REPORT ON CORPORATE GOVERNANCE AND OWNERSHIP

STRUCTURE

Pursuant to article 123- bis TUF

(TRADITIONAL ADMINISTRATION AND CONTROL MODEL)

Company: BFF Bank SpA Website : www.bff.com Year to which the Report refers: 01.01.2023 – 31.12.2023 Approval date: 0 07.03.2024

Summary
---------

	GLOSSARY6
	PREAMBLE 14
1.0	ISSUER PROFILE 15
2.0	INFORMATION ON THE OWNERSHIP STRUCTURE (pursuant to art. 123- bis, paragraph 1, TUF)
	AS OF 31/12/202325
a)	Share capital structure (pursuant to article 123- bis, paragraph 1, letter a), TUF)25
b)	Restrictions on the transfer of securities (pursuant to article 123- bis, paragraph 1,
	letter b), TUF) 27
c)	Relevant equity investments (pursuant to article 123- bis, paragraph 1, letter c), TUF)
	28
d)	Securities conferring special rights (pursuant to article 123- bis, paragraph 1, letter
d),	TUF) 28
e)	Employee shareholding: mechanism for exercising voting rights (pursuant to article
123-	bis, paragraph 1, letter e), TUF) 28
f)	Restrictions on voting rights (pursuant to article 123- bis, paragraph 1, letter f), TUF)
	28
g)	Agreements between shareholders (pursuant to article 123- bis, paragraph 1, letter
	g),TUF) 28
h)	Change of control clauses (pursuant to article 123- bis, paragraph 1, letter h), TUF)
	and statutory provisions on takeover bids (pursuant to articles 104, paragraph 1- ter, and
104-	bis, paragraph 1) 28
i)	Powers to increase the share capital and authorization to purchase treasury shares
	(pursuant to article 123- bis, paragraph 1, letter m), TUF) 29
j)	Management and coordination activities (pursuant to art. 2497 and following of the
	civil code) 30
3.0	COMPLIANCE (pursuant to article 123-bis, paragraph 2, letter a), first part, TUF) 32
4.0	BOARD OF ADMINISTRATION 33

4.1	ROLE OF THE BOARD OF DIRECTORS	33
4.2	APPOINTMENT AND REPLACEMENT (pursuant to article 123-	bis, paragraph 1, letter l),
	first part, TUF)	38
	REPLACEMENT	41
4.3	COMPOSITION (pursuant to article 123- bis, paragraph 2, letters d) and d-	bis), TUF)43
	CRITERIA AND POLICIES OF DIVERSITY IN THE COMPOSITION OF THE BOARD AND IN THE ORGANIZATION
	CORPORATE	52
	MAXIMUM NUMBER OF OFFICES HELD IN OTHER COMPANIES	57
4.4.	OPERATION OF THE ADVISE FROM ADMINISTRATION (ex art. 123-	bis, paragraph 2,
	letter d), TUF)	58
4.5	ROLE OF THE CHAIRMAN OF THE BOARD OF DIRECTOR	62
	BOARD SECRETARY	65
4.6	EXECUTIVE DIRECTORS	66
	CHIEF EXECUTIVE OFFICIERS	66
	CHAIRMAN OFTHE BOAR OFDIRECTORS	69
D),	EXECUTIVE COMMITTEE (ONLY IF ESTABLISHED) ( PURSUANT TO ARTICLE 123- BIS , TUF)	PARAGRAPH 2, LETTER 69
	REPORTING TO THE BOARD BY DIRECTORS/DELEGATED BODIES	69
	OTHER EXECUTIVES ADVISES	69
4.7	INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR	70
	INDEPENDENT DIRECTORS	70
	LEAD INDEPENDENT DIRECTOR 74
	INDUCTION PROGRAM 74
5.0	CORPORATE INFORMATION MANAGEMENT	76
6.0	INTERNAL COMMITTEES OF THE BOARD (pursuant to art. 123-	bis, paragraph 2, letterd),
TUF)	78
7.0	SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS - APPOINTMENTS COMMITTEE	81
7.1.	SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS	81
7.2.	NOMINATION COMMITTEE	86
8.0	REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE92

8.1	REMUNERATION OF DIRECTORS	92
8.2	REMUNERATION COMMITTEE	92
9.0	INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - CONTROL	AND RISK
	COMMITTEE	93
9.1	CHIEF EXECUTIVE OFFICER	98
9.2	CONTROL AND RISKS COMMITTEE	99
9.3	HEAD OF THE INTERNAL AUDIT FUNCTION	109
9.4	ORGANIZATIONAL MODEL pursuant to Legislative Decree 231/2001 112
9.5	AUDITING FIRM	114
9.6	THE CHIEF REPORTING OFFICER OF PREPARING CORPORATE ACCOUNTING
	DOCUMENTS AND OTHER CORPORATE ROLES AND FUNCTIONS	115
9.7	COORDINATION BETWEEN PERSONS INVOLVED IN THE INTERNAL CONTROL AND
	RISK MANAGEMENT SYSTEM	120
10.0	DIRECTORS' INTERESTS AND TRANSACTIONS WITH RELATED PARTIES	122
11.0	BOARD OF STATUTORY AUDITORS	125
		125
11.1APPOINTMENT AND REPLACEMENT 11.2 COMPOSITION AND OPERATION (pursuant to article 123- bis, paragraph 2, letters d) and
d-	bis), TUF)	129

DIVERSITY CRITERIA AND POLICIES 132
INDEPENDENCE 136
	REMUNERATION	137
12.0	INTEREST MANAGEMENT RELATIONS WITH SHAREHOLDERS	138 139

	ACCESS TO INFORMATION	139
	DIALOGUE WITH SHAREHOLDERS 140
13.0	SHAREHOLDERS' MEETING	144
14.0	ADDITIONAL CORPORATE GOVERNANCE PRACTICES (pursuant to art. 123-	bis , paragraph
	2, letter a), second part, TUF)	148
15.0	CHANGES SINCE YEAR END REFERENCE	149

GLOSSARY

Chief Executive Officer or	the "management body" of the Parent Company. The director to whom the
AD :	BoD has delegated – pursuant to the Civil Code and by statutory provision –
	current management tasks, understood as the implementation of the
	guidelines resolved by the BoD itself in the exercise of the strategic
	supervision function.
Shareholders' meeting :	the shareholders' meeting of the Bank.
Self-assessment:	the self-assessment process of the size, composition and functioning of the
	BoD and its Committees, carried out in compliance with the Corporate
	Governance Provisions and with the provisions of the Corporate Governance
	Code. The self-assessment is conducted also considering the role played by
	the Board in defining the strategies and in monitoring the performance of the
	management and the adequacy of the internal control and risk management
	system.
Shares:	the ordinary shares of BFF.
Shareholders:	those who hold a stake in the Bank's share capital.
Bank/BFF/Company/Issue	BFF Bank SpA, parent company of the BFF Banking Group, whose shares are
r/Parent Company:	traded on Euronext Milan (formerly Mercato Telematico Azionario, MTA).
ECB:	the European Central Bank.
BFF Finance Iberia o BFF	BFF Finance Iberia SAU, a company incorporated under Spanish law, whose
FI:	capital is wholly owned by the Bank.
Real Estate BFF:	BFF Immobiliare Srl, an instrumental company incorporated under Italian law,
	whose share capital is wholly owned by the Bank.
BFF Polska o BFF PL:	BFF Polska SA, a company incorporated under Polish law, whose capital is
	wholly owned by the Bank.
BFF TechLab:	BFF TechLab Srl, a company incorporated under Italian law, whose share
	capital is wholly owned by the Bank.
Italian Stock Exchange:	Borsa Italiana SpA, a private limited company that organizes and manages
	the Italian markets for trading in financial instruments.
Branch:	collectively, the Branch Greek, the Polish Branch, the Portuguese Branch and
	the Spanish Branch.
Greek branch:	"BFF Bank SpA Ελληνικό Υπ οκ ατάστημα", the branch of the Bank based in
	Athens.

Polish Branch:	"BFF Bank SpA Spółka Akcyjna Oddział w Polsce", the branch of the Bank
	based in Lodz.
Portuguese branch:	"BFF Bank SpA – Sucursal em Portugal", the branch of the Bank based in
	Lisbon.
Spanish branch:	"BFF Bank SpA Sucursal en España" , the branch of the Bank based in Madrid.
Circular 285 or Supervisory	Circular no. 285 of the Bank of Italy dated 17 December 2013 ("Supervisory
Provisions:	provisions for banks"), and subsequent updates.
Corporate Governance	the Corporate Governance Code , approved in January 2020 by the Corporate
Code/Governance Code:	Governance Committee , and available at the following web address
	https://www.borsaitaliana.it/comitato-corporate
	governance/codice/2020.pdf .
Board of Statutory	the Board of Statutory Auditors of the Bank.
Auditors:
Committees:	the Remuneration Committee, the Control and Risk Committee, the
	Appointments Committee and the RPT Committee.
Control and Risk	the Committee set up by the BoD pursuant to and for the purposes of the
Committee or CCR:	Corporate Governance Provisions and the Corporate Governance Code.
ESG Committee:	the committee, set up by the BoD , with proposal and advisory functions in
	favor of the Chief Executive Officer, in assessments and decisions relating to
	sustainability issues relating to ESG criteria.
Nominations Committee:	the Committee set up by the BoD pursuant to and for the purposes of the
	Corporate Governance Provisions and the Corporate Governance Code.
OPC Committee:	the Committee set up by the Board for the assessment of transactions with
	related parties and connected parties.
Corporate Governance	the committee established by the business associations (ABI, ANIA,
Committee:	Assonime, Confindustria), by Borsa Italiana and by the association of
	professional investors (Assogestioni).
Remuneration Committee	the Committee set up by the BoD pursuant to and for the purposes of the
	Provisions on Corporate Governance and the Corporate Governance Code.
BoD, Board or Board of	the " body with strategic supervision function " of the Bank, which is assigned
Directors:	guidance functions for the management of the Bank, through, among other
	things, the examination and resolution of industrial or financial plans, or
	strategic operations, pursuing Sustainable Success.
Subsidiary(s):	the companies belonging to the Group.

CRR:	the Regulation (EU) n. 575/2013 of the European Parliament and of the Council
	of 26 June 2013, relating to the prudential requirements for credit institutions
	and investment firms.
DEPO bank:	DEPOBank - Banca Depositaria Italiana SpA, acquired by BFF on 3 March
	2021, and incorporated into it with effect from 5 March 2021.
Responsible Manager:	the manager responsible for preparing the corporate accounting documents
	pursuant to art. 154- bis of the TUF.
Provisions on Corporate:	the First Part, Title IV, Chapter 1 (" Corporate Governance ") of the Supervisory
Governance:	Provisions.
Fit&Proper decree:	the Decree of the Ministry of Economy and Finance of 23 November 2020, n.
	169, containing the " Regulations on the subject of requirements and eligibility
	criteria for the performance of the role of corporate representatives of banks,
	financial intermediaries, credit guarantee institutions, electronic money
	institutions, payment institutions and depositor guarantee systems " , published
	in the Official Gazette on 15 December 2020.
Decree no. 231:	Legislative Decree 231/2001, as subsequently amended.
DNF:	the Consolidated Statement on non-financial information, drawn up pursuant
	to Legislative Decree no. 254/2016, available at the following link
	https://investor.bff.com/en/sustainability .
Equinova:	Equinova UK HoldCo Limited, holding company of Advent International
	Corporation, Bain Capital Private Equity Europe LLP and Clessidra SGR SpA .
Engagement Policy:	the " Policy for managing dialogue with the generality of shareholders and
	bondholders " adopted by the Bank.
Exercise:	2022, the financial year to which the Report refers.
ESG:	acronym of "Environmental Social Governance", which indicates the
	environmental, social and governance parameters to be taken into account,
	among other things, in the financial analysis and decision-making processes
	concerning investments.
Euronext Milan:	the regulated market managed by Borsa Italiana.
FF Foundation:	the Fast Forward Foundation, a private non-profit organisation, whose main
	objective is to promote and develop research activities related to the PA and
	health sector. In summary, the FF Foundation aims to: (i) promote equitable
	access to treatment and contribute to the sustainability of the health system;
	(ii) accelerate informed access to integrated welfare systems, and (iii) facilitate
	the financial inclusion of "fragile" individuals.

Corporate Control	collectively, the Compliance and AML Function, the RM Function, the IA
Functions:	Function , and other structures with control functions, i.e. the set of company
	functions which, due to legislative, statutory, regulatory or self-regulatory
	provisions, have control tasks in the Group .
Compliance and AML	the corporate function of the Parent Company of compliance with the rules
function:	and of preventing and contrasting the implementation of money laundering
	and terrorist financing operations.
AI function:	Internal Audit Function of the Parent Internal Audit Company.
MRI function:	the Risk Management Function of the Parent Company for risk control.
Corporate Functions or	the set of corporate structures of the Group, such as, for example, the
Corporate Structures:	Departments, Functions and Organizational Units.
Group or BFF Group:	collectively, the Bank and its Subsidiaries.
BFF Polska Group:	the group made up of the parent company BFF Polska , a company
	incorporated under Polish law active in the field of loans to the national health
	service and local authorities, and its subsidiaries: (i) BFF MEDFinance SA; (ii)
	BFF Central Europe SRO; (iii) BFF Česká Republica SRO; (iv) Debt-Rnt Sp
	ZOO; (v) the Kancelaria law firm Prawnicza Karnowski i Wspólnik Spółka
	Komandytowa , (vi) Restrukturyzacyjna Prawnicza Karnowski Wspolnik sp.k
	., and (vii) the Municypalny closed-end investment fund Fundusz
	Inwestycyjny Zamkniety , with offices in Poland, the Czech Republic and
	Slovakia, respectively.
ICAAP:	the "Internal Capital Adequacy Assessment Process", the internal process for
	determining the capital adequacy of the Parent Company, which carries out
	an independent current and prospective assessment of its capital adequacy,
	in relation to the risks assumed and the corporate strategies, pursuant to and
	for the purposes of the Supervisory Provisions.
ILAAP:	the "Internal Liquidity Adequacy Assessment Process", the internal process for
	determining the adequacy of the liquidity risk governance and management
	system of the Parent Company, which carries out an independent current and
	forward-looking assessment of the liquidity risk governance and
	management system, in relation to assumptions and corporate strategies
	pursuant to and for the purposes of the Supervisory Provisions.
MBO:	management by objectives.
Model 231:	the organisation, management, and control model, adopted by the Bank
	pursuant to Decree no. 231.

Guidelines for	the guidelines expressed by the outgoing Board of Directors on the qualitative
Shareholders:	and quantitative composition of the administrative body deemed optimal,
	made available to the public on 19 January 2021 on the website in the "
	Corporate Governance/Meeting Documentation " section.
OdV:	the supervisory body set up by the Bank pursuant to Decree 231.
Corporate Bodies:	collectively, the BoD , the CEO and the Board of Statutory Auditors.
SOP 2016:	the " Stock Option Plan for directors and employees of the Company and its
	subsidiaries " approved by the Shareholders' Meeting on 5 December 2016, as
	subsequently amended by the Shareholders' Meeting on 28 March 2019.
SOP 2020:	the " Stock Option Plan in favor of directors and employees of the Company and
	its subsidiaries " approved by the Shareholders' Meeting on 2 April 2020.
SOP 2022:	the "2022 Incentive Plan of Stock Options A (equity settled) and Options B
	(cash settled) for directors and employees of the Company and its
	subsidiaries" approved by the Shareholders' Meeting on 31 March 2022
Risk Takers:	the categories of persons whose professional activity has or may have a
	significant impact on the risk profile of the Group, identified in accordance
	with the applicable legislation.
Closely Related Persons:	pursuant to art. 3 of Regulation (EU) no. 596/2014, the following are persons
	closely related to the Relevant Persons: a) the spouse or a partner equivalent
	to the spouse under national law; (b) a dependent child under national law; c)
	a relative who has shared the same home for at least one year on the date of
	the transaction in question; d) a legal person, trust or partnership: i) whose
	management responsibilities are held by a Relevant Person or by a person
	referred to in letters a), b) or c), or ii) who is directly or indirectly controlled by
	a Relevant Person or by a person referred to in letters a), b) or c), or iii)
	established for the benefit of a Relevant Person or a person referred to in
	letters a), b) or c), or iv) i whose economic interests are substantially
	equivalent to the interests of a Relevant Person or a person referred to in
	letters a), b) or c).
Remuneration Policy:	the "2023 Remuneration and Incentive Policy", approved by the Shareholders'
	Meeting on 13 April 2023.
Strategic Plan	the five-year strategic plan to 2028, called 'Even more a bank like no other',
	approved by the Board of Directors on 27 June 2023
Board Diversity Policy:	the "Board of Directors Diversity Policy of BFF Bank SpA ", adopted by the BoD
	pursuant to art. 123- bis , paragraph 2, letter d- bis ) of the TUF.

Quotation:	the process concluded on 4 April 2017 with the placement of the Shares,
	aimed at establishing the free float necessary for the trading of the Shares on
	the MTA, which started on 7 April 2017.
RAF:	the Risk Appetite Framework, i.e. the document approved by the Bank's Board
	of Directors , which defines, at Group level, the risk appetite, the tolerance
	thresholds, the risk limits, the risk governance policies, the reference

maximum risk that can be assumed, the business model and the strategic plan. Recovery Plan: the plan adopted by the Bank, which governs the strategies and actions to be undertaken in the event of a significant deterioration of the Group's equity and financial situation, to ensure, among other things, its restoration.

processes necessary for define and implement them, in line with the

BoI - Consob Joint Regulation: the "Regulation governing centralized management services, settlement services, guarantee systems and the related management companies" jointly issued by the Bank of Italy and Consob with provision of 22 February 2008, as subsequently amended.

BoD regulation: the "Board of Directors Regulations", adopted by the BoD in order to regulate its composition and functioning, in compliance, among other things, with the principles set out in the Provisions on Corporate Governance and the Corporate Governance Code . This document is published on the Bank's website at the following address: https://it.bffgroup.com/it/administration board-regulation .
Group regulation: the " Group Regulations ", adopted by the BoD in order to regulate the internal regulatory sources of the Bank - as Parent Company of the BFF Group - and its Subsidiaries, defining, in particular, the hierarchy and methods of adoption and updating.

ROA: the " Regulations of Corporate Bodies, Control Functions and Information Flows", adopted by the Board of Directors in order to regulate the duties and responsibilities of Corporate Bodies and Corporate Control Functions, as well as the information flows between Corporate Bodies and Functions Control Companies, towards the CRC, as well as towards the OdV . The ROA is published on the Bank's website at the following address: https://it.bffgroup.com/it/regulation-of-the-administration-board .

Issuers Regulation: the Implementing Regulation of the TUF, concerning the discipline of issuers, adopted by Consob, with resolution of 14 May 1999, n. 11971, as subsequently amended and supplemented.

Intergroup regulation:	the "InfragroupRegulation", adopted by the Board of Directors , which defines
	the organizational structure, objectives and contents of the Bank's
	management, coordination and control over its Subsidiaries. It is a document
	intended to guarantee the realization of the unitary business plan of the
	Group as a whole and the development of the business,through the exercise,
	by the Parent Company, of its governance role over the Subsidiaries, ensuring
	their management, coordination, and control.
Market Regulations:	the Market Regulation, issued by Consob with resolution no. 20249 of 2017,
	as subsequently amended.
Consob Related Parties	the Regulation on transactions with related parties issued by Consob with
Regulation:	resolution no. 17221 of 2010, as subsequently amended.
Report:	this report on corporate governance and ownership structure, which the Bank
	is required to prepare pursuant to art. 123- bis of the TUF, available in the
	section https://investor.bff.com/it/associazione-degli-azionisti of the Website ,
	as well as on the authorized distribution and storage mechanism .
Remuneration Report:	the " Annual report on the remuneration policy and fees paid of the BFF Banking
	Group ", prepared pursuant to art. 123- ter of the TUF, of art. 84- quater of the
	Issuers' Regulations, available on the website in the "
	Governance/Shareholders' Meeting Documentation " section.
RMVU:	the Regulation (EU) n. 1024/2013 of the Council of 15 October 2013, which
	assigns specific tasks to the ECB regarding policies on the prudential
	supervision of credit institutions.
Relevant Persons:	the members of the Board of Directors or of the Board of Statutory Auditors
	and senior managers.
Scalve:	Scalve S.à rl, a company controlled by the CEO.
ICS or Internal Control	the set of rules, functions, structures, resources, processes, and procedures
System:	which aim to ensure, in compliance with sound and prudent management, the
	achievement of the objectives identified in the Supervisory Provisions on the
	internal control system, such as, among others, risk management.
Website:	the Bank's website, accessible at the address https://it.bff.com/ .
Auditing Firm:	KPMG SpA, the company responsible for the statutory audit of the Bank's
	accounts.
NHS:	the National Health Service.
Statute:	the current Articles of Association of the Bank, published on the Website at
	the following address: https://it.bff.com/statuto .

Sustainable Success:	the objective that guides the action of the BoD, and which takes the form of
	the creation of long-term value for the benefit of the Shareholders, taking
	into account the interests of the other relevant stakeholders for the Group.
TUB:	Legislative Decree of 1 September 1993, n. 385 -" Consolidated text of laws on
	banking and credit ", as subsequently amended.
TUF:	the Legislative Decree of 24 February 1998, n. 58 – "Consolidated text of
	provisions on financial intermediation", as subsequently amended.

REPORT ON CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURES

2023 EDITION

PREAMBLE

This Report:

is made pursuant to Article 123-bis of Legislative Decree 58/1998 (TUF) and the Corporate Governance Code for Listed Companies (2020 version, available on the Corporate Governance Committee's website, https://www.borsaitaliana.it/comitato-corporategovernance/codice/2020.pdf);
provides the market with annual information on the ownership structure, adherence to the Governance Code, as well as on the structure and functioning of the Corporate Boards and the governance practices actually applied by the Bank;

outlining outlines, the profiles of adherence to the indications of the Governance Code, highlighting - in line with the so-called " comply or explain " principle - any non-applications thereof;

fulfils the public disclosure requirements for banks as set out in the Bank of Italy's Supervisory Provisions on Corporate Governance;
was approved by the Board of Directors on 7 March 2024 and drawn up in accordance with the indications contained in the " Format for the report on corporate governance and the ownership structure " (January 2022 edition), drawn up by Borsa Italiana;
is submitted to the Shareholders' Meeting convened for 13 April 2023 in a single call.
the Report was previously submitted to the Independent Auditors, for the purposes of the pertinent checks and the release of the judgment of consistency envisaged by art. 123- bis of the TUF. are shown in the reports drawn up by the latter pursuant to art. 14 of Legislative Decree no. 39/2010, attached to the financial statements and to the consolidated financial statements.

For the purpose of pursuing a progressive and constant path of improvement of its governance, the Bank takes into account the recommendations formulated by the Chairman of the Corporate

Governance Committee in the letter sent to the chairmen of the administrative bodies on 18 January 2023 (see section 15).

The Information on the application of the provisions of the Governance Code regarding remuneration is contained in full in the "Report on the remuneration and fees paid to the members of the strategic supervisory, management and control bodies, and to the personnel of the BFF banking Group " (the " Remuneration Report "), available on the Website at the address https://investor.bff.com/it/associazione-degli-azionisti-13- aprile-2023 , and to which please refer.

1.0 ISSUER PROFILE

THE GOVERNANCE SYSTEM ADOPTED BY THE BANK

BFF has adopted a traditional governance model: the body with the function of strategic supervision of the enterprise is the BoD, and the control function is exercised by the Board of Statutory Auditors, bodies, both of which are appointed by the Shareholders' Meeting.

The BoD has (i) designated Dr. Massimiliano Belingheri as CEO, entrusting him, in accordance with the provisions of corporate governance, with the management of the enterprise, and (ii) established:

in accordance with the Governance Code and Supervisory Provisions:
the Compensation Committee;
the Appointments Committee;
the Risk and Control Committee,

with investigative, advisory, and propositional duties towards the Board of Directors;

in accordance with the Consob Related Parties Regulation, the RPT Committee;
in accordance with Decree 231, the Supervisory Board.

The statutory audit of the accounts is entrusted by the Shareholders' Meeting to the Auditing Company.

Finally, it should be noted that the Bank:

qualifies as a less significant credit institution pursuant to Article 6(4) of the RMVU;

as a listed company, it falls - pursuant to the Corporate Governance Provisions - among banks of larger size and operational complexity¹ .

It should be noted, as disclosed to the market on 4 January 2023, that starting from 1 January 2023 the Bank lost the SME qualification pursuant to art. 1, paragraph 1, letter w-quater. 1) of the TUF, since after two years from the entry into force of law no. 120/2020, which converted the DL n. 76/2020, which identified, in a turnover not exceeding Euro 300 million, the maximum limit within which issuers could be qualified as SMEs. It should be noted that the Bank was classified as an SME on the sole basis of the consolidated turnover criterion ² , as the criterion associated with the value of the average market capitalization was already higher than the regulatory threshold of 500 million Euros.

Therefore, the Bank is no longer included in the list of issuers of PMI listed shares published by Consob on its website.

It should be remembered that the loss of SME status by BFF entails the application of a further relevant threshold for the purposes of the disclosure obligations of significant shareholdings, pursuant to art. 120 of the TUF, equal to 3% of the share capital.

MISSION OF THE ISSUER AND MAIN EVENTS OF 2023

1985-2009

BFF IS BORN AND MAKES A FACT IN THE REFERENCE MARKET

¹ In particular, starting from 2022, following the publication of update no. 37 of Circular 285 (which eliminated the category of "intermediate banks") the Bank is not included among those of smaller size and operational complexity for the purposes of applying the regulations on remuneration and incentive policies and practices referred to in Circular 285

² The definition of PMI in the TUF has been modified by art. 44-bis, first paragraph, of the decree-law of 16 July 2020, n. 76, introduced by the conversion law of 11 September 2020, n. 120.

Before the amendment, article 1, paragraph 1, lett. w- quater.1 of the TUF defined "SMEs" as small and medium-sized enterprises, issuers of listed shares, whose turnover (even prior to the admission to trading of their own shares) was less than 300 million euros, or which had a capitalization of market below 500 million, specifying that " the issuers of listed shares that have exceeded both of the aforementioned limits for three consecutive years are not considered SMEs ". The amendment eliminated the reference to the turnover parameter, for which, to date, small and medium-sized enterprises, issuers of listed shares, which have a market capitalization of less than 500 million euros are considered "SMEs" and "are not considered SMEs the issuers of listed shares that have exceeded this limit for three consecutive years ".

Moreover, the same article 44- bis of the decree, in the second paragraph, has provided for a transitional regime according to which : ] assume the status of PMI based solely on the turnover criterion and continue to maintain this status for two years following the one in course ".

Founded by a group of pharmaceutical companies to meet their needs for the management and collection of receivables from the healthcare system, BFF immediately became a leader in the reference market.

2010-2014

RESILIENT DURING THE CRISIS, THE PROCESS OF INTERNATIONALIZATION AND TRANSFORMATION INTO A BANK BEGINS

Expansion into new European countries begins in Spain, in 2010 and in Portugal, in 2014. The BFF offer is extended to all suppliers of public bodies, no longer just to healthcare systems. Become a bank in 2013.

2015-2020

LISTING AND EUROPEAN LEADERSHIP

BFF grows in Central-Eastern Europe, through an important acquisition in Poland (2016), and is listed on the Italian Stock Exchange (2017). The international offer is also present in Greece, Croatia, France. The business in Spain is consolidated with the acquisition of IOS Finance (2019). TODAY

LEADER IN SPECIALIZED FINANCE BFF is the only pan-European platform, with a presence in 9 countries, specialized in the management and purchase without recourse of receivables from the Public Administration and National Health Systems. In 2021, the merger with DEPObank establishes its leadership also in securities services, as the only Italian custodian bank and into Bank Payment Services, distributed to over 100 banks and Payment service providers (PSP) in Italy.

In 2023, as part of the new business plan, it confirms its intention to grow in its core business and continue on the course of creating value for its shareholders and all stakeholders.

BFF's ambition, at Group level, is to pursue the growth path undertaken, further developing the current operating segments, leveraging its strengths: (i) focus on highly specialized and profitable business segments, driven by positive long-term structural trends in which BFF has a distinctive position; (ii) large capital endowment; (iii) continuous investment in talent and innovation. This strategy takes into consideration the ESG objectives, which are an integral part of the business

plan of BFF, which cares about the social and environmental well-being of the community in which

it operates and is committed to various initiatives aimed at reducing its environmental impact, and to have a positive impact on the community, as better indicated below.

The Bank proposes itself as a further objective, to maintain - and further improve - its profitability to allow, on the one hand, an adequate remuneration of its Shareholders and, on the other hand, a high level of satisfaction of all stakeholders, safeguarding, at the same time, its own risk/return profile.

The strategic guidelines of the plan to 2028, presented in June 2023, build on the strengths and values firmly associated with the BFF Group and lay the foundations for further significant growth in revenues, profits, profitability, and remuneration to ensure high returns for shareholders. The Group intends to achieve positive development in all its business segments by leveraging on its salient features: a responsible approach to business, focus and distinctive positioning in highly specialised business segments, margins and traction from long-term structural trends, ample capital resources and continuous investment in talent, innovation, and distribution. The strategic plan to 2028 confirms a responsible approach to business and includes the adoption of an integrated strategy that combines business growth and financial strength with social and environmental sustainability.

Among the main events that characterized the Financial Year, the following should be noted:

-
it is noted that in December 2022, a shareholding of 1.25% was subscribed the capital increase approved by the Istituto della Enciclopedia Italiana founded by Giovanni Treccani SpA ("Treccani"), in line with its commitment to support culture. The decision to enter the shareholding structure of Treccani, alongside other prestigious exponents - public and private - of the cultural and economic fabric of the country, in fact allows BFF to enrich its social and sustainability policies, placing itself alongside one of the major Italian centers of production and diffusion of culture.
in February 2023, the Bank announces that the ESG rating assigned to the Group by MSCI Inc., a leading international ESG rating company that analyses approximately three thousand companies globally, will be upgraded from BBB to AA;

the Shareholders' Meeting was held on 13 April 2023, which approved the Remuneration Policy Report - which includes the remuneration policy in its first section - and cast a favourable advisory vote on the Remuneration Report;
in April 2023, a portion of the 2022 individual net profit for the second half of the year, amounting to Euro 77,479,836, was distributed, corresponding to a dividend, gross of withholding taxes, of Euro 0.419 for each of the 185,623,140 Shares then outstanding;
in June 2023, the Bank approved the Group's five-year strategic plan to 2028: "Ever more a bank like no other" and three-year financial targets;
on 7 September 2023, the Shareholders' Meeting was held, which approved the proposal to distribute part of the Retained Earnings Reserve recorded in the Bank's financial statements as at 31 December 2022 for a total maximum amount of Euro 27,487,349.74 as an ordinary dividend corresponding to a dividend, gross of statutory withholdings, of Euro 0.147 for each of the ordinary shares then outstanding;
on 4 October 2023, the Bank announced to the market that it had reached an overall holding of 7.7% of the share capital of Generalfinance S.p.A. following a block purchase transaction, which represents an investment for BFF in a financial intermediary - active in the provision of factoring services typically to companies in difficulty and in a state of financial stress - with great potential for growth and operating in a rapidly expanding market.
On 26 October 2023, the Bank: i) in view of the next Shareholders' Meeting to be called for 18 April 2024, called to resolve inter alia on the renewal of the corporate bodies whose term of office will expire with the approval of the Financial Statements as at 31 December 2023, approved and published the Guidelines to Shareholders on the qualitative and quantitative composition of the Board of Directors deemed optimal, available on the website at the following link [-]. It should be noted that the purpose of this document is to provide shareholders with a valid support tool for the selection of candidates, with a view to preparing the list of the Board of Directors itself; ii) announced that the Board of Directors will avail itself of the option, expressly provided for in Article 15 of the Bank's Articles of Association, to submit its own list of candidates; iii) announced that the Chairman of the Board of Directors, Mr. Salvatore Messina, has informed the Bank of his intention not to stand for re-election on the list being prepared for the next three-year term, having served

nine years in office, which has meant that he no longer meets the formal requirement of independence, as required by the best corporate governance practices.

