REPORT ON THE CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURE

pursuant to Article 123-bis of the Legislative Decree no. 58 of February 24, 1998 (traditional management and controlo model)

Name of Issuer: "FINECOBANK S.P.A."

Website: finecobank.com

Financial year of reference of the Report: January 1, 2022 / December 31, 2022

Date of approval of the Report: March 14, 2023

This is an English translation of the original Italian document. The original version in Italian takes precedence.

GLOSSARY……………………………………………………………………………………………
INTRODUCTION
PROFILE OF THE ISSUER 1.
THE CORPORATE GOVERNANCE MODEL 1.1.
Shareholders' Meeting 1.1.1
1.1.2 Board of Directors
1.1.3 Board committees
Board of Statutory Auditors 1.1.4
1.1.5 External Auditors
INFORMATION ON OWNERSHIP STRUCTURES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, TUF) 2.
SHARE CAPITAL STRUCTURE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER A) OF THE $\mathbf{A}$ TUF)
RESTRICTIONS ON THE TRANSFER OF SECURITIES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH B) 1, LETTER B) OF THE TUF)
SIGNIFICANT HOLDINGS IN CAPITAL (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER C), C) OF THE TUF)
SECURITIES CONFERRING SPECIAL RIGHTS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, $\mathbf{D}$ LETTER D), OF THE TUF)
EMPLOYEE SHAREHOLDINGS: MECHANISM FOR EXERCISING VOTING RIGHTS (PURSUANT TO E) ARTICLE 123-BIS, PARAGRAPH 1, LETTER E), OF THE TUF)
RESTRICTIONS ON VOTING RIGHTS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER F), F) OF THE TUF)
SHAREHOLDER AGREEMENTS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER G), OF G) THE TUF)
CHANGE OF CONTROL CLAUSES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER H), OF H) THE TUF) AND ARTICLES OF ASSOCIATION PROVISIONS ON TAKEOVER BIDS (PURSUANT TO ARTICLE 104, PARAGRAPH 1-TER, AND 104-BIS, PARAGRAPH 1, OF THE TUF)
DELEGATIONS TO INCREASE SHARE CAPITAL AND AUTHORISATIONS TO PURCHASE TREASURY $\bf{I}$ SHARES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER M) OF THE TUF) 20
MANAGEMENT AND COORDINATION ACTIVITIES (PURSUANT TO ARTICLE 2497 ET SEO OF THE L) ITALIAN CIVIL CODE)
3. COMPLIANCE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER A) OF THE TUF) 22 $\mathbf{4}$ BOARD OF DIRECTORS ROLE OF THE BOARD OF DIRECTORS 4.1
4.1.1 Duties
4.1.2 Competing activities
APPOINTMENT AND REPLACEMENT (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER L), 4.2. PART 1, OF THE TUF)
COMPOSITION (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER D), AND D)BIS OF THE 4.3 TUF)
Diversity criteria and policies in the composition of the Board and the company organisation 4.3.1

4.3.2.	Maximum number of positions held in other companies 39
4.4	FUNCTIONING OF THE BOARD OF DIRECTORS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER D) OF THE TUF) 42
4.5	ROLE OF THE CHAIRMAN OF THE BOARD OF DIRECTORS 43
4.6	EXECUTIVE DIRECTORS 45
4.6.1	Managing Directors: Managing Director and General Manager 46
4.6.2	The Chairman of the Board of Directors 46
4.6.3	Reporting to the Board of Directors by Directors/Delegated Bodies 47
4.6.4	Other executive directors 47
4.7	INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTORS 47
4.7.1	Lead Independent Director 50
5.	PROCESSING OF COMPANY INFORMATION 51
6.	INTERNAL COMMITTEES OF THE BOARD OF DIRECTORS (PURSUANT TO ARTICLE 123-BIS,
	PARAGRAPH 2, LETTER D) OF THE TUF) 54
6.1	CORPORATE GOVERNANCE AND ENVIRONMENTAL AND SOCIAL SUSTAINABILITY COMMITTEE 56
6.1.1	Composition and functioning of the Corporate Governance and Environmental and Social
	Sustainability Committee 56
6.1.2	Functions of the Corporate Governance and Environmental and Social Sustainability Committee 57
6.1.3	Activities performed 58
7.	SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE 61
7.1	SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS 61
7.2	APPOINTMENTS COMMITTEE 62
7.2.1	Composition and functioning of the Appointments Committee 63
7.2.2	Functions of the Appointments Committee 64
7.2.3	Activities performed 65
8.	REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE 67
8.1	REMUNERATION OF DIRECTORS 67
8.2	REMUNERATION COMMITTEE 67
8.2.1	Composition and functioning of the Remuneration Committee (pursuant to Article 123-bis, paragraph 2, letter d), TUF) 67
8.2.2	Functions of the Remuneration Committee 68
9.	INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - RISK AND RELATED PARTIES COMMITTEE
	70
9.1	CHIEF EXECUTIVE OFFICER 83
9.2	RISK AND RELATED PARTIES COMMITTEE 85
9.2.1	Composition and functioning of the Risk and Related Parties Committee (pursuant to Article 123-bis, paragraph 2, letter d) of the TUF) 85
9.2.2	Functions assigned to the Risk and Related Parties Committee 87
9.2.3	Activities performed 90
9.3	HEAD OF THE INTERNAL AUDIT FUNCTION 91
9.4	ORGANISATIONAL MODEL PURSUANT TO LEGISLATIVE DECREE 231/2001 94
9.5	AUDITING FIRM 95
9.6	FINANCIAL REPORTING OFFICER 96

9.7	COORDINATION BETWEEN THE ACTORS INVOLVED IN THE RISK MANAGEMENT SYSTEM OF INTERNAL CONTROLS 98
10. 11. 11.1	DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS 100 BOARD OF STATUTORY AUDITORS 103 APPOINTMENT AND REPLACEMENT OF STATUTORY AUDITORS 103
11.2	COMPOSITION AND FUNCTIONING OF THE BOARD OF STATUTORY AUDITORS (PURSUANT TO ARTICLE 123-BIS(2)(D) AND (D-BIS) OF THE TUF) 105
12. 13.	RELATIONS WITH SHAREHOLDERS 113 SHAREHOLDERS' MEETINGS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER C) OF THE TUF) 116
13.1 13.2	LEGITIMATION, PROCEDURES FOR TAKING THE FLOOR AND VOTING 117 PROCEEDINGS OF SHAREHOLDINGS' MEETINGS 117
13.3	SIGNIFICANT CHANGES IN CAPITALISATION AND COMPOSITION OF THE COMPANY STRUCTURE 118
14.	ADDITIONAL CORPORATE GOVERNANCE PRACTICES 119
15.	CHANGES SINCE THE END OF THE REPORTING YEAR 120
16.	CONSIDERATIONS ON THE LETTER OF JANUARY 25, 2023 FROM THE CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE 121

GLOSSARY

Shareholders' Meeting:	Shareholders' Meeting of the Issuer.
Shareholders:	the owners of FinecoBank shares.
Borsa Italiana:	Borsa Italiana S.p.A
FinecoBank CFO:	the Chief Financial Officer of FinecoBank.
Civil Code:	the Italian Civil Code approved by Royal Decree no. 262 of March 16, 1942, as amended.
Self-regulation Corporate Governance Code:	the Self-regulation Corporate Governance Code for listed companies approved in July 2018 by the Corporate Governance Committee and endorsed by Borsa Italiana, ABI, Ania, Assogestioni, Assonime and Confindustria. From January 1, 2021, the Self-regulation Corporate Governance Code was replaced by the New Corporate Governance Code.
Corporate Governance Code:	the Corporate Governance Code for listed companies approved in January 2020 by the Corporate Governance Committee and promoted by Borsa Italiana, ABI, Ania, Assogestioni, Assonime and Confindustria, applicable from the first financial year starting after December 31, 2020. The Corporate Governance Code replaces the previous Self-regulation Corporate Governance Code approved in July 2018.
Board of Statutory Auditors:	the Board of Statutory Auditors of the Issuer.
Corporate Governance and Environmental and Social Sustainability Committee:	the Board committee established in compliance with Article 4 of the Self-regulation Corporate Governance Code and the Supervisory Regulations on Corporate Governance, established on April 28, 2020.
Appointments Committee:	the Board committee established in compliance with Articles 4 and 5 of the Self-regulation Corporate Governance Code and the Supervisory Regulations on Corporate Governance, established on April 28, 2020.
Remuneration Committee:	the Board committee established in compliance with Articles 4 and 6 of the Self-regulation Corporate Governance Code and the Supervisory Regulations on Corporate Governance.
Risk and Related Parties Committee:	the Board committee established in compliance with Articles 4 and 7 of the Self-regulation Corporate Governance Code and the

	Supervisory Regulations on Corporate Governance, as well as regulations on related parties and associated persons.
Board/Board of Directors:	the Board of Directors of the Issuer.
CONSOB:	Commissione Nazionale per le Società e la Borsa (public authority regulating Italian financial markets) with headquarters in Rome, Via G.B. Martini no. 3.
Ministerial Decree 169/2020:	Decree no. 169 of November 23, 2020 of the Ministry of Economy and Finance containing the "Regulation on requirements and suitability criteria for corporate officers of banks, financial intermediaries, credit consortium, electronic money institutions, payment institutions and depositor guarantee schemes".
CRD Directive:	the CRD IV Directive – as amended by Directive (EU) 2019/878 (CRD V) – on access to the activity of credit institutions and the prudential supervision of credit institutions, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC.
CRD IV Directive:	Directive 2013/36/EU of the European Parliament and of the Council of June 26, 2013, on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, as modified in CRD V.
CRD V Directive:	Directive (EU) no. 878/2019/EU of the European Parliament and of the Council, of May 20, 2019, amending the CRD IV Directive as regards exempted entities, financial holding companies, mixed financial holding companies, remuneration, supervisory measures and powers and capital conservation measures.
Mifid II Directive:	Directive 2014/65/EU of the European Parliament and of the Council of May 15, 2014, on markets in financial instruments, enacted on January 3, 2018, and replacing the previous European regulations in this area.
Supervisory Regulations:	the Supervisory Regulations for Banks set out in Bank of Italy Circular No. 285 of 17 December 2013 and subsequent updates.
Supervisory Regulations on Corporate Governance:	the Supervisory regulations for banks on organisation and corporate governance as per Bank of Italy Circular no. 285 of December 17, 2013, Part I, Title IV, Chapter 1 and subsequent amendments.
Issuer or FinecoBank or Bank or Company or also Parent Company:	FinecoBank S.p.A., an issuer of securities to whom the Report refers, registered in the Register of Banks and Parent Company of the FinecoBank Banking Group – Banking Group Register no. 3015, with registered office in Piazza Durante 11, Milan,

	Headquarters in Via Rivoluzione d'Ottobre 16, Reggio Emilia, VAT no. 12962340159, Tax code and Milan-Monza-Brianza-Lodi Companies Register no. 01392970404, Economic and Administrative Index (REA) no. 1598155, member of the National Guarantee Fund and the Interbank Fund for the Protection of Deposits.
Group Entities or Entities:	the Italian or foreign companies, directly or indirectly controlled by FinecoBank, belonging to the FinecoBank Banking Group.
Year:	the financial year of reference of the Report.
Fineco Asset Management Designated Activity Company or FAM:	the Irish company wholly owned by FinecoBank and engaged in the management of collective investment undertakings.
GDPR:	EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.
Global Policy:	the "Global Policy for the management of transactions with persons in potential conflict of interest of the FinecoBank Group", as described in Paragraph 10 of this Report.
Group or FinecoBank Group:	the group consisting of the Parent Company FinecoBank and its Subsidiaries; currently corresponding to the FinecoBank Banking Group.
FinecoBank Banking Group or Banking Group:	the group consisting of the Parent Company FinecoBank as well as its Entities.
BCE Guide:	the European Central Bank's "Guide to fit and proper assessment" published in December 2021, which revises and replaces the previous version updated in May 2018. The purpose of the Guide is to explain in more detail the policy guidelines, supervisory practices and processes applied by the European Central Bank in assessing the suitability of members of the management bodies of significant credit institutions and to specify the ECB's main expectations.
Instructions accompany the Stock Exchange Regulations:	instructions on Regulations for Markets organised and managed by Borsa Italiana, in force at the date of approval of this Report.
MTA:	the main Stock Exchange organised and managed by Borsa Italiana,

	where FinecoBank shares are also traded.
Joint EBA and ESMA Guidelines:	the joint guidelines of September 26, 2017 of ESMA and the EBA on the assessment of the suitability of members of corporate bodies and key personnel under CRD IV and Directive 2014/65/EU ("MIFIR II"), last updated on July 2, 2021.
Paragraph:	the paragraphs of this Report.
Fit & Proper Policy:	the policy concerning the rules adopted by the Bank on the verification of the suitability requirements for corporate officers and heads of FinecoBank's main corporate functions, pursuant to the applicable legislation and regulations, approved by the Board of Directors on March 16, 2021 and subsequently amended.
Assonime Principles:	the "Principles for Listed Companies' dialogue with Investors" published by Assonime in Circular no. 23 of July 19, 2021, which – together with the relevant annotations – outline roles and responsibilities in defining policy and managing dialogue with investors in general, in line with the functions and tasks that the Corporate Governance Code assigns to those involved in the governance system.
Corporate Bodies Regulations:	the Regulations approved by the Board of Directors governing the functioning and responsibilities of the Company's Board of Directors and Board of Statutory Auditors and related information flows, in compliance with laws, regulations and the Articles of Association. This document is available on the Issuer's website www.finecobank.com ("About us/Governance/Company Boards" section).
Stock Exchange Regulations:	the Regulations for Markets organised and managed by Borsa Italiana, approved by the shareholders' meeting of Borsa Italiana, in force at the date of approval of this Report.
Issuer Regulations:	the Regulations issued by CONSOB with resolution no. 11971 of May 14, 1999 (as amended), on issuers.
Market Regulations:	the Regulations issued by CONSOB with resolution no. 20249 of December 28, 2017, on markets.
Related-Party Regulations:	the Regulations issued by CONSOB with resolution no. 17221 of March 12, 2010 (as amended), containing provisions on transactions with related parties.
Report:	this Report on corporate governance and ownership structures that companies are required to prepare pursuant to Article 123-bis of the Consolidated Finance Act (hereinafter TUF).

Subsidiaries:	Italian and foreign companies controlled directly and/or indirectly by FinecoBank, pursuant to Article 2359 of the Italian Civil Code, Article 93 of the TUF and Article 23 of the Consolidated Banking Act (hereinafter TUB), whether or not they belong to the Banking Group.
External Auditors:	KPMG S.p.A., with registered office in Milan, Via Vittor Pisani 25, VAT No. 0070900159, tax code and registration number in the Milan Register of Companies 0070900159, R.E.A. 512867, a company registered in the special register of statutory auditors, appointed to perform the statutory audit of the Issuer's accounts.
Articles of Association:	the Articles of Association of the Company in force at the date of approval of this Report (available on the Company's website).
TUB:	Legislative Decree no. 385 of September 1, 1993, as amended (Consolidated Banking Act/TUB).
TUF:	Legislative Decree no. 58 of February 24, 1998, as amended (Consolidated Finance Act/TUF).

INTRODUCTION

The Report has been prepared pursuant to Article 123-bis of the TUF, in compliance with the "Format for corporate governance and ownership structure reports" of Borsa Italiana S.p.A., 9th edition, January 2022, as well as Supervisory Regulations on Corporate Governance. The information in this Report refers to the 2022 financial year, unless otherwise indicated.

The Report, approved by the Company's Board of Directors by resolution of March 14, 2023, is published at the same time as the Management Report on the Issuer's website section "About us/Governance" and is also available at the website of the authorised storage mechanism managed by Spafid Connect S.p.A. ().

The Report has been submitted to the External Auditors for its checks aimed at issuing an opinion of consistency with the financial statement and compliance with law pursuant to Article 123-bis, paragraph 4 of the TUF. The results of the work carried out by the External Auditors are contained in its reports, prepared in accordance with Article 14 of Legislative Decree no. 39 of January 27, 2010, and Article 10 of Regulation (EU) 537/2014, and attached to the 2022 separate and consolidated financial statements of the Company.

1. PROFILE OF THE ISSUER

FinecoBank is one of the leading FinTech banks in Europe, founded in 1999 as a digital bank with the aim of simplifying and making investment opportunities accessible. Listed on the FTSE MIB(1) , FinecoBank offers a business model that is unique in Europe, combining the best technology with a large network of personal financial advisors. Established from the outset as a company geared towards long-term sustainable growth, Fineco operates by pursuing its corporate purpose: "support customers in managing their savings responsibly to create the conditions for a more prosperous and fairer society" It seeks to do this by following the path of transparency, simplification and innovation, offering customers excellent services and products at a fair price, within three integrated business areas, banking, investing and brokerage It also offers a single platform for all banking, credit, trading and investment services through transactional and advisory functions developed using proprietary technology. FinecoBank provides one of the most widely used brokerage services in Europe and is one of the leading players in Private Banking in Italy, offering advanced and tailor-made advisory services. Since 2017, FinecoBank has also been in the UK with an offering focused on brokerage, banking and investment services(2) . Fineco Asset Management Designated Activity Company (a wholly owned subsidiary of FinecoBank) was founded in Dublin in 2018, with a mission to develop innovative investment solutions in partnership with top international asset managers.

With regard to sustainability, the Group bases its strategy on three main pillars: efficiency, innovation and transparency, guiding the path to sustainable growth.

Fairness and transparency towards all stakeholders, including through fair pricing, are part of Fineco's DNA. The Group strongly believes that these key elements underpin the creation of long-term sustainable values for all its stakeholders.
Efficiency is the distinctive feature of the Bank and characterises every activity: thanks to its proprietary back-end systems, internal development and automated processes, Fineco benefits from a lean and efficient cost structure as well as rapid time-to-market for new products and services.
Innovation is the path taken by Fineco to achieve its mission: from the outset a pioneer in anticipating clear structural trends generated by the increasing digitisation of customers and consumers, who increasingly choose their banks according to the quality of services offered.

The constant look to the future that guides business choices is also the cornerstone of its approach to sustainability. For this reason, a plan of ESG objectives to be pursued by 2023 has been defined, divided into six strategic lines: increasing the supply of products and services with social and environmental value; combating climate change through the implementation of an Environmental Management System; promotion of a responsible supply chain; focus on people, supporting local communities and strengthening dialogue with socially responsible investors, as well as participating in initiatives that support our commitment to sustainable development.

Adherence to United Nations sustainability initiatives, namely the Principles of the Global Compact, the Principles for Responsible Banking and the Principles for Responsible Investment,

⁽ 1 ) FinecoBank was admitted to listing on the MTA on July 2, 2014. Since April 1, 2016, FinecoBank has been included in the FTSE-MIB index and since March 2017 it shares have been included in the STOXX Europe 600 Index. With effect from October 25, 2021, the equity markets of Borsa Italiana S.p.A. have changed their name: the Mercato Telematico Azionario (MTA) became Euronext Milan (EXM).

⁽ 2 ) In December 2022, "Fineco International Ltd" was established in the United Kingdom, a company that is not yet operational, for which the relevant authorisation procedure before the English Financial Conduct Authority (FCA) is currently under way.

has enabled the Group to increasingly integrate sustainability risks and factors into business choices for all stakeholders. In terms of customer offerings, from 2021 the Bank is committed to providing investment funds with an ESG Rating and to expanding the range of ESG-rated financial products over time. Fineco Asset Management undertakes to integrate ESG criteria into its work as a collective manager. In the Banking & Credit area, the Green Mortgage was confirmed on the market during 2022, and in the first half of the year the offer in the area of tax credits remained available, with the aim of incentivising the purchase of energy-efficient real estate and the improvement of the environmental performance of properties undergoing renovation, respectively.

Of equal importance to the Group is the relationship with its own people, especially in the pandemic context that has led to changing relationships between companies and their employees. In particular, several initiatives are in place to facilitate and improve the working and personal life of employees, including the signing of the trade union agreement on agile working. Recognition as a Top Employer Italy confirms the solidity of the path taken.

Also in the environmental sphere FinecoBank continues its path of sustainability by obtaining EMAS certification for the Environmental Management System adopted by the Bank in line with the requirements of the EU Voluntary Eco-Management and Audit Scheme (EMAS), including an Environmental Programme for the period 2021-2024, which includes a set of environmental objectives and operational actions, corporate structures responsible for their achievement, allocated resources, timeframes and, where possible, quantitative targets.

The focus on ESG issues is an integral part of Corporate Governance. In fact, there are Sustainability Committees at board and management level, as well as a dedicated structure to define and oversee the sustainability strategy.

For more details regarding the aspects relating to sustainability and the Bank's pursuit of sustainable success, see the Consolidated Non-Financial Statement prepared pursuant to Legislative Decree 254/2016 and available on the Bank's website https://about.finecobank.com/it/ in the "About us/Governance/Shareholders' Meeting" section.

It should be noted that, with effect from May 11, 2019, following the sale of the shares held by the former parent company, FinecoBank (formerly subject to management and coordination by UniCredit) has been registered as the "Parent Company" of the "FinecoBank Banking Group" in the Register of Banking Groups (together with the subsidiary FAM), exercising management and coordination over the group in accordance with the applicable regulations.

1.1. The corporate governance model

The corporate governance system adopted by the Company is based on principles recognised by international best practices as fundamental for good governance: the central role of the Board of Directors, the objective of pursuing sustainable success, as an aspect of general and strategic importance for the company's activities in the medium-and long-term, the proper management of conflicts of interest, an effective internal control system and transparency in relations with the market, particularly with regard to reporting on corporate management decisions.

FinecoBank's overall corporate governance framework has been defined in compliance with current legal and regulatory provisions, also taking into account the recommendations of the Corporate Governance Code. The Company is also subject to the Supervisory Regulations issued by the Bank of Italy and the Supervisory Regulations on Corporate Governance. Pursuant to these regulations, with effect from January 1, 2022, FinecoBank has been under the direct prudential

supervision of the European Central Bank and the Single Resolution Board.

FinecoBank, in its capacity as Parent Company of the FinecoBank Banking Group, in accordance with Article 61 of the TUB and the Supervisory Regulations, issues rules for the companies belonging to the Group in the interest of its stability. To this end, FinecoBank has drawn up Group Managerial Golden Rules (GMGR) for Corporate Governance, in order to fully perform its management and coordination role, as well as implementing a management system and regulating key processes between the Parent Company and its subsidiaries. In its institutional role, FinecoBank also ensures the coordination of the activities of the subsidiaries through a management system based on the concept of "competence lines", consisting of the corporate units and functions (both central and local). These competence lines operate transversally across the Parent Company and the Group Companies, with the aim of directing, coordinating and controlling the operations and risks of the Group as a whole.

FinecoBank adopts a traditional administration and control system based on two bodies appointed by the Shareholders' Meeting: the Board of Directors, responsible for strategic supervision and company management, and the Board of Statutory Auditors, responsible for overseeing compliance with laws, regulations and the Articles of Association, sound management, and the adequacy of the Bank's organisational and accounting structures. The Managing Director and General Manager performs the role of management body in accordance with the Supervisory Regulations. External auditors are appointed to audit the accounts, in compliance with the applicable regulations.

At the date of approval of this Report, the governance of FinecoBank also included the following Board Committees:

Risk and Related Parties Committee;
Remuneration Committee;
Appointments Committee; and
Corporate Governance and Environmental and Social Sustainability Committee.

The diagram below illustrates FinecoBank's governance structure:

1.1.1 Shareholders' Meeting

The Shareholders' Meeting represents the interests of shareholders as a whole, and – through its decisions – of the company.

The Shareholders' Meeting passes resolutions in ordinary and extraordinary session with the meeting and voting quorums envisaged by law and the Articles of Association, based on the specific matters to be discussed.

The Ordinary Shareholders' Meeting approves the financial statements and resolves on profit distribution. It appoints the Directors, the Statutory Auditors and the External Auditors, setting their remuneration. It also resolves on remuneration and incentive policies and practices envisaged by the applicable regulations.

The Extraordinary Shareholders' Meeting resolves on amendments to the Articles of Association, capital increases and mergers and demergers.

Holders of voting rights and for whom the Company has received notice from the intermediary holding the relative account, within the deadlines established by applicable laws (record date, the seventh open trading day prior to the date convened for the Meeting) may participate in the Shareholders' Meeting.

For further information on the Shareholders' Meeting, see Paragraph 13

1.1.2 Board of Directors

In accordance with the Articles of Association, the Board of Directors is the body assigned all the powers, within the framework of the company purpose, that are not expressly assigned to the Shareholders' Meeting according to law or the Articles of Association, and that exclusively oversees the management of the company. For this purpose, the Board of Directors is given full powers for the ordinary and extraordinary management of the Company.

Members of the Board of Directors have the professional standing, integrity and independence required by the Articles of Association and by applicable laws and regulations. They also meet the competence, correctness and dedication of time requirements, as well as complying with the limits on the number of positions held as established by the applicable regulations and/or the Articles of Association.

As established in the Articles of Association, members of the Board of Directors are appointed by the Shareholders' Meeting for a three-year term of office, save for a shorter term established by the Shareholders' Meeting when making the appointments, based on a list voting system, to guarantee an adequate number of board directors elected by the minority shareholders.

The Board of Directors elects a Chairman from its members and, where considered appropriate, one or two Deputy Chairmen, one of whom will act as a stand-in. The Chairman and Deputy Chairmen remain in office for the entire duration of the Board. The Board of Directors also appoints a Secretary, who is not necessarily a board member. The Board may establish committees or commissions with advisory, decision-making or coordination functions, in compliance with applicable laws and regulations.

The Board of Directors may also appoint a Managing Director, establishing the term of office and relative duties and powers, as well as a General Manager and one or more Deputy General

Managers, who constitute the Executive Management. In accordance with the provisions of the Articles of Association, the Company's Board of Directors appointed Mr. Alessandro Foti as Managing Director and General Manager of the Bank.

For further information on the Board of Directors, see Paragraph 4

1.1.3 Board committees

To promote an efficient information and consultation system in order for the Board of Directors to evaluate issues to the best of its ability, four board committees, with examining, advisory, proposing and coordination functions, were established at the date of approval of this Report, in compliance with the Supervisory Regulations on Corporate Governance and the principles and recommendations of the Corporate Governance Code; more specifically: (i) a Risk and Related Parties Committee; (ii) a Remuneration Committee; (iii) an Appointments Committee; and (iv) a Corporate Governance and Environmental and Social Sustainability Committee.

