relationships with all stakeholders. The Code of Ethics is divided into four strategic pillars: “Our corporate identity”, “How we interact with our stakeholders”, “Bona fides and our professional attitude” and “How we manage conflicts of interest”. These principles inspire corporate rules, ensure integrity in operations and are aimed at establishing effective links with stakeholders, ensuring the quality of products and services, assessing the environmental and social impacts of the activity and adopting practices that contribute to the creation of shared value. The Corporate Conduct, Integrity, and Ethics Policy complements the Code of Ethics, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all addressees. We also have a Supplier Relationship Code, in addition to being applied to all management members and employees of Itaú Unibanco, also applies to direct and indirect suppliers. The adoption of these practices is monitored based on the governance established in the Integrity and Ethics Corporate Program. The Code of Ethics, as well as the Corporate Conduct, Integrity, and Ethics Policy, are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Code of Ethics and Conduct. The Supplier Relationship Code is available at: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Integrity and Ethics > Code of Ethics and Policies. (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy which is approved annually by the Board of Directors. The Committee’s duties include: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support for evaluations by the Board of Directors, members, committees and Chief Executive Officer, and discussing the succession of members of the Board of Directors and the Chief Executive Officer, as well as making recommendations on these matters. The Capital and Risk Management Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 6 Partially Compliant N/A Not Compliant (IV) Annually revise the corporate governance system in order to improve it. (I) We have incorporated sustainability into our corporate strategy through a governance structure which is integrated with our business. The Board of Directors annually guides, monitors, approves and proposes improvements to the sustainability strategy and policy, based on a long-term vision. Every six months, the Executive Committee discusses how sustainability trends are integrated into our business, as well as promoting and disseminating this information throughout the organization, monitoring corporate sustainability indicators and projects, and ensuring compliance with any voluntary agreements signed. (II) We sustain a risk management structure aimed at: (i) identifying risks; (ii) analyzing materiality; (iii) measuring risks; (iv) responding to risks; (v) monitoring risks; and (vi) communicating and reporting. In addition, we have a defined governance process for policy reviews applicable to Brazil and to our international units. Policies mostly define institutional guidelines, methodologies and processes, address regulatory requirements and best market practice. We have internal policies that provides guidelines and establish risk management governance, as follow: Capital Management, Credit Risk Management and Control, Integrated Operational Risk Management and Internal Controls, Liquidity Risk Management and Control, Market Risk Management and Control and Compliance Policy. The Risk and Capital Management Committee (CGRC) is responsible for supporting the Board of Directors in carrying out its risk and capital management activities. The Company’s Risk Management Policies are annually revised and approved by the Board of Directors, and are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Reports. (III) Our Code of Ethics is approved by the Board of Directors and aimed at guiding, preventing and resolving ethical dilemmas and conflicts of interest regarding to our activities, and preserving transparency, respect and honesty in our relationships with all stakeholders. The Code of Ethics is divided into four strategic pillars: “Our corporate identity”, “How we interact with our stakeholders”, “Bona fides and our professional attitude” and “How we manage conflicts of interest”. These principles inspire corporate rules, ensure integrity in operations and are aimed at establishing effective links with stakeholders, ensuring the quality of products and services, assessing the environmental and social impacts of the activity and adopting practices that contribute to the creation of shared value. The Corporate Conduct, Integrity, and Ethics Policy complements the Code of Ethics, establishing a series of procedures aimed at ensuring the dissemination of ethical behaviors and the adoption of proper conduct by all addressees. We also have a Supplier Relationship Code, in addition to being applied to all management members and employees of Itaú Unibanco, also applies to direct and indirect suppliers. The adoption of these practices is monitored based on the governance established in the Integrity and Ethics Corporate Program. The Code of Ethics, as well as the Corporate Conduct, Integrity, and Ethics Policy, are available on our investor relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Code of Ethics and Conduct. The Supplier Relationship Code is available at: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Integrity and Ethics > Code of Ethics and Policies. (IV) Our Nomination and Corporate Governance Committee is responsible for supporting the Board of Directors in promoting and supervising discussions related to Corporate Governance. These discussions are periodically updated, formalized and reflected in the Corporate Governance Policy which is approved annually by the Board of Directors. The Committee’s duties include: analyzing and issuing opinions on possible conflicts of interest between the members of the Board of Directors and the companies of the Conglomerate; providing methodological and procedural support for evaluations by the Board of Directors, members, committees