CORPORATE GOVERNANCE AND SHARE OWNERSHIP REPORT

Pursuant to the articol 123-bis TUF (On a traditional model of corporate governance)

Company: BFF Bank S.p.A. website: www.bff.com Financial year to which the Report refers: 01.01.2021 – 31.12.2021 Approved on: 01.03.2022

Summary

	GLOSSARY 4
	PREAMBLE 9
	1.0 PROFILE OF THE ISSUER11
	2.0 INFORMATION ON OWNERSHIP ISSUES (pursuant to Article 123-bis, paragraph 1, Consolidated Law on Finance) AT THE DATE OF THE (31/12/2021) 19
a)	Share capital structure (pursuant to Article 123-bis(1)(a) TUF) 19
b) TUF)	Restrictions on the transfer of securities (pursuant to Article 123-bis(1)(b) 22
c)	Significant shareholdings in the capital (pursuant to Article 123-bis, paragraph 1, letter c), TUF 22
d)	Securities granting special rights (pursuant to Article 123-bis(1)(d) TUF) 22
e)	Employee shareholding: mechanism for exercising voting rights (ex art. 123- bis, paragraph 1, letter e), TUF)23
f)	Restrictions on voting rights (pursuant to Article 123-bis, paragraph 1, letter f), TUF)23
g)	Shareholders' agreements (pursuant to Article 123-bis, paragraph 1, letter g), TUF)23
h)	Change of control clauses (pursuant to Article 123-bis(1)(h) of the Consolidated Law on Finance) and provisions of the Articles of Association on takeover bids (pursuant to Articles 104(1-ter) and 104-bis(1) 23
i)	Powers to increase share capital and authorisations to purchase treasury shares (pursuant to Article 123-bis, paragraph 1, letter m), TUF) 24
j)	Management and coordination activities (pursuant to Article 2497 et seq. of the Italian Civil Code) 24
4.0	BOARD OF DIRECTORS 27
4.1	ROLE OF THE BOARD OF DIRECTORS 27
4.2	APPOINTMENT AND REPLACEMENT (pursuant to art. 123-bis, paragraph 1, letter l), first part, TUF)32
4.3 bis), TUF)	COMPOSITION (pursuant to the art. 123-bis, paragraph 2, letters d) and d 36
4.4.	OPERATION OF THE BOARD OF DIRECTORS (pursuant to Article 123-bis, paragraph 2, letter d), TUF) 48
4.5	RUOLO DEL PRESIDENTE DEL CONSIGLIO DI AMMINISTRAZIONE 52
	Secretary of the Board55
4.6	EXECUTIVE DIRECTORS56
4.7	INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTORS 59

5.0	MANAGEMENT OF CORPORATE INFORMATION	63
6.0	INTERNAL BOARD COMMITTEES (pursuant to article. 123-bis, paragraph 2,
	letter d), TUF)	65
7.0	SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS - NOMINATION COMMITTEE	68
7.1	SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS	68
7.2	NOMINATION COMMITTEE	69
7.3	Composition and functioning of the Appointments Committee (pursuant to Article 123-bis, paragraph 2, letter d), TUF)70
8.	REMUNERATION OF DIRECTORS - REMUNERATION COMMITTEE75
	REMUNERAZIONE DEGLI AMMINISTRATORI75
	REMUNERATION POLICY 75
	REMUNERAZIONE DEGLI AMMINISTRATORI ESECUTIVI E DEL TOP
	MANAGEMENT 75
	SHARE-BASED REMUNERATION PLANS 76
	REMUNERATION OF NON-EXECUTIVE DIRECTORS 76
8.1	COMITATO REMUNERAZIONI	77
9.0	INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - CONTROL AND RISK COMMITTEE	78
9.1	CHIEF EXECUTIVE OFFICER	82
9.2	CONTROL AND RISK COMMITTEE	84
	Head of Internal Audit Function	93
9.3	ORGANISATIONAL MODEL pursuant to Legislative Decree 231/2001	98
9.4	AUDITING COMPANY	99
9.5	THE CHIEF REPORTING OFFICER OF PREPARING CORPORATE ACCOUNTING DOCUMENTS AND OTHER CORPORATE ROLES AND FUNCTIONS 100
	The Head of the Risk Management Function102
	Head of Compliance & AML Function103
9.6	COORDINATION BETWEEN THE PARTIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM 104
10	DIRECTORS' INTERESTS AND TRANSACTIONS WITH RELATED PARTIES 106
11	BOARD OF STATUTORY AUDITORS 109
11.1	APPOINTMENT AND REPLACEMENT 109
11.2	COMPOSITION AND OPERATION (pursuant to art. 123-bis, paragraph 2, letters d) and d- bis), TUF) 112

12	RELATIONS WITH SHAREHOLDERS 120
13	SHAREHOLDERS' MEETINGS123
14	FURTHER CORPORATE GOVERNANCE PRACTICES (pursuant article. 123-bis, paragraph 2, letter a), second part, TUF) 128
15	CHANGES SINCE THE END OF THE REPORTING PERIOD 129
16	COMMENTS ON THE LETTER FROM THE CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE 130

GLOSSARY

Chief Executive Officer:	is the "body charged with managing" the Parent Company, namely the member of the Board of Directors to whom - pursuant to the Civil Code and by statutory provisions - tasks of current management are delegated by this latter, intended as the implementation of the policies defined in discharge of the strategic oversight function
Shareholders' Meeting:	the Shareholders' Meeting of the shareholders of the Bank.
Self-Assessment:	the process of self-assessment of the size, composition and functioning of the Board of Directors and its Committees, carried out in compliance with the Corporate Governance Provisions and the provisions of the Code of Conduct. The self-assessment is also conducted taking into account the role played by the Board in establishing strategies and monitoring management performance and the adequacy of the internal control and risk management system.
Shares or Ordinary Shares:	BFF Ordinary Shares.
Shareholders:	the shareholders of the Bank.
Bank/BFF/Company/Issue r/Parent Company:	BFF Bank S.p.A., a parent company of the BFF Banking Group, whose shares are traded on the MTA.
BFF Finance Iberia o BFF FI:	BFF Finance Iberia S.A.U. (formerly Farmafactoring España S.A.U.), a company incorporated under Spanish law, whose capital is wholly owned by the Bank.
BFF Polska o BFF PL:	BFF Polska S.A. (formerly Magellan S.A.), a company incorporated under Polish law, whose capital is wholly owned by the Bank.
Borsa Italiana:	Borsa Italiana S.p.A. a private joint-stock company which organizes and manages the Italian markets for the trading of financial instruments.
Branch:	collectively, the Branch Grech, , the Polish Branch, the Portuguese Branch, the Spanish Branch.
Greek Branch:	"BFF Bank S.p.A. "Ελληνικό Υποκατάστημα", the branch of the Bank based in Athens
Polish Branch :	"BFF Bank S.P.A. Spółka Akcyjna Oddział w Polsce", the branch of the Bank based in Lodz.
Portuguese Branch:	"BFF Bank S.p.A. – Sucursal em Portugal", the branch of the Bank based in Lisbon.
Spanish Branch:	"BFF Bank S.p.A. Sucursal en España", the branch of the Bank based in Madrid.
Circular No. 263:	Circular of the Bank of Italy No. 263 of 27 December 2006 ("New Prudential Supervision Provisions for Banks"), as subsequently amended.
Circolar No. 285 o Supervisory Provisions:	the Circular of the Bank of Italy No. 285 of 17 December 2013 ("Supervisory provisions for banks"), as subsequently amended.

Corporate Governance Code:	The Corporate Governance Code approved in January 2020 by the Corporate Governance Committee, and available at https://www.borsaitaliana.it/comitatocorporate-overnance/codice/2020.pdf
Board of Statutory Auditors:	the Board of Statutory Auditors of the Bank.
Committees:	The Remuneration Committee, the Control and Risk Committee, the Nomination Committee and the RPT Committee.
Risk and Control Committee / CCR:	the Committee set up by the Board of Directors pursuant to and for the purposes of the Corporate Governance Provisions and the Code of Conduct.
Nomination Committee:	the Committee set up by the Board of Directors pursuant to and for the purposes of the Corporate Governance Provisions and the Code of Conduct.
OPC Committee:	the Committee set up by the Board of Directors for the assessment of transactions with related parties and connected person.
Corporate Governance Committee:	the committee set up by the business associations (ABI, ANIA, Assonime, Confindustria), Borsa Italiana and the Association of Professional Investors (Assogestioni).
Remuneration Committee:	the Committee set up by the Board of Directors pursuant to and for the purposes of the Corporate Governance Provisions and the Code of Conduct.
Board/Board of Directors:	the "body with strategic supervisory functions" of the Bank, which is entrusted with the functions of directing the management of the Bank, by means of, inter alia, the examination and resolution of industrial or financial plans, or strategic transactions, pursuing Sustainable Succes.
Subsidiary/ies:	the Companies belonging to the Group.
DEPObank:	DEPOBank - Banca Depositaria Italiana S.p.A
Chief Reporting Officer:	the manager in charge of drawing up the corporate accounting documents pursuant to art. 154-bis of the Consolidated Law on Finance.
Provisions on Corporate Governance:	Part 1, Title IV, Chapter 1 ("Corporate Governance") of the Supervisory Provisions.
Fit & Proper Decree:	Decree of the Ministry of Economy and Finance of 23 November 2020, no. 169, containing the "Regulation on the requirements and eligibility criteria for the position of corporate officers of banks, financial intermediaries, credit consortia, electronic money institutions, payment institutions and depositor guarantee schemes", published in the Official Gazette on 15 December 2020.
NFS	the Consolidated Statement on Non-Financial Information
Financial Year:	the 2021 financial year to which the Report refers.
Euronext Milan	the regulated market managed by Borsa Italiana.
BCE	European Central Bank.
Corporate Control Functions:	collectively, the Compliance and AML function, the Risk Management function, the Internal Audit function and other control departments, i.e. all the corporate areas which, by virtue of legal, statutory, regulatory or self

regulatory provisions, have control tasks within the Group

Compliance and AML Function:	the corporate function of compliance with regulations and the prevention and countering of money laundering and terrorist financing, assigned to the Parent Company's Compliance and AML Function.
Internal Audit Function:	the corporate internal audit function assigned to the Parent Company's Internal Audit Function.
Risk Management Function:	the corporate risk control function assigned to the Parent Company's Risk Management Function.
Company Functions or Business Structures:	all the Group's corporate structures, such as, for example, the Departments, the Functions and the Organizational Units.
BFF Banking Group o Group/Group/BFF Group::	collectively, the Bank and its Subsidiaries.
BFF Polska Group:	the group comprising the parent company, BFF Polska, a company under Polish law operating in the field of financing the national health service and local authorities, and its subsidiaries: (i) BFF MEDFinance S.A.; (ii) BFF Central Europe S.R.O.; (iii) BFF Česká Republika S.R.O.; (iv) Debt-Rnt S.p Z.O.O.; (v) the law firm Kancelaria Prawnicza Karnowski i Wspólnik Spółka Komandytowa, (vi) Restrukturyzacyjna Prawnicza Karnowski Wspolnik sp.k., and (vii) the closed-end investment fund Municypalny Fundusz Inwestycyjny Zamkniety, established in Poland, the Czech Republic and Slovakia respectively.
CRR Group:	the BFF Group with regulatory consolidation of BFF Luxembourg S.à r.l., through which Centerbridge Partners L.P. holds its participation in the Bank
ICAAP:	the "Internal Capital Adequacy Assessment Process", the internal process for determining the Parent Company's capital adequacy, which carries out an independent current and prospective assessment, including at CRR Group level, of its capital adequacy, in relation to the risks assumed and the Company's strategies, pursuant to and for the purposes of the Supervisory Provisions.
ILAAP:	the "Internal Liquidity Adequacy Assessment Process", the internal process for determining the adequacy of the Parent Company's liquidity risk management and governance system, which carries out an independent, current and prospective assessment, including at CRR Group level, of the liquidity risk management and governance system, in relation to the risks assumed and the Company's strategies pursuant to and for the purposes of the Supervisory Provisions.
IOS Finance o IOS:	IOS Finance S.A.U., a Spanish-registered company active in credit management services and non-recourse factoring to providers of the national health system and other public administration entities in Spain, acquired in 2019 by BFF, and subsequently merged into BFF FI by means of a merger, on 31 December 2019.
MBO	Management by objectives;
Modello 231:	the organization, management and control model, approved by the Board of Directors on 23 February 2004, and most recently updated on 24 September 2019, prepared in compliance with the provisions of Legislative Decree no.

	231/2001, as well as the guidelines issued by ASSIFACT, ABI and Confindustria, in accordance with best practices in the industry.
Guidelines for Shareholders:	the guidelines issued by the outgoing Board of Directors on the qualitative quantitative composition deemed optimal, made available to the public on January 19, 2021, on the Website in the section "Corporate Governance/Shareholders' Meeting Documentation.
Supervisory Body/SB:	the Supervisory Body set up by the Bank pursuant to Legislative Decree No. 231/2001, as subsequently amended.
Corporate Bodies:	collectively, the Board of Directors, the Chief Executive Officer and the Board of Statutory Auditors.
P.A.	The Public Administration
2016 Stock Option Plan / 2016 SOP:	the "Stock Option Plan for directors, employees and managers of the Company and its subsidiaries" approved by the Board of Directors on 5 December 2016 and by the Shareholders' Meeting on 28 March 2019.
2020 Stock Option Plan / 2020 SOP:	the "Stock Option Plan for directors, employees and managers of the Company and its subsidiaries" approved by the Board of Directors on 2 April 2020.
Key Personnel or Risk Takers:	categories of personnel whose professional activity has or may have a significant impact on the Group risk profile, identified in accordance with Regulation (EU) No. 604/14 and the internal rules.
Policy di Remunerazione:	the "2020 remuneration and incentive policy adopted for the members of the strategic supervision, management and control bodies and the staff of the BFF Bank".
Board Diversity Policy::	the "Diversity Policy of the Board of Directors of BFF Bank S.p.A." adopted by the Board of Directors pursuant to Art. 123-bis), sub 2, letter d-bis) of the TUF, governing (i) the composition of the Bank's administrative and management bodies with regard to issues such as, for example, age, gender, or educational and professional background, (ii) the objectives of the policy itself, (iii) the implementation procedures, and the monitoring of the results achieved during the reporting period.
IPO:	the process ended on 4 April 2017 with the institutional placement of the Bank's Shares, aimed at establishing the free float necessary for negotiating the Company's Shares on the MTA, which was launched on 7 April 2017.
RAF:	the Risk Appetite Framework, or the document approved by the Bank's Board of Directors, which defines, at Group level, risk appetite, tolerance thresholds, risk limits, risk management policies, reference processes necessary to define and implement them, consistent with the maximum risk assumable, the business model and the strategic plan.
Recovery Plan:	the plan adopted by the Bank, which governs strategies and actions to be taken in the event of a significant deterioration of the Group's equity and financial situation, to ensure, among other things, restoration.
Regulation of the Board of Directors:	the "Regulation of the Board of Directors" adopted by the Board, in order to regulate the composition and operation of the aforementioned body, in

	accordance, inter alia, with the principles set forth in the Corporate Governance Provisions and the Corporate Governance Code. The Regulation of the Board of Directors is published on the Bank's website at the following address: https://it.bffgroup.com/en/board-of-directors-regulation.
Regulation of Corporate Bodies, Control Functions and Information Flows / ROA:	"Regulation of Corporate Bodies, Control Functions and Information Flows" adopted by the Board of Directors, in order to regulate duties and responsibilities of the Corporate Bodies and Control Functions, as well as the information flows between them, to the Risk and Control Committee, and to the Supervisory Body. The ROA is published on the Bank's website at the following address: https://it.bffgroup.com/en/board-of-directors-regulation.
Consob Market Regulations:	the Market Regulation, issued by Consob with resolution No. 20249 of 2017.
Consob Related Parties Regulation:	the Regulation on transactions with related parties issued by Consob with resolution No. 17221 of 2010, as subsequently amended.
Report:	la presente relazione sul governo societario e sugli assetti proprietari, che la Banca è tenuta a redigere ai sensi dell'art. 123-bis del TUF.
Remuneration Report:	the "Annual report on the remuneration and incentive policies of and the fees paid by the Banca Farmafactoring Banking Group", prepared under Article 123 ter of the TUF, Article 84-quater of the Consob Issuers' Regulation, and of the provisions pursuant to Title IV, Chapter I, Table 15, of Circular No. 263, available on the website at "Governance/Shareholders'Meeting Documentation".
RMVU	the Council Regulation (EU) No 1024/2013 of 15 October 2013, which confers specific tasks on the ECB with regard to policies on the prudential supervision of credit institutions.
Internal Control System/ICS:	the set of rules, functions, structures, resources, processes and procedures aimed at ensuring, in compliance with sound and prudent management, the achievement of the objectives set out in the Supervisory Provisions on the internal control system, such as, among other things, risk management
Website:	the Bank's website, at the following address https://it.bff.com/ .
Audit firm:	KPMG S.p.A., the firm entrusted with the statutory audit of the Bank's accounts.
S.S.N.	National Health Service.
By-Laws:	the Bank's By-Laws, in force at the time of this Report. The By-Laws are published on the website at the following address: https://it.bff.com/statuto .
Sustainable Success:	the objective guiding the actions of the Board of Directors, which is the creation of long-term value for the benefit of shareholders, taking into account the interests of the Bank's other relevant stakeholder.
Consolidated Banking Act/TUB:	Legislative Decree of 1 September 1993, No. 385 – "Consolidated Act on banking and credit provisions", as subsequently amended.
Consolidated Law on Finance/TUF:	Legislative Decree of 24 February 1998, No. 58 – "Consolidated Law on Financial Intermediation", as subsequently amended.

CORPORATE GOVERNANCE AND SHARE OWNERSHIP REPORT YEAR 2021

PREAMBLE

This Report - available in the https://investor.bff.com/it/assemblea-degli-azionisti section of BFF's website, as well as on the authorised storage mechanism - is intended to provide the market, in compliance with the provisions of Article 123-bis of the Consolidated Law on Finance, with annual information on the ownership structure, adherence to the Corporate Governance Code, as well as the structure and functioning of the corporate bodies and the governance practices actually applied. The Report also fulfils the disclosure obligations imposed on banks by the Supervisory Provisions on corporate governance. In particular, the Report outlines compliance with the provisions of the Corporate Governance Code, highlighting - in accordance with the "comply or explain" principle - any departures from them and/or from the related application criteria. It should be noted that information on the provisions of the Code regarding remuneration are fully contained in the Remuneration Report. To make the discussion more immediate, at the side of the text, reference is made to the Principles and Criteria of the Code that are relevant from time to time, as well as the indications contained in paragraph 1 (ownership structure) and paragraph 2 (corporate governance) of Article 123-bis. The Report was approved by the Board of Directors on 1 March 2022, and was prepared pursuant to Article 123-bis of the Consolidated Law on Finance, and the Corporate Governance Code (to which the Bank adheres under the terms set out below), as well as in accordance with the indications contained in the "Format for the report on corporate governance and ownership structure" (January 2022 edition), prepared by Borsa Italiana, with the aim of providing a general overview of the Company's ownership structure and the corporate governance system adopted by it.

The Corporate Governance Committee monitors the status of application of the Corporate Governance Code and communicates possible areas for improvement to listed companies. In particular, the recommendations made in the letter from the Chairman of the Corporate Governance Committee of 3 December 2021 were promptly forwarded to the Corporate Bodies.

The Report is also aimed at fulfilling the public disclosure obligations for banks set out in the Corporate Governance Provisions, and the information contained therein, unless otherwise specified, refers to the date of its approval by the Board of Directors.

The Report is submitted for approval to the Shareholders' Meeting convened for 31 March 2022 in a single call.

The Report was previously submitted to the auditing company KPMG, for the purposes of the relevant checks and the issuance of the opinion on consistency required by the aforementioned Article 123-bis. The results of the work carried out by the auditing firm are shown in the Reports drawn up by the latter pursuant to Article 14 of Legislative Decree No. 39/2010, attached to the financial statements and the consolidated financial statements.

1.0 PROFILE OF THE ISSUER

The Company, established in 1985, and listed on Euronext Milan (formerly Mercato Telematico Azionario) since 2017, is the largest specialised finance provider in Italy, as well as one of the leaders in Europe in the management and without recourse factoring of trade receivables due from Public Administrations, in Securities Services and in payment services, and operates in several European countries. In particular, it is present abroad through its Branches in Madrid, Lisbon, Łódź, and, from September 2020, in Athens, as well as, through its Subsidiaries, in Spain, Poland, the Czech Republic and Slovakia.

The Bank also offers deposit products to retail and corporate customers in Italy, Spain, Germany, the Netherlands, Ireland and Poland., ¹ and has cross-border activities in France, Croatia and, until September 2020, in Greece.

BFF is a leader in innovation, customer service and execution in its target markets, with a low risk profile and high operating efficiency, in line with corporate governance best practices.

More specifically, the Company

in 2010, established BFF FI, which carries out without-recourse factoring activities in Spain;
in 2013, it obtained authorisation to carry out banking activities, which was requested with the aim of continuing the process of strengthening the company in order to guarantee the services provided to its customers and to the market
in 2014, it starts direct funding operations in Italy through the online deposit account "Conto Facto", in order to increase the diversification of its funding sources, and begins operating under the freedom to provide services in Portugal;
in 2015, it set up the Spanish Branch, through which it launched the online deposit account "Cuenta Facto" in the local market. In the same year, there was a major change in the Company's shareholder structure, with BFF Lux acquiring the majority stake;

¹ As further described below, the Bank's funding activities are carried out: (i) in Italy, through the online deposit account Conto Facto, (ii) in Spain, Germany, the Netherlands and Ireland, through Cuenta Facto, and (iii) in Poland, through Lokata Facto.

in 2016, through the Spanish Branch, it launched its online deposit account business in Germany and, as part of its commercial and geographical diversification strategy, acquired the BFF Polska group;
in 2017, the listing took place, and the company began operating under the freedom to provide services in Greece;
in 2018 and 2019, it sets up the Portuguese Branch and the Spanish Branch respectively, and starts operating under the freedom to provide services in Croatia and France, the Netherlands and Ireland respectively;
in 2019, through the Spanish Branch, launches in the Netherlands and Ireland the collection activity through the online deposit account "Cuenta Facta", and completes the acquisition of IOS Finance, incorporated into BFF FI, on 31 December 2019;
in 2020, it will set up the Greek Branch, dedicated to the exclusive provision of non-recourse factoring services, in continuity with the operations carried out in Greece under the freedom to provide services, and the related direct management of relations with entities and companies belonging to the NHS and the Public Administration;
on 13 May 2020, as part of its growth, expansion and diversification project to strengthen, inter alia, its strategic positioning, it announced to the market that it had signed a binding agreement providing for the acquisition from Equinova UK Holdco Limited of control of DEPObank - Banca Depositaria Italia S.p.A. and the subsequent incorporation of the latter into BFF (the "Merger"), creating the first independent operator in Italy in specialty finance;
on 24 June 2020, it informed the market that the boards of directors of the Bank and DEPObank had approved the Merger plan;
on 9 December 2020, the ECB, with respect to matters falling within its field of competence, authorised the Bank to (i) acquire DEPObank (ii) to provide proprietary trading services, execution of orders on behalf of customers, custody and administration of financial instruments on behalf of customers, including custody and related services such as cash/collateral management, and excluding the function of securities account management at the highest level, as well as investment research and financial analysis or other forms of general recommendation relating to transactions in financial instruments; (iii) to act as depository bank, pursuant to Art. (iii) to act as depository bank, pursuant to

Articles 47 et seq. of the Consolidated Law on Banking; (iv) to issue cheques, pursuant to Articles 49 et seq. of the Consolidated Law on Banking (the "ECB Authorisation");

on 10 December 2020, the Bank of Italy: (i) authorised BFF to the Merger and to the acquisition of a qualified shareholding equal to 24% of the capital of Unione Fiduciaria S.p.A.; (ii) ascertained that the amendments to the Articles of Association submitted to its examination are not in contrast with the principle of sound and prudent management; (iii) communicated that it has no objections with respect to the prior communication of outsourcing of critical or important operational functions (the "FOI"), transmitted by the Bank pursuant to Article 53 of the Consolidated Banking Act and the Supervisory Provisions;
on 28 January 2021, the Extraordinary Shareholders' Meeting approved (i) the Merger project, which provided, inter alia, for an increase in BFF's share capital of Euro 10,813,652.00 by issuing 14,043,704 Shares to service the Merger, to be allocated on the basis of the relevant exchange ratio, and (ii) the consequent amendments to the Articles of Association, with effect from the effective date of the Merger;
on 10 February 2021, Scalve S.à r.l. ("Scalve"), a company controlled by Massimiliano Belingheri, the Bank's Chief Executive Officer, initiated a so-called reverse accelerated bookbuilding - RABB procedure, which concluded the following day with the purchase of 1,938,670 ordinary shares of BFF, equal, at the time, to approximately 1.1% of the share capital. On 11 February 2021, BFF Luxembourg S.à r.l. (Centerbridge) initiated the sale of its entire remaining stake in BFF (amounting to 7.9% of the share capital), which ended the following day with the exit from BFF's capital, also following the exercise by BFF's CEO of the call option with physical delivery provided for under the relevant "Lock up and Option Agreement";
on 1 March 2021, the acquisition of DEPObank was finalised, with its merger into BFF Bank S.p.A. (formerly Banca Farmafactoring S.p.A.), effective as of 5 March of the same year. As part of this transaction, which created the largest player in specialised finance in Italy, as well as one of the most profitable and best-capitalised banks in Europe, with a specific focus on Securities Services, Payments, factoring services and the management of trade receivables due from the Public Administration, Banca Farmafactoring S.p.A. changed its

name to BFF Bank S.p.A., and redesigned its logo to further underline this moment in the company's history. The corporate symbol has been simplified and turned to make the forward-looking movement towards growth more immediate. The slogan, launched in 2017, remains: 'a bank like no other'. Through the acquisition of DEPObank, BFF strengthened its strategic positioning, expanding both its business segments in market niches where DEPObank was a leader, and its funding and capital base to serve its traditional customers. DEPObank, on the other hand, became part of an international, listed, solid, profitable group with high standards of execution and operational efficiency;

on 15 March 2021, the Board of Directors approved and presented to the market the "2021- 2023 Financial Plan of BFF Banking Group", which sets out the economic and financial objectives up to 2023 and identifies funding synergies, and represents BFF's different business lines: Factoring & Lending, Securities Services, Payments Services, and Corporate Center. It also illustrates the competitive positioning, opportunities and growth directions. The Plan also includes a focus on business sustainability issues.
on 25 March 2021, the Shareholders' Meeting appointed the new Board of Directors, with over 70% of the votes going to the list of the outgoing Board of Directors. This list is the final result of a rigorous process of self-assessment, conducted with the contribution of the Appointments Committee, after evaluation by a leading independent executive search firm, which certified its overall consistency with the Guidelines on Qualitative and Quantitative Composition considered optimal, and with current regulatory provisions. The Board of Directors and the Board of Statutory Auditors will remain in office until the approval of the financial statements for the year 2023.;
on 31 March 2021, BFF distributed a unit dividend, gross of withholding taxes, equal to Euro 0.017495 per share, for a total amount of Euro 3.2 million, corresponding to a small fraction of the total amount of 2019-2020 dividends accrued, equal to Euro 168.5 million ("Monte Dividendi Complessivo 2019- 2020"), in line with the recommendations of the European Central Bank and the Bank of Italy;
on 7 October 2021, the Shareholders' Meeting following the issuance by the Bank of Italy of the assessment measure pursuant to Articles 56 and 61 of Legislative Decree no. 385/1993 (the "Consolidated Law on Banking"), as set out in the report of the Board of

Directors prepared pursuant to Articles 125-ter of Legislative Decree no. 58/1998, as subsequently amended (the "Consolidated Law on Finance") and Article 72, as well as Schedule no. 3 of Annex 3A, of the Regulations adopted by Consob with resolution no. 11971 of 14 May 1999, as subsequently amended (the "Issuers' Regulations") - approved the Board of Directors' report pursuant to Article 125-ter of Legislative Decree no. 58/1998, as subsequently amended (the "Consolidated Law on Finance"). 72 and Schedule 3 of Annex 3A of the Regulations adopted by Consob with resolution no. 11971 of 14 May 1999, as subsequently amended (the "Issuers' Regulations") - approved the Board of Directors' proposal to amend Articles 9, 11, 14, 15, 16, 18, 19, 21 and 22 of the Articles of Association. The amendments to the Articles of Association, approved by the above-mentioned Shareholders' Meeting, brought the traditional governance model into line with the evolution of ownership structures and international best practices in the banking industry.

on 13 October 2021, BFF distributed a unit dividend, gross of withholding taxes and including the portion attributable to treasury shares held by the Company on the "record date", amounting to € 165,275,418 and equal to a dividend per share of Euro 0.8946.

Following the implementation of the 2020 Corporate Governance Code, the Board of Directors approved, at the proposal of the endoconsiliar committees within their respective competences, the relative adjustment of the regulations of said committees as well as of the Board of Directors regarding the Bank's objectives in relation to sustainable success.

For more details with respect to the actions and objectives pursued by the Bank in the ESG area, also with a view to sustainable success, it should be noted that the Bank has published the DNF pursuant to Legislative Decree no. 254/2016 within which the same are included and better outlined. The DNF is available at the following link https://investor.bff.com/it/sostenibilita.

The Bank qualifies as a less significant credit institution pursuant to Article 6(4) of the RMVU.

As a listed company, the Bank qualifies - under the Corporate Governance Provisions - as a bank of larger size and operational complexity. As of 2022, following the publication of update no. 37 of Circular 285 (which eliminated the category of "intermediate banks"), the Bank does not fall under those of smaller size and operational complexity for the purposes of applying the rules on remuneration and incentive policies and practices set out in Circular 285.

The governance model adopted by BFF is the traditional one, and is therefore based on two corporate bodies appointed by the Shareholders' Meeting: the Board of Directors (body with strategic supervision of the company) and the Board of Statutory Auditors (body with control functions). Corporate governance also requires the Board of Directors to appoint a Chief Executive Officer from among its members, who is entrusted with the management of the company.