For further information on the Corporate Governance and Environmental and Social Sustainability, the Appointments Committee, and the Risk and Related Parties Committee, see Paragraphs 6.1, 7, 8 and 9 respectively

1.1.4 Board of Statutory Auditors

In accordance with FinecoBank's Articles of Association, the Board of Statutory Auditors comprises three statutory and two stand-in auditors. Statutory Auditors are appointed by the Shareholders' Meeting based on a list voting system, to ensure that a Statutory Auditor is elected by the minority shareholders, as well as compliance with provisions on gender balance.

The auditors remain in office for three years, they may be re-elected and their term ends on the date of the Shareholders' Meeting called to approve the financial statements for the third year of their appointment. The Board of Statutory Auditors performs the functions assigned to it by law and other applicable regulations. For the entire period while the Company's shares are admitted to trading on a regulated Italian market, the Board of Statutory Auditors also exercises all powers and carries out all duties provided for by special laws; with regard to disclosure in particular, the Directors are required to report on a quarterly basis, pursuant to Article 150 of the TUF, according to the procedures in Article 15 of the Articles of Association. The Board of Statutory Auditors, acting as the "Internal control and audit committee", pursuant to Legislative Decree no. 39 of January 27, 2010, carries out all the other activities envisaged by that decree.

The members of the Board of Statutory Auditors meet the requirements of professional standing, integrity and independence laid down by the applicable law and regulations and the Articles of Association. They also meet the competence, correctness and dedication of time requirements, as well as complying with the limits on the number of positions held as established by the applicable regulations and/or the Articles of Association. At least two Statutory Auditors and one Stand-in Auditor are registered auditors.

For further information on the Board of Statutory Auditors, see Paragraph 11

1.1.5 External Auditors

The accounts are audited, in accordance with the applicable legal provisions, by an entity that meets the requirements laid down in the prevailing regulations.

The External Auditors represent the external control body responsible for auditing the accounts. In particular, during the year, the External Auditors are required to verify that the company accounts have been properly kept and that the operating events have been correctly recorded in the accounting records, and provide their opinion on the separate and the consolidated financial statements in a specific report.

For further information on the External Auditors, see Paragraph 9.5

* * *

The duties and operating procedures of corporate bodies are governed by law, by the Articles of Association and by decisions taken by competent bodies.

For further information on each body and/or entity comprising the Company's governance system, see the specific Paragraphs of this Report.

2. INFORMATION ON OWNERSHIP STRUCTURES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, TUF)

a) Share Capital Structure (pursuant to Article 123-bis, paragraph 1, letter a) of the TUF)

As at December 31, 2022, the share capital, fully subscribed and paid up, amounted to €201,339,553.80 divided into 610,119,860 ordinary shares with a par value of €0.33 each.

The Board of Directors, partially exercising the authority granted to it pursuant to Article 2443 of the Italian Civil Code by the Extraordinary Shareholders' Meetings of April 11, 2018, April 10, 2019, April 28, 2020, and April 28, 2021, resolved on February 7, 2023, to increase the share capital, as follows:

(i) with effect from March 31, 2023, by a nominal amount of €9,050.58, corresponding to 27,426 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2017 Group Incentive System" – 6th tranche of the plan and 4th tranche share);
(ii) with effect from March 31, 2023, by a nominal amount of €13,876.17, corresponding to 42,049 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2018 Group Incentive System" – 5th tranche of the plan and 3nd and 4th tranche share of the severance agreed in 2018 for a member of key management personnel);
(iii) with effect from March 31, 2023, by a nominal amount of €11,186.34, corresponding to 33,898 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2019 Group Incentive System" – 4th tranche of the plan 2nd and 3rd tranche share);
(iv) with effect from March 31, 2023, by a nominal amount of €629.64, corresponding to 1,908 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2020 Fineco Incentive System" – 3rd tranche of the plan and 2nd tranche share);
(v) with effect from March 31, 2023, by a nominal amount of €21,226.92, corresponding to 64,324 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2021 Fineco Incentive System" – 2nd tranche of the plan and 1st tranche share);
(vi) with effect from March 31, 2023, by a nominal amount of €112,916.10, corresponding to 342,170 ordinary shares with a par value of €0.33 each, to service Employee incentive plans ("2018-2020 LTI" – 1st, 2nd and 3rd tranche of the plan).

Ordinary shares are registered and are admitted for trading on the Euronext Milan (formerly MTA). No further categories of shares, equity-based instruments, convertible or exchangeable bonds have been issued.

Shares are indivisible and joint ownership is governed by law.

The shares are not subject to any privileges or constraints. There are no shares reserved for issue under option and sales contracts.

Each ordinary share carries the right to one vote in ordinary and extraordinary Shareholders' Meetings. Ordinary shares have administrative and equity rights and obligations in accordance with law.

For equity-based incentive plans, which involve free share capital increases approved by the Shareholders' Meeting, see the related prospectuses drawn up in accordance with Article 84-bis

of the CONSOB Issuer Regulations(3) , as well as the Remuneration Report prepared in accordance with Article 84-quater of the CONSOB Issuer Regulations(4) .

b) Restrictions on the transfer of securities (pursuant to Article 123-bis, paragraph 1, letter b) of the TUF)

As at the date of approval of this Report, there were no restrictions on the transfer of securities.

c) Significant holdings in capital (pursuant to Article 123-bis, paragraph 1, letter c), of the TUF)

Based on entries in the Shareholders' Register and notices received in accordance with Article 120 of the TUF, as well as other information available to the Company, the direct or indirect significant holdings in the share capital as at December 31, 2022, are detailed below.

The table does not include entities that are exempt from the disclosure requirements pursuant to Article 119-bis of the Issuer Regulations.

Declarer or entity at the top of the ownership chain	Direct shareholder	No. of ordinary shares (*)	% Share of ordinary capital	% Share of voting capital
	Blackrock Singapore Limited	1,015	0.000%	0.000%
	BlackRock Advisors (UK) Limited	3,884,389	0.637%	0.637%
	Blackrock Advisors, LLC	644,571	0.106%	0.106%
	BlackRock Asset Management Canada Limited	397,585	0.065%	0.065%
	BlackRock Asset Management Deutschland AG	3,927,325	0.644%	0.644%
BlackRock Inc.	BlackRock Asset Management North Asia Limited	3,894	0.001%	0.001%
	BlackRock Financial Management, Inc.	108,211	0.018%	0.018%
	BlackRock Fund Advisors	7,657,164	1.255%	1.255%
	BlackRock Institutional Trust Company	7,772,895	1.274%	1.274%
	BlackRock International Limited	323,536	0.053%	0.053%
	BlackRock Investment Management (Australia) Limited	223,138	0.037%	0.037%

⁽ 3 ) The following is the address of FinecoBank's website where the information documents are available:www.finecobank.com – section "About us/Governance/Shareholders' Meeting".

⁽ 4 ) The Report on Remuneration is available at FinecoBank's website at: www.finecobank.com – "Governance/Shareholders' Meeting" section. Moreover, the information pursuant to Article 84-quater is provided in Section 2 of the "Remuneration Policy and Report of the FinecoBank Group", available at FinecoBank's website: www.finecobank.com – "About us/Governance/Shareholders' Meeting" section.

	BlackRock Investment Management (UK) Limited	30,161,141	4.943%	4.943%
	BlackRock Investment Management, LLC	609,615	0.100%	0.100%
	BlackRock Japan Co., Ltd	374,800	0.061%	0.061%
	Total	56,089,279	9.193%	9.193%
	Wellington Management International Ltd	2,608,257	0.427%	0.427%
Wellington Management Group	Wellington Management Company LLP	30,590,732	5.014%	5.014%
LLP	Wellington Management Europe GmbH	501	0.000%	0.000%
	Total	33,199,490	5.441%	5.441%
Capital Research and Management	Capital Research and Management Company	30,738,447	5.038%	5.038%
Company	Total	30,738,447	5.038%	5.038%
	Fidelity Management & Research Company LLC	21,963,037	3.600%	3.600%
	FIAM LLC	1,224,815	0.201%	0.201%
	Fidelity Institutional Asset Management Trust Company	2,025,959	0.332%	0.332%
FMR LLC	Fidelity Management Trust Company	1,890,257	0.310%	0.310%
	FMR Investment Management (UK) Limited	132,575	0.022%	0.022%
	Total	27,236,643	4.464%	4.464%

(*) Type of possession: non-discretionary asset management.

d) Securities conferring special rights (pursuant to Article 123-bis, paragraph 1, letter d), of the TUF)

At the date of approval of this Report, FinecoBank had not issued any shares conferring special control rights, nor adopted article of association provisions allowing multiple or increased voting rights.

e) Employee Shareholdings: mechanism for exercising voting rights (pursuant to Article 123-bis, paragraph 1, letter e), of the TUF)

There is no employee share ownership scheme in which voting rights are exercised by representatives of the employees.

f) Restrictions on voting rights (pursuant to Article 123-bis, paragraph 1, letter f), of the TUF)

There are no restrictions on voting rights.

g) Shareholder agreements (pursuant to Article 123-bis, paragraph 1, letter g), of the TUF)

The Issuer is not aware of any shareholder agreements pursuant to Article 122 of the TUF.

h) Change of control clauses (pursuant to Article 123-bis, paragraph 1, letter h), of the TUF) and articles of association provisions on takeover bids (pursuant to Article 104, paragraph 1-ter, and 104-bis, paragraph 1, of the TUF)

With the exception of the agreements signed as part of the so-called smooth transition, aimed at governing relations between FinecoBank and UniCredit following FinecoBank's exit from the UniCredit Group, the Company has not entered into any significant agreements that become effective, are amended or terminate in the event of a change of control of the contracting company(5) .

Details of the change of control provisions contained in the above agreements, signed as part of the smooth transition, are provided in the "Information document relating to significant transactions with related parties between FinecoBank S.p.A. and UniCredit S.p.A." prepared by the Company pursuant to Article 5 and in accordance with the format in Annex 4 of the Related-Party Regulations, published on the Bank's website (www.finecobank.com "Governance/Related Parties and Associated Persons").

* * *

The Bank's Articles of Association do not allow for any exceptions to the provisions concerning the passivity rule pursuant to Article 104, paragraphs 1 and 1-bis of the TUF, nor do they envisage application of the neutralisation rules laid down in Article 104-bis, paragraphs 2 and 3 of the TUF.

i) Delegations to increase share capital and authorisations to purchase treasury shares (pursuant to Article 123-bis, paragraph 1, letter m) of the TUF)

The Board of Directors has been authorised by the Extraordinary Shareholders' Meeting to carry out free increases in share capital, aimed at implementing the incentive plans for personnel classified as "identified staff" of the Bank. The Board of Directors has not been assigned the power to issue equity-based financial instruments.

On April 28, 2021, the Shareholders' Meeting, upon proposal from the Board of Directors, authorised the purchase and disposal of a maximum of 203,773 treasury shares to service the 2021 incentive system for FinecoBank personal financial advisors identified as key personnel.

On April 28, 2022, the Shareholders' Meeting, upon proposal from the Board of Directors, authorised the purchase and disposal of a maximum of 260,779 treasury shares to service the 2022 incentive system for FinecoBank personal financial advisors identified as key personnel.

On January 23, 2023, the Board of Directors resolved to submit a proposal to the Shareholders' Meeting convened to approve the 2022 Financial Statements, for the authorisation of the purchase and disposal of a maximum of 246,015 treasury shares to service the 2023 incentive system for FinecoBank personal financial advisors identified as key personnel.

As at December 31, 2022, the Company held 136,479 treasury shares corresponding to 0.02% of the share capital.

l) Management and coordination activities (pursuant to Article 2497 et seq of the

⁽ 5 ) FAM has not entered into any agreements that qualify as significant pursuant to Article 123-bis, paragraph 1, letter h) of the TUF.

Italian Civil Code)

As at the date of approval of this Report, FinecoBank was not subject to any management and coordination pursuant to Article 2497 and following of the Civil Code.

* * *

The information required by Article 123-bis, paragraph 1, letter i) of the TUF is contained in the Report on remuneration policy and compensation paid, published in accordance with Article 123 ter of the TUF(6) .

* * *

The information required by Article 123-bis, paragraph 1, letter l) of the TUF regarding the appointment and replacement of directors is given in the Paragraph of this Report concerning the Board of Directors (Paragraph 4.2).

⁽ 6 ) The Report on Remuneration is available at FinecoBank's website at: www.finecobank.com – "About us/Governance/Shareholders' Meeting" section.

3. COMPLIANCE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER A) OF THE TUF)

Since its listing, FinecoBank has adhered to the Self-regulation Corporate Governance Code, aligning conduct to the principles contained therein, where applicable. The Code is aligned with the main international practice and sets out the corporate governance standards (based on transparency, accountability and a long-term perspective) and best practices recommended by the Corporate Governance Committee, which apply to the listed companies based on the "comply or explain" principle, according to which the adhering companies are required to set out the reasons for non-compliance with one or more recommendations contained in its principles or application criteria in the Report on corporate governance and ownership structures.

The Corporate Governance Code, approved by the Corporate Governance Committee for listed companies was published on January 31, 2020. The companies that adhere to the Code shall apply this new version from the first financial year after December 31, 2020, advising the public of this in the Report on corporate governance to be published during 2022. On December 15, 2020, the Board of Directors of FinecoBank resolved to adopt the Corporate Governance Code, with effect from January 1, 2021. For the purposes of alignment to the new Code, on the same date and with the same effective date, the Board approved an updated version of the Corporate Bodies Regulations(7) . This Report therefore takes into account the principles and recommendations of the Corporate Governance Code, which – in addition to the standards of transparency, responsibility and long-term perspective already adopted by the previous Self-regulation Corporate Governance Code, as well as the best practices for listed companies – are based on four fundamental criteria: sustainability with the statement of the principle of "sustainable success", engagement, proportionality and simplification. The Corporate Governance Code also applies the comply or explain principle. For details of the practical implementation of the principles and recommendations of the Corporate Governance Code, see the respective paragraphs of this document, which, as mentioned in the introduction, have been prepared taking into account the guidance in Borsa Italiana's new format.

The Corporate Governance Code is available on the Corporate Governance Committee's website, at:https://www.borsaitaliana.it/comitato-corporate-governance/codice/2020.pdf.

For additional information on the corporate governance structure of FinecoBank, in addition to specific paragraphs of this Report, see the Company's website, where the Report is published together with financial information, data and documents of interest to shareholders.

The Issuer is not subject to provisions of law outside Italy that affect its corporate governance structure(8) .

* * *

⁽ 7 ) The text of the Corporate Bodies Regulations, as amended over time in accordance with the applicable regulations, is available on the Issuer's website www.finecobank.com ("About us/Governance/Company Boards" section).

⁽ 8 ) The legal provisions FAM is subject to do not affect the Issuer's governance structure.

4. BOARD OF DIRECTORS

4.1 Role of the Board of Directors

4.1.1 Duties

Under the current regulations for companies with shares listed on regulated markets and in accordance with the recommendations in the Corporate Governance Code, the Board of Directors plays a central role in the Company's governance system. As the supervisory body, the Board of Directors approves the Bank's strategic guidelines and monitors their ongoing implementation.

Article 17 of the Articles of Association requires the Board of Directors to have the broadest powers for the management of the Company, except for powers reserved by applicable law, regulations and the Articles of Association to the Shareholders' Meeting.

In particular, in addition to duties and powers that cannot be delegated according to law, the Articles of Association or the Corporate Bodies Regulations, the Board of Directors has exclusive responsibility for the following:

− determination of the criteria for the direction and coordination of Group companies and for executing the instructions of the Bank of Italy in the context of the legal and regulatory powers of the Parent Company, to give instructions to Group members, and to check that those instructions are effectively carried out;
− overall management of the Group's policies for growth, prior to the adoption and amendment of the business, strategic and financial plans of the Company and the Group, in the context of its instructions given as Parent Company;
− appointment and dismissal of the Managing Director and/or the General Manager and Deputy General Manager(s), the Financial Reporting Officer and key management personnel;
− assessments of the general performance of company operations(9) ;
− updating the Articles of Association to bring them into line with regulatory provisions;
− mergers by incorporation of Companies and demergers in the cases provided for under Articles 2505, 2505-bis and 2506-ter of the Civil Code;
− reduction of share capital following the withdrawal of Shareholders;
− indication of the Directors, in addition to those identified by the Articles of Association, that can represent the Company;
− establishment of committees or commissions with advisory, decision-making or coordination functions;
− risk management policies, as well as the evaluation of the functioning, efficiency and effectiveness of the internal control system and adequacy of the organisational, administrative and accounting structure;

⁽ 9 ) By considering the information received from executive bodies and officers, and periodically comparing the results achieved with those planned. In this regard, the assessment was conducted monthly during the Year.

− purchase and sale of investments, companies and/or business units, as well as decisions concerning investments or disinvestments that modify the composition of the Banking Group, subject to the provisions in Article 2361, paragraph 2 of the Civil Code;
− purchase and sale of property;
− approval and amendment of the main internal regulations;
− the appointment and removal of the heads of the Internal Audit, Compliance, Risk Management, Anti-Money Laundering and Suspicious Transaction Reporting functions, after consulting the Board of Statutory Auditors;
− establishment and structuring of branches, agencies and representative offices in Italy or abroad, also for the purpose of allocating signing powers.

Subject to the legal and regulatory powers applicable from time to time, also in accordance with Supervisory Regulations on Corporate Governance and the Corporate Governance Code, and in line with the provisions of the Articles of Association and the Corporate Bodies Regulations, the Board of Directors, among other things:

(a) defines the nature and the level of risk consistent with the Bank's and Group's strategic objectives, including in its assessment all risks that may be relevant for the sustainable success(10)of the Bank and the Group; reviews and approves the business model, bearing in mind the risks to which the model exposes the Bank and the Group; formulates policies for the management of risks to which the Bank and the Group may be exposed, as well as the risk objectives and tolerance thresholds, periodically reviewing them to ensure their effectiveness and supervising the actual functioning of risk management and control processes in compliance with current legal and regulatory provisions;
(b) defines corporate strategies taking into account the following areas: i) monitoring and managing impaired loans and approving policies for their management; ii) the possible adoption of new business models, applications, processes or products, including through partnerships or outsourcing, related to the provision of technology-intensive financial services (FinTech); iii) the risks of money laundering and terrorist financing, having regard, inter alia, to the activity carried out, the clientele and the geographical areas concerned; iv) sustainable finance objectives and, in particular, the integration of environmental, social and governance (ESG) factors into business decision-making processes; v) the risks, in particular legal and reputational, arising from any related or instrumental activities carried out; vi) the definition and proper implementation of funding policies, also with reference to the type of savers/investors concerned, including planning and choices regarding compliance with regulations on the Minimum Requirement for own funds and Eligible Liabilities (MREL);
(c) examines and approves the business plan of the company and the related group, also on the basis of an analysis of issues relevant to the generation of value in the long term, periodically monitoring its implementation;
(d) defines and approves the Bank's organisational and corporate governance structure, verifies its correct implementation and promptly takes corrective measures in the case of

⁽ ¹⁰) For details regarding the aspects relating to sustainability and the Bank's pursuit of sustainable success, see the Non-Financial Statement prepared pursuant to Legislative Decree 254/2016 and available on the Bank's website www.finecobank.it in the "About us/Governance/Shareholders' Meeting" section.

any shortcomings or inadequacies; it also defines the Group's corporate structure and governance models/guidelines; more specifically, the Board of Directors is called upon in this respect to ensure a clear distinction of tasks and functions and the prevention of conflicts of interest(11) ;

(e) checks the proper implementation of the overall corporate governance structure, and of the organisational structure of the Bank as approved by the Board of Directors; promptly adopts corrective measures to address any deficiencies or inadequacies in these arrangements; assesses the adequacy of the Bank's general administrative and accounting structure and of the organisational, administrative and accounting structure of the Group companies, with particular reference to the internal control system and the management of conflicts of interest;
(f) approves the accounting and reporting systems;
(g) approves policies and processes for the assessment of company operations, and, in particular, financial instruments, ensuring their continued adequacy; it also establishes the Bank's and Group's maximum exposure limits for financial instruments or products that are uncertain or difficult to measure;
(h) approves the process for the development and validation of internal risk measurement systems not used for regulatory purposes, periodically assessing their correct use; it also approves the adoption of internal risk measurement systems for assessing capital requirements, periodically checking their validity, and adopting a formal resolution – annually, and after consulting the Board of Statutory Auditors – regarding compliance with the requirements for the use of those systems;
(i) assesses, with the support of the Risk and Related Parties Committee, the advisability of adopting measures to ensure the effectiveness and impartial judgement of the other corporate functions involved in the controls, verifying that they have adequate professional skills and resources;
(j) with the support of the Risk and Related Parties Committee, describes, in the corporate governance report, the main characteristics of the Internal Control and Risk System and the methods of coordinating the parties involved in it (specifying the reference national and international models and best practices), expresses its overall assessment on the adequacy of the Internal Control and Risk System and gives account of the choices made with regard to the composition of the supervisory board set up pursuant to Legislative Decree no. 231 of June 8, 2001;
(k) approves, reviews and updates (including at the request of the Supervisory Authority pursuant to the provisions of the relevant laws and regulations) the Group's recovery plan, with the aim of identifying options to maintain or restore the Bank's economic sustainability and financial position in severe stress conditions;
(l) also with regard to the Group recovery plan, adopts, at the request of the Supervisory Authority, the changes to be made to the business, organisational structure or corporate form of the Bank or Banking Group, and the other measures necessary to achieve the purposes of the plan, as well as the elimination of the causes underlying early intervention

⁽ ¹¹) For the assessment of the adequacy of the Company's organisational, administrative and accounting structure, which is prepared by the Managing Director (in particular for the internal control system and risk management), also in relation to FAM, see Paragraph 9 below.

pursuant to the provisions of, respectively, Articles 69-sexies, paragraph 3, letter c) and 69 noviesdecies, paragraph 1, letter b) of Legislative Decree no. 385 of September 1, 1993 ("TUB"), respectively, without prejudice to the powers of the Shareholders' Meeting in this regard;

(m) assesses whether to adopt a measure envisaged in the Group recovery plan or to refrain from adopting it even if the circumstances so require, in accordance with the provisions of the same recovery plan;
(n) approves the stress testing programme, as set out in the "Guidelines on Institutions' Stress Testing" (EBA/GL/2018/04);
(o) approves the policy on resolution governance that defines the governance rules for the Bank's resolution strategy and oversees its implementation;
(p) with the support of the Risk and Related Parties Committee, assigns the supervisory functions under Article 6, paragraph 1, letter b) of Legislative Decree no. 231 of June 8, 2001 to the control body or to an ad hoc body. If the body is other than the control body, the Board of Directors will assess the advisability of appointing at least one non-executive director and/or a member of the control body and/or a person with legal or control functions within the Company, in order to ensure coordination among the various parties involved in the internal control and risk management system;
(q) with reference to banking, financial, investment and insurance products and services (i) defines the process for the approval of new products and services, commencement of new business and entry into new markets; (ii) approves and updates policies containing guidelines on Product Governance requirements; (iii) monitors the process of governance of financial instruments, and also checks that the compliance function reports systematically include information about the financial instruments produced by the intermediary, the services offered and the distribution strategy; (iv) approves proposals for unilateral amendments pursuant to Article 118 of the TUB, with the support of the Risk and Related Parties Committee;
(r) approves a policy illustrating and justifying the choices on the various relevant issues in terms of organisational structures, procedures and internal controls, adequate verification and data retention, consistent with the principle of proportionality and with the actual exposure to the risk of money laundering (so-called anti-money laundering policy), pursuant to the provisions of the Bank of Italy Provision of March 29, 2019;
(s) approves the Company's policy on the outsourcing of corporate functions;
(t) for the purposes of mitigating operational risks and risks to the Bank's reputation and the Group's reputation, and encouraging the spread of a culture of internal controls, approves a Code of Ethics, Code of Conduct and/or similar instruments to be complied with by members of corporate bodies and employees of the Bank and the Group, ensuring their implementation and monitoring compliance by the recipients with the support of the competent Group structures. The code defines the principles of professional conduct (e.g. rules of ethics and rules to be observed in relations with customers), also by indicating unacceptable conduct (including the use of false or inaccurate information and the commission of financial or tax offences) which must guide the company's activities;
(u) approves the internal whistleblowing systems;
(v) approves policies, with the support of the Corporate Governance and Environmental and Social Sustainability Committee, to promote diversity and inclusiveness;
(w) approves, with regard to ICT matters: (i) the development strategies for the information system and the model for the architecture of the system; (ii) the policy on information security; (iii) the guidelines on the recruitment of technical personnel and the procurement of systems, software and services, including the use of outside suppliers, and promotes the development, sharing and updating of knowledge on ICT; (iv) the organisational and methodological framework for the analysis of ICT risk; (v) the IT risk appetite, regarding internal services and those offered to customers, in accordance with the risk objectives and the framework for the determination of the risk appetite established at corporate level, and is also informed at least annually on the IT risk situation with respect to the risk appetite; (vi) the corporate documents required by law for the management and supervision of the IT system; (vii) the annual investment plan for IT development; the Board is informed at least once a year regarding the adequacy of the services provided and the support given by those services to the evolution of business operations with respect to the costs incurred and is informed immediately if there are serious problems arising for the business due to incidents and/or malfunctions within the IT system;
(x) with regard to business continuity: (i) defines the objectives and business continuity strategies, ensuring sufficient human, technological and financial resources; (ii) approves the business continuity plan and any updates due to technological and organisational modifications, accepting residual risks not covered by the business continuity plan, and also promoting the development, periodic monitoring and updating after significant changes, or to cover any deficiencies/gaps or risks that have occurred; (iii) is informed at least once a year of the results of the checks on the adequacy of the business continuity plan; (iv) appoints the manager responsible for the business continuity plan;
(y) defines the criteria for identifying the most significant transactions(12) to be submitted for prior examination by the Risk and Related Parties Committee, and decides on transactions with related parties and associated persons, in accordance with the relevant procedures;
(z) takes decisions on the issuer's operations and those of its subsidiaries, if those operations have a significant strategic, income, capital or financial impact for the issuer; establishes general criteria for identifying significant transactions;
(aa) determines the remuneration/incentive systems for key personnel and the personal financial advisors network, and checks that these systems do not increase business risks and are consistent with long-term strategies;

⁽ ¹²) The Board resolves on the Company's significant transactions from a strategic or operational or financial perspective. With reference to the significant transactions carried out by the subsidiaries, the Board of Directors has approved and implemented the Global Policy Regulations which establish the criteria for identifying significant transactions from a strategic or operational or financial perspective in order to report them to the Board of Statutory Auditors in accordance with the applicable regulations. In particular, all critical and significant transactions and, in any event, those involving the following are reported to the Company's Board of Statutory Auditors: (i) new entry into, or strengthening of an existing position in, a strategic sector/market; (ii) definition/modification of shareholding structures with third parties with which there are governance agreements; (iii) decisions affecting strategic investments; (iv) decisions that have a significant influence on the organisational structure of the Company or the Group; (v) the exceeding of income/capital/financial thresholds in relation to the type of transaction carried out; (vi) changes to the Company's capital structure; (vii) new legal proceedings and changes to previous proceedings that give rise to contingent liabilities that exceed the threshold established by the Board or that are or may become significant for the Company's industry sector ("pilot proceedings").

