Report on Corporate Governance and Ownership Structures

Approved by the Board of Directors on 27 February 2024

Intesa Sanpaolo S.p.A. Registered Office: Piazza San Carlo, 156 10121 Torino, Italy Secondary Registered Office: Via Monte di Pietà, 8 20121 Milano Italy Share Capital Euro 10,368,870,930.08 - Torino Company Register and Fiscal Code 00799960158 "Intesa Sanpaolo" VAT Group representative Vat Code No. 11991500015 (IT11991500015) Included in the National Register of Banks No. 5361 ABI Code 3069.2 Member of the National Interbank Deposit Guarantee Fund and of the National Guarantee Fund and Parent Company of the banking group "Intesa Sanpaolo" included in the National Register of Banking Groups

This is an English translation of the original Italian document. In cases of conflict between the English language document and the Italian document, the interpretation of the Italian language document prevails.

prevails.

Introduction	5	PART II
OVERVIEW	7	CORPORATE GOVERNANCE SYSTEM	47
		The Board of Directors	49
THE GOVERNANCE
OF INTESA SANPAOLO	33	POWERS OF THE BOARD	49
		BOARD COMPOSITION	51
		- Composition and diversity
Compliance with the Italian Corporate Governance Code	35	- Qualitative and quantitative composition
		- Appointment mechanism
		- Term of office, replacement and removal
PART I		- Chair and Deputy Chair
OWNERSHIP STRUCTURE		- Managing Director
AND INVESTOR RELATIONS	37	SUITABILITY REQUIREMENTS	57
Information on ownership structure	39	- Independence requirements: Independent Directors
SHARE CAPITAL	39	- Management and control positions of Directors and time commitment
- Securities traded on non-European markets - Own Shares		- Board induction
		CONFLICTS OF INTEREST	62
SHAREHOLDER BASE	40	- Introduction
- Main Shareholders		- Interests of Directors
- Shareholders' Agreements		- Transactions with related parties and associated entities and obligations of bank board members
Policy for the management of dialogue		and general managers
with investors	42	SELF-ASSESSMENT OF THE BOARD
Relations with shareholders, the financial community and stakeholders –		PURSUANT TO THE SUPERVISORY PROVISIONS AND THE ITALIAN CORPORATE GOVERNANCE CODE	63
The website	43	FUNCTIONING OF THE BOARD	64
The Shareholders' Meeting: procedures and		- Calling of meetings
shareholders' rights	44	- Reports to Directors
- Intesa Sanpaolo Shareholders' Meeting		- Conduct of meetings and the decision-making
- Calling meetings and procedure at meetings		process
- Additions to the agenda and submission of new proposed resolutions		- Frequency of meetings and Director attendance
- Right to ask questions prior to Shareholders' Meeting		- Corporate Bodies and Corporate Affairs Department
- Participation and representation - The Designated Representative		THE MANAGEMENT CONTROL COMMITTEE	69
- Voting rights		- Duties and powers
- Challenges against shareholder meeting resolutions		- Composition and appointment - Term of office, replacement and removal
- Right of withdrawal		- Suitability requirements
		- Functioning of the Committee - The Committee's self-assessment

BOARD COMMITTEES: COMPOSITION AND OPERATION - Nomination Committee - Remuneration Committee - Risks and Sustainability Committee - Committee for Transactions with Related Parties	75
INFORMATION FLOWS BETWEEN AND TO CORPORATE BODIES	82
PROCESSING OF CORPORATE INFORMATION - Inside information and Insiders List - Internal Dealing	82
Remuneration	83
Operating Structure - Divisions, Governance Areas and Head Office Structures reporting directly to the Managing Director and CEO - Group Managerial Committees	85
Diversity and inclusion policy	87

PART III CONTROL AND RISK MANAGEMENT SYSTEM	89
MAIN CHARACTERISTICS	91
THE ROLE OF THE CORPORATE BODIES	93
THE ROLE OF THE MANAGERIAL COMMITTEES	94
CORPORATE CONTROL FUNCTIONS - The Chief Audit Officer - The Chief Risk Officer - The Chief Compliance Officer	96
THE MANAGER RESPONSIBLE FOR PREPARING THE COMPANY'S FINANCIAL REPORTS AND THE MONITORING OF THE FINANCIAL REPORTING PROCESS	99
THE LEGAL AFFAIRS HEAD OFFICE DEPARTMENT – GROUP GENERAL COUNSEL	100
THE SURVEILLANCE BODY AND THE ORGANISATIONAL, MANAGEMENT AND CONTROL MODEL PURSUANT TO LEGISLATIVE DECREE 231/2001	101

PART IV SUMMARY TABLES 105

Table no. 1: Composition of the Board of

Directors and Committees

Table no. 2: Lists of other management and control offices of Board Directors in other companies and entities

APPENDIX 113

Table no. 1: "Check List" Table no. 2: "Art. 123-bis – Report on corporate governance and ownership structures"

Glossary 131

Introduction

BOARD COMMITTEES:

Internal Dealing

Director and CEO

PART III

Group Managerial Committees

CONTROL AND RISK

The Chief Audit Officer - The Chief Risk Officer
The Chief Compliance Officer

THE LEGAL AFFAIRS HEAD OFFICE

THE ORGANISATIONAL, MANAGEMENT AND

THE SURVEILLANCE BODY AND

CONTROL MODEL PURSUANT TO

THE MANAGER RESPONSIBLE FOR PREPARING THE COMPANY'S FINANCIAL REPORTS AND THE MONITORING OF THE FINANCIAL REPORTING PROCESS 99

Nomination Committee - Remuneration Committee
Risks and Sustainability Committee

INFORMATION FLOWS BETWEEN AND

Inside information and Insiders List

COMPOSITION AND OPERATION 75

PART IV

SUMMARY TABLES 105

APPENDIX 113

Glossary 131

Table no. 2: "Art. 123-bis – Report on corporate

governance and ownership structures"

Table no. 1: Composition of the Board of

Table no. 2: Lists of other management and control offices of Board Directors in other

Directors and Committees

companies and entities

Table no. 1: "Check List"

Committee for Transactions with Related Parties

TO CORPORATE BODIES 82

PROCESSING OF CORPORATE INFORMATION 82

Remuneration 83

Operating Structure 85 - Divisions, Governance Areas and Head Office Structures reporting directly to the Managing

Diversity and inclusion policy 87

MANAGEMENT SYSTEM 89

MAIN CHARACTERISTICS 91

THE ROLE OF THE CORPORATE BODIES 93

THE ROLE OF THE MANAGERIAL COMMITTEES 94

CORPORATE CONTROL FUNCTIONS 96

DEPARTMENT – GROUP GENERAL COUNSEL 100

LEGISLATIVE DECREE 231/2001 101

INDEPENDENT AUDITING 102

Our Report, available in the "Governance" section of the Company's website, as well as in the authorised storage mechanism eMarket Storage, intends to provide to the market, in accordance with Article 123 bis of the Consolidated Law on Finance, annual and detailed information on ownership structures, compliance with the Italian Corporate Governance Code, the Corporate Bodies' structure and operation as well as the corporate governance practices implemented.

The Report also fulfils the disclosure obligations laid down for banks by the Supervisory Provisions on corporate governance.

The Report outlines the aspects of compliance with the Principles and Recommendations of the Code, which set out the good governance objectives and the actions considered appropriate to achieve them.

Information on the provisions of the Code concerning remuneration is mainly contained in the Report on Remuneration.

For the reader's convenience, margin notes are provided alongside the text with the relevant Principles and Recommendations of the Code, together with the requirements of paragraph 1 (ownership structures) and paragraph 2 (corporate governance) of Article 123-bis.

Next to the paragraphs are links to pages on the Company's website where the documents and information referred to in the text are published.

The Appendix to this document contains two checklists listing, respectively, the Principles and Recommendations of the Code and the provisions of Article 123-bis. Both checklists refer to the page(s) of the Report in which the matter is discussed, acknowledging that those principles and recommendations have been applied.

The checklists should be read together with the clarifications and the detailed information in the text of the Report on the effective implementation of the individual provisions.

Lastly, the Glossary provides the definitions of the terms and abbreviations used in the text.

Information contained in this Report, unless otherwise stated, refers to the position as at 27 February 2024, the date on which the Report was approved by the Board of Directors.

The Report has been audited for consistency by the independent auditors Ernst & Young, in accordance with the aforementioned Article 123-bis. Their findings are published in the Independent Auditors' Reports, prepared in accordance with Article 14 of Italian Legislative Decree No. 39/2010, and annexed to the Parent Company's and consolidated financial statements.

Overview

to the Parent Company's and consolidated financial statements.

Intesa Sanpaolo is a bank listed on Euronext Milan, a regulated market managed by Borsa Italiana. The Company's purpose is to take deposits and carry out all forms of lending activities, both directly and through its subsidiaries, together with any other transactions supporting or related to the achievement of its corporate purpose.

The Corporate Governance model and Corporate Bodies

Intesa Sanpaolo has adopted the "one-tier" management and control model, whereby management and control duties are performed, respectively, by the Board of Directors and the Management Control Committee set up within it, both appointed by the Shareholders' Meeting.

Shareholders' Meeting

The Shareholders' Meeting expresses the corporate will, in ordinary and extraordinary sessions, on the matters assigned to it by the law or by the Articles of Association. It approves the financial statements, appoints the members of the Board of Directors and of the Management Control Committee and the related Chairs, as well as one or more Board Deputy Chairs; it appoints the independent auditors.

Board of Directors		Management Control Committee
The Board – consisting of 19 members, 14 of whom are independent – is responsible for the company's management and performs guidance and strategic supervision duties. The Board appoints, from among its members, the Managing Director, who oversees the management of the company and the implementation of the Board's resolutions. It also appoints the members of the Board Committees.		The Committee – consisting of 5 Members, all independent – exercises the powers and functions assigned by the applicable legislation to the control body and to the internal control and audit committee, pursuant to Legislative Decree No. 39/2010.

	Gian Maria Gros-Pietro (C)	Alberto Maria Pisani (C)
	■ Paolo Andrea Colombo (DC) Carlo Messina (CEO) Franco Ceruti Anna Gatti ■ Liana Logiurato ■ Maria Mazzarella ■ Luciano Nebbia Bruno Maria Parigi ■ Bruno Picca ■ Livia Pomodoro Maria Alessandra Stefanelli ■ Paola Tagliavini ■ Daniele Zamboni ■ Alberto Maria Pisani ■ Roberto Franchini ■ * Fabrizio Mosca ■ Milena Teresa Motta ■ Maria Cristina Zoppo ■ ■ = independent	Roberto Franchini Fabrizio Mosca Milena Teresa Motta Maria Cristina Zoppo
	* = elected from the minority slate

In carrying out its functions, the Board is supported by special Board Committees set up within it, with proposal-making, advisory and inquiry duties, each acting within its remit.

Intesa Sanpaolo's one-tier governance model presents distinctive characteristics and significant advantages, summarised below, which are set out in detail both in this Overview and in the Report.

In carrying out its functions, the Board is supported by special Board Committees set up within it, with

Board Committees

Nomination Committee Livia Pomodoro (C) Independent

Remuneration Committee Paolo Andrea Colombo (C) Independent

Committee Paola Tagliavini (C) Independent

Franco Ceruti Anna Gatti Liana Logiurato Luciano Nebbia

Franco Ceruti Bruno Maria Parigi Bruno Picca Daniele Zamboni

Liana Logiurato Maria Mazzarella

Paola Tagliavini

Maria Alessandra Stefanelli

Paolo Andrea Colombo Gian Maria Gros-Pietro Maria Mazzarella Bruno Picca

Independent

Independent Independent

Independent

Independent Independent Independent Independent

Daniele Zamboni (C) Independent

proposal-making, advisory and inquiry duties, each acting within its remit.

It performs inquiry and advisory duties on the appointment and composition of the Board and on the appointment of the bodies of the

It proposes, advises and inquires on compensation and on remuneration and

It proposes, advises and inquires on risk governance and the organisation and operation of the internal control system. It also provides support on sustainability issues

Committee for Transactions with Related Parties

It performs the tasks and duties assigned to it by the RPT Procedures, in accordance with the provisions laid down by the Consob Regulation on related parties and the Bank of

Risks and Sustainability

main subsidiaries.

incentive systems.

(ESG).

Italy regulations.

Composition of the Bodies	▪ Size appropriate to the Group's significance and complexity ▪ All non-executive Directors except for the Managing Director ▪ More than two thirds are Independent Directors ▪ Qualified representation of minorities ▪ Full respect for diversity, including within the Board Committees ▪ Balancing and diversification of professional qualifications and skills, constantly updated and strengthened through specific induction plans ▪ Availability of time and commitment to their role by Directors
Allocation of functions	▪ Centralisation of strategic supervision and management functions within the Board ▪ Integration within the Board of the strategic supervision function with ex-ante control activity ▪ Clear definition of the roles, duties and powers of the Board, Board Committees, their Chairs, all independent, and Managing Director ▪ Clear definition and allocation of tasks of the Board Committees, mostly composed of Independent Directors
Decision-making process	▪ Sole discretion of the Board in key decisions ▪ Challenge role of the Board vis-à-vis the Managing Director and the Key Managers ▪ Structured analysis of proposals by the Board Committees ▪ Immediate circulation of information between the Bodies ▪ Important role of the Chair in encouraging effective debate within the Board ▪ System of adequate and timely information flows, within the Bodies and between the Bodies and the corporate functions
Supervision and control	▪ More direct relationship between the Board, which decides and monitors the strategic guidelines, and the Managing Director, who proposes and implements them ▪ Enhancement of the effectiveness of the control function, centralised in the Management Control Committee established within the Board ▪ Proactive role of the Management Control Committee ▪ Increasing interaction between the Management Control Committee and the Risks and Sustainability Committee for the areas where this is required by the applicable legislation

the previous two-tier governance model

Board of Directors, Management Control Committee and Board Committees

	Board Management Control of Directors Committee
Appointment	29 April 2022
Term of office	Three financial years (2022-2024)
Expiry	approval of the financial statements as at 31/12/2024
Members	19	5
Directors elected by the minority	5 (26%)	2 (40%)
Directors, less-represented gender	8 (42%)	2 (40%)
Executive Directors	1 -
Independent Directors	14 (74%)	5 (100%)
Average age of Directors	65	62
Average age of Independent Directors	63	62
	Non-executive	Non-executive Independent

Without prejudice to the general expertise required for all areas envisaged by the applicable legislation, the information provided refers to the skills declared by the individual Directors at the time they accepted the nomination. The indicated skills and expertise were subsequently strengthened and expanded through training programmes, the intensive induction plan for Board members (described in Part II of the Report) as well as in-depth discussions also during the meetings of the Corporate Bodies.

Board induction

Board of Directors, Management Control Committee and Board Committees

Appointment 29 April 2022

average age 65

Term of office Three financial years (2022-2024)

Members 19 5 Directors elected by the minority 5 (26%) 2 (40%) Directors, less-represented gender 8 (42%) 2 (40%) Executive Directors 1 - Independent Directors 14 (74%) 5 (100%) Average age of Directors 65 62 Average age of Independent Directors 63 62

Expiry approval

Age range Gender Tenure*

Board of Directors Management Control Committee

Independent

*also takes into account the offices held in the Supervisory Board and in the Management Board within the framework of the previous two-tier governance model

of the financial statements as at 31/12/2024

Non-executive Non-executive

(*) Induction of 26/2/2024

2023

(and until approval

of this Report)

Thematic areas examined in the Board of Directors' meetings in 2023

Thematic areas examined in the Management Control Committee's meetings in 2023

Thematic areas examined in the Risks and Sustainability Committee's meetings in 2023

(*) The support that the Committee provides to the Board in exercising its strategic supervision functions on sustainability, as well as in setting and monitoring climate and environmental risk objectives, is cross-sectoral and also covers the areas of "Governance and Risk Management", "Business Model and Strategic Guidelines" and "MSTs".

Board of Directors' meetings in 2023

Thematic areas examined in the Board of Directors' meetings in 2023

Relations with Supervisory Authorities

Financial Statements, CNFS, ICAAP, Budget and Business Plan

Governance, Staff and Organisation, Remuneration

Activities carried out within the scope of Group management and coordination and other controls

Regulatory compliance and principles of proper management

Internal control system, anti-money laundering regulations and adequacy of the organisational structure

IT Systems, Risk Management and Business Continuity

Relations with Supervisory Authorities and action plan monitoring

Accounting system, auditing and financial reporting

Thematic areas examined in the Management Control Committee's meetings in 2023

Risks and Controls, RAF

Shareholdings

Loans and Finance

Other

11%

13%

23%

24%

17%

21%

36%

41%

21%

Thematic areas examined in the Risks and Sustainability Committee's meetings in 2023

Internal control system

US Risk Committee

ESG matters (*)

IT systems and business continuity

Business model and strategic guidelines

Governance and risk management

Most Significant Transactions

and Risk Management", "Business Model and Strategic Guidelines" and "MSTs".

Corporate governance and organisational structure

Management Control Committee's meetings in 2023

Board Committees Committee	Members	Less represented gender	Independent members	Members elected by the minority	Number of meetings in 2023	Meetings' average length (h)
Nomination Committee	5	2*	3*	1	8	35'
Remuneration Committee	5	2	3*	1	18	1h 34'
Risks and Sustainability Committee	5	1*	3*	1	46	4h 40'
Committee for Transactions with Related Parties	5	4	5*	2*	12	1

(*) including the Chair

Board Evaluation

Performance	Self-assessment Regulations	External consultant
Yes, the self-assessment is conducted annually by both the Board and the Management Control Committee (for details, see the chapters on the two Bodies)	Yes	Yes, professional assistance of Crisci & Partners, independent consulting company and expert on corporate governance practices

A diagram is provided below summarising the Board's self-assessment process, the findings in terms of adequacy and progress made, as well as some practices that should be developed further

Information collection

Gathering of information on the qualitative-quantitative composition and functioning of the Body. According to the aspects considered, this stage involves the gathering of information already available to the Bank, as well as the use of questionnaires and individual interviews

		दर्द देर
--	--	----------	--

Data processing

Analysis and consolidation of the information gathered, while ensuring the anonymity of the Directors

Nomination Committee review

Presentation of the findings from the data processing and their collective sharing

Formalisation of the results

Preparation of the Document "Results of the Board of Directors' Self-assessment", which summarises the methodologies adopted and the results achieved

BoD review

Presentation of the Document to the BoD assessing the adequacy of the size, composition and operations of the Board and of the Committees, taking into account the findings gathered

Main results of the self-assessment: adequacy and best practices

Size and composition

Board Evaluation

Yes, the self-assessment is conducted annually by both the Board and the Management Control Committee (for details,

see the chapters on the two Bodies)

Information collection

individual interviews

Data processing

the Directors

Nomination Committee review

sharing

BoD review

the findings gathered

Performance Self-assessment

Yes

A diagram is provided below summarising the Board's self-assessment process, the findings in terms of adequacy and progress made, as well as some practices that should be developed further

Analysis and consolidation of the information gathered, while ensuring the anonymity of

Preparation of the Document "Results of the Board of Directors' Self-assessment",

which summarises the methodologies adopted and the results achieved

Presentation of the Document to the BoD assessing the adequacy of the size, composition and operations of the Board and of the Committees, taking into account

Presentation of the findings from the data processing and their collective

Formalisation of the results

Regulations External consultant

Yes, professional assistance of Crisci & Partners, independent consulting company and expert on corporate governance practices

Full and complete adequacy of the Board's composition in terms of size and quality.
Very positive overall assessment of the composition and skill mix of the members of the Board Committees and of the role and work of the Committees.
High regard is expressed for the Chair, who is unanimously acknowledged as having great experience and authority in guiding the Board, stimulating debate and encouraging the involvement of all Directors in the decision-making process, ensuring proper governance of the Bank.
Unanimous appreciation of the Managing Director and CEO for his standing, authority, professional qualities, entrepreneurial vision, commitment and concrete achievements, ability to listen and involve, transparency when communicating with the Board.

Induction Plans

▪ Widespread appreciation for the breadth and depth of the Induction programmes, also for their consistency with the scenario analysis, evolution and innovation envisaged in the 2022-2025 Business Plan. Special consideration was given to the effort put into planning and delivering the presentations, also by calling external speakers, alongside the Bank's own managers, as suggested in the previous self-assessment.

Operation

General appreciation on the Board's operation, which is deemed to have reached an optimal level in terms of both efficiency in analysis and discussion, and effectiveness in decision-making.
The timeliness in providing documentation for the meetings, and the number and content of meetings of the Independent Directors were assessed very positively.
Information flows were very satisfactory in terms of scope and continuity, as were data flows, analyses by the Committees and decision-making by the Board.
The involvement in and sharing of strategic issues were particularly appreciated and considered very useful to understand the dynamics that can impact the Bank.

Organisation of the meetings

The work of the Board and its committees was considered very satisfactory, with appreciation for the greater involvement of the Committee Chairs, who regularly report to the Board on the findings and recommendations stemming from the investigative and preparatory work carried out in the various Committees.
Engagement, open debate and comparison process and challenge were assessed very positively. This ties in with and adds to the intensive prior analyses and studies carried out by the individual Committees.
The time and attention devoted by the Board to various topic areas of relevance to the Bank, including the development of the Business Plan, ESG issues, and the evolution of the regulatory framework, are widely appreciated.

Main practices that could be developed further

It is necessary to pay attention, sufficiently in advance, to the process for ensuring the optimal composition of the new Board of Directors, given that the term of office of the current Board will expire in 2025. This should involve launching a process to identify the right mix of professional profiles, personal characteristics and aptitudes, while making sure not to waste acquired skills and knowledge.
It is important to continue to develop annual induction plans on topics consistent with the Bank's development and the implementation of the Business Plan establishment, also with reference to individual business areas.

Remuneration

The following table shows the remuneration of the members of the Corporate Bodies for financial years 2022/2023/2024, as approved by the Shareholders' Meeting of 29 April 2022 and by the Board of Directors at its meeting of 24 May 2022, pursuant to the Articles of Association and in line with the Remuneration Policies approved by the same Shareholders' Meeting. The remuneration does not include the reimbursement of any expenses incurred in connection with the office held.

Role	Gross annual remuneration (euro)	Attendance fee (euro)

Board Member who is not also a member of the Management Control Committee	120,000	/
Chair of the Board of Directors (additional remuneration)	800,000	/
Deputy Chair of the Board of Directors (additional remuneration)	150,000	/
Board Member who is also a member of the Management Control Committee	260,000	/
Chair of the Management Control Committee (additional remuneration)	65,000	/
Managing Director (additional remuneration) (*)	500,000	/
Members of Committees appointed by the Board	/	2,500
Chairs of Committees appointed by the Board	60,000	/

(*) Consistent with the criteria defined by the Group's remuneration and incentive policies, the Managing Director, in his/her capacity as General Manager, is also entitled to receive a gross annual remuneration of 2,000,000 euro, in addition to the short- and long-term incentive system in force for the Group's Top Risk Takers, as well as the supplementary pension scheme and other fringe benefits provided for the position. In 2022, the Board of Directors, as proposed by the Remuneration Committee, approved an agreement reached with the Managing Director containing specific contractual provisions on severance.

For further information and details, see the Report on Remuneration.

Control and risk management system

The internal control system is built around a set of rules, functions, structures, resources, processes and procedures aimed at ensuring, in compliance with sound and prudent management, the achievement of the following objectives

Remuneration

remuneration)

Board

(additional remuneration)

(euro) Attendance fee (euro)

120,000 /

800,000 /

150,000 /

260,000 /

65,000 /

/ 2,500

include the reimbursement of any expenses incurred in connection with the office held.

Managing Director (additional remuneration) (*) 500,000 /

Chairs of Committees appointed by the Board 60,000 /

Role Gross annual remuneration

Board Member who is not also a member of the

Chair of the Board of Directors (additional

Deputy Chair of the Board of Directors

Management Control Committee

Board Member who is also a member of the

Chair of the Management Control Committee

Members of Committees appointed by the

containing specific contractual provisions on severance.

For further information and details, see the Report on Remuneration.

Management Control Committee

verification of the implementation of Company strategies and policies

containment of risks within the limits indicated by the Bank (Risk Appetite Framework)

safeguarding of asset value and protection from losses

effectiveness and efficiency of the Company processes

reliability and security of Company information and IT procedures

prevention of the risk that the Bank may be involved, including involuntarily, in illegal activities

compliance of business operations with the law and supervisory regulations, as well as internal policies, procedures and regulations

The Corporate Bodies ensure the completeness, adequacy, functionality and reliability of the internal control system at Group level, in compliance with the Supervisory Provisions on the control system and with the Supervisory Provisions on corporate governance.

The Surveillance Body – composed of parties external to the Bank and vested with independent initiative and control powers – supervises the operation and effectiveness of and compliance with the Model 231 adopted by the Bank, pursuant to Legislative Decree 231/2001 on the administrative liability of companies, and supports the competent Bodies when implementing or amending the Model.

The internal control system is based on three levels:

Level I

This level consists of line controls designed to ensure the proper conduct of the operations. Where possible, these controls are embedded in the IT procedures. They may be carried out directly by the Operating and Business Structures (so-called "Level I functions"), including through units dedicated solely to control duties, or implemented in the back office.

Level II

This level consists of risk and compliance controls to ensure, inter alia, the correct implementation of the risk management process; observance of the operating limits assigned to the various functions; compliance of company operations with the rules, including selfgovernance rules. These controls are overseen by the Chief Compliance Officer Governance Area, to which the Anti Financial Crime Head Office Department also reports, and by the Chief Risk Officer Governance Area, to which the Internal Validation and Controls Coordination Area reports; these Structures (so-called "Level II control functions") are separate from the operating structures and from internal audit.

Level III

This level consists of internal audit controls – assigned to the Chief Audit Officer – to identify breaches of procedures and regulations, and to assess periodically the completeness, adequacy, functionality (in terms of efficiency and effectiveness) and reliability of the internal control system and information system at Group level.

The main activities under level III and II controls are described below:

Chief Audit Officer

Ensuring ongoing independent monitoring of the regular performance of the Bank and Group operations and processes, evaluating the functionality of the internal control system
Providing advice to the Group's corporate functions
Ensuring supervision of the subsidiaries' internal control system
Supporting corporate governance and ensuring that the Corporate Bodies and the competent Supervisory Authorities (ECB, Bank of Italy, Consob, etc.) promptly and systematically receive information on the control system

Chief Compliance Officer	Chief Risk Officer
• Ensuring monitoring of Group regulatory compliance risk	• Governing the process of RAF definition, approval, control and
• Defining guidelines and policies on Group regulatory compliance	implementation
• Coordinating the implementation of guidelines and policies on	• Assisting the Corporate Bodies in defining risk management
regulatory compliance	guidelines and policies
• Collaborating with the other corporate control functions to	• Coordinating the implementation of risk management guidelines
achieve effective integration of the risk management process	and policies by the Group units
• Managing relations with the Corporate Bodies and Supervisory	• Ensuring the measurement and control of Group exposure to the
Authorities on compliance issues	various types of risk
	• Ensuring the monitoring of credit quality • Validating internal risk measurement systems

The Corporate control functions also coordinate their work by participating in a dedicated Managerial Committee. The internal control and risk management system, as well as the roles of the Corporate Bodies and Structures involved, are described in detail in Part III of the Report.

Share capital and ownership structure

Level I

The internal control system is based on three levels:

The main activities under level III and II controls are described below:

Italy, Consob, etc.) promptly and systematically receive information on the control system

Bodies and Structures involved, are described in detail in Part III of the Report.

Level II

Level III

Chief Audit Officer • Ensuring ongoing independent monitoring of the regular performance of the Bank and Group operations and processes, evaluating

• Supporting corporate governance and ensuring that the Corporate Bodies and the competent Supervisory Authorities (ECB, Bank of

Chief Compliance Officer Chief Risk Officer

The Corporate control functions also coordinate their work by participating in a dedicated Managerial Committee. The internal control and risk management system, as well as the roles of the Corporate

implementation

guidelines and policies

various types of risk

and policies by the Group units

• Ensuring the monitoring of credit quality • Validating internal risk measurement systems

• Governing the process of RAF definition, approval, control and

• Assisting the Corporate Bodies in defining risk management

• Coordinating the implementation of risk management guidelines

• Ensuring the measurement and control of Group exposure to the

the functionality of the internal control system • Providing advice to the Group's corporate functions

• Ensuring supervision of the subsidiaries' internal control system

• Ensuring monitoring of Group regulatory compliance risk • Defining guidelines and policies on Group regulatory compliance • Coordinating the implementation of guidelines and policies on

• Collaborating with the other corporate control functions to achieve effective integration of the risk management process • Managing relations with the Corporate Bodies and Supervisory

regulatory compliance

Authorities on compliance issues

Intesa Sanpaolo's share capital amounts to 10,368,870,930.08 euro, divided into 18,282,798,989 ordinary shares without nominal value as set out below:

	No. of shares	% share capital	Listing	Rights
Ordinary shares	18,282,798,989	100%	Euronext Milan	Right to attend and vote at Ordinary and Extraordinary Shareholders' Meetings (each share carries one voting right)
Other information YES					NO
Restrictions on voting rights x
Increased voting rights ("voto maggiorato") x
Securities granting special rights					x
Limitations on share ownership				x
Restrictions on share transfers					x
Employee share ownership					x
Shareholders' agreements					x(*)
Minimum shareholding for submission of slates 0.5%

(*) The shareholders' consultation and voting agreement concerning the submission, at the Shareholders' Meeting held on 29 April 2022, of a joint slate for the appointment of the Board and the Management Control Committee expired with the appointment of the Bodies by the Shareholders' Meeting (see Part I of the Report)

According to the entries in the Shareholders' Register and other available information concerning the dividends paid, the approximate number of Intesa Sanpaolo shareholders is 378,000; the chart below shows the trend in their number:

(1 ) This figure refers to an estimate based on the mass survey of the Intesa Sanpaolo shareholder base available (May 2019), plus the evidence from the subscriptions to the Public Purchase and Exchange Offer on UBI Banca shares ( 2 ) This figure refers to the coupon presentation date of the distribution of part of the extraordinary reserve for the 2020 results, approved by the Ordinary Shareholders' Meeting held on 14 October 2021

( 3 ) This figure refers to the coupon presentation date for the distribution of dividends and of part of the Share premium reserve approved by the Ordinary Shareholders' Meeting held on 29 April 2022

( 4 ) This figure refers to the coupon presentation date for the distribution of dividends approved by the Ordinary Shareholders' Meeting held on 28 April 2023

The list of the main shareholders is provided in Part I of the Report.

Foreign institutional

The following chart shows the ownership structure by geographical area, type of shareholders and size of shareholding, on the basis of the names of the recipients of the distribution to shareholders of dividends, provided by the intermediaries (coupon presentation date 22 May 2023).

Ownership structure by geographical area

Ownership structure by type of shareholders

Ownership structure by size of shareholding

Number of shareholders	Size of shareholding	Number of shares (%)
311,386	1 - 10,000	806,710,432 (4.42)
58,883	10,001 - 100,000	1,660,823,884 (9.08)
5,446	100,001 - 500,000	1,121,866,714 (6.14)
777	500,001 - 1,000,000	555,424,746 (3.04)
881	1,000,001 - 5,000,000	1,956,477,608 (10.70)
380	≥ 5,000,001	11,948,219,022 (65.35)

Shareholders' Meeting

45.74%

shareholders Size of shareholding Number of shares (%)

311,386 1 - 10,000 806,710,432 (4.42) 58,883 10,001 - 100,000 1,660,823,884 (9.08) 5,446 100,001 - 500,000 1,121,866,714 (6.14) 777 500,001 - 1,000,000 555,424,746 (3.04) 881 1,000,001 - 5,000,000 1,956,477,608 (10.70) 380 ≥ 5,000,001 11,948,219,022 (65.35)

52.75%

Foreign institutional

Italian institutional

Other Italian investors

Individual reports not

investors Former banking foundations Retail shareholders

Italy

Continental Europe

USA and Canada

UK and Ireland

Rest of the world

Individual reports not available

investors

Own shares

available

dividends, provided by the intermediaries (coupon presentation date 22 May 2023).

14.19% 1.13%

Ownership structure by geographical area

6.61%

16.43%

Ownership structure by type of shareholders

25.76%

7.37%

0,19%0.14% 1.13%

Ownership structure by size of shareholding

19.27%

19.15%

Number of

The Shareholders' Meeting is the final step on a path of information, dialogue and discussion with Intesa Sanpaolo's shareholders, enabling them to cast an informed vote, in the manner and on the topics reserved for it by law and by the Articles of Association.

The Shareholders' Meeting is called by notice(1) published on the Company's website at least thirty days prior to the meeting date, and, in extract, in daily newspapers.

If the Shareholders' Meeting is called to appoint Board Directors, the notice must be published by an earlier deadline of forty days prior to the meeting date(2).

The Shareholders' Meeting may be attended by persons holding voting rights at the close of the accounting day on the seventh trading day prior to the date of the meeting on first or single call (record date), who have sent the Company a notice of participation through the authorised intermediary.

Shareholders severally or jointly representing at least one-fortieth of the share capital may, within ten days of publication of the notice of call, request additions to the list of items on the agenda or submit proposed resolutions on items already on the agenda, specifying the additional items or proposals in their request.

Those entitled to vote may be represented at the Shareholders' Meeting through proxy. Moreover, for each Shareholders' Meeting, Intesa Sanpaolo appoints a "Designated Representative", giving information thereof in the notice of call. The entitled persons may appoint him/her as their proxy free of charge, with voting instructions on all or some of the agenda items.

Those entitled to vote may ask questions concerning items on the agenda even prior to the Shareholders' Meeting, by the deadline stated in the notice of call.

(1) The notice of call provides detailed information on the day, time and place of the meeting, as well as the items on the agenda; it also provides information on the procedures for participating and voting in the Shareholders' Meeting, the record date, the term and methods for asking questions on items on the agenda, and the methods for obtaining the Meeting documentation. The Shareholders' Meeting reports and documents to be submitted to the Meeting are made available to the public at Intesa Sanpaolo registered office and in the dedicated section of its website ("Governance" / "Shareholders' Meeting") – accessible directly from the homepage – by the deadline for publication of the notice set according to the items on the agenda and in any event by the deadline established by law.

(2) In this case, shareholders holding at least 0.5% of the share capital (or any other lower percentage under applicable legislation) may submit a slate of candidates for the position of Director containing from a minimum of 2 (two) to a maximum of 19 (nineteen) names. The slate must be filed with the registered office at least 25 calendar days before the day scheduled for the Shareholders' Meeting on first call and is made available to the public at the Company's registered office, on its website and in any other way required by applicable law, at least 21 days before the date of the Meeting.

Intesa Sanpaolo considers the dialogue between the Board of Directors and the shareholders/investors to be key to achieving the company's sustainable success.

The "Policy for the management of dialogue with investors" sets out the principles that specifically govern the dialogue of the Board of Directors with investors (meaning investors, including potential investors, other than natural persons and, in the case of natural persons, only the holders of Intesa Sanpaolo shares) and proxy advisors.

The text of the "Policy" is published on the website; detailed information on the Policy is provided in Part I of the Report.

Shareholders' majorities

At Intesa Sanpaolo, the quorum required for the validity of the Shareholders' Meetings and of its resolutions – both in ordinary and extraordinary session – is that determined by applicable regulations.

The quorum required for Shareholders' Meetings is the proportion of share capital that must be represented in order for the Meeting to be declared valid. Voting majorities refer to the proportion of share capital required for the shareholders' resolutions to be approved.

The Shareholders' Meeting is usually held in single call, with the application of the following quorums:

Ordinary Shareholders' Meeting	Single call

Meeting quorum	The proportion of share capital represented by the entitled parties attending
Voting majority (*)	Absolute majority of the share capital represented at the Shareholders' Meeting

(*) Pursuant to the Supervisory Provisions on remuneration, the Board's proposal regarding the setting of a limit higher than 100% (1:1 ratio) for the ratio between the variable and the fixed component of the individual remuneration of key personnel is approved by the ordinary Shareholders' Meeting when: (i) the meeting is held with at least half of the share capital and the resolution is taken with the favourable vote of at least 2/3 of the share capital represented at the Meeting; or (ii) the resolution is passed with a favourable vote of at least 3/4 of the share capital represented at the Meeting, regardless of the quorum with which it was constituted.

The foregoing is without prejudice to the provisions of the Articles of Association for the election of the Board and the Management Control Committee; on this point, reference is made to the detailed description contained in Part II of the Report.

Extraordinary Shareholders' Meeting	Single call

Meeting quorum	Any number of entitled parties representing at least one-fifth of the share capital
Voting majority	At least two-third majority of the share capital represented at the Shareholders' Meeting

Share capital attendance at the Shareholders' Meeting in the last five years

During financial year 2023, the Shareholders' Meeting was held on 28 April in ordinary session and lasted 30 minutes.

Shareholders' majorities

constituted.

Extraordinary Shareholders'

53%

52%

The quorum required for Shareholders' Meetings is the proportion of share capital that must be represented in order for the Meeting to be declared valid. Voting majorities refer to the proportion of

The Shareholders' Meeting is usually held in single call, with the application of the following quorums:

Ordinary Shareholders' Meeting Single call

Meeting quorum The proportion of share capital represented by the entitled parties attending

Voting majority (*) Absolute majority of the share capital represented at the Shareholders' Meeting (*) Pursuant to the Supervisory Provisions on remuneration, the Board's proposal regarding the setting of a limit higher than 100% (1:1 ratio) for the ratio between the variable and the fixed component of the individual remuneration of key personnel is approved by the ordinary Shareholders' Meeting when: (i) the meeting is held with at least half of the share capital and the resolution is taken with the favourable vote of at least 2/3 of the share capital represented at the Meeting; or (ii) the resolution is passed with a favourable vote of at least 3/4 of the share capital represented at the Meeting, regardless of the quorum with which it was

The foregoing is without prejudice to the provisions of the Articles of Association for the election of the Board and the Management

Meeting Single call

Meeting quorum Any number of entitled parties representing at least one-fifth of the share capital

Voting majority At least two-third majority of the share capital represented at the Shareholders'

Share capital attendance at the Shareholders' Meeting in the last five years

Meeting

Control Committee; on this point, reference is made to the detailed description contained in Part II of the Report.

57%

2019 2020 2021 (28/04) 2021 (14/10) 2022 2023

56% 56%

57%

share capital required for the shareholders' resolutions to be approved.

All the proposed resolutions were approved; below are the items on the agenda with the respective percentages of votes in favour.

The Shareholders' Meeting can be Ordinary or Extraordinary:

The Ordinary Shareholders' Meeting, whose duties include approving the financial statements, must be called at least once a year, no later than one hundred and eighty days after the end of the financial year.
The Extraordinary Shareholders' Meeting is called to approve amendments to the Articles of Association (without prejudice to the Board's power to align the Articles of Association with the law), merger and demerger transactions in the cases provided for by law, and on any other matter within its purview pursuant to the law.

Shareholders' Meeting of 28 April
2022 financial statements ➢ Approval of the Parent Company's 2022 financial statements ➢ Allocation of net income for the year and distribution of dividend to shareholders	99.69% 99.59%
Remuneration ➢ a) Report on remuneration policy and compensation paid: Section I – Remuneration and incentive policies of the Intesa Sanpaolo Group for 2023 ➢ b) Report on remuneration policy and compensation paid: non-binding resolution on Section II – Disclosure on compensation paid in the financial year 2022 ➢ c) Approval of the 2023 Annual Incentive Plan based on financial instruments	88.07% 93.84% 97.69%
Own shares ➢ a) Authorisation to purchase and dispose of own shares to serve the Incentive Plans of the Intesa Sanpaolo Group ➢ b) Authorisation to purchase and dispose of own shares for trading purposes	98.49% 99.49%

The full text of the resolutions adopted is contained in the minutes published on the Bank's website ("Governance" / "Shareholders' Meeting"), where the reports of the Meeting and related documentation are also published, along with the Summary report of the respective votes.

The next Shareholders' Meeting will be held on 24 April 2024.

For the 2023 Shareholders' Meeting, Intesa Sanpaolo exercised the right, granted by Italian law to listed companies, to provide that those entitled to participate and vote in Shareholders' Meetings could do so exclusively through the Designated Representative pursuant to Article 135 undecies of the Consolidated Law on Finance. At the Turin headquarters, where the Shareholders' Meeting was convened, the Chair, some Directors, the Designated Representative (Computershare S.p.A.) and the Secretary (Notary) were present in person; all the other Board Directors participated remotely.

This participation method – suitably communicated in the notice of call of the Shareholders' Meeting – improved the flexibility and efficiency of the Shareholders' Meeting process, with clear benefits for the Company and the shareholders, enhancing the pre-meeting dialogue process with a view to giving the shareholders full reporting transparency and equal access to the information needed to make informed voting decisions.

Intesa Sanpaolo fully enhanced the role of the Designated Representative and fully safeguarded the shareholders' right to take part in the Shareholders' Meeting via a tool made available free of charge; moreover, where the proxy was (issued through the Bank's dedicated IT platform, the deadline for giving the proxy was extended, for those entitled, until the day before the Shareholders' Meeting.

To ensure active participation in the Shareholders' Meeting decision-making processes and, hence, to confer proxy and voting instructions to the Designated Representative on an informed basis, Intesa Sanpaolo provided that the Bank's answers to the premeeting questions and new proposed resolutions submitted (including individually) by shareholders on the agenda items had to be published on the website before the deadline for giving proxy and voting instructions to the Designated Representative.

The casting of votes by shareholders and institutional investors was done in an informed and knowledgeable manner, taking into account, among other things, the Bank's answers to questions submitted in advance on the agenda items; the level of participation in the meeting proved to be unchanged compared to the "in-person" mode.
The function of informing shareholders was fulfilled by continuously publishing information on the website, where every shareholder/investor was able to consult all the Shareholders' Meeting documents and notices, including the reports on the agenda items, and any other documentation relevant to the process leading up to the vote.
Exchanges and discussions with shareholders/investors were held continuously including when presenting the results of operations – and well in advance of the date set for the vote, in the manner laid down in the Policy for the management of dialogue with shareholders and via the additional appropriate communication channels.

