REPORT ON THE CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURE

pursuant to Article 123-bis of the Legislative Decree no. 58 of February 24, 1998 (traditional management and controlo model)

Name of Issuer: "FINECOBANK S.P.A."

Website: finecobank.com

Financial year of reference of the Report: January 1, 2023 / December 31, 2023

Date of approval of the Report: March 12, 2024

This is an English translation of the original Italian document. The original version in Italian takes precedence.

GLOSSARY
INTRODUCTION
PROFILE OF THE ISSUER 1.
THE CORPORATE GOVERNANCE MODEL 1.1.
Shareholders' Meeting 1.1.1
1.1.2 Board of Directors
1.1.3 Board committees
Board of Statutory Auditors 1.1.4
1.1.5 External Auditors
INFORMATION ON OWNERSHIP STRUCTURES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, 2. TUF)
SHARE CAPITAL STRUCTURE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER A) OF $\mathbf{A}$
THE TUF) 17
RESTRICTIONS ON THE TRANSFER OF SECURITIES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH B) $1,$ LETTER B) OF THE TUF)
SIGNIFICANT HOLDINGS IN CAPITAL (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER $\mathbf{C}$ C), OF THE TUF) 18
SECURITIES CONFERRING SPECIAL RIGHTS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, D) LETTER D), OF THE TUF)
EMPLOYEE SHAREHOLDINGS: MECHANISM FOR EXERCISING VOTING RIGHTS (PURSUANT TO E) ARTICLE 123-BIS, PARAGRAPH 1, LETTER E), OF THE TUF)
RESTRICTIONS ON VOTING RIGHTS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER F), $\bf{F}$ ) OF THE TUF) 20
SHAREHOLDER AGREEMENTS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER G), OF $\mathbf{G}$ THE TUF) 20
CHANGE OF CONTROL CLAUSES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER H), OF H) THE TUF) AND ARTICLES OF ASSOCIATION PROVISIONS ON TAKEOVER BIDS (PURSUANT TO ARTICLE 104, PARAGRAPH 1-TER, AND 104-BIS, PARAGRAPH 1, OF THE TUF)
DELEGATIONS TO INCREASE SHARE CAPITAL AND AUTHORISATIONS TO PURCHASE TREASURY I) SHARES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER M) OF THE TUF) 20
MANAGEMENT AND COORDINATION ACTIVITIES (PURSUANT TO ARTICLE 2497 ET SEQ OF THE L) ITALIAN CIVIL CODE)
3. COMPLIANCE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER A) OF THE TUF) 22 BOARD OF DIRECTORS 4. ROLE OF THE BOARD OF DIRECTORS 4.1

4.1.1 Duties 23
4.1.2 Competing activities
4.2. APPOINTMENT AND REPLACEMENT (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER L), PART 1, OF THE TUF)

COMPOSITION (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER D), AND D)-BIS OF THE 4.3 TUF) 34

ΔR ID
CERTIFIED

4.3.1	Diversity criteria and policies in the composition of the Board and the company organisation
4.3.2.	Maximum number of positions held in other companies
4.4	FUNCTIONING OF THE BOARD OF DIRECTORS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2,
	LETTER D) OF THE TUF)
4.5	ROLE OF THE CHAIRMAN OF THE BOARD OF DIRECTORS
4.6	EXECUTIVE DIRECTORS
4.6.1	Managing Directors: Managing Director and General Manager
4.6.2	The Chairman of the Board of Directors
4.6.3	Reporting to the Board of Directors by Directors/Delegated Bodies
4.6.4	Other executive directors
4.7	INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTORS
4.7.1	Lead Independent Director
5.	PROCESSING OF COMPANY INFORMATION
6.	INTERNAL COMMITTEES OF THE BOARD OF DIRECTORS (PURSUANT TO ARTICLE 123-BIS,
	PARAGRAPH 2, LETTER D) OF THE TUF)
6.1	CORPORATE GOVERNANCE AND ENVIRONMENTAL AND SOCIAL SUSTAINABILITY COMMITTEE 62
6.1.1	Composition and functioning of the Corporate Governance and Environmental and Social Sustainability Committee
6.1.2	Functions of the Corporate Governance and Environmental and Social Sustainability Committee 63
6.1.3	Activities performed
7.	SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS - APPOINTMENTS COMMITTEE 68
7.1	SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS
7.2	APPOINTMENTS COMMITTEE
7.2.1	Composition and functioning of the Appointments Committee
7.2.2	Functions of the Appointments Committee
7.2.3	Activities performed
8.	REMUNERATION OF DIRECTORS - REMUNERATION COMMITTEE
8.1	REMUNERATION OF DIRECTORS
8.2	REMUNERATION COMMITTEE
	8.2.1 Composition and functioning of the Remuneration Committee (pursuant to Article 123-bis, paragraph 2, letter d), TUF)
8.2.2	Functions of the Remuneration Committee
9.	INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - RISK AND RELATED PARTIES COMMITTEE
9.1	CHIEF EXECUTIVE OFFICER
9.2	RISK AND RELATED PARTIES COMMITTEE
9.2.1	Composition and functioning of the Risk and Related Parties Committee (pursuant to Article 123-bis, paragraph 2, letter d) of the TUF)
9.2.2	Functions assigned to the Risk and Related Parties Committee
9.2.3	Activities performed
9.3	HEAD OF THE INTERNAL AUDIT FUNCTION
9.4	ORGANISATIONAL MODEL PURSUANT TO LEGISLATIVE DECREE 231/2001 103

9.5	AUDITING FIRM
9.6	FINANCIAL REPORTING OFFICER
9.7	COORDINAMENTO TRA I SOGGETTI COINVOLTI NEL SISTEMA DEI CONTROLLI INTERNI DI GESTIONE DEI RISCHI
11. 11.1	10. DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS BOARD OF STATUTORY AUDITORS APPOINTMENT AND REPLACEMENT OF STATUTORY AUDITORS
	11.2. COMPOSITION AND FUNCTIONING OF THE BOARD OF STATUTORY AUDITORS (PURSUANT TO ARTICLE 123-BIS(2)(D) AND (D-BIS) OF THE TUF)
12.	RELATIONS WITH SHAREHOLDERS 13. SHAREHOLDERS' MEETINGS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER C) OF THE TUF)
	13.1 LEGITIMATION, PROCEDURES FOR TAKING THE FLOOR AND VOTING
13.2	PROCEEDINGS OF SHAREHOLDINGS' MEETINGS
13.3	SIGNIFICANT CHANGES IN CAPITALISATION AND COMPOSITION OF THE COMPANY STRUCTURE 132
14.	ADDITIONAL CORPORATE GOVERNANCE PRACTICES
15.	CHANGES SINCE THE END OF THE REPORTING YEAR
	16. CONSIDERATIONS ON THE LETTER OF DECEMBER 14, 2023 FROM THE CHAIRMAN OF THE

CORPORATE GOVERNANCE COMMITTEE ...................................................................................... 135

EMARKE ^- DIR
CERTIFIED

GLOSSARY

Shareholders' Meeting:	Shareholders' Meeting of the Issuer.
Shareholders:	the owners of FinecoBank shares.
Borsa Italiana:	Borsa Italiana S.p.A.
FinecoBank CFO:	the Chief Financial Officer of FinecoBank.
Civil Code:	the Italian Civil Code approved by Royal Decree no. 262, of 16 March 1942, as amended.
Corporate Governance Code:	the Corporate Governance Code for listed companies approved in July 2018 by the Corporate Governance Committee and endorsed by Borsa Italiana, ABI, Ania, Assogestioni, Assonime and Confindustria. From January 1, 2021, the Corporate Governance Code was replaced by the New Corporate Governance Code.
New Corporate the New Corporate Governance Code for listed companies Governance Code: approved in January 2020 by the Corporate Governance Committee and promoted by Borsa Italiana, ABI, Ania, Assogestioni, Assonime and Confindustria, applicable from the first financial year starting after December 31, 2020. The New Corporate Governance Code replaces the previous Corporate Governance Code approved in July 2018.
Board of Statutory Auditors:	the Board of Statutory Auditors of the Issuer.
Corporate Governance and Environmental and Social Sustainability Committee:	the Board committee established in compliance with Article 4 of the Corporate Governance Code and the Supervisory Regulations on Corporate Governance, established on April 28, 2020.
Appointments the Board committee established in compliance with Articles 4 Committee: and 5 of the Corporate Governance Code and the Supervisory Regulations on Corporate Governance, established on April 28, 2020.
Remuneration Committee:	the Board committee established in compliance with Articles 4 and 6 of the Corporate Governance Code and the Supervisory Regulations on Corporate Governance.
Risk and Related the Board committee established in compliance with Articles 4 and 7 of the Corporate Governance Code and the Supervisory Parties Committee: Regulations on Corporate Governance, as well as regulations on

ARKF ۲ ID
CERTIFIED

	related parties and associated persons.
Board/Board of Directors:	the Board of Directors of the Issuer.
CONSOB:	Commissione Nazionale per le Società e la Borsa (public authority regulating Italian financial markets) with headquarters in Rome, Via G.B. Martini no. 3.
Ministerial Decree 169/2020:	Decree no. 169 of November 23, 2020 of the Ministry of Economy and Finance containing the "Regulation on requirements and suitability criteria for corporate officers of banks, financial intermediaries, credit consortium, electronic money institutions, payment institutions and depositor guarantee schemes".
CRD Directive:	the CRD IV Directive – as amended by Directive (EU) 2019/878 (CRD V) – on access to the activity of credit institutions and the prudential supervision of credit institutions, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC.
CRD IV Directive:	Directive 2013/36/EU of the European Parliament and of the Council of June 26, 2013, on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, as modified in CRD V.
CRD V Directive:	Directive (EU) no. 878/2019/EU of the European Parliament and of the Council, of May 20, 2019, amending the CRD IV Directive as regards exempted entities, financial holding companies, mixed financial holding companies, remuneration, supervisory measures and powers and capital conservation measures.
Mifid II Directive:	Directive 2014/65/EU of the European Parliament and of the Council of May 15, 2014, on markets in financial instruments, enacted on January 3, 2018, and replacing the previous European regulations in this area.
Supervisory Regulations:	the Supervisory Regulations for Banks set out in Bank of Italy Circular No. 285 of 17 December 2013 and subsequent updates.
Supervisory Regulations on Corporate Governance:	the Supervisory regulations for banks on organisation and corporate governance as per Bank of Italy Circular no. 285 of December 17, 2013, Part I, Title IV, Chapter 1 and subsequent amendments.
Issuer or FinecoBank or Bank or Company or also Parent Company:	FinecoBank S.p.A., an issuer of securities to whom the Report refers, registered in the Register of Banks and Parent Company of the FinecoBank Banking Group – Banking Group Register no.

	3015, with registered office in Piazza Durante 11, Milan, Headquarters in Via Rivoluzione d'Ottobre 16, Reggio Emilia, VAT no. 12962340159, Tax code and Milan-Monza-Brianza-Lodi Companies Register no. 01392970404, Economic and Administrative Index (REA) no. 1598155, member of the National Guarantee Fund and the Interbank Fund for the Protection of Deposits.
Group Entities or Entities:	the Italian or foreign companies, directly or indirectly controlled by FinecoBank, belonging to the FinecoBank Banking Group.
Year:	the financial year of reference of the Report.
Fineco Asset the Irish company wholly owned by FinecoBank and engaged in Management the management of collective investment undertakings. Designated Activity Company or FAM:
GDPR:	EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.
Global Policy:	the "Global Policy for the management of transactions with persons in potential conflict of interest of the FinecoBank Group", as described in Paragraph 10 of this Report.
Group or FinecoBank Group:	the group consisting of the Parent Company FinecoBank and its Subsidiaries; currently corresponding to the FinecoBank Banking Group.
FinecoBank Banking Group or Banking Group:	the group consisting of the Parent Company FinecoBank as well as its Entities.
BCE Guide:	the European Central Bank's "Guide to fit and proper assessment" published in December 2021, which revises and replaces the previous version updated in May 2018. The purpose of the Guide is to explain in more detail the policy guidelines, supervisory practices and processes applied by the European Central Bank in assessing the suitability of members of the management bodies of significant credit institutions and to specify the ECB's main expectations (the "ECB Guide").
Instructions instructions on Regulations for Markets organised and managed accompany the Stock by Borsa Italiana, in force at the date of approval of this Report. Exchange Regulations:

FMARKE סוו
CERTIFIED

MTA:	the main Stock Exchange organised and managed by Borsa Italiana, where FinecoBank shares are also traded.
Joint EBA and ESMA Guidelines:	the joint guidelines of September 26, 2017 of ESMA and the EBA on the assessment of the suitability of members of corporate bodies and key personnel under CRD IV and Directive 2014/65/EU ("MIFIR II"), last updated on July 2, 2021.
Paragraph:	the paragraphs of this Report.
Fit & Proper Policy:	the policy concerning the rules adopted by the Bank on the verification of the suitability requirements for corporate officers and heads of FinecoBank's main corporate functions, pursuant to the applicable legislation and regulations, approved by the Board of Directors on March 16, 2021 and subsequently amended.
Assonime Principles:	the "Principles for Listed Companies' dialogue with Investors" published by Assonime in Circular no. 23 of July 19, 2021, which – together with the relevant annotations – outline roles and responsibilities in defining policy and managing dialogue with investors in general, in line with the functions and tasks that the New Corporate Governance Code assigns to those involved in the governance system.
Corporate Bodies Regulations:	the Regulations approved by the Board of Directors governing the functioning and responsibilities of the Company's Board of Directors and Board of Statutory Auditors and related information flows, in compliance with laws, regulations and the Articles of Association. The document is available on the Issuer's website www.finecobank.com (section "About Us/Governance/Company Boards").
Stock Exchange Regulations:	the Regulations for Markets organised and managed by Borsa Italiana, approved by the shareholders' meeting of Borsa Italiana, in force at the date of approval of this Report.
Issuer Regulations:	the Regulations issued by CONSOB with resolution no. 11971 of May 14, 1999 (as amended), on issuers.
Market Regulations:	the Regulations issued by CONSOB with resolution no. 20249 of December 28, 2017, on markets.
Related-Party Regulations:	the Regulations issued by CONSOB with resolution no. 17221 of March 12, 2010 (as amended), containing provisions on transactions with related parties.
Report:	this Report on corporate governance and ownership structures that companies are required to prepare pursuant to Article 123-bis of

ARK O
CERTIFIED

	the Consolidated Finance Act (hereinafter TUF).
Subsidiaries: Italian and foreign companies controlled directly and/or indirectly by FinecoBank, pursuant to Article 2359 of the Italian Civil Code, Article 93 of the TUF and Article 23 of the Consolidated Banking Act (hereinafter TUB), whether or not they belong to the Banking Group.
External Auditors: KPMG S.p.A., with registered office in Milan, Via Vittor Pisani 25, VAT No. 0070900159, tax code and registration number in the Milan Register of Companies 0070900159, R.E.A. 512867, a company registered in the special register of statutory auditors, appointed to perform the statutory audit of the Issuer's accounts.
Articles of Association: the Articles of Association of the Company in force at the date of approval of this Report (available on the Company's website).
TUB:	Legislative Decree no. 385 of September 1, 1993, as amended (Consolidated Banking Act/TUB).
TUF:	Legislative Decree no. 58 of February 24, 1998, as amended (Consolidated Finance Act/TUF).

INTRODUCTION

The Report has been prepared pursuant to Article 123-bis of the TUF, in compliance with the "Format for corporate governance and ownership structure reports" of Borsa Italiana S.p.A., 9th edition, January 2022, as well as Supervisory Regulations on Corporate Governance. The information in this Report refers to the 2023 financial year, unless otherwise indicated.

The Report, approved by the Company's Board of Directors by resolution of March 12, 2024, is published at the same time as the Directors' Report on Operations on the Issuer's website in the "About Us/Governance" section and is also available on the website of the authorised storage mechanism managed by Spafid Connect S.p.A. (www.emarketstorage.it).

The Report was submitted to the Independent Auditors for the verifications of competence in order to express an opinion on the consistency of the financial statements and compliance with the law pursuant to Article 123-bis, paragraph 4, of the TUF. The results of the activity carried out by the Independent Auditors are reported in the reports drawn up by the latter pursuant to Article 14 of Legislative Decree No. 39 of January 27, 2010 and Article 10 of Regulation (EU) 537/2014, attached to the Company's annual financial statements and consolidated financial statements for 2023.

1. PROFILE OF THE ISSUER

FinecoBank is one of the leading FinTech banks in Europe, founded in 1999 as a digital bank with the aim of simplifying and making investment opportunities accessible. Listed on the FTSE MIB(1) , FinecoBank offers a business model that is unique in Europe, combining the best technology with a large network of personal financial advisors. Established from the outset as a company geared towards long-term sustainable growth, Fineco operates by pursuing its corporate purpose: "support customers in their responsible approach to their financial life in order to create the conditions for a more prosperous and fairer society" It seeks to do this by following the path of transparency, simplification and innovation, offering customers excellent services and products at a fair price, within three integrated business areas, banking, investing and brokerage It also offers a single platform for all banking, credit, trading and investment services through transactional and advisory functions developed using proprietary technology. FinecoBank provides one of the most widely used brokerage services in Europe and is one of the leading players in Private Banking in Italy, offering advanced and tailor-made advisory services. Fineco Asset Management Designated Activity Company (a wholly owned subsidiary of FinecoBank) was founded in Dublin in 2018, with a mission to develop innovative investment solutions in partnership with top international asset managers.

It should be noted that, with effect from May 11, 2019, following the sale of the shares held by the former parent company, FinecoBank (formerly subject to management and coordination by UniCredit) has been registered as the "Parent Company" of the "FinecoBank Banking Group" in the Register of Banking Groups (together with the subsidiary FAM), exercising management and coordination over the group in accordance with the applicable regulations.

With regard to sustainability, the Group bases its strategy on three main pillars: efficiency, innovation and transparency, guiding the path to sustainable growth.

Fairness and transparency towards all stakeholders, including through fair pricing, are part of Fineco's DNA. The Group strongly believes that these key elements underpin the creation of long-term sustainable values for all its stakeholders.
Efficiency is the distinctive feature of the Bank and characterises every activity: thanks to its proprietary back-end systems, internal development and automated processes, Fineco benefits from a lean and efficient cost structure as well as rapid time-to-market for new products and services.
Innovation is the path taken by Fineco to achieve its mission: from the outset a pioneer in anticipating clear structural trends generated by the increasing digitisation of customers and consumers, who increasingly choose their banks according to the quality of services offered.

The constant look to the future that guides business choices is also the cornerstone of its approach to sustainability. For this reason, in 2020 an ESG 2020-2023 objectives plan was

⁽ 1 ) FinecoBank was admitted to listing on the MTA on July 2, 2014. Since April 1, 2016, FinecoBank has been included in the FTSE-MIB index and since March 2017 it shares have been included in the STOXX Europe 600 Index. With effect from October 25, 2021, the equity markets of Borsa Italiana S.p.A. have changed their name: the Mercato Telematico Azionario (MTA) became Euronext Milan (EXM).

adopted in six macro-areas: human resources, responsible finance, financial education/community support projects, supply chain, shareholding and environment.

In 2023, the Group updated its sustainability strategy by defining ESG objectives and targets to be pursued in the three-year period 2024-2026. The ESG Multi-Year Plan (MYP ESG) 2024- 2026, approved by the Board of Directors in December 2023, aims to combine business growth and financial strength with social and environmental sustainability, creating long-term value for all stakeholders. The environmental objectives and targets of the MYP ESG 2024-2026 constitute the Environmental Programme of the Bank's environmental management system certified under the EMAS Regulation.

Adherence to United Nations sustainability initiatives, namely the Principles of the Global Compact, the Principles for Responsible Banking and the Principles for Responsible Investment, has enabled the Group to increasingly integrate sustainability risks and factors into business choices for all stakeholders. In terms of customer offerings, from 2021 the Bank is committed to providing investment funds with an ESG Rating and to expanding the range of ESG-rated financial products over time. Fineco Asset Management is committed to integrating ESG criteria into its activities as a collective manager. In the Banking & Credit area in 2023, the offering of products with environmental value was enhanced with the design and realisation of the Green Loan, intended to finance, at a more advantageous rate than the standard one, the installation of renewable energy technologies.

Of equal importance to the Group is the relationship with its people, so several initiatives have been taken to ensure a fair and inclusive working environment where everyone can express their potential to the full. As proof of this commitment, in 2023 Fineco obtained the Gender Equality Certification in accordance with UNI:PdR 125/2022 and the recognition as a Top Employer Italy. The focus on ESG issues is an integral part of Corporate Governance. In fact, there are Sustainability Committees at board and management level, as well as a dedicated structure to define and oversee the sustainability strategy.

For more details regarding the aspects relating to sustainability and the Bank's pursuit of sustainable success, see the Consolidated Non-Financial Statement prepared pursuant to Legislative Decree 254/2016 and available on the Bank's website https://about.finecobank.com/it/ in the "About Us/Sustainability" section.

1.1. The corporate governance model

The corporate governance system adopted by the Company is based on principles recognised by international best practices as fundamental for good governance: the central role of the Board of Directors, the objective of pursuing sustainable success, as an aspect of general and strategic importance for the company's activities in the medium-and long-term, the proper management of conflicts of interest, an effective internal control system and transparency in relations with the market, particularly with regard to reporting on corporate management decisions.

FinecoBank's overall corporate governance framework has been defined in compliance with current legal and regulatory provisions, also taking into account the recommendations of the New Corporate Governance Code. The Company is also subject to the Supervisory Regulations issued by the Bank of Italy and the Supervisory Regulations on Corporate Governance. Pursuant to these regulations, with effect from January 1, 2022, FinecoBank has been under the direct prudential supervision of the European Central Bank and the Single Resolution Board.

FinecoBank, in its capacity as Parent Company of the FinecoBank Banking Group, in accordance with Article 61 of the TUB and the Supervisory Regulations, issues rules for the

companies belonging to the Group in the interest of its stability. To this end, FinecoBank has drawn up Group Managerial Golden Rules (GMGR) for Corporate Governance, in order to fully perform its management and coordination role, as well as implementing a management system and regulating key processes between the Parent Company and its subsidiaries. In its institutional role, FinecoBank also ensures the coordination of the activities of the subsidiaries through a management system based on the concept of "competence lines", consisting of the corporate units and functions (both central and local). These competence lines operate transversally across the Parent Company and the Group Companies, with the aim of directing, coordinating and controlling the operations and risks of the Group as a whole.

FinecoBank adopts a traditional administration and control system based on two bodies appointed by the Shareholders' Meeting: the Board of Directors, responsible for strategic supervision and company management, and the Board of Statutory Auditors, responsible for overseeing compliance with laws, regulations and the Articles of Association, sound management, and the adequacy of the Bank's organisational and accounting structures. The Managing Director and General Manager performs the role of management body in accordance with the Supervisory Regulations. External auditors are appointed to audit the accounts, in compliance with the applicable regulations.

At the date of approval of this Report, the governance of FinecoBank also included the following Board Committees:

Risk and Related Parties Committee;
Remuneration Committee;
Appointments Committee; and
Corporate Governance and Environmental and Social Sustainability Committee.

The diagram below illustrates FinecoBank's governance structure:

1.1.1 Shareholders' Meeting

The Shareholders' Meeting represents the interests of shareholders as a whole, and – through its decisions – of the company.

The Shareholders' Meeting passes resolutions in ordinary and extraordinary session with the meeting and voting quorums envisaged by law and the Articles of Association, based on the specific matters to be discussed.

The Ordinary Shareholders' Meeting approves the financial statements and resolves on profit distribution. It appoints the Directors, the Statutory Auditors and the External Auditors, setting their remuneration. It also resolves on remuneration and incentive policies and practices envisaged by the applicable regulations.

The Extraordinary Shareholders' Meeting resolves on amendments to the Articles of Association, capital increases and mergers and demergers.

Holders of voting rights and for whom the Company has received notice from the intermediary holding the relative account, within the deadlines established by applicable laws (record date, the seventh open trading day prior to the date convened for the Meeting) may participate in the Shareholders' Meeting.

For further information on the Shareholders' Meeting, see Paragraph 13

1.1.2 Board of Directors

In accordance with the Articles of Association, the Board of Directors is the body assigned all the powers, within the framework of the company purpose, that are not expressly assigned to the Shareholders' Meeting according to law or the Articles of Association, and that exclusively oversees the management of the company. For this purpose, the Board of Directors is given full powers for the ordinary and extraordinary management of the Company.

Members of the Board of Directors have the professional standing, integrity and independence required by the Articles of Association and by applicable laws and regulations. They also meet the competence, correctness and dedication of time requirements, as well as complying with the limits on the number of positions held as established by the applicable regulations and/or the Articles of Association.

As established in the Articles of Association, members of the Board of Directors are appointed by the Shareholders' Meeting for a three-year term of office, save for a shorter term established by the Shareholders' Meeting when making the appointments, based on a list voting system, to guarantee an adequate number of board directors elected by the minority shareholders.

The Board of Directors elects a Chairman from its members and, where considered appropriate, one or two Deputy Chairmen, one of whom will act as a stand-in. The Chairman and Deputy Chairmen remain in office for the entire duration of the Board. The Board of Directors also appoints a Secretary, who is not necessarily a board member. The Board may establish committees or commissions with advisory, decision-making or coordination functions, in compliance with applicable laws and regulations.

The Board of Directors may also appoint a Managing Director, establishing the term of office and relative duties and powers, as well as a General Manager and one or more Deputy General Managers, who constitute the Executive Management. In accordance with the provisions of the Articles of Association, the Company's Board of Directors appointed Mr. Alessandro Foti as Managing Director and General Manager of the Bank.

For further information on the Board of Directors, see Paragraph 4

1.1.3 Board committees

To promote an efficient information and consultation system in order for the Board of Directors to evaluate issues to the best of its ability, four board committees, with examining, advisory, proposing and coordination functions, were established at the date of approval of this Report, in compliance with the Supervisory Regulations on Corporate Governance and the principles and recommendations of the New Corporate Governance Code; more specifically: (i) a Risk and Related Parties Committee; (ii) a Remuneration Committee; (iii) an Appointments Committee; and (iv) a Corporate Governance and Environmental and Social Sustainability Committee.

For further information on the Corporate Governance and Environmental and Social Sustainability, the Appointments Committee, and the Risk and Related Parties Committee, see Paragraphs 6.1, 7, 8 and 9 respectively

1.1.4 Board of Statutory Auditors

In accordance with FinecoBank's Articles of Association, the Board of Statutory Auditors comprises three statutory and two stand-in auditors. Statutory Auditors are appointed by the Shareholders' Meeting based on a list voting system, to ensure that a Statutory Auditor is elected by the minority shareholders, as well as compliance with provisions on gender balance.

The auditors remain in office for three years, they may be re-elected and their term ends on the date of the Shareholders' Meeting called to approve the financial statements for the third year of their appointment. The Board of Statutory Auditors performs the functions assigned to it by law and other applicable regulations. For the entire period while the Company's shares are admitted to trading on a regulated Italian market, the Board of Statutory Auditors also exercises all powers and carries out all duties provided for by special laws; with regard to disclosure in particular, the Directors are required to report on a quarterly basis, pursuant to Article 150 of the TUF, according to the procedures in Article 15 of the Articles of Association. The Board of Statutory Auditors, acting as the "Internal control and audit committee", pursuant to Legislative Decree no. 39 of January 27, 2010, carries out all the other activities envisaged by that decree.

The members of the Board of Statutory Auditors meet the requirements of professional standing, integrity and independence laid down by the applicable law and regulations and the Articles of Association. They also meet the competence, correctness and dedication of time requirements, as well as complying with the limits on the number of positions held as established by the applicable regulations and/or the Articles of Association. At least two

Statutory Auditors and one Stand-in Auditor are registered auditors.

For further information on the Board of Statutory Auditors, see Paragraph 11

1.1.5 External Auditors

The accounts are audited, in accordance with the applicable legal provisions, by an entity that meets the requirements laid down in the prevailing regulations.

The External Auditors represent the external control body responsible for auditing the accounts. In particular, during the year, the External Auditors are required to verify that the company accounts have been properly kept and that the operating events have been correctly recorded in the accounting records, and provide their opinion on the separate and the consolidated financial statements in a specific report.

For further information on the External Auditors, see Paragraph 9.5

* * *

The duties and operating procedures of corporate bodies are governed by law, by the Articles of Association and by decisions taken by competent bodies.

For further information on each body and/or entity comprising the Company's governance system, see the specific Paragraphs of this Report.

2. INFORMATION ON OWNERSHIP STRUCTURES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, TUF)

a) Share Capital Structure (pursuant to Article 123-bis, paragraph 1, letter a) of the TUF)

As at December 31, 2023, the share capital, fully subscribed and paid up, amounted to €201,508,439.55 divided into 610,631,635 ordinary shares with a par value of €0.33 each.

The Board of Directors, partially exercising the authority granted to it pursuant to Article 2443 of the Italian Civil Code by the Extraordinary Shareholders' Meetings of April 10, 2019, April 28, 2020, April 28, 2021, and April 28, 2022, resolved on February 6, 2024, to increase the share capital, as follows:

(i) with effect from March 28, 2024, by a nominal amount of €10,733.25, corresponding to 32,525 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2018 Group Incentive System" – 6th tranche of the plan and 4th tranche share);
(ii) with effect from March 28, 2024, by a nominal amount of €10,814.43, corresponding to 32,771 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2019 Group Incentive System" – 5th tranche of the plan and 3rd tranche share);
(iii) with effect from March 28, 2024, by a nominal amount of €12,512.94, corresponding to 37,918 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2020 Fineco Incentive System" – 4th tranche of the plan and 2nd and 3rd tranche share);
(iv) with effect from March 28, 2024, by a nominal amount of €887.70, corresponding to 2,690 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2021 Fineco Incentive System" – 3rd tranche of the plan and 2nd tranche share);
(v) with effect from March 28, 2024, by a nominal amount of €19,551.18, corresponding to 59,246 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2022 Fineco Incentive System" – 1st tranche of the plan and 1st tranche share);
(vi) with effect from March 28, 2024, by a nominal amount of €37,788.63, corresponding to 114,511 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2018-2020 LTI" – 3rd and 4th tranche of the plan).
(vii) with effect from March 28, 2024, by a nominal amount of €29,083.23, corresponding to 88,131 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2021-2024 LTI" – 1st tranche of the plan).

Ordinary shares are registered and are admitted for trading on the Euronext Milan (formerly MTA). No further categories of shares, equity-based instruments, convertible or exchangeable bonds have been issued.

Shares are indivisible and joint ownership is governed by law.

The shares are not subject to any privileges or constraints. There are no shares reserved for issue under option and sales contracts.

Each ordinary share carries the right to one vote in ordinary and extraordinary Shareholders' Meetings. Ordinary shares have administrative and equity rights and obligations in accordance with law.

For equity-based incentive plans, which involve free share capital increases approved by the Shareholders' Meeting, see the related prospectuses drawn up in accordance with Article 84-bis

of the CONSOB Issuer Regulations(2) , as well as the Remuneration Report prepared in accordance with Article 84-quater of the CONSOB Issuer Regulations(3) .

b) Restrictions on the transfer of securities (pursuant to Article 123-bis, paragraph 1, letter b) of the TUF)

As at the date of approval of this Report, there were no restrictions on the transfer of securities.

c) Significant holdings in capital (pursuant to Article 123-bis, paragraph 1, letter c), of the TUF)

Based on entries in the Shareholders' Register and notices received in accordance with Article 120 of the TUF, as well as other information available to the Company, the direct or indirect significant holdings in the share capital as at December 31, 2023, are detailed below.

The table does not include entities that are exempt from the disclosure requirements pursuant to Article 119-bis of the Issuer Regulations.

Declarer or entity at the top of the ownership chain	Direct shareholder	No. of ordinary shares (*)	% Share of ordinary capital	% Share of voting capital
	BlackRock Advisors (UK) Limited	3,884,389	0.636%	0.637%
	Blackrock Advisors, LLC	644,571	0.106%	0.106%
	BlackRock Asset Management Canada Limited	397,585	0.065%	0.065%
BlackRock Inc.	BlackRock Asset Management Deutschland AG	3,927,325	0.644%	0.644%
	BlackRock Asset Management North Asia Limited	3,894	0.001%	0.001%
	BlackRock Financial Management, Inc.	108211	0.018%	0.018%
	BlackRock Fund Advisors	7,657,164	1.256%	1.256%
	BlackRock Institutional Trust Company	7,772,895	1.275%	1.275%

⁽ 2 ) The following is the address of FinecoBank's website where the information documents are available:www.finecobank.com – section "About Us/Governance/Shareholders' Meeting".

⁽ 3 ) The Report on Remuneration is available at FinecoBank's website at: www.finecobank.com – "About Us/Governance/Shareholders' Meeting" section. Moreover, the information pursuant to Article 84-quater is provided in Section 2 of the "Remuneration Policy and Report of the FinecoBank Group", available at FinecoBank's website: www.finecobank.com – "About Us/Governance/Shareholders' Meeting" section.

	BlackRock International Limited	323,536	0.053%	0.053%
	BlackRock Investment Management (Australia) Limited	223,138	0.037%	0.037%
	BlackRock Investment Management (UK) Limited	30,161,141	4.948%	4.948%
	BlackRock Investment Management, LLC	609,615	0.100%	0.100%
	BlackRock Japan Co., Ltd	374,800	0.061%	0.061%
	Total	56,089,279	9.185%	9.185%
SCHRODERS PLC	Schroder Investment Management Limited	8,408,277	1.378%	1.378%
	SCHRODERS & CO LTD	1,236,548	0.203%	0.203%
	Schroder Investment Management North America Limited	21,012,367	3.441%	3.441%
	SCHRODERS (C.I.) LIMITED	38,887	0.006%	0.006%
	Schroder Investment Management North America Inc	165,576	0.027%	0.027%
	Total	30,861,655	5.054%	5.054%
Capital Research and Management Company	Capital Research and Management Company	30,738,447	5.034%	5.034%
	Total	30,738,447	5.034%	5.034%
Wellington Management Group LLP	Wellington Management International Ltd	1,192,033	0.196%	0.196%
	Wellington Management Company LLP	29,428,630	4.819%	4.819%
	Wellington Management Europe GmbH	630	0.000%	0.000%
	Total	30,621,293	5.015%	5.015%
FMR LLC	Fidelity Management & Research Company LLC	21,963,037	3.600%	3.600%
	FIAM LLC	1,224,815	0.201%	0.201%
	Fidelity Institutional Asset Management Trust Company	2,025,959	0.332%	0.332%
	Fidelity Management Trust Company	1,890,257	0.310%	0.310%

(*) Type of possession: non-discretionary asset management.

d) Securities conferring special rights (pursuant to Article 123-bis, paragraph 1, letter d), of the TUF)

At the date of approval of this Report, FinecoBank had not issued any shares conferring special control rights, nor adopted article of association provisions allowing multiple or increased voting rights.

e) Employee Shareholdings: mechanism for exercising voting rights (pursuant to Article 123-bis, paragraph 1, letter e), of the TUF)

There is no employee share ownership scheme in which voting rights are exercised by representatives of the employees.

f) Restrictions on voting rights (pursuant to Article 123-bis, paragraph 1, letter f), of the TUF)

There are no restrictions on voting rights.

g) Shareholder agreements (pursuant to Article 123-bis, paragraph 1, letter g), of the TUF)

The Issuer is not aware of any shareholder agreements pursuant to Article 122 of the TUF.

h) Change of control clauses (pursuant to Article 123-bis, paragraph 1, letter h), of the TUF) and articles of association provisions on takeover bids (pursuant to Article 104, paragraph 1-ter, and 104-bis, paragraph 1, of the TUF)

With the exception of the agreements signed as part of the so-called smooth transition, aimed at governing relations between FinecoBank and UniCredit following FinecoBank's exit from the UniCredit Group, the Company has not entered into any significant agreements that become effective, are amended or terminate in the event of a change of control of the contracting company(4) .

Details of the change of control provisions contained in the above agreements, signed as part of the smooth transition in change of control matters, are provided in the "Information document relating to significant transactions with related parties between FinecoBank S.p.A. and UniCredit S.p.A." prepared by the Company pursuant to Article 5 and in accordance with the format in Annex 4 of the Related-Party Regulations, published on the Bank's website (www.finecobank.com "About Us/Governance/Related Parties and Associated Persons").

The Bank's Articles of Association do not allow for any exceptions to the provisions concerning the passivity rule pursuant to Article 104, paragraphs 1 and 1-bis of the TUF, nor do they envisage application of the neutralisation rules laid down in Article 104-bis, paragraphs 2 and 3 of the TUF.

* * *

i) Delegations to increase share capital and authorisations to purchase treasury shares (pursuant to Article 123-bis, paragraph 1, letter m) of the TUF)

⁽ 4 ) FAM has not entered into any agreements that qualify as significant pursuant to Article 123-bis, paragraph 1, letter h) of the TUF.

The Board of Directors has been authorised by the Extraordinary Shareholders' Meeting to carry out free increases in share capital, aimed at implementing the incentive plans for personnel classified as "identified staff" of the Bank. The Board of Directors has not been assigned the power to issue equity-based financial instruments.

On April 28, 2021, the Shareholders' Meeting, upon proposal from the Board of Directors, authorised the purchase and disposal of a maximum of 203,773 treasury shares to service the 2021 incentive system for FinecoBank personal financial advisors identified as key personnel.

On April 28, 2022, the Shareholders' Meeting, upon proposal from the Board of Directors, authorised the purchase and disposal of a maximum of 260,779 treasury shares to service the 2022 incentive system for FinecoBank personal financial advisors identified as key personnel.

On April 27, 2023, the Shareholders' Meeting, upon proposal from the Board of Directors, authorised the purchase and disposal of a maximum of 246,015 treasury shares to service the 2023 incentive system for FinecoBank personal financial advisors identified as key personnel.

On January 16, 2024, the Board of Directors resolved to submit a proposal to the Shareholders' Meeting convened to approve the 2023 Financial Statements, for the authorisation of the purchase and disposal of a maximum of 256,740 treasury shares to service the 2024 incentive system for FinecoBank personal financial advisors identified as key personnel.

As at December 31, 2023, the Company held 91,459 treasury shares corresponding to 0.015% of the share capital.

l) Management and coordination activities (pursuant to Article 2497 et seq of the Italian Civil Code)

As at the date of approval of this Report, FinecoBank was not subject to any management and coordination pursuant to Article 2497 and following of the Civil Code.

* * *

The information required by Article 123-bis, paragraph 1, letter i) of the TUF is contained in the Report on remuneration policy and compensation paid, published in accordance with Article 123-ter of the TUF(5) .

* * *

The information required by Article 123-bis, paragraph 1, letter l) of the TUF regarding the appointment and replacement of directors is given in the Paragraph of this Report concerning the Board of Directors (Paragraph 4.2).

⁽ 5 ) The Report on Remuneration is available at FinecoBank's website at: www.finecobank.com – "About Us/Governance/Shareholders' Meeting" section.

3. COMPLIANCE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER A) OF THE TUF)

Since its listing, FinecoBank has adhered to the Corporate Governance Code, aligning conduct to the principles contained therein, where applicable. The Code is aligned with the main international practice and sets out the corporate governance standards (based on transparency, accountability and a long-term perspective) and best practices recommended by the Corporate Governance Committee, which apply to the listed companies based on the "comply or explain" principle, according to which the adhering companies are required to set out the reasons for noncompliance with one or more recommendations contained in its principles or application criteria in the Report on corporate governance and ownership structures.

On January 31, 2020, the Corporate Governance Committee approved and published the new Corporate Governance Code for Listed Companies, the application of which by the member companies took place as of the first financial year after December 31, 2020, informing the market in the Corporate Governance Report published in 2022. On December 15, 2020, the Board of Directors of FinecoBank resolved to adopt the New Corporate Governance Code, with effect from January 1, 2021. For the purposes of alignment to the new Code, on the same date and with the same effective date, the Board approved an updated version of the Corporate Bodies Regulations(6) . This Report therefore takes into account the principles and recommendations of the New Corporate Governance Code, which – in addition to the standards of transparency, responsibility and long-term perspective already adopted by the previous Corporate Governance Code, as well as the best practices for listed companies – are based on four fundamental criteria: sustainability with the statement of the principle of "sustainable success", engagement, proportionality and simplification. The Corporate Governance Code also applies the comply or explain principle. For details of the practical implementation of the principles and recommendations of the New Corporate Governance Code, see the respective paragraphs of this document, which, as mentioned in the introduction, have been prepared taking into account the guidance in Borsa Italiana's new format.

For the sake of completeness, please also refer to Annex 2 to the Report, which summarises the Bank's application of the Code's principles and recommendations.

The New Corporate Governance Code is available on the Corporate Governance Committee's website, at:https://www.borsaitaliana.it/comitato-corporate-governance/codice/2020.pdf.

For additional information on the corporate governance structure of FinecoBank, in addition to specific paragraphs of this Report, see the Company's website, where the Report is published together with financial information, data and documents of interest to shareholders.

* * *

The Issuer is not subject to provisions of law outside Italy that affect its corporate governance structure(7) .

⁽ 6 ) The text of the Corporate Bodies Regulations, as amended over time in accordance with the applicable regulations, is available on the Issuer's website www.finecobank.com ("About Us/Governance/Company Boards" section).

⁽ 7 ) The legal provisions FAM is subject to do not affect the Issuer's governance structure.

4. BOARD OF DIRECTORS

4.1 Role of the Board of Directors

4.1.1 Duties

Under the current regulations for companies with shares listed on regulated markets and in accordance with the recommendations in the New Corporate Governance Code, the Board of Directors plays a central role in the Company's governance system. As the supervisory body, the Board of Directors approves the Bank's strategic guidelines and monitors their ongoing implementation.

Article 17 of the Articles of Association requires the Board of Directors to have the broadest powers for the management of the Company, except for powers reserved by applicable law, regulations and the Articles of Association to the Shareholders' Meeting.