(bb) prepares, submits to the Shareholders' Meeting and reviews, on an annual basis, the remuneration and incentives policy and is responsible for its proper implementation;
(cc) after consultation with the Appointments Committee, appoints the Directors of FinecoBank, with the approval of the Board of Statutory Auditors in the case of co-opting; where provided for in the Articles of Association, it identifies candidates for the position of Director of FinecoBank, when lists are submitted by the Board to the Shareholders' Meeting;
(dd) defines the Policy for verifying the suitability requirements of corporate officers and the heads of FinecoBank's main corporate functions pursuant to current legislation, after consulting the Board of Statutory Auditors and obtaining the opinion of the Appointments Committee;
(ee) with the support of the Appointments Committee, identifies in advance its own optimal qualitative and quantitative composition, identifying and justifying the ideal characteristics (including professionalism and possible independence) of the candidates for the office of director considered appropriate for these purposes; and subsequently verifies, again with the support of the Appointments Committee, the correspondence between the qualitative and quantitative composition deemed optimal and the actual composition resulting from the appointment process, informing the market;
(ff) after consulting the Appointments Committee, defines the Policy for the appointment of directors of the Group's subsidiaries and investee companies and appoints the corporate officers – meaning the members of the boards of directors, boards of statutory auditors and supervisory boards – in the subsidiaries. It also appoints members of the corporate bodies of minority shareholdings upon proposal from the Managing Director and after consulting the Appointments Committee;
(gg) promotes dialogue, in the most appropriate forms, with the shareholders and with the other relevant stakeholders of the Company. In this context, it approves – on proposal from the Chairman, formulated in agreement with the Managing Director and General Manager – after examination by and opinion from the Corporate Governance and Environmental and Social Sustainability Committee, a policy for managing dialogue with shareholders in general, taking into account the engagement policies adopted by institutional investors and asset managers. The Chairman also ensures that the Board of Directors is in any case informed, within the next meeting, on the development and significant content of dialogue held with all shareholders;
(hh) after consultation with the Risk and Related Parties Committee, approves the Group's tax strategy, which sets out the guidelines and principles adopted by the Bank in the management of tax matters and, in particular, of the associated risk. In addition, at least once a year, and after the reporting to the Risk and Related Parties Committee, it is informed about the state of the internal control system for tax risk within the annual report on the tax risk situation.

The Board of Directors also ensures that:

(i) the Bank's structure is consistent with its activities and business model, avoiding the creation of complex structures which are not justified by operational objectives;
(ii) the implementation of the framework for determining the Risk Appetite Framework ("RAF") is consistent with approved risk objectives and tolerance thresholds (where identified); periodically assesses the suitability and effectiveness of the RAF and the

compatibility of the actual risk with the risk objectives;

(iii) the strategic plan, the RAF, the Internal Capital Adequacy Assessment Process (ICAAP), the stress testing plan, the budget and internal control system are consistent, also bearing in mind the changing internal and external conditions under which the Bank and Group operate;
(iv) the quantity and allocation of Group capital and liquidity are in line with the risk appetite, risk governance policies and the risk management process of the Group;
(v) where the Bank operates in jurisdictions lacking transparency or through especially complex structures, the Board assesses the related operational risks, especially of a legal, reputational and financial nature, identifying oversight measures to mitigate those risks and ensure they are effectively controlled.

Furthermore, the Board approves, at least once a year, the plan of activities (including the audit plan) and reviews the annual reports prepared by the corporate control functions (Compliance, Internal Audit and Risk Management). In this context, the Board also approves the long-term audit plan.

The Board of Directors ensures that instructions are given to the subsidiaries during the year, in the exercise of its powers of direction and coordination as provided for in the relevant legal and regulatory provisions.

Lastly, the Board is exclusively responsible for reporting to shareholders at Shareholders' Meetings.

4.1.2 Competing activities

The Company has not authorised any exceptions to the non-competition clause pursuant to Article 2390 of the Civil Code.

4.2. Appointment and replacement (pursuant to Article 123-bis, paragraph 1, letter l), part 1, of the TUF)

In 2019, the Board of Directors, with the support of the former Corporate Governance, Appointments and Sustainability Committee, approved a number of proposals to revise its corporate governance to align it to the new shareholding structure of the Bank following its exit from the UniCredit Group and acquisition of the role of "Parent Company" of the "Banking Group".

In addition to further strengthening the requirements of the Bank's corporate officers, in line with Italian legislation and current practice, the Board of Directors has been empowered to submit its own list of candidates for the position of director, when the Board is re-elected.

This amendment complies with the provisions of the Corporate Governance Code and is in line with international best practice.

In this context, the participation and representation of the minority shareholders have been extended. Specifically, the list that comes second in terms of number of votes will be assigned two Directors, while the list that comes third in terms of number of votes will be assigned one Director provided he/she has received at least 2% of the votes cast at the meeting.

The proposals to amend the Articles of Association, for which the Bank of Italy issued the related verification confirmation on December 10, 2019, pursuant to Articles 56 and 61 of the TUB, were unanimously approved by the Extraordinary Shareholders' Meeting of February 18, 2020.

***

In compliance with laws and regulations applicable to listed companies, following the amendments of the Articles of Association approved by the Extraordinary Shareholders' Meeting of February 18, 2020, Article 13 of the Articles of Association requires the Board of Directors to be appointed by the Shareholders' Meeting, based on lists of candidates submitted by the Board of Directors and the Shareholders, with each list containing the names of candidates numbered sequentially, according to the procedure described below.

The Board of Directors and the Shareholders can submit a list for the appointment of Directors, provided that when they submit the list they hold, alone or together with the other submitting shareholders, at least the minimum shareholding established by CONSOB pursuant to Article 147-ter, paragraph 1, of the TUF and in compliance with relevant provisions in the Issuer Regulations. CONSOB, in its Executive Resolution by the Head of the Corporate Governance Division no. 76 of January 30, 2023, set the minimum shareholding required for FinecoBank to submit lists of candidates for election to the Board of Directors and Board of Statutory Auditors at 1% of share capital. For the submission of the list by the Shareholders, the ownership of the minimum shareholding required is calculated based on the shares registered for each shareholder on the day when the lists are filed at the Company. The related certification may be submitted after the lists have been filed, provided it is done within the deadline for publication of the lists.

Each party entitled (as well as (i) entitled parties belonging to the same group, understood as a party, which need not be a corporation, exercising control pursuant to Article 2359 of the Civil Code and any subsidiary controlled by, or under the control of that party, or (ii) shareholders who are party to a shareholders' agreement pursuant to Article 122 of the TUF, or (iii) entitled parties that are otherwise associated with each other in a material relationship pursuant to current and applicable legal or regulatory provisions) may, individually or with others, submit only one list, and each candidate can be included in only one list, or otherwise be considered ineligible.

Each list that has 3 (three) or more candidates (i) must include candidates from both genders, to ensure compliance with at least the minimum requirements of applicable laws and regulations on gender balance and (ii) must ensure that at least the majority of the candidates meet the independence requirements set out in the Articles of Association and, in any event, that the first candidate on any list, including lists with fewer than 3 (three) candidates, must meet those independence requirements.

Following the amendments to Article 147-ter of the TUF introduced by the 2020 Italian Budget Law, at least two-fifths of the members of the Board of Directors must belong to the less represented gender.

The lists shall be filed at the registered office or head office – also by remote communication and in accordance with procedures in the notice of call, to enable the identification of parties submitting the list – at least twenty-five days before the date of the Shareholders' Meeting called to appoint members of the Board of Directors, in single call (or within the different deadline as indicated from time to time by the applicable legislation). The Company shall ensure that lists are made public on the Company's website and by other means established by applicable regulations, at least twenty-one days prior to the above Shareholders' Meeting, in single call or on first call (or within the different deadline as indicated from time to time by the applicable legislation). The list submitted by the Board of Directors must be filed at the registered office and published in the

manner described above at least thirty days before the date set for the Shareholders' Meeting.

The lists must also contain attachments with any additional documents and declarations required by the applicable laws and regulations, as well as:

for Shareholders, information on the identity of parties submitting the lists, indicating the total percentage of shares held;
information on the personal and professional characteristics of the candidates in the list;
a statement whereby individual candidates irrevocably accept the position (subject to their appointment) and certify, under their responsibility, that there are no grounds for their ineligibility or incompatibility to stand as a candidate, and that they meet the requirements required for the office by the Articles of Association and applicable laws and regulations and the possible possession of the independence requirements referred to in paragraph 3 of Article 13, according to a format that will be made public by the Company in advance, also taking into account the guidelines from the Supervisory Authorities.

Lists that do not comply with the above requirements shall be considered as not submitted.

Each eligible voter may vote for one list only.

After the vote, candidates are elected from lists that have obtained the largest number of votes, according to the following criteria:

(a) the number of Directors equal to the number of board members shall be taken – in the order in which they appear on the list – from the list receiving the majority of votes cast except, depending on the case, 2 (two) or 3 (three) that will be taken from the minority list(s) that are not connected with those who submitted or voted for the list that obtained the highest number of votes in accordance with the current regulations, as specified below:

a.1) if only two lists are submitted, the remaining 2 (two) Directors will be taken in consecutive order from the second list that received the highest number of votes at the meeting,

a.2) if 3 (three) or more lists are submitted, 2 (two) Directors will be taken in sequential order from the second list that obtained the highest number of votes at the meeting regardless of the percentage of votes received, while 1 (one) Director will be taken in sequential order from the third list that received the highest number of votes at the meeting provided that it received at least 2% of the votes cast at the Shareholders' Meeting, on the understanding that if the list that is third in terms of number of votes has not reached that percentage, the mechanism envisaged in letter a.1) above will be applied;

(b) if the majority list does not have a sufficient number of candidates to ensure the appointment of all Directors according to the mechanism specified in (a) above, all the candidates from the majority list shall be appointed and the remaining Directors shall be taken from the minority list that received the most votes, according to the sequential order in which they appear on the list and, if necessary, from the next minority lists below the most voted minority list, in the sequential order in which the candidates appear on the list, until the required number of directors has been appointed;
(c) if the number of candidates included in the lists submitted, both majority and minority, is lower than the number of Directors to be elected, the remaining Directors are elected by resolution passed by the Shareholders' Meeting by a relative majority (and therefore without taking into account any abstentions) while ensuring compliance with the principles of

independence and balance between genders set out by Article 13, paragraph 3, and Article 13, paragraph 6, respectively of the Articles of Association. In the event of a tie between candidates, the Shareholders' Meeting shall hold a second round of voting;

(d) where only one, or no lists have been submitted, the Shareholders' Meeting shall decide in accordance with the procedures specified in letter (c) above; in the event of a tie between lists or candidates, the Shareholders' Meeting shall hold a second round of voting to establish their ranking;
(e) if the required number of Independent Directors and/or of Directors of the less represented gender is not appointed, the Directors of the most voted list and appearing first on the list and not satisfying the requirements in question are replaced by the next Directors from the same list satisfying the requirement(s). If, following the application of this criterion, it is still not possible to identify Directors with the above-mentioned characteristics, this principle shall be applied to the other minority lists that the elected candidates were taken from;
(f) if, following the application of the replacement criterion set out in (e), it is still not possible to identify any suitable Directors, the Shareholders' Meeting shall decide by relative majority. In this case, replacements shall be made starting from the most voted lists and from the candidates appearing first on the list.

In the event of death, resignation, withdrawal or removal from office of a Director for any other reason, or where a Director no longer meets the professional competence and integrity requirements, the Board of Directors can co-opt a Director, in compliance with the principles of minority representation and gender equality. If, in the above cases, the minimum number of Independent Directors and/or the number of Directors belonging to the least represented gender as prescribed, respectively, by Article 13, paragraphs 3 and 6, of the Articles of Association fall below the level required, the Board of Directors shall replace them.

For the appointment of Directors needed to fill vacancies on the Board of Directors, the Shareholders' Meeting shall decide by relative majority, while ensuring that the principles of independence and gender equality established by current law, regulations and the Articles of Association are met.

The Board of Directors shall elect a Chairman from among its members and – where appropriate – one or more Deputy Chairmen, one of which will act as a stand-in.

In compliance with applicable industry sector legislation and regulations, the Board of Directors defines the optimal qualitative and quantitative composition to effectively carry out its duties and oversee its responsibilities assigned by law, the Supervisory Regulations on Corporate Governance and the Articles of Association. In accordance with applicable legislation and regulations, the Board also establishes requirements applicable to FinecoBank's Directors and provides guidance on the maximum number of positions that the Directors may hold in other companies.

Before appointing Directors, the Board informs shareholders of the optimal composition of the management body, to ensure candidates are selected taking into account the professional competencies required. Shareholders may in any case make their own evaluations of the optimal composition of the management body, and submit candidate proposals, giving reasons for any differences from evaluations made by the Board.

For the related decisions, see the Qualitative/Quantitative Profile in force.

4.3 Composition (pursuant to Article 123-bis, paragraph 2, letter d), and d)bis of the TUF)

Pursuant to Article 13 of the Articles of Association, the Company is administered by a Board of Directors consisting of no fewer than 9 (nine) and no more than 13 (thirteen) Directors, elected by the Shareholders' Meeting. The Shareholders' Meeting also determines its term of office, subject to the condition that said term cannot be less than one year or more than three years from acceptance of the position and shall expire on the date of the Shareholders' Meeting called for the approval of the financial statements for the last year of office. Members of the Board of Directors may be re-elected.

According to the Corporate Bodies Regulations, the number of Board Directors must be sufficient for the size and complexity of the Bank's organisational structure, and allow for the oversight of all company operations, with regard to management and controls. This number must also ensure that the Board includes (i) various representatives of the shareholder base, (ii) the professional expertise necessary to foster internal dialogue, and (iii) a sufficient number of independent members in accordance with the Corporate Governance Code. Lastly, the composition of the Board must be gender balanced as provided for by the laws in force at the time, as well as reflect an adequate degree of diversification in terms of, inter alia, skills, experience, age and international exposure, which will be defined, at each renewal, following completion of the selfassessment process of the Board of Directors (described in Annex A of the Corporate Bodies Regulations) and communicated to Shareholders and the market through the publication of the document on the qualitative and quantitative composition of the Board.

It is good practice, as far as is consistent with the skills required to hold the positions and the need to ensure the effective performance of the relevant tasks, that the positions of Chairman of the Board of Directors, Chairman of the Board of Statutory Auditors, and Managing Director and General Manager are not held by members of the same gender.

To ensure its proper functioning, the Board of Directors has established requirements for FinecoBank's Directors, in addition to the requirements of the applicable laws and regulations, and the number of positions that Directors can hold in other companies, as detailed in the document "Qualitative and Quantitative Composition of the Board of Directors of FinecoBank S.p.A." (approved by the Board of Directors on February 25, 2020, upon renewal of the body and subsequently updated on March 16, 2021). Both documents are published on the Company's website (respectively, the "Qualitative/Quantitative Profile 2020" and "Qualitative/Quantitative Profile 2021").

Subject to the limits on the number of positions that Directors can hold, Directors can accept a position on the Board when they consider they have sufficient time to diligently carry out their duties, also taking into account their own work and professional commitments, as well as the number of positions held in other companies (including non-Italian firms).

The members of the Board must be suitable for the performance of the office, in accordance with the applicable regulations and the Articles of Association and, in particular, they must meet the requirements of professional expertise, integrity and independence and comply with the criteria of competence, correctness and dedication of time and the specific limits on the number of positions held laid down in the applicable regulations and the Articles of Association and in any event those laid down in the CRD IV Directive, for the discharge of the duties of director of a bank issuing shares listed on regulated markets.

Pursuant to Article 13, paragraph 3 of the Articles of Association, the majority of the Board Members must meet the independence requirements established in the Corporate Governance

Code.

The Board shall assess whether the independence requirements have been met, giving more importance to substance rather than form. This assessment shall be performed:

(i) after appointment, for a new Director who qualifies as independent; and
(ii) annually, for all Directors (qualifying as independent).

For this purpose, the Board of Directors, based on the statements provided and any other information available, examines the Director's direct or indirect commercial, financial or professional relationships with the Company, assesses their significance both in absolute terms and with regard to the economic and financial position of the individual concerned. The Board of Statutory Auditors verifies the correct application of the criteria and procedures adopted by the Board of Directors for the above-mentioned assessment. The results of the above assessments are disclosed to the market.

The Board of Directors in office as at the date of this Report was appointed by the Shareholders' Meeting of April 28, 2020, and shall remain in office until the next Shareholders' Meeting called for the approval of the Financial Statements as at December 31, 2022.

Accordingly, and in compliance with the Supervisory Regulations on Corporate Governance, the appointment of Board Members was proposed to the above-mentioned Shareholders' Meeting held in April 2020, after determining the number of members and their term of office. During that meeting, the Board of Directors also requested shareholders to take into account the Qualitative/Quantitative Profile 2020 when submitting their lists.

In compliance with the applicable regulations, the following lists of candidates for appointment to the Board of Directors were submitted:

List 1 submitted by the outgoing Board of Directors (pursuant to Article 13 of the Articles of Association) with the candidates Marco Mangiagalli, Alessandro Foti, Francesco Saita, Paola Giannotti De Ponti, Patrizia Albano, Gianmarco Montanari, Maria Alessandra Zunino de Pignier, Andrea Zappia and Giancarla Branda, Donato Pinto and Laura Donnini;
List 2, submitted by several asset management companies and institutional investors (owners of a total of 17,980,964 ordinary shares representing 2.95091% of the share capital), with the candidates Elena Biffi and Marin Gueorguiev.

The following documents were filed and published along with the two lists, in the manner required:

(i) a statement from shareholders other than shareholders that hold, also jointly, a controlling or relative majority interest, certifying the absence of any connection and/or significant relations with the latter as provided for by Article 147-ter, paragraph 3 of the TUF and Article 144-quinquies of the Issuer Regulations, having also taken note of the CONSOB recommendations in its Communication no. DEM/9017893 of February 26, 2009;
(ii) comprehensive information on the personal and professional characteristics of the candidates included in the list (curriculum vitae and the list of administration, management and control positions they hold in other companies, relevant under law);
(iii) statements whereby individual candidates irrevocably accepted the position (subject to their appointment) and certified, under their responsibility, that there were no grounds for their ineligibility or incompatibility to stand as a candidate, and that they met the requirements of applicable laws, regulatory provisions, the Articles of Association and the

Self-regulation Corporate Governance Code;

(iv) a statement from each candidate certifying that they met the independence requirements established by law, the Articles of Association and the Self-regulation Corporate Governance Code;
(v) a statement from each candidate on their knowledge and expertise in the areas indicated in the Qualitative/Quantitative Profile 2020.

The lists, together with the above documents, were filed on the Company's website ("About us/Governance/Shareholders' Meetings" section).

After establishing the number of Board Directors as 11, the Shareholders' Meeting of April 28, 2020, appointed Directors for the 2020-2022 period as follows:

from the list submitted by the outgoing Board of Directors, which obtained the majority of votes: Marco Mangiagalli, Alessandro Foti, Francesco Saita, Paola Giannotti De Ponti, Patrizia Albano, Gianmarco Montanari, Maria Alessandra Zunino de Pignier, Andrea Zappia and Giancarla Branda;
from the list submitted by several asset management companies and institutional investors, which was voted by the minority of shareholders: Elena Biffi and Marin Gueorguiev.

For the percentage of votes for the above lists in relation to voting capital, see the summary report on voting, available on the Company's website ("About us/Governance/Shareholders' Meeting" section).

The qualitative and quantitative composition of the appointed Board complied with the optimal composition defined by the Board (as described in the Qualitative/Quantitative Profile 2020), in terms of: (i) the number of Board Members, optimally set by the Board as 11, in order to foster dialogue and promote the decision-making process, and which is sufficient with respect to the size and complexity of the Company's organisational structure and for effective oversight of all company operations; (ii) meeting requirements of integrity, professional competencies (in particular all Board Members have a good knowledge and expertise of two or more of the areas listed) and independence (the majority of Board members are Independent Directors pursuant to the former Self-regulation Corporate Governance Code); (iii) gender balance (at least two fifths of the Board Members must comprise the least represented gender, as established by the legislation and regulations applicable to the management bodies of listed companies); (iv) complying with the limit on positions (no Board Members exceed the limit) and time available (based on the nature and extent of additional positions held, as well as various professional and work commitments).

On 9 February 2021, the independent non-executive Director Mr. Andrea Zappia resigned with effect from 1 March 2021. On March 16, 2021, the Board of Directors replaced him by co-optation pursuant to Article 2386 of the Civil Code with Ms. Alessandra Pasini, subject to the favourable opinion of the Appointments Committee and the approval of the Board of Statutory Auditors. The new Director was selected in accordance with the "Process for Selecting Candidates for the Office of Chairman, Managing Director and Member of the Board of Directors", approved by the Board on August 5, 2019, and updated on March 16, 2021 (available on the Bank's website in Annex B to the Corporate Bodies Regulations), in which the Appointments Committee played a central role and which was supported by the consultancy firm Egon Zehnder. Ms. Alessandra Pasini was selected, on proposal from aforementioned Committee, in compliance with the necessary requirements and in line with the criteria identified by the Board in the Qualitative/Quantitative Profile 2020 and the Qualitative/Quantitative Profile 2021. The profile was updated on March 16,

2021 to take account of the recent board review and the entry into force of Ministerial Decree 169/2020 on the requirements for bank corporate officers, as well as the Fit & Proper Policy.

The table below presents significant information on each Board Member in office at the date of approval of the Report.

Position	Members	Born in	Date of first appointmen t (*)	In office since	In office until	List (**)	List (*** )	Exec. 1 ( )	Non Exec.	Indep. Code 2 ( )	Indep. TUF 3 ( )	Number of other position s (****)	Particip ation (* )
Chairman	Marco Mangiagalli	1949	April 28, 2020	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	(13) X	X	1	13/13 (100%)
Deputy Chairman	Francesco Saita	1967	April 15, 2014	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	0	13/13 (100%)
Managing Director and General Manager (⚫)	Alessandro Foti	1960	October 20, 1999	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M	X				0	13/13 (100%)
Director	Paola Giannotti De Ponti	1962	April 28, 2020	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	1	13/13 (100%)
Director	Patrizia Albano	1953	April 11, 2017	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	2	12/13 (92%)
Director	Gianmarco Montanari	1972	April 11, 2017	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	2	13/13 (100%)
Director	Maria Alessandra Zunino de Pignier	1952	April 28, 2020	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	1	13/13 (100%)
Director	Giancarla Branda	1961	April 28, 2020	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	BoD	M		X	X	X	2	13/13 (100%)
Director	Elena Biffi	1966	April 11, 2017	April 28, 2020	Approval of the Financial Statements as at December 31, 2022	Shar ehol ders	m		X	X	X	3	13/13 (100%)
Director	Marin	1972	April 28,	April 28,	Approval of the Financial	Shar ehol	m		X	X	X	0	13/13

( ¹³) In accordance with the guidelines in the Corporate Governance Code, the chairman of the management body may be considered independent if none of the circumstances that compromise (or appear to compromise) the independence of a director set out in Recommendation 7 of that Code apply.

	Gueorguiev		2020	2020	Statements as at December 31, 2022	ders						(100%)
Director	Alessandra Pasini	1973	March 16, 2021 (co opted by Board) April 28, 2021 (appointed by the Shareholders ' Meeting)	April 28, 2021	Approval of the Financial Statements as at December 31, 2022	n/a	n/a	X	X	X	0	13/13 (100%)
					------------- Directors leaving office during the Year -------------
-
	Indicate the number of meetings held during the year: 13
	Quorum required for the submission of lists for the last appointment: 1%
					(⚫) This symbol indicates the director in charge of the internal control and risk management system.
Company.					(*) The date of the first appointment of each Director means the date when the Director was appointed for the first time (ever) to the Board of Directors of the
	of Directors (with the indication "BoD").				(**) This column indicates whether the list from which each director was drawn was submitted by shareholders (with the indication "Shareholders") or by the Board
					(***) This column indicates the list that each director was taken from ("M": member from the majority list; "m": member from the minority list).
(****) This column indicates the number of positions as director or statutory auditor held by the person concerned in other listed or large companies. The positions are listed in full in the Report on Corporate Governance
(*) This column indicates the participation of the directors at board meetings (it indicates the number of meetings attended with respect to the total number of meetings that could have been attended; 6/8; 8/8, etc.).
1 (	) Independent Director according to the Corporate Governance Code.

( 2 ) Independent Director in accordance with Article 2, Recommendation 7 of the Corporate Governance Code.

( 3 ) Independent Director in accordance with Article 148, paragraph 3 of the TUF.

With regard to the personal characteristics, knowledge, skills and experience of the members of the Board of Directors, see the curricula vitae attached to this Report and published on the Bank'swww.finecobank.com website in the "About us/Governance" section, as well as the document entitled "List of the skills possessed by the Directors in compliance with the document "Qualitative and Quantitative Composition of the Board of Directors of FinecoBank S.p.A." available on the website of the Bank www.finecobank.com in the "About us/Governance/Company Boards" section.