Information on questions submitted in advance pursuant to Article 127 ter CLF at the Shareholders' Meetings called to approve the financial statements

Shareholders' Meeting	Number of shareholders	Number of questions submitted in advance
28 April 2023	8	273
29 April 2022	6	225
28 April 2021	10	226
27 April 2020	7	207
30 April 2019	8	244

The sustainability commitment

Intesa Sanpaolo, in setting itself the goal of continuing to generate value for all its stakeholders while building a profitable, innovative and sustainable Bank of the Future, is also aware of the impacts associated with its activities on the economy, the environment and people.

At the strategic level, the Group aims to further strengthen its leading position in ESG themes (Environmental, Social and Governance), with a world-class position in Social Impact and strong focus on climate. Indeed, ESG issues are one of the four pillars of the Group's 2022-2025 Business Plan for robust and sustainable value creation.

In order to establish a framework of values and principles, and to provide disclosures on the various sustainability/ESG issues, Intesa Sanpaolo adopts and publishes specific documents, including the Code of Ethics, the Consolidated Non-financial Statement (CNFS), the TCFD Report1 and the PRB Report2 – available on the Company's website and to which reference should be made – as well as various policies regarding specific ESG matters and areas of the Bank's activities (human rights, environment, loans to specific sectors).

The Code of Ethics – last updated in June 2023 – is a voluntary self-regulatory tool adopted by
all Group companies and is an integral part of the sustainability management model. It sets out
the mission, the corporate values and the principles governing relations with all parties, internal or
external, directly or indirectly involved in or impacted by the performance of the company's
activities (stakeholders). For some particularly important areas, the Code of Ethics refers to the
rules and principles consistent with the best international standards. The Code lays the framework
for embedding social and environmental considerations in corporate processes, practices and
decisions, spelling out the pillars of our corporate culture. All the Group's people, in Italy and
abroad, are expected to behave in a manner that complies and is consistent with the values and
principles set out in the Code. Each Group company must ensure that its actions and activities
match those values and principles, consistently with its specific characteristics.

in advance

to approve the financial statements

Directors participated remotely.

The casting of votes by shareholders and institutional investors was done in an informed and knowledgeable manner, taking into account, among other things, the Bank's answers to questions submitted in advance on the agenda items; the level of participation in the meeting

The function of informing shareholders was fulfilled by continuously publishing information on the website, where every shareholder/investor was able to consult all the Shareholders' Meeting documents and notices, including the reports on the agenda items, and any other

Exchanges and discussions with shareholders/investors were held continuously – including when presenting the results of operations – and well in advance of the date set for the vote, in the manner laid down in the Policy for the management of dialogue with shareholders and

Information on questions submitted in advance pursuant to Article 127 ter CLF at the Shareholders' Meetings called

Shareholders' Meeting Number of shareholders Number of questions submitted

28 April 2023 8 273 29 April 2022 6 225 28 April 2021 10 226 27 April 2020 7 207 30 April 2019 8 244

proved to be unchanged compared to the "in-person" mode.

documentation relevant to the process leading up to the vote.

via the additional appropriate communication channels.

The CNFS – approved annually by the Board – reports on the Group's ESG commitments and achievements with respect to its stated objectives and values, and the expectations of its stakeholders, who are involved in a systematic process of listening and dialogue.

Moreover, Intesa Sanpaolo publishes, on a voluntary basis, a half-yearly Consolidated Nonfinancial Statement with the key indicators.

The TCFD Report – approved by the Board – provides climate-related information in accordance with the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD). The report is divided into the four pillars of the recommendations (Governance, Strategy, Risk Management, and Metrics and Targets) and its 2022 edition includes a Transition Plan on Net Zero targets. As of the 2023 edition, it has been renamed Climate Report.

¹ Report prepared in accordance with the Recommendations issued by the Task Force on Climate-related Financial Disclosures (TCFD) in June 2017, which Intesa Sanpaolo joined in October 2018, for the voluntary disclosure of transparent reporting on climate change-related risks and opportunities.

² Report on the progress made in implementing the Principles for Responsible Banking (PRB), of which Intesa Sanpaolo is a founding signatory.

The initiatives put in place by Intesa Sanpaolo have enabled the Group to receive several recognitions, such as inclusion for the thirteenth consecutive year – the only Italian bank – in the Dow Jones Sustainability Indices (World and Europe), which are among the most important international stock market sustainability indices.

Intesa Sanpaolo has been confirmed first in Europe for relations with institutional investors and financial analysts as well as for ESG aspects in the 2023 ranking by Institutional Investor, which also placed Intesa Sanpaolo's Board, for the second consecutive year, at the top of its ranking of European banks' boards.

For more details, please refer to the CNFS.

Some of the ESG issues examined by the Board of Directors in 2023 are:

➢ 2022 Consolidated Non-financial Statement pursuant to Italian Legislative Decree 254/2016
➢ Update of the Code of Ethics
➢ Report on the Code of Ethics and on the principles of social and environmental responsibility
➢ 2022 Principles for Responsible Banking Report
➢ Update of the Group guidelines for the governance of environmental social and governance (ESG) risks
➢ Update of the Guidelines for the Governance of the Group's Most Significant Transactions
➢ 2022 Modern Slavery Statement
➢ Gender neutrality of the Group's Remuneration Policies Gender pay gap analysis
➢ Update of the Principles on Diversity, Equity and Inclusion
➢ Disclosure on gender equality and application of the Diversity, Equity and Inclusion Principles.

Lastly, a dedicated Induction meeting was held on the subject of "Update on the activities of the ESG Control Room and the Group's main ESG development projects".

Sustainability governance

➢ 2022 Consolidated Non-financial Statement pursuant to Italian Legislative Decree 254/2016

➢ Report on the Code of Ethics and on the principles of social and environmental responsibility

➢ Update of the Group guidelines for the governance of environmental social and governance

➢ Disclosure on gender equality and application of the Diversity, Equity and Inclusion

Lastly, a dedicated Induction meeting was held on the subject of "Update on the activities of the

➢ Update of the Guidelines for the Governance of the Group's Most Significant Transactions

➢ Gender neutrality of the Group's Remuneration Policies – Gender pay gap analysis

Some of the ESG issues examined by the Board of Directors in 2023 are:

market sustainability indices.

For more details, please refer to the CNFS.

➢ Update of the Code of Ethics

➢ 2022 Modern Slavery Statement

(ESG) risks

Principles.

➢ 2022 Principles for Responsible Banking Report

➢ Update of the Principles on Diversity, Equity and Inclusion

ESG Control Room and the Group's main ESG development projects".

boards.

Intesa Sanpaolo has steadily strengthened its sustainability/ESG governance over the years; below are the main responsibilities of the Bank's Bodies and Structures in the area of sustainability/ESG.

Board of Directors

The Board, with the support of the Risks and Sustainability Committee, approves the updates to the Code of Ethics, as well as the strategic guidelines and policies on sustainability (ESG), including the social and cultural responsibility model and the fight against climate change – taking into account the objectives of solid and sustainable value creation and distribution to all stakeholders; again with the support of the Risks and Sustainability Committee, it approves the CNFS and any other key reporting in this area, monitoring the Group's sustainability performance, including in the fight against climate change, and ensuring that the CNFS is drawn up and published in compliance with the regulations.

Risks and Sustainability Committee

The Committee supports the Board in the following areas: assessing and investigating sustainability issues (ESG) and approving the related strategic guidelines and policies, including the social and cultural responsibility model and the fight against climate change, so as to strengthen risk monitoring and taking into account the objectives of sound and sustainable value creation and distribution for all stakeholders; verifying that sustainability risks, in particular climate and environmental risks, are included in the framework for determining risk appetite; approving the list of ESG-sensitive sectors for the Group's lending activity; approving the updates to the Code of Ethics, the Diversity and Inclusion Policy, the CNFS, and any other key reports submitted to the Board; examining the Report on the Code of Ethics; verifying the Group's positioning with respect to national and international best practices, with particular reference to Intesa Sanpaolo's participation in the main sustainability indices.

Management Control Committee

The Committee, which is provided annually with a Report on the implementation and governance of the Code of Ethics, supervises compliance with the principles and values of the Code, with the assistance of the competent sustainability (ESG) and internal audit functions. With reference to the CNFS, it oversees compliance with the provisions of Legislative Decree No. 254/2016 and provides information on the matter in the annual report to the Shareholders' Meeting.

Managing Director and CEO

The Managing Director and CEO governs sustainability performance and has the power to submit proposals to the Board for the adoption of resolutions within its remit.

Steering Committee

The Committee cooperates in identifying potentially significant sustainability issues in order to define and update material issues. It collaborates in defining the strategic guidelines and sustainability policies, including the social and cultural responsibility model and the fight against climate change, which the Managing Director submits to the competent Board Committees and the Board. It reviews the CNFS and any other reports of particular relevance to sustainability issues, prior to their submission to the Board.

ESG Control Room

It supports the Steering Committee – Business Plan and Sustainability (ESG) Session – in the strategic proposition relating to ESG issues; it coordinates the implementation of the most relevant ESG initiatives and assesses the opportunity and soundness of any new initiatives in this area. It relies on the Sustainability Managers, identified in each Area and Division, who guarantee an overall and integrated supervision of ESG initiatives for the relevant scope and contribute to the Group's strategic proposition on these issues.

ESG & Sustainability – Financial Market Coverage Department, Chief Financial Officer Area

It oversees the process of defining, approving and updating the sustainability guidelines, in accordance with corporate strategies and objectives; it updates the Code of Ethics and monitors its application with the support of the internal audit function; it drafts the CNFS, the PRB Report and TCFD Report; it oversees relations with the financial community on sustainability/ESG issues; it supervises the promotion and implementation of sustainability aspects in the Group's strategies and operations, including Climate Change issues, also in collaboration with other structures; it manages the Group's communication and training on sustainability; it oversees stakeholder engagement activities on sustainability issues.

The Intesa Sanpaolo Group

As Parent Company of the Banking Group, Intesa Sanpaolo exercises, pursuant to the Consolidated Law on Banking, the functions of management and coordination of the companies belonging to the Banking Group and issues to them the necessary provisions to ensure compliance with and performance of the Bank of Italy's instructions in the interest of the Group's stability. Furthermore, pursuant to Articles 2497 et seq. of the Italian Civil Code, Intesa Sanpaolo exercises management and coordination activities over all the other subsidiaries, with the exception of Risanamento S.p.A.

Intesa Sanpaolo also exercises these activities over the insurance company Intesa Sanpaolo Vita, which, pursuant to Italian Legislative Decree No. 209/2005 (the "Private Insurance Code") and its implementing provisions, is the head company of the Intesa Sanpaolo Vita Insurance Group. As such, Intesa Sanpaolo Vita exercises management and coordination activities over the Italian companies belonging to the Insurance Group, namely Intesa Sanpaolo Assicura S.p.A., Fideuram Vita S.p.A., Intesa Sanpaolo Insurance Agency S.p.A., Intesa Sanpaolo RBM Salute S.p.A. and InSalute Servizi S.p.A., pursuant to Articles 2497 et seq. of the Italian Civil Code.

Intesa Sanpaolo has adopted Group Regulations which govern the institutional operations of the Intesa Sanpaolo Group and intragroup relationships, in accordance with supervisory regulations which assign responsibility for the overall consistency of Group governance to the parent company, through management and coordination activities.

Banca dei Territori	This Division focuses on the market and the central role of the territory in strengthening relationships with households, small and medium-sized enterprises and non-profit entities. The Division includes industrial credit, leasing and factoring activities, and the digital bank Isybank (which also operates in instant banking through Mooney, a partnership with the Enel Group).
IMI Corporate & Investment Banking	Global partner for corporates, financial institutions and the public administration in a medium/long term perspective, at domestic and international level. It includes capital market and investment banking activities and operates in 25 countries to support the cross-border operations of its customers through a specialised network of branches, representative offices and subsidiaries that engage in corporate banking activity.
International Subsidiary Banks	This Division includes subsidiaries engaged in commercial banking activities in the following countries: Albania (Intesa Sanpaolo Bank Albania), Bosnia-Herzegovina (Intesa Sanpaolo Banka Bosna i Hercegovina), Croatia (Privredna Banka Zagreb), Egypt (Bank of Alexandria), Moldova (Eximbank), Czech Republic (the Prague branch of VUB Banka), Romania (Intesa Sanpaolo Bank Romania), Serbia (Banca Intesa Beograd), Slovakia (VUB Banka), Slovenia (Intesa Sanpaolo Bank), Ukraine (Pravex Bank) and Hungary (CIB Bank).
Private Banking	This Division serves customers in the Private and High Net Worth Individuals segment by offering targeted products and services. It includes Fideuram-Intesa Sanpaolo Private Banking, with 6,696 private bankers.
Asset Management	This Division provides asset management solutions to the Group's customers, non-Group distribution networks and institutional customers. It includes Eurizon, with 311 billion euro of assets under management.
Insurance	This Division provides insurance and pension products to Group customers. With direct deposits of 173 billion euro, the Division includes Intesa Sanpaolo Vita – which controls Intesa Sanpaolo Assicura, Intesa Sanpaolo RBM Salute and Intesa Sanpaolo Insurance Agency as well as InSalute Servizi – and Fideuram Vita.

The Group's activities are structured into six Divisions reporting directly to the Managing Director and CEO.

The Intesa Sanpaolo Group

Intesa Sanpaolo is the Parent Company of the Banking Group with the same name. In addition to controlling the Group's companies, it holds controlling interests in other companies belonging to the broader corporate Group, which provides, among other things, insurance and business services. As Parent Company of the Banking Group, Intesa Sanpaolo exercises, pursuant to the Consolidated Law on Banking, the functions of management and coordination of the companies belonging to the Banking Group and issues to them the necessary provisions to ensure compliance with and performance of the Bank of Italy's instructions in the interest of the Group's stability. Furthermore, pursuant to Articles 2497 et seq. of the Italian Civil Code, Intesa Sanpaolo exercises management and coordination activities

The Group's activities are structured into six Divisions reporting directly to the Managing Director and

banking activities and operates in 25 countries to support the cross

countries: Albania (Intesa Sanpaolo Bank Albania), Bosnia

Bank), Ukraine (Pravex Bank) and Hungary (CIB Bank).

targeted products and services. It includes Fideuram

This Division focuses on the market and the central role of the territory in strengthening

Division includes industrial credit, leasing and factoring activities, and the digital bank Isybank (which also operates in instant banking through Mooney, a partnership with the Enel Group).

Global partner for corporates, financial institutions and the public administration in a medium/long

term perspective, at domestic and international level. It includes capital market and investment

customers through a specialised network of branches, representative offices and subsidiaries that

This Division includes subsidiaries engaged in commercial banking activities in the following

Bosna i Hercegovina), Croatia (Privredna Banka Zagreb), Egypt (Bank of Alexandria), Moldova (Eximbank), Czech Republic (the Prague branch of VUB Banka), Romania (Intesa Sanpaolo Bank Romania), Serbia (Banca Intesa Beograd), Slovakia (VUB Banka), Slovenia (Intesa Sanpaolo

This Division serves customers in the Private and High Net Worth Individuals segment by offering

distribution networks and institutional customers. It includes Eurizon, with 311 billion euro of

Assicura, Intesa Sanpaolo RBM Salute and Intesa Sanpaolo Insurance Agency as well as InSalute

This Division provides asset management solutions to the Group's customers, non

Insurance This Division provides insurance and pension products to Group customers. With direct deposits

of 173 billion euro, the Division includes Intesa Sanpaolo Vita

-sized enterprises and non

-profit entities. The

-border operations of its

-Herzegovina (Intesa Sanpaolo Banka

-Intesa Sanpaolo Private Banking, with 6,696

– which controls Intesa Sanpaolo

-Group

over all the other subsidiaries, with the exception of Risanamento S.p.A.

S.p.A., pursuant to Articles 2497 et seq. of the Italian Civil Code.

relationships with households, small and medium

engage in corporate banking activity.

private bankers.

Servizi

assets under management.

– and Fideuram Vita.

management and coordination activities.

CEO.

Banca dei Territori

IMI Corporate & Investment Banking

International Subsidiary Banks

Private Banking

Asset Management

The Governance of Intesa Sanpaolo

Art. 123 bis, 2 (a), CLF

Compliance with the Italian Corporate Governance Code

Intesa Sanpaolo complies with the Italian Corporate Governance Code, approved on 31 January 2020 and published on the website of the Italian Corporate Governance Committee1. Consequently, the Bank's governance also follows the aims and recommendations set out in the Code, to ensure effective and transparent separation of the roles and responsibilities of its Corporate Bodies. In particular, also in accordance with supervisory requirements, this approach ensures a proper balance between strategic supervision, management and control functions.

In relation to the one-tier governance model adopted by the Bank, the Principles and Recommendations of the Code concerning the board of directors and the control body, or their members, apply, respectively, to the Board of Directors and the Management Control Committee or their members.

The Company, aware that efficient corporate governance is essential for the pursuit of its objectives, constantly updates its corporate governance on the basis of past experience and changing legislation, national and international best practices and the principles and recommendations issued by the main bodies and authorities (notably the Financial Stability Board, the Basel Committee on Banking Supervision and the European Banking Authority).

Moreover, in its capacity as a Bank, Intesa Sanpaolo must ensure that its organisational structure complies with the applicable rules, including EU sectoral legislation, the Italian Consolidated Law on Banking and the measures issued by the Bank of Italy in its supervisory role. With regard to supervision, it should be noted that Intesa Sanpaolo – being a "significant supervised entity" – is subject to the direct supervision of the European Central Bank, which has specific duties of prudential supervision over credit institutions within the Single Supervisory Mechanism, including specific controls on the presence of sound corporate governance principles.

Letter from the Chair of the Italian Corporate Governance Committee

In its letter dated 14 December 2023 addressed to the Chairs of the board of directors, Chief Executive Officers and Chairs of the supervisory bodies of listed companies, the Italian Corporate Governance Committee made a number of recommendations to encourage increasingly conscious implementation of the Code and promote the evolution of corporate governance in line with the principles of the Code itself. The letter also highlighted some areas for improvement in implementing recommendations, which will require strong focus.

In particular, the Committee focused on the following areas: involvement of the Board of Directors in business plan review and approval and in the analysis of the main topics for long-term value generation; pre-meeting information; the Board's guidelines on its optimal qualitative and quantitative composition; introduction of increased voting rights ("voto maggiorato").

The Committee's recommendations were brought to the attention of the Nomination Committee, the Board of Directors and the Management Control Committee and underwent extensive examination and discussion. The exercise resulted in the joint conclusion that the recommendations are adequately complied with by Intesa Sanpaolo; they are duly reflected in this Report, notably on the pages shown in the table attached to the final check list.

¹ https://www.borsaitaliana.it/comitato-corporate-governance/homepage/homepage.en.htm

Part I - Ownership structure and investor relations

Information on ownership structure

Information on the ownership structure of Intesa Sanpaolo is set out below, in accordance with Article 123-bis, paragraph 1, of the Consolidated Law on Finance.

Some of this information is also provided in detail in the body of this Report; specifically:

shareholders' rights and voting rights at Shareholders' Meetings, in the following paragraphs of this Part;
the rules on the appointment and replacement of members of the Board of Directors and the Management Control Committee, in Part II in the chapters on said Corporate Bodies.

Lastly, information on the agreements between the Company and Board Members, concerning indemnities in the event of resignation or dismissal without just cause or termination of employment, is contained in the Report on Remuneration.

Share Capital

The Company's share capital amounts to 10,368,870,930.08 euro, divided into 18,282,798,989 ordinary shares without nominal value.

The Shareholders' Meeting of 29 April 2022 authorised the purchase of own shares for annulment (buyback), for a maximum total outlay of 3,400 million euro and a number of shares not exceeding 2,615,384,615 shares, and the annulment of the own shares purchased under this authorisation, without reducing the share capital.

On 24 June 2022, the Board of Directors – having received the ECB's authorisation and exercising the authority delegated to it by the Shareholders' Meeting – decided to execute the plan for purchase of own shares for annulment for a maximum initial outlay of 1,700 million euro and to defer to a later date, by the time of approval of the results as at 31 December 2022, the decisions over the execution of the remaining authorised amount.

The programme was launched the following 4 July and was completed on 11 October 2022, and involved the purchase and subsequent annulment of a total of 988,632,803 shares, equal to around 4.95% of the share capital before annulment.

On 3 February 2023, the Board – acting on the above-mentioned delegation of authority from the Shareholders' Meeting – decided to implement the remaining own shares purchase plan for annulment for the remaining maximum outlay of 1,700 million euro and a number of shares not exceeding 1,626,751,812 shares.

The programme was launched on 13 February 2023 and was completed on 4 April 2023, and involved the purchase and subsequent annulment of a total of 706,004,171 shares, equal to around 3.72% of the share capital.

In line with the strategies pursued under the 2022-2025 Business Plan, the buyback plan enabled significant value creation for all Intesa Sanpaolo shareholders.

The same Shareholders' Meeting of 29 April 2022 – in the extraordinary part – granted powers to the Board of Directors, pursuant to Article 2443 of the Italian Civil Code, to approve, in one or more tranches, a capital increase without payment for the purpose of implementing the 2022-2025 Performance Share Plan Long-Term Incentive Plan, reserved for the Intesa Sanpaolo Group Management, which was authorised on the same date by the same Shareholders' Meeting. These powers must be exercised by 29 April 2027.

Each ordinary share confers the right to cast one vote at Ordinary and Extraordinary Shareholders' Meetings. There are no restrictions on voting rights and no shares with increased voting rights ("voto maggiorato").

Art. 123 bis, 1 (m), CLF

Art. 123 bis, 1 (a), CLF

Art. 123 bis, 1 (i), CLF

The Articles of Association do not grant any powers to the Board of Directors to issue equity instruments.

Art. 123 bis, 1 (b), (d) and (m), CLF

There are no restrictions on holding or transferring shares and there are no shares conferring special control rights to their holders.

Under Intesa Sanpaolo's employee stock ownership plan, employees holding shares at the end of the Plans shall exercise the associated voting rights directly. Detailed information on the existing Incentive System based on financial instruments is provided in the Report on Remuneration.

Under the Articles of Association, resolutions on the distribution of net income are passed by the Ordinary Shareholders' Meeting, on the Board of Directors' proposal; the Board of Directors can, in turn, resolve on the distribution of interim dividends, in the manners and forms prescribed by law.

Net income as reported in the financial statements, net of the portion allocated to legal reserve and the portion which is not available pursuant to the law, is allocated as follows:

a) to all the ordinary shares to the extent that the Shareholders' Meeting approves its distribution;

b) any excess funds are allocated to the extraordinary reserve or other reserves, without prejudice to the possibility of allocating a portion thereof to charities or to social and cultural activities, by creating a specific allowance.

Art. 123 bis, 1 (m), CLF

Art. 123 bis, 1 (c), CLF

Securities traded on non-European markets

American Depositary Receipts (ADRs) representing Intesa Sanpaolo ordinary shares are outstanding, currently deposited with and managed by Bank of New York Mellon. Following the deregistration of the ADRs with the SEC, the securities were admitted to trading in the United States on the OTC market only.

Own shares

At the end of financial year 2023, 25,946,143 residual own shares were held in the Bank's portfolio, after the purchases and allocations made during the year in relation to the Incentive and Investment Plans in favour of Employees. Additional packets of shares are held by other Group companies as part of their ordinary banking and financial operations or to service said Incentive and Investment Plans.

Shareholder Base

Main shareholders

The table below provides the list of shareholders that, based on the disclosures made under Article 120 of the Consolidated Law on Finance and other information received by the Company, directly and/or indirectly hold more than 3% of the share capital (*).

Declaring entity	% of share capital
Fondazione Compagnia di San Paolo	6.503%
Fondazione Cariplo	5.258%

(*) Shareholders that are asset management companies may have asked to be exempted from disclosure up to 5% of share ownership. BlackRock Inc. disclosed a 5.005% holding in the share capital of Intesa Sanpaolo, notified in Form 120 A dated 9 December 2020, as well as a 5.066% aggregate holding in the Bank's share capital, notified in Form 120 B dated 4 December 2020, and has not provided any update of these holdings following the subsequent changes in the number of shares into which the share capital of Intesa Sanpaolo is divided.

Italian law (Article 120 of the Consolidated Law on Finance) requires notification to the investee company and Consob when the threshold of 3% of the voting capital held in a listed company is exceeded, as well as (Article 19 of the Consolidated Law on Banking) prior authorisation from the European Central Bank for the acquisition of material holdings in a bank or of holdings entailing the possibility of exercising significant influence over the bank or the acquisition of a holding that carries at least 10% of voting rights or of the share capital, including as a result of concerted action.

The Company's website ("Investor Relations" section) contains the updated situation of Intesa Sanpaolo's shareholder base.

Art. 123 bis, 1 (g), CLF

Shareholders' agreements

The Articles of Association do not grant any powers to the Board of Directors to issue equity instruments.

There are no restrictions on holding or transferring shares and there are no shares conferring special

Net income as reported in the financial statements, net of the portion allocated to legal reserve and the

The Company's website ("Investor Relations" section) contains the updated situation of Intesa

ordinary banking and financial operations or to service said Incentive and Investment Plans.

Declaring entity % of share capital

Fondazione Compagnia di San Paolo 6.503% Fondazione Cariplo 5.258%

a) to all the ordinary shares to the extent that the Shareholders' Meeting approves its distribution; b) any excess funds are allocated to the extraordinary reserve or other reserves, without prejudice to the possibility of allocating a portion thereof to charities or to social and cultural activities, by creating a

System based on financial instruments is provided in the Report on Remuneration.

portion which is not available pursuant to the law, is allocated as follows:

resolve on the distribution of interim dividends, in the manners and forms prescribed by law.

control rights to their holders.

specific allowance.

only.

Art. 123 bis, 1 (b), (d) and (m), CLF

Art. 123 bis, 1 (e), CLF

Art. 123 bis, 1 (a), CLF

Art. 123 bis, 1 (m), CLF

Art. 123 bis, 1 (c), CLF

divided.

Own shares

Shareholder Base

Main shareholders

including as a result of concerted action.

Sanpaolo's shareholder base.

Securities traded on non-European markets

indirectly hold more than 3% of the share capital (*).

On 21 December 2021, a shareholders' agreement pursuant to Article 122 of the Consolidated Law on Finance was signed and disclosed, in accordance with the procedures provided for by law, between Compagnia di San Paolo, Fondazione Cariplo, Fondazione Cassa di Risparmio di Padova e Rovigo, Fondazione Cassa di Risparmio di Firenze and Fondazione Cassa di Risparmio in Bologna. Said agreement concerned the prior consultation, submission, and vote at the Shareholders' Meeting expected to be held by the end of April 2022 of a joint list for the appointment of the Board of Directors and the Management Control Committee of Intesa Sanpaolo S.p.A. for the financial years 2022/2023/2024, the determination of the number of directors within the maximum limit set forth in the Articles of Association and the proposal concerning the related remuneration, as well as the proposal and appointment as Chair and Deputy Chair of, respectively, the first and the second candidate shown on the joint list.

The agreement – which aggregated a total holding of 14.79% of the share capital – expired with the appointment of the Board by the aforementioned Shareholders' Meeting. In fact, the contents of its provisions were completed upon definition of the list of candidates and the agreed exercising of the voting right in favour of those candidates.

To the Bank's knowledge, there are currently no other shareholders' agreements pursuant to Article 122 of the Consolidated Law on Finance.

"Change of control" clauses

As part of their normal business activities, the Bank and other Group companies are usually party to framework agreements and contracts (especially for funding) which, according to standard financial market practice for certain types of relationships, may envisage specific effects in the event of "change of control" (agreements "which take effect, are amended or are terminated upon a change of control of the Company and/or as a result of related events").

No such framework agreement or contract may be considered significant, per se, in terms of amount or effect on a consolidated basis.

Allocated assets

As at the reporting date, Intesa Sanpaolo has not allocated assets for specific dealings in accordance with the Italian Civil Code.

Policy for the management of dialogue with investors

At the end of 2021, Intesa Sanpaolo adopted a Policy for the management of dialogue with investors (hereinafter the "Policy"), consistent with the Italian Corporate Governance Code and Supervisory Provisions on corporate governance. The initiative is also in line with the guiding principles of EU regulation aimed at encouraging the long-term engagement of the shareholders in companies listed on regulated markets (SHR-II Directive) and, in particular, of institutional investors and asset managers.

The main objective of the Policy is to define the principles that specifically govern the dialogue of the Board of Directors with investors (meaning investors, including potential investors, other than individuals and, in the case of individuals, only the holders of Intesa Sanpaolo shares) and proxy advisors.

More specifically, the Policy illustrates:

how investors and proxy advisors may submit an engagement request to the Company or how the Company may make proposals to one or more investors or proxy advisors to participate in a dialogue;
the methods and criteria used by the Company to assess its willingness to engage in direct dialogue between the members of the Board of Directors and investors and proxy advisors;
the process of internal management of the requests submitted, including how they are reported to the Board of Directors and how responses are prepared and delivered to the parties involved.

The Policy also sets out the responsibilities of the Corporate Bodies and internal Structures supporting dialogue management.

The Board of Directors plays a guiding and monitoring role in the dialogue with investors and proxy advisors, supervises the correct application of the Policy and is constantly informed about the contents and significant developments of the dialogue. To this end, each year the Board shall assess the effectiveness and adequacy of the Policy, taking into account the outcomes of the dialogues carried out and taking care of any updates to the Policy and their implementation as appropriate.

The Chair of the Board of Directors and the Managing Director, each according to their powers and responsibilities in relation to the dialogue topics, and with the support of the Chief Governance Officer Area and the Chief Financial Officer Area, are responsible for managing the dialogue with investors and proxy advisors in the name and on behalf of the Company (hereinafter also the "Responsible Directors"). Specifically, they shall:

decide whether to accept the engagement request, or where relevant, to submit it to the Board for assessment;
establish the timing and procedures to follow up on the request, as they may delegate all or part of the dialogue to the heads of the competent corporate Structures;
decide, where appropriate, to involve one or more Board Members in the dialogue, having regard to the content of the request and the role of those Members within the Board;
promptly inform the Board of any issues of concern identified in relation to the dialogue, the outcomes and key points of the dialogue carried out and any engagement requests that have been refused.

The contacts with investors and proxy advisors are managed, on behalf of the Company, via the Financial Market Coverage Department, according to the instructions given by the Responsible Directors.

The topics discussed in the dialogue with investors and proxy advisors relate to matters under the responsibility of the Board of Directors.

Both the text of the Policy and the IT procedure for submitting engagement requests are available on the Bank's website.

In 2023, at the request of institutional investors, the Company entered in a dialogue involving the Chair of the Board of Directors on sustainability matters. The Board – which is regularly updated on the requests received and on their outcomes, as required by the Policy – was informed of the key points of the dialogue carried out.

Taking into account all the information provided, during the annual assessment conducted at its meeting of 12 September 2023, the Board found the Policy to be effective and adequate.

P. IV R. 3

P. IV R. 1 f)

Relations with shareholders, the financial community and stakeholders – The website

Policy for the management of dialogue with investors

More specifically, the Policy illustrates:

dialogue management.

P. IV R. 3

Specifically, they shall:

responsibility of the Board of Directors.

assessment;

Directors.

the Bank's website.

the dialogue carried out.

– how investors and proxy advisors may submit an engagement request to the Company or how the Company may make proposals to one or more investors or proxy advisors to participate in a dialogue; – the methods and criteria used by the Company to assess its willingness to engage in direct dialogue

– the process of internal management of the requests submitted, including how they are reported to the Board of Directors and how responses are prepared and delivered to the parties involved. The Policy also sets out the responsibilities of the Corporate Bodies and internal Structures supporting

– decide whether to accept the engagement request, or where relevant, to submit it to the Board for

– establish the timing and procedures to follow up on the request, as they may delegate all or part of

– decide, where appropriate, to involve one or more Board Members in the dialogue, having regard to

– promptly inform the Board of any issues of concern identified in relation to the dialogue, the outcomes and key points of the dialogue carried out and any engagement requests that have been refused.

The contacts with investors and proxy advisors are managed, on behalf of the Company, via the Financial Market Coverage Department, according to the instructions given by the Responsible

The topics discussed in the dialogue with investors and proxy advisors relate to matters under the

Both the text of the Policy and the IT procedure for submitting engagement requests are available on

Taking into account all the information provided, during the annual assessment conducted at its meeting

and, in the case of individuals, only the holders of Intesa Sanpaolo shares) and proxy advisors.

between the members of the Board of Directors and investors and proxy advisors;

and taking care of any updates to the Policy and their implementation as appropriate.

the dialogue to the heads of the competent corporate Structures;

the content of the request and the role of those Members within the Board;

of 12 September 2023, the Board found the Policy to be effective and adequate.

It is in Intesa Sanpaolo's specific interest, as well as an obligation towards the market, to constantly keep the channels of communication open with shareholders, institutional investors, the national and international financial community operators and, more generally, the Group's relevant stakeholders, in compliance with the legislation and internal procedures on the disclosure of inside information. In this respect, the Company guarantees the systematic disclosure - including at regular intervals - of fair, comprehensive and timely information on Group operations, also in the light of Consob guidance, the principles laid down in the Italian Corporate Governance Code and national and international best practices.

Under the Articles of Association, the Chair of the Board of Directors, in coordination with the Managing Director, has the task of supervising relations with shareholders and verifying their correct management.

Given the size of the Company and the Group, Intesa Sanpaolo uses specialist Structures with appropriate human and technical resources: Financial Market Coverage handles relations with the financial community, particularly institutional investors, financial analysts and rating agency analysts, including for sustainability issues; Corporate Bodies and Corporate Affairs manages relations with individual and associated shareholders and assists them by providing them with the corporate documents subject to legal disclosure requirements. Press and media relations in general, in Italy and abroad, are managed by Media and Associations Relations, which plays this role also for Group companies.

Intesa Sanpaolo's relations with the market are based on highly transparent conduct, concerning in particular the annual and interim financial results and Group strategies, including via meetings with the national and international financial community, in a framework of constant dialogue with the market based on accurate and timely communication.

As regards relations with the Group's relevant stakeholders, the procedures for identifying and interacting with them are set out in the Consolidated Non-financial Statement, to which reference should be made.

To fully implement its transparency policy and ensure that information is disclosed as rapidly and widely as possible, Intesa Sanpaolo also relies on its website.

The Company pays special attention on this specific information channel, also in light of developments in international best practices in the sector. The website is regularly developed and upgraded, to strengthen its role as a showcase for the Group, its values and its distinctive characteristics, and to comply with the statutory and transparency requirements for online corporate disclosures, by applying high standards in market communications in terms of prompt and appropriate presentation.

On the website, available in both Italian and English and also featuring an internal search engine, stakeholders will find up-to-date information on the structure and composition of the Corporate Bodies, the Bank's and Group's organisational structure, the Shareholders' Meeting, the ownership structure and dividends, as well as share performance, regular financial reports and results presentations, ratings and the prospectuses of securities issued by Intesa Sanpaolo. The website also publishes the Bank's press releases, the annual calendar of major corporate events, information on significant or extraordinary transactions, as well as information regarding sustainability issues, including the reporting contained in the annual and half-yearly Consolidated Non-financial Statement and in the Task Force on Climate-related Financial Disclosures (TCFD) Report.

Also available on the website is Intesa Sanpaolo's "Shareholder's Guide", which provides useful information on investing in the Bank's shares, on the rights attaching to shareholdings, and on how shareholders can build a more proactive relationship with the Bank in respect of Shareholders' Meetings. The website offers a platform for the financial community and all stakeholders to find information and engage in dialogue with the Bank within a framework of ongoing, consistent and comprehensive communication. The website also shows reference contacts.

The Shareholders' Meeting: procedures and shareholders' rights

Intesa Sanpaolo's Shareholders' Meeting

Art. 123 bis, 2, (c), CLF For the Company, the Shareholders' Meetings are the culmination of a process of preparation of the most significant management decisions, entrusted to the expression of the shareholders' will, in the manner and on the matters reserved for them by law and the Articles of Association.

Intesa Sanpaolo has always been committed to facilitating the broadest representation of Shareholders at Shareholders' Meetings and guaranteeing the best quality standards for the information provided, in order to realise the full potential of the meeting.

The Shareholders' Meeting can be Ordinary or Extraordinary.

The Ordinary Shareholders' Meeting, called at least once a year, no later than one hundred and eighty days after the end of the financial year, shall:

1) approve the parent company financial statements and pass resolutions on the distribution of net income;

2) determine the number of Directors, appoint and remove them, establish their remuneration and appoint the Chair and one or more Deputy Chairs;

3) appoint and remove the Directors forming the Management Control Committee and appoint its Chair, determining their remuneration;

4) pass resolutions on the responsibility of Directors;

5) in line with the proposal set out by the Management Control Committee, appoint the independent auditors and approve their fees and, in consultation with the Committee, revoke or amend said engagement, where necessary;

6) approve the remuneration policies for Board Members and staff, as well as the plans based on financial instruments. In this area, the meeting also approves the criteria for determining severance payments in the event of early termination of employment or office, including the limits set on said payments in compliance with applicable regulations, and shall also determine, with the qualified majorities under the supervisory regulations in force, a ratio between the variable and fixed individual remuneration higher than 1:1, but not exceeding the maximum established by the same regulations;

7) approve the rules of procedure, if any, of Shareholders' Meetings;

8) pass resolutions on the other matters assigned to it by the applicable regulations and the Articles of Association;

9) authorise the most significant transactions with related parties in the cases and in the manner set out in the procedures adopted pursuant to the Articles of Association and in accordance with the relevant regulations.

The Extraordinary Shareholders' Meeting is called to approve amendments to the Articles of Association (without prejudice to the Board's power to align the Articles of Association with the law), merger and demerger transactions in the cases provided for by law, and on any other matter within its purview pursuant to the law.

Calling meetings and procedure at meetings

The Shareholders' Meeting is called by the Board of Directors whenever it deems it appropriate or, under Article 2367 of the Italian Civil Code, on the request of Shareholders representing at least one twentieth of the share capital.

The Shareholders' Meeting may also be called by the Management Control Committee, where required for the fulfilment of its duties, subject to sending notice thereof to the Chair.

The Ordinary Shareholders' Meeting must be called at least once a year, no later than one hundred and eighty days after the end of the financial year.

The Shareholders' Meeting is called at the registered office of the Bank or in another location in the municipality where Intesa Sanpaolo has its registered office, by publishing a notice on the Bank's website at least thirty days prior to the date of the Shareholders' Meeting, as well as a summary notice in daily newspapers (the summary notice is normally published in "Il Sole 24 Ore" and in the major national and international newspapers). If the Shareholders' Meeting is called to appoint Directors by way of slate voting, an earlier deadline for publication of forty days prior to the date of the meeting is required.

The Shareholders' Meeting is held on single call; the Board may set a second call for the Ordinary Meeting and, only for Extraordinary Meetings, even a third call.

The Chair of the Shareholders' Meeting, through his/her powers of management and coordination pursuant to the law and the Articles of Association, specifies, in the opening session, the main rules of conduct to be observed and informs, even during the Meeting, on voting procedures.

With regard to the right to speak on the items on the agenda, the Chair, also on the basis of the number of requests put forward, sets the maximum speaking and reply time for each speaker. Requests to speak are made via an automatic booking system at specific stations in the meeting hall.

Additions to the agenda and submission of new proposed resolutions

The Shareholders' Meeting: procedures and shareholders' rights

manner and on the matters reserved for them by law and the Articles of Association.

For the Company, the Shareholders' Meetings are the culmination of a process of preparation of the most significant management decisions, entrusted to the expression of the shareholders' will, in the

The Ordinary Shareholders' Meeting, called at least once a year, no later than one hundred and eighty

1) approve the parent company financial statements and pass resolutions on the distribution of net

2) determine the number of Directors, appoint and remove them, establish their remuneration and

3) appoint and remove the Directors forming the Management Control Committee and appoint its Chair,

5) in line with the proposal set out by the Management Control Committee, appoint the independent auditors and approve their fees and, in consultation with the Committee, revoke or amend said

8) pass resolutions on the other matters assigned to it by the applicable regulations and the Articles of

The Shareholders' Meeting may also be called by the Management Control Committee, where required

The Ordinary Shareholders' Meeting must be called at least once a year, no later than one hundred and

for the fulfilment of its duties, subject to sending notice thereof to the Chair.

Intesa Sanpaolo's Shareholders' Meeting

Art. 123 bis, 2, (c), CLF

order to realise the full potential of the meeting.

days after the end of the financial year, shall:

determining their remuneration;

engagement, where necessary;

appoint the Chair and one or more Deputy Chairs;

4) pass resolutions on the responsibility of Directors;

income;

The Shareholders' Meeting can be Ordinary or Extraordinary.

7) approve the rules of procedure, if any, of Shareholders' Meetings;

Calling meetings and procedure at meetings

purview pursuant to the law.

eighty days after the end of the financial year.

of the share capital.

Association;

regulations.

required.

Pursuant to the law and the Articles of Association, within ten days of publication of the notice of call, shareholders severally or jointly representing at least one-fortieth of the share capital may request additions to the items on the agenda or submit proposed resolutions on items already on the agenda, specifying the additional items or proposals in their request.

Those entitled to vote may individually, even if they do not reach the above shareholding, submit proposed resolutions on the items on the agenda directly at the Shareholders' Meeting.

Additional items are not permitted for topics which the Shareholders' Meeting addresses, by law, upon proposal by the Board of Directors or based on a project or report prepared by the latter other than the report usually drawn up for all items on the agenda pursuant to Article 125-ter, paragraph 1, of the Consolidated Law on Finance.

Notice of additions to the agenda or the submission of additional proposed resolutions on items already on the agenda is given in the forms prescribed for the publication of the notice of call.