In particular, in addition to duties and powers that cannot be delegated according to law, the Articles of Association or the Corporate Bodies Regulations, the Board of Directors has exclusive responsibility for the following:

− determination of the criteria for the direction and coordination of Group companies and for executing the instructions of the Bank of Italy in the context of the legal and regulatory powers of the Parent Company, to give instructions to Group members, and to check that those instructions are effectively carried out;
− overall management of the Group's policies for growth, prior to the adoption and amendment of the business, strategic and financial plans of the Company and the Group, in the context of its instructions given as Parent Company;
− appointment and dismissal of the Managing Director and/or the General Manager and Deputy General Manager(s), the Financial Reporting Officer and key management personnel;
− assessments of the general performance of company operations(8) ;
− updating the Articles of Association to bring them into line with regulatory provisions;
− mergers by incorporation of Companies and demergers in the cases provided for under Articles 2505, 2505-bis and 2506-ter of the Civil Code;
− reduction of share capital following the withdrawal of Shareholders;
− indication of the Directors, in addition to those identified by the Articles of Association, that can represent the Company;
− establishment of committees or commissions with advisory, decision-making or

⁽ 8 ) By considering the information received from executive bodies and officers, and periodically comparing the results achieved with those planned. In this regard, the assessment was conducted monthly during the Financial Year.

coordination functions;

− risk management policies, as well as the evaluation of the functioning, efficiency and effectiveness of the internal control system and adequacy of the organisational, administrative and accounting structure;
− purchase and sale of investments, companies and/or business units, as well as decisions concerning investments or disinvestments that modify the composition of the Banking Group, subject to the provisions in Article 2361, paragraph 2 of the Civil Code;
− purchase and sale of property;
− approval and amendment of the main internal regulations;
− the appointment and removal of the heads of the Internal Audit, Compliance, Risk Management and Anti-Money Laundering functions (of the Bank and the Group), as well as their replacement, after consulting the Board of Statutory Auditors;
− establishment and structuring of branches, agencies and representative offices in Italy or abroad, also for the purpose of allocating signing powers.

Subject to the legal and regulatory powers applicable from time to time, also in accordance with Supervisory Regulations on Corporate Governance and the New Corporate Governance Code, and in line with the provisions of the Articles of Association and the Corporate Bodies Regulations, the Board of Directors, among other things:

(a) defines the nature and the level of risk consistent with the Bank's and Group's strategic objectives, including in its assessment all risks that may be relevant for the sustainable success(9)of the Bank and the Group; reviews and approves the business model, bearing in mind the risks to which the model exposes the Bank and the Group; formulates policies for the management of risks to which the Bank and the Group may be exposed, as well as the risk objectives and tolerance thresholds, periodically reviewing them to ensure their effectiveness and supervising the actual functioning of risk management and control processes in compliance with current legal and regulatory provisions;
(b) defines corporate strategies taking into account the following areas: i) monitoring and managing impaired loans and approving policies for their management; ii) the possible adoption of new business models, applications, processes or products, including through partnerships or outsourcing, related to the provision of technology-intensive financial services (FinTech); iii) the risks of money laundering and terrorist financing, having regard, inter alia, to the activity carried out, the clientele and the geographical areas concerned; iv) sustainable finance objectives and, in particular, the integration of environmental, social and governance (ESG) factors into business decision-making processes; v) the risks, in particular legal and reputational, arising from any related or instrumental activities carried out; vi) the definition and proper implementation of

⁽ 9 ) For details regarding the aspects relating to sustainability and the Bank's pursuit of sustainable success, see the Non-Financial Statement prepared pursuant to Legislative Decree 254/2016 and available on the Bank's website www.finecobank.it in the "About Us/Governance – Shareholders' Meeting" section.

funding policies, also with reference to the type of savers/investors concerned, including planning and choices regarding compliance with regulations on the Minimum Requirement for own funds and Eligible Liabilities (MREL);

(c) examines and approves the business plan of the company and the related group, also on the basis of an analysis of issues relevant to the generation of value in the long term, periodically monitoring its implementation¹⁰;
(d) defines and approves the Bank's organisational and corporate governance structure, verifies its correct implementation and promptly takes corrective measures in the case of any shortcomings or inadequacies; it also defines the Group's corporate structure and governance models/guidelines; more specifically, the Board of Directors is called upon in this respect to ensure a clear distinction of tasks and functions and the prevention of conflicts of interest(11) ;
(e) checks the proper implementation of the overall corporate governance structure, and of the organisational structure of the Bank as approved by the Board of Directors; promptly adopts corrective measures to address any deficiencies or inadequacies in these arrangements; assesses the adequacy of the Bank's general administrative and accounting structure and of the organisational, administrative and accounting structure of the Group companies, with particular reference to the internal control system and the management of conflicts of interest;
(f) approves the accounting and reporting systems;
(g) approves policies and processes for the assessment of company operations, and, in particular, financial instruments, ensuring their continued adequacy; it also establishes the Bank's and Group's maximum exposure limits for financial instruments or products that are uncertain or difficult to measure;
(h) approves the process for the development and validation of internal risk measurement systems not used for regulatory purposes, periodically assessing their correct use; it also approves the adoption of internal risk measurement systems for assessing capital requirements, periodically checking their validity, and adopting a formal resolution – annually, and after consulting the Board of Statutory Auditors – regarding compliance with the requirements for the use of those systems;

⁽ ¹⁰ ) The Board of Directors examined and discussed the Multi Year Plan 2024-2026 during the meetings held on 21 September, 10 October, 7 and 16 November 2023, also analysing the most relevant issues with the support of the competent structures; the document was approved by the same Board during the meeting held on 14 December. The Plan incorporates the ESG 2024-2026 Multi-Year Plan, the latter of which was submitted in advance to the examination of the Corporate Governance and Environmental and Social Sustainability Committee in its meetings of 2 November and 6 December 2023. With particular reference to sustainability profiles, see Section 1 (Issuer Profile) above.

⁽ ¹¹) For the assessment of the adequacy of the Company's organisational, administrative and accounting structure, which is prepared by the Managing Director (in particular for the internal control system and risk management), also in relation to FAM, see Paragraph 9 below.

(i) assesses, with the support of the Risk and Related Parties Committee, the advisability of adopting measures to ensure the effectiveness and impartial judgement of the other corporate functions involved in the controls, verifying that they have adequate professional skills and resources;
(j) with the support of the Risk and Related Parties Committee, describes, in the corporate governance report, the main characteristics of the Internal Control and Risk System and the methods of coordinating the parties involved in it (specifying the reference national and international models and best practices), expresses its overall assessment on the adequacy of the Internal Control and Risk System and gives account of the choices made with regard to the composition of the supervisory board set up pursuant to Legislative Decree no. 231 of June 8, 2001;
(k) approves, reviews and updates (including at the request of the Supervisory Authority pursuant to the provisions of the relevant laws and regulations) the Group's recovery plan, with the aim of identifying options to maintain or restore the Bank's economic sustainability and financial position in severe stress conditions;
(l) also with regard to the Group recovery plan, adopts, at the request of the Supervisory Authority, the changes to be made to the business, organisational structure or corporate form of the Bank or Banking Group, and the other measures necessary to achieve the purposes of the plan, as well as the elimination of the causes underlying early intervention pursuant to the provisions of, respectively, Articles 69-sexies, paragraph 3, letter c) and 69-noviesdecies, paragraph 1, letter b) of Legislative Decree no. 385 of September 1, 1993 ("TUB"), respectively, without prejudice to the powers of the Shareholders' Meeting in this regard;
(m) assesses whether to adopt a measure envisaged in the Group recovery plan or to refrain from adopting it even if the circumstances so require, in accordance with the provisions of the same recovery plan;
(n) approves the stress testing programme, as set out in the "Guidelines on Institutions' Stress Testing" (EBA/GL/2018/04);
(o) approves the policy on resolution governance that defines the governance rules for the Bank's resolution strategy and oversees its implementation;
(p) with the support of the Risk and Related Parties Committee, assigns the supervisory functions under Article 6, paragraph 1, letter b) of Legislative Decree no. 231 of June 8, 2001 to the control body or to an ad hoc body. If the body is other than the Board of Statutory Auditors, the Board of Directors will assess the advisability of appointing at least one non-executive director and/or a member of the Board of Statutory Auditors and/or a person with legal or control functions within the Company, in order to ensure coordination among the various parties involved in the internal control and risk management system;
(q) with reference to banking, financial, investment and insurance products and services (i) defines the process for the approval of new products and services, commencement of new business and entry into new markets; (ii) approves and updates policies containing guidelines on Product Governance requirements; (iii) monitors the process of governance of financial instruments, and also checks that the compliance function reports systematically include information about the financial instruments produced by the intermediary, the services offered and the distribution strategy; (iv) approves proposals

for unilateral amendments pursuant to Article 118 of the TUB, with the support of the Risk and Related Parties Committee;

(r) approves a policy illustrating and justifying the choices on the various relevant issues in terms of organisational structures, procedures and internal controls, adequate verification and data retention, consistent with the principle of proportionality and with the actual exposure to the risk of money laundering (so-called anti-money laundering policy), pursuant to the provisions of the Bank of Italy Provision of March 29, 2019, as subsequently amended (the "Bank of Italy AML Provision");
(s) approves the Company's policy on the outsourcing of corporate functions;
(t) for the purposes of mitigating operational risks and risks to the Bank's reputation and the Group's reputation, and encouraging the spread of a culture of internal controls, approves a Code of Ethics, Code of Conduct and/or similar instruments to be complied with by members of corporate bodies and employees of the Bank and the Group, ensuring their implementation and monitoring compliance by the recipients with the support of the competent Group structures. The code defines the principles of professional conduct (e.g. rules of ethics and rules to be observed in relations with customers), also by indicating unacceptable conduct (including the use of false or inaccurate information and the commission of financial or tax offences) which must guide the company's activities;
(u) approves the internal whistleblowing systems;
(v) approves policies, with the support of the Corporate Governance and Environmental and Social Sustainability Committee, to promote diversity and inclusiveness;
(w) it also has general responsibility for management and control of the information system, with a view to the optimal use of technological resources supporting company strategies (ICT governance).
(i) it defines and approves the ICT strategy, in consideration of the evolution of the reference sector and in coherence with the bank's strategic guidelines and with the current and prospective articulation of the bank's sectors of operations, processes and organisation; in this context it approves the reference model for the architecture of the information system;
(ii) it approves the bank's organisational and governance structure with reference to the information system, ICT and security risk management and business continuity, ensuring the clear distinction of tasks and responsibilities of corporate bodies and functions;
(iii) ) it approves (a) the action plans prepared by the body with management function for the implementation of the ICT strategy; (b) the information security policy; (c) the guidelines on recruitment of personnel with technical functions and on the acquisition of systems, software and ICT services, including the use of third parties and outsourcing;
(iv) promotes the development, sharing and updating of ICT knowledge within the company.
(v) ensures that the ICT and security risk governance and control system is constantly adapted, also in terms of qualitative and quantitative sizing of personnel and available financial resources, to the operational needs of the ICT function and the processes for managing ICT and security risks and for

implementing the ICT strategy;

(vi) with regard to the exercise of supervisory responsibility for ICT and security risk management: (a) it approves the organisational and methodological reference framework for ICT risk analysis, promoting the appropriate consolidation of information on technological risk within the ICT function and integration with risk measurement and management systems (concerning in particular, operational, reputational and strategic risks); (b) it reviews the framework at least annually, also in the light of experience gained during its implementation and monitoring, with a view to continuous improvement; (c) it approves the ICT risk propensity, having considered internal services and services to customers, in accordance with the risk objectives and framework for defining the risk propensity at a company level. (d) it is also informed in a clear and timely manner, and in any event at least annually, of the IT and security risk situation with respect to the risk appetite, including the results of the risk assessment;
(vii) it approves the corporate documents required by law for the management and control of the information system, including those listed in Circular No. 285 of the Bank of Italy, Part One, Title IV, Chapter 4, All. A;
(vii) it approves the annual investment plan for IT development;
(ix) it is informed: (a) at least once a year, about the adequacy of the services provided and the support of these services to the evolution of the company's operations in relation to the costs incurred ("ICT adequacy and cost summary report"); (b) periodically on the application and adequacy of the action plans for the implementation of the ICT strategy; (c) promptly, in the event of serious problems for business operations resulting from incidents and malfunctions of the information system; and is updated on the impact, corrective measures and additional controls following such events; and (d) about the initiation and progress of ICT projects, considered individually or in aggregate and according to their size and importance and the risks associated with them, on a periodic basis and, where appropriate;
(x) with regard to business continuity: (i) set the objectives and business continuity strategies, ensuring adequate human, technological and financial resources for the achievement of predefined objectives; (ii) approve the business continuity plan and subsequent amendments as a result of technological and organisational changes, accepting the residual risks not managed by the business continuity plan; (iii) is informed, at least annually, of the results of controls on the plan's adequacy and on business continuity measures; (iv) appoints the manager responsible for the business continuity plan;
(y) defines the criteria for identifying the most significant transactions(12) to be submitted for prior examination by the Risk and Related Parties Committee, and decides on transactions with related parties and associated persons, in accordance with the relevant procedures;

⁽ ¹²) The Board resolves on the Company's significant transactions from a strategic or operational or financial perspective. With reference to the significant transactions carried out by the subsidiaries, the

(z) takes decisions on the transactions of the Company and those of its subsidiaries, where those transactions have a significant strategic, economic, capital or financial impact for the Company; establishes general criteria for identifying significant transactions;
(aa) determines the remuneration/incentive systems for key personnel and the personal financial advisors network, and checks that these systems do not increase business risks and are consistent with long-term strategies;
(bb) prepares, submits to the Shareholders' Meeting and reviews, on an annual basis, the remuneration and incentives policy and is responsible for its proper implementation;
(cc) after consultation with the Appointments Committee, appoints the Directors of FinecoBank, with the approval of the Board of Statutory Auditors in the case of coopting; where provided for in the Articles of Association, it identifies candidates for the position of Director of FinecoBank, when lists are submitted by the Board to the Shareholders' Meeting;
(dd) defines the Policy for verifying the suitability requirements of corporate officers and the heads of FinecoBank's main corporate functions pursuant to current legislation, after consulting the Board of Statutory Auditors and obtaining the opinion of the Appointments Committee;
(ee) with the support of the Appointments Committee, identifies in advance its own optimal qualitative and quantitative composition, identifying and justifying the ideal characteristics (including professionalism and possible independence) of the candidates for the office of director considered appropriate for these purposes; and subsequently verifies, again with the support of the Appointments Committee, the correspondence between the qualitative and quantitative composition deemed optimal and the actual composition resulting from the appointment process, informing the market;
(ff) after consulting the Appointments Committee, defines the Policy for the appointment of directors of the Group's subsidiaries and investee companies and appoints the corporate officers – meaning the members of the boards of directors, boards of statutory auditors and supervisory boards – in the subsidiaries. It also appoints members of the corporate bodies of minority shareholdings upon proposal from the Managing Director and after consulting the Appointments Committee;

Board of Directors has approved and implemented the Global Policy Regulations which establish the criteria for identifying significant transactions from a strategic or operational or financial perspective in order to report them to the Board of Statutory Auditors in accordance with the applicable regulations. In particular, all critical and significant transactions and, in any event, those involving the following are reported to the Company's Board of Statutory Auditors: (i) new entry into, or strengthening of an existing position in, a strategic sector/market; (ii) definition/modification of shareholding structures with third parties with which there are governance agreements; (iii) decisions affecting strategic investments; (iv) decisions that have a significant influence on the organisational structure of the Company or the Group; (v) the exceeding of income/capital/financial thresholds in relation to the type of transaction carried out; (vi) changes to the Company's capital structure; (vii) new legal proceedings and changes to previous proceedings that give rise to contingent liabilities that exceed the threshold established by the Board or that are or may become significant for the Company's industry sector ("pilot proceedings").

(gg) promotes dialogue, in the most appropriate forms, with the shareholders and with the other relevant stakeholders of the Company. In this context, it approves – on proposal from the Chairman, formulated in agreement with the Managing Director and General Manager – after examination by and opinion from the Corporate Governance and Environmental and Social Sustainability Committee, a policy for managing dialogue with shareholders in general, taking into account the engagement policies adopted by institutional investors and asset managers. The Chairman also ensures that the Board of Directors is in any case informed, within the next meeting, on the development and significant content of dialogue held with all shareholders;
(hh) after consultation with the Risk and Related Parties Committee, approves the Group's tax strategy, which sets out the guidelines and principles adopted by the Bank in the management of tax matters and, in particular, of the associated risk. In addition, at least once a year, and after the reporting to the Risk and Related Parties Committee, it is informed about the state of the internal control system for tax risk within the annual report on the tax risk situation.

The Board of Directors also ensures that:

(i) the Bank's structure is consistent with its activities and business model, avoiding the creation of complex structures which are not justified by operational objectives;
(ii) the implementation of the framework for determining the Risk Appetite Framework ("RAF") is consistent with approved risk objectives and tolerance thresholds (where identified); periodically assesses the suitability and effectiveness of the RAF and the compatibility of the actual risk with the risk objectives;
(iii) the strategic plan, the RAF, the Internal Capital Adequacy Assessment Process (ICAAP), the stress testing plan, the budget and internal control system are consistent, also bearing in mind the changing internal and external conditions under which the Bank and Group operate;
(iv) the quantity and allocation of Group capital and liquidity are in line with the risk appetite, risk governance policies and the risk management process of the Group;
(v) where the Bank operates in jurisdictions lacking transparency or through especially complex structures, the Board assesses the related operational risks, especially of a legal, reputational and financial nature, identifying oversight measures to mitigate those risks and ensure they are effectively controlled.

Furthermore, the Board approves, at least once a year, the plan of activities (including the audit plan) and reviews the annual reports prepared by the corporate control functions (Compliance, Internal Audit and Risk Management). With particular reference to the latter function, the Board of Directors assesses, at least once a year, its activity and the adequacy of the human and technical resources assigned to it, also in the light of the periodic audit carried out by theInternal Audit function. In this context, the Board also approves the long-term audit plan.

The Board of Directors ensures that instructions are given to the subsidiaries during the year, in the exercise of its powers of direction and coordination as provided for in the relevant legal and regulatory provisions.

Lastly, the Board is exclusively responsible for reporting to shareholders at Shareholders' Meetings.

4.1.2 Competing activities

The Company has not authorised any exceptions to the non-competition clause pursuant to Article 2390 of the Civil Code.

4.2. Appointment and replacement (pursuant to Article 123-bis, paragraph 1, letter l), part 1, of the TUF)

In compliance with laws and regulations applicable to listed companies, Article 13 of the Articles of Association requires the Board of Directors to be appointed by the Shareholders' Meeting, based on lists of candidates submitted by the Board of Directors and the Shareholders, with each list containing the names of candidates numbered sequentially, according to the procedure described below.

The Board of Directors and the Shareholders can submit a list for the appointment of Directors, provided that when they submit the list they hold, alone or together with the other submitting shareholders, at least the minimum shareholding established by CONSOB pursuant to Article 147-ter, paragraph 1, of the TUF and in compliance with relevant provisions in the Issuer Regulations. CONSOB, in its Executive Resolution by the Head of the Corporate Governance Division no. 92 of January 31, 2024, set the minimum shareholding required for FinecoBank to submit lists of candidates for election to the Board of Directors and Board of Statutory Auditors at 1% of share capital. For the submission of the list by the Shareholders, the ownership of the minimum shareholding required is calculated based on the shares registered for each shareholder on the day when the lists are filed at the Company. The related certification may be submitted after the lists have been filed, provided it is done within the deadline for publication of the lists.

Each party entitled (as well as (i) entitled parties belonging to the same group, understood as a party, which need not be a corporation, exercising control pursuant to Article 2359 of the Civil Code and any subsidiary controlled by, or under the control of that party, or (ii) shareholders who are party to a shareholders' agreement pursuant to Article 122 of the TUF, or (iii) entitled parties that are otherwise associated with each other in a material relationship pursuant to current and applicable legal or regulatory provisions) may, individually or with others, submit only one list, and each candidate can be included in only one list, or otherwise be considered ineligible.

Each list that has 3 (three) or more candidates (i) must include candidates from both genders, to ensure compliance with at least the minimum requirements of applicable laws and regulations on gender balance and (ii) must ensure that at least the majority of the candidates meet the independence requirements set out in the Articles of Association and, in any event, that the first candidate on any list, including lists with fewer than 3 (three) candidates, must meet those independence requirements.

Following the amendments to Article 147-ter of the TUF introduced by the 2020 Italian Budget Law, at least two-fifths of the members of the Board of Directors must belong to the less represented gender.

The lists shall be filed at the registered office or head office – also by remote communication and in accordance with procedures in the notice of call, to enable the identification of parties submitting the list – at least twenty-five days before the date of the Shareholders' Meeting

called to appoint members of the Board of Directors, in single call (or within the different deadline as indicated from time to time by the applicable legislation). The Company shall ensure that lists are made public on the Company's website and by other means established by applicable regulations, at least twenty-one days prior to the above Shareholders' Meeting, in single call or on first call (or within the different deadline as indicated from time to time by the applicable legislation). The list submitted by the Board of Directors must be filed at the registered office and published in the manner described above at least thirty days before the date set for the Shareholders' Meeting.

The lists must also contain attachments with any additional documents and declarations required by the applicable laws and regulations, as well as:

for Shareholders, information on the identity of parties submitting the lists, indicating the total percentage of shares held;
information on the personal and professional characteristics of the candidates in the list;
a statement whereby individual candidates irrevocably accept the position (subject to their appointment) and certify, under their responsibility, that there are no grounds for their ineligibility or incompatibility to stand as a candidate, and that they meet the requirements required for the office by the Articles of Association and applicable laws and regulations and the possible possession of the independence requirements referred to in paragraph 3 of Article 13, according to a format that will be made public by the Company in advance, also taking into account the guidelines from the Supervisory Authorities.

Lists that do not comply with the above requirements shall be considered as not submitted.

Each eligible voter may vote for one list only.

After the vote, candidates are elected from lists that have obtained the largest number of votes, according to the following criteria:

(a) the number of Directors equal to the number of board members shall be taken – in the order in which they appear on the list – from the list receiving the majority of votes cast except, depending on the case, 2 (two) or 3 (three) that will be taken from the minority list(s) that are not connected with those who submitted or voted for the list that obtained the highest number of votes in accordance with the current regulations, as specified below:

a.1) if only two lists are submitted, the remaining 2 (two) Directors will be taken in consecutive order from the second list that received the highest number of votes at the meeting,

a.2) if 3 (three) or more lists are submitted, 2 (two) Directors will be taken in sequential order from the second list that obtained the highest number of votes at the meeting regardless of the percentage of votes received, while 1 (one) Director will be taken in sequential order from the third list that received the highest number of votes at the meeting provided that it received at least 2% of the votes cast at the Shareholders' Meeting, on the understanding that if the list that is third in terms of number of votes has not reached that percentage, the mechanism envisaged in letter a.1) above will be applied;

(b) if the majority list does not have a sufficient number of candidates to ensure the appointment of all Directors according to the mechanism specified in (a) above, all the candidates from the majority list shall be appointed and the remaining Directors shall be taken from the minority list that received the most votes, according to the sequential order in which they appear on the list and, if necessary, from the next minority lists below the

most voted minority list, in the sequential order in which the candidates appear on the list, until the required number of Directors has been appointed;

(c) if the number of candidates included in the lists submitted, both majority and minority, is lower than the number of Directors to be elected, the remaining Directors are elected by resolution passed by the Shareholders' Meeting by a relative majority (and therefore without taking into account any abstentions) while ensuring compliance with the principles of independence and balance between genders set out by Article 13, paragraph 3, and Article 13, paragraph 6, respectively of the Articles of Association. In the event of a tie between candidates, the Shareholders' Meeting shall hold a second round of voting;
(d) where only one, or no lists have been submitted, the Shareholders' Meeting shall decide in accordance with the procedures specified in letter (c) above; in the event of a tie between lists or candidates, the Shareholders' Meeting shall hold a second round of voting to establish their ranking;
(e) if the required number of Independent Directors and/or of Directors of the less represented gender is not appointed, the Directors of the most voted list and appearing first on the list and not satisfying the requirements in question are replaced by the next Directors from the same list satisfying the requirement(s). If, following the application of this criterion, it is still not possible to identify Directors with the above-mentioned characteristics, this principle shall be applied to the other minority lists that the elected candidates were taken from;
(f) if, following the application of the replacement criterion set out in (e), it is still not possible to identify any suitable Directors, the Shareholders' Meeting shall decide by relative majority. In this case, replacements shall be made starting from the most voted lists and from the candidates appearing first on the list.

In the event of death, resignation, withdrawal or removal from office of a Director for any other reason, or where a Director no longer meets the professional competence and integrity requirements, the Board of Directors can co-opt a Director, in compliance with the principles of minority representation and gender equality. If, in the above cases, the minimum number of Independent Directors and/or the number of Directors belonging to the least represented gender as prescribed, respectively, by Article 13, paragraphs 3 and 6, of the Articles of Association fall below the level required, the Board of Directors shall replace them.

For the appointment of Directors needed to fill vacancies on the Board of Directors, the Shareholders' Meeting shall decide by relative majority, while ensuring that the principles of independence and gender equality established by current law, regulations and the Articles of Association are met.

The Board of Directors shall elect a Chairman from among its members and – where appropriate – one or more Deputy Chairmen, one of which will act as a stand-in.

In compliance with applicable industry sector legislation and regulations, the Board of Directors defines the optimal qualitative and quantitative composition to effectively carry out its duties and oversee its responsibilities assigned by law, the Supervisory Regulations on Corporate Governance and the Articles of Association. In accordance with applicable legislation and regulations, the Board also establishes requirements applicable to FinecoBank's Directors and provides guidance on the maximum number of positions that the Directors may hold in other companies.

Before appointing Directors, the Board informs shareholders of the optimal composition of the

body, to ensure candidates are selected taking into account the professional competencies required. Shareholders may in any case make their own evaluations of the optimal composition of the Board of Directors, and submit candidate proposals, giving reasons for any differences from evaluations made by the Board.

For the related decisions, see the Qualitative/Quantitative Profile in force at the time published on the Bank's website.

4.3 Composition (pursuant to Article 123-bis, paragraph 2, letter d), and d)-bis of the TUF)

Pursuant to Article 13 of the Articles of Association, the Company is administered by a Board of Directors consisting of no fewer than 9 (nine) and no more than 13 (thirteen) Directors, elected by the Shareholders' Meeting. The Shareholders' Meeting also determines its term of office, subject to the condition that said term cannot be less than one year or more than three years from acceptance of the position and shall expire on the date of the Shareholders' Meeting called for the approval of the financial statements for the last year of office. Members of the Board of Directors may be re-elected.

According to the Corporate Bodies Regulations, the number of Board Directors must be sufficient for the size and complexity of the Bank's organisational structure, and allow for the oversight of all company operations, with regard to management and controls. This number must also ensure that the Board includes (i) various representatives of the shareholder base, (ii) the professional expertise necessary to foster internal dialogue, and (iii) a sufficient number of independent members in accordance with the New Corporate Governance Code. With particular reference to money laundering risks, the composition of the Board of Directors must be such as to ensure the presence of adequate knowledge, skills and experience to understand such risks related to the Bank's activity and business model. Lastly, the composition of the Board must be gender balanced as provided for by the laws in force at the time, as well as reflect an adequate degree of diversification in terms of, inter alia, skills, experience, age and international exposure, which will be defined, at each renewal, following completion of the self-assessment process of the Board of Directors (described in Annex A of the Corporate Bodies Regulations) and communicated to Shareholders and the market through the publication of the document on the qualitative and quantitative composition of the Board.

It is good practice, as far as is consistent with the skills required to hold the positions and the need to ensure the effective performance of the relevant tasks, that the positions of Chairman of the Board of Directors, Chairman of the Board of Statutory Auditors, and Managing Director and General Manager are not held by members of the same gender.

To ensure its proper functioning, the Board of Directors has established the requirements that FinecoBank's Directors must meet, in addition to the requirements provided for by the applicable laws and regulations, and the number of directorships that Directors can hold in other companies, as detailed in the document "Qualitative and Quantitative Composition of the Board of Directors of FinecoBank S.p.A." (approved by the Board of Directors on January 23, 2023, upon the occasion of the renewal of the Board). The document is published on the Company's website, to which we refer (the "Qualitative/Quantitative Profile 2023").

Subject to the limits on the number of positions that Directors can hold, Directors can accept a position on the Board when they consider they have sufficient time to diligently carry out their

duties, also taking into account their own work and professional commitments, as well as the number of positions held in other companies (including non-Italian firms).

The members of the Board must be suitable for the performance of the office, in accordance with the applicable regulations and the Articles of Association and, in particular, they must meet the requirements of professional expertise, integrity and independence and comply with the criteria of competence, correctness and dedication of time and the specific limits on the number of positions held laid down in the applicable regulations and the Articles of Association and in any event those laid down in the CRD IV Directive, for the discharge of the duties of director of a bank issuing shares listed on regulated markets.

Pursuant to Article 13, paragraph 3 of the Articles of Association, the majority of the Board Members must meet the independence requirements established in the New Corporate Governance Code.

The Board shall assess whether the independence requirements have been met, giving more importance to substance rather than form. This assessment shall be performed:

(i) after appointment, for a new Director who qualifies as independent; and
(ii) annually, for all Directors (qualifying as independent).

For this purpose, the Board of Directors, based on the statements provided and any other information available, examines the Director's direct or indirect commercial, financial or professional relationships with the Company, assesses their significance both in absolute terms and with regard to the economic and financial position of the individual concerned. The Board of Statutory Auditors verifies the correct application of the criteria and procedures adopted by the Board of Directors for the above-mentioned assessment. The results of the above assessments are disclosed to the market.

The Board of Directors in office as at the date of this Report was appointed by the Shareholders' Meeting of April 27, 2023, and shall remain in office until the next Shareholders' Meeting called for the approval of the Financial Statements as at December 31, 2025.

Accordingly, and in compliance with the Supervisory Regulations on Corporate Governance, the appointment of Board Members was proposed to the above-mentioned Shareholders' Meeting, after determining the number of members and their term of office. During that meeting, the Board of Directors also requested shareholders to take into account the 2023 Qualitative/Quantitative Profile when submitting their lists.

In compliance with the applicable regulations, the following lists of candidates for appointment to the Board of Directors were submitted:

List 1 submitted by the outgoing Board of Directors (pursuant to Article 13 of the Articles of Association) with the candidates Marco Mangiagalli, Alessandro Foti, Gianmarco Montanari, Patrizia Albano, Maria Alessandra Zunino de Pignier, Giancarla Branda, Arturo Patarnello, Maria Lucia Candida, Paola Generali, Francesca Fraulo and Diego Polo Friz;
List 2, submitted by several asset management companies and institutional investors (owners of a total of 11,650,760 ordinary shares representing 1.90959% of the share capital), with the candidates Elena Biffi and Marin Gueorguiev.

The following documents were filed and published along with the two lists, in the manner required:

(i) a statement from shareholders other than shareholders that hold, also jointly, a controlling or relative majority interest, certifying the absence of any connection and/or significant relations with the latter as provided for by Article 147-ter, paragraph 3 of the TUF and Article 144-quinquies of the Issuer Regulations, having also taken note of the CONSOB recommendations in its Communication no. DEM/9017893 of February 26, 2009;
(ii) comprehensive information on the personal and professional characteristics of the candidates included in the list (curriculum vitae and the list of administration, management and control positions they hold in other companies, relevant under law);
(iii) statements whereby individual candidates irrevocably accepted the position (subject to their appointment) and certified, under their responsibility, that there were no grounds for their ineligibility or incompatibility to stand as a candidate, and that they met the requirements of applicable laws, regulatory provisions, the Articles of Association and the Corporate Governance Code.
(iv) a statement from each candidate certifying that they met the independence requirements established by law, the Articles of Association and the Corporate Governance Code;
(v) a statement from each candidate on their knowledge and expertise in the areas indicated in the 2023 Qualitative/Quantitative Profile.

The lists, together with the above documents, were filed on the Company's website ("About Us/Governance/Shareholders' Meetings" section).

After establishing the number of Board Directors as 11, the Shareholders' Meeting of April 27, 2023, appointed Directors for the 2023-2025 period as follows:

from the list submitted by the outgoing Board of Directors, which obtained the majority of votes: Marco Mangiagalli, Alessandro Foti, Gianmarco Montanari, Patrizia Albano, Maria Alessandra Zunino de Pignier, Giancarla Branda, Arturo Patarnello, Maria Lucia Candida and Paola Generali;
from the list submitted by several asset management companies and institutional investors, which was voted by the minority of shareholders: Elena Biffi and Marin Gueorguiev.

For the percentage of votes for the above lists in relation to voting capital, see the summary report on voting, available on the Company's website ("About Us/Governance/Shareholders' Meeting" section).

The qualitative and quantitative composition of the appointed Board complied with the optimal composition defined by the Board (as described in the 2023 Qualitative/Quantitative Profile), in terms of: (i) the number of Board Members, optimally set by the Board as 11, in order to foster dialogue and promote the decision-making process, and which is sufficient with respect to the size and complexity of the Company's organisational structure and for effective oversight of all company operations; (ii) meeting requirements of integrity, professional competencies (in particular all Board Members have a good knowledge and expertise of two or more of the areas listed) and independence (the majority of Board members are Independent Directors pursuant to the Corporate Governance Code; (iii) gender balance (at least two fifths of the Board Members must comprise the least represented gender, as established by the legislation and regulations applicable to the Board of Directors of listed companies); (iv) complying with the limit on positions (no Board Members exceed the limit) and time available (based on the nature and extent of additional positions held, as well as various professional and work commitments).

The table below presents significant information on each Board Member in office at the date of approval of the Report.

Position	Members	Born in	Date of first appointment	In office since	In office until	List	List	Exec.	Non Exec.	Indep. Code	Indep TUF	Number of other	Participat ion
			(*)			(**)	(***)	1 ( )		2 ( )	3 ( )	positions (****)	(*)
										(13)
Chairman	Marco Mangiagal li	1949	April 28, 2020	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	BoD	M		X	X	X	1	12/12 (100%)
Deputy Chairman	Gianmarco Montanari	1972	April 11, 2017	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	BoD	M		X	X	X	2	12/12 (100%)
Managing Director and General Manager (⚫)	Alessandro Foti	1960	October 20, 1999	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	BoD	M	X				0	12/12 (100%)
Director	Patrizia Albano	1953	April 11, 2017	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	BoD	M		X	X	X	1	12/12 (100%)
Director	Elena Biffi	1966	April 11, 2017	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	Share holde rs	m		X	X	X	2	12/12 (100%)
Director	Giancarla Branda	1961	April 28, 2020	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	BoD	M		X	X	X	2	12/12 (100%)
Director	Maria Lucia Candida	1959	April 27, 2023	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	BoD	M		X	X	X	0	12/12 (100%)
Director	Paola Generali	1975	April 27, 2023	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	BoD	M		X	X	X	1	12/12 (100%)
Director	Marin Gueorguie v	1972	April 28, 2020	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	Share holde rs	m		X	X	X	0	12/12 (100%)
Director	Arturo Patarnello	1956	April 27, 2023	April 27, 2023	Approval of the Financial Statements as at December 31,	BoD	M		X	X	X	0	12/12 (100%)

					2025
Director	Maria Alessandra Zunino de Pignier	1952	April 28, 2020	April 27, 2023	Approval of the Financial Statements as at December 31, 2025	BoD	M	X	X	X	1	12/12 (100%)
				------------- Directors leaving office during the Financial Year -------------
/
	Indicate the number of meetings held during the Financial Year following the Shareholders' Meeting that appointed the new Board of Directors for the three year period 2023-2025: 12
	Quorum required for the submission of lists for the last appointment: 1%
(⚫) This symbol indicates the director in charge of the internal control and risk management system.
				(*) The date of the first appointment of each Director means the date when the Director was appointed for the first time (ever) to the Board of Directors of the Company.
	Directors (with the indication "BoD").			(**) This column indicates whether the list from which each director was drawn was submitted by shareholders (with the indication "Shareholders") or by the Board of
				(***) This column indicates the list that each director was taken from ("M": member from the majority list; "m": member from the minority list).
	positions are indicated in full.			(****) This column indicates the number of positions as director or statutory auditor held by the person concerned in other listed or large companies. In the Report, the
	(*) This column indicates the participation of the directors at board meetings (it indicates the number of meetings attended with respect to the total number of meetings that could have been attended; 6/8; 8/8, etc.). The total number of meetings takes into account the meetings of the Board of Directors scheduled after the date of the Shareholders' Meeting that appointed the new Board of Directors (i.e. April 27, 2023). For meetings of the Board of Directors held prior to that date, please refer to the table concerning the composition of the Board prior to the aforementioned Shareholders' Meeting.
1 (				) Independent Director according to the New Corporate Governance Code.
2 (				) Independent Director in accordance with Article 2, Recommendation 7 of the New Corporate Governance Code.
3 (				) Independent Director in accordance with Article 148, paragraph 3 of the TUF.

With regard to the personal characteristics, knowledge, skills and experience of the members of the Board of Directors, see the curricula vitae attached to this Report and published on the Bank's website www.finecobank.com in the "About Us/Governance" section, as well as the document entitled "List of the skills possessed by the Directors in compliance with the document "Qualitative and Quantitative Composition of the Board of Directors of FinecoBank S.p.A." available on the website of the Bank www.finecobank.com in the "About Us/Governance/Company Boards" section.

Composition of the Board of Directors in office until the Shareholders' Meeting of April 27, 2023

As specified above, the Shareholders' Meeting of April 27, 2023 appointed, inter alia, the new Board of Directors of FinecoBank to replace the one appointed by the Shareholders' Meeting of April 28, 2020.

In compliance with the Supervisory Regulations on Corporate Governance, the appointment of Board Members was proposed to the above-mentioned Shareholders' Meeting held in April 2020, after determining the number of members and their term of office. On that occasion, the Board of Directors had invited shareholders to take into account, when submitting lists, the

requirements for the office of director of a bank pursuant to the applicable laws and regulations, as well as the indications set forth in the 2020 Qualitative/Quantitative Profile.

Therefore, the following lists of candidates were submitted for the appointment of the Board of Directors:

List 1 submitted by the outgoing Board of Directors (pursuant to Article 13 of the Articles of Association) had the candidates Marco Mangiagalli, Alessandro Foti, Francesco Saita, Paola Giannotti De Ponti, Patrizia Albano, Gianmarco Montanari, Maria Alessandra Zunino de Pignier, Andrea Zappia and Giancarla Branda, Donato Pinto and Laura Donnini;
List 2, submitted by several asset management companies and institutional investors (owners of a total of 17,980,964 ordinary shares representing 2.95091% of the share capital), had the candidates Elena Biffi and Marin Gueorguiev.

After establishing the number of Board Directors as 11, the Shareholders' Meeting of April 28, 2020, appointed Directors for the 2020-2022 period as follows:

from the list submitted by the outgoing Board of Directors, which obtained the majority of votes the following were elected: Marco Mangiagalli, Alessandro Foti, Francesco Saita, Paola Giannotti De Ponti, Patrizia Albano, Gianmarco Montanari, Maria Alessandra Zunino de Pignier, Andrea Zappia and Giancarla Branda;
from the list submitted by several asset management companies and institutional investors, which was voted by the minority of shareholders the following were elected: Elena Biffi and Marin Gueorguiev.

For further details on the appointment and composition of the Board of Directors in office for the three-year period 2020-2022, please refer to the Report on Corporate Governance and Ownership Structure for the 2022 financial year, available on the Bank's website (www.finecobank.itsection "About Us/Governance/Shareholders' Meetings").

The table below provides relevant information about each member of the Board of Directors in office as of the date of the Shareholders' Meeting of April 27, 2023.

Position	Members	Born in	Date of first appointmen t (*)	In office since	In office until	List (**)	List (*** )	Exec. 1 ( )	Non Exec.	Indep. Code 2 ( )	Indep. TUF 3 ( )	Number of other position s (****)	Particip ation (* )
Chairman	Marco Mangiagalli	1949	April 28, 2020	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	(14) X	X	1	5/5 (100%)
Deputy Chairman	Francesco Saita	1967	April 15, 2014	April 28, 2020	Approval of the Financial	BoD	M		X	X	X	0	5/5

EMARKE ۱I
CERTIFIED

					Statements as at December 31, 2022								(100%)
Managing Director and General Manager (⚫)	Alessandro Foti	1960	October 20, 1999	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M	X				0	5/5 (100%)
Director	Paola Giannotti De Ponti	1962	April 28, 2020	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	1	5/5 (100%)
Director	Patrizia Albano	1953	April 11, 2017	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	1	5/5 (100%)
Director	Gianmarco Montanari	1972	April 11, 2017	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	2	5/5 (100%)
Director	Maria Alessandra Zunino de Pignier	1952	April 28, 2020	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	1	5/5 (100%)
Director	Giancarla Branda	1961	April 28, 2020	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	2	5/5 (100%)
Director	Elena Biffi	1966	April 11, 2017	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	Shar ehol ders	m		X	X	X	3	5/5 (100%)
Director	Marin Gueorguiev	1972	April 28, 2020	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	Shar ehol ders	m		X	X	X	0	5/5 (100%)
Director	Alessandra Pasini	1973	March 16, 2021 (co opted by Board) April 28, 2021 (appointed by the Shareholders ' Meeting)	April 28, 2021	Approval of the Financial Statements as at December 31, 2022	n/a	n/a		X	X	X	0	5/5 (100%)
					------------- Directors leaving office during the Financial Year -------------
/

Indicate the number of meetings held during the Financial Year up until the date of the Shareholders' Meeting that appointed the new Board of Directors for the three-year period 2022-2025: 5

Quorum required for the submission of lists for the last appointment: 1%

(⚫) This symbol indicates the director in charge of the internal control and risk management system.

(*) The date of the first appointment of each Director means the date when the Director was appointed for the first time (ever) to the Board of Directors of the

Company.

(**) This column indicates whether the list from which each director was drawn was submitted by shareholders (with the indication "Shareholders") or by the Board of Directors (with the indication "BoD").

(***) This column indicates the list that each director was taken from ("M": member from the majority list; "m": member from the minority list).

(****) This column indicates the number of positions as director or statutory auditor held by the person concerned in other listed or large companies. The positions are listed in full in the Report on Corporate Governance

(*****) This column indicates the participation of the directors at board meetings (it indicates the number of meetings attended with respect to the total number of meetings that could have been attended; 6/8; 8/8, etc.). The total number of meetings takes into account the meetings of the Board of Directors scheduled up to the date of the Shareholders' Meeting that appointed the new Board of Directors (i.e. April 27, 2023).

( 1 ) Independent Director according to the New Corporate Governance Code.

( ) Independent Director in accordance with Article 2, Recommendation 7 of the New Corporate Governance Code.

( 3 ) Independent Director in accordance with Article 148, paragraph 3 of the TUF.

4.3.1 Diversity criteria and policies in the composition of the Board and the company organisation

With regard to the diversity criteria and policies in the composition of the Board, the Corporate Bodies Regulations establish that the composition of the Board must be gender balanced as provided for by the laws in force at the time, as well as reflect an adequate degree of diversification in terms of, inter alia, skills, experience, age and international exposure, which will be defined, at each renewal, following completion of the self-assessment process of the Board of Directors and communicated to shareholders and the market through the publication of the document on the qualitative and quantitative composition of the Board.

Subject to the applicable laws and regulations, on January 23, 2023, the Board of Directors approved the Qualitative/Quantitative Profile for the renewal of the Board, which contains the general guidelines on structure, composition and diversity, in terms of gender and age, and also previous professional experience. The Qualitative/Quantitative Profile has been drawn up taking into consideration, in addition to the results of the most recent board review, the requirements and eligibility criteria set out in Ministerial Decree 169/2020, Fit & Proper Policy, the Joint EBA and ESMA Guidelines, the EBA Guidelines on Internal Governance, as well as the recommendations set out in the ECB Guide. The Profile is available on the Bank's website under the sections "About Us/Governance/Shareholders' Meeting" and "About Us/Governance/Documents".