4.3.1 Diversity criteria and policies in the composition of the Board and the company organisation

With regard to the diversity criteria and policies in the composition of the Board, the Corporate Bodies Regulations establish that the composition of the Board must be gender balanced as provided for by the laws in force at the time, as well as reflect an adequate degree of diversification in terms of, inter alia, skills, experience, age and international exposure, which will be defined, at each renewal, following completion of the self-assessment process of the Board of Directors and communicated to shareholders and the market through the publication of the document on the qualitative and quantitative composition of the Board.

Subject to the applicable laws and regulations, on February 25, 2020, the Board of Directors approved the Qualitative/Quantitative Profile for the renewal of the Board, which contains the general guidelines on structure, composition and diversity, both in terms of gender and age and previous professional experience. The Qualitative/Quantitative Profile was updated on March 16, 2021 in the context of the replacement of the resigning Director Mr. Andrea Zappia to take account of the recent board review and the entry into force of Ministerial Decree 169/2020 on the suitability requirements for bank corporate officers, as well as the Fit & Proper Policy. The Qualitative/Quantitative Profile in force from time to time, which is available on the Bank's internet in the "About us/Governance/Documents" section, has also been drafted taking into account the Joint EBA and ESMA Guidelines and the EBA Guidelines on Internal Governance. Furthermore, it should be noted that in view of the renewal of the corporate bodies to be resolved upon by the next Shareholders' Meeting, the Board of Directors in office has taken steps to define the new guidelines for the optimal composition of the Board of Directors and has, therefore, approved on 23 January 2023 an updated version of the document "Qualitative and Quantitative Composition of the Board of Directors of FinecoBank S.p.A." (the "Qualitative/Quantitative Profile 2023"). The aforementioned document – which takes into account not only the provisions of Ministerial Decree 169/2020 and the EBA and ESMA Guidelines, but also the recommendations set out in the ECB Guidance – is available on the Bank's website in the "About us/Governance/Shareholders' Meeting" section.

Members of the Board of Directors in office are broken down below, by age and gender. With regard to gender, as at the date of approval of this Report, 45% of the Board of Directors of FinecoBank were male and 55% were female. This is in line with the current rules on gender balance (see fig.1).

Fig. 1 – Board of Directors in office as at the date of approval of this Report

With the aim of making business increasingly sustainable and successful, Fineco is committed to ensuring that all employees can enjoy equal opportunities and realise their full potential regardless of gender, in the knowledge that a diverse working environment ensures a plurality of perspectives and fosters innovation.

FinecoBank has taken measures to promote equal treatment and gender opportunities, by including an objective, within the diversity initiatives, linked to the gender balance and pay gap in all the short-term performance evaluation sheets of the Identified Staff.

For more details about the initiatives undertaken to promote equal treatment and gender opportunities throughout the company organisation, see the Consolidated Non-Financial Statement prepared pursuant to Legislative Decree 254/2016 and available on the Bank's website in the www.finecobank.com "About us/Governance/Shareholders' Meeting" section.

4.3.2. Maximum number of positions held in other companies

Based on information from the Directors, the Board annually identifies and indicates, in the Report on corporate governance and ownership structures, the positions of director or auditor held by the Directors in other companies and, in general, compliance with the qualitative and quantitative requirements in relation to time (based on the nature and extent of the positions held, as well as other work and professional commitments). The Directors promptly notify the Company of positions held or from which they have resigned during their term of office, as well as any changes that may affect their availability.

With regard to the maximum number of offices that may be held by Directors, the Bank complies with the relevant regulatory provisions. Therefore, in compliance with the provisions of Ministerial Decree 169/2020 and the CRD IV Directive, it has been established that each Director may not hold a total number of offices in banks or other commercial companies exceeding one of the following alternative combinations:

1 executive position and 2 non-executive positions (including the position held in FinecoBank);
4 non-executive positions (including the position held in FinecoBank).

In addition, the following positions are also considered to be a single directorship: (a) executive or non-executive directorships held within the same group; (b) in banks belonging to the same institutional protection scheme; and (b) executive or non-executive directorships held in companies, not included within the group, in which the entity holds a qualifying holding as defined in Regulation (EU) No 575/2013, Article 4(1), point 36. For further details, see the Qualitative/Quantitative Profile 2021.

The table shows the overall number of positions held by the Directors in office as at the date of approval of this Report (including the position held in FinecoBank). The limit on the accumulation of Directors' positions, as advocated by the Board in its Qualitative and Quantitative Profile from time to time in force, in line with the limits prescribed by the CRD IV Directive and Ministerial Decree 169/2020 as of its entry into force, was considered respected in light of the applicable weightings for positions held in the same group, for those held in non-commercial companies (not relevant for the purposes of accumulation) and the declarations made by the same, as well as in line with the Joint EBA and ESMA Guidelines.

Name	Total number of positions held by the Directors	Number of relevant positions held
------	-------------------------------------------------------	--------------------------------------

Marco Mangiagalli Chairman	3 non-executive positions	3 non-executive positions
Francesco Saita Deputy Chairman	2 non-executive positions	2 non-executive positions
Alessandro Foti Managing Director and General Manager	1 executive position and 2 non-executive positions	1 executive position (1 )
Paola Giannotti De Ponti Director	2 non-executive positions	2 non-executive positions
Patrizia Albano Director	5 non-executive positions	2 non-executive positions (2 )
Gianmarco Montanari Director	8 non-executive positions and 1 position as general manager	4 non-executive positions (1 ) (2 ) (3 )
Maria Alessandra Zunino de Pignier Director	2 non-executive positions	2 non-executive positions
Giancarla Branda Director	7 non-executive positions	4 non-executive positions (1 ) (2 )
Elena Biffi Director	7 non-executive positions	4 non-executive positions (1 )
Marin Gueorguiev Director	1 non-executive position	1 non-executive position
Alessandra Pasini Director	3 non-executive positions	2 non-executive positions (2 )

( 1 ) Considering the impact of positions held in non-commercial companies, the total number of positions held complies with the limits set.

( 2 ) Considering the impact of positions in the same group, the total number of positions held complies with the limits set.

( 3 ) Considering the impact of positions held in non-commercial companies and the position of general manager, which is not relevant for calculation purposes, the total number of positions held complies with the limits set.

* * *

In addition to the above, in compliance with Article 36 of Law Decree no. 201 of December 6, 2011, ratified with amendments by Law no. 214 of December 22, 2011, establishing provisions on "personal crossholdings in the credit and financial markets" it is forbidden for "those who hold offices in the management, control and supervisory bodies and the senior officers of firms or groups of firms engaged in credit, insurance and financial markets, to accept or hold similar positions in competing firms or groups of firms" (interlocking ban). Persons who hold incompatible offices must notify the option exercised within 90 days of the appointment. Otherwise, on expiry of this deadline, they shall be removed from both offices.

Directors must annually renew the certificate stating they do not hold positions in the management, supervisory or control bodies of competing companies or groups of companies, in order to enable the Board to carry out its annual assessment. This assessment was carried out on the appointment of Directors, with a positive result for the Year.

Directors are also required to inform the Bank about positions held in other companies and entities. In accordance with provisions of the Corporate Governance Code, the summary table above shows the number of positions held as director/auditor by board members of FinecoBank in other companies listed on regulated markets (including foreign markets), in financial, banking, insurance or large-sized companies, and notified by them.

The table below, on the other hand, lists these positions, without listing positions held by officers in non-commercial companies.

Name	List of positions held by FinecoBank Directors in other companies listed on regulated markets (including foreign markets), in financial, banking, insurance or large-sized	Companies belonging to the FinecoBank Group
	companies	YES	NO
Marco Mangiagalli	Non-executive chairman of E.I. Towers S.p.A.	-	x
Chairman
Francesco Saita	/	-	-
Deputy Chairman
Alessandro Foti	/	-	-
Managing Director and General Manager

Paola Giannotti De Ponti	Non-executive director of Terna S.p.A.		x
Director
Patrizia Albano	Non-executive director of Piaggio & C. S.p.A.	-	x
Director
Gianmarco Montanari	Non-executive director of Tinexta S.p.A.	-	x
Director	Non-executive director of Italgas S.p.A.
Maria Alessandra Zunino de Pignier	Statutory Auditor of SABAF S.p.A.	-	x
Director
Giancarla Branda	Statutory Auditor of Saras S.p.A.	-	x
Director	Non-executive director of Garofalo Health Care S.p.A.
Elena Biffi Director	Non-executive director of Arnoldo Mondadori Editore S.p.A.	-	x
	Non-executive Director of Elba Compagnia di Assicurazioni e Riassicurazioni S.p.A.
	Non-executive director of REVO S.p.A.
Marin Gueorguiev	/	-	-
Director
Alessandra Pasini	/	-	-
Director

4.4 Functioning of the Board of Directors (pursuant to Article 123-bis, paragraph 2, letter d) of the TUF)

The Board of Directors held thirteen meetings during the Financial Year, with an average duration of four hours and seventeen minutes. For details of the percentage attendance by each Director, see the table in Paragraph 4.3 above.

Five meetings have been scheduled for the 2023 financial year – up to the date of the Shareholders' Meeting called to resolve on, inter alia, the appointment of new corporate bodies – of which four have already been held at the date of approval of the Report.

Article 16 of the Articles of Association requires the Company's Board of Directors to be convened, also using telecommunication facilities, at the registered office of the Company, or elsewhere provided the venue is in Italy, by the Chairman (or his/her representative), usually at least once every three months, and in any case whenever deemed necessary by the Chairman, or if requested in writing by the Managing Director and General Manager or by at least two Directors of the Board of Directors. A Board meeting may also be called by a Statutory Auditor.

In the absence of a notice of call, the Board of Directors is considered to be duly constituted if it is attended by all the Directors and Statutory Auditors.

Article 16 of the Articles of Association allows the possibility for participants of Board meetings to attend remotely, through audiovisual communication systems (video conference or conference call) where the conditions are in place to identify the attendees, allow their real-time participation in discussing the topics examined and to receive, transmit and examine any documents not previously seen.

Pursuant to the Corporate Bodies Regulations, notice of meetings must be given to all Directors and Statutory Auditors within a reasonable period of time, except in cases of urgency. The notice should include the items on the agenda, except where this is not possible due to confidentiality issues, to ensure that the attendees are aware of the matters ahead of time and come prepared to the meeting. The Corporate Bodies Regulations also require that documentation in support of the motions, and any other information needed so that the Directors may express an informed opinion on the issues under discussion, usually be made available to the Directors at least five business days prior to the meeting. This requirement was met during the Year. The confidentiality of the data and information provided is guaranteed by the use of IT tools that allow confidential access with advanced identification systems.

The Chairman is responsible for planning the proceedings of the Board meeting, in accordance with the agenda, as proposed by the Managing Director and General Manager. The Chairman also ensures that adequate information – both qualitative and quantitative – concerning the items on the agenda is provided to all Board members, to enable the Board to make informed decisions on the matters to be discussed and approved; the Chairman also ensures that sufficient time is dedicated to the items on the agenda in order to enable constructive debate, encouraging Directors to actively contribute to meetings.

The Chairman of the Board of Directors, In agreement with the Managing Director, ensures that the managers of the Issuer and those of its Group companies, as well as the heads of the competent corporate functions based on the subject matter, attend the Board meetings, also at the request of individual Directors, to provide appropriate details on the items on the agenda. In this regard, it should be noted that–- with reference to the Financial Year–- an effective participation of the executives in the meetings of the Board of Directors was recorded, who attended the individual meetings of the Board of Directors to illustrate the topics of their respective responsibility on the relevant agenda.

Pursuant to Article 15 of the Articles of Association, the General Manager, if appointed, may take part, without voting rights, in Board meetings. If a Managing Director has not been appointed, the General Manager takes part in Board meetings with the power to make proposals.

Pursuant to Article 16 of the Articles of Association, the Chairman may request the Deputy General Managers and other executive staff to take part in Board meetings.

Apart from Board meetings, the Directors attend "off-site" meetings, in order to further examine and discuss strategic issues.

The independent directors meet at least once a year in a closed session, without the other Directors. The progress of the meeting and the results of the discussion were recorded in the minutes.

In these meetings, the role of Chairman is performed by an independent director appointed at the first meeting of the Independent Directors. The Chairman is responsible for reporting the outcome of the meeting's discussion to the next Board of Directors meeting.

4.5 Role of the Chairman of the Board of Directors

Pursuant to Article 14 of the Articles of Association, the Board of Directors elects a Chairman from its members and – where appropriate – one or two Deputy Chairmen, one of whom will act

as a stand-in.

By resolution of 28 April 2020, the Board of Directors appointed Mr. Marco Mangiagalli as Chairman of the Board of Directors.

In accordance with Article 10 of the Articles of Association, the Chairman of the Board of Directors chairs the Shareholders' Meeting, directing and moderating discussions, establishing the voting procedures and confirming the results, in compliance with the applicable regulations and procedures for Shareholders' Meetings.

The Chairman of the Board of Directors has not been granted any management powers and therefore does not have any executive role. He/she does not have a specific role in the development of business strategies, is not the main person responsible for the management of the Company, and does not have significant investments, either directly or indirectly, in the Company's share capital. The current Chairman, Mr. Marco Mangiagalli, is not a member of any of the Bank's board committees.

During the Year, the Chairman ensured that the pre-meeting information, as well as the additional information provided during board meetings, was suitable to enable the directors to act in an informed manner. In this context, the Chairman stimulated the board discussion and ensured – in agreement with the Managing Director and General Manager – that the items on the agenda were discussed with the heads of the corporate functions responsible for each subject area, to enable them to report directly to the Board.

The Chairman managed the coordination of the activities of the Board Committees with the activities of the Board by inviting the Chairmen of each Committee to report on the activities of their committee to the Board, at each meeting. Also for coordination purposes, it is envisaged, at the initiative of the Chairman, that the Committees provide the Board of Directors with a sixmonthly report on their activities.

The Chairman, with the support of the Appointments Committee, identified the external professional to be engaged to support the Board in the peer preview and self-assessment process and also ensured that this process was carried out on the basis of adequacy and transparency and with the active support of the Appointments Committee. For more information on the selfassessment process, see paragraph 7 of this Report.

Lastly, the Chairman ensured that the Board of Directors was informed on the significant content of the dialogue held with all shareholders. For information on the policy on the dialogue with shareholders, see paragraph 12 of this Report.

For additional information on the role and duties of the Chairman, see Part A, § 2.1. of the Corporate Bodies Regulations available on the Company's website www.finecobank.com ("About us/Governance/Company Boards" section).

During the Year, at the request of the Chairman of the Board of Directors (and also in accordance with the induction plan for the Year, which has been approved by the Board of Directors based on the assessment carried out with the aid of an external advisor), 15 "induction and training" meetings were held monthly on the following: (i) Sustainability: current and prospective regulatory framework, ESG products, distribution policy, key stakeholder analysis and related ESG approach (ii) ESG products and related ESG assessments: analysis of ESG products promoted by the Group, including in terms of product governance; (iii) the Financial Statements of the Bank: the underlying drafting principles and its main items; (iv) Anti-Money Laundering: state of the art of the discipline and regulatory changes and impacts on processes, IT aspects and control systems in order to ensure risk control; (v) state of the art and regulatory updates: the

evolution of sustainability in the Bank's management, in relation to competitors and regulatory changes, focus on: ESG rating agencies and FinecoBank's positioning, FinecoBank's DNF and its connection with the budget and investment choices, regulatory changes on ESG issues at national and European level, with a focus on investor protection, FinecoBank's investment processes, with a focus on the integration of sustainability risks in the risk analysis process; (vi) the IT strategy of FinecoBank: the model implemented by the Bank, the opportunities related to this model, current and prospective IT risks, IT audit and cybersecurity updates; (vii) international market scenarios and the impact on business in the medium to long term: structural and social trends in the Bank's target markets, FinecoBank's prospective positioning, current and potential competitors in the fintech arena, with specific focus on the online derivatives trading market and the impact of passive management on asset managers' competitive strategies; (viii) the organisational model, the system of internal controls and decision-making processes; (ix) CRDV: implementation and impact on the business of the Bank; (x) the Fineco group: the responsibilities of the parent company in the supervision of subsidiaries, both domestic and foreign, with a particular focus on the regulations applicable to foreign companies; (xi) the reputational risk: specificities, valuation and management techniques, FinecoBank's approach; (xii) Strategy Day (updates on the investment portfolio, customer trends, foreign business, current and potential competitors - also non-banking - analysing their size, strategies, scope of operations in the banking and non-banking area, trading platforms, and evolutionary scenarios of the reference market in a five-year perspective); (xiii) the operating plan of the Bank: the training process and its main items.

Secretary of the Board

In accordance with the Corporate Bodies Regulations, in compliance with Recommendation no. 18 of the Corporate Governance Code, the Board of Directors decides, upon proposal from the Chairman, on the appointment and removal of the Secretary, who is selected from the Legal & Corporate Affairs Department.

The candidate must hold a position of responsibility within the department and have an adequate seniority level as well as specific corporate governance expertise.

During the Financial Year, the Secretary together with the Legal & Corporate Affairs Department supported the Chairman's activities as described above, also providing impartial assistance and advice to the Board of Directors on any aspect relevant to the proper functioning of the corporate governance system.

4.6 Executive Directors

In accordance with FinecoBank's Corporate Bodies Regulations, powers are delegated in such a way that does not deprive the Board of its fundamental rights and prerogatives.

The Board establishes the content of the delegated powers in a detailed, clear and precise manner, also indicating the limits in terms of quantity and amount, as well as the means of exercising the delegated powers; This also allows the Board of Directors to accurately check that its overriding executive and removal powers are correctly complied with and exercised.

The executive bodies and officers report to the Board of Directors and Board of Statutory Auditors at least every three months, on operations carried out in exercising their powers, in the manner set out in the document "Delegated Powers of FinecoBank S.p.A." and in the other applicable internal regulations.

4.6.1 Managing Directors: Managing Director and General Manager

Pursuant to Article 15 of the Articles of Association, the Board of Directors may appoint a Managing Director, determining the term of office and the respective duties and powers, a General Manager and one or more Deputy General Managers, who constitute the Executive Management, together with the other personnel assigned to that function.

The Managing Director or – where not appointed – the General Manager oversee the Executive Management.

The Managing Director takes on the powers and duties of the General Manager if the latter has not been appointed.

If a Managing Director and General Manager are appointed, both positions must be held by the same person.

The Managing Director, or where not appointed, the General Manager, is responsible for implementing the resolutions passed by the Board of Directors, with the assistance of the Executive Management.

If a Managing Director has not been appointed, the General Manager takes part in the meetings of the Board of Directors with the power to make proposals and without voting rights.

The Managing Director and other Directors with key responsibilities, as well as the General Manager, where no Managing Director has been appointed, report to the Board of Directors on their activities, according to the procedures and time limits established by the Board, in accordance with law.

The Managing Director, or where not appointed, the General Manager, is responsible for implementing the resolutions passed by the Board of Directors, with the assistance of the Executive Management.

The Board of Directors, by resolution of 28 April 2020, confirmed Mr. Alessandro Foti as Managing Director and General Manager, granting him powers in all areas of the Bank's activities. More information on the powers granted is given in the document "Delegated Powers of FinecoBank S.p.A." available for public consultation at the Milan-Monza-Brianza-Lodi Companies' Register.

Managing Director and General Manager is responsible for the management of the company.

Pursuant to the Supervisory Regulations (see Part One, Title IV, Chapter 5, Annex A, Section II, paragraph 3), the management body is assigned the tasks and responsibilities relating to business continuity, as indicated in the letters: "f) promoting the development, periodic monitoring and updating of the business continuity plan in the event of major organisational, technological and infrastructural changes, and of identified gaps or deficiencies or new risks"; and "g) approving the annual plan of testing of the business continuity measures and reviewing the test results documented in writing."

4.6.2 The Chairman of the Board of Directors

The Chairman of the Board of Directors is not the main person responsible for the management of the Issuer, has not been assigned management powers, does not have a specific role in the development of business strategies, and does not have significant investments, either directly or indirectly, in the Company's share capital.

See Paragraph 4.5 above for more details.

4.6.3 Reporting to the Board of Directors by Directors/Delegated Bodies

The Corporate Bodies Regulations require information flows between and within company bodies as an essential condition for achieving the objectives of efficient management and effective control of the Company.

To ensure continual and comprehensive information flows between and within the Corporate Bodies, the Board is called upon to approve and oversee the maintenance and updating of a structured system of information flows, that governs the circulation of information and ensures it is correctly channelled in a timely and comprehensive manner, taking into account the responsibilities of the various bodies with supervisory and control functions. The Board of Directors has identified these information flows, their content and timing in detail in the "Document on company bodies and functions with supervisory tasks", approved by it. For details regarding the transactions with related parties and associated persons as well as other relevant persons in potential conflict of interest, see the "Global Policy for the management of transactions with persons in potential conflict of interest of FinecoBank Group" and the information flows envisaged in that document(14) .

The Corporate Bodies Regulations identify the persons required to submit information flows to the Corporate Bodies and describe the minimum content and timing of the main flows concerned. Moreover, in order to implement the necessary organisational controls for the proper management of information flows and to provide the necessary information on other aspects (forms, tasks and duties and other content), not covered in the Corporate Bodies Regulations, specific organisational procedures have been adopted that describe the activities and controls related to the "Management of the Board of Directors" as well as the "Management of inside information", in addition to the above-mentioned Global Policy.

Article 21 of the Articles of Association establishes that the decisions made by those with delegated powers must be reported to the Board according to the procedures and frequency (at least quarterly) established by the Board. In particular, the executive bodies and officers must report to the Board of Directors and the Board of Statutory Auditors, at least on a quarterly basis, on the general performance of operations, the business outlook, and transactions that have a significant effect on the results of operations and financial position – with particular regard to those that could potentially give rise to conflicts of interest – carried out by the Company and its subsidiaries.

In this regard, the executive bodies and officers have reported to the Board of Directors and the Board of Statutory Auditors, on at least a quarterly basis, on activities performed in exercising their delegated powers.

4.6.4 Other executive directors

As at the date of approval of this Report, no other Directors had been granted management powers other than the Managing Director and General Manager.

4.7 Independent directors and lead independent directors

⁽ ¹⁴) The Global Policy is available at the FinecoBank's website: www.finecobank.com – "About us/Governance/Related Parties and Associated Persons" section.

As at the date of approval of this Report, the Board of Directors had ten Independent Directors pursuant to the Corporate Governance Code.

Subject to the provisions of Paragraph 4.2 above regarding the procedures and timing for verifying the independence of directors, the Board of Directors pursuant to Article 144-novies, paragraph 1-bis, of the Issuer Regulations and Application Criterion 3.C.4. of the former Self-regulation Corporate Governance Code, determined, at the first available opportunity after their appointment (i.e. the meeting of May 11, 2020), that each of the non-executive Directors satisfied the requirements of independence, and published the results of its determinations in a press release to the market on the same date.

In performing the above assessments, the Board of Directors applied (among others), all the criteria envisaged by the former Self-regulation Corporate Governance Code, as referred to in FinecoBank's Articles of Association.

With reference to Ms. Pasini - appointed to replace Mr. Zappia - the verification of independence requirements was carried out on March 16, 2021 together with the annual verification for the other Directors; The principles and recommendations of the Corporate Governance Code were applied to both assessments.

During the Year, the Board carried out the annual verification of the satisfaction of independence requirements on March 15, 2022 applying the principles and recommendations of the Corporate Governance Code.

With particular regard to the independence requirements referred to in the Corporate Governance Code and the Articles of Association, information on the direct or indirect relationships (loans, significant positions held, work as a paid employee and business/professional relations) of Board Directors with FinecoBank.

During the Year, in order to allow the Board of Directors to carry-out the above-mentioned assessment, each Director, including the Chairman classified as independent in the list submitted by the Board at the time of the last renewal of the body, was asked to make a personal updated assessment of their independence status, taking into account the criteria set out in Articles 147 ter, paragraphs 3 and 4, and 148 paragraphs 3 and 4 of the TUF and Article 2 of the Corporate Governance Code, providing a specific declaration to that effect.

To verify the significance of the above relationships, the Board of Directors decided to not only identify the financial parameters which "automatically" compromise independence if they are exceeded, but also to perform an overall assessment of the personal and objective aspects. To that end, the following criteria were identified: (i) the nature and characteristics of the relationship; (ii) the amounts of transactions in absolute and relative terms; (iii) the personal profile of the relationship.

In assessing the significance of the relationship, the Board considered the following information, where available:

(a) for loans, the amount in absolute terms of the loan granted, its impact in relation to the system data and, where necessary, the financial status of the borrower;
(b) for professional/business relations, the characteristics of the transaction/relationship, the amounts involved and, where necessary, the financial status of the counterparty.

In both cases, the parties involved (director or family member; FinecoBank) were considered, and for relationships with companies/entities, the type of "connection" with the director or family member (position held/controlling interest) was taken into account.

The results of the verification were as follows:

Independent Directors pursuant to Article 148 of the TUF and Article 2 of the Corporate Governance Code: Marco Mangiagalli, Francesco Saita, Patrizia Albano, Elena Biffi, Giancarla Branda, Paola Giannotti De Ponti, Marin Gueorguiev, Gianmarco Montanari, Maria Alessandra Zunino de Pignier and Alessandra Pasini (co-opted pursuant to Article 2386 of the Italian Civil Code by the Board of Directors on March 16, 2021 and independent also pursuant to Ministerial Decree 169/2020);
Non-independent director pursuant to Article 148 of the TUF and Article 2 of the Corporate Governance Code: Alessandro Foti.

The Board of Statutory Auditors verified the correct application of the assessment criteria and procedures adopted by the Board of Directors for assessing the independence of its members.

In line with Article 2, Recommendation 5 of the Corporate Governance Code and the Supervisory Regulations on Corporate Governance, the Independent Directors, without the Non-Independent Directors and the Chairman, met on June 7, 2022, mainly to discuss corporate governance matters. The meeting was chaired by the Vice-Chairman of the Board of Directors, Mr. Francesco Saita, who took care of representing the results of the discussion at the first useful meeting of the Board. In accordance with the Corporate Bodies Regulations, the progress of the meeting and the results of the discussion were recorded in the minutes.