and Chief Executive Officer, and discussing the succession of members of the Board of Directors and the Chief Executive Officer, as well as making recommendations on these matters. The Capital and Risk Management Committee has its own internal charter, approved by the Board of Directors and available on our Investor Relations website, along with the Corporate Governance Policy: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 14 Partially Compliant N/A Not Compliant Have its own budget to engage advisors on accounting, legal and other topics, when the opinion of an external expert is required. (IV) 4.2.1 4.2.2 The Fiscal Council should have a dedicated charter describing its structure, operations, work program, roles and responsibilities, without hindering the performance of its individual members. The minutes of the Fiscal Council meetings should follow the same disclosure rules applicable to the Board of Directors’ minutes. (I) The statutory Audit Committee oversees the quality and completeness of the financial statements, compliance with legal and regulatory requirements, the operation, independence and quality of the work carried out by the independent auditor and the Internal Audit department, and the quality and effectiveness of the internal controls and risk management systems. (II) All members of the Audit Committee are independent, according to Brazilian National Monetary Council (CMN) regulations, and the Board of Directors will terminate the term of office of any member of the Audit Committee if their independence is affected by any actual or potential conflict of interest. The Committee’s chairman is an independent member of the Board of Directors. (III) The Audit Committee members are elected annually by the Board of Directors from among its members or professionals with renowned competence and outstanding knowledge, taking into consideration that at least one of the members of this Committee will be designated as a Financial Expert and must have proven knowledge in accounting and audit. (IV) The Audit Committee Charter sets forth that the Board of Directors shall define the remuneration of the Committee’s members, as well as the budget intended to cover the expenses on its operation, including a forecast of the engagement of external experts to help the Committee comply with its duties. Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant Compliant Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 15 Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant 4.3.2 The independent audit team should report to the Board of Directors, through the Audit Committee, if applicable. The Audit Committee should monitor the effectiveness of the independent auditors’ work, as well as their independence. It should also assess and discuss the independent auditor’s annual work plan and submit it for appreciation of the Board of Directors. 4.3.1 The company should establish a policy to engage non-related audit services from its independent auditors, approved by the Board of Directors, to bar the engagement of non-related audit services that might compromise the auditors’ independence. The company should not engage independent auditors who have provided internal audit services to the company for the last three years. 4.4.1 The company must have an internal audit function reporting directly to the Board of Directors. The Internal Audit Department is subordinated, at the administrative level, to the Chairman of the Board of Directors, and its activities are supervised by the Audit Committee. The purpose of the Internal Audit Department is to evaluate the activities carried out by the Conglomerate, using audit techniques, allowing management to assess the adequacy of controls, the effectiveness of risk management, the reliability of the financial statements and the compliance with rules and regulations. The Internal Audit Department has an agenda to report to the Governance Meetings held by the Audit Committee, the Executive Committee and the Board of Directors. Compliant Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 16 Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant 4.5.1 The company must adopt a risk management policy, approved by the Board of Directors, that includes a definition of the risks for which protection is sought, the instruments used, the organizational structure for risk management, the assessment of the adequacy of the operational structure and internal controls to verify its effectiveness, in addition to defining guidelines to establish acceptable limits for the company’s exposure to these risks. 4.4.2 If this activity is outsourced, the internal audit services should not be provided by the same firm that audits the financial statements of the company. The company should not hire internal audit services from any independent auditors who have provided internal audit services for the company for the last three years. 4.5.2 The board of directors should ensure that the executive board have mechanisms and internal controls to get to know, assess and control risks to keep these risks at levels consistent with the defined limits, including a compliance program aimed at complying with the laws, regulations, and external and internal rules. See explanation of item 4.5.3. See explanation of item 4.5.3. Compliant Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 17 Partially Compliant N/A Not Compliant 4.5.3 The executive board should assess at least once a year the effectiveness of the risk management and internal control policies and systems, as well as the compliance programs, and submit this assessment to the board of directors. The Board of Directors is the highest authority in terms of risk management, and is responsible for setting the Company’s risk appetite levels under the risk appetite policy. Under the risk appetite structure, the Company defines a set of measures to capture the key dimensions of major risks, and the process for defining these measures, the limits and the risk