Members of the Board of Directors in office are broken down below, by age and gender. With regard to gender, as at the date of approval of this Report, 45% of the Board of Directors of FinecoBank were male and 55% were female. This is in line with the current gender balance regulations.

A similar representation is also given with reference to the Board of Directors in office until the date of the Shareholders' Meeting of April 27, 2023. Again, the composition of the Board of Directors was in line with the current gender balance rules: 45% of FinecoBank's Board of Directors was represented by the male gender, while 55% was represented by the female gender.

Breakdown by age Breakdown by gender

Fig. 1 – Board of Directors in office as at the date of approval of this Report, as appointed by the Shareholders' Meeting of April 27, 2023.

Fig. 2 - Board of Directors in office until the Shareholders' Meeting of April 27, 2023

With the aim of making business increasingly sustainable and successful, Fineco is committed to ensuring that all employees can enjoy equal opportunities and realise their full potential regardless of gender, in the knowledge that a diverse working environment ensures a plurality of perspectives and fosters innovation.

FinecoBank has taken measures to promote equal treatment and gender opportunities, by including an objective, within the diversity initiatives, linked to the gender balance and pay gap in all the short-term performance evaluation sheets of the Identified Staff.

For more details about the initiatives undertaken to promote equal treatment and gender opportunities throughout the company organisation, see the Consolidated Non-Financial Statement prepared pursuant to Legislative Decree 254/2016 and available on the Bank's website www.finecobank.com in the "About Us/Governance/ Shareholders' Meeting" section.

4.3.2. Maximum number of positions held in other companies

Based on information from the Directors, the Board annually identifies and indicates, in the Report on corporate governance and ownership structures, the positions of director or auditor held by the Directors in other companies and, in general, compliance with the qualitative and quantitative requirements in relation to time (based on the nature and extent of the positions held, as well as other work and professional commitments). The Directors promptly notify the Company of positions held or from which they have resigned during their term of office, as well as any changes that may affect their availability.

With regard to the maximum number of offices that may be held by Directors, the Bank complies with the relevant regulatory provisions. Therefore, in compliance with the provisions of Ministerial Decree 169/2020 and the CRD IV Directive, it has been established that each Director may not hold a total number of offices in banks or other commercial companies exceeding one of the following alternative combinations:

1 executive position and 2 non-executive positions (including the position held in FinecoBank);
4 non-executive positions (including the position held in FinecoBank).

In addition, the following positions are also considered to be a single directorship: (a) executive or non-executive directorships held within the same group; (b) in banks belonging to the same institutional protection scheme; and (b) executive or non-executive directorships held in companies, not included within the group, in which the entity holds a qualifying holding as defined in Regulation (EU) No 575/2013, Article 4(1), point 36. For further details, see the 2023 Qualitative/Quantitative Profile.

The table shows the overall number of positions held by the Directors in office as at the date of approval of this Report (including the position held in FinecoBank). The limit on the accumulation of Directors' positions, as advocated by the Board in its Qualitative/Quantitative Profile from time to time in force, in line with the limits prescribed by the CRD IV Directive and Ministerial Decree 169/2020 as of its entry into force, was considered to have been observed in light of the applicable weightings for positions held in the same group, for those held in non-commercial companies (not relevant for the purposes of accumulation) and the declarations made by the same, as well as in line with the Joint EBA and ESMA Guidelines.

Name	Total number of positions held by the Directors	Number of relevant positions held
Marco Mangiagalli Chairman	3 non-executive positions	3 non-executive positions
Gianmarco Montanari Deputy Chairman	10 non-executive positions and 1 position as general manager	4 non-executive positions (2 ) (3 )

FMARKF ЛR
CERTIFIED

Alessandro Foti Managing Director and General Manager	1 executive position and 2 non-executive positions	1 executive position (1 )
Patrizia Albano Director	5 non-executive positions	4 non-executive positions (2 )
Elena Biffi Director	6 non-executive positions	3 non-executive positions (1 )
Giancarla Branda Director	6 non-executive positions	4 non-executive positions (1 ) (2 )
Maria Lucia Candida Director	4 non-executive positions	2 non-executive positions (1 )
Paola Generali Director	12 non-executive positions	4 non-executive positions (1 ) (2 )
Marin Gueorguiev Director	2 non-executive positions	1 non-executive position (1 )
Arturo Patarnello Director	2 non-executive positions	2 non-executive positions
Maria Alessandra Zunino de Pignier Director	2 non-executive positions	2 non-executive positions

( 1 ) Considering the impact of positions held in non-commercial companies, the total number of positions held complies with the limits set.

( 2 ) Considering the impact of positions in the same group, the total number of positions held complies with the limits set.

( 3 ) Considering the impact of positions held in non-commercial companies and the position of general manager, which is not relevant for calculation purposes, the total number of positions held complies with the limits set.

* * *

In addition to the above, in compliance with Article 36 of Law Decree no. 201 of December 6, 2011, ratified with amendments by Law no. 214 of December 22, 2011, establishing provisions on "personal crossholdings in the credit and financial markets" it is forbidden for "those who hold offices in the management, control and supervisory bodies and the senior officers of firms or groups of firms engaged in credit, insurance and financial markets, to accept or hold similar positions in competing firms or groups of firms" (interlocking ban). Persons who hold incompatible offices must notify the option exercised within 90 days of the appointment. Otherwise, on expiry of this deadline, they shall be removed from both offices.

Directors must annually renew the certificate stating they do not hold positions in the management, supervisory or control bodies of competing companies or groups of companies, in order to enable the Board to carry out its annual assessment. This assessment was carried out on the appointment of Directors, with a positive result for the Financial Year.

Directors are also required to inform the Bank about positions held in other companies and entities. In accordance with provisions of the New Corporate Governance Code, the summary table above shows the number of positions held as director/auditor by Board members of FinecoBank in other companies listed on regulated markets (including foreign markets), in financial, banking, insurance or large-sized companies, and notified by them.

The table below, on the other hand, lists these positions, without listing positions held by officers in non-commercial companies.

Name	List of positions held by FinecoBank Directors in other companies listed on regulated markets (including foreign markets), in financial, banking, insurance or large-sized	Companies belonging to the FinecoBank Group
	companies	YES	NO
Marco Mangiagalli	Non-executive chairman of E.I. Towers S.p.A.	-	x
Chairman
Gianmarco Montanari	Non-executive director of Tinexta S.p.A.	-	x
Deputy Chairman	Non-executive director of Italgas S.p.A.
Alessandro Foti	/	-	-
Managing Director and General Manager

Patrizia Albano	Non-executive director of Piaggio & C. S.p.A.		x
Director
Elena Biffi	Non-executive director of Arnoldo Mondadori	-	x
Director	Editore S.p.A. Non-executive director of REVO S.p.A.
Giancarla Branda	Statutory Auditor of Saras S.p.A.	-	x
Director	Non-executive director of Garofalo Health Care S.p.A.
Maria Lucia Candida	/	-	-
Director
Paola Generali	Non-executive director of Tinexta S.p.A.	-	x
Director
Marin Gueorguiev	/	-	-
Director
Arturo Patarnello	/	-	-
Director
Maria Alessandra Zunino de Pignier	Statutory Auditor of SABAF S.p.A.	-	x
Director

Board of Directors in office until the Shareholders' Meeting of April 27, 2023

In order to provide a more complete and detailed representation of corporate governance for the Financial Year, the following tables are similar to those shown above regarding the list of positions held in other companies by the Directors in office until April 27, 2023.

Name	Total number of positions held by the Directors	Number of relevant positions held
Marco Mangiagalli Chairman	3 non-executive positions	3 non-executive positions
Francesco Saita Deputy Chairman	2 non-executive positions	2 non-executive positions
Alessandro Foti Managing Director and General	1 executive position and 2 non-executive positions	1 executive position (1 )

Manager
Paola Giannotti De Ponti Director	2 non-executive positions	2 non-executive positions
Patrizia Albano Director	5 non-executive positions	2 non-executive positions (2 )
Gianmarco Montanari Director	10 non-executive positions and 1 position as general manager	4 non-executive positions (2 ) (3 )
Maria Alessandra Zunino de Pignier Director	2 non-executive positions	2 non-executive positions
Giancarla Branda Director	6 non-executive positions	4 non-executive positions (1 ) (2 )
Elena Biffi Director	6 non-executive positions	4 non-executive positions (1 )
Marin Gueorguiev Director	1 non-executive position	1 non-executive position
Alessandra Pasini Director	3 non-executive positions	2 non-executive positions (2 )

( 1 ) Considering the impact of positions held in non-commercial companies, the total number of positions held complies with the limits set.

( 2 ) Considering the impact of positions in the same group, the total number of positions held complies with the limits set.

Name	List of positions held by FinecoBank Directors in other companies listed on regulated markets (including foreign markets), in financial, banking, insurance or large-sized companies	Companies belonging to the FinecoBank Group
		YES	NO

Marco Mangiagalli	Non-executive chairman of E.I. Towers S.p.A.	-	x
Chairman
Francesco Saita	/	-	-
Deputy Chairman
Alessandro Foti	/	-	-
Managing Director and General Manager
Paola Giannotti De Ponti	Non-executive director of Terna S.p.A.		x
Director
Patrizia Albano	Non-executive director of Piaggio & C. S.p.A.	-	x
Director
Gianmarco Montanari	Non-executive director of Tinexta S.p.A.	-	x
Director	Non-executive director of Italgas S.p.A.
Maria Alessandra Zunino de Pignier	Statutory Auditor of SABAF S.p.A.	-	x
Director
Giancarla Branda	Statutory Auditor of Saras S.p.A.	-	x
Director	Non-executive director of Garofalo Health Care S.p.A.
Elena Biffi	Non-executive director of Arnoldo Mondadori	-	x
Director	Editore S.p.A.
	Non-executive Director of Elba Compagnia di Assicurazioni e Riassicurazioni S.p.A.
	Non-executive director of REVO S.p.A.
Marin Gueorguiev	/	-	-
Director
Alessandra Pasini	/	-	-
Director

4.4 Functioning of the Board of Directors (pursuant to Article 123-bis, paragraph 2, letter d) of the TUF)

The Board of Directors held seventeen meetings during the Financial Year, with an average duration of four hours and forty-five minutes. For details of the percentage attendance by each Director, see the table in Paragraph 4.3 above.

Thirteen meetings have been scheduled for 2024, two of which had already been held at the date of approval of the Report.

Article 16 of the Articles of Association requires the Company's Board of Directors to be convened, also using telecommunication facilities, at the registered office of the Company, or elsewhere provided the venue is in Italy, by the Chairman (or his/her representative), usually at

least once every three months, and in any case whenever deemed necessary by the Chairman, or if requested in writing by the Managing Director and General Manager or by at least two Directors of the Board of Directors. A Board meeting may also be called by a Statutory Auditor.

In the absence of a notice of call, the Board of Directors is considered to be duly constituted if it is attended by all the Directors and Statutory Auditors.

Article 16 of the Articles of Association allows the possibility for participants of Board meetings to attend remotely, through audiovisual communication systems (video conference or conference call) where the conditions are in place to identify the attendees, allow their real-time participation in discussing the topics examined and to receive, transmit and examine any documents not previously seen.

Pursuant to the Corporate Bodies Regulations, notice of meetings must be given to all Directors and Statutory Auditors within a reasonable period of time, except in cases of urgency. The notice should include the items on the agenda, except where this is not possible due to confidentiality issues, to ensure that the attendees are aware of the matters ahead of time and come prepared to the meeting. The Corporate Bodies Regulations also require that documentation in support of the motions, and any other information needed so that the Directors may express an informed opinion on the issues under discussion, usually be made available to the Directors at least five business days prior to the meeting. This requirement was met during the Financial Year. The confidentiality of the data and information provided is guaranteed by the use of IT tools that allow confidential access with advanced identification systems.

The Chairman is responsible for planning the proceedings of the Board meeting, in accordance with the agenda, as proposed by the Managing Director and General Manager. The Chairman also ensures that adequate information – both qualitative and quantitative – concerning the items on the agenda is provided to all Board members, to enable the Board to make informed decisions on the matters to be discussed and approved; the Chairman also ensures that sufficient time is dedicated to the items on the agenda in order to enable constructive debate, encouraging Directors to actively contribute to meetings.

The Chairman of the Board of Directors, in agreement with the Managing Director, ensures that the managers of the Issuer and those of its Group companies, as well as the heads of the competent corporate functions based on the subject matter, attend the Board meetings, also at the request of individual Directors, to provide appropriate details on the items on the agenda. In this regard, it should be noted that - with reference to the Financial Year - an effective participation of the executives in the meetings of the Board of Directors was recorded, who attended the individual meetings of the Board of Directors to illustrate the topics of their respective responsibility on the relevant agenda.

Pursuant to Article 15 of the Articles of Association, the General Manager, if appointed, may take part, without voting rights, in Board meetings. If a Managing Director has not been appointed, the General Manager takes part in Board meetings with the power to make proposals.

Pursuant to Article 16 of the Articles of Association, the Chairman may request the Deputy General Managers and other executive staff to take part in Board meetings.

Apart from Board meetings, the Directors attend "off-site" meetings, in order to further examine and discuss strategic issues.

The independent directors meet at least once a year in a closed session, without the other Directors. The progress of the meeting and the results of the discussion were recorded in the minutes.

In these meetings, the role of Chairman is performed by an independent director appointed at the first meeting of the Independent Directors. The Chairman is responsible for reporting the outcome of the meeting's discussion to the next Board of Directors meeting.

4.5 Role of the Chairman of the Board of Directors

Pursuant to Article 14 of the Articles of Association, the Board of Directors elects a Chairman from its members and – where appropriate – one or two Deputy Chairmen, one of whom will act as a stand-in.

By its resolution of April 27, 2023, the Board of Directors appointed Mr. Marco Mangiagalli as Chairman of the Board of Directors, in continuity with the previous three-year term.

In accordance with Article 10 of the Articles of Association, the Chairman of the Board of Directors chairs the Shareholders' Meeting, directing and moderating discussions, establishing the voting procedures and confirming the results, in compliance with the applicable regulations and procedures for Shareholders' Meetings.

The Chairman of the Board of Directors has not been granted any management powers and therefore does not have any executive role. He/she does not have a specific role in the development of business strategies, is not the main person responsible for the management of the Company, and does not have significant investments, either directly or indirectly, in the Company's share capital. The current Chairman, Mr. Marco Mangiagalli, is not a member of any of the Bank's board committees.

During the Financial Year, the Chairman ensured that the pre-meeting information, as well as the additional information provided during board meetings, was suitable to enable the directors to act in an informed manner. In this context, the Chairman stimulated the board discussion and ensured – in agreement with the Managing Director and General Manager – that the items on the agenda were discussed with the heads of the corporate functions responsible for each subject area, to enable them to report directly to the Board.

The Chairman managed the coordination of the activities of the Board Committees with the activities of the Board by inviting the Chairmen of each Committee to report on the activities of their committee to the Board, at each meeting. Also for coordination purposes, it is envisaged, at the initiative of the Chairman, that the Committees provide the Board of Directors with a sixmonthly report on their activities.

Lastly, the Chairman ensured that the Board of Directors was informed on the significant content of the dialogue held with all shareholders. For information on the policy on the dialogue with shareholders, see paragraph 12 of this Report.

For additional information on the role and duties of the Chairman, see Part A, § 2.1. of the Corporate Bodies Regulations available on the Company's website www.finecobank.com ("About Us/Governance/Company Boards" section).

During the Financial Year, following the Shareholders' Meeting of April 27, 2023, at the initiative of the Chairman of the Board of Directors (and also on the basis of the training plan for the Financial Year resolved upon by the Board of Directors at the outcome of the assessments conducted with the assistance of the external consultant), nine induction and training meetings were held on a monthly basis (with the exception of the month of October in which three induction meetings were held), focusing on the following topics: (i) FinecoBank's internal governance - the governance and organisational model, the system of internal controls

and decision-making processes; (ii) insights into the Group's business: brokerage, investing and banking; (iii) the system of internal controls: with insights into the risk framework and the monitoring of operational, reputational and compliance risks; (iv) Anti-Money Laundering: insights into regulatory guidelines, impacts on Group strategies (particularly on foreign markets); (v) Fineco's share price performance; (vi) cyber risk: forms of risk (cyber, data governance, etc.) related to the new tech-driven transformative cycle (AI, RPA, etc.); (vii) the supervisory ecosystem: actors involved, monitoring by the Group, insights into regulatory developments; (viii) fintech DNA: distinguishing elements of the Group in the market and presiding over competitive advantages (user experience, offer, etc.); (ix) challenges and opportunities of expansion into international markets: role of the parent company (especially from a regulatory perspective), business positioning, competition.

Secretary of the Board

In accordance with the Corporate Bodies Regulations, in compliance with Recommendation no. 18 of the New Corporate Governance Code, the Board of Directors decides, upon proposal from the Chairman, on the appointment and removal of the Secretary, who is selected from the Legal & Corporate Affairs Function.

The candidate must hold a position of responsibility within the organisational unit and have an adequate seniority level as well as specific corporate governance expertise.

During the Financial Year, the Secretary together with the Legal & Corporate Affairs Function supported the Chairman's activities as described above, also providing impartial assistance and advice to the Board of Directors on any aspect relevant to the proper functioning of the corporate governance system.

4.6 Executive Directors

In accordance with FinecoBank's Corporate Bodies Regulations, powers are delegated in such a way that does not deprive the Board of its fundamental rights and prerogatives.

The Board establishes the content of the delegated powers in a detailed, clear and precise manner, also indicating the limits in terms of quantity and amount, as well as the means of exercising the delegated powers; This also allows the Board of Directors to accurately check that its overriding executive and removal powers are correctly complied with and exercised.

The executive bodies and officers report to the Board of Directors and Board of Statutory Auditors at least every three months, on operations carried out in exercising their powers, in the manner set out in the document "Delegated Powers of FinecoBank S.p.A." and in the other applicable internal regulations.

4.6.1 Managing Directors: Managing Director and General Manager

Pursuant to Article 15 of the Articles of Association, the Board of Directors may appoint a Managing Director, determining the term of office and the respective duties and powers, a General Manager and one or more Deputy General Managers, who constitute the Executive Management, together with the other personnel assigned to that function.

The Managing Director or – where not appointed – the General Manager oversee the Executive Management.

The Managing Director takes on the powers and duties of the General Manager if the latter has not been appointed.

If a Managing Director and General Manager are appointed, both positions must be held by the same person.

The Managing Director, or where not appointed, the General Manager, is responsible for implementing the resolutions passed by the Board of Directors, with the assistance of the Executive Management.

If a Managing Director has not been appointed, the General Manager takes part in the meetings of the Board of Directors with the power to make proposals and without voting rights.

The Managing Director and other Directors with key responsibilities, as well as the General Manager, where no Managing Director has been appointed, report to the Board of Directors on their activities, according to the procedures and time limits established by the Board, in accordance with law.

The Managing Director, or where not appointed, the General Manager, is responsible for implementing the resolutions passed by the Board of Directors, with the assistance of the Executive Management.

The Board of Directors, by resolution of April 27, 2023, in continuity with the previous threeyear period, confirmed Mr. Alessandro Foti as Managing Director and General Manager, granting him powers in all areas of the Bank's activities. More information on the powers granted is given in the document "Delegated Powers of FinecoBank S.p.A." available for public consultation at the Milan-Monza-Brianza-Lodi Companies' Register.

Managing Director and General Manager is responsible for the management of the company.

Pursuant to the Supervisory Provisions (see Part One, Title IV, Chapter 5, Annex A, Section II, paragraph 3) the tasks and responsibilities for business continuity fall within the competence of the body with management function, as set out in paras: "f) promoting the development, periodic monitoring and updating of the business continuity plan in the event of major organisational, technological and infrastructural changes, and of identified gaps or deficiencies or new risks"; and "g) approving the annual plan of testing of the business continuity measures and reviewing the test results documented in writing."

4.6.2 The Chairman of the Board of Directors

The Chairman of the Board of Directors is not the main person responsible for the management of the Issuer, has not been assigned management powers, does not have a specific role in the development of business strategies, and does not have significant investments, either directly or indirectly, in the Company's share capital.

See Paragraph 4.5 above for more details.

4.6.3 Reporting to the Board of Directors by Directors/Delegated Bodies

The Corporate Bodies Regulations require information flows between and within company bodies as an essential condition for achieving the objectives of efficient management and effective control of the Company.

To ensure continual and comprehensive information flows between and within the Corporate Bodies, the Board is called upon to approve and oversee the maintenance and updating of a

structured system of information flows, that governs the circulation of information and ensures it is correctly channelled in a timely and comprehensive manner, taking into account the responsibilities of the various bodies with supervisory and control functions. The Board of Directors has identified these information flows, their content and timing in detail in the "Document on company bodies and functions with supervisory tasks", approved by it. For details regarding the transactions with related parties and associated persons as well as other relevant persons in potential conflict of interest, see the "Global Policy for the management of transactions with persons in potential conflict of interest of FinecoBank Group" and the information flows envisaged in that document(15) .

The Corporate Bodies Regulations identify the persons required to submit information flows to the Corporate Bodies and describe the minimum content and timing of the main flows concerned. Moreover, in order to implement the necessary organisational controls for the proper management of information flows and to provide the necessary information on other aspects (forms, tasks and duties and other content), not covered in the Corporate Bodies Regulations, specific organisational procedures have been adopted that describe the activities and controls related to the "Management of the Board of Directors" as well as the "Management of inside information", in addition to the above-mentioned Global Policy.

Article 21 of the Articles of Association establishes that the decisions made by those with delegated powers must be reported to the Board according to the procedures and frequency (at least quarterly) established by the Board. In particular, the executive bodies and officers must report to the Board of Directors and the Board of Statutory Auditors, at least on a quarterly basis, on the general performance of operations, the business outlook, and transactions that have a significant effect on the results of operations and financial position – with particular regard to those that could potentially give rise to conflicts of interest – carried out by the Company and its subsidiaries.

In this regard, the executive bodies have reported to the Board of Directors on activities performed in the Financial Year in exercising their delegated powers, in accordance with the terms described above.

4.6.4 Other executive directors

As at the date of approval of this Report, no other Directors had been granted management powers other than the Managing Director and General Manager.

4.7 Independent directors and lead independent directors

As at the date of approval of this Report, the Board of Directors had ten Independent Directors pursuant to the New Corporate Governance Code.

Subject to the provisions of Paragraph 4.2 above regarding the procedures and timing for

⁽ ¹⁵) The Global Policy is available at the FinecoBank's website: www.finecobank.com – "About Us/Governance/Related Parties and Associated Persons" section.

verifying the independence of directors, the Board of Directors pursuant to Article 144-novies, paragraph 1-bis, of the Issuer Regulations and Article 2 of the New Corporate Governance Code, determined, at the first available opportunity after their appointment (i.e. the meeting of May 11, 2023), that each of the non-executive Directors satisfied the requirements of independence, and published the results of its determinations in a press release to the market on the same date.

In making the above assessments, the Board of Directors applied (among others) the principles and recommendations of the Corporate Governance Code, as referred to in FinecoBank's Articles of Association.

During the current year, the Board of Directors carried out the annual verification of the satisfaction of independence requirements on March 12, 2024 applying the principles and recommendations of the New Corporate Governance Code. With particular regard to the independence requirements referred to in the New Corporate Governance Code and the Articles of Association, information on the direct or indirect relationships (loans, significant positions held, work as a paid employee and business/professional relations) of Board Directors with FinecoBank.

In order to allow the Board of Directors to carry out the above-mentioned assessment, each Director, including the Chairperson classified as independent in the list submitted by the Board at the time of the last renewal of the body, was asked to make a personal updated assessment of their independence status, taking into account the criteria set out in Articles 147-ter, paragraphs 3 and 4, and 148 paragraphs 3 and 4 of the TUF and Article 2 of the New Corporate Governance Code, and Article 13 of Ministerial Decree 169/2020, providing a specific declaration to that effect.

In order to verify the possible materiality of the above-mentioned relationships, the Board of Directors applied the criteria and materiality thresholds set forth in the Fit & Proper Policy, as better described in the following paragraph.

The results of the verification were as follows:

Independent Directors pursuant to Article 148 of the TUF, Article 2 of the New Corporate Governance Code and Article 13 of Ministerial Decree 169/2020: Marco Mangiagalli, Gianmarco Montanari, Patrizia Albano, Elena Biffi, Giancarla Branda, Maria Lucia Candida, Paola Generali, Marin Gueorguiev, Arturo Patarnello and Maria Alessandra Zunino de Pignier;
Independent Director pursuant to Article 148 of the TUF, Article 2 of the New Corporate Governance Code and Article 13 of Ministerial Decree 169/2020: Alessandro Foti.

The Board of Statutory Auditors verified the correct application of the assessment criteria and procedures adopted by the Board of Directors for assessing the independence of its members.

In line with Article 2, Recommendation 5 of the New Corporate Governance Code and the Supervisory Regulations on Corporate Governance, the Independent Directors, without the Non-Independent Directors and the Chairman, met on July 5 and November 4, 2023 for a meeting, mainly to discuss corporate governance matters and the company's outlook. The meetings were chaired by the Director, Mr. Arturo Patarnello, and the Deputy Chairman of the Board of Directors, Mr. Gianmarco Montanari, respectively. The outcomes of the discussions were represented at the first Board meeting thereafter. In accordance with the Corporate Bodies Regulations, the progress of the meeting and the results of the discussion were recorded in the

minutes.

It should be noted that specific evaluations on the independence of the directors were also carried out with reference to the Board of Directors in office for the three-year period 2020- 2023.

As a result of these assessments, the following were found:

Independent Directors pursuant to Article 148 of the TUF and Article 2 of the New Corporate Governance Code: Marco Mangiagalli, Francesco Saita, Patrizia Albano, Elena Biffi, Giancarla Branda, Paola Giannotti De Ponti, Marin Gueorguiev, Gianmarco Montanari, Maria Alessandra Zunino de Pignier and Alessandra Pasini (co-opted pursuant to Article 2386 of the Italian Civil Code by the Board of Directors on March 16, 2021 and independent also pursuant to Ministerial Decree 169/2020);
Non-independent director pursuant to Article 148 of the TUF and Article 2 of the New Corporate Governance Code: Alessandro Foti.

For more details on how the independence criterion was assessed applied to the Board of Directors previously in office, both at the time of their appointment and during their term of office, please refer to the "Report on Corporate Governance and the Ownership Structure for the 2022 financial year".

Criteria and materiality thresholds for assessing independence

Fulfilment of the independence requirement is verified at the time of appointment and annually, in accordance with the application criteria set out in the New Corporate Governance Code and other applicable provisions. Directors are required to provide any information relevant to the assessment of their independence.

In order to verify the possible materiality of relationships of a commercial, financial or professional nature or otherwise enabling the Director to obtain additional remuneration, the current Fit & Proper Policy identifies the main materiality thresholds:

(a) for transactions of a financial nature, in accordance with the ECB Guidance, financial obligations towards the Company with a value (even cumulative) in excess of €200,000.00 (excluding private mortgages), as well as any loans of any value that are not traded at normal market conditions or that are impaired, are considered relevant;
(b) for business/professional relations, (i) in the case of personal and direct business/professional relations with the Director, there is a prohibition; (ii) in the event of a business/professional relationship with the professional firm and/or consulting company (of which the Director is partner or has been in the three financial years preceding that of the appointment), fees relating to the three financial years preceding that of the appointment that exceed 5% of the total annual turnover or revenues of the relevant professional firm/consulting company and in any event exceed €200,000.00 on an annual basis shall be deemed relevant.

In line with the provisions of the New Corporate Governance Code, it is also specified that in the case of a director who is also a partner in a professional firm or consulting company, the Board of Directors assesses the significance of the professional relationships that may have an effect on his/her position and role within the firm or

consulting company or that otherwise pertain to important transactions of the company and its group, also irrespective of the quantitative parameters.

(c) for "additional remuneration" (as referred to in letter d) of Recommendation No. 7 of the New Corporate Governance Code), the additional remuneration for the Director exceeding €10,000.00 per year with respect to the remuneration provided for the office at the Company is considered significant.

For the purposes of the foregoing, financial, business and professional relationships maintained with the Bank by the Director or by a close family member (meaning: parents, children, nonlegally separated spouses and cohabitees).

In any event, for a full appreciation of the materiality of a financial, commercial or professional relationship, information must be acquired that allows not only a formal, but also a substantive examination of the position, by means of appropriate information provided by the Directors supplemented with information available to the Bank.

As part of the independence assessment, the competent body may also order certain mitigation measures, providing for specific periodic monitoring and availing itself of the support of the applicable Board committee, if required.

4.7.1 Lead Independent Director

As the New Corporate Governance Code does not establish provisions for the appointment of this position, the Board of Directors has not appointed any independent Director as lead independent director(16) .

⁽ ¹⁶) In accordance with Article 3, Recommendation 13 of the New Corporate Governance Code, the Board of Directors appoints an independent director as the lead independent director in the following cases: (i) if the chairman of the board of directors is the chief executive officer of the company or holds significant managerial powers; (ii) if the position of chairman is held by the person that controls the issuer, either jointly or otherwise; (iii) in large companies, even in the absence of the conditions indicated the previous points, if requested by the majority of Independent Directors.

5. PROCESSING OF COMPANY INFORMATION

In compliance with Stock Exchange Regulations and accompanying Instructions, as well as relevant provisions of the TUF and Issuer Regulations, which require Directors and Statutory Auditors to maintain the confidentiality of documents and information acquired in performing their duties, the Corporate Bodies Regulations require the Board of Directors to establish procedures for the internal management and disclosure of documents and information on the Company, also with regard to inside information.

The Bank has adopted a procedure for the processing of relevant inside information pursuant to EU Regulation no. 596 of April 16, 2014, on market abuse (the "Market Abuse Regulation" or "MAR") and the related implementing law and guidelines (e.g. CONSOB Guidelines on the Management of inside information of October 13, 2017) (the "Procedure for processing Relevant Inside Information" or the "Procedure").

The aim of the Procedure for processing Relevant Inside Information is to prevent the processing of such information (as defined below) in a manner, which is not untimely, incomplete or inadequate and in any event that may result in asymmetrical disclosure to the public.

In particular, the management and disclosure of Relevant Inside Information, as regulated by the above-mentioned Procedure, protects the market and investors, providing them sufficient knowledge of matters concerning the Issuer, on the basis of which they may make investment decisions.

The Procedure for processing Relevant Inside Information also aims to prevent certain persons or categories of persons from acquiring information that is not in the public domain, in order to carry out speculative transactions on markets to the detriment of investors that do not have access to that information.

The Procedure describes the process for assessing and disclosing relevant inside information, as well as the requirements for managing the List of Persons who have access to this information (the "FinecoBank Insider List").

The Procedure regulates the management of company information (meaning all information and data concerning FinecoBank and/or other Group companies, which is not in the public domain, acquired by persons required to comply with the Procedure, in performing their duties), with particular regard to (i) relevant information, which is specific information, not available to the public and concerning data, events, projects or circumstances that in any way refer to FinecoBank and that could, also at a later stage, become inside information and (ii) inside information.

It establishes, firstly, the obligation for all persons that perform activities within the Group to keep company information acquired in performing their duties confidential and to use that information exclusively for carrying out their duties.

The Procedure for processing Relevant Inside Information currently:

(a) assigns responsibility for assessing whether information is classified as inside information, also for the purpose of disclosure to the public, to the Chief Financial Officer of FinecoBank assisted by the heads of the Legal and Corporate Affairs Function and Compliance Function , for the areas in their remit.

The Procedure for the Handling of Material and Privileged Information, in particular, establishes that anyone who believes he or she is in possession of material and/or

privileged information is required to promptly report such circumstance to the e-mail: [email protected], managed by the FinecoBank CFO and/or UCI CFO to allow for an assessment of the inside nature of the information disclosed and to take the necessary measures to correctly manage the information, including its prompt disclosure to the market, as applicable;

(b) adopts effective measures to ensure the confidentiality of information until it is disclosed to the public.

To this end, FinecoBank has established a "List of persons who have access to inside information" which is price sensitive, as regards the Company's shares, in compliance with the applicable regulations. It has also established a process to add data to, update and maintain the List, identifying the Compliance Officer of the Company as the person responsible for managing the FinecoBank Insider List;

(c) assigns responsibility to FinecoBank's CFO (assisted by the heads of the Legal and Corporate Affairs Function and Compliance) for assessing the public disclosure of information about the Company and the appropriateness of delaying the public disclosure of Inside Information, in the cases specifically identified by the Procedure for processing Inside Information;
(d) assigns responsibility to FinecoBank's CFO and Head of Identity & Communications for preparing press releases in which Inside Information is disclosed, assisted by the Company units involved;
(e) provides for the publication of the press releases, subject to approval from the Managing Director of the Issuer, via the "eMarket-SDIR" system, to Borsa Italiana and CONSOB.

Press releases are published on the Company's website before the opening of the market on the day after disclosure and are available on the site for at least five years from publication.

***

In accordance with the provisions of Article 114(7) of the TUF and Articles 152-quinquies.1 et seq. of the Regulation on Issuers and in order to implement the regulatory changes resulting from the entry into force of Regulation (EU) No. 596/2014 of the European Parliament and of the Council of April 16, 2014, as subsequently amended by Article 56 of Regulation (EU) No. 2016/1011 - relating to market abuse (Market Abuse Regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC - and the related Delegated Regulations (no. 2016/522 and 2016/523), the Board of Directors' meeting of January 10, 2018 approved the code of conduct on internal dealing, to regulate the management, processing and disclosure of information relating to transactions in FinecoBank's listed shares and debt instruments (as well as derivatives and related financial instruments) carried out by relevant persons (so-called "insiders") and persons closely associated with them (the "Internal Dealing Code"). This procedure regulates the disclosure obligations to be complied with and the conduct to be observed by the above persons and by FinecoBank in order to ensure maximum transparency in disclosure to the market. The Internal Dealing Code was last amended by the Board of Directors on March 15, 2022.

The main aim of the Internal Dealing Code is to improve transparency and uniformity in the disclosure relating to financial transactions undertaken by the above persons, in order to give investors an idea of how those persons perceive the prospects of the company and/or the group it belongs to. The Code does not therefore directly address whether significant persons have

acquired confidential information and used that information unlawfully (conduct which constitutes the offence of insider trading), assuming that the undertaking of certain financial transactions by particular persons considered "significant" (i.e. by persons that, due to their position, are able to acquire information on matters of the company and the group it belongs to), is, in of itself, price sensitive.

The Internal Dealing Code identifies "Significant Persons" and "Closely-Related Persons" to the Significant Persons in compliance with the Issuer Regulations and establishes that "Material Transactions" (as such therefore subject to the disclosure obligations of the Internal Dealing Code) are transactions concerning the purchase, sale, subscription or exchange of shares and debt instruments issued by FinecoBank (admitted to trading – or for which an application has been made for admission to trading – on a regulated market or an MTF or OTF), or derivatives or other financial instruments linked to those instruments carried out by the above persons, directly or through intermediaries, trusts or subsidiaries. The Internal Dealing Code also identifies certain types of transactions which are exempt from the disclosure obligations.

The Internal Dealing Code also contains regulations on the management, processing and disclosure of information relating to those transactions. To this end it governs the:

(a) disclosure obligations of Significant Persons to the Company;
(b) disclosure obligations of Significant Persons and the Company to CONSOB;
(c) cases in which Significant Persons are prohibited from or limited in undertaking transactions on financial instruments.

In compliance with the Internal Dealing Code, the Bank's Compliance Officer is the Financial Reporting Officer and to CONSOB with regard to notices received from Significant Persons.

6. INTERNAL COMMITTEES OF THE BOARD OF DIRECTORS (PURSUANT TO ARTICLE 123- BIS, PARAGRAPH 2, LETTER D) OF THE TUF)

As at the date of approval of this Report (in compliance with the Supervisory Regulations and the New Corporate Governance Code) four Board committees have been established, with examining, advisory, decision-making and coordination functions: (i) a Risk and Related Parties Committee; (ii) a Remuneration Committee; (iii) an Appointments Committee; and (iv) a Corporate Governance and Environmental and Social Sustainability Committee (together, the "Committees").

None of the functions assigned to board committees by the New Corporate Governance Code has been assigned to the Board of Directors. As at the date of this Report, none of the Committees performs the functions of two or more committees envisaged by the New Corporate Governance Code (17) and the functions are not spread across committees in a way that differs from the provisions of the Code or the Supervisory Regulations in this area. The members of the Committees are chosen based on their expertise and their availability to perform the task, taking into account the recommendations of the New Corporate Governance Code (see in particular, Recommendation no. 17).

Unless a shorter term of office is established upon their appointment, Committee members remain in office for the same time as the Board in which they are members. They may resign from their position in the Committees, without resigning from the Board of Directors.

If a member ceases to hold the position for any reason, the Board of Directors will replace that member. The expiry of the new member's term of office is the same as that of the outgoing member. If the Chairman of the Committee ceases to hold office, the Board of Directors will appoint a new Chairman at the time of appointing the replacement member.

The Committees meet on a regular basis and whenever required as a result of particular needs. The Committee meetings are considered duly convened if the majority of their members are present. Each Committee passes resolutions with an absolute majority of the attendees.

The meetings of the Committees are called at least four business days in advance. The notice of meeting, which may also be sent via fax or email by the Chairman via the Secretary of each Committee, must include the details of the place, date and time of the meeting, as well as the items on the agenda to be discussed. In cases of urgency, determined by the Chairman of each Committee, the meetings may be held with one day's notice. Committees may meet validly, even if they have not been called in advance, if all their members are present.

Except in cases of urgency, the documentation in support of proposals, and any information needed for the members of the Committees to express an informed opinion on the matters under discussion, are made available at least from 8:00 a.m. on the third business day prior to the meeting of any Committee.

The Committee meetings may be held via telecommunications links, provided that each

⁽ ¹⁷) In compliance with the CONSOB instructions and guidelines contained in Communication no. DEM/10078683 of September 24, 2010, in order to adopt the Related-Party Regulations, the Company has assigned its control and risk committee the functions of the related-parties committee.

attendee can be identified by all the other attendees, can immediately take part in the discussion, and can also receive, send and view documents. The minutes of Committee meetings are transcribed briefly by the Secretary, who need not be a member of the Committee. If the Secretary is absent or otherwise prevented from performing this task, the person chairing the meeting shall appoint a replacement. The minutes contain, amongst other things, the reasons for any disagreements expressed by the Committee members. The minutes are kept by the Secretary for possible consultation needs of the members of the Committee(s) who may be absent, as well as the Board members and Auditors.

The Chairman of each Committee reports on the meeting at the next Board meeting.

Each Committee is allocated adequate funds to perform its duties within the limits of the budget approved by the Board of Directors, sufficient to guarantee operational independence, which may be supplemented to meet specific needs. The Committees may engage external advisors.

The Shareholders' Meeting determines the annual fees for Committee members and a fee for attending committee meetings. To perform their duties, the Committees are given adequate instruments and information from the relevant functions, to enable them to make their assessments. They also have access to the relevant company information.

On the invitation of the Chairman of each Committee, the meetings – taking into account the items on the agenda in each case – may be attended by the Managing Director and General Manager, the other Directors, the Deputy General Managers, the Financial Reporting Officer and members of Company and Group personnel.

Subject to the right of the Statutory Auditors to attend the meetings, or the rules applicable to the Risk and Related Parties Committee, the Chairman of each committee can invite the Chairman of the Board of Statutory Auditors or another Statutory Auditor designated by him/her.

Persons external to the Company and the Group may also be invited to participate in meetings of each of the Committees where, in full compliance with the applicable regulations on confidentiality of information and market abuse, their participation is considered necessary for the discussion of items on the Committee meeting's agenda.

Where the Committees are called on to express their opinion on urgent matters within their remit, the Chairman of each Committee, after having acknowledged the urgency of the situation and having established that the majority of or all the members are unavailable to meet or to carry out the required activities in due time, promptly informs the Chairman of the Board of Directors of this situation. In any event, this notification must be made no later than the day after the Chairman of the Committee has received notice of the unavailability of the majority of or all the members. The Chairman of the Board of Directors, after consulting with the Managing Director and General Manager to evaluate the urgency of the decision, immediately restores the presence of the number of Independent Directors established for the composition of the Committee by designating another independent member of the Board of Directors, after having contacted him/her. With regard to the Risk and Related Parties Committee, the abovementioned rules apply to transactions with persons in potential conflict of interest pursuant to the Global Policy, the completion of which is urgent and for which the Risk and Related Parties Committee's action is required during the negotiations and the preliminary analysis and/or when issuing the opinion.

The above also applies if the unavailability of the majority is due to the resignation of a member of the Committee.

With specific reference to composition of the Committees, in accordance with the Supervisory Regulations on Corporate Governance, it is good practice for each committee to have at least one member from the least represented gender.

The rules governing the functioning of the Board Committees and the duties and responsibilities assigned to each of them are governed in detail by the Corporate Bodies Regulations (Paragraph B), which should be consulted for further details.

The committees established within the Board of Directors are described in Paragraphs 6.1, 7, 8 and 9.

6.1 CORPORATE GOVERNANCE AND ENVIRONMENTAL AND SOCIAL SUSTAINABILITY COMMITTEE

6.1.1 Composition and functioning of the Corporate Governance and Environmental and Social Sustainability Committee

On April 27, 2023, the Board of Directors appointed the members of the current Corporate Governance and Environmental and Social Sustainability Committee, who are all executive, Independent Directors pursuant to the TUF and New Corporate Governance Code, and have adequate experience and expertise as evaluated and ascertained by the Board of Directors on their appointment.

As at the date of approval of this Report, the composition of the Corporate Governance and Environmental and Social Sustainability Committee was as follows:

Name	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Patrizia Albano	X	X	X	8/8 (100%)	C
Maria Alessandra Zunino de Pignier	X	X	X	8/8 (100%)	M
Gianmarco Montanari	X	X	X	8/8 (100%)	M

------------- Members leaving office during the financial year-------------

No. of Committee meetings from April 27 to December 31, 2023: 8

(*) This column shows the percentage of directors' attendance at Committee meetings (no. of attendances/no. of meetings held during the actual period in office of the person concerned) during the Financial Year with effect from April 27, 2023.

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

The members of the Corporate Governance and Environmental and Social Sustainability Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at December 31, 2025.

N.A.

The Committee shall meet when convened by its Chairman, whenever he/she deems necessary, or upon the request of one of its members.