THE PURSUIT OF SUSTAINABLE SUCCESS

The Bank declares that it adheres to the Corporate Governance Code, in its latest version (2020 update), implementing the recommendations on the pursuit of Sustainable Success formulated by the Corporate Governance Committee. To this end, the Board of Directors has updated its own regulation and, on proposal of the Committees within their respective competence, the regulations of the Committees themselves.

The Bank has created an ESG Committee, the purpose of which is to support the CEO in the process of promoting and progressively integrating ESG criteria into the Group, and, therefore, in defining ESG principles, objectives and initiatives in the Bank's Business Plan, and in monitoring the risks and opportunities associated with them, also in terms of their potential impact on the Group's performance, all as better indicated in the DNF, which also sets out BFF's ESG objectives, to which reference should be made. Similarly, about the Board of Directors' interpretation of its role in guiding the Bank with the objective of pursuing Sustainable Success, and the ways in which these objectives are integrated:

in strategies, please refer to Section 4.1;
in remuneration policies, please refer to Section 8;
in the internal control and risk management system, please refer to Section 9.

The Bank at the Group level believes that the pursuit of Sustainable Success cannot disregard the definition of clear and measurable objectives on ESG matters.

Specifically, the Group's ambition is to strive towards the achievement of the following objectives:

reduction of its impact on the environment;
enhancement of its people through the promotion of well-being and the development of skills;
enhancement of the cultural and social context in which it operates, also through the initiatives described below.

These objectives have been better defined and integrated also in the light of the regulatory evolution on the subject (ie integration of climate and environmental risks, as envisaged by the " Bank of Italy Expectations "), as well as the expectations of stakeholders, including investors and rating agencies.

The concrete methods for achieving all the objectives, and will be summarized in a dedicated action plan, on which the Bank will provide information to the Board of Directors on its performance and progress in dedicated reporting.

Among the actions undertaken by the Bank in the ESG area in 2023, we note:

the Bank at group level will pursue its commitments on environmental sustainability constantly focusing on achieving a positive social, environmental and stakeholder impact;
by 2026, BFF is committed to achieving a net zero CO2 emission target through low-impact offices and efficient technology infrastructure. It is expected that by 2026, 80% of employees will work in green buildings (compared to 47% today). The new sustainable headquarters, Casa BFF, will be opened by 2024 and will promote a better integration between BFF and the surrounding community with a city garden, an open-air theatre and an art gallery 'Art Factor - The Pop Legacy in Post War Italian Art';
BFF is also committed to improving its positive impact on the community, including by supporting the objectives of the Fast Forward Foundation (the 'Foundation'). BFF will increase its contribution to the Foundation's activities on the basis of a new long-term plan, which is based on the concept of 'integrated welfare'. The Foundation's plan was presented to stakeholders in autumn 2023.
BFF continues to focus on the excellence of its governance, where a key component is the Board of Directors list selection process, which aims to strengthen the profile of the Board in the interest of all stakeholders. The Bank promotes meritocracy, responsibility, and sustainability, also by supplementing its short-term and long-term incentive plans covering 72% and 21% of BFF employees respectively with specific KPIs related to ESG factors. In fact, sustainable performance metrics are integrated into BFF's remuneration policy, promoting the reduction of the gender pay gap, reduction of CO2 emissions and diversity;

on 21 November 2023, Standard Ethics Ltd. ('Standard Ethics') an independent sustainability rating agency - at the end of the analysis process conducted for the first time in solicited form, revised upwards the Bank's Corporate Standard Ethics Rating (SER) to 'E+' from the previous 'E', assigning a 'Positive' Outlook;
Standard Ethics highlighted the path taken by the Bank in progressively aligning its sustainability governance tools with the UN, OECD and European Union sustainability guidelines and standards. Furthermore, it is emphasised that, in some areas, including Diversity and Inclusion, cybersecurity, risk of malfeasance and tax issues, this alignment process undertaken by the Bank is well underway and structural. As of 2019, BFF's ESG (Environmental, Social, Governance) reporting is in line with industry best practices, and an ESG committee has been in place since July 2022. The Bank's commitment is also tangible in other areas such as, environmental policies and ESG financial issues, which are currently being implemented through targeted policies or specific measures.

This important achievement underlines the strategic importance of sustainability and good governance practices in the Bank's development, contributing significantly to strengthening its leadership both nationally and internationally.

With reference to ESG-related activities undertaken during the current year, the following should be noted:

On 25 January 2024, MSCI Inc. a leading international ESG rating company, which analyses around three thousand companies globally, confirmed BFF's ESG rating at AA. MSCI Inc. placing it in the highest rating range.
On 29 January 2024 Morningstar Sustainalytics a leading company in ESG research, ratings and data, which supports investors worldwide in the development and implementation of responsible investment strategies - as part of an independent assessment of the entire BFF Group, assigned the latter an ESGrisk rating of 17.0, an improvement on the score assigned as a result of the previous analysis and confirming the company in the "Low Risk" category.
The Bank, at Group level, has adopted the Diversity & Inclusion Policy (described in detail in paragraph 4.3, to which reference is made);

THE GROUP

BFF is registered in the Register of Banking Groups, pursuant to art. 64 of the TUB, as Parent Company of the BFF Group, which includes the Issuer, BFF FI, the BFF Polska Group, BFF TechLab, BFF Immobiliare.

As Parent Company, the Bank carries out management and coordination activities for the Subsidiaries through the governance of the planning process, the issuing of policies, regulations and directives, the centralized monitoring of risks ³ .

In carrying out the activity, the Bank promotes the valorisation of the Subsidiaries, individually and at Group level, directing development and management policies according to objectives of operational efficiency and sustainable profitability over time. The management of the Subsidiaries contributes to the achievement of the Bank's objectives.

In particular, the Parent Company, in its capacity as contact person for the Supervisory Authority, issues the provisions necessary for the Subsidiaries to implement the general and particular instructions issued by the Bank of Italy in the interest of the stability of the Group, pursuant to art. 61, paragraph 4, of the TUB, and Circular 285.

BFF is not subject to management and coordination by other legal entities (see Section 2.0, Par. j). Below is a graphic representation of the Group, with an indication of the equity investments held by the Issuer at the date of the Report.

³ For the aforementioned purposes, the BoD approved the Intercompany Regulation and the Group Regulation which governs the internal regulatory sources of the Bank - as Parent Company of the BFF Group - and of its Subsidiaries, defining, in particular, the hierarchy and methods of adoption and of update.

2.0 INFORMATION ON THE OWNERSHIP STRUCTURE (pursuant to art. 123- bis, paragraph 1, TUF) AS OF 31/12/2023

a) Share capital structure (pursuant to article 123- bis, paragraph 1, letter a), TUF)

The subscribed and paid-up share capital of the Bank as at 31 December 2023 amounts to Euro 143.905.656,43, divided into no. 186.890.463 Shares with no par value, all representing the same fraction of share capital. The Shares are issued in dematerialized form pursuant to article 83- bis of the TUF, are indivisible and freely transferable. Each Share is nominative and gives to one vote in the ordinary and extraordinary Shareholders' Meetings of the Bank, as well as the other administrative rights established by the applicable provisions of the law and the Articles of Association.

As at 31 December 2023, the shareholding is composed as follows (shares above 3%):

SHAREHOLDER	NO. OF SHARES	% ON CAPITAL
Management	11,182,541	6,0 %
Capital Research and Management Company	9,708,159	5,2%
JPMorgan Asset Management Holdings Inc.	5,913,781	3,2%

Source: https://investor.bff.com/it/azionario

As anticipated in the previous paragraph, from 9 March 2022, BFF qualifies as a full public company, since, confirming itself as one of the few truly Italian listed companies with a broad shareholder structure.

As of December 31, 2023:

the Bank is the owner of no. 494.854 treasury shares equal to 0.26% of the share capital, a decrease compared to the 570.728 treasury shares held as at 31 December 2022;
management is the main shareholder of BFF, holding 6,0 % of the Bank's share capital, of which approximately 5. 82% (equal to 10. 88 million shares) is owned by the CEO and by the Persons closely related to them Associates (Bray Cross Ltd. and Scalve S.à rl, The Bali Trust,

The Bomi Trust e Bomi S.à r.l.), while the remainder is owned by the 4 vice president in force at that date, and by the Persons Closely Related to them ⁴ .

With regard to share-based incentive plans involving increases in the share capital, it should be noted that the Shareholders' Meeting, on 2 April 2020, resolved, inter alia, to increase the share capital free of charge, in divisible form, pursuant to of the art. 2349 of the Civil Code for a maximum of Euro 5,254,563.16, through the issue, even in several tranches , of maximum n. 6,824,108 new Shares, with the exclusion of the option right pursuant to art. 2441, paragraphs 5 and 6, of the Civil Code, to serve, inter alia, the 2016 SOP and the 2020 SOP, by the deadline of 30 June 2029 (the "Free Capital Increase"), subject to revocation (i) of the paid capital increase approved by the Shareholders' Meeting on 28 March 2019, and (ii) of the proxy – granted by the same Shareholders' Meeting – to the BoD pursuant to art. 2443 of the Civil Code to increase the share capital free of charge.

As for the 2016 SOP, the Board of Directors assigned, in the three-year period 2017-2019, in three tranches, a total of no. 8,452,640 options, against a maximum of no. 8,960,000 options assignable, completing the assignment phase.

It should be noted that at 31 December 2023, the number of stock options granted and not exercised was 96,000, of which all have matured the vesting period and are exercisable With regard to the 2020 SOP, the Board of Directors granted a total of 8,384,500 options in two tranches over the two-year period 2020-2021, against a maximum of 8,960,000 options that can be granted, exhausting the allocation phase.

It is specified that on 31 December 2023, the number of options granted and not exercised was 5,461,400, of which 2,227,700 have vested and are exercisable.

With regard to the SOP 2022 Incentive Plan, of Stock Options A (equity settled) and Stock Options B (cash settled), the Board of Directors assigned a total of 7,664,500 options in two tranches over the two-year period 2022-2023, of which 3,439,500 in equity settled and cash-less mode and 4,225,000 in cash settled/phantom share mode), against a maximum of 9,700,000 options that can be assigned, the assignment phase envisaged by the Plan has not yet been completed.

⁴ . The remaining 93.76% is free float, plus 0.54% of treasury shares (994,727 as at 31 December 2022).

At 31 December 2023, the number of options granted was 7,664,500 (of which 3,439,500 in equitysettled and cash-less mode and 4,225,000 in cash-settled/phantom share mode), none of which could be exercised yet

During the Financial Year, the Bank

has not made any purchase of treasury shares;
has assigned a total of no. 367.762 Shares, of which:
- no. 244.983 to the CEO, of which:
  - no. 8-505 for the settlement in financial instruments of the deferred part of the 2019 MBO;
  - no. 17.951 for the settlement in financial instruments of the upfront part of the 2022 MBO;
  - no. 147.697 following the exercise of options under the 2016 SOP; And
  - no. 29.793 for the settlement in financial instruments of the up-front part of the integration bonus 2021;
  - no. 41.037 for the settlement in financial instruments of the up-front part of the settlement agreement 2023;
- no. 122.779 for the settlement of non-competition agreements, for redundancy incentives and following the exercise of options under the 2016 SOP and SOP 2020 to other beneficiaries no longer in force.

For further information on the options assigned, please refer to the analytical tables on the " Stock options assigned to members of the administrative body, general managers and other executives with strategic responsibilities " referred to in Section II, par. 3 of the Remuneration Report.

Finally, we inform you that, pursuant to art. 5, paragraph 5, of the Articles of Association, the Extraordinary Shareholders' Meeting may resolve the issue of warrants ,within the limits and under the conditions prescribed by the Bank of Italy, provided that they are exercised within five years of the relative issue.

b) Restrictions on the transfer of securities (pursuant to article 123- bis, paragraph 1, letter b), TUF)

The Shares are freely transferable, and there are no restrictions on their transfer, such as, for example, limits on the possession of securities or the need to obtain the approval of the Issuer or other holders of securities.

c) Relevant equity investments (pursuant to article 123- bis, paragraph 1, letter c), TUF) Based on the communications received pursuant to art. 120 of the TUF and the information available, and except as indicated in Section 1.0above, the Bank is aware Shareholders who holds (directly or indirectly), as at 31 December 2023, a percentage of share ownership, with voting rights, greater than 3% of the share capital, ie the CEO and Persons Closely Associated with them, for 5.8% of the share capital, Capital Research and Management Company for 5.2% of the share capital, JPMorgan Asset Management Holdings Inc. for 3.2% of the share capital as better detailed in Table 1 - "Information on the ownership structure" in the appendix to the Report.

d) Securities conferring special rights (pursuant to article 123- bis, paragraph 1, letter d), TUF)

As of the date of approval of this Report, the Bank has not issued any securities which grant special control rights, nor has it adopted statutory provisions granting multiple or increased voting rights.

e) Employee shareholding: mechanism for exercising voting rights (pursuant to article 123- bis, paragraph 1, letter e), TUF)

There are no employee share ownership schemes in place that confer a different voting right to that envisaged for all shareholders.

f) Restrictions on voting rights (pursuant to article 123- bis, paragraph 1, letter f), TUF)

There are no restrictions on voting rights.

With reference to treasury shares held by the Bank, the right to vote is suspended by law.

g) Agreements between shareholders (pursuant to article 123- bis, paragraph 1, letter g), TUF)

As of 31 December 2023, there is no significant shareholder agreement in force pursuant to and for the purposes of art. 122 of the TUF and articles 129 et seq. of the Issuers Regulation.

h) Change of control clauses (pursuant to article 123- bis, paragraph 1, letter h), TUF) and statutory provisions on takeover bids (pursuant to articles 104, paragraph 1-ter, and 104-

bis, paragraph 1)

It should be noted - in relation to the effects resulting from possible changes in the Bank's ownership structure -that some loan agreements of BFF Polska and its subsidiaries contain clauses which provide, upon the occurrence of certain significant events (including the possible loss of control of the Bank on the BFF Polska Group ), the right of the lender to: (i) terminate the loan agreement; (ii) suspend the beneficiary's right to use their current account (overdraft facilities); (iii) request the establishment of new and additional guarantees, or, depending on the case, (iv) declare the forfeiture of the benefit of the term.

As usual in financial market negotiation practices for certain types of relationships, the Bank and the companies of the Group are parties to contracts which may envisage specific effects upon the occurrence of a "change of control" (these are agreements which take effect, are modified or terminated in the event of changes in the control of the company and/or any other concomitant events).

Regarding takeover bids, it should be noted that the Articles of Association do not provide for (i) exceptions to the provisions on the passivity rule envisaged by art. 104, paragraphs 1 and 1- bis, of the TUF; (ii) the application of the neutralization rules contemplated by art. 104- bis, paragraphs 2 and 3 of the TUF.

i) Powers to increase the share capital and authorization to purchase treasury shares (pursuant to article 123- bis, paragraph 1, letter m), TUF)

On 2 April 2020 , the Shareholders' Meeting resolved, inter alia, to increase the share capital free of charge, in divisible form, pursuant to art. 2349 of the Civil Code for a maximum of Euro 5,254,563.16, through the issue, even in several tranches , of maximum n. 6,824,108 new Shares, with the exclusion of the option right pursuant to art. 2441, paragraphs 5 and 6, of the Civil Code, to serve, inter alia, the 2016 SOP and the 2020 SOP, by the deadline of 30 June 2029 (the "Free Capital Increase"), subject to revocation (the) of the paid capital increase approved by the Shareholders' Meeting on 28 March 2019, and (ii) of the proxy – granted by the same Shareholders' Meeting – to the BoD pursuant to art. 2443 of the Civil Code to increase the share capital free of charge.

On 9 February 2023 - following the authorization by the Bank of Italy on 1 February 2023, and in execution of the resolution passed by the Ordinary Shareholders' Meeting on 31 March 2022 - the Board of Directors resolved to initiate the Share Buyback Program, which was concluded in February, by reason of the purchase of a total of 291,888 Shares, the maximum number of shares to be purchased under the Program, the Shareholders' Meeting authorized the Bank to purchase treasury shares in compliance with art. 2357 of the Civil Code revoking the previous authorization, which was approved by the Shareholders' Meeting of 31 March 2022, in the terms summarized below:

duration of the authorization: 18 (eighteen) months;
maximum number of shares that can be purchased in one or more tranches: n. 8, 463.819 Shares, representing, taking into account the treasury shares already held, 5% of the share capital (as of March 1, 2022, the date of approval of the report to shareholders on the matter);
purchase price of each share: it cannot deviate, neither in decrease nor in increase, for more than 20% with respect to the reference price recorded by the stock in the trading session preceding each individual transaction.

It should be noted that on 6 October 2023 - in execution of the aforementioned Shareholders' Meeting authorization - the Board of Directors of BFF Bank S.p.A. resolved to initiate the regulatory process aimed at the issue by the Bank of Italy of the authorization, pursuant to Articles 27 et seq. of Delegated Regulation (EU) No. 241 of 7 January 2014 adopted by the European Commission and Article 78 of Regulation (EU) No. 575 of 26 June 2013 for the purchase of the Bank's treasury shares, up to a maximum amount of EUR 8.5 million, with an impact of approximately 30 bps of the Group's CET1 ratio calculated on a pro-forma basis as at 30 September 2023;

The Bank cannot purchase treasury shares except within the limits of distributable profits and available reserves resulting from the latest financial statements, duly approved at the end of the 2022 financial year.

j) Management and coordination activities (pursuant to art. 2497 and following of the civil code)

The Bank is not subject to management and coordination activities pursuant to art. 2497 and following of the Civil Code, since, among other things, BFF operates in conditions of complete corporate and entrepreneurial autonomy, without the interference of outside parties.

The information required by art. 123- bis, paragraph 1, lett. i), of the TUF, the information required by art. is contained in Section II, paragraph 2.4 of the Remuneration Report. 123- bis, paragraph 1, lett. l), first part of the TUF is illustrated in Section 4.0of this Report, dedicated to the Board of Directors and the information required by art. 123- bis, paragraph 1, lett. l), second part of the TUF are illustrated in Section 13 of this Report, to which reference is made.

3.0 COMPLIANCE (pursuant to article 123-bis, paragraph 2, letter a), first part, TUF)

Governance Code, starting from its Listing (April 2017), and in compliance with the obligations established by art. 123- bis of the TUF and the related implementing rules, declares that it still adheres to the 2020 edition of the Governance Code , promoted by the Corporate Governance Committee.

BFF believes that the alignment of its corporate governance (by this meaning the system of rules, principles and procedures in which the management and control system of a company is substantiated) to international best practice , which the Code of Governance is inspired by, constitutes a fundamental prerequisite for the achievement of its objectives, which are not limited to the ambition to maximize shareholder value and customer satisfaction, but also include the pursuit of excellence in terms of transparency of management decisions, efficiency of the internal control systems and correctness and rigor in transactions with related parties and connected subjects, and/or in potential conflict of interest, as well as in safeguarding professionalism, correctness and respect, as fundamental principles in relations with Shareholders, customers and all the Bank's interlocutors in general.

The Governance Code is available to the public for consultation on the website of the Corporate Governance Committee at the page https://www.borsaitaliana.it/comitato corporategovernance/codice/2020.pdf.

More detailed information on the methods of application, during the Financial Year, of the Principles and Recommendations of the Code of Governance are reported below.

This Report is made available to the Shareholders and the public together with the " Annual Financial Report as at 31 December 2023", at the registered office and on the Website, as well as on the authorized distribution and storage mechanism .

Corporate governance structure is not influenced by legal provisions other than those of Italy or the European Union. BFF Polska and BFF FI are, respectively, companies incorporated under Polish and Spanish law and, therefore, subject to the laws of these countries. However, this circumstance does not affect the Bank's corporate governance structure in any way.

4.0 BOARD OF ADMINISTRATION

4.1 ROLE OF THE BOARD OF DIRECTORS

The BoD is vested with the strategic supervision function and is assigned a central role in the BFF governance system, being the body that guides the Bank in the pursuit of Sustainable Success, defines the Group's strategic lines, and verifies and monitors them I continue the implementation, in line with this objective.

The BoD is attributed the broadest powers of ordinary and extraordinary administration and has the power to resolve on all deeds falling within the corporate purpose except forthose that the law reserves to the exclusive competence of the Shareholders' Meeting. In particular:

examines and approves the strategic, industrial and financial plans of the Bank and the Group, periodically monitoring their implementation and periodically comparing the results achieved with those planned. It defines the corporate governance system of the Bank and the structure of the Group, as better specified in Section 13;
guides the Bank by pursuing its Sustainable Success, and orients its business with a view to progressively integrating corporate sustainability into the definition of strategies and the remuneration policy, also on the basis of an analysis of the relevance of the factors that can affect generation of long-term value;
defines the nature and level of risk compatible with the Bank's strategic objectives, including in its assessments all the risks that may be relevant in view of the medium-long term Sustainable Success of the Bank's business, at Group level;
evaluates the adequacy of the organizational structure verifying its correct implementation and promptly promoting corrective measures in the face of any gaps or inadequacies - administrative and accounting structure of the Bank, as well as that of the subsidiaries with strategic importance, with particular reference to the internal control system and risk management;
examines and approves transactions including investments and divestments which, by their nature, have strategic importance, entities or commitments that may involve, have significant strategic, economic, capital or financial importance for the Bank and/or for the Group , with particular reference to transactions with related parties;

verifies the adequacy of the organisational, administrative and general accounting structure of the Bank, also at Group level;
in order to ensure the correct management of corporate information, adopts, on the proposal of the Chairman, in agreement with the CEO, the procedure for the management of privileged information, the updates of which are the responsibility of the of the Board of Directors, except for changes that are necessary or in any case appropriate as a result of legal or regulatory provisions, or organisational changes of the Company, which may be approved, subject to the favourable opinion of the Compliance Function, by the Chief Executive Officer, who shall inform the Board of Directors, as better specified in the Section 5;
on the proposal of the Chairman, formulated in agreement with the CEO, it adopts a policy for managing dialogue with the majority of Shareholders, also taking into account the engagement policies adopted by institutional investors and asset managers as better illustrated in Section 13.

The BoD, in line with Recommendation no. 1, lit. d), second part, during the Financial Year, – with the support of the CRC – positively assessed the adequacy of the organisational, administrative and accounting structure of the Bank and its Subsidiaries, with particular reference to the Internal Control System.

As better specified in Section 9 n. 3, the Board of Directors, on the proposal of the Chairman, formulated in agreement with the CEO and with the support of the Appointments Committee, adopted the Engagement Policy on 21 September 2021, as better illustrated in Section 12.

In addition to the attributions that cannot be delegated by law, and without prejudice to the provisions of the regulatory and supervisory provisions in force pro tempore and by art. 16, last paragraph, of the Articles of Association, the BoD is responsible for:

the approval/revision of the industrial and financial plans and/or the budget, and the verification of the achievement of the related objectives;
decisions concerning the assumption and sale of equity investments in Group companies, as well as the determination of criteria for the coordination and management of Group companies, and for the execution of instructions from the Bank of Italy.

Pursuant to the ROA, the BoD also defines the overall governance structure and approves the organizational structure of the Bank, verifies its correct implementation, and promptly promotes corrective measures in the face of any gaps or inadequacies. In particular, the BoD:

approves the organizational structure and corporate governance of the Bank, ensuring the clear distinction of duties and functions, as well as the prevention of conflicts of interest;
approves the accounting and reporting systems;
supervises the Bank's public information and communication process;
ensures effective dialogue with the CEO and with the heads of the main Company Functions, and verifies the choices and decisions made by them over time;
elaborates, submits to the Shareholders' Meeting and reviews, at least annually, the remuneration and incentive policy, and is responsible for its correct implementation;
Taker identification process, and periodically reviews the related criteria;
ensures that the remuneration and incentive policy is adequately documented and accessible within the corporate structure, and that the consequences of any violations of the law or of codes of ethics or conduct are known to personnel;
defines the remuneration and incentive systems, i.e. the fees, for the CEO, and for the Directors who hold particular offices, as well as for the Risk Takers, as better indicated in the Remuneration Report, to which reference is made. In particular, it ensures that these systems are consistent with the Bank's overall choices in terms of risk assumption, strategies, longterm objectives, corporate governance structure and internal controls;
determines the content of the proxies in favor of the CEO in an analytical, clear and precise manner, also in the indication of the quantitative and value limits, and any methods of exercise. This is also in order to allow the collegiate body to verify their correct fulfillment, as well as to exercise its powers of directive and recall.

The duties of the BoD have been integrated to take into account the recommendations formulated in the seventh " Annual report on the application of the Code of Self-regulation regarding the evolution of corporate governance of listed companies ", as detailed in Section 16.0.

Pursuant to the Intercompany Regulations, the BoD, as the body with strategic supervision functions of the Parent Company, also exercises the following powers at Group level:

examines and approves the corporate governance system, the Group structure, the Business Plan and the Budget of the Parent Company, including the consolidated one, and verifies the achievement of the related objectives;
assesses the adequacy of the organisational, administrative, and accounting structure of the Subsidiaries, with particular reference to the SCI and the management of conflicts of interest. Periodically verifies that the ICS is consistent with the strategic guidelines, and that the Corporate Control Functions are independent within the organizational structure, as well as equipped with adequate professional resources and budgets;
business model, having awareness of the inherent risks, and understanding of the ways in which these risks are identified, measured and evaluated;
definition and approval of the Group's strategic guidelines and their review, having regard to the evolution of the Group's business and market conditions, in order to ensure their effectiveness over time;
definition and approval of the organizational structure and Group regulations, ensuring that, within them, the tasks and responsibilities are allocated in a clear and appropriate manner, also with regard to the delegation mechanisms;
definition and approval of the risk management process, and assessment of its compatibility with the strategic guidelines and risk governance policies adopted by the Bank at Group level;
definition and approval of the reference framework for determining the RAF, to set ex ante the risk/return objectives that the Group intends to achieve and the consequent operating limits, as well as the verification that the implementation of the RAF is consistent with the risk objectives and the tolerance threshold identified therein, and the periodic assessment of the adequacy and effectiveness of the RAF, and of the compatibility between the actual risk and the risk objectives;
taking decisions concerning the assumption and transfer (directly or indirectly) of equity investments in other companies, which involve a change in the composition of the Group, as well as the determination of the criteria for the coordination and management of the Subsidiaries and for the execution of the instructions of the Bank of Italy.

Pursuant to the Fit&Proper Decree, the assessment of the suitability of the heads of the main Company Functions ( ie the heads of the Compliance and AML, RM, and IA Functions, as well as the chief financial officer and - where different from the latter - the Financial Reporting Manager).

4.2 APPOINTMENT AND REPLACEMENT (pursuant to article 123- bis, paragraph 1, letter l), first part, TUF)

Pursuant to the Articles of Association ⁵ , the Bank is managed by a board of directors made up of a number of members which is determined by the Shareholders' Meeting, which in any case cannot be less than 5 (five) nor more than 13 (thirteen).

The members of the BoD remain in office for the period, not exceeding 3 (three) financial years, established at the time of appointment, expiring on the date of the Shareholders' Meeting called to approve the financial statements relating to the last financial year of their office, and they are re-eligible.

The appointment of BFF Directors is carried out by the Shareholders' Meeting on the basis of the list voting mechanism. Lists can be presented by: (i) shareholders who, alone or together with other shareholders, represent 2.00% of the share capital, or the lower amount required by the regulatory framework issued from time to time by Consob (art. 144- quater of the Issuers Regulation); (ii) the outgoing ⁶BoD (the "BoD List").

The nomination mechanism through list voting guarantees transparency, as well as timely and adequate information on the personal and professional characteristics of candidates for office. The composition of the BoD ensures:

the possession by all the Directors of the requisites of integrity and professionalism and the satisfaction of the criteria of correctness and competence established by the legislation in force from time to time;
the presence of a minority Director , since, at the end of the vote, the candidates of the two lists that obtained the highest number of votes are elected, according to the following criteria: (i) from the list that obtained the majority of votes cast (so-called "majority list"), a number of Directors equal to the total number of members to be elected, except one, is drawn in the progressive order in which they are listed in the list itself; (ii) the remaining Director is taken from the second list that obtained the highest number of votes at the

⁵ Articles 14 et seq

⁶The Shareholders' Meeting held on 28 March 2019 approved, in an extraordinary session, the draft amendment to the Articles of Association, in order to give the outgoing Board of Directors the power to present a list of candidates for the appointment of the Board of Directors itself.

meeting (so-called "minority list"), which is not connected in any way, not even indirectly, with those who presented or voted for the list majority;

gender balance. In fact, if the application of the list voting mechanism does not ensure the appointment of directors belonging to the less represented gender, at least to the minimum extent envisaged by art. 147- ter , paragraph 1- ter , of the TUF, the candidate belonging to the most represented gender, elected last in progressive order in the majority list, is replaced by the first candidate belonging to the least represented gender and not elected, taken from the same list, according to the progressive order of presentation, or, failing that, from the first candidate of the least represented and not elected gender, drawn from the other lists, according to the number of votes obtained by each. This substitution procedure takes place (limited to lists containing a number of candidates equal to or greater than three) until the composition of the BoD complies with the legislation, including regulations, in force on gender balance;
the possession by the majority of Directors of the independence requirement, replacing, where necessary, the non-independent candidate elected last in progressive order in the majority list with the first independent candidate not elected, taken from the same list, according to the order progressive presentation or, failing that, by the first unelected independent candidate, taken from the other lists, according to the number of votes obtained by each. This replacement procedure is carried out (limited to lists containing a number of candidates equal to or greater than three) until the minimum number of independent Directors required by law is completed and without prejudice, in any case, to compliance with the balance between genres.

If these procedures do not ensure gender balance and/or the presence of the minimum number of independent Directors required by law, the replacement takes place with a resolution passed by the Shareholders' Meeting with a relative majority, subject to the presentation of candidates belonging to the less represented gender o in possession of the independence requirements established by law.

In its Regulations, the Board of Directors has established the requirements that the Directors must possess, in addition to those established by the applicable legislation ⁷ .

Furthermore, pursuant to the Articles of Association:

The filing of the lists of candidates for the office of Director at the registered office must take place , in accordance with art. 147- ter of the TUF, within the twenty-fifth day preceding the date of the Shareholders' Meeting called to resolve on the appointment of the members of the BoD , or, if this term coincides with a public holiday, its expiry is automatically extended to the first following working day. The lists are made available to the public at the registered office, on the website and with the other methods envisaged by current legislation, at least twenty-one days before the date of the Shareholders' Meeting;
the List of the BoD must be filed and made public, in the same manner as for the lists of Shareholders, at least thirty days before the date set for the Shareholders' Meeting called to resolve on the appointment of the members of the BoD (i.e. five days before the aforementioned ordinary statutory deadline for the filing of lists by the Shareholders), in order to offer the Shareholders a longer deadline for the evaluation of the proposed candidates. The list is accompanied by a specific document, which describes the assessments expressed by the Appointments Committee and the Board of Directors on the suitability of the candidates identified, and the process followed for their identification.

