Ultrapar Participações (UGP) 6-K Current report (foreign)

 UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

Form 6-K

Report of Foreign Private Issuer

Pursuant to Rule 13a-16 Or 15d-16 Of

The Securities Exchange Act Of 1934

For the month of June 2022

Commission File Number: 001-14950

ULTRAPAR HOLDINGS INC.

(Translation of Registrant’s Name into English)

Brigadeiro Luis Antonio Avenue, 1343, 9th Floor

São Paulo, SP, Brazil 01317-910

(Address of Principal Executive Offices)

Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F:

Form 20-F ____X____                                                         Form 40-F ________

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(1):

Yes ________                                                                       No ____X____

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(7):

Yes ________                                                                       No ____X____

ULTRAPAR HOLDINGS INC.

TABLE OF CONTENTS

ITEM

1.  Corporate Risk Management Policy 1

1

TABLE OF CONTENTS
1.      PURPOSE	3
2.      DEFINITIONS	3
3.      PRINCIPLES OF RISK MANAGEMENT IN THE ULTRA GROUP	4
3.1. Transparency	4
3.2. Dimension and periodicity	4
3.3. Responsibility	4
3.4. Monitoring	4
4.      DUTIES AND RESPONSIBILITIES	4
4.1. Board of Directors	5
4.2. Audit and Risks Committee	5
4.3. Ultrapar Board of Executive Officers	5
4.4. Business Risk Owners	6
4.5. Risk Owners	6
4.6. Risk Theme Managers	6
4.7. Compliance / Internal Control / Business Risk Management	7
4.8. Risk, Compliance and Audit department	7
4.9. Areas in charge of specific Risks	7
5.      GUIDELINES FOR THE INTEGRATED RISK MANAGEMENT	7
5.1. Ultra Group's Systemic Risk Matrix	7
5.2. Risk Theme approach	8
5.3. Risk Theme Quantification	8
5.4. Preparation of Action Plans (risk response)	8
5.5. Risk Levels (monitoring)	8

2

The purpose of this Policy is to set the guidelines, responsibilities and principles to be complied with during the risk management process in Ultra Group.

This Policy applies to all companies controlled by Ultra Group. In companies where the control is shared or where it holds minority interest, Ultra Group will endeavor its best efforts to ensure that the principles and guidelines of this Policy will be applied.

This Policy shall be read in conjunction with the Code of Ethics and other Corporate Policies defined by the Ultra Group. In the event of conflict, the Risk, Compliance and Audit Department shall be consulted.

The risks the Ultra Group may face were separated into 5 (five) categories:

• Strategic and Sustainability Risks - Diffuse risks arising from external and internal factors that may hinder or impact Ultra Group from achieving its goals. Some of these risks involve political and economic influences, actions undertaken by political and regulatory agents, dependency on monopolistic suppliers, the performance of the competition, new players, substitute products and services, changes in consumer behavior, sustainability (social and environmental impacts), capital allocation decisions, disruptive innovations, matters of attracting, retaining and replacing talents to keep the Business ongoing, among others. Corporate Policies approved by the Board of Directors that can help managing these risks: (i) Corporate Policy of Investments, and (ii) Corporate Policy of Mergers, Acquisitions and Development. The Sustainability Policy also provides guidelines concerning this matter.

• Operating Risks - Risks related to the execution of processes and procedures adopted to achieve the goals provided by the Business plan. These risks are present in the daily activities of each Business — in safety, environmental and quality procedures, in the relationship with suppliers and customers, in logistics and administrative processes.

• Financial and Capital Market Risks - Specific risks related to governance, relationship with shareholders and investors, accounting and financial management of the Ultra Group, including level of indebtedness, investment analysis, budget and cash flow management, preparation of financial statements, perception of credit risk from financial counterparties and credit-rating agencies as well as other interactions with the financial and capital markets. These Risks are approached by the following Corporate Policies approved by the Board of Directors: (i) Corporate Policy of Financial Risk Management, (ii) Material Notice Disclosure Policy and Securities Trading Policy, (iii) Corporate Policy of Insurance Management, and (iv) Ipiranga's Corporate Policy of Trading Risks.