Right to ask questions prior to the Shareholders' Meeting

Those entitled to vote may ask questions concerning items on the agenda even prior to the Shareholders' Meeting, by the deadline stated in the notice of call; said questions are answered during the Shareholders' Meeting at the latest. The Company may provide a single response to questions with the same content.

Questions may also be submitted through the dedicated section of the website or by email, according to the specific instructions set out in the notice of call.

Participation and representation – The Designated Representative

Participation in the Shareholders' Meeting is reserved for parties that are entitled to vote at the end of the accounting day of the seventh market trading day prior to the date set for the meeting on first or single call (record date).

Those entitled to vote may be represented at the Shareholders' Meeting through proxy.

The Articles of Association allow for electronic notification of voting proxies to the Bank through the appropriate section of the website or by email.

The notice of call contains detailed instructions on the proxy voting procedure, including a proxy form on the Bank's website and how to send the proxies electronically.

In addition, the notice of call may specify arrangements to enable the shareholders to attend the meeting remotely via telecommunications devices and cast their vote electronically.

To maximise participation in the Shareholders' Meeting's decision-making processes, the Articles of Association allow the Bank to appoint for each meeting and name in the notice of call one or more "Designated Representatives" that holders of voting rights can appoint as proxy with instructions to vote on all or some of the items on the agenda.

This does not affect the legal provisions on proxy solicitation by promoters or on the collection of proxies by shareholders' associations.

Intesa Sanpaolo's Articles of Association do not permit postal voting.

* * *

Since 2020, Intesa Sanpaolo has exercised the right, granted by Italian law to listed companies, to provide that those entitled to participate and vote in Shareholders' Meetings could do so exclusively

through the Designated Representative pursuant to Article 135-undecies of the Consolidated Law on Finance. Introduced during the pandemic, this system for holding Shareholders' Meetings has so far involved the attendance in person at the Turin headquarters, where the Shareholders' Meeting is convened, of the Chair, some Directors, the Designated Representative (Computershare S.p.A.) and the Secretary (Notary) and the remote participation of other members of the Board.

Attendance and voting at the Shareholders' Meeting exclusively through the Designated Representatives have produced significant benefits both by improving flexibility and efficiency of the meeting process and, above all, enhancing pre-meeting dialogue, ensuring that Shareholders have full reporting transparency and equal access to the information needed to make informed voting decisions. Intesa Sanpaolo has taken all appropriate measures to pursue the full expression of Shareholders' rights, enabling their participation in the Shareholders' Meeting through a tool made available free of charge by the Bank and facilitating the granting of proxies to the Designated Representative. Furthermore, in order to ensure the active participation of those entitled in the Shareholders' Meeting decision-making processes by giving well-informed voting instructions to the Designated Representative, Intesa Sanpaolo has provided that the new proposed resolutions submitted (including individually) on the agenda items and the Bank's replies to the pre-meeting questions have to be published on the website before the deadline for giving proxy voting instructions (15 and 2 days before the meeting, respectively).

The Shareholders' Meeting was thus the final step of a process of constant dialogue and information exchange, which took place mainly through the website, where every shareholder/investor was able to consult all the meeting documents and notices, including the reports on the agenda items, and any other information documents submitted during the exchanges and dialogue with the stakeholders, which take place seamlessly in the manner set out in the Policy for the management of dialogue with shareholders and via the additional appropriate communication channels.

* * *

Voting rights

Article 123-bis, 1 (f), CLF There are no restrictions on voting rights.

Challenges against shareholders' meeting resolutions

Resolutions passed by Shareholders' Meetings in accordance with the law and the Articles of Association are binding on all shareholders, including those who dissent or abstain from voting. Resolutions passed not in accordance with the law and the Articles of Association may be challenged by absent, dissenting or abstaining shareholders.

The time limits, methods and procedures for challenging resolutions are governed by the provisions of law in force, set out in Articles 2377-2378 of the Italian Civil Code.

Right of withdrawal

The right of withdrawal may be exercised only in those cases exclusively provided for by Article 2437 of the Italian Civil Code. As permitted by Article 2437, paragraph 2, of the Italian Civil Code, the Articles of Association exclude the right of withdrawal for shareholders that did not take part in the approval of the resolutions concerning the extension of the duration of the Bank and the introduction or cancellation of restrictions on the trading of shares.

The terms and methods for the exercise of the right of withdrawal and the criteria for determining the value of the shares and the related liquidation procedures are governed by the law.

Part II - Corporate governance system

* * *

The time limits, methods and procedures for challenging resolutions are governed by the provisions of

The terms and methods for the exercise of the right of withdrawal and the criteria for determining the

value of the shares and the related liquidation procedures are governed by the law.

the Secretary (Notary) and the remote participation of other members of the Board.

the meeting, respectively).

Voting rights

Article 123-bis, 1 (f), CLF

Right of withdrawal

and via the additional appropriate communication channels.

Challenges against shareholders' meeting resolutions

law in force, set out in Articles 2377-2378 of the Italian Civil Code.

by absent, dissenting or abstaining shareholders.

There are no restrictions on voting rights.

restrictions on the trading of shares.

The Board of Directors

The Board of Directors is the highest body in the one-tier corporate governance system adopted by Intesa Sanpaolo and is tasked with managing the company.

The Board of Directors is governed by the legal and regulatory provisions, the Articles of Association and its own Regulations.

Within the Board, the typical control functions are reserved for Directors sitting on the Management Control Committee, which is covered in a subsequent section.

In the performance of its duties, the Board is supported by Committees appointed by the Board from among its directors:

Nomination Committee
Remuneration Committee
Risks and Sustainability Committee
Committee for Transactions with Related Parties

which are described in a specific section of this Report.

The Regulations of the Board of Directors govern the organisational and operating arrangements and the powers of the Board, including in the light of the principles and rules laid down in the Italian Corporate Governance Code. The following paragraphs outline the main contents of the Board of Directors' Regulations.

Powers of the Board

The Board of Directors is responsible for corporate management. The Board may therefore undertake all transactions considered necessary, useful or appropriate to achieve the corporate purpose, relating to both ordinary and extraordinary administration. The Board has guidance and strategic supervision duties over the Company and the duty to pass resolutions on all the most important corporate actions.

The Board of Directors' Regulations state that Directors have a duty to contribute to creating value for shareholders with the aim of delivering medium- and long-term sustainability, also taking into account the interests of other stakeholders relevant for the Company, in accordance with the principles of sound and prudent management and with the reference principles and values adopted by the Bank.

With regard to its corporate management duties, the Board, without prejudice to the powers reserved for it, delegates to the Managing Director the necessary and appropriate powers to ensure consistency in day-to-day management, in implementation of the guidelines decided by the same Board. The Board determines the content, limits and methods of exercise of the powers granted to the Managing Director and establishes how he/she must report back quarterly to the Board on the delegated activities.

Furthermore, the Board of Directors may assign specific duties to its members; upon proposal of the Managing Director, the Board of Directors may also grant Executives, branch managers or other personnel specific powers to perform certain activities or categories of acts and business activities, establishing the content, limits and methods of performance of such powers and determining when the delegated persons may act separately, jointly or as part of committees.

In exercising its responsibilities, the Board of Directors pays special attention to examining key strategic issues, including, in particular, the Business Plan. R. 1 a)

Intesa Sanpaolo's 2022-2025 Business Plan was approved by the Board on 3 February 2022.

The Business Plan Drafting Process involved input from about 58,000 Group people in identifying strategic priorities, and from all the business and governance structures in the planning process. Since June 2021, all the Directors have been involved in several brainstorming sessions to identify strategic priorities to be incorporated into the Plan, the guidelines of which were reviewed by the Board in late December 2021, and then in January 2022 before the Plan was approved.

The Board's analysis was supported by the Risks Committee, which devoted several meetings to discussing the issues related to the 2022-2025 Business Plan.

P. III

P. XI R. 16

R. 4

The Board continuously monitors the progress and implementation of the Plan through the periodic review of dedicated information flows. In this regard, when matters are submitted to the Board, special attention is paid to contextualising them in the various development areas outlined in the Business Plan.

More information on the 2022-2025 Business Plan can be found on the Bank's website, which can be accessed via the link on the side.

The following are the main responsibilities and functions of the Board of Directors under the Articles of Association and its own Regulations.

	AREA OF RESPONSIBILITY	DETAILS OF FUNCTIONS
R. 1 a), b) and c)	Business model, strategic guidelines and risk appetite	defines and approves the business model, strategic guidelines and - risk appetite, and thus approves the Risk Appetite Framework, the Company and Group strategic, business and financial plans and any amendments thereof, also taking into account the sustainability (ESG) policies and additional elements indicated by the Supervisory Provisions defines and approves the Company and Group risk governance - objectives and policies, as well as the general guidelines for the capital and liquidity adequacy assessment process (ICAAP and ILAAP) periodically assesses the general development of operations, also - at the time of presentation of the financial data of the Company and the Group, taking into account, in particular, the information received from the Managing Director and periodically comparing results achieved with those planned
P. XIX R. 33 a)	Internal controls	defines and approves the guidelines of the Company and Group - internal control system
R. 1 d) R. 2	Corporate governance	defines the overall governance structure and approves the - Company's organisational structure; identifies the information flows required to ensure the full circulation of information within the Board and the information flows to Bodies and Committees, including from the corporate structures approves and modifies the main internal regulations - ensures effective dialogue with the key function holders -
R. 1 f)	Accounting systems and public disclosures	approves the accounting and reporting systems - oversees the Company and Group public disclosure, including Pillar - 3, and communication approves the Consolidated Non-financial Statement -
P. XVI P. XVII	Remuneration	drafts the remuneration and incentive policy to be submitted to the - Shareholders' Meeting and establishes remuneration and incentive systems for top managers

Appointment of management body members	appoints and removes the Managing Director and General Manager, - and resolves on the granting, modification or termination of his or her powers and the remuneration relating to the office appoints and removes members of the Board Committees set up in - accordance with the Articles of Association, including their Chair, and resolves on the establishment of any other Board Committees with inquiry and advisory duties resolves on the establishment of the Steering Committee and - additional Managerial Committees, as provided for by the first-level organisational structure appoints and removes the Manager responsible for preparing the - Company's financial reports and the heads of the corporate control functions, and appoints the head of the Safety function appoints the members of the subsidiaries' corporate bodies, - including executive Directors	R. 4 R. 17
ESG *	approves the strategic guidelines and policies on sustainability - (ESG), including the social and cultural responsibility model and the fight against climate change – taking into account the objectives of solid and sustainable value creation and distribution for all stakeholders	P. I
Strategic transactions	adopts decisions concerning i) the purchase and sale of equity - investments amending the composition of the Banking Group, as well as the investments considered strategic under the supervisory regulations or according to the plans and policies adopted by the same Board, ii) the purchase, sale, contribution of firms, business lines, assets and legal relationships identified en bloc under Article 58 of the Consolidated Law on Banking which are deemed strategic under the criterion above, iii) the investments and divestments, including real estate, deemed to be strategic under the criterion above and, in any case, iv) transactions of the kind indicated in the previous points which exceed, individually, 3% of the total own funds of the Company's consolidated supervisory capital	R. 1 e)
Credit transactions	defines and approves credit risk governance policies consistent with - the Risk Appetite Framework and credit strategies reviews and resolves on the most significant loan transactions at - Group level	R. 1 e)
Transactions with related parties	reviews and resolves on transactions with related parties reserved - to its competence on the basis of the RPT Procedures

*For more details on ESG issues, see the Overview and the Consolidated Non-financial Statement.

Board composition

More information on the 2022-2025 Business Plan can be found on the Bank's website, which can be

The following are the main responsibilities and functions of the Board of Directors under the Articles of

Provisions

ILAAP)

achieved with those planned

Internal controls - defines and approves the guidelines of the Company and Group internal control system

the corporate structures

3, and communication

Remuneration - drafts the remuneration and incentive policy to be submitted to the

systems for top managers

R. 2 Corporate governance - defines the overall governance structure and approves the

defines and approves the business model, strategic guidelines and risk appetite, and thus approves the Risk Appetite Framework, the Company and Group strategic, business and financial plans and any amendments thereof, also taking into account the sustainability (ESG) policies and additional elements indicated by the Supervisory
defines and approves the Company and Group risk governance objectives and policies, as well as the general guidelines for the capital and liquidity adequacy assessment process (ICAAP and
periodically assesses the general development of operations, also at the time of presentation of the financial data of the Company and the Group, taking into account, in particular, the information received from the Managing Director and periodically comparing results

Company's organisational structure; identifies the information flows required to ensure the full circulation of information within the Board and the information flows to Bodies and Committees, including from

oversees the Company and Group public disclosure, including Pillar

Shareholders' Meeting and establishes remuneration and incentive

approves and modifies the main internal regulations - ensures effective dialogue with the key function holders
approves the Consolidated Non-financial Statement
approves the accounting and reporting systems

accessed via the link on the side.

and c) Business model, strategic guidelines and

risk appetite

R. 1 f) Accounting systems and public

disclosures

R. 1 a), b)

P. XIX R. 33 a)

R. 1 d)

P. XVI P. XVII Association and its own Regulations.

AREA OF RESPONSIBILITY DETAILS OF FUNCTIONS

Composition and diversity

The Board of Directors is composed of a minimum of 15 to a maximum of 19 members, who need not be shareholders, appointed by the Shareholders' Meeting on the basis of slates submitted by Shareholders. Within the Board, the Management Control Committee is composed of 5 Directors, also appointed directly by the Shareholders' Meeting, in line with the Supervisory Provisions.

A key choice made was to ensure that the Board has a large majority of independent directors and appoints a single Managing Director and CEO, while no other directors may hold executive offices and the Board may not delegate its duties to an executive committee.

The less-represented gender must make up at least two fifths of members, as established by applicable regulations on equal access to the management and control bodies of listed companies.

In accordance with the Articles of Association, at least four members shall be enrolled with the Register of Statutory Auditors and shall have practised as auditors or acted as members of a limited company control body for at least three years.

The Board in office at the time of publication of this Report is composed of 19 members, all of whom were elected by the Shareholders' Meeting on 29 April 2022:

Chair	Gian Maria Gros-Pietro
Deputy Chair	Paolo Andrea Colombo
Managing Director	Carlo Messina
Director	Franco Ceruti
Director	Paola Tagliavini
Director	Luciano Nebbia
Director	Bruno Picca
Director	Livia Pomodoro
Director	Maria Alessandra Stefanelli
Director	Liana Logiurato
Director	Daniele Zamboni
Director	Maria Mazzarella
Director	Anna Gatti
Director	Bruno Maria Parigi
Director	Fabrizio Mosca
Director	Milena Teresa Motta
Director	Maria Cristina Zoppo
Director	Alberto Maria Pisani
Director	Roberto Franchini

The detailed composition of the Board is shown in Part IV, Table 1, of the Report.

The Bank website ("Governance" section) provides brief biographical and professional notes on the Directors in office.

Qualitative and quantitative composition

In line with the Supervisory Provisions, for the purpose of appointing or co-opting the Directors, the Board of Directors identifies its optimal qualitative and quantitative composition, including, among other things, an adequate level of diversification of the members also in terms of age, gender, geographical origin and skills.

In this regard, the Articles of Association specify that the Board shall take the necessary measures to ensure that each Director and the Board as a whole are constantly adequate in terms of diversity, including of experience, gender and international orientation, and in terms of competence, fairness, reputation, independence of mind and time commitment.

The Board currently in office was appointed in compliance with the recommendations to shareholders on the Board's composition and diversity, made by the outgoing Board at the time of the 2022 renewal, in the document on the qualitative and quantitative composition of the Board of Directors approved on 1 March 2022 and published on 3 March 2022.

The document, taking into account the outcomes of the self-assessment, including the qualifications of the candidates, identified and justified professional characteristics and suitability qualifications deemed adequate to the purpose, as well as the diversity criteria, including gender diversity, to ensure the Board's appropriate overall composition.

With specific reference to the adequacy and diversity of the professional profiles required, a Skills Directory was created, outlining the set of very good or distinctive expertise, knowledge and skills – with very wide, medium-wide or limited scope – considered appropriate to achieve the optimal qualitative composition of the new Board, specifying the minimum time required for performing the various offices within the Board.

In addition, the professional profiles required for the Chair of the Board of Directors, the Managing Director and CEO, and the Chair of the Management Control Committee were described in detail.

Art. 123-
bis, 2
(d)-bis,
CLF


P. VII

R. 8

P. XIII R. 23

R. 8

Following the renewal of the Bodies in 2022, the characteristics declared by the Directors were assessed by the new Board as appropriately diversified and suitable to ensure adequate Board composition and a well-balanced composition of the Board Committees.

Similarly, the Management Control Committee assessed the compliance of its composition with the recommendations given to shareholders.

With regard to gender diversity, Intesa Sanpaolo guarantees full compliance with the gender quotas provided for by the legislation, as indicated above. In the current structure of the Board, women are present in all the Board Committees, make up 80% of the members of the Committee for Transactions with Related Parties and chair both the Risks and Sustainability Committee and the Nomination Committee.

Within the Board Committees, there is also a qualified representation of minorities: all the Committees have one director elected by the minority, while the Committee for Transactions with Related Parties has two, one of whom is the Chair.

All Committees have at least 3 members who do not sit on other Committees. No Directors are members of more than 2 Committees.

The annual self-assessment also confirmed compliance with the diversity guidelines.

Appointment mechanism

The Board in office at the time of publication of this Report is composed of 19 members, all of whom

were elected by the Shareholders' Meeting on 29 April 2022:

Chair Gian Maria Gros-Pietro Deputy Chair Paolo Andrea Colombo

Director Maria Alessandra Stefanelli

The detailed composition of the Board is shown in Part IV, Table 1, of the Report.

The Bank website ("Governance" section) provides brief biographical and professional notes on the

In addition, the professional profiles required for the Chair of the Board of Directors, the Managing Director and CEO, and the Chair of the Management Control Committee were described in detail.

Managing Director Carlo Messina Director Franco Ceruti Director Paola Tagliavini Director Luciano Nebbia Director Bruno Picca Director Livia Pomodoro

Director Liana Logiurato Director Daniele Zamboni Director Maria Mazzarella Director Anna Gatti

Director Bruno Maria Parigi Director Fabrizio Mosca Director Milena Teresa Motta Director Maria Cristina Zoppo Director Alberto Maria Pisani Director Roberto Franchini

Qualitative and quantitative composition

reputation, independence of mind and time commitment.

1 March 2022 and published on 3 March 2022.

Board's appropriate overall composition.

Directors in office.

origin and skills.

Art. 123 bis, 2 (d)-bis, CLF P. VII R. 8

P. XIII R. 23

within the Board.

The Articles of Association govern in detail the process that the Shareholders' Meeting must follow to appoint the members of the Board of Directors.

In particular, the Articles of Association provide that the procedure for appointing Directors is based on slates of candidates prepared by Shareholders, in line with the legislation for listed companies. The Board of Directors is not entitled to submit a slate of candidates.

Art. 123 bis, (1), (l), CLF R. 19 d) P. XIII

The election system defined in the Articles of Association is based on a majority principle, balanced by the appointment of a share of Directors and members of the Management Control Committee on a proportional basis.

This mechanism ensures adequate representation of minority shareholders within the Corporate Bodies, through the submission of slates of candidates to the Shareholders' Meeting at the time of Board renewal and also for the replacement of any Board Member who ceases to hold office.

The minority shareholders are indeed given the option to elect, within both the Board and the Management Control Committee, a number of Directors well above that required by the legislation.

This solution creates a governance structure in line with international standards and makes full use of the slate election system, provided for by Italian law, allowing the minorities to appoint Directors as well as members of the Management Control Committee.

Moreover, the minority slate not connected with the majority shareholders that obtains the highest number of votes in the Shareholders' Meeting is given the option to appoint, in addition to the Chair of the Management Control Committee, also a second Director as a member of the same Committee, to further strengthen the level of protection of the minorities within the control body.

The slates, containing between a minimum of 2 and a maximum of 19 names, must comprise two sections: the first section with the names of the candidates for the positions of Director and the second with the names of the candidates for the positions of Director and member of the Management Control Committee.

For the purposes of election, all Board Members are drawn from the majority slate, except for 5 or 4 Directors, depending on their total number.

Moreover, three Directors from the majority slate are also appointed to the Management Control Committee.

Among the Directors appointed from the minority slates, two are in any case taken from the minority slate that obtained the second highest number of votes (first minority slate) and that has no connection with the majority, as required by the legislation.

The first of said Directors is appointed Chair of the Management Control Committee. The other Board Members are drawn proportionately from slates other than the one that obtained the highest number of votes, also including the first minority slate, provided that such slates, taken as a whole, obtained votes at least equal to 10% of the ordinary share capital represented at the Shareholders' Meeting.

Where it is necessary to complete the composition of the Board as a result of the proportional division, all the other additional Directors are drawn from the slate that obtained the highest number of votes, until it is exhausted.

The appointment procedure ensures that the Board composition is in line with the requirements of professionalism, independence and gender balance.

The Articles of Association establish a supplementary mechanism whereby a candidate not meeting the requirements is replaced by the candidate who meets the requirements and is drawn from the same slate as the excluded candidate.

If there are not enough candidates on the slates for that purpose and in any other case in which the established criteria do not make it possible to appoint all Directors in compliance with the necessary requirements, the full complement of the Board is ensured by the Shareholders' Meeting with replacement procedures that make it possible to meet all necessary requirements.

If only one slate of candidates is submitted, the Board Members are chosen from that slate, up to the number of candidates it contains, drawing from the second section of the slate all the members of the Management Control Committee. In this case, the office of Chair of the Committee is awarded to the first candidate in the ranking of the second section of the slate.

In the absence of slates, the Shareholders' Meeting elects the Directors and the Management Control Committee members by relative majority of the capital represented at the Shareholders' Meeting, subject to compliance with the requirements established by the applicable regulations and the Articles of Association. In this case, the Shareholders' Meeting shall appoint the Chair of the Committee when appointing the Committee members.

The Shareholders' Meeting elects the Chair of the Board of Directors and one or more Deputy Chairs by relative majority.

For additional information on the appointment of Board Members, see the relevant provisions of the Articles of Association.

The following flow chart summarises the Board of Directors' appointment process followed at the Shareholders' Meeting of 29 April 2022.

Term of office, replacement and removal removal

The appointment procedure ensures that the Board composition is in line with the requirements of

The Articles of Association establish a supplementary mechanism whereby a candidate not meeting the requirements is replaced by the candidate who meets the requirements and is drawn from the same

The Shareholders' Meeting elects the Chair of the Board of Directors and one or more Deputy Chairs

For additional information on the appointment of Board Members, see the relevant provisions of the

The following flow chart summarises the Board of Directors' appointment process followed at the

replacement procedures that make it possible to meet all necessary requirements.

until it is exhausted.

slate as the excluded candidate.

appointing the Committee members.

Shareholders' Meeting of 29 April 2022.

by relative majority.

Articles of Association.

professionalism, independence and gender balance.

first candidate in the ranking of the second section of the slate.

The Board Members will remain in office for financial years 2022/2023/2024 and their terms will expire on the date of the Shareholders' Meeting to be convened pursuant to Article 2364 of the Italian Civil Code to approve the financial statements and the proposed distribution of net income for financial year 2024. Directors may be re-elected. expire on date the Shareholders' Meeting to Civil year re-elected.

In the event that a Director ceases to hold office, the Board of Directors, with the support of the Nomination Committee, may replace the outgoing Director by co-option, in compliance with the requirements of the Articles of Association, provided that the majority continues to consist of Directors appointed by the Shareholders' Meeting. In the event that the Chair of the Board of Directors ceases to hold office early, the Chair's functions shall be exercised by the Deputy Chair until the date of the next Shareholders' Meeting for the appointment of the new Chair. the the outgoing with the the Directors to shall the

If a member of the Management Control Committee ceases to hold office, the first non-elected member from the second section of the slate to which the outgoing member belonged – meeting the requirements – shall take up the position or, if the substitute thus identified fails to meet the requirements applicable under law, regulations or the Articles of Association to the outgoing member, the latter shall be replaced by the subsequent non-elected candidate from the second section of the same slate, who meets said requirements. If, for whatever reason, it is impossible to find a replacement using these criteria, the member of the Management Control Committee who has ceased to hold office shall be replaced by the Shareholders' Meeting that will be called without delay. requirements replaced the the

Art. 123 bis, 1, (l) CLF P. XIII

If the Chair of the Committee ceases to hold office, he/she shall be replaced by the second ranked member from the same slate as the outgoing Chair.

The new members of the Management Control Committee and the members appointed by the Board by co-option shall hold office until the next Shareholders' Meeting.

The Shareholders' Meeting called for the appointment of new Directors to replace those who ceased to hold office shall make the appointment in accordance with the principle of necessary representation of minorities, gender balance and the other requirements under the applicable regulations and the Articles of Association.

All Directors and members of the Management Control Committee may be removed by the Shareholders' Meeting at any time, without prejudice to the Directors' right to be indemnified if they are removed without just cause. However, in light of the guarantee and control functions of the Management Control Committee and pursuant to the Articles of Association, the proposal to remove one or more Committee members submitted to the Shareholders' Meeting by the Board or the Committee itself must provide an adequate account of the reasons for the removal and be adopted with the favourable vote of the absolute majority of its members in office. The removal of a member of the Management Control Committee also entails said member's removal from the Board.

Chair and Deputy Chair

The Shareholders' Meeting held on 29 April 2022 elected by a relative majority the Chair of the Board of Directors, Gian Maria Gros-Pietro, and a Deputy Chair, Paolo Andrea Colombo, confirming their respective offices.

The Chair, pursuant to the Articles of Association, has a non-executive role and does not carry out, not even de facto, management functions.

In light of the current governance model and the duties assigned to the Chair by the Articles of Association and detailed in the Regulations of the Board of Directors, the Chair plays a leading role in the Bank, enhanced by distinguished authority, skill and time commitment.

The Chair oversees the work of the Board, organises and directs its activity and performs all the tasks envisaged by the supervisory legislation and the Articles of Association. In keeping with the prerogatives attributed to the role, the Chair ensures the proper functioning of the Board of Directors, fosters internal dialogue and ensures the balance of power.

Within this framework, the Chair, among the other functions:

promotes and supervises the effective functioning of the corporate governance system, including with regard to aspects concerning internal and external communication, liaising with the Board Committees on which he/she does not sit, and ensures the balance of powers, with particular regard to the day-to-day management powers delegated;
liaises as necessary and appropriate with the Managing Director;
requests and receives information also on specific aspects of the Company's and the Group's operations and on current and future trends of operations, having access to all corporate functions to this end;
oversees, thereby verifying the accuracy thereof, the management of Shareholders' relations, in agreement with the Managing Director;
handles relations with Supervisory Authorities.

In urgent cases, the Chair or, in the case of his/her absence or impediment, the Deputy Chair or the most senior Director, based on a binding proposal of the Managing Director, may make decisions on any matters within the powers of the Board of Directors, with the exception of strategic matters or those which may not be delegated and are reserved for the Board.

At the meeting held on 29 April 2022, the Board of Directors confirmed the invitation to Professor Giovanni Bazoli to continue his collaboration and perform equivalent duties to those assigned to him with the role of President Emeritus, establishing that the Chair and the Managing Director may consult him on certain institutional issues, specifically relating to the art and cultural heritage sector.

R. 12 a), b), c)

P. X

P. III R. 2

P. V

R. 4

R. 34

Art. 123 bis, 2, (d) CLF

Managing Director

If the Chair of the Committee ceases to hold office, he/she shall be replaced by the second ranked

The new members of the Management Control Committee and the members appointed by the Board by

The Shareholders' Meeting held on 29 April 2022 elected by a relative majority the Chair of the Board of Directors, Gian Maria Gros-Pietro, and a Deputy Chair, Paolo Andrea Colombo, confirming their

The Chair, pursuant to the Articles of Association, has a non-executive role and does not carry out, not

The Chair oversees the work of the Board, organises and directs its activity and performs all the tasks

In keeping with the prerogatives attributed to the role, the Chair ensures the proper functioning of the

promotes and supervises the effective functioning of the corporate governance system, including with regard to aspects concerning internal and external communication, liaising with the Board Committees on which he/she does not sit, and ensures the balance of powers, with particular regard
requests and receives information also on specific aspects of the Company's and the Group's operations and on current and future trends of operations, having access to all corporate functions
oversees, thereby verifying the accuracy thereof, the management of Shareholders' relations, in

him on certain institutional issues, specifically relating to the art and cultural heritage sector.

member from the same slate as the outgoing Chair.

of Association.

Chair and Deputy Chair

even de facto, management functions.

respective offices.

to this end;

P. X R. 12 a), b), c)

P. III R. 2

co-option shall hold office until the next Shareholders' Meeting.

Committee also entails said member's removal from the Board.

the Bank, enhanced by distinguished authority, skill and time commitment.

envisaged by the supervisory legislation and the Articles of Association.

liaises as necessary and appropriate with the Managing Director;

Within this framework, the Chair, among the other functions:

to the day-to-day management powers delegated;

agreement with the Managing Director; - handles relations with Supervisory Authorities.

Board of Directors, fosters internal dialogue and ensures the balance of power.

which may not be delegated and are reserved for the Board.

The Board of Directors shall elect, with a qualified majority, from among its members - excluding the Chair of the Board, the members of the Management Control Committee and the minimum number of Independent Directors - a Managing Director vested with the powers related to the Company's day-today management.

At the meeting held on 29 April 2022, the Board of Directors, in continuity with the previous mandate, unanimously confirmed the appointment of Carlo Messina as Managing Director and CEO, who was granted the necessary and appropriate powers to ensure consistency in day-to-day management, in implementation of the guidelines issued by the Board.

The Managing Director:

is the CEO and General Manager and supervises the company's management to the extent of the powers assigned to him/her, in compliance with the general planning and strategic guidelines issued by the Board;
determines and issues operational directives and is responsible for personnel management;
may submit proposals for resolutions to the Board, without prejudice to the powers to make proposals held by all the other Directors and to the powers within the remit of the Board Committees, as defined by the applicable regulations and the Articles of Association;
implements the resolutions of the Board of Directors this includes in particular implementing the strategic guidelines, the Risk Appetite Framework and the risk governance policies defined by the Board;
ensures that the organisational, management and accounting structure as well as the internal control system are appropriate to the nature and size of the company and suited to furnishing a proper representation of operations;
in urgent cases, may propose that the Chair pass resolutions on any matters pertaining to the Board (except for strategic matters or those that cannot be delegated); again, in urgent cases and on an exclusive basis, the Managing Director shall pass resolutions on lending matters.

In performing his/her functions, the Managing Director relies first and foremost on support from the Steering Committee and secondly from the other Managerial Committees, reference to which is made in a specific paragraph below.

In the event of absence or impediment of the Managing Director, the powers as General Manager are exercised with joint signatures by the Chief Financial Officer and the Chief Governance Officer.

The general guidelines of the processes, rules and methodologies relating to the succession of the Group's main management positions are set out in the Group's "Strategic Succession Planning", submitted to the Board of Directors and drawn up with the support of a leading consultancy firm. The key updates to this document are also described to the Board during induction sessions.

With regard to the succession plans for the Managing Director and General Manager, the Board of Directors has tasked the Nomination Committee to support the Board, in coordination with the Chair, in designing the succession process. This process has been incorporated into the internal regulations adopted by the Board on the assessment of the suitability requirements for office and of the overall adequacy of the Body.

Suitability requirements

In order to ensure the sound and prudent management of the Company and the proper functioning of the Board of Directors as a whole, the Board Members must meet the suitability requirements for the office as established by the applicable regulations and the Articles of Association.

Specifically, Board Members must meet the professionalism and integrity requirements and comply with the criteria of competence, reputation and fairness and time commitment, with the specific limitation of directorships laid down in the applicable regulations and in the Articles of Association for the performance of the office of director of a bank issuing shares listed in regulated markets, and with the prohibition on interlocking directorates (established by Article 36 of Decree Law no. 201/2011, converted by Law no. 214/2011).

P. XIII R. 24

P. V P. XII

In particular, taking into account the corporate governance model and the characteristics of the Bank in terms of size and operations, the Articles of Association set out specific requirements for Board Members and, particularly, for members of the Management Control Committee (for more details, see the next chapter dedicated to this Committee).

Taking into account the reference legislation and the guidelines of the Regulatory and Supervisory Authorities, the Board of Directors has adopted specific criteria and rules for examining and assessing the suitability requirements for Board Members and the overall adequacy of the Board.

Assessment of the individual qualifications of Directors is usually conducted: at the time of appointment (within 30 days), when new facts arise that may affect the Director's situation, and annually when the Corporate Governance Report is approved.

According to the internal regulations, each Director is required to submit to the Board of Directors the declarations and documentation proving that he/she meets the suitability requirements and demonstrating the absence of grounds for incompatibility, and to communicate any changes.

The Board assesses the suitability for office of all Directors, except for the members of the Management Control Committee, who are assessed by the Committee itself.

Where appropriate, the Board shall disqualify or suspend any Directors who are unable to prove that they meet the established requirements, in the cases provided for in applicable regulations. For the members of the Management Control Committee, any declaration of disqualification from office is issued by the Committee itself.

Following the renewal of the Bodies in 2022, the Board and the Management Control Committee, each within the scope of their responsibilities, successfully conducted the process of ascertaining fulfilment of all the necessary suitability requirements.

The positive assessment was confirmed by the final decision of the assessment process for suitability for office concerning the members of Intesa Sanpaolo's Board of Directors adopted by the European Central Bank following the renewal on 29 April 2022.

The assessment of the Board Members' compliance with requirements, with the same positive result, was also renewed when approving this Report.

Independence requirements: Independent Directors

All Board Members act with independence of mind and awareness of the duties and rights inherent to the office, in the interest of the sound and prudent management of the Bank and in compliance with the law and any other applicable rules. In this regard, banking legislation provides for a series of relationships to be attested by each Director, and to be assessed by the Board of Directors, concerning, among other things, relations with shareholders, management body members and Intesa Sanpaolo Group companies, and the holding of any political/institutional offices.

Under the Articles of Association, at least two thirds of the Directors must meet the independence requirements provided by Article 13.4.3.

In particular, Intesa Sanpaolo, in addition to applicable regulatory provisions, including those specific to the banking sector (Ministerial Decree 169/2020), has included in its Articles of Association a particularly strict independence requirement which provides that Independent Directors must meet both the conditions under Article 2 of the Italian Corporate Governance Code and the independence requirements for statutory auditors under Article 148(3) of the Consolidated Law on Finance, where these are more restrictive.

The decision made in the Articles of Association to require such a large number of Independent Directors reflects the Bank's awareness of the undeniable value of the role played by these Directors and helps to ensure that the composition of Board Committees is in line with best international practices. In particular, both the Management Control Committee and the Committee for Transactions with Related Parties are entirely composed of Independent Directors, while the other Committees have a majority of independent members. Furthermore, the Articles of Association provide that the Committees are always chaired by Independent Directors.

R. 6 R. 7 R. 9 R. 10

When they accepted their candidature, 14 Directors declared that they met the independence requirements laid down in the Articles of Association. The Board of Directors and the Management Control Committee, the latter acting to the extent of its powers, verified the independence requirements following the appointment of the 14 Directors concerned, announcing the outcome of the assessment in a press release. This assessment was renewed successfully at the time of the approval of this Report, based on the statements made by the parties concerned, the information available to the Bank and the criteria adopted by the Board specified below to evaluate the relevance of the financial, business or professional relationships entertained directly or indirectly by the Directors with the Intesa Sanpaolo Group.

According to the internal regulations, each Director is required to submit to the Board of Directors the declarations and documentation proving that he/she meets the suitability requirements and

The Board assesses the suitability for office of all Directors, except for the members of the Management

The positive assessment was confirmed by the final decision of the assessment process for suitability for office concerning the members of Intesa Sanpaolo's Board of Directors adopted by the European

The assessment of the Board Members' compliance with requirements, with the same positive result,

Under the Articles of Association, at least two thirds of the Directors must meet the independence

demonstrating the absence of grounds for incompatibility, and to communicate any changes.

the suitability requirements for Board Members and the overall adequacy of the Board.

the next chapter dedicated to this Committee).

Corporate Governance Report is approved.

of all the necessary suitability requirements.

was also renewed when approving this Report.

requirements provided by Article 13.4.3.

these are more restrictive.

R. 5 R. 7

chaired by Independent Directors.

Central Bank following the renewal on 29 April 2022.

Independence requirements: Independent Directors

Group companies, and the holding of any political/institutional offices.

by the Committee itself.

Control Committee, who are assessed by the Committee itself.

Financial relationships	In order to assess the relevance of a financial relationship with the Intesa Sanpaolo Group, specific relevance indicators were applied, concerning: i. shareholding in the capital of Intesa Sanpaolo or a subsidiary ii. shareholding of a company belonging to the Intesa Sanpaolo Group in the capital of the company in question; iii. nominal credit exposure; iv. the rating assigned to the customer based on the corporate rules. The indicators differ according to the degree of proximity of the relationship to the Director (direct relationships, with subsidiaries, with companies in which executive offices are held); if quantitative monitoring and attention thresholds are exceeded, additional weighing criteria are applied to each exposure according to the risks associated with it and its position with respect to the system, as detailed in the specific internal regulations adopted by the Board.
Business or professional relationships	To assess the relevance of a business or professional relationship with Intesa Sanpaolo or another subsidiary, the Board of Directors considers the total amount of turnover resulting from relationships with companies of the Intesa Sanpaolo Group as the main relevance indicator for the relationship.

Financial
relationships

In order to assess the relevance of a financial relationship with the Intesa
Sanpaolo Group, specific relevance indicators were applied, concerning:
i.
shareholding in the capital of Intesa Sanpaolo or a
subsidiary
ii.
shareholding of a company belonging to the Intesa Sanpaolo Group
in the capital of the company in question;
iii.
nominal credit exposure;
iv.
the rating assigned to the customer based on the corporate rules.
The indicators differ according to the degree of proximity of the
relationship to the Director (direct relationships, with subsidiaries, with
companies in which executive offices are held); if quantitative monitoring
and attention thresholds are exceeded, additional weighing criteria are
applied to each exposure according to the risks associated with it and its
position with respect to the system, as detailed in the specific internal
regulations adopted by the Board.

Business or
professional
relationships

To assess the relevance of a business or professional relationship with
Intesa Sanpaolo or another subsidiary, the Board of Directors considers
the total amount of turnover resulting from relationships with companies
of the Intesa Sanpaolo Group as the main relevance indicator for the
relationship.

For all the relationships reported, when pre-set quantitative thresholds are exceeded, the Board of Directors may assign different areas of assessment, within which the specific characteristics of the relationship are analysed. For each assessment area, a risk control measure of increasing intensity or an assessment providing reasons for continuous compliance with the independence requirement is required.

The Board also takes into account the relevance of other situations that may be useful to assess the situations include any disputes that have given rise to legal proceedings between the Director and the Bank or another Group company.

The situations reported are assessed according to specific materiality thresholds.

Independent Directors do not hold positions in subsidiaries and do not receive any remuneration other than their fixed remuneration for their office and the remuneration established for participation in Board Committees.

At the date of approval of this Report, the following 14 Directors were found to have met the independence requirements laid down in the Articles of Association: Paolo Andrea Colombo, Paola Tagliavini, Liana Logiurato, Livia Pomodoro, Maria Alessandra Stefanelli, Bruno Maria Parigi, Daniele Zamboni, Maria Mazzarella, Anna Gatti, Fabrizio Mosca, Milena Teresa Motta, Maria Cristina Zoppo, Alberto Maria Pisani, Roberto Franchini. In this regard, it should be noted that the Chair of the Board of Directors does not qualify as independent only because he has held the chair position at Intesa Sanpaolo for more than nine years out of the last twelve.

The members of the Management Control Committee, also in their capacity as Board Members, positively assessed the correct application of the assessment criteria and procedures adopted by the Board of Directors to assess the independence of the said 14 Directors.

The Articles of Association govern the effects of the loss of the independence requirements. In particular, the loss of the requirement in the case of a Director, who is not also a member of the Management Control Committee, does not result in his/her disqualification from office if the minimum number of Directors satisfying the necessary requirements is met. However, this is without prejudice to the cessation from those offices for which said requirement is mandatory under applicable regulations or the Articles of Association.

The Board Regulations provide that Independent Directors shall meet without the other members at least once a year to discuss issues of interest to the functioning of the Board and corporate management. R. 5, last par.
In 2023, the Independent Directors met twice; they discussed, among other things, the efficiency and effectiveness of the way Board and Committee meetings were run, and expressed particular appreciation for the procedure allowing questions to be submitted by Directors in advance of Board meetings. The Directors expressed their full satisfaction with the answers both to questions or requests for additional details made in advance and those made directly during the meeting. The depth of discussion achieved during the meetings is considered highly satisfactory, partly thanks to the direct interaction with top management. The meetings are chaired by Independent Director Livia Pomodoro, who also calls the meetings, ensures they are recorded in minutes and reports to the Board at its next meeting. Under the Board Regulations, an Independent Director may be formally appointed as lead independent director if so requested by a majority of the Independent Directors. As of the date of approval of this Report, the majority of Independent Directors have not requested the appointment of a lead independent director. R. 13 R. 14

Management or control positions of Directors and time commitment

Each Director is responsible for examining and assessing the conditions which enable him/her to perform his/her duties diligently and with appropriate time commitment, also with regard to membership of Board Committees.

The members of the Corporate Bodies are required to devote appropriate time to the performance of their office at the Bank and to confirm this availability in writing.

The Articles of Association incorporate the guidelines provided for by current banking legislation on the limitation of directorships, designed to ensure maximum time commitment to the office held. In particular, the members of the Board of Directors can hold at most the following combinations of offices at the same time in banks or other commercial companies (including their office in Intesa Sanpaolo): R. 15

a) one executive office with two non-executive offices;

b) four non-executive offices.

To this end, the following shall be considered as one single office:

i) offices held within the same Group;
ii) offices held in companies in which the Bank has a qualifying holding;
iii) offices in banks belonging to the same institutional protection system.