Pursuant to Recommendation no. 23 of the Governance Code , as well as in line with Circular 285, the BoD, for the purposes of both appointing and co-opting its members, expresses - taking into account the results of the Self-Assessment process and with the contribution of the Appointments Committee, in coordination with the Chairman of the BoD - an orientation on its qualitative and quantitative composition considered optimal for the effective performance of the tasks and responsibilities entrusted to the administrative body by law, by the Supervisory Provisions and by the Articles of Association, identifying and motivating the theoretical profile of the candidates (including the characteristics of professionalism and possible independence) considered optimal,

⁷ Reference is made to the articles 147- ter, paragraph 4, and 148 of the TUF, as well as the provisions contained in the Fit & Proper Decree and in the Ministerial Decree of 30 March 2000, n. 162, as well as in art. 26 of the TUB and the Governance Code .

favoring, among other things, an adequate composition in terms of skills, experience, age, gender and international projection.

The Guidelines are brought to the attention of the Shareholders by publication on the Website well in advance of the publication of the notice convening the relevant Shareholders' Meeting. Who submits a list must:

provide adequate information, in the documentation presented for the filing of the list, on its compliance with the Guidelines for Shareholders or justify the deviation; And
indicate, if the list contains a number of candidates greater than half of the Directors to be elected, their own candidate for the office of Chairman of the BoD , whose appointment takes place according to the procedures identified by the Articles of Association.

If the Shareholders' Meeting fails to do so, the BoD elects the Chairman from among its nonexecutive members and can also appoint a Deputy Chairman.

The maximum number of positions that can be held in other companies by the Directors is established by art. 17 of the Fit & Proper Decree.

As for the independent Directors currently in office, please refer to the table at the end of this Section.

For information on the role of the BoD and the Committees in the processes of self-assessment, appointment, and succession of directors, please refer to Section 7.0.

REPLACEMENT

If, during the financial year, one or more Directors leave their office, they are replaced pursuant to art. 2386 of the Civil Code, without prejudice, in any case, to compliance with the minimum total number of independent Directors and the balance between genders envisaged by current legislation.

However, if the majority of Directors appointed by the shareholders' meeting ceases to exist, the entire BoD must be understood to have lapsed with effect from the moment of its reestablishment, and the Shareholders' Meeting must be convened without delay for the appointment of a new BoD.

curricula of the co-opted Directors are provided to the first Shareholders' Meeting following the cooption ; (ii) the results of the analysis carried out by the BoD on the correspondence of the qualitative-quantitative composition resulting from the cooptation to that deemed optimal ; (iii) their verification after the appointment; (iv) the compliance of the profiles with the indications contained in the Diversity Policy of the BoD , and (v) the opinion of the Appointments Committee .

4.3 COMPOSITION (pursuant to article 123- bis, paragraph 2, letters d) and d- bis), TUF)

The Board of Directors in office - made up of executive, non-executive and independent Directors - was appointed by the Ordinary Shareholders' Meeting of 25 March 2021, by means of list voting, as well as in compliance with the provisions in force at the time on gender balance, pursuant to articles 147-ter, paragraph 1-ter, and 148, paragraph 1- bis, of the TUF. Furthermore, in compliance with the provisions of the BoD Regulation, its composition is also diversified in terms of experience, gender, skills, age, geographical origin, and international projection.

In presenting the lists of candidates, the Board of Directors and the Shareholders took into account the indications contained in the Guidelines for Shareholders. At the same time as each list, the documentation required by law was filed for each candidate, including: the curriculum vitae vitae containing the professional characteristics of the individual candidates, the declarations of nonexistence of causes of incompatibility or ineligibility and existence of the requisites prescribed by law and by the Articles of Association, as well as the list of any administrative and control positions held in other companies.

For the appointment of the members of the BoD , two lists were presented ⁸ , respectively by:

of the outgoing BoD, who proposed the following candidates to the Shareholders' Meeting: (i) Avv. Salvatore Messina, (ii) Dr. Massimiliano Belingheri, (iii) Federico Fornari Luswergh, (iv) Amélie Scaramozzino, (v) Dr. Gabriele Michaela Aumann born Schindler, (vi) Piotr Henryk Stepniak, (vii) Domenico Gammaldi, (viii) Barbara Poggiali, and (ix) Isabel Aguilera Navarro (the "List No. 1");
Studio Legale Trevisan, on behalf of a group of minority shareholders made up of institutional investors, with no connection with List no. 1, representing a total of 8.51052%% of the share capital of the Bank, which proposed to the Shareholders' Meeting the candidate: Giovanna Villa (the " List no. 2 "). List no. 1 obtained the highest number of votes (equal to 42.80%), while List no. 2 obtained a number of votes equal to 13.26% of the Bank's share

⁸For further information, please refer to the lists made available on the Website at the following address: https://investor.bff.com/it/associazione-degli-azionisti-25-marzo-2021/ .

capital represented at the Shareholders' Meeting, corresponding to 60.73% of the Bank's share capital ⁹ .

The BoD appointed by the Ordinary Shareholders' Meeting on 25 March 2021 was made up of the following no. 9 (nine) members:

Lawyer Salvatore Messina	President
Mr. Federico Fornari Luswergh	Chairman and non-executive Director
Mr. Massimiliano Belingheri	CEO
Mrs. Amélie Scaramozzino	Independent director
Mrs. Gabriele Michaela Aumann	Independent director
Mr. Piotr Henryk Stepniak	Non-executive director
Mr. Domenico Gammaldi	Independent director
Ing. Barbara Poggiali	Independent director
Mrs. Giovanna Villa	Independent director

On the occasion of the appointment, the BoD verified and ascertained:

i. pursuant to the Fit & Proper Decree:
- the existence of the requirements of professionalism, integrity and, where applicable, independence;
- the fulfillment of the criteria of correctness and competence;
- compliance with the limit on the accumulation of offices established by articles 17, 18 and 19 of the Fit & Proper Decree;
- the existence of independent judgement, established by art. 15 of the Fit & Proper Decree, also taking into account the existence of adequate safeguards aimed at preventing the risk of compromising this independence of the representative;
- the adequate availability of time for the exercise of the office, taking into account, among other things, the participation in the internal board committees envisaged by art. 16 of the Fit & Proper Decree;

⁹The data are reported with an approximation down or up to the second decimal. For further information, please refer to the summary report of the votes of the Shareholders' Meeting of 25 March 2021, published on the Website at the following address: https://investor.bff.com/it/assemblea-degli-azionisti-25-marzo-2021 .

ii. where applicable, the possession of the independence requirement, pursuant to art. 2, recommendation n.7, of the Governance Code ;
iii. where applicable, the possession of the independence requirement, pursuant to art. 148, paragraph 3, of the TUF, and as referred to in art. 147- ter , paragraph 4, of the TUF;
iv. interlocking purposes , pursuant to art. 36 of Legislative Decree 6 December 2011, n. 201, as well as the compliance of the composition of the Board of Directors as a whole with the indications expressed in the Guidelines for Shareholders (made public on 19 January 2021), and the fulfillment of the criteria of adequate collective composition, pursuant to art. 11 of the Fit & Proper Decree .

The Board of Statutory Auditors deemed the procedures adopted by the BoD suitable for ascertaining the independence requirements of its independent members.

It should be noted that, following the resignations of the Directors (i) Ing. Barbara Poggiali, on February 3, 2022, and (ii) Amélie Scaramozzino, on February 24, 2022, the BoD appointed with an emergency procedure by co-opting – pursuant to art. 2386 of the Civil Code, respectively, on 10 February 2022 and 1 March 2022 – Ms. Monica Magrì and Anna Kunkl, replacing the outgoing Directors. These appointments were confirmed by the Shareholders' Meeting of 31 March 2022.

The table below summarises the composition of the Board of Directors as at 31 December 2023, indicating the date of first appointment of the Directors, so as to provide information on their seniority in office:

Lawyer Salvatore Messina	Chairman and Independent Director 10(*)
Mr. Federico Fornari Luswergh	Deputy Chairman and non-executive Director
Mr. Massimiliano Belingheri	CEO
Mrs. Monica Magri	Independent director (*)
Mrs. Gabriele Michaela Aumann	Independent director (*)
Mr. Piotr Henryk Stepniak	Non-executive director
Mr. Domenico Gammaldi	Independent director (*)
Mrs. Anna Kunkl	Independent director (*)
Mrs. Giovanna Villa	Independent director (*)

¹⁰It should be noted that, as of 14 January 2022, the Chairman of the Board of Directors is a non-executive and not independent Director pursuant to the Governance Code as he has held the position of Director in BFF for more than 9 years.

(*) Independent directors pursuant to the TUF, as specified in section 4.7

It should be noted that the non-executive Directors, all with extensive knowledge in the sectors in which the Bank operates, represent the majority of the Board of Directors and actively participate in board meetings, analyzing topics of interest and contributing to the adoption of weighted resolutions.

For the sake of completeness, it should be noted that some of the current members of the BoD have already held the position of Directors of the Issuer before the aforementioned appointment, as shown in the table below.

MEMBER	ROLE	DATE OF FIRST
		APPOINTMENT
Lawyer Salvatore Messina	Chairman and Independent Director	01.14.2013
Mr. Federico Fornari Luswergh	Chairman and non-executive Director	04.24.2010
Mr. Massimiliano Belingheri	CEO	12.19.2006
Mrs. Monica Magri	Independent director (*)	10.02.2022
Mrs. Gabriele Michaela Aumann	Independent director (*)	21.12.2015
Mr. Piotr Henryk Stepniak	Non-executive director	25.03.2021
Mr. Domenico Gammaldi	Independent director (*)	25.03.2021
Mrs. Anna Kunkl	Independent director (*)	01.03.2022
Mrs. Giovanna Villa	Independent director (*)	25.03.2021

The BoD will remain in office in its current composition until the approval of the financial statements as at 31 December 2023.

The Board of Directors has verified, on the basis of the declarations made by the Directors at the time of their appointment, the absence of causes of incompatibility (including those envisaged by article 36 of Legislative Decree no. 201/2011 regarding interlocking) and the existence of the requirements (i) referred to in the Fit & Proper Decree , of the DM n. 162/2000 and the additional provisions in force (the "Fit & Proper Decree"); (ii) where applicable, of independence pursuant to art. 2, Recommendation n. 7, of the Governance Code , and pursuant to art. 148, paragraph 3, of the TUF, as referred to in art. 147- ter , paragraph 4, of the TUF and verified; (iii) pertaining to compliance with the limit on the accumulation of offices pursuant to art. 7 et seq. of the BoD Regulations .

The composition of the current BoD reflects an adequate combination of skills and professionalism, in line with the requirements of the Guidelines for Shareholders.

Pursuant to the Board of Directors ' Regulations, in addition to the professional requirements established by current legislation, the Directors must meet at least one of the following requirements:

risk management and control methodologies, acquired through many years of administration, management and control experience in the financial sector;
experience gained in the management of operations aimed at facilitating the disinvestment, management and collection of receivables, in particular, towards entities providing healthcare services as well as towards the PA;
entrepreneurial management and business organization experience acquired through many years of administration, management or control activity in companies, or groups of significant economic size, or in the Public Administration;
ability to read and interpret economic-financial data acquired through many years of experience in administration and control in companies, or in the exercise of professional activities, or in university teaching;
international experience and knowledge of foreign markets acquired through multi-year entrepreneurial or professional activities in foreign institutions or bodies, companies or groups with an international vocation.

The Board of Directors verified the existence of at least one of the above requirements by each of its members and assessed the composition resulting from the appointment process as corresponding to the qualitative-quantitative composition considered optimal with respect to the indications emerging from the Self-Assessment, as indicated in the Guidelines for Shareholders.

In addition to the information on the composition of the BoD shown in Table 2 - " Structure of the Board of Directors and Committees " in the appendix to the Report, pursuant to art. 144- decies of the Issuers' Regulation, the main personal and professional characteristics of each Director are indicated below (the CVs of which have been published in extract form on the Website in the section " Governance/Government structure/Board of Directors ").

Salvatore Messina (Chairman)	Grand Official of Merit of the Italian Republic and lawyer. He graduated with honors in Law at the University of Catania. In 1971 he began his career at the Bank of Italy, where he held multiple and diversified functions until he became, in July 2004, director of the Milan branch of the Institute. During his activity at the Institute, he has also coordinated and taken part in numerous company study groups on topics of institutional importance and represented the Institute as a speaker at conferences and seminars organized by public and private bodies and by representatives of the financial and academic world. He left the Bank of Italy in 2011. He was an independent member of the Board of Banca Esperia SpA from 18 April 2012 to 30 June 2014, Chairman of the BoD of Diners Club Italia Srl from 1 October 2015 to 28 June 2020, and director of the Italian Banking Association from 10 July 2018 to 9 July 2020. He also held the role of member of the supervisory body pursuant to Legislative Decree no. 231/2001 of Banca Monte dei Paschi di Siena SpA (from 25 May 2012 to 18 April 2018) and almost all group company, and of Unicredit SpA (from 10 July 2015 to 11 April 2019). He has been Chairman of the BoD of BFF since 14 January 2013. From the 2011/2012 academic year to the 2022-2023 academic year, he was a contract professor of Institutions of Public Law and European Economic Law at the Faculty of Banking, Finance and insurance companies of the Catholic University of the Sacred Heart of Milan. Currently, he is a member of the supervisory body pursuant to Legislative Decree no. 231/2001 of Fineco Bank SpA. Since May 2020 he has been a Member of the Steering Committee of the master's degree Course in Internationalization of Commercial Relations of the Department of Political and Social Sciences of the University of Catania. Since 10 July 2020 he has been standing auditor of the Italian Banking Association. He is the author of several essays on public law.
Federico Fornari Luswergh (Vice-Chairman)	He graduated with honors in Economics and Commerce from the "La Sapienza" University of Rome in 1989. He has been registered in the Register of Chartered Accountants since 1990 and in the Register of Auditors since 1992. In 1990 he began his professional career at Deloitte & Touche SpA. Between 1994 and 2002 he held various national and international positions in the finance and management control area within the Goodyear group in Italy, the USA and Belgium, until he became chief financial officer of the group in Italy and president of Goodyear Italiana SpA. Between 2002 and 2007 he was general manager of the centralized services of Industria Farmaceutica Serono SpA with responsibility for finance and personnel administration, purchasing, legal and IT, and from 2007 to today is chief financial officer of Merck Serono SpA and of the

Salvatore Messina
(Chairman)

Grand Official of Merit of the Italian Republic and lawyer. He
graduated with honors in Law at the University of Catania. In 1971 he
began his career at the Bank of Italy, where he held multiple and
diversified functions until he became, in July 2004, director of the
Milan branch of the Institute. During
his activity at the Institute, he
has also coordinated and taken part in numerous company study
groups on topics of institutional importance and
represented the
Institute as a speaker at conferences and seminars organized by
public and private bodies and by representatives of the financial and
academic world. He left the Bank of Italy in 2011. He was an
independent member of the Board
of Banca Esperia SpA from 18
April 2012 to 30 June 2014, Chairman of the BoD of Diners Club Italia
Srl from 1 October 2015 to 28 June 2020, and director of the Italian
Banking Association from 10 July 2018 to 9 July 2020. He also held
the role of member of the supervisory body pursuant to Legislative
Decree no. 231/2001 of Banca Monte dei Paschi di Siena SpA (from 25
May 2012 to 18 April 2018) and almost all
group company, and of
Unicredit SpA (from 10 July 2015 to 11 April 2019). He has been
Chairman of the BoD of BFF since 14 January 2013. From the
2011/2012 academic year to the 2022-2023
academic year, he was a
contract professor of Institutions of Public Law and European
Economic Law at the Faculty of Banking, Finance and insurance
companies of the Catholic University of the Sacred Heart of Milan.
Currently, he is a member of the supervisory body pursuant to
Legislative Decree no. 231/2001 of Fineco Bank SpA. Since May 2020
he has been a Member of the Steering Committee of the master's
degree
Course in Internationalization of Commercial Relations of the
Department of Political and Social Sciences of the University of
Catania. Since 10 July 2020 he has been standing auditor of the Italian
Banking Association.
He is the author of several essays on public law.

Federico Fornari
Luswergh
(Vice-Chairman)

He graduated with honors in Economics and Commerce from the "La
Sapienza" University of Rome in 1989. He has been registered in the
Register of Chartered Accountants since 1990 and in the Register of
Auditors since 1992. In 1990 he began his professional career at
Deloitte & Touche SpA. Between 1994 and 2002 he held various
national and international positions in the finance and management
control area within the Goodyear group in Italy, the USA and
Belgium, until he became chief financial officer of the group in Italy
and president of Goodyear Italiana SpA. Between 2002 and 2007 he
was general manager of the centralized services of Industria
Farmaceutica Serono SpA with responsibility for finance and
personnel administration, purchasing, legal and IT, and from 2007 to
today is chief financial officer of Merck Serono SpA and of the

	companies of the Merck Group in Italy. He has been a director of Goodyear Italiana SpA, Goodyear Dunlop Tires Italiana and Industria Pharmaceutica Serono SpA. He is currently Chairman of the Board of Directors of Merck Life Science Srl. He is currently CEO of Merck Srl and director of Merck Serono SpA and of the other companies of the Merck group in Italy. From 2015 to February 2021, he was a member of the administrative body of Fonchim – a fully funded supplementary pension fund for workers in the chemical and pharmaceutical industry. From 2018 to 2020 he was a contract professor in " Corporate Governance & Corporate Finance " at the Luiss Guido Carli University, Department of Economics & Finance.
Massimiliano Belingheri (CEO)	He graduated with honors in Economics of Public Administration and International Institutions at the Bocconi University of Milan in 1997, also spending a period at the Wharton School of the University of Pennsylvania in Philadelphia. He began his professional career as a business analyst at McKinsey & Company, in Milan and London. In 2001 he obtained an MBA (Baker Scholar) from Harvard Business School. After the MBA, he joined Apax Partners in the financial services team, being promoted to partner in 2007. In 2008, he assumed responsibility for the financial services team in Europe. In Apax Partners he followed various investment and divestment transactions, mainly in the financial services and media sector. He was a director of Azimut Holding SpA from 2002 to 2004 and of Psagot Investment House from 2011 to 2013. He has been a director of BFF since December 2006 and CEO since December 2013. He is a director and member of the executive committee of Assifact, as well as a director of administration of the Spanish Chamber of Commerce in Italy. He is a member of the supervisory board of BFF Polska SA, and director of Treccani SpA.
Anna Kunkl (Independent Director)	He graduated in Theoretical Physics at the University of Milan. After having worked in Caboto and ING Bank in support of the Finance and Risk Management areas, she joined KPMG Advisory SpA in 2004, where she then covered the role of senior manager in the financial risk management business line. He has many years of experience in the field of financial services regulation (MiFID, Market Abuse, EMIR), electronic trading platforms, brokerage & execution services for institutional investors and distribution models of financial products to retail and corporate customers. He has been with Be Consulting since 2012, of which he is now director and head of the international investment banking practice. In recent years he has collaborated on strategic programs in the domestic and international spheres of investment banks and financial operators involved in the launch of

companies of the Merck Group in Italy. He has been a director of
Goodyear Italiana SpA, Goodyear Dunlop Tires Italiana and Industria
Pharmaceutica Serono SpA. He is currently Chairman of the Board of
Directors of Merck Life Science Srl. He is currently CEO of Merck Srl
and director of Merck Serono SpA and of the other companies of the
Merck group in Italy.
From 2015 to February 2021,
he was a member of the administrative
body of Fonchim –
a fully funded supplementary pension fund for
workers in the chemical and pharmaceutical industry.
From 2018 to 2020 he was a contract professor in " Corporate
Governance & Corporate Finance " at the Luiss Guido Carli University,
Department of Economics & Finance.

Massimiliano
Belingheri
(CEO)

He graduated with honors in Economics of Public Administration and
International Institutions at the Bocconi University of Milan in 1997,
also spending a period at the Wharton School of the University of
Pennsylvania in Philadelphia. He began his professional
career as a
business
analyst at McKinsey & Company, in Milan and London. In
2001 he obtained an MBA (Baker Scholar)
from Harvard Business
School. After the MBA, he joined Apax Partners in the financial
services team, being promoted to partner in 2007. In 2008, he assumed
responsibility for the financial services team in Europe. In Apax
Partners
he
followed
various
investment
and
divestment
transactions, mainly in the financial services and media sector.
He
was a director of Azimut Holding SpA from 2002 to 2004 and of
Psagot Investment House from 2011 to 2013. He has been a director
of BFF since December 2006 and CEO since December 2013. He is a
director and member of the executive committee of Assifact, as well
as a director of administration of the Spanish Chamber of Commerce
in Italy. He is a member of the supervisory board of BFF Polska SA,
and director of Treccani SpA.

Anna Kunkl
(Independent Director)

He graduated in Theoretical Physics at the University of Milan. After
having worked in Caboto and ING Bank in support of the Finance and
Risk Management areas,
she joined KPMG Advisory SpA in 2004,
where she then covered the role of senior manager in the financial risk
management business line.
He has many years of experience in the
field of financial services regulation (MiFID, Market Abuse,
EMIR),
electronic trading platforms,
brokerage & execution services for
institutional investors and distribution models of financial products
to retail and corporate customers. He has been with Be Consulting
since 2012,
of which he is now director and head of the international
investment banking practice.
In recent years he has collaborated on
strategic programs in the domestic and international spheres of
investment banks and financial operators involved in the launch of

	new businesses, regulatory adjustments, IT / process re-engineering and wealth management.
Gabriele Michaela Aumann (Independent Director)	She graduated in Economics (Finance and Banking specialization ) at the University of Augsburg in 1977. She was HEAD of credit department at Bayerische Landesbank in Munich from 1991 to 1998. At the same institution he also held the positions of head of credit department large corporates and energy (1998-2002), department corporates (in 2003) and global division head of credit and collateral services (from 2004 to 2008). Subsequently, she was general manager of the Milan branch of Bayerische Landesbank itself from 2008 to 2014.
Piotr Henryk Stepniak (Non-Executive Director)	He began his professional experience in Air Canada, PepsiCo International, Bank Handlowy SA and Aramark Canada. From 2000 to 2005 he worked in Lukas Bank SA of the Credite Agricole group first as marketing director and then as VP Retail Banking. He has held numerous positions in foreign companies and in banks such as chairman of the supervisory board, member of the audit committee and member of internal committees. From 2005 to 2008 he was CEO of GETING Holding SA. He is currently a member of the supervisory board of KRUK SA, BFF Polska, Grupa Kety and VRG SA
Domenico Gammaldi (Independent Director)	In 1975 he graduated with honors in political science at the University of Naples; collaborates with the CNR on issues of economic history of the Kingdom of the Two Sicilies and in 1976 he specializes at the School of Economic Development in Rome. In the same year he was hired at the Chamber of Commerce of Alessandria. In 1978 he joined the Bank of Italy where he held various positions in the field of banking supervision and oversight of payment systems. Since January 2013 he has been the head of the Supervision Service on the markets and on the payment system. During his activity he represented the institute in various national and international groups: Committee on Payments and Market Infrastructures (CPMI), Financial Innovation Network (FIN) within the Financial Stability Board, Market Infrastructure and Payments Committee (MIPC) at the ECB and was Co-Chair of the Standing Committee on Payment Services (SCPS) at the European Banking Authority for the development of activities related to the introduction of PSD2. From December 2016 to 2019 he was Co-Chair of CERTFin (Italian Financial Computer Emergency Response Team). He has a long experience in technical cooperation and assessment of international principles of supervision and supervision in missions of the International Monetary Fund and the World Bank. He left the Bank of Italy in October 2019. He is strategic adviser to the CEO of PagoPA.He carries out voluntary work at "Il Fiore del Deserto" in Rome.

Monica Magrì (Independent Director)	She graduated in political science from the University of Catania and holds a master's degree from the College of Europe in Bruges (Belgium). He has worked in Fedrigoni since 2019, he worked in the Cerved Group, where he held the role of HR Director. Previously, she was Head of HR Europe at AllianzGI and from 2007 to 2011 Head of HR Western Europe and International Distribution for Pioneer Investments (UniCredit Group). Previously, he worked in Ferrero International as Head of HR Management Services after having held the role of HR and Communications Director in the SIFI Group. During his career he has gained significant experience on issues of organizational and cultural transformation during times of change. She holds a diploma in Ontological Coaching from Newfield Network (US) and is certified as an executive coach (Newfield Certified Coach™ and International Coaching Federation). He then completed the Executive Team Coaching program at Ashridge Business School (UK).
Giovanna Villa (Independent Director)	He graduated in business economics at the L. Bocconi University in Milan, took the chartered accountant exam in 2000 and then enrolled in the register of chartered accountants and accounting experts in 2001 and in the register of auditors in 2002. Soon after studies he collaborated with the current PwC, Santavaleria SpA and with a well known accounting firm. From 1997 onwards he collaborated with the best-known consultancy firms, including PwC, Deloitte & Touche, BDO, in projects for the analysis of administrative processes and accounting auditing, in the drafting and revision of the organization and management models adopted pursuant to Decree 231, Sarbanes Oxley Act SOX. From 2001 to 2006 he also collaborated with a well known accountant firm in Monza in CTU management and assistance projects and carried out training sessions as a teacher for management control, internal control and accounting. From 2016 to 2020 she was appointed independent director in Yapi Kredi Bank, a bank listed on the Istanbul stock exchange 50% owned by UniCredit. He currently holds the position of statutory auditor in various companies.

Monica Magrì
(Independent Director)

She graduated in political science from the University of Catania and
holds a master's degree from the College of Europe in Bruges
(Belgium). He has worked in Fedrigoni since 2019,
he worked in the
Cerved Group, where he held the role of HR Director. Previously,
she
was Head of HR Europe at AllianzGI and from 2007 to 2011 Head of
HR Western Europe and International Distribution for Pioneer
Investments (UniCredit Group). Previously, he worked in Ferrero
International as Head of HR Management Services after having held
the role of HR and Communications Director in the SIFI Group. During
his career he has gained significant experience on issues of
organizational and cultural transformation during times of change.
She holds a diploma in Ontological Coaching from Newfield Network
(US) and is certified as an executive coach (Newfield
Certified Coach™
and International Coaching Federation). He then completed the
Executive Team Coaching program at Ashridge Business School
(UK).

Giovanna
Villa
(Independent Director)

He graduated in business economics at the L. Bocconi University in
Milan, took the chartered accountant exam in 2000 and then enrolled
in the register of chartered accountants and accounting experts in
2001 and in the register of auditors in 2002. Soon after studies he
collaborated with the current PwC, Santavaleria SpA and with a well
known accounting firm. From 1997 onwards he collaborated with the
best-known
consultancy firms, including PwC, Deloitte & Touche,
BDO, in projects for the analysis of administrative processes and
accounting auditing, in the drafting and revision of the organization
and management models adopted pursuant to Decree 231, Sarbanes
Oxley Act SOX. From 2001 to 2006 he also collaborated with a well
known accountant firm in Monza in CTU management and assistance
projects
and
carried
out
training
sessions
as
a
teacher
for
management control, internal control and accounting. From 2016 to
2020 she was appointed independent director in Yapi Kredi Bank, a
bank listed on the Istanbul stock exchange 50% owned by UniCredit.
He currently holds the position of statutory auditor in various
companies.

CRITERIA AND POLICIES OF DIVERSITY IN THE COMPOSITION OF THE BOARD AND IN THE ORGANIZATION CORPORATE

DIVERSITY IN THE COMPOSITION OF THE BOARD

At Group level, the Bank recognizes and welcomes the benefits of diversity in its various meanings, including gender, age, qualifications, skills, training and professional profile, which it also values within its corporate bodies.

The composition of the BoD , as anticipated, respects the criteria of diversity, including gender, established by art. 147- ter of the TUF, as amended by Law no. 160/2020 ¹¹ .

BoD Regulations and the BoD Diversity Policy contain provisions aimed at ensuring diversity, including gender diversity, in the BoD .

The Articles of Association provide that lists containing a number of candidates equal to or greater than no. 3 (three) must include candidates of different genders, at least to the minimum extent required by the legislation in force from time to time, in relation to the composition of the BoD . The Board 's Diversity Policy has been updated in:

December 2020, in order to implement, among other things, (i) the modification of the provision on the gender composition of the BoD , according to which at least two fifths of the elected directors (rounded up to the next whole unit) must belong to the less represented gender for at least six consecutive terms from the first renewal of the BoD after 1 January 2020, (ii) the results of the Self-Assessment, (iii) the reference to Sustainable Success;
July 2021, in order to implement the provisions introduced by (i) the Fit & Proper Decree ; (ii) the Supervisory Provisions; (iii) the 35th update of Circular 285,

and is subject to a periodic review process and, where necessary, is updated at least once a year, possibly also with the assistance of external professionals, upon proposal by the Appointments Committee.

¹¹ The previous articles 147- ter , paragraph 1- ter and 148, paragraph 1- bis , of the TUF required companies with listed shares to reserve at least one third of the members of corporate bodies for three consecutive mandates starting from the first renewal of such bodies after 12 August 2012 (with a reduction of the quota to one fifth for the first mandate following the application of this law). The art. 1, paragraphs 302-304 of the 2020 Budget Law established that the quota to be reserved for the less represented gender within the administrative and control bodies must be equal to "at least two fifths " and established that this criterion applies for six mandates consecutive " starting from the first renewal of the administrative and control bodies of companies listed on regulated markets following the date of entry into force of this law ", which took place on 1 January 2020.

The Diversity Policy of the BoD defines and formalizes the optimal criteria and characteristics of the composition of the BoD, so that the latter can exercise its duties in the most effective way, making decisions based on a plurality of qualified and heterogeneous points of view. In particular, it is indicated that the optimal composition of the BoD must be oriented towards satisfying at least the following criteria:

the presence of a suitable number of non-executive and/or independent Directors, other than the Chairman of the BoD. In any case, in compliance with the legislation in force from time to time and, unless the Articles of Association provide for a higher number of Directors, the BoD includes at least two independent directors, other than the Chairman of the Board if the Board is made up of seven members, at least three if it is made up of up to twelve members, and at least four if it is made up of a greater number. In the List of the BoD , at least half of the candidates must meet the independence requirements pursuant to the Articles of Association and the BoD Regulations ;
the maintenance of at least two-fifths of the members of the BoD, at the time of appointment and during the term of office, belonging to the less represented gender, rounded up to the next unit;
the heterogeneity of ages, in order to allow a plurality of perspectives and managerial and professional experiences;
the balancing of different lengths of office, to pursue a balance between the need for continuity and renewal in management;
in consideration of the international projection of the Group, as emerged from the Self-Assessment process, the presence of a third of directors who have gained adequate experience (i) in international contexts (preferably within the markets in which the Group operates), in order, among other things, to prevent the homogenisation of opinions and the phenomenon of " group thinking "; (ii) in the specific business of custodian bank, payment services and these accessories.

In general, the Directors must be characterized by a managerial and/or professional and/or academic and/or institutional profile such as to create a mix of different and complementary skills and experiences, matured over at least three years.

With specific reference to the Chairman of the BoD and the CEO, the Diversity Policy of the BoD indicates the professional requirements that these must have respectively accrued for at least five years, in compliance, among other things, with the indications of the Fit & Proper Decree.