The Board of Directors also resolved to set up the Supervisory Board and to establish the following Committees with investigative, consultative and propositional tasks vis-à-vis the Board of Directors and, as regards the Remuneration Committee, for limited aspects, the Chief Executive Officer:

the Remuneration Committee
the Nomination Committee;
the Control and Risk Committee,

as well as the RPT Committee.

The Shareholders' Meeting has appointed the Independent Auditors to audit the accounts.

The Issuer qualifies as an "SME" pursuant to Article 1, paragraph 1, letter w-quater.1) of the Consolidated Finance Act (TUF) - as indicated in the list of SMEs published on Consob's website -, on the basis of the criterion of consolidated turnover as the value of capitalisation exceeds the regulatory threshold of EUR 500 million.. 2

² Pursuant to Article 1(1)(w-quater.1) of the Consolidated Law on Finance, "SMEs" are small and medium-sized enterprises issuing listed shares with a market capitalisation of less than EUR 500 million. Issuers of listed shares that have exceeded this limit for three consecutive years are not considered SMEs. Paragraph 2 of Article 44-bis of Decree-Law No. 76/2020, coordinated with Conversion Law No. 120/2020, provides that: "Issuers that at the date of entry into force of the law converting the present decree assume the qualification of SME on the basis of the sole criterion of turnover continue to maintain such qualification for two financial years following the current one".

It should be noted that Article 44-bis, paragraph 2, of Law No. 120/2020 converted, with amendments, Decree-Law No. 76/2020, setting forth "Urgent measures for simplification and digital innovation" (the so-called "Simplification Decree"), and was adopted in order to implement, among other things, the "simplification measures concerning entrepreneurial activity, the environment and the green economy, in order to cope with the economic fallout resulting from the Covid-19 epidemic". Among the simplifications in the field of corporate and financial markets, Article 44-bis of the aforementioned Decree introduced some measures to simplify the criteria for the qualification of 'listed SMEs'. In particular, "in order to simplify the criteria for determining the list of listed SMEs, also with a view to achieving an overall simplification of the regime applicable to listed companies", the legislator has repealed the criterion of turnover, retaining only that of market capitalisation. Article 44-bis, paragraph 2 also provides that "issuers which, at the date of entry into force of the Law converting the present decree, qualify as SMEs on the basis of the turnover criterion only, continue to maintain such qualification for two financial years following the current one"..

THEBFFGROUP

BFF is registered in the Register of Banking Groups, pursuant to Article 64 of the Consolidated Law on Banking, as the parent company of the BFF Banking Group, which includes the Issuer, BFF FI, the BFF Polska group, as well as the recently established company BFF Immobiliare S.r.l.. It should be noted that - following the acquisition of DEPObank - BFF holds an equity investment in Unione Fiduciaria equal to 24% of the issued shares, corresponding to 26.455% of the voting rights.

Below is a graphical representation of the Group, indicating the shareholdings held by the Issuer at the date of the Report³ .

³ source: https://investor.bff.com/it/struttura-del-gruppo. .

In its capacity as Parent Company, BFF performs management and coordination functions, as well as unitary control over BFF FI and BFF Polska, pursuant to Articles 60 et seq. of the Consolidated Banking Act and the Supervisory Provisions.

For the aforementioned purposes, the Board of Directors approved the "Infragroup Regulations", which define the organisational structure, objectives and contents of management, coordination and control activities, and the "Group Regulations", which govern the internal regulatory sources of the Bank - as the Parent Company of the BFF Group - and its Subsidiaries, defining, in particular, the hierarchy and methods of adoption and updating.

The "Intercompany Regulations" are designed to ensure the implementation of the Group's unitary business plan as a whole and business development, through the exercise by the Parent Company of its role of governance over its Subsidiaries, ensuring their direction, coordination and control. In carrying out these activities, the Company promotes the development of the individual Subsidiaries and the Group as a whole, directing development policies and management towards objectives of operating efficiency and sustainable profitability over time. The management of the Subsidiaries contributes to the achievement of the Group's objectives.

In particular, the Parent Company, in its capacity as contact point for the Supervisory Authority, issues to the Subsidiaries the instructions necessary to implement the general and specific instructions given by the Bank of Italy in the interest of the Group's stability, pursuant to Article 61, paragraph 4, of the Consolidated Banking Act and Circular No. 285.

The Company is not subject to management and coordination by other legal entities (as explained in more detail in Section 2, paragraph j of the Report).

⁴ La definizione di PMI nel TUF è stata modificata ad opera dell'art. 44-bis, comma primo, del decreto-legge 16 luglio 2020, n. 76, introdotto dalla legge di conversione 11 settembre 2020, n. 120.

Prima della modifica, l'articolo 1, comma 1, lett. w-quater.1 del TUF definiva "PMI" le piccole e medie imprese, emittenti azioni quotate, il cui fatturato (anche anteriormente all'ammissione alle negoziazioni delle proprie azioni) fosse inferiore a 300 milioni di euro, ovvero che avessero una capitalizzazione di mercato inferiore a 500 milioni, precisando che "non si considerano PMI gli emittenti azioni quotate che abbiano superato entrambi i predetti limiti per tre anni consecutivi". La modifica ha eliminato il riferimento al parametro del fatturato, per cui, ad oggi, sono considerate "PMI" le piccole e medie imprese, emittenti azioni quotate, che abbiano una capitalizzazione di mercato inferiore a 500 milioni di euro e "non si considerano PMI gli emittenti azioni quotate che abbiano superato tale limite per tre anni consecutivi".

Peraltro, lo stesso articolo 44-bis del decreto, al comma secondo, ha previsto un regime transitorio in base al quale: "Gli emittenti che alla data di entrata in vigore della legge di conversione del presente decreto [i.e. al 15/9/2020] assumono la qualifica di PMI in base al solo criterio del fatturato continuano a mantenere tale qualifica per due esercizi successivi a quello in corso".

2.0 INFORMATION ON OWNERSHIP ISSUES (pursuant to Article 123-bis, paragraph 1, Consolidated Law on Finance) AT THE DATE OF THE (31/12/2021)

a) Share capital structure (pursuant to Article 123-bis(1)(a) TUF)

The subscribed and paid-up share capital of the Bank as of 31 December 2021 amounts to EUR 142,690,771.22, divided into 185,311,979 Ordinary Shares without nominal value, all representing the same fraction of capital. The Shares are issued in dematerialised form pursuant to article 83 bis of the TUF, are indivisible and freely transferable. Each Share confers the right to one vote at the Company's ordinary and extraordinary Shareholders' Meetings, as well as the other administrative rights provided for by the applicable provisions of the law and the Articles of Association.

About share-based incentive plans involving increases in share capital, it should be noted that the Shareholders' Meeting, on 2 April 2020 (the "2020 Shareholders' Meeting"), resolved, inter alia, to:

to increase the share capital, free of charge, on a divisible basis, pursuant to Article 2349 of the Italian Civil Code, by a maximum of EUR 5,254,563.16 (five million two hundred and fiftyfour thousand five hundred and sixty three, 16 ), by issuing, also in several tranches, a maximum of 6,824,108 (six million eight hundred and twenty four thousand, 108) new shares, excluding option rights pursuant to Article 2441, paragraphs 5 and 6, of the Italian Civil Code, to service, inter alia, the 2016 SOP and the 2020 SOP, by the deadline of 30 June 2029 (the "Free Capital Increase"), subject to revocation of (i) the paid capital increase resolved by the Shareholders' Meeting on 28 March 2019, and (ii) the authority - granted by the same meeting - to the Board of Directors pursuant to Article 2443 of the Italian Civil Code to increase the share capital free of charge;

About the 2016 SOP, the Board of Directors granted a total of 8,452,640 options in three tranches over the three-year period 2017-2019, against a maximum of 8,960,000 options that can be granted, exhausting the allocation phase.

The option exercise phase commenced on 7 April 2019, with reference to 40% of the first tranche options allocated on the date of Listing, and will end in 2025, when the exercise period for the last portion, equal to 20% of the third tranche options, expires.

From the date of commencement of the exercise period to 31 December 2021, a total of 1,290,274 Shares were allotted against 5,778,496 options exercised (including 942,022 Shares against 4,156,054 options exercised in 2021 under the 2021 Capital Increases).

At 31 December 2021, the number of options granted and not yet exercised amounted to 2,534,684, of which 1,581,684 are vested and exercisable.

As regards the Free Capital Increase, at 31 December, a total amount of EUR 36,902.25 had been subscribed, corresponding to 47,925 Shares, against the issue of:

no. 57,816 Shares, resulting from the exercise of no. 494,936 SOP options granted to employees;
no. 52,298 Shares for the payment of MBO management by objectives;
no. 2940 Shares for the payment of a bonus to employees in the risk taker category.

For further information on the options granted, please refer to the analytical tables on "Stock options granted to members of the board of directors, general managers and other executives with strategic responsibilities" in Section II, paragraph 3 of the Remuneration Report.

Finally, it should be noted that, pursuant to Article 5, paragraph 5, of the Articles of Association, the Extraordinary Shareholders' Meeting may resolve to issue warrants, within the limits and under the conditions prescribed by the Bank of Italy, provided that they are exercised within five years of their issue.

At the end of the year, the Bank held [994,727] treasury shares.

As at 31 December 2021, the shareholding structure was as follows (shares greater than 5%):

AZIONISTA			N. DI AZIONI	% SUL CAPITALE
Equinova LIMITED	UK	HOLDCO	14.043.704	7,58
Management			10.351.4984	5,59%

⁴ As at 31/12/2021, the Chief Executive Officer Massimiliano Belingheri and his Closely Linked Persons (Bray Cross Ltd. and Scalve S.à. r.l.) held 10.17 million BFF shares, representing 5.49% of the share capital; the remaining management share refers to the BFF shares held by the 4 Vice Presidents in force at that date, and their respective Closely Linked Persons

Source: Forms 120A - 120B - 120D and Internal Dealing notices. Percentage shares are calculated on the total number of shares issued as at 31/12/2021.

As mentioned in the previous paragraph, on 10 February 2021, with the markets closed, Scalve S.à r.l. ("Scalve"), a company controlled by Massimiliano Belingheri, BFF's Chief Executive Officer, initiated a reverse accelerated book-building ("RABB") procedure, aimed exclusively at institutional investors and designed to purchase a maximum of 3.5 million BFF ordinary shares. The completion of the RABB transaction took place the following day, 11 February 2021, with the purchase by Scalve of 1,938,670 BFF ordinary shares, equal, at the time, to approximately 1.1% of the Bank's share capital. On the same date of 11 February 2021, BFF Luxembourg S.à r.l. (Centerbridge) ("BFF Lux") initiated, and then completed on 12 February, the sale of its entire remaining stake in BFF (equal to 7.9% of the Bank's share capital):

(i) through an accelerated bookbuilding procedure (ABB), aimed at certain categories of institutional investors, for 11,806,970 shares (6.9%), and

(ii) following the exercise by Massimiliano Belingheri of his call option with physical delivery of 1,756,417 1.76 million BFF shares (1%), provided for under the terms of the existing Lock up and Option Agreement. As a result of this transaction, BFF Lux completed its exit from BFF's share capital, and Massimiliano Belingheri came to hold, both directly and indirectly through Persons Closely Related to him (Scalve and Bray Cross Ltd.), approximately 10.03 million BFF shares (10.17 million at 31 December 2021, representing 5.49% of BFF's share capital).

Following the elimination of BFF Luxembourg S. à r.l.'s shareholding in the Bank in February 2021, the Bank of Italy, in a communication dated 23 February 2021, removed BFF Luxembourg S.à r.l. from the CRR Group's register of banking groups.

Prudential consolidation is now back to BFF Bank S.p.A.

On 5 March 2021, the Bank issued 14,043,704 new ordinary shares in Equinova UK HoldCo Limited ("Equinova") to service the merger of DEPObank into BFF; the shareholding was 7.604% of BFF's share capital at that date.

As of 31 December 2021, Equinova was the main shareholder of BFF, with 7.58% of the share capital, followed by the management of BFF (Chief Executive Officer, the 4 Vice Presidents in office

at that date, and their respective Close Associates) with 5.59%. The remaining 86.30% is free float, plus 0.54% of treasury shares (994,727 at 31 December 2021).

Source: Form 120A - 120B - 120D and Internal Dealing notices. Percentage shares are calculated on the total number of shares issued at 31/12/2021.

(1p) As at 31/12/2021, the Managing Director Massimiliano Belingheri and his Closely Linked Persons (Bray Cross Ltd. and Scalve S.à. r.l.) held 10.17 million BFF shares, for a 5.49% stake in the share capital; the remaining management share refers to the BFF shares held by the 4 Vice Presidents in force at that date, and by their respective Closely Linked Persons. of the Bank.

b) Restrictions on the transfer of securities (pursuant to Article 123-bis(1)(b) TUF)

The Bank's shares are freely transferable. There are no limits on the ownership of shares, nor are there any approval clauses.

c) Significant shareholdings in the capital (pursuantto Article 123-bis, paragraph 1, letter c), TUF

On the basis of the communications received pursuant to art. 120 of the Consolidated Law on Financial Intermediation and the information available to the Bank, and without prejudice to what is indicated in section a above, the Shareholders holding (directly or indirectly), as at 31 December 2021, a percentage of shares, with voting rights, greater than 5% of the share capital are (i) Massiliano Belingheri and (ii) the Chief Executive Officer Massimiliano Belingheri and his Close Associates, as detailed in Table 1 - "Information on the ownership structure" in the Appendix to the Report.

d) Securities granting special rights (pursuant to Article 123-bis(1)(d) TUF)

No securities have been issued that confer special rights of control or special powers. The Articles of Association do not provide for shares with multiple or increased voting rights.

e) Employee shareholding: mechanism for exercising voting rights (ex art. 123-bis, paragraph 1, letter e), TUF)

There are no employee shareholding systems in place, in which the voting rights differ from those provided for general shareholders.

f) Restrictions on voting rights (pursuant to Article 123-bis, paragraph 1, letter f), TUF)

The Articles of Association do not contain any restrictions on voting rights. Each ordinary share confers the right to vote without limitation.

g) Shareholders' agreements (pursuant to Article 123-bis, paragraph 1, letter g), TUF)

As of 31 December 2021, no relevant shareholders' agreement was in force pursuant to Article 122 of the Consolidated Law on Finance and Articles 129 et seq. of the Issuers' Regulation.

h) Change of control clauses (pursuant to Article 123-bis(1)(h) of the Consolidated Law on Finance) and provisions of the Articles of Association on takeover bids (pursuant to Articles 104(1-ter) and 104-bis(1)

It should be noted -in relation to contractual clauses concerning possible changes in the Company's ownership structure - that certain loan agreements of BFF Polska and its subsidiaries contain clauses that provide for, upon the occurrence of certain significant events (including the possible loss of control by the Bank over the BFF Polska group), the right of the financing bank to (i) terminate the loan agreement; (ii) suspend the beneficiary's right to use its current account (overdraft facility); (iii) require the provision of new and additional collateral, or, as the case may be, (iv) declare the benefit of the termination of the loan.

As is customary in the negotiation practice of the financial markets for certain types of relationships, specific effects upon the occurrence of a "change of control" (agreements "that take effect, are amended or terminate in the event of changes in the Company's control and/or any other concomitant events").

With regard to takeover bids, it should be noted that the Bank's Articles of Association do not provide for:

i) exceptions to the provisions on the passivity rule provided for by Article 104, paragraphs 1 and 1-bis, of the Consolidated Law on Finance;
ii) the application of the neutralization rules set forth in Article 104-bis, paragraphs 2 and 3, of the Consolidated Law on Finance.

i) Powers to increase share capital and authorisations to purchase treasury shares (pursuant to Article 123-bis, paragraph 1, letter m), TUF)

On 2 April 2020, the Shareholders' Meeting approved, inter alia, the amendment to Article 5 of the Articles of Association, relating to the Free Capital Increase, with reference to which please refer to section 2.1 above.

On 25 March 2021, the Shareholders' Meeting authorised the Bank to purchase Treasury Shares in accordance with Article 2357 of the Italian Civil Code (the "Shareholders' Meeting Authorisation"), and the terms are summarised below:

duration of authorisation: 18 (eighteen) months;
maximum number of shares that may be purchased: 750,000;
purchase price of each share: may not deviate, either downwards or upwards, by more than 20% from the reference price recorded by the share during the stock exchange session preceding each individual transaction.

It should be noted that the Board of Directors' meeting of 28 September 2021 - following authorisation by the Bank of Italy on 21 September 2021, and in execution of the resolution of the Ordinary Shareholders' Meeting of 25 March 2021 - resolved to launch the share buyback programme, which ended in October 2021, by reason of the purchase of a total of 750,000 BFF ordinary shares, the maximum number of shares to be purchased under the Programme.

The Bank may not purchase Treasury Shares except within the limits of distributable profits and available reserves resulting from the latest financial statements, duly approved.

At the close of the 2021 financial year, the Bank held 994,727 treasury shares.

j) Management and coordination activities (pursuant to Article 2497 et seq. of the Italian Civil Code)

As indicated, inter alia, in Section 1.2 of the Report, the relevant stake in the Issuer's capital held by Equinova, at the end of the Financial Year, is 7.58% of the Bank's capital.

The Bank is not subject to management and coordination activities pursuant to Article 2497 of the Italian Civil Code et seq. since, among other things, BFF operates in conditions of complete corporate and entrepreneurial autonomy, without interference from parties outside the Bank.

The information required by Article 123-bis, paragraph 1, letter i), of the Consolidated Law on Finance is contained in Section II, paragraph 2.4 of the Remuneration Report, and the information required by Article 123-bis, paragraph 1, letter l), of the Consolidated Law on Finance is illustrated in Section 4.1 of this Report, dedicated to the Board of Directors.

3.0 COMPLIANCE (pursuant to 123-bis, paragraph 2, letter a), first part, TUF)

As already highlighted in Section 1, the Bank has adhered, in the manner indicated in this document, to the Corporate Governance Code promoted by the Corporate Governance Committee, which is made up of the business associations (ABI, ANIA, Assonime, Confindustria) and professional investors (Assogestioni), and by Borsa Italiana, published on Borsa Italiana's website (https://www.borsaitaliana.it/comitato-corporate-governance/codice/2020.pdf), in compliance with the obligations laid down in Article 123-bis of the Consolidated Law on Finance and its implementing rules. The Bank's governance is therefore also in line with the purposes and indications expressed by the same, in order to ensure, taking into account the Supervisory Provisions, a correct balance between the functions of strategic supervision, management and control.

The Report is made available to Shareholders and the public together with the Annual Financial Report as at 31 December 2021, at the Company's registered office and on the Company's website, as well as on the authorised dissemination and storage mechanism ( - ). It should be noted that, as of 22 December 2020, the Bank has already substantially adapted its internal regulations to the Corporate Governance Code, which came into force on 1 January 2021. The main features of the risk management and internal control systems in place in relation to the financial reporting process, including consolidated financial reporting, required by Article 123-bis,

paragraph 2, letter b), of the Consolidated Law on Finance, are illustrated in section 11 of the Report.

For a description of the operating mechanisms of the Shareholders' Meeting and its main powers, the rights of Shareholders and the procedures for exercising them, as required by Article 123-bis, paragraph 2, letter c), of the Consolidated Law on Finance, please refer to section 12 of the Report.

With regard to information on the composition and functioning of the Corporate Bodies and Committees pursuant to Article 123-bis, paragraph 2, letter d), of the Consolidated Law on Financial Intermediation, please refer to section 4.4 of the Report and, more specifically, with regard to the Committees, to sections 6, 7.2 and 9.2 of the Report.

Information on the diversity criteria and policies applied in relation to the composition of the Corporate Bodies with regard to aspects such as age, gender composition and educational and professional background, pursuant to Article 123-bis, paragraph 2 d-bis), of the Consolidated Law on Finance, is set out in section 4.2.2 of the Report.

* * * BFF's corporate governance structure is not affected by laws other than those of Italy or the European Union.

BFF Polska and BFF FI are companies under Polish and Spanish law respectively and are therefore subject to the laws of those countries. However, this circumstance does not affect the Bank's corporate governance structure in any way.

4.0 BOARD OF DIRECTORS

4.1 ROLE OF THE BOARD OF DIRECTORS

The Corporate Governance structure adopted by the Bank is based on the recommendations and rules contained in the Corporate Governance Code.

The management and control model adopted is the traditional one, where a fundamental role is played by the Board of Directors, as the highest body responsible for managing the Company in the interests of the shareholders.

The Board of Directors is the body with strategic supervisory functions and may comprise a minimum of three and a maximum of thirteen members, who remain in office for a period not exceeding three financial years and may be re-elected.

The Board of Directors must be composed of candidates who, for the most part, meet the independence requirements provided for by the applicable legislation.

The Shareholders' Meeting determines the number of members of the Board of Directors, appointing the Directors by means of list voting to allow, where possible, the election of Directors by minority shareholders.

The Board of Directors is vested with the broadest powers of ordinary and extraordinary administration, except for those that the law reserves exclusively to the Shareholders' Meeting. In particular, the Board of Directors:

A. Examines and approves the strategic, industrial, and financial plans of the Bank and the Group, periodically monitoring their implementation and periodically comparing the results achieved with those planned. It defines the Bank's corporate governance system and the structure of the Group as further specified in Section 13;
B. guides the Bank by pursuing Sustainable Success, and orients its activities with a view to progressively integrating corporate sustainability into the definition of strategies and remuneration policy, also based on a materiality analysis of the factors that may affect the generation of value in the long term
C. defines the nature and level of risk compatible with the Bank's strategic objectives, including in its assessments all risks that may be relevant to the medium to long-term sustainable success of the Bank's business, at Group level
D. evaluates the adequacy of the organizational, administrative and accounting structure of the Bank, as well as that of its strategically important subsidiaries, with particular reference to the internal control and risk management system
E. examines and approves transactions including investments and divestments - which, due to their nature, have a strategic importance, entity or commitment that may involve, have a significant strategic, economic, equity or financial impact for the Company and/or the group it heads, with reference to transactions with related parties
F. verification of the adequacy of the general organizational, administrative and accounting structure of the Company and of the group it heads;
G. to ensure the proper management of corporate information, adopts, upon proposal of the Chairman of the Board of Directors, in agreement with the Chief Executive Officer, the Inside Information Procedure, the updates of which are the responsibility of the Chief Executive Officer, as better specified in section 5.
H. on the proposal of the Chairman, formulated in agreement with the Chief Executive Officer, it adopts a policy for the management of dialogue with shareholders in general, also taking into account the engagement policies adopted by institutional investors and asset managers as better specified in Section 12.

It should be noted, in accordance with the provisions of Recommendation 1, d, second part, that during the course of the financial year, the Board of Directors - with the support of the Control and Risk Committee - positively assessed the adequacy of the organizational, administrative and accounting structure of the Bank and its subsidiaries, with particular reference to the internal control and risk management system, as further detailed in section 9;

During the Financial Year, the Board of Directors deemed it necessary to submit to the Shareholders' Meeting justified proposals for the definition of a corporate governance system that is more functional to the needs of the company. On 7 October 2021, in an extraordinary session, the Shareholders' Meeting approved the proposed amendments to the Articles of Association aimed at incorporating the provisions introduced by Ministry of Economy and Finance Decree No. 169 of 23 November 2020, the Corporate Governance Code, and the 35th update of 2 July 2021 of Bank of Italy Circular No. 285 of 17 December 2013, on the corporate governance of banks and banking groups, as well as to take into account the profiles related to the evolution of BFF's ownership structure, which, in February, became to all intents and purposes a public company, with the consequent need to strengthen the involvement of shareholders in shareholders' meeting decisions and to facilitate the exercise of their rights.

Finally, in compliance with Recommendation 3, it has adopted a policy for the management of dialogue with shareholders in general, as explained in Section 12.

In addition to the powers that cannot be delegated by law, and without prejudice to the provisions of the regulatory and supervisory provisions in force at the time and Article 16, last paragraph, of the Articles of Association, the Board of Directors is responsible for

a) the approval/revision of the industrial and financial plans and/or budget, and the verification of the achievement of the relevant objectives;

b) decisions concerning the acquisition and disposal of Group equity investments, as well as the determination of criteria for the coordination and management of Group companies, and for the implementation of Bank of Italy instructions.

Pursuant to the ROA, the Board of Directors also defines the overall governance structure and approves the organizational set-up of the Bank, verifies its proper implementation, and promotes timely corrective measures in the event of any deficiencies or inadequacies.

In particular:

a) approves the organizational and governance structure of the Bank, ensuring a clear distinction of tasks and functions, as well as the prevention of conflicts of interest;
b) approve the accounting and reporting systems)
c) supervise the Bank's public information and communication process
d) ensures an effective dialectical dialogue with the Chief Executive Officer and the heads of the main corporate/industrial functions, and verifies over time the choices and decisions taken by them
e) drafts, submits to the Shareholders' Meeting and reviews, at least annually, the remuneration and incentive policy, and is responsible for its proper implementation
f) approves the results of the identification process of the "most relevant personnel", as well as of the eventual exclusion process of the "most relevant personnel", and periodically reviews the related criteria
g) ensures that the remuneration and incentive policy is adequately documented and accessible within the corporate structure, and that the consequences of any violations of regulations or of codes of ethics or conduct are known to the staff
h)it defines the remuneration and incentive systems, i.e. the compensation, for the Chief Executive Officer, and for Directors holding particular offices, as well as for the "most relevant personnel", as defined in the Remuneration Policy. In particular, it ensures that these systems are consistent with the Bank's overall choices in terms of risk-taking, strategies, long-term objectives, corporate governance and internal controls;
i) determines the content of the powers delegated to the Chief Executive Officer in an analytical, clear and precise manner, including the indication of the quantitative and value limits, and of the possible methods of exercising them, also in order to allow the collegiate body to precisely verify their correct implementation, as well as the exercise of its own directive and delegation powers.

On 25 February 2020, the duties of the Board of Directors were supplemented to take account of the recommendations made in the seventh "Annual report on the application of the Corporate Governance Code on the evolution of corporate governance in listed companies", as detailed in section 19.

Pursuant to the Intragroup Regulation, the Board of Directors, as the body with strategic supervisory functions of the Bank, parent company of the BFF Group, also exercises the following powers at Group level:

the approval/review of the industrial and financial plans and/or budget and of the Group, and the verification of the achievement of the relevant objectives;

the definition and approval of the corporate governance system and the Group's structure;
assessing the adequacy of the organizational, administrative, and accounting structure of the Subsidiaries, with reference to the Internal Control System and the management of conflicts of interest. In this regard, among other things, it periodically verifies that the Internal Control System is consistent with the strategic guidelines, and that the Corporate Control Functions are independent within the organizational structure, as well as having adequate professional resources and expense budgets;
the definition and approval of the Group's business model, being aware of the risks inherent in it, and understanding of the ways in which such risks are detected, measured and assessed;
the definition and approval of the Group's strategic guidelines and their review, having regard to the evolution of the Group's business and market conditions, in order to ensure their effectiveness over time;
the definition and approval of the Group's organizational structure and regulations, ensuring that, within them, tasks and responsibilities are allocated in a clear and appropriate manner, also with regard to delegation mechanisms;
the definition and approval of the risk management process, and the assessment of its compatibility with the strategic guidelines and risk management policies adopted by the Bank at Group level;
the definition and approval of the framework for determining the RAF, to set ex ante the risk/return targets that the Group intends to achieve and the consequent operating limits, as well as verification that the implementation of the RAF is consistent with the risk targets and the tolerance threshold identified therein, and periodic assessment of the adequacy and effectiveness of the RAF, and of the compatibility between the actual risk and the risk targets
decisions concerning the acquisition and disposal (direct or indirect) of shareholdings in other companies, which entail a change in the composition of the Group, as well as the determination of criteria for the coordination and management of Subsidiaries and for the implementation of instructions from the Bank of Italy.

4.2 APPOINTMENT AND REPLACEMENT (pursuant to art. 123-bis, paragraph 1, letter l), first part, TUF)

The Articles of Association ⁵ provides for the Company to be administered by a Board of Directors composed of a number of members to be determined by the Shareholders' Meeting, which in any case may not be less than 5 (five) nor more than 13 (thirteen).

The members of the Board of Directors shall hold office for the period, not exceeding 3 (three) financial years, established at the time of their appointment, their term of office shall expire on the date of the Shareholders' Meeting called to approve the financial statements for the last financial year of their office, and they may be re-elected.

BFF Directors are appointed by the Ordinary Shareholders' Meeting on the basis of lists submitted by shareholders and/or the Board of Directors.

The appointment of the Directors of BFF is made by the Ordinary Shareholders' Meeting on the basis of lists submitted by the shareholders and/or by the outgoing Board of Directors and takes place, as provided for by the Articles of Association, on the basis of the list voting mechanism. The composition of the Board of Directors ensures

that all Directors meet the requirements of honorableness and professionalism and that they satisfy the criteria of correctness and competence laid down in the regulations in force from time to time:
the presence of 1 (one) minority Director, since, at the end of the vote, the candidates of the two lists that obtained the highest number of votes are elected, according to the following criteria (a) a number of Directors equal to the total number of members to be elected, except for one, shall be drawn from the list that has obtained the majority of the votes cast (the "majority list"), in the order in which they are listed on that list; (b) the remaining Director shall be drawn from the second list that has obtained the highest number of votes at the Shareholders' Meeting (the "minority list"), which is not connected in any way, not even indirectly, with those who submitted or voted for the majority list;

⁵ Articles 14 et seq. of the Bank's Statute, available on the Website at the following address:https://it.bff.com/statuto

balance between genders. In fact, if the application of the list voting mechanism does not ensure the appointment of directors belonging to the less represented gender, at least to the minimum extent provided for by Article 147-ter, paragraph 1-ter, of the Consolidated Law on Finance, the candidate belonging to the more represented gender elected as the last in progressive order in the majority list shall be replaced by the first candidate belonging to the less represented and not elected gender, taken from the same list, according to the progressive order of presentation, or, failing that, by the first candidate belonging to the less represented and not elected gender, taken from the other lists, according to the number of votes obtained by each. This replacement procedure shall take place (limited to lists containing a number of candidates equal to or greater than three) until the composition of the Board of Directors complies with the laws and regulations in force on gender balance;
the majority of Directors meet the independence requirement, replacing, where necessary, the non-independent candidate elected as the last in numerical order on the majority list with the first independent candidate not elected, taken from the same list, according to the numerical order of presentation or, failing that, with the first independent candidate not elected, taken from the other lists, according to the number of votes obtained by each. This replacement procedure shall be carried out (limited to lists containing a number of candidates equal to or greater than three) until the minimum number of independent Directors required by law has been completed, without prejudice, in any event, to the balance between genders.