* * *

With reference to the composition of the Corporate Governance and Environmental and Social Sustainability Committee until April 27, 2023, the relevant summary table is shown below:

Name	Executive	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Maria Alessandra Zunino de Pignier		X	X	X	5/5 (100%)	C
Patrizia Albano		X	X	X	5/5 (100%)	M
Francesco Saita		X	X	X	5/5 (100%)	M
N.A. No. of Committee meetings relating to the Financial Year up to April 27, 2023: 5	------------- Members leaving office during the financial year-------------
() This column shows the percentage attendance at Committee meetings (no. of attendances/no. of meetings held during the actual period in office of the person concerned) during the Financial Year with effect from April 27, 2023. (*) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

6.1.2 Functions of the Corporate Governance and Environmental and Social Sustainability

Committee

The duties assigned to the Corporate Governance and Environmental and Social Sustainability Committee are described below. The Corporate Governance and Environmental and Social Sustainability Committee performs the functions of informing, advising and making proposals to the Board through the following:

(i) providing opinions and support to the Board of Directors in defining FinecoBank's corporate governance system, the Group's corporate structure and models and guidelines on governance, and in that context it:
it monitors changes in national and international laws and best practices on corporate governance, updating the Board of Directors where those changes are significant;
verifies that the corporate governance system of FinecoBank and of the Group is in line with the legal and regulatory requirements, the recommendations in the New Corporate Governance Code, and national and international best practice;
(ii) makes proposals to the Board of Directors on adapting the corporate governance system, where necessary or appropriate;
(iii) supervises the sustainability issues related to FinecoBank's operations and the interactions with all stakeholders; in particular, the Committee provides the following support to the Board:
monitoring the sustainable growth strategy of the Company and the Group over time, based on relevant international guidelines and principles;
contributing to assessing the risks linked to sustainability issues, and in particular, those that may be significant in the medium/long term;
examining and where necessary making proposals concerning plans, objectives, rules and company procedures on the Group's social and environmental issues in line with the applicable regulations, monitoring their implementation over time. In this respect, it supports the Board of Directors in approving policies aimed at promoting diversity and inclusiveness;
contributes to the review of products with ESG purposes for which the Bank acts as producer;
monitoring the positioning of the Company and the Group in relation to financial markets with respect to sustainability issues and relations with all the stakeholders;
examining and issuing opinions regarding the policy for managing relations with all the shareholders, taking into account the engagement policies adopted by institutional investors and asset managers;
examining in advance the Non-Financial Statement (NFS) pursuant to Legislative Decree no. 254/2016 and the Environmental Statement pursuant to EMAS Regulation no. 1221/2009, for the areas applicable to FinecoBank, to be submitted for approval by the Board of Directors.

6.1.3 Activities performed

During the Financial Year, the Committee met thirteen times. The Committee meetings, with minutes taken by the designated Secretary, lasted an average of one hour and thirty-eight minutes.

During the meetings, the Corporate Governance and Environmental and Social Sustainability Committee – on the basis of the necessary information and clarifications received from FinecoBank's organisational units, and having taken note of the applicable regulations and the documentation supporting the proposals – was called upon to express its opinion, in relation to matters of corporate governance, on the annual letter of the Chairman of the Italian Corporate Governance Committee, also in order to implement its indications in the "Report on Corporate Governance and ownership structure for the 2022 financial year", which was also submitted to the Committee for the aspects under its responsibility and subsequently approved by the Board of Directors on March 14, 2023. Still on the subject of corporate governance, the Committee analysed the updates made to the Company's internal regulations from time to time during the Financial Year. In particular, it examined the amendments proposed in 2023 to the "Corporate Bodies Regulation of FinecoBank S.p.A.", which were subsequently approved by the Board of Directors. These include the amendments resulting from the 40th update of Circular 285/2013 of the Bank of Italy, aimed at aligning Italian regulations with the ""Guidelines on Information Technology (ICT) Risk Management and Security" issued by the EBA, which entailed an update

of the Board's powers for ICT and information system profiles, as well as amendments to incorporate the new provisions set out in the Bank of Italy's Order of August 1, 2023, which made certain amendments to the Order of March 26, 2019 containing the "Provisions of the Bank of Italy on organisation, procedures and internal controls for anti-money laundering purposes". In addition, some additions were made to the tasks of the Board committees, such as, for instance, with reference to the Corporate Governance and Environmental and Social Sustainability Committee, the addition aimed at specifying the supporting role to the Board of the same Committee in relation to the examination of products with ESG purposes of which the Bank is a producer; As a consequence of this update, further internal regulations such as the "Product Committee Regulations" and the "Global Sustainability Policy" were also updated.

The Committee oversaw the sustainability-related activities the related activities, verifying the updates provided by the competent internal structures on the initiatives undertaken by the Bank. In this regard, the Committee was continuously informed about the progress of the Sustainability 2023 activities, with a special focus on those related to the MiFID sustainability adequacy checks and sustainability reporting in the financial services sector (Regulation (EU) 2019/2088 - SFDR). It also reviewed the updates made from time to time to the ESG KPI Dashboard, especially those related to the targets resulting from the Net-Zero commitment made by the Bank, paying particular attention to the Sustainability KPIs related to Scope 1, 2 and 3 Operational Emissions. The Committee analysed in a joint session with the Risks and Related Parties Committee - each for the profiles of their respective competences - the draft of the "Consolidated Non-Financial Statement of the FinecoBank Group" relating to the 2022 financial year, formulating some observations that were incorporated in the version approved by the Board of Directors on March 14, 2023. With regard to the Non-Financial Statement 2023, the Committee monitored its drafting by means of periodic updates from the relevant structures on the progress of the work as early as the last months of the Financial Year, and then examined its contents during the first meetings of 2024, with a view to its approval by the Board of Directors. In this regard, it should be noted that starting from the 2024 financial year, the fulfilments related to non-financial reporting will be fulfilled within the processes of preparation of the Consolidated Financial Statements, in line with the requirements of the new regulations set forth in EU Directive 2022/2464 (so-called CSRD - Corporate Sustainability Reporting Directive).

In the course of 2023, the Sustainability Function devoted itself to the definition of the new ESG Multi-Year Plan 2024-2026, an initial progress report on which was provided to the Committee at its July meeting, describing the development of the Bank's ESG objectives, starting with the ESG Plan for the years 2020-2023, the objectives of which were expanded over time with a series of additional measures and documents. At subsequent meetings in November and December, drafts were presented of the new ESG Plan, which incorporates the objectives and targets of the Environmental Programme under EMAS Regulation 1221/2009 and the UNEP Principles for Responsible Banking. For the definition of the ESG Plan, various sources were analysed and a desk analysis was also carried out, which took into consideration the Sustainability Reports of Fineco's main peers, also taking into account the requirements of the main ESG indices/rating agencies. The results of this analysis were shared with the Bank's structures, in order to gather new proposals and/or initiatives to be included in the sustainability strategy. It should be noted that, following its review of the ESG 2024-2026 Plan, the Committee made some minimal observations, including a request to revise the wording of the corporate purpose, in order to extend the concept of supporting customers throughout their "financial life", i.e. accompanying the customer in the responsible management of their overall

financial position and not only their savings position. The ESG MYP was submitted to the Board of Directors as an integral part of the broader MYP 2024-2026.

With specific reference to environmental sustainability issues, in the first part of the Financial Year the Committee analysed (i) the update of the "Environmental Programme 2021-2024", which identifies the measures, responsibilities and means adopted or planned to achieve environmental objectives and targets, as well as the deadlines for achieving them, as well as (ii) the third "Review of FinecoBank's Environmental Management System", prepared in accordance with European Regulation no. 1221/2009/EC. In the second half of 2023, on the other hand, the updated version of FinecoBank's Environmental Statement with data as at December 31 2022 was submitted to the Committee, in relation to which, as from the year 2023 (with reference to the reporting period January 1 -December 31, 2022), the data and information required to meet the requirements of Annex IV of EMAS Regulation no. 1221/2009/EC are integrated within the "Consolidated non-financial statement of the FinecoBank Group". Also in the area of environmental and financial sustainability issues, the Global Business Function presented the Committee with a new product, called the "Green Loan", aimed at financing interventions related to the purchase for the installation of renewable energy technologies. Finally, the Chief People Officer's organisational unit provided the Committee with the usual information on the Home-Work Travel Plan 2023, drafted with the aim of analysing and implementing measures aimed at incentivising new forms of sustainable mobility in compliance with the reference regulations set forth in Article 229, paragraph 4, of the Relaunch Decree and the Guidelines for the drawing up and implementation of Home-Work Travel Plans.

Focusing on issues closely related to social sustainability, updates and in-depth analyses of the Bank's commercial offering continued during the Financial Year, especially with regard to younger customers, on instruments considered to be more speculative. In the second half of the year, the Committee assessed further aspects related to social sustainability, which are the responsibility of the Chief People Officer Department. Particular attention was devoted to the issue of diversity at Fineco and to Gender Certification, an instrument regulated by the Decree-Law of April 29, 2022, which defines the parameters and minimum requirements for obtaining it. The path to certification was completed in December following the positive inspection by the external certification body. In order to issue this certification, it was necessary to review some of the Bank's internal regulations on gender equality and diversity, such as the Global Policy on Gender Equality and other related policies. Also in this context, the Committee issued a favourable opinion on the Management System Manual and the 2024-2026 Objectives Plan, with a view to their approval by the Board of Directors, also endorsing the proposal - submitted to the same Board - to assign the Chief People Officer responsibility for the Management System.

In addition to these issues, the CPO Department submitted to the Committee, in line with what had been done previously, the new hypothesis of integrating ESG KPIs into the long-term incentive plans for the three-year period 2024-2026, for subsequent evaluation by the Remuneration Committee, after which the proposal was presented to investors and proxy advisors during the engagement phase.

The Committee, through its Chair, had access to the information and corporate functions needed to carry out its tasks, also with the aid of the Company's internal units and external advisors.

The Chairman of the Board of Statutory Auditors and the Statutory Auditors attended the meetings of the Corporate Governance and Environmental and Social Sustainability Committee, also at the invitation of the Committee. Managers and staff from the corporate functions were also invited to attend in relation to individual items on the agenda.

Fourteen Committee meetings have been scheduled for the current financial year, four of which have already been held.

7. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE

7.1 Self-assessment and succession of Directors

In compliance with provisions of the Corporate Bodies Regulations, adoptedpursuant to the Supervisory Regulations on Corporate Governance and in line with the recommendations of the New Corporate Governance Code, the Bank periodically carries out the self-assessment process on the functioning of the Board and its Committees, as well as their size and composition.

For the performance of the self-assessment process, FinecoBank, as in the previous year, made use of the company Key2People as an independent external consultant, selected with the aid of the Appointments Committee and engaged to provide advice during each stage of the process. That company, chosen based on its experience and expertise in corporate governance matters, is acknowledged as possessing the neutrality, impartiality and independence of mind required by the Corporate Bodies Regulations.

The process is divided into the following steps:

examination: carried out in accordance with the provisions of the Corporate Bodies Regulations, through anonymous questionnaires and individual interviews;
consultant's assessment of the results of the self-assessment process and preparation of the summary document describing the methods used, the individuals involved and the results obtained, highlighting any strengths and weaknesses identified;
examination of the summary document by the Appointments Committee and proposals of possible corrective measures to be submitted to the Board of Directors;
assessment and approval of the summary document and the proposals by the Board of Directors.

The self-assessment process conducted in respect of the Board appointed in April 2023 is currently ongoing.

With regard to the self-assessment process applicable to the Board of Directors in office until the date of the Shareholders' Meeting of April 27, 2023, please refer to the Report on Corporate Governance and Ownership Structure for the year 2022 for all details.

Succession plans

FinecoBank is increasingly investing in the development of a sustainable leadership pipeline, creating internal growth opportunities and specific pathways to enhance and strengthen the leadership skills of managers, as well as in promoting diversity & inclusion to create a fair and inclusive environment.

To this end, with the support of the Human Resources function, the Appointments Committee identified the process and methodology to be adopted for the formulation of the succession plan for the Chief Executive Officer and General Manager, as well as for the other executives with strategic responsibilities and the Bank's senior figures.

In 2023, with the favourable opinion of the Appointments Committee, the Board of Directors made the latest update to the succession plan for the Managing Director and General Manager.

With regard to the latter, the Appointments Committee was supported by a leading consulting firm that carried out an independent assessment of the candidates for succession.

The succession of the Managing Director and General Manager can be managed either through

the selection of internal or external candidates, based at all times on the optimal qualitative/quantitative profile for the position.

With regard to the Chairman of the Board of Directors, the specific process codified in the Corporate Bodies Regulations will apply.

7.2 Appointments Committee

7.2.1 Composition and functioning of the Appointments Committee

On April 27, 2023, the Board of Directors appointed the members of the current Appointments Committee, who are all executive, independent Directors pursuant to the TUF and the Corporate Governance Code and the New Corporate Governance Code (at the date of this Report), and have adequate experience and expertise as evaluated and ascertained by the Board of Directors on their appointment.

At the date of approval of this Report, the composition of the Appointments Committee was as follows:

Name	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Elena Biffi	X	X	X	10/10 (100%)	C
Patrizia Albano	X	X	X	10/10 (100%)	M
Arturo Patarnello	X	X	X	10/10 (100%)	M

------------- Members leaving office during the financial year-------------

N.A.

No. of Committee meetings from April 27 to December 31, 2023: 10

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

The members of the Appointments Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at December 31, 2025.

The Appointments Committee meets when convened by its Chairman, whenever he/she deems necessary, or upon request of one of its members.

* * *

With reference to the composition of the Appointment Committee until April 27, 2023, the relevant summary table is shown below:

ΔR ID
CERTIFIED

Name	Executive	Non	Indep.	Indep.	%	(**)
		executive	Code	TUF	(*)
Elena Biffi		X	X	X	8/8	C
					(100%)
Patrizia Albano		X	X	X	8/8	M
					(100%)
Gianmarco Montanari		X	X	X	8/8	M
					(100%)
	------------- Members leaving office during the financial year-------------
N.A.
No. of Committee meetings relating to the Financial Year up to April 27, 2023: 8
(*) This column shows the percentage of directors' attendance at Committee meetings (no. of attendances/no. of meetings held during the actual period in office of the person concerned during the Financial Year to April 27, 2023).

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

7.2.2 Functions of the Appointments Committee

The duties assigned to the Appointments Committee are described below. This Committee has been assigned the duties and responsibilities in accordance with the Supervisory Regulations and the New Corporate Governance Code. Specifically, the Appointments Committee has an advisory role assisting the Board with the following:

supporting the Board of Directors in the appointment and co-option of directors in accordance with the Supervisory Regulations;
providing the Board with opinions on:
a) the drafting (i) of the policy for the appointment of Directors of subsidiaries and investee companies, and (ii) the policy for verifying the suitability requirements of corporate officers and managers of FinecoBank's main corporate functions pursuant to current legislation;
b) the qualitative/quantitative profile required by the Supervisory Regulations, making proposals to the Board on the qualitative/quantitative composition of the Board of Directors and its Committees considered optimal and the maximum number of positions held by Directors in other companies considered compatible with the effective performance of their duties in FinecoBank;
c) the appointment of the Managing Director and/or the General Manager and other key management personnel;
d) the formulation of succession plans for the Chairman of the Board of Directors, the Managing Director, the General Manager and the other key management personnel;
e) the selection of candidates to the position of FinecoBank Director, in the event of cooption, and where lists are submitted by the Board, of candidates to the position of

independent director to be submitted for the approval of the Shareholders' Meeting of the Company (see "Annex B" to the Corporate Bodies Regulations);

f) the appointment of members of the Board Committees;
g) the various stages of the self-assessment process (see, "Annex A" to the Corporate Bodies Regulations);
assisting the Risk and Related Parties Committee in the process for identifying and proposing the heads of the corporate control functions (Compliance, Internal Audit, Risk Management and Anti-Money Laundering (of the Bank and Group), as well the deputy to the Anti-Money Laundering Officer) and the person responsible for reporting suspicious transactions to be appointed or removed;
in compliance with the timeframe set forth in the Bank of Italy AML Provision, supports the Risk and Related Parties Committee in the process of identifying and proposing the Officer responsible for anti-money laundering for the Bank and the Group, ensuring that the latter meets the conditions set forth in Section III-bis of the Bank of Italy AML Provision;
supporting the Board of Directors in assessing their suitability pursuant to Article 26 of the TUB (requirements for corporate officers) and, in any case, in the applicable primary and secondary regulations in force (including the rules on interlocking directorates), as well as in the subsequent check of the qualitative/quantitative composition considered optimal and the actual composition resulting from the appointment process;
supporting the Board of Directors in the process of ascertaining the suitability requirements established for the heads of the main corporate functions (i.e. AML Officer, Compliance Officer, Head of Internal Audit, Chief Risk Officer, Chief Financial Officer and Financial Reporting Officer) under current legislation;
supporting the Chairman of the Board of Directors in all the steps pertaining to induction and training programmes for members of the Board of Directors and of the Board of Statutory Auditors;
issuing opinions to the Board of Directors concerning the appointment of corporate officers (i.e. members of the boards of directors, boards of statutory auditors and supervisory boards) at the subsidiaries, as well as minority-owned companies.

7.2.3 Activities performed

During the Financial Year, the Committee met eighteen times. The Committee meetings, with minutes taken by the designated Secretary, lasted an average of one hour and forty minutes.

During these meetings, the Appointments Committee – on the basis of the necessary information and clarifications received from FinecoBank's organisational units, and having taken note of the applicable regulations and the documentation supporting the proposals – was called upon to express its opinion, inter alia, concerning the: (i) the annual letter from the Chairman of the Italian Corporate Governance Committee, also for the purpose of incorporating its indications in the "Report on Corporate Governance and Ownership Structure for the 2022 financial year", which was also submitted to the Committee for the profiles falling within its purview and subsequently approved by the Board of Directors on March 14, 2023, (ii) the updates of the offices of company officers as communicated from time to time, (iii) the update

of the "Corporate Bodies Regulations of FinecoBank S.p.A." for the sections relating to the Committee itself, (iv) the update of the succession plan for the Chief Executive Officer and General Manager, (v) the allocation of the budget for the Committee itself for the year 2024.

In view of the expiry of the three-year term of office of the Board of Directors, the Appointments Committee at the end of 2022 identified the independent external professional to be proposed to the Chairman of the Board of Directors for the Board of Directors' selfassessment and peer review process referring to the 2022 financial year. Subsequently, the Committee expressed its opinion on the outcome of the Board of Directors' self-assessment process, while also taking into consideration the insights that emerged from it. The Committee's activities related to the self-assessment process for the 2022 financial year also continued in the first months of 2023. In this context, in fact, the Committee continued its activities aimed at defining the list of candidates to be submitted to the Board of Directors in view of the renewal of the Board, using for the purpose of candidate selection precisely the results of the Board Review which, unlike the previous ones contained an ad hoc section devoted to the suggestions for the conclusion of the three-year term of office with a view to the renewal of the Board, as well as the evidence emerging from the Peer Review supported by the ad hoc interviews conducted by the external consultant Egon Zehnder, in order to ensure transparency and independence and thus also to comply with the Call for Attention no. 1/22 of January 21, 2022 of CONSOB concerning "The submission of a list by the board of directors for the renewal of the same board". The Committee also gave Egon Zehnder a specific mandate to search for candidates whose profiles were in line with the skills required in the 2023 Qualificative/Quantitative Profile, taking into account the specific determinations made by the Board, in line with the proposal of the same Committee. The Committee then defined a proposed list of candidates for the position of Director of FinecoBank to be submitted to the Board of Directors. Subsequently, the admissibility of the candidate lists receivedwas assessed, for the purpose of their publication, and the absence of relations of connection between the lists deposited, also on the basis of the recommendations formulated by CONSOB in Communication No. DEM/9017893 of February 26, 2009 (also the "CONSOB Communication").

Following the appointment of the new members of the Board of Directors, by virtue of the resolution of the Shareholders' Meeting of April 27, the Appointments Committee expressed a favourable opinion, for the purposes of the subsequent approval by the Board of Directors, on whether the newly elected directors meet the legal and regulatory requirements.

The Committee also issued a positive opinion on the corrective actions to be taken with respect to the insights gained from the self-assessment results.

To support the Chairman of the Board of Directors, the Committee also supervised the work for the preparation of the training plans for the members of the corporate bodies. In particular, the Committee carried out the preliminary activities for the definition and updating of the training plan for the year 2023, defined on the basis of the results of the analysis aimed at identifying the issues of particular interest and the priorities of the topics to be dealt with, and with the aim of strengthening the skills of the Directors and providing a concrete and innovative response to the requests of the Regulators for the management of training programmes.

Lastly, an update to the Policy "Verification of the Suitability Requirements of Company Officers and Managers of the Main Corporate Functions of FinecoBank S.p.A." was submitted to the Committee for subsequent approval by the Board of Directors, aimed at defining the set

of rules, responsibilities and processes for the purpose of verifying the suitability requirements of Company Officers and the Heads of FinecoBank's Main Corporate Functions, with specific reference to the section dedicated to the independence requirement of the officers, incorporating the suggestions for improvement contained in the letter from the Chairman of the Corporate Governance Committee.

The Committee, through its Chair, had access to the information and corporate functions needed to carry out its tasks, also with the aid of the Company's internal units and external advisors. The Chairman of the Board of Statutory Auditors and/or member of the Board also attended the meetings of the Appointments Committee, at the invitation of the Committee. Managers and staff of the corporate functions were also invited to attend in relation to individual items on the agenda, as well as external consultants.

Thirteen Committee meetings have been scheduled for the current financial year, three of which have already been held.

8. REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE

8.1 Remuneration of Directors

For the information required regarding the remuneration of executive directors, non-executive directors and key management personnel and concerning indemnities for Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (pursuant to Article 123-bis, paragraph 1, letter i) of the TUF), see the "Annual Report on Remuneration Paid in the Financial Year 2023 - Section II of the Report on Remuneration Policy and Remuneration Paid" published in accordance with Article 123-ter of the TUF, Article 84-quater of the Issuer Regulations and the provisions in Title IV, Chapter 2, Section VI of Bank of Italy Circular no. 285.

8.2 Remuneration Committee

8.2.1 Composition and functioning of the Remuneration Committee (pursuant to Article 123-bis, paragraph 2, letter d), TUF)

On April 27, 2023, the Board of Directors appointed the members of the current Remuneration Committee, who are all executive, independent Directors pursuant to the TUF and the New Corporate Governance Code, and have adequate experience and expertise as assessed and ascertained by the Board of Directors on their appointment.

Name	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Gianmarco Montanari	X	X	X	9/9 (100%)	C
Giancarla Branda	X	X	X	9/9 (100%)	M
Marin Gueorguiev	X	X	X	9/9 (100%)	M

At the date of approval of the Report, the Remuneration Committee was composed as follows:

------------- Members leaving office during the financial year-------------

N.A.

No. of Committee meetings from April 27 to December 31, 2023: 9

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

The members of the Remuneration Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at December 31, 2025.

For the additional information required regarding the establishment, duties and functioning of

the Remuneration Committee, as well as the main activities performed, see: (i) the section "Remuneration Committee" of the report published in the "2023 Annual Remuneration Report" published in accordance with Article 123-ter of the TUF, Article 84-quater of the Issuer Regulations and the provisions in Title IV, Chapter 2, Section VI of Bank of Italy Circular no. 285; (ii) the Corporate Bodies Regulations (Part B, § 1.2.).

With regard to the external consultant providing support to the Committee, there were no indications that his independence of judgement was compromised.

* * *

With reference to the composition of the Remuneration Committee until April 27, 2023, the relevant summary table is shown below:

Name	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Gianmarco Montanari	X	X	X	4/4	C
				(100%)
Giancarla Branda	X	X	X	4/4	M
				(100%)
Paola Giannotti De	X	X	X	4/4	M
Ponti				(100%)
------------- Members leaving office during the financial year-------------
N.A.
No. of Committee meetings relating to the financial year up to April 27, 2023: 4
(*) This column shows the percentage of Directors' attendance at Committee meetings (no. of attendances/no. of meetings held during the actual period in office of the person concerned) during the Financial Year up until April 27, 2023.

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

8.2.2 Functions of the Remuneration Committee

The duties assigned to the Remuneration committee are described below:

(i) presenting proposals or issuing opinions to the Board for the definition of a general remuneration policy for the Managing Director, the General Manager, the other Key Management Personnel and Identified Staff, to enable the Board to prepare the Report on Remuneration to be submitted to the annual Shareholders' Meeting and periodically assessing the suitability, overall consistency and effective application of the general remuneration policy approved by the Board;

(ii) makes proposals or expresses opinions to the Board on the overall remuneration and on the assignment and assessment of the performance objectives of the Managing Director, the General Manager, the other Executives with strategic responsibilities of the Financial Reporting Officer and of the Executive Vice President (as identified by the Global Job Model of the Group), and for the determination of the criteria for the remuneration of the Company's top management, including the relevant performance targets related to the variable component of such remuneration;

(iii) formulates proposals or expresses opinions to the Board of Directors on the overall remuneration and on the assignment and relative evaluation of the performance objectives of the Heads of the corporate control functions (Head of the Compliance function, Chief Risk Officer, Head of the Internal Audit function, Head of the Anti-Money Laundering function). With reference to the Compliance, Risk Management and Anti-Money Laundering functions, it formulates proposals or issues opinions after consulting the Risk and Related Parties Committee; Furthermore, with reference to the Internal Audit function, it formulates proposals or expresses opinions with the favourable opinion of the Risk and Related Parties Committee;

(iv) examining any share-based or cash incentive plans for the employees and the personal financial advisors of the Company and Gruop and strategic staff development policies;

(v) directly overseeing the proper application of remuneration rules for managers of corporate control functions, in close conjunction with the control body;

(vi) working together with the other Board committees, in particular the Risk and Related Parties Committee, which, in relation to the remuneration and incentive policies, examines whether the incentives provided by the remuneration system take into account risks, capital and liquidity, whilst ensuring that this does not affect the tasks assigned to the Remuneration Committee, as well as proper coordination with that committee;

(vii) ensuring the involvement of the competent corporate functions in the process to prepare and check remuneration and incentive policies and practices;

(viii) providing opinions, also using information received from the competent corporate functions, on the results of the procedure for identifying key personnel, including any exclusions;

(ix) providing appropriate reporting on its activities to the corporate bodies, including the Shareholders' Meeting.

Thirteen Committee meetings have been scheduled for the current financial year, three of which have already been held.

9. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - RISK AND RELATED PARTIES COMMITTEE

The internal control system is a fundamental part of the overall governance system of banks. It has a central role in the organisation and ensures the effective monitoring of risk, in order to guarantee that operations are in line with company strategies and policies and based on principles of sound and prudent management, as well as the principle of sustainable success.

An efficient and effective internal control system forms the basis for creating value in the medium and long term, for safeguarding the quality of operations and for a correct perception of risk and appropriate allocation of capital.

The Company's internal control system is based on the principles of the New Corporate Governance Code, applicable regulations and best practice, and is founded on:

control functions and positions, which involve, each for their area of responsibility, the Board of Directors, the Risk and Related Parties Committee, the Internal Control and Risk Management System Director, the Board of Statutory Auditors, as well as the corporate functions with specific internal control duties;
procedures for coordination between the parties involved in the internal control and risk management system.

Board of Directors and Risk and Related Parties Committee;

The guidelines of the internal control and risk management system (below the "Internal Control and Risk System") are established by the Board of Directors. In this way, the Board ensures that the main risks to which the Bank is exposed are properly identified, measured, managed and monitored.

In this context, the Board of Directors revises and updates the Risk Appetite Framework (or "RAF") at least on an annual basis, and in line with the timelines for the budget process and definition of the financial plan, in order to ensure that the business is developed with a correct risk profile and in compliance with national and international regulations.

The Group Risk Appetite expresses the risk profile with respect to multiple dimensions (capital adequacy, profitability and risk, as well as controls on specific risks such as strategic, operational, information and security, credit, operational, market, sustainability, as well as funding and liquidity risks), defining reference metrics for each.

The definition process, revised from the previous version, has been structured to guarantee consistency with the budget, while the performance indicators (the "KPIs" or "Key Performance Indicators") were revised to include simple, comprehensible metrics.

FinecoBank's Risk Appetite Framework includes not only the list of relevant metrics, but also materiality thresholds: (i) the Risk Appetite thresholds represent the extent of risk the Bank is prepared to assume to achieve its budget objectives and defines the constraints for the development of the business; (ii) the Risk Appetitie thresholds represent alarm thresholds which activate the analysis of possible mitigation actions and must be reported promptly to the Chief Executive Officer; (iii) the Risk Capacity thresholds are the values that must not be exceeded; if exceeded, the Board of Directors must be informed. The Risks and Related Parties Committee, the Board of Directors and the Board of Statutory Auditors are informed on a quarterly basis of the progress of all KPIs and of any breach of materiality thresholds.

As regards responsibilities, the Corporate Bodies Regulations establish that the Board is responsible for the Internal Control and Risk System, providing guidance and assessing the adequacy of the system. It also identifies the following from within the Board:

− the director responsible for establishing and maintaining an effective internal control and risk management system (the "Internal Control and Risk Management System Director");
− an internal Committee called the "Risk and Related Parties Committee" consisting entirely of Independent Directors, which assists the Board of Directors, based on appropriate preliminary investigations, in its assessments and decisions concerning the Internal Control and Risk Management System, as well as the approval of periodical financial and nonfinancial reports.

The Board of Directors, with the prior approval of the above-mentioned Committee:

(a) defines the guidelines of the Internal Control and Risk Management System, assesses at least annually the consistency and adequacy of the Company's characteristics, its strategic direction and its risk profile, as well as its effectiveness, in terms of the ability to grasp the evolution of the business risks and the interaction between them, assigning the Internal Control and Risk Management System Director the task of establishing and maintaining an effective Internal Control and Risk System;

(b) after consulting the Board of Statutory Auditors, (i) appoints a person in charge of the Internal Audit function (the "Head of Internal Audit"), who is responsible for verifying that the Internal Control and Risk Management System functions properly; (ii) shall ensure that it is adequately resourced to discharge its responsibilities and (iii) subject to the favourable opinion of the Remuneration Committee, shall define its overall remuneration in line with corporate policies and shall assign and assess its performance targets;

(c) after consulting the Board of Statutory Auditors, and with the support of the Appointments Committee, appoints and revokes the appointment of the Heads of the Compliance, Risk Management, Anti-Money Laundering (of the Bank and the Group), as well as the deputy of the Anti-Money Laundering Officer, and for reporting suspicious transactions;

(d) appoints and removes, in compliance with the timetable provided for in the Bank of Italy AML Provision, with the support of the Appointments Committee, the Officer responsible for the Bank's and the Group's anti-money laundering, ensuring that the latter meets the conditions set out in Section III-bis of the same Provision, and ensures that such Officer is promptly informed of decisions which may affect the Bank's exposure to money laundering risk, providing for specific information flows in this regard;

(e) approves, at least once a year, the audit plan prepared by the Head of Internal Audit, subject to approval by the Risk and Related Parties Committee and the Internal Control and Risk Management System Director, and after consultation with the Board of Statutory Auditors;

(f) approves the Group's tax strategy, which sets out the guidelines and principles adopted by the Bank in the management of tax matters and, in particular, of the associated risk. In addition, at least once a year, and after the reporting to the Risk and Related Parties Committee, it is informed about the state of the internal control system for tax risk within the annual report on the tax risk situation;

(g) assesses, after consulting with the Board of Statutory Auditors, the findings of the external auditors in the audit opinion letter and the additional report on the audit work referred to in Article 11 of Regulation (EU) No 537/2014.

The Board of Directors assesses, among others and at least annually, the adequacy, functioning and effectiveness of the Internal Control and Risk System, with the aid of the Risk and Related Parties Committee, based on:

− reports from the heads of: the Compliance function, Risk Management function, Anti-Money Laundering function and Internal Audit function;
− reporting from the Financial Reporting Officer on the proper use of accounting standards and their consistency for the preparation of the consolidated financial statements;
− all relevant information for the monitoring of overall company risk, provided by the competent units and/or the external auditors.

The Board globally monitors the main company risks, with the aid of the Risk and Related Parties Committee in relation to which please refer to Paragraph 9.2.

With specific regard to compliance risk, the Board of Directors, after consulting with the Board of Statutory Auditors, (i) approves the risk management policies; (ii) evaluates, at least once a year and with the technical support of the Risk and Related Parties Committee, the adequacy of the organisational structure and the quality and amount of resources of the Compliance function, and analyses periodic reports on its controls on compliance risk management; and (iii) analyses the periodic reports on its audits in the context of compliance risk management.

In addition, the Board of Directors exclusively:

(a) determines the remuneration/incentive systems in favour of Key Personnel and the Personal Financial Advisors Network, and verifies that these systems do not increase business risks and are consistent with long-term strategies;

(b) prepares and submits the remuneration and incentives policy to the Shareholders' Meeting, on an annual basis, and is responsible for its proper implementation;

(c) sets the criteria for identifying the most significant transactions to be submitted for prior examination by the Risk and Related Parties Committee, and decides on transactions with related parties and associated persons, in accordance with the related procedures;

(d) takes decisions on the transactions of the Company and those of its subsidiaries, where those transactions have a significant strategic, economic, capital or financial impact for the Company; to that end, it establishes general criteria for identifying significant transactions.

The Board of Directors also approves the Bank's policy on the outsourcing of corporate functions.

In accordance with Supervisory Regulations on internal control systems, the Bank carried out the annual assessment (for the Financial Year) on the adequacy of the internal control and risk management system with respect to the characteristics of the business and the risk profile assumed, as well as its effectiveness, which was positive.

The Committee, in consideration of the checks/analyses carried out on the contributions brought to its attention by the various players in the Bank's Internal Control System, (e.g. periodic and/or event-based reports by the Heads of the Corporate Control Functions) and/or from the outside (e.g. requests and communications from the Supervisory Authorities), taking into account the passage under ECB Supervision and the expectations of growth and expansion of the Bank's activities, continued to support the further strengthening of the overall control system in order to provide the Bank with a structure fully adequate to its size and complexity, its development ambitions and the reference context. With this in mind, the Committee, which already in the past monitored the development path of the control functions after the exit from

the UniCredit group, monitored the phases of the project for the qualitative and quantitative strengthening of the Compliance function. The Committee, on the basis of the results of the control activities carried out, as well as of the further projects in progress, considers that the design of the internal control system is capable, within the limits of reasonableness, of identifying possible areas of weakness/improvement of the Internal Control System in a timely manner, and consequently of effectively directing/managing any corrective measures identified.

Also, in relation to business continuity the Board of Directors: (i) sets the objectives and business continuity strategies, ensuring sufficient human, technological and financial resources for the achievement of the objectives set; (ii) approves the business continuity plan and subsequent amendments as a result of technological and organisational changes, assessing and accepting the residual risks not managed by the business continuity plan; (iii) is informed, at least annually, of the results of controls on the plan's adequacy and on business continuity measures; (iv) appoints the manager responsible for the business continuity plan.

Specifically, the Bank's Business Continuity and Crisis Management framework includes the Emergency and Crisis Management Plan, which establishes the scale of emergency levels in the Company and the escalation rules, identifying the key roles in the management of emergencies/crises and the predefined management measures (plans), including the business continuity plan (and the disaster recovery plan which is an integral part of it). The manager responsible for the business continuity plan is appointed by the Board of Directors.

In emergency/crisis situations, the Board is informed (by the Managing Director and General Manager or by the Company Business Continuity Manager based on the Emergency Level) about the status of the emergency and in the event of serious problems for company operations due to serious incidents or malfunctions.

In the 2023 financial year, in order to further strengthen the regulatory oversight of the management of serious operational or security incidents, the emergency and crisis management guidelines were duly updated, in alignment with external reference regulations, as well as the plans concerned, in order to incorporate them and business developments, in the annual update. The Bank has maintained remote working as the main emergency management measure under the BC Plan. These BC&CM plans were subject to the usual annual audits by the relevant organisational units.

In line with the Group's governance guidelines and the evolution of the business, the Irish subsidiary Fineco Asset Management DAC has its own ECM, BC and DR plans; measures include remote working as a contingency solution in their business continuity plan.

With specific reference to compliance risk(18) , the Board of Directors, after consulting with the Board of Statutory Auditors, approves risk management policies. It also assesses, at least once a year and with the technical support of the Risk and Related Parties Committee, the adequacy of

⁽ ¹⁸) "Compliance risk" may be defined as the risk of incurring legal or administrative penalties, financial losses or sustaining reputational damage, as a result of failure to comply with financial and banking laws, regulations, codes of conduct and good practices.

the organisational structure, the quality and amount of resources of the Compliance function, and analyses periodic reports on that function's controls on the management of compliance risk.

The Board also assumes overall responsibility for the direction and control of the information system, with a view to the optimal use of technological resources in support of corporate strategies (ICT governance) as better indicated in Section 4.1.1, letter (w) of the Report.

Board of Statutory Auditors

The Board of Statutory Auditors of FinecoBank monitors the effectiveness, completeness, adequacy, functioning and reliability of the internal control and risk management system, and of the Risk Appetite Framework, in line with requirements of the Corporate Governance Code and the Supervisory Regulations.

It also monitors compliance with the Internal Capital Adequacy Assessment Process (ICAAP) and the completeness, adequacy, functioning and reliability of the business continuity plan.

With specific regard to the Board of Statutory Auditors also being able to take on supervisory board functions pursuant to Legislative Decree no. 231 of June 8, 2001, the Company considered it appropriate to assign these functions to a specifically created Body (see Paragraph 9.4 of this Report).

The Board of Statutory Auditors establishes appropriate working relations with the Risk and Related Parties Committee to carry out joint activities, according to their specific areas of responsibility.

To carry out its duties, the Board of Statutory Auditors may be assisted by the company's internal control units and functions to carry out and plan its verifications and the necessary assessments. To this end, it receives regular appropriate information flows or information on specific situations/company performance. Given this close connection, the Board of Statutory Auditors is specifically consulted about decisions regarding the appointment and revocation of appointment of the heads of the corporate control functions (Compliance, Risk Management, Internal Audit and Anti-Money Laundering), and also about the identification of the essential elements of the control system's overall architecture (powers, responsibilities, resources, reporting flows and handling conflicts of interest). With regard to its own activities, the Statutory Auditors may request the Internal Audit function to carry out specific audit activities in operational areas and on company operations. The Board of Statutory Auditors verifies and investigates the causes of and remedies operational irregularities, performance anomalies, and shortcomings in the organisational and accounting structure. Special attention is given to compliance with regulations on conflicts of interest.

Control Functions

FinecoBank's internal control system is based on four types of controls:

(i) level one controls ("line controls"): these are controls relating to individual activities and are carried out according to specific operational procedures based on a specific internal regulation; they are incorporated into the ICT procedures as much as possible. The operating structures have prime responsibility for the risk management process. Monitoring and continuously updating these processes is entrusted to "process supervisors" who are charged with devising controls able to ensure the proper performance of daily activities by the staff concerned, as well as the observance of any

delegated powers. The processes subject to control relate to units that have contact with customers, as well as completely internal Bank units;

(ii) level two controls: these are controls whose objectives include ensuring the proper implementation of the risk management process. The Risk Management function controls risks, as regards compliance with limits assigned to operating functions and the consistency of operations of individual production areas with established risk/yield objectives; The controls on the risks of failure to comply with company operations with rules, including self-regulations, are performed by the Compliance function. These functions assist in defining risk management policies and the risk management process;
(iii) level three controls: these controls are typical of internal auditing, based on analysis of information obtained from databases or company reports, as well as on-site controls. This type of control aims to identify breaches of procedures and regulations, in addition to periodically assessing the completeness, adequacy, functioning (in terms of efficiency and effectiveness) and reliability of the internal control system and information system (ICT audit) at a set frequency based on the nature and level of the risks. These controls are assigned to the Internal Audit function. To verify the compliance of the behaviour of the Group Companies with the guidelines of the Parent Company, as well as the effectiveness of the internal control system, the internal audit function of FinecoBank, at consolidated level, periodically carries out on-site controls on the members of the Group, based on the importance of the different types of risk assumed by the entities;
(iv) institutional supervisory controls: these refer to controls by the Bank's bodies, including in particular the Board of Statutory Auditors and the Supervisory Committee pursuant to Legislative Decree no. 231 of June 8, 2001.

According to the Supervisory Provisions, "corporate control functions" means the Compliance, Risk Managementand Internal Audit functions¹⁹ .

With reference to the "ICT and security risk control function", during the Financial Year, the Bank assigned specific tasks to the Risk Management (CRO) and Compliance functions with regard to the management and supervision of ICT and security risks. This organisational solution was adopted using an option permitted by the aforementioned Supervisory Provisions.

The responsibilities of the Bank's corporate control functions are set out below.

The Risk Management function

In accordance with the Supervisory Regulations, the Risk Management Function reports directly to the Managing Director and General Manager and has direct access to the Supervisory Body and the Control Body and communicates with them without restrictions or intermediation.

⁽ ¹⁹) Corporate control functions also include the anti-money laundering function, the validation function as governed by the relevant provisions and the ICT and security risk control function as governed by Chapter 4, Section II, Paragraph 4 of Circular No. 285/2013.

Within the scope of the tasks and responsibilities defined by the prudential regulations, the Risk Management Function, at Group level and in an integrated manner, oversees the processes of governance, measurement and control of risks in accordance with the strategies and policies established.

Within the level two controls, the Risk Management function is responsible for preventing and monitoring the Group's risks in its various components. In particular, the Risk Management Function carefully controls credit, market, operational/reputational, ICT, security, interest rate, liquidity, and sustainability risk, in collaboration with the level one structures for their respective areas of responsibility.

The Risk Management Function verifies the Second Pillar capital adequacy as well as through the development and maintenance of management models for determining the Internal Capital taking into account all the specific risks that the Group is exposed to that are not considered in the First Pillar (e.g. concentration risk and interest rate risk).