appetite requires interactions between executives and the Board of Directors. To help the Board of Directors, the Company established a Risk and Capital Management Committee to submit to the Board of Directors the types of risks to which the Company may be exposed, as well as risk limits and guidelines on the tolerance for risks that may impact the business strategy. The Risk and Capital Management Committee is responsible for supporting the Board of Directors with the performance of its responsibilities related to the Company’s risk and capital management, submitting for the Board’s consideration reports and recommendations on topics such as: approval and review, at least annually, of the policies, strategies and risk and capital management limits; the definition of the Company’s risk appetite, ensuring alignment with the strategy, including acceptable tolerance levels and types of risk to which the Company may be exposed and, finally, the supervision of compliance with the terms of the Company’s risk appetite. At the executive level, risk and capital management is carried out by Senior Committees chaired by the CEO of Itaú Unibanco. Through the commission and committee hierarchy, risks are first discussed at lower levels of authority and, if the level of authority for this topic is higher or the topic is deemed of high importance, it will be submitted to the respective higher level of authority, then discussed with the Board of Directors. Commissions and committees use materials that include recurring and specific risk and capital management reports, including elements relevant to each body, and these materials are also made available to the members of the Board of Directors. The main risk and capital report is the risk appetite report, prepared by the Risk and Capital Management Committee and periodically submitted to the Audit Committee. 5.1.1 The company should have an independent and self-governing Conduct Committee, reporting directly to the Board of Directors, responsible for implementing, transmitting, training, reviewing and updating the code of conduct and the whistleblowing channel, as well as for carrying out inquiries and proposing corrective measures in connection with any violations of the code of conduct. The Audit Committee also functions as a Conduct Committee, as it has been designated by the Code of Ethics as responsible for monitoring the Corporate Integrity and Ethics Program, by means of reports from the Internal Audit, Internal Controls and Compliance, Corporate Security Office and Ombudsman Office, as well as through other mechanisms available. The Audit Committee reports directly to the Board of Directors and is made up of independent members, as set forth by the Brazilian National Monetary Council regulation. Additionally, this governance includes the Integrity and Ethics Bodies, which monitor the guidelines of Itaú Unibanco’s Code of Ethics and the Corporate Conduct, Integrity and Ethics Policy through the Corporate Integrity and Ethics Program. Partially Compliant N/A Not Compliant Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 18 Partially Compliant N/A Not Compliant Clearly define the scope and reach of actions intended to determine the existence of transactions construed to have been made based on insider information (e.g.: use of insider information for business purposes or for gaining the upper hand when trading securities); (III) Establish that contracts, agreements, proposals to amend bylaws, as well as policies that guide the entire company, should be negotiated based on ethical principles, and establish a maximum value for goods or services from third parties that management members and employees may accept as gifts or gratuities. (IV) 5.1.2 Govern the internal and external relations of the company, by expressing the commitment expected from the company, its directors, officers, stockholders, employees, suppliers and stakeholders, with the adoption of proper conduct standards; PREPARED BY THE EXECUTIVE BOARD, SUPPORTED BY THE CONDUCT COMMITTEE AND APPROVED BY THE BOARD OF DIRECTORS, THE CODE OF CONDUCT SHOULD: (I) Manage conflicts of interest and provide for abstentions of the member of the board of directors, the audit committee and/or the conduct committee, if they are deemed conflicted; (II) Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 19 Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant 5.1.3 The whistleblowing channel should be independent, self-contained and unbiased, with its operating working guidelines defined by the Executive Board and approved by the Board of Directors. It should be operated in an independent and unbiased way, and preserve the anonymity of its users, in addition to promptly investigating and taking the measures required. This service may be carried out by a reputable third party. The Code of Ethics is a public document, approved by the Board of Directors, applied without distinction, to all management members and employees of the Conglomerate in Brazil and abroad. This document encourages the prompt reporting of actual or suspected violations of guidelines, laws, regulations or standards, and advises that each employee’s commitment to the Code’s guidelines is the foundation of the Company’s soundness and continuity. The Code discloses four whistleblowing and/or guidance channels, each with its own specifications. The guidelines for all of these channels are as follow: The secrecy of the investigation should be strictly maintained; anonymity should be ensured for those who want it; investigations should be out on an independent and unbiased way; charges or unsubstantiated accusations should be dismissed; malicious charges or accusations aimed at harming a person should be subject to disciplinary sanctions; and disciplinary sanctions should be applied to any attempted retaliation. These reporting channels are available internally and have the following attributes: a. Ethics Consultancy: channel available to employees and the public for guidance and solving doubts on ethical issues, such as conflicts of interest and ethical dilemmas. b. Audit Committee: a channel available to internal employees and the public to receive suspected or actual reports of any noncompliance with legal and regulatory provisions and internal rules, fraud committed by management members, employees or third parties, or errors resulting in significant misstatements. c. Inspector Office: a channel available to internal employees and the public to receive reports on fraud and other illicit acts, including corruption. d. Internal Ombudsman’s Office: a channel available to employees to receive and handle interpersonal conflicts and conflicts of interest in the workplace, ethical misconduct and noncompliance with the related institutional policies by management members and employees. 