Finally, if these procedures do not ensure a balance between genders and/or the presence of the minimum number of independent Directors required by law, the replacement is made by a resolution passed by the Shareholders' Meeting with a relative majority, following the submission of nominations of candidates belonging to the less represented gender or meeting the independence requirements provided for by law.

The procedure for appointing and replacing Directors is also regulated by the Articles of Association, which state the following.

The lists of candidates for the office of Director must be filed at the Company's registered office, in accordance with Article 147-ter of the Consolidated Law on Finance, no later than the twentyfifth day prior to the date of the Shareholders' Meeting called to resolve on the appointment of the

members of the Board or, if this deadline coincides with a public holiday, it is automatically extended to the first following day that is not a public holiday. The lists are made available to the public at the Company's registered office, on the Website and in accordance with the other procedures provided for by current legislation, at least twenty-one days before the date of the Shareholders' Meeting. Except in the case of the Board of Directors' List, only Shareholders who, alone or together with other Shareholders, hold Shares representing a percentage of at least 2% as per the latest amendment to the Articles of Association of 7 October 2021 - of the Issuer's share capital, or the lesser amount required by the regulations issued from time to time by Consob (Article 144-quater of the Consob Issuers' Regulations), have the right to submit lists.

The list of the Board of Directors must be filed and made public, in the same way as the lists of Shareholders, at least thirty days before the date set for the Shareholders' Meeting called to resolve on the appointment of the members of the Board of Directors (i.e. five days before the ordinary legal deadline for filing lists by Shareholders), in order to give Shareholders more time to evaluate the proposed candidates. The list is accompanied by a specific document describing the assessments made by the Appointments Committee and the Board of Directors, and the process followed to identify the candidates.

In compliance with current laws and regulations, the Board of Directors, for the purposes of both appointing and co-opting its own members, defines, following the self-assessment process, with the contribution of the Appointments Committee and in coordination with the Chairman of the Board of Directors its qualitative and quantitative composition considered optimal for the effective performance of the tasks and responsibilities entrusted to the Board of Directors by law, the Supervisory Measures and the Articles of Association, identifying and justifying the theoretical profile of the candidates (including the characteristics of professionalism and possible independence) considered appropriate for these purposes.

It requires those submitting a list to provide adequate information, in the documentation submitted for the filing of the list, on the compliance of the list with the Shareholders' Guidelines, and requires those submitting a list containing a number of candidates exceeding half of the Bank's Directors to be elected to indicate their candidate for the office of Chairman of the Board of Directors, whose appointment is made according to the procedures set out in the Articles of Association.

In its Rules of Procedure, the Board of Directors has also established the requirements that BFF Directors must meet, in addition to those provided for by applicable regulations. The maximum number of offices that Directors may hold in other companies (previously governed by Article 7 et seq. of the Board of Directors' Rules and Regulations) is now established ex lege by Article 17 of the Fit & Proper Decree.

Prior to the appointment of the new Board of Directors, the Board brings the Shareholders' Guidelines to the attention of the Shareholders, in order to promote an adequate composition of the Board of Directors in terms of, inter alia, skills, experience, age, gender and international projection.

This is obviously without prejudice to the right of the Shareholders to carry out autonomous and different assessments on the optimal composition of the Board of Directors, justifying the deviation of the candidates from the indications provided by the Board.

If the Shareholders' Meeting does not do so, the Board of Directors elects a Chairman from among its non-executive members and may elect a Deputy Chairman from among its non-executive members.

About the independent Directors currently in office, please refer to the table at the end of this Section.

For information on the role of the Board of Directors and its committees in the processes of selfassessment, nomination, and succession of directors, please refer to Section 7.

If, during the financial year, one or more Directors cease to hold office, they shall be replaced in accordance with Article 2386 of the Italian Civil Code, without prejudice, in any case, to compliance with the minimum total number of independent Directors and the gender balance provided for by current legislation. If, however, most of the Directors appointed by the Shareholders' Meeting should cease to hold office, the entire Board of Directors shall be deemed to have ceased to hold office, with effect from the time of its reconstitution, and the Shareholders' Meeting must be convened without delay to appoint a new Board of Directors.

In the event of co-option, the curricula of the co-opted directors, the results of the analysis carried out regarding the qualitative and quantitative composition deemed optimal, and their verification after appointment, the indications contained in the Board of Directors' Diversity Policy, and the

opinions of the Appointments Committee are provided at the first Shareholders' Meeting following co-option.

4.3COMPOSITION (pursuant to the art. 123-bis, paragraph 2, letters d) and d-bis), TUF) The outgoing Board of Directors, in view of the renewal of the Board of Directors, taking into account the results of the self-assessment process for the 2020 financial year, expressed the Shareholders' Guidelines to the Shareholders, prior to the Shareholders' Meeting called inter alia to appoint the Board of Directors (held on 25 March 2021), by publishing the "Guidelines for Shareholders on the qualitative and quantitative composition of the Board of Directors and for the preparation of the list of the Board of Directors", available on the Website in the "Investor/Governance/Membership Documentation" section (the "Guidelines for Shareholders"). The Board of Directors is made up of (i) executive, (ii) non-executive and (iii) independent Directors, in compliance with a principle of diversification also in terms of experience, gender, skills, age, geographical origin and international projection.

The Board of Directors in office at the date of approval of this report was appointed by the Ordinary Shareholders' Meeting of 25 March 2021, which took place through the application of the list voting mechanism (described in Section 4.2, and in Article 14 et seq. of the Bylaws), as well as in compliance with the provisions in force from time to time on the subject of gender balance in the composition of the administration and control bodies of listed companies, pursuant to Articles 147 ter, paragraph 1-ter, and 148, paragraph 1-bis of the Consolidated Law on Finance.

In submitting the lists of candidates, the Board of Directors and shareholders took into account the indications contained in the "Guidelines for Shareholders" published on 19 January 2021. At the same time as each list, the documentation required by law was filed for each candidate, including in particular the curriculum containing the professional characteristics of each candidate, declarations of the non-existence of causes of incompatibility or ineligibility, and the existence of the requirements prescribed by law and the Articles of Association, as well as the list of management and control positions held in other companies.

For the appointment of the members of the Board of Directors, two lists have been presented, respectively by the

- the outgoing Board of Directors, which proposed the following candidates to the Shareholders' Meeting: (i) Avv. Salvatore Messina, (ii) Dr. Massimiliano Belingheri, (iii) Federico Fornari Luswergh, (iv) Amélie Scaramozzino, (v) Dr. Gabriele Michaela Aumann née Schindler, (vi) Piotr Enryk Stepniak, (vii) Domenico Gammaldi, (viii) Barbara Poggiali, and (ix) Isabel Aguilera Navarro (the "List no. 1");
- Studio Legale Trevisan, on behalf of a group of minority shareholders consisting of institutional investors, unrelated to List No. 1, representing a total of 8.51052% of the Bank's share capital, which proposed the following candidates to the Shareholders' Meeting: (i) Giovanna Villa (the "List No. 2").

List No. 1 obtained the highest number of votes (equal to 42.80%), while List No. 2 obtained a number of votes equal to 13.26% of the Bank's share capital represented at the Meeting, corresponding to 60.73% of the Bank's share capital.

The Board of Directors, thus appointed by the Ordinary Shareholders' Meeting on 25 March 2021 was composed of the following 9 (nine) members:

Avv. Salvatore Messina	Chairman
Federico Fornari Luswergh	Vice Chairman and Non-Executive Director
Dott. Massimiliano Belingheri	Chief Executive Officer
Amélie Scaramozzino	Independent Director
Dott.ssa Gabriele Michaela Aumann	Independent Director
Piotr Enryk Stepniak	Non-Executive Director
Domenico Gammaldi	Independent Director
Barbara Poggiali	Independent Director
Giovanna Villa	Independent Director

As at 31 December 2021 the Board of Directors was composed as follows:

Avv. Salvatore Messina	Chairman 6 (*)
Dott. Federico Fornari Luswergh	Vice Chairman and Non-Executive Director
Dott. Massimiliano Belingheri	Chief Executive Officer
Amélie Scaramozzino	Independent Director (*)
Dott.ssa Gabriele Michaela Aumann	Independent Director (*)

⁶ It should be noted that, as of 14 January 2022, the Chairman of the Board of Directors is a Non-Executive Director and not also Independent.

Piotr Henryk Stepniak	Non-Executive Director (*)
Domenico Gammaldi	Independent Director (*)
Barbara Poggiali	Independent Director (*)
Giovanna Villa	Independent Director (*)

(*) Following the resignation of i) Director Barbara Poggiali, on 3 February 2022, and ii) Director Amélie Scaramozzino, on 24 February 2022, the Board of Directors, in accordance with Article 2386 of the Italian Civil Code, appointed Monica Magrì and Anna Kunkl to replace the outgoing directors who will remain in office until the date of the Shareholders' Meeting.

For the sake of completeness, it should be noted that (i) the Board of Statutory Auditors has verified the correct application of the criteria and procedures adopted by the Board of Directors with regard to ascertaining the independence requirements of its members; (ii) some of the current members of the Board of Directors have already held the position of Director of the Issuer prior to the abovementioned appointment. In particular, the following were appointed for the first time: (i) Mr. Salvatore Messina, as Director and Chairman of the Board of Directors on 14 January 2013; (ii) Mr. Massimiliano Belingheri, as a non-executive Director on 19 December 2006, and, as of 24 December 2013, became Chief Executive Officer; (iii) Mr. Federico Fornari Luswergh, as Director on 29 April 2010; (iv) Ms. Gabriele Michaela Aumann, as Director on 21 December 2015;

The Board of Directors, as composed above, will remain in office in its current composition until the approval of the financial statements at 31 December 2023.

The Board of Directors has verified, on the basis of the declarations made by the Directors at the time of their appointment, the existence of the requisites set forth in the Fit & Proper Decree and Ministry of Justice Decree no. 162/2000 and other applicable provisions (the "Fit & Proper Declarations"), and (ii) the absence of causes of incompatibility (including those set forth in Article 36 of Legislative Decree no. 201/2011 on the subject of interlocking) also verified, where applicable, the declarations on the existence of the independence requirements as per Article 2, recommendation 7, of the Corporate Governance Code, and as per Article 148, paragraph 3, of the Consolidated Law on Finance, as referred to in Article 147-ter, paragraph 4, of the Consolidated Law on Finance, and verified the existence of the requirements and compliance with the limit on the accumulation of offices as per Article 7 et seq. of the Regulation of the Board of Directors.

The composition of the current Board of Directors reflects an adequate combination of skills and professionalism, in line with the

The composition of the current Board of Directors reflects an adequate combination of skills and professionalism, in line with the requirements of the "Guidelines for Shareholders".

Pursuant to the Rules of the Board of Directors, in addition to the requirements of professionalism provided for by current legislation, the Directors must possess at least one of the following requirements:

a) appropriate knowledge of the banking sector, of the dynamics and of the economic and financial system, of banking and financial regulation and, above all, of risk management and control methodologies, acquired through many years of experience in administration, management and control in the financial sector
b) experience in the management of operations aimed at facilitating the mobilisation, management and collection of receivables, in particular from entities providing health services and from the Public Administration;
c) experience in entrepreneurial management and business organisation acquired through many years of activity in administration, management or control in companies, or groups of significant economic size, or in the Public Administration;
d) ability to read and interpret economic and financial data acquired through many years of experience in administration and control in companies, or in the exercise of professional activities, or in university teaching;
e) international experience and knowledge of foreign markets acquired through several years of entrepreneurial or professional experience in foreign institutions or in bodies, companies or groups with an international vocation.

The Board of Directors has verified that its members meet at least one of the above requirements.

Finally, in general, the Board of Directors considered the actual composition resulting from the appointment process to be the optimal qualitative and quantitative composition with respect to the indications emerging from the annual self-assessment, as described in the Guidelines for Shareholders.

In addition to the information on the composition of the Board of Directors shown in Table 2 - "Structure of the Board of Directors and Committees" in the appendix to the Report, pursuant to

Article 144-decies of the Consob Issuers' Regulation, the main personal and professional characteristics of each Director (whose curricula vitae have been published in extracts on the Website in the section "Governance/Governance Structure/Board of Directors") are indicated below.

		High Official of the Order of Merit of the Republic of Italy and lawyer.
		He graduated with honors in Law at the University of Catania. In 1971,
		he began his activity in the Bank of Italy, where he held many and
		varied functions until becoming, in July 2004, director of the Milan
		branch of the Institute. During his activity at the Institute, he also
		coordinated and was part of numerous corporate study groups on
		issues of institutional importance; he also represented the Institute
		as a speaker at conferences and seminars organized by public and
		private bodies and members of the financial and academic world. He
		left the Bank of Italy in 2011. From 18 April 2012 until 30 June 2014
		was an independent member of the Board of Directors of Banca
		Esperia S.p.A. From 1 October 2015 to 28 June 2020, he was
		Chairman of the Board of Directors of Diners Club Italia S.r.l., and
		from 10 July 2018 to 9 July 2020 he was a Director of the Italian
Salvatore Messina (Chairman)		Banking Association He was also a member of the Supervisory Body
		pursuant to Legislative Decree No. 231/2001 of Banca Monte dei
		Paschi di Siena S.p.A. (from 25 May 2012 to 18 April 2018) and in
		essentially all Group companies. He is Chairman of the Issuer since 14
		January 2013. Currently, he is a member of the supervisory body
		pursuant to Legislative Decree No. 231/2001 of Fineco Bank S.p.A
		From the academic year 2011/2012, he is a lecturer of Institutions of
		Public Law and European economic law at the Faculty of Banking,
		Finance and Insurance Sciences of the Università Cattolica del Sacro
		Cuore of Milan, and since May 2020 Member of the Steering
		Committee of the Master's Degree Course in Internationalisation of
		Business Relations of the Department of Political and Social Sciences
		of the University of Catania. Since 10 July 2020, he has been a
		statutory auditor of the Italian Banking Association. He is the author
		of several essays on public law.
Federico	Fornari	He graduated with honors in Economics and Business from La
Luswergh		Sapienza University in Rome in 1989. He is registered in the Order of
(Deputy Chairman)		Chartered Accountants since 1990, and in the Register of Accounting
		Auditors since 1992. In 1990, he started his professional career in

	Deloitte & Touche S.p.A Between 1994 and 2002, he held several positions, at national and international level, in the finance and management control area within the Goodyear Group in Italy, U.S.A., and Belgium, until becoming chief financial officer of the Italian group and president of Goodyear Italiana S.p.A. Between 2002 and 2007, he was general manager of the centralized services of Industria Farmaceutica Serono S.p.A., with responsibilities in the field of Finance and HR, Procurement, Legal, IT, and from 2007 to today is chief financial officer of Merck Serono S.p.A. and the Italian Merck Group companies. He was a member of the Board of Directors of Goodyear Italiana S.p.A, Goodyear Dunlop Tires Italiana and Industria Farmaceutica Serono S.p.A He is currently chairman of the board of Merck Life Science S.r.l, Chief Executive Officer of Merck S.p.A. and director of Merck Serono S.p.A., of the A. Marxer Biomedical Research Institute "RBM S.p.A.", Versum Materials Italia S.r.l. e Fonchim - Complementary Contribution Pension Fund for employees of the chemical and pharmaceutical industries and similar sectors. By 2018, is a lecturer in "Corporate Governance & Corporate Finance" at the Luiss Guido Carli University, Department of Economy & Finance, and Business & Management.
Massimiliano Belingheri (Chief Executive Officer)	He graduated with honors in Economics of Public Administrations and International Institutions at the Bocconi University in Milan in 1997, spending a period also at the Wharton School of the University of Pennsylvania in Philadelphia. He began his professional career as a business analyst at McKinsey & Company, in Milan and London. In 2001, he obtained an MBA (Baker Scholar) at the Harvard Business School. After the MBA, he joined Apax Partners in the financial services team being promoted to partner in 2007. In 2008, he assumes responsibility for the financial services team in Europe. Apax Partners has followed several investment and divestment operations, mainly in the financial services and media sectors. He was a director of Azimut Holding S.p.A. from 2002 to 2004, and of Psagot Investment House from 2011 to 2013. He is a Director of the Issuer since December 2006, and Chief Executive Officer since December 2013. He is a board member and member of the executive committee of Assifact, as well as a director of the Spanish Chamber of Commerce in Italy.
Anna Kunkl (Independent Director)	She is graduated in Theoretical Physics at the University of Milan. After working in Caboto and ING Bank supporting the Finance and

Deloitte & Touche S.p.A Between 1994 and 2002, he held several
positions, at national and international level, in the finance and
management control area within the Goodyear Group in Italy, U.S.A.,
and Belgium, until becoming chief financial officer of the Italian
group and president of Goodyear Italiana S.p.A. Between 2002 and
2007, he was general manager of the centralized services of Industria
Farmaceutica Serono S.p.A., with responsibilities in the field of
Finance and HR, Procurement, Legal,
IT, and from 2007 to today is
chief financial officer of Merck Serono S.p.A. and the Italian Merck
Group companies. He was a member of the Board of Directors of
Goodyear Italiana S.p.A, Goodyear Dunlop Tires Italiana and
Industria Farmaceutica Serono S.p.A He is currently chairman of the
board of Merck Life Science S.r.l,
Chief Executive Officer of Merck
S.p.A. and director of Merck Serono S.p.A., of the A. Marxer
Biomedical Research Institute "RBM S.p.A.", Versum Materials Italia
S.r.l. e Fonchim
-
Complementary Contribution Pension Fund for
employees of the chemical and pharmaceutical industries and similar
sectors. By 2018, is a lecturer in "Corporate Governance & Corporate
Finance" at the Luiss Guido Carli University, Department of Economy
& Finance, and Business & Management.

Massimiliano
Belingheri
(Chief Executive Officer)

He graduated with honors in Economics of Public Administrations
and International Institutions at the Bocconi University in Milan in
1997, spending a period also at the Wharton School of the University
of Pennsylvania in Philadelphia. He began his professional career as
a business analyst at McKinsey & Company, in Milan and London. In
2001, he obtained an MBA (Baker Scholar) at the Harvard Business
School. After the MBA, he
joined Apax Partners in the financial
services team being promoted to partner in 2007. In 2008, he
assumes responsibility for the financial services team in Europe. Apax
Partners
has
followed
several
investment
and
divestment
operations, mainly in the financial services and media sectors. He was
a director of Azimut Holding S.p.A. from 2002 to 2004, and of Psagot
Investment House from 2011 to 2013. He is a Director of the Issuer
since December 2006, and Chief Executive Officer since December
2013. He is a board member and member of the executive committee
of Assifact, as well as a director of the Spanish Chamber of
Commerce in Italy.

Anna
Kunkl
(Independent Director)

She is graduated in Theoretical Physics at the University of Milan.
After working in Caboto and ING Bank supporting the Finance and

	Risk Management areas, she joined KPMG Advisory S.p.A in 2004, where she then held the role of Senior Manager in the Financial Risk Management business line. Anna has many years of experience in Financial Services Regulation (MiFID, Market Abuse, EMIR), electronic trading platforms, Brokerage & Execution services for institutional investors and distribution models of financial products to retail and corporate clients. He has been with Be Consulting since 2012, where he is now Director and head of the international Investment Banking practice. In recent years he has worked on domestic and international strategic programmes for investment banks and financial operators engaged in the launch of new businesses, regulatory adjustments, IT/Process Re-engineering and Wealth Management.
Gabriele Michaela Aumann (Independent Director)	She graduated in Economics (specialized in Finance and Banking) at the University of Augsburg in 1977. She was head of credit department at the Bayerische Landesbank in Munich from 1991 to 1998. She held various positions within the same Institute, as follows: head of credit department large corporates and energy (1998-2002), head of corporates department (in 2003) and global division head of credit and collateral services (from 2004 to 2008). Subsequently, she was general manager of the Milan office of the same Bayerische Landesbank from 2008 to 2014.
Piotr Henryk Stepniak (Non-executive director)	He began his professional experience at Air Canada, PepsiCo International, Bank Handlowy S.A. and Aramark Canada. From 2000 to 2005 he was with Lukas Bank S.A. of the Credite Agricole group first as Marketing Director and then as VP Retail Banking. He has held numerous positions in foreign companies and banks as Chairman of the Supervisory Board, member of the Audit Committee and member of internal committees. From 2005 to 2008 he was CEO of GETING Holding S.A He is currently a member of the Supervisory Board of KRUK S.A. and BFF Polska, Grupa Kety and VRG S.A.
Domenico Gammaldi (Indipendent Director)	In 1975 he graduated with honours in Political Science from the University of Naples; he collaborated with the CNR on issues relating to the economic history of the Kingdom of the Two Sicilies and in 1976 he specialised at the School of Economic Development in Rome; in the same year he was hired by the Chamber of Commerce of Alessandria. In 1978 he joined the Bank of Italy, where he held various

	positions in the field of banking supervision and the oversight of
	payment systems; since January 2013 he has been head of the
	Supervisory Service for Markets and the Payment System. During his
	activity, he represented the institute in several national and
	international groups: Committee on Payments and Market
	Infrastructures (CPMI), Financial Innovation Network (FIN) within the
	Financial Stability Board, Market Infrastructure and Payments
	Committee (MIPC) at the European Central Bank and he was Co
	Chair of the Standing Committee on Payment Services (SCPS) at the
	European Banking Authority for the development of activities related
	to the introduction of PSD2. From December 2016 to 2019 he was
	Co-Chair of CERTFin (Italian Financial Computer Emergency
	Response Team). He has a long experience in activities of technical
	cooperation and assesment of international supervisory and
	oversight standards in missions of the International Monetary Fund
	and the World Bank. He left the Bank in October 2019. He is strategic
	advisor to the CEO of PagoPA. He performs voluntary work at Il Fiore
	del deserto in Rome.
	She has a degree in Political Science from the University of Catania
	and a Master's degree from the College of Europe in Bruges
	(Belgium). She has been working, in Fedrigoni since 2019, in the
	Cerved Group where she held the position of HR Director. Previously

	she was Head of HR Europe at AllianzGI and from 2007 to 2011 Head
	of HR Western Europe and International Distribution for Pioneer
	Investments (UniCredit Group). Previously, Monica worked at
Monica Magrì	Ferrero International as Head of HR Management Services after
(Indipendent Director)	having been HR and Communication Director at SIFI Group. During
	her career, she has gained significant experience on issues of
	organisational and cultural transformation during periods of change.
	She holds a Diploma in Ontological Coaching from Newfield Network
	(US) and is certified as an Executive Coach (Newfield Certified
	Coach™ and International Coaching Federation). She then
	completed the Executive Team Coaching programme at Ashridge
	Business School (UK).
	She graduated in business economics from the L. Bocconi University
Giovanna Villa	in Milan, took the exam to become a chartered accountant in 2000
(Indipendent Director)	and then enrolled in the order of chartered accountants and
	accounting experts in 2001 and in the register of auditors in 2002.
	Immediately after his studies, he worked for the current PwC,

Santavaleria S.p.A., and for a well-known firm of accountants. From 1997 onwards, he has collaborated with the most renowned
consulting firms, including PwC, Deloitte & Touche, BDO, in projects
for the analysis of administrative processes and accounting auditing,
in the drafting and review of MOG 231, Sarbanes Oxley Act SOX.
From 2001 to 2006, she also collaborated with a well-known firm of
accountants in Monza in management projects and CTU assistance,
as well as conducting training sessions as a lecturer in management
control, internal control and accounting. From 2016 to 2020, she was
appointed as an independent director in Yapi Kredi Bank, a bank
listed on the Istanbul Stock Exchange and 50% owned by UniCredit.
She currently holds the position of Statutory Auditor in several
companies.

Diversity criteria and policies in Board composition and corporate organisation

The composition of the Board of Directors in office complies with the criteria of diversity, including gender diversity, in the terms established by Article 147-ter of the Consolidated Law on Finance, as amended by Law No. 160/2020.

The Articles of Association, the Regulation of the Board of Directors and the Board Diversity Policy contain provisions aimed at ensuring diversity, including gender diversity, on the Board of Directors.

In particular, the Articles of Association provide that list containing 3 (three) or more candidates must include candidates of different gender, at least to the minimum extent required by the legislation in force from time to time, in relation to the composition of the Board of Directors.

The Board of Directors' Diversity Policy was updated on 22 December 2020 to incorporate, inter alia, (i) the change in the provision on the gender composition of the Board of Directors according to which at least two-fifths of the elected directors (rounded up to the nearest whole number) must belong to the least represented gender for at least six consecutive terms from the first renewal of the Board of Directors after 1 January 2020, (ii) the results of the Self-Assessment, (iii) the reference to Sustainable Success and was last updated on 29 July 2021, in order to incorporate the provisions introduced

the Fit & Proper Decree
the Supervisory Provisions and
the 35th update, dated 2 July 2021, of Bank of Italy Circular No. 285 of 17 December 2013.

This Policy is subject to a periodic review process and, where necessary, is updated at least once a year, possibly with the assistance of external professionals, at the proposal of the Appointments Committee.

The Board of Directors' Diversity Policy defines the optimal characteristics of the composition of the Board of Directors, so that the Board of Directors can perform its duties in the most effective way, taking decisions on the basis of a plurality of qualified and heterogeneous points of view. In particular, it is considered that the optimal composition of the Board of Directors should be oriented to meet at least the following criteria:

(i) the presence of an adequate number of non-executive and/or independent Directors, other than the Chairman of the Board of Directors. In any case, in compliance with the legislation in force from time to time and unless the Bylaws provide for a higher number of Directors, the Board of Directors shall include at least two independent Directors, other than the Chairman of the Board if the Board is made up of seven members, at least three if it is made up of up to twelve members, and at least four if it is made up of a higher number. In the Board List, at least half of the candidates must meet the independence requirements pursuant to the Articles of Association and the Rules of the Board of Directors;
(ii) the maintenance of at least two-fifths of the members of the Board of Directors, at the time of appointment and during the term of office, belonging to the least represented gender, rounded up to the next higher unit;
(iii) the heterogeneity of age groups, so as to allow for a plurality of perspectives and managerial and professional experiences;
(iv) the balancing of different seniority in office, in order to pursue a balance between the need for continuity and renewal in management;
(v) in view of the Group's international outlook, as revealed by the Self-Assessment process, the presence of one third of directors who have gained adequate experience (a) in international contexts (preferably in the markets in which the Group operates), in order, inter alia, to prevent the standardisation of opinions and the phenomenon of "group thinking"; (b) in the specific business of custodian bank, payment services and related services.

In general, the Directors should have a managerial and/or professional and/or academic and/or institutional profile such as to achieve a mix of different and complementary skills and experience, matured for at least three years.

With specific reference to the Chairman of the Board of Directors and the Chief Executive Officer, the Board of Directors' Diversity Policy indicates the professional requirements that they must have respectively accrued for at least five years, in compliance, inter alia, with the provisions of the Fit & Proper Decree.

As mentioned above, in addition to the professionalism requirements set forth in the legislation, Directors must also meet the additional requirements set forth in the Rules of Procedure of the Board of Directors, available on the Bank's website, to which reference should be made for more details: https://investor.bff.com/it/regolamento-consiglio-di-amministrazione.

The implementation of the Board of Directors' Diversity Policy takes place - in compliance with the provisions of the law and the Articles of Association on the appointment of the Board of Directors and its Chairman using the list voting mechanism, as well as the Chief Executive Officer Succession Plan - mainly during (i) renewal of the Board of Directors, as well as through the formulation by the outgoing Board of Directors of the Guidelines for Shareholders, including in the eventual formation and presentation to the Shareholders of the Board of Directors' List; (ii) co-optation; (iii) early termination of the Chief Executive Officer, and (iv) appointment of the Chairman of the Board of Directors. For the appointment of the Board of Directors and the co-optation referred to in points (i) and (ii), respectively, the Self-Assessment process is considered fundamental.

Maximum number of offices held in other companies

Guidelines on the maximum number of offices that may be held by the Bank's Directors - in line with the provisions of the Corporate Governance Code and the Supervisory Provisions - are set out in the Rules of Procedure of the Board of Directors. Since the last renewal of the Board of Directors, each member of the Board of Directors has complied with the limits on the accumulation of offices set out in Article 17 of the Fit&Proper Decree, which provides that members of the Board of Directors may not hold, alternatively, more than:

1 executive position and 2 non-executive positions;
4 non-executive positions.

For the purposes of calculating the above limits, the office held at the Bank was also taken into account.

The limits on the accumulation of offices were also verified taking into account the exemptions and methods of aggregation of offices provided for in Article 18 of the Fit&Proper Decree.

The following table shows the total number of positions as director or statutory auditor held by Directors in office in other companies at the date of approval of the Report.

Board member	Total number of positions held in other companies
Salvatore Messina	0
Federico Fornari Luswergh	1 EXECUTIVE
Massimiliano Belingheri	0
Amélie Scaramozzino	0
Gabriele Michaela Aumann	0
Piotr Henryk Stepniak	0
Domenico Gammaldi	2 NON EXECUTIVE
Monica Magrì	0
Giovanna Villa	3 NON EXECUTIVE

During the year, the Nomination Committee and the Board of Directors verified compliance with the limits on the accumulation of offices held by Directors in other companies, in light of the applicable weightings for offices held in the same group, and the declarations made by the Directors.

4.4. OPERATION OF THE BOARD OF DIRECTORS (pursuant to Article 123-bis, paragraph 2, letter d), TUF)

During the financial year, the Board of Directors met 23 times, and the meetings lasted an average of approximately 2 hours and 53 minutes.

In compliance with the obligations set forth in Article 2.6.2 of the Consob Market Regulations, the Board of Directors annually approves, within thirty days of the end of the previous financial year, the calendar of corporate events, to be communicated to Borsa Italiana, for dissemination to the public (the "Financial Calendar"). The Financial Calendar specifies, in particular, in the framework of the Board meetings established for the new financial year, the dates set for the approval of the draft financial statements, the half-yearly report and the quarterly reports, as well as the date set for the holding of the Shareholders' Meeting. The Financial Calendar for the 2022 financial year approved by the Board of Directors on 22 December 2021 - is available on the Website in the "Investor Relations/Financial Calendar" section.