Specifically, the Risk Management function:

− is involved in defining the RAF, risk governance policies and various stages of the risk management process, as well as establishing operational limits for the various types of risk. In this context, it proposes quantitative and qualitative parameters necessary to define the RAF, which refer to stress scenarios and the modifications to those parameters in the event of changes in the Group's internal and external operating context.
− develops the capital adequacy assessment (ICAAP) and liquidity risk management (ILAAP) processes in accordance with regulatory requirements; it prepares its parts of the ICAAP and ILAAP document package addressed to the Supervisory Authorities and coordinates the contributions of the corporate functions involved;
− checks the adequacy of the RAF and on an ongoing basis the adequacy of the risk management process and operating limits; it defines and applies stress testing scenarios for each risk area, with particular regard to the ICAAP and ILAAP;
− is responsible for developing and maintaining the independence of risk measurement and control systems in order to report periodically to the control bodies and the Board of Directors;
− defines procedures for assessing and controlling reputational risk, coordinating with the compliance function and with the most exposed corporate functions;
− controls IT and ICT risks, ensuring that they are identified, measured, assessed, managed, monitored as well as reported and kept within the limits of the Bank's risk appetite, reporting accordingly to the Corporate Bodies. To this end, it contributes to the definition of the ICT and security risk management methodology, is informed of any activity or event that may significantly alter the risk profile, and participates in the risk assessment of projects for substantial changes to the information system;
− assists the Corporate Bodies in assessing strategic risk, monitoring the significant variables;
− ensures the consistency of risk control and measurement systems with the processes and methodologies for assessing the company activities, coordinating with company units concerned;
− develops and adopts indicators designed to identify anomalies and inefficiencies in risk control and measurement systems;
− analyses the risks of new products and services and risks from entering new operating and market segments;
− gives prior opinions on the consistency of material transactions with the RAF, and obtains

the opinion of other functions involved in the risk management process, based on the nature of the transaction;

− constantly monitors the actual risk assumed by the Group and its consistency with the risk objectives, as well as compliance with the operating limits assigned to the operating structures in relation to the assumption of the various types of risk, making any proposals to the Managing Director and General Manager for changes to contain the risks;
− checks the adequacy and effectiveness of measures taken to remedy inefficiencies identified in the risk management process;
− helps the Corporate Bodies in the performance of their respective tasks relating to the Internal Control System, facilitating the timely and coordinated gathering of all relevant information for the quantification and management of risk and the adoption of timely corrective measures where necessary.

The function also carries out monitoring and reporting for the Corporate Bodies, mainly through the quarterly report on the Group's risk exposure.

The Compliance Function

The Compliance function monitors the management of compliance risk(20) using a risk-based approach, for all the company operations, ensuring that internal procedures are appropriate for preventing this type of risk.

The Compliance function assists/supports management and Company employees in managing compliance risk and monitoring the correct conduct of business operations in order to ensure compliance with applicable regulations, internal procedures and best practice.

For an effective management of compliance risk, the Company must have a Compliance function. This function must be independent, with a sufficient number and quality of human and technical resources for the duties to be performed, able to freely interact with Senior Management and the Corporate Bodies. It must have access to all resources and company information and be able to report any matter directly to the higher hierarchical levels.

In particular, the Compliance function of the Parent Company is responsible for guiding, coordinating and monitoring compliance matters at Group level and is responsible for developing the Global Compliance Rules; setting standards of conduct for the regulatory areas applicable throughout the Group; developing Group methodologies for risk assessment and level two compliance controls; periodically providing senior management an overview of the status of compliance risks in the Group.

With a view to strengthening the internal control system, with effect from June 30, 2023, the Board of Directors approved a revision of the organisational structure of the Compliance Function. The revision is aimed at creating poles of excellence with a high degree of specialisation in corporate regulations, processes and procedures, through the redistribution of

⁽ ²⁰) Compliance risk may be defined as the risk of incurring legal or administrative penalties, financial losses or sustaining reputational damage, as a result of failure to comply with financial and banking laws, regulations, codes of conduct and good practices.

activities relating to Compliance Risk Assessment (CRA) and Level II Controls (2LCs), to the unit already responsible for external regulatory monitoring and consultancy activities, thus guaranteeing direct and vertical knowledge of the applicable assessments.

At the same time, in order to implement the provisions of the 40thupdate of Bank of Italy Circular 285 on ICT and Security Risk, specific second-level control tasks were assigned to the CRO and Compliancefunctions, for the purpose of managing and supervising ICT and security risks.

With specific reference to ICT & Security Compliance risk management, in compliance with the provisions of the reference regulatory framework (Bank of Italy Circular No. 285 - 40th update), the Compliance Function, through the support of the DPO Unit, Outsourcing, ICT & Security Compliance:

• ensures the compliance of ICT systems and projects, as well as of all activities carried out within the framework of the information system, with legal, regulatory or statutory provisions and internal regulations and codes applicable to the bank;

• contributes to the definition of the information security policy for the area of competence in order to ensure its adherence to the applicable regulations, working mainly with theICT & Security Office Department and the CRO Department;

• validates, as part of its internal policy evaluation process, the policy defining the Bank's ICT and security risk management methodology;

• contributes to the development, in coordination with the Chief People Officer Department and on the basis of input from the ICT & Security Office Department and the CRO Department, of the relevant training plan.

With regard to the regulatory areas under its responsibility, the Compliance function performs:

(i) direct oversight of all regulatory areas applicable to the company's business, with the exception of those covered by "indirect" oversight (as defined below);
(ii) indirect oversight of regulatory areas which are already subject to forms of control by specialist units within the Bank (in accordance with the Supervisory Regulations for banks issued by the Bank of Italy in Circular no. 285/2013 as amended).

The main areas covered by the direct oversight model are: provision of banking and financial services, banking transparency and consumer credit, consumer protection, credit intermediation, usury, credit management (including the relevant rules on sustainability), payment services, supervisory reporting (including significant shareholdings), prudential supervision (including shareholdings held by banks and banking groups), privacy, administrative liability for offences committed in the interest of the company, anti-money laundering and combating the financing of terrorism, sanctions and embargoes, corruption and unlawful receipt or giving of money or other benefits antitrust and unfair commercial practices, provision of investment services and activities (including the relevant sustainability rules), management of Group conflicts of interest, regulations relating to markets in financial instruments, centralised management of financial instruments, market abuse, promotion and distribution of insurance products (including the relevant sustainability rules), accessibility, risk activities towards related parties, remuneration and incentive systems (for employees and the PFA Network, including the relevant sustainability rules), ICT and security risk control function (ref. Circular No. 285/13, Part One, Title IV, Chapter 4 "The Information System") and outsourcing management.

For the purposes of covering the regulatory areas of competence, the Compliance function interacts with the relevant Control Authorities (e.g. European Central Bank, CONSOB, Bank of

Italy, IVASS, AGCM, Privacy Regulator) and supports relations with the competent local Control Authorities, maintained locally by the Entities.

The indirect oversight model envisages that, for a regulations that are already subject to specific forms of oversight capable of managing the compliance risks (e.g.: occupational safety regulations), the tasks of the Compliance function can be scaled. The Compliance functions remains responsible in any event, in cooperation with the specialist functions, at least for developing the methodologies for assessing compliance risk and identifying the related procedures, and verifying the adequacy of those procedures for preventing compliance risk.

Currently, in FinecoBank, specialist supervision has been assigned to the following corporate functions: Corporate Law & Board Secretary's Office; Human Resources – Industrial relations, Labour & Welfare Policies; GBS – Bank Organisation and Operations – Organisational Development and Business Continuity; GBS - Real Estate; CFO - Tax Compliance; CFO – Sustainability

In performing its duties, the Compliance function has access to all Bank operations, at both a central and peripheral level, and to all information considered significant, also through direct interviews with personnel.

To this end, the Bank, in line with current national and international best practice, has an internal whistleblowing system for employees to report any irregularities or violations of applicable regulations and internal procedures, which provides a specific, confidential information channel and guarantees the anonymity of the whistleblower. The system, managed by the Compliance function, is available to employees, personal financial advisors and thirdparty providers.

FinecoBank's Compliance structure is divided into the Compliance Department, consisting of the following Units, for each of which a description of the most relevant tasks and activities is set out below: Compliance Culture & Governance, Transparency & Customer Protection, Investment Services, Markets & Regulatory Reporting DPO, Outsourcing & ICT Security Compliance, Anti-Money Laundering and Anti-Corruption Function (without prejudice, with reference to the latter, to what is better specified in the following paragraph) each dedicated, for the regulatory areas of their respective competences, to advisory activities, to the identification and assessment of non-compliance risks and to the definition and performance of second-level controls.

COMPLIANCE CULTURE AND GOVERNANCE

The unit is responsible for the ongoing monitoring and identification of external regulations applicable to the Bank and the measurement/assessment of their impact on corporate processes and procedures, falling within the scope of its areas of responsibility, such as Administrative Responsibility of the Company - Legislative Decree 231/01, whistleblowing, remuneration and incentive systems for employees and the PFA Network, The unit also:

supports the Compliance Officer in analysing, assessing and handling reports of unlawful conduct within the FinecoBank Group by employees and third parties, received in accordance with the procedures defined by internal whistleblowing regulations and procedures;
participates, when requested, in working groups for the profiles of competence, also with a view to the correct application of the regulations;
supports the Supervisory Board 231 in the updating and implementation activities of FinecoBank's Organisation and Management Model, including the definition/updating of the

decision-making protocols in which sensitive corporate activities and related offences are identified, possibly involving the corporate structures concerned from time to time;

performs secretarial work (e.g. calling of meetings, minutes) for the 231 Supervisory Board, the Risk and Related Parties Committee, the Products Committee and the Internal Control Business Committee.

DPO, OUTSOURCING, ICT & SECURITY COMPLIANCE

The unit is in charge of the continuous monitoring and identification of external regulations applicable to the Bank and the measurement/assessment of their impact on corporate processes and procedures, falling within the scope of its areas of competence, such as privacy, ICT & Security Compliance (control of ICT and security risks to the extent of its competence), outsourcing (including ICT Third Parties).

With a focus on ICT & Security Compliance, the unit supports the Compliance Department in the activities described earlier in this Section.

The unit is informed of any activity or event that materially affects the Bank's risk profile, significant operational or security incidents, as well as any substantial changes to ICT systems and processes, and is actively involved in projects for substantial changes to the information system in order to assess its adherence to the regulations applicable to the Bank.

The Unit Manager, by resolution of the Board of Directors of FinecoBank, is assigned the role of Data Protection Officer - DPO.

MARKETS & REGULATORY REPORTING

The unit is responsible for the ongoing monitoring and identification of external regulations applicable to the Bank and the measurement/assessment of their impact on business processes and procedures, with reference to regulations aimed at ensuring the integrity and transparency of markets in financial instruments.

Specifically, the unit deals with: (i) market abuse; (ii) financial benchmarking; (iii) EMIR and SFTR obligations; (iv) short selling; (v) centralised management of financial instruments; (vi) significant shareholdings.

INVESTMENT SERVICES

provision of investment services and activities (in particular in relation to MiFID II regulations
including relevant sustainability issues);
Sustainable Finance Disclosure Regulation (SFDR);
Packaged Retail Investment and Insurance-based Investments Products (PRIIPs);
promotion and distribution of Insurance-based Investment Products (IBIPs) in the provision of investment services and other insurance products (Insurance Distribution Directive - IDD regulations);
promotion and distribution of pension funds;
identification, prevention and management of conflicts of interest related to the provision of investment services and activities;
unfair commercial practices (misleading commercial practices, misleading omissions and aggressive commercial practices) in relation to investment instruments, products and services.

TRANSPARENCY & CUSTOMER PROTECTION

The unit is responsible for the ongoing monitoring and identification of external regulations applicable to the Bank and the measurement/assessment of their impact on corporate processes and procedures, falling within the scope of its responsibilities, such as the provision of banking, credit and payment services.

In particular, for these services, the unit deals with the areas of: (i) transparency, (ii) usury, (iii) unfair commercial practices (misleading commercial practices, misleading omissions and aggressive commercial practices), (iv) consumer protection, (v) conflicts of interest and risk activities with related parties, (vi) sustainability.

ANTI-MONEY LAUNDERING AND ANTI-CORRUPTION FUNCTION (21)

The unit is responsible for the ongoing monitoring and identification of the external regulations applicable to the Bank and the measurement/assessment of their impact on the Bank's processes and procedures in the areas of anti-money laundering, combating the financing of terrorism, financial sanctions (hereinafter also referred to as anti-money laundering) and anti-corruption. It supports the Chief Executive Officer and General Manager in defining the Group's anti-money laundering policy as required by the relevant external standard, for subsequent approval by the Board of Directors, and in its implementation at all stages of the anti-money laundering risk management process. It oversees the drafting of other internal regulations and interpretative notes for the Bank, within its area of competence, in order to ensure the correct application of the relevant external regulations.

The unit also ensures the implementation of the same policies and guidelines, involving the other structures of the Bank from time to time concerned, and verifies on an ongoing basis that corporate procedures are consistent with the objective of preventing and countering the violation of anti-money laundering and anti-terrorism rules, as well as the application of financial and anti-corruption sanctions.

The unit is assigned the role of Anti-Money Laundering Function for the Bank required by current legislation; By virtue of this role, it provides:

collaborate in defining the system of internal controls, processes and procedures aimed at preventing and combating money laundering risks;
continuously verify the adequacy of the overall money laundering risk management process and the suitability of the system of internal controls, processes and procedures, and propose organisational and procedural changes to ensure adequate money laundering risk management;
assess in advance the money laundering risk associated with offering new services, significantly modifying products or services already offered, entering a new market or starting new activities, and then recommend the measures necessary to mitigate and manage these risks;
verifying the reliability of the information system for fulfilling the obligations of customer due diligence, data retention and suspicious transaction reporting;
conduct, in liaison with the head of the SOS, checks on the functionality of the reporting process and the appropriateness of the assessments made by the first level on customer operations;
conduct, in liaison with the other corporate functions concerned, the annual self-assessment

exercise of the money laundering risks to which the Bank is exposed;

providing support and assistance to corporate bodies and top management;
generate and transmit monthly Aggregated Anti-Money Laundering Reporting - S.A.R.A. to the FIU;
transmit to the FIU, on the basis of instructions issued by it, objective communications concerning transactions at risk of money laundering;
define, in agreement with the Head of Suspicious Transaction Reporting, procedures for handling reports from first-level structures concerning high-risk situations, for subsequent approval by the Managing Director and General Manager;
promptly inform the Corporate Bodies of breaches or significant deficiencies encountered in the performance of their tasks.
periodically inform the corporate bodies of the progress of the corrective actions taken in the face of deficiencies found in the control activity and of the possible inadequacy of the human and technical resources assigned to the anti-money laundering function and the need to strengthen them;
prepare information flows on anti-money laundering activities directed to corporate bodies and top management;
ensure that the internal reporting procedures for violations (under Article 48 of the Anti-Money Laundering Decree) adopted are brought to the attention of all personnel;
prepare policies and operating procedures for remote customer onboarding to comply with customer due diligence requirements, for subsequent approval by the competent corporate bodies (Board of Directors and Chief Executive Officer and General Manager, respectively); therefore, ensure that they are implemented effectively, reviewed periodically and amended as necessary.

In the event of outsourcing of tasks assigned to the anti-money laundering function, the Anti-Money Laundering Officer is required to follow the provisions of the relevant internal rules.

In order to ensure the independence of the Anti-Money Laundering Function, the unit reports directly to the bodies with strategic supervision, management and control functions and has access to all the Bank's activities, as well as to any information relevant to the performance of its duties. The unit prepares, at least once a year, a report for the Board of Directors, the Board of Statutory Auditors and the Supervisory Board on the initiatives taken, the dysfunctions ascertained and the relevant corrective actions to be taken, as well as on the training activities of personnel (employees and PFAs) in order to enable the aforesaid bodies to perform their supervisory duties as provided for by Legislative Decree No. 231/2007.

The unit cooperates with the authorities referred to in Title I, Chapter II of Legislative Decree 231/2007, as a specialised corporate anti-money laundering watchdog. The Unit Manager is assigned the role of Head of the Anti-Money Laundering Function by resolution of FinecoBank's Board of Directors, after consultation with the Board of Statutory Auditors, with the support of the Appointments Committee and subject to the opinion of the Risk and Related Parties Committee; for the performance of its activities, it has access to all the Bank's activities, as well as to any information relevant to the performance of its tasks. The Head of the Anti-Money Laundering Function, who ensures the ownership and implementation of an appropriate programme for the management of Financial Sanctions, is assigned responsibility for Financial Sanctions.

With reference to the Fineco banking group, the Head of the Anti-Money Laundering Function of the parent company acts as Group Anti-Money Laundering Officer.

In liaison with the Bank's functions responsible for training, the unit ensures the preparation of an adequate anti-money laundering training plan and provides for the identification of anticorruption training needs in order to define the appropriate training activities, so as to achieve continuous updating of employees and collaborators, including PFAs; It also defines indicators of the effectiveness of the training activity carried out. It provides the results of anti-corruption training to the Compliance Culture & Governance unit for integration into the overall annual training plan and the related periodic reporting on compliance matters.

Finally, from a structural point of view, in the light of the above, it should be noted that the unit is divided into teams: (i) Governance and Controls for Anti-Money Laundering and Anti-Corruption; (ii) Anti-Money Laundering and Anti-Corruption Service; (iii) Suspicious Transaction Reports.

9.1 Chief Executive Officer

In order to comply with Article 6, Recommendation 32 of the New Corporate Governance Code (formerly Principle 7.P.3 of the Corporate Governance Code), in compliance with the Supervisory Provisions issued by the Bank of Italy, the responsibility for the internal control and risk management system, also aimed at contributing to the sustainable success of the Company, also pursuant to the New Corporate Governance Code, lies with the Board of Directors, which plays a role in guiding and assessing the adequacy of the system and identifies the Chief Executive Officer and General Manager, Mr. Alessandro Foti, as the director in charge of the institution and the Board of Statutory Auditors and maintaining an effective internal control and risk management system (hereinafter, the "Director in Charge")

In the context of the Internal Control System, primarily the Director in Charge, also pursuant to the New Corporate Governance Code:

− ensures the identification of the main corporate risks, taking into account the characteristics of the activities carried out by the Company and its subsidiaries, and submits them to the Board of Directors for examination;
− is responsible for the implementation and performance of the stress testing plan and ensures that clear responsibilities and sufficient resources are assigned and distributed and that all elements of the plan are properly documented and regularly updated in the internal procedures;
− defines the tools and methods for implementing the risk management and control system, in execution of the Board of Directors' guidelines through the design, management and monitoring of the internal control and risk management system, establishing the operational limits to the assumption of the various types of risk, facilitating the development and dissemination of a risk culture, making use of the competent corporate structures and functions;
− oversees the implementation of the strategic guidelines and money laundering risk governance policies approved by the Board of Directors and is responsible for the adoption of all actions necessary to ensure the effectiveness of the organisation and the system of antimoney laundering controls;
− ensures the overall adequacy of the system, its effective operation and its adaptation to changes in the operating environment and in the legislative and regulatory landscape;
− assigning, where necessary, the Internal Audit function with the task of carrying out checks on specific operational areas and on compliance with internal rules and procedures in the execution of corporate transactions, simultaneously notifying the Chairman of the Board of

Directors, the Chairman of the Risk and Related Parties Committee and the Chairman of the Board of Statutory Auditors;

− implementing follow-up measures for the Internal Control and Risk System after controls have been carried out, adopting necessary corrective measures or actions if inefficiencies or anomalies are identified, or after the introduction of new products, activities, services or processes that are significant, in order to continuously ensure the completeness, adequacy, functioning and reliability of the internal control system; reporting the results of the checks, envisaged in the risk management and control system, to the Board of Directors;
− promptly reports to the Risk and Related Parties Committee and to the Board of Directors on problems and critical issues that have emerged in the performance of its activities or of which it has otherwise become aware so that the latter may take the appropriate initiatives.

In addition, the Director in Charge has, inter alia, the duty and responsibility to:

− establishing the responsibilities of the corporate structures and functions involved in the risk management process, to ensure that their tasks are clearly assigned and potential conflicts of interest are prevented;
− establishing and overseeing the adoption of the process to approve investments in new products, the distribution of new products or services or start of new activities or entry into new markets, or the adoption of processes and methods to evaluate company operations, in particular financial instruments, overseeing ongoing updates;
− defining and overseeing the implementation of company policy on the outsourcing of corporate functions;
− defining internal information flows to ensure that the Corporate Bodies and the Corporate Control Functions are fully aware of and can govern risk factors and compliance with the Group's risk objectives (Risk Appetite Framework – RAF);
− authorising, within the RAF and where a tolerance threshold has been defined, the risk appetite being exceeded, within the tolerance threshold limit, reporting to the Board of Directors and identifying the management actions necessary to return the risk to within the target set;
− approving the annual plan of testing of the business continuity measures and reviewing the test results documented in writing;
− ensuring proper, timely and secure management of information for accounting, management and reporting purposes;
− ensuring the completeness, adequacy, functionality (in terms of effectiveness and efficiency) and reliability of the Bank's information system.

With reference to the ICAAP and ILAAP process, the Director in Charge implements this process by ensuring that it is in line with the strategic guidelines and the RAF and that it meets the following requirements: it considers all relevant risks; it includes forward-looking valuations; it uses appropriate methodologies; it is distributed to the internal units; it is adequately formalised and documented; it identifies the roles and responsibilities assigned to the corporate functions and units; it is managed by an adequate number of competent resources, in a hierarchical position sufficient to ensure compliance with the planning; it is an integral part of the management activities.

The Director in Charge submits the ICAAP/ILAAP Annual Report to the corporate bodies, with the support of the Chief Risk Officer and the Chief Financial Officer.

With specific regard to credit and counterparty risk, in line with strategic policies, the Director in Charge shall approve specific guidelines designed to ensure the effectiveness of the system

for managing credit risk mitigation techniques and guarantee compliance with the general and specific requirements of such techniques.

With specific regard to internal risk measurement systems for defining capital requirements, the Managing Director and General Manager has the following duties:

− responsibility for the structure and functioning of the system chosen; to perform this duty, he/she shall have an adequate knowledge of relevant aspects;
− issuing instructions to ensure that the system chosen is developed based on identified guidelines, assigning duties and responsibilities to the corporate functions and guaranteeing the formalisation and documentation of the stages of the risk management process;
− ensuring that risk measurement systems are integrated into decision-making and operational management processes;
− considering observations made following the internal audits.

Finally, the Managing Director and General Manager are entrusted with specific tasks pertaining to matters provided for by internal company regulations.

The Managing Director and General Manager may be invited, by the Chairman of the Committee, to attend the meetings of the Risk and Related Parties Committee. Within these meetings, he/she reports to the Committee on the relevant issues on the agenda, providing clarifications where necessary and responding to any requests for further information from the Committee.

During the year 2023, the responsibilities of the Chief Executive Officer and General Manager, in their role as a Body with a Management Function, were updated and integrated in the governance and organisation of the Bank's information system, in order to strengthen, among other things, the controls over action plans to achieve ICT strategy objectives, ICT risk management, and the approval of procedures and processes for managing ICT operations, in line with the provisions of the 40th update of Bank of Italy Circular no. 285 on ICT risk and security,

In addition, the responsibilities of the Chief Executive Officer and General Manager were integrated in compliance with the provisions of the Bank of Italy Order of August 1, 2023, amending the "Provisions on organisationprocedures and internal controls aimed at preventing the use of intermediaries for the purposes of money laundering and terrorist financing" of March 26, 2019 and the EBA Guidelines on the use of remote client onboarding solutions (EBA/GL 2022/15), transposed in Italy through an amendment to the previous Bank of Italy Provisions on Adequate Client Verification (Bank of Italy Provision of July 30, 2019).

9.2 Risk and Related Parties Committee

9.2.1 Composition and functioning of the Risk and Related Parties Committee (pursuant to Article 123-bis, paragraph 2, letter d) of the TUF)

The Board of Directors appointed members of the Risk and Related Parties Committee on April 27, 2023; all of its members are non-executive and independent Directors.

Furthermore, in accordance with Article 6, Recommendation 35 of the New Corporate Governance Code, under which at least one member of the committee is required to have

adequate experience in accounting and finance or risk management, the Board of Directors established that all members of the Risk and Related Parties Committee, on their appointment, met the above requirements, and more generally, had the knowledge, expertise and experience to fully understand and monitor the Bank's risk strategies and guidelines.

You are reminded that, in accordance with the Supervisory Regulations on Corporate Governance in force at the date of approval of this Report, the Chairman of the Committee cannot be the Chairman of the Board of Directors or the Chairman of other Committees. It is also good practice, depending on the skills required to hold the position and to ensure the effective performance of the related tasks, to have a Director elected by minority shareholders on the Committee.

As at the date of approval of this Report, the composition of the Risk and Related Parties Committee was as follows:

Name	Executive	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Maria Alessandra Zunino de Pignier		X	X	X	18/18 (100%)	C
Arturo Patarnello		X	X	X	18/18 (100%)	M
Elena Biffi		X	X	X	18/18 (100%)	M
Maria Lucia Candida		X	X	X	18/18 (100%)	M
Marin Gueorguiev		X	X	X	18/18 (100%)	M
	------------- Members leaving office during the financial year-------------

N.A.

No. of Committee meetings from April 27 to December 31, 2023: 18

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

The total number of meetings takes into account the meetings of the Board of Directors scheduled after the date of the Shareholders' Meeting that appointed the new Board of Directors (i.e. April 27, 2023). For meetings of the Risk and Related Parties Committee held prior to that date, please refer to the table concerning the composition of the Board prior to the aforementioned Shareholders' Meeting.

* * *

With reference to the composition of the Risks and Related Parties Committee until April 27, 2023, the relevant summary table is shown below:

Name	Executive	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Francesco Saita		X	X	X	13/13 (100%)	C
Paola Giannotti De Ponti		X	X	X	9/13 (69%)	M
Elena Biffi		X	X	X	13/13 (100%)	M
Maria Alessandra Zunino de Pignier		X	X	X	13/13 (100%)	M
Marin Gueorguiev		X	X	X	13/13 (100%)	M
	------------- Members leaving office during the financial year-------------

N.A.

No. of Committee meetings up to April 27, 2023: 13

(*) This column shows the percentage of Directors' attendance at Committee meetings (no. of attendances/no. of meetings held during the actual period in office of the person concerned) during the Financial Year up until April 27, 2023.

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

* * *

The members of the Risk and Related Parties Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at December 31, 2025.

The Risk and Related Parties Committee meets, also by means of telecommunication, as often as necessary to perform its functions, and at the request of any of its members or the Chairman of the Board of Statutory Auditors.

If the Chairman is absent or incapacitated, the oldest member of the Committee acts as Chairman.

The Chairman of the Board of Statutory Auditors or another Statutory Auditor designated by the Chairman of the Board of Statutory Auditors attends the Committee meetings as of right. The Manager in charge of preparing the company's accounting documents, the Head of the Internal Auditthe Head of the Compliance Function and the Chief Risk Officer; Directors and senior managers of the Company may also be requested to take part in meetings for specific matters, as well as external auditors; in particular, for AML matters, the Head of the related function always takes part.

The Chairman of the Board of Directors and the Managing Director and General Manager of the Company may take part in meetings.

With regard to the activities related to opinions on transactions carried out by the Bank with persons in potential conflict of interest pursuant to the Global Policy, for each transaction considered, the members of the Risk and Related Parties Committee must be different from the counterparty and its related parties.

If a member of the Committee is a counterparty in the transaction (or connected to the counterparty), he/she must promptly inform the Chairman of the Board of Directors and the Chairman of the Risk and Related Parties Committee and refrain from taking part in any further business of the Committee that refers to that transaction.

In such case, the Committee takes its decision with the casting vote of the Committee Chairman in the event of a tie.

9.2.2 Functions assigned to the Risk and Related Parties Committee

The duties assigned to the Risks and Related Parties Committee are described below.

The role of the Committee is to provide information support, advice, make proposals and enquiries, based on a risk-based approach, in defining guidelines for the entire internal control system, and to assess its effectiveness and efficiency, so that the main risks are properly identified and appropriately measured, managed and monitored, subject to the Board of Directors' power to make all relevant decisions.

The Risk and Related Parties Committee helps to promote a corporate culture that values the control function, steering it towards a risk-oriented approach.

The Committee's mission also includes evaluating the correct use of accounting standards in preparing financial statements and their consistency for the purposes of preparation of the consolidated financial statement, as well as overseeing the effectiveness of audits and the activities of external auditors.

The Committee is also responsible for transactions with related parties and associated persons in accordance with the Related-Party Regulations, pursuant to the applicable Supervisory Regulations, as well as transactions with other persons in potential conflict of interest in accordance with the Global Policy.

The Risk and Related Parties Committee, among other things:

(a) identifies and proposes to the Board, with the contribution of the Appointments Committee, the heads of the corporate control functions (Compliance, Internal Audit, Risk Management and Anti-Money Laundering (of the Bank and the Group), as well as the deputy of the Anti-Money Laundering Manager) and the person in charge of reporting suspicious transactions to be appointed and assesses their removal;
(b) identifies and proposes to the Board, in compliance with the timetable set forth in the Bank of Italy AML Provision, with the support of the Appointments Committee, the Officer in charge of anti-money laundering for the Bank and the Group, ensuring that the latter meets the conditions set forth in Section III-bis of the Bank of Italy AML Provision;
(c) supports the Board, to the extent of its competence and with the help of the Appointments Committee, in the process of verifying the satisfaction of the suitability requirements for the heads of the main corporate functions (i.e. AML Officer, Compliance Officer, Head of Internal Audit, Chief Risk Officer, Chief Financial Officer and Financial Reporting Officer) pursuant to current legislation, including internal regulations;
(d) provides opinions on specific aspects relating to the identification of key corporate risks, which is also carried out through the annual process of definition of the RAF;
(e) contributes to the definition, using a risk-based approach, of the guidelines of the internal control system, so that the main risks facing the Company and the Group are correctly identified and adequately measured, managed and monitored, providing recommendations to the Board on compliance with the principles with which the internal control system and business organisation need to be aligned, and the requirements that need to be met by the Compliance, Internal Audit, Risk Management and Anti-Money Laundering functions, bringing to the attention of the Board any weaknesses, along with the resulting corrective actions to be taken;
(f) reports to the Board of Directors, at least every six months, when the annual financial statements and the half-yearly financial statements are approved, on the activities carried out and the adequacy of the Company's Internal Control and Risk Management System;
(g) performs a prior examination of the activity schedules (including the Internal Audit plan) and the annual reports of the Compliance, Anti-Money Laundering, Internal Audit and Risk Management functions that are submitted to the Board;
(h) examines the periodic reports and audit reports produced by the Internal Audit function and evaluates any findings, monitoring the elimination of reported deficiencies/irregularities, the implementation of the proposed remedies and the adoption of any recommendations;
(i) monitors the independence, adequacy, effectiveness and efficiency of the Internal Audit function;
(j) carries out appropriate preliminary activities to support the assessments and decisions of the Board of Directors regarding the management of risks arising from detrimental events that come to the knowledge of the Board of Directors;
(k) contributes, through assessments and opinions, to defining the company policy on outsourcing of control functions;
(l) verifies that the Compliance, Internal Audit, Risk Management and Anti-Money Laundering functions comply correctly with the instructions and guidelines from the Board and assists the latter in preparing the coordination documents required by the Supervisory Regulations;
(m) after consulting the Financial Reporting Officer, the statutory auditor and the control body, assesses the correct use of the accounting standards and their consistency for the purposes of preparing the consolidated financial statements;
(n) examines the process of preparing interim reports required by law, as well as the annual financial statements, based on reports from the competent functions;
(o) assesses, for the matters within its remit, the suitability of the periodic, financial and nonfinancial reporting to correctly represent the company's business model, strategies, the impact of its activities and its performance;
(p) examines the content of the periodic non-financial reporting relevant to the internal control and risk management system;
(q) supervises the Group auditing process, reviewing the work plan prepared for the audit, the results contained in the report and any letters of recommendations;
(r) meets at least once a year with the external auditors;
(s) examines reports received from the Board of Statutory Auditors, from the Supervisory Board pursuant to Legislative Decree no. 231 of June 8, 2001, and the Regulatory Authorities, assessing the findings and ensuring that any abnormal situations or deficiencies are remedied;
(t) can ask the Internal Audit function to assess specific operating areas, giving simultaneous notice to the Chairman of the Board of Statutory Auditors, the Chairman of the Board of Directors and the Internal Control and Risk Management System Director;
(u) provides its opinion to the Board of Directors on the Report on corporate governance and ownership structures, for the purpose of describing the key characteristics of the Internal Control and Risk System and the methods of coordinating the parties involved in it (specifying the reference national and international models and best practices), and of assessing the adequacy of the Internal Control and Risk System;
(v) formulates prior opinions (binding, where appropriate) on the procedures governing the identification and management of transactions carried out by the Company with persons in potential conflict of interest pursuant to the Global Policy, as well as on any amendments thereto;
(w) provides preliminary, justified opinions, where expressly required, on the interest in completing transactions with persons in potential conflict of interest put in place by the Bank (22) , and the convenience and substantial correctness of the relevant conditions;
(x) in the case of significant transactions with persons in potential conflict of interest (²³), the Risk and Related Parties Committee is involved – if so deemed by the same, by means of one or more appointed members – in the negotiations and the preparatory phase by receiving a complete and timely information stream, with the power to request information and to make observations to the delegated bodies and the persons in charge of the negotiations or the investigation.

With particular regard to the tasks in matters of risk management and control, the Risk and Related Parties Committee provides support to the Board:

in defining and approving strategic guidelines and risk management policies; in the context of the Risk Appetite Framework (RAF), the Risk and Related Parties Committee carries out the evaluation and proposal making activity required to ensure that the Board of Directors, as required by the Supervisory Regulations, can define and approve the risk objectives ("Risk Appetite") and the risk tolerance threshold ("Risk Tolerance");
in verifying the correct adoption of risk governance strategies and policies and the Risk Appetite Framework (RAF);
in the definition and approval of the Group's recovery plan;

⁽ ²²) In accordance with the Global Policy.

⁽ 23) In accordance with the Global Policy.

in the definition and revision where appropriate of the policy on resolution governance that defines the governance rules for the Bank's resolution strategy and assists the Board in overseeing its implementation;
in defining policies and processes for evaluating company activities, including verification that the price and conditions of transactions with customers are consistent with the business model and risk strategies;
with regard to banking, financial, investment and insurance products, in relation to: (i) defining the process for approval of new products and services, the commencement of new business and the entry into new markets; (ii) approving and updating policies containing guidelines on Product Governance requirements; (iii) monitoring the process of governance of financial instruments, using the reports from the Compliance function, which systematically include information about the financial instruments produced by the intermediary, the services offered and the distribution strategy; (iv) approving proposals for unilateral amendments pursuant to Article 118 of the TUB.
as part of the general responsibility for the direction and control of the information system.

Without prejudice to the responsibilities of the Remuneration Committee, the Risk and Related Parties Committee is involved in the process of identifying the Bank's key personnel and ensures that the incentives underlying the remuneration and incentive system are consistent with the RAF, taking into account in particular risks, capital, liquidity, in line with current regulations (see Bank of Italy Circular no. 285 and the EBA "Guidelines on sound remuneration policies under Directive 2013/36/EU"). In addition, without prejudice to the competences of the Remuneration Committee, the Risk and Related Parties Committee is involved in the definition of the overall remuneration and on the assignment and relative evaluation of the performance objectives of the Heads of the corporate control functions (Head of the Compliance function, Chief Risk Officer, Head of the Internal Audit function, Head of the Anti-Money Laundering function); formulating with reference to Internal Audit an explicit opinion on the definition of the overall remuneration and on the allocation and evaluation of performance objectives,

The Risks and Related Parties Committee and the Board of Statutory Auditors exchange all information of mutual interest and, where appropriate, coordinate the development of their respective tasks.

9.2.3 Activities performed

During the Financial Year, the Committee carried out the tasks assigned to it by the Board of Directors, acting in an advisory, propositional and investigative capacity in relation to matters concerning the internal control and risk management system.

In this regard, the Committee met a total of thirty-one times; the meetings lasted an average of about three and a half hours, analysing the results of the activities carried out by the control functions (Audit, Compliance, Anti-Money Laundering and Risk Management) and by the IT manager through an in-depth examination of the quarterly reports prepared by those functions. Minutes were taken for each meeting by the designated secretary.

The Committee assessed the correct use of accounting principles for the preparation of the financial statements as at 31.12.2022, meeting with the Financial Reporting Officer and the Independent Auditors, receiving information on the audit plan and the identification of key

aspects of the same, as well as the accounting principles used for the preparation of the consolidated half-year financial report as at 30 June 2023.

During the year, it received the reports on the system of internal controls on Financial Reporting required by Law 262/2005 (Law on Savings) on the adequacy of the administrative and accounting procedures provided for by the Administrative Accounting Model and ICT General Controls.

It monitored how the corporate governance rules set forth in the Corporate Governance Code were implemented in practice, including by reviewing the Governance Report.

The Committee was informed on a quarterly basis on transactions with connected/related parties for which there was no need to express an opinion.

In several meetings, the Committee examined the formation of the RAF 2024 in terms of changes to the indicators used, as well as the CRO Dashboard used to verify the staff incentive plans, and expressed its opinion on the remuneration and assignment and evaluation of performance objectives for the Head of Internal Audit, analysed these profiles for the other Heads of the corporate control functions (Compliance, CRO, Anti-Money Laundering), and analysed the incentive system for the most relevant staff and Identified Financial Advisors, supported by the opinion of the Compliance function.

The Committee carried out its role of monitoring, support and interlocution with respect to the control functions of the bank. With reference to the Internal Audit area, the activities involved monitoring the progress of the Audit Plan and the Function's guidelines for the purposes of planning the checks. Particular attention was paid to the methods of carrying out the Quality Assurance Review of the area carried out by an external consultant. As part of the interactions with the Compliance Function, in addition to following the progress of the improvement actions identified following the findings that emerged during the inspections carried out by the Supervisory Authorities, referred to below, the actions falling within the competence of the Committee are highlighted relating to the provisions of the 40th update of Circular no. 285/2013 "Supervisory Regulations for Banks" concerning the implementation of guidelines on risk management relating to information and security technologies. Equally of interest for the general strengthening of the bank's control systems was the activity carried out in concert with the Anti-Money Laundering function, the Organization and Operations Management and the Chief People Officer in order to implement the organizational changes connected to the Bank of Italy measure. 'Italy of 1 August 2023 on the subject of organization for AML/FT purposes which led, among other things, to the creation of the Anti-Money Laundering and Anti-Corruption Directorate operational from 2024.

The Committee analysed the proposals presented by the competent management structures also with regard to the areas of credit, concentration and market risk management, as well as operational and reputational risks, an activity that was developed continuously over the two half-year periods, also in response to a series of solicitations that emerged in the dialogue with the supervisor.

Among the policy actions exercised in the area of risk management, mention should be made of the in-depth studies carried out in concert with the head of Risk Management, regarding the possible evolution of models for the management of credit, market, operational and reputational risks, as well as the adjustments hypothesised with reference to the on-demand items model for the purposes of more effective monitoring of liquidity risks.

The Committee continuously monitored the status of internal controls, pointing out, inter alia, the importance of increasing their quality and efficiency, consistent with the Bank's business development projects. It carried out, inter alia, in-depth studies on the current state and prospective evolution of the staffing and skill mix of the control functions.

More specifically, during the first half of 2023, the Committee, in addition to carrying out its ordinary activities, conducted numerous in-depth studies on specific issues. These included: monitoring the implementation of the areas for improvement identified downstream of Consob's inspection activity concerning procedures for the provision of investment services and adjustments to the MIFID regulations, and the inspection, initiated by the Bank of Italy in February 2023 and concluded on 19 May 2023, on compliance with the regulations on the fight against money laundering and terrorist financing. Monitoring activities continued in the second half of the year.

The Committee also evaluated in several meetings, for the aspects falling within its competence, the proposal of the so-called "System Solution" for Eurovita policies and examined the subsequent requests of the Supervisory Authorities relating to the insurance company's products.

The Committee also examined the preliminary results of the SSM stress test exercise - to which the Bank was subjected for the first time.

During the second half of the year, the Committee examined in detail the measures planned by the Bank in response to the ECB supervisory initiatives (SREP letter) and the requests of the SRB (Budgeted Multi-annual Resolvability Work Programme 2023); it also reviewed the periodic updates on the progress of the On Site Inspection called Asset Quality Review (AQR) that began on 11 April and ended in October. The Committee was also informed of the final results of the SSM stress test exercise to which the Bank was subjected. The Committee monitored the status of internal controls on an ongoing basis, highlighting, inter alia, the importance of increasing their quality and efficiency, consistent with the Bank's business development plans.

Il Comitato ha relazionato sistematicamente il Consiglio di amministrazione sulle attività di vigilanza, verifica ed esame svolte e i risultati delle stesse fornendo la sua valutazione sul disegno del sistema di controllo interno.

Con riferimento alla valutazione del Sistema dei Controlli Interni, il Comitato ha formulato alcuni suggerimenti per definire aree di miglioramento dello stesso, che sono state prese in carico dalla Banca.

Per l'esercizio in corso sono state programmate ventidue riunioni del Comitato, di cui fino a marzo 2024, sei si sono già tenute.

9.3 Head of the Internal Audit Function

The Board of Directors has appointed the head of the internal audit function who is in charge of verifying that the internal control and risk management system is functional, adequate and consistent with the guidelines defined by the Board.

In particular, on May 6, 2019, the Board of Directors, in relation to the sale of the majority stake held by UniCredit, approved the insourcing of the internal audit function with effect from May 7, 2019, the simultaneous creation of the Internal Audit function, reporting directly to the Board

of Directors, and the assignment of responsibility for the Internal Audit function to Ms. Patrizia Verdesca, already appointed on March 7, 2017 as Head of the Internal Audit function of FinecoBank in her role as CAE – Chief Audit Executive of FinecoBank, with effect from March 13, 2017.

The Board of Directors determined the remuneration of the head of the internal audit function, in line with the company policies, and ensured that she had sufficient resources to carry out her duties.

Internal Audit performs independent and objective assurance verifications to assess, contribute to and improve the Internal Control System of FinecoBank and the Group, by assessing and improving the adequacy and effectiveness of the governance, risk management and control processes. It may also provide advisory services concerning the design and functioning of the internal control system, which, without compromising its independence, aim to provide added value and support the Bank in achieving its objectives.

The Internal Audit function also directs, coordinates and supervises the Group's internal audit activities carried out by the competent units of the subsidiaries; in addition to the Parent Company, it also carries out on-site or remote audits on the Group companies. In particular, it coordinates and supervises the Internal Audit work carried out by the Internal Audit function of the subsidiary Fineco Asset Management DAC.

The Internal Audit function, in accordance with the Supervisory Regulations, is independent from the other corporate functions and reports to the Board of Directors directly or through the Risk and Related Parties Committee. It operates in compliance with the "Audit Mandate", the latest version of which was approved by the Board of Directors on January 19, 2021, which sets out its mission, responsibilities, organisational positioning, independence, duties and authority.

The Internal Audit function has access to the information relevant to the performance of its duties.

In accordance with external regulations(24) , the Head of the Internal Audit function is not responsible for any operational area; provides an annual assessment to the Board of Directors, as well as the Risk and Related Parties Committee, the Board of Statutory Auditors and the Managing Director and General Manager, of the adequacy and effectiveness of the Bank's risk management and control processes in the areas within his/her mission and scope of responsibility, with the objective of assessing, providing added value and contributing to improving the Bank's Internal Control System.

The Board of Directors resolved, effective June 30, 2023, to change the organisational structure of the function by creating, reporting to the Internal Audit Function, a structure dedicated to Audit activities on ICT, Security and Support Processes, in consideration of the growing importance of the related risks.