Furthermore, as anticipated, in addition to the professionalism requirements established by law, the Directors must meet the additional requirements established by the BoD Regulation , available on the Bank's website , to which reference is made for further details: https://investor. bff.com/en/board-of-administration-regulation.

BoD 's Diversity Policy takes place - in compliance with the legal and statutory provisions on the appointment of the BoD and its Chairman with the list voting mechanism, as well as with the CEO's Succession Plan - mainly at the time of (i ) renewal of the BoD , as well as through the formulation by the outgoing BoD of the Guidelines for the Shareholders, also in the eventual formation and presentation to the Shareholders of the BoD List ; (ii) co-optation; (iii) early termination of the CEO, and (iv) appointment of the Chairman of the BoD . For the appointment of the Board of Directors and for the co-optation referred to in points (i) and (ii) respectively, the Self-Assessment process is considered fundamental.

DIVERSITY IN THE COMPANY ORGANIZATION

The BoD has adopted the Group's Diversity and Inclusion Policy, the objective of which is to define the inspiring principles of BFF, aimed, in short, at constantly and progressively promoting and supporting diversity and inclusion, and at continuously fostering an environment inclusive work plan for all employees of the Bank and of the Group companies (the " BFF People"). This on the assumption that diversity and inclusion are considered substantial values, which concretely exert positive effects on all the Bank's stakeholders, which recognizes people as real key resources for innovation, productivity growth and its own sustainability and that of all legal entity in which it is articulated.

The basis of the Policy is the assumption that the final objective to be pursued to support diversity is to ensure that every single person has access to the same opportunities and the same fair treatment. The objective is therefore pursued to guarantee people the opportunity to be evaluated on the basis of their values, abilities and merits, regardless of their race, ethnic group, age, gender, disability or other characteristics (such as, for example, civil and/or parental) which could represent a discriminating factor, allowing the Bank, at Group level, to welcome and develop the best talents,

to be hired on the basis of objective, non-discriminatory and, naturally, meritocratic criteria. The Bank operates in a multinational context, in which People express a significant heritage of diversity, the valorization of which constitutes at the same time a competitive advantage and an opportunity for growth and enrichment for the Group, in the belief that the most innovative ideas and the best solutions derive from a work environment where people can express their uniqueness. The diversity of skills, experiences, ideas, and points of view, in fact, favors a better understanding of customer needs and greater competitiveness on the market. The Bank is aware that plurality and diversity contribute to improving corporate performance, as well as meeting the expectations of stakeholders on ESG issues. BFF believes that the growth of Sustainable Success in the long term cannot ignore the enhancement of diversity and the recognition of the importance of inclusion, considering them a cornerstone of its work, in the interest of all the Group's stakeholders. Therefore, supporting diversity and inclusion, as well as the same opportunities at all levels and in all business contexts, is one of the assumptions of the Bank's strategy, which implies the creation of a serene, safe and prosperous work environment which promotes well-being and creativity, where everyone can feel valued in their own peculiarities, in compliance with equal treatment, the principle of non-discrimination and, obviously, the promotion of human rights. Taking into account that the achievement of the objectives set out in the Policy, as well as its concrete implementation depend, ultimately, on the behavior of BFF People, BFF undertakes to design and deliver training courses so that people are aware of the content of the Policy and understand its importance in creating a prosperous work environment, a fundamental basis for their growth not only professionally but also personally.

The initiatives planned to concretely support the implementation of the Diversity & Inclusion Policy include the Bank - at Group level - has created the Inclusion Board, which is a committee made up of Bank employees, representing the various Legal Entities of the Group, selected on the basis of self-nominations, with the aim of i) gathering and representing inclusion issues within the Group ii) initiating dialogue with the leadership team and defining priorities for action;

promote, by means of a clear and transparent approach, the initiatives and actions implemented at Group level, on the subject of inclusion and participation in corporate life; iii) propose measures aimed at avoiding Diversity-related prejudices, both in recruitment processes and in the

subsequent professional growth and promotion phase; iv) promote inclusion transversally across the countries and national cultures in which the Bank, at Group level, is present.

In September 2023, the process of collecting applications from internal employees was launched and in November 2023, the Committee was set up, composed of 9 members of 3 different nationalities, with an employee from the HR&OD function acting as facilitator, ensuring the adequate functionality of the Committee, taking care of the details of each Committee meeting by collecting objectives, actions, timelines, and conclusions.

The Inclusion Board is responsible for promoting a culture of diversity and inclusion through a listening and feedback function to BFF People, the Human Resources and Organisational Development function and Top Management.

The Board will play a crucial role in fostering inclusion by providing a diverse representation of perspectives and skills to enable more inclusive decisions and bring new perspectives, promoting the creation of a fair, inclusive and opportunity-rich working environment for all people in the Group and fairness and equal opportunities for growth, including economic growth.

MAXIMUM NUMBER OF OFFICES HELD IN OTHER COMPANIES

The orientation on the maximum number of offices that can be held by the Bank's Directors - in line with the provisions of the Governance Code and the Supervisory Provisions - is expressed in the Regulations of the BoD . Starting from the last renewal, each member of the BoD has complied with the limit on the accumulation of offices pursuant to art. 17 of the Fit&Proper Decree, which provides that the members of the BoD cannot alternatively cover more than:

no. 1 executive assignment and n. 2 non-executive positions;
no. 4 non-executive positions.

For the purpose of calculating the above limits, account was also taken of the position held at the Bank.

It should also be noted that, for the purposes of recommendation no. 15 of the Governance Code, the limits also include any positions in the administration or control bodies in other listed, financial or large companies.

The limits on the accumulation of offices have also been verified considering the exemptions and methods of aggregation of offices pursuant to art. 18 of the Fit&Proper Decree. Therefore, the set of offices held in each of the following cases is considered as a single position: (i) within the same group; (ii) in banks belonging to the same institutional protection system (iii) in companies, not included in the group, in which the Bank holds a qualified shareholding as defined by regulation (EU) no. 575/2013, article 4(1), point 36. If more than one of the cases referred to in letters (i), (ii) and (iii) above occur simultaneously, the assignments are added together. In the approach adopted about the accumulation of offices, the consolidated situation is considered on the basis of the accounting scope of consolidation. The set of offices counted as one is considered an executive office if at least one of the offices held in the situations referred to in letters (i), (ii) and (iii) above is executive; in other cases, it is considered as a non-executive appointment. In addition to the number of offices that a director of the Bank can hold, in the alternative combinations referred to above, it is recalled the possibility, if the conditions set out in art. 19 of the Fit&Proper Decree , that the hiring of n. 1 additional non-executive position with respect to the limits indicated above, provided that this does not prejudice the possibility for the director to dedicate adequate time to the position at the Bank to perform his duties effectively.

The BoD , on the basis of the information received from the Directors, periodically checks the positions of director or statutory auditor held by them in other companies and, in general, compliance with the quantitative and qualitative requirements on compliance with the maximum number of offices and on the availability of time ( due to the nature and extent of the additional positions held, as well as professional and working commitments of a different nature). The Directors inform the Bank in a timely manner on corporate offices acquired or dismissed during their mandate, as well as on any changes that may affect the possession of the aforementioned requisites, also in order to allow the administrative body to carry out the analyzes and consequent assessments of competence required pursuant to the Fit&Proper Decree .

Given the above, the table below shows the total number of positions as director or statutory auditor held by the Directors in office in other companies at the date of approval of the Report.

Counselor	Total number of offices held in other companies
Salvatore Messina	0
Federico Fornari Luswergh	1 EXECUTIVE
Massimiliano Belingheri	1 NON-EXECUTIVE
Anna Kunkl	0
Gabriele Michaela Aumann	0
Piotr Henryk Stepniak	3 NON-EXECUTIVE
Dominic Gammaldi	2 NON-EXECUTIVE
Monica Magri	0
Joanna Villa	2 NON-EXECUTIVE

4.4. OPERATION OF THE ADVISE FROM ADMINISTRATION (ex art. 123- bis, paragraph 2, letter d), TUF)

The functioning of the BoD is governed by the Articles of Association and the BoD Regulations , which govern, inter alia, aspects relating to the appointment, composition and duties of the BoD , the organization and management of board meetings, the management of corporate information, the profiles relating to the remuneration of the Directors, the internal control and risk management system, the management of the interests of the directors also in the context of transactions with related parties and the management of the relations of the Directors with the Shareholders, as well as the functioning of the Committees.

BOD MEETINGS

In compliance with the obligations established by art. 2.6.2 of the Market Regulations, the BoD annually approves, within the term of thirty days from the end of the previous financial year, the calendar of corporate events, to be communicated to Borsa Italiana, for dissemination to the public (the "Financial Calendar "). In particular, the dates set for the approval of the draft financial statements, the half-yearly report and the quarterly reports, as well as the scheduled date for the holding of the Shareholders' Meeting, are specified in the Financial Calendar in the context of the board meetings established for the new financial year. budget approval. The Financial Calendar for the 2023 Financial Year is available on the Website in the "Investor Relations/Financial Calendar " section .

With reference to the 2024 financial year, n. 19 meetings. At the date of the Report, the Board of Directors met no. 3 times (on 31 January on 8 and 28 February).

Adequate procedures for the functioning of the administrative body are formalized in the Articles of Association and in the Regulations of the BoD, as well as contemplating adequate information flows, working methods and convocations/timing of meetings, which guarantee the correct and efficient functioning of the BoD, as well as the timeliness of its action.

The art. 17 of the Articles of Association establishes that the Board of Directors meets upon convocation by the Chairman, as well as upon convocation by the Board of Statutory Auditors, at the registered office, except in cases where, for reasons of expediency, the meetings must be held elsewhere.

The art. 19 of the Articles of Association allows board meetings to be held even with speeches located in several contiguous or distant places, audio and/or video connected, provided that the collegial method and the principles of good faith and equal treatment of the participants are respected. In particular, it is necessary that all the participants can be identified, that they are able to follow the discussion and intervene in real time in the discussion and in the simultaneous vote on the topics on the agenda.

PRE-COUNCIL INFORMATION

The Chairman with the support of the Corporate Affairs Office of the Bank take care to make available - through the appropriate platform with reserved access, via credentials, to each Director and Statutory Auditor (the "Platform") -the documentation on the matters on the order of the day

of each meeting well in advance, also due to the content of the topics discussed, according to the provisions of article 12 of the Board of Directors' Regulations , which expressly states: " the Chairman establishes the agenda, coordinates the Board's work and ensures that adequate and timely information on the items on the agenda is provided to all Directors ".

To allow optimal and informed participation in the BoD 's activities, the deadline deemed appropriate for the transmission of the documentation before each meeting has been set at no. 3 (three) days. This deadline was, on the whole, respected. In any case, in the last three years the practice has prevailed of making the pre-meeting documentation available as soon as it is available, even before sending the formal call for meetings. Furthermore, it is established practice that the pre-meeting documentation is accompanied by appropriate summary notes and/or executive summary, in order to make it easier to understand the items on the agenda.

CONDUCT OF BOARD MEETINGS

Board meetings are held in compliance with the indications provided by article 3 of the Governance Code, which has been substantially implemented in the BoD Regulations. In particular, the Chairman of the BoD ensures that the necessary time is dedicated to the items on the agenda to allow for a constructive debate, encouraging the contributions of the Directors during the meetings.

The members of the Board of Statutory Auditors participate by right in the meetings of the Board, and may be invited to participate, in the cases and in the manner established from time to time by the Chairman, managers and employees of the Bank, representatives of the Independent Auditors and consultants, whose presence is deemed useful in relation to the topics to be discussed (limited to the discussion phase of the topics within their competence) or for carrying out the work.

Corporate Affairs Secretary also participates in the meetings of the BoD. The Group General Counsel & Business Legal Affairs Function (to which the Corporate Affairs Secretary reports ) is responsible for the supervision and specialist control of the main corporate governance processes, ensuring all appropriate legal advice for the proper functioning of the Bank's corporate governance institutions, also at Group level, including those relating to the suitability requirements of company representatives, relations with related parties and the correctness of the decision-making process, as well as the related interactions with the Supervisory Authorities.

VERBALIZATIONS

All Board meetings are minuted by the Secretary, who can also be appointed from outside its members.

The BoD has appointed as Secretary the lawyer. Romina Guglielmetti, a person external to the Board, a lawyer specialized in corporate governance and with consolidated experience in the field, who, in coordination with the Chairman and the Corporate Affairs Secretary (who reports to the Group General Counsel & Business Legal Affairs Function ), supports the activity of the Chairman and provides assistance and advice to the BoD with impartial judgment on every aspect relevant to the correct functioning of the corporate governance system.

The minutes are signed by the Chairman of the BoD and the Secretary (or by the Notary, in the cases envisaged by current legislation) and are brought to the attention of the Directors and the Board of Statutory Auditors at the first subsequent meeting of the Board and remain available for consultation, on the Platform.

4.5 ROLE OF THE CHAIRMAN OF THE BOARD OF DIRECTOR

Also in compliance with the provisions of Principle X of the Governance Code , the Chairman of the BoD performs a crucial function to guarantee the proper functioning of the BoD , promote internal dialectics and ensure the balance of powers, in line with the tasks regarding the organization of work of the Board and the circulation of information, which are attributed to it by the Civil Code, by the Provisions on Corporate Governance and by the Governance Code . He guarantees the balance of powers between the Corporate Bodies, including the Committees.

The Chairman of the BoD, if the Shareholders' Meeting has not done so, is appointed by the Board from among its non-executive and independent members.

The Chairman convenes, presides over and directs the work of the Shareholders' Meetings and of the Board of Directors, guarantees the effectiveness of the board debate and works to ensure that the resolutions reached by the Board of Directors are the result of an adequate dialogue between executive and non- executive members , as well as the informed and reasoned contribution of all its members, also ensuring that adequate information is provided to all Directors on the items on the agenda.

In preparing the agenda and conducting board debates, he ensures that issues of strategic importance are treated with priority, guaranteeing that all the necessary time is dedicated to them. It promotes meetings between all the Directors, even outside the council headquarters, to study and discuss strategic issues.

Furthermore, it guarantees the effectiveness of the board debate, and neutrally favors the considered participation of the Directors, especially the non-executive ones, soliciting their active participation in the discussion and resolution on the items on the agenda.

The Chairman works to ensure that the resolutions reached by the BoD are the result of an adequate discussion, and of the conscious and reasoned contribution of all its members.

More specifically, pursuant to article 11 of the BoD Regulations, the Chairman:

has the legal representation of the Bank before third parties and in court, as well as the power to sign, separately from the CEO, within the limits of their respective powers;
presides over the Shareholders' Meeting and coordinates the proceedings by verifying, among other things, the regularity of the establishment of the body, ascertaining the identity

and legitimacy of those present, regulating the discussion and establishing the voting methods;

convenes the Council, sets its agenda and coordinates its work. In preparing the agenda and conducting board debates, he ensures that issues of strategic importance are treated with priority, guaranteeing that all the necessary time is dedicated to them;
ensures that the Directors and Statutory Auditors are sent through the Corporate Affairs Secretary – adequately in advance the documentation supporting the resolutions of the Board or, at least, an initial report on the subjects that will be discussed. For the purposes of correct information, the documentation relating to the items on the agenda is sent to the Directors and Statutory Auditors, as a rule, at least three days before the date set for the board meeting (subject to the practice described in paragraph 4.3.1) adopting all useful measures to safeguard the confidentiality of the information, above all where these can be classified as price sensitive. The protection of the confidentiality of the data and information provided takes place through compliance with the Bank's " Internal procedure for the management and external communication of Privileged Information ", as well as through the exclusive use of an IT platform that does not allow printing and disclosure of board documentation;
ensures that the pre-meeting information and the complementary information provided during the meetings are suitable to allow the members of the Board to act in an informed manner in carrying out their role;
ensures that the documentation supporting the resolutions, in particular that given to nonexecutive members, is adequate in quantitative and qualitative terms with respect to the items on the agenda, favors thoughtful participation by the Directors in the discussion and resolution of the items object of treatment;
ensures that the Directors and Statutory Auditors can participate, in the most appropriate forms, in initiatives aimed at providing them with adequate knowledge of the business sector in which the Bank operates, of the corporate dynamics and their evolution, also with a view to the Sustainable Success of the Bank, of the principles of correct risk management, as well as of the legislative and regulatory framework of reference. The type and organizational methods of the aforementioned initiatives are reported in the Report;

organizes: (i) at least once a year, a meeting between all the Directors, even outside the board office, to discuss and discuss strategic issues; and (ii) during the three-year mandate, initiatives aimed at promoting useful mutual understanding of the Board and the management of the Subsidiaries;
ensures that: (i) the Self-Assessment is carried out effectively, and that the ways in which it is conducted are consistent, transparent and adequate with respect to the degree of complexity of the Board's work, as well as that the necessary corrective measures are adopted to deal with any deficiencies found; (ii) the Bank prepares and implements induction programs and training plans for members of the Corporate Bodies, and the Succession Plan;
exercises the powers delegated to him by the Board, provided that they do not compromise his non-execution and, where applicable, his independence and are compatible with the applicable legal and regulatory provisions;
supervises the execution of the resolutions of the Shareholders' Meeting and of the Board, as well as the adherence of the company policy to the strategic guidelines;
ensures that the activity of the Committees is coordinated with the activity of the Board;
ensures that the Chairmen of the Committees report on the activities carried out by the respective Committees at the first useful meeting of the Board of Directors;
ensures that the BoD is in any case informed, within the first useful meeting, on the development and significant contents of the dialogue that has taken place with the shareholders, taking into account the engagement policies adopted by the Bank.

The Chairman contributes – as a member of the BoD with the relative voting prerogatives – to the elaboration of corporate strategies, the approval of which is the exclusive competence of the Board itself.

The Chairman of the BoD has not received managerial powers and therefore does not hold any executive role. Likewise, he does not play a specific role in drawing up corporate strategies, he is not primarily responsible for the management of the Bank and does not hold, directly or indirectly, significant shareholdings in the Bank's capital.

In the absence of the Chairman, the faculties and powers assigned to him are exercised by the Deputy Chairman (who is a non-executive director). In dealings with third parties, the Vice President 's signature is full proof of the President's absence or impediment. In the event of the

Chairman's absence or impediment, the BoD is chaired by the Deputy Chairman or, in the event of his absence or impediment, by the director with the highest number of consecutive mandates. BOARD SECRETARY

As foreseen by the art. 17 of the Articles of Association, as well as the Regulations of the BoD , the BoD appoints a secretary who can also be chosen from outside the members of the Board itself. The Bank has appointed the Secretary, in the person of the lawyer. Romina Guglielmetti, at the time of the renewal of the BoD , on 25 March 2021.

The Secretary, with the contribution of the Corporate Affairs Secretary (who reports to the Group General Counsel & Business Legal Affairs Function ), assists the Chairman in some of his duties and, in particular, (i) in the preparation of board and shareholders' meetings; (ii) in the preparation of the related resolutions; (iii) in communication with the Directors; and (vi) in organizing and ensuring the adequacy and transparency of the board review process .

It also takes care of the minutes of board and committee meetings.

The Corporate Affairs Secretary assists the Chairman (i) in ensuring the adequacy, timeliness, completeness and clarity of the information flows directed to the Board, and (ii) in ensuring, according to the agreements between the Chairman and the CEO, the participation in the board meetings of the heads of the competent corporate functions according to the matter; (iii) in organizing the board induction.

With impartial judgment and independence, the Secretary provides assistance and advice to the administrative body on every aspect relevant to the correct functioning of the corporate governance system concerning the functioning, powers and responsibilities of the Board and the Committees. He also provides assistance and independent legal advice (with respect to management) to the Board and Directors on their powers, rights, duties and fulfilments, to ensure the regular exercise of their powers and protect them from any liability. The Secretary may perform other functions within the Group, provided they do not compromise his independence of judgment in relation to the Board or the regular performance of his duties. The Chairman ensures that the Corporate Affairs Secretary has adequate powers, tools, organizational structure and personnel to carry out his duties and supervises the independence of the Secretary. The Board, on the proposal of the President, determines the remuneration of the Secretary.

4.6 EXECUTIVE DIRECTORS

CHIEF EXECUTIVE OFFICIERS

The BoD has identified the CEO, chosen from among its members, as the body with the management function, determining his powers and term of office.

The Board has granted the CEO, within pre-established limits and with the faculty of sub-delegation , powers in all sectors of the Bank's activity.

In particular, the CEO (i) manages the Bank's business, within the limits of the powers granted to him and in compliance with the general management guidelines determined by the BoD , and (ii) oversees the implementation of the resolutions of the BoD and the obligations required by law. Furthermore, the CEO is in charge of personnel and the structure, and ensures that the organizational, administrative and accounting structure of the Bank is appropriate to the nature and size of the company.

By way of non-exhaustive example, the main attributions attributed to the CEO are:

SPECIFIC MANAGEMENT POWERS FOR THE FACTORING BUSINESS

In exercising these powers, the Chief Executive Officer:

1. negotiates, signs and executes credit management contracts and contracts for the purchase of receivables without recourse and with recourse, agreeing on all the terms and conditions, including the determination of the amount due;
1. factoring transactions and signs all related deeds, up to the amount of Euro 200 million for each transferor on an annual basis, cumulatively with other associated risks; it can also approve additional extraordinary and temporary concessions (up to a maximum of 3 months) equal to 20% of the amount defined for the individual transferor, up to a maximum of additional Euros 40 million on an annual basis. It can also negotiate and stipulate, or approve the cancellations, postponements, subrogations, reductions and restitutions of real and personal guarantees of any kind acquired in relation to the risks resolved within the limits set out above, even when the company's credit has not yet been extinct;

1. negotiates, signs and executes credit transfer agreements pro solute and pro resolving, agreeing to all the terms and conditions, including the determination of the consideration due, up to a maximum of Euro 200 million per single transaction on an annual basis;
1. signs all deeds, including modifications, and contracts regarding relations with customers;
1. negotiates and signs settlement deeds and the related connected and consequential deeds towards the debtors, defining, among other things, clauses for the waiver of interest and other charges of any kind, including legal fees; he also settles the disputes and signs the waivers of the deeds and related actions against the debtors and signs deeds and documents relating to these operations, all provided that the full payment of the principal is envisaged.

SPECIFIC MANAGEMENT POWERS REGARDING ASSIGNMENTS TO CUSTOMERS OTHER THAN FACTORING:

1. authorize first risk credit lines and endorsement credits (guarantees and letters of patronage) in favor of Financial and Corporate Counterparties outside of transactions carried out in the context of the factoring business (hereinafter referred to as "clients");
1. authorize operating limits in favor of financial and corporate counterparties;

the following are also included in the powers regarding assignments:

1. the initiation of procedures for the reclassification of disputed credit, within the scope of its powers;
1. the revocation of credit lines and operating ceilings, approved within the sphere of its powers.

SPECIFIC ORDINARY MANAGEMENT POWERS

In exercising these powers, the Chief Executive Officer:

assumes and grants leased and sub-leased properties and stipulates, modifies and terminates the related contracts, provided that the annual fee does not exceed Euro 300 thousand;

1. provides for all the ongoing expenses of the Company; negotiates, stipulates, modifies, executes and terminates the related contracts, in particular, by way of example but not limited to:
2. a. works and supplies necessary for the transformation and maintenance of buildings and installations;
3. b. purchases and disposals of furnishings, equipment, machinery and movable assets in general, including those registered in public registers, as well as finance leases and rentals of the assets themselves, with spending limits referring to the annual rent;
4. c. purchases, also under licence, of information programs and outsourced IT services, with spending limits referring to the annual fee;
5. d. insurance policies with spending limits referring to the annual premium;

And. commercial information;

f. professional consultancy agreements and services related to the ordinary management of the Company;
1. proposes to the Board of Directors the allocation of funds in the financial statements, reporting on the uses of the fund itself;
1. proposes to the Board of Directors the hiring, promotion, disciplinary sanctions, dismissal and any other measure against the Senior Executives and the Executives who report directly to the Chief Executive Officer, subject to the limitations set by the supervisory provisions;
1. decides on the hiring, promotion, disciplinary sanctions, dismissal and any other measure against Executives who do not report directly to the Chief Executive Officer himself, 3rd and 4th level Executives and fixes their relative treatment economic, within the limits set by the Board of Directors, subject to the limitations set by the supervisory provisions in force from time to time;

decides on the hiring, promotion, disciplinary sanctions, dismissal and any other measure against 1st and 2nd level Executives, members of the 1st, 2nd, 3rd Professional Area, and fixes the relative

economic treatment, within the boundaries established by the Board of Directors, subject to the limitations set by the supervisory provisions.

With reference to the positions held by the CEO, it should be noted that he holds:

no. 3 positions within the Group (CEO of BFF, president of BFF FI, member of the supervisory board of BFF Polska), which benefit from the aggregation mechanism pursuant to art. 18, paragraph 3, letters a) and c), of the Fit&Proper Decree;

CHAIRMAN OF THEBOAR OFDIRECTORS

The Chairman does not hold the role of CEO, is not the recipient of managerial powers and is not a controlling shareholder of the Bank.

EXECUTIVE COMMITTEE (ONLY IF ESTABLISHED)(PURSUANT TO ARTICLE 123- BIS , PARAGRAPH 2, LETTER D), TUF)

The art. 16 of the Articles of Association provides that the Board can delegate its powers to an executive committee by establishing, with the limitations set forth in art. 2381 of the Civil Code, the powers, the number of members and the rules that regulate their functioning. If an executive committee is appointed, the CEO would be a member by right as well as chairman. In the event of his absence, the related functions are the responsibility of the most senior member. The President cannot be a member of the executive committee, but can participate, without the right to vote, in its meetings.

To date, the Bank has not set up any executive committee.

REPORTING TO THE BOARD BY DIRECTORS/DELEGATED BODIES

During the Financial Year, the CEO reported to the Board of Directors on the general management trend and its foreseeable evolution, as well as on the transactions of greater economic, financial and equity significance carried out by the Bank and by the Subsidiaries, at least quarterly and, in any case, at the first useful meeting.

OTHER EXECUTIVES ADVISES

There are no other executive directors on the BoD, other than the CEO.

4.7 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR

INDEPENDENT DIRECTORS

As indicated in Section 4.3, at the date of this Report, n. 5 (five) independent directors both pursuant to art. 148, paragraph 3, of the TUF and pursuant to art. 2, Recommendation n. 7, of the Governance Code.

It is believed that the number and skills of the independent Directors are adequate for the needs of the Bank, as well as for the functioning of the BoD.

It should be noted that, as of 14 January 2022, the Chairman of the Board of Directors is a nonexecutive and not independent Director, having held the position of Director in BFF for more than 9 years over the last 12 years.

Pursuant to its Regulations, the The BoD evaluates, on the basis of the information and declarations provided by the interested parties or the information at its disposal, the existence of the independence requirements:

on the occasion of the appointment, within the time limits established by law;
on an annual basis, following the year of appointment;
during the term of office, upon the occurrence of any circumstances relevant to independence.

As already anticipated in Section 4.3, the BoD, following the appointment, has, among other things, verified:

the existence of independent judgement, established by art. 15 of the Fit & Proper Decree, also taking into account the existence of adequate safeguards aimed at preventing the risk of compromising this independence of the representative;
where applicable, the possession of the independence requirement, pursuant to art. 2, recommendation n.7, of the Governance Code;
where applicable, the possession of the independence requirement, pursuant to art. 148, paragraph 3, of the TUF, and as referred to in art. 147- ter , paragraph 4, of the TUF;

In particular, the Board of Directors ascertained, following the appointment, the possession of the requisites of independence established by both art. 148, 3rd paragraph – as referred to in article 147-ter , 4th paragraph, of the TUF -, as in art. 2, Recommendation n. 7, of the Code of Governance, and by art. 13 of the Fit & Proper Decree by the Directors: Salvatore Messina, Gabriele Michaela Aumann, Anna Kunkl, Domenico Gammaldi, Monica Magrì and Giovanna Villa.

The Board considered the procedures adopted by the BoD suitable for ascertaining the independence requirements of its independent members.

It should be noted that, despite the verification that the Chairman meets the independence requirements at the time of his appointment, he cannot currently be qualified as an independent Director as he has held the position of Director in BFF for more than nine years (having been appointed, the first time, January 14, 2013). In this regard, it should be recalled that the Supervisory Provisions and the Governance Code do not require that the Chairman of the body with strategic supervisory functions must have the independence requirement, but only that he be "nonexecutive".

In compliance with the provisions of the BoD Regulation, for the assessment of the existence of the independence requirement, any credit relationships held by the Independent Directors with the Bank were taken into consideration, as well as any professional, commercial or financial relationships, direct or indirect, of independent Directors with Group companies, also taking into account the following criteria of significance: (i) duration of the commercial relationship (providing a threshold of 6 months); (ii) value of the service with respect to the turnover of the company or professional studio to which the Director belongs, or with respect to the income of the Director himself as a natural person (threshold of 10%).

It should be noted that, pursuant to the BoD Regulations:

the BoD assesses, on the basis of the information and declarations provided by the interested parties or the information in any case at its disposal, the existence of the independence requirement of the directors who have qualified as independent, during the term of office and in the event of the occurrence of circumstances relevant to the goals of independence;

for the purposes of the independence of the Directors, in the case of the Director who is also a partner in a professional studio or consultancy firm, the BoD assesses the significance of the professional relationships that may have an effect on his position and role within the firm or consulting firm or that otherwise pertain to important Bank and Group operations;
in any case, any additional remuneration received by the Directors with respect to the "fixed" emolument of non-executive director of the Bank and any remuneration for participation in Committees, will be considered significant on the basis of exceeding the threshold of the maximum 20% of the income of the Director himself as a natural person, excluding from the Director's income the fees received in his capacity as a member of the administrative bodies of the parent company and/or subsidiaries.
the candidacy of the independent Directors is accompanied by a declaration by the candidate certifying that he meets the independence requirements pursuant to the law, the Articles of Association and the Regulation itself;
the Directors undertake to promptly notify the BoD of any subsequent assumption of positions that may affect the assessments of the BoD with reference to the independence requirements.

The Directors provided all the information and documents necessary or useful to allow the Board of Directors' assessments.

The Board of Statutory Auditors considered the procedures adopted by the BoD to be appropriate for the attachment of the independence requirements of its independent members.

In compliance with art. 2, Recommendation n. 4 of the Governance Code,the independent directors met once during the financial year, in the absence of the other directors, four time of which one to discuss the results of the BoD self-assessment. At the end of this meeting, they expressed full agreement with the conclusions represented in the Self-Assessment and indicated to the BoD, to consider it important that the candidates for the role of independent director in the list of the Board of Directors (the 'Board List') are characterized by skills and professionalism in line with market expectations, whereas the further meetings were characterized by purely formal issues related to the appointment of the coordinator of the meetings and possible improvements to the Rules of

Procedure AI the Rules of Procedure for the meetings of the independent Directors and the even more efficient management of board and committee meetings.

LEAD INDEPENDENT DIRECTOR

At the moment, the Bank has not appointed a lead independent director, as the conditions pursuant to art. 3, Recommendation n. 13 of the Governance Code.