Directors other than the Managing Director and CEO, the Chair of the Board of Directors and the Chairs of the Management Control Committee and the other Committees appointed by the Board of Directors are allowed to hold an additional non-executive office, under specific conditions and following the necessary evaluation by the European Central Bank.

Furthermore, by virtue of the rules on interlocking directorates (Article 36 of Decree Law No. 201/2011, converted by Law No. 214/2011), Directors cannot accept or exercise offices in the management, supervisory or control bodies of competing companies or groups of companies operating in the credit, insurance or financial markets.

Directors holding offices that are covered by the prohibition must inform the Board of the option exercised within 90 days of their appointment. If the option is not exercised by said deadline, the Director

P. XII

R. 15

in question must attest to the Board that the offices held do not give rise to situations of incompatibility pursuant to the abovementioned Article 36, stating the reasons in detail.

Directors are required to re-attest each year that they do not hold offices in the management, supervisory or control bodies of competing companies or groups of companies, to allow the plenary meeting of the Board to perform its annual assessment. The assessment was concluded with a positive outcome also with reference to the 2023 financial year at the time of approval of this Report.

Directors are required to inform the Bank of any office they hold in other companies and institutions. Table 2 of Part IV of this Report lists the management or control offices that the Board Members have stated they hold.

For the sake of completeness, it should lastly be specified that Directors cannot act in the capacity of general partners in competing companies, or engage themselves in a competing business on their own account or on behalf of third parties, or take the office of directors or general managers in competing companies, unless authorised by the Shareholders' Meeting (Article 2390 of the Italian Civil Code).

It should be noted that the Board of Directors, in the document of 1 March 2022 on the optimal qualitative and quantitative composition of the Board, quantified and disclosed the minimum time required for the performance of the various offices within the Board.

Taking these indications into account, all the Directors have consistently confirmed the required availability, both at the time of their appointment and during the annual self-assessment, having regard to the overall number of offices held and the professional activities performed.

Board induction

The members of the Management Control Committee, also in their capacity as Board Members, positively assessed the correct application of the assessment criteria and procedures adopted by the

The Board Regulations provide that Independent Directors shall meet without the other members at least once a year to discuss issues of interest to the functioning of the Board and corporate

In 2023, the Independent Directors met twice; they discussed, among other things, the efficiency and effectiveness of the way Board and Committee meetings were run, and expressed particular appreciation for the procedure allowing questions to be submitted by Directors in advance of Board meetings. The Directors expressed their full satisfaction with the answers both to questions or requests for additional details made in advance and those made directly during the meeting. The depth of discussion achieved during the meetings is considered highly satisfactory, partly thanks to the direct interaction with top management. The meetings are chaired by Independent Director Livia Pomodoro, who also calls the meetings, ensures they are recorded in minutes and reports to the Board at its next meeting. Under the Board Regulations, an Independent Director may be formally appointed as lead independent director if so requested by a majority of the Independent Directors. As of the date of approval of this Report, the majority of Independent Directors have not requested the appointment of a

Each Director is responsible for examining and assessing the conditions which enable him/her to perform his/her duties diligently and with appropriate time commitment, also with regard to membership

The members of the Corporate Bodies are required to devote appropriate time to the performance of

The Articles of Association incorporate the guidelines provided for by current banking legislation on the

In particular, the members of the Board of Directors can hold at most the following combinations of offices at the same time in banks or other commercial companies (including their office in Intesa

limitation of directorships, designed to ensure maximum time commitment to the office held.

Board of Directors to assess the independence of the said 14 Directors.

Management or control positions of Directors and time commitment

their office at the Bank and to confirm this availability in writing.

To this end, the following shall be considered as one single office:

ii) offices held in companies in which the Bank has a qualifying holding; iii) offices in banks belonging to the same institutional protection system.

a) one executive office with two non-executive offices;

necessary evaluation by the European Central Bank.

the Articles of Association.

lead independent director.

of Board Committees.

b) four non-executive offices.

insurance or financial markets.

i) offices held within the same Group;

Sanpaolo):

management.

R. 5, last par.

R. 13 R. 14

P. XII

R. 15

The Board of Directors, with the support of the Nomination Committee, taking into account the individual and collective skills and experience of the Directors, ensures the implementation of induction plans for all Board members, as well as onboarding programmes for newly appointed Directors.

In this context, on the Chair's instructions and on the basis of the outcomes of the self-assessments, initiatives for Board Members are held to increase their knowledge of the Bank's and the Group's sector of activity, corporate dynamics and their development, the principles of sound risk management and the applicable regulatory and self-regulatory framework, as well as formal and informal meetings aimed at further reviewing strategic matters ("ongoing induction").

The induction plans are drawn up periodically following (i) the first assessment carried out after appointment and (ii) the self-assessment carried out annually by the Board of Directors. In any event, Directors are given the opportunity to make individual requests for training in a specific area, whenever they consider it necessary.

During the annual self-assessment, the Board, with the support of the Nomination Committee, expresses its opinion on the implementation and quality of the past induction plan, also to help refine the process and strengthen the quality of training.

The induction sessions are organised in a well-structured manner: the Directors are formally invited by the Chair to take part, they are provided in advance with the relevant documentation and are given the option to connect via videoconference if they are unable to attend in person.

In 2023, and in 2024 up to the approval of this Report, 11 induction sessions were held to allow the Directors to examine and discuss the various aspects of the Bank's and Group's activity, the applicable regulatory framework and the duties and responsibilities of their office. See the Overview for details of the matters.

Lastly, in order to promote better understanding of the applicable corporate and regulatory framework and its development, a collection of governance documents, regulatory references, key correspondence with the Supervisory Authorities, financial reports and any additional documentation conducive to the performance of their duties is made available to Directors – and regularly updated – through a dedicated IT platform.

R. 12 d)

Conflicts of interest

Introduction

The Intesa Sanpaolo Group has adopted special measures to manage the risk of possible conflicts of interest arising from the close connections that some parties and entities may have with company decision-makers.

The set of rules and measures adopted is aimed at ensuring that the transactions entered into by the Group are carried out transparently and in line with criteria of fairness and correctness and in compliance with the principle of sound and prudent management, in line with corporate law, banking supervisory regulations and Consob provisions.

The management and control measures in place to safeguard the Bank's and the Group's capital against potential conflicts of interest are described below.

Interests of Directors

R. 37 par. 1 Any member of the Board of Directors holding an interest, on his/her own account or on behalf of third parties, in a specific Company transaction submitted to the attention of the Board of Directors or the internal Board committee of which he or she is a member shall give timely notice thereof, specifying its nature, terms, origin and scope and, where there is a conflict of interest, he/she shall abstain from the resolution.

The Board of Directors' resolution in favour of the transaction must adequately justify the reasons and convenience thereof for the Company.

The Board always has exclusive jurisdiction over decisions regarding transactions in which the Managing Director has an interest on his/her own account or on behalf of a third party and must therefore abstain from carrying out the transaction, entrusting it to the Board as per Article 2391 of the Italian Civil Code.

In this regard, the Board has adopted a policy for managing situations involving Directors with conflicts of interest.

Furthermore, in accordance with the provisions of the Group's Code of Conduct and the RPT Procedures (see paragraph below), all management body members, employees and other staff, in the performance of their respective duties, must abstain from making decisions and engaging in activities contrary to, or in conflict with, the interests of the Company and/or the Group, or otherwise incompatible with their duties.

The above is in any event without prejudice to the application of the special decision-making procedure set forth in Article 136 of the Consolidated Law on Banking and the regulations regarding transactions with related parties and associated entities, whenever the specific conditions exist.

Transactions with related parties and associated entities and obligations of bank board members and general managers

The RPT Procedures take into account both the regulations issued by Consob, pursuant to Article 2391 bis of the Italian Civil Code, and the Supervisory Provisions implementing Article 53(4) et seq. of the Consolidated Law on Banking, and, in addition, the rules laid down in Article 136 of the Consolidated Law on Banking.

The Procedures apply to the entire Group and govern, with reference to the transactions with related parties of Intesa Sanpaolo and associated entities of the Intesa Sanpaolo Group, the following aspects:

the criteria for identifying related parties and associated entities;
the process of analysis, decision-making and reporting to the Corporate Bodies on transactions executed with related parties and associated entities, with an important role of the Committee of independent directors within the Board of Directors;
market disclosure for transactions with related parties;
the prudential limits and obligations for periodic reporting to the Bank of Italy for assets at risk in relation to associated entities;
the rules governing organisational controls and safeguards;

• the general rules for disclosure and abstention for the management of the personal interests of all management body members, employees and other staff, qualifying as associated entities or otherwise.

Conflicts of interest

decision-makers.

Interests of Directors

resolution.

R. 37 par. 1

Code.

of interest.

with their duties.

general managers

Law on Banking.

regulations and Consob provisions.

convenience thereof for the Company.

potential conflicts of interest are described below.

The Intesa Sanpaolo Group has adopted special measures to manage the risk of possible conflicts of interest arising from the close connections that some parties and entities may have with company

The management and control measures in place to safeguard the Bank's and the Group's capital against

Any member of the Board of Directors holding an interest, on his/her own account or on behalf of third parties, in a specific Company transaction submitted to the attention of the Board of Directors or the internal Board committee of which he or she is a member shall give timely notice thereof, specifying its nature, terms, origin and scope and, where there is a conflict of interest, he/she shall abstain from the

The Board of Directors' resolution in favour of the transaction must adequately justify the reasons and

In this regard, the Board has adopted a policy for managing situations involving Directors with conflicts

Transactions with related parties and associated entities and obligations of bank board members and

• the process of analysis, decision-making and reporting to the Corporate Bodies on transactions executed with related parties and associated entities, with an important role of the Committee of

• the prudential limits and obligations for periodic reporting to the Bank of Italy for assets at risk in

with related parties and associated entities, whenever the specific conditions exist.

• the criteria for identifying related parties and associated entities;

independent directors within the Board of Directors; • market disclosure for transactions with related parties;

• the rules governing organisational controls and safeguards;

relation to associated entities;

Introduction

As a form of self-regulation, the Bank has extended the regulation on transactions with related parties, as well as that on risk assets and conflicts of interest with respect to associated entities to cover a wider scope than that required by the regulations.

A more detailed description of the Group procedures is provided in Part H of the Notes to the Parent Company and consolidated financial statements, available on the Bank's website, where the full text of the Procedures is also published.

The Procedures also govern operations with Directors and parties associated to them pursuant to Article 136 of the Consolidated Law on Banking.

This rule requires the adoption of a more thorough decision-making procedure (unanimous decision by the Board excluding the vote of the Director concerned, and the favourable vote of the Management Control Committee members) in order to allow the Directors to undertake obligations, directly or indirectly, with the Bank.

Self-assessment of the Board pursuant to the Supervisory Provisions and the Italian Corporate Governance Code

In 2024, the Board of Directors supported by the Nomination Committee, carried out the annual selfassessment of the composition, performance, conduct and dynamics characterising the Board and the Board Committees.

A similar self-assessment was carried out by the Management Control Committee, to which reference is made in the relevant paragraph.

The self-assessment process was performed in accordance with the provisions of the specific Board Regulations, adopted in implementation of the Supervisory Provisions on corporate governance, as well as in light of the recommendations of the Italian Corporate Governance Code.

The Chair ensures that the self-assessment process is performed effectively, that the manner of its performance is consistent with the complexity of the Board's work and that corrective measures are adopted to remedy any deficiencies identified.

The self-assessment is also an opportunity for the Board of Directors to assess the adequacy of the governance system chosen by the Company and that it meets the corporate needs.

The Board's self-assessment was performed with the professional assistance of Crisci & Partners, an expert consulting firm which has already supported the Bank in the board review process. This firm was deemed to possess the requirements of neutrality, objectivity, competence and independence envisaged by the Board Regulations. With regard to independence, it is specified that Crisci & Partners has not recently had any economic dealings with the Bank and/or Group companies, except for the previous assignments granted to the firm for its assistance in drafting the guidelines on the Board of Directors' qualitative and quantitative composition and the self-assessment process.

Pursuant to the provisions of the Board Regulations, Crisci & Partners assisted the Board of Directors in the following phases of the self-assessment process:

Information collection: information was gathered on the qualitative-quantitative composition and functioning of the Body. According to the aspects considered, this stage involved the collection of information already available to the Bank, as well the use of questionnaires and individual interviews.
Data processing: the information collected during the previous stage was analysed and consolidated, taking care to ensure the anonymity of the Directors.
Preparation of results: Crisci & Partners, after discussing the results of the data processing with the Nomination Committee, and having collectively shared them, formalised the self-assessment results in the document "Results of the Self-assessment of the Board of Directors and of the Board Committees – Financial Year 2023", which summarises the methods used and results achieved.

Before conducting the interviews, the consultants from Crisci & Partners appointed to carry them out carefully read all the minutes of the Board of Directors' meetings relating to financial year 2023, including the pre-meeting documentation, as well as, regarding the Board Committees, all the agendas and a

R. 12 e)

P. XIV R. 21 R. 22

large sample of the minutes of the meetings for the same year, including the Committees' pre-meeting documentation, in order to become acquainted with and examine the issues dealt with during the year, the comments expressing the diversified skills within the Body and the discussions held.

The questionnaire, in line with the approach adopted in the board review of the last few years, focused on various areas regarding the composition and operations of the Board and the Board Committees.

The main aspects assessed were the following:

qualitative and quantitative composition of the Board and Committees with attention to the presence of Independent Directors and diversity in terms of age, gender and seniority of service;
frequency and quality of induction meetings;
presence of management succession plans;
functioning of the body as a whole;
conduct of meetings in terms of frequency, topics discussed, duration, Board attendance and participation methods;
role of the Chair and the Chief Executive Officer;
composition, role and functioning of the Board Committees and the quality of their contribution to the Board;
information flows between bodies;
the support provided by the Secretary of the Board and the secretariat.

For the results of the self-assessment process of the Intesa Sanpaolo Board of Directors and Board Committees please refer to the Overview.

Functioning of the Board

Calling of meetings

The Board of Directors is called by the Chair whenever deemed useful or necessary, or when a written request is made by the Managing Director or by at least two Directors, therein specifying the agenda items to be dealt with; subject to prior notification to the Chair, the Board may also be convened by the Management Control Committee or its members, even individually.

The Board appoints a Secretary, who need not be one of its members, evaluating also his or her professionalism and the independence of judgment in relation to the role held. The Secretary supports the Chair and the Board in performing their respective functions, coordinating all matters necessary to the overall functioning of Board operations and providing assistance and advice to the Board of Directors on all aspects relevant to the proper operation of the corporate governance system. At the meeting held on 29 April 2022, the Board appointed the Head of the Corporate Bodies and Corporate Affairs Head Office Department as Secretary.

The Chair, upon calling the Board meeting, sets the agenda, also taking into account any requests put forward by the Directors, even individually, and ensuring that priority is given to matters of strategic importance.

The notice of call, containing the agenda of matters to be discussed, must be sent to the Directors at least four days before the meeting, by any suitable means to provide proof of receipt thereof. In particularly urgent cases, the meeting may be called by simply giving a twelve-hour notice. In any event, a Board meeting will be deemed to be validly constituted when, even in the absence of a formal call, it is attended by all Directors.

Agenda items are grouped by topic areas and it is also specified whether the item will be subject to resolution or examined merely for information purposes.

The Board usually alternates between meeting at the Turin registered office and at the Milan secondary registered office or, exceptionally, at another location in Italy. The Articles of Association also provide that Board meetings may be held remotely, provided that the identity of those attending can be verified and that all are able to follow the discussions and intervene in real time on the matters on the agenda as well as to view, receive and transmit documents.

Art. 123 bis, 2, (d) CLF

R. 18

P. IX R 11

P. IX P. X R. 11 R. 12 a)

R. 12 b)

Reports to Directors

qualitative and quantitative composition of the Board and Committees with attention to the presence
conduct of meetings in terms of frequency, topics discussed, duration, Board attendance and
composition, role and functioning of the Board Committees and the quality of their contribution to the

For the results of the self-assessment process of the Intesa Sanpaolo Board of Directors and Board

Agenda items are grouped by topic areas and it is also specified whether the item will be subject to

of Independent Directors and diversity in terms of age, gender and seniority of service;

the comments expressing the diversified skills within the Body and the discussions held.

The main aspects assessed were the following:

frequency and quality of induction meetings; - presence of management succession plans;
role of the Chair and the Chief Executive Officer;
the support provided by the Secretary of the Board and the secretariat.

Management Control Committee or its members, even individually.

resolution or examined merely for information purposes.

as well as to view, receive and transmit documents.

functioning of the body as a whole;
information flows between bodies;

Committees please refer to the Overview.

participation methods;

Functioning of the Board

Office Department as Secretary.

is attended by all Directors.

Calling of meetings

Art. 123 bis, 2, (d) CLF

R. 18

P. IX R 11

importance.

Board;

The Chair, aided by the Secretary where necessary, ensures that documentation relating to items on the agenda is brought to the attention of all Directors in accordance with criteria of completeness and suitably in advance of the meeting date; in this regard, the Board Regulations set out that the documentation must be made available, as a rule, four days before the meeting. Moreover, continuing the process to provide Directors with information on matters to be addressed by the Board further in advance, in 2023 the documentation was made available on average more than 7 days before the Board meeting.

The documentation must include everything that is necessary, useful and adequate, in quantitative and qualitative terms, with respect to the subject matters to be discussed.

Where the matters to be resolved on must be submitted in advance to the Board Committees, the Chair ensures that the documentation is made available to them in the manner and timing indicated in the specific Regulations; subsequently, the Chair ensures that the documentation in support of the Board's activities includes the opinions or any proposals put forward, on the basis of the records of the minutes of each Committee. The documentation made available to the members of a Board Committee for the performance of the related activities shall also be made available to the other Directors.

Where the documentation contains price-sensitive elements, the proposing structure shall indicate the assessments performed to guarantee the correct processing of the inside information and full compliance with the disclosure obligations established by law.

Proposals to the Board are first presented to the Chair in order to enable the latter to appropriately assess the issues to be placed on the agenda and the adequacy of the information provided to the Directors.

Particularly lengthy or complex documentation is accompanied by an executive summary highlighting the most significant points for decisions to be made, without prejudice to the fact that such document is in no way a replacement for the complete documentation sent to Directors. The resolution proposed to the Board on each agenda item is set out in a specific summary document, prepared by the Board secretariat, also highlighting the control measures adopted and the reference regulations on the Board's decision-making powers.

Directors are duty-bound to observe the Bank's internal procedures in order to ensure the absolute confidentiality of the documentation made available to them for the purpose of their decisions.

Normally, Directors consult said documentation by accessing a dedicated IT platform, which is managed by the secretariat of the Board of Directors. Directors who intend to access the documentation by other means must be authorised to do so in advance by the Chair, who may refuse authorisation if he/she believes that the requested access methods may jeopardise the confidentiality of the documentation.

In highly exceptional situations where for justified reasons the documentation could not be provided in advance, this may be supplied directly at the meeting specifying that it constitutes additional material, subject to the Chair's assessment of appropriateness and devoting to the topic any necessary information the Directors might need to obtain full knowledge in order to make related decisions (e.g. need to ensure timely external replies, also related to requests from the Authorities, or to obtain independent expert opinions before completing negotiations with counterparties, need to fine-tune internal control procedures by involving a number of corporate functions).

In any event, the Board documentation is kept – remaining available to Board Members – on the dedicated IT platform, as well as at the secretariat of the Board of Directors.

R. 12 a)

Conduct of meetings and the decision-making process

The meeting of the Board of Directors is duly constituted where the majority of its members are in attendance.

The Chair chairs the meetings and coordinates discussions, ensuring adequate space is given to the discussion of each topic on the agenda, including the examination of financial reporting, giving priority to key strategic issues and ensuring that the necessary amount of time is dedicated to them in order to guarantee a constructive debate. The Chair invites the Directors to provide their own contributions and endeavours in a neutral way to ensure that the Board's resolutions are the result of appropriate discussion, in particular between the Managing Director and the other Directors, and of the informed and reasoned contribution of all its members. In any case, the meeting must ensure the full and exhaustive discussion of each item and special attention to the content of the documents that could not be made available in advance.

The Chair of each of the Board Committees shall report on the activities carried out by the Committee on the matters under discussion falling within its remit, also providing, where appropriate, the Committee's opinion or proposal about the decision to be made. R. 17 par. 2
Directors actively participate in board discussions, contribute to discussions based on their respective skills and knowledge and analyse the various topics from different viewpoints, contributing to carrying out a reasoned decision-making process and to reaching well-pondered Board resolutions. Without prejudice to the prerogatives of the Managing Director or – where expressly so provided – the Committees, each Director may formulate proposals or motions regarding the items on the agenda to the Board of Directors. P. VI
Consistent with the provisions of the Board of Directors' Regulations, the Board, according to the subject matter to be discussed, may admit to its meetings employees and/or management body members of the Bank or Group, advisors or external experts of the Bank or other internal or external parties, for tasks within their purview and in view of the need for further information, where the presence of these individuals is howsoever deemed helpful to improve the performance of the Board's duties. The Chief Governance Officer and the Head of the Corporate Bodies and Corporate Affairs Head Office Department attend the Board meetings. Furthermore, the Regulations of the Steering Committee, in which the Bank's top managers participate, expressly regulate how these managers participate in the meetings of the Board of Directors (i) as speakers for specific items on the agenda; (ii) when annual and interim results are presented; and (iii) by invitation, at least once a year, to present relevant activities and major projects. R. 12 c)

The direct participation of management functions in the Board's proceedings allows the Directors to obtain clarification and additional information on items on the agenda and is particularly important in encouraging the appropriate contribution and involvement of Corporate Structures in the decisionmaking process. The Board meetings held during 2023 were regularly attended by Executives of the Bank and the Group companies, as well as by the Heads of the relevant corporate functions competent in the matters dealt with from time to time.

The Board normally resolves by absolute majority vote of those in attendance; in the event of a tie, the Board member chairing the meeting shall have the casting vote. Resolutions concerning the appointment and removal of the Managing Director, the assignment, modification or revocation of his/her powers and the determination of his/her remuneration, the replacement by co-option of Directors who ceased to hold office, the proposed revocation of the members of the Management Control Committee, the appointment and removal of the Manager responsible for preparing the Company's financial reports and the disqualification of Independent Directors or Directors elected by minorities other than members of the Management Control Committee are passed with the favourable vote of the majority of members in office.

The Chair, with the assistance of the Secretary, oversees the preparation of the minutes of the meetings – except when they are prepared by a notary pursuant to the law – ensuring their transcription in the appropriate mandatory corporate registers and their storage with IT tools, at the secretariat of the Board of Directors, also for consultation purposes.

P. X

The minutes describe in a detailed and exhaustive manner the conduct of the debate between the Board Directors, in order to record the opinions expressed and the decision-making process, also reporting the related reasons.

Each Director has the right to ensure that the minutes include a note of any contrary vote or abstention and the related reasons.

Resolutions passed by the Board on the agenda items are sent by the secretariat to the Corporate Structures involved, to ensure timely reporting or the subsequent implementation of the resolutions within the Bank or the Group.

Frequency of meetings and Director attendance

Pursuant to the Articles of Association, Board of Directors' meetings are held at least once a month. In practice, the Board meets on a regular basis, usually twice a month. This frequency ensures that the number of items included in the agenda is appropriate to ensure their proper discussion and constructive debate.

In 2023 the Board held 23 meetings.

Conduct of meetings and the decision-making process

Committee's opinion or proposal about the decision to be made.

attendance.

P. X

R. 17 par. 2

P. VI

R. 12 c)

be made available in advance.

the Board of Directors.

and major projects.

in office.

in the matters dealt with from time to time.

of Directors, also for consultation purposes.

The meeting of the Board of Directors is duly constituted where the majority of its members are in

The Chair of each of the Board Committees shall report on the activities carried out by the Committee on the matters under discussion falling within its remit, also providing, where appropriate, the

Directors actively participate in board discussions, contribute to discussions based on their respective skills and knowledge and analyse the various topics from different viewpoints, contributing to carrying out a reasoned decision-making process and to reaching well-pondered Board resolutions. Without prejudice to the prerogatives of the Managing Director or – where expressly so provided – the Committees, each Director may formulate proposals or motions regarding the items on the agenda to

Consistent with the provisions of the Board of Directors' Regulations, the Board, according to the subject matter to be discussed, may admit to its meetings employees and/or management body members of the Bank or Group, advisors or external experts of the Bank or other internal or external parties, for tasks within their purview and in view of the need for further information, where the presence of these individuals is howsoever deemed helpful to improve the performance of the Board's duties. The Chief Governance Officer and the Head of the Corporate Bodies and Corporate Affairs Head Office Department attend the Board meetings. Furthermore, the Regulations of the Steering Committee, in which the Bank's top managers participate, expressly regulate how these managers participate in the meetings of the Board of Directors (i) as speakers for specific items on the agenda; (ii) when annual and interim results are presented; and (iii) by invitation, at least once a year, to present relevant activities

Also based on the experience gained in organising and holding Board meetings, starting in March 2020, in response to the Covid-19 emergency, as a rule, meetings are run so that the Chairs of the Committees, involved in advance, report on the outcomes of the discussions carried out on each topic; thus, the documentation is not explained by the rapporteur, who is asked to reply to questions or requests from the Directors for further details.

Accordingly, Directors are asked to submit in advance to the Secretariat of the Board any requests on topics deemed to be of interest on individual agenda items without prejudice to their further intervening during the meeting. The Secretariat then forwards the questions to the relevant Corporate Structures, to enable them to reply before the start of the meeting; in any case, the rapporteur reports on the answers during the Board meeting, for the benefit of all present.

As in the past, Directors' attendance at meetings was constant and was 99.1%. In particular, the attendance of each Director at the meetings was 100% for 17 Directors, around 96% for 1 Director and around 87% for 1 Director. For details on the Directors' attendance, see Summary Table No. 1.

This level of attendance ensured the systematic contribution of all Directors to the management of Group and Bank business, thereby allowing the Bank to make full use of the professional skills on the Board. For all Directors, the overall commitment also includes the activities associated with the meetings (study of documentation on items on the agenda, meeting preparation, talks and requests for information, etc.) and the activities relating to participation in Board Committees.

In 2023, the Board meetings lasted an average of 3 hours and 25 minutes, which was considered sufficient time to thoroughly examine and discuss the items on the agenda, also in view of the appropriate meeting and pre-meeting information and of the number of meetings held.

In 2024, as at the date of approval of this Report, the Board has held 3 meetings. The Company's 2024 financial calendar – announced to the market (and made available on the website) in December 2023 in compliance with the Borsa Italiana Regulations – indicates the following dates for meetings:

3 May review of the Interim Statement as at 31 March 2024
30 July review of the Half-yearly Report as at 30 June 2024
31 October review of the Interim Statement as at 30 September 2024.

Corporate Bodies and Corporate Affairs Department

In support of the activity of the Board and the Committees, the Corporate Bodies and Corporate Affairs Head Office Department coordinates the functions of the secretariat, ensures the information and advisory support necessary for the Bodies' functioning, and coordinates the definition of the rules and proposals of the main corporate governance documents within the remit of the Secretary of the Board, to be submitted to the Bodies for approval.

R. 18

P. IX

Concurrently, the measures concerning the specialised monitoring of the Group's main corporate governance processes are prepared, ensuring legal advice for the proper functioning of the governance provisions, including those relating to the suitability requirements of management body members, transactions with related parties, as well as the associated interactions with the Supervisory Authorities.

The Management Control Committee

Duties and powers

The Management Control Committee, appointed by the Shareholders' Meeting and established within the Board of Directors pursuant to the Articles of Association, performs the duties assigned by applicable regulations to the control body of the listed parent company of a banking group heading a financial conglomerate, as established by the legal and regulatory provisions, as well as the Articles of Association and the Committee Regulations.

The Regulations govern the Committee's operations and organisation, in compliance with the provisions of laws, regulations and the Articles of Association and, to the extent applicable, with the provisions of the Corporate Governance Code.

Among other activities, the Committee supervises:

(i) compliance with the regulations, the principles of correct management and the actual implementation of the corporate governance rules set forth in the Corporate Governance Code,

(ii) the adequacy of the Company's organisational, administrative and accounting structure,

(iii) the statutory audit process and accounting and financial disclosures,

(iv) the adequacy, efficiency and functionality of the internal control system,

(v) the adequacy, efficiency and functionality of the risk governance and management process and the business continuity plan.

In its role as Internal Control and Audit Committee, the Committee exercises the functions assigned to it by Article 19 of Legislative Decree no. 39/2010.

The Committee is also exclusively entrusted with the task of examining and conducting a prior assessment of the accounting/financial documentation of the Board of Directors' resolutions.

The Committee has independent powers of initiative and control and its members may at any time, also individually, carry out inspections and controls, also on Group companies, or delegate one of its members to do so. For the purpose of performing its duties, the Committee has unrestricted access to all the Bank's corporate functions. It may also independently appoint external consultants and has adequate financial resources to this end.

The Committee or any of its members, also individually, may also ask the heads of the corporate control functions to report any relevant data and information to the Committee.

The Committee promptly submits to the competent Authorities all the notifications required by the applicable regulations.

The Committee promptly notifies the Board and the Managing Director of any gaps and irregularities found, also as a result of checks specifically requested by the Supervisory Authorities, requires that suitable corrective measures be taken and monitors their effectiveness over time.

In any event, the Committee Chair shall inform the Board of the supervisory activities, checks and audits conducted and their outcomes at least every quarter.

Composition and appointment

The Management Control Committee is composed of 5 Board Members, all independent pursuant to the current regulations and the Articles of Association. Two members must belong to the lessrepresented gender.

The members of the Committee in office at the time of the approval of this Report were elected by the Shareholders' Meeting of 29 April 2022, which also appointed Alberto Maria Pisani as Chair.

Members	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Alberto Maria Pisani – Chair	X	100%
Roberto Franchini	X	98%
Fabrizio Mosca	X	100%
Milena Teresa Motta	X	100%
Maria Cristina Zoppo	X	100%

R. 32 f)

P. VIII

R. 35 h)

No member of the Committee is a member of any other Board-appointed committees, although the Articles of Association would allow them to also be members of the Risks and Sustainability Committee and the Committee for Transactions with Related Parties.

With regard to the election of the Committee members and its Chair, see the contents previously illustrated in the paragraph on the appointment of the Board Members, which refers to the provisions of the Articles of Association under which the Committee is elected on the basis of slates of candidates submitted by the Shareholders.

Term of office, replacement and removal

The members of the Management Control Committee remain in office for the entire term of office of the Board of Directors in which they were elected; the term of the current members covers the 2022/2023/2024 financial years and expires at the subsequent Shareholders' Meeting called to approve the financial statements for the last year of their term of office.

With regard to the replacement and removal of the Committee members, see the paragraph on the replacement and removal of Board Members.

Suitability requirements

The members of the Management Control Committee must all be independent and meet the requirements applicable to Board Members (see the relevant paragraph on the Board), as well as the additional requirements of professionalism laid down in the regulations and the Articles of Association, under penalty of disqualification from office.

Committee members must also comply with the limitation of directorships provided by the law and by the current regulations for appointment as members of the control bodies of a bank issuing shares listed on regulated markets. Furthermore, they must comply with the additional limitations set out in the Articles of Association, which prohibit Committee members from taking up:

✓ executive offices in other undertakings;
✓ more than two non-executive offices in corporate bodies (including as members of control bodies) of other large companies.

Moreover, in compliance with supervisory regulations, the members of the Committee cannot take up offices in bodies other than control bodies of other Group companies, companies belonging to the financial conglomerate and companies in which the Bank holds a strategic interest. As members of the control body of a company with listed shares, Committee members are also subject to the rules on the limitation of directorships laid down in Article 148-bis of the Consolidated Law on Finance and the related implementing regulations: these rules set out the limits and parameters to be applied to determine the limit on the number of offices held, as well as the manner and deadline of the disclosure to Consob and the public.

For each Committee member, the loss of the requirements of independence or professionalism, or the failure to comply with the limitation of directorships pursuant to the Articles of Association, will result in the Board Member's disqualification from office.

Therefore, if an Independent Director who is a member of the Committee no longer meets the independence requirement, he/she will also be disqualified from being a Committee member and a Director. The same applies if he/she ceases to be a statutory auditor, even if another three members of the Committee who are statutory auditors remain in office.

In accordance with the requirements of the Supervisory Provisions and the internal regulations, following the renewal of the Bodies in 2022, the Committee, based on the statements made by the parties involved and on the information available to the Bank, confirmed that each of its members met the necessary requirements, including that of independence, giving notice thereof to the Board. The members declared they met the professionalism and integrity requirements and complied with the criteria of competence, reputation and fairness, independence and time commitment, complied with the specific limitation of directorships and were unaffected by the incompatibilities referred to in the applicable regulations and the Articles of Association. The Committee also found that its overall composition met the recommendations addressed to shareholders published in March 2022. R. 9 R. 10

The positive assessment was confirmed by the final decision of the assessment process for suitability for office concerning the members of Intesa Sanpaolo's Board of Directors, adopted by the European Central Bank following the renewal on 29 April 2022.

The assessment of suitability requirements was successfully renewed by the Committee at the time of the approval of this Report.

Art. 123 bis, 1 (l), CLF

P. VIII R. 9

Functioning of the Committee

No member of the Committee is a member of any other Board-appointed committees, although the Articles of Association would allow them to also be members of the Risks and Sustainability Committee

With regard to the replacement and removal of the Committee members, see the paragraph on the

✓ more than two non-executive offices in corporate bodies (including as members of control bodies)

The assessment of suitability requirements was successfully renewed by the Committee at the time of

and the Committee for Transactions with Related Parties.

the financial statements for the last year of their term of office.

of Association, which prohibit Committee members from taking up:

submitted by the Shareholders.

Art. 123 bis, 1 (l), CLF

P. VIII R. 9

P. XII R. 15

R. 9 R. 10 Suitability requirements

the public.

Term of office, replacement and removal

replacement and removal of Board Members.

under penalty of disqualification from office.

✓ executive offices in other undertakings;

the Board Member's disqualification from office.

the Committee who are statutory auditors remain in office.

Central Bank following the renewal on 29 April 2022.

the approval of this Report.

recommendations addressed to shareholders published in March 2022.

of other large companies.

The Committee normally meets – including remotely, as allowed by its Regulations – on a weekly basis; the meeting is convened by a notice of call containing the agenda, typically sent by the Committee's Secretariat three days before the date set for the meeting. The secretariat ensures compliance with the planned manner and timing and with the procedures to ensure compliance with any instructions issued by Authorities.

The meeting notice is usually accompanied by the documentation necessary for the performance of the Committee's duties; during the meeting, all matters on the agenda are discussed extensively, and any additional details requested, even on the spot, are provided.

The Chair of the Committee convenes and chairs the meetings, directs, coordinates and moderates the discussion and, on behalf of the Committee, describes the results of the activities carried out to the Board.

In the performance of its duties, the Committee relies on the corporate control functions and, in particular, on the internal audit function, which also reports functionally to the Committee, which monitors the function's independence, adequacy, effectiveness and efficiency.

The Committee receives from the heads of the corporate control functions reports on specific situations, breaches or significant shortcomings – periodically or at the Committee's express request – and examines their activity plans.

The Committee coordinates with the Risks and Sustainability Committee for the matters under its competence. Certain information flows are discussed in joint meetings, while each Committee makes its assessments independently. Since none of the members of the Management Control Committee currently sits in the Risks and Sustainability Committee, one of the Management Control Committee members, appointed in rotation, attends the meetings of the Risks and Sustainability Committee without voting rights, and then reports back to the Control Body.

During 2023, the Committee held 44 meetings in total. For details, see Summary Table No. 1 contained in Part IV of the Report.

The meetings lasted on average about 4 hours and 5 minutes, which was considered an adequate amount of time to ensure thorough examination and discussion of the items on the agenda, also in light of the appropriate prior disclosures and of the number of meetings held.

In 2024, at the date of approval of this Report, the Committee has held 10 meetings.

Areas of activity	Key themes	Summary of the main activities carried out
Compliance with regulations and correct management	Compliance with the law, regulations and the Articles of Association	The Committee reviewed: - the Report on adjustments to the provisions of the "40th Update of Circular 285" transposing the EBA Guidelines on ICT and Security Risk Management; - the proposal to align the Bank's Covered Bonds Programmes with the new Supervisory Provisions; - the proposal to update the "Group rules on the internal reporting system of violations (Whistleblowing)" with the changes introduced by Italian Legislative Decree No. 24/2023. The Committee also supervised the procedures for the effective implementation of the corporate governance rules laid down in the Corporate Governance Code, also through a review of the Report on Governance.

The main activities carried out by the Committee in 2023, in compliance with its powers and its Regulations, were:

R. 35 e) g)

R. 37 par. 2

	Compliance with the principles of correct management	The Committee: - received the usual quarterly report on transactions with related parties of Intesa Sanpaolo and associated entities of the Group, pursuant to the Group Regulations and Article 150(1) and (2) of the Consolidated Law on Finance. On that occasion, the Committee also received the report on the interests declared by the Directors when the Bank carried out certain transactions, pursuant to Article 2391 of the Italian Civil Code and/or Article 53(4) of the Consolidated Law on Banking; - reviewed: (i) the proposal to update the Code of Ethics aimed, among other things, at implementing the Bank's significant commitments on ESG and sustainability issues, and the internal regulations adopted to govern specific ESG and sustainability aspects; and (ii) the Annual Report on the proper implementation of the Code and compliance with the principles of social and environmental responsibility.
Internal control system	Meetings with the heads of the Corporate Control Functions	The Committee met with the heads of the Corporate Control Functions to discuss the following issues, among others: Chief Audit Officer - SAIL (Strategic Audit Innovation Line-up) development programme and the main project developments in the area of "Data-Driven Audit"; - control framework adopted by Isybank; - results of the checks conducted with regard to the adoption of IFRS 17 in insurance financial statements; - results of the analyses on the suitability of the remedial actions implemented by the Bank following the findings of the Bank of Italy's transparency checks. Chief Compliance Officer Governance Area - progress of the Compliance Next Programme, aimed at implementing digitalisation, efficiency and internationalisation of the compliance function; - adoption of the Group Guidelines on the use of Artificial Intelligence, drawn up to use AI in compliance with the principles of protection of public interests (health, safety and protection of fundamental rights) recognised and protected by the European Union. Chief Risk Officer Governance Area - management of the process for Most Significant Transactions. The Committee also reviewed the update to the Risk Assessment carried out by the Corporate Control Functions on the progress of the macro initiatives of the 2022-2025 Business Plan, discussing the main aspects subject to monitoring and the actions identified to mitigate the related potential risks.
Administrative accounting and financial reporting system	Supervision of the administrative accounting system	The Committee reviewed the proposals to expand the tasks to be conferred on the Independent Auditors for the performance of activities related to the ESEF Financial Statements, tax returns, non-recurring IT audit procedures on the Journey to Cloud, and, under Pillar 3, qualitative and quantitative disclosures on ESG risk. Where requested, the Committee gave a favourable opinion.
	Statutory audit process	The Committee: - received periodic reports on the set of tasks assigned to the Independent Auditors pursuant to the relevant Group Regulations, with the aim of assessing their independence and monitoring that relevant regulations are applied; - reviewed the Audit Plan and the activities under way for formulating the opinion on the 2023 Financial Statements.
	Accounting and financial information	The Committee met with the Manager responsible for preparing the Company's financial reports, the relevant corporate functions and the Independent Auditors, to review the Interim Statement as at 31 March 2023, the consolidated Half-yearly Report as at 30 June 2023, the Interim Statement as at 30 September 2023, and the Financial Statements as at 31 December 2023. In this context, the Manager responsible for preparing the Company's financial reports also provided information on

		the most significant transactions with regard to profitability, financial position and assets and liabilities pursuant to Article 150(1) and (2) of the Consolidated Law on Finance. The Committee also examined the strengthening of information processes and systems in the measurement of insurance contracts in application of IFRS 17.
Relations with Supervisory Authorities	ECB and International Authorities	In its relations with the ECB, the Committee received regular updates on the development of the Supervisory Plans for the ECB's Inspections, Thematic Reviews and Deep Dives, as well as on the drafting and progress of the related Action Plans. As regards relations with international Supervisory Authorities, the Committee received, among others, the results of the annual inspection conducted by the New York State Department of Financial Services on the New York branch.
	Italian Authorities	The Committee reviewed, among other things: - the developments in the proceedings notified by the AGCM (Italian Competition Authority) to Intesa Sanpaolo RBM Salute and Previmedical, as well as the proceedings notified to Isybank; - the findings of the self-assessment exercise on Payment Protection Insurance (PPI) policies as requested by the European Insurance and Occupational Pensions Authority (EIOPA) and the replies sent to IVASS' request for details on specific PPI aspects.
IT systems, risk management and business continuity	IT systems	The Committee discussed in depth with the Chief Data, A.I., Innovation and Technology Officer: - the Group Cybersecurity Strategy and the project initiatives under the IT Security Plan; - the outcomes of the annual review on Operational Risk and ICT Risk Assessment processes in payment services; - the safeguards introduced and actions taken to strengthen the Group's Business Resilience in outsourced Critical Services.
	Risk management and business continuity	The Committee: - continued to monitor the aspects related to the ongoing military conflict between Russia and Ukraine; - met with the Chief Lending Officer to discuss, among other topics, (i) the progress of the projects launched on credit granting processes and the related regulatory compliance paths, and (ii) the process of credit data management within the Group's Data Governance/Data Quality model and the related alignment with the main regulatory developments/requirements of the Supervisory Authority.
Anti-Financial Crime	Anti-money laundering and terrorist financing	The Committee met with the head of the Anti-Money Laundering function to review the progress of the ENIF Multi-Year Strategic Plan. In particular, the meetings focussed on actions to further strengthen the Financial Sanctions (FS) management mechanisms, also in light of the changed geopolitical context, and data governance and data quality mechanisms, applying the Group's framework to the relevant areas.
		The Committee also reviewed the proposed update to the Guidelines for combating money laundering and the financing of terrorism and for managing embargoes incorporating, among others, the Bank of Italy's Order of 1 August 2023, which introduced the role of the "Anti-Money Laundering Officer" (assigned by the Bank to the Managing Director and CEO) and the appointment of a Group Anti-Money Laundering Head (role given to the Head of the Anti-Money Laundering Function of the Parent Company).
Activity conducted as Parent Company	Focus on the main critical issues	The Committee: - met with the Board of Statutory Auditors of Intesa Sanpaolo RBM Salute to discuss in particular aspects related to: (i) the Subsidiary's

Compliance with the principles of correct management

Meetings with the heads of the Corporate Control Functions

Supervision of

administrativeaccounting system

Statutory audit process

Accounting and financial information

the

Internal control

Administrativeaccounting and financial reporting system

system

The Committee:

Chief Audit Officer

received the usual quarterly report on transactions with related parties of Intesa Sanpaolo and associated entities of the Group, pursuant to the Group Regulations and Article 150(1) and (2) of the Consolidated Law on Finance. On that occasion, the Committee also received the report on the interests declared by the Directors when the Bank carried out certain transactions, pursuant to Article 2391 of the Italian Civil Code
reviewed: (i) the proposal to update the Code of Ethics aimed, among other things, at implementing the Bank's significant commitments on ESG and sustainability issues, and the internal regulations adopted to govern specific ESG and sustainability aspects; and (ii) the Annual Report on the proper implementation of the Code and compliance with

The Committee met with the heads of the Corporate Control Functions to

SAIL (Strategic Audit Innovation Line-up) development programme and the main project developments in the area of "Data-Driven Audit";
results of the checks conducted with regard to the adoption of IFRS 17
results of the analyses on the suitability of the remedial actions implemented by the Bank following the findings of the Bank of Italy's
progress of the Compliance Next Programme, aimed at implementing digitalisation, efficiency and internationalisation of the compliance
adoption of the Group Guidelines on the use of Artificial Intelligence, drawn up to use AI in compliance with the principles of protection of public interests (health, safety and protection of fundamental rights)

The Committee also reviewed the update to the Risk Assessment carried out by the Corporate Control Functions on the progress of the macroinitiatives of the 2022-2025 Business Plan, discussing the main aspects subject to monitoring and the actions identified to mitigate the related

The Committee reviewed the proposals to expand the tasks to be conferred on the Independent Auditors for the performance of activities related to the ESEF Financial Statements, tax returns, non-recurring IT audit procedures on the Journey to Cloud, and, under Pillar 3, qualitative and quantitative disclosures on ESG risk. Where requested, the

received periodic reports on the set of tasks assigned to the Independent Auditors pursuant to the relevant Group Regulations, with the aim of assessing their independence and monitoring that relevant
reviewed the Audit Plan and the activities under way for formulating the

The Committee met with the Manager responsible for preparing the Company's financial reports, the relevant corporate functions and the Independent Auditors, to review the Interim Statement as at 31 March 2023, the consolidated Half-yearly Report as at 30 June 2023, the Interim Statement as at 30 September 2023, and the Financial Statements as at 31 December 2023. In this context, the Manager responsible for preparing the Company's financial reports also provided information on

and/or Article 53(4) of the Consolidated Law on Banking;

the principles of social and environmental responsibility.

discuss the following issues, among others:

control framework adopted by Isybank;

Chief Compliance Officer Governance Area

recognised and protected by the European Union.

management of the process for Most Significant Transactions.

in insurance financial statements;

Chief Risk Officer Governance Area

Committee gave a favourable opinion.

opinion on the 2023 Financial Statements.

transparency checks.

function;

potential risks.