As regards the percentage of attendance of each Director at Board meetings, reference should be made to Table 2 - "Structure of the Board of Directors and Committees" in the Appendix to the Report.

With reference to the 2022 financial year, 15 meetings are planned. At the date of the Report, the Board of Directors had met three times (on 28 January, 10 and 24 February and 1 March).

Adequate procedures for the functioning of the Board of Directors are formalised in the Articles of Association and the Regulations of the Board of Directors, as well as adequate information flows, working methods and convocation/timing of meetings, which guarantee the correct and efficient functioning of the Board of Directors, as well as the timeliness of its action.

Secondo quanto disposto dall'articolo 17 dello Statuto, il Consiglio di Amministrazione si riunisce su convocazione del Presidente, nonché su convocazione del Collegio sindacale, presso la sede sociale, salvi i casi in cui per ragioni di opportunità le riunioni debbano tenersi altrove.

Moreover, Article 19 of the Statute allows board meetings to be held with interventions in several adjacent or distant places, audio and/or video connected, provided that the collegial method and the principles of good faith and equal treatment of participants are respected. In particular, it is necessary for all participants to be able to be identified and to be able to follow the discussion and intervene in real time in the discussion and simultaneous voting on the items on the agenda. In this case, the Board meeting is considered to have been held in the place where the Chairman is located, which must be the same place as the Secretary, so that the minutes can be drawn up and signed. An exception to the above rule is made for extraordinary cases, such as those related to Health Emergencies, in which the Chairman and Secretary are allowed to be in different places for health safety reasons.

As regards pre-meeting information, the Chairman and the Company's Corporate Affairs Secretariat shall ensure that the documentation on the items on the agenda of each meeting is made available in good time, also in view of the content of the items discussed, through the special platform with access reserved, by means of credentials, to each director and statutory auditor (the "Platform"), in accordance with the provisions of Article 12 of the Regulation of the Board of Directors, which expressly states: "the Chairman establishes the agenda, coordinates the Board's work and ensures that adequate and timely information is provided to all Directors on the items on the agenda".

In order to allow for optimal and informed participation in the Council's activities, the deadline for the transmission of documentation prior to each meeting has been set at 3 (three) days, and has generally been respected, but for about three years now the practice has also been introduced of making available pre-Council documentation as and when it becomes available, even before the formal convocation of Council meetings is sent out.

It is standard practice for pre-meeting documentation to be accompanied by appropriate summary and/or executive summary notes, in order to make it easier to understand the items on the agenda. Board meetings are conducted in compliance with the indications provided by Article 3 of the Corporate Governance Code, which has been substantially implemented in the Board of Directors' Regulation. In particular, the Chairman of the Board of Directors ensures that the items on the agenda are discussed in sufficient time to allow for constructive debate and encourages contributions from Board members during meetings.

All Board meetings are minuted by the Secretary, who may also be appointed from outside the Board.

It should be noted that the Board of Directors has appointed as its Secretary Romina Guglielmetti, a lawyer specialised in corporate governance and with consolidated experience in the field, who, in coordination with the Chairman and the Corporate Affairs Secretary (who reports to the Group General Counsel & Business Legal Affairs Department), supports the activities of the Chairman and provides impartial assistance and advice to the Board of Directors on all aspects relevant to the proper functioning of the corporate governance system.

The minutes are jointly signed by the Chairman of the Board of Directors and the Secretary (or the Notary Public, in the cases provided for by current legislation). These minutes are brought to the attention of the Directors and the Board of Statutory Auditors at the first subsequent Board meeting and remain available for consultation on a special electronic platform with access reserved, via credentials, to each Director and Statutory Auditor.

The members of the Board of Statutory Auditors attend Board meetings as of right, and may be invited to attend, in the cases and according to the procedures established from time to time by the Chairman, executives and employees of the Bank, representatives of the Independent Auditors and consultants, whose presence is deemed useful in relation to the matters to be discussed (limited to the stage of discussion of the matters for which they are responsible) or for the conduct of the proceedings.

As regards the members of the Board of Statutory Auditors, it should be noted that Paola Carrara (Chairman) attended 23 meetings, Fabrizio Riccardo Di Giusto and Professor Paolo Carbone attended 16 meetings.

The following were invited to attend meetings of the Board of Directors:

n. 23 meetings, the Group General Counsel & Business Legal Affairs;
n. 21 meetings, the Director, Chief of Staff;
n. 13 meetings, the CFO, Vice President, CFO Finance & Administration Department;
n. 11 meetings, the Director Group Compliance & AML;
n. 9 meetings, the Group Risk Management Function;
n. 9 meetings, the Director Investor Relations, Strategy, and M&A;
n. 4 meetings, the Vice President, Factoring & Lending;
n. 4 meetings, the Direttore Centrale, International markets and development;
n. 11 meetings, the Group Human Resources & Organizational development;
n. 6 meetings, the Group Internal Audit;
n. 2 meetings, the Manager in charge;
n. 4 meetings, the Director Planning, Administration and Control;
n. 5 meetings, the Vice President, Technology & Processes Improvement
n. 1 meetings, the Chairman of the Supervisory Board;
n. 1 meetings, the representative of the auditing company;
n. 1 meetings, il Head of U.O. Information and Communication Technologies;
n. 1 meetings, representatives Eric Salmon,

in order to provide the necessary information on certain items on the agenda.

The Head of the Corporate Affairs Secretariat also attends the meetings of the Board of Directors. It should be noted that the Group General Counsel & Business Legal Affairs Department (to which the Corporate Affairs Secretary reports) provides specialist oversight and control of the main corporate governance processes, ensuring all appropriate legal advice for the proper functioning of the Bank's and the Group's corporate governance structures, including those relating to the eligibility requirements of corporate officers, relations with related parties and the correctness of the decision-making process, as well as the related interactions with the Supervisory Authorities..

4.5 RUOLO DEL PRESIDENTE DEL CONSIGLIO DI AMMINISTRAZIONE

The Chairman calls, presides over and directs the work of the Shareholders' Meetings and the Board of Directors, guarantees the effectiveness of the Board's debate and ensures that the resolutions reached by the Board are the result of an adequate dialectic between executive and non-executive members as well as the conscious and reasoned contribution of all its members, also ensuring that all the Directors are provided with adequate information on the items on the agenda. When preparing the agenda and conducting Board discussions, it ensures that issues of strategic importance are prioritised, ensuring that all necessary time is devoted to them; promotes meetings between all councillors, also outside the council premises, to discuss and debate strategic issues, requesting the participation of all the members of the board.

The Chairman of the Board of Directors plays a crucial role in ensuring the smooth running of the Board of Directors, fostering internal debate and ensuring the balance of powers, in line with the tasks relating to the organisation of the Board's work and the circulation of information, which are assigned to him by the Civil Code, the Corporate Governance Provisions and the Corporate Governance Code. The Chairman of the Board of Directors guarantees the balance of powers between the Corporate Bodies, including the Committees, whose meetings he attends by right. The Chairman of the Board of Directors, if the Shareholders' Meeting has not done so, is appointed by the Board from among its non-executive and independent members.

The Chairman guarantees the effectiveness of the Board's debate, and impartially encourages the thoughtful participation of the Board members, especially the non-executive ones, encouraging their active participation in the discussion and resolution on the items on the agenda.

The Chairman shall ensure that the resolutions reached by the Board of Directors are the result of an adequate dialectic, and of the conscious and reasoned contribution of all its members.

More specifically, pursuant to Article 11 of the Regulation of the Board of Directors, the Chairman:

a) he shall be the legal representative of the Bank vis-à-vis third parties and in legal proceedings, as well as signatory of the Bank, separately from the Managing Director, within the limits of their respective powers;

b) presides over the Shareholders' Meeting and coordinates the proceedings of the meeting, verifying, inter alia, that the meeting is properly constituted, ascertaining the identity and legitimacy of those present, regulating discussion and establishing voting procedures;
c) calls the Board, sets the agenda and coordinates its work. In preparing the agenda and conducting the council debate, it shall ensure that issues of strategic importance are given priority, ensuring that they are given the necessary time;
d) make sure that the Directors and Auditors are sent through the Corporate Affairs Secretariat - the documentation supporting the Board's resolutions or, at least, an initial report on the matters to be discussed, well in advance. For the purposes of correct disclosure, the documentation relating to the items on the agenda is sent to Directors and Auditors, as a rule, at least three days before the date set for the Board meeting (without prejudice to the practice described in paragraph 4.3.1), adopting all useful measures to safeguard the confidentiality of the information, especially where it can be qualified as price sensitive. The protection of the confidentiality of the data and information provided is ensured through compliance with the Bank's "Internal procedure for the management and external communication of Price Sensitive Information", as well as through the exclusive use of an IT platform that does not allow the printing and disclosure of Board documentation;
e) ensure that the pre-Board briefing and supplementary information provided during meetings are adequate to enable Board members to act in an informed manner in the performance of their duties
f) ensure that the documentation supporting resolutions, in particular the documentation provided to non-executive members, is adequate in terms of quantity and quality with respect to the items on the agenda, and encourages thoughtful participation by Board members in the discussion and resolution of the items on the agenda;
g) ensuring that the Directors and Statutory Auditors can participate, in the most appropriate forms, in initiatives aimed at providing them with adequate knowledge of the business sector in which the Bank operates, of corporate dynamics and their evolution, also with a view to the Bank's Sustainable Success, of the principles of proper risk management, as well

as of the relevant legislative and regulatory framework. The type and organisational methods of these initiatives are set out in the Report;

h) organizes a) at least once a year, a meeting between all the Directors, also outside the Board premises, to discuss and debate strategic issues; and b) during the three-year term of office, initiatives aimed at fostering a useful mutual knowledge of the Board and the Subsidiaries' management;
i) ensure that: a) the Self-Assessment is carried out effectively, and that the manner in which it is conducted is consistent, transparent and adequate with respect to the degree of complexity of the Board's work, and that the necessary corrective measures are taken to address any deficiencies found; b) the Bank prepares and implements induction programmers and training plans for members of the Corporate Bodies, and the Succession Plan;
j) exercise the powers delegated to it by the Board, provided that they do not compromise its non-executive nature and, where applicable, its independence and are compatible with the applicable provisions of the law and regulations;
k) supervise the implementation of the resolutions of the Shareholders' Meeting and the Board, as well as the compliance of the corporate policy with the strategic guidelines
l) ensure that the activities of the Committees are coordinated with those of the Board;
m) ensures that the Chairmen of the Committees report on the activities carried out by their respective Committees at the first useful meeting of the Board of Directors
n) ensure that the Board of Directors is in any event informed, by the first useful meeting, on the development and significant contents of the dialogue with the shareholders, taking into account the engagement policies adopted by the Bank.

In the event of the Chairman's absence, the faculties and powers attributed to him are exercised by the Deputy Chairman (who is a non-executive director). Before third parties, the signature of the Deputy Chairman is full proof of the Chairman's absence or impediment. In the event of the Chairman's absence or impediment, the Board of Directors is chaired by the Deputy Chairman or, in the event of his absence or impediment, by the director with the highest number of consecutive mandates.

The Chairman contributes - as a member of the Board of Directors with the relevant voting rights - to the development of corporate strategies, the approval of which is the exclusive responsibility of the Board itself approval of which is the exclusive responsibility of the Board itself.

Secretary of the Board

As established by Article 17 of the Articles of Association and the Rules of Procedure of the Board of Directors, the Board of Directors appoints a secretary who may also be chosen from outside the members of the Board. The Bank appointed the Secretary, in the person of Romina Guglielmetti, with the renewal of the Board of Directors on 25 March 2021.

The Secretary, with the contribution of the Corporate Affairs Secretary (who reports to the Group General Counsel & Business Legal Affairs Department), assists the Chairman in some of his tasks and, in particular, i) in preparing Board and Shareholders' meetings, ii) in preparing the related resolutions, iii) in communicating with Board members, and vi) in organising and ensuring the adequacy and transparency of the board review process.

He also takes care of the minutes of Board and Committee meetings.

The Corporate Affairs Secretary assists the Chairman i) in ensuring the adequacy, timeliness, completeness, and clarity of information flows to the Board, and ii) in ensuring, in accordance with the agreements between the Chairman and the Managing Director, the attendance at Board meetings of the heads of the corporate functions responsible for the subject matter, in organizing "board induction".

The Secretary provides impartial and independent judgment, assistance, and advice to the Board of Directors on any aspect relevant to the proper functioning of the corporate governance system concerning the functioning, powers and attributions of the Board and the Committees. He also provides assistance and independent legal advice (with respect to "management") to the Board and the Directors on their powers, rights, duties and obligations, in order to ensure the proper exercise of their powers and protect them from any liability. The Secretary may perform other functions within the Group, provided that they do not compromise his independence of judgement towards the Board or the proper performance of his duties. The Chairman shall ensure that the Corporate Affairs Secretary has adequate powers, tools, organizational structure and personnel for

the performance of his or her duties and shall monitor the Secretary's independence. The Board, upon proposal of the Chairman, determines their remuneration.

4.6 EXECUTIVE DIRECTORS

Chief Executive Officers

According to the corporate governance model adopted by BFF, the Board of Directors has identified the body with management functions in the Chief Executive Officer, chosen from among its members, determining his powers and term of office.

The Board has granted the Chief Executive Officer, within pre-established limits and with the right to sub-delegate, powers in all areas of the Bank's activities. In particular, the Chief Executive Officer manages the activities of the Bank, within the limits of the powers conferred upon him and in accordance with the general management guidelines established by the Board of Directors, and is responsible for implementing the resolutions of the Board of Directors and the requirements of the law. He is in charge of personnel and structure, and ensures that the organisational, administrative and accounting structure of the Company is appropriate to the nature and size of the business.

Details of these powers are set out in Table 4 - "Managerial Powers" in the Appendix to this Report. - The Chief Executive Officer holds 3 positions within the Group (Chief Executive Officer of BFF Bank, Chairman of BFF Finance Iberia S.A.U., member of the Supervisory Board of BFF Polska S.A., and 1 position in a company in which the Bank holds a qualified shareholding (non-executive director of Unione Fiduciaria S.p.A.). These appointments benefit from the aggregation mechanism pursuant to Article 18, paragraph 3, letters a) and c) of the Fit&Proper Decree;

no. 2 offices outside the Group, of executive director of Scalve, and of non-executive director of Valle Decia, which benefit from the exemption mechanism under Article 18, paragraph 2, letters a) of the Fit&Proper Decree as they are companies dedicated to the management of the private interests of the exponent,

as ascertained by the Board of Directors on 26 November 2021 after preliminary investigation by the Appointments Committee.

Chairman of the Board of Directors

Il Presidente, Avv. Salvatore Messina, non esercita deleghe gestionali e non ricopre il ruolo di Chief Executive Officer né è azionista di controllo della Società.

Executive Committee (only if constituted) ( pursuant to Article 123-bis, paragraph 2, letter d), TUF)

Article 16 of the Articles of Association provides that the Board may also delegate its powers to an Executive Committee, establishing its powers, the number of its members and the rules governing its operation, within the limits set by Article 2381 of the Italian Civil Code. If an Executive Committee is appointed, the Chief Executive Officer is a member by right. The Chairman may not be a member of the Executive Committee but may attend its meetings without voting rights. The Executive Committee is chaired by the Managing Director; in the absence of the latter, or in his absence, its functions are performed by the oldest member.

To date, the Company has not established an Executive Committee.

Disclosure to the Board by directors/delegated bodies

During the year, the Chief Executive Officer reported to the Board of Directors on the general performance of operations and its foreseeable evolution, as well as on the most important economic, financial and asset operations carried out by the Company and its Subsidiaries, at least on a quarterly basis and, in any case, at the first useful meeting.

Other executive directors

Pursuant to the Regulation of the Board of Directors, Directors are considered to be executive directors if:

I. have been delegated powers or perform, even de facto, functions relating to the management of the company;

II. hold managerial positions within the Bank, i.e. they are in charge of supervising specific areas of corporate management, ensuring their assiduous presence in the company, acquiring information from the relevant operational structures, participating in management committees and reporting to the Board on the activities carried out;

III. hold the offices under i) and ii) in any company of the BFF Group.

The granting of deputy powers or powers only in cases of urgency to directors without managerial powers does not in itself make them executive directors, unless such powers are in fact exercised with considerable frequency.

On termination of office and/or termination of the relationship with an executive director, the Bank shall disclose, by means of a press release issued to the market at the end of the internal processes leading to the granting or recognition of indemnities and/or other benefits, detailed information on:

a) the granting or recognition of indemnities and/or other benefits, the circumstances justifying their accrual (i.e. due to expiry of the term of office, revocation of the same or settlement agreement) and the deliberative procedures followed for such purpose within the Bank;

b) the total amount of the indemnity and/or of the other benefits, the related components (including non-monetary benefits, the retention of rights connected to incentive plans, the consideration for non-competition undertakings or any other remuneration granted for any reason and in any form) and the timing of their disbursement (distinguishing the part paid immediately from the part subject to deferral mechanisms)

c) the application of any claw-back or malus clause of a part of the amount;

d) the conformity of the elements indicated in points a), b) and c) above with what is indicated in the remuneration policy, with a clear indication of the reasons and of the deliberative procedures followed in case of divergence, even partial, from the policy itself

e) information on the procedures that have been or will be followed for the replacement of the executive director or the general manager who has ceased to hold office.

There are no other executive directors on the Board of Directors, apart from Mr. Massimiliano Belingheri, Managing Director.

4.7 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTORS

Independent directors

As described in Section 4.3 of the Report, as of the date of this report, there are 5 (five) independent Directors on the Board of Directors pursuant to Article 148, paragraph 3, of the Consolidated Law on Finance and, the same Directors are also independent pursuant to Article 2 recommendation 7 of the Corporate Governance Code.

It should be noted that, as of 14 January 2022, the Chairman of the Board of Directors is a nonexecutive and not also independent Director.

Pursuant to the Rules of Procedure of the Board of Directors, the Board of Directors assesses, on the basis of the information and declarations provided by the interested parties or information otherwise available to it, the existence of the independence requirements:

at the time of appointment, within the timeframe provided for by law;
on an annual basis, after the appointment year;
during the term of office, upon the occurrence of any circumstances relevant to independence.

Following the appointment by the Shareholders' Meeting on 25 March 2021, the Board of Directors verified the existence of the independence requirements provided for by the Consolidated Law on Finance and the Code for each of the Directors qualified as independent, disclosing the outcome of its assessments through a press release issued to the market on 23 April 2021.

The Board of Directors, on the occasion of the appointment, has verified and ascertained:

i. pursuant to the DecreeFit & Proper:

the existence of the requirements of professionalism, honourableness and, where applicable, independence;
compliance with the criteria of fairness and competence;
compliance with the limit on the accumulation of offices laid down in Articles 17, 18 and 19 of the Fit & Proper Decree;
the existence of independence of judgement, as envisaged by Article 15 of the Fit & Proper Decree, also considering the existence of adequate safeguards to prevent the risk of impairment of this independence of the exponent
the adequate availability of time for the exercise of the office, taking into account, inter alia, the participation in the board committees envisaged by Article 16 of the Fit & Proper Decree;
ii. where applicable, possession of the independence requirement, as per Article 2, recommendation 7, of the Corporate Governance Code;
iii. where applicable, possession of the independence requirement, as per Article 148, paragraph 3, of the Consolidated Law on Finance, and as referred to in Article 147-ter, paragraph 4, of the Consolidated Law on Finance;
iv. the absence of grounds for incompatibility for interlocking purposes, as per Article 36 of Legislative Decree no. 201 of 6 December 2011, as well as the compliance of the composition of the Board of Directors as a whole with the indications expressed in the Guidelines for Shareholders on the qualitative and quantitative composition of the Board of Directors and for the preparation of the list of the Board of Directors (made public on 19 January 2011), and the fulfilment of the criteria of adequate collective composition, as per Article 11 of the Fit & Proper Decree.

In particular, the Board of Directors ascertained that the Directors Salvatore Messina, Gabriele Michaela Aumann, Amélie Scaramozzino, Domenico Gammaldi, Barbara Poggiali and Giovanna Villa met the independence requirements set forth in Article 148, paragraph 3 - as recalled by Article 147-ter, paragraph 4 - of the Consolidated Law on Financial Intermediation, and in Article 2, recommendation 7, of the Corporate Governance Code for listed companies, and in Article 13 of the Fit & Proper Decree.

Pursuant to the Corporate Governance Code, the Board of Directors also acknowledged the checks carried out, with a positive outcome, by the Board of Statutory Auditors with reference to its members' possession of the suitability requirements set forth in points (i), (ii), (iii) and (iv) above during its meeting of 19 April 2021; during its meeting of 5 May 2021, the Board of Statutory

Auditors deemed the procedures adopted by the Board of Directors to be suitable for ascertaining the independence requirements of its independent members.

It should be noted that, despite the fact that the Chairman has been found to meet the independence requirements at the time of his appointment, he cannot be classified today as an independent Director due to the fact that he has been a member of the Board of Directors of the Bank for more than nine years (having been appointed for the first time on 14 January 2013); it should be noted that the Supervisory Provisions and the Code do not require the Chairman of the body with strategic supervisory functions to meet the independence requirement, but only that he be "non-executive";

In compliance with the provisions of the Rules of Procedure of the Board of Directors, for the assessment of the existence of the independence requirement, the credit relationships with the Bank and attributable to the independent Directors were taken into consideration, as well as any direct or indirect professional, commercial or financial relationships of the independent Directors with Group companies, also taking into account the following criteria of significance: (a) duration of the commercial relationship, (b) value of the service compared to the turnover of the company or professional firm to which the Director belongs, or compared to the Director's income as a natural person.

It should be noted that on 22 December 2020, the Company's Board of Directors approved, in compliance with and in accordance with the Corporate Governance Code, amendments to the internal regulations, and implemented recommendations to the effect that:

"The Board of Directors assesses, on the basis of the information and declarations provided by the interested parties or the information in any case available to it, the existence of the independence requirement for directors who have qualified as independent, during the course of their term of office and on the occurrence of circumstances relevant to independence;
for the purposes of Directors' independence, in the case of a Director who is also a partner in a professional firm or consulting company, the Board of Directors shall assess the significance of professional relationships that may have an effect on his position and role within the firm or consulting company or that, in any event, relate to important operations of the Bank and the Group;
in any event, any additional remuneration received by the Directors with respect to the "fixed" emolument as a non-executive director of the Bank and any remuneration for participation in Committees shall be deemed significant on the basis of the threshold of the maximum 20% of the Director's income as a natural person, excluding from the Director's income any remuneration received in his capacity as a member of the management bodies of the parent company and/or of the subsidiaries".

The Independent Directors met once during the 2021 financial year, in the absence of the other Directors. The meeting dealt with the Inspection Report, and the concomitant letter received from the Supervisory Authority.

The Regulation of the Board of Directors provides that (i) the candidature of the independent Directors must be accompanied by a declaration by the candidate stating that he/she meets the independence requirements pursuant to the law, the Articles of Association and the Regulation itself; (ii) the Directors must undertake to promptly notify the Board of Directors of any subsequent assumption of positions that may affect the Board of Directors' assessments with reference to the independence requirements.

Lead Independent Director

According to the Corporate Governance Code, the lead independent director has the task of (a) representing a point of reference and coordination of the requests and contributions of the nonexecutive Directors and, in particular, of the independent ones, and (b) collaborating with the Chairman of the Board of Directors in order to ensure that the Directors receive complete and timely information flows.

Given that, in compliance with the regulatory provisions set forth by the Bank of Italy for banking companies, the Chairman of the Board of Directors: i) has not received any management powers from the Board itself, ii) does not hold the position of chief executive officer, and iii) is not the controlling shareholder of BFF, the Board has not appointed an independent director as lead independent director, as the conditions set forth in Article 3 Recommendation 13 do not apply.

5.0 MANAGEMENT OF CORPORATE INFORMATION

In compliance with Regulation (EU) no. 596/2014 on market abuse ("MAR") and its implementing regulations, the handling of inside information is governed by the "Internal Procedure for the management and external disclosure of inside information" (the "IP Procedure"), as well as the "Procedure for keeping and updating the register of persons with access to relevant information and inside information" (the "Register Procedure"), adopted on 28 July 2016 by the BFF Board of Directors, on the proposal of the Chief Executive Officer, and subsequently updated on 23 January 2020 and lastly on 1 March 2022. The IP Procedure governs the assessment, management and disclosure to the market of the Bank's inside information. The Register Procedure governs the rules of conduct, roles and responsibilities of the persons and corporate organisational structures involved in keeping and updating the register of persons who, by virtue of their work or profession or by virtue of the functions performed, have access to material information or inside information of the Bank and/or its Subsidiaries. The aforementioned procedures were last updated by the Board on 28 March 2018, also to take into account Guidelines no. 1/2017 on the "Management of Inside Information" published by Consob on 13 October 2017 and subsequent updates. On the same date, moreover, the Board approved, the "Implementing Measures of the internal procedure for the management and external communication of privileged information and the procedure for keeping and updating the registers of persons who have access to relevant information and

privileged information" (the "Implementing Measures"), in execution of the aforementioned procedures, of which they form an integral part.

The Bank's IP Procedure is available on the Website at the following address: https://investor.bff.com/it/procedura-informazioni-privilegiate. The Bank's Register Procedure is available on the Website at the following address: https://investor.bff.com/it/procedura-registro insider.

Moreover, the Board of Directors approved, as early as 23 February 2004, the "Group's Code of Ethics" (revised and updated, most recently, on 26 November 2021 , the "Code of Ethics") addressed to all those who, within the Bank and in any other Group company, in all the countries where the Group operates, hold representative, administrative or management positions, or who exercise management and control over the legal entity to which they belong, to all employees, without exception, and to collaborators. The Code of Ethics prescribes, in compliance with the MAR, the obligation not to use or communicate to others, without a justified reason, confidential and/or price sensitive information. The Code of Ethics also provides for the obligation not to use confidential information for purposes not directly connected with the exercise of the professional activity carried out within the Group. Such information must be managed in such a way as to ensure compliance with current privacy legislation: in particular, confidential information may not be disclosed to third parties inside or outside the Group, unless such disclosure is necessary for the performance of one's duties or is required by the Authorities as part of official investigations.

6.0 INTERNAL BOARD COMMITTEES (pursuant to article. 123-bis, paragraph 2, letter d), TUF)

In compliance with Recommendation 11 of the Corporate Governance Code, it should be noted that the Rules of Procedure of the Board of Directors do not govern the rules of operation of its Committees. This is because the rules of operation, the procedures for recording minutes of meetings and the procedures for managing information to the directors who are members of the Committees, together with the deadlines for sending prior information and the procedures for protecting the confidentiality of the data and information provided so as not to prejudice the timeliness and completeness of the information flows, are provided for in the individual Regulations of the Committees, approved by the Board of Directors.

In compliance with the Corporate Governance Provisions, and in line with the provisions of the Code, 3 (three) Committees have been set up within the Board of Directors, with investigative, consultative, and propositional tasks, composed solely, or for the majority, of independent Directors, in order to support the Board of Directors in taking decisions, especially with reference to the most complex sectors of activity. In addition to the RPT Committee, the following are thus formed

the Appointments Committee
the Remuneration Committee; and
the Control and Risk Committee, which, most recently, has also been given responsibility for sustainability.

None of the functions that the Code attributes to the Committees have been reserved for the Board of Directors. Moreover, none of these Committees, per se, performs the functions of two or more of the Committees envisaged by the Code. The functions have been distributed among the Committees in a manner consistent with the provisions of the Code, and in compliance with the Supervisory Provisions.

For a description of the characteristics of the above-mentioned Committees, please refer to Sections 7.2, 8.2 and 9.2 of the Report, respectively for the Appointments Committee, the Remuneration Committee and the Control and Risk Committee.

It should be noted that after a careful and in-depth analysis of the Corporate Governance Code, the Board of Directors, on 22 December 2020 and subsequently on 27 July 2021, consequently updated and revised the regulations of the Committees.

In addition to the Appointments Committee, the Remuneration Committee and the Control and Risk Committee, the Board of Directors has set up the Committee for the Evaluation of Related Party and Connected Party Transactions (the "OPC Committee"), in compliance with the provisions of the Consob Related Parties Regulation and Circular no. 285.

It should be noted that in the composition of the Committees, the Board of Directors has taken into account the appropriate combination of skills and professionalism, as well as the possession of characteristics appropriate to the role to be covered, calibrated in relation to the operational and size characteristics of the Bank. It has also taken into account the diversification of responsibilities among all Directors, so that each of them, both within the committees of which he or she is a member and in collective decision-making, can effectively contribute, inter alia, to identifying and pursuing appropriate strategies and ensuring effective risk management in all areas of the Bank. iIn fact, an adequate degree of diversification, including in terms of age, gender and geographical origin, favours, inter alia, a plurality of approaches and perspectives in analysing problems and taking decisions, avoiding the risk of behaviour that is merely aligned with prevailing positions, whether internal or external to the Bank.

Composition and functioning of the RPT Committee

Pursuant to the "Regulation of the Committee for the Evaluation of Transactions with Related Parties and Connected Persons", the RPT Committee is composed of 3 (three) members appointed by the Board of Directors, all of whom are independent pursuant to Article 148, paragraph 3, of the TUF and Article 2 recommendation 7 of the Corporate Governance Code.

The RPT Committee is composed of Dr. Giovanna Villa (Chairman), Dr. Domenico Gammaldi (as of 24 February 2022, replacing Dr. Amélie Scaramozzino) and Dr. Gabriele Michaela Aumann.

The duration of the RPT Committee is the same as that of the Board of Directors. It therefore lapses when the Board ceases to exist. Should one or more of its members cease to serve for any reason, the Board replaces them with its own independent members in accordance with the abovementioned regulations.

In 2021, the RPT Committee met seven times, and the average duration of the meetings was about 33 minutes.

During 2022, five meetings are indicatively scheduled, of which three have already been held (on 26 January, 25 and 28 February 2022).

At least one member of the Board of Statutory Auditors attended the RPT Committee meetings. The RPT Committee has the necessary resources to perform its functions.