The Board of Directors, in its meeting of January 18, 2022, approved the audit plan prepared by

⁽ ²⁴) For the Financial Year, the reference – in addition to the Supervisory Regulations – is to Article 6, Recommendation 36 of the New Corporate Governance Code (prior to that the reference was to Application Criterion 7.C.5 of the Corporate Governance Code in force until December 31, 2020).

the head of the internal audit function, with the favourable opinion of the Risk and Related Parties Committee, the Managing Director and General Manager, and after consulting the Board of Statutory Auditors. The Plan was subsequently supplemented by a resolution of the Board of Directors on September 13, 2022.

During the Financial Year, the head of the internal audit function:

• verified, both on an ongoing basis and in relation to specific needs and in compliance with international standards, the functioning and the suitability of the internal control and risk management system according to the audit plan, approved by the Board and based on a structured process of analysis and prioritisation of the main risks. In particular, the internal audit function maintains its own Group Process Library and Audit Universe, which map all processes, operations, subsidiaries and any other elements relevant to the Group and the Bank respectively. During the Financial Year these were revised to align them with the operational and organisational changes that had taken place. In addition, a risk assessment was carried out on each element, taking into account all the available information (e.g. strategic and business importance, regulatory requirements, risk impacts, level one and level two controls, results of audits and any external checks/inspections, evaluation of outsourcer performance, etc.), to identify the residual risk and the audit need; the latter defines the frequency of internal audit activities to be carried out on each element of the Audit Universe.

At the same time, the internal audit function identified the main potential risks to which the Group is exposed ("Group Risk Map"), which consolidates information, on the basis of professional judgement, on risk scenarios obtained from external sources, input from the Group's Top Management, any observations made by Supervisory Authorities and external auditors, and the main risks reported by the Internal Audit functions of the Group's Legal Entities.

Based on the results of the risk assessment and the Group Risk Map, the main risks were prioritised and the annual and multi-year audit plans were defined, which, as indicated above, were submitted to the Board of Directors for approval;

prepared periodic (quarterly and annual) reports containing adequate information on its activity, on the ways in which risk management is conducted, as well as on compliance with the plans defined for the containment of risks, in addition to an assessment of the suitability of the internal control and risk management system, and sent them to the Chairmen of the Board of Statutory Auditors, the Risk and Related Parties Committee and the Board of Directors, as well as the Managing Director and General Manager;
amended the audit plan in response to significant events and requests made by the Governance and Control Bodies, including the Board of Statutory Auditors, transmitting the results of the audits in a timely manner to the Board of Statutory Auditors, the Risk and Related Parties Committee, the Board of Directors and the Chief Executive Officer and General Manager;
verified, as part of the audit plan, the reliability of information systems including accounting systems in audits Passive Cycle - follow-up and Remuneration of credit lines and overdrafts, in the checks performed on Business Continuity and Disaster Recovery 2022as well as through the standard audits on the adequacy of audited process support guaranteed by the specific information systems used.

During 2023, the annual plan approved by the Board of Directors was completed (which envisaged in the area of processes the completion of 18 audits and the start within the year of a further 2 audits, as well as the performance of 400 audits on the Financial Advisor network), the

mandatory annual reports were drawn up ((i) the report on the audit activities carried out in the year 2022 on investment services - as per Article 24 of Reg. Delegated Regulation EU 565/2017, (ii) report requested by the Bank of Italy concerning the findings of the 2022 audits performed on the outsourced important operational or control functions, the deficiencies found and the consequent corrective actions taken, (iii) report on the internal audit activities carried out in 2022)), carried out, in addition, an unplanned intervention ("OSI Bank of Italy AML: verification of the implementation of the planned corrective actions (April 2023 - August 2023)").

The following audits were carried out on the processes included in the annual plan:

Remuneration and incentive policies for staff and the sales network
ICAAP, Risk Appetite Framework and ILAAP
Credit Card Management
Global Audit: ICT and security incident management
Emergency and crisis management
Passive cycle follow-up
Management of CFD, ETC-ETN products
OSI Banca d'Italia Transparency: verifying the implementation of planned corrective actions July 2022-June 2023)
Checks performed on Business Continuity and Disaster Recovery Tests 2022 Report of the Internal Audit Function
Outsourcing Security and data protection risk safeguards
Interbank Deposit Guarantee Fund: Single Customer View (SCV) Framework
Supervision in Resolution
Fiscal area: Level II controls (indirect supervision)
Review of the annual validation report on algorithmic trading systems
Remuneration of credit facilities and overdrafts
PSD2: implementation of security measures
Operational Risk Management - Loss Data Collection
System of internal controls over the Financial Adviser Network.

As planned, the additional 2 audits mentioned above were also started.

9.4 Organisational model pursuant to Legislative Decree 231/2001

On March 15, 2010, the Board of Directors approved FinecoBank's Organisation Management and Control Model (below the "Model"), pursuant to Legislative Decree no. 231 of June 8, 2001, on "Provisions for the administrative liability of company bodies, Companies and associations also without legal status" (the "Legislative Decree 231/2001"). This document was subsequently amended to take into account subsequent regulations and the current version was approved by the Board of Directors by resolution of May 10, 2022.

Currently, the Model is comprised of:

(i) a general part, divided into seven chapters, which describes the following: the scope and purposes of the Model; the applicable regulatory framework; the description of the management and control system adopted by FinecoBank to mitigate the risk of commission of offences pursuant to Legislative Decree 231/2001; the functioning of the

body appointed to supervise the functioning of and compliance with the Model; the disciplinary system and related penalties; the information and training plan to be adopted in order to guarantee knowledge of the measures and provisions of the Model; the criteria for updating and adapting the Model;

(ii) a special part, containing the decision protocols.

The Model includes the following attachments, which are an integral part of it:

Attachment 1 containing the "List of predicate offences and individual criminal offences";
Attachment 2 containing the "Code of ethics pursuant to Legislative Decree 231/01" which sets out the rules to guarantee that the conduct of the Model's recipients is always based on criteria of fairness, collaboration, loyalty, transparency and mutual respect, and also to avoid conduct that may constitute the criminal offences and predicate administrative offences;
Attachment 3 "Information flows to the Supervisory Committee".

In addition, on May 11, 2012, the Board of Directors resolved to adopt the Group Integrity Charter and Code of Conduct (last updated by resolution of July 14, 2023). The document (below also the "Code") supplements the current rules on banking, investment services and employment, identifying the fundamental principles of conduct for those working for the company. The Code therefore concerns all persons performing activities on behalf of the Company: members of supervisory, management and control bodies of the Company, employees, personal financial advisors authorised for cold-calling, outsourcers.

In accordance with provisions in Article 6, paragraph 1 of Legislative Decree 231/2001, the Company has also established a specific body (below, the "Supervisory Committee") to monitor the functioning of and compliance with the Model, and its continual updating.

For this purpose, the Supervisory Committee, among other things: (i) has independent powers to act and carry out controls, and independent spending powers;(ii) periodically reports to the Risk and Related Parties Committee on the Model's functioning; and (iii) provides the Board of Directors, on an annual basis, a written report on the implementation status of the Model, and in particular, on controls carried out and on critical aspects and anomalies identified.

The term of office of the members of the Committee is the same as the Board of Directors which appointed it and its members can be re-elected.

The current Supervisory Board was appointed by resolution of the Board of Directors on April 27, 2023, for a term of three years (2023-2025). At the date of approval of this Report, the composition of the Supervisory Board was as follows.

GIVEN NAME AND SURNAME	POSITION
Marianna Li Calzi	External member (Chairman)
Salvatore Messina	External Member
Patrizia Verdesca	Head of Internal Audit

The Model adopted by the Company, as described above, is available on the Issuer's website: www.finecobank.com at the following link Microsoft Word - Model 231 Fineco general part-

vers. Public (finecobank.com).

9.5 Auditing Firm

In accordance with the regulatory provisions, FinecoBank considers the statutory auditing firm (below the "External Auditors") to be an actor in the Group's Internal Control System. As also provided for by Legislative Decree 39 of January 27, 2010 and Regulation (EU) 537/2014, the auditing firm expresses its opinion on the annual financial statements and consolidated financial statements on an annual basis, in a special report, including an opinion on the consistency of the management report with the financial statements and its compliance with the law, illustrates the results of the statutory audit and verifies, during the year, that the company accounts are properly kept and that the operating events are correctly recorded in the accounting records.

In addition, the external auditors, again in accordance with the provisions of Legislative Decree 39, of January 27, 2010, and Regulation (EU) 537/2014, submit a report to the Board of Statutory Auditors on the key issues that emerged during the independent audit and in particular on any deficiencies found in the Internal Control System in relation to the financial reporting process.

The Shareholders' Meeting of April 28, 2021, at the reasoned proposal of the Board of Statutory Auditors, assigned the engagement to KPMG S.p.A., pursuant to Article 13, paragraph 1 of Legislative Decree no. 39, of January 27, 2010, for the independent audit of FinecoBank's accounts for the financial years from 2022 to 2030. In particular, the independent audit engagement involves verifying:

that the financial statements of FinecoBank S.p.A. and the consolidated financial statements of FinecoBank Group comply with the rules governing their preparation and that they give a true and fair view of the financial position and results of operations for the financial year;
during the course of the financial year, that the company accounts have been properly kept and operating events have been correctly recorded in FinecoBank S.p.A.'s accounting records.

KPMG S.p.A. has also been awarded the engagement to carry out the voluntary audit, which includes:

issuing the provisional attestation letter on the annual accounting schedules included in the Bank's annual financial statements and in the Group's consolidated financial statements, related to the audit work carried out for the inclusion of the profit for the year in the calculation of Common Equity Tier 1 capital, as required by Article 26, paragraph 2, letter a) of Regulation (EU) No. 575/2013 of the European Parliament and of the Council, before the adoption of a formal decision to confirm the final result for the year;
the limited audit of the condensed consolidated half-yearly financial statements for the half years ending June 30, 2022 to June 30, 2030;
the limited audit of the individual financial statements prepared for the determination of the Bank's half-yearly results, for the half years ending June 30, 2022 to June 30, 2030, for the calculation of FinecoBank S.p.A.'s Common Equity Tier 1 capital as at June 30 as required by Regulation (EU) 575/2013 of the European Parliament and of the Council;

• a limited audit of the individual and consolidated financial statements prepared for the determination of the Bank's and the Group's results for the 3-month periods ending March 31, 2022 to March 31, 2030 and for the 9-month periods ending September 30, 2022 to September 30, 2030, for the calculation of the Common Equity Tier 1 capital, as required by Regulation (EU) 575/2013 of the European Parliament and of the Council.

The same company KPMG S.p.A. is also appointed to carry out the limited assurance engagement of the FinecoBank Group's Consolidated Statement of Non-Financial Nature prepared pursuant to Article 3 paragraph 10 of Legislative Decree 254/2016 and Article 5 of the CONSOB Regulation adopted by Resolution no. 20267 of January 2018.

9.6 Financial Reporting Officer

By resolution of April 27, 2023, subject to approval from the Board of Statutory Auditors and in compliance with Article 154-bis, paragraph 1 of the TUF and Article 28 of the Articles of Association, the Board of Directors of the Company renewed the appointment, for a three year period, of Ms. Lorena Pelliciari (the Chief Financial Officer of the Bank) as the Financial Reporting Officer of the Company, who is assigned the duties envisaged in Article 154-bis of the TUF.

As established by Article 28 of the Articles of Association and subject to the mandatory opinion of the Board of Statutory Auditors, the Board of Directors appoints the Officer responsible for preparing the financial reports (the "Financial Reporting Officer"), pursuant to Article 154-bis of the TUF.

The Financial Reporting Officer is selected by the Board of Directors from the senior managers of the Company that have specific expertise, in administrative and accounting terms, of lending, finance, securities or insurance. This expertise, to be verified by the Board of Directors, must be gained from professional experience in a position of adequate responsibility for a suitable period and in enterprises comparable to the Company. The Financial Reporting Officer must also meet the good standing requirements laid down by the applicable regulations for positions indicated in the Articles of Association. If the Officer no longer meets the good standing requirements, he/she shall be removed from office.

Ms. Lorena Pelliciari has gained considerable experience as Chief Financial Officer of FinecoBank and therefore has excellent knowledge of processes for the preparation of the Company's accounting and financial documents. She therefore meets the professional standing requirements established in Article 28 of the Articles of Association.

The Board of Directors also gave Ms. Lorena Pelliciari the following powers, in order for her carry out her duties as Financial Reporting Officer:

(i) unrestricted access to all information considered relevant for her duties within the Company;
(ii) taking part in Board Meetings dealing with matters in her area of responsibility;
(iii) the ability to liaise with the Company's management and control bodies;
(iv) approving company procedures, when they have an impact on the financial statements or other documents that are certified;
(v) involvement in the design of IT systems that have an impact on the Company's

financial position and performance;

(vi) using the Internal Auditing function to map and analyse processes within its area of responsibility and in the execution of specific controls;
(vii) using IT systems;
(viii) power to prepare, also with the help of external consultants, the relevant procedures: (a) the standardisation of information flows to the same Financial Reporting Officer and (b) the preparation of the annual financial statements, the consolidated financial statements and any other communication of a financial nature.

Lastly, the Board of Directors has granted the Financial Reporting Officer all the powers necessary, or merely appropriate, to carry out the tasks assigned to her on the basis of the applicable regulations, and has established, for the purpose of the exercise of its supervisory powers, that the Financial Reporting Officer shall report at least quarterly to the Board of Directors on activities carried out, as well as any critical aspects identified.

Financial reporting process

With regard to the main characteristics of the Internal Control and Risk System in relation to financial reporting, including the reporting of consolidated information, in accordance with Article 154-bis of the TUF, the Financial Reporting Officer of FinecoBank is responsible for (i) setting up appropriate administrative and accounting procedures for the preparation of the separate and consolidated financial statements, as well as all other forms of financial reporting; (ii) including a written statement with the documents and notices required by law or disclosed to the market, containing information and data on the financial position and performance of the Company, declaring that this information and data is accurate; (iii) arranging for the preparation of the financial statements, interim reporting; and (iv) within his/her areas of responsibility, representing the Bank in relations with the international financial community.

The Financial Reporting Officer, along with the Managing Director and General Manager, in a report on the financial statements (including the consolidated financial statements) and condensed half-year financial statements must also certify:

− the adequacy and actual adoption of administrative and accounting procedures;
− compliance with applicable international accounting standards endorsed by the European Community pursuant to Regulation (EC) No 1606/2002;
− the consistency of the accounting records;
− the accurate representation of the financial position and performance of the Company;
− the inclusion in the report on operations of reliable analysis of the company's performance, operations and situation, along with a description of main risks and uncertainties to which it is exposed.

As established by Article 28 of the Articles of Association, the Board of Directors ensures that the Financial Reporting Officer has adequate powers and resources to carry out the duties assigned to her by the applicable regulations, and to comply with administrative and accounting procedures. In carrying out her duties, the Financial Reporting Officer may be assisted by all Bank units.

9.7 Coordinamento tra i soggetti coinvolti nel sistema dei controlli interni di gestione dei

rischi

Procedures for interaction between the corporate functions and bodies involved in the risk management and control system have been designed to prevent overlapping or gaps as far as possible, or to alter, also in substance, the main responsibilities of the corporate bodies concerning the risk management and control system.

The proper functioning of the Internal Control System is based on effective interaction in performing their duties (of providing guidelines, implementation, review and evaluations) between the corporate bodies, their internal committees, the corporate control functions, the external auditors, and the control functions.

Specifically, the Bank has established forms of cooperation and coordination between the control functions, through specific formalised information flows on internal regulations and through managerial committees dedicated to control issues. In order to formalise existing coordination practices, with a view to an increasingly integrated and comprehensive Internal Control System, the "Control Functions Coordination Committee" was established in January 2022; the Management Committee - made up of the Head of Internal Audit, who acts as Chairman, the Head of Compliance, the Head of the Anti-Money Laundering and Anti-Corruption Function, the Data Protection Officer (DPO), the Chief Risk Officer (CRO) by the Chief Internal Validation and the Chief Financial Officer (CFO) - has the task of guaranteeing the integration and connection between the Control Functions, in order to coordinate the mitigation paths of the risks detected by the same and improve the Company's overall Internal Control System. To this end, the Committee prepares integrated reports of the Control Functions, identifying the main risks to which the Bank and the Group are exposed.

Interaction between level two and level three control functions is part of a more general framework of ongoing, proactive cooperation, which is mainly formalised in specific regulations/internal regulations and includes:

participation in the process of definition and/or updating of internal regulations in relation to risks and controls;
the exchange of information flows, documents or data, as well as access to all resources or company information in line with the control requirements of functions;
in the preparation of an integrated plan for control functions;
involvement in board and managerial committees, systematically or on request;
involvement in working groups, which are set up from time to time for risk and control issues.

The ultimate purpose of the interaction between the control functions and continual reporting by them to the corporate bodies is to establish a corporate governance system that guarantees sound and prudent management, also through more effective monitoring of risk, at all company levels.

Within FinecoBank, the coordination between the corporate bodies and control functions consists of:

coordination and cooperation procedures;
application of the Group coordination model defined as part of the management and coordination performed by the Parent Company;
coordination and cooperation information flows.

Without prejudice to their mutual independence and respective roles, operating procedures are

defined to foster forms of coordination between the corporate control functions and the supervisory functions in specific areas, as well as cooperation and liaison between the corporate control functions and between them and the Corporate Bodies, in order to develop control methods in line with the corporate strategies and operations.

A series of coordination activities related to the Internal Control System implemented as part of the ordinary work of the committees.

In order to ensure the coordination and interaction between the various functions and bodies with control tasks (provided for by corporate, accounting or supervisory regulations), the "Document of the Bodies and Functions with Control Tasks", approved by the Board of Directors, after examination by the Risk and Related Parties Committee, has been defined and kept updated over time. This document, which specifies the tasks and responsibilities of the various bodies and control functions and the methods of coordination/collaboration, as well as the information flows exchanged between them as required by the Supervisory Regulations on Corporate Governance, is circulated to all the units concerned. During the year, the document was updated mainly to incorporate the changes introduced by the 40th update of Bank of Italy Circular No. 285 on ICT and security risk.

10. DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS

On November 5, 2019, the Board Of Directors, after obtaining the favourable opinion of the Risk and Related Parties Committee and Board of Statutory Auditors, adopted the Global Policy governing transactions with:

related parties in accordance with the Related-Party Regulations;
associated persons in accordance with the Supervisory Regulations (Part Three, Chapter 11);
bank corporate officers in accordance with Article 136 of the TUB;
other entities identified by the Bank on a discretionary basis.

The Global Policy has updated and replaced the previous "Procedures for the management of transactions with persons in conflict of interest".

The Global Policy addresses governance issues, the scope of the procedures and the procedural and organisational profiles relating to managing transactions with persons in potential conflict of interest in accordance with the applicable regulations above-mentioned, as regards the operations of the Parent Company and the other FinecoBank Group companies (i.e. currently solely FAM).

The Global Policy describes the activities concerning:

the identification, updating and ongoing monitoring of persons in potential conflict of interest; and
the management of transactions with persons in potential conflict of interest, with regard to, among others, the management of the approval process, the disclosure requirements and transparency.

It also sets out the:

procedures for the management of transactions with persons in potential conflict of interest;
organisational units of FinecoBank involved and their role;
internal and external information flows, also to the market;
monitoring and control activities and methods for updating the Global Policy.

With regard to FinecoBank, related parties in accordance with the Related-Party Regulations, associated persons in accordance with the Supervisory Regulations (Part Three, Chapter 11), as well as other persons in potential conflict of interest identified on a discretionary basis by the Bank, constitute the "FinecoBank Perimeter" which together with the "Perimeter of Bank Corporate Officers pursuant to Article 136 of the TUB" identifies parties in potential conflict of interest for the Company.

The "FinecoBank Perimeter", in turn, is part of the "Single Perimeter" which also includes the "Perimeter of the other Banks and Supervised Intermediaries of the FinecoBank Group". At the date of approval of the Global Policy, the FinecoBank Banking Group consisted of the Parent Company and only the subsidiary Fineco Asset Management DAC, to which the definition of Supervised Intermediary was applied on a voluntary basis, even though the conditions did not apply. Consequently, given the Group's current shareholding structure, the FinecoBank Group's Single Perimeter currently consists of the FinecoBank Perimeter (as bank and listed issuer) and the perimeter of the subsidiary Fineco Asset Management DAC.

In compliance with the Related-Party Regulations and the Supervisory Regulations (Part Three, Chapter 11), the Global Policy identifies and distinguishes, based on the materiality threshold,

between material transactions, non-material transactions and minor transactions.

As regards transactions with members of the "Single Perimeter", the Global Policy requires specific information flows to:

FinecoBank Oversight Unit;
Board of Directors and Board of Statutory Auditors;
Risk and Related Parties Committee;
Compliance Function;
Chief Financial Officer.

As can be seen from the above and from the identification of the "Perimeter of Bank Corporate Officers pursuant to Article 136 of the TUB", the Global Policy also regulates transactions carried out with relevant persons pursuant to Article 136 of the Consolidated Banking Act (i.e. directors – including the Managing Director and General Manager – and Statutory Auditors – standing and stand-in – as well as certain persons potentially related to them). Pursuant to Article 136 of the TUB, bank corporate officers (or persons potentially related to them) may not enter into obligations of any kind or perform acts of sale or purchase, directly or indirectly, with the bank that they manage, direct or control unless a unanimous resolution of the Board of Directors and the favourable vote of all the members of the Board of Statutory Auditors has been passed, subject to the obligations laid down in the Civil Code with regard to directors' interests and transactions with related parties and associated persons.

Without affecting the above, on December 16, 2021, the Board of Directors, subject to the favourable opinion of the Risk and Related Parties Committee as well as the Board of Statutory Auditors, approved a new version of the Global Policy to adapt its text to the changes introduced in relation to loans to corporate officers and their related parties as transposed in the act issuing the 35th update to Bank of Italy Circular no. 285 of December 17, 2013, published on June 30, 2021, aimed at aligning the rules in this respect with the provision of Article 88 of the CRD, according to which Member States must ensure that data on loans granted to members of the management body (i.e. members of the administrative, management and control bodies) and their related parties are duly documented and made available to the competent authorities on request. In this respect, a specific definition of "related party" has been established. Therefore, the Global Policy – in addition to regulating transactions with CONSOB related parties, Bank of Italy associated persons, bank corporate officers pursuant to Article 136 of the TUB and other potentially significant parties – also regulates transactions with members of the new perimeter pursuant to Article 88 of the CRD.

It should also be noted that the Board of Directors, in its meeting of February 7, 2023, approved a new version of the Global Policy, in which the roles of the functions involved in the monitoring, collection and recording of information concerning the Single Perimeter are described in greater detail.

The full text of the Global Policy, to which reference should be made for further details, is available on the Company's website at www.finecobank.com in the "About Us/Governance/Related Parties and Associated Persons" section.

Lastly, in compliance with the CONSOB instructions and guidelines contained in Communication no. DEM/10078683 of September 24, 2010, in order to adopt the Related-Party Regulations, the Company has assigned its Risk and Related Parties Committee the functions of the related-parties committee. For details of the composition, functioning and duties of the aforementioned Committee, see Paragraph 9.2 above.

* * *

Without prejudice to the above, directors are also subject to the provisions of Article 2391 of the Civil Code concerning directors' interests and according to which the director must inform the other members of the Board of Directors and the Board of Statutory Auditors of any interest which, on his/her own behalf or on behalf of third parties, he/she may have in a particular transaction of the company, specifying the nature, terms, origin and extent. The related resolution of the Board must adequately justify the reasons and advantages for the Company of the transaction, without prejudice to any other provisions of law or regulations applicable on the subject.

11. BOARD OF STATUTORY AUDITORS

11.1 Appointment and Replacement of Statutory Auditors

In compliance with laws and regulations applicable to listed companies, Article 23 of the Articles of Association requires the Board of Statutory Auditors to be appointed by the Shareholders' Meeting, based on lists of candidates submitted by Shareholders (each list shall contain the names of the candidates numbered progressively), according to the procedure described below.

Pursuant to Article 23, paragraph 2, of the Articles of Association, the Statutory Auditors must be suitable to hold the office, in accordance with the provisions of the regulations pro tempore in force and the Articles of Association and, in particular, they must meet the requirements of professionalism, good repute and independence and comply with the criteria of competence, fairness and dedication of time and the specific limits on the number of positions held as set out by regulations pro tempore in force and by the Articles of Association and in any case those set out by the European Directive no. 36 of June 26, 2013 (CRD IV).

The Statutory Auditors, in addition to the independence requirements provided for by the legislation in force at the time, must satisfy the independence requirements provided for by Article 13, paragraph 3, of the Articles of Association and, therefore, must satisfy the independence requirements set forth in the Corporate Governance Code.

Shareholders can submit a list for the appointment of Statutory Auditors, provided that when they submit the list they hold, alone or in conjunction with other presenting shareholders, at least the minimum percentage of share capital established by the laws and regulations in force at the time. CONSOB, in its Executive Resolution by the Head of the Corporate Governance Division no. 92 of January 31, 2024, set the minimum shareholding required for FinecoBank to submit lists of candidates for election to the Board of Directors and Board of Statutory Auditors at 1% of share capital.

Ownership of the minimum shareholding required is calculated based on the shares registered for each shareholder on the day when the lists are filed at the Company; the related certification may be submitted after the lists have been filed, provided that it is done within the deadline for publication of the lists.

Each party entitled to vote (as well as (i) entitled persons belonging to the same group, intended as a party, which need not be a corporation, exercising control pursuant to Article 2359 of the Civil Code and any subsidiary controlled by, or under the control of the said party, or (ii) shareholders who are party to a shareholders' agreement pursuant to Article 122 of the TUF, or (iii) entitled persons who are otherwise associated with each other in a material relationship pursuant to current and applicable statutory or regulatory provisions) may submit individually or with others only one list, just like each candidate can be included in only one list, or otherwise be considered ineligible.

Lists are divided in two sections, containing respectively up to three candidates for the position of Statutory Auditor and up to two candidates for the position of Stand-in Statutory Auditor.

At least the first two candidates for the position of Statutory Auditor and the first candidate for

the position of Stand-in Statutory Auditor in the respective lists must be entered in the Register of Auditors and have experience as statutory auditors.

Each list for the position of Statutory Auditor and Stand-in Auditor must include a number of candidates of the less represented gender such that the list satisfies at least the minimum gender balance required by the applicable laws and regulations(25) .

In order to be valid, the lists must be filed at the Registered Office or Head Office, also by means of remote communication and in accordance with procedures stated in the notice of call which allows for the identification of parties filing the lists, no later than twenty-five days before the date of the Shareholders' Meeting (or within a different deadline according to applicable laws) and must be made available to the public at the registered office, on the Company's website and through other channels provided for under current laws at least twentyone days prior to the date of the Shareholders' Meeting (or within a different deadline according to applicable laws).

Minority shareholders who are not affiliated with the Shareholders concerned shall be entitled to extend the deadline for submitting lists in the circumstances and according to the procedures in applicable laws and regulations.

Each eligible voter may vote for one list only.

The members of the Board of Statutory Auditors are elected as follows:

(a) 2 (two) Statutory Auditors and 1 (one) Stand-in Auditor are taken from the list that has received the highest number of votes cast by entitled persons, in the order in which they appear on the list;
(b) the remaining Statutory Auditor and Stand-in Auditor are taken from the list that has received the most votes after the one referred to in (a) and the first candidates of the relevant section are appointed as the Statutory Auditor and Stand-in Auditor, respectively.

The Chairmanship of the Board of Statutory Auditors will go to the first candidate of the minority list of Statutory Auditors receiving the most votes.

If, in accordance with the deadlines and procedures set forth above, only one list or no list has been submitted, or the lists do not contain the required number of candidates to be elected, the Shareholders' Meeting shall pass a resolution for the appointment or completion of the Board of Statutory Auditors by relative majority. If there is a tie vote between several candidates, a runoff election is held between them with a further vote of the Shareholders' Meeting. The Shareholders' Meeting is required to ensure compliance with the provisions of applicable laws and regulations concerning gender balance.

In the event of death, resignation, withdrawal or removal from office for any other reason of a Statutory Auditor, he/she shall be replaced by the Stand-in Statutory Auditor, from the same list

⁽ ²⁵) Resolution no. 21359 of May 13, 2020, amended Article 144-undecies.1 of the Issuer Regulations, paragraph 3 of which, in its current wording, establishes that "Where the application of gender division criteria does not result in a whole number of members of the management or control body belonging to the least represented gender, this number is rounded up, except for the corporate bodies made up of three members, for which the rounding takes place by default to the lower unit".

as the outgoing Auditor, in the order in which they appear on the list, in compliance with the minimum number of members entered in the Register of Auditors who have been engaged in auditing activities, and in adherence to gender equality principles. If this is not possible, the outgoing Auditor shall be replaced by the Stand-in Statutory Auditor meeting the specified requirements, taken from the minority list that received the most votes, according to the order in which they appear on the list. Where the appointment of Statutory Auditors is not carried out using the list voting system, the Stand-in Statutory Auditor shall take over pursuant to statutory provisions. If it is necessary to replace the Chairman, the Stand-in Statutory Auditor taking over shall also serve as Chairman. The Shareholders appoint or replace Statutory Auditors in meetings called in accordance with Article 2401, paragraph 1 of the Civil Code in compliance with the principle of adequate representation of minority shareholders and gender balance. Where the appointment of the Stand-in Statutory Auditor to replace the Statutory Auditor is not confirmed by the Shareholders' Meeting, he/she shall return to his/her position as Stand-in Auditor.

Pursuant to the Corporate Bodies Regulations, the composition of the Board of Statutory Auditors must be gender balanced as provided for by the laws in force at the time, as well as reflect an adequate degree of diversification in terms of, inter alia, skills, experience, age and international exposure, which will be defined, at each renewal, following completion of the selfassessment process of the Board of Directors (described in Annex A of the Corporate Bodies Regulations) and communicated to Shareholders and the market through the publication of the document on the qualitative and quantitative composition of the Board.

11.2. Composition and Functioning of the Board of Statutory Auditors (pursuant to Article 123-bis(2)(d) and (d-bis) of the TUF)

Pursuant to Article 23 of the Articles of Association and in compliance with current rules and regulations, at least 2 Statutory Auditors and 1 Stand-in Auditor must have been entered in the Register of Auditors for at least three years and have at least three years' experience as a statutory auditor. Statutory Auditors who are not entered in the Register of Auditors must have gained at least three years' experience in:

(a) professional activities as a certified public accountant or lawyer, rendered primarily to the banking, insurance and financial sectors;
(b) performing university teaching on subjects relating to in the legal field banking, commercial, tax and financial markets law and – in the business/finance field – banking operations, business economics, accountancy, economics of the securities market, economics of financial and international markets, corporate finance;
(c) performing managerial duties in public entities or public administrations, in the credit, financial and insurance sector or in the provision of investment services or in collective asset management, as both defined by the TUF.

Pursuant to the Articles of Association in force as at the date of this Report, the Statutory Auditors must be suitable to hold the position, in accordance with the provisions of the legislation in force at the time and the Articles of Association and, in particular, they must meet

the requirements of professional expertise, integrity and independence and comply with the criteria of competence, correctness and dedication of time and the specific limits on the number of positions held as set out by legislation in force at the time and by the Articles of Association and in any event those set out by the European Directive no. 36 of June 26, 2013 (CRD IV)²⁶ .

In addition, the Statutory Auditors of FinecoBank must meet the independence requirements set forth in Article 2, paragraph 7, of the New Corporate Governance Code as well as the requirements set forth in Article 148, paragraph 3, of the TUF.

In application of Article 144-novies of the Issuer Regulations and the above New Corporate Governance Code, the satisfaction of the above requirements by the members of the Board of Statutory Auditors is assessed by the competent body: (i) following appointment, the outcome of which is disclosed to the market by means of a press release; (ii) on an annual basis, reporting the results thereof in the annual corporate governance report.

The Company's Board of Statutory Auditors currently in office was appointed by the Shareholders' Meeting held on April 27, 2023 and will remain in office until the approval of the financial statements for the year 2025.

The Statutory Auditors were appointed based on a list voting system, pursuant to Article 23 of the Articles of Association and in compliance with applicable laws and regulations. Specifically, a list of candidates was submitted by several asset management companies and institutional investors (owners of a total of 11,650,760 ordinary shares representing 1.90959% of the share capital), which nominated the following: (b) Luisa Marina Pasotti, Massimo Gatto and Giacomo Ramenghi for the position of Statutory Auditor. (b) Lucia Montecamozzo and Marco Salvatore for the position of Stand-in Auditor.

The following documents were filed and published along with the two lists, in the manner required:

(i) a statement from shareholders other than shareholders that hold, also jointly, a controlling or relative majority interest, certifying the absence of any connection and/or significant relations with the latter as provided for by Article 147-ter, paragraph 3 of the TUF and Article 144-quinquies of the Issuer Regulations, having also taken note of the CONSOB recommendations in its Communication no. DEM/9017893 of February 26, 2009;
(ii) comprehensive information on the personal and professional characteristics of the candidates included in the list (curriculum vitae and the list of administration, management and control positions they hold in other companies, relevant under law);
(iii) statements whereby individual candidates irrevocably accepted the position (subject to their appointment) and certified, under their responsibility, that there were no grounds for their ineligibility or incompatibility to stand as a candidate, and that they met the

⁽²⁶ ) The eligibility requirements and criteria to be met by bank representatives are governed by Ministerial Decree 169/2020, also taking into account further regulations on the subject issued at European level.

requirements of applicable laws, regulatory provisions, the Articles of Association and the New Corporate Governance Code.

The lists, together with the above documents, were filed on the Company's website ("About Us/Governance/Shareholders' Meetings" section).

The Shareholders' Meeting of April 27, 2023 then appointed the Board of Statutory Auditors (consisting of three Standing Auditors and two Alternate Auditors), for the financial years 2023- 2025, in the persons of Luisa Marina Pasotti, Massimo Gatto and Giacomo Ramenghi, as Standing Statutory Auditors, and Lucia Montecamozzo and Marco Salvatore, as Stand-in Auditors.

For details of the percentage votes for the above list with respect to voting capital, see the summary report on voting, available on the Company's website ("About Us/Governance/Shareholders' Meeting" section).

The Shareholders' Meeting also resolved, taking into account the indications from the Board of Directors and the recommendations from the Remuneration Committee, to set the annual remuneration of the Chairman of the Board of Statutory Auditors at €80,000.00 and of the Statutory Auditors at €65,000.00, in addition to an attendance fee of €600.00 for each meeting of the Board of Statutory Auditors and the Board of Directors. In this context, the remuneration is commensurate with the commitment required, the relevance of the role covered, as well as the size and sector characteristics of the company, taking into account in particular, among other things, FinecoBank's transition, as of January 1, 2022, under the direct supervision of the European Central Bank following its classification as aSignificant Institution pursuant to Article 6(4) of Regulation (EU) no. 1024/2013, which has led to a progressive increase in organisational, operational and business complexity, in line, moreover, with the provisions of the Board of Statutory Auditors' Qualificative/Quantitative Profile (as defined below ).

Position	Members	Born in	Date of first appointment (*)	In office since	In office until	List (**)	Indep . New Corpo rate Gover nance Code	Participation in Board of Statutory Auditors' meetings (***)	Number of other positions (****)
Chairman	Luisa Marina Pasotti	1961	April 28, 2020	April 27, 2023	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2025	n/a	X	22/22 (100%)	4
Statutory Auditor	Massimo Gatto	1963	April 28, 2020	April 27, 2023	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2025	n/a	X	22/22 (100%)	2

Statutory Auditor	Giacomo Ramenghi	1970	April 28, 2020	April 27, 2023	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2025	n/a	X	22/22 (100%)	3
Stand-in Auditor	Lucia Montecam ozzo	1966	April 28, 2021	April 27, 2023	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2025	n/a	X	-	-
Stand-in Auditor	Marco Salvatore	1962	April 27, 2023	April 27, 2023	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2025	n/a	X	-	(27) 4
			STATUTORY AUDITORS LEAVING OFFICE DURING THE YEAR
/	/	/	/	/	/		/	/	/
			Indicate the number of meetings held during the financial year (as of April 27, 2023): 22 Quorum required for the submission of lists for the last appointment: 1%

(*) The date of first appointment of each Statutory Auditor means the date when the statutory auditor was appointed for the first time (ever) to the Board of Statutory Auditors of the Company.

(**) This column indicates the list that each Statutory Auditor was taken from ("M": member from the majority list; "m": member from the minority list).

(***) This column indicates the participation of the statutory auditors in the meetings of the Board of Statutory Auditors following the Shareholders' Meeting on April 27, 2023 (indicating the number of meetings attended compared to the total number of meetings that could have been attended; 6/8; 8/8, etc.).

(****) Number of positions pursuant to Article 148-bis of the TUF and relevant provisions implementing the Issuer Regulations. The complete list of positions is published by CONSOB on its website in accordance with Article 144-quinquiesdecies of the CONSOB Issuer Regulations.

Composition of the Board of Statutory Auditors up until the Shareholders' Meeting of April 27, 2023

The Company's Board of Statutory Auditors currently in office was appointed by the Shareholders' Meeting held on April 28, 2020 and will remain in office until the approval of the Shareholders' Meeting of April 27, 2023.

The Statutory Auditors were appointed based on a list voting system, pursuant to Article 23 of the Articles of Association and in compliance with applicable laws and regulations. Specifically, a list of candidates was submitted by several asset management companies and institutional investors (owners of a total of 32,243,324 ordinary shares representing 5.29155% of the share capital), which nominated: (a) Elena Spagnol, Massimo Gatto and Chiara Orlandini for the position of Statutory Auditor; (b) Luisa Marina Pasotti and Giacomo Ramenghi for the position of Stand-in Auditor.

The following documents were filed and published along with the two lists, in the manner required:

(i) a statement from shareholders other than shareholders that hold, also jointly, a controlling or relative majority interest, certifying the absence of any connection and/or significant relations with the latter as provided for by Article 147-ter, paragraph 3 of the TUF and Article 144-quinquies of the Issuer Regulations, having also taken note of the CONSOB recommendations in its Communication no. DEM/9017893 of February 26, 2009;
(ii) comprehensive information on the personal and professional characteristics of the candidates included in the list (curriculum vitae and the list of administration, management and control positions they hold in other companies, relevant under law);
(iii) statements whereby individual candidates irrevocably accepted the position (subject to their appointment) and certified, under their responsibility, that there were no grounds for their ineligibility or incompatibility to stand as a candidate, and that they met the requirements of applicable laws, regulatory provisions, the Articles of Association and the New Corporate Governance Code.

The lists, together with the above documents, were filed on the Company's website ("About Us/Governance/Shareholders' Meetings" section).

The Shareholders' Meeting of April 28, 2020, then appointed the Board of Statutory Auditors (comprising three Statutory Auditors and two Stand-In Auditors) for the 2020-2022 period in the persons of Elena Spagnol, Massimo Gatto and Chiara Orlandini, as Statutory Auditors, and Luisa Marina Pasotti and Giacomo Ramenghi, as Stand-In Auditors.

The Shareholders' Meeting also resolved, taking into account the indications from the Board of Directors and the recommendations from the Remuneration Committee, to set the annual remuneration of the Chairman of the Board of Statutory Auditors at €65,000.00 and of the Statutory Auditors at €50,000.00, in addition to an attendance fee of €600.00 for each meeting of the Board of Statutory Auditors and the Board of Directors. In this context, the remuneration was commensurate with the commitment required, the importance of the role covered, the size of the company and the characteristics of its industry sector, also taking into account the assumption by FinecoBank of the role of Parent Company of a Banking Group following its departure from the UniCredit Group, and the consequent greater commitment required from the

Board, which is in line, moreover, with the provisions of the Qualitative/Quantitative Profile of the Board of Statutory Auditors approved on March 11, 2020.

On September 16, 2020, Ms. Elena Spagnol resigned from her position as Chairman of the Board of Statutory Auditors of the Bank, with effect from October 1, 2020, and in compliance with laws and the Articles of Association, the Stand-in Auditor Ms. Luisa Marina Pasotti, also from the list submitted by several asset management companies and institutional investors, took over the position of Statutory Auditor and Chairman of the Board of Statutory Auditors with effect from that date. Moreover, on October 5, 2020, Ms. Chiara Orlandini also tendered her resignation from the office of Statutory Auditor of the Bank, effective as of October 12, 2020 and, pursuant to the provisions of the law and the Articles of Association, the Stand-In Auditor Mr. Giacomo Ramenghi, also drawn from the same list submitted by a plurality of asset management companies and institutional investors, took over the office of Statutory Auditor as of the same date.

At the Shareholders' Meeting held on April 28, 2021, the Shareholders resolved to confirm Ms. Luisa Marina Pasotti and Mr. Giacomo Ramenghi as Chairman of the Board of Statutory Auditors and Statutory Auditor of the Bank, respectively, as well as to integrate the control body by appointing two new Stand-In Auditors: Ms. Lucia Montecamozzo and Mr. Alessandro Gaetano.

To this end, following the self-assessment carried out and the regulatory changes regarding the suitability requirements for bank corporate officers introduced by Ministerial Decree 169/2020, by resolution of March 15, 2021, the Board of Statutory Auditors approved an updated version of the document "Qualitative and quantitative composition of the Board of Statutory Auditors of FinecoBank S.p.A.", which was also submitted to the Board of Directors for information at the meeting held on March 16, 2021. This document is available on FinecoBank's website ("About Us/Governance/Shareholders' Meeting" section).

The table below provides relevant information about each member of the Board of Statutory Auditors in office as of the date of the Shareholders' Meeting of April 27, 2023.

Position	Members	Born in	Date of first appointment (*)	In office since	In office until	List (**)	Indep . New Corpo rate Gover nance Code	Participation in Board of Statutory Auditors' meetings (***)	Number of other positions (****)
Chairman	Luisa Marina Pasotti	1961	April 28, 2020 (Initially appointed as stand-in auditor; subsequently appointed as statutory auditor on October 1, 2020 until the next Shareholders' Meeting on April 28,	April 28, 2021	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	19/19 (100%)	3

			2021)
Statutory Auditor	Massimo Gatto	1963	April 28, 2020	April 28, 2020	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	19/19 (100%)	2
Statutory Auditor	Giacomo Ramenghi	1970	April 28, 2020 (Initially appointed as stand-in auditor; subsequently appointed as statutory auditor on October 12, 2020 until the next Shareholders' Meeting on April 28, 2021)	April 28, 2021	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	19/19 (100%)	3
Stand-in Auditor	Lucia Montecam ozzo	1966	April 28, 2021	April 28, 2021	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	-	-
Stand-in Auditor	Alessandro Gaetano	1962	April 28, 2021	April 28, 2021	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	-	-
			STATUTORY AUDITORS LEAVING OFFICE DURING THE YEAR
/	/	/	/	/	/		/	/	/
	Indicate the number of meetings held during the financial year (up until April 27, 2023): 19
			Quorum required for the submission of lists for the last appointment: 1%
			(*) The date of first appointment of each Statutory Auditor means the date when the statutory auditor was appointed for the first time

(ever) to the Board of Statutory Auditors of the Company.