It should be noted that on 8 March 2023, the Board of Directors of the Bank adopted - for the purposes and to the effects set forth in the Corporate Governance Provisions and the Corporate Governance Code - the AI Regulation with the aim of regulating the functioning of the meetings of the Independent Directors and the related scope. In particular, with the adoption of the AI Regulation in question, the Bank fulfils the requirement set forth in paragraph 1.2, letter e., Section V of the Corporate Governance Provisions, which provides that, by means of specific regulations, "the procedures aimed at fostering discussion among the independent directors, proportionate also in relation to the number of independent directors, so that they can discuss relevant issues in the absence of the other directors" shall be governed;

Accordingly, the IA Regulation was prepared taking into account the specific initiatives identified by the Board of Directors - following the self-assessment process for the 2022 financial year - aimed at following up on the lines of action transmitted to the Bank of Italy on 5 December last with the "Report on the functioning of corporate bodies and the conduct of their members" (the "Governance Report");

In this regard, the AI Regulation provides that the meetings are exclusively aimed at fostering a discussion among the Independent Directors on their role within the Board of Directors, since, considering that the Board of Directors is composed of most Independent Directors, the topics discussed at the meetings avoid any overlap with the powers of the Committees and the Board of Directors.

It is also specified that the evaluations and considerations that emerge from the meetings are not subject to deliberative processes, except in those cases in which the regulations in force expressly provide for it, such as, for example, the powers relating to public purchase offers pursuant to Article 39-bis of the Consolidated Law on Finance;

INDUCTION PROGRAM

All Directors are aware of the duties and responsibilities associated with the office they hold, and participate in initiatives aimed at increasing their knowledge of the company reality and dynamics,

also having regard to the reference regulatory framework, in order to carry out more effectively your own role.

Furthermore, in compliance with (i) the provisions of art. 12 of the Fit&Proper Decree , (ii) the recommendations of the Supervisory Provisions, and (iii) in light of the provisions of the EBA/ESMA Guidelines, the outgoing BoD promotes the participation of Directors in specific training initiatives aimed at: (a) to provide all of them with in-depth knowledge of the sectors in which the Bank operates, at Group level, and to guarantee the continuity and safeguarding of the experience gained, over the years, by the BoD ; (b) carry out personalized insights on the basis of particular interests or responsibilities that the individual Director may assume in the internal Board Committees .

In this sense, already in the indications that emerged in the qualitative-quantitative profile of the BoD , the Board had hoped that future directors, especially newly appointed ones, would benefit from an adequate induction process , in continuity with the past, and that therefore the Banca promote continuous training and induction initiatives , relating, among other things, to issues (i) of corporate relevance, (ii) related to sustainability, and (iii) of strategic value.

The induction sessions, carried out in the presence of the Board of Statutory Auditors, constituted an important moment of discussion between the management – including the Company Control Functions, due to the topic discussed – and the members of the Corporate Bodies.

In 2023, n. 6 induction sessions, aimed, in particular, at providing an overall overview of the Bank and the Group as well as the main sectors in which the latter operates, with a focus on the related products, on the strategic plan being completed, on the control system internal and risk management as well as on the reference business sectors. Issues of corporate governance update on DORA regulatory changes and 40th update of Circular 285, AML issues, and approach to ESG issues

5.0 CORPORATE INFORMATION MANAGEMENT

The Directors and Statutory Auditors are required to keep the documents and information acquired in the performance of their duties confidential, and to comply with the procedure adopted by the Bank for the internal management and external communication of such documents and information.

In compliance with Regulation (EU) n. 596/2014 on market abuse ("MAR"), and the related implementing regulations, the treatment of privileged information is governed by the " Internal procedure for the management and external communication of privileged information " (the "IP Procedure" ) ¹², which governs the assessment, management and disclosure to the market of the Bank's privileged information, as well as by the " Procedure for keeping and updating the register of persons who have access to relevant information and privileged information " (the "Register Procedure") ¹³, which governs the rules of conduct, roles and responsibilities of the individuals and corporate organizational structures involved in keeping and updating the register of people who, due to their working or professional activity or due to the functions performed, have access to relevant information or privileged information of the Bank and/or of the Subsidiaries.

It should be noted that the aforementioned procedures take into account the guidelines no. 1/2017 on the " Management of Privileged Information " published by Consob on 13 October 2017 and subsequent updates. In addition, the Board approved the " Implementing measures of the internal procedure for the management and external disclosure of privileged information and of the procedure for keeping and updating the registers of persons who have access to relevant information and privileged information" (the "Measurements Implementation") in execution of the Procedures, of which they form an integral part.

The IP and Registry Procedures are available on the Website, respectively, at the following addresses:

https://investor.bff.com/it/insider-information-procedure; https://investor.bff.com/it/insider-register-procedure;

¹² Available on the website at the following address: https://investor.bff.com/it/procedura-informazioni-privilegiate . 13Available on the website at the following address: https://investor.bff.com/it/insider-register-procedure

the BoD approved the " Group Code of Ethics " (the "Code of Ethics") aimed at (i) all those who hold representation, administration or management functions, or who exercise the management and control of the legal entity belonging to the Bank and to any other Group company, in all the countries in which the Group operates; (ii) all employees, without exception; and (iii) collaborators. price sensitive information to others without justified reason; and (ii) not to use confidential information for purposes not directly connected with the exercise of the professional activity carried out within the companies belonging to the Group. This information must be managed in a manner that guarantees compliance with current legislation on privacy. In particular, confidential information cannot be disclosed to third parties inside or outside the Group, unless such disclosure is necessary for the performance of one's duties or is requested by the Authorities in the context of official investigations.

6.0 INTERNAL COMMITTEES OF THE BOARD (pursuant to art. 123- bis, paragraph 2, letterd), TUF)

In compliance with Circular 285 and the Governance Code, the BoD has set up an internal Control and Risk Committee, a Remuneration Committee and an Appointments Committee, with investigative, consultative and propositional tasks in favor of the BoD , in order to support the latter in making decisions, especially with reference to more complex business sectors. With particular reference to the Control and Risk Committee, it should be noted that it has been assigned responsibility for matters of sustainability.

None of the functions that the Code attributes to the Committees has been reserved to the BoD . Furthermore, none of the Committees performs the functions of two or more committees envisaged by the Governance Code. The functions have been distributed among the Committees in a manner consistent with the provisions of the Governance Code, and in compliance with the Supervisory Provisions. Furthermore, the composition of the Committees was identified in order to avoid an excessive concentration of offices, while respecting the composition rules (majority or totality of independent Directors).

For a description of the characteristics of the aforementioned Committees, please refer to Sections 7.2, 8.2, and 9.2 of the Report, respectively as regards the Appointments Committee, the Remuneration Committee and the Control and Risk Committee.

In compliance with the Recommendation n. 11 of the Governance Code, the BoD approved the regulations of the Committees, which govern the operating rules, the methods for taking minutes of the meetings, the terms for the prior sending of the information and the methods for protecting the confidentiality of the data and of the information provided so as not to compromise the timeliness and completeness of the information flows.

In addition to the aforementioned Committees, the BoD has set up, in compliance with the provisions of the Consob Related Parties Regulation and Circular 285, the RPT Committee.

It should be recalled that in the composition of the Committees, the Board of Directors took into account the adequate combination of skills and professionalism, as well as the possession of characteristics suitable for the role to be filled, calibrated in relation to the operational and dimensional characteristics of the Bank. It also took into account the diversification of

responsibilities among all the Directors, so as to allow that each of them, both within the Committees of which they are part and in collective decisions, can effectively contribute, among other things, to identifying and pursuing appropriate strategies and ensuring effective risk governance in all areas of the Bank. In fact, an adequate degree of diversification, also in terms of age, gender and geographical origin, favors, among other things, the plurality of approaches and perspectives in analyzing problems and in making decisions, avoiding the risk of behaviors of mere alignment to prevailing positions, internal or external to the bank.

Composition of the RPT Committee

Pursuant to the "Regulations of the Committee for the Evaluation of Transactions with Related and Associated Parties", the OPC Committee is made up of n. 3 members appointed by the BoD, all independent pursuant to art. 148, paragraph 3, of the TUF and art. 2, Recommendation n. 7, of the Governance Code.

The RPT Committee is composed of Dr. Anna Kunkl, Dr. Giovanna Villa and Dr. Gabriele Michaela Aumann.

The duration of the RPT Committee is equal to that of the BoD. Therefore, it lapses upon termination of the Board itself. If one or more of its members leave office for any reason, the Board will replace them with its own independent members in accordance with the current legislation indicated above.

During the Financial Year, the RPT Committee met no. 9 times.

During 2024, indicatively n. 5 meetings, of which n. 2 have already been held (January 31, February 22, March 5, 2024).

In particular, during the year, the RPT Committee

examined quarterly reports with related parties
issued 4 non-binding prior opinions with reference to the conclusion of transactions with related parties of minor importance.

All RPT Committee meetings were held in the presence of at least one member of the Board of Auditors.

auditors

The OPC Committee has the resources necessary to carry out its functions.

For further detailed information, please refer to Table 2 - "Structure of the Board of Directors and Committees" in the appendix to the Report.

Functions of the OPC Committee

The RPT Committee constitutes a safeguard against the risk that the possible closeness of certain subjects to the Bank's decision-making centers could compromise the objectivity and impartiality of decisions relating to transactions with respect to the same subjects, with possible distortions in the resource allocation process, exposures of the Bank to risks that are not adequately measured or supervised, potential damages for Shareholders and stakeholders.

The RPT Committee has the task of expressing a prior opinion on the interest, convenience and substantial and procedural correctness of the transactions concluded with connected parties, pursuant to Circular 285 (the "Connected Parties"), and with related parties, pursuant to the Consob Related Parties Regulation (the "Related Parties"), and performs a role of assessment, support and proposal regarding the organization and performance of internal controls on the overall risk assumption and management activity towards Associated Persons and Related Parties, as well as for the general verification of the consistency of the activity with the strategic and management guidelines, all as better described in the " Regulation of the BFF Banking Group for the management of transactions with parties in conflict of interest " published on the website at the following link :

https://investor.bff.com/it/transactions-with-connected-subjects.

7.0 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS - APPOINTMENTS COMMITTEE

7.1. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS

SELF EVALUATION

BFF considers the self-assessment an important moment of reflection on the functioning of the Board of Directors and, more generally, of the corporate governance system, as it is aimed at assessing its effectiveness and identifying possible points for improvement, as well as identifying the optimal composition of the Board of Directors in view of its renewal.

In compliance with the provisions of Circular 285, as well as with art. 4, Principle XIV and related Recommendations of the Governance Code, the BoD defined the self-assessment process on the size, composition and functioning of the Board itself in the " Regulation on the self-assessment process of the Board of Directors ".

The Self-Assessment is carried out annually and at least every three years with the support of an independent professional who is entrusted with the task of supporting the Appointments Committee (which acts in coordination with the Chairman of the BoD) and the BoD in the Self-Assessment.

The Self-Assessment concerns the aspects relating to the composition and functioning of the Board and its internal Committees, also taking into account, among other things, the qualitative and quantitative composition, the size, the degree of diversity and professional preparation of the members, the presence of non-executive and independent members, the adequacy of the appointment processes and selection criteria, in order to verify and guarantee over time the most correct functionality and consequent effectiveness of the Board and the Committees, and to guarantee the effectiveness of a governance inspired by principles of sound and prudent management.

The 2023 Self-Assessment was carried out between August 2023 and October 2023 and was carried out with the support of Parente & Partners Srl in the person of Dr. Ferdinando Parente, as an independent expert (the "Consultant") who was entrusted with the task of supporting the Bank in the preparation of the Shareholder Guidelines.

In selecting the Advisor, the Board of Directors was assisted by the Appointments Committee.

The Self-Assessment was overseen by the Chairman of the Board of Directors and the Chairman of the Appointments Committee, who ensured the effectiveness of the activities carried out as well as the consistency of the manner in which they were carried out with the degree of complexity of the Board's work. The Self-Assessment was carried out in compliance with the Supervisory Provisions and the Governance Code (also incorporated in the 'Regulation of the Appointments Committee' and the 'Regulation on the Board of Directors' self-assessment process').

self-assessment process was divided into several phases:

compilation of questionnaires, prepared of the Consultant, relating to the composition and functioning of the BoD and the internal Board Committees. These questionnaires consisted of a series of closed-answer questions (which required the attribution of a vote from 1 to 5 on topics such as the composition, size and actual functioning of the Board of Directors) as well as a "comments" section for each individual question, in which the Directors could explain the votes assigned or bring any issues deemed relevant to the attention of the Consultant. - extra-board meeting (held on 28 September 2023) in which a first draft of the results of the
Self-Assessment was examined, in the presence of the Consultant, who illustrated the preliminary results of the same, as resulting from the reading of the questionnaires, in order to incorporate any preliminary observations;
said document, in line with best practices, was then analyzed and examined in depth, in the same day of the Independent Directors, who unanimously expressed their full agreement with the conclusions represented in the Self-Assessment observations and/or suggestions, which emerged during the extra-consultative meeting itself;
identification by the BoD, with the help of the Appointments Committee, of possible improvement actions.

Following the Self-Assessment, the aspects subject to evaluation, regarding in general the composition and functioning, were mainly considered adequate/good. The aspects referable to the evaluation of top management and committees recorded a partly of prevailing adequacy and partly of adequacy. The assessment relating to skills recorded a mainly adequate/good opinion. No section recorded a rating at the lower end of the "mostly adequate/good" range. The Self-Assessment exercise has allowed, also on areas of substantial adequacy, to highlight suggestions and/or food for thought from the Consultant, which the Board of Directors has evaluated, in order

to ensure continuous improvement of the functioning and composition of the Body of administration and of the Committees.

The parties involved in the self-assessment process were mainly: (i) the Chairman of the BoD; (ii) the Appointments Committee; (iii) the Consultant; and (iv) the Corporate Affairs Secretary , who contributed to the organizational aspects related to the Self-Assessment; and (v) the Independent Directors.

The Self-Assessment was overseen by the Chairman of the Board and the Chairman of the Appointments Committee, who ensured the effectiveness of the activities carried out as well as the consistency of the methods of implementation with respect to the degree of complexity of the BoD's work.

Following the publication, on 28 November 2022, by the Bank of Italy, of the "Orientamenti sulla composizione e sul funzionamento dei consigli di amministrazione delle LSI" (the "LSI Guidelines") - which set out the best governance practices observed by the Supervisory Authority as part of a cross-sectional survey on the corporate governance structures of less significant institutions (LSIs), during the year, the Bank defined and implemented specific governance initiatives, identified taking into account the best practices represented in the LSI Guidelines, as well as the outcomes of the board review.

In particular, the Bank took steps to:

organise induction sessions on the roles and responsibilities of directors, on the strategic plan, on the Bank's businesses, as well as on specific ESG and fintech issues, as better specified in section 4.7 of this Report
adopt the Regulation of Independent Directors' Meetings as better detailed in paragraph 4.7 of this Report;
improve the definition, within the regulations, of the tasks and duties attributed to the Chairmen of the Bodies and their respective members;
revise the approach whereby the Chairman of the Board of Directors is permanently invited to all committee meetings;
provide in the "Guidelines to Shareholders on the Qualitative and Quantitative Composition of the Board of Directors and for the Preparation of the List of the Board of Directors" for an adequate diversification of competences, taking into account the Bank's strategic objectives, size and

territorial context, taking into account operational and organizational characteristics, with the aim of guarding against the complex of corporate risks.

The Guidelines to Shareholders 2024, which were drawn up taking into account the results of the Self-Assessment and the LSI Guidelines, were published on the Website, in the 'Governance/Assembly Documents' section, more than 100 days in advance of the date of the Shareholders' Meeting.

SUCCESSION OF DIRECTORS

With reference to recommendation no. 24 of the Governance Code, it is recalled that in large companies, the BoD defines, with the support of the nomination committee, a plan for the succession of the CEO and executive directors which identifies at least the procedures to follow in the event of early termination of the office It is also represented that the BoD , pursuant to what is indicated in Circular 285 ¹⁴ , approved the " Succession plan for the Chief Executive Officer and for the Chairman ", most recently updated on 26 October 2023.

In particular, the aforementioned plan provides that:

"established the existence of circumstances that could constitute an impediment of the Chief Executive Officer, the Chairman convenes the BoD without delay, to ascertain the existence of a temporary impediment, or a definitive impediment and, therefore, declare the vacation period open. Following the above assessment;
without prejudice to the faculty of the Board of Directors to attribute to the Chief Executive Officer - powers wholly or partially different from the Powers of the CEO, the Board of Directors resolves - as an immediate solution to deal with the urgency of the vacation – the conferment to the Deputy Chief Executive Officer of the powers of the Chief Executive Officer on a temporary basis until the end of the vacation;
the Board of Directors establishes, for the case of Temporary Inability, to schedule a subsequent board meeting, within a reasonable term not exceeding 30 days, to verify the persistence of the conditions of Temporary Inability and the opportunity to adopt new measures if necessary;

¹⁴ which provides that in banks of larger dimensions or operational complexity, plans must be formalized aimed at ensuring the orderly succession in top management positions (e.g. chairman of the body with strategic supervision function, managing director, general manager) in the event of termination due to expiry of the mandate or for any other reason, in order to guarantee business continuity and to avoid economic and reputational repercussions.

if, following the decision of the Board of Directors which has ascertained a temporary impediment, circumstances arise which may constitute a definitive impediment, the Chairman urgently convenes the Board of Directors to ascertain this impediment and adopt the necessary resolutions to guarantee business continuity.

It should be noted that the Bank has adopted a management succession plan process capable of coping with emergency situations, thanks also to the dissemination of critical know-how, the constant maintenance and revision of the organizational structure, and the good diversification of the succession pipeline, both in terms of gender and in terms of nationality and age.

7.2. NOMINATION COMMITTEE

In order to bring its corporate governance model into line with the provisions of Circular 285, Recommendation no. 19 of the Governance Code, and the best governance practices in the sector, the Board of Directors set up an Appointments Committee in July 2014. The members of the Appointments Committee were appointed by the BoD on 25 March 2021 and integrated on 25 March 2022.

Composition and functioning of the nomination committee (pursuant to article 123- bis, paragraph 2, letter d), TUF)

Pursuant to the "Appointments Committee Regulation" (the "NC Regulation"), said Committee is made up of no. 3 (three) members of the BoD, all non-executive and the majority independent pursuant to the Articles of Association and the BoD Regulations (ie the TUF and the Governance Code), nominally: Domenico Gammaldi (Chairman), Monica Magrì¹⁵ and Dr. Federico Fornari Luswergh.

Dott. Domenico Gammaldi (Chairman) and Dott.ssa Magrì are independent both pursuant to art. 148, paragraph 3 – as referred to by art. 147-ter, paragraph 4, of the TUF, and by art. 2, Recommendation n. 7, of the Governance Code, and of the art. 13 of the Fit&Proper Decree .

Dr. Federico Fornari Luswergh is a non-executive Director.

The duration of the Committee is equal to that of the BoD . Therefore, it expires upon the termination of the Board itself. If one or more members of the Appointments Committee cease to hold office for any reason, the Board of Directors replaces them with its own members who meet the above requirements.

At meetings of the Control and Risk Committee are permanently invited to participate also:

the Chairman of the BoD; And
members of the Board of Statutory Auditors, so that the presence of at least one member of the control body is guaranteed.

¹⁵to effective February 10, 2022, the co-opted Director Monica Magrì replaced Eng . Poggiali and, the Assembly held on 25 March, confirmed his candidacy.

Until 27 June 2023, the date of the revision of the CN Rules, the Chairman of the Board of Directors was also permanently invited to attend meetings. According to the current provisions, the chairman may be invited to attend whenever deemed appropriate.

The functioning of the Appointments Committee is governed by the NC Regulation which provides, in particular, that the Committee meets, at the invitation of its Chairman or whoever takes his place, in the place fixed by him, preferably at the Bank's headquarters, by notice containing an indication of the items on the agenda, sent to all its members at least 3 (three) days before the meeting (unless urgent). The convocation is also sent to the Board of Statutory Auditors, whose members have the right to participate. The Chairman presides over the meetings of the Committee, prepares its work, taking care, among other things, of the transmission of the illustrative and explanatory documentation of the items on the agenda, directs, coordinates and moderates the discussion. In his absence, the Committee is chaired by its oldest member. The Chairman represents the Committee in the meetings of the BoD, and signs the reports and opinions submitted to them by the Committee itself.

All meetings of the Committee are minute by the secretary appointed from time to time, even from outside the members of the Committee itself. The minutes are jointly signed by the secretary and the Chairman of the Committee, archived in chronological order together with the documentation supporting the evaluations expressed by the Committee. At the first useful meeting, the Chairman informs the BoD of the decisions taken by the Committee.

During 2023, n. 10 meetings of the Appointments Committee.

During 2024, indicatively no. 11 meetings, of which two have already been held (respectively on 29 January and 6 and 26 February 2024).

For further detailed information, please refer to Table 2 " Structure of the Board of Directors and Committees " in the appendix to the Report.

In addition to the Secretary, the Chairman of the BoD, the Chairman of the Board of Statutory Auditors and/or a member of the Board of Statutory Auditors, the Consultant also participated in the work of the Appointments Committee - with reference to the Self-Assessment process.

Functions of the nomination committee

The Appointments Committee performs proposal and advisory functions to support the Board of Directors in the process of appointing and co-opting Directors and defining the List of the Board. To this end, the Appointments Committee assists the BoD , in coordination with the Chairman of the BoD , in the process of defining the optimal composition of the BoD , taking care that this reflects an adequate degree of diversification in terms, among other things, of competence, experiences, gender and international projection, and which is consistent and adequate with respect to the requirements established by current legislation, by the Articles of Association and by the Regulations of the BoD , as well as the results of the Self-Assessment process and the Diversity Policy of the BoD . The Appointments Committee performs, in particular, a consultative and proposing role in favor of the BoD in the process of:

preventive identification of the optimal qualitative and quantitative composition of the BoD, in compliance, among other things, with the provisions on gender equality. Having regard to the results of the Self-Assessment and the BoD 's Diversity Policy, it makes recommendations on the professional figures whose presence can favor the correct and effective functioning of the Board and contributes to the preparation of the Succession Plan and the definition of the BoD's List;
determination in compliance with the law, including regulations, in force pro tempore of the maximum number of administration and control positions, and assessment of the cases that should be implemented in derogation of the prohibition of competition provided for by art. 2390 of the Civil Code; And
verifies the correspondence between the composition of the BoD and that actually resulting from the appointment process.

In addition, the Nomination Committee provides assisting the BoD in the selection, every 3 years of the external professional expert in board evaluation, whose assignment is approved by the Board itself, after preliminary investigation by the Committee as regards the selection activities capable of ensuring independent judgment in the Self-evaluation process, in compliance with the Supervisory Provisions;

It is the duty of the Chairman of the Committee to report, on the occasion of the first useful meeting of the BoD, on the activities carried out from time to time by the Committee itself.

Furthermore, the Appointments Committee:

in the event of co-optation i.e., in the case of appointment, by the members in office, of directors who replace members of the BoD who ceased to hold office before the deadline on the basis, inter alia, of the BoD 's Diversity Policy , expresses its opinion on the suitability of the candidates who, on the basis of the analysis carried out in advance by the BoD , were deemed suitable to replace the outgoing director. This opinion is disclosed by the Bank to the Shareholders at the first Shareholders' Meeting following the co-option;
proposes to the BoD candidates for the office of Director in cases of co-optation, where it is necessary to replace independent Directors;
in the event of co-optation, it verifies in advance the existence of the requisites of integrity, professionalism and independence pursuant to the applicable regulations in force, the Articles of Association and the BoD Regulations, for candidates for the office of Director of the Bank ;
formulates an opinion to the Board of Directors regarding the resolutions concerning the possible replacement of the members of the Committees.

If the appointment of Directors is the responsibility of the Shareholders' Meeting (for example, natural expiry of the office or forfeiture of the entire BoD ), the provisions of the BoD Regulations , the BoD Diversity Policy and the " Regulation on 'Self-assessment ".

Pursuant to the NC Regulation, the Appointments Committee performs investigative, proposing, consulting and monitoring functions in support of the BoD with reference to the following governance processes:

appointment and co-option of Directors;
definition of the List of the BoD ;
Self evaluation;
verification of the professionalism, integrity and independence requirements of the Directors, as well as compliance with the limits on the accumulation of offices, possibly making use of the Compliance and AML Function to verify the offices declared suitable by the representative to benefit from the exemptions from the calculation of the limits, of which to the Regulation of the BoD and of the absence of causes of incompatibility also for interlocking purposes;

verifies the adequate availability of time to carry out the tasks envisaged by the articles 16, 17, 18 and 19 of the Fit & Proper Decree, acquiring - in the case of candidates or representatives with an employment relationship - a declaration in relation to the possibility of organizing their work independently and the pertinent availability of time
definition and updating of the Chairman and of the CEO Succession Plan;
monitoring the process of defining succession plans for senior executives and executives that are reporting directly to the CEO;
elaboration of the Diversity Policy of the BoD,

taking care to avoid that the decision-making processes of the BoD are dominated by a single person or by groups of persons who could be detrimental to the Bank.

The Appointments Committee is also assigned the functions (i) of monitoring also as regards the succession processes of "senior executives" and "executives" reporting directly to the CEO, and (ii) consulting and monitoring governance issues related to the maintenance of the internal governance model (among other things, through the supervision of the revision of the internal regulations concerning the corporate governance of the Bank, also at Group level).

During the Financial Year, the Appointments Committee has, inter alia:

supported the BoD in carrying out the checks following the appointment, regarding (a) the existence of the requirements of professionalism, integrity and independence; (b) the absence of causes of incompatibility for interlocking purposes pursuant to art. 36 of Legislative Decree 6 December 2011, n. 201 (the so-called "Save Italy Decree"); (c) compliance with the limit on the accumulation of offices pursuant to art. 7 of the BoD Regulation;
proposed to the BoD the appointment of the Consultant;
assisted the Chairman and the BoD in the Self-Assessment;
expressed its assessments to the Board of Directors on the results of the 2022 and 2023 Self-Assessment process, and on the CEO's succession plan;
verified the adequacy of the Regulations of the Appointments Committee and submitted some amendment proposals to the BoD for the purpose of adapting to the Governance Code.

As mentioned in section 1 of this Report, in anticipation of the expiry of the term of office of the Board of Directors - coinciding with the Shareholders' Meeting's approval of the financial

statements for the year ended 31 December 2023 - the Board of Directors resolved to avail itself of the right to submit its own list to the Shareholders' Meeting for the renewal of the same body and, consequently, to start the related process.

During the second half of 2023 and the first quarter of 2024, the Appointments Committee therefore supported the Board of Directors in the various stages of the process leading up to the presentation of the Board of Directors' list.

It has:

supported the Board of Directors in identifying the independent consultant - Spencer Stuart appointed to support the Board of Directors in the selection of candidates to be included in the List of the Board of Directors;
supported the BoD in identifying the personal, professional and independence characteristics considered optimal, as set forth in the Guidelines for Shareholders - drafted also on the basis of the results of the Self-Assessment 2023 - prepared with the support of the external consultant Parente & Partners;
prepared, with the support of Spencer Stuart, a list of potential candidates (so-called "long list" and "short list")
initiated individual interviews with potential candidates;
supported the BoD in the preliminary verification of the eligibility requirements of the candidates identified for the composition of the List;
submitted a proposed List to the BoD.

The Appointments Committee had the opportunity to access the information and corporate functions necessary for the performance of its duties.

8.0 REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE

8.1 REMUNERATION OF DIRECTORS

Information on remuneration policies is provided in Section I, paragraph 5 and Section II, paragraph 2.3.1 of the Remuneration Report to which reference is made.

Remuneration Policy

Information on the matter is given in Section I of the Remuneration Report to which reference is made.

Remuneration of executive directors and top management

Information on remuneration policies is provided in Section I, paragraph 3 and Section II, paragraph 2.3.1 of the Remuneration Report to which reference is made.

Stock-based compensation plans

Information on share-based remuneration plans is provided in Section I, paragraph 7.2.2.3 and in Section II, paragraphs 2.4 and 2.5 of the Remuneration Report to which reference is made.

Remuneration of non-executive directors

Information on share-based remuneration plans is provided in Section II, paragraph 2.3.1 of the Remuneration Report to which express reference is made.

8.2 REMUNERATION COMMITTEE

Information on the Remuneration Committee is given in full in the Remuneration Report in paragraph 1.4 to which express reference is made.

9.0 INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - CONTROL AND RISK COMMITTEE

The BoD has identified the CEO as the executive director in charge of supervising the functionality of the internal control and risk management system (SCI).

The SCI is a fundamental element of the overall banking governance system. It plays a central role in the organization and makes it possible to ensure effective monitoring of risks and their interrelationships, in order to guarantee that the activity is in line with company strategies and policies and is based on standards of sound and prudent management.

The Bank has adopted, at Group level, adequate management, and control mechanisms, in order to face the risks to which it is exposed. These safeguards are part of the organization and SCI discipline, aimed at ensuring management based on standards of efficiency, effectiveness, and correctness, covering all types of corporate risk, consistently with the characteristics, size and complexity of the activities performed.

The SCI adopted by BFF involves, each for their own competences:

the Board of Directors , which carries out a role of guidance and assessment of the adequacy of the SCI, and which has identified within it: (i) the CEO , as the person in charge of establishing and maintaining an effective Control System Internal and risk management (as specified in Section 9.2 of the Report), as well as (ii) the Control and Risk Committee , with the task of supporting, with an adequate preliminary activity, the assessments and decisions of the BoD relating to the Internal Control and risk management, as well as, inter alia , those relating to the approval of the periodic financial reports;
the RM Function and the Compliance Function e AML, with specific tasks in terms of internal control and risk management, articulated in relation to the size, complexity and risk profile of the Bank;
the IA Function, in charge of verifying that the SCI is functional and adequate;
the Financial Reporting Manager, with specific risk management and internal control duties associated with the consolidated financial reporting process;
the Board of Statutory Auditors, which supervises the effectiveness of the SCI;
the OdV , which is assigned the tasks of verifying, applying and updating the 231 Model.

The BoD defines and approves the guidelines of the SCI, in line with the strategic guidelines, the significant risks identified, and the risk appetite established by the same, also assessing that this SCI is able to grasp the evolution and interaction of business risks.

The BoD has defined the guidelines of the SCI, making sure that the main corporate risks are identified, managed and monitored in an appropriate manner. In particular, the Board assessed all types of risk at a consolidated level and approved their assumption in a structured manner for all Group entities, and for all the countries and markets in which it operates.

In this context, in compliance with the Supervisory Provisions, the BoD defines and approves the RAF on an annual basis, based on the model business and related risk profiles of each Group company, the budget, of the strategic plan, the ICAAP and the SCI, in order to ensure that operations at Group level develop within the identified risk profile and in compliance with national and international regulations.

The RAF therefore sets out, for each type of risk, the risk objectives or risk appetite that the Bank intends to adopt in order to pursue its strategic objectives, any tolerance thresholds and operating limits under both normal operating and stress conditions.

The BoD, therefore, with reference to each type of risk, in the RAF:

identified the set of risk appetite indicators and the related calculation metrics;
defined and approved the risk objectives, tolerance thresholds and risk governance policies;
has established operating limits consistent with the risk appetite;
ensured that the implementation of the RAF is consistent with the risk objectives and tolerance thresholds.