The Committee:

regulations are applied;

		internal control system and organisational structure and (ii) the main issues found by the Corporate Control Functions in the Company; - reviewed the 2023-2025 IT Strategic Roadmap of the Group's international subsidiary banks with a focus on the outcomes of the Risk Assessment conducted on the Core Banking Systems of those Banks.
Adequacy of the organisational structure	Corporate Control Functions	The Committee reviewed: - the progress of the upskilling and reskilling programme for Group people envisaged in the Business Plan, with particular regard to the Corporate Control Functions, as well as the process to support employee development goals; - the final results of the analysis conducted by the Chief Operating Officer on the sizing of the second-level Control Functions, which identified – in both qualitative and quantitative terms – the overall human resource requirements for the structures of the Chief Compliance Officer and Chief Risk Officer Governance Areas; - the implementation of actions to revise the organisational structure and strengthen the position of the Internal Validation Function.
	Other functions of the Bank	The Committee was involved – to the extent of its remit – in the areas under the management of Top Risk Takers, also taking into account the relevant Group Rules. In addition, during meetings with the Chief Lending Officer and the Chief Data, A.I., Innovation and Technology Officer, the Committee was informed of the main changes in their organisational structures.

On a quarterly basis, the Committee illustrated to the Board of Directors the supervisory, due diligence and examination activities carried out and their results; it also periodically met with the Managing Director to further investigate specific topics of interest and examine the key points highlighted in its reports. R. 35 h)

The Committee's self-assessment

Each year, the Management Control Committee performs a separate self-assessment on its own composition and functioning, in line with its mandate as a control body to supervise the correct and effective performance of the corporate governance functions. In doing so, it applies criteria and methods consistent with the characteristics of its function within the one-tier governance model.

The self-assessment process is performed in accordance with the provisions of the Regulations on the Board of Directors' self-assessment process; it covers the Committee as a whole and the contribution of its individual Members to its work.

Given the need for consistency and overall coherence of the results, the process is typically entrusted to the same individuals designated by the Board, who in this case, however, report directly to the Chair of the Management Control Committee, who remains responsible for the process as a whole.

The self-assessment for the year 2023 was performed with the professional assistance of Crisci & Partners, an expert independent consulting firm which at the same time also supported the Board of Directors in its self-assessment process.

The qualitative and quantitative results have confirmed the full adequacy of the Committee and the high level of overall compliance with the provisions of the Corporate Governance Code, the EBA guidelines, the provisions of Bank of Italy Circular No. 285/2013 and the best practices of other listed companies, in so far as comparable with the Bank.

The Committee therefore assessed the Committee's own size, composition and functioning as being satisfactory.

R. 22

P. XIV R. 21 R. 22

Board Committees: composition and operation

internal control system and organisational structure and (ii) the main issues found by the Corporate Control Functions in the Company; - reviewed the 2023-2025 IT Strategic Roadmap of the Group's international subsidiary banks with a focus on the outcomes of the Risk Assessment conducted on the Core Banking Systems of those Banks.

the progress of the upskilling and reskilling programme for Group people envisaged in the Business Plan, with particular regard to the Corporate Control Functions, as well as the process to support
the final results of the analysis conducted by the Chief Operating Officer on the sizing of the second-level Control Functions, which identified – in both qualitative and quantitative terms – the overall human resource requirements for the structures of the Chief Compliance Officer and
the implementation of actions to revise the organisational structure and

The Committee was involved – to the extent of its remit – in the areas under the management of Top Risk Takers, also taking into account the

In addition, during meetings with the Chief Lending Officer and the Chief Data, A.I., Innovation and Technology Officer, the Committee was

strengthen the position of the Internal Validation Function.

informed of the main changes in their organisational structures.

Adequacy of

Corporate Control Functions

Other functions of the Bank

The Committee reviewed:

relevant Group Rules.

The self-assessment for the year 2023 was performed with the professional assistance of Crisci & Partners, an expert independent consulting firm which at the same time also supported the Board of

The Committee therefore assessed the Committee's own size, composition and functioning as being

of the Management Control Committee, who remains responsible for the process as a whole.

consistent with the characteristics of its function within the one-tier governance model.

employee development goals;

Chief Risk Officer Governance Areas;

organisational structure

the

reports.

R. 35 h)

P. XIV R. 21 R. 22

R. 22

satisfactory.

The Committee's self-assessment

of its individual Members to its work.

Directors in its self-assessment process.

in so far as comparable with the Bank.

The Committees are the organisational bodies through which the Board of Directors increases the effectiveness of its strategic supervision role. Without prejudice to the Board's corporate powers and responsibilities, the Committees have the proposal, advisory and inquiry duties (including the issue of opinions, where provided for by applicable rules) assigned to them by applicable regulations and, to the extent applicable, the Corporate Governance Code and the Articles of Association. They also perform those duties that, in accordance with each Committee's function, are specifically assigned to them by the Regulations approved by the Board, which also govern their organisation and operation.

Pursuant to the Articles of Association, the Committees are composed of a minimum of three and a maximum of five non-executive Board Members, who are mainly independent. No Board Member may take up the office of Chair of more than one Committee or sit on more than two Committees.

As also provided for in the Supervisory Provisions, the following Committees are established within the Board of Directors:

− Nomination Committee: 5 members, including the Deputy Chair and the Chair of the Board of Directors, 3 of whom are independent pursuant to the applicable regulations and the Articles of Association; 2 members are enrolled with the Register of Statutory Auditors and have practised for at least three years;
− Remuneration Committee: 5 members, including the Deputy Chair of the Board of Directors, 3 of whom are independent pursuant to the applicable regulations and the Articles of Association; 1 member is enrolled with the Register of Statutory Auditors and has practised for at least three years;
− Risks and Sustainability Committee: 5 members, 3 of whom are independent pursuant to the applicable regulations and the Articles of Association and 3 are enrolled with the Register of Statutory Auditors and have practised for at least three years.

The Committee for Transactions with Related Parties is also in place; it is composed of 5 members, all independent pursuant to the applicable regulations and the Articles of Association; 2 members are enrolled with the Register of Statutory Auditors and have practised for at least three years.

In establishing the Committees, the Board took into consideration the professional characteristics and experience of the Board Members, so that each Committee is composed of members whose skills and professionalism are consistent with the duties assigned to them and who are able to ensure the performance of their tasks with adequate time commitment.

The work of each Committee is coordinated and directed by a Chair, who must be independent and may not serve as the Chair of any other Board Committee.

The Chair calls the Committee meetings and reports on the Committee's activities, proposals and opinions during Board meetings. In the event of absence or impediment of the Chair, the longest-serving independent member or, in the case of equal terms of service, the eldest member takes on the functions.

Meetings are usually held at the secondary office in Milan and may also be validly held via telecommunication methods. In that case, they are considered to have been held at the Chair's location.

The Regulations of each Committee require that the minutes of each meeting be prepared by an appointed secretary, who may also be a non-member, in which case the secretary should be selected from the secretariat supporting the Bodies.

Each Committee may contact the corporate functions to access the information required to perform its tasks. Committees can also make use of external consultants, as indicated in each set of Regulations.

Individuals who are not part of a Committee may attend Committee meetings provided they are invited by the Chair of the Committee concerned, and only in relation to specific items on the agenda.

The Chief Governance Officer and the Secretary of the Board of Directors are invited to and may attend the Committees' meetings, including by delegating a staff member.

Also considering the time dedicated to each task, the Committees' work is always performed in a constructive environment based on exchange and dialogue among the respective members, encouraging personal contributions, open discussion and dialectic not only among Board Members but also with the heads of the control functions, Divisions, Governance Areas and of the various Structures involved from time to time in the meetings within the scope of their responsibility.

P. XI R. 16 R. 17

R. 26

R. 17 par. 2

Art. 123 bis, 2 (d), CLF Detailed information is provided below on each of the Committees that the Board established on 6 May 2022 for the financial years 2022/2023/2024, including their composition, duties and activities in 2023, together with details on meetings held and members' attendance.

Nomination Committee
Members	Enrolment with the Register of Statutory Auditors Practice as an auditor	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Livia Pomodoro – Chair		X	100%
Paolo Andrea Colombo	X	X	100%
Gian Maria Gros-Pietro			100%
Maria Mazzarella		X	100%
Bruno Picca	X		100%

In 2023, the Committee met 8 times, with an average meeting duration of about 35 minutes.

The Committee performs inquiry and advisory duties supporting the Board in the following areas:

in defining the policies on the suitability requirements for the members of the Parent Company's Bodies and the related guidance and coordination criteria for the Group companies;
R. 19 b) c)
the process of appointing or co-opting the Directors to ensure that the Board's composition, in terms of size and professionalism, enables it to fulfil its duties efficiently. In this regard, the Committee supports the Board in identifying in advance the qualitative and quantitative composition considered to be optimal, including the qualifications of the candidates, to be presented at the Shareholders' Meeting in time for the appointment of the Directors;
in assessing the suitability of Directors other than members of the Management Control Committee and the correspondence between the composition deemed optimal and that resulting from the appointment;
in assessing, at the time of each significant update and at least once a year, the Directors' continuous compliance with the suitability requirements (excluding from the assessment the members of the Management Control Committee);
in designing the body's self-assessment procedure and implementing it on an annual basis;
- in adopting the criteria for appointing the members of the Corporate Bodies of the subsidiaries, as well as evaluating the proposals for appointing the members of the Corporate Bodies of the main subsidiaries.
Moreover, the Committee is specifically heard by the Board when selecting the Managing Director. In coordination with the Chair of the Board of Directors, the Committee also supports the Board in defining the process governing succession plans for its members, including the Managing Director. Lastly, the Committee supports the Risks and Sustainability Committee in preparing proposals for R. 19 e) R. 24

appointing and removing the heads of the Compliance, Risk Management and Internal Audit Functions. Below are the main issues reviewed and discussed in 2023:

Areas of activity	Key themes	Summary of the main activities carried out
Assessment of the suitability requirements for each Board Member and of the appropriate Board composition. Self-assessment procedure	• Review of the suitability requirements of Board Members on an annual basis • Self-assessment of the Board and the Board Committees	The Committee supported the Board: • in assessing the suitability of Board members on an annual basis and in reviewing any updates to their positions in line with the relevant regulations; • in designing the Body's self-assessment process and implementing it for the year 2022, with the aid of an external consultant.
Appointment, composition and	• Nominations in subsidiaries	The Committee supported the Board in reviewing the nomination of certain members of the Corporate Bodies of

R. 19 a)

nomination of members of the Corporate Bodies of major subsidiaries		38 subsidiaries, including 14 Italian and 24 foreign subsidiaries.

Remuneration Committee

Detailed information is provided below on each of the Committees that the Board established on 6 May 2022 for the financial years 2022/2023/2024, including their composition, duties and activities in 2023,

Register of Statutory

Practice as an auditor

Livia Pomodoro – Chair X 100% Paolo Andrea Colombo X X 100% Gian Maria Gros-Pietro 100% Maria Mazzarella X 100% Bruno Picca X 100%

The Committee performs inquiry and advisory duties supporting the Board in the following areas: - in defining the policies on the suitability requirements for the members of the Parent Company's

the process of appointing or co-opting the Directors to ensure that the Board's composition, in terms of size and professionalism, enables it to fulfil its duties efficiently. In this regard, the Committee supports the Board in identifying in advance the qualitative and quantitative composition considered to be optimal, including the qualifications of the candidates, to be presented at the Shareholders'
in assessing the suitability of Directors other than members of the Management Control Committee and the correspondence between the composition deemed optimal and that resulting from the
in assessing, at the time of each significant update and at least once a year, the Directors' continuous compliance with the suitability requirements (excluding from the assessment the members of the
in adopting the criteria for appointing the members of the Corporate Bodies of the subsidiaries, as well as evaluating the proposals for appointing the members of the Corporate Bodies of the main

Moreover, the Committee is specifically heard by the Board when selecting the Managing Director. In coordination with the Chair of the Board of Directors, the Committee also supports the Board in defining

Lastly, the Committee supports the Risks and Sustainability Committee in preparing proposals for appointing and removing the heads of the Compliance, Risk Management and Internal Audit Functions.

The Committee supported the Board:

external consultant.

• in assessing the suitability of Board members on an annual basis and in reviewing any updates to their

The Committee supported the Board in reviewing the nomination of certain members of the Corporate Bodies of

positions in line with the relevant regulations; • in designing the Body's self-assessment process and implementing it for the year 2022, with the aid of an

in designing the body's self-assessment procedure and implementing it on an annual basis;

the process governing succession plans for its members, including the Managing Director.

Areas of activity Key themes Summary of the main activities carried out

Bodies and the related guidance and coordination criteria for the Group companies;

Auditors

Independent pursuant to the applicable regulations and the Articles of Association

Attendance percentage at meetings

together with details on meetings held and members' attendance.

In 2023, the Committee met 8 times, with an average meeting duration of about 35 minutes.

Meeting in time for the appointment of the Directors;

Below are the main issues reviewed and discussed in 2023:

basis

Committees

• Nominations in subsidiaries

• Review of the suitability requirements of Board Members on an annual

• Self-assessment of the Board and the Board

Members Enrolment with the

Nomination Committee

Art. 123 bis, 2 (d), CLF

R. 19 b) c)

R. 19 a)

R. 19 e) R. 24

appointment;

subsidiaries.

Assessment of the suitability requirements for each Board Member and of the appropriate

Appointment, composition and

Board composition. Self-assessment procedure

Management Control Committee);

Members	Enrolment with the Register of Statutory Auditors Practice as an auditor	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Paolo Andrea Colombo – Chair	X	X	100%
Franco Ceruti			100%
Anna Gatti		X	100%
Liana Logiurato		X	100%
Luciano Nebbia			100%

In 2023, the Committee met 18 times, with an average meeting duration of about 1 hour and 34 minutes.

The Remuneration Committee members must have knowledge and experience relevant to the areas of competence of the Committee and in particular in the field of finance or remuneration policies.

Pursuant to its Regulations, the Committee inquires, proposes and advises on remuneration and incentive matters to support the Board of Directors and, among other things:

supports the Board in formulating proposals to be submitted to the Shareholders' Meeting for approval concerning:
- Remuneration Policies for Board Members, employees and other staff not bound by an employment agreement, Remuneration and Incentive Plans based on financial instruments, criteria for calculating severance payments in the event from early termination of employment contract or office and the Report on Remuneration;
- the establishment of the ratio of the variable to fixed component of individual staff remuneration higher than 1:1;
makes proposals to the Board, based on the Remuneration Policies approved by the Shareholders' Meeting, with regard to:
- the additional remuneration, including in a variable amount, due for the specific office of Managing Director and General Manager, the remuneration to be paid to other Directors that have been assigned additional specific offices in accordance with the Articles of Association (except for the compensation of its members, which is determined by the Board) and the remuneration for the members of the Surveillance Body;
- the remuneration and incentive systems and compensation of the Group's Top Risk Takers;
supports the Board in verifying the proper implementation of the remuneration policies approved by the Shareholders' Meeting and in reviewing said policies at least annually, with a focus on their adequacy and overall consistency;
also performs the duties of Committee for Transactions with Related Parties in accordance with the provisions of the RPT Procedures, with regard to transactions concerning remuneration.

Areas of activity	Key themes	Summary of the main activities carried out
Remuneration proposals to be submitted to the Shareholders' Meeting for approval	- Remuneration policies - Report on Remuneration	The Committee supported the Board: • in updating the internal regulations on remuneration, in the parts concerning both the Remuneration Policies and the Implementing Provisions; • in approving the Report on remuneration policy and compensation paid drawn up pursuant to Article 123- ter of the Consolidated Law on Finance.

Below are the main issues reviewed and discussed in 2023:

R. 26 par. 1

R. 26 par. 2

P. XVII R. 25 c) d)

Proposals based on the remuneration policies approved by the Shareholders' Meeting	- Remuneration and incentive systems for Top Risk Takers - Selection of an external consultant	The Committee, also in its capacity as Committee for Transactions with Related Parties, made proposals to the Board on the 2023 Incentive System for the Group's Top Risk Takers and was involved – to the extent of its remit – in the areas pertaining to the management profiles of Top Risk Takers.
		The Committee, with the support of the Chief Operating Officer Governance Area, renewed the annual appointment of its external consultant to provide support on certain issues within the Committee's remit.
Support in identifying staff who have an impact on the Group's risk profile	- Key personnel identification process	The Committee supported the Board in defining the scope of Risk Takers both at Group level and at the level of Intesa Sanpaolo as a Legal Entity, in accordance with the relevant Guidelines.
Verification of the proper implementation of remuneration rules	- Verification of achievement of performance targets - Verification of remuneration policies and practices	The Committee provided input on the achievement of the performance targets associated with the incentives plans and verified the other conditions required for the payment of the remuneration, also using the information provided by the relevant corporate functions and without prejudice to the assessments by the Risks and Sustainability Committee and the Management Control Committee, within the scope of their responsibility. The Committee reviewed: • the Report of the Chief Audit Officer on the findings of the audits on the Group's remuneration policies and practices (Phase I and II); • the outcomes of the assessments of the neutrality of the Remuneration and Incentive Policies with respect to gender and the pay gap and its evolution over time.

For more details on remuneration, see the 2023 and 2024 Reports on Remuneration.

Risks and Sustainability Committee

Members	Enrolment with the Register of Statutory Auditors Practice as an auditor	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Paola Tagliavini - Chair	X	X	100%
Franco Ceruti			100%
Bruno Maria Parigi		X	100%
Bruno Picca	X		100%
Daniele Zamboni	X	X	100%

In 2023, the Committee met 46 times, with an average meeting duration of about 4 hours and 40 minutes.

R. 32 c) R. 35

The Risks and Sustainability Committee supports the Board of Directors with proposals, advice and fact finding, and issues opinions where required by the applicable regulations. It focuses in particular on activities instrumental to the Board's accurate and effective determination of the Risk Appetite Framework (RAF) and risk governance policies, as well as other risk-related determinations reserved to it by the applicable law.

R. 35 par. 2

R. 37 par. 2

Committee members have the knowledge, skills and experience necessary to be able to fully understand and monitor the Bank's risk strategies and guidelines, including with respect to sustainability. The presence of a common member between the Risks and Sustainability Committee and the Remuneration Committee ensures adequate interaction with the issues relating to remuneration and incentive policies. One member of the Management Control Committee, appointed on a rotating basis by the Committee itself, takes part in the Committee meetings, without voting rights, to ensure coordination in the performance of their respective duties and functions.

The Committee supports the Board in exercising strategic supervisory functions in the areas of:

business model, strategic guidelines and risk appetite;
corporate governance and the organisational structure of the Bank and the Group;
internal control system, with qualified involvement in the process of appointing the heads of control functions; R. 35 e) f) R. 35 d)
risk governance and management;

Proposals based

Remuneration and incentive systems for Top Risk Takers - Selection of an external The Committee, also in its capacity as Committee for Transactions with Related Parties, made proposals to the Board on the 2023 Incentive System for the Group's Top Risk Takers and was involved – to the extent of its remit – in the areas pertaining to the management profiles of Top

The Committee, with the support of the Chief Operating Officer Governance Area, renewed the annual appointment of its external consultant to provide support

The Committee supported the Board in defining the scope of Risk Takers both at Group level and at the level of Intesa Sanpaolo as a Legal Entity, in accordance with the relevant

The Committee provided input on the achievement of the performance targets associated with the incentives plans and verified the other conditions required for the payment of the remuneration, also using the information provided by the relevant corporate functions and without prejudice to the assessments by the Risks and Sustainability Committee and the Management Control Committee,

• the Report of the Chief Audit Officer on the findings of the audits on the Group's remuneration policies and

• the outcomes of the assessments of the neutrality of the Remuneration and Incentive Policies with respect to gender and the pay gap and its evolution over time.

Independent pursuant to the applicable regulations and the Articles of Association

Attendance percentage at meetings

on certain issues within the Committee's remit.

within the scope of their responsibility.

practices (Phase I and II);

The Committee reviewed:

Risk Takers.

Guidelines.

consultant

Key personnel
Verification of achievement of performance targets
Verification of

and practices

remuneration policies

For more details on remuneration, see the 2023 and 2024 Reports on Remuneration.

Register of Statutory

Practice as an auditor

In 2023, the Committee met 46 times, with an average meeting duration of about 4 hours and 40 minutes.

Auditors

Paola Tagliavini - Chair X X 100% Franco Ceruti 100% Bruno Maria Parigi X 100% Bruno Picca X 100% Daniele Zamboni X X 100%

Members Enrolment with the

Risks and Sustainability Committee

it by the applicable law.

R. 32 c) R. 35

identification process

approved by the Shareholders' Meeting

Support in identifying staff who have an impact on the Group's risk profile

Verification of the proper implementation of remuneration

rules

on the remuneration policies

sustainability (ESG), which pertains to the corporate responsibility model and includes environmental, social and cultural issues; R. 35 c)
information systems and business continuity;
control of Most Significant Transactions, subject to prior review by the Risk Management function.

The Committee also acts as "US Risks Committee" in accordance with the provisions of Section 165 of the Dodd-Frank Act and the tighter supervisory standards for foreign banks operating in the United States issued by the Federal Reserve.

The Chair of the Risks and Sustainability Committee reports at each Board meeting on the Committee's activity and main findings, through specific reports and via a summary. R. 35 h)

Areas of activity	Key themes	Summary of the main activities carried out
Business model, strategic guidelines	- Budget - Business Plan monitoring - Evolution of the macroeconomic context	The Committee reviewed the 2023 Budget, including the Capital Plan and the Funding Plan. On a half-yearly basis, it also monitored: - the progress of the strategic initiatives of the Business Plan, with a focus on Capital Budget and ESG KPIs; - the Risk Assessment by Corporate Control Functions on the Plan's macro-initiatives, with a focus on potential risks and related mitigation actions. In this context, the Committee paid particular attention to the strategic risk arising from digitalisation and introduction of Artificial Intelligence systems. The Committee also received quarterly updates on the evolution of: - the macroeconomic context, to assess its consistency with the risk parameters used in defining the valuation models, the prudence and the continuing soundness of the revenue targets in the Business Plan, even in adverse contexts; - the Funding Plan. The Committee monitored the developments of the crisis in Ukraine and shared the Bank's planned activities with regard to minimising risk exposures to Russia, also in compliance with the ECB's recommendations.
Internal control system	- Reports and Tableau de Bord of the Corporate Control Functions - Responses to the Supervisory Authorities - Evolution of internal regulations	In order to verify the consistency of the internal control system with the strategic guidelines and risk appetite, the Risks and Sustainability Committee reviewed, on a half yearly basis, the Reports and information from the Tableau de Bord and Integrated Tableau de Bord of the Corporate Control Functions, which summarise the main issues requiring attention within the Group, as well as the actions taken to resolve them, monitoring their timely and effective implementation. The Committee also reviewed draft responses to the Authorities and the proposals to issue and/or update first

Below are the main issues reviewed and discussed in 2023:

		level internal regulations on risks, making the appropriate recommendations.
Risk governance and management	- Defining and monitoring the RAF - Development of loan portfolio - Financial and market risk trends - ICAAP/ILAAP - Updating the status of internal models - Model Change Applications	The Committee reviewed the 2023 RAF, as well as the internal assessment process of the current and future capital and liquidity position adequacy (ICAAP/ILAAP 2023). On a quarterly basis, the Risks and Sustainability Committee monitored: - compliance with RAF limits; - development of the loan portfolio; - trends in the exposure to market and financial risks. In addition, the Committee received regular updates on the evolution of the Sector Framework for credit risk governance and of Active Credit Portfolio Management activities. With reference to internal models, the Risks and Sustainability Committee examined: - the Corporate Control Functions' annual reports on internal risk measurement systems and the annual update of the IRB Regulatory Roadmap; - the half-yearly reports on the status of Pillar I and Pillar II internal models; the Model Change applications, monitoring the - progress of any remedial actions requested.
ESG Themes	- CNFS, PRB and TCFD Reports - Climate Stress Test - ESG/Climate Credit Framework - Diversity, Equity & Inclusion	The Risks and Sustainability Committee reviewed key topics in the area of sustainability, together with the Consolidated Non-Financial Statement, the Principles for Responsible Banking Report and the Task Force on Climate-related Financial Disclosures Report. Each year, the Risks and Sustainability Committee assesses the report on compliance with the gender equality commitments set out in the Diversity, Equity and Inclusion Principles. It also assesses the implementation of the Code of Ethics and the social responsibility principles, as well as the Environmental Head's Report. The Committee also monitors the sustainability performance of the main Product Companies, the Credit Framework in relation to ESG & Climate issues and the methodological framework for measuring Climate Risk for Stress Test purposes.
Information systems and business continuity	- Group Technology Plan - Data Strategy - Digital Attacker - Cyber Security and Business Continuity	Every six-months, the Risks and Sustainability Committee monitored the progress of the Technology Plan – which aims, among other things, to enable new digital and Artificial Intelligence uses – and agreed on the adoption of specific Group Guidelines for its use, in accordance with the Artificial Intelligence Act. The Risks and Sustainability Committee received regular updates on the analysis of risk from potential Digital Attackers and reviewed the Cyber Security and Business Continuity activities, verifying the adequacy of the safeguards in place.

Committee for Transactions with Related Parties

level internal regulations on risks, making the appropriate

The Committee reviewed the 2023 RAF, as well as the internal assessment process of the current and future capital and liquidity position adequacy (ICAAP/ILAAP

On a quarterly basis, the Risks and Sustainability

trends in the exposure to market and financial risks. In addition, the Committee received regular updates on the evolution of the Sector Framework for credit risk governance and of Active Credit Portfolio Management

With reference to internal models, the Risks and

the Corporate Control Functions' annual reports on internal risk measurement systems and the annual
the half-yearly reports on the status of Pillar I and
the Model Change applications, monitoring the progress of any remedial actions requested.

The Risks and Sustainability Committee reviewed key topics in the area of sustainability, together with the Consolidated Non-Financial Statement, the Principles for Responsible Banking Report and the Task Force on

Each year, the Risks and Sustainability Committee assesses the report on compliance with the gender equality commitments set out in the Diversity, Equity and Inclusion Principles. It also assesses the implementation of the Code of Ethics and the social responsibility principles, as well as the Environmental Head's Report. The Committee also monitors the sustainability performance of the main Product Companies, the Credit Framework in relation to ESG & Climate issues and the methodological framework for measuring Climate Risk for

Every six-months, the Risks and Sustainability Committee monitored the progress of the Technology Plan – which aims, among other things, to enable new digital and Artificial Intelligence uses – and agreed on the adoption of specific Group Guidelines for its use, in accordance with

The Risks and Sustainability Committee received regular updates on the analysis of risk from potential Digital Attackers and reviewed the Cyber Security and Business Continuity activities, verifying the adequacy of the

update of the IRB Regulatory Roadmap;

Climate-related Financial Disclosures Report.

recommendations.

Committee monitored:

compliance with RAF limits; - development of the loan portfolio;

Sustainability Committee examined:

Pillar II internal models;

Stress Test purposes.

the Artificial Intelligence Act.

safeguards in place.

2023).

activities.

Risk

governance and management

Information systems and business continuity

Defining and monitoring
Financial and market risk
Updating the status of internal models - Model Change Applications
Development of loan

the RAF

portfolio

trends - ICAAP/ILAAP

ESG Themes - CNFS, PRB and TCFD Reports

Climate Stress Test - ESG/Climate Credit Framework - Diversity, Equity & Inclusion

Group Technology Plan
Data Strategy - Digital Attacker - Cyber Security and Business Continuity

Members	Enrolment with the Register of Statutory Auditors Practice as an auditor	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Daniele Zamboni – Chair	X	X	100%
Liana Logiurato		X	100%
Maria Mazzarella		X	100%
Maria Alessandra Stefanelli*		X	83%
Paola Tagliavini	X	X	100%

In 2023, the Committee met 12 times, with an average meeting duration of about 1 hour.

* Maria Alessandra Stefanelli did not attend the meetings of 28 March and 22 May 2023 because of a situation of interest concerning the only transaction on the agenda of the aforementioned two meetings of the Committee.

The Committee performs the duties and functions assigned to it by the RPT Procedures, in accordance with the provisions of the Consob Regulation on Related Parties, the Bank of Italy regulations and Article 136 of the Consolidated Law on Banking.

The Committee issues its prior opinions to the Board of Directors on the transactions that fall within the scope of the above Procedures, in the cases and in the manner provided for therein, in order to assess:

the Company's interests in carrying out the transaction;
the economic interest and material correctness of the related terms and conditions.

In discharging its duties, the Committee complies with the guidelines issued by the competent Supervisory Authorities.

Areas of activity	Summary of the main activities carried out
Review of transactions with related parties	As a result of its review of the transactions submitted to it, the Committee issued 18 favourable, reasoned and non-binding opinions, of which 8 on the granting of loans, 7 on equity transactions, 2 on securitisation transactions and 1 on a charitable transaction.
Disclosure of transactions	On a quarterly basis, the Committee reviewed reports on transactions, submitted by the Parent Company Divisions/Departments and by the Subsidiaries, in line with the provisions of the RPT Procedures. It also noted the reports on transactions for which a Director or Key Manager declared a situation of interest on his/her own behalf or on behalf of a third party.

In 2023 the following activities were carried out:

Information flows between and to Corporate Bodies

Effective information flows between and within the Corporate Bodies are an essential element of Intesa Sanpaolo's organisation and corporate governance. They enable the smooth fulfilment of the functions of the Board of Directors, the Board Committees and the Management Control Committee, and of the obligations imposed by the applicable regulations, as well as effective interaction with the Corporate Structures, including Control ones.

In this regard, the Articles of Association and the Regulations of the Board and the Committees contain provisions aimed at achieving these objectives, as well as more effective coordination and full discussion between the Bodies. Specifically, the Board Regulations include, as an integral part thereof, a specific "Document on information flows" that summarises the required information flows between the Board, the Management Control Committee, other Committees and the Managing Director.

Information can be circulated periodically at pre-established deadlines or as needed in the case of events subject to reporting obligations. These flows are a key condition for fully achieving the targets of efficient management and effective controls.

The system in place for the exchange of information between the Board as a whole, the Managing Director, the Management Control Committee and the other Committees, is appropriate, in terms of frequency and content, to ensure close and fast coordination of the functions of said Bodies, while ensuring the clear separation of their respective tasks.

Processing of corporate information

Inside information and Insiders List

In line with the rules on the prevention of market abuse set out in Regulation (EU) 596 of 16 April 2014 (the "MAR Regulation") and the related European and national implementing provisions, the Bank has adopted the "Group Procedures for the management of the inside information of Intesa Sanpaolo" and the associated Process Guide; together, they govern the management of inside information regarding Intesa Sanpaolo and the Group Companies.

The Procedures are aimed at ensuring fair, efficient, prompt and transparent reporting by the Group Companies issuing financial instruments traded on regulated markets, multilateral trading systems and organised markets.

The organisational safeguards put in place to implement the applicable regulations govern the circulation of information that could have a significant effect on the prices of the financial instruments issued by Group Companies and include information monitoring and segregation measures that normally precede the entry of a record in the Insider List.

The Procedures designate the Managing Director and CEO, the Chair of the Board of Directors and other specified Group employees and structures as the persons authorised to issue disclosures to the market regarding inside information on the Bank and the Group.

Internal Dealing

In line with EU rules on market abuse, Intesa Sanpaolo has adopted an Internal Dealing Regulation governing the disclosure obligations and operating restrictions applicable to the Board Members and to the Bank's key managers and the people closely associated with them, in relation to the execution of transactions involving the Bank's listed financial instruments (or other associated instruments).

The Regulation also governs the disclosure obligations of a party, or a person closely associated with that party, that comes to hold shares worth at least 10% of the Bank's share capital, or control of the same.

R. 1 f)

P. XX R. 11

Any transactions carried out by said parties are disclosed, including through the Bank's website, where the above Regulation can also be found.

Remuneration

Information flows between and to Corporate Bodies

Structures, including Control ones.

P. XX R. 11

R. 1 f)

efficient management and effective controls.

ensuring the clear separation of their respective tasks.

Processing of corporate information

Intesa Sanpaolo and the Group Companies.

the entry of a record in the Insider List.

market regarding inside information on the Bank and the Group.

Inside information and Insiders List

organised markets.

Internal Dealing

same.

The Procedures designate the Managing Director and CEO, the Chair of the Board of Directors and other specified Group employees and structures as the persons authorised to issue disclosures to the

transactions involving the Bank's listed financial instruments (or other associated instruments).

the Management Control Committee, other Committees and the Managing Director.

For the detailed mandatory information on the Remuneration of Directors and Key Managers1 and on the indemnities in the event of early termination of office or termination of employment agreement, see the Report on remuneration policy and compensation paid which is published by the Company as required by law and includes the Group Remuneration Policy, pursuant to Article 123-ter of the Consolidated Law on Finance, Article 84-quater of the Issuers' Regulation and the Supervisory Provisions on remuneration. In compliance with the Provisions issued by the Banking Supervisory Authority, the Group Remuneration Policy also includes the Rules for identifying risk takers.

Full compliance is ensured with the binding regulatory provisions for banks and with the Principles and Recommendations of the Italian Corporate Governance Code.

Furthermore, at Intesa Sanpaolo the remuneration policy for Directors and Key Managers contributes to the pursuit of the Company's sustainable success and takes into account the need to have, retain and motivate people with the competence and professional skills required to successfully perform their role.

The remuneration of Non-executive Directors is set as a fixed amount at the time of their appointment and is proportionate to the competence, professional skills and commitment required by the duties entrusted to each of them within the Board also taking into account that they may be members of one or more Committees, and avoiding incentive schemes in line with the Supervisory Provisions. The remuneration for attending Board Committees includes a fixed annual amount for the Chairs of the Committees, plus an attendance fee for Committee members for each meeting actually attended.

The remuneration of the members of the Management Control Committee is set by the Shareholders' Meeting at the time of their appointment and for the entire term of their office, proportionate to the competence, professional skills and commitment required. This specific remuneration consists exclusively of a fixed amount, which is equal for each Member and higher for the Chair.

The Remuneration policy for the Managing Director and CEO and the Key Managers is established by the Board of Directors, with the support of the Remuneration Committee. The policy, which complies with the Supervisory Provisions and the principles and recommendations of the Italian Corporate Governance Code, establishes, among other things:

a correct balance between the fixed and variable components of the remuneration, consistent with the strategic objectives and risk management policy, providing that the variable component makes up a significant proportion of the overall remuneration;
specific performance targets, including non-financial ones, linked to the payment of the variable components, which are predetermined, measurable and relating to a significant extent to the medium-long term horizon. Said targets are consistent with the company's strategic objectives, aim to promote its sustainable success and are adjusted for the risks taken;
caps on the payment of the variable component2;
an appropriate deferral period for the payment of a portion of the variable component;
the payment of a portion of the variable remuneration in financial instruments subject to post-vesting holding periods (retention);

P. XV

¹ This category also includes top management pursuant to the Italian Corporate Governance Code.

² The Intesa Sanpaolo Group set the cap on variable remuneration, in general, at 100% of fixed remuneration, except for Corporate Control Function roles and similar roles (i.e. the Manager responsible for preparing the Company's financial reports and the Head of the Group Administrative Governance and Control Structure) and the Group Human Resources Function, who have a cap of 33% of fixed remuneration. The cap has been raised for some specific categories of staff, including the Managing Director and CEO and the Key Managers, in compliance with the provisions and procedures laid down in applicable regulations, as described in detail in the Report on remuneration policy and compensation paid.

clawback and malus mechanisms; as well as
clear and predetermined rules for possible severance indemnities.

The share-based remuneration and incentive plans (both short and long term) for the Managing Director and CEO and the Key Managers are aligned with the interests of the shareholders over a medium/longterm horizon, and include appropriate vesting and retention periods, in line with the applicable regulations.

For the heads of the Corporate Control Functions, as defined by the Supervisory Provisions on the control system, the incentive schemes are consistent with the tasks assigned and independent of the results achieved by the areas subject to their control.

The Articles of Association, in accordance with applicable regulations, require the approval of the Bank's Ordinary Shareholders' Meeting for:

the remuneration policies for members of the Board of Directors and for personnel;
plans based on financial instruments;
the criteria for determining severance payments for early termination of employment or early cessation of office, including the caps on such payments in accordance with current regulations;
the proposal, if any, by the Board of Directors to set a limit on the ratio of the variable to the fixed components of remuneration for individual employees of more than 1:1 but not exceeding the maximum limit established by regulations.

R. 31 R. 28

Operating structure

clawback and malus mechanisms; as well as

results achieved by the areas subject to their control.

maximum limit established by regulations.

Ordinary Shareholders' Meeting for:

• plans based on financial instruments;

regulations.

R. 31 R. 28 - clear and predetermined rules for possible severance indemnities.

For the heads of the Corporate Control Functions, as defined by the Supervisory Provisions on the control system, the incentive schemes are consistent with the tasks assigned and independent of the

The Articles of Association, in accordance with applicable regulations, require the approval of the Bank's

• the criteria for determining severance payments for early termination of employment or early cessation of office, including the caps on such payments in accordance with current regulations; • the proposal, if any, by the Board of Directors to set a limit on the ratio of the variable to the fixed components of remuneration for individual employees of more than 1:1 but not exceeding the

• the remuneration policies for members of the Board of Directors and for personnel;

Divisions, Governance Areas and Head Office Structures reporting directly to the Managing Director and CEO

To maximise organisational focus on the individual business areas and the specialisation of operating and business processes and to ensure the necessary overall coherence of Group governance, the Parent Company is divided into six Divisions – each consisting of groups of business lines with similar characteristics in terms of products and services provided and regulatory framework – Head Office Departments and Staff Units, most of which are grouped into Governance Areas reporting directly to the Managing Director and CEO.

Said functions are set out below:

Banca dei Territori Division
IMI Corporate & Investment Banking Division
International Subsidiary Banks Division
Private Banking Division
Asset Management Division
Insurance Division
Chief Operating Officer Governance Area
Chief Data, A.I., Innovation and Technology Officer Governance Area
Chief Cost Management Officer Governance Area
Chief Lending Officer Governance Area
Chief Financial Officer Governance Area
Chief Risk Officer Governance Area
Chief Compliance Officer Governance Area
Chief Governance Officer Governance Area
Chief Institutional Affairs and External Communication Officer Governance Area
Strategic Initiatives and Social Impact Head Office Department.