5.2.1 The company’s governance rules should ensure the clear segregation and definition of functions, roles and responsibilities associated with the mandates of all governance agents, and the levels of authority for decision-making at each level should also be defined to minimize possible conflicts of interests. Ours governance rules are published in our Corporate Governance Policy, which sets forth clear segregation and definitions of the functions of all governance agents. Additionally, the Code of Ethics and the Corporate Conduct, Integrity and Ethics Policy have specific provisions on conflicts of interest, including the mechanisms adopted to prevent them. All these documents are available on our Investor Relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 20 Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant 5.2.2 5.2.3 The company’s governance rules should be made public and determine that any person who is not independent in relation to the issue under discussion or resolution in the company’s management or inspection bodies should promptly state any conflicts of interest or relevant personal interests. If they fail to do so, these rules determine that another knowing person may bring such conflict to light and that as soon as this conflict of interest regarding a specific topic is identified, the involved person shall be kept away, including physically, from such discussions and resolutions. These rules should require this temporary seclusion to be recorded in the minutes. The company should have mechanisms to manage conflicts of interest in relation to votes at general meetings, to receive and deal with alleged conflicts of interest, and to annul votes cast in such conflicting situations, even if this takes place subsequently to voting. The Company’s Shareholders’ Manual expressly provides that during a General Meeting, as is the case at meetings of the Company’s management and supervisory bodies, the Shareholders present shall express their opinion on the existence of possible conflicts of interest in any matters under discussion or deliberation, where their independence could be compromised. Also, any present shareholder who has knowledge of a conflicting situation in relation to another shareholder and the subject matter of the resolution must also declare this. When the conflict of interest is manifested, the conflicted shareholder shall refrain from deliberating on that matter. If the conflicted shareholder refuses to abstain from deliberations, the chairman of the General Meeting shall annul the conflicting votes, even after the conclave. The Company’s Shareholders Manual is available on our Investor Relations website: www. itau.com.br/investor-relations > Menu > Reports > Brazilian Securities and Exchange Commission (CVM). The Charter of the Board of Directors includes an express provision establishing rules to prevent possible conflicts, such as prohibiting members of the Board of Directors from taking part in resolutions related to topics with which their interests conflict with those of the Company. Each member should report to the Board of Directors any conflict of interest he/she has as soon as this topic is included in the agenda or proposed by the Board of Directors’ Chairman and, in any case, before the beginning of any discussion of the respective topic. Furthermore, the Bylaws provide that the Board of Directors shall terminate the term of office of any member of the Audit Committee if their independence has been affected by any circumstance of conflict or potential conflict. Finally, the Transactions with Related Parties Policy expressly provides that in situations where a member involved in the approval of the transaction is prevented from deliberating on the matter due to a potential conflict of interest, the said member must declare themselves impeded, explaining their involvement in the transaction and providing details of the transaction and the parties involved. The impediment must be reported in the document containing the resolutions on the transaction. The policy is available on our Investor Relations website: www.itau.com. br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Policies. Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 21 Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant (I) 5.3.1 The bylaws should define which transactions with related parties should be approved by the Board of Directors, with the exclusion of any members with potential conflicts of interest. 