Criteria and materiality thresholds for assessing independence

Fulfilment of the independence requirement is verified at the time of appointment and annually, in accordance with the application criteria set out in the Corporate Governance Code and other applicable provisions. Directors are required to provide any information relevant to the assessment of their independence.

In order to verify the possible materiality of relationships of a commercial, financial or professional nature or otherwise enabling the Director to obtain additional remuneration, the current Fit & Proper Policy identifies the main materiality thresholds:

(a) for transactions of a financial nature, in accordance with the ECB Guidance, financial obligations towards the Company with a value (even cumulative) in excess of €200,000.00 (excluding private mortgages), as well as any loans of any value that are not traded at normal market conditions or that are impaired, are considered relevant;
(b) for business/professional relations, (i) in the case of personal and direct business/professional relations with the Director, there is a prohibition; (ii) in the event of a business/professional relationship with the professional firm and/or consulting company (of which the Director is partner or has been in the three financial years preceding that of the appointment), fees relating to the three financial years preceding that of the appointment that exceed 5% of the total annual turnover or revenues of the relevant professional firm/consulting company and in any event exceed €200,000.00 on an annual basis shall be deemed relevant.

In line with the provisions of the Corporate Governance Code, it is also specified that in the case of a director who is also a partner in a professional firm or consulting company,

the board of directors assesses the significance of the professional relationships that may have an effect on his/her position and role within the firm or consulting company or that otherwise pertain to important transactions of the company and its group, also irrespective of the quantitative parameters.

(c) for "additional remuneration" (as referred to in letter d) of Recommendation No. 7 of the Corporate Governance Code), the additional remuneration for the Director exceeding €10,000.00 per year with respect to the remuneration provided for the office at the Company is considered significant.

For the purposes of the foregoing, financial, business and professional relationships maintained with the Bank by the Director or by a close family member (meaning: parents, children, nonlegally separated spouses and cohabitees).

In any event, for a full appreciation of the materiality of a financial, commercial or professional relationship, information must be acquired that allows not only a formal, but also a substantive examination of the position, by means of appropriate information provided by the Directors supplemented with information available to the Bank.

As part of the independence assessment, the competent body may also order certain mitigation measures, providing for specific periodic monitoring and availing itself of the support of the applicable Board committee, if required.

4.7.1 Lead Independent Director

As the Corporate Governance Code does not establish provisions for the appointment of this position, the Board of Directors has not appointed any independent Director as lead independent director(15) .

⁽ ¹⁵) In accordance with Article 3, Recommendation 13 of the Corporate Governance Code, the Board of Directors appoints an independent director as the lead independent director in the following cases: (i) if the chairman of the board of directors is the chief executive officer of the company or holds significant managerial powers; (ii) if the position of chairman is held by the person that controls the issuer, either jointly or otherwise; (iii) in large companies, even in the absence of the conditions indicated the previous points, if requested by the majority of Independent Directors.

5. PROCESSING OF COMPANY INFORMATION

In compliance with Stock Exchange Regulations and accompanying Instructions, as well as relevant provisions of the TUF and Issuer Regulations, which require Directors and Statutory Auditors to maintain the confidentiality of documents and information acquired in performing their duties, the Corporate Bodies Regulations require the Board of Directors to establish procedures for the internal management and disclosure of documents and information on the Company, also with regard to inside information.

The Bank has adopted a procedure for the processing of relevant inside information pursuant to EU Regulation no. 596 of April 16, 2014, on market abuse (the "Market Abuse Regulation" or "MAR") and the related implementing law and guidelines (e.g. CONSOB Guidelines on the Management of inside information of October 13, 2017) (the "Procedure for processing Relevant Inside Information" or the "Procedure").

The aim of the Procedure for processing Relevant Inside Information is to prevent the processing of such information (as defined below) in a manner, which is not untimely, incomplete or inadequate and in any event that may result in asymmetrical disclosure to the public.

In particular, the management and disclosure of Relevant Inside Information, as regulated by the above-mentioned Procedure, protects the market and investors, providing them sufficient knowledge of matters concerning the Issuer, on the basis of which they may make investment decisions.

The Procedure for processing Relevant Inside Information also aims to prevent certain persons or categories of persons from acquiring information that is not in the public domain, in order to carry out speculative transactions on markets to the detriment of investors that do not have access to that information.

The Procedure describes the process for assessing and disclosing relevant inside information, as well as the requirements for managing the List of Persons who have access to this information (the "FinecoBank Insider List").

The Procedure regulates the management of company information (meaning all information and data concerning FinecoBank and/or other Group companies, which is not in the public domain, acquired by persons required to comply with the Procedure, in performing their duties), with particular regard to (i) relevant information, which is specific information, not available to the public and concerning data, events, projects or circumstances that in any way refer to FinecoBank and that could, also at a later stage, become inside information and (ii) inside information.

It establishes, firstly, the obligation for all persons that perform activities within the Group to keep company information acquired in performing their duties confidential and to use that information exclusively for carrying out their duties.

The Procedure for processing Relevant Inside Information currently:

(a) assigns responsibility for assessing whether information is classified as inside information, also for the purpose of disclosure to the public, to the Chief Financial Officer of FinecoBank assisted by the heads of the Legal and Corporate Affairs Department and Compliance, for the areas in their remit.

The Procedure for the Handling of Material and Privileged Information, in particular, establishes that anyone who believes he or she is in possession of material and/or privileged information is required to promptly report such circumstance to the e-mail: [email protected], managed by the FinecoBank CFO and/or UCI CFO

to allow for an assessment of the inside nature of the information disclosed and to take the necessary measures to correctly manage the information, including its prompt disclosure to the market, as applicable;

(b) adopts effective measures to ensure the confidentiality of information until it is disclosed to the public.

To this end, FinecoBank has established a "List of persons who have access to inside information" which is price sensitive, as regards the Company's shares, in compliance with the applicable regulations. It has also established a process to add data to, update and maintain the List, identifying the Compliance Officer of the Company as the person responsible for managing the FinecoBank Insider List;

(c) assigns responsibility to FinecoBank's CFO (assisted by the heads of the Legal and Corporate Affairs Department and Compliance) for assessing the public disclosure of information about the Company and the appropriateness of delaying the public disclosure of Inside Information, in the cases specifically identified by the Procedure for processing Inside Information;
(d) assigns responsibility to FinecoBank's CFO and Head of Identity & Communications for preparing press releases in which Inside Information is disclosed, assisted by the Company units involved;
(e) provides for the publication of the press releases, subject to approval from the Managing Director of the Issuer, via the "eMarket-SDIR" system, to Borsa Italiana and CONSOB.

Press releases are published on the Company's website before the opening of the market on the day after disclosure and are available on the site for at least five years from publication.

***

In accordance with the provisions of Article 114(7) of the TUF and Articles 152-quinquies.1 et seq. of the Issuers' Regulation and in order to transpose the regulatory changes resulting from the entry into force of Regulation (EU) No. 596/2014 of the European Parliament and of the Council of 16 April 2014, as subsequently amended by Article 56 of Regulation (EU) no. 2016/1011 - on market abuse (Market Abuse Regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC - and by the related Delegated Regulations (no. 2016/522 and 2016/523), the Board of Directors' meeting of 10 January 2018 approved the code of conduct on internal dealing, to regulate the management, processing and disclosure of information relating to transactions in FinecoBank's listed shares and debt instruments (as well as derivatives and related financial instruments) carried out by relevant persons (so-called "insiders") and by persons closely related to them (the "Internal Dealing"). This procedure regulates the disclosure obligations to be complied with and the conduct to be observed by the above persons and by FinecoBank in order to ensure maximum transparency in disclosure to the market. The Internal Dealing Code was last amended by the Board of Directors on 15 March 2022.

The main aim of the Internal Dealing Code is to improve transparency and uniformity in the disclosure relating to financial transactions undertaken by the above persons, in order to give investors an idea of how those persons perceive the prospects of the company and/or the group it belongs to. The Code does not therefore directly address whether significant persons have acquired confidential information and used that information unlawfully (conduct which constitutes the offence of insider trading), assuming that the undertaking of certain financial transactions by particular persons considered "significant" (i.e. by persons that, due to their

position, are able to acquire information on matters of the company and the group it belongs to), is, in of itself, price sensitive.

The Internal Dealing Code identifies "Significant Persons" and "Closely-Related Persons" to the Significant Persons in compliance with the Issuer Regulations and establishes that "Material Transactions" (as such therefore subject to the disclosure obligations of the Internal Dealing Code) are transactions concerning the purchase, sale, subscription or exchange of shares and debt instruments issued by FinecoBank (admitted to trading – or for which an application has been made for admission to trading – on a regulated market or an MTF or OTF), or derivatives or other financial instruments linked to those instruments carried out by the above persons, directly or through intermediaries, trusts or subsidiaries. The Internal Dealing Code also identifies certain types of transactions which are exempt from the disclosure obligations.

The Internal Dealing Code also contains regulations on the management, processing and disclosure of information relating to those transactions. To this end it governs the:

(a) disclosure obligations of Significant Persons to the Company;
(b) disclosure obligations of Significant Persons and the Company to CONSOB;
(c) cases in which Significant Persons are prohibited from or limited in undertaking transactions on financial instruments.

In compliance with the Internal Dealing Code, the Bank's Compliance Officer is the Financial Reporting Officer and to CONSOB with regard to notices received from Significant Persons.

6. INTERNAL COMMITTEES OF THE BOARD OF DIRECTORS (PURSUANT TO ARTICLE 123- BIS, PARAGRAPH 2, LETTER D) OF THE TUF)

As at the date of approval of this Report (in compliance with the Supervisory Regulations and the Corporate Governance Code) four Board committees have been established, with examining, advisory, decision-making and coordination functions: (i) a Risk and Related Parties Committee; (ii) a Remuneration Committee; (iii) an Appointments Committee; and (iv) a Corporate Governance and Environmental and Social Sustainability Committee (together, the "Committees").

The current configuration of the Board Committees was approved by the Board of Directors at its meeting on April 28, 2020, in line with the recommendation made by the outgoing Board in the Qualitative/Quantitative Profile 2020. Up to that date, there were three committees within the Board: (i) a Risk and Related Parties Committee; (ii) a Remuneration Committee; and (iii) a Corporate Governance, Appointments and Sustainability Committee.

None of the functions assigned to board committees by the Corporate Governance Code has been assigned to the Board of Directors. As at the date of this Report, none of the Committees performs the functions of two or more committees envisaged by the Corporate Governance Code (16) and the functions are not spread across various committees in a way that differs from the provisions of the Code or the additional Supervisory Regulations in this area. The members of the Committees are chosen based on their expertise and their availability to perform the task, taking into account the recommendations of the Corporate Governance Code (see in particular, Recommendation no. 17).

Unless a shorter term of office is established upon their appointment, Committee members remain in office for the same time as the Board in which they are members. They may resign from their position in the Committees, without resigning from the Board of Directors.

If a member ceases to hold the position for any reason, the Board of Directors will replace that member. The expiry of the new member's term of office is the same as that of the outgoing member. If the Chairman of the Committee ceases to hold office, the Board of Directors will appoint a new Chairman at the time of appointing the replacement member.

The Committees meet on a regular basis and whenever required as a result of particular needs. The Committee meetings are considered duly convened if the majority of their members are present. Each Committee passes resolutions with an absolute majority of the attendees.

The meetings of the Committees are called at least four business days in advance. The notice of meeting, which may also be sent via fax or email by the Chairman via the Secretary of each Committee, must include the details of the place, date and time of the meeting, as well as the items on the agenda to be discussed. In cases of urgency, determined by the Chairman of each Committee, the meetings may be held with one day's notice. Committees may meet validly, even if they have not been called in advance, if all their members are present.

Except in cases of urgency, the documentation in support of proposals, and any information needed for the members of the Committees to express an informed opinion on the matters under discussion, are made available at least three business days prior to the meeting.

The Committee meetings may be held via telecommunications links, provided that each attendee

⁽ ¹⁶) In compliance with the CONSOB instructions and guidelines contained in Communication no. DEM/10078683 of September 24, 2010, in order to adopt the Related-Party Regulations, the Company has assigned its control and risk committee the functions of the related-parties committee.

can be identified by all the other attendees, can immediately take part in the discussion, and can also receive, send and view documents. The minutes of the Committee meetings are transcribed briefly by the Secretary, who need not be a member of the Committee. If the Secretary is absent or otherwise prevented from performing this task, the person chairing the meeting shall appoint a replacement. The minutes contain, amongst other things, the reasons for any disagreements expressed by the Committee members. The Secretary retains the minutes of the meeting for consultation by Committee members who did not attend the meeting, as well as Directors and Statutory Auditors.

The Chairman of each Committee reports on the meeting at the next Board meeting.

Each Committee is allocated adequate funds to perform its duties within the limits of the budget approved by the Board of Directors, sufficient to guarantee operational independence, which may be supplemented to meet specific needs. The Committees may engage external advisors.

The Shareholders' Meeting determines the annual fees for Committee members and a fee for attending committee meetings. To perform their duties, the Committees are given adequate instruments and information from the relevant functions, to enable them to make their assessments. They also have access to the relevant company information.

On the invitation of the Chairman of each Committee, the meetings – taking into account the items on the agenda in each case – may be attended by the Managing Director and General Manager, the other Directors, the Deputy General Managers, the Financial Reporting Officer and members of Company and Group personnel.

Subject to the right of the Statutory Auditors to attend the meetings, or the rules applicable to the Risk and Related Parties Committee, the Chairman of each committee can invite the Chairman of the Board of Statutory Auditors or another Statutory Auditor designated by him/her.

Persons external to the Company and the Group may also be invited to participate in meetings of each of the Committees where, in full compliance with the applicable regulations on confidentiality of information and market abuse, their participation is considered necessary for the discussion of items on the Committee meeting's agenda.

Where the Committees are called on to express their opinion on urgent matters within their remit, the Chairman of each Committee, after having acknowledged the urgency of the situation and having established that the majority of or all the members are unavailable to meet or to carry out the required activities in due time, promptly informs the Chairman of the Board of Directors of this situation. In any event, this notification must be made no later than the day after the Chairman of the Committee has received notice of the unavailability of the majority of or all the members. The Chairman of the Board of Directors, after consulting with the Managing Director and General Manager to evaluate the urgency of the decision, immediately restores the presence of the number of Independent Directors established for the composition of the Committee by designating another independent member of the Board of Directors, after having contacted him/her. With regard to the Risk and Related Parties Committee, the above-mentioned rules apply to transactions with persons in potential conflict of interest pursuant to the Global Policy, the completion of which is urgent and for which the Risk and Related Parties Committee's action is required during the negotiations and the preliminary analysis and/or when issuing the opinion.

The above also applies if the unavailability of the majority is due to the resignation of a member of the Committee.

With specific reference to composition of the Committees, in accordance with the Supervisory Regulations on Corporate Governance, it is good practice for each committee to have at least one

member from the least represented gender.

The rules governing the functioning of the Board Committees and the duties and responsibilities assigned to each of them are governed in detail by the Corporate Bodies Regulations (Paragraph B), which should be consulted for further details.

The committees established within the Board of Directors are described in Paragraphs 6.1, 7, 8 and 9.

6.1 CORPORATE GOVERNANCE AND ENVIRONMENTAL AND SOCIAL SUSTAINABILITY COMMITTEE

As already noted in Paragraph 6 above, the Board of Directors in office during the previous threeyear period provided recommendations, ahead of the Shareholders' Meeting called to discuss the renewal of the corporate bodies among other matters, concerning the structure and composition of the board committees contained in the Qualitative/Quantitative Profile 2020.

In accordance with those recommendations, the Board of Directors meeting of April 28, 2020, resolved to establish four committees, separating the functions of the former Corporate Governance, Appointments and Sustainability Committee. Specifically, in addition to the Risk and Related Parties Committee and the Remuneration Committee, the following committees were established: (i) an Appointments Committee and (ii)a Corporate Governance and Environmental and Social Sustainability Committee.

The information regarding the composition functioning and duties of the Corporate Governance and Environmental and Social Sustainability Committee is provided below.

6.1.1 Composition and functioning of the Corporate Governance and Environmental and Social Sustainability Committee

On April 28, 2020, the Board of Directors appointed the members of the current Corporate Governance and Environmental and Social Sustainability Committee, who are all executive, Independent Directors pursuant to the TUF and Corporate Governance Code, and have adequate experience and expertise as evaluated and ascertained by the Board of Directors on their appointment.

As at the date of approval of this Report, the composition of the Corporate Governance and Environmental and Social Sustainability Committee was as follows:

Name	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Maria Alessandra Zunino de Pignier	X	X	X	12/12 (100%)	C
Patrizia Albano	X	X	X	11/12 (91%)	M
Francesco Saita	X	X	X	12/12	M

					(100%)
------------- Members leaving office during the year-------------
N.A.
No. of Committee meetings as at December 31, 2022: 12
(*) This column shows the percentage attendance at Committee meetings (no. of attendances/no. of meetings held during the actual period in office of the person concerned during the Year).
(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

The members of the Corporate Governance and Environmental and Social Sustainability Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at December 31, 2022.

The Committee shall meet when convened by its Chairman, whenever he/she deems necessary, or upon the request of one of its members.

6.1.2 Functions of the Corporate Governance and Environmental and Social Sustainability

Committee

The duties assigned to the Corporate Governance and Environmental and Social Sustainability Committee are described below. The Corporate Governance and Environmental and Social Sustainability Committee performs the functions of informing, advising and making proposals to the Board through the following:

(i) providing opinions and support to the Board of Directors in defining FinecoBank's corporate governance system, the Group's corporate structure and models and guidelines on governance, and in that context it:
it monitors changes in national and international laws and best practices on corporate governance, updating the Board of Directors where those changes are significant;
verifies that the corporate governance system of FinecoBank and of the Group is in line with the legal and regulatory requirements, the recommendations in the Corporate Governance Code, and national and international best practice;
(ii) makes proposals to the Board of Directors on adapting the corporate governance system, where necessary or appropriate;
(iii) supervises the sustainability issues related to FinecoBank's operations and the interactions with all stakeholders; in particular, the Committee provides the following support to the Board:
monitoring the sustainable growth strategy of the Company and the Group over time, based on relevant international guidelines and principles;
contributing to assessing the risks linked to sustainability issues, and in particular, those that may be significant in the medium/long term;
examining and where necessary making proposals concerning plans, objectives, rules and company procedures on the Group's social and environmental issues in

line with the applicable regulations, monitoring their implementation over time. In this respect, it supports the Board of Directors in approving policies aimed at promoting diversity and inclusiveness;

contributes to the review of ESG products issued by the Bank;
monitoring the positioning of the Company and the Group in relation to financial markets with respect to sustainability issues and relations with all the stakeholders;
examining and issuing opinions regarding the policy for managing relations with all the shareholders, taking into account the engagement policies adopted by institutional investors and asset managers;
examining in advance the Non-Financial Statement (NFS) pursuant to Legislative Decree no. 254/2016 and the Environmental Statement pursuant to EMAS Regulation no. 1221/2009, for the areas applicable to FinecoBank, to be submitted for approval by the Board of Directors.

6.1.3 Activities performed

During the Financial Year, the Committee met twelve times. The Committee meetings, with minutes taken by the designated Secretary, lasted an hour and a half each on average one hour and forty-eight minutes.

During the meetings, the Corporate Governance and Environmental and Social Sustainability Committee – on the basis of the necessary information and clarifications received from FinecoBank's organisational units, and having taken note of the applicable regulations and the documentation supporting the proposals – was called upon to express its opinion, in relation to matters of corporate governance, on the annual letter of the Chairman of the Italian Corporate Governance Committee, also in order to implement its indications in the "Report on Corporate Governance and ownership structure for the year 20221", which was also submitted to the Committee for the aspects under its responsibility and subsequently approved by the Board of Directors on March 15, 2022. Similarly, in early 2023, the letter from the Chairman of the Italian Committee for Corporate Governance concerning the 2022 financial year was submitted to the Committee, the recommendations of which were taken into consideration for the purpose of this Report, as better specified in Section 16 below. Still on the subject of corporate governance, the Committee analysed the amendments proposed during 2022 to the "Corporate Bodies Regulations of FinecoBank S.p.A." and to the "Document of bodies and functions with control tasks", which were subsequently approved by the Board of Directors. It was also updated based on certain changes to the Bank's internal regulations on the organisational set-up of the Bank with reference to the functioning of certain management committees, with particular reference to the proposed changes to the Regulation of the Managerial Sustainability Committee.

The Committee oversaw the sustainability-related activities the related activities, verifying the updates provided by the competent internal structures on the initiatives undertaken by the Bank. In this regard, the Committee was kept constantly informed on the progress of the "2020-2023 Sustainability Goals Plan" and also examinedthe updates made to the ESG KPI Dashboard, making proposals for additions and clarifications. With regard to the integration of sustainability objectives into the incentive plans, the Committee was provided information on the qualitative/sustainable objectives for the year 2022 for the Identified Staff, ahead of the approval

by the Board of Directors, after having received an opinion from the Remuneration Committee. Among other sustainability-related activities, with particular reference to environmental sustainability, the Committee examined the Environmental Statement prepared in accordance with Regulation No. 1221/2009/EC, covering the years 2019-2021, which represents the first update of the Statement approved in 2021 and whose content essentially follows the themes of the reporting of environmental performance dealt with in the 2021 Consolidated Non-Financial Statement, making further clarifications. In addition, the first edition of the Fineco Group's Global Policy on sustainability was submitted to the Committee for its consideration, with which the aim was to create a framework of a general nature that is higher than the individual policies already issued by the Bank on specific sustainability aspects. The aim of the document is, in fact, to act as a constant frame of reference inspiring all the different declinations of sustainability in the Group, linking the commitments undertaken on the subject, formalising, inter alia, the governance structure, the compliance supervision in the ESG sphere, as well as the ESG risk discipline. The Committee was also presented with the document "Net-Zero Emission Commitment to 2050", with which Fineco has adopted climate impact reduction targets aimed at maximising its contribution to limiting the global temperature increase to 1.5°C, as indicated by the 2015 Paris Climate Agreement.

During the year, activities were also finalised to define the new materiality matrix for the purpose of preparing the Consolidated Non-financial Statement 2022; In this context, the Committee was presented with an update of the material themes, as well as the stakeholder map and the definition of stakeholder engagement activities. With specific regard to the preparation of the Non-Financial Statement 2021, the Committee analysed in a joint session with the Risks and Related Parties Committee - each for the profiles of their respective competences - the draft of the "Consolidated Non-Financial Statement 2021 of the FinecoBank Group", formulating some observations that were incorporated in the version approved by the Board of Directors on March 15, 2022. With regard to the 2022 Non-Financial Statement, the Committee monitored its preparation through periodic updates from the competent units on the progress of the work, examining their content in order to issue its opinion.

With particular reference to social sustainability profiles, the Committee analysed the results of a questionnaire it had proposed aimed at understanding the Bank's commercial offering, especially to younger customers on the instruments considered most speculative. The survey, carried out by the Global Business Department, took into account the operations of Fineco customers - divided for the occasion into two clusters ("Young people" (under 30) and "Others" (over 30)) - on the financial instruments offered by the Bank in order to better understand the consistency between the commercial offering and target market. The analysis will continue in the first half of 2023. Also in the area of social sustainability, the Committee was provided with insights into the implementation of Diversity and Inclusion issues within the Fineco Group. The Chief People Officer Department submitted to the Committee further matters within its competence, such as the document "Home-Work Travel Plan 2022" drafted for the second consecutive year in accordance with Article 229(4) of the Relaunch Decree and the Guidelines for the Drafting and Implementation of Home-Work Travel Plans. Work also continued on updating the provisions adopted by the Bank on agile working. Updates were provided on the Mifid adequacy check in the area of sustainability, informing the Committee of the activities, from time to time, put in place by the relevant structures. The Compliance structure also provided the Committee with information on the so-called "Accessibility Project", accessibility being understood as the ability of IT systems to provide services and information that can be used, without discrimination, also by those who, due to disabilities, require assistive technologies or special configurations.

The Committee was also the recipient (i) of the Global Anti-Corruption Policy, subsequently approved by the Board of Directors; (ii) of the document entitled "Principles for Responsible Banking reporting and self-assessment" covering the period from January 2021 to June 2022 drafted, for the first time, in implementation of the commitments undertaken by FinecoBank in December 2020, through its adherence to the United Nations Principles for Responsible Banking (PRB); (iii) of an initial briefing on the first set of draft European Sustainability Reporting Standards (ESRS) submitted to the European Commission by EFRAG, which will not come into force until June 2023 at the earliest, following the steps planned at European level for their adoption; (iv) some updates on the progressive integration of ESG risks into the framework of Risk Management of the Bank; (v) of a specific report on the Bank's monitoring of the communication channels of some Russian groups in the light of threats of cyber attacks, noting the cooperation with many Italian and foreign entities affected by the phenomenon and the adoption of specific security countermeasures for which no critical issues were detected; Also in the context of this topic, the Committee examined the general principles on security with a view to their publication and availability to Fineco's investors and agencies that assign the Bank an ESG rating. The Committee also received, as part of each meeting, a dedicated briefing on the most recent and relevant ESG-related legal and regulatory developments. Specific information and insights were also provided in relation to the feedback received from rating agencies with reference to the certifications and score obtained by the Bank in the area of sustainability. In this context, the Committee was also shown the improvement actions envisaged for certain ESG ratings and their presence in them. Finally, during the Financial Year, a meeting was devoted to illustrating the main initiatives implemented by FAM DAC in the area of sustainability. The representation was provided by the CEO of the Irish subsidiary himself, who described in detail the activities carried out by FAM for the formal and substantive integration of sustainability into business processes(17) .

The Committee, through its Chairman, had access to the information and corporate functions needed to carry out its tasks, also with the aid of the Company's internal units and external advisors.

The Chairman of the Board of Statutory Auditors and the Statutory Auditors attended the meetings of the Corporate Governance and Environmental and Social Sustainability Committee, also at the invitation of the Committee. Managers and staff of the corporate functions were also invited to attend in relation to individual items on the agenda.

For the current financial year - up to the date of the next Shareholders' Meeting called, among other things, to decide on the renewal of corporate bodies - five Committee meetings have been scheduled, four of which have already been held.

⁽ ¹⁷) The Committee was also informed about the start of the project to establish a company in the UK. Project set up following the implementation of Brexit with the aim of enabling the Bank to continue with its strategy of evolving its business in the UK, with particular reference to the brokerage offering, given the need dictated by the UK Regulator for a physical presence of the lender in the UK.

7. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE

7.1 Self-assessment and succession of Directors

The annual self-assessment of the Board and its Committees, as well as their size and composition, has been carried out in compliance with the Corporate Bodies Regulations adopted pursuant to the Supervisory Regulations on Corporate Governance and in accordance with the recommendations of the Corporate Governance Code.

For the performance of the self-assessment process, FinecoBank, as in the previous year, made use of the company Egon Zehnder as and independent external consultant, selected with the aid of the Appointments Committee and engaged to provide advice during each stage of the process. That company, chosen based on its experience and expertise in corporate governance, is acknowledged as possessing the neutrality, impartiality and independence of mind required by the Corporate Bodies Regulations.

The process consisted of the following steps:

examination: carried out in accordance with the provisions of the Corporate Bodies Regulations, through anonymous questionnaires and individual interviews;
consultant's assessment of the results of the self-assessment process and preparation of the summary document describing the methods used, the individuals involved and the results obtained, highlighting any strengths and weaknesses identified;
examination of the summary document by the Appointments Committee and proposals of possible corrective measures to be submitted to the Board of Directors;
assessment and approval of the summary document and the proposals by the Board of Directors.

In line with the approach adopted in the Board reviews of the previous years, the questionnaires and interviews focused on various topics concerning the size, composition and functioning of the Board of Directors and its Committees. Specifically, for the self-assessment referring to the year 2022, the relative document "Self-assessment of the size, composition and functioning of Fineco's Board of Directors and its Committees" was divided into two sections dedicated, respectively, (i) to the evidence emerging from the questionnaires and interviews regarding the "Qualitative/Quantitative Profile of the Board" in view of the renewal of the corporate bodies, to be submitted to the Shareholders at the Shareholders' Meeting in 2023; (ii) and a second part, the "Summary Report" summarising specific considerations on the self-assessment.

In summary, in this context, at the end of the self-assessment process, a largely positive picture emerged from the questionnaires and interviews regarding the size and composition of the Board, which is considered by all respondents to be numerically adequate and, therefore, not to be changed in view of the next renewal. The ratio between Executive and Non-Executive Directors, as well as the balance between Independent and Non-Independent Directors are substantially adequate and to be preserved in the future. In terms of "composition", the qualitative profile of the Board was the subject of a specific reflection by the Directors, both in light of their experience during the term of office, and with respect to the latest guidance opinion for the 2020 AGM. In this regard, with a view to the next renewal, the questionnaires revealed a willingness to try to preserve the inventory of skills currently available. At the same time, it would be appreciated if the qualitative composition could be further enriched by enhancing skills and experience in Information Technology, Digitisation, Cybersecurity, Operations and ESG. Skills and experience in strategy issues, specific knowledge of the business in which Fineco operates, of the global dynamics of the economic-financial system, and experience in business management and organisation are also indicated as priorities - albeit with less emphasis by the Directors. Focusing

on the representation of 'diversity', the Council hopes for future distinctive diversification in terms of skills, professionalism, training and experience. Moreover, the importance of certain soft skills and key competences considered as priorities emerged, also with a view to defining the expected profile of the future Bank Director (such as independence of thought and integrity, standing up skills, etc.).

On the other hand, the "Summary Report" on the self-assessment of the Board and its Committees revealed several "areas of strength". In particular, the Directors expressed their appreciation for the role of the Board, which is considered to effectively influence decision-making processes and not have a role of mere ratification, as well as for the key role of the Chairman in terms of leading board dynamics and stimulating critical, independent and open discussion, the quality and continuity of the relationship with the CEO and the interaction with the Heads of Control Functions.

With reference to the 2022 financial year, the Peer Review process was also carried out in order to analyse the individual contribution of each Director to the collegial work of the Board of Directors, through the submission of a questionnaire focused on each person's skills in his or her role and related behaviour. The process - which was carried out in line with the requirements of the Corporate Bodies Regulations - involved the Appointments Committee, which again availed itself of the support of the external professional Egon Zehnder.

Succession plans

FinecoBank is increasingly investing in the development of a sustainable leadership pipeline, creating internal growth opportunities and specific pathways to enhance and strengthen the leadership skills of managers, as well as in promoting diversity & inclusion to create a fair and inclusive environment.

On March 14, 2023, after receiving a favourable opinion from the Appointments Committee, the Board of Directors has lastly updated the succession plan - to be reviewed annually - for the Managing Director and General Manager, as well as for the Bank's other key management personnel and senior figures.

With the support of the Human Resources function, the Appointments Committee identified the process and methodology to be adopted for the formulation of the plan, as well as the optimal qualitative and quantitative profile of candidates for the position of Managing Director and General Manager.

The succession of the Managing Director and General Manager can be managed either through the selection of internal or external candidates, based at all times on the optimal qualitative/quantitative profile for the position.

With regard to the Chairman of the Board of Directors, the specific process codified in the Corporate Bodies Regulations will apply.

7.2 Appointments Committee

The Appointments Committee was established on May 13, 2014, as the "Remuneration and Appointments Committee". For reasons of efficiency and simplification of the governance structure, the Company had decided to initially make use of the option allowed by the former Self-regulation Corporate Governance Code to combine the functions of its Appointments Committee and Remuneration Committee into one committee. However, in line with the Supervisory Regulations on Corporate Governance, the Board of Directors, in the

Qualitative/Quantitative Profile 2017, recommended establishing two separate special Board committees for "appointments" and "remuneration". By resolution of April 11, 2017, the Board of Directors established an independent committee for appointments, called the "Appointments Committee". By subsequent resolution of March 1, 2018, the Board of Directors extended the duties of the Committee to include sustainability, consequently changing its name to "Appointments and Sustainability Committee". By resolution of October 7, 2019, the Board of Directors also assigned the above-mentioned Committee the duties relating to corporate governance matters, changing its name to the "Corporate Governance, Appointments and Sustainability Committee". Lastly, when preparing the Qualitative/Quantitative Profile 2020 for the appointment of the new corporate bodies by the Shareholders' Meeting of April 28, 2020, the outgoing Board of Directors recommended that, unlike in previous terms of office, a special committee be set up with exclusive responsibility for sustainability (particularly in light of the importance of this issue for the financial and banking sector). Accordingly, by resolution of April 28, 2020, the Board of Directors separated the functions of the Corporate Governance, Appointments and Sustainability Committee by setting up two separate committees (one responsible for appointments and the other for sustainability and corporate governance), consequently changing the name of this Committee to the "Appointments Committee".

7.2.1 Composition and functioning of the Appointments Committee

On April 28, 2020, the Board of Directors appointed the members of the current Appointments Committee, who are all executive, independent Directors pursuant to the TUF, the former Selfregulation Corporate Governance Code and the Corporate Governance Code (at the date of this Report), and have adequate experience and expertise as evaluated and ascertained by the Board of Directors on their appointment.

At the date of approval of this Report, the composition of the Appointments Committee was as follows:

Name	Executive	Non	Indep.	Indep.	%	(**)
		executive	Code	TUF	(*)
Elena Biffi		X	X	X	11/11	C
					(100%)
Patrizia Albano		X	X	X	11/11	M
					(100%)
Gianmarco Montanari		X	X	X	11/11	M
					(100%)
		------------- Members leaving office during the year-------------
N.A.
	No. of Committee meetings relating to the Year up to December 31, 2022: 11
(*) This column shows the percentage attendance at Committee meetings (no. of attendances/no. of meetings held during the actual period in office of the person concerned during the Year).

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

The members of the Appointments Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at December 31, 2022.

The Appointments Committee meets when convened by its Chairman, whenever he/she deems necessary, or upon request of one of its members.

7.2.2 Functions of the Appointments Committee

The duties assigned to the Appointments Committee are described below. This Committee has been assigned the duties and responsibilities in accordance with the Supervisory Regulations and the Corporate Governance Code. Specifically, the Appointments Committee has an advisory role assisting the Board with the following:

supporting the Board of Directors in the appointment and co-option of directors in accordance with the Supervisory Regulations;
providing the Board with opinions on:
a) the drafting (i) of the policy for the appointment of Directors of subsidiaries and investee companies, and (ii) the policy for verifying the suitability requirements of corporate officers and managers of FinecoBank's main corporate functions pursuant to current legislation;
b) the qualitative/quantitative profile required by the Supervisory Regulations, making proposals to the Board on the qualitative/quantitative composition of the Board of Directors and its Committees considered optimal and the maximum number of positions held by Directors in other companies considered compatible with the effective performance of their duties in FinecoBank;
c) the appointment of the Managing Director and/or the General Manager and other key management personnel;
d) the formulation of succession plans for the Chairman of the Board of Directors, the Managing Director, the General Manager and the other key management personnel;
e) the selection of candidates to the position of FinecoBank Director, in the event of cooption, and where lists are submitted by the Board, of candidates to the position of independent director to be submitted for the approval of the Shareholders' Meeting of the Company (see "Annex B" to the Corporate Bodies Regulations);
f) the appointment of members of Board Committees;
g) the various stages of the self-assessment process (see, Annex A to the Corporate Bodies Regulations);
assisting the Risk and Related Parties Committee in the process for identifying and proposing the heads of the corporate control functions (Compliance, Internal Audit, Risk Management and Anti-Money Laundering) and the head of reporting of suspicious transactions to be appointed or removed;
supporting the Board of Directors in assessing suitability pursuant to Article 26 of the TUB (requirements for corporate officers) and, in any case, in the applicable primary and secondary regulations in force (including the rules on interlocking directorates), as well as in the subsequent check of the qualitative/quantitative composition considered optimal and the actual composition resulting from the appointment process;
supporting the Board of Directors in the process of ascertaining the suitability requirements established for the heads of the main corporate functions (i.e. AML Officer, Compliance Officer, Head of Internal Audit, Chief Risk Officer, Chief Financial Officer and Financial Reporting Officer) under current legislation;
supporting the Chairman of the Board of Directors in all the steps pertaining to induction and training programmes for members of the Board of Directors and of the Board of Statutory Auditors;
issuing opinions to the Board of Directors concerning the appointment of corporate officers (i.e. members of the boards of directors, boards of statutory auditors and supervisory boards) at the subsidiaries, as well as minority-owned companies.

7.2.3 Activities performed

During the Year, the Committee met eleven times. The Committee meetings, with minutes taken by the designated Secretary, lasted on average one hour and eighteen minutes.

During these meetings, the Appointments Committee – on the basis of the necessary information and clarifications received from FinecoBank's organisational units, and having taken note of the applicable regulations and the documentation supporting the proposals – was called upon to express its opinion, inter alia, concerning the: (i) the annual letter from the Chairman of the Italian Corporate Governance Committee, also for the purposes of implementing its indications in the "Report on corporate governance and ownership structures for the year 2021", which was also submitted to the Committee for the aspects under its responsibility and subsequently approved by the Board of Directors on March 15, 2022; (ii) the updates of the positions of the corporate officers communicated over time; and (iii) the update of the "Regulation on FinecoBank's Corporate Bodies" for the sections pertinent to the Committee; (iv) verification of the requirements in relation to independence and interlocking directorships for the Directors; (v) the appointment of a Director in HI-MTF SIM S.p.A.; (vi) the approval of succession plans; (vii) the appointment of members of the Corporate Bodies of the Group's Subsidiaries, as well as (viii) the allocation of the budget for the same Committee for the year 2023.

With regard to the self-assessment process referring to the 2021 financial year, the Appointments Committee was called upon to examine the bids submitted to identify the company to be proposed to the Chairman of the Board of Directors who is called upon, pursuant to Annex A of FinecoBank's Corporate Bodies Regulations, to identify the external professional to be appointed to for the self-assessment process for the Board of Directors.

The results of the self-assessment process on the size, composition and functioning of the Board of Directors and its Committees were subsequently submitted to the Committee. The Committee also issued a positive opinion on the corrective actions to be taken with respect to the insights gained from the self-assessment results.

Furthermore, in view of the expiry of the three-year term of office of the Board of Directors, the Appointments Committee identified the independent external professional to be proposed to the Chairman of the Board of Directors for the Board of Directors' self-assessment and peer review process referring to the 2022 financial year. Subsequently, the Committee expressed its opinion on the outcome of the Board of Directors' self-assessment process, while also taking into consideration the insights that emerged from it. The Committee's activities related to the selfassessment process for the 2022 financial year also continued in the first months of 2023. In this

context, in fact, the Committee continued its activities aimed at defining the list of candidates to be submitted to the Board of Directors in view of the forthcoming renewal of the Board, using for the purpose of candidate selection precisely the results of the Board Review which, unlike the previous ones contained an ad hoc section devoted to the suggestions for the conclusion of the three-year term of office with a view to the renewal of the Board, as well as the evidence emerging from the Peer Review supported by the ad hoc interviews conducted by the external consultant Egon Zehnder, in order to ensure transparency and independence and thus also to comply with the Call for Attention no. 1/22 of January 21, 2022 of CONSOB concerning "The submission of a list by the board of directors for the renewal of the same board". The Committee also gave Egon Zehnder a specific mandate to search for candidates whose profiles were in line with the skills required in the Qualificative/Quantitative Profile 2023, taking into account the specific determinations made by the Board, in line with the proposal of the same Committee. Referring again to the activities implemented in 2023, the Committee also issued a positive opinion on the corrective actions to be taken with respect to the insights gained from the self-assessment results.

To support the Chairman of the Board of Directors, the Committee also supervised the work for the preparation of the training plans for the members of the corporate bodies. In particular, the Committee carried out the preliminary activities for the definition and updating of the training plan for the year 2022, defined on the basis of the results of the "Report on the mapping of FinecoBank's induction needs" and with the aim of strengthening the skills of the Directors and providing a concrete and innovative response to the requests of the Regulators for the management of training programmes.

Finally, the following was submitted to the Committee for subsequent approval by the Board of Directors of the update of the "Policy for verifying the suitability requirements of Corporate Officers and Heads of FinecoBank's Main Corporate Functions" aimed at defining the set of rules, responsibilities and processes for the purpose of verifying the suitability requirements of FinecoBank's Corporate Officers and Heads of the Main Corporate Functions and designed to implement the provisions of Ministerial Decree 169/2020 and the ECB Guide, and the provisions of the Bank of Italy Instructions issued on May 4, 2021.

The Committee, through its Chairman, had access to the information and corporate functions needed to carry out its tasks, also with the aid of the Company's internal units and external advisors.

The Chairman of the Board of Statutory Auditors and the Statutory Auditors also attended the meetings of the Appointments Committee, also at the invitation of the Committee. Managers and staff of the corporate functions were also invited to attend in relation to individual items on the agenda, as well as external consultants.

For the current financial year - up to the date of the next Shareholders' Meeting called, among other things, to decide on the renewal of corporate bodies - eight Committee meetings have been scheduled, seven of which have already been held.

8. REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE

8.1 Remuneration of Directors

For the information required regarding the remuneration of executive directors, non-executive directors and key management personnel and concerning indemnities for Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (pursuant to Article 123-bis, paragraph 1, letter i) of the TUF), see the chapter "Compensation paid to Members of the Administrative and Auditing Bodies, to General Managers and to other Executives with strategic responsibility" contained in the "2022 Remuneration Report" published in accordance with Article 123-ter of the TUF, Article 84-quater of the Issuer Regulations and the provisions in Title IV, Chapter 2, Section VI of Bank of Italy Circular no. 285.

8.2 Remuneration Committee

8.2.1 Composition and functioning of the Remuneration Committee (pursuant to Article 123-bis, paragraph 2, letter d), TUF)

On April 28, 2020, the Board of Directors appointed the members of the current Remuneration Committee, who are all executive, independent Directors pursuant to the TUF and the Corporate Governance Code, and have adequate experience and expertise as assessed and ascertained by the Board of Directors on their appointment.

Further to the information already provided in Paragraph 6 above, as at the date of approval of this Report, the composition of the Remuneration Committee was as follows:

Name	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Gianmarco Montanari	X	X	X	13/13 (100%)	C
Giancarla Branda	X	X	X	13/13 (100%)	M
Paola Giannotti De Ponti	X	X	X	13/13 (100%)	M
------------- Members leaving office during the year------------- N.A. No. of Committee meetings as at December 31, 2022: 13

(*) This column shows the percentage attendance at Committee meetings (no. of attendances/no. of meetings held during the actual period in office of the person concerned during the Year).

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

The members of the Remuneration Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at December 31, 2022.

For the additional information required regarding the establishment, duties and functioning of the

Remuneration Committee, as well as the main activities performed, see: (i) the section "Remuneration Committee" of the report published in the "2022 Annual Remuneration Report" published in accordance with Article 123-ter of the TUF, Article 84-quater of the Issuer Regulations and the provisions in Title IV, Chapter 2, Section VI of Bank of Italy Circular no. 285; (ii) the Corporate Bodies Regulations (Part B, § 1.2.).

With regard to the external consultant providing support to the Committee, there were no indications that his independence of judgement was compromised.

8.2.2 Functions of the Remuneration Committee

The duties assigned to the Remuneration committee are described below:

(i) presenting proposals or issuing opinions to the Board for the definition of a general remuneration policy for the Managing Director, the General Manager, the other Key Management Personnel and Identified Staff, to enable the Board to prepare the Report on Remuneration to be submitted to the annual Shareholders' Meeting and periodically assessing the suitability, overall consistency and effective application of the general remuneration policy approved by the Board;

(ii) makes proposals or expresses opinions to the Board on the overall remuneration and on the assignment and assessment of the performance objectives of the Managing Director, the General Manager, the other Executives with strategic responsibilities, the Financial Reporting Officer and of the Executive Vice President (as identified by the Global Job Model of the Group), and for the determination of the criteria for the remuneration of the Company's top management, including the relevant performance targets related to the variable component of such remuneration;

(iii) formulates proposals or expresses opinions to the Board of Directors on the overall remuneration and on the assignment and relative evaluation of the performance objectives of the Heads of the corporate control functions (Head of the Compliance function, Chief Risk Officer, Head of the Internal Audit function, Head of the Anti-Money Laundering function). With reference to the compliance, risk control (Risk Management) and anti-money laundering functions, it formulates proposals or issues opinions after consulting the Risk and Related Parties Committee; Furthermore, with reference to the Internal Audit function, it formulates proposals or expresses opinions with the favourable opinion of the Risk and Related Parties Committee;

(iv) examining any share-based or cash incentive plans for the employees and the personal financial advisors of the Company and Gruop and strategic staff development policies;

(v) directly overseeing the proper application of remuneration rules for managers of corporate control functions, in close conjunction with the control body;

(vi) working together with the other Board committees, in particular the Risk and Related Parties Committee, which, in relation to the remuneration and incentive policies, examines whether the incentives provided by the remuneration system take into account risks, capital and liquidity, whilst ensuring that this does not affect the tasks assigned to the Remuneration Committee, as well as proper coordination with that committee;

(vii) ensuring the involvement of the competent corporate functions in the process to prepare and check remuneration and incentive policies and practices;

(viii) providing opinions, also using information received from the competent corporate functions, on the results of the procedure for identifying key personnel, including any exclusions;

(ix) providing appropriate reporting on its activities to the corporate bodies, including the Shareholders' Meeting.

For the current financial year - up to the date of the next Shareholders' Meeting called, among other things, to decide on the renewal of corporate bodies - four Committee meetings have been scheduled, three of which have already been held.

9. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - RISK AND RELATED PARTIES COMMITTEE

The internal control system is a fundamental part of the overall governance system of banks. It has a central role in the organisation and ensures the effective monitoring of risk, in order to guarantee that operations are in line with company strategies and policies and based on principles of sound and prudent management.

An efficient and effective internal control system forms the basis for creating value in the medium and long term, for safeguarding the quality of operations and for a correct perception of risk and appropriate allocation of capital.

The Company's internal control system is based on the principles of the Corporate Governance Code, applicable regulations and best practice, and is founded on:

control functions and positions, which involve, each for their area of responsibility, the Board of Directors, the Risk and Related Parties Committee, the Internal Control and Risk Management System Director, the Board of Statutory Auditors, as well as the corporate functions with specific internal control duties;
procedures for coordination between the parties involved in the internal control and risk management system.

Board of Directors and Risk and Related Parties Committee;

The guidelines of the internal control and risk management system (below the "Internal Control and Risk System") are established by the Board of Directors. In this way, the Board ensures that the main risks to which the Bank is exposed are properly identified, measured, managed and monitored.

In this context, the Board of Directors revises and updates the Risk Appetite Framework (or "RAF") on an annual basis, and in line with the timelines for the budget process and definition of the financial plan, in order to ensure that the business is developed with a correct risk profile and in compliance with national and international regulations.

The Group Risk Appetite expresses the risk profile with respect to multiple dimensions (capital adequacy, profitability and risk, as well as controls on specific risks such as credit, operational, market, sustainability, as well as funding and liquidity risks), defining reference metrics for each.

The definition process, revised from the previous version, has been structured to guarantee consistency with the budget, while the performance indicators (the "KPIs" or "Key Performance Indicators") were revised to include simple, comprehensible metrics.

FinecoBank's Risk Appetite Framework includes not only the list of relevant metrics, but also materiality thresholds: (i) the Risk Appetite thresholds represent the extent of risk the Bank is prepared to assume to achieve its budget objectives and defines the constraints for the development of the business; (ii) the Risk Appetite thresholds represent alarm thresholds which activate the analysis of possible mitigation actions and must be reported promptly to the Chief Executive Officer; (iii) the Risk Capacity thresholds are the values that must not be exceeded; if exceeded, the Board of Directors must be informed.

As regards responsibilities, the Corporate Bodies Regulations establish that the Board is responsible for the Internal Control and Risk System, providing guidance and assessing the adequacy of the system. It also identifies the following from within the Board:

− the director responsible for establishing and maintaining an effective internal control and risk management system (the "Internal Control and Risk Management System Director");
− an internal Committee called the "Risk and Related Parties Committee" consisting entirely of Independent Directors, which assists the Board of Directors, based on appropriate preliminary investigations, in its assessments and decisions concerning the Internal Control and Risk Management System, as well as the approval of periodical financial and non-financial reports.

The Board of Directors, with the prior approval of the above-mentioned Committee:

(a) defines the guidelines of the Internal Control and Risk Management System, assesses at least annually the consistency and adequacy of the Company's characteristics, its strategic direction and its risk profile, as well as its effectiveness, in terms of the ability to grasp the evolution of the business risks and the interaction between them, assigning the Internal Control and Risk Management System Director the task of establishing and maintaining an effective Internal Control and Risk System;

(b) after consulting the Board of Statutory Auditors, (i) appoints a person in charge of the Internal Audit function (the "Head of Internal Audit"), who is responsible for verifying that the Internal Control and Risk Management System functions properly; (ii) shall ensure that it is adequately resourced to discharge its responsibilities and (iii) subject to the favourable opinion of the Remuneration Committee, shall define its overall remuneration in line with corporate policies and shall assign and assess its performance targets;

(c) after consulting the Board of Statutory Auditors, and with the support of the Appointments Committee, appoints and revokes the appointment of the Heads of the Compliance, Risk Management, Anti-Money Laundering and Suspicious Transaction Reporting functions;

(d) approves, at least once a year, the audit plan prepared by the Head of Internal Audit, subject to approval by the Risk and Related Parties Committee and the Internal Control and Risk Management System Director, and after consultation with the Board of Statutory Auditors;

(e) approves the Group's tax strategy, which sets out the guidelines and principles adopted by the Bank in the management of tax matters and, in particular, of the associated risk. In addition, at least once a year, and after the reporting to the Risk and Related Parties Committee, it is informed about the state of the internal control system for tax risk within the annual report on the tax risk situation;

(f) assesses, after consulting with the Board of Statutory Auditors, the findings of the external auditors in the audit opinion letter and the additional report on the audit work referred to in Article 11 of Regulation (EU) No 537/2014.

The Board of Directors assesses, among others and at least annually, the adequacy, functioning and effectiveness of the Internal Control and Risk System, with the aid of the Risk and Related Parties Committee, based on:

− reports from the heads of: the Compliance function, Risk Management function, Anti-Money Laundering function and Internal Audit function;
− reporting from the Financial Reporting Officer on the proper use of accounting standards and their consistency for the preparation of the consolidated financial statements;
− all relevant information for the monitoring of overall company risk, provided by the competent units and/or the external auditors.

The Board globally monitors the main company risks, with the aid of the Risk and Related Parties Committee in relation to which please refer to Paragraph 9.2.

With specific regard to compliance risk, the Board of Directors, after consulting with the Board of Statutory Auditors, (i) approves the risk management policies; (ii) evaluates, at least once a year and with the technical support of the Risk and Related Parties Committee, the adequacy of the organisational structure and the quality and amount of resources of the Compliance function, and analyses periodic reports on its controls on compliance risk management; and (iii) analyses the periodic reports on its audits in the context of compliance risk management.

In addition, the Board of Directors exclusively:

(a) determines the remuneration/incentive systems in favour of Key Personnel and the Personal Financial Advisors Network, and verifies that these systems do not increase business risks and are consistent with long-term strategies;

(b) prepares and submits the remuneration and incentives policy to the Shareholders' Meeting, on an annual basis, and is responsible for its proper implementation;

(c) sets the criteria for identifying the most significant transactions to be submitted for prior examination by the Risk and Related Parties Committee, and decides on transactions with related parties and associated persons, in accordance with the related procedures;

(d) takes decisions on the transactions of the Company and those of its subsidiaries, where those transactions have a significant strategic, economic, capital or financial impact for the Company; to that end, it establishes general criteria for identifying significant transactions.

The Board of Directors also defines the Lending Strategies which, within the framework of Basel Pillar II, are an effective means of risk governance to ensure consistency between budget objectives and the Risk Appetite Framework.

The Board of Directors also approves the Bank's policy on the outsourcing of corporate functions.

In accordance with Supervisory Regulations on internal control systems, the Bank carried out the annual assessment (for the Year) on the adequacy of the internal control and risk management system with respect to the characteristics of the business and the risk profile assumed, as well as its effectiveness. The assessment has been successful.