The BoD has ultimate responsibility for defining and executing the Recovery Plan. In particular:

evaluates and approves the recovery plan, as well as any changes or additions thereto;
approves the relevant internal regulations, as well as any amendments or additions thereto;
evaluates, on the basis of the information produced by the RM Function, the actual relevance of any tense situations at Group level, adopting the appropriate resolutions for the activation of the recovery plan and for the management of the state of crisis, through the appropriate recoveries options , or by deciding to manage the exceeding of the thresholds in the context of other risk governance measures ;

defines the operational powers regarding the management of the recovery plan , as well as the execution of the recovery options , to be assigned to the CEO or to another director delegated by the BoD ;
decides on the communication strategies (tools, recipients, timing), at the same time issuing a specific operating proxy to the CEO or another Director delegated by the BoD for the management and governance of communication within the crisis phase;
is the recipient of the reports and of a specific communication on the implementation and effectiveness of the recovery actions put in place;
resolves the closure of the recovery state ;
resolves on the possible initiation of malus and claw back actions against Group personnel, taking into account the internal and external regulations of the Group itself.

The BoD evaluates, at least on an annual basis, the completeness, adequacy, functionality and reliability of the SCI and, more generally, its compliance with the regulatory requirements.

The SCI was designed in line with the legal and regulatory framework, with the organizational structure of the Group and in line with national and international standards and best practices. In particular, in accordance with the provisions of the regulatory provisions, it is divided into the following three levels of supervision.

I. First level controls

The first level controls (so-called " line controls ") have the purpose of ensuring the correct execution of the operations and are carried out by the same operating structures that carry them out, with the support of IT procedures.

II. Second level checks

The second level controls (so-called " risk and compliance controls ") - aimed at ensuring the correct implementation of the risk management process and the compliance of company operations with the applicable regulations - are entrusted, respectively, to the RM Function and to the Compliance function e AML, which fulfill, in line with the current prudential supervisory regulations, the duties summarized below.

i) The RM Function : (i) ensures the consistency of the risk measurement and control systems with the processes and methods of corporate activities, coordinating with the corporate structures involved; (ii) presides over the implementation of the process for determining

capital adequacy; (iii) oversees risk management controls, in order to contribute to the definition of measurement methodologies; (iv) supports the Corporate Bodies in defining the RAF; (v) verifies compliance with the limits assigned to the various operating functions, and checks the consistency of the operations of the individual operating areas of the Bank, at Group level, with the risk-return objectives assigned.

ii) The Compliance and AML Function is an integral part of the reference framework relating to the set of controls set up by the Bank, in its capacity as Parent Company, for the governance and management of the risk of incurring legal or administrative sanctions, significant financial losses or reputational damage as a result of violations of mandatory rules (laws, regulations) or of self-regulation (e.g. statutes, codes of conduct, codes of self-discipline). More specifically, the Compliance and AML Function: (i) supervises, according to a risk- based approach , the management of the risk of non-compliance with the regulations, with regard to all the activities falling within the reference regulatory perimeter of the Bank, at Group, continuously assessing that the processes and internal procedures adopted are adequate to prevent this risk, and identifying the relevant risks to which the Bank and its Subsidiaries are exposed; (ii) guarantees an overall and integrated view of the non-compliance risks to which the Bank and its Subsidiaries are exposed, ensuring adequate disclosure to the respective Corporate Bodies. With regard to anti-money laundering and counter-terrorism powers, the Compliance and AML Function has the task of: (i) preventing and combating the implementation of money laundering and terrorist financing operations, also continuously identifying the applicable rules in this area ; (ii) verifying the consistency of the processes, with the aim of ensuring compliance by the Bank and the Subsidiaries with the rules aimed at combating money laundering and terrorist financing.

III. Third level controls

The internal auditing activities are carried out by the IA Function, placed under the staff of the Board of Directors. The IA Function carries out independent checks, as well as for the Parent Company and the Branches, for BFF FI, within the context of a specific service contract which regulates the provision of the audit service, and in an institutional context, as a Parent Company Function, for the BFF Polska Group . The ROA specifies that the IA Function, with a view to thirdlevel controls, evaluates the overall functionality of the SCI, bringing possible improvements to the

attention of the corporate bodies, with particular reference to the RAF, the risk management process, as well as to their measurement and control tools.

During the financial year, the Board, with the support of the Control and Risk Committee and with the approval of the CEO and the Board of Statutory Auditors, approved the " 2022-2024 BFF Bank Group Audit Plan " prepared by the IA Function.

the Financial Year, availing itself of the Control and Risk Committee, the BoD assessed the functioning of the ICS, in line with the Supervisory Provisions, judging it overall adequate, effective and effectively implemented with respect to the characteristics of the Bank and the Group. This judgment takes into account the plan for the implementation of the improvement points identified as a result of the checks carried out by the Corporate Control Functions.

9.1 CHIEF EXECUTIVE OFFICER

The role of director in charge of the establishment and maintenance of an effective SCI (the "Director in Charge ") was most recently entrusted with the resolution of the Board of Directors on 24 April 2018 to the CEO.

In particular, the Appointed Director, without prejudice to the provisions of the primary and secondary legislation of the banking sector:

has an understanding of all company risks and, in the context of integrated management, of their mutual interrelationships and with the evolution of the external context. In this context, he is able to identify and evaluate the factors, including the complexity of the organizational structure, from which risks for the Bank may arise;
implements the strategic guidelines, the RAF and the risk governance policies defined by the BoD, and is responsible for the planning, implementation and management of the SCI, in compliance with the Supervisory Provisions on the internal control system, continuously monitoring compliance;
implements the initiatives and interventions necessary to continuously guarantee the completeness, adequacy, functionality and reliability of the SCI, and brings the results of the checks to the attention of the Board of Directors;
deals with the adaptation of the SCI to the dynamics of the operating conditions and the legislative and regulatory panorama;
IA Department to carry out checks on specific operating areas and on compliance with internal rules and procedures in the execution of corporate operations, simultaneously notifying the Chairman of the Board of Directors, the Chairman of the Control and Risk Committee and the Chairman of the Board of Statutory Auditors ;
Control and Risk Committee (or to the BoD) on problems and critical issues that have emerged in the performance of its activity, or of which it has in any case become aware, so that the Control and Risk Committee (or the Board) can take the appropriate initiatives.

In concert with the Control and Risk Committee, monitoring, instruction and support functions were carried out for the BoD in order to:

the definition of the RAF, supervising the completeness, adequacy, functionality and reliability of the same and of the risk governance policies;
the guidelines of the internal control and risk management system, so that the main risks relating to the Bank and its Subsidiaries are correctly identified as well as adequately measured, managed and monitored;
the management of risks deriving from prejudicial facts of which the BoD has become aware;
the assessment, at least annually, of the adequacy of the internal control and risk management system with respect to the characteristics of the Bank and the risk profile assumed.

9.2 CONTROL AND RISKS COMMITTEE

In order to bring its corporate governance model into line with the provisions of Circular 285, the Code and the best governance practices in the sector, the The BoD established the "Risk Committee" ¹⁶, renamed, on 25 March 2021, to the Control and Risk Committee.

Pursuant to the " Control and Risk Committee Regulation " (the " CCR Regulation "), the Control and Risk Committee consists of no. 3 members of the Board, all non-executive and mostly independent, namely: Dr. Gabriele Michaela Aumann (Chairman), Dr. Federico Fornari Luswergh and Dr. Domenico Gammaldi.

It should also be noted that the Chairman, Dr. Gabriele Michaela Aumann, and Dr. Domenico Gammaldi are independent both pursuant to art. 148, paragraph 3 – as referred to in article 147- ter , paragraph 4, of the TUF, as well as in art. 2, Recommendation n. 7, of the Governance Code , and by art. 13 of the Fit&Proper Decree , while Dr. Fornari Luswergh is a non-executive Director.

The presidency of the JRC is attributed to Dr. Aumann, who has gained extensive expertise in accounting and finance and/or risk management, as verified by the BoD at the time of her appointment.

On that occasion, the BoD also ascertained the possession by all members of the CCR of knowledge, skills and experience such as to be able to fully understand and monitor the strategies and risk orientations of the Bank and the Group.

¹⁶With a resolution of the Board of Directors of 28 April 2016, the change was approved – with efficacy subject to the admission to listing (ie 7 April 2017) of the name of the Risk Committee to "Control and Risk Committee".

The duration of the Committee coincides with that of the BoD and, therefore, it expires upon termination of the Board itself.

If one or more members of the Control and Risk Committee cease to hold office for any reason, the Board of Directors replaces the outgoing members, ensuring the presence of at least two independent directors and at least one member with adequate experience in accounting and finance and/or risk management.

The operation of the Control and Risk Committee is governed by the CCR Regulation, most recently amended on 21 December 2023.

The meetings of the CRC are called by means of a special notice containing the items on the agenda, sent to all its members at least 3 days before the meeting (except in cases of urgency). The Control and Risk Committee must also be convened whenever requested by the Chairman of the Board of Statutory Auditors.

At meetings of the Control and Risk Committee are permanently invited to participate also:

as anticipated, the Chairman of the BoD ; And
the members of the Board of Statutory Auditors, so that the presence of at least one member of the control body is guaranteed.

The activity of the Control and Risk Committee is coordinated by the Chairman, who prepares the work of the Committee, chairs it and directs, moderates and coordinates its meetings. In his absence, the Committee is chaired by its oldest member.

All meetings of the Control and Risk Committee are minuted by the secretary, appointed from time to time, even outside its members; the minutes are signed jointly by the secretary - appointed from time to time and also chosen from among subjects external to the Control and Risk Committee – and by the Chairman of the Control and Risks Committee, archived in chronological order and adequately accompanied by the illustrative and explanatory documentation of the items on the agenda, on the basis of which the relative resolutions were adopted.

Of each meeting of the Control and Risk Committee information is given, by its Chairman, at the first possible meeting of the BoD.

For further detailed information, please refer to Table 3 " Structure of Board Committees at the end of the financial year " in the appendix to the Report.

Given that all the members of the Control and Risk Committee possess the professional requisites envisaged by current legal and regulatory provisions, at the time of appointment the Board of Directors, as anticipated, ascertained that Ms. Aumann possesses adequate experience in accounting and financial matters and/or risk management process.

At the invitation of the Chairman, the following may also participate in the meetings: the CEO, other Directors, and, after informing and coordinating with the CEO, the general manager (if appointed), the executives, the head of the Compliance & AML Department , the head of the RM Function and the head of the IA Function , the heads of other corporate functions, as well as other individuals whose presence is deemed useful or appropriate by the CRC.

The following were invited to participate in the meetings of the Committee - in addition to the Chairman of the BoD, until June 2023, when the Rules of Procedure of the Commitee stipulated that he would be invited to Committee meetings as a participant by right, and the members of the Board of Statutory Auditors - for the discussion of individual items on the agenda:

the CEO, in his capacity as Director in Charge (defined below );
the Director, Risk Management;
the Director, Compliance & AML;
the Director, Internal Audit;
the Director of Planning, Administration and Control, and Manager in Charge;
the CFO, Chief Financial Officer Officer;
the Group General Counsel & Business Legal Affairs;
the Vice President, Factoring & Lending;
the Vice President, Technology & Processes Improvement;
the Manager of the Regulation & Process unit;
the Director, Group Credit Evaluations;
the Director, Group Human Resources & Organizational Development;
the Director, Group Investor Relations, Strategy and M&A;
the Chairman of the OdV;

the representatives of the Independent Auditors;
the contact persons of Avvera Srl a company entrusted with the task of person in charge of the protection of personal data (Data Protection Officer ) at Group level.

Functions attributed to the Control and Risk Committee

The Control and Risk Committee performs proposal and consultative functions towards the BoD, in order to support, with an adequate preliminary activity, the assessments and decisions of the Board itself relating to the Internal Control and Risk Management System, and to the periodic financial reports.

Pursuant to the CCR Regulation and the applicable legislation in force, with particular reference to the tasks relating to risk management and control, the CCR performs support functions to the BoD in:

definition and approval of strategic guidelines and risk governance policies, including guidelines on climate and environmental risk management. Within the RAF, the Control and Risk Committee carries out the necessary assessment and proposal activities, so that the BoD, in compliance with the provisions of Circular 285 - and implemented in the ROA adopted by the Bank - can define and approve the Risk Appetite and the Risk Tolerance;
verification of the correct implementation of the strategies, risk governance policies ESGand the RAF, approved by the Board of Directors;
definition of policies and processes for assessing corporate activities, including periodic verification of the consistency of profitability and risks assumed by the Bank and the Group in transactions with customers, with respect to the business model and strategies defined by the Company on the subject of risk.

In assisting the BoD , the Control and Risk Committee , moreover:

making use of the contribution of the Appointments Committee, identifies and proposes to the BoD the Heads of the Corporate Control Functions to be appointed;
examines in advance the activity programs (including the audit plan prepared by the Internal Audit Function) and the annual reports of the Corporate Control Functions addressed to the Board of Directors ;

examines the periodic reports, concerning the assessment of the Internal Control System, prepared by the Corporate Control Functions;
expresses assessments and formulates opinions to the BoD on compliance with the principles with which the Internal Control System and the corporate organization of the Bank must be aligned, at Group level;
expresses assessments and formulates opinions to the Board of Directors on the requirements that must be respected by the Company Control Functions, and on specific aspects relating to the identification of the main company risks, bringing to the attention of the Board of Directors any weaknesses found and the consequent actions to be promoted. To this end, it evaluates the proposals of the CEO;
monitors the independence, adequacy, effectiveness and efficiency of the Corporate Control Functions;
contributes, through evaluations and opinions, to the definition of the company policy of outsourcing of the Corporate Control Functions;
verifies that the Corporate Control Functions correctly comply with the indications and guidelines established by the BoD , and assists the latter in drafting the ROA;
evaluates, together with the Financial Reporting Manager, having consulted the Independent Auditors and the Board of Statutory Auditors, the correct use of the accounting standards and their homogeneity for the purposes of preparing the consolidated financial statements as at 31 December of each financial year and interim financial statements;
examines the content of periodic information of a non-financial nature relevant for the purposes of the internal control and risk management system;
supports the BoD in assessing the suitability of periodic financial and non-financial information to correctly represent the business model, the Bank's strategies, the impact of its activity and the performance achieved, coordinating with any committee at which are assigned the functions related to Sustainable Success, where it does not coincide with the CRC itself;
supports the Board of Directors in assessing and investigating sustainability (ESG) issues related to the Bank's operations and in approving the Bank's strategic guidelines and policies on sustainability, including the social and cultural responsibility model and the fight against

climate change, helping to ensure the best control of risks and taking into account the objectives of sound and sustainable creation and distribution of value for the Bank's stakeholders;

supports, with an adequate preliminary activity, the assessments and decisions of the BoD relating to the management of risks deriving from prejudicial facts, of which the BoD has become aware. To this end, it meets, at least twice a year, the OdV , from which it acquires the half-yearly reports for information purposes only;
expresses opinions on specific aspects relating to the identification of the main company risks including risk profiles relating to the introduction of new products and services, or the launch of new Group activities adopted by the Bank or the proposal of new types of investments;
expresses further opinions on possible changes in the risk profiles of the new products, services and investments already introduced referred to in the previous point;
performs investigative, consultative and propositional functions on the subject of Sustainable Success and, more generally, supports the Board of Directors on issues relating to sustainability (with regard to ESG parameters) and, in particular, with regard to the NFS,;
periodically examines the updates on the progress of the interventions on the subject of sustainability and, , the consequent impacts on the DNF more specifically, with reference to the ESG action plan, as well as the activity put in place from time to time with respect to the objectives of the ESG plan in order to verify the actual degree of alignment with regulatory expectations, as well as the initiatives that the Group undertakes to implement over the years in order to achieve the full integration of climate and environmental risks, including with respect to the consequent impacts on the NFS;
submits to the BoD at least every six months, on the occasion of the approval of the annual and half-yearly financial reports, a report in which an assessment is expressed on the activity carried out, as well as on the adequacy of the Internal Control System;
on the occasion of the first useful meeting of the BoD, he reports on the activities carried out from time to time by the CCR.

The activity of the Control and Risk Committee has been further expanded starting from 22 December 2020 with the following activities: (i) examination of the content of periodic information of a non-financial nature relevant for the purposes of the internal control and management system of the risks; (ii) the meeting, at least twice a year, with the OdV , from which it acquires, for information purposes only, the six-monthly reports, with reference to the management of risks deriving from prejudicial facts; support to the BoD in assessing the suitability of periodic financial and non-financial information to correctly represent the business model , the Bank's strategies, the impact of its activity and the performance achieved, coordinating with any committee to which the functions inherent to sustainable success are attributed, where it does not coincide with the CRC itself; (iii) the performance of the duty of the chairman of the Committee to report, on the occasion of the first useful meeting of the BoD , on the activities carried out from time to time by the Committee itself.

During the financial year, n. 15 meetings of the Control and Risk Committee.

During 2024, indicatively no. 15 meetings, of which n. 3 were held respectively on January 29th January, February 7th and March 5th.

In carrying out its functions, the Control and Risk Committee exchanges all information of mutual interest with the Board of Statutory Auditors and, where appropriate, coordinates with the control body, furthermore, defines any information flows that must be addressed to it regarding risks, identifying the object, format and frequency and, where necessary, has the right to interact with the individual Company Control Functions, including the IA Function, depending on the issues identified, to carry out checks on specific areas operations, giving simultaneous communication to the Chairman of the Board of Statutory Auditors.

Furthermore, during the year, the Control and Risk Committee, without prejudice to the responsibilities of the Remuneration Committee, ascertains that the incentives underlying the remuneration and incentive system of the Bank and the Group are consistent with the RAF.

In relation to the recovery plan , the Control and Risk Committee: (i) expresses opinions in support of the Board, both in the preparation and updating of the Recovery Plan itself, and in the event of exceeding the thresholds and adoption of the recovery options ; (ii) monitors the implementation of the recovery options and informs the Board thereof; (iii) supports the CEO (or other specifically

105

delegated Director) and the BoD in defining communications, once the state of recovery has been declared.

During the Financial Year, the JRC, inter alia, has:

analyzed the quarterly Tableau de bord and related reports, presented by the Corporate Control Functions;
outsourcing of Important Essential Functions (EIF);
shared the review and update of the RAF, verifying its consistency with the 2023 budget;
whistleblowing " reporting systems;
examined the half-yearly reports of the OdV;
examined the proposed amendments to the " Audit Model " as well as to the " Three-year Plan of the Internal Audit Function (2022-2024)";
analyzed the informative presentation to the public " Pillar 3";
formulated its opinion on the aspects pertaining to the annual " Annual report on corporate governance and ownership structure";
examined and shared the ESG approach and related updates;
examined the reports prepared by the Corporate Control Functions, and reported the contents deemed relevant and its own observations and assessments in this regard to the Board of Directors;
examined the annual reports of the Corporate Control Functions;
positively evaluated and informed the BoD of the level of completion of the control activities carried out in the previous year on the companies belonging to the Group by the individual Company Control Functions;
having acknowledged the report of the IA Function on incentive remuneration policies and practices for the Financial Year;
with reference to the consistency of the remuneration and incentive systems with respect to the RAF, examined, inter alia: (i) the " Remuneration and incentive policy in favor of the members of the Strategic Supervision, Management and Control Bodies and of the personnel of the BFF Group" , and (ii) the incentives underlying the Group's remuneration and incentive system, assessing them in line with the RAF;

verified together with the Financial Reporting Manager and in coordination with the Board of Statutory Auditors and having consulted the Independent Auditors – the correct use of the accounting standards for the preparation of the draft individual and consolidated financial statements as at 31 December 2022, as well as for the preparation of the individual accounting statements and the consolidated half-year financial report as at 30 June 2023, considering them correct and in continuity with the previous years;
examined the update of the recovery plan, prepared by the RM Department acknowledging and evaluating the Recovery Plan consistent with the Group's business model, as well as with the RAF and the ICAAP;
shared the review and update of the RAF as a result, inter alia, of updates to the supervisory regulations (for example, on the subject of Internal liquidity Adequacy Assessment Process – ILAAP);
reviewed the changes to the "Policy Impairment test of goodwill";
examined the "Group policy on the prevention of usury and the judgment of regulatory compliance expressed in this regard by the Compliance and AML Function ;
examined the update of the internal regulations of the Bank and its branches on anti-money laundering and the fight against the financing of terrorism;
acknowledging the updates to Model 231;
having acknowledged the results of the ICAAP/ILAAP Report, and the related opinion expressed by the IA Function, evaluating them consistent with the guidelines of the business plan and the 2022 budget , as well as with the RAF and the SCI;
having acknowledged the annual report on the important outsourced operational functions, prepared by the IA Function, and the favorable opinion expressed by the Board of Statutory Auditors, proposing its approval to the BoD and timely transmission to the Bank of Italy;
having taken note of the updates relating to the relevant internal regulations;
prepared and approved its half-yearly reports to the BoD on the activity performed, and on the adequacy of the internal control and risk management system.

In carrying out its functions, the Control and Risk Committee has the right to access corporate information and can interact directly with the individual Corporate Control Functions, depending on the issues identified, for the performance of specific controls.

The Committee has the right to make use of external consultants, if it deems it necessary.

9.3 HEAD OF THE INTERNAL AUDIT FUNCTION

Dr. Gianluca Poletti holds the role of Head of the IA Function from 17 July 2023 as per the board resolution of 11 May 2023.

The " Internal Audit Regulations " provides that the Head of the IA Function is appointed by the Board of Directors, on the proposal of the Control and Risk Committee, which avails itself of the contribution of the Appointments Committee, having consulted the Board of Statutory Auditors and after assessing the requisites of authority, professionalism, and independence ¹⁷. The Head of the IA Functioncarries out management and coordination activities not only for the Parent Company, but also for the subsidiaries BFF Finance Iberia, BFF TechLab and BFF Immobiliare, within the scope of the specific service agreements signed by the Bank with the subsidiaries; as well as the Internal Audit function of the subsidiary BFF Polska. .

The Board, subject to the favorable opinion of the Control and Risk Committee and having consulted the Board of Statutory Auditors, approved the remuneration of the Manager of the IA Department, and ensures that said Manager is equipped with the human and economic resources adequate to perform his duties.

The remuneration of the Head of the IA Function it is defined by the BoD, on the proposal of the Remuneration Committee, in line with the Remuneration Policy, and in compliance with the legislation on remuneration and incentives ¹⁸. The remuneration policies envisaged for the Manager of the IA Function, in compliance with the Remuneration Policy, provide for the exclusion of said Manager from the stock option plans, as well as the attribution of the variable part of the remuneration within the limit of one third of the fixed part , within the scope of criteria and parameters unrelated to the Bank's economic results.

In order to guarantee his independence, the Head of the IA Function does not have direct responsibility for operating areas nor is he hierarchically dependent on subjects responsible for

¹⁷The appointment procedure referred to above complies with the Supervisory Provisions, which prevail over those of the Governance Code, according to which the proposing role of the person who has to fill the position of Head of the Internal Audit Function belongs to the Control and Risk Committee.

¹⁸ Also in this regard, the process of determining the remuneration of the Head of the Internal Audit Function was identified pursuant to the Supervisory Provisions, which prevail over those of the Governance Code, according to which the proposal role belongs to the Remuneration Committee.

operating areas, reporting hierarchically only to the BoD.

The Head of the IA Function verifies, both on an ongoing basis and in relation to specific needs and in compliance of the audit methodologies approved by the Board, the functionality of the internal control and risk management system, through the audit plan approved by the BoD , based on a structured process of "prioritization" of the main of audit activities ("risk based" approach ) with value for the Group.

audit plan, as required by the Internal Audit Regulations, is multi-year, and indicates the control activities planned over a three-year period and according to a " process " logic oriented". The audit plan is updated whenever the need is deemed necessary, at the request of the Corporate Bodies, of the SB and/or at the proposal of the Head of the IA Function. The plan is reviewed annually by the head of the IA Department and approved by the Board of Directors.

The Head of the IA Function submitted a quarterly " Tableau de bord " to the Corporate Bodies and the CCR which summarizes the results of the audit and follow-up activities (any deficiencies found, level of problems, corrective actions, timing and owner) concerning the Bank, the Subsidiaries and the Branches. This information is promptly sent to the Bank of Italy.

Furthermore, the Head of the Internal Audit Function, as required by the " Regulations of the Internal Audit Function ", reports with the following periodicity:

annually, to the Board of Directors and to the Board of Statutory Auditors of the Bank, in its capacity as Parent Company, on the results of the checks carried out on the Group as a whole and on the individual Subsidiaries. The annual report is promptly sent to the Bank of Italy;
periodically, to the administrative body of BFF Finance Iberia, on the audit activity carried out on the basis of a service contract;
annually, to the BoD, with the considerations of the Board of Statutory Auditors, on the verification activity carried out on the Important Outsourced Functions (so-called EIF), on any deficiencies or anomalies found, and on the consequent corrective actions taken. The information is promptly sent to the Bank of Italy;
annually, to the Shareholders' Meeting, on the compliance of the remuneration practices with the approved policies and the reference legislation, after having read the report of the IA Function by the Remuneration Committee, the Board of Statutory Auditors and the BoD ;

annually, to the Corporate Bodies, on the correct functioning of the internal reporting systems (so-called whistleblowing);
periodically, to the BoD, on the audit report on related parties, after having been examined by the RPT Committee.
periodically, to the board of directors of BFF Finance Iberia, on the audit activity carried out on the basis of a service contract.

As part of the recovery plan preparation process, the IA Function supports the assessments of the Control and Risk Committee and the Board of Statutory Auditors, based on the checks carried out. The AI Function collaborates on an ongoing basis with the other corporate control functions of the Parent Company and the Subsidiaries, as well as with the Board of Statutory Auditors and with the OdV.

IA Function, as manager of the internal reporting systems (so-called whistleblowing), is required to draw up an annual report on the correct functioning of the internal reporting systems, containing aggregate information on the results of the activity carried out following the reports received, which must be approved by the Corporate Bodies and made available to the Bank's staff.

Pursuant to the "Internal Audit Function Regulations", the Head of the Function can directly communicate the results of the checks and assessments to the corporate bodies.

The Head of the IA Function has a specific annual budget approved by the BoD , which he can use independently to carry out his activities within the Group. This budget for specialist support relating to the Bank and its branches, as well as its foreign subsidiaries, totaled approximately Euro 180,000 for the year 2023.

During the Financial Year, the Head of the IA Function carried out the verification activities envisaged by the "Three-year Audit Plan 2022-2024", both on the Bank and on the Subsidiaries and on the Branches, carrying out the follow-up activity on an ongoing basis on all the Group companies. Furthermore, during 2022, the Head of the Internal Audit Function has:

audit methodology, updating the "BFF Banking Group Internal Audit Manual", approved by the Board of Directors of the Parent Company;

collaborated with the other control functions and with the Financial Reporting Manager, also by transmitting the reports of his own activity;
interacted with the Control and Risk Committee, with the Board of Statutory Auditors and with the OdV (of which he is also a member), reporting on his work and transmitting periodic reports on the activity performed. It has also maintained contacts with the Independent Auditors;
interacted with the Bank's management, to share the audit activity with the process managers, and transmitting the monthly follow-up report ;
prepared and implemented training plans for the personnel of the internal audit function of the Parent Company and of BFF Polska, in order to promote their professional growth;

9.4 ORGANIZATIONAL MODEL pursuant to Legislative Decree 231/2001

Decree 231 introduced the principle of the administrative liability of entities for certain crimes which, although committed by subjects who perform functions of representation, administration or management or by persons subject to the management or supervision of the latter, can be considered directly connected to the entity as committed in its interest or to its advantage. Decree 231 provides for the exemption from this form of liability of those entities that have adopted and effectively implemented organizational and management models suitable for preventing the aforementioned offences.

Model 231 adopted by the Bank - available at the following link : https://investor.bff.com/it/model of-organisation-d-lgs-231-2001 - provides, in the first place, a "General Part" which includes, in addition to a brief description of the contents of the Decree 231, the characteristics and essential components of Model 231, the functions and powers of the SB , the system of information flows and communications from/to the SB , the system of sanctions for violations of the provisions contained therein, and the communication obligations of Model 231 and personnel training.

The 231 Model provides for some "Special Sections", structured as follows: (i) a "Special Section I - Matrix of activities at risk of crime" , with the purpose of identifying the types of crimes that can potentially be committed in carrying out the activities for which it is responsible of the Issuer; (ii) a " Special Part II - Protocols ", which sets out the activities, controls and reporting mechanisms aimed

at guaranteeing the adequacy of the organizational and control system of the Issuer and its Branches to Decree 231; and (iii) a " Special Section III - Information flows to the Supervisory Body ". The Bank has also adopted, at Group level, the Code of Ethics which expresses the founding values and the rules of corporate ethics to be observed and affirms ethical-behavioral principles also suitable for preventing the unlawful conduct referred to in Decree 231, thus acquiring relevance also for the purposes of Model 231, and constituting a complementary element.

The Bank has also adopted the "Group Anti-Corruption Policy", which defines the principles on anticorruption, the roles and responsibilities for managing the risk of corruption within the activities carried out by the Bank and its subsidiaries and identifies the activities and areas most at risk of corruption. Following the entry into force of the Anti-Corruption Policy, provision has been made for the inclusion of a clause in contracts with third parties which provides for the termination of the contract if the counterparty is involved in acts of corruption or violates the contents of the aforementioned Policy.

BFF FI has adopted its own organizational model compliant with art. 31- bis of the Spanish Penal Code (the " 31-bis Model "), structured in a similar manner, as far as compatible, to the Bank's 231 Model (i.e., with a general part, a special part with a matrix of assets at risk, and a part relating to information flows). As part of the approval of Model 31- bis, a specific local supervisory body was also appointed, set up in monocratic form.

As far as BFF Polska is concerned, in compliance with Polish regulations, precise guidelines have been adopted to oversee anti-corruption issues, with the identification of a specific monocratic body in charge of this, represented by the local compliance & AML function.

As at 31 December 2023, the OdV was composed of Dr. Marina Corsi (professional external to the Group), who holds the role of Chairman, Dr. Silvio Necchi (professional external to the Group) and Dr. Gianluca Poletti (Head of Internal BFF audit from July 17, 2023).

The OdV is also kept constantly updated, as far as it is responsible, on projects of strategic importance for the Bank and in relation to the evolution of the organizational structure of the Bank and of the Group.

9.5 AUDITING FIRM

The company responsible for auditing the Bank's accounts is KPMG SpA The assignment was conferred by the Shareholders' Meeting, on a reasoned proposal from the Board of Statutory Auditors, on 2 April 2020, for the financial years from 2021 to 2029. The Shareholders' Meeting conferred the assignment of auditor of the annual financial statements, of the half-yearly situations as well as of the controls pursuant to Legislative Decree 39/2010.

The BoD , having consulted the Board of Statutory Auditors, evaluated and acknowledged (i) the opinions relating to the individual and consolidated financial statements of the Bank as at 31 December 2023 (both included, respectively, in the draft individual and consolidated financial statements which will be published by 28 March 2024 on the Website between the shareholders' meeting documentation, and (ii) the additional report addressed to the Board of Statutory Auditors pursuant to Article 11 of Regulation (EU) No. 537/2014.

Finally, he reports that the Board of Statutory Auditors has, in turn, issued its report pursuant to art. 153 of the TUF which has also already been published on the website in the shareholders' meeting documentation.

9.6 THE CHIEF REPORTING OFFICER OF PREPARING CORPORATE ACCOUNTING DOCUMENTS AND OTHER CORPORATE ROLES AND FUNCTIONS

Following the positive eligibility assessment made by the Bank of Italy in compliance with the Decree Fit & Proper, effective from 1 October 2022, Dr. Giuseppe Manno (who is mainly responsible for the duties described in Section 11 in relation to the financial reporting process) assumed the role of Financial Reporting Manager,.