• Compliance Risks - Specific behavioral and regulatory risks involving misconduct from employees of the Ultra Group and illegal business practices that could result in regulatory sanctions, financial losses, administrative, civil and/or criminal consequences and/or place the credibility and reputation of the Ultra Group in jeopardy. The Ultra Group's Ethics and Compliance Program addresses these Risks, which are also approached by the following documents and Corporate Policies approved by the Board of Directors: (i) Code of Ethics, (ii) Corporate Policy on Anti-Corruption and the Relationship with the Public and Private Sector, (iii) Corporate Competition Policy, and (iv) Conflict of Interest and Related Party Transactions Corporate Policy.

• Cybersecurity Risks - Risks related to (i) stability of the computer processing of Ultra Group's transactions, (ii) events of noncompliance towards the data protection legislations, security rules for access, use, processing and storage of information and data of the Ultra Group, its employees and other stakeholders, (iii) breach, contamination or degradation of servers, systems and software, among other events related to technological resources that compromise or may compromise Business operational continuity, which may lead to interruption of transactions that are essential to Ultra Group. These Risks are addressed by the Information Security Policy and the Personal Data Protection and Privacy Corporate Policy.

3

A basic principle in risk management is  transparency as it requires that all Risks must be timely identified, measured and shared among several management levels of the Ultra Group, enabling to develop reasonable prevention measures and decisions adapted to each situation.

Every Risk Theme shall be quantified by its level of vulnerability and potential impact, which shall be reviewed every year or whenever there are material changes to the internal and/or external environments.

Regardless of their hierarchical position, the Risk Theme Managers are the primary responsible for managing the Risks and they shall set the proper methodology to identify and share them with those in higher positions until reaching the Risk Owner. The Risk Owner must maintain the Business Risk Owner informed about the Risk levels and how to mitigate them.

The integrated management of risks is a tool to collect information on the Ultra Group's Risks and its impacts and vulnerabilities. This management constitutes an executive panel board to monitor the themes by the Ultrapar Board of Executive Officers, Audit and Risks Committee and Board of Directors.

The Board of Directors, supported by the Audit and Risks Committee and the Risks, Compliance and Audit department, must systematically and independently monitor the assessment of Ultra Group's Risk Themes.

For an integrated management of Risks in the Ultra Group, the areas involved have the following responsibilities:

4

Board of Directors is responsible for the following:

• Approve the Corporate Risk Management Policy and its versions
• Approve the Ultra Group's Systemic Risk Matrix and its versions
• Periodically assess Ultra Group's exposure to Risks
• Assess the efficiency of the Risk management systems
• Ensure Ultrapar Board of Executive Officers has mechanisms in place to identify, assess and manage its Risks
• Whenever applicable, approve the acceptable levels of Risk

Audit and Risks Committee is responsible for the following:

• Assess, monitor and recommend to the Board of Directors the proposals to review Ultra Group's Systemic Risk Matrix and the Corporate Risk Management Policy
• Assess Ultra Group's Systemic Risk Matrix and periodically submit it to be assessed by the Board of Directors
• Whenever applicable, advise the Board of Directors to set the acceptable levels of Risks
• Assess the efficiency of the Risk management, control and governance processes
• Monitor the implementation of the Action Plans

Ultrapar Board of Executive Officers is responsible for the following:

• Propose issues to be reviewed in this Policy and the Risk management mechanisms
• Periodically assess the efficiency of this Policy
• Assess and propose improvements to the Ultra Group's Risk management mechanisms
• Validate Ultra Group's Systemic Risk Matrix and Risk Matrix to be submitted to and assessed by the Audit and Risks Committee and the Board of Directors
• Validate and monitor the implementation of the Action Plans

5

Business Risk Owners are responsible for the following:

• Ensure the enforcement of the Corporate Risk Management Policy
• Assess the efficiency and propose improvements to the Risk management mechanisms in the Business
• Ensure the provision of resources required to execute and maintain the Risk management mechanisms in the Business
• Validate the Business Risk Matrix
• Support and recommend the review of Ultra Group's Systemic Risk Matrix
• Validate and monitor the implementation of the Action Plans
• Ensure the provision of resources required to implement Action Plans for the mitigation of any Risk identified
• Provide support to discuss the Business Risks in the related boards and committees
• Whenever applicable, propose acceptable levels of Risk

Risk Owners are responsible for the following:

• Validate the Risks identified and assessed by its Board of Officers
• Validate the Risks in terms of Impact and Vulnerability in the Business Risk Matrix
• Ensure the efficient execution of mechanisms and controls to mitigate and manage Risks by its Board of Officers
• Validate and monitor the implementation of the Action Plans for the identified Risks
• Ensure the provision of resources required to implement Action Plans for the mitigation of any Risk identified