In addition to the aforesaid functions, the Chief Audit Officer reports directly to the Board of Directors to ensure his/her necessary autonomy and independence.

The Heads of the Organisational Structures of the Divisions, of the Governance Areas, of the Head Office Department reporting directly to the Managing Director and CEO, and the Heads of Group companies, are tasked with achieving the objectives set for their respective areas within the framework of the general policies and guidelines, also through the optimum use of the human and technical resources assigned to each.

For additional information on Intesa Sanpaolo's organisational structure, see the Bank's website ("Intesa Sanpaolo Group" / "About us", "Organisational structure and Top Management" pages).

All the Bank Structures operate on the basis of specific Regulations establishing the scope of their powers and responsibilities, which are disseminated throughout the Bank, together with the operating procedures that govern how all the Bank's various processes are to be performed. All the main decisionmaking and implementing processes concerning Bank operations are codified and can be monitored and viewed by the entire Structure.

Group Managerial Committees

As part of the mechanisms put in place to guarantee effective management of the operational matters relevant to the entire Group, monitor the Group's risk profile effectively, and ensure an appropriate level of internal communication and discussion, special Managerial Committees are established within the Bank, composed of Executives of the Bank and Top Managers of the Group companies.

The Articles of Association assign to the Board of Directors the task of establishing and determining the composition, duties and powers of each of the Committees.

During 2023, the following Committees operated on the basis of their own organisational and operating Regulations approved by the Board:

✓ assists the Managing Director and CEO;
✓ collaborates with the Managing Director and CEO in the preparation of the Business Plan and in the implementation of the main managerial initiatives;
✓ strengthens the coordination and the cooperation mechanisms between the various business, governance and control areas of the Bank and the Group, with a view to sharing the main corporate choices;
✓ contributes to ensuring coordination and integrated management of risks and the safeguarding of the corporate value at Group level, including the correct functioning of the internal control system;
✓ approves the proposed adjustment plans needed to provide guidance in the solution of any main issues identified by the Supervisory Authority, monitoring their level of implementation and the adequacy of the relevant investments.

To this end, the Committee operates both through Plenary Sessions (where the Managing Director considers it useful to involve the entire top management on major issues), and through specific separate thematic sessions (Business Plan and Sustainability (ESG), Shareholdings, Investments, Group Risks Analysis, Credit Strategies, Recovery & Resolution Plan, Supervisory Remediation Plans).

GROUP FINANCIAL RISKS COMMITTEE: a technical body with decision-making, advisory and reporting powers, focused both on the banking business (market risk, financial risks for banking books, liquidity risk, financial risks for client investments, control and monitoring of the business models as well as Active Value Management) and the life and non-life insurance business (exposure of results to the trend in market and technical variables), including for both types of business the assessment criteria for financial instruments.

GROUP CONTROL COORDINATION AND NON-FINANCIAL RISKS COMMITTEE: a technical body operating in line with the guidelines set by the Board and on the basis of the operational and functional powers delegated to it by the Board itself, with the aim of strengthening coordination and cross-functional cooperation mechanisms:

o with regard to the Group internal control system, facilitating the integration of the risk management process;
o in relation to non-financial and reputational risks, supporting their effective management.

GROUP CREDIT COMMITTEE: a technical body, organised in a Performing Loans Session and a Non-Performing Loans Session, with decisionmaking and advisory powers, that is tasked with ensuring the coordinated management of issues relating to credit risk, making decisions on credit facilities and adjustments/write-offs to the extent of its assigned powers, and issuing "compliance opinions" on proposed resolutions on credit granting submitted by subsidiaries.

HOLD TO COLLECT AND SELL (HTCS) SIGN-OFF COMMITTEE: a technical body with qualified competence concerning the market risk-taking proposals made by the business structures of the Parent Company or the subsidiaries, on the HTCS shares envisaged for Originate to Share ("OtS") transactions. These transactions consist of loans originated in order to be distributed to third-party operators on the primary or post-primary market and which, at origination, have a variable holding period depending on the rating class of the counterparty and the type of product.

CREDIT RISK AND PILLAR 2 INTERNAL MODELS COMMITTEE: a technical body with decisionmaking, advisory and reporting powers, which assesses the issues relating to the relevant models and supports the Managing Director in performing the associated duties. Its scope of operation includes i) internal credit risk measurement and management models and ii) internal models relating to Pillar 2 risks (excluding Pillar 2 models for the measurement and quantification of Banking Book financial risks, which fall under the responsibility of the Group Financial Risks Committee, and Pillar 2 models for the measurement and quantification of operational and reputational risks, which are within the scope of the Group Control Coordination and Non-Financial Risks Committee).

R. 8

Diversity and inclusion policy

STEERING COMMITTEE: a managerial body with decision-making, advisory and reporting powers – chaired by the Managing Director and CEO and composed of the Bank's first management line – where the Managing Director and his/her direct reports discuss and share decisions/processes of particular relevance to the company's management; in this context, the Committee: ✓ assists the Managing Director and CEO; ✓ collaborates with the Managing Director and CEO in the preparation of the Business Plan and in the implementation of the main operating in line with the guidelines set by the Board and on the basis of the operational and functional powers delegated to it by the Board itself, with the aim of strengthening coordination and cross-functional cooperation mechanisms: o with regard to the Group internal control system, facilitating the integration of the risk

o in relation to non-financial and reputational risks, supporting their effective management.

management process;

granting submitted by subsidiaries.

counterparty and the type of product.

Committee).

✓ strengthens the coordination and the cooperation mechanisms between the various business, governance and control areas of the Bank and the Group, with a view to sharing the

✓ contributes to ensuring coordination and integrated management of risks and the safeguarding of the corporate value at Group level, including the correct functioning of the

✓ approves the proposed adjustment plans needed to provide guidance in the solution of any main issues identified by the Supervisory Authority, monitoring their level of implementation and the adequacy of the

GROUP CONTROL COORDINATION AND NON-FINANCIAL RISKS COMMITTEE: a technical body

managerial initiatives;

main corporate choices;

internal control system;

relevant investments.

Supervisory Remediation Plans).

financial instruments.

Intesa Sanpaolo has adopted Principles on Diversity, Equity & Inclusion in order to translate into practice its commitment to implementing and disseminating, within and outside the Group, an inclusion policy that embraces all forms of diversity (gender, gender identity and/or expression, romantic and sexual orientation, marital status and family situation, age, ethnicity, religious belief, political and trade union membership, social and economic status, nationality, language, cultural background, physical and mental condition, physical appearance or any other personal characteristic, including those related to the expression of thought).

The document complements the Group's Code of Ethics and Internal Code of Conduct, building on the message concerning the Group's core values and contributing to implement the provisions on Diversity and Inclusion laid down in the Business Plan.

The Principles set out in the document apply to all Intesa Sanpaolo Group people in their dealings with internal and external stakeholders and to the members of the management and control corporate Bodies. All persons who cooperate with Intesa Sanpaolo but are not employees (e.g. non-employee financial agents/advisors, suppliers and subcontractors) are also required to comply with the Principles.

The principles underpinning the inclusion policy are: (i) respect for all individuals in the expression of their identity and diversity, (ii) promotion of each person's talents, (iii) meritocracy and (iv) equal opportunities.

Specifically, Intesa Sanpaolo has a strong focus on gender equality, with precise commitments to promote gender-balanced career opportunities, encourage greater presence of women at all levels of the hierarchy and contrast the gender pay gap.

The Group's recruitment practices are also characterised by the promotion of gender balance and all dimensions of diversity, including multicultural elements.

The Chief Operating Officer (i) identifies the DE&I objectives and defines the strategy to achieve them, (ii) periodically adjusts and communicates the benchmarks on gender equality commitments for the Divisions/Governance Areas, (iii) reports annually to the Parent Company's Board of Directors and the Risks and Sustainability Committee on the results achieved.

The DE&I Head (i) proposes DE&I goals and guidelines to the Chief Operating Officer, (ii) promotes and coordinates the implementation of the goals and guidelines through projects and work plans within the Group, (iii) monitors the Group's progress with regard to DE&I, and (iv) acts as a representative both internally and externally to promote the benefits of the inclusive policy.

More broadly, Intesa Sanpaolo has received a number of international recognitions for its commitment to Diversity & Inclusion.

Intesa Sanpaolo is the first bank in Europe and the only Italian bank among the 100 most inclusive and diversity-conscious workplaces, according to the Refinitiv Global Diversity and Inclusion Index 2023, an international index that ranks over 15,000 listed companies globally.

During 2023, Intesa Sanpaolo also successfully passed the follow-up audit of the Gender Equality European & International Standard (GEEIS-Diversity), an international certification devised by the Arborus Association and issued through the certifying body Bureau Veritas, aimed at assessing organisations' commitment to diversity and inclusion. Intesa Sanpaolo was the first Italian bank and one of the first European banks to achieve certification in 2021, and during the past year it confirmed its commitment to enhancing all dimensions of diversity.

As a sign of its commitment to inclusion, in 2023 Intesa Sanpaolo also passed the planned audit to retain its gender equality certification, according to the criteria established by the National Recovery and Resilience Plan (NRRP) in Mission 5 "Inclusion and Cohesion".

Furthermore, the Group's policy envisages actions to promote the value of inclusion also externally, in the socio-economic context and the communities in which the Group operates.

Part III - Control and risk management system

P. XVIII P. XIX P. XX

Main characteristics

In accordance with the Supervisory Provisions on the control system, the Company has adopted the "Integrated Internal Control System Regulation", which sets out the guidelines for the internal control system of Intesa Sanpaolo, in its capacity as Bank and Parent Company of the Banking Group. The Regulation implements the reference principles and establishes the responsibilities of the Bodies and functions with control duties, which contribute, within their respective remits, to the proper functioning of the internal control system. The Regulation also establishes the coordination arrangements and information flows supporting the system's integration.

The document establishes the reference framework of the Intesa Sanpaolo Group's internal control system, which includes the principles and rules on controls that must be reflected and incorporated in the Group's internal regulations with reference to specific areas of prudential supervision.

The Group companies have implemented the Regulation and – where applicable – adopted a corresponding internal regulation setting out the guidelines of their respective internal control system.

The internal control system is built around a set of rules, functions, structures, resources, processes and procedures aimed at ensuring, in compliance with sound and prudent management, the achievement of the following objectives:

verification of the implementation of company strategies and policies;
containment of risks within the limits set out in the reference framework for determining the Bank's risk appetite (Risk Appetite Framework);
safeguard of asset value and protection from losses;
effectiveness and efficiency of corporate processes;
reliability and security of corporate information and IT procedures;
prevention of the risk that the Bank may be involved, even unbeknownst to it, in illegal activities (especially those linked to money laundering, usury and terrorist financing);
compliance of business operations with the law and supervisory regulations, as well as internal policies, procedures and regulations.

The internal control system plays a crucial role and involves the entire corporate organisation (Bodies, structures, hierarchical levels, all personnel).

In line with laws, Supervisory regulations and the recommendations of the Corporate Governance Code, the internal control system put in place by the Bank is suitable for continuously identifying, measuring, managing and monitoring the typical risks of its business activity and of the Group companies' activities. The system involves the Corporate Bodies, Managerial Committees, special internal control functions, the Surveillance Body and the Manager responsible for preparing the Company's financial reports. The independent auditors also contribute to the control system.

In compliance with the guidelines issued by the Corporate Bodies, the internal control system has been designed so as to constantly identify, manage and monitor business-related risks. The system is built on, among others, the Supervisory Provisions on the control system, on corporate governance and on investment services and activities, and takes into account the developments in international best practices.

The internal control system consists of three levels, in line with the legal and regulatory provisions in force.

The first level consists of line controls, which are designed to ensure the proper conduct of operations and where possible, are incorporated into IT procedures. They are carried out by the same operating and business structures ("Level I control functions"), including through units dedicated solely to control duties reporting to the heads of the same structures or performed as part of the back office.
The second level consists of the risks and compliance controls, which are intended to ensure, among other things:
- o correct implementation of the risk management process;
- o compliance with the operating limits assigned to the various functions;
- o compliance of business operations with the rules, including those on self-regulation.

The functions responsible for these controls ("Level II control functions") are separate from operating functions and contribute to defining the risk governance policies and risk management process. In

R. 32 a) b) c) d) e) f)

R. 32 e)

the Intesa Sanpaolo Group, Level II functions are carried out by the following Parent Company structures and the corresponding structures in the Group companies, where existing:

Chief Compliance Officer Governance Area, to which the Anti Financial Crime Head Office Department also reports;
Chief Risk Officer Governance Area, to which the Internal Validation & Controls Coordination Area reports.

In accordance with the Supervisory Provisions, which require that said functions should be independent from operating structures and separate from internal auditing, the Heads of the Chief Risk Officer Governance Area and the Chief Compliance Officer Governance Area report directly to the Managing Director and CEO and, as required by the legislation, have direct access to the Corporate Bodies, to which they report, without restrictions or intermediation, on the findings from the monitoring activities carried out.

As specialised forms of compliance risk supervision, specialist functions have also been identified for specific regulatory areas, based on their expertise, organisational characteristics and activities.

The third level consists of internal audit controls, aimed at identifying violations of procedures and regulations, as well as periodically assessing the completeness, adequacy, functionality (in terms of efficiency and effectiveness) and reliability of the internal control system and information system (ICT audit) at Group level. The frequency of these controls is scheduled according to the nature and extent of the risks. R. 32 d)

Internal auditing is carried out by the Parent Company's Chief Audit Officer and by the equivalent local units of Group companies, where established.

In line with the Supervisory Provisions, the Chief Audit Officer reports directly to the Board of Directors and functionally to the Management Control Committee.
The internal control system has a comprehensive set of information flows with the Corporate Bodies, the various structures concerned and the Group companies to enable full and effective control of risk factors. P. XX

As mentioned, the "Integrated Internal Control System Regulation" of Intesa Sanpaolo also establishes specifically the procedures for coordination and collaboration between the Functions having control duties, to ensure the control system is effectively integrated and all corporate risks are appropriately controlled.

The single elements of the internal control system are monitored by the Control Functions themselves, within the scope of their respective competence and within Group Control Coordination and Non-Financial Risks Managerial Committee, in the Integrated Internal Control System session. The aim of this session is to strengthen coordination and cross-functional cooperation mechanisms on the internal control system and to aid the integration of the risk management process.

To this end, the Control Functions put in place appropriate coordination and collaboration mechanisms, based on specific "integration parameters", applied across the phases of the risk management process:

building a common language;
adopting detection and assessment methods and instruments;
designing risk reporting templates;
holding official coordination sessions for activity planning;
ensuring continuous information flows;
sharing the identification of remedial actions;
building a risk culture.
P. XIX R. 33 a)

R. 35 f) R. 36

In this context, the adequacy of the system's key elements is assessed on an ongoing basis by the Corporate Bodies, and is taken into consideration, respectively, in the report on operations attached to the financial statements, in this Report and in the Report pursuant to Article 153 of the Consolidated Law on Finance.

To strengthen further the internal control system and in compliance with the regulations issued by the Bank of Italy and the Italian Legislative Decree No. 24/2023, the "Group rules on the internal system for reporting violations (whistleblowing)" have been established to report facts or conduct that may infringe European and Italian regulations, which harm the public interest or the integrity of Intesa Sanpaolo and

the Group Companies, knowledge of which is acquired in the work environment or as a result of a legaleconomic relationship existing with the Group.

The reporting system ensures the confidentiality of the whistle-blower and the individuals involved in various capacities and mentioned in the report, protecting them from possible retaliatory or discriminatory behaviours.

After the above overview, the main elements of the internal control system are described below, including the structure of financial information controls (comprising the duties of the Manager responsible for preparing the Company's financial reports, the financial information control system and the independent audit), the role performed by the Corporate Control Functions as defined in the Supervisory Provisions (risk control, regulatory compliance, internal auditing, anti-money laundering and validation) and crime prevention models.

The role of the Corporate Bodies

the Intesa Sanpaolo Group, Level II functions are carried out by the following Parent Company

Chief Compliance Officer Governance Area, to which the Anti Financial Crime Head Office
Chief Risk Officer Governance Area, to which the Internal Validation & Controls Coordination

Internal auditing is carried out by the Parent Company's Chief Audit Officer and by the equivalent

In line with the Supervisory Provisions, the Chief Audit Officer reports directly to the Board of

The internal control system has a comprehensive set of information flows with the Corporate Bodies, the various structures concerned and the Group companies to enable full and effective control of risk

In this context, the adequacy of the system's key elements is assessed on an ongoing basis by the Corporate Bodies, and is taken into consideration, respectively, in the report on operations attached to the financial statements, in this Report and in the Report pursuant to Article 153 of the Consolidated

To strengthen further the internal control system and in compliance with the regulations issued by the Bank of Italy and the Italian Legislative Decree No. 24/2023, the "Group rules on the internal system for reporting violations (whistleblowing)" have been established to report facts or conduct that may infringe European and Italian regulations, which harm the public interest or the integrity of Intesa Sanpaolo and

The third level consists of internal audit controls, aimed at identifying violations of procedures and regulations, as well as periodically assessing the completeness, adequacy, functionality (in terms of efficiency and effectiveness) and reliability of the internal control system and information system (ICT audit) at Group level. The frequency of these controls is scheduled according to the nature and extent

structures and the corresponding structures in the Group companies, where existing:

Department also reports;

the monitoring activities carried out.

local units of Group companies, where established.

Directors and functionally to the Management Control Committee.

control system and to aid the integration of the risk management process.

• adopting detection and assessment methods and instruments;

• holding official coordination sessions for activity planning;

Area reports.

of the risks.

factors.

R. 32 d)

R. 35 f) R. 36

P. XX

P. XIX R. 33 a) controlled.

• building a common language;

• building a risk culture.

Law on Finance.

• designing risk reporting templates;

• ensuring continuous information flows; • sharing the identification of remedial actions; The task of ensuring the completeness, adequacy, functionality and reliability of the internal control system at Group level is entrusted to the Corporate Bodies, in compliance with the Supervisory Provisions on the control system and the Supervisory Provisions on corporate governance.

Specifically, in order to ensure an integrated and consistent internal control system and adequate monitoring of the risks to which the Group is or may be exposed, the Group-level strategic decisions concerning the internal control and risk management system are under the remit of the Board of Directors of Intesa Sanpaolo, as the Parent Company. Thus, the Board plays this role not only with reference to the Parent Company, but also assessing the Group's overall operations and the overall risks to which it is exposed.

The Board, with the support of the Risks and Sustainability Committee and taking into account the proposals of the Managing Director and CEO, is in charge of establishing and approving the overall governance and organisational structure of the Bank and the Group, the guidelines of the internal control system, the risk appetite and the risk governance policies and processes. The Board is also responsible for the guidance and control of the information system (including supervision of IT and security risk analysis) and business continuity, and approves the guidelines for the development and use of Artificial Intelligence systems.

The Board also approves the establishment of the company control functions, outlining their duties and responsibilities, and appoints the Manager responsible for preparing the Company's financial reports and the heads of the Corporate Control Functions (Chief Audit Officer, Chief Risk Officer, Chief Compliance Officer, Head of the Validation Function of internal risk measurement systems, Head of the Anti-Money Laundering Function). The Board also appoints the Head of Suspicious Activity Reporting in line with the anti-money laundering regulation, the Head of the Business Continuity Plan and the Data Protection Officer.

The Board examines the reports prepared, at least annually, by the Corporate Control Functions and approves the annual work plan, including the audit plan and the multi-year audit plan prepared by the head of the internal audit function, after their examination by the Risks and Sustainability Committee and the Management Control Committee.

In addition, the Board evaluates the remarks made by the independent auditor in the letter of recommendations, if any, and in the additional independent audit report, pursuant to Article 11 of Regulation (EU) No 537/2014, after their examination by the Management Control Committee.

In performing its strategic supervision and guidance functions on the internal control system and risk matters, the Board is supported by the Risks and Sustainability Committee. R. 32 c)

However, with regard to financial information, the Management Control Committee has been assigned on an exclusive basis the task of examining and assessing accounting/financial documentation prior to Board decisions by dividing the responsibilities between the two Committees in relation to financial information "according to subject matter", taking into account the control function assigned by law to the Management Control Committee. R. 35 a) b)

P. XIX R. 32 a)

R. 33 a)

R. 33 b) d)

R. 33 c) R. 36 a)

R. 33 f)

R. 33 g)

Indeed, the Management Control Committee, which acts as the statutory Control Body, is tasked with supervising the completeness, adequacy, functionality and reliability of the internal control system and Risk Appetite Framework, as well as the business continuity plan. R. 32 f)

The Committee verifies the effectiveness of all the structures and functions involved in the control system and their proper coordination, and promotes actions to correct any deficiencies or irregularities detected.

The Committee also supervises:

the effectiveness of the control, internal auditing and risk management systems, as well as the adequacy and functionality of the administrative-accounting system – including the related information system – as well as its suitability to give a proper representation of operations;
also in its capacity as Internal Control and Audit Committee pursuant to Italian Legislative Decree No. 39/2010, the financial reporting process, formulating any recommendations or proposals aimed at ensuring its correctness. In this role, it is also tasked with notifying the Board of Directors of the outcome of the independent audit and sending to it the report pursuant to Article 11 of Regulation (EU) No. 537/2014.

To carry out its functions, the Committee receives adequate information flows from the other Corporate Bodies and the corporate functions, including control functions.

Specifically, the Committee receives from the control functions the work plans, the periodic reports, which are prepared at least annually, and information flows on specific situations or company trends, in particular on any significant deficiencies or breaches detected.

The Committee exchanges information of mutual interest and, where appropriate, coordinates with the Risks and Sustainability Committee for the performance of the respective duties, including in relation to acts and disclosures of mutual interest; it also liaises closely with the subsidiaries' control bodies, to contribute to the timely exchange of all relevant information.

The Managing Director and CEO:

has the power to submit proposals for resolutions concerning the internal control and risk system, without prejudice to the power of proposal reserved for individual Directors and Board Committees;
is in charge of implementing all the Board resolutions, in particular implementing the strategic guidelines, the RAF and the risk governance policies defined by the Board;
ensures the integrated management of all corporate risks, assessing the internal and external factors that may give rise to them and their interaction, and takes the measures necessary to make the organisation and the internal control system compliant with the regulatory principles and provisions, continuously monitoring compliance at Bank and Group level;
issues provisions to ensure that the various corporate functions implement the risk management and control process at Bank and Group level, taking care of the set-up and functioning of the structure and operations of the internal risk measurement systems and the ICAAP and ILAAP process, in line with the Supervisory Provisions, the strategic guidelines, the RAF and the risk governance policies defined and approved by the Board;
exercises the responsibilities and functions assigned by the Supervisory provisions to the member responsible for the anti-money laundering also at Group level.

The role of the Managerial Committees

Within the scope of the risk control and management system, a key role is performed by the Managerial Committees operating within the scope of the Bodies' prerogatives and the specific competences of the corporate control functions.

For a description of the Managerial Committees' duties, see the preceding paragraph "Group Managerial Committees" in the "Operating structure" chapter in Part Two.

With reference to the internal control and risk management system, the activities carried out by the following Committees are noted below:

➢ the Group Control Coordination and Non-Financial Risks Committee pursues the goal of reinforcing coordination and cross-functional cooperation mechanisms within the Group internal control system, promoting the integration of the risk management process.

In the context of the Integrated Internal Control System Session, the Committee monitors the implementation and ongoing maintenance of the integrated internal control system.

R. 37 par. 2

R 32 b) R. 34

Within the Operational and Reputational Risk Session, the Committee has the task of issuing prior opinions on Group policies for operational and reputational risk control submitted for approval by the Board of Directors. The Committee is also tasked with overseeing the management of events of significant impact and relevance as well as the Group's overall non-financial risk profile, assessing the mitigation plans (approving them if the RAF early warning thresholds for the monitoring of the internal control system are exceeded) and monitoring the implementation of the mitigation measures identified (possibly based on guidance from the Corporate Bodies and/or the Steering Committee) and approving, on the instructions of the Board of Directors, the operational risk transfer strategies.

• the effectiveness of the control, internal auditing and risk management systems, as well as the adequacy and functionality of the administrative-accounting system – including the related

To carry out its functions, the Committee receives adequate information flows from the other Corporate

has the power to submit proposals for resolutions concerning the internal control and risk system, without prejudice to the power of proposal reserved for individual Directors and Board Committees; - is in charge of implementing all the Board resolutions, in particular implementing the strategic
ensures the integrated management of all corporate risks, assessing the internal and external factors that may give rise to them and their interaction, and takes the measures necessary to make the organisation and the internal control system compliant with the regulatory principles and
issues provisions to ensure that the various corporate functions implement the risk management and control process at Bank and Group level, taking care of the set-up and functioning of the structure and operations of the internal risk measurement systems and the ICAAP and ILAAP process, in line with the Supervisory Provisions, the strategic guidelines, the RAF and the risk
exercises the responsibilities and functions assigned by the Supervisory provisions to the member

For a description of the Managerial Committees' duties, see the preceding paragraph "Group Managerial

With reference to the internal control and risk management system, the activities carried out by the

➢ the Group Control Coordination and Non-Financial Risks Committee pursues the goal of reinforcing coordination and cross-functional cooperation mechanisms within the Group internal control

implementation and ongoing maintenance of the integrated internal control system.

In the context of the Integrated Internal Control System Session, the Committee monitors the

guidelines, the RAF and the risk governance policies defined by the Board;

provisions, continuously monitoring compliance at Bank and Group level;

information system – as well as its suitability to give a proper representation of operations; • also in its capacity as Internal Control and Audit Committee pursuant to Italian Legislative Decree No. 39/2010, the financial reporting process, formulating any recommendations or proposals aimed at ensuring its correctness. In this role, it is also tasked with notifying the Board of Directors of the outcome of the independent audit and sending to it the report pursuant to Article 11 of Regulation

Risk Appetite Framework, as well as the business continuity plan.

Bodies and the corporate functions, including control functions.

particular on any significant deficiencies or breaches detected.

contribute to the timely exchange of all relevant information.

governance policies defined and approved by the Board;

Committees" in the "Operating structure" chapter in Part Two.

system, promoting the integration of the risk management process.

The role of the Managerial Committees

corporate control functions.

following Committees are noted below:

responsible for the anti-money laundering also at Group level.

detected.

R. 32 f)

R. 37 par. 2

R 32 b) R. 34

The Committee also supervises:

(EU) No. 537/2014.

The Managing Director and CEO:

Within the Compliance Risk Session, the Committee examines the results of the periodic compliance risk assessment process and the annual plan of risk management measures; it monitors the evolution of legislation and of the Regulators' expectations and their main impacts on the processes; it examines, assesses and monitors the mitigation plans prepared by the structures in charge of resolution actions in the event of high-impact and high-relevance problems, and it monitors the development of Risk Appetite Framework limits and thresholds.

The Committee Sessions are attended by the Heads of the Corporate Control Functions and by the Manager responsible for preparing the Company's financial reports. Participation in the Committee Sessions by the Manager responsible for preparing the Company's financial reports as a permanent member helps said Manager to discharge his statutory duties and fulfil his/her role under the Company Regulations to supervise the financial reporting process. It also furthers the crossfunctional coordination and integration of control activities in this area;

➢ the Steering Committee contributes to coordination and integrated risk management and to the safeguarding of the corporate value at Group level, including the correct functioning of the internal control system. In particular, the Group Risk Analysis Session is aimed at ensuring risk monitoring and management, in implementation of the strategic guidelines and management policies defined by the Board. This Session has several risk-related responsibilities, including examining the draft Group Risk Appetite Framework and the risks Tableau de Bord; in this Session, the Committee is also informed of the contents of the Group's ICAAP and ILAAP package;
➢ the Group Financial Risks Committee performs its functions through the following structure:
- the Risk Analysis and Valuation Session, responsible for evaluating, ahead of the Board of Directors' approval, the guidelines on undertaking and measuring financial and liquidity risk, and the proposals for operational limits, and responsible, within the scope of its powers, for assigning the related values to the Parent Company, with possible breakdown by Division or operational segment, and to the Group Banks and Companies. The session also verifies absorptions and possible breaches of the limits/early warnings for the risk profiles it monitors, exercising its powers within the escalation processes defined in the relevant company regulations, and monitoring the approved come-back procedures;
- the Management Guidelines and Operating Choices Session, which provides operational guidelines in implementation of the strategic guidelines and risk management policies laid down by the Board of Directors, in respect of management of the banking book, liquidity, interest rate and exchange risk, and periodically verifies the qualitative and quantitative impact of the actions taken and the guidelines provided;
- the ALCO Session Extended, which analyses the performance of loans and funding, in current and prospective terms, together with the expected trend in Risk-Weighted Assets (RWAs) and financial assets (debt securities and loans) measured at Fair Value through Other Comprehensive Income (FVOCI reserves), in order to monitor and assess their impact on the Group's liquidity and capital profiles; the Session also reviews the quarterly reports produced on sector performance indicators.

The control and risk system also includes the Credit Risk and Pillar 2 Internal Models Committee, the Hold To Collect and Sell (HTCS) Sign-Off Committee and the Group Credit Committee.

Corporate Control Functions

The Chief Audit Officer

The Internal Audit Function is carried out by the Chief Audit Officer, who reports directly to the Board of Directors (and, on its behalf, to its Chair), and also reports functionally to the Management Control Committee, while appropriately liaising with the Managing Director and CEO. The Chief Audit Officer does not have any direct responsibilities for the operational areas.

This Function has a structure and a control model in line with the organisational structure of Intesa Sanpaolo and the Group.

R. 32 d) R. 36 par. 1

The Chief Audit Officer - to whom the Internal Audit Structures of the Italian and international companies of the Group functionally report - enjoys the necessary autonomy and independence from the operating structures; the Function has access to all the activities conducted at both the head office departments and the local structures. The Bank's audit function cannot be entrusted to external parties; where third parties are entrusted with relevant services for the operation of the internal control system (e.g. data processing), the Internal Audit Function must have access also to the activities of said parties.

R. 36 a) e)

R. 36 b), c)

The structure performs overall level-III assessment of the internal control system, recommending possible improvements to the Corporate Bodies, in particular as regards the RAF, the risk management process and risk measurement and control tools.

In particular, it assesses the completeness, adequacy, functionality and reliability of the components of the internal control system, the risk management process and the corporate processes, also with regard to their ability to identify and prevent errors and irregularities. In this context, inter alia, it audits the risk and regulatory compliance corporate control functions, also through participation in projects, so as to generate added value and improve the effectiveness of the control and corporate governance processes.

The Internal Audit Function is also responsible for assessing the effectiveness of the RAF definition process, the internal consistency of the overall framework and the compliance of business operations with the RAF. In the context of the RAF, the Chief Audit Officer contributes to the Integrated Risk Assessment conducted by the corporate control functions and by the Manager responsible for preparing the Company's financial reports.

The structure has personnel with the appropriate professional skills and expertise and operates in accordance with best practices and the international standards for the professional practice of internal auditing established by the Institute of Internal Auditors (IIA). The internal auditors conduct their activity in line with the principles laid down in the Internal Auditor's Code of Ethics, which is modelled on that proposed by the Institute of Internal Auditors. As required by the international standards, this Function undergoes an external Quality Assurance Review at least every five years. The latest review was launched at the end of 2021, three years after the previous review, in accordance with the frequency agreed with the Management Control Committee, and ended in the first quarter of 2022, confirming the highest assessment on the scale ("Generally Compliant").

The Internal Audit Function uses structured risk assessment methods to identify the most sensitive areas and the main new risk factors. Based on the findings of the risk assessment and the resulting priorities, as well as on any specific requests for further investigation made by the Top Management or the Corporate Bodies, it prepares and submits an Annual Action Plan for prior examination by the Management Control Committee and subsequent approval by the Board of Directors, on the basis of which it conducts its activities during the year. The Function also prepares a Multi-Year Plan.

The Plan may be revised during the year as a result of extraordinary events, also deriving from potential risk evolution, and of new requests from the Corporate Bodies.

The Chief Audit Officer ensures the proper performance of the internal whistleblowing management process.

The Chief Audit Officer supports corporate governance and ensures that Top Management, the Corporate Bodies and the competent Authorities (European Central Bank, Bank of Italy, Consob, etc.) promptly and systematically receive information on the status of the control system, the outcome of activities performed and the progress of any corrective measures. The Chief Audit Officer also contributes to the spreading of a culture of risk-awareness within the Bank and the Group.

Audits are performed directly for the Parent Company, as well as for subsidiaries under an outsourcing contract; for other Group entities that have their own internal audit functions, on the other hand, indirect control is maintained.

In the latter case, the indirect audit is conducted via the guidance and functional coordination of the Auditing structures in the Italian and international banks and subsidiaries, to ensure consistent controls and due examination of the different types of risks, also verifying the structural and operational effectiveness and efficiency of said auditing structures. Furthermore, direct audit and verification are also performed in the institutional capacity as Parent Company.

Any weaknesses are systematically reported to the Corporate Functions concerned for prompt remedial action, with appropriate follow-up to monitor the effectiveness of said action.

Summary internal control system assessments from the checks are periodically submitted to the Management Control Committee and the Board.

The audit reports with a negative opinion or major shortcomings are sent to the Board, the Managing Director and the Management Control Committee, as well as the Boards of Directors and Boards of Statutory Auditors of the subsidiaries concerned.

The main weaknesses detected and their evolution over time are included in the Audit Tableau de Bord, with evidence of the ongoing mitigation actions, the parties responsible for implementing them and the relevant deadlines, to ensure systematic follow-up.

The Chief Audit Officer coordinates the "Integrated Internal Control System" session of the Group Control Coordination and Non-Financial Risks Committee; he/she supports the "231 Model" Surveillance Body in ensuring constant and independent verification of the regular performance of operations and processes, to prevent or detect anomalous and risky conduct or events, and in monitoring the compliance and effectiveness of the rules in the 231 Model; lastly, he/she participates in the Plenary, Business Plan and Sustainability (ESG), Group Risk Analysis and Supervisory Remediation Plans sessions of the Steering Committee and, upon specific request, also in the Investments session.

The Internal Audit Function ensures constant self-assessment of its efficacy and efficiency in line with the internal "quality assurance and improvement" plan drafted in accordance with the recommendations of the international standards for the professional practice of internal auditing. In this context, in 2023, the strategic audit innovation programme, named Strategic Audit Innovation Line-up (SAIL), continued for the period 2022-2025 in line with the new Business Plan.

The Chief Risk Officer

Corporate Control Functions

does not have any direct responsibilities for the operational areas.

process and risk measurement and control tools.

highest assessment on the scale ("Generally Compliant").

risk evolution, and of new requests from the Corporate Bodies.

This Function has a structure and a control model in line with the organisational structure of Intesa

The Chief Audit Officer - to whom the Internal Audit Structures of the Italian and international companies of the Group functionally report - enjoys the necessary autonomy and independence from the operating structures; the Function has access to all the activities conducted at both the head office departments and the local structures. The Bank's audit function cannot be entrusted to external parties; where third parties are entrusted with relevant services for the operation of the internal control system (e.g. data

The structure performs overall level-III assessment of the internal control system, recommending possible improvements to the Corporate Bodies, in particular as regards the RAF, the risk management

The Plan may be revised during the year as a result of extraordinary events, also deriving from potential

The Chief Audit Officer ensures the proper performance of the internal whistleblowing management

which it conducts its activities during the year. The Function also prepares a Multi-Year Plan.

contributes to the spreading of a culture of risk-awareness within the Bank and the Group.

processing), the Internal Audit Function must have access also to the activities of said parties.

The Chief Audit Officer

R. 32 d) R. 36 par. 1

R. 33 b) R. 36 par. 1

R. 36 a) e)

R. 36 b), c)

Sanpaolo and the Group.

processes.

process.

control is maintained.

the Company's financial reports.

The Chief Risk Officer, directly reporting to the Managing Director and CEO, is the head of the Governance Area of the same name in charge of the risk management functions, which includes the controls on the risk management process and, through the Internal Validation and Controls Coordination Area, the internal validation process.

The Chief Risk Officer Governance Area is one of the pillars of the "second line of defence" of the internal control system, and as such it is separate and independent from the business functions. Functional reports to this Area include the risk control functions of subsidiaries with a decentralised management model and the representatives of the Parent Company's risk control function at the subsidiaries with a centralised management model.

The main duties of the Chief Risk Officer Governance Area are as follows:

governing the macro-process of definition, approval, control and implementation of the Group's Risk Appetite Framework (RAF) with the support of the other corporate functions involved;
consistent with corporate strategies and objectives, assisting the Bodies in defining and implementing risk management guidelines and policies;
coordinating the implementation of risk management guidelines and policies by the relevant Group business units, also in the Group companies;
measuring and controlling the Group's exposure to the various types of risk, also verifying the implementation of the guidelines and policies mentioned in the above paragraph;
performing level II monitoring and controls on credit quality, the composition and evolution of the various loan portfolios and the proper classification and measurement of individual exposures ("single name" controls);
performing level II monitoring and controls to monitor IT and security risk, as well as non-credit risks;
continuously and iteratively validating risk measurement and management systems used both to calculate capital requirements and for non-regulatory purposes – to assess their compliance with

regulatory provisions, company operational needs and reference market demands and to manage the internal validation process at Group level; in this context, also ensuring the definition and monitoring of the model risk governance framework.

The Chief Risk Officer Governance Area structures implement the management and strategic guidelines along the Bank's entire decision-making process, down to individual operational units. They also develop and maintain risk measurement, management and control systems compliant with applicable regulations and international best practices, as described in the Notes to the financial statements and the Pillar III – Basel III Disclosure.

The Chief Compliance Officer

The Chief Compliance Officer reports directly to the Managing Director and CEO, and is independent from operating structures and separate from internal auditing; this function ensures the monitoring of regulatory compliance risk at Group level, covering both operational and reputational risk, including the risk of sanctions, losses or damage arising from improper conduct towards customers or such as to jeopardise the integrity and orderly functioning of the markets (so-called conduct risk).

The following functions report to the Chief Compliance Officer: (i) the Anti-Money Laundering ("AML") Function, within the Anti Financial Crime Head Office Department, which has the tasks and responsibilities laid down in the regulations on anti-money laundering, counter-terrorism and monitoring of financial sanctions, and (ii) the Data Protection Officer function, within the Compliance Governance, Privacy and Controls Head Office Department, which performs the tasks assigned by data protection legislation.

The Chief Compliance Officer Governance Area performs the following tasks:

defining the guidelines and methodological rules for monitoring and assessing compliance risk;
identifying and assessing compliance risks and the related controls, and planning the necessary mitigation measures;
identifying the applicable regulations, assessing their impact on corporate processes and procedures and proposing the resulting organisational and procedural changes;
providing support to the corporate structures in all matters that might involve compliance risk and in the preliminary assessment of innovative projects, including the launching of new activities and the entry in new markets, of operations and new products and services to be placed on the market;
monitoring, ex post, the adequacy and effective application of internal processes and procedures and of the organisational changes implemented to prevent compliance risk; more broadly, monitoring compliance with external and internal regulations by the corporate structures;
fostering a corporate culture founded on the principles of honesty, fairness and respect for the spirit and the letter of the rules as well as the enhancement of technical and professional skills, including in the area of Digital knowledge;
managing relations with the Authorities with regard to compliance issues and non-compliance events.

The Chief Compliance Officer reports directly to the Governing Bodies and has access to all the Bank's activities, as well as any useful information for the performance of his/her duties.

The regulatory scope, including Environmental, Social and Governance issues (ESG factors) and the procedures for monitoring regulatory areas subject to significant compliance risks for the Group are defined in the Group Compliance Guidelines, in the Guidelines for combating money laundering and the financing of terrorism and for managing embargoes, in the Group Anti-corruption Guidelines and in the Guidelines on the protection of personal data of natural persons. The Chief Compliance Officer reports to the Corporate Bodies on the adequacy of compliance monitoring, with reference to all regulatory areas applicable to the Bank exposed to compliance risks.

The Guidelines establish the adoption of two distinct models in relation to guidance, coordination and control of the Group. These models are organised in such a way as to take into account the Group's structure in operational and territorial terms. In particular:

for specifically identified Italian Banks and Companies, whose operations are highly integrated with the Parent Company, the compliance supervision is centralised at the Parent Company;
for the other Companies, that have a legal obligation or have been specifically identified based on the business conducted, as well as the International Branches, an internal compliance/anti-money laundering function is established and a local Compliance/AML Officer is appointed who is responsible for these issues. The Compliance/AML Officers of the subsidiaries functionally report to

the Chief Compliance Officer structures, while those of the International Branches, except where not permitted by local regulations, hierarchically report to the Chief Compliance Officer structures. Functional reporting is also in place for the local Data Protection Officers of Group Companies established in the European Union.

The Manager responsible for preparing the Company's financial reports and the monitoring of the financial reporting process

Pursuant to Article 154-bis of the Consolidated Law on Finance, Intesa Sanpaolo appoints a Manager responsible for preparing the Company's financial reports.

He/she meets specific professionalism requirements, namely appropriate mastery of financial accounting and management and control of the related administrative procedures, as required by the Articles of Association; he/she must also meet the integrity requirements established by the applicable regulations for the members of the control bodies of listed companies.

The Manager responsible for preparing the Company's financial reports has adequate powers and means for the performance of his/her functions; to this end, he/she relies on:

a dedicated organisational structure supporting him/her, which is adequate in terms of number and technical and professional skills;
the Administration and Tax Head Office Department structures;
the contribution:

regulatory provisions, company operational needs and reference market demands and to manage the internal validation process at Group level; in this context, also ensuring the definition and

defining the guidelines and methodological rules for monitoring and assessing compliance risk; - identifying and assessing compliance risks and the related controls, and planning the necessary
identifying the applicable regulations, assessing their impact on corporate processes and procedures
providing support to the corporate structures in all matters that might involve compliance risk and in the preliminary assessment of innovative projects, including the launching of new activities and the entry in new markets, of operations and new products and services to be placed on the market; - monitoring, ex post, the adequacy and effective application of internal processes and procedures and of the organisational changes implemented to prevent compliance risk; more broadly, monitoring
fostering a corporate culture founded on the principles of honesty, fairness and respect for the spirit and the letter of the rules as well as the enhancement of technical and professional skills, including
managing relations with the Authorities with regard to compliance issues and non-compliance events.