The appointment of Dr. Manno was arranged , pursuant to art. 18 of the Articles of Association, by resolution of the Board, subject to the favorable opinion (mandatory and non-binding) of the Board of Statutory Auditors, the Control and Risk Committee and the Appointments Committee - jointly meeting - and, following verification of possession of the requisites of integrity and professionalism foreseen for this role by the Articles of Association, by current legislation , as well as by a proven multi-year experience in administration, finance and control, gained from 2002 to today, in the preparation of financial statements and budgets , in management control, in reporting systems and in tax area.

The Financial Reporting Manager is given adequate powers and resources to carry out the duties assigned to him by law. In this regard, the BoD supervises the effective availability by the Financial Reporting Manager of these means and powers, in compliance with the accounting procedures (Article 154- bis , paragraph 4, of the TUF).

The manager:

accesses all relevant or necessary information for the purpose of carrying out his duties. Therefore, he may request information, data or processing of the same from all the corporate structures of the companies included in the scope of consolidation;
is invited to take part in each meeting of the Board of Directors of the Parent Company which has on the agenda the approval of the financial statements, the consolidated financial statements, the half-yearly financial reports, or other data/decisions relevant to the certifications that he is required to supply. The Financial Reporting Manager is also invited to attend the shareholders' meetings whenever it is deemed appropriate by the Chairman of

the Board of Directors or by the CEO, or if the agenda includes topics of relevance to accounting reporting;

has access to the minutes/documents of the BoD meetings of all the Subsidiaries included in the scope of consolidation.

The Financial Reporting Manager, in addition to holding a managerial position with a hierarchical level reporting directly to the CEO, has the power to:

carry out checks on corporate processes with a direct or indirect impact on the formation of periodic financial reports;
be assisted, where necessary, by other corporate structures functional to the management of the SCI (e.g. AI, RM, ICT, etc .);
propose changes to the corporate processes and procedures of which the Financial Reporting Manager is not process owner , including IT ones, which have an indirect impact on the formation of reporting .

The BoD annually determines the budget to be allocated to the Financial Reporting Manager.

The Financial Reporting Manager is burdened with the duty of timely reporting to the Chairman of the BoD of the need to make any adjustments or additions to his budget . To this end, in an emergency, the budget assigned to the function of the Financial Reporting Manager may be exceeded by the latter - with immediate communication to the Chairman of the BoD , and subsequent approval by the BoD itself -.

The Head of the Risk Management Function

The " Regulation of the Risk Management Function " provides that the Head of the RM Function is appointed by the Board of Directors, having consulted the Board of Statutory Auditors, after assessing the requirements of independence and integrity, autonomy and professionalism, and in compliance with the procedures set out in the Supervisory Provisions, therefore, on 28 May 2020, the Board of Directors appointed Mr. Marco Piero as Head of the RM Function ¹⁹ .

With regard to powers, the RM Function, in compliance with company procedures governing the manner in which appointments to third parties are made, subject to a reasoned request and approval of the CEO, may make use of specialist resources, including external ones, in carrying out its activities.

The MRI function has an annual expenditure budget which is agreed with the CEO, also based on the annual activity program presented to the Board of Directors.

Within the same Function, the Validation & Credit Monitoring Area was set up, with the aim of guaranteeing greater independence in validation and credit control activities, and the ICT Risk & Security Area, with the aim of guaranteeing greater control of ICT-related risks in order to comply with regulatory provisions following the Bank of Italy's Supervisory instructions.

The RM Function operates autonomously and independently on the basis of its own activity plan approved by the Board of Directors. In this regard, the RM Function:

operates autonomously and independently, on the basis of an annual activity program approved by the Board of Directors;
if possible risk situations are detected, it carries out the appropriate verification activities even outside the approved Annual Activity Plan;
has the necessary resources to detect effective risk management;
has the maximum collaboration of the other corporate structures;
has resources qualitatively (in terms of technical-professional skills and updating) and quantitatively (in numerical terms) adequate for the tasks to be performed;

¹⁹The appointment took place on the proposal of the then "Risks Committee", having consulted the Board of Statutory Auditors, after assessing the requirements of independence and integrity, autonomy and professionalism, and in compliance with the methods set out in the Supervisory Provisions.

in addition to the resources that he hierarchically coordinates, he can make use of resources located in different corporate structures who report directly to him for matters relating to the tasks of the RM Function;
has access to all the activities carried out by the Bank and by the Subsidiaries, and to any information deemed relevant, as well as to the corporate and external data necessary to carry out its duties appropriately;
has a separate organization from the Compliance & AML Function and the Internal Audit Function;
collaborates on an ongoing basis with the other corporate control functions of the Parent Company and the Subsidiaries, as well as with the control bodies and with the OdV ;
guarantees the confidentiality of the information acquired.

The RM Function makes use of suitable IT tools, paying particular attention to the analysis of the most relevant risks.

The Head of the RM Function reports directly to the Corporate Bodies. In particular, he has direct access to the Board of Directors and the Board of Statutory Auditors and communicates with them without restrictions or intermediaries.

The Head of the Compliance & AML Function

The " Regulations of the Compliance & AML Function " provides that the Head of the Compliance & AML Function is appointed by the Board of Directors, having consulted the Board of Statutory Auditors, after assessing the requirements of independence and integrity, autonomy and professionalism, and in compliance with the methods referred to in the Vigilance. In compliance with this procedure, on February 17, 2021, the Board of Directors appointed - with effect from March 5, 2021 - Atty. Michela Della Penna as Head of the Compliance & AML Function e Responsible for "Suspicious Transaction Reporting".

With regard to powers, the Compliance & AML Function in compliance with company procedures governing the manner in which appointments to third parties are made, upon justified request, and subject to the approval of the CEO, can make use of specialist resources, including external ones, in carrying out its activities.

The Compliance & AML Department has an annual expenditure budget that is agreed upon with the CEO, which also depends on the annual activity programme submitted to the Board of Directors.

The Compliance & AML Function operates autonomously and independently based on its own activity plan approved by the BoD. In this regard, the Compliance & AML Department :

has the maximum collaboration of the other corporate structures;
has resources qualitatively (in terms of technical-professional skills and updating) and quantitatively (in numerical terms) adequate for the tasks to be performed;
has access to all the activities carried out by the Bank and by the Subsidiaries and to any information deemed relevant, as well as to the corporate and external data necessary to carry out its duties appropriately;
has a separate organization from the IA Function , being subject to verification by the latter Function;
collaborates on an ongoing basis with the other corporate control functions of the Parent Company and the Subsidiaries, as well as with the Board of Statutory Auditors and with the OdV;
guarantees the confidentiality of the information acquired.

The Head of the Compliance & AML Function reports directly to the Corporate Bodies. In particular, he has direct access to the Board of Directors and the Board of Statutory Auditors, and communicates with them without restrictions or intermediaries.

9.7 COORDINATION BETWEEN PERSONS INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

The ROA defines in detail the duties and responsibilities of the Corporate Bodies and of the Corporate Control Functions, as well as the information flows between the various Functions/Bodies and between these and the Corporate Bodies, and are specified, in the event that the areas of control present areas of potential overlap or allow for the development of synergies, methods of coordination and collaboration.

As regards the regulation of information flows between the Corporate Bodies and the Corporate Control Functions, please refer to Attachment A -" Information Flows " in the appendix to the ROA. In line with the rules contained in the Supervisory Provisions on the control system, the Bank has identified some formalized moments of coordination between the Corporate Control Functions, for the purpose of:

promote the understanding and correct assessment of company risks;
plan future control activities between Company Control Functions;
identify shared remediation actions.

In order to provide for an integrated management of corporate risks, convening an internal meeting (so-called " Risk Meeting ") is contemplated, at least quarterly and/or on an event basis, with the aim of sharing between the Corporate Control Functions (and the other corporate Functions) the risks identified during the verification activity carried out by the Corporate Control Functions. These meetings are also scheduled following the information flows between Corporate Control Functions and strengthen the supervision of the various types of risk to which the Bank is exposed. In view of the risks identified, on the basis of an agreed agenda, the participating departments share:

remediation actions uniquely identified among all participants;

a summary of the risks identified by the participating functions and the actions necessary to mitigate the risks.

These meetings are also aimed at avoiding overlapping of common activities, while allowing constant monitoring of the implementation status of the mitigation actions themselves. The Bank pays specific attention to the articulation of information flows between the Corporate Control Functions. In particular, the heads of the RM Function and of the Compliance Function and AML inform the Head of the IA Function of the critical issues detected in their activities, which may be of interest for the audit activity . The Head of the IA Function , in turn, informs the heads of the other Corporate Control Functions of any inefficiencies, weaknesses or irregularities that emerge during the course of the activities under his/her responsibility, and regarding specific areas or matters within the latter's competence.

The Board of Statutory Auditors is invited to participate in the meetings of the CRC.

For further information, please refer to the ROA available on the Website at the following address: https://investor.bff.com/it/regulation-of-the-board-of-administration .

10.0 DIRECTORS' INTERESTS AND TRANSACTIONS WITH RELATED PARTIES

In compliance with the provisions of art. 2391- bis of the Civil Code, the Consob Related Parties Regulation, and Circular 285, the Board of Directors has approved (effectively subject to the Listing), subject to the favorable opinion of the RPT Committee and the Board of Statutory Auditors, in accordance with the Consob Related Parties Regulation, the " Regulation of the BFF Banking Group for the management of transactions with parties in conflict of interest " (the " OPC Regulation ") ²⁰ .

The RPT Regulation pursues the objective of overseeing the risk that the possible proximity of certain subjects to the decision-making centers of the Bank could compromise the objectivity and impartiality of the decisions relating to transactions with regard to the same subjects, with possible distortions in the process of allocation of resources, exposure of the Bank to risks that are not adequately measured or supervised, potential damages for shareholders and stakeholders.

The RPT Regulation governs, inter alia, (i) the scope of Related Parties, Associated Persons and company representatives pursuant to art. 136 of the TUB; (ii) the perimeter of the transactions with the parties indicated in point (i); (iii) the procedures applicable to transactions with these parties in relation to their significance - with particular reference to their operational management from the preliminary fulfilments up to the decision-making process -; (iv) the safeguards adopted by the Issuer with reference to transactions with Related Parties and Associated Persons; (v) the identification of the prudential limits within which the assumption of risk assets with respect to Associated Persons must be contained; (vi) the exemptions and derogations from the procedures thus defined; (vii) procedures for updating procedures; (viii) the information flow, internal and external, also to the public, and the consequent fulfilments.

With regard to meetings, the chairman of the RPT Committee (i) formulates the agenda, convenes and chairs the meetings, organizes their work and provides advance information so that its members can act in an informed manner; (ii) directs, coordinates and moderates the debate; (iii) reports to the BoD on behalf of the RPT Committee; and (iv) represents the Committee itself in

²⁰ The RPT Regulation is available on the website at the following address: https://investor.bff.com/it/operazioni-con-soggetti-affiliti

relations with the other corporate bodies, being also able to sign reports and opinions on behalf of the RPT Committee to be submitted to the BoD .

During the financial year, n. 8 meetings of the OPC Committee.

During 2023, indicatively n. 5 meetings.

For further detailed information, please refer to Table 3 "Structure of the Board Committees at the end of the financial year" in the appendix to the Report.

In addition, the BoD approved, subject to the favorable opinion of the RPT Committee and the Board of Statutory Auditors, the " Internal control policies adopted by BFF Banking Group for the management of conflicts of interest " (the "OPC Policy").

The RPT Policy establishes the guidelines to ensure that the organizational structures of the Group and the ICS guarantee constant compliance with the prudential limits and the decision-making procedures established by the applicable legislation.

To this end, the RPT Policy regulates the control processes aimed at guaranteeing the correct measurement, monitoring and management of the risks assumed by the Group towards Associated Persons and Related Parties, as well as verifying the correct design and effective application of the internal policies, identifying the roles and responsibilities of the Corporate Bodies, the Corporate Control Functions and the OPC Committee.

In particular, the OPC Policy sets itself the objectives of:

identify, in relation to the operational characteristics and strategies of the Bank, at Group level, the sectors of activity and the types of relationships of an economic nature, including those other than those involving the assumption of risk assets, in relation to which conflicts of interest;
establish risk propensity levels consistent with the strategic profile and with the organizational characteristics of the Bank, at Group level, also in terms of the maximum extent of risk assets towards Associated Persons deemed acceptable in relation to regulatory capital, with reference to all exposures to all Connected Persons;
set up and regulate organizational processes aimed at: (i) identifying and registering in full the Associated Persons and Related Parties, and at recognizing and quantifying the related transactions at each stage of the relationship; ( ii) guarantee the correct measurement and

management of the risks assumed towards the Associated Persons themselves and towards the Related Parties, and verify the correct design and effective application of the internal policies.

11.0 BOARD OF STATUTORY AUDITORS

11.1 APPOINTMENT AND REPLACEMENT

The Articles of Association ²¹provide that the Board of Statutory Auditors is composed of no. 3 effective members and n. 2 substitutes, appointed on the basis of lists that must be deposited at the registered office at least twenty-five days before the date fixed for the Shareholders' Meeting by many Shareholders who, alone or together with other shareholders, represent at least 2% of the Shares with voting rights in the ordinary Shareholders' Meeting, or the lower amount required by the regulatory discipline issued by Consob for the presentation of the lists of candidates for appointment to the BoD . The lists are accompanied by the curricula of the individual candidates and by the declarations of acceptance of the candidacy, certifying the existence of the requisites prescribed by law and by the Articles of Association. The reference legislation provides, in particular, that: (i) the candidates must possess the requisites of integrity, professionalism and independence pursuant to Article 148, paragraph 3, of the TUF, as well as comply with the provisions regarding the accumulation of offices pursuant to the Fit & Proper Decree, and that (ii) those who hold positions in bodies other than control bodies in other Group companies, as well as in companies in which the Bank holds, even indirectly, a shareholding cannot be members of the Board of Statutory Auditors strategy (as qualified by the Supervisory Provisions), nor those who hold the office of director, manager or officer in companies or entities, or, in any case, collaborate in the management of companies, which operate, directly or indirectly, and also for through subsidiaries, in the same sectors as the Bank.

THE members of the Board of Statutory Auditors must possess the requisites of integrity and meet the criteria of correctness, professionalism, and the requisites of competence and independence established by the Fit & Proper Decree .

The composition of the Board of Statutory Auditors must also comply with the criteria of adequate collective composition of the bodies pursuant to art. 11 of the Fit & Proper Decree .

Each member of the Board of Statutory Auditors must observe the limits on the accumulation of offices pursuant to art. 17 of the Fit & Proper Decree , which provides that they cannot cover,

²¹ Articles 22 and following.

alternatively, more than:

no. 1 executive assignment and n. 2 non-executive positions;
no. 4 non-executive positions.

For the purposes of calculating the above limits, the position held at the Bank is also taken into account.

The limits on the accumulation of offices must also be verified taking into account the exemptions and methods of aggregation of offices pursuant to art. 18 of the Fit & Proper Decree .

Furthermore, it notes, as a cause of incompatibility which entails the forfeiture of office within the terms prescribed by law, the violation of the prohibition for Statutory Auditors to assume or hold similar offices in companies or groups of competing companies, pursuant to art. 36 of Legislative Decree no. 201/2011, converted with amendments with the law of 22 December 2011, n. 124. In any case, each Statutory Auditor must devote an adequate amount of time to carrying out his duties, as indicated by art. 16 of the Fit & Proper Decree .

The election of the members of the Board of Statutory Auditors proceeds as follows:

from the list that obtained the highest number of votes (so-called majority list) two regular members and one alternate member are taken;
from the list that obtained the highest number of votes in the Shareholders' Meeting after the majority list, and which is not connected in any way, not even indirectly, with those who presented or voted for the majority list (so-called minority list) are taken , in the progressive order in which they are listed in the list itself, the remaining full member and the other substitute member. In the event that several lists obtain the same number of votes, a new ballot is held between these lists by all those entitled to vote present at the Shareholders' Meeting, with the candidates from the list obtaining the simple majority of the votes being elected. votes.

The chairmanship of the Board of Statutory Auditors belongs to the standing member indicated as the first candidate in the minority list. In the event of replacement of the Chairman of the Board of Statutory Auditors, the chairmanship is assumed by the alternate auditor belonging to the same minority list as the outgoing chairman, according to the progressive order of the list itself, without

prejudice, in any case, to possession of the legal requirements and/or bylaws to hold the office and compliance with the balance between genders established by law.

Where the application of the list voting mechanism does not ensure, considering the standing auditors and alternate auditors separately, the minimum number of auditors belonging to the less represented gender envisaged by the law, the candidate belonging to the more represented and elected gender, indicated as last in progressive order in each section of the majority list, will be replaced by the candidate belonging to the less represented and not elected gender taken from the same section of the same list according to the progressive order of presentation.

In the event of the death, resignation or forfeiture of a statutory auditor, the first alternate from the same list as the outgoing auditor takes over. In the event that the replacement does not make it possible to reconstitute a Board of Statutory Auditors compliant with the legislation also on gender balance, the second substitute taken from the same list takes over.

If, subsequently, it becomes necessary to replace another statutory auditor drawn from the majority list, the additional alternate auditor drawn from the same list shall in any case take over. If it is not possible to proceed with the replacements according to the aforementioned criteria, a Shareholders' Meeting is convened to integrate the Board of Statutory Auditors, which resolves by relative majority.

When in the case described above, or pursuant to the law, the Shareholders' Meeting has to appoint the standing and/or alternate auditors necessary for the integration of the Board of Statutory Auditors, the procedure is as follows:

if it is necessary to replace statutory auditors elected from the majority list, the appointment takes place with a relative majority vote without list constraints, without prejudice, in any case, to compliance with the balance between genders envisaged by the legislation;
if, on the other hand, it is necessary to replace auditors elected from the minority list, the Shareholders' Meeting replaces them with a relative majority vote, choosing them, where possible, from the candidates indicated in the list to which the auditor to be replaced belonged, and in any case in compliance with the the necessary representation of minorities, without prejudice, in any case, to the observance of the balance between genders envisaged by the legislation.

If only one list has been presented, the Shareholders' Meeting casts its vote on it; if the list obtains the relative majority, the candidates indicated in the respective section of the list are elected standing and alternate auditors; the chairmanship of the Board of Statutory Auditors belongs to the person indicated in first place in the aforementioned list.

Outgoing auditors can be re-elected.

11.2 COMPOSITION AND OPERATION (pursuant to article 123- bis, paragraph 2, letters d) and d- bis), TUF)

The Board of Statutory Auditors was appointed by the Ordinary Shareholders' Meeting of 25 March 2021, by applying the list voting mechanism. Their mandate expires with the Shareholders' Meeting for the approval of the financial statements as at 31 December 2023.

For the appointment of the members of the Board of Statutory Auditors, a list was presented ²²by the Trevisan Law Firm on behalf of a group of minority shareholders made up of institutional investors, representing a total of 8.510% of the Bank's share capital, who proposed to the Assembly the candidates: (i) Dr. Paola Carrara; (ii) Dr. Fabrizio Riccardo Di Giusto and (iii) Prof. Paolo Carbone (the "List") .

The List obtained a number of votes, equal to 94.978 %, of the share capital of the Bank represented at the Shareholders' Meeting ²³ .

The Board of Statutory Auditors in office, thus appointed, was made up of the following no. 3 members:

Dr. Nicoletta Paracchini, appointed by the Shareholders' Meeting on 22 June 2022 who was also appointed to preside over the Board of Statutory Auditors;
Dr. Fabrizio Riccardo Di Giusto, who was appointed Standing Auditor;
Prof. Paolo Carbone, who was appointed as Standing Auditor.

In addition to the information on the composition of the Board of Statutory Auditors shown in Table 4 - " Structure of the Board of Statutory Auditors at the end of the financial year " in the appendix to the Report, pursuant to art. 144- decies of the Issuers' Regulation, the main personal and professional characteristics of each Statutory Auditor are indicated below ²⁴ .

Nicoletta	Graduated in Economics and Commerce at the University of Turin, with a
Paracchini	thesis on mutual investment funds, from 1985 to 1991 she worked for Ersel

²² For further information, please refer to the lists made available on the Website in the section " https://investor.bff.com/it/associazione-degli-azionisti-25-marzo-2021 ".

²³The data are reported with an approximation down or up to the second decimal. For more information, see the summary report of the votes of the Shareholders' Meeting of 25 March 2021, published on the website in the section " https://investor.bff.com/documents/20152/1041335/Rendiconto+sintetico-DEF.pdf/41bf3dd0 -c3a7-0e3e-f39a-31909832f04d ".

²⁴ whose curricula vitae have been published in excerpt on the website in the " Governance/Government structure/Board of Statutory Auditors " section

(Chairman of the Board of Statutory Auditors)	Spa as a financial analyst, training in the fundamental and technical analysis of listed companies, in the valuation of assets and companies, in the procedures for the listing of shares. In 1993 he obtained the qualification as a chartered accountant, a profession he currently exercises as of Counsel at Weigmann Law firm and develops his activity as a consultant in ordinary and extraordinary operations and M&A, in corporate controls, in the evaluation of companies and intangible assets, in tax breaks related to intellectual property and investment and innovation plans, assistance in tax audits and tax disputes. She is registered in the register of statutory auditors, in the register of technical consultants and experts of the Court of Turin. He has experience as an auditor for non-commercial entities and as an auditor for industrial, financial, service companies and financial, banking and listed companies.
Dr. Fabrizio Riccardo Di Giusto (Statutory Auditors)	He graduated in Economics and Commerce at the La Sapienza University of Rome in 1994. He began his professional career dealing, in particular, with corporate and tax law. Chartered Accountant, he has been registered with the Register of Statutory Auditors since 1999 and has held the position of statutory auditor of the Company since 25 March 2021. In 2002 he set up his own studio in Rome which operates mainly in the field of economic-business, commercial, fiscal, administrative and financial consultancy in favor of groups or companies of national and international importance. An expert in Corporate Governance, he has held and still holds positions as statutory auditor in listed and non-listed companies, both as Chairman and as a statutory auditor.
Paolo Carbone (Statutory Auditors)	Graduated with honors in law from the Federico II University in Naples in 1988, he defended his thesis in private law of the economy, on the information prospectus. He subsequently obtained a specialization in administrative law at the same University with a thesis on the regulators of financial markets. He was a CNR researcher on the regulation of financial markets in the European Community, as well as a legal advisor to the Italian Competition Authority (2007-2010); legal advisor to the Personal Data Protection Authority (1999-2001); member of the Ministerial Study Commission on the reform of the banking and financial market appointed by the Ministry of the Treasury (1995); intern at the general directorate of CONSOB (1988-1989). He is Full Professor of Comparative Private Law at the University of Rome III, where he also teaches Corporate Social Responsibility (CSR). He is a

(Chairman of the
Board of Statutory
Auditors)

Spa as a financial analyst, training in the fundamental and technical
analysis of listed companies, in the valuation of assets and companies,
in
the procedures for the listing of shares.
In 1993 he obtained the qualification as a chartered accountant, a
profession he currently exercises as of Counsel at Weigmann Law firm
and
develops his activity as a consultant in ordinary and extraordinary
operations and M&A, in corporate controls, in the evaluation of companies
and intangible assets, in tax breaks related to intellectual property and
investment and innovation plans, assistance in tax audits and tax disputes.
She is registered in the register of statutory auditors, in the register of
technical consultants and experts of the Court of Turin.
He has experience as an auditor for non-commercial entities and as an
auditor for industrial, financial, service companies and financial, banking
and listed companies.

Dr.
Fabrizio
Riccardo Di Giusto
(Statutory
Auditors)

He graduated in Economics and Commerce at the La Sapienza University
of Rome in 1994. He began his professional career dealing, in particular,
with corporate and tax law. Chartered Accountant, he has been registered
with the Register of Statutory Auditors since 1999 and has held the
position of statutory auditor of the Company since 25 March 2021.
In 2002 he set up his own studio in Rome which operates mainly in the field
of economic-business, commercial, fiscal, administrative and financial
consultancy in favor of groups or companies of national and international
importance. An expert in Corporate Governance, he has held and still holds
positions as statutory auditor in listed and non-listed companies, both as
Chairman and as a statutory auditor.

Paolo Carbone
(Statutory
Auditors)

Graduated with honors in law from the Federico II University in Naples in
1988, he defended his thesis in private law of the economy, on the
information prospectus. He subsequently obtained a specialization in
administrative law at the same University with a thesis on the regulators of
financial markets. He was a CNR researcher on the regulation of financial
markets in the European Community, as well as a legal advisor to the Italian
Competition Authority (2007-2010); legal advisor to the Personal Data
Protection Authority (1999-2001); member of the Ministerial Study
Commission on the reform of the banking and financial market appointed
by the Ministry of the Treasury (1995); intern at the general directorate of
CONSOB (1988-1989).
He is Full Professor of Comparative Private Law at the University of Rome
III, where he also teaches Corporate Social Responsibility (CSR). He is a

member of the Rome Bar Association and carries out his professional activity in the areas of civil, commercial and administrative law. He is legal adviser to the Minister of Universities and is a member of the Interministerial Committee for green government bonds. In 2008 he was awarded an Honorary Degree in Comparative Private Law by the FMU University of São Paulo. He has been a professor in various Italian and foreign universities, particularly in the Latin American area. He has been a consultant to various public and private companies for operations on domestic and foreign markets, especially in the ESG sector .

As can be seen from the table, all the Statutory Auditors have accrued adequate experience and competence to be able to perform their role with due professionalism and diligence.

The verification of the requirements of professionalism and independence of the Statutory Auditors is carried out at the time of their appointment and is carried out again on an annual basis and whenever deemed necessary. The annual verification was carried out on 29 May 2023.

In 2023, n. 50 meetings of the Board of Statutory Auditors, with an average attendance percentage of 89.33%.

With regard to attendance at the meetings of the corporate bodies in which the Board of Statutory Auditors is required to participate, in the Financial Year the average percentage of attendance of the Board of Statutory Auditors at the meetings:

of the BoD , was 100% (all the absences were justified by the Statutory Auditors concerned from time to time);
of the Shareholders' Meetings (held on April 14 th , September 7th 2023), the attendance percentage was 95%;
with respect to the meetings of the Control and Risks Committee, the percentage of attendance is 100%, given that at least one Auditor has attended all the meetings.

With reference to the current financial year, approximately n. 45 meetings, of which n. 9 have already been held.

For further details, see Table 4 - " Structure of the Board of Statutory Auditors at the end of the financial year " in the appendix to the Report.

DIVERSITY CRITERIA AND POLICIES

With reference to the appointment of the Board of Statutory Auditors, the Articles of Association provide that the lists that present a number of candidates equal to or greater than three must include candidates of different genders both in the section of the list relating to standing Auditors and in that relating to alternate Auditors.

It should be noted that the current Board of Statutory Auditors is made up of 2 men and 1 woman.

On 17 December 2018, the Board of Statutory Auditors approved its diversity policy, in implementation of art. 123- bis , paragraph 2, lett. d- bis ), of the TUF, subsequently revised and most recently updated on 13 July 2021 to take into account and incorporate the innovations introduced (i) by the Fit & Proper Decree ; (ii) by the " Supervisory Provisions on the procedure for assessing the suitability of representatives of banks, financial intermediaries, electronic money institutions, payment institutions and the depositor guarantee system " ; and (iii) from the 35th update, dated 2 July 2021, of Bank of Italy Circular no. 285 of 17 December 2013 .

This policy describes the optimal characteristics of the composition of the control body - including aspects such as age, gender composition and training and professional background - so that the same can exercise its supervisory duties in the most effective way, taking decisions who can concretely benefit from the contribution of a plurality of qualified and heterogeneous points of view, able to examine the issues under discussion from different perspectives. In particular, it is believed that the optimal composition of the Board of Statutory Auditors should be oriented towards satisfying at least the following criteria:

the presence of standing auditors, mostly statutory auditors entered in the appropriate register;
the retention of at least two-fifths of the standing members of the Board of Statutory Auditors, at the time of appointment and during the mandate, belonging to the less represented gender;
the balanced combination of different age groups within the Board of Statutory Auditors, in order to allow for a balanced plurality of professional perspectives and experiences;

without prejudice to the adoption of adequate training plans to ensure that the technical skills of the statutory auditors are preserved over time, to pursue a balance between the need for continuity and renewal in control activities, observe a balanced combination of different lengths of office.

The policy is implemented in compliance with the legal and statutory provisions on the appointment of the Board of Statutory Auditors with the list voting mechanism.

The Supervisory Provisions also require the control body to periodically verify its adequacy in terms of powers, functioning and composition, taking into account the size, complexity and activities carried out by the Bank. It also establishes that the members of the control body must ensure a level of professionalism adequate to the operational and dimensional complexity of the Bank and must devote suitable time and resources to the performance of the task and that, both when appointing company representatives and periodically , the number of positions held of a similar nature must be ascertained and evaluated, paying particular attention to those that require greater involvement in the ordinary company activity.

In line with the reference regulatory prescriptions, the Board of Statutory Auditors started the selfassessment activities relating to the financial year.

The self-assessment process took place in the months of August and September 2023. In particular, all members of the Board of Statutory Auditors participated in the self-assessment with the aim of carrying out a structured survey of the effectiveness of the Board from an operational point of view and identifying the opportunities for further improvement, to best perform the role of supervisory body of a complex and constantly evolving reality.

The self-assessment was conducted according to the provisions of the Rules of the Body and the Regulation on the self-assessment process of the Board of Statutory Auditors itself with the support of the Consultant, in the person of Mr. Ferdinando Parente, as independent expert with the support of the Consultant, who made available the draft of an assessment questionnaire, acquired by the Board of Statutory Auditors in order to fill it out, dividing the self-assessment process into the following phases: (i) preliminary investigation collection of information and data through questionnaires administered by the IT tool made available by the Consultant; and interviews with exponents. The Consultant also attended the meeting of the Board of Statutory

Auditors on 14 September 2023 as a 'silent observer', in order to gain a greater insight into the degree and manner of participation, in particular the quality of the discussion, the relationship of trust, cooperation and interaction between the members of the Board, as well as to better assess the relationship between management and those responsible for the answers contained in the questionnaire The questionnaires are composed of a series of closed-ended questions (requiring a rating from 1 to 5) as well as a "comments" section, in which the Statutory Auditors were able (and had to for those questions to which a rating from 1 to 3 is assigned, as provided for in the methodological note) to justify the ratings assigned or bring to the attention of the Consultant any issues deemed relevant;; (ii) outcomes of the self-assessment process (consisting of: i. examination of the status of implementation of the initiatives identified downstream of the previous selfassessment, ii. analysis of the final outcomes of the process, with the identification of questionnaires and interviews, iii. analysis of corporate documentation including self-regulatory regulations and minutes of the Body, and iv. benchmark analysis) for the purpose of identifying the strengths and weaknesses found and for the purpose of drawing up the proposal of initiatives deemed appropriate; (iii) the results of the analyses were formalised in a document summarising, inter alia, the methodologies adopted, the subjects involved and the results obtained, highlighting strengths and weaknesses, as well as the necessary corrective actions proposed (iv) collective discussion of the outcomes of the assessment and preparation of any corrective measures

For the self-assessments subsequent to the first, a phase of verification of the implementation status of the initiatives - corrective and/or improvement - previously undertaken is also envisaged. The self-assessment is the result of the joint analysis of all the assessments provided by the individual statutory auditors, as an average of the individual responses, for the examination of which it is necessary to take into account that the Board of Statutory Auditors in its new composition has been operational since the end of June and therefore on many aspects was able to express his opinion with reference to the few months in which he operated in the 2022 financial year.