For further detailed information, please refer to Table 2 - "Structure of the Board of Directors and Committees" in the Appendix to the Report.

Functions of the OPC Committee

The OPC Committee provides protection against the risk that the possible proximity of certain persons to the Bank's decision-making centres may compromise the objectivity and impartiality of decisions relating to transactions with such persons, with possible distortions in the process of allocating resources, exposure of the Bank to risks that are not adequately measured or monitored, and potential damage to Shareholders and stakeholders.

The OPC Committee has the task of expressing a prior opinion on procedures and transactions with connected persons, pursuant to Circular no. 285 (the "Connected Persons"). The OPC Committee has the task of expressing an opinion in advance on procedures and transactions with connected persons, pursuant to Circular no. 285 (the "Connected Persons"), and with related parties, pursuant to the Consob Related Parties Regulation (the "Related Parties"), and plays a role of assessment, support and proposal regarding the organisation and performance of internal controls on the overall activity of taking on and managing risks towards Connected Persons and Related Parties, as well as for the general verification of the consistency of activities with strategic and management policies, all as better described in the "BFF Banking Group Regulations for the management of transactions with parties in conflict of interest" published on the Website in the "https: //investor. bff.com/en/operations-with-associated-persons".

7.0 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS - NOMINATION COMMITTEE

7.1 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS

In compliance with the provisions of Circular No. 285, the Board of Directors has defined the Self-Assessment process in the "Regulation on the Board of Directors' Self-Assessment Process" -, approved on 11 December 2015, and most recently updated on 28 July 2021 - on the size, composition and functioning of the Board.

The Self-Assessment is carried out annually, at least every three years with the support of an independent professional who is entrusted with the task of supporting the Nomination Committee (acting in coordination with the Chairman of the Board of Directors) and the Board of Directors in the Self-Assessment.

The self-assessment covers aspects relating to the composition and functioning of the Board and its internal committees, taking into account, inter alia, the qualitative and quantitative composition, size, degree of diversity and professional background of the members, the presence of non-executive and independent members, the adequacy of the appointment processes and selection criteria, in order to verify and guarantee over time the most correct functionality and consequent effectiveness of the body with strategic supervisory function and of the internal committees, and to ensure the effectiveness of a governance duly inspired by the principles of sound and prudent management.

The 2021 Self-Assessment was conducted between January and February 2022, in view of the recent renewal of the Board of Directors in March 2021 and was carried out internally by the Bank with the operational support of the O.U. Corporate Affairs Secretary and Starclex - Guglielmetti Associated Law Firm (the "Consultant").

The Bank has already used and continues to use the services of the Consultant, inter alia, in assisting the Corporate Affairs Secretariat and the Board of Directors, and in updating the Board of Directors' Diversity Policy, also on the basis of the results of the Self-Assessment process carried out in the year 2021.

The Consultant supported the Bank in the preparation of questionnaires concerning the relevant aspects of the composition and functioning of the Board of Directors and of the Board Committees, in which the Directors were also given the opportunity to report any issues requiring further investigation.

Potential improvement actions are currently being developed and identified.

The board evaluation process consisted of several stages including, among others, the completion of the above-mentioned questionnaire by the Directors, the participation of the Consultant in Board and Committee meetings, and the review of corporate documentation. The results are currently being processed and potential improvement actions identified.

The subjects involved in the self-assessment process were, mainly: (i) the Chairman of the Board of Directors; (ii) the Nomination Committee; (iii) the Consultant; (iv) the Corporate Affairs Secretary, who contributed to the organisational aspects related to the Self-Assessment; and (v) the Independent Directors.

The Self-Assessment is supervised by the Chairman of the Board and the Chairman of the Appointments Committee, ensuring the effectiveness of the board evaluation activities and consistency in the way it is carried out with respect to the degree of complexity of the work of the Board of Directors itself, as well as in compliance with the Supervisory Provisions, and the Corporate Governance Code (as well as incorporated in the "Rules of the Appointments Committee" and the "Rules on the Board of Directors Self-Assessment Process").

7.2 NOMINATION COMMITTEE

In order to bring its corporate governance model in line with the provisions of Circular No. 285, the Code, and the best governance practices in the sector, the Board of Directors has set up an Appointments Committee since July 2014. The members of the Appointments Committee were appointed by the Board of Directors on 25 March 2021, and integrated - as further specified below - on 10 February 2022.

7.3 Composition and functioning of the Appointments Committee (pursuant to Article 123-bis, paragraph 2, letter d), TUF)

Pursuant to the " Nomination Committee Regulations", the Nomination Committee is composed of 3 (three) members of the Board of Directors, appointed by the latter, all of whom are nonexecutive and for the most part independent pursuant to the Articles of Association and the Board Regulations (i.e. the Consolidated Finance Act and the Code).

The Nomination Committee in office is composed of 3 (three) non-executive Directors: Dr. Domenico Gammaldi (Chairman), Dr. Monica Magrì⁷ and Dr. Federico Fornari Luswergh. The Chairman, Mr. Domenico Gammaldi, and Ms. Magrì are independent pursuant to both art. 148, paragraph 3 - as referred to in art. 147-ter, paragraph 4 - of the Consolidated Law on Finance, and art. 2, recommendation 7, of the Corporate Governance Code of listed companies, and art. 13 of the Fit&Proper Regulation, Dr. Federico Fornari Luswergh is a non-executive Director.

The Nomination Committee is chaired by an independent Director.

The duration of the Committee is the same as that of the Board of Directors. Therefore, it lapses when the Board of Directors ceases to exist. If one or more members of the Appointments Committee cease to serve for any reason, the Board of Directors replaces them with its own members who meet the above requirements.

The Chairman of the Board of Directors, Salvatore Messina, attends the meetings of the Appointments Committee by right.

The operation of the Nomination Committee is governed by specific regulations, most recently amended on 28 July.

In particular, these regulations state that the Committee meets, at the invitation of its Chairman or his deputy, at a place determined by him, preferably at the Bank's registered office, by means of a notice containing an indication of the items on the agenda, sent to all its members at least 3 (three) days before the meeting (except in urgent cases). The notice shall also be sent to the Board of Statutory Auditors, whose members are entitled to attend. The Chairman chairs the Committee's meetings, prepares its work, arranging, among other things, for the transmission of the documentation illustrating and explaining the items on the agenda, and directs, coordinates

⁷ with effect from 10 February 2022, co-opted Director Monica Magrì replaced Mr Poggiali in the role.

and moderates the discussion. In his absence, the Committee is chaired by its oldest member. The Chairman represents the Committee at meetings of the Board of Directors, and signs the reports and opinions submitted to it by the Committee.

All Committee meetings are minuted by the secretary, who is appointed from time to time, even if not a Committee member. The minutes are signed jointly by the secretary and the Chairman of the Committee, filed in chronological order together with the documentation supporting the evaluations expressed by the Committee. At the first useful meeting, the Chairman informs the Board of Directors of the decisions taken by the Committee.

During 2021, 9 meetings of the Nomination Committee were held. The average duration of the meetings was approximately 52 minutes.

During 2022, an indicative number of 9 meetings are planned, of which two have been held (on 26 January and 28 February 2022).

For further detailed information, please refer to Table 2 "Structure of the Board of Directors and Committees" in the appendix to the Report.

In addition to the Secretary, the Chairman of the Board of Directors, the Chairman of the Board of Statutory Auditors and/or a member of the Board of Statutory Auditors, the Advisor also participates in the work of the Appointments Committee, with reference to the self-assessment process.

Functions of the nomination committee

The Nomination Committee performs propositional and advisory functions in support of the Board of Directors in the process of appointing and co-opting Directors and defining the Board List.

To this end, the Nomination Committee assists the Board of Directors, in coordination with the Chairman of the Board of Directors, in the process of defining the composition of the Bank's Board of Directors, ensuring that it reflects an adequate degree of diversification in terms of, inter alia, skills, experience, gender and international scope, and that it is consistent and appropriate with the requirements of current legislation, the Articles of Association and the Board of Directors' Rules of Procedure, as well as the results of the self-assessment process and the Board of Directors' Diversity Policy. In particular, the Nomination Committee plays a consultative and propositional role in favour of the Board of Directors in the process of:

a) prior identification of the optimal qualitative and quantitative composition of the Board of Directors, in compliance, inter alia, with the provisions on gender equality. Having regard to the results of the self-assessment and to the Board of Directors' Diversity Policy, it makes recommendations on the professional figures whose presence may favour the proper and effective functioning of the Board and contributes to the preparation of the Succession Plan and the definition of the Board List;

b) determining - in compliance with the law and regulations in force from time to time - the maximum number of offices of administration and control, and assessing the cases that may be implemented as an exception to the non-competition clause set forth in Article 2390 of the Italian Civil Code; and

c) verifies the correspondence between the composition of the Board of Directors referred to in point a) and that actually resulting from the appointment process.

Following the above-mentioned implementation, the Committee shall provide:

(i) the support of the Board of Directors in the selection, every three years of the external professional expert in board evaluation, whose appointment is approved by the Board itself, subject to the Committee's preliminary investigation on the selection activities able to ensure autonomy of judgement in the Self-Assessment process, in compliance with the Supervisory Provisions;
(ii) the fulfilment of the task of the Chairman of the Committee to report, at the first useful meeting of the Board of Directors, on the activities carried out from time to time by the Committee its;

In the event of co-option - i.e., in the event of the appointment by the members in office of directors to replace members of the Board of Directors who cease to hold office before their term of office expires -, the Appointments Committee, on the basis, inter alia, of the Board of Directors' Diversity Policy, expresses its opinion on the suitability of the candidates who, on the basis of the analysis carried out by the Board of Directors in advance, were deemed suitable to replace the outgoing director. This opinion is made known by the Bank to the Shareholders at the first Shareholders' Meeting following the co-option.

The Committee also proposes to the Board of Directors candidates for the office of Director in cases of co-optation, where it is necessary to replace independent Directors.

In the event of co-optation, the Appointments Committee shall check in advance that candidates for the office of Director of the Bank meet the requirements of integrity, professionalism and independence laid down in the applicable legislation, the Articles of Association and the Rules of Procedure of the Board of Directors.

The Committee also provides an opinion to the Board of Directors on resolutions concerning the possible replacement of Committee members.

If the appointment of Directors is the responsibility of the Shareholders' Meeting (e.g. natural expiry of the term of office or expiry of the term of office of the entire Board of Directors), the provisions of the Rules of Procedure of the Board of Directors, the Board Diversity Policy and the Self-Assessment Rules apply.

Pursuant to its own regulation, the Nomination Committee "performs investigative, propositional, advisory and monitoring functions in support of the Board of Directors with reference to the following governance processes:

a) appointment and co-option of Directors;
b) definition of the Board List
c) Self-assessment;

d) verification of the requirements of professionalism, honorableness and independence of Directors, as well as compliance with the limits on the accumulation of offices pursuant to the Regulation of the Board of Directors and the absence of causes of incompatibility, including for interlocking purposes;

e) definition and updating of the CEO Succession Plan;

f) monitoring the process of defining the succession plans for Senior Executives and Executives who report directly to the Chief Executive Officer;

g) drafting of the Diversity Policy,

taking care to avoid that the decision-making processes of the Board of Directors are dominated by a single person or by groups of persons who may be prejudicial to the Bank".

The Nomination Committee is also entrusted with the functions of (i) monitoring the succession processes of the Senior Executives and Executives reporting directly to the Chief Executive Officer, and (ii) advising on and monitoring governance issues relating to the maintenance of the internal

governance model (inter alia, by supervising the revision of the Bank's internal corporate governance rules, including at Group level).

During the Financial Year, the Nomination Committee, inter alia:

i) supported the Board of Directors in carrying out the verifications following the appointment, regarding (a) the existence of the requirements of professionalism, honorableness and independence; (b) the absence of causes of incompatibility for interlocking purposes pursuant to Article 36 of Legislative Decree no. 201 of 6 December 2011 (the so-called "Save Italy Decree"); (c) compliance with the limit on the accumulation of offices pursuant to Article 7 of the Regulation of the Board of Directors;
ii) proposed to the Board of Directors the appointment of the Consultant;
iii) supported the Board of Directors in preparing and updating the Board's Diversity Policy;
iv) assisted the Chairman and the Board of Directors in the Self-Assessment;
v) provided feedback to the Board of Directors on the findings of the 2021 Self-Assessment process and the Chief Executive Officer's succession plan;
vi) verified the adequacy of the Regulation of the Appointments Committee, and submitted to the Board of Directors some proposals for amendments to comply with the Corporate Governance Code;
vii) supported the Board of Directors, in coordination with the Chairman, (i) in the identification of the independent consultant appointed to (a) support the Board of Directors in the drafting and (b) in the preparation of the Guidelines for Shareholders, and (ii) in the preparation of the Board of Directors' List.

The Nomination Committee had access to the information and company departments necessary to perform its duties. the Board of Directors sets an annual expenditure budget available to the Committee for the performance of its activities, which can be increased upon its justified request. Lastly, the Board of Directors, when approving the 2021 budget, resolved on the amount of € 10,000.00 in favour of the Committee, in order, for example, to be able to avail itself of specialist consultancy for the correct performance of the tasks entrusted to it.

8. REMUNERATION OF DIRECTORS - REMUNERATION COMMITTEE

REMUNERAZIONE DEGLI AMMINISTRATORI

Information on remuneration policies can be found in Section I, paragraph 5 and in Section II, paragraph 2.3.1 of the Remuneration Report, to which reference should be made..

REMUNERATION POLICY

Information on this subject is provided in Section I of the Remuneration Report, to which reference should be made.

REMUNERAZIONE DEGLI AMMINISTRATORI ESECUTIVI E DEL TOP MANAGEMENT

Information on remuneration policies can be found in Section I, paragraph 3 and in Section II, paragraph 2.3.1 of the Remuneration Report, to which reference should be made.

SHARE-BASED REMUNERATION PLANS

Information on Share-based Remuneration Plans is provided in Section I, paragraph 7.2.2.3 and in Section II, paragraphs 2.4 and 2.5 of the Remuneration Report, to which reference should be made REMUNERATION OF NON-EXECUTIVE DIRECTORS

Information on share-based remuneration plans is provided in Section II, paragraph 2.3.1 of the Remuneration Report, to which reference should be mad

8.1 COMITATO REMUNERAZIONI

Information on the Remuneration Committee is set out in full in the Remuneration Report in paragraph 2.8 to which reference should be made.

9.0 INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - CONTROL AND RISK COMMITTEE

The system of internal controls is a fundamental element of the overall system of governance of banks. It plays a central role in the organisation and makes it possible to ensure effective control of risks and their interrelationships, in order to guarantee that activities are in line with company strategies and policies and are based on sound and prudent management.

The Bank has put in place adequate management and control mechanisms at Group level to deal with the risks to which it is exposed. These controls are part of the organisation and the Internal Control System (ICS), which aims to ensure management based on canons of efficiency, effectiveness and fairness, covering all types of business risk, in line with the characteristics, size and complexity of the activities carried out.

The Internal Control and Risk Management System adopted by BFF involves, each within their own sphere of competence:

a) the Board of Directors, which has the role of providing guidance and assessing the adequacy of the system, and which has identified: (i) the Chief Executive Officer, as the person responsible for establishing and maintaining an effective Internal Control and Risk Management System (as specified in Section 9. 2 of the Report), as well as (ii) the Control and Risk Committee, with the task of supporting, through an adequate preliminary activity, the assessments and decisions of the Board of Directors relating to the Internal Control and Risk Management System, as well as, inter alia, those relating to the approval of periodic financial reports;
b) the Risk Management Function and the Compliance and AML Function, with specific tasks in the field of internal control and risk management, structured in relation to the size, complexity and risk profile of the company
c) the Internal Audit Function, in charge of verifying that the Internal Control and Risk Management System is functioning and adequate;
d) the Manager in charge, with specific risk management and internal control tasks associated with the consolidated financial reporting process;
e) the Board of Statutory Auditors, which oversees the effectiveness of the Internal Control and Risk Management System;

f) the Supervisory Board, which is responsible for verifying, applying and updating the Organisation, Management and Control Model, pursuant to Article 6 of Legislative Decree no. 231/2001.

The Board of Directors defines and approves the guidelines for the Internal Control System and risk management, in line with the strategic guidelines, the relevant risks identified and the risk propensity established by the same, also assessing that this ICS is able to capture the evolution and interaction of corporate risks.

The Board of Directors has defined the guidelines of the Internal Control System, ensuring that the main corporate risks are identified, managed and monitored in an adequate manner. In particular, the Board has assessed all types of risks at a consolidated level, and has approved the assumption of them in a structured manner for all Group entities, and for all countries and markets in which it operates.

In this context, in compliance with the Supervisory Provisions, the Board of Directors defines and approves the RAF on an annual basis, according to the business model and the related risk profiles of each Group company, the budget, the strategic plan, the ICAAP and the Internal Control System, in order to ensure that operations at Group level develop within the identified risk profile and in compliance with national and international regulations.

The RAF, therefore, provides, for each type of risk, the risk objectives or the risk appetite that the Bank intends to assume in order to pursue its strategic objectives ("Risk Appetite"), the possible tolerance thresholds ("Risk Tolerance") and the operating limits under both normal and stress conditions.

Il Consiglio di Amministrazione, pertanto, con riferimento a ciascuna tipologia di rischio, nel RAF:

ha individuato l'insieme di indicatori di risk appetite e le relative metriche di calcolo;
ha definito e approvato gli obiettivi di rischio ("risk appetite"), le soglie di tolleranza ("risk tolerance"), e le politiche di governo dei rischi;
ha stabilito limiti operativi coerenti con la propensione al rischio;
ha assicurato che l'attuazione del RAF sia coerente con gli obiettivi di rischio e le soglie di tolleranza previste.

The Board of Directors has the ultimate responsibility for the definition and execution of the Recovery Plan. In particular, it

assesses and approves the Recovery Plan, as well as any amendments or additions thereto; and
approves the relevant internal regulations and any amendments or additions thereto
assesses, on the basis of the information produced by the Risk Management Function, the actual relevance of any situations of tension at Group level, taking the appropriate decisions for the activation of the Recovery Plan and for the management of the state of crisis, by means of the appropriate recovery options, or deciding to manage the exceeding of the thresholds within the scope of other risk governance measures;
it defines the operational powers regarding the management of the Recovery Plan, as well as the execution of the recovery options, to be assigned to the Managing Director or to another Director delegated by the Board of Directors;
decides on the communication strategies (tools, recipients, timing), while granting operational powers to the Managing Director or another Director delegated by the Board of Directors for the management and governance of communication within the crisis phase;
is the recipient of reporting and specific communication on the implementation and effectiveness of the recovery actions put in place;
decides on the closure of the recovery status;
decides on the possible initiation of malus and claw back actions against Group personnel, taking into account external and internal Group regulations.

The Board of Directors assesses, at least annually, the completeness, adequacy, functionality and reliability of the ICS and, more generally, its adherence to regulatory requirements.

The ICS was designed in accordance with the legal and regulatory framework, the Group's organisational structure and in line with national and international standards and best practices. In particular, in accordance with regulatory provisions, it is divided into the following three levels of control.

I. First level controls.

First-level controls (so-called "line controls") aim to ensure that operations are carried out correctly and are performed by the same operational structures that carry them out, with the support of IT procedures.

II. Second level controls

The second level controls (so-called "risk and compliance controls") - aimed at ensuring the proper implementation of the risk management process and the compliance of the company's operations with the regulations and the monitoring of the risk of money laundering and terrorist financing are entrusted, respectively, to the Risk Management Function and the Compliance and AML Function, which perform, consistently with the current prudential supervisory regulations, the duties summarized below.

i) The Risk Management Function: (i) ensures the consistency of risk measurement and control systems with the processes and methodologies of corporate activities, coordinating with the corporate structures concerned; (ii) presides over the implementation of the process of determining capital adequacy; (iii) oversees risk management controls, in order to contribute to the definition of measurement methodologies; (iv) supports the Corporate Bodies in defining the RAF; (v) verifies compliance with the limits assigned to the various operational functions, and checks the consistency of the operations of the Group's individual areas of operation with the risk-return objectives assigned.
ii) The Compliance and AML Function is an integral part of the framework for the set of safeguards put in place by the Bank, in its capacity as parent company, to govern and manage the risk of incurring judicial or administrative sanctions, significant financial losses or reputational damage as a result of violations of mandatory rules (laws, regulations) or selfregulatory rules (e.g., by-laws, codes of conduct, self-regulatory codes). More specifically, the Compliance and AML Function: (i) oversees, on the basis of a risk-based approach, the management of the risk of non-compliance with regulations, with respect to all activities falling within the regulatory scope of the Bank and the Group, continuously assessing that the internal processes and procedures adopted are adequate to prevent such risk, and identifying the relevant risks to which the Bank and its Subsidiaries are exposed; (ii) measures, evaluates and monitors the relevant risks; (iii) ensures a comprehensive and integrated view of the risks to which the Bank and its Subsidiaries are exposed, providing adequate information to the Corporate Bodies of the Bank and its Subsidiaries. As regards anti-money laundering powers, the Compliance and AML Function is responsible for: (i) preventing and combating money laundering and terrorist financing, also identifying on a

continuous basis the rules applicable in this area; (ii) checking the consistency of processes, with the aim of ensuring compliance by the Bank and its Subsidiaries with the rules aimed at combating money laundering and terrorist financing, and is responsible for controls pursuant to anti-money laundering legislation to prevent the use of the financial system for the purpose of laundering the proceeds of criminal activities, and terrorist financing.

III. Third level control

Internal audit activities are carried out by the Internal Audit Department, which is attached to the Board of Directors. In addition to the Parent Company and the Branches, the Internal Audit Function performs independent audits for BFF FI, under a specific service contract that regulates the provision of the audit service, and in the institutional sphere, as the Parent Company Function, for the BFF Polska group. The ROA specifies that the Internal Audit Function, with a view to thirdlevel controls, assesses the overall functionality of the ICS, bringing possible improvements to the attention of the Corporate Bodies, with particular reference to the RAF, the risk management process, as well as the tools for measuring and controlling them..

During the year, the Board, with the support of the Control and Risk Committee, and after consultation with the Chief Executive Officer and the Board of Statutory Auditors, approved the "Audit Plan for the Banca Farmafactoring Group 2019-2021" prepared by the Internal Audit Department.

During the year, the Board of Directors, with the assistance of the Control and Risk Committee, assessed, in line with the Supervisory Provisions, the functioning of the ICS and risk management, judging it to be overall adequate, effective, and effectively implemented with respect to the characteristics of the Bank and the Group. This assessment takes into account the plan for the implementation of the improvement points identified as a result of the checks carried out by the Corporate Control Functions.

9.1 CHIEF EXECUTIVE OFFICER

The role of director in charge of establishing and maintaining an effective ICS (the "Appointed Director"), has been entrusted, most recently by resolution of the Board of Directors on 24 April 2018, to the Chief Executive Officer.

In particular, the Appointed Administrator shall, without prejudice to the provisions of primary and secondary banking regulations:

a) understands all corporate risks and, in the context of integrated management, of their interrelationships with each other and with the evolution of the external context. In this context, it is able to identify and assess the factors, including the complexity of the organizational structure, from which risks to the Bank may arise;
b) implements the strategic guidelines, the RAF and the risk governance policies defined by the Board of Directors, and is responsible for the design, implementation and management of the ICS and risk management, in accordance with the Supervisory Provisions on the internal control system, and monitors compliance with them on an ongoing basis;
c) implements the initiatives and actions necessary to continuously ensure the completeness, adequacy, functionality and reliability of the ICS, and brings the results of the checks to the attention of the Board of Directors;
d) is in charge of adapting the ICS to the dynamics of the operating conditions and the legislative and regulatory landscape;
e) may ask the Internal Audit Function to carry out checks on specific operational areas and on compliance with internal rules and procedures in the execution of corporate transactions, notifying the Chairman of the Board of Directors, the Chairman of the Control and Risk Committee and the Chairman of the Board of Statutory Auditors at the same time;
f) promptly report to the Control and Risk Committee (or to the Board of Directors) on problems and critical issues that have arisen in the performance of its activities, or of which it has become aware, so that the Control and Risk Committee (or the Board) may take the appropriate initiatives.

In agreement with the Control and Risk Committee, monitoring, instruction, and support functions were carried out for the Board of Directors concerning

the definition of the Risk Appetite Framework, supervising the completeness, adequacy, functionality and reliability of the same and of the risk management policies;
the guidelines of the internal control and risk management system, so that the main risks concerning the Company and its subsidiaries are correctly identified and adequately measured, managed and monitored;
the management of risks arising from prejudicial events of which the Board of Directors has become aware;
assessing, at least once a year, the adequacy of the internal control and risk management system in relation to the characteristics of the Bank and the risk profile assumed.

9.2 CONTROL AND RISK COMMITTEE

In order to bring its corporate governance model into line with the provisions of Circular No. 285, the Code and the best governance practices in the sector, the Board of Directors, by resolution of 24 July 2014, set up the "Risk Committee"⁸ . On 25 March 2021, the Board of Directors renewed the "Control and Risk Committee".

Pursuant to the "Control and Risk Committee Regulation", the Control and Risk Committee consists of 3 (three) members of the Board, all of whom are non-executive and the majority of whom are independent pursuant to the Articles of Association and the Board Regulation. Therefore, the Control and Risk Committee is composed of 3 (three) members and, specifically, of the following non-executive Directors Dr. Gabriele Michaela Aumann (Chairman), Dr. Federico Fornari Luswergh and Dr. Domenico Gammaldi. It should also be noted that the Chairman, Gabriele Michaela Aumann, and Mr. Domenico Gammaldi are independent pursuant to art. 148, paragraph 3 - as referred to in art. 147-ter, paragraph 4 - of the Consolidated Law on Finance, and art. 2, recommendation 7, of the Corporate Governance Code for listed companies, and art. 13 of the Fit&Proper Regulation, while Mr. Fornari Luswergh is a non-executive Director.

The chairmanship of the JRC is attributed to Dr. Aumann, who has acquired extensive expertise in accounting and financial matters and/or risk management, as verified by the Board of Directors at the time of her appointment.

On that occasion, the Board of Directors also ascertained that all members of the RAC have the knowledge, skills, and experience to fully understand and monitor the Bank's and the Group's strategies and risk orientations.

The duration of the Committee coincides with that of the Board of Directors and, therefore, it lapses when the Board ceases to exist.

⁸ By resolution of the Board of Directors of 28 April 2016, a change in the name of the Risk Committee to "Control and Risk Committee" was approved, with effect subject to admission to listing (i.e. 7 April 2017).

If one or more members of the Audit and Risk Committee should cease to serve for any reason, the Board of Directors shall replace the members who have ceased to serve, ensuring the presence of at least two independent directors and at least one member with adequate experience in accounting and finance and/or risk management.

The Chairman of the Board of Directors, Mr. Salvatore Messina, attends the meetings of the RCC by right.

The operation of the Control and Risk Committee is governed by specific regulations, most recently amended on 28 July 2021.

RAC meetings are called by means of a specific notice containing the items on the agenda, sent to all its members at least 3 (three) days before the meeting (except in cases of urgency). The Control and Risk Committee must also be convened whenever requested by the Chairman of the Board of Statutory Auditors.

The Chairman of the Board of Statutory Auditors is also invited to attend the meetings of the Control and Risk Committee:

as anticipated, the Chairman of the Board of Directors and
Chairman of the Board of Directors and the Chairman of the Board of Statutory Auditors, in order to ensure the presence of at least one member of the control body.

The activity of the Control and Risk Committee is coordinated by the Chairman, who prepares the Committee's work, chairs it and directs, moderates and coordinates its meetings. In his absence, the Committee is chaired by its oldest member.

All the meetings of the Control and Risk Committee are minute by the Secretary, appointed from time to time, who may also be a non-member; the minutes are jointly signed by the Secretary appointed from time to time and also chosen from outside the Control and Risk Committee - and by the Chairman of the Control and Risk Committee, filed in chronological order and suitably accompanied by the documentation illustrating and explaining the items on the agenda, on the basis of which the relevant decisions were taken.

Each meeting of the Control and Risk Committee shall be reported by its Chairman at the first Board of Directors' meeting.

For further detailed information, please refer to Table 2 "Structure of the Board of Directors and Committees" in the Appendix to the Report.

Given that all the members of the Control and Risk Committee meet the professional requirements provided for by the laws and regulations in force, at the time of appointment, the Board of Directors has, as anticipated, ascertained that Ms. Aumann has adequate experience in accounting and finance and/or in the risk management process.

At the invitation of the Chairman, meetings may also be attended by the Chief Executive Officer, other Directors, and, after informing and coordinating with the Chief Executive Officer, the General Manager (if appointed), Executives, the head of the Compliance Function, the head of the Risk Management Function and the head of the Internal Audit Function, the heads of other Corporate Functions, as well as other persons whose presence is deemed useful or appropriate by the JRC.

The Chairman of the Board of Directors, as a participant by right, and the members of the Board of Statutory Auditors were invited to attend Committee meetings to discuss individual items on the agenda:

i) the Chief Executive Officer, in his capacity as Appointed Director (defined below);
ii) the Director, Risk Management
iii) the Director, Compliance & AML;
iv) the Director, Internal Audit;
v) the Director, Planning, Administration and Control, and Executive in Charge;
vi) il CFO, Chief Executive Officier⁹ ;
vii) the Group General Counsel & Business Legal Affairs;

viii)the Vice President, Factoring & Lending;

ix) the Vice President, Technology & Processes Improvement;
x) the Manager, Regulation & Process OU;
xi) the Director, Group Credit Evaluation;
xii) the Chairman of the Supervisory Board;

xiii)the representatives of the Auditing Company;

xiv)the representatives of Avvera S.r.l. - the company appointed as Data Protection Officer at

Group lev

⁹ This position has been held since 3 June 2019 by Dr Piergiorgio Bicci.

Functions assigned to the control and risk committee

The Control and Risk Committee performs propositional and advisory functions towards the Board of Directors, in order to support, with an adequate preliminary activity, the Board's evaluations and decisions concerning the Internal Control and Risk Management System, and the periodic financial reports.