The Chief Compliance Officer reports directly to the Governing Bodies and has access to all the Bank's

for specifically identified Italian Banks and Companies, whose operations are highly integrated with
for the other Companies, that have a legal obligation or have been specifically identified based on the business conducted, as well as the International Branches, an internal compliance/anti-money laundering function is established and a local Compliance/AML Officer is appointed who is responsible for these issues. The Compliance/AML Officers of the subsidiaries functionally report to

the Parent Company, the compliance supervision is centralised at the Parent Company;

jeopardise the integrity and orderly functioning of the markets (so-called conduct risk).

The Chief Compliance Officer Governance Area performs the following tasks:

and proposing the resulting organisational and procedural changes;

compliance with external and internal regulations by the corporate structures;

activities, as well as any useful information for the performance of his/her duties.

areas applicable to the Bank exposed to compliance risks.

structure in operational and territorial terms. In particular:

monitoring of the model risk governance framework.

Basel III Disclosure.

legislation.

The Chief Compliance Officer

mitigation measures;

in the area of Digital knowledge;

of the corporate control functions and, in particular, the Internal Audit Function, which is responsible for conducting overall assurance activities over the internal control system as indicated in the "Integrated Internal Control System Regulation" and from which the said Manager acquires the outcomes of the activities carried out, in relation to the effects on the financial reporting process and on the reliability of corporate information;
of the other functions of the Parent Company and the Group companies.

The correctness of the company financial reports and of the financial reporting process are monitored in compliance with the provisions of Article 154-bis and its implementing provisions as well as the rules on the administration and accounting system applicable to corporations controlling non-EU companies (Article 15 of Consob Market Regulation no. 20249/2017).

Pursuant to the above-mentioned regulations, the Manager responsible for preparing the Company's financial reports provides Group-wide guidance and coordination in administrative matters and in the monitoring of the internal control system for accounting and financial reporting and supervises the fulfilment of the legal obligations with a Group-wide approach, defined by specific internal regulations.

Control over the accounting and financial reporting process is based on the review of:

the adequacy of the procedures followed to draft the company's financial reports and any other relevant financial disclosure pursuant to Article 154-bis. The audits focus on the controls implemented to oversee the work stages that, within corporate procedures, entail the recording, processing, evaluation and presentation of data and information contained in financial communications disseminated to the public. Equal importance is given to the IT architecture and applications used to manage such information, to information processing systems and to the development measures for data synthesis systems;
the completeness and consistency of the information disclosed to the market through the maintenance of a system of reports and information flows with the functions of the Parent Company and companies on the significant events for the purposes of accounting and financial reporting, especially as regards the main risks and uncertainties to which they are exposed.

Italian legislation refers to no predefined standards for assessing the adequacy of the administrative and accounting procedures and ensuring the effectiveness of the related internal control system and technology infrastructure. The international benchmarks – typically also used by independent auditors

Art. 123 bis, 2, (b) CLF

– are the COSO Framework¹ for internal control systems and the COBIT Framework² for information systems. Intesa Sanpaolo follows these benchmarks since they ensure uniformity of analysis and valuation methodologies with internationally accepted practice, based on authoritative references and widely recognised, regularly updated and accompanied by interpretative notes fostering smooth and straightforward dialogue with the regulators, the independent auditors, the relevant bodies and among the control functions.

In this regard, "financial reporting risk" is included in the Group's integrated risk taxonomy and has a measurement metric consistent with the principles of the "Integrated internal control system regulation". Lastly, it should be noted that to assess the adequacy of the relevant financial reporting processes, the Manager responsible for preparing the Company's financial reports uses the results of the controls carried out by the Structures reporting directly to him/her, by the Internal Audit Function and the other Corporate Control Functions. To this end, within the Group Control Coordination and Non-Financial Risks Committee, the Corporate Control Functions and the Manager responsible for preparing the Company's financial reports share their annual verification plans and their findings. Any critical issues arising from inspections conducted by external entities (Independent Auditors, Supervisory Authorities) relating to financial reporting risk are also gathered and assessed.

The Legal Affairs Head Office Department – Group General Counsel

The Legal Affairs Head Office Department, in accordance with the organisational model, oversees legal risks at Group level. In particular:

it manages pre-litigation and litigation in and out of court for the Parent Company and for the Group Companies on an outsourcing basis;
it monitors, steers and coordinates the management of Group litigation, assessing its risk, also together with the Chief Risk Officer, and reports on litigation to the Corporate Bodies of Intesa Sanpaolo;
it provides legal advice and assistance to the head-office structures of the Parent Company, Divisions and Group Companies on an outsourcing basis;
it defines guidelines, directives and instructions for the management of the Group's legal risk and collaborates with the Chief Risk Officer and the Chief Compliance Officer in defining those for the management of other risks;
it exercises guidance and coordination over the legal functions of the Divisions and Areas, and in general of the Group, and collaborates in the management of relations with the Supervisory Authorities.

¹ The COSO Framework was prepared by the Committee of Sponsoring Organizations of the Treadway Commission, the U.S. organisation dedicated to improving the quality of financial reporting through ethical standards and an effective corporate governance and organisation system. ² The COBIT Framework - Control OBjectives for IT and related technology - is a set of rules prepared by the IT Governance Institute, the U.S. organisation set up to define and improve the standards of corporate IT.

R. 33 e)

Members	Independent pursuant to Article 148(3) of the CLF	Independent pursuant to the Code	Attendance percentage at meetings
Paolo Vernero – Chair	X	X	100%
Andrea Cortellazzo	X	X	100%
Franco Dalla Sega	X	X	90%
Massimo Bianchi (alternate)	X	X	N/A
Elena Brero (alternate)	X	X	N/A
Oreste Cagnasso (alternate)	X	X	N/A

The Surveillance Body and the Organisational, Management and Control Model pursuant to Legislative Decree 231/2001

Duties and operation

The Legal Affairs Head Office Department, in accordance with the organisational model, oversees legal

it manages pre-litigation and litigation in and out of court for the Parent Company and for the Group
it monitors, steers and coordinates the management of Group litigation, assessing its risk, also together with the Chief Risk Officer, and reports on litigation to the Corporate Bodies of Intesa
it provides legal advice and assistance to the head-office structures of the Parent Company,
it defines guidelines, directives and instructions for the management of the Group's legal risk and collaborates with the Chief Risk Officer and the Chief Compliance Officer in defining those for the
it exercises guidance and coordination over the legal functions of the Divisions and Areas, and in general of the Group, and collaborates in the management of relations with the Supervisory

¹ The COSO Framework was prepared by the Committee of Sponsoring Organizations of the Treadway Commission, the U.S. organisation dedicated

to improving the quality of financial reporting through ethical standards and an effective corporate governance and organisation system. ² The COBIT Framework - Control OBjectives for IT and related technology - is a set of rules prepared by the IT Governance Institute, the U.S.

relating to financial reporting risk are also gathered and assessed.

Divisions and Group Companies on an outsourcing basis;

The Legal Affairs Head Office Department – Group General Counsel

the control functions.

risks at Group level. In particular:

management of other risks;

Sanpaolo;

Authorities.

Companies on an outsourcing basis;

organisation set up to define and improve the standards of corporate IT.

The Surveillance Body is responsible for supervising the effective implementation and proper operation of and compliance with the Organisational, Management and Control Model ("Model") pursuant to Legislative Decree 231/2001, as well as for proposing its updating in order to improve its effectiveness in preventing criminal and administrative offences.

In performing its supervisory and control duties, the Body liaises and interacts directly with the heads of the Internal Auditing and Compliance Functions. Said function heads, within the scope of their responsibility, provide the Body with appropriate information and fact-finding support, thereby ensuring coordination between the various players of the internal control and risk management system set up in accordance with the Code of Corporate Governance. Coordination is strengthened by joint meetings held by the Body with a cooperation approach with the Management Control Committee and/or other Committees for issues of mutual interest, each within the scope of their responsibilities.

The Body is also required to submit, at least every six months, to the Board of Directors and to the Management Control Committee, a specific report on the adequacy of and compliance with 231 Model.

For each category of offences contemplated by Legislative Decree 231/2001, the Model identifies "sensitive" company areas and, for each area, the company activities exposed to the risk of said offences being committed (so-called "sensitive activities"). For each sensitive activity, mandatory control principles and rules of conduct have been established for the people involved in those activities.

The Model is fully and effectively implemented in daily operations through the connection between each sensitive area and the dynamic management of processes and the reference internal regulations, which form an integral part of the Model itself.

The Model, published on the Bank's website, was last updated in November 2023.

In order to pursue its functions with total independence, the Body has autonomous spending powers based on an annual budget, approved by the Board subject to the prior favourable opinion of the same Body.

Composition and duties

The Body is composed of three individuals not belonging to Intesa Sanpaolo, who meet the specific professionalism, integrity and independence requirements laid down in the Model. Three alternate members are also appointed.

The Bank's choice to appoint a Body composed entirely of external members is intended to ensure and strengthen the Body's independence from the management functions, also in the light of the governance model adopted by the Bank.

R. 33 g)

The Board of Directors, in its meeting of 24 May 2022, appointed the Surveillance Body for the period 2022/2024, confirming its standing members.

The scope of activities, operational arrangements and duties of the Body, which met 9 times in 2023, in addition to being set out in the Model, are also detailed in the "Regulation for the Surveillance Body pursuant to Italian Legislative Decree 231/2001". The Regulation provides that the Chair may be appointed on an annual rotating basis from among its members. Accordingly, on 18 May 2023, the Body

appointed Paolo Vernero as Chair, with term of office until the date of the Shareholders' Meeting called to approve the financial statements as at 31 December 2023.

As for the specific activities carried out in 2023, the following highlights are provided:

regular monitoring of the implementation of the Code of Ethics and the social and environmental responsibility principles;
analysis of the periodic reports issued by the corporate control functions;
periodic meetings with the Human Resources function and the Internal Audit function to report on disciplinary measures imposed on employees;
information regarding the updating of the Group rules on the internal reporting system of violations (whistleblowing);
in-depth analysis of the Bank's purchase of tax credits related to construction and energy bonuses;
analysis of the updates to the Guidelines for combating money laundering and the financing of terrorism and for managing embargoes and the Anti-Corruption Guidelines;
analysis of the Internal Audit function's Report on the controls carried out in 2022 on the essential or important functions outsourced outside the Group;
in-depth analysis by the Internal Audit Department on, among other matters, Financial Sanctions and the procedure for monitoring management body members holding offices in both the Parent Company and Subsidiaries;
review of the results of the checks carried out by the Internal Audit Department and the other competent corporate functions following reports made by the Body.

With regard to the promotion of the Model, Intesa Sanpaolo continued to implement the internal communication and staff training plan, to ensure that full knowledge of the topic and compliance with the rules become embedded in each employee's professional profile.

Furthermore, without prejudice to the separate responsibility of each Group company to adopt and implement their own models under Italian Legislative Decree 231/2001, the Bank, in its capacity as Parent Company, has established a series of guidelines on this topic for its subsidiaries covering, among other things, the appointment of the Surveillance Body, the preparation of staff training plans, the implementation of suitable controls for sensitive processes, and the submission of periodic reports to the Parent Company's compliance function.

In addition, in order to facilitate the exchange of information between the Bodies and enable better and more effective supervision of preventive measures within the individual corporate entities, in December 2023 the Body held, on its own initiative, a meeting with all the Surveillance Bodies of the Group's Italian Subsidiaries, with the support of the Bank's competent structures, on the issues deemed to be of greatest interest. The Surveillance Bodies of the subsidiaries are indeed responsible for monitoring the functioning of the model adopted by each Company and the fulfilment of the obligations laid down in the regulations and for submitting their reports on the activities carried out, usually every six months, to the Management Control Committee and the Parent Company's Surveillance Body.

The Organisational, Management and Control Models adopted by Intesa Sanpaolo and the Group's Italian companies are available on the Bank's website.

Independent Auditing

Since Intesa Sanpaolo is a listed company (Public Interest Entity pursuant to the relevant regulations), the statutory auditing of its accounts must be carried out by an independent auditing firm (Independent Auditors). In the audit report, the independent auditors formalise their professional opinion on the annual and consolidated financial statements, formed following the auditing activities carried out and the conclusions reached on the basis of the audit findings acquired. The audit report also expresses an opinion on the consistency with the financial statements of the Report on Operations and of some specific information contained in the Report on Corporate Governance and Ownership Structures and on their compliance with regulatory requirements. In addition, the audit report includes an opinion on whether the financial statements comply with the provisions of Delegated Regulation (EU) 2019/815 ("ESEF Regulation"). The audit report includes the "Key Audit Matters", i.e. the aspects that, according to the auditors' professional opinion, were most significant in the context of the audit of the financial statements in question. The independent auditors are also entrusted, on a voluntary basis, with the limited review of the consolidated half-yearly report and the consolidated interim statements.

In order to monitor compliance with the laws governing independent auditing firms engaged for the auditing of the accounts of Group companies by ensuring the conditions to protect the independence of independent auditors, Intesa Sanpaolo applies the "Group Regulation for the granting of assignments to independent auditors and their networks" which established a supervision system to monitor the nature and eligibility of the proposed mandates for the provision of services by auditors and related parties.

appointed Paolo Vernero as Chair, with term of office until the date of the Shareholders' Meeting called

regular monitoring of the implementation of the Code of Ethics and the social and environmental
periodic meetings with the Human Resources function and the Internal Audit function to report on
information regarding the updating of the Group rules on the internal reporting system of violations
in-depth analysis of the Bank's purchase of tax credits related to construction and energy bonuses; - analysis of the updates to the Guidelines for combating money laundering and the financing of
analysis of the Internal Audit function's Report on the controls carried out in 2022 on the essential or
in-depth analysis by the Internal Audit Department on, among other matters, Financial Sanctions and the procedure for monitoring management body members holding offices in both the Parent
review of the results of the checks carried out by the Internal Audit Department and the other

With regard to the promotion of the Model, Intesa Sanpaolo continued to implement the internal communication and staff training plan, to ensure that full knowledge of the topic and compliance with

The Organisational, Management and Control Models adopted by Intesa Sanpaolo and the Group's

limited review of the consolidated half-yearly report and the consolidated interim statements.

As for the specific activities carried out in 2023, the following highlights are provided:

analysis of the periodic reports issued by the corporate control functions;

terrorism and for managing embargoes and the Anti-Corruption Guidelines;

competent corporate functions following reports made by the Body.

Management Control Committee and the Parent Company's Surveillance Body.

the rules become embedded in each employee's professional profile.

to approve the financial statements as at 31 December 2023.

disciplinary measures imposed on employees;

important functions outsourced outside the Group;

responsibility principles;

Company and Subsidiaries;

the Parent Company's compliance function.

Italian companies are available on the Bank's website.

Independent Auditing

(whistleblowing);

The independent auditors are Ernst & Young S.p.A. The firm was appointed for financial years 2021- 2029 by the Ordinary Shareholders' Meeting of 30 April 2019, in line with the proposal set out by the Management Control Committee.

105

Part IV - Summary tables

Board of Directors								Management Committee Control		Nomination Committee		Remuneration Committee		Sustainability Risks and Committee		Related Party Transactions Committee
Director	Age	In office since	Executive	Slate (1)	Independent (2)	No. of other pursuant to held article 17 169/2020 M.D. offices	(3)	on (4) Positi	(3)	(4) Positi on	(3)	Positi (4) on	(3)	Posit ion(4)	(3)	(4) Positi on	(3)
Chair
Gian Maria Gros-Pietro	82	09/05/2013		Ms		1	100%			M	100%
Deputy Chair
Paolo Andrea Colombo	63	27/04/2016		Ms	X	2	100%			M	100%	C	100%
Managing Director and CEO
Carlo Messina	61	29/09/2013	X	Ms			100%
Directors
Franco Ceruti	71	27/04/2016		Ms			100%					M	100%	M	100%
Anna Gatti	52	30/04/2019		ms	X	3	100%					M	100%
Liana Logiurato	55	29/04/2022		Ms	X		100%					M	100%			M	100%
Maria Mazzarella	73	27/04/2016		ms	X		100%			M	100%					M	100%
Luciano Nebbia	70	30/04/2019		Ms		1	96%					M	100%
Bruno Maria Parigi	65	29/04/2022		Ms	X		100%							M	100%
Bruno Picca	73	09/05/2013		Ms		1	100%			M	100%			M	100%
Livia Pomodoro	83	27/04/2016		Ms	X	3	87%			C	100%
Maria Alessandra Stefanelli	60	30/04/2019		Ms	X		100%									M	83%
Paola Tagliavini	55	29/04/2022		Ms	X	2	100%							C	100%	M	100%

Table no. 1: Composition of the Board of Directors and Committees

107

Daniele Zamboni

27/04/2016

100%

Board of Directors								Management Committee Control		Nomination Committee		Remuneratio n Committee		Sustainability Risks and Committee		Related Party Transactions Committe
Director	Age	In office since	Executive	Slate (1)	Independent (2)	No. of other pursuant to held article 17 169/2020 M.D. offices	(3)	Positi (4) on	(3)	Positi (4) on	(3)	Positi (4) on	(3)	(4) Positi on	(3)	Positio (4) n	(3)
Alberto Maria Pisani	69	27/04/2016		ms	X		100%	C	100%
Roberto Franchini	68	27/04/2020		ms	X		100%	M	98%
Fabrizio Mosca	55	30/04/2019		Ms	X	3	100%	M	100%
Milena Teresa Motta	64	27/04/2016		Ms	X	1	100%	M	100%
Maria Cristina Zoppo	52	27/04/2016		Ms	X	3	100%	M	100%

(1) Ms = "majority" slate / ms = "minority" slate

(2) Independent pursuant to article 13.4 of the Articles of Association, the Italian Corporate Governance Code and article 148, paragraph 3, of the Consolidated Law on Finance

(3) Attendance percentage at, respectively, Board of Directors and Committees meetings(4)

Position in the Committee: "C": Chairman; "M": Member

Director	Position	E/NE	Company/Entity
Gian Maria Gros-Pietro	Director Director Director	NE	• Associazione Bancaria Italiana Università Guido Carli ABI Servizi S.p.A. LUISS – ABI –
Paolo Andrea Colombo	Chair, Board of Statutory Auditors Director	NE NE	• • Colombo & Associati S.r.l. Humanitas S.p.A.
Carlo Messina	Director Director		Associazione Bancaria Italiana Università Bocconi ABI –
Franco Ceruti	Chair, Board of Directors Chair, Board of Directors Chair, Board of Directors Director Director	NE NE NE	Intesa Sanpaolo Expo Institutional Contact S.r.l. (1) Fondazione per l'Innovazione del Terzo Settore 1) ( Intesa Sanpaolo Private Banking S.p.A. 1) Società Benefit Cimarosa 1 S.p.A. ( CCIAA Milano Monza Brianza Lodi
Anna Gatti	Director Director Director	NE NE NE	• • • Wizz Air Holdings PLC WiZink Bank S.A. Lutech S.p.A.
Liana Logiurato	Director		International Alumni Association Business School - IMD
Maria Mazzarella Luciano Nebbia	Deputy Chair, Board of Directors Director -	NE	• Fondazione Parchi Monumentali Bardini Peyron Equiter S.p.A.
Bruno Maria Parigi	-

Table no. 2: Lists of other management and control offices of Board Directors in other companies and entities

Board of Directors

Director Alberto Maria Pisani

Roberto Franchini 68

Fabrizio Mosca 55

Milena Teresa Motta

Maria Cristina Zoppo

(1) Ms

(4)

= "majority" slate / ms = "minority" slate

(2) Independent pursuant to article

Position in the Committee: "C": Chairman; "M": Member

(3) Attendance percentage at, respectively, Board of Directors and Committees meetings

13.4 of the Articles of Association, the Italian Corporate Governance Code and article

148, paragraph 3, of the Consolidated Law on Finance

27/04/2016

30/04/2019

27/04/2020

27/04/2016

ms ms Ms Ms Ms

100%

Age

In office since

Executive

Slate (1)

Independent

No. of other

offices held pursuant to

article 17

(3)

Positi on (4)

(3)

Positi on (4)

(3)

Positi on (4)

(3)

Positi on (4)

(3)

n (4)

Positio

(3)

M.D.

169/2020

(2)

Management

Nomination

Remuneratio

Risks and

Related Party

Transactions

Committe

Sustainability

Committee

n Committee

Committee

Control

Committee

Bruno Picca	Director	NE	• Voluntary Scheme - Interbank Deposit Protection Fund
Livia Pomodoro	Member, Executive Board Chair, Board of Directors Chair, Board of Directors Chair, Board of Directors Chair, Executive Board Chair, Executive Board Director Director	NE NE NE	• • • Sustainability and Inclusion for Food S.r.l. NO'HMA IN CAMMINO Milan Center for Food Law and Policy Spazio Teatro No'hma Fondazione Sodalitas Touring Club Italiano WHTEXCH S.p.A. Giubileo 2025 – Febo S.p.A.
Maria Alessandra Stefanelli	-
Paola Tagliavini	Director Director	NE NE	• • Rai Way S.p.A. Saipem S.p.A.
Daniele Zamboni	-
Alberto Maria Pisani	-
Roberto Franchini	Executive Board Chair, Board of Auditors Member,		Fondazione per l'infanzia Ronald Mc Donald Italia British Chamber of Commerce for Italy (*)
Fabrizio Mosca	Chair, Board of Statutory Auditors Chair, Board of Statutory Auditors Chair, Board of Statutory Auditors Chair, Board of Statutory Auditors Chair, Board of Statutory Auditors Chair, Board of Statutory Auditors Sole Director	NE NE NE NE NE NE E	• • • (3) (2) Mindicity S.r.l. Società Benefit Bolaffi Metalli Preziosi S.p.A. (2) Diasorin Italia S.p.A. Aste Bolaffi S.p.A. (3) (2) Olivetti S.p.A. Bolaffi S.p.A. Fly S.r.l. (**)
Milena Teresa Motta	Director	NE	• Strategie & Innovazione S.r.l.

• • • S.A.M.I. Schoeller Allibert S.p.A. S.p.A. Newlat Food S.p.A. Michelin Italiana NE NE NE Chair, Board of Statutory Auditors Standing Auditor Director	no. 169/2020 Ministerial Decree 17,	Group
Maria Cristina Zoppo	R = Positions relevant pursuant to article E/NE = Executive/Non Executive	Companies belonging to Bolaffi Group Companies belonging to TIM
			Companies belonging to Intesa Sanpaolo Group	company incorporated at the exclusive aim of managing personal economic interests No-profit entity with registered office in the United Kingdom

Bruno Picca Livia Pomodoro

Director Chair, Executive Board

Member, Executive Board

Director

Febo S.p.A.

Touring Club Italiano

Spazio Teatro No'hma

Sustainability and Inclusion for Food S.r.l.

Director

Chair, Board of Directors

WHTEXCH S.p.A.

Giubileo 2025 –

NO'HMA IN CAMMINO

Chair, Board of Directors

Chair, Executive Board

Maria Alessandra Stefanelli

Paola Tagliavini

Daniele Zamboni

Alberto Maria Pisani

Roberto Franchini

Fabrizio Mosca

Chair, Board of Auditors

Fondazione per l'infanzia Ronald Mc Donald Italia

British Chamber of Commerce for Italy (*)

Member,

Executive Board

Chair, Board of Statutory Auditors

Bolaffi S.p.A. (2)

•

Aste Bolaffi S.p.A.

(2) Bolaffi Metalli Preziosi S.p.A.

(2)

Olivetti S.p.A.

(3)

Fly S.r.l. (**)

Diasorin Italia S.p.A.

Mindicity S.r.l. Società Benefit

(3)

Strategie & Innovazione S.r.l.

•

Chair, Board of Statutory Auditors

Sole Director

Chair, Board of Statutory Auditors

Milena Teresa Motta

Director

Saipem S.p.A.

•

Rai Way S.p.A.

Director

Interbank Deposit Protection Fund

Milan Center for Food Law and Policy

Fondazione Sodalitas

Voluntary Scheme

•

113

Appendix

Table no. 1: "Check List"

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	Article 1. Role of the board of directors
P I	The board of directors leads the company by pursuing its sustainable success.	✓	page 49, 51
P II	The board of directors defines the strategies of the company and the group it heads in accordance with principle I and monitors its implementation.	✓	page 49
P III	The board of directors defines the corporate governance system that is most functional for carrying out the company's business and pursuing its strategies, taking into account the flexibility offered by the legal framework. If necessary, the board of directors evaluates and promotes the appropriate changes and submit them to the shareholders' meeting when such changes are necessarily subject to the shareholders' vote.	✓	page 49, 56, 63
P IV	The board of directors promotes dialogue with shareholders and other stakeholders which are relevant for the company, in the most appropriate way.	✓	page 42, 43
R 1	The board of directors:
	a) reviews and approves the business plan of the company and the group it heads, also on the basis of matters that are relevant for the long-term value generation. That analysis is carried out with the possible support of a committee whose composition and functions are defined by the board of directors;	✓	page 49, 50
	b) periodically monitors the implementation of the business plan and assesses the general course of the business, comparing the results achieved with those planned;	✓	page 50
	c) defines the nature and level of risk compatible with the company's strategic objectives, including all the elements that can be relevant for the company's sustainable success;	✓	page 50
	d) defines the corporate governance system of the company and the structure of the group it heads, and assesses the adequacy of the company's organisational, administrative and accounting structure and of its strategically important subsidiaries, with particular reference to the internal control and risk management system;	✓	page 50
	e) approves transactions of the company and its subsidiaries that have a significant impact on the company's strategies, profitability, assets and liabilities or financial position; to this end, it establishes the general criteria for identifying significant transactions;	✓	page 51
	f) on proposal of the chair in agreement with the chief executive officer, adopts a procedure for the internal and external management of documents and information concerning the company, with particular reference to inside information, in order to ensure the correct management of corporate information.	✓	page 43, 50, 65, 82
R 2	If deemed necessary for the effectiveness of the company's corporate governance system, the board of directors develops specific proposals to be submitted to the shareholders' meeting on the following issues: a) choice and characteristics of the corporate model (traditional,	✓	page 39, 50, 56, 63

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	"one-tier", "two-tier"); b) size, composition and appointment of the board of directors and term of office of its members; c) structure of the shares' administrative and property rights; d) percentages established for the exercise of the prerogatives set up to safeguard minority shareholders. In particular, if the board of directors intends to propose to the shareholders' meeting the introduction of increased voting rights (so-called "voto maggiorato"), it provides adequate reasons in the report that will be submitted to the shareholders prior to their annual meeting. The report indicates the expected effects on the company's ownership and control structure and its future strategies. In the same report, the board discloses the decision-making process followed for the definition of such a proposal and any dissenting opinions voiced within the board.
R 3	Upon proposal of the chair in agreement with the chief executive officer, the board of directors adopts and describes in the corporate governance report a policy for managing dialogue with the generality of shareholders, taking also into account the engagement policies adopted by institutional investors and asset managers. The chair ensures that the board of directors is in any case informed, within the first suitable meeting, of the development and the significant contents of the dialogue that has taken place with all the shareholders.	✓ ✓	page 42
	Article 2. Composition of the corporate bodies
P V	The board of directors is comprised of executive and non executive directors. All directors ensure professional skills and competence that are appropriate to their tasks.	✓	page 51, 57
P VI	The number and skills of non-executive directors ensure significant influence in the decision-making process of the board and guarantee an effective monitoring of management. A significant number of non-executive directors is independent.	✓	page 51, 66
P VII	The company applies diversity criteria, including gender ones, to the composition of the board of directors, ensuring the primary objective of adequate competence and professionalism of its members.	✓	page 51, 52
P VIII	The control body's composition is appropriate for ensuring the independence and professionalism of its function.	✓	page 69, 70
R 4	The board of directors defines the delegation of managerial powers and identifies who among the executive directors holds the position of chief executive officer. If the chair is entrusted with the position of chief executive officer or with significant managerial powers, the board of directors explains the reasons for this choice.	✓	page 49, 51, 57
R 5	The number and skills of independent directors are appropriate to the needs of the company and to the well-functioning of the board of directors, as well as to the establishment of board committees.	✓	page 51, 58
	The board of directors includes at least two independent directors, other than the chair.	✓
	In large companies with concentrated ownership, independent directors account for at least one third of the board. (*)

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	In other large companies, independent directors account for at least half of the board.	✓
	In large companies, independent directors meet, in the absence of the other directors, on a periodic basis and at least once a year to evaluate the issues deemed of interest to the functioning of the board of directors and to the corporate management.	✓	page 60
R 6	The board of directors assesses the independence of each non executive director immediately after his or her appointment. The assessment is renewed during the mandate upon the occurrence of circumstances that concern his or her independence and at least once a year.	✓	page 59
	Each non-executive director provides all the elements necessary or useful for the assessment of the board of directors. On the basis of all the information available, the board considers any circumstance that affects or could affect the independence of the director.	✓
R 7	The circumstances that jeopardise, or appear to jeopardise, the independence of a director are at least the following: a) if he or she is a significant shareholder of the company; b) if he or she is, or was in the previous three financial years, an executive director or an employee: - of the company, of its subsidiary having strategic relevance or of a company subject to joint control; - of a significant shareholder of the company; c) if he or she has, or had in the previous three financial years, a significant commercial, financial or professional relationship, directly or indirectly (for example through subsidiaries, or through companies of which he or she is an executive director, or as a partner of a professional or a consulting firm): - with the company or its subsidiaries, or with their executive directors or top management; - with a subject who, also together with others through a shareholders' agreement, controls the company; or, if the control is held by a company or another entity, with its executive directors or top management; d) if he or she receives, or received in the previous three financial years, from the company, one of its subsidiaries or the parent company, significant remuneration other than the fixed remuneration for the position held within the board and for the membership in the committees recommended by the Code or required by law; e) if he or she has served on the board for more than nine years, even if not consecutive, of the last twelve years; f) if he or she holds the position of executive director in another company whereby an executive director of the company holds the office of director; g) if he or she is a shareholder, quota-holder or director of a company or other legal entity belonging to the network of the external auditor of the company; h) if he or she is a close relative of a person who is in any of the circumstances set forth in previous letters. The board of directors defines ex ante, at least at the beginning of	✓ ✓	page 58, 59
	its mandate, the quantitative and qualitative criteria for assessing the significance of the situations set forth above in letters c) and d). If the director is also a partner in a professional or a consulting firm, the board of directors assesses the significance of the professional relationships that may have an effect on his or her position and role within the professional or the consulting firm and

b) size, composition and appointment of the board of directors and

In particular, if the board of directors intends to propose to the shareholders' meeting the introduction of increased voting rights (so-called "voto maggiorato"), it provides adequate reasons in the report that will be submitted to the shareholders prior to their annual meeting. The report indicates the expected effects on the company's ownership and control structure and its future strategies. In the same report, the board discloses the decision-making process followed for the definition of such a proposal and any

c) structure of the shares' administrative and property rights; d) percentages established for the exercise of the prerogatives set

R 3 Upon proposal of the chair in agreement with the chief executive officer, the board of directors adopts and describes in the corporate governance report a policy for managing dialogue with the generality of shareholders, taking also into account the engagement policies adopted by institutional investors and asset

P V The board of directors is comprised of executive and nonexecutive directors. All directors ensure professional skills and

P VI The number and skills of non-executive directors ensure significant influence in the decision-making process of the board and guarantee an effective monitoring of management. A significant number of non-executive directors is independent.

P VII The company applies diversity criteria, including gender ones, to the composition of the board of directors, ensuring the primary objective of adequate competence and professionalism of its

P VIII The control body's composition is appropriate for ensuring the independence and professionalism of its function.

R 4 The board of directors defines the delegation of managerial powers and identifies who among the executive directors holds the position of chief executive officer. If the chair is entrusted with the position of chief executive officer or with significant managerial powers, the board of directors explains the reasons

R 5 The number and skills of independent directors are appropriate to the needs of the company and to the well-functioning of the board of directors, as well as to the establishment of board committees.

directors account for at least one third of the board. (*)

The board of directors includes at least two independent

In large companies with concentrated ownership, independent

competence that are appropriate to their tasks.

The chair ensures that the board of directors is in any case informed, within the first suitable meeting, of the development and the significant contents of the dialogue that has taken place with all

"one-tier", "two-tier");

managers.

members.

for this choice.

directors, other than the chair.

the shareholders.

Article 2. Composition of the corporate bodies

term of office of its members;

up to safeguard minority shareholders.

dissenting opinions voiced within the board.

Applied with

adaptations as

✓

appropriate

Not applied

Page of Report

page 42

✓ page 51, 57

✓ page 51, 66

✓ page 51, 52

✓ page 69, 70

✓ page 51, 58

✓

✓ page 49, 51, 57

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	in any event those pertaining to important transactions of the company and the group it heads, even regardless of the quantitative parameters.
	The chair of the board of directors, who has been nominated for such role according to recommendation 23, can be assessed as independent if none of the circumstances set forth above occurs. If the independent chair is member of the board committees recommended by the Code, such committees are made up in majority of independent directors, other than the chair. The independent chair of the board of directors cannot chair the remuneration committee and the control and risk committee.	✓
R 8	The company defines the diversity criteria for the composition of the board of directors and the control body and identifies the most suitable tool for their implementation, taking into account its ownership structures.	✓	page 51, 52, 53, 69, 87
	At least a third of the board of directors and the control body, where the latter is autonomous, is to be comprised of members of the less represented gender.	✓
	Companies adopt measures to promote equal treatment and opportunities among genders within the entire organisation, monitoring their specific implementation.	✓
R 9	All members of the control body meet the independence requirements set out in recommendation 7 for directors. The independence assessment is carried out, with the timing and manner provided for by recommendation 6, by the board of directors or by the control body; such an assessment is based on the information provided by each member of the control body.	✓	page 59, 70
R 10	The outcome of the assessments of independence of directors and members of the control body referred to in recommendations 6 and 9 is disclosed to the market immediately after the appointment through a specific press release and, later, in the corporate governance report. In both cases, the outcome of the assessment provides information about: the criteria used for the assessment of the significance of the relationships and, in case of any deviation from the circumstances set forth in recommendation 7, a clear and detailed reason for this choice motivated by the individual situation and characteristics of the director concerned.	✓	page 59, 70
	Article 3. Functioning of the board of directors and the role of the chair
P IX	The board of directors defines the rules and procedures for its functioning, ensuring an efficient flow of information to directors.	✓	page 49, 64, 65, 67
P X	The chair of the board of directors plays a liaison role between executive and non-executive directors and ensures the effective functioning of the board.	✓	page 56, 65 66
P XI	The board of directors ensures an adequate division of its functions and establishes board committees with preliminary, propositional and consultative functions.	✓	page 49, 75

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
P XII	Each director ensures adequate time commitment for the fulfilment of their board responsibilities.	✓	page 57, 60, 61, 70
R 11	The board of directors develops internal rules that define the functioning of the board and its committees, including the means for recording the minutes of the meetings and the procedures for providing information to directors. These procedures identify the prior notice for the submission of the documentation, ensuring that confidentiality issues are properly managed without affecting the timeliness and completeness of the flow of information.	✓	page 49, 64, 65, 75,82
	The corporate governance report provides adequate information on the main contents of the board of director's internal rules and on compliance with the procedures aimed at ensuring the timeliness and adequacy of the information provided to the directors.	✓
R 12	The chair of the board of directors, with the help of the board secretary, ensures that:
	a) the pre-meeting information and the complementary information provided during the meeting are suitable to allow directors to act in an informed manner;	✓	page 56, 65
	b) the activity of the board committees with preliminary, propositional and consultative functions is coordinated with the activity of the board of directors;	✓	page 56, 65
	c) in agreement with the chief executive officer, the managers of the company and those of the companies of the group it heads, who are competent on the issues concerned, participate in the relevant board meetings to provide appropriate insights on the items on the agenda, also upon request of one or more directors;	✓	page 56, 66
	d) all the members of the board of directors and control body can take part, after the appointment and during the mandate, in initiatives aimed at providing them with adequate knowledge of the industry in which the company operates, the company dynamics and their evolution, also in relation to the company's sustainable success. Such initiatives also cover the risk management issues as well as any relevant part of the regulatory and self-regulatory framework;	✓	page 61
	e) to provide for the adequacy and transparency of the board review, with the support of the nomination committee.	✓	page 63
R 13	The board of directors appoints an independent director as lead independent director: a) if the chair of the board of directors is the chief executive officer or holds significant managerial powers; b) if the office of chair is held by the person who controls, also jointly, the company; c) in large companies, even in the absence of the conditions indicated in letter a) and b), if requested by the majority of independent directors.	✓	page 60

quantitative parameters.

ownership structures.

the less represented gender.

monitoring their specific implementation.

in any event those pertaining to important transactions of the company and the group it heads, even regardless of the

The chair of the board of directors, who has been nominated for such role according to recommendation 23, can be assessed as independent if none of the circumstances set forth above occurs. If the independent chair is member of the board committees recommended by the Code, such committees are made up in majority of independent directors, other than the chair. The independent chair of the board of directors cannot chair the remuneration committee and the control and risk committee.

R 8 The company defines the diversity criteria for the composition of the board of directors and the control body and identifies the most suitable tool for their implementation, taking into account its

At least a third of the board of directors and the control body, where the latter is autonomous, is to be comprised of members of

Companies adopt measures to promote equal treatment and opportunities among genders within the entire organisation,

R 9 All members of the control body meet the independence requirements set out in recommendation 7 for directors. The independence assessment is carried out, with the timing and manner provided for by recommendation 6, by the board of directors or by the control body; such an assessment is based on the information provided by each member of the control body.

R 10 The outcome of the assessments of independence of directors and members of the control body referred to in recommendations 6 and 9 is disclosed to the market immediately after the appointment through a specific press release and, later, in the corporate governance report. In both cases, the outcome of the assessment provides information about: the criteria used for the assessment of the significance of the relationships and, in case of any deviation from the circumstances set forth in recommendation 7, a clear and detailed reason for this choice motivated by the individual situation and characteristics of the director concerned.

Article 3. Functioning of the board of directors and the role of the chair

P IX The board of directors defines the rules and procedures for its functioning, ensuring an efficient flow of information to directors.

P X The chair of the board of directors plays a liaison role between executive and non-executive directors and ensures the effective

P XI The board of directors ensures an adequate division of its functions and establishes board committees with preliminary,

functioning of the board.

propositional and consultative functions.

Applied with

adaptations as

✓

appropriate

Not applied

Page of Report

✓ page 51, 52, 53,

✓ page 59, 70

✓ page 49, 64, 65, 67

✓ page 56, 65 66

✓ page 49, 75

69, 87

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
R 14	The lead independent director: a) collects and coordinates the requests and contributions of non executive directors and, in particular, of independent ones; b) coordinates the meetings of the independent directors.	✓	page 60
R 15	In large companies, the board of directors expresses its guidelines on the maximum number of offices that can be considered compatible with an effective performance and the time commitment required by the role of the directors. The relevant offices are those held in corporate bodies of other listed companies and of companies having a significant size.	✓	page 60, 61, 70
R 16	The board of directors sets up internal committees with preliminary, propositional and consultative functions regarding appointments, remuneration and control and risks. These functions can be either assigned to the three board committees recommended by the Code or distributed in a different manner or even combined in a single committee. In any case, the company ensures an adequate disclosure on the tasks and activities carried out by each of the assigned functions, as well as an adequate composition of each committee.	✓	page 49, 75
	The functions of one or more committees can even be assigned to the board of directors, under the coordination of the chair, provided that: a) independent directors represent at least half of the board; b) the board dedicates adequate sessions to the performance of such functions. (*)
	In the event that the functions of the remuneration committee are assigned to the board of directors, the last paragraph of recommendation 26 applies. (*)
	Companies other than large ones may assign the functions of the control and risk committee to the board of directors even in absence of the condition set forth above in letter a). (*)
	Companies with concentrated ownership, even large ones, can assign the functions of the nomination committee to the board of directors even in absence of the condition set forth above in letter a). (*)
R 17	The board of directors defines the tasks of the committees and their composition, favouring the competence and experience of their members and avoiding, in large companies, an excessive concentration of offices.	✓	page 51, 75
	Each committee is coordinated by a chair who informs the board of directors about the committee's activities at the first useful board meeting.	✓	page 66, 75
	The chair of the committee may invite the chair of the board of directors, the chief executive officer, the other directors and, by informing the chief executive officer, the managers of the corporate functions that are competent on the matters of the committee meeting, to individual committee's meetings. The members of the control body can attend the meetings of each committee.	✓	page 75

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	Board committees can have access to the information and the corporate functions that are necessary for the performance of their duties. Board committees have adequate financial resources and can avail themselves of external consultants according to the conditions set forth by the board of directors.	✓	page 75
R 18	The board of directors, upon proposal of the chair, provides for the appointment and dismissal of the board secretary and defines his or her professional requirements and attributes in the board's internal rules.	✓	page 64, 67
	The board secretary supports the activities of the chair and provides impartial assistance and advice to the board of directors on all aspects relevant to the proper functioning of the corporate governance system.	✓
	Article 4. Appointment of directors and board evaluation
P XIII	The board of directors ensures, within its competence, that the process of appointment and succession of directors is transparent and functional to achieve the optimal composition of the board according to the principles set forth in Article 2.	✓	page 52, 53, 55, 57
P XIV	The board of directors periodically evaluates, through formalised procedures, its effectiveness and the contribution made by individual directors. The implementation of the board evaluation procedures is supervised by the board itself.	✓	page 63, 74
R 19	The board of directors entrusts the nomination committee to support it on:
	a) the evaluation of the board and its committees; b) the definition of the optimal composition of the board and its	✓	page 76 page 76
	committees; c) the identification of candidates in case of the director's co optation;	✓	page 76
	d) the possible submission of a slate by the outgoing board, ensuring the transparency of the process that led to the slate's	✓	page 53
	structure and proposition; e) the development, updating and implementation of succession plan for the chief executive officer and the other executive directors.	✓	page 76
R 20	The majority of directors of the nomination committee are independent.	✓	page 75
R 21	The board evaluation assesses the size, composition and functioning of the board and its committees. It includes also the board's active involvement in the definition of the company's strategy and in the monitoring of the management of the company's business as well as the appropriateness of the internal control and risk management system.	✓	page 63, 74
R 22	The board evaluation is conducted at least every three years, before the renewal of the board of directors.	✓	Page 63, 74
	In large companies other than those with concentrated ownership, the board evaluation is conducted on an annual basis and can be diversified according to the term of the board's mandate. In such companies, the board considers whether to appoint an external facilitator for its evaluation at least once every three years.	✓

a) collects and coordinates the requests and contributions of nonexecutive directors and, in particular, of independent ones; b) coordinates the meetings of the independent directors.