The Committee, in consideration of the checks/analyses carried out on the contributions brought to its attention by the various players in the Bank's Internal Control System, (e.g. periodic and/or event-based reports by the Heads of the Corporate Control Functions) and/or from the outside (e.g. requests and communications from the Supervisory Authorities), taking into account the passage under ECB Supervision and the expectations of growth and expansion of the Bank's activities, continued to support the further strengthening of the overall control system in order to provide the Bank with a structure fully adequate to its size and complexity, its development ambitions and the reference context. With this in mind, the Committee, which already in the past monitored the development path of the control functions after the exit from the UniCredit group, monitored the phases of the project for the qualitative and quantitative strengthening of the Compliance function. The Committee, on the basis of the results of the control activities carried out, as well as of the further projects in progress, considers that the design of the internal control system is capable, within the limits of reasonableness, of identifying possible areas of weakness/improvement of the Internal Control System in a timely manner, and consequently of effectively directing/managing any corrective measures identified.

Also, in relation to business continuity the Board of Directors: (i) sets the objectives and business

continuity strategies, ensuring sufficient human, technological and financial resources for the achievement of the objectives set; (ii) approves the business continuity plan and subsequent amendments as a result of technological and organisational changes, assessing and accepting the residual risks not managed by the business continuity plan; (iii) is informed, at least annually, of the results of controls on the plan's adequacy and on business continuity measures; (iv) appoints the manager responsible for the business continuity plan.

Specifically, the Bank's Business Continuity and Crisis Management framework includes the Emergency and Crisis Management Plan, which establishes the scale of emergency levels in the Company and the escalation rules, identifying the key roles in the management of emergencies/crises and the predefined management measures (plans), including the business continuity plan (and the disaster recovery plan which is an integral part of it). The manager responsible for the business continuity plan is appointed by the Board of Directors.

In emergency/crisis situations, the Board is informed (by the Managing Director and General Manager or by the Company Business Continuity Manager based on the Emergency Level) about the status of the emergency and in the event of serious problems for company operations due to serious incidents or malfunctions.

During the Financial Year, in order to further strengthen the regulatory oversight of the management of serious operational or security incidents, the Global Policy Emergency & Crisis Management, directly applicable to the Parent Company and Subsidiary Entities, was updated, and thus the related emergency and crisis management plan.

Also, during 2022, the business continuity plan and the disaster recovery plan were duly updated to the changes in the business, maintaining remote working as a main emergency management measure with a business continuity impact.

These plans were approved by the Board of Directors and subsequently verified in test sessions, to guarantee their effectiveness and adequacy.

With specific reference to compliance risk(18) , the Board of Directors, after consulting with the Board of Statutory Auditors, approves risk management policies. It also assesses, at least once a year and with the technical support of the Risk and Related Parties Committee, the adequacy of the organisational structure, the quality and amount of resources of the Compliance function, and analyses periodic reports on that function's controls on the management of compliance risk.

The Board of Directors also has general responsibility for management and control of the information system, with a view to the optimal use of technological resources supporting company strategies (ICT governance). In this respect, it:

approves the ICT development strategies and the architectural model for the system, the sourcing strategies and the ICT risk propensity, in accordance with the risk objectives and the framework for the determination of the risk propensity at company level;
approves the ICT security policy;
approves the guidelines on recruitment of personnel with technical functions and on the acquisition of systems, software and services, including the use of external suppliers;

⁽ ¹⁸) "Compliance risk" may be defined as the risk of incurring legal or administrative penalties, financial losses or sustaining reputational damage, as a result of failure to comply with financial and banking laws, regulations, codes of conduct and good practices.

promotes the development, sharing and updating of ICT knowledge within the company.

With specific regard to supervisory responsibility for ICT risk analysis, the Board:

approves the organisational and methodological reference framework for ICT risk analysis, promoting the appropriate consolidation of information on technological risk within the ICT function and integration with risk measurement and management systems (concerning in particular, operational, reputational and strategic risks);
approves the ICT risk propensity, having considered internal services and services to customers, in accordance with the risk objectives and framework for defining the risk propensity at a company level.

With regard to the above responsibilities, the Board is informed at least annually of the adequacy of the services provided in relation to the costs sustained and of the ICT risk situation with respect to the risk appetite.

Board of Statutory Auditors

The Board of Statutory Auditors of FinecoBank monitors the effectiveness, completeness, adequacy, functioning and reliability of the internal control and risk management system, and of the Risk Appetite Framework, in line with requirements of the Corporate Governance Code and the Supervisory Regulations.

It also monitors compliance with the Internal Capital Adequacy Assessment Process (ICAAP) and the completeness, adequacy, functioning and reliability of the business continuity plan.

With specific regard to the Board of Statutory Auditors also being able to take on supervisory board functions pursuant to Legislative Decree no. 231 of June 8, 2001, the Company considered it appropriate to assign these functions to a specifically created Body (see Paragraph 9.4 of this Report).

The Board of Statutory Auditors establishes appropriate working relations with the Risk and Related Parties Committee to carry out joint activities, according to their specific areas of responsibility.

To carry out its duties, the Board of Statutory Auditors may be assisted by the company's internal control units and functions to carry out and plan its verifications and the necessary assessments. To this end, it receives regular appropriate information flows or information on specific situations/company performance. Given this close connection, the Board of Statutory Auditors is specifically consulted about decisions regarding the appointment and revocation of appointment of the heads of the corporate control functions (Compliance, Risk Management, Internal Audit and Anti-Money Laundering), and also about the identification of the essential elements of the control system's overall architecture (powers, responsibilities, resources, reporting flows and handling conflicts of interest). With regard to its own activities, the Statutory Auditors may request the Internal Audit function to carry out specific audit activities in operational areas and on company operations. The Board of Statutory Auditors verifies and investigates the causes of and remedies operational irregularities, performance anomalies, and shortcomings in the organisational and accounting structure. Special attention is given to compliance with regulations on conflicts of interest.

Control Functions

FinecoBank's internal control system is based on four types of controls:

(i) level one controls ("line controls"): these are controls relating to individual activities and are carried out according to specific operational procedures based on a specific internal regulation; they are incorporated into the ICT procedures as much as possible. The operating structures have prime responsibility for the risk management process. Monitoring and continuously updating these processes is entrusted to "process supervisors" who are charged with devising controls able to ensure the proper performance of daily activities by the staff concerned, as well as the observance of any delegated powers. The processes subject to control relate to units that have contact with customers, as well as completely internal Bank units;
(ii) level two controls: these are controls whose objectives include ensuring the proper implementation of the risk management process. The Risk Management function controls risks, as regards compliance with limits assigned to operating functions and the consistency of operations of individual production areas with established risk/yield objectives; The controls on the risks of failure to comply with company operations with rules, including self-regulations, are performed by the Compliance function. These functions assist in defining risk management policies and the risk management process;
(iii) level three controls: these controls are typical of internal auditing, based on analysis of information obtained from databases or company reports, as well as on-site controls. This type of control aims to identify breaches of procedures and regulations, in addition to periodically assessing the completeness, adequacy, functioning (in terms of efficiency and effectiveness) and reliability of the internal control system and information system (ICT audit) at a set frequency based on the nature and level of the risks. These controls are assigned to the Internal Audit function. To verify the compliance of the behaviour of the Group Companies with the guidelines of the Parent Company, as well as the effectiveness of the internal control system, the internal audit function of FinecoBank, at consolidated level, periodically carries out on-site controls on the members of the Group, based on the importance of the different types of risk assumed by the entities;
(iv) institutional supervisory controls: these refer to controls by the Bank's bodies, including in particular the Board of Statutory Auditors and the Supervisory Committee pursuant to Legislative Decree no. 231 of June 8, 2001.

The Risk Management function

In accordance with the Supervisory Regulations, the Risk Management Function reports directly to the Managing Director and General Manager and has direct access to the Supervisory Body and the Control Body and communicates with them without restrictions or intermediation.

Within the scope of the tasks and responsibilities defined by the prudential regulations, the Risk Management Function, at Group level and in an integrated manner, oversees the processes of governance, measurement and control of risks in accordance with the strategies and policies established.

Within the level two controls, the Risk Management function is responsible for preventing and monitoring the Group's risks in its various components. In particular, the Risk Management Function carefully controls credit, market, operational/reputational (including cyber risk), interest rate, liquidity, and sustainability risk, in collaboration with the level one structures for their

respective areas of responsibility.

The Risk Management Function verifies the Second Pillar capital adequacy as well as through the development and maintenance of management models for determining the Internal Capital taking into account all the specific risks that the Group is exposed to that are not considered in the First Pillar (e.g. concentration risk and interest rate risk).

Specifically, the Risk Management function:

− is involved in defining the RAF, risk governance policies and various stages of the risk management process, as well as establishing operational limits for the various types of risk. In this context, it proposes quantitative and qualitative parameters necessary to define the RAF, which refer to stress scenarios and the modifications to those parameters in the event of changes in the Group's internal and external operating context;
− develops the capital adequacy assessment (ICAAP) and liquidity risk management (ILAAP) processes in accordance with regulatory requirements; it prepares its parts of the ICAAP and ILAAP report addressed to the Supervisory Authorities and coordinates the contributions of the corporate functions involved;
− checks the adequacy of the RAF and on an ongoing basis the adequacy of the risk management process and operating limits; it defines and applies stress testing scenarios for each risk area, with particular regard to the ICAAP and ILAAP;
− is responsible for developing and maintaining the independence of risk measurement and control systems in order to report periodically to the control bodies and the Board of Directors;
− defines procedures for assessing and controlling reputational risk, coordinating with the compliance function and with the most exposed corporate functions;
− assists the corporate bodies in assessing strategic risk, monitoring the significant variables;
− ensures the consistency of risk control and measurement systems with the processes and methodologies for assessing the company activities, coordinating with company units concerned;
− develops and adopts indicators designed to identify anomalies and inefficiencies in risk control and measurement systems;
− analyses the risks of new products and services and risks from entering new operating and market segments;
− gives prior opinions on the consistency of material transactions with the RAF, and obtains the opinion of other functions involved in the risk management process, based on the nature of the transaction;
− constantly monitors the actual risk assumed by the Group and its consistency with the risk objectives, as well as compliance with the operating limits assigned to the operating structures in relation to the assumption of the various types of risk, making any proposals to the Managing Director and General Manager for changes to contain the risks;
− checks the adequacy and effectiveness of measures taken to remedy inefficiencies identified in the risk management process;
− helps the Corporate Bodies in the performance of their respective tasks relating to the Internal Control System, facilitating the timely and coordinated gathering of all relevant information for the quantification and management of risk and the adoption of timely corrective measures where necessary.

The function also carries out monitoring and reporting for the Corporate Bodies, mainly through the quarterly report on the Group's risk exposure.

The Compliance Function

The Compliance function monitors the management of compliance risk(19) using a risk-based approach, for all the company operations, ensuring that internal procedures are appropriate for preventing this type of risk.

The Compliance function assists/supports management and Company employees in managing compliance risk and monitoring the correct conduct of business operations in order to ensure compliance with applicable regulations, internal procedures and best practice.

For an effective management of compliance risk, the Company must have a Compliance function. This function must be independent, with a sufficient number and quality of human and technical resources for the duties to be performed, able to freely interact with Senior Management and the Corporate Bodies. It must have access to all resources and company information and be able to report any matter directly to the higher hierarchical levels.

In particular, the Compliance function of the Parent Company is responsible for guiding, coordinating and monitoring compliance matters at Group level and is responsible for developing the Global Compliance Rules; setting standards of conduct for the regulatory areas applicable throughout the Group; developing Group methodologies for risk assessment and level two compliance controls; periodically providing senior management an overview of the status of compliance risks in the Group.

Regulatory compliance risk is managed through:

Proactive and on-request advice:
− ongoing identification of rules applicable to the Bank and its Gruop and consequent compliance risks; drafting of internal rules applicable to the Bank and the Group and identifying the related impact on the Bank's processes and procedures, including the ICT system (ICT Compliance);
− prior assessment of compliance with regulations applicable to products, processes, organisational structures, the incentive system, training modules and, in particular, innovative projects (including operations in new business lines and geographic areas) that the Bank intends to undertake – also through participation in specifically designated committees – as well as the prevention and management of conflicts of interest in the various activities carried out by the Bank, with reference to company employees and consultant staff;
− providing opinions and prior assessments on compliance matters, in response to requests from the various internal units in relation to external regulations, providing them support in analysing and interpreting the regulations;
− assessments, for the areas under its responsibility, of the Bank's remuneration policy and in particular of remuneration/incentive systems for personnel and the personal financial advisors network authorised for cold calling;
− participation, where required, in working groups for the aspects within its remit.

⁽ ¹⁹) Compliance risk may be defined as the risk of incurring legal or administrative penalties, financial losses or sustaining reputational damage, as a result of failure to comply with financial and banking laws, regulations, codes of conduct and good practices.

Communications:
− promotion of a culture based on compliance with internal and external regulations and international best practice, through the adoption of specific guidelines, the preparation of internal rules, memoranda, opinions and communications, and through personnel training;
− cooperation with other Bank functions and, in particular, with functions that oversee risk management and control (primarily Internal Audit and Risk Management), in order to improve overall consistency and ensure mutually adequate and ongoing information flows;
− definition of FinecoBank's annual training plan on the regulatory areas of competence in cooperation with the Chief People Officer Department.
Interaction with authorities:
− management of relations with Authorities, in cooperation with the Regulatory Affairs Unit, together with other relevant functions (such as involvement in consultations concerning new legal and regulatory developments, assistance for preparing comments on bills, monitoring requests and inspections by the Authorities and relative corrective actions).
Monitoring, surveillance and reporting:
− assessment of the compliance risks identified (compliance risk assessment), also through level two controls, the definition of corrective actions to mitigate those risks, monitoring the actions and initiating procedures involving relevant higher hierarchical levels (escalation) to resolve problem issues identified;
− verification of the effectiveness of organisational alignments (structures, processes and procedures, operational and commercial) recommended to prevent the risk of failure to comply with regulations;
− preparation of periodic reports to the Corporate Bodies and the Supervisory Authorities on the level of compliance risk in the Bank and the measures adopted to manage it.
Oversight on Group Subsidiary Entities:
− support the Group Entities in the implementation of the policies and guidelines defined by the Parent Company's Compliance function for the perimeter of direct supervision, with a view to their transposition, making use of the support of all the Department's structures according to their competence;
− monitor the overall transposition and implementation by the Legal Entities of the same policies and guidelines, through the evidence received from the corresponding local functions and from Organisational Development and Business Continuity as Group Regulatory Referent;
− support the Group's Subsidiary Entities in the definition of the Compliance Plan, in compliance with the relevant external regulations;
− monitor the implementation of the Compliance Plan by the Legal Entities, through the evidence received from the corresponding local functions;
− monitor the evolution of the relations of the Group's Subsidiary Entities with the local Supervisory Authorities.

With regard to the regulatory areas under its responsibility, the Compliance function performs:

(i) direct oversight of all regulatory areas applicable to the company's business, with the exception of those covered by "indirect" oversight (as defined below);
(ii) indirect oversight of regulatory areas which are already subject to forms of control by specialist units within the Bank (in accordance with the Supervisory Regulations for banks issued by the Bank of Italy in Circular no. 285/2013 as amended).

The main areas covered by the direct oversight model are: provision of banking and financial services, banking transparency and consumer credit, consumer protection, credit intermediation, usury, payment services, privacy, administrative liability for offences committed in the interest of the company, anti-money laundering and combating the financing of terrorism, sanctions and embargos, corruption and unlawful receipt or giving of money or other benefits, antitrust and unfair commercial practices, provision of investment services and activities management of Group conflicts of interest and inducement, regulations relating to markets in financial instruments, centralised management of financial instruments, market abuse, promotion and distribution of insurance products, supervisory reporting (including significant holdings), prudential supervision (including holdings that can be held), risk activities towards related parties, incentive schemes (for employees and PFA Network), ICT compliance (ref. Circular 285, chap. IV "The Information System", sect. II, par. 6 "ICT risk control and compliance"), outsourcing management.

For the purposes of covering the regulatory areas of competence, the Compliance function interacts with the relevant Control Authorities (e.g. European Central Bank, CONSOB, Bank of Italy, IVASS, AGCM, Privacy Regulator) and supports relations with the competent local Control Authorities, maintained locally by the Entities.

The indirect oversight model envisages that, for a regulations that are already subject to specific forms of oversight capable of managing the compliance risks (e.g.: occupational safety regulations), the tasks of the Compliance function can be scaled. The Compliance functions remains responsible in any event, in cooperation with the specialist functions, at least for developing the methodologies for assessing compliance risk and identifying the related procedures, and verifying the adequacy of those procedures for preventing compliance risk.

Currently, in FinecoBank, specialist supervision has been assigned to the following corporate functions: Corporate Law & Board Secretary's Office; Human Resources – Industrial relations, Labour & Welfare Policies; GBS – Bank Organisation and Operations – Organisational Development and Business Continuity; GBS – Real Estate, CFO – Tax Compliance; CFO, CFO – Sustainability.

In performing its duties, the Compliance function has access to all Bank operations, at both a central and peripheral level, and to all information considered significant, also through direct interviews with personnel.

To this end, the Bank, in line with current national and international best practice, has an internal whistleblowing system for employees to report any irregularities or violations of applicable regulations and internal procedures, which provides a specific, confidential information channel and guarantees the anonymity of the whistleblower. The system, managed by the Compliance function, is available to employees, personal financial advisors and third-party providers.

The structure of FinecoBank's Compliance function is divided into the Compliance Department, which consists of the following units:

− Ethics & Compliance Culture (in staff al Compliance Department), Transparency & Customer

Protection, Investment Services, DPO, Outsourcing & ICT Compliance each dedicated for the regulatory areas of their respective competence, to advisory, communication and interaction activities with the Authorities. The Head of the DPO, Outsourcing & ICT Compliance Unit was, in addition, appointed as of January 1, 2022 as "Data Protection Officer" (also Data Protection Officer - DPO), by virtue of the applicability of the GDPR as of May 25, 2018.

The DPO is responsible for performing the following tasks, with full autonomy and independence:

• informing and advising the Bank, the Group Entities and the employees that process personal data of their obligations under the GDPR and other European Union or Member State regulations on data protection;

• monitoring compliance with the EU Regulation, with other Union or Member State regulations on data protection and the internal data protection policies, including the allocation of responsibilities, and providing education and training for personnel involved in the data processing and the associated control activities;

• providing an opinion, where requested, on the data protection impact assessment and monitoring the performance of the assessment in accordance with Article 35 of the GDPR "Data protection impact assessment";

• cooperating with the supervisory authority;

• acting as the contact point for the supervisory authority on matters relating to the data processing, including the prior consultation according to Article 36 of the GDPR, and providing advice on any other matters where appropriate.

With reference to Article 38 of the GDPR, the DPO is required to regularly report to the Board of Directors providing an overview of how personal data are protected within the Company.

− Risk Assessment & Controls: in turn made up of the Risk Assessment and Compliance Controls Teams, dedicated respectively to the identification and assessment of compliance risks and to the definition and implementation of level two controls; both teams, where necessary, identify appropriate corrective actions for the mitigation of compliance risks and monitor their implementation;
− Anti-Money Laundering Function(20) : which is responsible for the ongoing monitoring and identification of applicable external regulations on anti-money laundering, counter-terrorist financing and financial penalties, overseeing their interpretation, and, with the support of the Compliance Officer, drawing up policies and guidelines to be implemented by the Group Companies to ensure the proper implementation of the related external regulations. The Anti-Money Laundering Function is also responsible, in liaison with the Bank's functions responsible for training, for the preparation of a suitable training plan for its area of activity, aimed at achieving the continuous updating of employees and consultant staff, including PFAs. The Anti-Money Laundering Function reports directly to the strategic supervision, management and control bodies and has access to all the activities of the Bank and any relevant information for the performance of its tasks. It also prepares a report, at least once a year, for the Board of Directors, the Board of Statutory Auditors and the Supervisory Committee on the work carried out, on the deficiencies identified and the related corrective measures to be

⁽ ²⁰) Duties of the Anti-Money Laundering Function are defined by the Bank of Italy Provision of March 26, 2019, containing the implementing provisions in relation to organisation, procedures and internal controls aimed at preventing the use of intermediaries and other parties that carry out financial activities for money laundering and terrorist financing in accordance with Article 7, paragraph 2 of Legislative Decree no. 231, of November 21, 2007, Chapter II, Section I. At the date of this Report, this measure is being updated by the Bank of Italy.

adopted, as well as the staff training activities (employees and PFAs), to enable those bodies to perform their supervisory duties as required by Legislative Decree no. 231/2001.

As mentioned above, the Anti-Money Laundering function is positioned within the Compliance function.

The Head of the Anti-Money Laundering Function, with the support of the units that make up the Anti-Money Laundering Function, is responsible for:

− supporting the Managing Director and General Manager in drawing up the Group rules on anti-money laundering and financial penalties, for subsequent approval by the Board of Directors and overseeing their implementation;
− provide advice and support to Top Management on AML issues, coordinate and supervise the implementation of the AML/CFT programmes of Group companies;
− ensuring adequate information flows to corporate bodies, including, at least annually, the Report on the activities carried out by the AML Function and the Self-Assessment Report on the money laundering and terrorist financing risks to which the bank is exposed in relation to the business conducted for subsequent submission to the competent national authority;
− analysing the periodic reports received from the Subsidiaries and working with the local Anti-Money Laundering Officers to implement any necessary improvements and corrective measures;
− promptly informing the Corporate Bodies of breaches or significant deficiencies identified in carrying out his/her tasks.

Within the Anti-Money Laundering Function, the team "Anti-Money Laundering and Counter-Terrorism Service" is responsible for:

− supporting the Head of the Anti-Money Laundering Function in ensuring the implementation of a suitable programme for the management of financial penalties and for preventing and countering money laundering and terrorist financing risks;
− ensuring the implementation of the policies and guidelines under its responsibility, to guarantee the correct application of the applicable external regulations;
− working with the Head of the Anti-Money Laundering Function in the definition of the system of internal controls and procedures aimed at preventing and combating money laundering risks;
− with regard to the point above, providing advice and support to the Bank's various units in relation to anti-money laundering, anti-terrorism and financial penalties, in particular for: (i) the drafting of the procedures concerned by the above-mentioned regulations and the related internal control system, including the procedures and controls relating to remote operations (e.g. also carried out through digital channels) to automatically identify abnormal transactions; (ii) the identification of supporting IT tools; (iii) onboarding and customer due diligence in complex situations;
− monitoring risks in relation to money laundering, terrorism and the application of financial penalties for FinecoBank;
− carrying out anti-money laundering and anti-terrorism checks, particularly with regard to the correctness and completeness of the records and the aggregate data sent to the FIU, also with the help of the Risk Assessment & Controls unit, to ensure the continued adequacy of the money laundering risk management process and the suitability of the internal control system and internal procedures adopted in relation to anti-money laundering, proposing the necessary or appropriate organisational and procedural changes to ensure adequate control of the risks;
− carrying out prior assessments in relation to anti-money laundering, anti-terrorism and

financial penalties, for new product or service offerings;

− monitoring the risk profile of customers through the Gianos KYC and Gianos GPR applications;
− performing enhanced customer due diligence in cases where due to objective, environmental or individual circumstances – the risk of money laundering is particularly high (e.g. PEPs, fiduciary mandates, shielded accounts);
− carrying out specific activities for the Bank necessary to counter terrorist financing (checking names/transactions included in blacklists and analysing transactions relating to countries subject to embargoes/restrictions);
− checking for any negative press coverage of customers;
− managing and ensuring the proper storage of the data and information required by the applicable regulations;
− periodically sending aggregated data to the Financial Intelligence Unit (below FIU), checking and analysing reports, anomalies and statistics originating from the FIU, sending objectives communications to the FIU, based on the instructions issued by it, concerning transactions at risk of money laundering, where required by local regulations;
− analysing the following for potentially suspicious transactions to be reported to the Suspicious Transaction Reporting Team: (i) customer transactions extracted from the GIANOS procedure (so-called "unexpected" transactions) or other suspicious transactions identified on an event basis during the course of the unit's activities; (ii) the results of the anomaly indicators under the unit's responsibility, as defined and implemented in accordance with the applicable Bank of Italy regulations;
− identifying and implementing the anti-terrorism lists adopted by the relevant international bodies;
− verifying the reliability of the information system for fulfilling the obligations of customer due diligence, data retention and suspicious transaction reporting;
− supporting the Head of the Anti-Money Laundering Function in the preparation of an adequate anti-money laundering and anti-terrorism training plan for employees and consultant staff, including PFAs;
− supporting the Head of the Anti-Money Laundering Function in the preparation of the Report for the Board of Directors, the Board of Statutory Auditors and the Supervisory Committee, on the work carried out, on the deficiencies identified and the related corrective measures to be implemented, as well as the staff training activities (employees and PFAs);
− preparing and updating the Anti-Money Laundering Manual, which details the responsibilities, tasks and operating procedures for managing money laundering risk, and making it available to all staff;
− maintaining the "Anti-Money Laundering, Anti-Terrorism and Financial Penalties" section of the company intranet.

The Anti-Money Laundering Function has a dedicated Suspicious Transaction Reporting (STR) Team headed by the STR Officer, appointed by the Board of Directors, upon consultation with the Board of Statutory Auditors.

The STR Officer operates in full autonomy and has the task of assessing the potentially suspicious transaction reports sent by the Bank's units and the personal financial advisors of the FinecoBank sales network, and sending the reports considered to be justified to the FIU.

9.1 Chief Executive Officer

In order to comply with Article 6, Recommendation 32 of the Corporate Governance Code (formerly Principle 7.P.3 of the Self-regulation Corporate Governance Code), in compliance with the Supervisory Provisions issued by the Bank of Italy, the responsibility for the internal control and risk management system, also aimed at contributing to the sustainable success of the Company, also pursuant to the Corporate Governance Code, lies with the Board of Directors, which plays a role in guiding and assessing the adequacy of the system and identifies the Chief Executive Officer and General Manager, Mr. Alessandro Foti, as the director in charge of the institution and the Board of Statutory Auditors and maintaining an effective internal control and risk management system (hereinafter, the "Director in Charge").