Pursuant to its own regulations and applicable current legislation, with particular reference to tasks relating to risk management and control, the JRC performs support functions for the Board of Directors in the:

"definition and approval of strategic guidelines and risk governance policies. Within the framework of the RAF, the Control and Risk Committee carries out the necessary evaluation and proposal activity, so that the Board of Directors, in accordance with the provisions of Circular No. 285 - and transposed in the ROA adopted by the Bank - can define and approve the Risk Appetite and Risk Tolerance;
verification of the correct implementation of strategies, risk governance policies and the RAF, approved by the Board of Directors;
defining the policies and processes for evaluating the Company's activities, including periodic verification of the consistency of the profitability and risks assumed by the Bank and the Group in its transactions with customers, with respect to the business model and strategies defined by the Company in terms of risk.
In assisting the Board of Directors, the Audit and Risk Committee shall also
with the contribution of the Appointments Committee, identifies and proposes to the Board of Directors the Heads of Corporate Control Functions to be appointed;
examines in advance the activity programmes (including the audit plan prepared by the Internal Audit Function) and the annual reports of the Corporate Control Functions addressed to the Board of Directors
examines the periodic reports, concerning the assessment of the Internal Control System, prepared by the Corporate Control Functions
expresses assessments and formulates opinions to the Board of Directors on compliance with the principles to which the Internal Control System and the corporate organisation of the Bank and the Group must conform;
expresses assessments and formulates opinions to the Board of Directors on the requirements to be complied with by the Corporate Control Functions, and on specific aspects relating to the identification of the main corporate risks, bringing to the attention of the Board of Directors any weaknesses found and the consequent actions to be promoted. To this end, it assesses the Chief Executive Officer's proposals;
it monitors the autonomy, adequacy, effectiveness, and efficiency of the Corporate Control Functions
contributes, by means of evaluations and opinions, to the definition of the corporate policy for outsourcing the Control Corporate Functions
verifies that the Company's Control Functions correctly comply with the indications and guidelines established by the Board of Directors, and assists the latter in drawing up the ROA;
assesses, together with the Manager in charge of preparing the Company's financial reports, after consulting the Independent Auditors and the Board of Statutory Auditors, the correct use of accounting principles and their uniformity for the purpose of preparing the consolidated financial statements at 31 December of each year and interim financial statements;
examines the content of periodic non-financial information relevant to the internal control and risk management system
support the Board of Directors in assessing the suitability of periodic financial and nonfinancial information to represent correctly the Bank's business model, strategies, the impact of its activities and the performance achieved, in coordination with the committee, if any, to which the functions relating to Sustainable Success are attributed, where it does not coincide with the CCR itself;
supports, with an adequate preliminary activity, the evaluations and decisions of the Board of Directors relating to the management of risks deriving from prejudicial facts, of which the Board of Directors has become aware. To this end, it meets, at least twice a year, the Supervisory Board, from which it acquires, for information purposes only, the half-yearly reports;
expresses opinions on specific aspects relating to the identification of the main corporate risks;
has investigative, advisory and propositional functions in the field of Sustainable Success and, more generally, to support the Board of Directors on issues relating to sustainability (with regard to ESG - Environmental, Social and Governance - parameters) and, in particular, with regard to the DNF, from the time when its preparation will become mandatory for the Company;
periodically examine updates on the progress of sustainability measures and, as from the time when its preparation will become mandatory for the Company, the consequent impact on the DNF
submit to the Board of Directors, at least once every six months, on the occasion of the approval of the annual and half-yearly financial reports, a report in which an assessment is expressed on the activities carried out, as well as on the adequacy of the Internal Control System;
at the first useful meeting of the Board of Directors, it reports on the activities carried out from time to time by the CCR.

On 25 February 2020, in order to take into account the recommendations formulated in the seventh "Annual report on the application of the Corporate Governance Code on the evolution of corporate governance of listed companies", the Board of Directors integrated the tasks of the Control and Risk Committee, providing for investigative, advisory and propositional functions and, more generally, support to the Board of Directors on issues related to sustainability and nonfinancial reporting, as of the moment when its preparation will become mandatory for the Company.

The activity of the Audit and Risk Committee has been further extended from 22 December 2020 with the following activities: (i) reviewing the content of periodic non-financial information relevant to the internal control and risk management system; (ii) meeting, at least twice a year, with the Bank's Supervisory Board, from which it acquires, for information purposes only, the halfyearly reports, with reference to the management of risks arising from prejudicial events; supporting the Board of Directors in assessing the suitability of periodic financial and non-financial information to correctly represent the Bank's business model, strategies, the impact of its activities

and the performance achieved, in coordination with the committee, if any, to which the functions relating to sustainable success are attributed, where it does not coincide with the CCR itself; (iii) performing the task of the Committee's Chairman to report, at the first useful meeting of the Board of Directors, on the activities carried out by the Committee from time to time.

During 2021, 17 meetings of the Control and Risk Committee were held, the average duration of the meetings was approximately 2 hours and 13 minutes.

During 2022, 15 meetings are indicatively scheduled, of which 3 were held on 26 January, 9 February, and 25 February respectively.

In carrying out its functions, the Control and Risk Committee exchanges all information of mutual interest with the Board of Statutory Auditors and, where appropriate, coordinates with the control body. The Control and Risk Committee shall define any information flows to be addressed to it on risk matters, identifying their subject, format, and frequency. The Control and Risk Committee, where necessary, has the power to liaise with the individual Corporate Control Functions, including the Internal Audit Function, depending on the issues identified, to carry out checks on specific operational areas, simultaneously notifying the Chairman of the Board of Statutory Auditors.

During the year, the Audit and Risk Committee also, without prejudice to the responsibilities of the Remuneration Committee, ensures that the incentives underlying the Bank's and the Group's remuneration and incentive system are consistent with the RAF.

In relation to the Recovery Plan, the Control and Risk Committee: i) expresses opinions in support of the Board, both when drawing up and updating the Recovery Plan itself, and when the thresholds are exceeded and the recovery options are adopted; ii) monitors the implementation of the recovery options and informs the Board; iii) supports the Chief Executive Officer (or other Director specifically delegated) and the Board of Directors in defining communications, once the state of recovery has been declared.

During the financial year, the CRR, inter alia, has:

i) shared the review and update of the RAF, verifying its consistency with the 2021 budget;
ii) acknowledged the annual report on the functioning of the internal "whistleblowing" systems
iii) examined the half-yearly reports of the Supervisory Board
iv) issued its opinion on the aspects falling under its competence in the annual "Report on Corporate Governance and Ownership Structure";
v) examined the reports prepared by the Corporate Control Functions, and reported the contents considered relevant and its own observations and assessments in this regard to the Board of Directors
vi) examined the annual reports of the Corporate Control Functions
vii) positively assessed and informed the Board of Directors of the level of completion of the control activities carried out during the previous year on the Group by the individual Corporate Control Functions
viii)acknowledged the report of the Internal Audit Function on the remuneration and incentive policies and practices for the year 2021
ix) with reference to the consistency of the remuneration and incentive systems with respect to the RAF, examined, inter alia: (a) the "Remuneration and incentive policy for members of the Strategic Supervision, Management and Control Bodies and personnel of the BFF Group", and (b) the incentives underlying the Group's remuneration and incentive system (MBO 2020), assessing them as consistent with the RAF
x) verified together with the Executive in charge of Financial Reporting and in coordination with the Board of Statutory Auditors and having consulted with the Independent Auditors the correct use of the accounting standards for the preparation of the draft individual and consolidated financial statements, respectively of the Bank and the Group as at 31 December 2020, as well as for the preparation of the individual financial statements and the consolidated half-yearly financial report as at 30 June 2021, deeming them to be correct and in continuity with previous years
xi) examined the update of the Recovery Plan, prepared by the Risk Management Function, taking note of it and evaluating the Recovery Plan consistent with the Group's business model, as well as with the RAF and ICAAP
xii) shared the review and update of the RAF as a result, inter alia, of updates to supervisory regulations (e.g. on the subject of the Internal Liquidity Adequacy Assessment Process - ILAAP).
xiii)examined the amendments to the "Goodwill Impairment Test Policy
xiv)examined the "Group Policy on Usury Prevention" and the opinion of regulatory compliance expressed in this regard by the Compliance and AML Function;

xv) examined the updated internal regulations of the Bank and its branches on anti-money laundering and combating the financing of terrorism;

xvi)acknowledged the measures taken to update the 231 Model;

xvii)acknowledged the findings of the ICAAP/ILAAP Report, and the related opinion expressed by the Internal Audit Function, assessing them to be consistent with the guidelines of the business plan and the 2020 budget, as well as with the RAF and the Internal Control System xviii)acknowledged the annual report on important outsourced operational functions, prepared by the Internal Audit Function, and the favourable opinion expressed by the Board of
Statutory Auditors, proposing its approval to the Board of Directors and timely transmission to the Bank of Italy
xix)prepared and approved its half-yearly reports to the Board of Directors on the activities carried out, and on the adequacy of the internal control and risk management system.

In the performance of its functions, the Control and Risk Committee has the right to access company information and may talk directly with the individual Company Control Functions, depending on the issues identified, to carry out specific controls.

The Committee may use external consultants, if deemed necessary.

The Board of Directors establishes annually the expense budget available to the Control and Risk Committee for the performance of its functions, which may be increased upon its reasoned request.

When approving the 2021 budget, the Board of Directors resolved to allocate € 10,000.00 to the Committee in order, for example, to be able to make use of specialist consultants for the correct performance of the tasks entrusted to it.

Head of Internal Audit Function

Mr. Claudio Ceccaroni holds the position of Head of the Internal Audit Function from 5 March 2021, as per Board resolution of 17 February 2021.

The "Internal Audit Regulation" provides that the Head of the Internal Audit Function is appointed by the Board of Directors, on the proposal of the Control and Risk Committee, which is supported by the Appointments Committee, having consulted the Board of Statutory Auditors and after assessing the requirements of authority, professionalism and independence¹⁰ . With reference to the BFF Polska Group, the Head of Internal Audit exercises direction, coordination and supervision of the audit activities carried out by the competent department, and reports to the Board of Directors of BFF Finance Iberia on the internal audit service provided.

The Board, having received a favourable opinion from the Audit and Risk Committee and having consulted with the Board of Statutory Auditors, has approved the remuneration of the Head of Internal Audit in line with the Remuneration Policy, and ensures that this Head is provided with adequate human and financial resources to carry out his duties.

The remuneration of the Head of Internal Audit is defined by the Board of Directors, on the proposal of the Remuneration Committee, in line with the Remuneration Policy, and in compliance with regulations on remuneration and incentives.¹¹ . The remuneration policies envisaged for the Head of Internal Audit, in accordance with the Remuneration Policy, provide for the exclusion of the Head of Internal Audit from stock option plans, as well as the allocation of the variable portion of remuneration within the limit of one third of the fixed portion, within the framework of criteria and parameters that are not linked to the Bank's economic results.

In order to guarantee his independence, the Head of the Internal Audit Function has no direct responsibility for operational areas, nor is he hierarchically dependent on persons responsible for operational areas, reporting only to the Board of Directors.

The Head of Internal Audit verifies, both on an ongoing basis and in relation to specific needs and

¹⁰ The above-mentioned appointment process complies with the Supervisory Provisions, which take precedence over the provisions of the Corporate Governance Code, according to which the role of proposing the person to hold the position of Head of the Internal Audit Function lies with the Control and Risk Committee.

¹¹ Also in this regard, the process for determining the remuneration of the Head of the Internal Audit Function has been identified in accordance with the Supervisory Provisions, which take precedence over those of the Corporate Governance Code, according to which the role of proposing the person to hold the position is the responsibility of the Remuneration Comm.

in compliance with international standards, the operation and suitability of the internal control and risk management system, through the audit plan approved by the Board of Directors, based on a structured process of analysis and "prioritisation" of the main risks ("risk based" approach) with a Group-wide scope.

The audit plan, as provided for by the Internal Audit Regulation, is multi-year, and indicates the control activities planned over a three-year period and according to a "process-oriented" logic. The audit plan is updated every time the need arises, at the request of the Corporate Bodies, the Supervisory Board and/or at the proposal of the Head of Internal Audit. The plan is reviewed annually by the Head of the Internal Audit Function, and approved by the Board of Directors.

In view of the Health Emergency, the Internal Audit Function had access, also in "remote" mode, to all the Bank's activities, including those outsourced, carried out both at the central offices and at the peripheral structures. In cases where activities relevant to the functioning of the Internal Control System (e.g. data processing activities) are assigned to third parties, the Internal Audit Function also has access to the activities carried out by such parties. Moreover, it has direct access to all information useful for the performance of the task assigned to it.

On a quarterly basis, the Head of the Internal Audit Function submitted to the Corporate Bodies and the CCR a "Tableau de bord" summarising the results of audit and follow-up activities (any shortcomings found, level of problems, corrective action, timing and owners) concerning the Bank, Subsidiaries and Branches. This information is promptly transmitted to the Bank of Italy.

In addition, the Head of the Internal Audit Function, as provided for in the "Rules of the Internal Audit Function", reports at the following intervals:

annually, to the Board of Directors and the Board of Statutory Auditors of the Bank, in its capacity as Parent Company, on the results of the audits carried out on the Group as a whole and on individual Subsidiaries. The annual report is promptly transmitted to the Bank of Italy;
periodically, to the Board of Directors of BFF Finance Iberia, on the audit activities carried out on the basis of a service contract;
annually, to the Board of Directors, with the considerations of the Board of Statutory Auditors, on the audit activity carried out on the Important Outsourced Functions (so-called

FEI), on any shortcomings or anomalies found, and on the consequent corrective actions adopted. The report is promptly transmitted to the Bank of Italy;

annually, to the Shareholders' Meeting, on the compliance of the remuneration practices with the approved policies and the reference legislation, after the Remuneration Committee, the Board of Statutory Auditors and the Board of Directors have taken note of the report of the Internal Audit Function;
annually, to the Corporate Bodies, on the proper functioning of the internal reporting systems (so-called whistleblowing);
annually, to the Board of Directors, on the audit report on related parties, after examination by the OPC Committee.

As part of the process of preparing the "Group" Recovery Plan, the Internal Audit Function supports the assessments of the Control and Risk Committee and the Board of Statutory Auditors, on the basis of the checks carried out.

The Internal Audit Function cooperates on an ongoing basis with the other corporate control functions of the Parent Company and Subsidiaries, as well as with the Board of Statutory Auditors and the Supervisory Board 231.

In addition, the Head of the Internal Audit Function, as the person responsible for the internal whistleblowing systems, is required to prepare an annual report on the proper functioning of the internal whistleblowing systems, containing aggregate information on the results of the activities carried out following the reports received, which must be approved by the Corporate Bodies and made available to Bank staff.

Pursuant to the "Internal Audit Function Regulations", the Head of the Function may directly communicate the results of investigations and assessments to the Corporate Bodies.

During the year, in addition to quarterly reporting, the Head of the Internal Audit Function provided the Corporate Bodies with detailed reports on the audit activities carried out in each quarter.

The Internal Audit Function carried out periodic checks on the reliability of the information systems, including the accounting systems, both through ad hoc checks and as part of the activities envisaged in the "Three-year Audit Plan 2019-2021", revised at the beginning of the year, reporting the results in the quarterly report.

The Head of the Internal Audit Function has a specific annual budget approved by the Board of Directors, which he may use independently to carry out his activities in the Group. This budget for specialist support relating to the Bank and its branches, as well as its foreign subsidiaries, amounted to a total of approximately Euro 240,000 for the year 2021.

During the Year, the Head of the Internal Audit Function carried out the audit activities envisaged by the "Three-year Audit Plan 2019-2021", both on the Bank and on the Subsidiaries and Branches, with varying depth depending on the risk, performing ongoing follow-up activities on all Group companies.

The Head of Internal Audit reported for the Parent Company on the work carried out in the following areas:

(i) Governance: Remuneration and incentive policies and practices, Branch in Greece, Usury, Outsourcing of essential or important functions (EIF), Complaints management, Supervisory reporting, Management of conflicts of interest with related parties, Interbank Deposit Protection Fund, Anti-Money Laundering, Guarantor II verification, Statement of Accounts Payable and Sundry Creditors as at 31 December 2020, Statement of Accounts Payable and Sundry Creditors Transaction Services balances as at 30 June 2021;
(ii) Business model of the Bank

a.Transaction services: Supply of the order and execution register, Customer transfers, Corporate Action management, Cash and Vault, Depositary controls: reconciliation of cash and securities accounts, SCT-SDD transmission, Depositary control activities on Real Estate AIFs, Follow up of open actions on control activities carried out by the UCITS depositary, Follow up of control activities carried out by the Private Equity AIF depositary, Qualified Intermediary certification, Depositary control activities on negotiated and open pension funds;

b.Factoring & Lending: Third-party networks: brokers and credit brokers, Credit portfolio and new credit policy as at 31 March 2021, 30 June and 30 September, Determination of interest on arrears and calculation of amortised cost: model adopted, Deposit accounts in Italy, Spain and Poland, Classification of assets and value adjustments, Verification requested by the Bank of Italy on legal drive;

(iii) ICT: ICT risk analysis and management process, Swift platform, ICT infrastructure, business continuity and ICT governance, Verification of services offered by supplier SI-Grade;
(iv) Risk and Control Functions: Assessment of ICAAP/ILAAP process, Recovery Plan, Adequacy of Compliance Function.

As for the Subsidiaries, the following were recorded: (i) activities relating to the governance and credit area for BFF FI; (ii) activities relating to the governance, finance, and credit areas for the BFF Polska group.

In addition, during 2021, the Head of Internal Audit Function has:

cooperated with the other control functions and with the Manager in charge, also transmitting reports on his activities
interacted with the Control and Risk Committee, the Board of Statutory Auditors and the 231 Supervisory Body (of which he is also a member), reporting on his work and sending periodic reports on the activities carried out. He also liaised with the Independent Auditors;
interacted with the Bank's management, to share with the process managers the audit activity, and transmitting the monthly follow-up report;
prepared and implemented training plans for the staff of the Internal Audit Function of the Parent Company and BFF Polska, in order to promote their professional development
promoted a quality improvement programme for the Group, obtaining certification, in accordance with the UNI EN ISO 9001:2015 standard, of the audit planning and execution process for the Bank and BFF Polska;
participated as a permanent member of the Company's Safety Committee and constantly monitored the measures adopted by the Group to safeguard the safety of workers and business continuity in relation to the Health Emergency which also characterised the year 2021;

During the year, the Bank did not outsource the Internal Audit Function to a party external to the Issuer.

9.3 ORGANISATIONAL MODEL pursuant to Legislative Decree 231/2001

The Model 231 adopted by the Bank provides, first of all, for a "General Part" which includes, in addition to a brief description of the contents of Legislative Decree no. 231/2001, the characteristics and essential components of the Model 231, the functions and powers of the Supervisory Board, the system of information flows and communications to/from the Supervisory Board, the system of sanctions for violations of the provisions contained therein, and the obligations to communicate the Model and train staff.

The Model also provides for a number of "Special Sections", which are structured as follows: (i) a "Special Section I - Matrix of activities at risk of crime", aimed at identifying the types of crimes that may potentially be committed in carrying out the activities for which the Issuer is responsible; (ii) a "Special Section II - Protocols", which sets out the activities, controls and reporting mechanisms designed to ensure the adequacy of the organizational and control system of the Issuer and its Branches to comply with Legislative Decree no. 231/2001; (iii) a "Special Section II - Protocols", which sets out the activities, controls and reporting mechanisms designed to ensure the adequacy of the organizational and control system of the Issuer and its Branches to comply with Legislative Decree no. 231/2001. Legislative Decree no. 231/2001; (iii) a "Special Section III - Information flows to the Supervisory Body".

The Code of Ethics, adopted at Group level, expresses the founding values and rules of corporate ethics which the Group recognizes as its own, and requires compliance with them by all persons identified as recipients in the code, and, although it has its own independent value, it states ethicalbehavioral principles that are also suitable for preventing unlawful conduct pursuant to Legislative Decree no. 231/2001, and is therefore also relevant for the purposes of Model 231, constituting a complementary element thereof.

The Bank undertakes to disseminate these rules of conduct at Group level, in order to ensure that its activities are carried out in compliance with the ethical principles referred to therein. To this end, it transmits the Code of Ethics to its Subsidiaries for their adoption, possibly making amendments to it to take account of local legislation.

The Bank has also adopted the "Group Anti-Corruption Policy", in force since 22 December 2011, which defines the anti-corruption principles, roles and responsibilities for managing the risk of corruption in the activities carried out by the Bank and its subsidiaries and identifies the activities

and areas most at risk of corruption. Following the entry into force of the Policy, a clause has been included in contracts with third parties providing for the termination of the contract if the counterparty is involved in corrupt acts or violates the contents of the Policy;

As at 31 December 2021, the Supervisory Board was composed of Marina Corsi (a professional from outside the Group), who acts as Chairman, Silvio Necchi (a professional from outside the Group) and Claudio Ceccaroni (Head of Internal Audit of BFF from 5 March 2021).

The activity of the Supervisory Board carried out during the year was mainly oriented towards verifying the adequacy of Model 231, with particular regard to its updating in relation to changes in the Bank's organizational structure following the merger by incorporation with DEPObank.

The Supervisory Board is also kept constantly updated, to the extent of its competence, on projects of strategic importance to the Bank and on changes in the organizational structure of the Bank and the Group.

BFF FI has adopted its own organizational model in compliance with Article 31-bis of the Spanish Criminal Code (the "31-bis Model"), structured in a similar way, insofar as compatible, to the Bank's Model 231 (i.e., with a general part, a special part with a matrix of activities at risk, and a part relating to information flows). As part of the approval of Model 31-bis, a special local supervisory body was also appointed, set up in monocratic form.

As far as BFF Polska is concerned, in compliance with Polish regulations, specific guidelines have been adopted to monitor "anti-corruption" issues, with the identification of a specific monocratic body responsible for this purpose, represented by the local Compliance & AML department.

9.4AUDITING COMPANY

The company appointed to audit the Bank's accounts is KPMG S.p.A., with registered office in Milan, Via Vittor Pisani, 27/31. The assignment was granted by the Shareholders' Meeting, on the basis of a reasoned proposal from the Board of Statutory Auditors, on 2 April 2020, for the financial years 2021 to 2029. The Shareholders' Meeting appointed the auditors to audit the annual and halfyearly financial statements as well as the audits pursuant to Legislative Decree 39/2010.

³¹ Si ricorda che l'art. 14, comma 12, della Legge 12 novembre 2011, n. 183 ha aggiunto all'art. 6 del d.lgs. 8 giugno 2001, n. 231, un comma che espressamente prevede la possibilità di affidare al collegio sindacale (o, nei modelli alternativi, ai corrispondenti organi di controllo) le funzioni dell'organismo di vigilanza.

9.5 THE CHIEF REPORTING OFFICER OF PREPARING CORPORATE ACCOUNTING DOCUMENTS AND OTHER CORPORATE ROLES AND FUNCTIONS

Following the resignation of Mr. Carlo Maurizio Zanni, on 6 August 2021, the Board of Directors, with the favourable opinion of the Board of Statutory Auditors, appointed Mr. Claudio Rosi - Head of the Administration Processes Improvement & F.R.O. Organisational Unit - as Manager in charge of Financial Reporting, with effect from 7 August 2021 (who is mainly responsible for the duties described in Section 11 in relation to the financial reporting process). On this occasion, the Board of Directors positively verified that Mr. Rosi met the requirements of honour and was able to meet the requirements of the Code of Ethics. On this occasion, the Board of Directors positively verified that Mr. Rosi met the requirements of integrity and professionalism laid down for this role by the Articles of Association and the regulations in force, as well as proven financial, administrative and accounting experience, since he has extensive experience in the Finance, Administration and Control area, firstly with the Mediobanca Group from 1983 to 2020, where, after being in charge of Financial Statements and Taxation, he became Administrative Director and CFO of the service company Mediobanca Innovation Services and, subsequently, at DEPObank where, from September 2020, he took on the role of Administrative Director and head of the Regulatory Reporting Office.

Pursuant to Article 18 of the Articles of Association, the Board of Directors, subject to the mandatory (but not binding) opinion of the Board of Statutory Auditors, appoints and revokes the Executive in charge of Financial Reporting, and determines his remuneration and the duration of his appointment. In addition to the requirements of respectability prescribed by law for those who perform administrative and management functions, the Manager in charge must also meet the requirements of professionalism, characterised by specific financial, administrative and accounting competence. This competence, to be ascertained by the Board of Directors itself, must be acquired through work experience in a position of appropriate responsibility for an adequate period of time. The Executive in charge of Financial Reporting is granted adequate powers and means for the exercise of the tasks assigned to him by the regulations. In this regard, the Board of Directors monitors the actual availability of such means and powers by the Executive in charge of Financial Reporting, in compliance with the accounting procedures (Article 154-bis, paragraph 4, of the

Consolidated Law on Finance).

The Executive in Charge:

i) has access to all information that is relevant or necessary for the performance of his duties. He may, therefore, request information, data or processing thereof from all the corporate structures of the Companies included in the scope of consolidation;

ii) he is invited to take part in any meeting of the Board of Directors of the Parent Company whose agenda includes the approval of the financial statements, the consolidated financial statements, the half-yearly financial reports, or other data/decisions relevant to the attestations he is required to provide. The Manager in charge of preparing the Company's financial reports is also invited to attend the meetings of the Shareholders' Meetings whenever deemed appropriate by the Chairman of the Board of Directors or by the Managing Director, or whenever the agenda includes items relevant to accounting information;

iii) has access to the minutes/documents of the meetings of the Board of Directors of all the Subsidiaries falling within the scope of consolidation.

In addition to holding a managerial position with a hierarchical level reporting directly to the Chief Executive Officer, the Manager in charge has the power to

a) carry out controls on business processes with a direct or indirect impact on the preparation of periodic financial reports

b) be assisted, where necessary, by other corporate structures functional to the management of the Internal Control System (e.g. Internal Audit, Risk Management, ICT, etc.)

c) proposing changes to company processes and procedures of which the Executive in Charge is not the process owner, including IT processes, which have an indirect impact on reporting.

The Appointed Executive operates within the framework of the budget determined annually by the Board of Directors.

The Appointed Executive is charged with the duty of promptly notifying the Chairman of the Board of Directors of the need to make any adjustments or additions to his budget. To this end, in the event of urgency, the budget assigned to the Appointed Executive's Department may be exceeded by the latter - with immediate notification to the Chairman of the Board of Directors, and subsequent approval by the Board of Directors.

The Head of the Risk Management Function

On 28 May 2020, the Board of Directors appointed Mr. Marco Piero as Head of the Risk Management Function. ¹² . The "Rules of the Risk Management Function" provide that the Head of the Risk Management Function is appointed by the Board of Directors, after consulting the Board of Statutory Auditors, after assessing the requirements of independence and honourableness, autonomy and professionalism, and in accordance with the procedures set out in the Supervisory Provisions.

With regard to its powers, the Risk Management Function, upon reasoned request and approval by the Chief Executive Officer, may make use of specialist resources, including external ones, in the performance of its activities.

The Risk Management Function has an annual expenditure budget which is agreed with the Chief Executive Officer, also on the basis of the annual activity programme submitted to the Board of Directors.

With regard to the tools at its disposal, the Risk Management Function, in order to fulfil the tasks assigned to it

operates autonomously and independently, on the basis of an annual activity programme approved by the Board of Directors;
has at its disposal the necessary resources to detect the effective control of risks
has the maximum cooperation of the other corporate structures
has qualitatively (in terms of technical-professional skills and updating) and quantitatively (in terms of numbers) adequate resources for the tasks to be performed;
may avail itself, in addition to the resources which it coordinates hierarchically, of resources located in different corporate structures which report directly to it on matters relating to the tasks of the Risk Management Function;
has access to all the activities carried out by the Bank and its Subsidiaries, and to any information it considers relevant, as well as to the corporate and external data necessary to perform its tasks properly

¹² The appointment was made on the proposal of the then "Risk Committee", after consulting the Board of Statutory Auditors, after assessing the requirements of independence and honourableness, autonomy and professionalism, and in compliance with the procedures set out in the Supervisory Provisions.

it has a separate organisation from the Internal Audit Function, being subject to verification by the latter Function
collaborates on an ongoing basis with the other corporate control functions of the Parent Company and Subsidiaries, as well as with the control bodies and the Supervisory Body;
guarantees the confidentiality of the information acquired.

The Risk Management Function makes use of appropriate IT tools, with particular regard to the analysis of the risks considered most relevant.

The Head of the Risk Management Function reports directly to the Corporate Bodies. In particular, he has direct access to the Board of Directors and the Board of Statutory Auditors and communicates with them without restrictions or intermediation.

Head of Compliance & AML Function

On 17 February 2021, the Board of Directors appointed - with effect from 5 March 2021 - Avv. Michela Della Penna as Head of the Compliance & AML Function and Head of Reporting of Suspicious Transactions. The "Regulation of the Compliance & AML Function" provides that the Head of the Compliance & AML Function shall be appointed by the Board of Directors, after consulting the Board of Statutory Auditors, after assessing the requirements of independence and honorableness, autonomy and professionalism, and in compliance with the procedures set out in the Supervisory Provisions.

About its powers, the Compliance & AML Function may, upon reasoned request and subject to the approval of the Chief Executive Officer, avail itself of specialized resources, including external resources, in the performance of its activities.

The Compliance & AML Function operates autonomously and independently based on its own activity plan approved by the Board of Directors. In this regard, the Compliance & AML Function:

has the maximum cooperation of the other company structures
has at its disposal qualitatively (in terms of technical-professional skills and updating) and quantitatively (in terms of numbers) adequate resources for the tasks to be performed;
it has access to all the activities carried out by the Bank and its Subsidiaries and to all information considered relevant, as well as to the corporate and external data needed to perform its tasks appropriately
has a separate organization from the Internal Audit Function, being subject to verification by the latter Function;
collaborates on an ongoing basis with the other corporate control functions of the Parent Company and Subsidiaries, as well as with the Board of Statutory Auditors and the Supervisory Body;
guarantees the confidentiality of the information acquired.

The Head of the Compliance & AML Function reports directly to the Corporate Bodies. In particular, he has direct access to the Board of Directors and the Board of Statutory Auditors, and communicates with them without restrictions or intermediation.