R 15 In large companies, the board of directors expresses its guidelines on the maximum number of offices that can be considered compatible with an effective performance and the time commitment required by the role of the directors. The relevant offices are those held in corporate bodies of other listed

companies and of companies having a significant size.

adequate composition of each committee.

provided that:

a). (*)

such functions. (*)

recommendation 26 applies. (*)

concentration of offices.

board meeting.

committee.

R 16 The board of directors sets up internal committees with preliminary, propositional and consultative functions regarding appointments, remuneration and control and risks. These functions can be either assigned to the three board committees recommended by the Code or distributed in a different manner or even combined in a single committee. In any case, the company ensures an adequate disclosure on the tasks and activities carried out by each of the assigned functions, as well as an

The functions of one or more committees can even be assigned to the board of directors, under the coordination of the chair,

In the event that the functions of the remuneration committee are assigned to the board of directors, the last paragraph of

Companies other than large ones may assign the functions of the control and risk committee to the board of directors even in

Companies with concentrated ownership, even large ones, can assign the functions of the nomination committee to the board of directors even in absence of the condition set forth above in letter

Each committee is coordinated by a chair who informs the board of directors about the committee's activities at the first useful

The chair of the committee may invite the chair of the board of directors, the chief executive officer, the other directors and, by informing the chief executive officer, the managers of the corporate functions that are competent on the matters of the committee meeting, to individual committee's meetings. The members of the control body can attend the meetings of each

absence of the condition set forth above in letter a). (*)

R 17 The board of directors defines the tasks of the committees and their composition, favouring the competence and experience of their members and avoiding, in large companies, an excessive

a) independent directors represent at least half of the board; b) the board dedicates adequate sessions to the performance of

R 14 The lead independent director:

Applied with

adaptations as

appropriate

Not applied

✓ page 60

✓ page 60, 61, 70

✓ page 49, 75

✓ page 51, 75

✓ page 66, 75

✓ page 75

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
R 23	In companies other than those with concentrated ownership, the board of directors: - sets forth guidelines on board composition deemed optimal before its renewal, considering the outcome of the board evaluation; - requires anyone submitting a slate with a number of candidates that is higher than half the number of members to be elected to provide adequate information on the compliance of the slate with the board guidelines mentioned above, and with the board diversity criteria set forth in principle VII and recommendation 8. In such cases, the slate also identifies its candidate for the chairmanship of the board, whose appointment is conducted according to the company's bylaws. All the information mentioned in this paragraph are disclosed in the documentation attached to the slate during its filing process. The board guidelines are published on the company's website before the publication of the notice of the shareholders' meeting convened for the board's renewal. They identify the managerial and professional profiles and the skills deemed necessary, having due consideration of the company's sectoral characteristics, the board diversity criteria set forth in principle VII and recommendation 8 as well as the board guidelines on the maximum number of offices set forth in recommendation 15.	✓ ✓	page 52
R 24	In large companies, the board of directors: - elaborates, with the support of the nomination committee, a plan for the succession of the chief executive officer and executive directors by identifying, at least, the procedures to be followed in the event of an early termination of office;	✓	page 57, 76
	− ascertains the existence of appropriate procedures for the succession of the top management.	✓
	Article 5. Remuneration
P XV	The remuneration policy for directors, members of the control body and the top management contributes to the pursuit of the company's sustainable success and takes into account the need to have, retain and motivate people with the competence and professionalism deemed adequate for their role.	✓	page 83
P XVI	The remuneration policy is developed by the board of directors through a transparent procedure.	✓	page 50, 77, 83
P XVII	The board of directors ensures that the remuneration paid and accrued is consistent with the principles and criteria defined in the policy, considering the results achieved and any other circumstances relevant for its implementation.	✓	page 50, 77
R 25	The board of directors entrusts the remuneration committee with the task of: a) supporting it in the development of the remuneration policy; b) submitting proposals or expressing opinions on the remuneration of executive directors and other directors who hold specific responsibilities, as well as on the setting of performance objectives related to the variable component of this remuneration; c) monitoring the actual application of the remuneration policy and verifying the effective achievement of the performance objectives;	✓ ✓ ✓	page 77, 83 page 77 page 77
	d) periodically assessing the adequacy and overall consistency of the remuneration policy for directors and the top management.	✓	page 77

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	In order to have people with adequate competence and professionalism, the remuneration of executive and non-executive directors and of the members of the control body is defined with due consideration of the remuneration practices that are common with regards to the company's reference sectors and size. It also considers comparable international practices, with the possible support of an independent consultant.	✓	page 83
R 26	The remuneration committee is made up of non-executive directors, the majority of whom are independent, and is chaired by an independent director. At least one member of the committee has adequate knowledge and experience in financial matters or remuneration policies; such skills are assessed by the board of directors before his or her appointment.	✓	page 75, 77
	No director takes part in the meetings of the remuneration committee in which proposals relating to his or her remuneration are made.	✓	page 77
R 27	The remuneration policy for executive directors and the top management defines: a) a balance between the fixed and the variable component which is consistent with the company's strategic objectives and risk management policy. Consistency is assessed taking into consideration the business's characteristics and the industry of the company. The variable component has in any case a significant weight on the overall remuneration; b) caps to the variable components; c) performance objectives, to which is linked the payment of the variable components, that are predetermined, measurable and predominantly linked to the long-term horizon. They are consistent with the company's strategic objectives and with the aim of promoting its sustainable success and includes non financial parameters, where relevant; d) an adequate deferral of a significant part of the variable component that has been already accrued. Such a deferral period is consistent with the company's business activity and its risk profile; e) provisions that enable the company to recover and/or withhold, in whole or in part, the variable components already paid-out or due, where they were based on data which subsequently proved to be manifestly misstated. The company can identify other circumstances in which such provisions are applied; f) clear and predetermined rules for possible termination payments, establishing a cap to the total amount that might be paid out. The cap is linked to a certain amount or a certain number of years of remuneration. No indemnity is paid out if the termination of the office is motivated by director's objectively inadequate results.	✓	page 83
R 28	The share-based remuneration plans for executive directors and the top management are aligned with the interests of the shareholders over a long-term horizon, providing that a predominant part of the plan has an overall vesting and holding period of at least five years.	✓	page 84

board of directors:

the slate during its filing process.

R 24 In large companies, the board of directors:

succession of the top management.

through a transparent procedure.

Article 5. Remuneration

the task of:

the event of an early termination of office;

evaluation;

R 23 In companies other than those with concentrated ownership, the

sets forth guidelines on board composition deemed optimal before its renewal, considering the outcome of the board
requires anyone submitting a slate with a number of candidates that is higher than half the number of members to be elected to provide adequate information on the compliance of the slate with the board guidelines mentioned above, and with the board diversity criteria set forth in principle VII and recommendation 8. In such cases, the slate also identifies its candidate for the chairmanship of the board, whose appointment is conducted according to the company's bylaws. All the information mentioned in this paragraph are disclosed in the documentation attached to

The board guidelines are published on the company's website before the publication of the notice of the shareholders' meeting convened for the board's renewal. They identify the managerial and professional profiles and the skills deemed necessary, having due consideration of the company's sectoral characteristics, the board diversity criteria set forth in principle VII and recommendation 8 as well as the board guidelines on the maximum number of offices set forth in recommendation 15.

elaborates, with the support of the nomination committee, a plan for the succession of the chief executive officer and executive directors by identifying, at least, the procedures to be followed in

− ascertains the existence of appropriate procedures for the

P XV The remuneration policy for directors, members of the control body and the top management contributes to the pursuit of the company's sustainable success and takes into account the need to have, retain and motivate people with the competence and

P XVI The remuneration policy is developed by the board of directors

P XVII The board of directors ensures that the remuneration paid and accrued is consistent with the principles and criteria defined in the policy, considering the results achieved and any other

R 25 The board of directors entrusts the remuneration committee with

a) supporting it in the development of the remuneration policy; b) submitting proposals or expressing opinions on the remuneration of executive directors and other directors who hold specific responsibilities, as well as on the setting of performance objectives related to the variable component of this remuneration; c) monitoring the actual application of the remuneration policy and verifying the effective achievement of the performance objectives; d) periodically assessing the adequacy and overall consistency of the remuneration policy for directors and the top management.

professionalism deemed adequate for their role.

circumstances relevant for its implementation.

Applied with

adaptations as

✓

✓ ✓

✓

appropriate

Not applied

✓ page 52

✓ page 57, 76

✓ page 83

✓ page 50, 77, 83

page 77, 83 page 77

page 77

✓ page 50, 77

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
R 29	The remuneration of non-executive directors is adequate to the competence, professionalism and commitment required by their role within the board of directors and its committees; this remuneration is not related to financial performance objectives, except for a non-significant part.	✓	page 83
R 30	The remuneration of the members of the control body is adequate to the competence, professionalism and commitment required by their role and the company's size, industry and current situation.	✓	page 83
R 31	On the occasion of the termination of office and/or dissolution of the relationship with an executive director or general manager, a press release is published as soon as the internal processes that led to the assignment or the recognition of any indemnities and/or other benefits has been concluded. The press release provides for detailed information on: a) the assignment or the recognition of indemnities and/or other benefits, the circumstances that justify their accrual (e.g. due to the expiration of the term of office, its termination or a settlement agreement) and the decision-making process followed for this purpose within the company; b) the total amount of the indemnity and/or other benefits, the related components (including non-monetary benefits, the vesting of rights connected with incentive plans, the compensation for non-competitive commitments or any other remuneration allocated to any reason and in any form) and the timing of their disbursement (distinguishing the part paid immediately from the part subject to deferral mechanisms); c) the application of any claw-back or malus clauses; d) the compliance of the elements indicated in letters a), b) and c) consistently with the remuneration policy, with a clear indication of the reasons and the decision-making process followed in the event of non-compliance, even if only partial, with the policy itself; e) the procedures that have been or will be followed for the replacement of the executive director or the general manager whose office has been terminated.	✓	page 84
Article 6. Internal control and risk management system
P XVIII	The internal control and risk management system consists of a set of rules, procedures and organisational structures for an effective and efficient identification, measurement, management and monitoring of the main risks, aimed at contributing to the sustainable success of the company.	✓	page 91
P XIX	The board of directors defines the guidelines of the internal control and risk management system in accordance with the company's strategies and annually assesses its adequacy and effectiveness.	✓	page 50, 91, 92, 93
P XX	The board of directors defines the principles concerning the coordination and the flow of information among the parties involved in the internal control and risk management system. Such principles aim at maximising the effectiveness of the system itself, reducing the duplication of activities and ensuring the successful performance of the duties of the control body.	✓	page 82, 91, 92

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report

R 32	The organisation of the internal control and risk management system involves:
	a) the board of directors, which plays a role in guiding and	✓	page 91, 93
	assessing the adequacy of the system; b) the chief executive officer, in charge of establishing and	✓	page 91, 94
	maintaining the internal control and risk management system;	✓
	c) the control and risk committee set up within the board of directors, with the task of supporting the board of directors' assessments and decisions relating to the internal control and risk management system and the approval of periodical financial and non-financial reports. In companies that adopt the "one-tier" or "two-tier" corporate model, the functions of the control and risk committee can be assigned to the control body;		page 78, 91, 93
	d) the head of the internal audit function who is in charge of verifying that the internal control and risk management system is functional, adequate and consistent with the guidelines defined by the board of directors;	✓	page 91, 92, 96
	e) the other corporate functions involved in the internal control and risk management system (such as the risk management functions and the functions dealing with legal and non-compliance risk) which are articulated in relation to the company's size, sector, complexity and risk profile;	✓	page 91
	f) the control body, which monitors the effectiveness of the internal control and risk management system.	✓	page 69, 91, 94
R 33	The board of directors, with the support of the control and risk committee:
	a) defines the guidelines of the internal control and risk management system consistently with the company's strategies and assesses, at least once a year, the adequacy of this system with respect to the company's characteristics and its risk profile, as well as its effectiveness;	✓	page 50, 92, 93
	b) appoints and dismisses the head of the internal audit function, defining his or her remuneration which is consistent with the company policies. The board ensures that he or she has adequate resources to carry out his or her duties. If the internal audit function is entrusted, as a whole or by operating segments, to an external entity, the board ensures that it meets the adequate requirements of professionalism, independence and organisation, providing adequate reasons for this choice in the corporate governance report;	✓	page 93, 96
	c) approves, at least on an annual basis, the work plan prepared by the head of the internal audit function, after hearing the control body and the chief executive officer;	✓	page 93
	d) evaluates the opportunity to take measures to ensure the effectiveness and impartial assistance of the other corporate functions mentioned in recommendation 32(e). To this end, the board verifies that such functions have adequate professionalism and resources;	✓	page 93
	e) assigns the supervisory functions pursuant to Art. 6(1)(b) of Legislative Decree No. 231/2001 to the control body or to a body established specifically for this purpose (the so-called functions of the "Organismo di Vigilanza"). If the body does not correspond to the control body, the board of directors considers whether to appoint within the body at least one non-executive director and/or a member of the control body and/or the head of a legal or supervisory function of the company, in order to ensure coordination among the various parties involved in the internal	✓	page 101

except for a non-significant part.

other benefits has been concluded.

part subject to deferral mechanisms);

whose office has been terminated.

Article 6. Internal control and risk management system

sustainable success of the company.

effectiveness.

purpose within the company;

R 29 The remuneration of non-executive directors is adequate to the competence, professionalism and commitment required by their role within the board of directors and its committees; this remuneration is not related to financial performance objectives,

R 30 The remuneration of the members of the control body is adequate to the competence, professionalism and commitment required by their role and the company's size, industry and current situation.

R 31 On the occasion of the termination of office and/or dissolution of the relationship with an executive director or general manager, a press release is published as soon as the internal processes that led to the assignment or the recognition of any indemnities and/or

The press release provides for detailed information on:

c) the application of any claw-back or malus clauses;

P XVIII The internal control and risk management system consists of a set of rules, procedures and organisational structures for an effective and efficient identification, measurement, management and monitoring of the main risks, aimed at contributing to the

P XIX The board of directors defines the guidelines of the internal control and risk management system in accordance with the company's strategies and annually assesses its adequacy and

P XX The board of directors defines the principles concerning the coordination and the flow of information among the parties involved in the internal control and risk management system. Such principles aim at maximising the effectiveness of the system itself, reducing the duplication of activities and ensuring the

successful performance of the duties of the control body.

a) the assignment or the recognition of indemnities and/or other benefits, the circumstances that justify their accrual (e.g. due to the expiration of the term of office, its termination or a settlement agreement) and the decision-making process followed for this

b) the total amount of the indemnity and/or other benefits, the related components (including non-monetary benefits, the vesting of rights connected with incentive plans, the compensation for non-competitive commitments or any other remuneration allocated to any reason and in any form) and the timing of their disbursement (distinguishing the part paid immediately from the

d) the compliance of the elements indicated in letters a), b) and c) consistently with the remuneration policy, with a clear indication of the reasons and the decision-making process followed in the event of non-compliance, even if only partial, with the policy itself; e) the procedures that have been or will be followed for the replacement of the executive director or the general manager

Applied with

adaptations as

appropriate

Not applied

✓ page 83

✓ page 84

✓ page 91

✓ page 50, 91, 92, 93

✓ page 82, 91, 92

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	control and risk management system;
	f) evaluates, after consultation with the control body, the results presented by the statutory auditor in any letter of suggestions and in the additional report addressed to the control body;	✓	page 93
	g) describes, in the corporate governance report, the main characteristics of the internal control and risk management system and the methods of coordination among the subjects involved. The report provides information about the national and international reference models and best practices adopted and the board's overall assessment of the adequacy of the system itself. Moreover, it provides an adequate explanation of the composition of the control body referred to in letter e) above.	✓	page 93, 101
R 34	The chief executive officer: a) identifies the main business risks, considering the characteristics of the activities carried out by the company and its subsidiaries, and periodically submit them to the examination of the board of directors;	✓	page 57, 94
	b) implements the guidelines defined by the board of directors, providing for the design, implementation and management of the internal control and risk management system and constantly verifying its adequacy and effectiveness, as well as adapting it to the dynamics of the operating conditions and the legislative and regulatory landscape;
	c) can entrust the internal audit with the tasks of carrying out specific controls on defined operational areas and on compliance with internal rules and procedures in the implementation of company transactions. Such requests are contextually conveyed to the chair of the board of directors, to the chair of the control and risk committee and to the chair of the control body;
	d) reports promptly to the control and risk committee on problems and critical issues that emerged in the performance of his or her activity or of which he or she nevertheless has information so that the committee can take appropriate actions.
R 35	The control and risk committee is comprised of non-executive directors, the majority of whom are independent, and is chaired by an independent director.	✓	page 75, 78
	The committee has expertise that is consistent with the company's industry and assessment of its risks; at least one member of the committee has adequate knowledge and experience in accounting, finance or risk management.	✓	page 75, 79
	The control and risk committee, in assisting the board of directors:
	a) assesses the external auditor and the control body, the correct application of the accounting principles and, in the case of groups, their homogeneity for the purposes of preparing the consolidated financial statement, after hearing the manager responsible for the corporate financial documents;	✓	page 69, 93
	b) assesses whether the periodic financial and non-financial information is suitable to correctly represent the company's business model, its strategies, the impact of its business and the performance achieved, in coordination with the committee mentioned in recommendation 1(a), if established;	✓	page 69, 93

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	c) examines the content of the periodic non-financial information relevant to the internal control and risk management system;	✓	page 79
	d) expresses opinions on specific aspects relating to the identification of the main corporate risks and supports the board of directors' assessments and decisions relating to the management of risks deriving from prejudicial facts of which the latter has become aware;	✓	page 79
	e) examines the periodic and particularly relevant reports prepared by the internal audit function;	✓	page 71, 79
	f) monitors the autonomy, adequacy, effectiveness and efficiency of the internal audit function;	✓	page 79, 92
	g) can entrust the internal audit with the task of carrying out specific controls on defined operational areas. Such a request is contextually conveyed to the chair of the control body;	✓	page 69, 71
	h) reports to the board of directors, at least upon the approval of the annual and half-yearly financial report, on the activities carried out and on the adequacy of the internal control and risk management system.	✓	page 69, 74, 79
R 36	The head of the internal audit function is not responsible for any operational area. He or she depends hierarchically on the board of directors and has direct access to all information that is useful for carrying out his or her duty.	✓	page 92, 96
	The head of the internal audit function:
	a) verifies, both on an ongoing basis and in relation to specific needs and in compliance with international standards, the functioning and the suitability of the internal control and risk management system according to the audit plan. The audit plan is approved by the board of directors and is based on a structured	✓	page 93, 96
	process of analysis and prioritisation of the main risks; b) prepares periodic reports containing adequate information on its activity, on the ways in which risk management is conducted, as well as on compliance with the plans defined for the containment of risks. The periodic reports contain an assessment of the suitability of the internal control and risk management	✓	page 96
	system; c) prepares promptly, at the request of the control body, reports	✓	page 69, 96
	on events of particular relevance; d) submits the reports referred to in letters b) and c) to the chairs of the control body, of the control and risk committee and of the board of directors, as well as to the chief executive officer, except in cases where the matter of these reports specifically concerns the activity of these subjects;	✓	page 97
	e) verifies, as part of the audit plan, the reliability of the information systems, including the accounting systems.	✓	page 96
R 37	The member of the control body who, on his or her own behalf or on behalf of third parties, has an interest in a specific transaction of the company, provides prompt and exhaustive information to the other members of the same body and to the chair of the board of directors about the nature, terms, origin and extent of his or her interest.	✓	page 62

in the additional report addressed to the control body;

f) evaluates, after consultation with the control body, the results presented by the statutory auditor in any letter of suggestions and

g) describes, in the corporate governance report, the main characteristics of the internal control and risk management system and the methods of coordination among the subjects involved. The report provides information about the national and international reference models and best practices adopted and the board's overall assessment of the adequacy of the system itself. Moreover, it provides an adequate explanation of the composition of the control body referred to in letter e) above.

a) identifies the main business risks, considering the characteristics of the activities carried out by the company and its subsidiaries, and periodically submit them to the examination of

b) implements the guidelines defined by the board of directors, providing for the design, implementation and management of the internal control and risk management system and constantly verifying its adequacy and effectiveness, as well as adapting it to the dynamics of the operating conditions and the legislative and

c) can entrust the internal audit with the tasks of carrying out specific controls on defined operational areas and on compliance with internal rules and procedures in the implementation of company transactions. Such requests are contextually conveyed to the chair of the board of directors, to the chair of the control

d) reports promptly to the control and risk committee on problems and critical issues that emerged in the performance of his or her activity or of which he or she nevertheless has information so that

The committee has expertise that is consistent with the company's industry and assessment of its risks; at least one member of the committee has adequate knowledge and

The control and risk committee, in assisting the board of directors: a) assesses the external auditor and the control body, the correct application of the accounting principles and, in the case of groups, their homogeneity for the purposes of preparing the consolidated financial statement, after hearing the manager

b) assesses whether the periodic financial and non-financial information is suitable to correctly represent the company's business model, its strategies, the impact of its business and the performance achieved, in coordination with the committee

and risk committee and to the chair of the control body;

R 35 The control and risk committee is comprised of non-executive directors, the majority of whom are independent, and is chaired

experience in accounting, finance or risk management.

responsible for the corporate financial documents;

mentioned in recommendation 1(a), if established;

the committee can take appropriate actions.

by an independent director.

control and risk management system;

R 34 The chief executive officer:

the board of directors;

regulatory landscape;

Applied with

adaptations as

appropriate

Not applied

✓ page 93

✓ page 93, 101

✓ page 57, 94

✓ page 75, 78

✓ page 75, 79

✓ page 69, 93

Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Not applied	Page of Report

The control body and the control and risk committee promptly exchange relevant information for the performance of their respective duties. The chair or an other member of the control body designated by its chair, of the takes part control body in the meetings of the control and risk committee.	✓		page 71, 79, 94

(*) Recommendation incompatible with banking regulations or not applicable to Intesa Sanpaolo, as a large company with non-concentrated ownership

Corporate Governance Committee Recommendations	Reference in the Report
Business plan: companies are asked to provide adequate disclosure on the board's involvement in reviewing and approving the business plan and in analysing issues relevant to long-term value generation.	page 49
Pre-meeting information: companies are asked to give adequate justification in the report on corporate governance in case of derogation from the timeliness of pre-board information due to confidentiality reasons, when this derogation is provided in board regulations and/or adopted in practice.	page 65
Guidelines on optimal composition: companies are asked to clearly indicate and give adequate justification in the report on corporate governance in case of failure to express guidelines on board's quantitative or qualitative composition when the board of directors is renewed, and/or in case of failure to require shareholders submitting a slate with more than half the number of candidates to be elected to provide adequate information about the slate's alignment with the expressed guidelines. Companies are also asked to indicate how the timing of the publication of the guidelines was deemed appropriate to allow adequate consideration by those submitting the slate of candidates.	page 52
Increased voting rights ("voto maggiorato"): companies are asked to give adequate disclosure, in the Board's proposals to the Shareholders' Meeting on the introduction of increased voting rights, of the purpose of this choice and the expected effects on ownership and control structures as well as future strategies, and to provide adequate justification for any failure to disclose these elements.	page 39

Table No. 2: "Art. 123-bis - Report on corporate governance and ownership structures"

Principles and Recommendations of the Corporate Governance Code

meetings of the control and risk committee.

analysing issues relevant to long-term value generation.

with non-concentrated ownership

candidates.

these elements.

The control body and the control and risk committee promptly exchange relevant information for the performance of their respective duties. The chair or an other member of the control body designated by its chair, of the takes part control body in the

Business plan: companies are asked to provide adequate disclosure on the board's involvement in reviewing and approving the business plan and in

Pre-meeting information: companies are asked to give adequate justification in the report on corporate governance in case of derogation from the timeliness of pre-board information due to confidentiality reasons, when this derogation is provided in board regulations and/or adopted in practice.

Guidelines on optimal composition: companies are asked to clearly indicate and give adequate justification in the report on corporate governance in case of failure to express guidelines on board's quantitative or qualitative composition when the board of directors is renewed, and/or in case of failure to require shareholders submitting a slate with more than half the number of candidates to be elected to provide adequate information about the slate's alignment with the expressed guidelines. Companies are also asked to indicate how the timing of the publication of the guidelines was deemed appropriate to allow adequate consideration by those submitting the slate of

Increased voting rights ("voto maggiorato"): companies are asked to give adequate disclosure, in the Board's proposals to the Shareholders' Meeting on the introduction of increased voting rights, of the purpose of this choice and the expected effects on ownership and control structures as well as future strategies, and to provide adequate justification for any failure to disclose

(*) Recommendation incompatible with banking regulations or not applicable to Intesa Sanpaolo, as a large company

Corporate Governance Committee Recommendations Reference in the Report

Applied with

adaptations as

appropriate

Not applied

Page of Report

page 49

page 65

page 52

page 39

✓ page 71, 79, 94

	Art 123-bis - Report on corporate governance and ownership structures	Page of Report
	1. The report on operations of issuers with securities admitted to trading on regulated markets shall contain a specific section entitled: "Report on corporate governance and ownership structures", providing detailed information on:
	a) the capital structure, including securities not traded on a regulated market in an EU Member State, with an indication of the different classes of shares and, for each class of shares, the related rights and obligations and the percentage of total share capital represented;	page 39, 40
	b) any restriction on the transfer of securities, e.g. limitations in the possession of securities or the need to obtain consent from the company or other securities holders;	page 40
c)	significant direct and indirect equity investments, for example through pyramid structures and cross-investments, as stated in reports submitted pursuant to article 120;	page 40
	d) if known, the holders of any securities with special control rights and a description of such rights;	page 40
	e) the mechanism for the exercise of voting rights in any employee share ownership scheme where voting rights are not exercised directly by the employees;	page 40
f)	any restrictions on voting rights, such as limitations of the voting rights of holders of a given percentage or number of votes, deadlines for the exercise of voting rights, or systems whereby, with the company's cooperation, the financial rights attached to the securities are separate from the holding of securities;	page 39, 46
	g) agreements known to the company pursuant to article 122;	page 41
	h) any significant agreements to which the company or its subsidiaries are parties and which take effect, alter or terminate upon a change of control of the company, and the effects thereof, except where their nature is such that their disclosure would be seriously prejudicial to the company; this exception shall not apply where the company is specifically obliged to disclose such information on the basis of other legal requirements;	page 41
i)	agreements between companies and directors, members of the management board or supervisory board which envisage indemnities in event of resignation or dismissal without just cause, or if their employment contract should terminate as a result of a takeover bid;	page 39
l)	rules applying to the appointment and replacement of directors and members of the management board or supervisory board, and to amendments to the articles of association, if different from those envisaged by legal and regulatory provisions applicable as supplementary measures;	page 53, 55, 70
	m) the existence of delegated powers regarding share capital increases pursuant to article 2443 of the Italian Civil Code or powers of the directors or members of the management board to issue equity instruments or to authorise the purchase of own shares.	page 39, 40

	Art 123-bis - Report on corporate governance and ownership structures	Page of Report
provided regarding:	2. In the same section of the report referred to in subsection 1, information shall be
	a) adoption of a corporate governance code of conduct issued by regulated market management companies or trade associations, giving reasons for any decision not to adopt one or more provisions, together with the corporate governance practices actually applied by the company over and above any legal or regulatory obligations. The company shall also indicate where the adopted corporate governance code of conduct may be accessed by the public;	page 35
	b) the main characteristics of existing risk management and internal control systems used in relation to the financial reporting process, including consolidated reports, where applicable;	page 99
c)	the operating procedures of the shareholders' meeting, its main powers, shareholders' rights and their terms of exercise, if different from those envisaged by legal and regulatory provisions applicable as supplementary measures;	page 44
	d) the composition and operations of the management and control bodies and their committees.	page 51, 57, 64, 69, 76
	d-bis) a description of the diversity policies applied regarding the structure of the administrative, management and auditing bodies in relation to aspects such as age, gender and training/professional courses taken, with a description of the objectives, implementation methods and results of said policies. If no policy is applied, the company must clearly and precisely indicate the reasons for said choice.	page 52

Glossary

Art 123-bis - Report on corporate governance and ownership structures Page of Report

In the same section of the report referred to in subsection 1, information shall be

a) adoption of a corporate governance code of conduct issued by regulated market management companies or trade associations, giving reasons for any decision not to adopt one or more provisions, together with the corporate governance practices actually applied by the company over and above any legal or regulatory obligations. The company shall also indicate where the adopted corporate governance code of conduct may be

b) the main characteristics of existing risk management and internal control systems used in relation to the financial reporting process, including

c) the operating procedures of the shareholders' meeting, its main powers, shareholders' rights and their terms of exercise, if different from those envisaged by legal and regulatory provisions applicable as supplementary

d) the composition and operations of the management and control bodies and

d-bis) a description of the diversity policies applied regarding the structure of the administrative, management and auditing bodies in relation to aspects such as age, gender and training/professional courses taken, with a description of the objectives, implementation methods and results of said policies. If no policy is applied, the company must clearly and precisely page 35

page 99

page 44

page 52

page 51, 57, 64, 69, 76

provided regarding:

accessed by the public;

measures;

their committees.

consolidated reports, where applicable;

indicate the reasons for said choice.

European Central Bank or ECB

The European Central Bank, the EU institution performing specific tasks in the field of prudential supervision of banks within the Single Supervisory Mechanism, which comprises the same ECB and the national competent authorities. Its main aim is to contribute to the safety and soundness of the banking system and the stability of the financial system within the EU as well as to ensure a consistent and efficient prudential supervision (www.ecb.europa.eu)

Bank of Italy

Bank of Italy – the central bank of Italy, part of the Eurosystem comprising the central banks of the Eurozone and the European Central Bank – is a public institution whose main functions are designed to ensure, among others, the stability and efficiency of the financial system by pursuing the sound and prudent management of financial intermediaries as well as compliance with relevant laws in force (www.bancaditalia.it)

Italian Stock Exchange or Borsa Italiana

Borsa Italiana S.p.A. is the company responsible in Italy for the organisation, management and development of markets for the trading of financial instruments, on which Intesa Sanpaolo S.p.A. instruments are also listed (www.borsaitaliana.it)

c.c.

Italian Civil Code

Parent Company

Intesa Sanpaolo, the Parent Company of the Banking Group, pursuant to the Consolidated Law on Banking

Italian Corporate Governance Code or Code

Italian Corporate Governance Code, approved by the Corporate Governance Committee on 31 January 2020

Board

The Board of Directors of Intesa Sanpaolo

Director/Directors

Member/Members of the Board of Directors of Intesa Sanpaolo

Consob

Commissione Nazionale per le Società e la Borsa, the Italian financial market supervisory authority, which monitors the transparency and proper conduct of operators (www.consob.it)

Consolidated Non-financial Statement

Statement drawn up and published pursuant to Italian Legislative Decree No. 254/2016, implementing European Directive No. 2014/95/EU containing information on environmental, social, personnel-related issues, respect for human rights, and the fight against corruption

Manager responsible for preparing the Company's financial reports

Manager responsible for preparing the Company's financial reports (pursuant to Article 154-bis of the Consolidated Law on Finance)

Supervisory Provisions

Provisions issued by the Bank of Italy as part of its supervisory functions, applicable to banks and banking groups

Supervisory Provisions on remuneration

Provisions regarding remuneration and incentive policies and practices in banks and in banking groups, laid down in Circular 285 of 17 December 2013 (First Part, Title IV, Chapter 2)

Supervisory Provisions on corporate governance

Provisions on bank corporate governance, laid down in Circular 285 of 17 December 2013 (First Part, Title IV, Chapter 1)

Supervisory Provisions on the control system

Provisions on the banks' internal control system, laid down in Circular 285 of 17 December 2013 (First Part, Title IV, Chapter 3)

European Banking Authority or EBA

European Banking Authority, an independent European Union authority, which works to ensure an efficient and standardised level of regulation and prudential supervision in the European banking sector

Financial Stability Board or FSB

Financial Stability Board, an independent body that collaborates with the national and international financial institutions to develop and implement effective regulatory, supervisory and other specific sector policies in the interest of global financial stability (www.financialstabilityboard.org)

Banking Group or Intesa Sanpaolo Banking Group

The Banking Group is composed of the Parent Company Intesa Sanpaolo and the banking, financial and instrumental companies – with registered offices in Italy and abroad – controlled directly or indirectly by the Parent Company

Group or Intesa Sanpaolo Group

The Group is composed of the Parent Company Intesa Sanpaolo and the companies controlled

directly or indirectly by the same, including companies that are not part of the Banking Group – with registered offices in Italy and abroad

Intesa Sanpaolo or Company or Bank Intesa Sanpaolo S.p.A.

Surveillance Body

Body with independent initiative and control powers, which is entrusted – pursuant to Italian Legislative Decree No. 231/2001 on the administrative liability of companies – with the task of supervising effective implementation, operation and compliance with the Organisational, Management and Control Model pursuant to the aforesaid Decree

Borsa Italiana Regulations

Regulations governing markets organised and managed by Borsa Italiana

Issuers' Regulation

Regulation implementing the Consolidated Law on Finance and governing issuers, adopted by Consob Resolution No. 11971 of 14 May 1999, and subsequent amendments thereto

Consob Regulation on related parties

Regulation issued by Consob Resolution No. 17221 of 12 March 2010 (and subsequent amendments), governing transactions with related parties

RPT Procedures

Group Procedures regulating the conduct of transactions with Related Parties of Intesa Sanpaolo S.p.A., Associated Entities of the Group and Relevant Persons pursuant to Article 136 of the Consolidated Law on Banking, updated by the Board of Directors in June 2021

Report on Governance

The Report on Corporate Governance and Ownership Structures drawn up pursuant to Article 123-bis of the Consolidated Law on Finance

Report on Remuneration

The Report on the remuneration policy and the remuneration paid drawn up pursuant to Article 123 ter of the Consolidated Law on Finance and subsequent implementation provisions

Bank's website or Company's website

The website group.intesasanpaolo.com

Articles of Association

Intesa Sanpaolo's Articles of Association (available in the Governance section of the Bank's website)

Consolidated Law on Banking

Italian Legislative Decree No. 385 of 1 September 1993 – Consolidated Law on Banking

Consolidated Law on Finance (CLF)

Italian Legislative Decree No. 58 of 24 February 1998 – Consolidated Law on Finance

Contacts

directly or indirectly by the same, including companies that are not part of the Banking Group –

RPT Procedures

Board of Directors in June 2021

Report on Governance

Report on Remuneration

Articles of Association

Consolidated Law on Banking

1993 – Consolidated Law on Banking

Consolidated Law on Finance (CLF)

1998 – Consolidated Law on Finance

The Report on Corporate Governance and Ownership Structures drawn up pursuant to Article

The Report on the remuneration policy and the remuneration paid drawn up pursuant to Article 123 ter of the Consolidated Law on Finance and

Intesa Sanpaolo's Articles of Association (available in the Governance section of the Bank's website)

Italian Legislative Decree No. 385 of 1 September

Italian Legislative Decree No. 58 of 24 February

123-bis of the Consolidated Law on Finance

subsequent implementation provisions

Bank's website or Company's website The website group.intesasanpaolo.com

Regulations governing markets organised and

Regulation implementing the Consolidated Law on Finance and governing issuers, adopted by Consob Resolution No. 11971 of 14 May 1999, and

Regulation issued by Consob Resolution No. 17221 of 12 March 2010 (and subsequent amendments),

with registered offices in Italy and abroad

Intesa Sanpaolo or Company or Bank

pursuant to the aforesaid Decree

subsequent amendments thereto

Consob Regulation on related parties

governing transactions with related parties

Borsa Italiana Regulations

managed by Borsa Italiana

Issuers' Regulation

Intesa Sanpaolo S.p.A.

Surveillance Body

Intesa Sanpaolo S.p.A.

Registered Office:

Piazza San Carlo, 156 10121 Torino Telephone: +39 011 5551

Secondary Registered Office: Via Monte di Pietà, 8 20121 Milano

Telephone: +39 02 87911

Parent Company Corporate Advisory, Corporate Duties and Governance [email protected]

Internet group.intesasanpaolo.com

Scan the QR Code with your smartphone to directly access the website

Editing and production: Agema®

"Panta Rhei, the aphorism attributed to Heraclitus, captures my artistic ethos - that everything flows and changes, nothing stands still and that all things are in a state of flux - perfectly".

Alfredo Pini was born in Mirandola in 1958. Despite graduating with a diploma from vocational business school, in 1985, he devoted himself entirely to his true passion in life: painting. He moved to Ferrara, where he opened the Lacerba art gallery, visited the studios of various artists and enrolled in a number of painting courses. This led him to connect with a number of prominent contemporary artists, including Primo Conti, Bruno Cassinari, Mario Schifano, Bruno Ceccobelli, Concetto Pozzati and Omar Galliani.

In 1987, he began exhibiting work and enrolled in the DAMS (Drama, Art and Music Studies) degree programme at the University of Bologna, whose teachers included Renato Barilli, Umberto Eco and Alfredo De Paz.

Through his work as a painter, he established increasingly close collaborative ties with various galleries in cities in Italy, Spain and the United States, where he continues to present his works in solo and group exhibitions today.

Pini is a figurative artist whose style is characterised by rapid and expressive brush-strokes that capture the movement and vitality of the subjects he depicts.

Cover:

Alfredo Pini (Mirandola, 1958) Landscape, 20th century oil on canvas, 49 x 68 cm

While this piece from the Intesa Sanpaolo collection retains the artist's signature pulsating energy, it shows him adopting a slower and more reflective approach. Featuring stunning mountains with patches of snow in the background and a light blue sky populated with white clouds, which - much like the cerulean blue vein-like stream coursing down the mountainside - provides a subtle hint that spring is imminent, this landscape painting depicts a natural setting that, while imposing, is not oppressive.

Enlivened by small touches of colour provided by the cloths hung out to dry in the open air and the bell tower of the small church flanked by soaring green conifers, the small village in the middle of the composition is painted with heart-felt affection. Here, a quiet rural community reliant on hard work and household tasks lives and breathes.

A lone figure, portrayed from behind, ascends a white path cutting through the middle of a grassy expanse caressed by the wind and sun.

In this painting, there is a sense of a memory evoking a simple, tranquil and almost meditative life created by brushstrokes that, in contrast to the excitable and synthetic ones of the artist's best-known works, are vibrant yet robust. The "flux" captured in this work is not that synonymous with the hectic, breakneck pace of the modern cities that Alfredo Pini often depicts on his canvases, but rather a slow and natural one that conveys the passing of the seasons and our ancient relationship with planet Earth.

AI Terminal

Intesa Sanpaolo

4465_cgr_2024-03-24_407c5e9e-d01b-4111-a38a-3339bde1b158.pdf

Report on Corporate Governance and Ownership Structures

Contents

PART IV SUMMARY TABLES 105

APPENDIX 113

Glossary 131

Introduction

Overview

The Corporate Governance model and Corporate Bodies

Shareholders' Meeting

Board of Directors, Management Control Committee and Board Committees

Board induction

Thematic areas examined in the Board of Directors' meetings in 2023

Thematic areas examined in the Management Control Committee's meetings in 2023

Thematic areas examined in the Risks and Sustainability Committee's meetings in 2023

Board of Directors' meetings in 2023

Management Control Committee's meetings in 2023

Board Evaluation

Information collection

Data processing

Nomination Committee review

Formalisation of the results

BoD review

Main results of the self-assessment: adequacy and best practices

Induction Plans

Operation

Organisation of the meetings

Main practices that could be developed further

Remuneration

Control and risk management system

The internal control system is based on three levels:

Level I

Level II

Chief Audit Officer

Share capital and ownership structure

Ownership structure by geographical area

Ownership structure by size of shareholding

Shareholders' Meeting

Shareholders' majorities

The Shareholders' Meeting can be Ordinary or Extraordinary:

The sustainability commitment

Sustainability governance

Board of Directors

Risks and Sustainability Committee

Management Control Committee

Managing Director and CEO

Steering Committee

ESG Control Room

ESG & Sustainability – Financial Market Coverage Department, Chief Financial Officer Area

The Intesa Sanpaolo Group

Compliance with the Italian Corporate Governance Code

Letter from the Chair of the Italian Corporate Governance Committee

Part I - Ownership structure and investor relations

Information on ownership structure

Share Capital

Securities traded on non-European markets

Own shares

Shareholder Base

Main shareholders

Shareholders' agreements

"Change of control" clauses

Allocated assets

Policy for the management of dialogue with investors

Relations with shareholders, the financial community and stakeholders – The website

The Shareholders' Meeting: procedures and shareholders' rights

Intesa Sanpaolo's Shareholders' Meeting

The Shareholders' Meeting can be Ordinary or Extraordinary.

Calling meetings and procedure at meetings

Additions to the agenda and submission of new proposed resolutions

Right to ask questions prior to the Shareholders' Meeting

Participation and representation – The Designated Representative

Voting rights

Challenges against shareholders' meeting resolutions

Right of withdrawal

Part II - Corporate governance system

The Board of Directors

Powers of the Board

R. 4