5.3.2 Prior to the approval of specific transactions or guidelines for entering into transactions, the Board of Directors should request from the Executive Board market alternatives to the transaction with the related party, adjusted to reflect the risk factors involved; THE BOARD OF DIRECTORS SHOULD APPROVE AND IMPLEMENT A TRANSACTIONS WITH RELATED PARTIES POLICY, WHICH SHOULD INCLUDE, AMONG OTHER PROVISIONS: Bar any remuneration to advisors, consultants or intermediaries that could give rise to conflicts of interest with the company, management members, preferred or ordinary stockholders; Bar any loans granted to the controlling party and management members; (II) (III) Any transactions with related parties that should be supported by independent appraisal reports prepared without the participation of any party involved in this operation, whether a bank, lawyer, or specialized consulting company, among others, based on realistic assumptions and information supported by third parties; (IV) (V) Corporate restructuring involving related parties should ensure equitable treatment for all stockholders. Our Transactions with Related Parties Policy, approved by the Board of Directors, is in line with the guidelines of the Brazilian Corporate Governance Code, except for the prohibition against loans in favor of the controlling company and the administrators, which are now allowed under Law 4,595/64 and Resolution of the National Monetary Council No. 4,693/18, provided they are in line with market conditions and the limits established by the regulations in force. Our Transactions with Related Parties Policy defines the concept of a related party based on the accounting rules, and establishes the rules and procedures for these types of transactions. This policy establishes that such transactions must be executed in writing, based on market conditions, in accordance with our internal practices (such as the specific guidelines specified in our Code of Ethics) and disclosed in our financial statements, based on the materiality criteria defined by the respective accounting standards. Transactions or sets of related transactions with related parties involving amounts higher than R$1.0 million within a period of twelve (12) consecutive months must be approved by our Related Parties Committee, which is entirely composed of independent members of the Board of Directors. In addition, these transactions will be reported on a quarterly basis to the Board of Directors. The full text of the Transactions with Related Parties Policy is available on our Investor Relations website: www.itau.com.br/investorrelations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies > Policies. Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 22 Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant We have a Policy on Trading Securities that sets out the guidelines and procedures to be followed by the Company and related persons in connection with the trading of securities issued by the Company and its subsidiaries in Brazil, including the sanctions applicable in the event of any violation. The Policy sets out that persons bound by the policy are responsible for, among others: (i) keeping secret information related to material facts pertaining to the Company and its subsidiaries, and refraining from using such information to gain the upper hand, for their own benefit or the benefit of others, in the securities market, ensuring that subordinates and third parties he/she trusts keep secret such information and refrain from using it, being held jointly and severally liable for any noncompliance therewith; and (ii) making exclusive use of the Conglomerate’s brokers to trade the securities under this Policy, which have controls in Brazil to prevent trading during blackout periods. The Compliance area monitors adherence with the Policy in relation to the trading of securities issued by the Conglomerate. Any noncompliance is investigated and submitted to our Integrity and Ethics Committee and Disclosure and Trading Committee accordingly. The Policy Regarding the Disclosure of Material Information also sets out other mechanisms to control information secrecy in connection with material facts, such as: (i) persons bound by the policy should ensure the safe storage and transmission of material information (emails, files, etc.), avoiding any type of unauthorized access, and should also restrict the forwarding of improperly protected information to third parties. Material information should always be discussed in restricted and non-public places; and (ii) in relation to the process that gave rise to the material fact, a list of the bound persons who had knowledge of the information before its disclosure should be filed accordingly. 5.4.1 The company should adopt, as resolved by the Board of Directors, a policy for trading securities issued by the company, which, without prejudice to compliance with the CVM rules, establishes controls to achieve the monitoring of trades executed, as well as investigations into and sanctions against any party who does not comply with the policy. 5.5.1 In order to ensure greater transparency in the use of the company’s resources, a policy should be prepared on voluntary contributions, including those related to political activities, to be approved by the Board of Directors and carried out by the Executive Board, setting out clear and objective principles and rules. In addition to other corporate policies, such as the Donations Policy and the Sponsorships Policy, the Government and Institutional Relations Policy, update on June 05, 2020, establishes that it is prohibited for all companies of the Conglomerate in Brazil and abroad to contribute, directly or indirectly, to electoral campaigns, candidates for public office or political parties. The Code of Ethics and the Corporate Conduct, Integrity and Ethics Policy also have provisions on voluntary contributions. The above documents are available on our Investor Relations website: www.itau.com.br/investor-relations > Menu > Itaú Unibanco > Corporate Governance > Rules and Policies. Compliant Compliant

Itaú Unibanco Holding S.A. Report on the Brazilian Corporate Governance Code. 23 Partially Compliant N/A Not Compliant Partially Compliant N/A Not Compliant 5.5.3 The policy on voluntary contributions of government-controlled companies or companies with recurring, material business relations with the government should bar any contributions or donations to political parties or persons bound to the latter, even if permitted by law. 5.5.2 This policy should set forth that the Board of Directors is the body responsible for approving all expenditure related to political activities. Compliant Compliant