9.6 COORDINATION BETWEEN THE PARTIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

The ROA defines in detail the tasks and responsibilities of the Corporate Bodies and the Company's Control Functions, as well as the information flows between the various Functions/Bodies and between these/Bodies and the Corporate Bodies, and specifies the methods of coordination and cooperation where the areas of control present areas of potential overlap or allow synergies to be developed.

As regards the rules governing information flows between the Corporate Bodies and the Corporate Control Functions, reference should be made to Annex A - "Information Flows" in the appendix to the ROA.

In accordance with the rules contained in the Supervisory Provisions on the system of controls, the Bank has identified a number of formalised moments of coordination between the Corporate Control Functions in order to

promoting the understanding and correct assessment of corporate risks;
planning future control activities between Corporate Control Functions;
identify shared remediation actions.

In order to provide for an integrated management of corporate risks, an internal meeting (so-called "Risk Meeting") is convened, at least quarterly and/or on an event basis, with the aim of sharing among Corporate Control Functions (and other Corporate Functions) the risks identified during the verification activities carried out by Corporate Control Functions.

These meetings are also planned as a result of information flows between the Corporate Control Functions, and reinforce the monitoring of the different types of risks to which the Bank is exposed. With regard to the identified risks, on the basis of an agreed agenda, the participating functions share

(a) the definition of remediation actions unambiguously identified by all participants;

(b) a summary of the risks identified by the participating functions and the actions necessary to mitigate the risks.

These meetings are also aimed at avoiding overlapping of common activities, while allowing constant monitoring of the status of implementation of the mitigation actions.

The Bank pays specific attention to the articulation of information flows between the Corporate Control Functions. In particular, the heads of the Risk Management Function and of the Compliance and AML Function inform the Head of the Internal Audit Function of critical issues detected in their activities, which may be of interest for the audit activity. The Head of the Audit Function, in turn, informs the heads of the other Corporate Control Functions of any inefficiencies, weaknesses or irregularities that have emerged during the activities for which they are responsible, and concerning specific areas or matters for which they are responsible.

For further information, please refer to the ROA available on the Website at the following address:

10 DIRECTORS' INTERESTS AND TRANSACTIONS WITH RELATED PARTIES

Also on 11 November 2016¹³ the Board of Directors also approved (with effect subject to the Listing), subject to the favourable opinion of the RPT Committee and the Board of Statutory Auditors, in compliance with Circular no. 263 and the Consob Related Parties Regulation, the "BFF Banking Group Regulation for the management of transactions with parties in conflict of interest" (the "OPC Regulation").

The Board of Directors, first on 22 December 2020 and subsequently on 30 June 2021, subject to the favourable opinion of the RPT Committee and the Board of Statutory Auditors, in accordance with Circular No. 285 (which incorporated, in Part Three, Chapter 11, the rules on "Risk Activities and Conflicts of Interest with Related Parties", previously indicated in Circular No. 263) and the new Consob Related Parties Regulation containing new indications and guidelines for its application, approved an updated version of the RPT Regulation, available on the Website at the following address: https://investor.bff.com/it/operazioni-con-soggetti-collegati.

The OPC Rules aim to protect against the risk that the proximity of certain persons to the Bank's decision-making centres may compromise the objectivity and impartiality of decisions relating to transactions with such persons, with possible distortions in the process of allocating resources, the Bank's exposure to risks that are not adequately measured or monitored, and potential damage to shareholders and stakeholders.

Specifically, the OPC Rules govern, inter alia, (i) the scope of Related Parties, Connected Persons and corporate officers pursuant to art. 136 of the Consolidated Banking Act; (ii) the perimeter of transactions with the persons indicated in point (i); (iii) the procedures applicable to transactions with such persons in relation to their significance - with particular reference to their operational management from the preliminary fulfilments to the decision-making process -; (iv) the safeguards adopted by the Issuer with reference to transactions with Related Parties and Connected Persons; (v) the identification of the prudential limits within which the assumption of risk activities towards Connected Persons must be contained; (vi) exemptions and derogations from the procedures thus

defined; (vii) the procedures for updating the procedures; (viii) the flow of information, both internal and external, including to the public, and the consequent obligations.

As regards OPC Committee meetings, the Chairman i) formulates the agenda, convenes and chairs the meetings, organises the work of the meetings and provides prior information so that its members can act in an informed manner; ii) directs, coordinates and moderates the debate; iii) reports to the Board of Directors on behalf of the RPT Committee and iv) represents the Committee in relations with other corporate bodies, and may also sign reports and opinions to be submitted to the Board of Directors on behalf of the OPC Committee.

During 2021, ** meetings of the Nomination Committee were held. The average duration of the meetings was approximately 1 hour and ** minutes.

In the course of 2022, 5 meetings are indicatively planned, of which ** were held (on 26 January, ** February 2022). For further detailed information, please refer to Table 2 "Structure of the Board of Directors and Committees" in the Appendix to the Report.

On 11 November 2016, the Board of Directors approved (with effect subject to the Listing), subject to the favourable opinion of the RPT Committee and the Board of Statutory Auditors, the "Policies on internal controls adopted by BFF Banking Group for the management of conflicts of interest" (the "RPT Policy").

The Board of Directors, first on 22 December 2020 and then on 30 June 2021, after obtaining the favourable opinion of the RPT Committee and the Board of Statutory Auditors, in accordance with Circular No. 285 and the Consob Related Parties Regulation, approved the update of the RPT Policy, which is available on the Website at the following address: https://investor.bff.com/it/operazioni-con-soggetti-collegati .

The RPT Policy sets out the guidelines to ensure that the BFF Group's organisational structure and Internal Control System guarantee constant compliance with the prudential limits and decisionmaking procedures established by applicable regulations.

To this end, the RPT Policy governs the control processes aimed at ensuring the correct measurement, monitoring and management of the risks assumed by the Group towards Connected Parties and Related Parties, as well as verifying the correct design and effective

application of internal policies, identifying the roles and responsibilities of the Corporate Bodies, the Corporate Control Functions and the RPT Committee.

In particular, the RPT Policy aims to: (i) identifying, in relation to the operating characteristics and strategies of the Bank and the Group, the sectors of activity and the types of economic relationships, including those involving the assumption of risk, in relation to which conflicts of interest may arise (ii) establishing risk propensity levels consistent with the strategic profile and organisational characteristics of the Bank and the Group, including in terms of the maximum extent of risk activities towards Connected Persons considered acceptable in relation to regulatory capital, with reference to the total exposures to all Connected Persons; (iii) establishing and regulating organisational processes aimed at: (a) fully identifying and listing Connected Persons and Related Parties, and recognising and quantifying the relevant transactions at each stage of the relationship; (b) ensuring the correct measurement and management of the risks assumed towards Connected Persons and Related Parties, and checking the correct design and effective application of internal policies.

11 BOARD OF STATUTORY AUDITORS

11.1APPOINTMENT AND REPLACEMENT

The Articles of Association ¹⁴ provides that the Board of Statutory Auditors shall be composed of 3 (three) standing members and 2 (two) alternate members, appointed on the basis of lists that must be filed at the Company's registered office at least twenty-five days before the date set for the Shareholders' Meeting. The lists may be submitted by as many shareholders as, alone or together with other shareholders, represent at least two percent of the shares with voting rights at the Ordinary Shareholders' Meeting, or the lower percentage required by the regulations issued by Consob for the submission of lists of candidates for the appointment of the Board of Directors. The lists are accompanied by the curricula of the individual candidates and the declarations of acceptance of the candidature, attesting to the existence of the requirements prescribed by law and the Articles of Association. The reference legislation provides, in particular, that: (i) candidates must meet the requirements of integrity, professionalism and independence set forth in Article 148, paragraph 3, of the Consolidated Law on Finance, as referred to in Article 147-ter and Article 2, recommendation 7 of the Corporate Governance Code. 2, recommendation 7 of the Corporate Governance Code, as well as comply with the provisions on the accumulation of offices (aspects now governed by the Fit & Proper Decree), and that (ii) those who hold offices in bodies other than control bodies in other Group companies, as well as in companies in which the Bank holds, even indirectly, a strategic interest, cannot be members of the Board of Statutory Auditors, (ii) persons holding offices other than those of control in other companies of the Group, as well as in companies in which the Bank holds, even indirectly, a strategic shareholding (as defined by the Supervisory Provisions), cannot be members of the Board of Statutory Auditors; nor can persons holding the office of director, manager or officer in companies or bodies, or, in any event, collaborating in the management of companies operating, directly or indirectly, including through subsidiaries, in the same sectors as the Bank.

The members of the Board of Statutory Auditors must meet the requirements of integrity and comply with the criteria of fairness, professionalism, and the requirements of competence and independence laid down in the Fit & Proper Decree.

The composition of the Board of Statutory Auditors must also comply with the criteria of adequate collective composition of bodies set out in Article 11 of the Fit & Proper Decree.

Each member of the Board of Statutory Auditors must comply with the limits on the accumulation of offices set out in Article 17 of the Fit & Proper Decree, which provides that they may not hold, alternately, more than

1 executive position and 2 non-executive positions;
4 non-executive appointments.

For the purposes of calculating the above limits, the position held at the Bank is also taken into account.

The limits on the accumulation of offices must also be verified by taking into account the exemptions and methods of aggregating offices pursuant to Article 18 of the Fit & Proper Decree.

In addition, the violation of the prohibition for Statutory Auditors to take on or hold similar positions in competing companies or groups of companies, pursuant to Article 36 of Law Decree no. 201/2011, converted with amendments into Law no. 124 of 22 December 2011, is a cause of incompatibility leading to forfeiture of the office within the terms prescribed by law.

In any case, each Statutory Auditor must devote an adequate amount of time to the performance of his or her duties, as indicated in Article 16 of the Fit & Proper Decree.

The election of the members of the Board of Statutory Auditors shall be carried out as follows:

a) two standing members and one alternate member are taken from the list obtaining the highest number of votes (the so-called majority list);
b) the remaining standing auditor and the other alternate auditor are taken from the list obtaining the second highest number of votes at the Shareholders' Meeting after the majority list, which is not connected in any way, not even indirectly, with those who submitted or voted for the majority list (the so-called minority list). If several lists have obtained the same number of votes, a new ballot shall be held between these lists by all those entitled to vote present at the Shareholders'

Meeting, and the candidates on the list obtaining a simple majority of votes shall be elected.

The Chairman of the Board of Statutory Auditors shall be the standing member indicated as the first candidate on the minority list. If the Chairman of the Board of Statutory Auditors has to be replaced, the chairmanship shall be assumed by the alternate auditor belonging to the same minority list as the outgoing Chairman, according to the progressive order of the list itself, without prejudice, in any case, to the fulfilment of the requirements of the law and/or the Articles of Association to hold the office and compliance with the gender balance provided for by the regulations.

If the application of the list voting mechanism does not ensure the minimum number of auditors belonging to the least represented gender envisaged by the law, considering the standing auditors and alternate auditors separately, the candidate belonging to the most represented and elected gender, indicated as the last in progressive order in each section of the majority list, shall be replaced by the candidate belonging to the least represented and not elected gender taken from the same section of the same list in the progressive order of presentation.

In the event of the death, resignation or debarment of a Statutory Auditor, he shall be replaced by the first alternate belonging to the same list as the outgoing Statutory Auditor. If the replacement does not allow the Board of Statutory Auditors to be reconstituted in accordance with the regulations, including those on gender balance, the second alternate from the same list shall take over.

If, later, it becomes necessary to replace another auditor taken from the majority list, the next alternate auditor taken from the same list shall take over.

If it is not possible to make replacements according to the above criteria, a Shareholders' Meeting is called to integrate the Board of Statutory Auditors, which resolves by relative majority.

When in the case described above, or in accordance with the regulations, the Shareholders' Meeting must appoint the standing and/or alternate auditors required to complete the Board of Statutory Auditors, the procedure is as follows:

if it is necessary to replace auditors elected from the majority list, the appointment is made by relative majority vote without list constraints, without prejudice, in any case, to compliance with the balance between genders provided for by the legislation;
if, on the other hand, it is necessary to replace auditors elected from the minority list, the Shareholders' Meeting shall replace them by a relative majority vote, selecting them, where possible, from among the candidates indicated in the list to which the auditor to be replaced belonged, and in any case in compliance with the principle of the necessary representation of minorities, without prejudice to compliance with the gender balance provided for by law.

If only one list is submitted, the Shareholders' Meeting shall vote on it; if the list obtains a relative majority, the candidates indicated in the respective section of the list shall be elected as standing and alternate auditors; the Chairman of the Board of Statutory Auditors shall be the person indicated in first place on that list.

Outgoing Statutory Auditors may be re-elected.

11.2COMPOSITION AND OPERATION (pursuant to art. 123-bis, paragraph 2, letters d) and d- bis), TUF)

The current Statutory Auditors of the Bank were appointed by the Ordinary Shareholders' Meeting of 25 March 2021, through the application of the list voting mechanism (described in section 11 and articles 22 et seq. of the Articles of Association). Their term of office expires with the Shareholders' Meeting to approve the financial statements for the year ending 31 December 2023.

For the appointment of the members of the Board of Statutory Auditors, a list was submitted by:

Studio Legale Trevisan on behalf of a group of minority shareholders consisting of institutional investors, representing a total of 8.510% of the Bank's share capital, which proposed the following candidates to the Shareholders' Meeting: (i) Ms. Paola Carrara and (ii) Mr. Fabrizio Riccardo Di Giusto and (iii) Prof. Paolo Carbone (the "List").

The List obtained a number of votes, equal to 94.978 % of the Bank's share capital represented at the Shareholders' Meeting.

The Board of Statutory Auditors in office, thus appointed by the Ordinary Shareholders' Meeting on 25 March 2021, was composed of the following 3 (three) members

Ms. Paola Carrara, standing member indicated as the first candidate in the List, who was also appointed as Chairman of the Board of Statutory Auditors;
Mr. Fabrizio Riccardo Di Giusto, who was appointed standing Auditor;
Mr. Paolo Carbone, who was appointed as Standing Auditor;

It should be noted that Ms. Paola Carrara, Chairman of the Board of Statutory Auditors, resigned with effect from the earlier of (i) the date of the Shareholders' Meeting called to approve the Company's financial statements for the year ended 31 December 2021 and (ii) 31 March 2022.

In addition to the information on the composition of the Board of Statutory Auditors set out in Table 3 - "Structure of the Board of Statutory Auditors" in the Appendix to the Report, pursuant to Article 144-decies of the Consob Issuers' Regulation, the main personal and professional characteristics of each Statutory Auditor (whose curricula vitae have been published in extracts on the Website in the section "Governance/Structure of governance/Board of Statutory Auditors") are set out below.

Paola Carrara (Chairman of the Board of Auditors)	She graduated with honours in economics and commerce from the University of Bergamo. An expert in auditing and accounting organisation, she has acquired many years of experience in industrial groups and service companies, as well as in the financial sector with reference to major national and international listed banking groups. He is a member of the board of directors of companies with positions as member and chairman of committees, as well as a member of the board of statutory auditors and of the supervisory body in several companies. She is a founding partner of an auditing and consulting company in the field of accounting and compliance services. She was a senior manager in a leading auditing firm, where she gained extensive experience, including international experience, in the field of assurance services and head of the internal audit function of a listed publishing group. She collaborates as an expert in the subject with the Faculty of Economics of the University of Bergamo on the "Accounting and Financial Statements" course. She is the author of publications and participates as a speaker at conventions, seminars and training courses organised by professional associations on topics relating to financial statements, IAS/IFRS international accounting standards,
	national accounting standards and corporate control.
Dott. Fabrizio Riccardo Di Giusto (Statutory Auditor)	He graduated in Economics and Commerce from La Sapienza University of Rome in 1994. He began his professional career dealing, in particular, with corporate and tax law. He has been a Chartered Accountant since 1999 and has been a statutory auditor of the Company since 25 March 2021. In 2002, he set up his own firm in Rome, which operates mainly in the field of economic-corporate, commercial, tax, administrative and financial consultancy in favour of groups or companies of national and international importance. He is an expert in Corporate Governance and has held and

Paola Carrara
(Chairman of the
Board of Auditors)

She graduated with honours in economics and commerce from the
University of Bergamo. An expert in auditing and accounting organisation,
she has acquired many years of experience in industrial groups and service
companies, as well as in the financial sector with reference to major
national and international listed banking groups. He is a member of the
board of directors of companies with positions as member and chairman
of committees, as well as a member of the board of statutory auditors and
of the supervisory body in several companies. She is a founding partner of
an auditing and consulting company in the field of accounting and
compliance services. She was a senior manager in a leading auditing firm,
where
she
gained
extensive
experience,
including
international
experience, in the field of assurance services and head of the
internal audit
function of a listed publishing group. She collaborates as an expert in the
subject with the Faculty of Economics of the University of Bergamo on the
"Accounting and Financial Statements" course. She is the author of
publications and participates as a speaker at conventions, seminars and
training courses organised by professional associations on topics relating
to financial statements, IAS/IFRS international accounting standards,

national accounting standards and corporate control.

Dott.
Fabrizio
Riccardo Di Giusto
(Statutory Auditor)

He graduated in Economics and Commerce from La Sapienza University of
Rome in 1994. He began his professional career dealing, in particular, with
corporate and tax law. He has been a Chartered Accountant since 1999 and
has been a statutory auditor of the Company since 25 March 2021.
In 2002, he set up his own firm in Rome, which operates mainly in the field
of economic-corporate, commercial, tax, administrative and financial
consultancy in favour
of groups or companies of national and international
importance. He is an expert in Corporate Governance and has held and

	continues to hold positions as Statutory Auditor in listed and unlisted companies, both as Chairman and as standing auditor.
Paolo Carbone (Statutory Auditor)	Graduated with honours in law from the University Federico II in Naples in 1988, he defended his thesis in private economic law on prospectuses. He subsequently specialised in administrative law at the same university with a thesis on financial market regulators. He has been a CNR researcher on the regulation of financial markets in the European Community, as well as legal advisor to the Antitrust Authority (2007-2010); legal advisor to the Authority for the protection of personal data (1999-2001); member of the Ministerial Commission for the study of the reform of the banking and financial market by appointment of the Ministry of the Treasury (1995); intern at the General Directorate of CONSOB (1988-1989). He is Professor of Comparative Private Law at the University of Rome III, where he also teaches Corporate Social Responsibility (CSR). He is a member of the Rome Bar Association and works in the fields of civil, commercial and administrative law. He is a legal advisor to the Minister of Universities and a member of the Interministerial Committee for Green State Securities. In 2008 he was awarded an Honorary Degree in Comparative Private Law by the FMU University of São Paulo. He has been a professor in several Italian and foreign universities, particularly in the Latin American area. He has been a consultant to several public and private companies for operations in domestic and foreign markets, especially in the ESG sector.

continues to hold positions as Statutory Auditor in listed and unlisted
companies, both as Chairman and as standing auditor.

Paolo Carbone
(Statutory
Auditor)

Graduated with honours in law from the University Federico II in Naples in
1988, he defended his thesis in private economic law on prospectuses. He
subsequently specialised in administrative law at the same university with
a thesis on financial market regulators. He has been a CNR researcher on
the regulation of financial markets in the European Community, as well as
legal advisor to the Antitrust Authority (2007-2010); legal advisor to the
Authority for the protection of personal data (1999-2001); member of the
Ministerial Commission for the study of the reform of the banking and
financial market by appointment of the Ministry of the Treasury (1995);
intern at the General Directorate of CONSOB (1988-1989).
He is Professor of Comparative Private Law at the University of Rome III,
where he also teaches Corporate Social Responsibility (CSR). He is a
member of the Rome Bar Association and works in the fields of civil,
commercial and administrative law.
He is a legal advisor to the Minister of Universities and a member of the
Interministerial Committee for Green State Securities.
In 2008 he was awarded an Honorary Degree in Comparative Private Law
by the FMU University of São Paulo. He has been a professor in several
Italian and foreign
universities, particularly in the Latin American area.
He has been a consultant to several public and private companies for
operations in domestic and foreign markets, especially in the ESG sector.

In 2021, 45 meetings of the Board of Statutory Auditors were held, with an average duration of approximately 3 hours and 08 minutes, and an average attendance rate of 98.33%. With regard to attendance at meetings of the Corporate Bodies in which the Board of Statutory Auditors is required to participate, in 2021

with respect to meetings of the Board of Directors, the average attendance percentage is 100% (all absences were justified by the Auditors concerned from time to time);
with respect to the Shareholders' Meeting (held on 25 March 2021), the attendance rate was 95%;
with respect to the Control and Risk Committee meetings, the attendance rate was 100%, given that at least one Auditor attended all meetings.

Approximately 45 meetings have been scheduled for the current year, of which 9 have already been held.

For further details, see Table 3 - "Structure of the Board of Statutory Auditors" in the Appendix to the Report.

Diversity criteria and policies

With reference to the appointment, the Articles of Association provide that the lists that present a number of candidates equal to or greater than three, must include candidates of different gender both in the section of the list relating to standing auditors and in that relating to alternate auditors.

The Board of Statutory Auditors in office is made up of two men and one woman.

On 17 December 2018, the Board of Statutory Auditors approved its own diversity policy, in implementation of Article 123-bis, paragraph 2, lett. d-bis), of the Consolidated Law on Finance, subsequently revised and most recently updated on 13 July 2021 to take into account and incorporate the innovations introduced by (i) the Fit & Proper Decree (ii) the "Supervisory Provisions on the procedure for assessing the suitability of representatives of banks, financial intermediaries, electronic money institutions, payment institutions and the depositor guarantee system" and (iii) the 35th update, on 2 July 2021, of Bank of Italy Circular No. 285 of 17 December 2013.

This policy describes the optimal characteristics of the composition of the supervisory body including aspects such as age, gender composition and educational and professional background - so that it can perform its supervisory duties in the most effective way, taking decisions that can concretely benefit from the contribution of a plurality of qualified and heterogeneous points of view, able to examine the issues under discussion from different perspectives. In particular, it is considered that the optimal composition of the Board of Statutory Auditors should be oriented towards meeting at least the following criteria:

(i) the presence of statutory auditors who are for the most part auditors registered in the appropriate register;

(ii) the maintenance of at least one-third of the standing members of the Board of Statutory Auditors, at the time of appointment and during the term of office, belonging to the less represented gender

(iii) the balanced combination of different age brackets within the Board of Statutory Auditors, so as to allow for a balanced plurality of professional perspectives and experiences (iv) without prejudice to the adoption of appropriate training plans to ensure that the technical skills of the auditors are preserved over time, in order to pursue a balance between the need for

continuity and renewal in control activities, observe a balanced combination of different seniority of office.

The policy is implemented in compliance with legal and statutory provisions on the appointment

of the Board of Statutory Auditors using the list voting mechanism

Independence

The Board of Statutory Auditors verified the independence of its members after their appointment, and forwarded the results of these verifications to the Board of Directors, which, (i) on 23 April 2021, having acknowledged the verifications performed, ascertained that
(i) the existence of the requirements of honourableness and professionalism provided for respectively by Articles 3 and 9 of the Fit&Proper Decree;
(ii) the existence of the independence requirements set forth in Article 14 of the Fit & Proper Decree, Article 148, paragraph 3, of the Consolidated Law on Finance, and Article 2, recommendation 7, of the Corporate Governance Code;
(iii) compliance with the criteria of fairness and competence;
(iv) compliance with the limit to the accumulation of offices provided for by Articles 17, 18 and 19 of the Decree
(v) the existence of independence of judgement, as provided for by Article 15 of the Fit&Proper Decree;
(vi) the adequate availability of time for the exercise of the office provided for by Article 16 of the Fit&Proper Decree;
(vii) through the acquisition of a self-certification made by the individual Auditor, the absence of a significant commercial, financial or professional relationship
o with the Bank, with one of its subsidiaries, or with its executive directors or top management;
o with a person who, even together with others through a shareholders' agreement, controls the Bank, or - in the case of a company or body - with its executive directors or top management;

The commercial relationship is deemed "significant" based on two parameters

continuity: more than six months' duration, and
threshold of a maximum of 10%:
of the turnover of the company or professional firm to which the auditor belongs, or
of the auditor's income as a natural person.

In the case of a Statutory Auditor who is also a partner in a professional firm or consulting firm, the Board of Statutory Auditors assesses the significance of professional relationships that may have an effect on his position and role within the firm or consulting firm or that, in any event, relate to important operations of the Bank and the Group, even independently of the quantitative parameters indicated above;

Remuneration

The Shareholders' Meeting of 25 March 2021, pursuant to Article 5, recommendation 30, of the Corporate Governance Code, taking into account the commitment required, the importance of the role covered, as well as the size and sector characteristics of the Bank, resolved to award the members of the Board of Statutory Auditors a total annual gross remuneration of Euro 215,000, of which Euro 85,000 is due to the Chairman of the Board of Statutory Auditors and Euro 65,000 to each Statutory Auditor.

Management of interests

Article 5(2) of the "Rules of the Board of Statutory Auditors" requires any Statutory Auditor who, on his own behalf or on behalf of a third party, has an interest in a given Bank transaction to promptly and fully inform the other Statutory Auditors and the Chairman of the Board of Directors of the nature, terms, origin and extent of his interest. Moreover, the Statutory Auditors are relevant persons under the RPT Rules and Article 136 of the Consolidated Banking Act. Therefore, their transactions with the Bank or its Subsidiaries will be subject to the relevant reinforced procedures to ensure the substantive and procedural fairness of related party transactions.

Pursuant to the "Rules of the Board of Statutory Auditors", as part of their activities, the Statutory Auditors may ask the Internal Audit Function to carry out checks on specific operational areas or corporate transactions. In addition, the Board of Statutory Auditors and the Control and Risk Committee promptly exchange information relevant to the performance of their respective duties. The Board of Statutory Auditors, in the performance of its activities, has coordinated on an ongoing basis with the Internal Audit Function, with the Executive in Charge and with the Auditing Company. Appropriate functional links, within the scope of their respective competences, were

established with the Control and Risk Committee, whose meetings the Board of Statutory Auditors attended during the year, as well as through continuous dialogue and the effective exchange of information between the two bodies.

12 RELATIONS WITH SHAREHOLDERS

Access to information

BFF maintains a continuous and proactive dialogue with its shareholders, BFF bond subscribers and all other stakeholders in the national and international financial community. The Group attaches fundamental importance to relations with shareholders and the market in order to create effective and two-way communication with the financial community. Transparency, non-selective dissemination and timeliness of information characterise the relationship between BFF, its shareholders and the market.

Ongoing relations with the market are entrusted to the Investor Relations, Strategy and M&A Department, which supports the Chief Executive Officer in his periodic participation in meetings and roadshows with analysts, managers and shareholders, including potential ones, during which public documents are presented on the Group's final and prospective performance.

In order to foster dialogue with institutional and private investors, analysts and rating agencies (both credit and ESG), and to maintain a constant flow of information to the market, BFF has set up a special Investors section on its website, easily identifiable and accessible from the home page of the BFF Group website, in which information concerning governance is made available, financial press releases, financial results for the period, financial statements and the Bank's sustainability, so as to allow shareholders to exercise their rights in an informed manner, as well as access to economic and financial information, data and updated documents of interest to all shareholders. All activities are carried out in compliance with the rules and internal procedures governing the disclosure of inside information, ensuring equal dissemination of news to all stakeholders; communication to the market is aimed at the principles of timeliness, relevance, clarity and transparency, reliability. For the transmission and storage of Regulated Information, BFF uses the and the STORAGE mechanism.

Dialogo con gli azionisti

On 28 September 2021, the Board of Directors adopted the Policy for the management of dialogue with shareholders and bondholders in general, with the aim of increasing the level of transparency and dialogue with the Bank's shareholders and bondholders (the so-called "Stakeholders") and of fostering the creation of value in the long term, also taking into account the engagement practices

established at national and international level, in order to increase the level of understanding of the Bank's activities at individual and Group level;

The Policy includes the obligation to operate in accordance with the principles of: (i) transparency and clarity; (ii) timeliness; (iii) equal treatment. The Policy defines the modalities of extra-meeting dialogue between the Board of Directors and stakeholders on issues falling within the Board's competence, and defines, in compliance with legal provisions, the rules of such dialogue, identifying the interlocutors, the topics to be discussed and the methods of interaction.

Excluded from the scope of application of the Policy are the activities of dialogue with the Shareholders' Meetings, where governed by specific provisions) and the exchanges between the Investor Relations - Communication Functions and Shareholders.

Also in line with the provisions of the Code, special structures have long been set up to manage dialogue with shareholders in general and investors in particular, in compliance with regulatory provisions, including internal ones, on corporate communication.

The Board of Directors appointed Caterina Della Mora as Investor Relator, with effect from 3 June 2020. The Investor Relations, Strategy and M&A ("IR") Function reports to the Chief Executive Officer of BFF. The main contact details of the IR Function are [email protected]; other contacts are indicated at the end of each financial press release and in the Investors > PR & Presentations > Contacts section of the BFF Group website.

On 29 June 2017, the Board of Directors established two Functions, both reporting to the Chief Executive Officer:

the IR Function, which is assigned the task of (i) managing relations with shareholders, equity and bond investors, financial analysts, rating agencies and other market operators (e.g. Euronext Milan), (ii) supporting the Bank in the presentation of its medium-long term strategic plans to the market, and (iii) evaluating extraordinary corporate transactions, such as acquisitions and mergers; - the Communication and Institutional Relations Department, which is responsible for managing (i) the Bank's institutional communication with the outside world, (ii) institutional relations between the Bank and its subsidiaries and the Public Administration, and (iii) relations with the Fondazione Farmafactoring.

The Investor Relator is responsible for communicating regulated and privileged information to the public (interfacing, to this end, also with the Supervisory Authorities), supporting the Chief

Executive Officer in managing relations with market operators, and overseeing the publication on the website of press releases and documentation subject to public disclosure, also for the purpose of exercising shareholders' rights.

In 2021, the Board of Directors adopted a specific engagement policy, in accordance with the indications of Article 1, recommendation no. 3, of the Corporate Governance Code.

13 SHAREHOLDERS' MEETINGS

The Shareholders' Meeting, duly convened and constituted, represents all Shareholders, and its resolutions, taken in accordance with the law and the Articles of Association, are binding on all Shareholders, even if absent or dissenting.