The self-assessment represented an overall satisfactory situation of total adequacy, while highlighting some suggestions for improvement, such as, for example:

define the qualitative composition of the next Board, taking into consideration the following aspects
- members who are chartered accountants (preferably no. 2 auditors) and members registered as lawyers (preferably no. 1 auditor);
- members with previous experience in banking
- members with experience in dealing with the authorities and expertise in supervisory regulation;
- age diversity by including a member under 50 years of age;
- an appropriate balance between members with many years of experience and new ones with additional and different skills and experience (bearing in mind that the statutory auditor with the longest tenure on the body should be the Chairman of the Board of Statutory Auditors, in the event that the candidates are all from the same list)
- ensure a greater commitment on the part of the individual members in the activities preparatory to the meetings of the Board of Statutory Auditors, providing that the drafting of specific documentation (reports, opinions, etc.) and the preparation of matters in support of the Board's activities may be equally distributed among the Statutory Auditors, also in light of the provisions set forth in the document "Procedures for the effective functioning of the Board of Statutory Auditors
- verify, by means of a benchmark analysis, the adequacy over time of the auditors' remuneration, also in light of the commitment actually made in the performance of their activities
- define the timeframes within which the individual members must provide feedback and/or their contribution to the planning and performance of the various activities of the Board;
- ensure, with reference to the drafting and revision of the draft minutes, that they can be equally distributed among the various members in order to gather everyone's contribution;
- assessing the preparation of an overall training plan or one that can be referred to specific members of the College, focusing on the topics that scored "medium-high" and possibly for those with "medium" scores
- ensure that all members participate actively and consistently in the training sessions organised by the Bank;

- update the Regulation of the Board of Statutory Auditors to better regulate its functioning, the role of the Chairman and Secretary and the coordination activities with the bodies in charge of auditing the subsidiaries;
- ensure that individual members are always assiduously and attentively involved, in order to guarantee an adequate and uniform commitment on the part of all the members;
- inviting individual members, as far as possible and compatible, to participate more in Board and Board meetings..

Verification of the possession of the requisites required by the Statutory Auditors is carried out by the Board of Statutory Auditors in compliance with both the provisions of the Fit & Proper and the supervisory regulations, as well as those of the Corporate Governance Code .

In particular, the Board of Statutory Auditors, whose composition consisted of various members during 2022, provided whenever necessary to verify the legal requirements - including those of independence and professionalism pursuant to Principle VIII of the Corporate Code Governance – required for standing members of the Board of Statutory Auditors and communicated to the Supervisory Authority which validated the results.

The verification of these requirements took place on the following dates:

29.05.2023 (annual verification)
18.05.2023 (Di Giusto)
3.10.2023 (Carbone)

INDEPENDENCE

The Board of Statutory Auditors verified the independence of its members after their appointment, and forwarded the outcome of these checks to the BoD , which, having acknowledged the checks carried out, ascertained:

(i) the existence of the requisites of honourability and professionalism established respectively by articles 3 and 9 of the Fit&Proper Decree;
(ii) the existence of the independence requirements pursuant to art. 14 of the Fit & Proper Decree, in art. 148, paragraph 3, of the TUF, and in art. 2, recommendation 7, of the Corporate Governance Code;

(iii) the fulfillment of the criteria of correctness and competence;
(iv) compliance with the limit on the accumulation of offices established by articles 17, 18 and 19 of the Fit&Proper Decree;
(v) the existence of independent judgement, established by art. 15 of the Fit&Proper Decree;
(vi) the adequate availability of time for the exercise of the office envisaged by art. 16 of the Fit&Proper Decree;
(vii) through the acquisition of a self-certification provided by the individual Auditor, the absence of a significant commercial, financial or professional relationship:
- with the Bank, with one of its subsidiaries, or with the related executive directors or top management;
- with a subject who, also together with others through a shareholders' agreement, controls the Bank, or - in the case of a company or entity - with the related executive directors or top management;

The commercial relationship is considered "significant" on the basis of two parameters:

continuity: more than six months in duration, e
maximum 10% threshold:
- the turnover of the company or professional firm to which the mayor belongs, or
- of the mayor's income as a natural person.

In the case of the Statutory Auditor who is also a partner in a professional firm or consultancy firm, the Board of Statutory Auditors assesses the significance of the professional relationships which may have an effect on his or her position and role within the firm or consultancy firm or which, in any case, pertain to important transactions of the Bank and of the Group, even independently of the quantitative parameters indicated above.

REMUNERATION

The Shareholders' Meeting, on 25 March 2021, pursuant to art. 5, recommendation 30, of the Governance Code, taking into account the commitment required, the relevance of the role held, as well as the size and sectoral characteristics of the Bank, resolved to assign to the regular members of the Board of Statutory Auditors a total gross annual remuneration equal to Euro 215,000, of

which 85,000 euros due to the Chairman of the Board of Statutory Auditors and 65,000 euros for each standing auditor. The remuneration due to the Chairman of the Board of Statutory Auditors was then resolved upon at the Board's integration on 22 June 2022.

INTEREST MANAGEMENT

The art. 5, paragraph 2, of the " Board of Statutory Auditors Regulations " (the " CS Regulations ") provides that the Statutory Auditor who, on his own account or on behalf of third parties, has an interest in a given transaction of the Bank shall promptly and exhaustively inform the other Statutory Auditors and the Chairman of the BoD on the nature, terms, origin and extent of his interest. Furthermore, the Statutory Auditors are relevant subjects pursuant to the RPT Regulation and art. 136 of the TUB. Therefore, the relative reinforced procedures to oversee the substantial and procedural correctness of transactions with related parties will be applied to the transactions they carry out with the Bank or with the Subsidiaries.

Pursuant to the CS Regulation, as part of their activities, the Statutory Auditors may ask the Internal Audit Function to carry out checks on specific operating areas or company operations. Furthermore, the Board of Statutory Auditors and the Control and Risk Committee promptly exchange relevant information for the performance of their duties.

The Board of Statutory Auditors, in carrying out its activities, coordinated on an ongoing basis with the Internal Audit Function, with the Compliance & AML Function , with the Risk Management Function and with the Financial Reporting Manager, establishing with the Independent Auditors and the Body Supervisory Authority an exchange of information aimed at mutual updating and comparison. Appropriate functional links, within the scope of their respective responsibilities, were activated with the Control and Risk Committee , whose meetings were attended by the Board of Statutory Auditors during the financial year, as well as with continuous dialogue and the effective exchange of information.

In 2022, there were no cases in which a statutory auditor, on his own behalf or on behalf of third parties, had an interest in a certain transaction of the Issuer.

12.0 RELATIONS WITH SHAREHOLDERS

ACCESS TO INFORMATION

BFF maintains an ongoing and proactive dialogue with its shareholders and bondholders and with all other stakeholders in the national and international financial community. At Group level, the Bank attributes fundamental importance to relations with Shareholders and the market in order to create effective, transparent and one-to-one communication with the financial community. Transparency, non-selective and timely dissemination of information characterize the relationship between BFF, its Shareholders and the market.

Investor Relations, Strategy and M&A Function (the " IR Function "), with support functions to the CEO and the chief financial officer , when requested by the CEO in the periodic participation in meetings, conferences and road-shows with analysts, managers and shareholders, including potential ones, in which public documents on the final and prospective performance of the Group are presented.

The IR Function reports to the CEO. The main address of the IR function is [email protected]; other contacts are indicated at the bottom of each financial press release and in the Investors > PR & Presentations > Contacts section of the Website .

To ensure that all shareholders can exercise their rights in an informed manner and to and to encourage dialogue with institutional and private investors, analysts and rating agencies (both credit and ESG ), and maintain a constant flow of information to the market, BFF has set up a special " Investors " section on its website internet , easily identifiable and accessible from the home page of the Website , where information is made available regarding governance , press releases of a financial nature, financial results for the period, financial statements, and the sustainability of the Bank, in order to allow to its Shareholders an informed exercise of their rights, as well as access to economic-financial information, data and updated documents of interest to all Shareholders.

All activities are carried out in compliance with the rules and internal procedures governing the disclosure of privileged information, guaranteeing equal dissemination of news to all stakeholders; communication to the market is aimed at the principles of timeliness, relevance, clarity and transparency, reliability. For the transmission and storage of regulated information, BFF uses the and the STORAGE storage mechanism.

DIALOGUE WITH SHAREHOLDERS

The BoD has adopted the " Policy for managing dialogue with the generality of shareholders and bondholders " with the aim of raising the level of transparency and dialogue with the Bank's shareholders and bondholders (the so-called " Stakeholders ") and of promoting the creation of long-term value, also taking into account the established engagement practices nationally and internationally, in order to increase the level of understanding of the activities carried out by the Bank, at individual and Group level;

This policy includes the obligation to operate according to the principles of: (i) transparency and clarity; (ii) timeliness; (iii) equal treatment. The policy defines the methods of extra -meeting dialogue between the Board of Directors and the stakeholders on matters falling within the Board's competence and defines, in compliance with the provisions of the law, the rules of this dialogue, identifying the interlocutors, the topics under discussion and the methods of interaction.

Dialogue activities in the shareholders' meeting, where regulated by specific provisions) and exchanges between the IR and Communication and Institutional Relations Functions and the Shareholders are excluded from the scope of application of the policy.

In line with the provisions of the Governance Code, special structures were set up some time ago in charge of managing the dialogue with Shareholders in general and with investors in particular in compliance with the regulatory provisions, including internal ones, on the subject of corporate communication.

The BoD has also set up two functions, both reporting to the CEO, with tasks relating to communication with the market. In particular:

the IR Function, which is assigned the task of (i) managing relations with Shareholders, equity and bond investors, financial analysts, rating agencies and other market operators (e.g. Euronext Milan); (ii) support the Bank in presenting medium-long term strategic plans to the market; and (iii) evaluate extraordinary corporate actions, such as acquisitions and mergers;
the Communication and Institutional Relations Function, which is assigned the task of managing (i) the institutional communication of the Bank towards the outside world; (ii) the institutional relations that the Bank and the Subsidiaries maintain with the PA; (iii) relations

with the BFF Foundation.

It should also be noted that the BoD has appointed Ms. Caterina Della Mora as Investor Relator. The Investor Relator is responsible for communicating regulated and privileged information to the public (interfacing, for this purpose, also with the Supervisory Authorities), supports the CEO in managing relations with market operators, and takes care of publication on the website Internet of press releases and documentation subject to disclosure to the public, also for the purpose of exercising rights by shareholders.

The BoD has also adopted a specific engagement policy, in compliance with the indications of art. 1, Recommendation no. 3, of the Governance Code .

In compliance with the Recommendation n. 2 of the Governance Code, it should be noted that the engagement activity was organized by the IR Function, with the active participation of the Bank's top management (in particular, the CEO and the chief financial officier , as well as other vice presidents ), and took place through institutional meetings, no longer conducted exclusively in virtual mode, but also in person. In more detail, the following were held:

no. 4 earnings calls;
no. 4 no deals equity roadshows subsequent to the periodic publication of results;
no. 1 Capital Market Day 2023;
no. 1 non deal equity roadshow following the publication of the 'Strategy to 2028: "Ever more a bank like no other", and 2026 financial targets';
no. 1 fireside chat;
no.11 conferences equity;
no. 8 equity conferences;
no. 1 conference debt;

Furthermore, following individual requests received from various stakeholders, including potential ones, of the Bank, n. 35 one-to-one audio/video conferences on virtual platforms, and no. 9 unrelated physical encounters i roadshows and the conferences mentioned above.

In the financial year, more than 290 meetings were held in engagement meetings were held per account (ie with stakeholders divided by investment company), an increase compared to the previous year (approximately 260).

The topics subject to engagement mainly concerned issues relating to:

to the financial results, and, in particular:
- strategy to 2028 and financial targets to 2026, announced to the market during the Capital Market Day on 29 June 2023;
- trend of volumes and loans to customers in the factoring sector , and geographical focus;
- trend in the collection of default interest collections;
- -
- European Commission proposal on the amendment of the European Late Payment Directive;
- drivers (engine) and growth prospects of the business units related to securities services and payments ;
- -
the sensitivity of the Bank's business, at Group level, to interest rate rises and inflation, in a recessionary macro-economic context;
the concentration of customers in the securities services area , impacted by the withdrawal of Arca Fondi SGR SpA;
the competitive arena in the three business units into which the Bank's activity is divided, and the market share of the latter in each of them;
the performance of the stock on the Stock Exchange;
the expected impacts deriving from the new provisions of the Bank of Italy concerning the past due regulation , and from the new MREL requirements;
M&A opportunities and strategies;
the acquisition of a 7.7% stake by BFF in the share capital of Generalfinance;
the dividend distribution policy (intermediate dividend, treasury share buyback programs, etc . );
the remuneration policies of Directors and executives with strategic responsibilities;
to social and environmental sustainability.

The IR Function also carried out (i) engagement activities pre -meeting with the main Shareholders of the Bank and their corporate governance, ESG and proxy voting teams, and (ii) dialogue with the main proxy advisors (ISS, Glass Lewis and Gir Canada).

Finally, it should be noted that the Bank has managed numerous moments of discussion with (i) Financial Analysts, in order to ensure the permanence of a solid shareholder base for the mediumlong term, as well as to nurture a continuous and constructive dialogue between market and top management especially in relation to the bank's strategic choices of organic growth, (ii) Customers and Debtors ensuring that a high level of customer service is always respected , which inevitably passes from listening to customers and from continuous dialogue. Also for this purpose, the Group carries out specific customer satisfaction surveys , carried out annually, and aimed at verifying the degree of customer satisfaction and the related action plans for improving the latter. Now carried out in the countries in which the Bank operates, they have been expanded in the total number of customers and in the listening perimeter, which has also included, starting from 2020, some questions connected to ESG topics; (iii) suppliers and partners are involved by the Group through both participation in events organized or promoted by the Company at a local level, and through induction sessions on specific topics; (iv) Industry associations in all the countries in which the Group operates, with which relations were further strengthened in 2023. In many of them, BFF is present as a representative of the association bodies, with the aim of interpreting trends and improving the operating context in which companies, banks and public bodies operate, enriching the joint action of communication and sharing for a greater knowledge and efficiency of the reference sector for the benefit of the widest possible audience.

13.0 SHAREHOLDERS' MEETING

The functioning mechanisms of the Shareholders' Meeting are governed by the Articles of Association and by the Shareholders' Meeting Regulations (the "Shareholders' Meeting Regulations").

The Shareholders' Meeting, duly convened and constituted, represents all the Shareholders and is the body that expresses, with its resolutions, the corporate will. The resolutions it adopts in accordance with the law and the Articles of Association are binding on all Shareholders, including those absent or dissenting.

In accordance with current provisions, the Articles of Association provide that the Shareholders' Meeting is convened on an ordinary and extraordinary basis in the cases required by law, and resolves on the matters assigned to it by law and by the Articles of Association. It is held at least once a year, within one hundred and twenty days of the closure of the financial year, or within one hundred and eighty days of such closure (where this deadline is required in relation to the preparation of the consolidated financial statements, or in relation to the structure and object of the bank). The Extraordinary Shareholders' Meeting, however, is convened whenever it is necessary to resolve on any of the matters reserved to it by current legislation.

The Shareholders' Meeting is held in a single call, in compliance with the provisions of the law. However, the Articles of Association, in order to maintain adequate organizational flexibility, reserve the right to the Board of Directors to provide, for individual Shareholders' Meetings, a plurality of calls, including a possible third call.

The BoD is called by the BoD in accordance with the law and regulations, by means of a notice published on the Website , as well as with the other methods envisaged by current and regulatory legislation, including the publication by extract in national daily newspapers, as well as with the other methods provided for by the discipline also regulating in force from time to time. The agenda is established in accordance with the law and the Articles of Association by whoever exercises the power to call the meeting. Within the deadline for publication of the notice of call envisaged for each of the items on the agenda - or the different deadline set by other legal provisions -, the Board of Directors makes available to the public a report on each of the items on the agenda.

Shareholders who, even jointly, represent at least 2% of the share capital may - in the cases, methods and terms indicated by current legislation - request integration of the agenda, or submit resolution proposals on matters already on the agenda day. Shareholders requesting additions to the agenda prepare a report containing the reasons for the proposed resolutions on the new items they are proposing to discuss, or the additional proposed resolutions on items already on the agenda.

The Shareholders, in compliance with the provisions of art. 127- ter of the TUF, may ask questions on the items on the agenda even before the Shareholders' Meeting. Questions received before the Shareholders' Meeting are answered at the latest during the same, also through a single answer to questions having the same content.

Participation in the Shareholders' Meeting is governed by the Articles of Association and by the Shareholders' Meeting Regulations, which establish that the person for whom the Issuer has received, by the end of the third open market day preceding the meeting, a communication made by the intermediary on the basis of the evidence relating to the end of the accounting day of the seventh open market day prior to the date set by the Shareholders' Meeting, in a single call. The legitimacy to attend and vote remains valid if the communication is received by the Bank after the terms indicated above, provided that it is before the start of the meeting of the single call.

Persons entitled to attend and vote may be represented in the Shareholders' Meeting by written proxy, or by electronic means when required by the regulatory provisions and in compliance with the same, except for incompatibilities and limits established by law. They can also give free proxy, with voting instructions on all or some of the proposals on the agenda, to a representative designated by BFF pursuant to art. 135- undecies of the TUF.

The Shareholders' Meeting Regulations govern and guarantee the orderly conduct of the shareholders' meeting, attributing to the Chairman of the Shareholders' Meeting - identified in the person of the Chairman of the BoD - the task of ascertaining the regular constitution of the same, ascertaining the identity and legitimacy of those present, directing and regulate the proceedings of the Assembly, and ascertain and announce the results of the votes.

The Assembly is competent to decide, inter alia, on:

budget approval and profit distribution;

appointment and revocation of the Board of Directors and of the Board of Statutory Auditors;
responsibility of the members of the Board of Directors and of the Board of Statutory Auditors;
appointment and revocation of the company responsible for the statutory audit;
transactions within the competence of the Extraordinary Shareholders' Meeting pursuant to the law;
remuneration policies and compensation plans based on financial instruments for the Directors, employees and collaborators of the Group, the criteria for determining the compensation to be agreed in the event of early termination of the employment relationship or office, as well as any setting of the limit of 200% of the fixed remuneration for the variable remuneration, in accordance with the provisions of the relevant Bank of Italy provisions ²⁵ .

The BoD reports to the Shareholders' Meeting on the activity carried out in the context of the management report and prepares the reports on the items on the agenda within the times established by current legislation.

In addition to the possibility of exercising the rights of the Shareholders by proxy, the Shareholders' Meeting Regulations do not provide for other mechanisms to make attendance at the Meeting and the exercise of the right to vote by the Shareholders less difficult or onerous.

Voting in the Assembly is carried out by open ballot. The Chairman of the Shareholders' Meeting may also establish that the votes take place using IT detection tools, and, in this case, may also request the assistance of technicians external to the Bank for the relative fulfilments.

With reference to the Shareholders' Meetings held on 13 April and 7 September 2023, it should be noted that no proposals were received from the Shareholders regarding topics on which a specific proposal had not been formulated by the directors.

During the Shareholders' Meeting of 13 April 2023, n. 8 Directors.

During the Shareholders' Meeting of 7 September 2023, n. 4 Administrators.

²⁵In compliance with the provisions of the Bank of Italy on the subject, the Articles of Association provide that the Shareholders' Meeting resolves on the proposal of the Board of Directors on the limit between fixed remuneration and variable remuneration, approved with: (i) the favorable vote of at least 2/3 of the share capital represented at the Shareholders' Meeting, when this is constituted with at least half of the share capital; or (ii) with the favorable vote of at least 3/4 of the capital represented at the Shareholders' Meeting, whatever the share capital with which it is established.

On these occasions, the BoD made available to the Shareholders, within the terms established by the applicable provisions of the law, adequate information on the elements necessary for them to be able to take, with full knowledge of the facts, the decisions within the competence of the shareholders' meeting.

Information on the activity carried out by the Remuneration Committee was provided to Shareholders with the " Annual report on the remuneration and incentive policies of the BFF Group ", on the occasion of the Shareholders' Meeting of 13 April 2023.

14.0 ADDITIONAL CORPORATE GOVERNANCE PRACTICES (pursuant to art. 123- bis , paragraph 2, letter a), second part, TUF)

BFF does not apply other corporate governance practices, in addition to those described in the previous points of this Report.

15.0 CHANGES SINCE YEAR END REFERENCE

Please be informed that from the closing date of the Financial Year to the date of approval of this Report, the inspection initiated by the Bank of Italy on 11 September 2023 closed on 12 January.

16.0 CONSIDERATIONS ON THE LETTER FROM THE CHAIRMAN OF THE COMMITTEE FOR CORPORATE GOVERNANCE

On 18 December 2023, the Bank promptly made available to the BoD and the Board of Statutory Auditors the letter from the President of the Corporate Governance Committee , Dott. Massimo Tonini (the " Communication "), containing, among other things, the recommendations for 2024 referred to in the eleventh " Annual report on the application of the Corporate Governance Code regarding the evolution of the corporate governance of listed companies" (the "Recommendations") , in order to evaluate the possible evolutions of governance or to fill any gaps in the application of the Governance Code .

It should be noted that the Communication was subject to a specific examination by the Appointments Committee and the Remuneration Committee for their respective competences before and by the BoD on 31 January the.

The Board, together with the Board of Statutory Auditors, after preliminary investigation by the aforementioned committees, examined the recommendations made, evaluating, in particular:

to be compliant to Recommendation No. 1, as the Bank has constantly involved the Board of Directors in the preparatory activities for the drafting of the Group's Strategic Plan, including during the course of its development and development, through the organisation of non-Board meetings. It should be noted that the preparation of the Plan was also carried out in light of (i) the changed macroeconomic conditions of the market in which the Group operates, (ii) the upturn in inflation and the increase in interest rates in the euro area, (iii) the growing uncertainty of the economic outlook, and the current structure of the Group ;
to be compliant with Recommendation No. 2 as detailed in Section 4.4 of this Report as the Bank makes documentation available to the Board as soon as it is ready, even on confidential matters ;
to be compliant with Recommendation no. 3 The guidelines issued in 2023 for the renewal of the Bank's Board of Directors were published XX days in advance of the date of publication of the Notice of Shareholders' Meeting;
not applicable Recommendation No. 4 as the Bank at the moment has not evaluated the introduction of the Increased Vote;

TABLES

TABLE 1: INFORMATION ON OWNERSHIP STRUCTURE AS OF 12/31/2022

SHARE CAPITAL STRUCTURE
	No. of shares	No. of voting rights	Listed (indicate markets) / unlisted	Rights and obligations
Ordinary shares (specifying whether there is a possibility of increased voting rights)	186.944.029 186.944.029		Euronext Milan (Già Mercato Telematico Azionario)
Preferred shares	0	0	-
Multiple voting shares	0	0	-
Other categories of voting shares	0	0	-
Savings shares	0	0	-
Convertible savings shares	0	0	-
Other categories of non-voting shares	0	0	-
Other	0	0	-

OTHER FINANCIAL INSTRUMENTS (granting the right to subscribe for newly issued shares)
	Listed No. of shares serving (indicate No. of Category of shares serving the the conversion/ markets)/unlis instruments in conversion/exercise exercise ted circulation
Obligation convertible	N.A.	N.A.	N.A.	N.A.
Warrant	N.A.	N.A.	N.A.	N.A.

SIGNIFICANT SHAREHOLDINGS IN THE CAPITAL
Reporting party	Direct shareholder	Quota % us capital ordinary	Quota % us capital votiing
Management	11.182.54126	6%
Capital Research and Management Company	9.708.159	5,2%
JPMorgan Asset Management Holdings Inc.	5.913.781	3,2%

²⁶ As of 12/31/2022 Management and their respective Closely Related Persons a 5.8% share of the share capital;;

TABELLA 2: STRUCTURE OF THE BOARD OF DIRECTORS AT THE END OF THE FINANCIAL YEAR

Board of Directors
Social office	Components	Year of birth	Date of first appointme nt (*)	In office since	In office until	List (submitters) (**)	List (M/m) (***)	Esec.	Non esec.	Indip. Codice	Indip. TUF	No.other assignmnts (****)	Partecipation (*)
Chairman	Messina Salvatore	1946	14.01.2013	25.03.2021	Appr. Bilancio 2023	CdA			√			N.A.	19/19
Deputy Chairman	Federico Fornari Luswergh	1964	24.04.2010	25.03.2021	Appr. Bilancio 2023	CdA			√			1	19/19
Chief Executive Officer	Massimiliano Belingheri	1974	19.12.2006	25.03.2021	Appr. Bilancio 2023	CdA		√				N.A.	19/19
Director	Anna Kunkl	1972	01.03.2022	01.03.2022	Appr. Bilancio 2023	CdA			√	√	√	N.A.-	18/19
Director	Michaela Aumann	1953	21.12.2015	25.03.2021	Appr. Bilancio 2023	CdA			√	√	√	N.A.	18/19
Director	Piotr Henryk Stępniak	1963	25.03.2021	25.03.2021	Appr. Bilancio 2023	CdA			√			N.A.	19/19
Director	Domenico Gammaldi	1953	25.03.2021	25.03.2021	Appr. Bilancio 2023	CdA			√	√	√	2	19/19
Director	Monica Magrì	1964	10.02.2021	10.02.2021	Appr. Bilancio 2023	CdA			√	√	√	N.A.	13/21
Director	Giovanna Villa	1966	25.03.2021	25.03.2021	Appr. Bilancio 2023	Azionisti	m		√	√	√	3	19/19
-------------------------------- DIRECTORS TERMINATED DURING THE FISCAL YEAR --------------------------------

Indicate the number of meetings held during the FY: 19

Duration of average board meetings: h 2:55

Indicate the quorum required for the submission of lists by minorities for the election of one or more members (ex art. 147-ter TUF): 2%

NOTE

I simboli di seguito indicati devono essere inseriti nella colonna "Carica":

• Questo simbolo indica l'amministratore incaricato del sistema di controllo interno e di gestione deirischi.

○ Questo simbolo indica il Lead Independent Director (LID).

(*) Per data di prima nomina di ciascun amministratore si intende la data in cui l'amministratore è stato nominato per la prima volta (in assoluto) nel CdA dell'Emittente.

(**) In questa colonna è indicato se la lista da cui è stato tratto ciascun amministratore è stata presentata da azionisti (indicando "Azionisti") ovvero dal CdA (indicando "CdA").

(***) In questa colonna è indicato se la lista da cui è stato tratto ciascun amministratore è "di maggioranza" (indicando "M"), oppure "di minoranza" (indicando "m").

(****) In questa colonna è indicato il numero di incarichi di amministratore o sindaco ricoperti dal soggetto interessato in altre società quotate o di rilevanti dimensioni. Nella Relazione sulla corporate governance gli incarichi sono indicati per esteso. (*****) In questa

colonna è indicata la partecipazione degli amministratori alle riunioni del CdA (indicare il numero di riunioni cui ha partecipato rispetto al numero complessivo delle riunioni cui avrebbe potuto partecipare; p.e. 6/8; 8/8 ecc.).

C.d.A.		OPC Committee		Control and Risk Committee		Remuneration Committee		Appointments Committee
Position	Component	(*)	(**)	(*)	(**)	(*)	(**)	(*)	(**)
Chairman	Messina Salvatore
Deputy Chairman	Federico Fornari Luswergh			14/15	M			10/10	M
Chief Executive Officer	Massimiliano Belingheri
Director	Anna Kunkl	9/9	P
Director	Michaela Aumann	9/9	M	15/15	P
Director	Piotr Henryk Stępniak					18/18	M
Director	Domenico Gammaldi		M	15/15	M	18/18	M	10/10	P
Director	Monica Magrì							10/10	M
Director	Giovanna Villa	9/9	P/M			18/18	P		M
	-----------------------------------AMMINISTRATORI CESSATI DURANTE L'ESERCIZIO ------------------------------
NOTE
() In questa colonna è indicata la partecipazione degli amministratori alle riunioni dei comitati (indicare il numero di riunioni cui ha partecipato rispetto al numero complessivo delle riunioni cui avrebbe potuto partecipare; p.e. 6/8; 8/8 ecc.). (*) In questa colonna è indicata la qualifica del consigliere all'interno del comitato: "P": presidente; "M": membro.
Total of OPC Committee meetings: 9 - Average duration of OPC Committee meetings: h 0:52
Total of Audit and Risk Committee meetings: 15 - Average duration of Audit and Risk Committee meetings: h 2:17
Total of Remuneration Committee meetings: 18 - Average duration of Remuneration Committee meetings: h 1:07
Total number of Nomination Committee meetings: 10 - Average duration of Nomination Committee meetings: h 0:53

TABLE 3: BOARD COMMITTEE STRUCTURE AT THE END OF THE FINANCIAL YEAR

TABELLA 4: STRUCTURE OF THE BOARD OF AUDITORS AT THE END OF THE FINANCIAL YEAR

Board of Statutory Auditors
Position	Component	Year of birth	Date of first appointment(*)	In office since	In office until	List (M/m) (**)	Indip. Codice	Participation in Board Auditors (***)	N other assignments (****)
Chairman	Nicoletta Paracchini	1962	22.06.2022	22.06.2022	Appr Bilancio 2023	M	√	46/501
Statutory Auditor	Di Giusto Fabrizio	1966	25.03.2021	25.03.2021	Appr Bilancio 2023	M	√	50/50
Statutory Auditor	Paolo Carbone	1966	25.03.2021	25.03.2021	Appr Bilancio 2023	M	√	38/50
Substitute auditor	Francesca Masotti	1970	31.03.2022	25.03.2021	Appr Bilancio 2023	M	√	-
Substitute auditor	Carlo Carrera	1968	25.03.2021	31.03.2022	Appr Bilancio 2023	M	√	-
-----------------SINDACI CESSATI DURANTE L'ESERCIZIO -----------------

Indicate the number of meetings held during the Year: 50

Average duration of the meetings of the Board of Statutory Auditors: h 2:10

Indicate the quorum required for the submission of lists by minorities for the election of one or more members (ex art. 148 TUF): 2%

NOTE

(*) Per data di prima nomina di ciascun sindaco si intende la data in cui il sindaco è stato nominato per la prima volta (in assoluto) nel collegio sindacale dell'Emittente. (**) In questa

colonna è indicato se la lista da cui è stato tratto ciascun sindaco è "di maggioranza" (indicando "M"), oppure "di minoranza" (indicando "m"),

(***) In questa colonna è indicata la partecipazione dei sindaci alle riunioni del collegio sindacale (indicare il numero di riunioni cui ha partecipato rispetto al numero complessivo delle riunioni cui avrebbe potuto partecipare; p.e. 6/8; 8/8 ecc.).

(****) In questa colonna è indicato il numero di incarichi di amministratore o sindaco ricoperti dal soggetto interessato ai sensi dell'art. 148-bis TUF e delle relative disposizioni di attuazione contenute nel Regolamento Emittenti Consob. L'elenco completo degli incarichi è pubblicato dalla Consob sul proprio sito internet ai sensi dell'art. 144-quinquiesdecies del Regolamento Emittenti Consob.

AI Terminal

Bff Bank

4232_rns_2024-04-17_e36ea7b0-b521-441f-8018-97f015e73812.pdf