(**) This column indicates the list that each Statutory Auditor was taken from ("M": member from the majority list; "m": member from the minority list).

(***) This column indicates the participation of the statutory auditors in the meetings of the Board of Statutory Auditors up until the Shareholders' Meeting of April 27, 2023 (indicating the number of meetings attended compared to the total number of meetings that could have been attended; 6/8; 8/8, etc.).

11.2.1 Diversity criteria and policies

Subject to the applicable laws and regulations, on March 13, 2023, the Board of Statutory Auditors approved the above-mentioned Qualitative/Quantitative Profile of the Board for the renewal of the Board, which contains the general guidelines on structure, composition and diversity, both in terms of gender and age and previous professional experience. The Qualitative/Quantitative Profile of the Board has also been drafted taking into account the BCE Guidelines, the Joint EBA and ESMA Guidelines and the EBA Guidelines on Internal Governance. The document is available on the Bank's website Bank in the sections "About Us/Governance/Shareholders' Meeting" and "About Us/Governance/Documents".

A breakdown of the members in office of the Board of Statutory Auditors by age and gender is provided below.

A similar representation is also given with reference to the Board of Statutory Auditors in office until the Shareholders' Meeting of April 27, 2023(28) .

The members of the Board of Statutory Auditors meet the requirements of applicable laws and regulations.

For details of the personal and professional profile of each Auditor, see the information published on FinecoBank's website (www.finecobank.com "About Us/Governance" section).

The members of the Board of Statutory Auditors have not provided advisory services to the Issuer.

After its appointment, the Board of Statutory Auditors verified, among other things, that each member met the independence requirements of the TUF pursuant to Ministerial Decree 169/2020 and the New Corporate Governance Code and sent the results to the Board of Directors.

In particular, with regard to the existence of the independence requirements, no further criteria were applied with respect to those provided for by Article 148, paragraph 3 of the TUF, by any applicable sector regulations, by Ministerial Decree 169/2020 and by the New Corporate Governance Code. The results of the above verifications were published in a press release to the market.

With regard to the application of materiality criteria and thresholds with reference to financial, business and professional relationships (as well as to assumptions of additional remuneration) for the purpose of assessing independence, please refer to Section 4.7 (section "Criteria and

materiality thresholds for assessing independence").

The Statutory Auditors are subject to the limit on the number of positions held pursuant to Article 144-terdecies of the Issuer Regulations. To the best of the Company's knowledge, as at the date of approval of this Report, none of the members of the Board of Statutory Auditors exceeds the limits on the number of board mandates referred to in Article 144-terdecies of the Issuer Regulations. In addition to the above, the table below shows the overall number of positions held by Statutory Auditors in office at the date of approval of this Report (including the position held in FinecoBank). The limit on the accumulation of Directors' positions, in line with the limits prescribed by the CRD IV Directive, Ministerial Decree 169/2020 and the Joint EBA and ESMA Guidelines, was considered to have been observed in light of the applicable weightings for positions held in the same group, for those held in non-commercial companies (not relevant for the purposes of accumulation) and the declarations made by the same.

Name	Total number of positions held by the Statutory Auditors	Number of relevant positions held
Luisa Marina Pasotti Chairman	6 non-executive positions	4 non-executive positions (1 ) (2 )
Massimo Gatto Statutory Auditor	4 non-executive positions	3 non-executive positions (3 )
Giacomo Ramenghi Statutory Auditor	9 non-executive positions	4 non-executive positions (1 ) (2 )

( 1 ) Considering the impact of positions held in non-commercial companies, the total number of positions held complies with the limits set.

( 2 ) Considering the impact of positions in the same group, the total number of positions held complies with the limits set.

(3) In view of his role as a member of the Supervisory Board of the companies in which he is a member of the Board of Auditors.

For the purpose of a more complete and detailed representation of the corporate governance relating to the financial year, a similar table relating to the members of the Board of Statutory Auditors in office until April 27, 2023 is shown below.

Name	Total number of positions held by the Statutory Auditors	Number of relevant positions held
------	-------------------------------------------------------------	--------------------------------------

Luisa Marina Pasotti Chairman	6 non-executive positions	4 non-executive positions (1 )
Massimo Gatto Statutory Auditor	6 non-executive positions	4 non-executive positions (3 )
Giacomo Ramenghi Statutory Auditor	9 non-executive positions	4 non-executive positions (1 ) 2 ( )

( 1 ) Considering the impact of positions held in non-commercial companies, the total number of positions held complies with the limits set.

( 2 ) Considering the impact of positions in the same group, the total number of positions held complies with the limits set.

(3) In view of his role as a member of the Supervisory Board of the companies in which he is a member of the Board of Auditors.

The Statutory Auditors must also take into account the provisions of Article 36, of Decree Law no. 201 of December 6, 2011, converted with amendments into Law no. 214 of December 22, 2011, containing provisions on "personal crossholdings in the credit and financial markets" under which it is forbidden for "those who hold positions in the management, control and supervisory bodies and the senior officers of firms or groups of firms engaged in credit, insurance and financial markets, to accept or exercise similar positions in competing firms or groups of firms" (ban on interlocking directorates). Those who hold incompatible positions must notify the option exercised within 90 days of the appointment. Otherwise, on expiry of this deadline, they shall be removed from both offices. As regards the above, incompatibility due to interlocking positions does not apply for any of the Statutory Auditors in office.

The special authorisation procedure pursuant to Article 136 of the TUB applies, in the case of obligations of any kind or sale transactions undertaken by members of the Board of Statutory Auditors, directly or indirectly, with the bank in which they hold a position.

Statutory Auditors that have an interest in a specific transaction of the Issuer, on their own account or on behalf of others, must promptly inform other Statutory Auditors and the Chairman of the Board of Directors in detail regarding the nature, terms, origin and extent of their interest.

* * *

Article 24 of the Articles of Association establishes that, in order to properly perform its tasks, and in particular to fulfil its obligation to promptly inform the Bank of Italy, and other Supervisory Authorities where required, on management irregularities or regulatory violations, the Board of Statutory Auditors is vested with the broadest powers provided for by current laws and regulations.

The Board of Statutory Auditors, without prejudice to any other or more specific duty and power assigned to it by primary and secondary laws and regulations in force, monitors compliance with laws, regulations and the Articles of Association, as well as proper management, the adequacy of organisational and accounting arrangements of the Bank, the risk

management and control system, and the functioning of the overall internal control system, the independent audit of the accounts, the independence of the external auditors, and the financial reporting process.

In performing its duties, the Board of Statutory Auditors liaises with the Internal Audit function and the Risk and Related Parties Committee, through ongoing communication and the exchange of information, and by taking part in meetings of the aforementioned Committee.

Subject to the right of all Statutory Auditors to attend the meetings and the duty to attend the meetings of the Risk and Related Parties Committee for the Chairman of the Board or another Auditor designated by that Chairman, the Chairman of each board committee may invite the Chairman of the Board of Statutory Auditors or another auditor designated by him/her.

* * *

The Chairman of the Board of Directors ensures that Statutory Auditors can take part, after their appointment and during their term of office, in the most appropriate way, in initiatives to give them adequate knowledge of the sector in which the Issuer operates, of company dynamics and their evolution, principles of correct risk management as well as the applicable legal and selfregulatory framework. During the Year, all the Statutory Auditors took part in "induction and training courses" referred to in Paragraph 4.5. of this Report, and in specific cases in external courses.

* * *

The Board of Statutory Auditors met forty-one times during the financial year. Each meeting lasted on average three hours and thirty-three minutes. With reference to the 2024 financial year, without prejudice to further meetings that will be planned on the basis of needs, a minimum of thirty-five meetings of the Board of Statutory Auditors have been scheduled, of which nine have already been held at the date of approval of the Report.

For further information on the establishment, duties and functioning of the Board of Statutory Auditors, see the chapter "Board of Statutory Auditors" of FinecoBank's Corporate Bodies Regulations, available on the Issuer's website.

11.2.2 Self-Assessment

The self-assessment process conducted in respect of the Board of Statutory Auditors appointed in April 2023 is currently ongoing.

With regard to the Board of Statutory Auditors in office until the date of the Shareholders' Meeting of April 27, 2023, pursuant to the provisions of the Corporate Bodies Regulations adopted in compliance with the Supervisory Regulations on Corporate Governance and the recommendations of the New Corporate Governance Code, in relation to 2022, the Board of Statutory Auditors carried out its annual self-assessment, which confirmed the suitability of all members of the Board of Statutory Auditors and the adequacy of the composition of the Board with respect to the requirements set forth by the applicable regulations, as well as a balanced distribution of competences within the Board. The Board reported on this self-assessment during the meeting of the Board of Directors held on March 14, 2023.

12. RELATIONS WITH SHAREHOLDERS

Access to information

The Company considers it in its own interests and a duty towards the market to engage with its shareholders and institutional investors, in compliance with the procedure for disclosing company documents and information to the market, and in general in compliance with laws and regulations governing the disclosure of inside information applicable to listed companies.

In this context, the Company considers the Shareholders' Meeting as an important opportunity for shareholders and directors to engage, and consequently adopts measures that encourage shareholders to take part in the Shareholders' Meeting and exercise their right to vote. In this respect, subject to the conditions described in Paragraph 13, below, Shareholders' Meetings are held on single call, in accordance with Article 7 of the Articles of Association.

Pursuant to Article 135-undecies of the TUF, the Company may designate, for each Shareholders' Meeting, by means of a specific indication contained in the notice of call, a person (the so-called Designated Company Representative) to whom shareholders may grant proxy with voting instructions on all or some of the proposals on the agenda, within the terms and according to the procedures provided for by law.

Relations with institutional investors are, on the other hand, handled by the Investor Relator, whose task is to report continually to the Company's Senior Management on requirements concerning disclosure to the financial market and in particular to investors.

The Investor Relator is therefore the point of contact between the Issuer and the market and works with the entire company to maintain and promote compliance with regulations on company reporting.

Dialogue with shareholders

With a view to the pursuit of "sustainable success" by listed companies, the New Corporate Governance Code assigns the latter's Board of Directors the task of "promoting, in the most appropriate forms, dialogue with shareholders and other stakeholders relevant to the company" (New Corporate Governance Code, Principle IV).

Recommendation 3 of the Code further specifies that, in the Report on the corporate governance, companies should adopt and describe a policy for managing dialogue with all shareholders, also taking into account the engagement policies adopted by institutional investors and asset managers.

To this end, at its meeting of December 16, 2021, the Bank's Board of Directors approved a specific "Policy for managing dialogue with the Financial Community" aimed at defining the set of rules, responsibilities and processes for conducting and managing dialogue with the Financial Community, in line with the recommendations of the New Corporate Governance Code, the Assonime Principles, the engagement policies adopted by institutional investors and asset managers, and the related international best practice (the "Policy").

Under this Policy, the dialogue is managed in accordance with the principles of transparency of information provided to the Financial Community, ensuring that it is clear, complete, truthful and not misleading. The Bank also respects the principle of equal treatment of the bearers of financial instruments issued by the Company and the provisions of the applicable laws and regulations, with particular attention to those relating to the banking and listed issuer nature of

the Company (especially the regulations on market abuse and inside information), as well as the internal rules of governance, in full cooperation and transparency with the supervisory authorities.

In the course of the Financial Year, the following topics in particular are emphasised: main questions related to the guidance on net interest income and the development of deposits, investing and managed deposits in the current rate environment.

Specifically, the Policy is divided into 4 main sections and related sub-sections, the contents of which are summarised below:

1. Introduction

The introductory part, in addition to listing the definitions used in the text, is devoted to the purpose and scope of the Policy by recalling the recommendations of the New Corporate Governance Code, as well as the principles of transparency of information provided to the financial community, equal treatment of financial instrument holders and the legal and regulatory provisions applicable to the Bank in its capacity as a listed issuer. It also identifies the applicable regulatory framework, at both European and national level.

2. Conduct of the Dialogue between the Company and the Financial Community

The second part is divided into sub-sections, each of which governs more specifically the individual elements that constitute the dialogue with the Financial Community. The following are identified in particular:

• examples of topics that may be the subject of dialogue: these include topics relating to corporate strategy, business, remuneration and corporate governance;

• the Company actors involved in the dialogue by defining their respective roles and tasks: the Board of Directors, the Responsible Director, the Contact Point (i.e. Investor Relations) and any other relevant structures involved. The Chairman is given an active role with regard to corporate governance, as well as accompanying/supporting the Responsible Director identified, pursuant to the Policy, as the Managing Director, for the remaining topics;

• the tools for conducting the dialogue and, therefore, the channels that can be used to disseminate complete, transparent and timely information: press releases, periodic meetings with the financial community, the Company's website, Investor days, shareholders' meetings;

• activation of dialogue and timing. Two different ways of activation are identified: upon request from the Financial Community or on the Company's initiative. Meetings can be held in one of the following ways: one-way, two-way, individual, and collective. In accordance with the Assonime Principles, it is also specified that if a Director receives a request for dialogue from an investor, he/she must refrain from initiating the dialogue and promptly inform the Corporate Law & Board Secretary's Office and Investor Relations, which will follow the procedure established with regard to the process for activating the dialogue;

• the evaluation criteria to be taken into account by the Managing Director – where applicable in agreement with the Chairman – for the purposes of accepting or rejecting requests for dialogue;

• acceptance or rejection of the request for Dialogue. The Managing Director – where applicable in agreement with the Chairman – with the support of Investor Relations and the

specialised Functions involved from time to time, decides whether to (i) accept the request for Dialogue as received from the Stakeholder; (ii) accept the request for Dialogue but establishing that it shall be conducted in a different manner from that requested by the Stakeholder; (iii) reject the request for Dialogue on the grounds of the Bank's best interests, assessment criteria and other circumstances that may be relevant. The Policy specifies that Investor Relations, in coordination with the Specialised Functions involved from time to time, shall ensure timely communication to the Stakeholder of the decision taken by the Bank, giving reasons for any refusal;

• the procedures for conducting the dialogue if the request is accepted, which envisage the support of the Investor Relations function and, where appropriate, of the other functions concerned in each case.

3. Information flows within the Dialogue

The third section is devoted to information flows within the dialogue and specifically envisages the following steps: (i) preparing a report of requests not accepted (accompanied by the reasons for the rejection) and of the dialogue conducted by Investor Relations in coordination with the other competent structures concerned; (ii) sending that report to the Managing Director to enable him/her, in agreement with the Chairman of the Board and any Director who took part in the dialogue, to inform the Board of Directors. On the understanding that in the presence of matters of particular importance or interest or of necessity, the person who has directly participated in the dialogue has the duty to promptly inform the Managing Director and the Chairman. The Chairman is in any case responsible for ensuring that the Board is promptly informed of the developments and significant content of the various forms of dialogue.

4. Adoption of the policy, disclosure and updates

The last section of the Policy describes the process for approving the document, which is the responsibility of the Board of Directors – upon proposal from the Chairman, formulated in agreement with the Managing Director – after examination by the Corporate Governance and Environmental and Social Sustainability Committee. In addition, as mentioned above, the Policy, as well as the management of the dialogue with the Financial Community, must be reported annually in the Report on Corporate Governance and Ownership Structure. Subsequent updates to the document follow the process described above

The "Policy for managing dialogue with the Financial Community" is available on the Bank's website www.finecobank.com (About Us/Investors) to which reference is made for further details.

* * *

The Company has created a specific section on its website www.finecobank.com – which is easily identifiable and accessible – with information on the Company that is significant for shareholders, to enable them to exercise their rights in an informed manner. In particular, the section includes updated information on the Company and services offered, key documents on corporate governance, as well as all press releases on main company events, in addition to financial and accounting information. Information on the website is updated as promptly as possible, to guarantee the transparency and effectiveness of the disclosure to the public.

13. SHAREHOLDERS' MEETINGS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER C) OF THE TUF)

In compliance with regulatory and legal provisions in force, the Ordinary Shareholders' Meeting, pursuant to the Articles of Association, is convened at least once a year, within 120 (one hundred and twenty) days from the end of the financial year, to resolve on items in its remit as established by the applicable regulations and the Articles of Association. The Extraordinary Shareholders' Meeting is convened whenever there is a need to resolve on items in its remit as established by the applicable regulations.

The Shareholders' Meeting is convened as one session in compliance with laws in force, however, in order to maintain adequate organisational flexibility, the Articles of Association establish that the Board may convene several sessions for individual Shareholders' Meetings.

Meetings are convened within the legal deadlines, by notice published on the Company's website, and through the other methods envisaged by the applicable regulations. The Agenda set within the deadlines set by and the Articles of Association, by the person with powers to convene Shareholders' Meetings.

Before the deadline for publishing the notice convening the meeting, based on each item on the agenda – or another deadline set by law – the Board of Directors makes available to the public a report on each item on the Agenda.

The Agenda may be supplemented – according to the circumstances, procedures and deadlines established by the applicable regulations – by shareholders that, also jointly, represent at least 2.5% of the share capital. Shareholders that request the addition of an item to the agenda must prepare a report stating the reasons for the proposals to resolve on the new items. Shareholders may also submit further proposals for resolutions on items already on the Agenda, giving the related reasons.

The Shareholders' Meeting meets at the Registered Office of the company or at another venue in Italy, indicated in the notice of meeting, and resolves with the majorities established by the applicable regulations.

Quorums are not envisaged in the Articles of Association, therefore in order for the Shareholders' Meeting to be duly established and for resolutions to be passed, laws in force shall be observed.

Pursuant to the Articles of Association, and in line with laws in force on remuneration and incentive policies and practices issued by CONSOB, and, for banks and banking groups, issued by the Bank of Italy, the Ordinary Shareholders' Meeting establishes the fees of the bodies it appoints, and also approves: (i) remuneration policies for Board Directors, employees and persons working for the company on a self-employed basis; (ii) remuneration plans based on financial instruments; (iii) payments agreed on in the event of the early termination of employment or early termination of an appointment, including the limits established for said fees in terms of annual fixed remuneration.

When approving remuneration policies, the Shareholders' Meeting may increase the limit of the ratio between variable and fixed remuneration up to a maximum of 2:1 or, if lower, to the maximum allowed by the applicable regulations. The Shareholders' Meeting votes on the Company's policy on the remuneration of the members of the Board of Directors, the General Manager and Key Management Personnel, and the procedures used to adopt and implement that policy.

13.1 Legitimation, procedures for taking the floor and voting

Pursuant to the applicable regulations, referred to in Article 8 of the Articles of Association, persons may take part in the Shareholders' Meeting and exercise their voting rights following notification sent to the Company, within the legal established time limits, by the intermediary authorised by law to keep the accounts, based on entries in accounting records relative to the end of the accounting day of the seventh open market day prior to the date established for the Shareholders' Meeting convened as a single session, or as a first session if the Board of Directors has planned for further sessions to take place.

The Articles of Association enable shareholders to take part in the Shareholders' Meeting using telecommunication means and to exercise voting rights digitally. The decision to activate these means is taken by the Board of Directors for each Shareholders' Meeting.

Pursuant to Article 8 of the Articles of Association, each shareholder who is entitled to take part in Shareholders' Meetings can be represented by written proxy by another person, who is not necessarily a shareholder, provided this complies with legal provisions. Voting by proxy may also be authorised by a document signed digitally in accordance with the applicable regulations and notified to the Company at the email address and according to procedures indicated in the notice of meeting, or by means envisaged by the applicable laws and regulations.

In accordance with the best practice that sees the attendance of Directors at Shareholders' Meetings as an important opportunity for discussion between the Directors themselves and the Shareholders, the Shareholders' Meetings of the Company are normally attended by all Directors.

The Board reports to the Shareholders' Meeting on past and planned activities within the context of the Directors' Report on Operations. It acts to ensure shareholders are given sufficient information on items necessary for them to make informed decisions during Shareholders' Meetings, in particular making sure that reports of Directors and additional information are made available within the deadlines set by the applicable laws and regulations.

During the Financial Year, a Shareholders' Meeting was held in April. The Shareholders' Meeting, convened in ordinary and extraordinary session, discussed, among other things, the approval of the financial statements, the renewal of the Board of Directors and the Board of Statutory Auditors, as well as the granting of proxies to the Board of Directors in order to resolve capital increases to implement the 2022 and 2023 Incentive Schemes. The Shareholders' Meeting was held with the participation of the Shareholders through the Appointed Representative, and it was attended by 4 Directors in audio-video conference, notwithstanding the physical presence in the meeting room of the Chairman of the Board, the Chief Executive Officer, the outgoing Deputy Chairman and two Directors, as well as the Chairman of the Board of Statutory Auditors and the two Standing Auditors.

13.2 Proceedings of shareholdings' meetings

In accordance with the best practices in the sector, on the proposal of the Board of Directors, the Shareholders' Meeting adopted regulations to govern the orderly and functional proceedings of its meetings (hereinafter, the "Meeting Regulations"). The Regulations for Shareholders' Meetings are available on the Company's website ("About Us/Governance/Documents" section).

Under Article 8 of the Regulations for Shareholders' Meetings, persons who are entitled to take part in Shareholders' Meetings may take the floor regarding each item to be discussed. Persons

intending to take the floor shall request permission from the Chairman, submitting a written request with details of the issue the request refers to, after the Chairman has read the items on the Agenda and until he/she declares the discussion on the issue that the request refers to as close. The Chairman may authorise requests to take the floor to be made with a show of hands, and in this case persons take the floor in the alphabetical order of their surnames.

Article 10 of the Articles of Association also establishes that the Chairman is assisted by a Secretary, selected by the attendees, who may also be a non-shareholder, by majority of those present. Other than in the cases provided for by law, when the Chairman considers it appropriate, a notary may perform the function of Secretary, selected by the Chairman.

13.3 Significant changes in capitalisation and composition of the company structure

The capitalisation of FinecoBank stood at €8,295 million as at December 31, 2023.

No proposals were made to the Shareholders' Meeting for amendments to the Articles of Association regarding the percentages established for the exercise of the shares and the prerogatives imposed for the protection of non-controlling interests.

14. ADDITIONAL CORPORATE GOVERNANCE PRACTICES

Among the corporate governance practices – in addition to those already indicated above – actually applied by the Company beyond the obligations established by laws or regulations, it should be noted that - in compliance with the reference regulatory framework (Legislative Decree 24/2023 and Supervisory Provisions on Corporate Governance - Part I, Title IV, Chapter 3, Section VIII), the Company has adopted a system for the internal reporting of violations (whistleblowing).

In this context, the Company has appointed the Head of the Compliance Function as the person responsible for the whistleblowing process, with the necessary autonomy and independence from control functions. This position ensures proper management of the procedure and reports directly and without delay to corporate bodies on information reported, where relevant.

Also in the tax sphere, we would like to point out the meaningful involvement of top management, with reference to the tax risk control management system, whose effectiveness and adequacy is shared annually with the Revenue Agency within the so-called "cooperative compliance" regime, as per Articles 3 to 7 of Legislative Decree 128, of August 5, 2015, to which the Company has been admitted since 2017.

In fact, within the framework of the aforementioned system, in compliance with the obligations provided for, under the above-mentioned collaborative compliance regime, the Head of the Taxation and Consultancy Unit shares, with the Management and Control Bodies, the annual report on the management of tax risk containing, in particular, the relevant tax information concerning the Group (i.e., the tax compliance carried out, the audit activities, findings, the mitigation governing bodies taken to remedy any anomalies detected, as well as the planned activities) for consideration and consequent assessments.

In this context and in confirmation of the high level of sensitivity in terms of tax risks, the Bank has adopted, by resolution of the Board of Directors, (i) the Group's tax strategy, concerning the guidelines and principles adopted by the Bank in managing tax issues and, in particular, the risk associated with them (whether of a sanctioning or reputational nature) in line with its strategic objectives and in accordance with OECD recommendations; (ii) in December 2020, the "Escalation procedure for the analysis and assessment of tax risk and interaction with the Inland Revenue", which aims to inform the Bank's units about the importance of tax issues and assigns the Taxation and Consulting Unit the task of assessing and measuring tax risk, as well as involving senior management in that assessment, in accordance with the provisions of the escalation process.

In particular, the involvement of senior management (CFO, Chief Executive Officer, Board of Directors, after informing the Risk and Related Parties Committee) is graded on the basis of the materiality of the risk or the nature of the damage, both economic and reputational, that taking on tax risk could entail for the Bank.

15. CHANGES SINCE THE END OF THE REPORTING YEAR

No changes in the corporate governance structure have occurred after the end of the Financial Year, other than those specifically described in the Report.

To this end, it is recalled that the Board of Directors in its meeting of December 14, 2023 resolved - effective April 1, 2024 - to reorganise the Compliance Function, aimed at increasing the supervision of specific areas. Please refer to Section 9 for details.

16. CONSIDERATIONS ON THE LETTER OF DECEMBER 14, 2023 FROM THE CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE

The Chairman of the Board of Directors received and informed the Board, during the meeting of January 16, 2024, of the recommendations in the letter of December 14, 2023 of the Chair of the Corporate Governance Committee. The contents of this letter were reported to the Corporate Governance and Environmental and Social Sustainability Committee, the Remuneration Committee, the Appointments Committee and the Risk and Related Parties Committee, in the meetings of January 11 and 12, and the meetings of March 7, 8 and 11, 2024 respectively. The recommendations made in the letter have also been submitted to the Board of Statutory Auditors for the aspects within its remit.

Having examined the issues and principles set forth in the letter, the Directors believe that the Company's governance is consistent and substantially aligned with the recommendations set forth in the letter.

Specifically, with regard to recommendations concerning pre-filing disclosures and guidelines on the optimal composition of the board, please refer to Sections 4.4 and 4.2 of the Report, where the procedures adopted by the Bank in these areas are described in detail and which attest to the Bank's compliance with the recommendations of the Corporate Governance Committee (timing of the pre-Board meeting disclosure extended - with no exceptions in terms of subject matter - to 5 calendar days prior to the Board meeting, definition by the Board of Directors (and also by the Board of Statutory Auditors) of its qualitative and quantitative composition considered optimal for the effective performance of the tasks and responsibilities entrusted to the Board, of which adequate disclosure is provided to shareholders).

With regard to the recommendation regarding the approval of the company's strategy, the Board - while considering that the Bank is already aligned with Principle I of the New Corporate Governance Code, Recommendation 1, lett. a), which requires that the Board "examine and approve the business plan of the company and the group it heads, also based on the analysis of the issues relevant to the generation of long-term value carried out with the possible support of a committee whose composition and functions are determined by the Board of Directors" - has considered specifying in Section 4.1.1 of the Report, relating to the duties of the Board of Directors, the process adopted for the approval of the 2024-2026 Multi-Year Plan.

Finally, as to the recommendation on super-majority voting, it is considered not applicable to the Bank as this option is not provided for in the Articles of Association.

ANNEX 1

CURRICULA VITAE OF THE COMPANY OFFICERS IN OFFICE AT THE DATE OF THIS REPORT

Marco Mangiagalli - Chairman

Marco Mangiagalli, a graduate in Political Economics from the Università Commerciale Luigi Bocconi, spent most of his career with the Eni Group. He has also worked in the Barclays Group in Italy and in the Nuovo Banco Ambrosiano Group. At Eni he held various positions of increasing responsibility until taking on the position of Chief Financial Officer from 1993 to 2008.

He has served on the Board of Directors of numerous companies, including: Agip S.p.A., Polimeri Europa S.p.A., Nuovo Pignone S.p.A., Snamprogetti S.p.A., Saipem S.p.A., Eni International Holding B.V., Eni International Bank Ltd, Albacom S.p.A., Emittenti Titoli S.p.A., Oil Investment Corp., Snam Rete Gas S.p.A., Falck Renewables S.p.A. He was Chairman of Eni Coordination Center S.A. and Enfin S.p.A..

He was a member of the Supervisory Board, Chairman of the Risk Committee, Chairman of the Remuneration Committee and member of the Related Party Transactions Committee of Intesa Sanpaolo S.p.A. in different periods from 2010 to 2016. Following the adoption of the one-tier system by Intesa Sanpaolo S.p.A., he also held the position of member of the Board of Directors and Chairman of the Management Control Committee of the Bank for the three-year period 2016-2019.

He has also held the following positions:

2009-2014: member of the Board of Directors and the Control and Risk Committee of Luxottica S.p.A.

2011-2013: member of the Board of Directors and the Control and Risk Committee and Corporate Governance Committee of Autogrill S.p.A.

2008-2010: Chairman of Saipem S.p.A.

He was a member of the Senior Advisory Board of the investment fund Global Infrastructure Partners from 2011 to 2017.

Currently, in addition to his position as Chairman of FinecoBank, he holds the following positions: (i) Chairman of the Board of Directors of E.I. Towers S.p.A. and (ii) member of the Board of Directors of Finarvedi S.p.A..

Gianmarco Montanari – Vice Chairman

Gianmarco Montanari is General Director of the Most Foundation (National Research and Development Foundation on Sustainable Mobility).

Previously, he was General Director of the Italian Institute of Technology in Genoa, City Manager (i.e. Managing Director) of the City of Turin after working for twenty years as a manager in top positions in the Automotive, Financial Services, Management Consulting and Central Public Administration sectors, always managing processes of reorganization and digital transformation of complex companies with modern organization.

He received a degree in Management Engineering from the Politecnico of Turin followed by four other degrees in Management, Economics, Political Science and Law and is formally certified as a F.I.G.C. Sports Management Collaborator, ACOI Coach and OIV Band 3 by the Ministry of Public Administration.

Over the years, he has achieved numerous specializations at the main International Business Schools (i.e. Harvard Business School, IMD, INSEAD, Columbia University, Bocconi) on management, innovation, digitization, high-tech and governance including:

Board Director Diploma awarded with Distinction, IMD of Lausanne;
International Directors Program, at INSEAD;
Making Corporate Board More Effective, at the Harvard Business School.

He has been a member of numerous boards of private and public companies including the Turin Transport Group, Agenzia delle Entrate in Italy and AGID (Digital Italian Agency).

He was honoured first as 'Cavaliere' of the Italian Republic and then as an 'Ufficiale al Merito' of the Italian Republic.

He is the author of the book 'Tech Impact. Luci ed ombre dello sviluppo tecnologico' ('Tech Impact. The Lights and Shadows of Technological Development') and many other publications, as well as being an authoritative speaker on innovation, technology and change management.

He is the inventor of IED® Intergenerational Environmental Debt.

Currently, in addition to being Deputy Chair of the Board of Directors and Chairman of the Remunerations Committee of FinecoBank, he is also a member of the Board of Directors of Reale ITES, a leading provider of IT and related services, as well as an Independent Director and Member of the Remuneration Committee of the Tinexta Group, a company listed in the Star segment and a leading European operator in four business areas: Digital Trust, Cybersecurity, Credit Information & Management and Innovation & Marketing Services.

Alessandro Foti – Chief Executive Officer and General Manager

Alessandro Foti graduated with honours in Business and Economics from Bocconi University of Milan in 1984.

He began his professional career in the Financial Management Office of IBM in 1985. After three years of experience in Montedison S.p.A., where he became Head of financial coordination of the group's affiliate companies, in 1989 he joined Fin-Eco Holding S.p.A., with responsibility for capital market operations. In 1993 he became the Head of the operational section for administration, asset management and trading of Fin-Eco Sim S.p.A.. After being appointed as a member of the Board of Directors, General Manager and Managing Director, in 2002 he became Chairman of Fin-Eco Sim S.p.A.. After three years of experience as a member of the Management Committee of Assosim, in October 1999 he was appointed as a member of the Board of Directors of FinecoBank.

In 2001, he became a member of the Supervisory Board of Entrium Direct Bankers AG. From 2003 to 2005, he was a member of the Board of Directors of Ducati Motors Holding S.p.A. and General Manager of FinecoGroup S.p.A. (a company listed on the Midex segment of the Milan Stock Exchange).

From October 1999 to December 2000 he was a member of the Board of Directors of FinecoBank. From December 2000 to date he has served as Chief Executive Officer of FinecoBank and from July 2014 also as General Manager. From May 2010 to January 2015 he was Vice Chairman of the Supervisory Board of DAB Bank AG. From April 2012 to April 2014 he was a member of the Management Committee of Assoreti. From 2013 to 2019 he has been a member of the Executive Management Committee of UniCredit Group. Since April 2014 he has been Director and Vice Chairman of Assoreti. He has been a member of the Board of Directors of Borsa Italiana S.p.A. from July 2014 to October 2020.

In 2017, 2018, 2019 and 2022 he was awarded by Institutional Investor as best CEO in Europe in the banking industry for the Small&Mid Cap category.

Since 9 November 2018 he has been a member of the Board of Directors of Bocconi University of Milan.

On 3 October 2023 he was awarded an honorary degree in Management Engineering by the University of Salento.

Patrizia Albano – Director

Patrizia Albano, graduated with honors in Law from University 'La Sapienza'in Rome, is registered with the Bar Association of Rome.

She began her activity working as an internal lawyer at Istituto Mobiliare Italiano S.p.A. from 1981 to 1999, then moved to San Paolo IMI S.p.A. as Head of the Central Legal Department of the Major Customers Division until 2000.

She was General Counsel of IBI (today, Alerion Clean Power S.p.A.) and Head of the Corporate Secretariat of Risanamento Napoli S.p.A. and Fincasa S.p.A., both listed on the Italian Stock Exchange.

From 2003 to 2007, Ms. Albano worked at Studio Legale Carbonetti. .

Since 2007 she has been practicing at her own firm in Rome and Milan in the field of corporate law and is mainly involved in corporate consulting and capital transactions, banking and financial transactions, as well as institutional and corporate compliance (privacy, anti-money laundering, security, administrative liability of legal persons pursuant to Law 231/2001).

Since 2008 until may 2021 she advised the Prada Group on an ongoing basis. In particular, she assisted Prada S.p.A. in its listing on the Hong Kong Stock Exchange and held the position of Head of the Group's Corporate Affairs Department, Board Secretary, and Company Secretary. In this area, she dealt with the governance and corporate legal issues of the listed Parent Company and subsidiaries in Italy and worldwide; supervised the Corporate Secretary, the Shareholdings, compliance and extraordinary transactions. She represented the company at Assolombarda, where she held the position of Chairman of the Fashion and Design Group from February 2015 to January 2018.

In the period April-October 2015 she was a member of the Board of Directors of Banca Carim – Cassa di Risparmio di Rimini S.p.A. In the period June-December 2016 she also held the position of Director of Mediacontech S.p.A.. In the period April 2020/March 2022 she also held the position of Chairman of Supervisory Body of Fiocchi Munizioni S.p.A..

To date, she holds the following positions: (i) member of the Board of Directors, Corporate Governance and Environmental and Social Sustainability Committee, and Nomination Committee of FinecoBank S.p.A. (since 2017); (ii) Effective Auditor of the Board of Statutory Auditors of Artemide Group S.p.A. and the Board of Statutory Auditors of Artemide S.p.A. (since 2014); (iii) member of the Board of Directors of Piaggio & C. S.p.A. (since 2018); (iv) Deputy Auditor of Edison S.p.A. (since 2020); (v) Member of the Investment Committee of BeCause Sicaf SpA (since 2022); and (vi) member of the Board of Directors of Milanosesto S.p.A. (since 2023).

Elena Biffi - Director

Elena Biffi graduated with honors in Political Economics from Bocconi University and has worked in the financial-insurance sector since 1989, developing mathematical models for optimisation, risk analysis and evaluation.

Independent Director of FinecoBank, Arnoldo Mondadori Editore, REVO Insurance as well as being Insolvency Official Receiver of "Concordia SpA in LCA" (appointed by IVASS).

She is founding partner of EM Associates (2002) and SEM Data (2021), a technology consultancy and provider of Technology Business Management solutions.

Member of the Advisory Board at Assofintech, the Italian Association for fintech, insurtech and proptech.

Member of the Friend of the Sea (World Sustainability Organization) Technical Committee for sustainability, respect, and promotion of the Marine Environment.

Member of the Javotte Bocconi Institute.

Mentor and investor of innovative benefit startups.

Member of AIFIRM (Italian Association of Financial Industry Risk Managers).

In the past, she was:

Chairman of the Board of Statutory Auditors and the SB under Legislative Decree 231/2001 of Fondartigianato (appointment of the Ministry of Labor and Social Policies).
Independent Director of REVO SPAC and Elba Assicurazioni, Mediolanum S.p.A., Mediolanum Vita and Mediolanum Assicurazioni;
Member of the supervisory body of the Vittoria Lavoro pension fund (nine years period);
Co-founder at CSIP, Certified Sustainability Insurance Partners, for sustainability in the insurance sector.

Between 1991 and 2001, she worked at Studio Attuariale G. Ottaviani, at Grant Thornton Assicurazione & Finanza (as CEO), and at Shandwick Corporate Communication.

In 1995, she specialized in financial risks at the Scuola Normale Superiore of Pisa; she was a researcher, lecturer and professor at the Catholic University of the Sacred Heart and Sapienza of Rome in quantitative subjects.

She wrote several publications, lately: Sustainability Game (with M. Pedol, S. Melzi), in "Corporate Social Responsibility and Environmental Management, Vol. 28, Issue 4. I quattro cavalli, Franco Angeli, 2022. Ecosistema d'argento (EA): un modello sostenibile; I bisogni degli anziani: le risposte del nuovo welfare e della silver economy.

Giancarla Branda - Director

Giancarla Branda graduated in Law and Economics from La Sapienza University in Rome, where she also obtained a postgraduate diploma in banking. She works as a tax lawyer and is an expert in business income and indirect taxation in the industrial and financial sector. She has carried out numerous due diligence assignments related to the acquisition and privatisation of banking and financial companies. She provides technical assistance in tax litigation at the levels of merit and legitimacy.

She is currently a non-equity partner of Studio Salvini e Soci - Studio Legale e Tributario fondato da F. Gallo.

In the course of her career she has gained the following experience:

1994-2000: Associate Attorney at Law and Tax Firm Ernst & Young International

1988-1994: Associate Attorney at KPMG International Legal and Tax Firm

During the 12th Legislature she collaborated, as an independent technical consultant, with the President of the Finance Committee of the Chamber of Deputies on the drafting of legislative texts on tax matters.

She has taught at the Higher School of Economics and Finance as well as in postgraduate master'sdegrees.

To date, in addition to her role as a member of the Board of Directors and of the Remuneration Committee of FinecoBank, she holds positions on the boards of directors and auditors of major Italian listed and unlisted companies. She is also a member of the Supervisory Committee of Banca Network Investimenti in compulsory administrative liquidation by appointment of the Minister of Economy and Finance at the proposal of the Bank of Italy.

Maria Lucia Candida - Director

Maria Lucia Candida graduated in Economics and Commerce from LUISS in Rome in 1982 and obtained a Master's degree in Corporate Crisis Law from La Sapienza University in Rome in 2016.

She began her professional career in 1983 at Istituto Mobiliare Italiano - IMI, first in the Research Office and later in the Finance and Investments Department. In 1997, she became the Head of the Regional Office in Rome.

Following the merger between IMI and Istituto San Paolo, she assumed responsibility for the Tusco-Emilian Area of San Paolo IMI. In 2006, she became the CEO of CARISBO. She has also served as the CEO of Neos Banca and the CEO of the Istituto per il Credito Sportivo.

From 2016 to 2017, she served as Independent Member of the Board, member of the Internal Controls and Risks Committee and the Remuneration Committee of Veneto Banca.

From 2016 to 2019, she was the Vice President of Bancapulia.

From 2019 to 2022, she served as Independent member of the Board, member of the Risk Committee, and the chairman of the Nominations Committee of Banca Intermobiliare (now Banca Investis).

She is registered in the Register of Statutory Auditors.

Paola Generali - Director

Since 2003 Paola Generali is Ceo and Managing director of Get Solution, leading consultancy company in the field of Compliance, Cybersecurity and Governance. She has extensive experience as a manager and consultant, especially in the field of Compliance and Security Informative Systems.

She is also President of Assintel (National Association of ICT Companies of Confcommercio); President of EDI.IT Srl Confcommercio Digital Innovation Hub; National Advisor of Confcommercio - Imprese per l'Italia; Board Member: "Digital transformation and Technology" at city of Milan, Member of the Board of Directors Tinexta S.p.A.; President of OpenT S.p.A. and Member of the Board of Directors Study Center Guglielmo Tagliacarne.

She holds Master's degree in Banking, Finance and Insurance Sciences from "Università Cattolica di Milano", where she graduated with top marks in 2000.

Marin Gueorguiev - Director

Marin Gueorguiev graduated in Economics and Business from Ca' Foscari University of Venice in 1998.

In 2002, he obtained the Chartered Financial Analyst (CFA) designation. Currently, he holds the position of board member and co-president of the Advocacy Committee at CFA Society Italy.

For over twenty-five years, he has been providing management consulting services, with a specific focus on risk management, internal control systems, and structured finance, working with companies active in the financial services and Energy & Utilities sectors, both in Italy and across Europe.

Throughout his career he has gained the following significant experience:

2018-2019: Co-founder of Quantum S.r.l. (big data analytics IT consulting).
2009-2017: Managing Director, Risk & Compliance of Protiviti.
-2007-2009: Senior Manager, Finance & Risk of Oliver Wyman.
2004-2007: Director of Protiviti.
-1997-2004: Senior Manager, Capital Markets and Audit of Deloitte.

Arturo Patarnello - Director

Arturo Patarnello is full Professor of Banking at Università di Milano-Bicocca. Courses held: Banking (Undergraduate Degree, 3-year program), Bank Management (Postgraduate Degree, 2 year program).

He has been previously appointed as Dean at the School of Economics and Statistics, Università di Milano-Bicocca and from October 2018 until July 2020 was Head of the Department of Business and Law in the same university.

Among the research topics he is mainly interested in studies concerning corporate banking and lending policies in banking, risk management and credit rating models, banking and financial markets regulation, organizational structures of financial institutions and banks' business models.

He acts both as an independent advisor and as an expert appointed by the Università di Milano-Bicocca, providing advisory support to bank institutions, non-financial firms and public entities on strategic, regulatory and managerial issues, mainly concerning risk management and internal control systems and processes in financial institutions, reengineering of corporate processes and organizational designs in non-financial firms, company evaluation, workout and debt restructuring of firms.

He was member of supervisory committees in recovery and resolution procedures of banking institutions and investment firms (appointed by Banca d'Italia, Rome).

He also provided professional advice as an independent expert, appointed by Consiglio di Stato, Rome, on issues concerning the structure and functioning of the Italian energy markets.

Since 2017 he is co-founder and member of the board of MindLab srl, spinoff of the Milano Bicocca University, a project aimed at providing web-based advisory and professional services (strategic, legal and organizational).

Maria Alessandra Zunino de Pignier - Director

Maria Alessandra Zunino de Pignier, graduated in Economics from the Catholic University of Milan, is a registered accountant and a registered auditor.