Risk Theme Managers in the Business are responsible for the following:

• Identify and quantify the Business Risk Scenarios
• Quantify the identified Risks in terms of Impact and Vulnerability
• Suggest Action Plans and mitigating controls
• Implement and execute Risk mitigation and management mechanisms and controls
• Monitor the Business Risk Scenarios and their respective indicator

6

Business Compliance/Internal Control/Business Risk Managers are responsible for the following:

• Disclose the concepts related to the Business Risk Management
• Support the Risk, Compliance and Audit department, the Risk Owners and Business Risk Theme Managers discussing the identification, quantification and determination of the Action Plans to mitigate Risks
• Develop, monitor and report controls related to mitigation in the Risk management and action plans in the Business
• Support the implementation of the action plans in the Business

Risk, Compliance and Audit department is responsible for the following:

• Propose and prepare the Corporate Risk Management Policy and its versions
• Monitor the compliance with Ultra Group's Corporate Risk Management Policy
• Set the methodology for an integrated, comparative view of the Risks in the Ultra Group
• Coordinate the review of Ultra Group's Systemic Risk Matrix
• Disclose the Risk management methodology in the Ultra Group
• Promote and support the Board of Executive Officers to discuss the identification, quantification and determination of the Action Plans
• Coordinate the presentation and reports on Risks throughout the organizational levels, including the Audit and Risks Committee and the Board of Directors
• Coordinate the agenda of Risks in Ultra Group to be discussed
• Monitor the Action Plans
• Audit the Risk mitigation and management mechanisms and controls
• Whenever applicable, advise the Audit and Risks Committee to determine the acceptable levels of Risks
• Provide an interpretation to this Policy whenever questions arise

Risks which management is under specific areas of Ultrapar, such as Financial, Investments and Insurance etc., shall be determined by means of specific corporate policies or procedures, which shall be aligned with this Policy.

To ensure the relevance, connection and completeness of the matters assessed, Ultra Group developed a Systemic Risk Matrix encompassing the five (5) categories of Risks the Ultra Group may face, informed in the Risk Themes.

7

Each theme shall be assessed on its own for every Business, setting a standard to assess and compare Risks and Business, helping Ultrapar Board of Executive Officers, the Audit and Risks Committee and the Board of Directors to focus their attention on the most relevant risks.

The Themes listed in Ultra Group's Systemic Risk Matrix may also be reviewed in case the Risk environment changes or upon request from the Business Risk Owners, the Audit and Risks Committee and the Board of Directors.

The approach to the themes must be aligned with the Business strategy to guide the discussions and Action Plans for the most relevant Risk Scenarios. The Business Board of Executive Officers shall discuss the theme with enough quantitative and qualitative information to describe the current Risk status.

The quantification of the Risk Theme must reflect the Business self-assessment in terms of Impact and Vulnerability based on discussions with the Risk, Compliance and Audit department. This self-assessment must consider how the relevance of the Theme among the others already assessed.

The quantification of the Impact must be based on a Risk Scenario that leads to the highest damage possible to the theme.

The quantification of Vulnerability must be based on the level of preparation and/or prevention of the Business to avoid any Risk Scenario to materialize.

The graphic visualization of the quantification of each Theme in the Risk Matrix, based on four (4) qualitative levels (low, medium, high and very high), reflects the profile of the Business Risk and must be used as basis to discuss the priority actions to be taken.

Once the Risk is quantified and discussed, the Business must assess the necessity to prepare initiatives or Action Plans to manage the exposure to the Risk. These measures aim to: (i) avoid the Risk, (ii) reduce the Impact and/or Vulnerability, and/or (iii) transfer the Risk. Action Plans must have a due date and an owner.

According to the Risk Theme and based on the availability of quantitative indicators, acceptable levels of Risk could be proposed by the Business to be approved by the Board of Directors, whenever applicable.

For this purpose, monitoring tools and procedures must be developed to assure the risk limits are not exceeded.

8

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

Date: June 21, 2022                                                        

ULTRAPAR HOLDING INC.

By: /s/ Rodrigo de Almeida Pizzinatto

Name: Rodrigo de Almeida Pizzinatto

Title: Chief Financial and Investor Relations Officer

(Corporate risk management policy)