In accordance with current provisions, the Articles of Association (Articles 9 et seq.) provide that the Shareholders' Meeting is convened in ordinary and extraordinary session in the cases provided for by law, and deliberates on the matters attributed to it by law and by the Articles of Association. It is held at least once a year, within one hundred and twenty days from the end of the financial year, or within one hundred and eighty days from the end of the financial year (where such term is required in connection with the preparation of the consolidated financial statements, or in connection with the structure and purpose of the Company). The Extraordinary Shareholders' Meeting is called whenever it is necessary to resolve on any of the matters reserved for it by current legislation.

The Shareholders' Meeting is held in a single call, in compliance with the provisions of the law. However, in order to maintain adequate organisational flexibility, the Articles of Association reserve the right for the Board of Directors to provide for more than one call for individual Meetings, including a possible third call.

Meetings are called by the Board of Directors in accordance with the terms of the law and regulations, by means of a notice published on the Website, as well as in accordance with the other procedures provided for by the laws and regulations in force, including publication in national newspapers: as well as in accordance with the other procedures provided for by the laws and regulations in force from time to time. The agenda is established in accordance with the law and the Articles of Association by whoever exercises the power to convene the meeting. The Board of Directors shall make available to the public a report on each of the items on the agenda within the deadline for publication of the notice of call provided for each of the items on the agenda - or the different deadline provided for by other provisions of law.

Shareholders who, also jointly, represent at least 2% of the share capital may - in the cases, methods and terms indicated by the applicable legislation - request the integration of the agenda, or submit resolution proposals on items already on the agenda. Shareholders requesting the integration of the agenda shall prepare a report containing the reasons for the proposed

resolutions on the new items they propose to deal with, or for the additional proposed resolutions on items already on the agenda.

In accordance with the provisions of Article 127-ter of the Consolidated Law on Finance, Shareholders may ask questions on the items on the agenda even before the Shareholders' Meeting. Questions received before the Shareholders' Meeting shall be answered at the latest during the Meeting, also by means of a single answer to questions having the same content.

Attendance at the Shareholders' Meeting is governed by the Articles of Association and the "Regulations for Shareholders' Meetings" (Articles 2 et seq. (Articles 2 et seq., the "Meeting Regulations"), which establish that the person for whom the Issuer has received, by the end of the third trading day prior to the meeting, a communication made by the intermediary on the basis of evidence relating to the end of the accounting day of the seventh trading day prior to the date set for the Meeting, in a single call, is entitled to attend and vote. Entitlement to attend and vote remains intact if the notice is received by the issuer after the deadline indicated above, provided that it is received before the start of the meeting proceedings of the single call.

Persons entitled to attend and vote may be represented at the Shareholders' Meeting by written proxy, or conferred by electronic means when provided for by the regulations and in compliance with the same, except for the incompatibilities and limits provided for by law. They may also grant free proxy, with voting instructions on all or some of the proposals on the agenda, to a representative designated by BFF pursuant to Article 135-undecies of the TUF.

Please note that in compliance with the fundamental principles of health protection, in accordance with the provisions of art. 106, paragraph 4, of Law Decree no. 18, concerning "Measures to strengthen the National Health Service and economic support for families, workers and businesses related to the epidemiological emergency caused by COVID-19", Shareholders may not physically attend the Shareholders' Meeting, and their intervention may only take place through the designated representative pursuant to Article 135-undecies of Legislative Decree no. 58/1998 (the "Designated Representative").

In consideration of the Health Emergency and in compliance with the fundamental principles of health protection, also the Directors, the Statutory Auditors and the representatives of the auditing firm, the Notary Public, the Designated Representative, as well as the other subjects having the right to vote - who shall grant proxy or sub-delegation to the Designated Representative

(the "Designated Representative"), may intervene in the Shareholders' Meeting by means of telecommunication means that also guarantee their identification, in compliance with the provisions of Article 106, paragraph 2, of the Decree.

The Rules of Procedure of the Shareholders' Meeting regulate and guarantee the orderly conduct of the meeting, assigning the Chairman of the Shareholders' Meeting - identified as the Chairman of the Board of Directors - the task of ascertaining that the meeting has been duly constituted, ascertaining the identity and legitimacy of those present, directing and regulating the conduct of the meeting, and ascertaining and proclaiming the results of voting.

The Shareholders' Meeting is competent to decide on, inter alia, the following matters:

i) approval of the financial statements and distribution of profits;
ii) appointment and dismissal of the Board of Directors and the Board of Statutory Auditors;
iii) responsibilities of the members of the Board of Directors and the Board of Statutory Auditors;
iv) appointment and revocation of the company in charge of the legal audit;
v) transactions falling within the competence of the Extraordinary Shareholders' Meeting pursuant to law;
vi) remuneration policies and compensation plans based on financial instruments for the Group's Directors, employees and collaborators, the criteria for determining the remuneration to be granted in the event of early termination of the employment relationship or office, as well as the possible setting of a limit of 200% of fixed remuneration for variable remuneration, in accordance with the provisions of the Bank of Italy on the matter¹⁵ .

The Board of Directors reports to the Shareholders' Meeting on the activities carried out within the framework of the management report, and prepares reports on the items on the agenda within the timeframe envisaged by the regulations in force.

¹⁵ In compliance with the relevant provisions of the Bank of Italy, the Articles of Association provide that the Shareholders' Meeting shall resolve on the proposal of the Board of Directors on the limit between fixed and variable remuneration, approved by either (i) the favourable vote of at least 2/3 of the share capital represented at the Shareholders' Meeting, when the latter is constituted with at least half of the share capital; or (ii) the favourable vote of at least 3/4 of the share capital represented at the Shareholders' Meeting, regardless of the share capital with which it is constituted.

Apart from the possibility of exercising Shareholders' rights by proxy, the Shareholders' Meeting Regulations do not provide for other mechanisms to make it less difficult or onerous for Shareholders to attend the Shareholders' Meeting and exercise their voting rights.

Voting at the Shareholders' Meeting is carried out by open ballot. The Chairman of the Shareholders' Meeting may also establish that voting is carried out by means of computerized recording instruments, and, in this case, he may also request the assistance of technicians external to the Company to carry out the relevant tasks.

With reference to the Shareholders' Meetings held on 28 January, 25 March and 7 October 2021, which were held in accordance with the procedures set out in Article 106 of Decree Law No. 18 of 17 March 2020 on "Measures to strengthen the National Health Service and provide economic support for families, workers and businesses related to the epidemiological emergency caused by COVID-19", converted into Law No. 27 of 24 April 2020 (the so-called "Italy Cure Decree"), it should be noted that no proposals were received from the Shareholders regarding matters on which the directors had not formulated a specific proposal. 27 (the so-called "Cure Italy Decree"), it should be noted that no proposals have been received from Shareholders on matters on which no specific proposal had been formulated by the directors.

On 11 April 2016, the Shareholders' Meeting approved, subject to Listing, the Shareholders' Meeting Regulations which, together with the law and the Articles of Association, govern the conduct of the Bank's Ordinary and Extraordinary Shareholders' Meetings. The General Meeting Regulations are available on the Website at the following address: https://www.bffgroup.com/documents/20152/398427/Regolamento+Assembly.pdf/6485ee9e-465e-821a-f151-7737d89f1107.

During the Shareholders' Meeting held on 28 January 2021, 7 Directors took the floor.

During the Shareholders' Meeting held on 25 March 2021, 9 Directors took the floor.

During the Shareholders' Meeting held on 7 October 2021, 5 Directors took the floor.

On these occasions, the Board of Directors made available to the Shareholders, within the terms provided for by the applicable provisions of law, adequate information on the necessary elements so that they could take, with full knowledge of the facts, the decisions for which the Shareholders' Meeting is responsible.

Information on the activities carried out by the Remuneration Committee was provided to Shareholders with the Annual Report on the remuneration and incentive policies of the BFF Group, at the Shareholders' Meeting of 25 March 2021.

14 FURTHER CORPORATE GOVERNANCE PRACTICES (pursuant article. 123-bis, paragraph 2, letter a), second part, TUF)

BFF does not apply any corporate governance practices other than those described in the previous sections of this Report.

15 CHANGES SINCE THE END OF THE REPORTING PERIOD

From the closing date of the financial year to the date of approval of this Report,

on 19 January 2022, the company BFF Immobiliare Srl, 100% owned by BFF Bank SpA, was incorporated. The incorporation of the company is preparatory to the completion of the Casa BFF transaction, which will see the purchase of a building area and the subsequent development of a building for office use that will become the new headquarters of the BFF Group and will house all the Bank's employees in the city of Milan, currently divided between three different buildings.

Following the resignation of Barbara Poggiali from her position as independent, non-executive Director, as well as Chairman of the Remuneration Committee and member of the Bank's Appointments Committee, the Board of Directors met on 10 February 2022 and resolved - on the proposal of the Appointments Committee, which had been integrated pro tempore in the meantime, and subject to the approval of the Board of Statutory Auditors - to

to appoint - with the urgent procedure set forth in paragraph 2.5 of the "Supervisory Provisions on the procedure for assessing the suitability of directors of banks, financial intermediaries, electronic money institutions, payment institutions and depositor guarantee schemes" - Monica Magrì to the position of Director, by co-optation pursuant to Article 2386 of the Italian Civil Code, who will remain in office until the next Shareholders' Meeting, scheduled for 31 March 2012;
appoint Monica Magrì as a member of the Appointments Committee;
appoint Giovanna Villa, from the minority list, already Chairman of the Committee for the Evaluation of Transactions with Related Parties and Connected Persons, also Chairman of the Remuneration Committee. .

Finally, it should be noted that, on 18 February 2022, Ms. Paola Carrara, Chairman of the Board of Statutory Auditors - appointed from the list submitted by Studio Legale Trevisan & Associati on behalf of a group of minority shareholders during the Ordinary Shareholders' Meeting of 25 March 2021 - resigned with effect from the earlier of (i) the date of the Shareholders' Meeting called to approve the Company's financial statements for the year ended 31 December 2021 and (ii) 31 March 2022.

16 COMMENTS ON THE LETTER FROM THE CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE

On 22 December 2021, the Company promptly made available to the Board of Directors and the Board of Statutory Auditors (at the Board meeting held on the same date), the letter from the Chairman of the Corporate Governance Committee, Ms Patrizia Grieco (the "Communication"), containing, inter alia, the recommendations for 2022 set out in the ninth "Annual Report on the application of the Corporate Governance Code on the evolution of the Corporate Governance Code". Patrizia Grieco (the "Communication"), containing, inter alia, the recommendations for 2022 set out in the ninth "Annual report on the application of the Corporate Governance Code on the evolution of corporate governance in listed companies" (the "Recommendations"), in order to assess possible developments in governance or to fill any gaps in the application of the Corporate Governance Code.

It should be noted that the Communication was specifically examined by the Appointments Committee on 21 December and by the Board on 22 December 2021.

The Board of Directors, together with the Board of Statutory Auditors, after preliminary examination by the Appointments Committee (the "Determinations"), noted that the Corporate Governance Committee took the opportunity, given the entry into force of the new 2020 edition of the Code, to take up the recommendations made over the last four years, refining them in light of the content of the new Code. The Board also noted that a number of recommendations had already been discussed when the 2020 Code came into force, and also discussed and took certain decisions in the following areas:

- sustainable success: the Board of Directors has entrusted the JRC with advisory tasks regarding sustainable success. In particular, the Committee's Rules of Procedure state that "the Control and Risk Committee supports the Board of Directors in assessing the suitability of periodic financial and non-financial information to correctly represent the Bank's business model, strategies, the impact of its activities and the performance achieved, coordinating with any committee assigned functions related to Sustainable Success, where this does not coincide with the RAC itself". The Board of Directors decided not to set up a new committee with functions related to Sustainable Success, in light of the limited numerical composition of the board and

the desire to keep this area of discussion at the level of the entire strategic supervisory body, as well as to avoid excessively increasing the number of committees.

Il Consiglio di Amministrazione, lo scorso 28 settembre, ha adottato la "Politica per la gestione del dialogo con la generalità degli azionisti e obbligazionisti", che è stata pubblicata integralmente sul sito internet di BFF al seguente link https://investor.bff.com/it/policy-di engagement.

- proportionality: taking into account the definitions contained in the Corporate Governance Code of "concentrated ownership company" and "large company", the Bank does not fall into any of the above categories, as its shareholder base is widespread, and its capitalisation did not exceed € 1 billion on the last trading day of each of the three previous calendar years. BFF has availed itself of the simplification options provided for these companies, also pointing out that, although not classifiable as a large company, the Bank is nevertheless in line with the provisions of the Code relating to (i) the proportion of independent directors to the entire board, (ii) the holding of meetings of the independent directors in the absence of the other directors at least once a year, (iii) the task of the strategic supervisory body to define the CEO's succession plan and the procedures to be followed for the succession of top management;
- assessment of independence, that the criteria adopted by the Bank with reference to the verification of the independence requirements of the members of the Board of Directors and Board of Statutory Auditors are well defined and stringent, also considering that BFF, being a Bank, is subject not only to the indications set forth in its Articles of Association, but also to the indications set forth in the so-called Fit&Proper Decree. It should also be noted that the Rules of Procedure of the Board of Directors accurately define the quantitative criteria that determine, upon the occurrence of certain relationships, the loss of independence, in line with the indications provided on this point by the Corporate Governance Code;
- pre-meeting information: Article 10(5) of the Rules of Procedure of the Board of Directors provides that, "the Chairman, through the Corporate Affairs Secretary, shall make available to Directors and Auditors, as far as possible in advance of the date of the Board meeting - normally three days in advance - the documentation relating to the items on the agenda, adopting all useful measures to safeguard the confidentiality of the information, especially where it may be qualified as "price sensitive". The confidentiality of the data and information provided is

safeguarded by complying with the Bank's "Internal procedure for the management and external communication of price-sensitive information", as well as by the exclusive use of an IT platform that does not allow the printing and disclosure of Board documentation".

In this regard, the Board of Directors welcomes the now consolidated practice of progressively making available, once prepared, the individual documents supporting Board meetings, even before the formal disclosure of the agenda, and therefore considers it unnecessary to amend the aforementioned provision of the Regulation;

- appointment and succession of directors: the Bank has already implemented the Code's recommendations on the occasion of the Shareholders' Meeting of 25 March 2021, convened, inter alia, for the purpose of renewing the Board of Directors, having prepared and published the "Guidelines for Shareholders on the Qualitative and Quantitative Composition of the Board of Directors and for the Preparation of the Board of Directors' List", and requested those intending to submit a list (i) to provide adequate information on the compliance of the list with the "Guidelines"; and (ii) if the list contained a number of candidates exceeding half of the Directors to be elected, to indicate the candidate for the office of Chairman of the Board. BFF will continue to follow this practice in the future;
- gender equality: BFF has adopted the "Board of Directors Diversity Policy", prepared pursuant to art. BFF has adopted a "Board of Directors' Diversity Policy", prepared pursuant to Article 123 bis, letter d-bis) of the Consolidated Law on Finance, which regulates (i) the composition of the Board of Directors with reference to, for example, the age, gender and educational and professional background, including of an international nature, of its members; (ii) the objectives pursued by the Bank with regard to diversity, in the broadest sense of the term; (iii) the procedures for its implementation, and monitoring of the results achieved in the reference period with respect to the objectives pursued. This Policy defines the optimal characteristics of the composition of the Board of Directors, so that it can perform its duties in the most effective manner, taking decisions on the basis of a plurality of qualified and heterogeneous points of view, and is subject to a periodic review process and, where necessary, is updated at least once a year, if necessary with the assistance of external professionals, at the proposal of the Appointments Committee;

- remuneration policies: the Board of Directors, assisted by the Remuneration Committee, took into account the indications provided by the Corporate Governance Committee in drawing up the remuneration policy for the year 2022 (the "2022 Policy").

TABLES

TABLE 1: INFORMATION ON OWNERSHIP STRUCTURE AS AT 31/12/2021

SOCIAL CAPITAL STRUCTURE
	N° of shares	No. of voting rights	Listed (indicate markets) / unlisted	Rights and duties
Ordinary shares (specifying whether voting rights can be increased)	185.313.378 185.313.378		Euronext Milan (Già Mercato Telematico Azionario)
Preferred shares	0	0	-
Multi-voting shares	0	0	-
Other categories of shares with voting rights	0	0	-
Savings shares	0	0	-
Convertible savings shares	0	0	-
Other categories of non-voting shares	0	0	-
Other	0	0	-

OTHER FINANCIAL INSTRUMENTS (giving the right to subscribe to newly issued shares)
	Listed (indicate markets)/unlis ted	No. of instruments in circulation	Category of shares in service of conversion/exercise	No. of shares for conversion/year
Convertible bonds	N.A.	N.A.	N.A.	N.A.
Warrant	N.A.	N.A.	N.A.	N.A.

MAJOR HOLDINGS IN THE CAPITAL
Declarant	Share of ordinary Share Direct shareholder capital capital
Equinova UK HOLDCO LIMITED	14.043.704	7,58
Management	10.351.49816	5,59%

¹⁶ As at 31/12/2021, the Chief Executive Officer Massimiliano Belingheri and his Connected Persons (Bray Cross Ltd. and Scalve S.à. r.l.) held 10.17 million BFF shares, representing 5.49% of the share capital; the remaining management share refers to the BFF shares held by the 4 Vice Presidents in force at that date, and their respective Connected Persons

TABLE 2: STRUCTURE OF THE BOARD OF DIRECTORS AT THE END OF THE FINANCIAL YEAR

Board of Directors
Charge	Components	Year of birth	Date of first appointme nt (*)	In office since	In office until	List (submitters) (**)	List (M/m) (***)	Esec.	Non esec.	Indip. Cod	Indip. TUF	N. other assignme nts (****)	Participation (*)
Chairman	Messina Salvatore	1946	14.01.2013	25.03.2021	Appr. Bilancio 2023	CdA			√			N.A.	23/23
Deputy Chairman	Federico Fornari Luswergh	1964	24.04.2010	25.03.2021	Appr. Bilancio 2023	CdA			√			1	23/23
Chief Executive Officer	Massimiliano Belingheri	1974	19.12.2006	25.03.2021	Appr. Bilancio 2023	CdA		√				N.A.	23/23
Director	Amélie Scaramozzino	1988	25.03.2021	25.03.2021	Appr. Bilancio 2023	CdA			√	√	√	N.A.-	16/16
Director	Michaela Aumann	1953	21.12.2015	25.03.2021	Appr. Bilancio 2023	CdA			√	√	√	N.A.	20/23
Director	Piotr Henryk Stępniak	1963	25.03.2021	25.03.2021	Appr. Bilancio 2023	CdA			√			N.A.	16/16
Director	Domenico Gammaldi	1953	25.03.2021	25.03.2021	Appr. Bilancio 2023	CdA			√	√	√	2	16/16
Director	Barbara Poggiali	1963	05.04.2018	25.03.2021	10.02.2022	CdA			√	√	√	N.A.	23/23
Director	Giovanna Villa	1966	25.03.2021	25.03.2021	Appr. Bilancio 2023	Azionisti	m		√	√	√	3	16/16
						-------------------------------- DIRECTORS WHO LEFT DURING THE YEAR --------------------------------
Director	Barbara Poggiali	1963	05.04.2018	25.03.2021	03.02.2022	CdA
Director	Ben Carlton Langworthy	1978	05.04.2018	05.04.2018	Appr. Bilancio 2020		M		√			N.A.	3/7
Director	Isabel Aguilera	1960	05.04.2018	05.04.2018	Appr. Bilancio 2020		M					N.A.	7/7
Director	Giorgia Rodigari	1983	11.12.2019	05.04.2018	Appr. Bilancio 2020		n.a.		√			N.A.	6/7
Director	Carlo Paris	1956	05.04.2018	05.04.2018	Appr. Bilancio 2020		m			√	√	N.A.	6/7

Indicare il numero di riunioni svolte durante l'Esercizio: 23

Indicare il quorum richiesto per la presentazione delle liste da parte delle minoranze per l'elezione di uno o più membri (ex art. 147-ter TUF): 2%

NOTE

I simboli di seguito indicati devono essere inseriti nella colonna "Carica":

• Questo simbolo indica l'amministratore incaricato del sistema di controllo interno e di gestione dei rischi.

○ Questo simbolo indica il Lead Independent Director (LID).

(*) Per data di prima nomina di ciascun amministratore si intende la data in cui l'amministratore è stato nominato per la prima volta (in assoluto) nel CdA dell'Emittente.

(**) In questa colonna è indicato se la lista da cui è stato tratto ciascun amministratore è stata presentata da azionisti (indicando "Azionisti") ovvero dal CdA (indicando "CdA").. (***) In questa

colonna è indicato se la lista da cui è stato tratto ciascun amministratore è "di maggioranza" (indicando "M"), oppure "di minoranza" (indicando "m").

(****) In questa colonna è indicato il numero di incarichi di amministratore o sindaco ricoperti dal soggetto interessato in altre società quotate o di rilevanti dimensioni. Nella Relazione sulla corporate governance gli incarichi sono indicati per esteso. (*****) In questa colonna è indicata la partecipazione degli amministratori alle riunioni del CdA (indicare il numero di riunioni cui ha partecipato rispetto al numero complessivo delle riunioni cui avrebbe potuto partecipare; p.e. 6/8; 8/8 ecc.).

C.d.A.		OPC Committee		Audit and Risk Committee		n Committee	Remuneratio	Appointments Committee
Position	Componenti	(*)	(**)	(*)	(**)	(*)	(**)	(*)	(**)
Chairman	Messina Salvatore
Deputy Chairman	Federico Fornari Luswergh			16/17	M			9/9	M
Chief Executive Officer	Massimiliano Belingheri
Director	Amélie Scaramozzino	4/4	M			10/10	M
Director	Michaela Aumann	7/7	M	17/17	P
Director	Piotr Henryk Stępniak					10/10	M
Director	Domenico Gammaldi			12/12	M			5/5	P
Director	Barbara Poggiali	3/3	M			13/13	P	5/5	M
Director	Giovanna Villa	4/4	P
	----------------------------------- DIRECTORS WHO LEFT DURING THE YEAR ------------------------------
Director	Ben Carlton Langworthy							2/4	M
Director	Isabel Aguilera					3/3	M	4/4	M
Director	Giorgia Rodigari			5/5	M	3/3	M
Director	Carlo Paris	3/3	P
NOTE (*) In questa colonna è indicata la partecipazione degli amministratori alle riunioni dei comitati (indicare il numero di riunioni cui ha partecipato rispetto al

TABLE 3: BOARD COMMITTEE STRUCTURE AT THE END OF THE FINANCIAL YEAR

numero complessivo delle riunioni cui avrebbe potuto partecipare; p.e. 6/8; 8/8 ecc.). (**) In questa colonna è indicata la qualifica del consigliere all'interno del comitato: "P": presidente; "M": membro.

TABLE 4: STRUCTURE OF THE COL/BOARD OF AUDITORS AT THE END OF THE FINANCIAL YEAR

Board of Statutory
	Auditors
Charge	Components	Year of birth	Date of first appointment (*)	In office since	In office until	List (M/m) (**)	Indep. Code	Participation in Board Auditors (***)	N other assignments (****)
Chairman	Paola Carrara	1976	05.04.2018	25.03.2021	Appr Bilancio 2023	M	√	45/45
Statutory Auditor	Di Giusto Fabrizio	1966	25.03.2021	25.03.2021	Appr Bilancio 2023	M	√	32/32
Statutory Auditor	Paolo Carbone	1966	25.03.2021	25.03.2021	Appr Bilancio 2023	M	√	32/32
Substitute auditor	Claudia Mezzabotta	1970	25.03.2021	25.03.2021	Appr Bilancio 2023	M	√	-
Substitute auditor	Carlo Carrera	1968	25.03.2021	25.03.2021	Appr Bilancio 2023	M	√	-
					-----------------SINDACI CESSATI DURANTE L'ESERCIZIO -----------------
	Paola Carrara	1976	05.04.2018	25.03.2021	Appr Bilancio 2023	M	√
Patrizia	Paleologo Oriundi	1957	21.02.2007	05.04.2018	Appr Bilancio 2020			13/13
Marco	Lori	1956	25.03.2015	05.04.2018	Appr Bilancio 2020			13/13

Indicare il numero di riunioni svolte durante l'Esercizio: 45

Indicare il quorum richiesto per la presentazione delle liste da parte delle minoranze per l'elezione di uno o più membri (ex art. 148 TUF): 2%

NOTE

(*) Per data di prima nomina di ciascun sindaco si intende la data in cui il sindaco è stato nominato per la prima volta (in assoluto) nel collegio sindacale dell'Emittente. (**) In questa

colonna è indicato se la lista da cui è stato tratto ciascun sindaco è "di maggioranza" (indicando "M"), oppure "di minoranza" (indicando "m"),

(***) In questa colonna è indicata la partecipazione dei sindaci alle riunioni del collegio sindacale (indicare il numero di riunioni cui ha partecipato rispetto al numero complessivo delle riunioni cui avrebbe potuto partecipare; p.e. 6/8; 8/8 ecc.).

(****) In questa colonna è indicato il numero di incarichi di amministratore o sindaco ricoperti dal soggetto interessato ai sensi dell'art. 148-bis TUF e delle relative disposizioni di attuazione contenute nel Regolamento Emittenti Consob. L'elenco completo degli incarichi è pubblicato dalla Consob sul proprio sito internet ai sensi dell'art. 144-quinquiesdecies del Regolamento Emittenti Consob.

AI Terminal

Bff Bank

4232_rns_2022-03-16_8a283c45-1c7c-4023-a172-a7b104602f16.pdf

CORPORATE GOVERNANCE AND SHARE OWNERSHIP REPORT

Summary

GLOSSARY

CORPORATE GOVERNANCE AND SHARE OWNERSHIP REPORT YEAR 2021

PREAMBLE

1.0 PROFILE OF THE ISSUER

THEBFFGROUP

b) Restrictions on the transfer of securities (pursuant to Article 123-bis(1)(b) TUF)

c) Significant shareholdings in the capital (pursuantto Article 123-bis, paragraph 1, letter c), TUF

d) Securities granting special rights (pursuant to Article 123-bis(1)(d) TUF)

e) Employee shareholding: mechanism for exercising voting rights (ex art. 123-bis, paragraph 1, letter e), TUF)

f) Restrictions on voting rights (pursuant to Article 123-bis, paragraph 1, letter f), TUF)

g) Shareholders' agreements (pursuant to Article 123-bis, paragraph 1, letter g), TUF)

h) Change of control clauses (pursuant to Article 123-bis(1)(h) of the Consolidated Law on Finance) and provisions of the Articles of Association on takeover bids (pursuant to Articles 104(1-ter) and 104-bis(1)

i) Powers to increase share capital and authorisations to purchase treasury shares (pursuant to Article 123-bis, paragraph 1, letter m), TUF)

j) Management and coordination activities (pursuant to Article 2497 et seq. of the Italian Civil Code)

3.0 COMPLIANCE (pursuant to 123-bis, paragraph 2, letter a), first part, TUF)

4.0 BOARD OF DIRECTORS

4.1 ROLE OF THE BOARD OF DIRECTORS

4.2 APPOINTMENT AND REPLACEMENT (pursuant to art. 123-bis, paragraph 1, letter l), first part, TUF)

Diversity criteria and policies in Board composition and corporate organisation

Maximum number of offices held in other companies

4.4. OPERATION OF THE BOARD OF DIRECTORS (pursuant to Article 123-bis, paragraph 2, letter d), TUF)

4.5 RUOLO DEL PRESIDENTE DEL CONSIGLIO DI AMMINISTRAZIONE

Secretary of the Board

4.6 EXECUTIVE DIRECTORS

Chief Executive Officers

Chairman of the Board of Directors

Executive Committee (only if constituted) ( pursuant to Article 123-bis, paragraph 2, letter d), TUF)

Disclosure to the Board by directors/delegated bodies

Other executive directors

4.7 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTORS

Independent directors

Lead Independent Director

5.0 MANAGEMENT OF CORPORATE INFORMATION

6.0 INTERNAL BOARD COMMITTEES (pursuant to article. 123-bis, paragraph 2, letter d), TUF)

Composition and functioning of the RPT Committee

Functions of the OPC Committee

7.0 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS - NOMINATION COMMITTEE

7.1 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS

7.2 NOMINATION COMMITTEE

7.3 Composition and functioning of the Appointments Committee (pursuant to Article 123-bis, paragraph 2, letter d), TUF)

Functions of the nomination committee

8. REMUNERATION OF DIRECTORS - REMUNERATION COMMITTEE

REMUNERAZIONE DEGLI AMMINISTRATORI

REMUNERATION POLICY

REMUNERAZIONE DEGLI AMMINISTRATORI ESECUTIVI E DEL TOP MANAGEMENT

SHARE-BASED REMUNERATION PLANS

8.1 COMITATO REMUNERAZIONI

9.0 INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - CONTROL AND RISK COMMITTEE

I. First level controls.

II. Second level controls

III. Third level control

9.1 CHIEF EXECUTIVE OFFICER

9.2 CONTROL AND RISK COMMITTEE

Functions assigned to the control and risk committee

Head of Internal Audit Function

9.3 ORGANISATIONAL MODEL pursuant to Legislative Decree 231/2001

9.4AUDITING COMPANY

9.5 THE CHIEF REPORTING OFFICER OF PREPARING CORPORATE ACCOUNTING DOCUMENTS AND OTHER CORPORATE ROLES AND FUNCTIONS

The Head of the Risk Management Function

Head of Compliance & AML Function

9.6 COORDINATION BETWEEN THE PARTIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

10 DIRECTORS' INTERESTS AND TRANSACTIONS WITH RELATED PARTIES

11 BOARD OF STATUTORY AUDITORS

11.1APPOINTMENT AND REPLACEMENT

11.2COMPOSITION AND OPERATION (pursuant to art. 123-bis, paragraph 2, letters d) and d- bis), TUF)

Diversity criteria and policies

Independence

Remuneration

Management of interests

12 RELATIONS WITH SHAREHOLDERS

Access to information

Dialogo con gli azionisti

13 SHAREHOLDERS' MEETINGS

14 FURTHER CORPORATE GOVERNANCE PRACTICES (pursuant article. 123-bis, paragraph 2, letter a), second part, TUF)

15 CHANGES SINCE THE END OF THE REPORTING PERIOD