Since 1995 she has been working as a consultant for banks and financial intermediaries, on topics related to governance, AML/FT, compliance, internal audit, risk and personnel training, after having gained number of working experiences in asset management and financial services. She is co-founder of Alezio.net Consulting S.r.l.. As in the past she has been member of the board of directors of banks and bank holding companies (Mediolanum S.p.A., Veneto Banca and Banca Intermobiliare di Investimenti e Gestione, Deutsche Bank Mutui S.p.A.) and member of board committees. She has held positions as statutory auditor of listed companies and investment companies (Gefran S.p.A., Terna S.p.A., CDP Real Asset SGR).

Currently, in addition to her role as member of the Board of Directors, chairman of the Risk and Related Parties Committee, and member of the Corporate Governance and Environmental and Social Sustainability Committee of FinecoBank she is Standing Auditor of SABAF SpA .

She lectures on topics related to financial regulation for il sole 24 ore and financial intermediaries.

Luisa Marina Pasotti - Chairwoman

Graduated with honours in Business Administration from the Bocconi University of Milan in 1986, she qualified as a chartered accountant in 1989. She is registered in the Register of Chartered Accountants of Varese and is enrolled with the Register of Statutory Auditors.

Founding member of 'Studio Associato Pasotti' located in Varese, she has been a member of the Board of Directors of the Register of Chartered Accountants and Accounting Experts of Varese since January 2017 to February 2022.

She has been a member of the Board of Auditors of OIV ('Organismo Italiano di Valutazione') since March 2018.

She has served as Auditor for over twenty years, also holding the position of Chairman and Auditor of the accounts of joint stock companies and public bodies.

Member of the Board of Statutory Auditors of Servizi Aerei S.p.A. – a subsidiary of ENI S.p.A. - from 15.04.2022 until the approval of the Financial Statements at 31.12.2024.

Chairman of the Board of Statutory Auditors of Eni Energy Italy S.p.A. – a new legal entity of ENI GROUP - from 10.01.2024 until the approval of the Financial Statements at 31.12.2026.

She served as a member – independent and non-executive – of the Board of Directors of BANCA CARIGE S.p.A. from July 11, 2017 to January 2, 2019, and as a member of the Remuneration Committee, of the Risk Committee and of the Nomination and Governance Committee.

She has also been a member of the Board of Directors of Carige REOCO S.p.A. until May 2019.

Past Contract lecturer for non-institutional teaching activities at the Carlo Cattaneo University – LIUC – University in Castellanza (Varese, Italy).

Massimo Gatto – Standing Statutory Auditor

Massimo Gatto was born in Rome on 27 June 1963. He graduated in Economics and Business from University of "La Sapienza" in Rome, he is Chartered accountant registered in Order of Roma and in the Register of Legal Auditors.

He is a consultant for several companies operating in the commercial sector.

He has served as Chairman of the Board of Statutory Auditors and Statutory Auditor of listed companies, focusing on governance in terms of controls and risks.

He currently carries out his professional activity in his own firm in Rome.

He holds the following significant positions pursuant to Article 148-bis of the Italian Consolidated Law on Finance ("TUF") on the accumulation of offices:

Chairman of the Board of Statutory Auditors of MARR S.p.A., Chairman of the Board of Statutory Auditors of Poste Welfare Servizi S.r.l., Statutory Auditor of SACE BT S.p.A (SACE GROUP).

Member of supervisory bodies pursuant to Decree 231 of Italian stock companies.

Member of the Study Committee on "Updating and Revising the Principles of Conduct of the Board of Statutory Auditors of Listed Companies" at CNDCEC.

Giacomo Ramenghi - Standing Statutory Auditor

Giacomo Ramenghi was born in Bologna on 9 October 1970. He is Certified Public Account registered in the Register of Chartered Accountants of Bologna and in the Register of Statutory Auditors since 2003.

Partner of Studio Gnudi (offices in Bologna, Milan and Rome) since 2006. He has worked, among other things, at a leading international auditing firm. He mainly deals with consultancy in corporate, accounting and tax matters, extraordinary operations (mergers, demergers, contributions) and valuations of companies and shareholdings.

He has been Statutory Auditor of numerous companies, including listed ones. Over the years he has gained various experiences in companies belonging to the financial sector (banks, SIM, SGR and payment institutions) and foreign multinational groups.

He has been adjunct professor in financial statements matters since 2012 on the Master's Degree Course in "Economics and Profession" at the Faculty of Economics of the University of Bologna. In this context, he has explored topics relating to international accounting standards, business combinations and ESG sustainability principles.

Member of the Commission of the Order of Chartered Accountants and Accounting Experts of Bologna "Accounting Principles".

He holds conferences mainly on financial statements and corporate finance topics and is the author of in-depth articles in specialized magazines.

He is registered in the Register of Technical Consultants of the Court of Bologna.

ANNEX2

"Application Chart of the Principles and Recommendations of the Corporate Governance Code"

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph
	Article 1 -	Role of the Board of Directors
P.I	The Board of Directors guides the company by pursuing its sustainable success.	X	Paragra ph 1.1.
P.II	The Board of Directors defines the strategies of the company and its group consistent with Principle I and monitors their implementation.	X	Paragra ph 4.1.1.
P.III	The Board of Directors defines the system of corporate governance that best serves the conduct of the company's business and the pursuit of its strategies, taking into account the spaces of autonomy offered by the legal system. If necessary, it evaluates and promotes appropriate changes, submitting them to the shareholders' meeting when applicable.	X	Paragra ph 4.1.1.
P.IV	The Board of Directors promotes dialogue, in the most appropriate forms, with the shareholders and with the other	X	Paragra ph 4.1.1.

C.
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
	relevant stakeholders of the Company.
R.1	The Board of Directors: a) examines and approves the business plan of the company and the group it heads, also on the basis of the analysis of issues relevant to the generation of long-term value carried out with the possible support of a committee whose composition and functions are determined by the Board of Directors; b) periodically monitors the implementation of the business plan and evaluate the general management performance, periodically comparing the results achieved with those planned; c) defines the nature and the level of risk consistent with the company's strategic objectives, including in its assessment all risks that may be relevant for the sustainable success of the company; d) defines the corporate governance system of the company and the structure of the group it heads, and assesses the adequacy of the organisational, administrative and accounting structure of the company and its strategically important subsidiaries, with particular reference to the internal control and risk management system; e) takes decisions on the transactions of the company and those of its subsidiaries that have significant strategic, economic, asset or financial significance for the company; to that end, it establishes general criteria for identifying	X		Paragra ph 4.1.1. (letters (a) to (e)) Paragra ph 5 (letter f))

ΑR ∣₽
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
	significant transactions; f) in order to ensure the proper management of corporate information, adopt, upon proposal of the Chairperson in agreement with the Chief Executive Officer, a procedure for the internal management and external disclosure of documents and information concerning the company, with particular reference to inside information.
R.2	If deemed necessary in order to define a corporate governance system that is more functional to the company's needs, the Board of Directors shall prepare reasoned proposals to be submitted to the Shareholders' Meeting on the following topics: a) choice and characteristics of the corporate model (traditional, "one-tier", "two-tier"); b) size, composition and appointment of the Board of Directors and term of office of its members; c) articulation of the administrative and property rights of the shares; d) percentages established for the exercise of prerogatives to protect minorities. In particular, in the event that the Board of Directors intends to propose to the Shareholders' Meeting the introduction of loyalty voting rights, it shall provide in its explanatory report to the Shareholders' Meeting adequate justification for the purpose of the choice and indicate the expected effects on the ownership and control structure of the company and its future strategies, giving an account of the decision-making	X		Paragra ph 4.1.1. and Paragra ph 4.2	For further details, please also refer to the Articles of Association published on the Company's website at the following link [∙].

O.
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph
	process followed and any contrary opinions expressed in the board meeting.
R.3	The Board of Directors, upon a proposal of the Chairperson, formulated in agreement with the Chief Executive Officer, shall adopt and describe in the corporate governance report a policy for the management of dialogue with the generality of shareholders, also taking into account the engagement policies adopted by institutional investors and asset managers. The Chairperson also ensures that the Board of Directors is in any case informed, within the next meeting, on the development and significant content of dialogue held with all shareholders;	X	Paragra ph 4.1.1. and Paragra ph 12
	Article 2 –	Composition of the Corporate Bodies
P.V	The Board of Directors is composed of executive and non executive directors, all of whom have the professionalism and skills appropriate to the tasks entrusted to them.	X	Paragra ph 4.3.
P.VI	The number and expertise of the non-executive directors are such as to ensure that they carry significant weight in the adoption of Board resolutions and guarantee effective monitoring of management. A significant proportion of the non-executive directors are independent.	X	Paragra ph 4.3. Paragra ph 4.6 and 4.7
P.VII	The company applies diversity criteria, including gender criteria, for the composition of the Board of Directors, in compliance with the priority objective of ensuring adequate	X	Paragra ph

IR
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph
	competence and professionalism of its members.		4.3.1.
P.VIII	The Supervisory Board has an appropriate composition to ensure the independence and professionalism of its function.	X	Paragra ph 11.2.
R.4	The Board of Directors defines the allocation of management powers and identifies who among the executive directors holds the position of Chief Executive Officer. In the event that the Chairperson is assigned the office of Chief Executive Officer or is granted significant management powers, the Board of Directors shall explain the reasons for this choice.	X
R.5	The number and competences of the independent directors shall be appropriate to the needs of the company and the functioning of the Board of Directors, as well as the constitution of the relevant committees. The Board of Directorsincludes at least two independent directors, other than the Chairperson. In large companies with concentrated ownership, independent directors constitute at least one third of the board. In other large companies, independent directors make up at least half of the board. In large companies, the independent directors meet, in the absence of the other directors, on a regular basis and in any case at least once a year to assess issues deemed of interest with respect to the functioning of the Board of Directors and the management of the company.	X
R.6	The Board of Directors assesses the independence of each	X	Paragra

ARI IR
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
	non-executive director immediately after appointment as well as during the term of office upon the occurrence of circumstances relevant to independence and in any case at least once a year. For this purpose, each non-executive director shall provide all the elements necessary or useful for the assessment of the Board of Directors, which shall consider, on the basis of all available information, any circumstance that affects or may appear to affect the director's independence.			ph 4.7
R.7	The circumstances that compromise, or appear to compromise, the independence of a director are at least the following: a) if he/she is a significant shareholder of the company; b) if he/she is, or has been in the previous three financial years, an executive director or employee: - of the company, a strategically important subsidiary of the company or a company under common control; - of a significant shareholder of the company; c) whether, directly or indirectly (e.g. through subsidiaries or companies of which it is an executive director, or as a partner in a professional firm or consulting company), he/she has, or has had in the preceding three financial years, a significant commercial, financial or professional relationship: - with the company or its subsidiaries, or its executive directors or top management; - with a person who, also together with others through a shareholders' agreement, controls the company; or, if the parent company is a company or entity, with its executive directors or top management;	X		Paragra ph 4.7 and Paragra ph 4.5 (with particul ar referenc e to the indepen dence of the Chairpe rson of the Board of Director	With reference to the definition of the quantitative and qualitative criteria for assessing materiality under c) and d), see the subsection "Criteria and Materiality Thresholds for Assessing Independence" (p. [∙]).

CERTIFIED

Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
d) if he/she receives, or has received in the previous three financial years, from the company, one of its subsidiaries or the parent company, significant remuneration in addition to the fixed remuneration for the office and to the remuneration for participation in the committees recommended by the Code or provided for by the regulations in force; e) if he/she has been a director of the company for more than nine financial years, even if not consecutive, in the last twelve financial years; f) if he/she holds the office of executive director in another company in which an executive director of the company holds the office of director; g) if he/she is a partner or director of a company or entity belonging to the network of the company's statutory auditor; h) if he/she is a close relative of a person in one of the situations referred to in the preceding points. The Board of Directors shall, at least at the beginning of its term of office, predefine the quantitative and qualitative criteria for assessing the significance referred to in (c) and (d) above. If a director is also a partner in a professional firm or consulting company, the board of directors assesses the significance of the professional relationships that may have an effect on his/her position and role within the firm or consulting company or that otherwise pertain to important transactions of the company and its group, also irrespective of the quantitative parameters. The Chairperson of the Board of Directors, who has been nominated as a candidate for this role in accordance with Recommendation 23, may be assessed as independent if			s)

R ₽
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph
	none of the above circumstances apply. If the Chairman assessed as independent participates in the committees recommended by the Code, the majority of the committee members shall be other independent directors. The Chairperson assessed as independent does not chair the Remuneration Committee or the Control and Risk Committee.
R.8	The company defines the diversity criteria for the composition of the management and control bodies and identifies, also taking into account its ownership structure, the most appropriate instrument for their implementation. At least one-third of the Board of Directors and the Supervisory Board, where autonomous, consists of members of the less represented gender. Companies take measures to promote equal treatment and equal opportunities between genders within the entire company organisation and monitor their concrete implementation.	X	Paragra ph 4.3.1. and Paragra ph 11.2.1.
R.9	All members of the Supervisory Board meet the independence requirements of Recommendation 7 for directors. The assessment of independence is carried out, with the timing and in the manner provided for in Recommendation 6, by the Board of Directors or the Board of Statutory Auditors, based on the information provided by each member of the Board of Statutory Auditors.	X	Paragra ph 11.1 and Paragra ph 11.2.1.
R.10	The outcome of the independence assessments of the directors and members of the Board of Statutory Auditors, as referred to in Recommendations 6 and 9, is disclosed to the	X	Paragra ph 4.7 and

CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph	Notes
	market immediately after the appointment by means of a special announcement and, subsequently, in the Corporate Governance Report; on these occasions, the criteria used for assessing the materiality of the relationships under consideration are indicated and, where a director or member of the Board of Statutory Auditors has been deemed independent despite the occurrence of one of the situations indicated in Recommendation 7, a clear and reasoned justification for this choice is provided in relation to the position and individual characteristics of the person assessed.		Paragra ph 11.2.1.
	Article 3 - Functioning of the Board of Directors and Role of the Chairperson
P.IX	The Board of Directors defines the rules and procedures for its own functioning, in particular in order to ensure effective management of Board reporting.	X	Paragra ph 4.1.1. and Paragra ph 4.4
P.X	The Chairperson of the Board of Directors plays a liaison role between the executive and non-executive directors and ensures the effective functioning of the Board proceedings.	X	Paragra ph 4.5	Section 4.5 refers to paragraph 2.1. of the Corporate Bodies Regulations, where the duties of the Chairperson of the Board of Directors are further defined.
P.XI	The Board of Directors ensures an appropriate internal division of its functions and establishes Board committees with investigative, proposing and advisory functions.	X	Paragra ph 1.1.3. and

R Ľ D
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph	Notes
			Paragra ph 6
P.XII	Each director shall ensure adequate time availability for the diligent performance of the tasks assigned to him/her.	X	Paragra ph 4.3.2.
R.11	The Board of Directors adopts regulations defining the rules of operation of the Board itself and its committees, including the procedures for taking minutes of meetings and the procedures for the management of directors' reports. These procedures identify the deadlines for the prior sending of the information and how the confidentiality of the data and information provided is to be protected in such a way that the timeliness and completeness of the information flows are not affected negatively. The report on corporate governance provides adequate information on the main contents of the regulations of the Board of Directors and on compliance with the procedures concerning the timeliness and adequacy of information provided to the directors.	X	Glossar y	The Corporate Bodies Regulations is referred to several times in the Report, also by way of reference to the more detailed rules governing the functioning of the Board and the Committees.
R.12	The Chairperson of the Board of Directors, with the help of the secretary of the Board of Directors, ensures a) that pre-meeting briefings and additional information provided during meetings are adequate to enable directors to act in an informed manner in the performance of their duties; b) that the work of the Board committees with investigative, proposing and advisory functions is coordinated with the	X	Paragra ph 4.5	Section 4.5 refers to paragraph 2.1. of the Corporate Bodies Regulations, where the duties of the Chairperson of the Board of Directors are further defined.

Ç
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
	work of the Board of Directors; c) in agreement with the Chief Executive Officer, that the executives of the company and those of the companies of the group it heads, responsible for the corporate functions competent according to the subject matter, attend Board meetings, including at the request of individual directors, to provide the appropriate details on the items on the agenda; d) that all members of the Board of Directors and Board of Statutory Auditors may participate, after their appointment and during their term of office, in initiatives aimed at providing them with an adequate knowledge of the business sectors in which the company operates, of the company dynamics and their evolution also with a view to the sustainable success of the company itself, as well as of the principles of proper risk management and the regulatory and self-regulatory framework of reference; (e) the adequacy and transparency of the Board's self assessment process, with the support of the Appointments Committee.
R.13	The Board of Directors appoints an independent director as lead independent director: a) if the Chairperson of the Board of Directors is the Chief Executive Officer or holds significant management powers; ii) if the position of Chairperson is held by the person that controls the issuer, either jointly or otherwise; iii) in large companies, even in the absence of the conditions indicated the previous points, if requested by the majority of		X	Paragra ph 4.7.1.	Since the conditions set out in this Recommendation were not met, the appointment of a Lead Independent Director was not necessary.

1ARKF ID
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
	Independent Directors.
	The lead independent director:				Since the conditions set out in this
R.14	a) represents a point of reference and coordination of the requests and contributions of non-executive directors and, in particular, of independent directors; b) coordinate meetings of independent directors only.		X	Paragra ph 4.7.1.	Recommendation were not met, the appointment of a Lead Independent Director was not necessary.
R.15	In large companies, the Board of Directors expresses its orientation as to the maximum number of positions on the Boards of directors or auditors in other listed or large companies that may be considered compatible with effective performance as a director of the company, taking into account the commitment resulting from the position held.	X		Paragra ph 4.3.2.
R.16	The Board of Directors establishes internal committees with investigative, proposing and advisory functions in the areas of appointments, remuneration and control and risk. The functions that the Code assigns to committees may be distributed differently or merged into a single committee, provided that adequate information is provided on the tasks and activities performed for each of the functions assigned and the Code's recommendations for the composition of the relevant committees are complied with. The functions of one or more committees may be assigned to the entire Board of Directors, under the coordination of the Chairperson, provided that: a) the independent directors represent at least half of the board; (b) the Board of Directors devotes adequate space within the	X		Paragra ph 1.1.3. and Paragra ph 6

ΔR IR
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph
	Board sessions to the performance of the functions typically attributed to these committees.
	If the functions of the Remuneration Committee are reserved for the Board of Directors, the last sentence of Recommendation 26 applies.
	Companies other than large ones may assign the functions of the Control and Risk Committee to the Board of Directors, even in the absence of the condition mentioned in (a) above.
	Companies with concentrated ownership, even large ones, may assign the functions of the Appointments Committee to the Board of Directors, even in the absence of the condition mentioned in (a) above.
	The Board of Directors defines the tasks of the committees and determines their composition, favouring the competence and experience of their members and avoiding, in large companies, an excessive concentration of tasks in this area.
	Each committee is coordinated by a Chairperson who informs the Board of Directors of its activities at the first meeting.		Paragra
R.17	The Chairperson of the committee may invite the Chairperson of the Board of Directors, the Chief Executive Officer, the other directors and, informing the Chief Executive Officer, representatives of the relevant corporate functions to individual meetings; Meetings of each committee may be attended by members of the Board of Statutory Auditors. The committees are entitled to access the information and	X	ph 6

ΑR IR
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph
	corporate functions necessary to perform their tasks, have access to financial resources and make use of external consultants, within the terms set by the Board of Directors.
R.18	On the proposal of the Chairperson, the Board of Directors decides on the appointment and dismissal of the secretary of the body and defines his/her professional requirements and powers in its rules of procedure. The secretary supports the work of the Chairperson and provides impartial assistance and advice to the Board of Directors on all aspects relevant to the proper functioning of the corporate governance system.	X	Paragra ph 4.5 (Secreta ry of the Board)
	Article 4 - Appointment of Directors and Self-Assessment of the Board of Directors
P.XIII	The Board of Directors shall ensure, to the extent of its competence, that the process of appointment and succession of directors is transparent and functional to achieve the optimal composition of the Board of Directors in accordance with the principles of Article 2.	X	Paragra ph. 4.1.1 (letter (ee))
P.XIV	The Board of Directors periodically assesses the effectiveness of its activities and the contribution made by its individual components, through formalised procedures whose implementation it oversees.
R.19	The Board of Directors entrusts the Appointments Committee with the task of assisting it in its activities: a) self-assessment of the Board of Directors and its committees; b) definition of the optimal composition of the Board of	X	Paragra ph 4.1.1. and Paragra

ΔR IÞ
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph	Notes
	Directors and its committees;		ph
	c) identification of candidates for the office of director in the event of co-option;		7.2.2.
	d) possible submission of a list by the outgoing Board of Directors to be implemented in a manner that ensures its transparent formation and presentation;
	e) preparing, updating and implementing any succession plan for the Chief Executive Officer and other executive directors.
R.20	The majority of the Appointments Committee is composed of independent directors.	X	Paragra ph 7.2.1.	The members of the Appointments Committee are all independent.
R.21	The self-assessment focuses on the size, composition and actual functioning of the Board of Directors and its committees, also considering its role in defining strategies and monitoring management performance and the adequacy of the internal control and risk management system.	X	Paragra ph 7.1 (still being updated )
R.22	The self-assessment is conducted at least every three years, in view of the renewal of the Board of Directors. In large companies other than those with concentrated ownership, the self-assessment is conducted annually and may also be carried out in a differentiated manner during the term of office of the body, with the use of an independent consultant being considered at least every three years.	X	Paragra ph 7.1
	In companies other than those with concentrated ownership	X	Paragra

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
R.23	the Board of Directors: - expresses, with a view to each renewal, a guideline on its quantitative and qualitative composition considered optimal, taking into account the results of the self-assessment; - requires those who submit a list containing a number of candidates exceeding half of the members to be elected to provide adequate information, in the documentation submitted for the filing of the list, on the conformity of the list with the orientation expressed by the board of directors, also with reference to the diversity criteria provided for in Principle VII and Recommendation 8, and to indicate their candidate for the office of Chairperson of the Board of Directors, whose appointment shall be made according to the procedures set out in the Articles of Association. The orientation of the outgoing Board of Directors is published on the company's website well in advance of the publication of the notice of the Shareholders' Meeting concerning its renewal. The guideline identifies the managerial and professional profiles and skills deemed necessary, also in the light of the company's sectoral characteristics, considering the diversity criteria set out in Principle VII and Recommendation 8 and the guidelines expressed on the maximum number of positions in application of Recommendation 15.			ph 4.2 and Paragra ph 4.3.
R.24	In large companies, the Board of Directors - defines, with the support of the Appointments Committee, a plan for the succession of the Chief Executive Officer and executive directors that at least identifies the procedures to	X		Paragra ph 7.1

ARI ₽
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph	Notes
	be followed in the event of early termination of office; - ascertains the existence of adequate procedures for the succession of top management.
	Article 5 – Remuneration
P.XV	The policy for the remuneration of directors, members of the Board of Statutory Auditors and top management is functional to the pursuit of the company's sustainable success and takes into account the need to dispose of, retain and motivate people with the competence and professionalism required by their role in the company.	X	Paragra ph 8.	For a more detailed regulation of the remuneration policy, paragraph 8 refers to the same policy on compensation.
P.XVI	The remuneration policy is drawn up by the Board of Directors through a transparent procedure.	X	Paragra ph 4.1.1 (letter (aa) and (bb))
P.XVI I	The Board of Directors ensures that the remuneration paid and accrued is consistent with the principles and criteria defined in the policy, in light of the results achieved and other circumstances relevant to its implementation.	X	Paragra ph 4.1.1 (letter (aa) and (bb))
R.25	The Board of Directors entrusts the Remuneration Committee with the task of: a) assist him in drawing up the remuneration policy; b) submit proposals or express opinions on the remuneration of executive directors and other directors holding special offices as well as on the setting of performance targets	X	Paragra ph 8.2.2

CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph	Notes
	related to the variable component of such remuneration; c) monitor the concrete application of the remuneration
	policy and verify, in particular, the actual achievement of performance targets;
	d) periodically assess the adequacy and overall consistency of the policy for the remuneration of directors and top management.
	In order to dispose of persons with adequate competence and professionalism, the remuneration of the directors, both executive and non-executive, and of the members of the Board of Statutory Auditors is defined taking into account the remuneration practices prevailing in the reference sectors and for companies of similar size, also considering comparable foreign experiences and making use of an independent consultant, if necessary.
R.26	The Remuneration Committee is composed of only non executive directors, the majority of whom are independent, and is chaired by an independent director. At least one member of the committee has adequate knowledge and experience in financial matters or remuneration policies, to be assessed by the Board of Directors at the time of appointment.	X	Paragra ph 8.2.1.
	No director takes part in the Remuneration Committee meetings in which proposals concerning his/her remuneration are formulated.
R.27	The policy for the remuneration of executive directors and top management defines:	X	Paragra ph 8.	For the information required regarding the remuneration of executive directors, non executive directors and key management

use strictly prohibited	EMARKET SDIR CERTIFIED

Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
a) a balance between the fixed component and the variable component that is appropriate and consistent with the company's strategic objectives and risk management policy, taking into account the characteristics of the company's business and the sector in which it operates, providing in any case that the variable component represents a significant part of the total remuneration; b) maximum limits on the disbursement of variable components; c) performance targets, to which the payment of variable components is linked, predetermined, measurable and linked in significant part to a long-term horizon. They are consistent with the company's strategic objectives and are designed to promote its sustainable success, including, where relevant, non-financial parameters; d) an adequate deferral period - with respect to the time of maturity - for the payment of a significant portion of the variable component, consistent with the characteristics of the business activity and the related risk profiles; e) contractual arrangements permitting the company to demand repayment, in whole or in part, of variable components of remuneration paid (or to withhold amounts subject to deferral), determined on the basis of data which subsequently prove to be manifestly erroneous and other circumstances which may be identified by the company; (f) clear and pre-determined rules for the possible payment of severance payments, which define the upper limit of the total sum payable by linking it to a certain amount or a				personnel and concerning indemnities for Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (pursuant to Article 123-bis, paragraph 1, letter i) of the TUF), see the "Annual Report on Remuneration Paid in the 2023 Financial Year - Section II of the Report on Remuneration Policy and Remuneration Paid" published in accordance with Article 123-ter of the TUF, Article 84-quater of the Issuer Regulations and the provisions in Title IV, Chapter 2, Section VI of Bank of Italy Circular no. 285.

CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph	Notes
	certain number of years of remuneration. This indemnity is not paid if the termination is due to the achievement of objectively inadequate results.
R.28	Share-based remuneration plans for executive directors and top management incentivise alignment with shareholder interests over a long-term horizon, with a predominant part of the plan having an overall vesting period and retention period of at least five years.	X	Paragra ph 8.	For the information required regarding the remuneration of executive directors, non executive directors and key management personnel and concerning indemnities for Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (pursuant to Article 123-bis, paragraph 1, letter i) of the TUF), see the "Annual Report on Remuneration Paid in the 2023 Financial Year - Section II of the Report on Remuneration Policy and Remuneration Paid" published in accordance with Article 123-ter of the TUF, Article 84-quater of the Issuer Regulations and the provisions in Title IV, Chapter 2, Section VI of Bank of Italy Circular no. 285.
R.29	The policy for the remuneration of non-executive directors provides for remuneration commensurate with the competence, professionalism and commitment required by the tasks assigned to them within the Board of Directors and Board committees; this remuneration is not linked, except for an insignificant part, to financial performance targets.	X	Paragra ph 8.	For the information required regarding the remuneration of executive directors, non executive directors and key management personnel and concerning indemnities for Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (pursuant to Article 123-bis, paragraph 1,

D
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
					letter i) of the TUF), see the "Annual Report on Remuneration Paid in the 2023 Financial Year - Section II of the Report on Remuneration Policy and Remuneration Paid" published in accordance with Article 123-ter of the TUF, Article 84-quater of the Issuer Regulations and the provisions in Title IV, Chapter 2, Section VI of Bank of Italy Circular no. 285.
R.30	The remuneration of the members of the Board of Statutory Auditors provides for remuneration commensurate with the competence, professionalism and commitment required by the importance of the role covered and the size and sectoral characteristics of the company and its situation.	X		Paragra ph 8.	For the information required regarding the remuneration of executive directors, non executive directors and key management personnel and concerning indemnities for Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (pursuant to Article 123-bis, paragraph 1, letter i) of the TUF), see the "Annual Report on Remuneration Paid in the 2023 Financial Year - Section II of the Report on Remuneration Policy and Remuneration Paid" published in accordance with Article 123-ter of the TUF, Article 84-quater of the Issuer Regulations and the provisions in Title IV, Chapter 2, Section VI of Bank of Italy Circular no. 285.

C
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
R.31	On the occasion of the termination of the office and/or termination of the relationship with an executive director or general manager, the Board of Directors shall disclose detailed information on the matter by means of a press release, disseminated to the market at the end of the internal processes leading to the award or recognition of any indemnity and/or other benefits: a) the allocation or recognition of indemnities and/or other benefits, the circumstances justifying their accrual (e.g. due to expiry of office, revocation of office or settlement agreement) and the deliberative procedures followed within the company for this purpose; b) the total amount of the indemnity and/or other benefits, their components (including non-monetary benefits, retention of rights connected to incentive plans, consideration for non-competition undertakings or any other remuneration awarded for any reason and in any form) and the timing of their payment (distinguishing the part paid immediately from the part subject to deferral mechanisms); c) the application of any claw-back or malus clause; d) the conformity of the elements indicated in points (a), (b) and (c) above with what is stated in the remuneration policy, with a clear indication of the reasons and the deliberative procedures followed in the event of deviation, albeit partial, from the policy; e) information on the procedures that have been or will be followed for the replacement of the departing executive	X		Paragra ph 8.	For the information required regarding the remuneration of executive directors, non executive directors and key management personnel and concerning indemnities for Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (pursuant to Article 123-bis, paragraph 1, letter i) of the TUF), see the "Annual Report on Remuneration Paid in the 2023 Financial Year - Section II of the Report on Remuneration Policy and Remuneration Paid" published in accordance with Article 123-ter of the TUF, Article 84-quater of the Issuer Regulations and the provisions in Title IV, Chapter 2, Section VI of Bank of Italy Circular no. 285.

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph
	director or general manager.
	Article 6 –	Internal control and risk management system
P.XVI II	The internal control and risk management system consists of the set of rules, procedures and organisational structures aimed at the effective and efficient identification, measurement, management and monitoring of the main risks, in order to contribute to the sustainable success of the company.	X	Paragra ph 9.1
P.XIX	The Board of Directors defines the guidelines of the internal control and risk management system in line with the company's strategies and annually assesses its adequacy and effectiveness.	X	Paragra ph 4.1.1. and Paragra ph 9.
P.XX	The Board of Directors defines the principles concerning the coordination and information flows between the various parties involved in the internal control and risk management system in order to maximise the efficiency of the system itself, reduce duplication of activities and ensure effective performance of the tasks of the Board of Statutory Auditors.	X	Paragra ph 9.
R.32	The organisation of the internal control and risk management system involves, each within their respective responsibilities: a) the Board of Directors, which plays a role in guiding and assessing the adequacy of the system;	X	Paragra ph 9.

CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph
	b) the Chief Executive Officer, who is responsible for establishing and maintaining the internal control and risk management system;
	c) the Control and Risk Committee, established within the Board of Directors, which has the task of supporting the Board's assessments and decisions relating to the internal control and risk management system and the approval of periodic financial and non-financial reports. In companies adopting the "one-tier" or "two-tier" corporate model, the functions of the Control and Risk Committee may be assigned to the Board of Statutory Auditors.
	d) the Head of the Internal Audit Function, who is in charge of verifying that the internal control and risk management system is functional, adequate and consistent with the guidelines defined by the Board of Directors.
	e) the other corporate functions involved in controls (such as the Risk Management and Legal and Non-Compliance Risk Monitoring Functions), broken down according to the size, sector, complexity and risk profile of the business;
	f) the Board of Statutory Auditors, which monitors the effectiveness of the internal control and risk management system.
R.33	The Board of Directors, with the support of the Control and Risk Committee: a) defines the guidelines of the internal control and risk management system consistent with the company's strategies and assesses, at least once a year, the adequacy of such system with respect to the company's characteristics	X	Paragra ph 4.1.1. and Paragra

⊃
CERTIFIED

Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
and risk profile, as well as its effectiveness;			ph 9.
b) appoints and dismisses the head of the Internal Audit Function, defining his/her remuneration in line with company policies, and ensuring that he/she is provided with adequate resources to perform his/her duties. If it decides to entrust the Internal Audit Function, as a whole or by segments of operations, to an entity outside the company, it shall ensure that this entity has adequate
professionalism, independence and organisation and provides adequate justification for this in the Corporate Governance Report;
c) approves, at least once a year, the work plan prepared by the head of the Internal Audit Function, in consultation with the Board of Statutory Auditors and the Chief Executive Officer;
d) assess whether measures should be taken to ensure the effectiveness and impartial judgement of the other corporate functions referred to in Recommendation 32(e), verifying that they are adequately staffed and resourced;
e) assigns the supervisory functions pursuant to Article 6(1)(b) of Legislative Decree No. 231/2001 to the Board of Statutory Auditors or to a specially constituted body. If the body is other than the Board of Statutory Auditors, the Board of Directors shall assess the advisability of appointing
at least one non-executive director and/or a member of the Board of Statutory Auditors and/or a person with legal or control functions within the Company, in order to ensure coordination among the various parties involved in the

ΔR IÞ
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
	internal control and risk management system; f) evaluate, in consultation with the Board of Statutory Auditors, the findings set out by the statutory auditor in the letter of recommendations, if any, and in the additional report addressed to the Board of Statutory Auditors; g) describes, in the Corporate Governance Report, the main characteristics of the Internal Control and Risk Management System and the methods of coordinating the parties involved in it (specifying the national and international models and best practices of reference), expresses its overall assessment on the adequacy of the Internal Control and Risk Management System and gives account of the choices made with regard to the composition of the Supervisory Board referred to in point e) above.
R.34	The Chief Executive Officer a) ensures the identification of the main corporate risks, taking into account the characteristics of the activities carried out by the company and its subsidiaries, and submits them periodically to the Board of Directors for review; b) implements the guidelines defined by the Board of Directors, ensuring the design, implementation and management of the internal control and risk management system and constantly verifying its adequacy and effectiveness, as well as adapting it to the dynamics of the operating conditions and the legislative and regulatory landscape; c) may entrust the Internal Audit Function with the carrying out of checks on specific operational areas and on the	X		Paragra ph 9.1

٠R IR
CERTIFIED

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
	compliance with internal rules and procedures in the execution of corporate transactions, notifying at the same time the Chairperson of the Board of Directors, the Chairperson of the Control and Risk Committee and the Chairperson of the Board of Statutory Auditors; d) promptly reports to the Control and Risk Committee on problems and critical issues that have arisen in the performance of its activities or of which it has otherwise become aware, so that the committee may take the appropriate initiatives.
R.35	The Risk and Control Committee is composed of only non executive directors, the majority of whom are independent, and is chaired by an independent director. As a whole, the committee possesses adequate expertise in the business sector in which the company operates to assess the relevant risks; at least one member of the committee has adequate knowledge and experience in accounting and finance or risk management. The Control and Risk committee, in assisting the Board of Directors: a) assesses, after consulting the manager responsible for preparing the company's financial reports, the statutory auditor and the Board of Statutory Auditors, the correct use of accounting standards and, in the case of groups, their homogeneity for the purposes of preparing consolidated financial statements; b) assesses the suitability of periodic financial and non	X		Paragra ph 9.2.1. and Paragra ph 9.2.2.

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
	financial information to fairly represent the company's business model, strategies, the impact of its activities and the performance achieved, in coordination with the committee, if any, provided for in Recommendation 1, letter a); c) examines the content of the periodic non-financial reporting relevant to the internal control and risk management system; d) expresses opinions on specific aspects relating to the identification of the main corporate risks and supports the evaluations and decisions of the Board of Directors relating to the management of risks arising from detrimental events of which the latter has become aware; e) reviews periodic and particularly significant reports prepared by the Internal Audit Function; f) monitors the independence, adequacy, effectiveness and efficiency of the Internal Audit Function; g) may entrust the Internal Audit Function with the performance of audits on specific operational areas, simultaneously notifying the Chairperson of the Board of Statutory Auditors; h) reports to the Board of Directors, at least on the occasion of the approval of the annual and half-yearly financial report, on the activities performed and the adequacy of the internal control and risk management system.
R.36	The Head of the Internal Audit Function is not responsible for any operational area and reports hierarchically to the Board of Directors. He/she has direct access to all	X		Paragra ph 9.3

	Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Paragr aph
	information useful for the performance of the task.
	The Head of the Internal Audit Function:
	a) verifies, both on an ongoing basis and in relation to specific needs and in compliance with international standards, the operation and suitability of the internal control and risk management system, through an audit plan approved by the Board of Directors, based on a structured process of analysis and prioritisation of the main risks;
	b) prepares periodic reports containing adequate information on its activities, on the manner in which risk management is conducted and on compliance with the plans defined for their containment. The periodic reports contain an assessment of the suitability of the internal control and risk management system;
	c) also at the request of the Board of Statutory Auditors, he/she prepares timely reports on events of particular importance;
	d) transmit the reports referred to in points (b) and (c) to the chairpersons of the Board of Statutory Auditors, the Control and Risk Committee and the Board of Directors, as well as to the Chief Executive Officer, except in cases where the subject matter of such reports relates specifically to the activities of those persons;
	e) verifies, as part of the audit plan, the reliability of the information systems including the accounting systems.
R.37	Any member of the Board of Statutory Auditors who on his/her own behalf or on behalf of third parties, has an	X	Paragra ph

R ⊃
CERTIFIED

Principles and Recommendations of the New Corporate Governance Code	Applied (with adaptations )	Not applied /not applicable	Paragr aph	Notes
interest in a certain transaction of the company shall promptly and fully inform the other members of the same body and the Chairperson of the Board of Directors of the nature, terms, origin and extent of his interest. The Board of Statutory Auditors and the Control and Risk Committee exchange information relevant to the performance of their respective tasks in a timely manner. The Chairperson of the Board of Statutory Auditors, or another member designated by him/her, takes part in the work of the Control and Risk Committee.			9.2.1, Paragra ph 9.2.2 and Paragra ph 11.2.

AI Terminal

FinecoBank

4321_cgr_2024-03-22_00ddf513-0533-4d74-985e-711ae8cd6d33.pdf

REPORT ON THE CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURE

Contents

GLOSSARY

INTRODUCTION

1. PROFILE OF THE ISSUER

1.1. The corporate governance model

1.1.1 Shareholders' Meeting

1.1.2 Board of Directors

1.1.3 Board committees

1.1.4 Board of Statutory Auditors

1.1.5 External Auditors

2. INFORMATION ON OWNERSHIP STRUCTURES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, TUF)

a) Share Capital Structure (pursuant to Article 123-bis, paragraph 1, letter a) of the TUF)

b) Restrictions on the transfer of securities (pursuant to Article 123-bis, paragraph 1, letter b) of the TUF)

c) Significant holdings in capital (pursuant to Article 123-bis, paragraph 1, letter c), of the TUF)

d) Securities conferring special rights (pursuant to Article 123-bis, paragraph 1, letter d), of the TUF)

e) Employee Shareholdings: mechanism for exercising voting rights (pursuant to Article 123-bis, paragraph 1, letter e), of the TUF)

f) Restrictions on voting rights (pursuant to Article 123-bis, paragraph 1, letter f), of the TUF)

g) Shareholder agreements (pursuant to Article 123-bis, paragraph 1, letter g), of the TUF)

h) Change of control clauses (pursuant to Article 123-bis, paragraph 1, letter h), of the TUF) and articles of association provisions on takeover bids (pursuant to Article 104, paragraph 1-ter, and 104-bis, paragraph 1, of the TUF)

l) Management and coordination activities (pursuant to Article 2497 et seq of the Italian Civil Code)

3. COMPLIANCE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER A) OF THE TUF)

4. BOARD OF DIRECTORS

4.1 Role of the Board of Directors

4.1.1 Duties

4.1.2 Competing activities

4.2. Appointment and replacement (pursuant to Article 123-bis, paragraph 1, letter l), part 1, of the TUF)

4.3 Composition (pursuant to Article 123-bis, paragraph 2, letter d), and d)-bis of the TUF)

Composition of the Board of Directors in office until the Shareholders' Meeting of April 27, 2023

Company.

4.3.1 Diversity criteria and policies in the composition of the Board and the company organisation

4.3.2. Maximum number of positions held in other companies

* * *

Board of Directors in office until the Shareholders' Meeting of April 27, 2023

4.4 Functioning of the Board of Directors (pursuant to Article 123-bis, paragraph 2, letter d) of the TUF)

4.5 Role of the Chairman of the Board of Directors

Secretary of the Board

4.6 Executive Directors

4.6.1 Managing Directors: Managing Director and General Manager

4.6.2 The Chairman of the Board of Directors

4.6.3 Reporting to the Board of Directors by Directors/Delegated Bodies

4.6.4 Other executive directors

4.7 Independent directors and lead independent directors

Criteria and materiality thresholds for assessing independence

4.7.1 Lead Independent Director

5. PROCESSING OF COMPANY INFORMATION

6. INTERNAL COMMITTEES OF THE BOARD OF DIRECTORS (PURSUANT TO ARTICLE 123- BIS, PARAGRAPH 2, LETTER D) OF THE TUF)

6.1 CORPORATE GOVERNANCE AND ENVIRONMENTAL AND SOCIAL SUSTAINABILITY COMMITTEE

6.1.1 Composition and functioning of the Corporate Governance and Environmental and Social Sustainability Committee

No. of Committee meetings from April 27 to December 31, 2023: 8

6.1.2 Functions of the Corporate Governance and Environmental and Social Sustainability

Committee

6.1.3 Activities performed

7. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE

7.1 Self-assessment and succession of Directors

Succession plans

7.2 Appointments Committee

7.2.1 Composition and functioning of the Appointments Committee

No. of Committee meetings from April 27 to December 31, 2023: 10

7.2.2 Functions of the Appointments Committee

7.2.3 Activities performed

8. REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE

8.1 Remuneration of Directors

8.2 Remuneration Committee

8.2.1 Composition and functioning of the Remuneration Committee (pursuant to Article 123-bis, paragraph 2, letter d), TUF)

8.2.2 Functions of the Remuneration Committee

9. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - RISK AND RELATED PARTIES COMMITTEE

Board of Directors and Risk and Related Parties Committee;

Board of Statutory Auditors

Control Functions

The Risk Management function

The Compliance Function

COMPLIANCE CULTURE AND GOVERNANCE

DPO, OUTSOURCING, ICT & SECURITY COMPLIANCE

MARKETS & REGULATORY REPORTING

INVESTMENT SERVICES

TRANSPARENCY & CUSTOMER PROTECTION