In the context of the Internal Control System, primarily the Director in Charge, also pursuant to the Corporate Governance Code:

− takes care of the identification of the main corporate risks, taking into account the characteristics of the activities carried out by the Company and its subsidiaries, and submits them to the Board of Directors for examination;
− is responsible for the implementation and performance of the stress testing plan and ensures that clear responsibilities and sufficient resources are assigned and distributed and that all elements of the plan are properly documented and regularly updated in the internal procedures;
− defines the tools and methods for implementing the risk management and control system, in execution of the Board of Directors' guidelines through the design, management and monitoring of the internal control and risk management system, establishing the operational limits to the assumption of the various types of risk, facilitating the development and dissemination of a risk culture, making use of the competent corporate structures and functions;
− oversees the implementation of the strategic guidelines and money laundering risk governance policies approved by the Board of Directors and is responsible for the adoption of all actions necessary to ensure the effectiveness of the organisation and the system of anti-money laundering controls;
− ensures the overall adequacy of the system, its effective operation and its adaptation to changes in the operating environment and in the legislative and regulatory landscape;
− assigning, where necessary, the Internal Audit function with the task of carrying out checks on specific operational areas and on compliance with internal rules and procedures in the execution of corporate transactions, simultaneously notifying the Chairman of the Board of Directors, the Chairman of the Risk and Related Parties Committee and the Chairman of the Board of Statutory Auditors;
− implementing follow-up measures for the Internal Control and Risk System after controls have been carried out, adopting necessary corrective measures or actions if inefficiencies or anomalies are identified, or after the introduction of new products, activities, services or processes that are significant, in order to continuously ensure the completeness, adequacy, functioning and reliability of the internal control system; reporting the results of the checks, envisaged in the risk management and control system, to the Board of Directors;
− promptly reports to the Risk and Related Parties Committee and to the Board of Directors on problems and critical issues that have emerged in the performance of its activities or of which it has otherwise become aware so that the latter may take the appropriate initiatives.

In addition, the Director in Charge has, inter alia, the duty and responsibility to:

− establishing the responsibilities of the corporate structures and functions involved in the risk

management process, to ensure that their tasks are clearly assigned and potential conflicts of interest are prevented;

− establishing and overseeing the adoption of the process to approve investments in new products, the distribution of new products or services or start of new activities or entry into new markets, or the adoption of processes and methods to evaluate company operations, in particular financial instruments, overseeing ongoing updates;
− defining and overseeing the implementation of company policy on the outsourcing of corporate functions;
− defining internal information flows to ensure that the Corporate Bodies and the Corporate Control Functions are fully aware of and can govern risk factors and compliance with the Group's risk objectives (Risk Appetite Framework – RAF);
− authorising, within the RAF and where a tolerance threshold has been defined, the risk appetite being exceeded, within the tolerance threshold limit, reporting to the Board of Directors and identifying the management actions necessary to return the risk to within the target set;
− approving the annual plan of testing of the business continuity measures and reviewing the test results documented in writing;
− ensuring proper, timely and secure management of information for accounting, management and reporting purposes;
− ensuring the completeness, adequacy, functionality (in terms of effectiveness and efficiency) and reliability of the Bank's information system.

With reference to the ICAAP and ILAAP process, the Director in Charge implements this process by ensuring that it is in line with the strategic guidelines and the RAF and that it meets the following requirements: it considers all relevant risks; it includes forward-looking valuations; it uses appropriate methodologies; it is distributed to the internal units; it is adequately formalised and documented; it identifies the roles and responsibilities assigned to the corporate functions and units; it is managed by an adequate number of competent resources, in a hierarchical position sufficient to ensure compliance with the planning; it is an integral part of the management activities.

The Director in Charge submits the ICAAP/ILAAP Annual Report to the corporate bodies, with the support of the Chief Risk Officer and the Chief Financial Officer.

With specific regard to credit and counterparty risk, in line with strategic policies, the Director in Charge shall approve specific guidelines designed to ensure the effectiveness of the system for managing credit risk mitigation techniques and guarantee compliance with the general and specific requirements of such techniques.

With specific regard to internal risk measurement systems for defining capital requirements, the Managing Director and General Manager has the following duties:

− responsibility for the structure and functioning of the system chosen; to perform this duty, he/she shall have an adequate knowledge of relevant aspects;
− issuing instructions to ensure that the system chosen is developed based on identified guidelines, assigning duties and responsibilities to the corporate functions and guaranteeing the formalisation and documentation of the stages of the risk management process;
− ensuring that risk measurement systems are integrated into decision-making and operational management processes;
− considering observations made following the internal audits.

Finally, the Managing Director and General Manager are entrusted with specific tasks for matters

provided for in the internal company regulations.

The Managing Director and General Manager may be invited, by the Chairman of the Committee, to attend the meetings of the Risk and Related Parties Committee. Within these meetings, he/she reports to the Committee on the relevant issues on the agenda, providing clarifications where necessary and responding to any requests for further information from the Committee.

9.2 Risk and Related Parties Committee

The Risk and Related Parties Committee was established on June 17, 2008, as the "Audit Committee". Over the years, the original name of the Committee, its structure and duties have changed, in line with developments in the legal and regulatory framework and with industry best practice. By resolution of April 11, 2017, the Board of Directors established an internal controls and risks committee, to oversee transactions with related parties and with associated persons, pursuant to the Related-Party Regulations, called the "Risk and Related Parties Committee". This committee has the functions and powers envisaged in the applicable Supervisory Regulations on Corporate Governance and the former Self-regulation Corporate Governance Code.

The functions that the Corporate Governance Code assigns to the Control and Risks Committee have been assigned to the Risk and Related Parties Committee.

In compliance with provisions of the Corporate Governance Code, the composition, functioning, organisation and activities of the Risk and Related Parties Committee are governed in the Corporate Bodies Regulations.

9.2.1 Composition and functioning of the Risk and Related Parties Committee (pursuant to Article 123-bis, paragraph 2, letter d) of the TUF)

The Board of Directors appointed members of the Risk and Related Parties Committee on April 28, 2020; all of its members are non-executive and independent Directors.

Furthermore, in accordance with Article 6, Recommendation 35 of the Corporate Governance Code, under which at least one member of the committee is required to have adequate experience in accounting and finance or risk management, the Board of Directors established that all members of the Risk and Related Parties Committee, on their appointment, met the above requirements, and more generally, had the knowledge, expertise and experience to fully understand and monitor the Bank's risk strategies and guidelines.

You are reminded that, in accordance with the Supervisory Regulations on Corporate Governance in force at the date of approval of this Report, the Chairman of the Committee cannot be the Chairman of the Board of Directors or the Chairman of other Committees. It is also good practice, depending on the skills required to hold the position and to ensure the effective performance of the related tasks, to have a Director elected by minority shareholders on the Committee.

By resolution of April 28, 2020, the Board of Directors decided to increase the number of members of the Risk and Related Parties Committee from three to five, in accordance with the recommendation of the outgoing Board of Directors, which had considered it appropriate to increase the number of members of this Committee in light of the increased activity in the area of risk, in view of the Bank's new role as a Parent Company.

As at the date of approval of this Report, the composition of the Risk and Related Parties Committee was as follows:

Name	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Francesco Saita	X	X	X	24/24 (100%)	C
Paola Giannotti De Ponti	X	X	X	24/24 (100%)	M
Elena Biffi	X	X	X	24/24 (100%)	M
Maria Alessandra Zunino de Pignier	X	X	X	24/24 (100%)	M
Marin Gueorguiev	X	X	X	24/24 (100%)	M
------------- Members leaving office during the year-------------
N.A.
No. of Committee meetings as at December 31, 2022: 24

(*) This column shows the percentage attendance at Committee meetings (no. of attendances/no. of meetings held during the actual period in office of the person concerned during the Year).

(**) This column indicates the position of the director on the Committee ("C": Chairman; "M": member).

The members of the Risk and Related Parties Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at December 31, 2022.

The Risk and Related Parties Committee meets, also by means of telecommunication, as often as necessary to perform its functions, and at the request of any of its members or the Chairman of the Board of Statutory Auditors.

If the Chairman is absent or incapacitated, the oldest member of the Committee acts as Chairman.

The Financial Reporting Officer, the Head of the Internal Audit Function, the Chairman of the Board of Statutory Auditors, a Statutory Auditor nominated by the former, the Head of the Compliance function, and the Chief Risk Officer may attend meetings of the Committee; Directors and senior managers of the Company may also be requested to take part in meetings for specific matters, as well as external auditors; in particular, for AML matters, the Head of the related function always takes part.

The Chairman of the Board of Directors and the Managing Director and General Manager of the Company may take part in meetings.

With regard to the activities related to opinions on transactions carried out by the Bank with persons in potential conflict of interest pursuant to the Global Policy, for each transaction

considered, the members of the Risk and Related Parties Committee must be different from the counterparty and its related parties.

If a member of the Committee is a counterparty in the transaction (or connected to the counterparty), he/she must promptly inform the Chairman of the Board of Directors and the Chairman of the Risk and Related Parties Committee and refrain from taking part in any further business of the Committee that refers to that transaction.

In such case, the Committee takes its decision with the casting vote of the Committee Chairman in the event of a tie.

9.2.2 Functions assigned to the Risk and Related Parties Committee

The duties assigned to the Risks and Related Parties Committee are described below.

The role of the Committee is to provide information support, advice, make proposals and enquiries, based on a risk-based approach, in defining guidelines for the entire internal control system, and to assess its effectiveness and efficiency, so that the main risks are properly identified and appropriately measured, managed and monitored, subject to the Board of Directors' power to make all relevant decisions.

The Risk and Related Parties Committee helps to promote a corporate culture that values the control function, steering it towards a risk-oriented approach.

The Committee's mission also includes evaluating the correct use of accounting standards in preparing financial statements and their consistency for the purposes of preparation of the consolidated financial statement, as well as overseeing the effectiveness of audits and the activities of external auditors.

The Committee is also responsible for transactions with related parties and associated persons in accordance with the Related-Party Regulations, pursuant to the applicable Supervisory Regulations, as well as transactions with other persons in potential conflict of interest in accordance with the Global Policy.

The Risk and Related Parties Committee, among other things:

(a) identifies and proposes to the Board of Directors, with the aid of the Appointments Committee, the heads of the corporate control functions (Compliance, Internal Audit, Risk Management and Anti-money Laundering) and the head of Suspicious Transaction Reporting to be appointed and assesses the revocation of their appointment;
(b) supports the Board, to the extent of its competence and with the help of the Appointments Committee, in the process of verifying the satisfaction of the suitability requirements for the heads of the main corporate functions (i.e. AML Officer, Compliance Officer, Head of Internal Audit, Chief Risk Officer, Chief Financial Officer and Financial Reporting Officer) pursuant to current legislation, including internal regulations;
(c) provides opinions on specific aspects relating to the identification of key corporate risks, which is also carried out through the annual process of definition of the RAF;
(d) contributes to the definition, using a risk-based approach, of the guidelines of the internal control system, so that the main risks facing the Company and the Group are correctly identified and adequately measured, managed and monitored, providing recommendations to the Board on compliance with the principles with which the internal control system and

business organisation need to be aligned, and the requirements that need to be met by the Compliance, Internal Audit, Risk Management and Anti-Money Laundering functions, bringing to the attention of the Board any weaknesses, along with the resulting corrective actions to be taken;

(e) reports to the Board of Directors, at least every six months, when the annual financial statements and the half-yearly financial statements are approved, on the activities carried out and the adequacy of the Company's Internal Control and Risk Management System;
(f) performs a prior examination of the activity schedules (including the Internal Audit plan) and the annual reports of the Compliance, Anti-Money Laundering, Internal Audit and Risk Management functions that are submitted to the Board;
(g) examines the periodic reports and audit reports produced by the Internal Audit function and evaluates any findings, monitoring the elimination of reported deficiencies/irregularities, the implementation of the proposed remedies and the adoption of any recommendations;
(h) monitors the independence, adequacy, effectiveness and efficiency of the Internal Audit function;
(i) carries out appropriate preliminary activities to support the assessments and decisions of the Board of Directors regarding the management of risks arising from detrimental events that come to the knowledge of the Board of Directors;
(j) contributes, through assessments and opinions, to defining the company policy on outsourcing of control functions;
(k) verifies that the Compliance, Internal Audit, Risk Management and Anti-Money Laundering functions comply correctly with the instructions and guidelines from the Board and assists the latter in preparing the coordination documents required by the Supervisory Regulations;
(l) after consulting the financial reporting officer, the statutory auditor and the control body, assesses the correct use of the accounting standards and their consistency for the purposes of preparing the consolidated financial statements;
(m) examines the process of preparing interim reports required by law, as well as the annual financial statements, based on reports from the competent functions;
(n) assesses, for the matters within its remit, the suitability of the periodic, financial and nonfinancial reporting to correctly represent the company's business model, strategies, the impact of its activities and its performance;
(o) examines the content of the periodic non-financial reporting relevant to the internal control and risk management system;
(p) supervises the Group auditing process, reviewing the work plan prepared for the audit, the results contained in the report and any letters of recommendations;
(q) meets at least once a year with the external auditors;
(r) examines reports received from the Board of Statutory Auditors, from the Supervisory Board pursuant to Legislative Decree no. 231 of June 8, 2001, and the Regulatory Authorities, assessing the findings and ensuring that any abnormal situations or deficiencies are remedied;
(s) can ask the Internal Audit function to assess specific operating areas, giving simultaneous

notice to the Chairman of the Board of Statutory Auditors, the Chairman of the Board of Directors and the Internal Control and Risk Management System Director;

(t) provides its opinion to the Board of Directors on the Report on corporate governance and ownership structures, for the purpose of describing the key characteristics of the Internal Control and Risk System and the methods of coordinating the parties involved in it (specifying the reference national and international models and best practices), and of assessing the adequacy of the Internal Control and Risk System;
(u) formulates prior opinions (binding, where appropriate) on the procedures governing the identification and management of transactions carried out by the Company with persons in potential conflict of interest pursuant to the Global Policy, as well as on any amendments thereto;
(v) provides preliminary, justified opinions, where expressly required, on the interest in completing transactions with persons in potential conflict of interest put in place by the Bank (21) , and the convenience and substantial correctness of the relevant conditions;
(w) in the case of significant transactions with persons in potential conflict of interest (²²), the Risk and Related Parties Committee is involved – if so deemed by the same, by means of one or more appointed members – in the negotiations and the preparatory phase by receiving a complete and timely information stream, with the power to request information and to make observations to the delegated bodies and the persons in charge of the negotiations or the investigation.

With particular regard to the tasks in matters of risk management and control, the Risk and Related Parties Committee provides support to the Board:

in defining and approving strategic guidelines and risk management policies; in the context of the Risk Appetite Framework (RAF), the Risk and Related Parties Committee carries out the evaluation and proposal making activity required to ensure that the Board of Directors, as required by the Supervisory Regulations, can define and approve the risk objectives ("Risk Appetite") and the risk tolerance threshold ("Risk Tolerance");
in verifying the correct adoption of risk governance strategies and policies and the Risk Appetite Framework (RAF);
in the definition and approval of the Group's recovery plan;
in the definition and revision where appropriate of the policy on resolution governance that defines the governance rules for the Bank's resolution strategy and assists the Board in overseeing its implementation;
in defining policies and processes for evaluating company activities, including verification that the price and conditions of transactions with customers are consistent with the business model and risk strategies;
with regard to banking, financial, investment and insurance products, in relation to: (i) defining the process for approval of new products and services, commencement of new business and entry into new markets; (ii) approving and updating policies containing guidelines on Product Governance requirements; (iii) monitoring the process of governance

⁽ ²¹) In accordance with the Global Policy.

⁽ 22) In accordance with the Global Policy.

of financial instruments, using the reports from the Compliance function, which systematically include information about the financial instruments produced by the intermediary, the services offered and the distribution strategy; (iv) approving proposals for unilateral amendments pursuant to Article 118 of the TUB.

Without prejudice to the responsibilities of the Remuneration Committee, the Risk and Related Parties Committee is involved in the process of identifying the Bank's key personnel and ensures that the incentives underlying the remuneration and incentive system are consistent with the RAF, taking into account in particular risks, capital, liquidity, in line with current regulations (see Bank of Italy Circular no. 285 and the EBA "Guidelines on sound remuneration policies under Directive 2013/36/EU"). In addition, without prejudice to the competences of the Remuneration Committee, the Risk and Related Parties Committee is involved in the definition of the overall remuneration and on the assignment and relative evaluation of the performance objectives of the Heads of the corporate control functions (Head of the Compliance function, Chief Risk Officer, Head of the Internal Audit function, Head of the Anti-Money Laundering function); formulating with reference to Internal Audit an explicit opinion on the definition of the overall remuneration and on the allocation and evaluation of performance objectives.

The Risk and Related Parties Committee and Board of Statutory Auditors exchange all information of mutual interest and, where appropriate, coordinate to perform their respective duties.

9.2.3 Activities performed

During the Year, the Committee carried out the duties assigned to it by the Board of Directors, performing an advisory role for matters concerning the internal control and risk management system.

The Committee met twenty-four times; the average duration of the meetings was three and a half hours, which examined the results of activities carried out by the control functions (for example audit, compliance, anti-money laundering and risk management) by analysing the quarterly reports prepared by the functions. Minutes of each meeting were taken by the designated Secretary.

During the first half of 2022, in addition to carrying out its normal activities, the Committee also conducted numerous in-depth studies on specific issues, including in particular monitoring the progress of the remediation plan approved by the Bank's Board of Directors in response to the Bank of Italy's inspection findings on transparency and customer protection (with partially favorable outcome), in relation to which the Committee requested in-depth analysis and guidance to the Bank's managerial and control functions, verifying the continuation of the actions aimed at managing the shortcomings/areas of improvement identified and monitoring the timing of the implementation of such actions.

The Committee also monitored the progress of the inspection activities initiated by CONSOB on investment services procedures and adjustments to the MIFID II regulations, with particular reference to the feedback provided by the Bank's structures to various requests for clarification/data transmission formulated by the Supervisory Authority.

Also during the first half of the year, the Committee carried out in-depth analysis of the measures adopted/planned by the Bank in response to supervisory initiatives - both supervisory and inspectional - and data collection involving the Bank during 2022, in light of the transition to ECB

supervision, and monitored the progress of the "Independent Review" project activities requested in 2021 by the Committee from the external consultant, which has been entrusted with the task of assessing the alignment of the organisational structures, processes and methodologies of the AML/CFT area with the applicable regulatory references and also the highlighting of any points of improvement in the operations of Fineco's Anti-Money Laundering Function, also as a result of benchmarking analyses.

During the second half of the year, the Committee monitored the analysis initiated by the Bank, initially on the verbal observations made at the conclusion of the on-site phase of CONSOB's ordinary inspection on investment services procedures and adjustments to the MIFID regulations, and then on the observations formally expressed by the Intermediaries Division.

In the same period, the Committee also carried out in-depth analysis activities regarding the measures adopted/planned by the Bank in response to ECB supervisory initiatives and SRB requests, with particular reference, in the first case, to the lines of action in response to the SREP letter and, in the second case, to the Budgeted Multi-annual Resolvability Work Programme 2023, articulated in project sites, launched by the Bank in order to ensure full compliance with the intermediate milestones, in relation to the individual workstreams and the dimensions envisaged by the SRB Expectations, aimed at demonstrating the Bank's ability to be fully resolvable by the end of the phase-in period 2022-2024 defined by the Authority.

The Committee also (i) examined the results of the "Independent Review" project activity entrusted to the external consultant - aimed at assessing the alignment of the organisational structures, processes and methodologies of the AML/CFT area with the applicable regulatory references - in particular, examining the areas for improvement identified and starting to monitor the Bank's initiatives. In general, in its ongoing activity to support the Board in its assessment of the system of internal controls, the Committee requested and had several in-depth meetings to also discuss the prospective evolution of the staffing and resource mix of the control functions (in particular, the analysis of the update of the target sizing of the Internal Audit function, the opportunities for growth of the digital and quantitative skills of the corporate control functions, , the update of the staffing of the control functions) and of the IT function in line with the requirements of the Bank's prospects for growth in size and geography.

As in the past, the Committee examined the formation of the RAF 2023 in several meetings, in terms of proposals for changes to the indicators used and criteria for defining thresholds (and at the beginning of the process analysing the risk inventory process). There was no shortage of ad hoc in-depth analysis relating to issues that emerged during the year. Finally, during the course of the year, the Committee examined the plans of the control functions in relation to which it made some suggestions and requested some changes with a view to more effective risk control.

For the current financial year - up to the date of the next Shareholders' Meeting called, among other things, to decide on the renewal of corporate bodies - eleven Committee meetings have been scheduled, nine of which have already been held.

9.3 Head of the Internal Audit Function

The Board of Directors has appointed the head of the internal audit function who is in charge of verifying that the internal control and risk management system is functional, adequate and consistent with the guidelines defined by the Board.

In particular, on May 6, 2019, the Board of Directors, in relation to the sale of the majority stake held by UniCredit, approved the insourcing of the internal audit function with effect from May 7,

2019, the simultaneous creation of the Internal Audit function, reporting directly to the Board of Directors, and the assignment of responsibility for the Internal Audit function to Ms. Patrizia Verdesca, already appointed on March 7, 2017 as Head of the Internal Audit function of FinecoBank in her role as CAE – Chief Audit Executive of FinecoBank, with effect from March 13, 2017.

The Board of Directors determined the remuneration of the head of the internal audit function, in line with the company policies, and ensured that she had sufficient resources to carry out her duties.

Internal Audit performs independent and objective assurance verifications to assess, contribute to and improve the Internal Control System of FinecoBank and the Group, by assessing and improving the adequacy and effectiveness of the governance, risk management and control processes. It may also provide advisory services concerning the design and functioning of the internal control system, which, without compromising its independence, aim to provide added value and support the Bank in achieving its objectives.

The Internal Audit function also directs, coordinates and supervises the Group's internal audit activities carried out by the competent units of the subsidiaries; in addition to the Parent Company, it also carries out on-site or remote audits on the Group companies. In particular, it coordinates and supervises the Internal Audit work carried out by the Internal Audit function of the subsidiary Fineco Asset Management DAC.

The Internal Audit function, in accordance with the Supervisory Regulations, is independent from the other corporate functions and reports to the Board of Directors directly or through the Risk and Related Parties Committee. It operates in compliance with the "Audit Mandate", the latest version of which was approved by the Board of Directors on January 19, 2021, which sets out its mission, responsibilities, organisational positioning, independence, duties and authority.

The Internal Audit function has unlimited access to all business functions, records, property and personnel of the Bank.

In accordance with external regulations(23) , the Head of the Internal Audit function is not responsible for any operational area; provides an annual assessment to the Board of Directors, as well as the Risk and Related Parties Committee, the Board of Statutory Auditors and the Managing Director and General Manager, of the adequacy and effectiveness of the Bank's risk management and control processes in the areas within his/her mission and scope of responsibility, with the objective of assessing, providing added value and contributing to improving the Bank's Internal Control System.

The Board of Directors, in its meeting of January 18, 2022, approved the audit plan prepared by the head of the internal audit function, with the favourable opinion of the Risk and Related Parties Committee, the Managing Director and General Manager, and after consulting the Board of Statutory Auditors. The Plan was subsequently supplemented by a resolution of the Board of Directors on September 13, 2022.

During the Year, the head of the internal audit function:

• verified, both on an ongoing basis and in relation to specific needs and in compliance with international standards, the functioning and the suitability of the internal control and risk

⁽ ²³) For the Year, the reference – in addition to the Supervisory Regulations – is to Article 6, Recommendation 36 of the Corporate Governance Code (prior to that the reference was to Application Criterion 7.C.5 of the Self-regulation Corporate Governance Code in force until December 31, 2020).

management system according to the audit plan, approved by the Board and based on a structured process of analysis and prioritisation of the main risks. In particular, the internal audit function maintains its own Group Process Library and Audit Universe, which map all processes, operations, subsidiaries and any other elements relevant to the Group and the Bank respectively. During the Financial Year these were revised to align them with the operational and organisational changes that had taken place. In addition, a risk assessment was carried out on each element, taking into account all the available information (e.g. strategic and business importance, regulatory requirements, risk impacts, level one and level two controls, results of audits and any external checks/inspections, evaluation of outsourcer performance, etc.), to identify the residual risk and the audit need; the latter defines the frequency of internal audit activities to be carried out on each element of the Audit Universe.

At the same time, the internal audit function identified the main potential risks to which the Group is exposed ("Group Risk Map"), which consolidates information, on the basis of professional judgement, on risk scenarios obtained from external sources, input from the Group's Top Management, any observations made by Supervisory Authorities and external auditors, and the main risks reported by the Internal Audit functions of the Group's Legal Entities.

Based on the results of the risk assessment and the Group Risk Map, the main risks were prioritised and the annual and multi-year audit plans were defined, which, as indicated above, were submitted to the Board of Directors for approval;

prepared periodic (quarterly and annual) reports containing adequate information on its activity, on the ways in which risk management is conducted, as well as on compliance with the plans defined for the containment of risks, in addition to an assessment of the suitability of the internal control and risk management system, and sent them to the Chairmen of the Board of Statutory Auditors, the Risk and Related Parties Committee and the Board of Directors, as well as the Managing Director and General Manager;
verified, as part of the audit plan, the reliability of information systems including accounting systems in the audit ICT & Cyber Risk Management Framework, in the checks carried out on the Business Continuity 2021 tests, nor through the standard checks on the adequacy of the support to the audited processes provided by the specific information systems used.

In 2022, all the audits envisaged in the annual plan approved by the Board of Directors were carried out (18 on processes and 400 on the Personal Financial Advisors network), the mandatory annual reports were prepared ((i) the report on the audit activities carried out in the year 2021 on investment services – pursuant to Article 24 of. Delegated Regulation EU 565/2017, (ii) report requested by the Bank of Italy concerning the findings of the 2021 audits performed on the outsourced important operational or control functions, the deficiencies found and the consequent corrective actions taken, (iii) report on the internal audit activities carried out in 2021)), three unplanned interventions.

The following audits were carried out on the processes included in the annual plan:

Global Audit on Remuneration and incentive policies for staff and the sales network
ICAAP, Risk Appetite Framework and ILAAP
Product offering combined with financing
Follow Up Report "Outsourcing Controls over significant outsourced operational functions and IT services outsourced or provided by third parties"
ICT & Cyber Risk Management Framework
Sanctions & Embargoes
EMIR and SFTR
Pillar III with focus on market risk
OSI Banca d'Italia Transparency: verifying the implementation of planned corrective actions (September 2021 - February 2022)
OSI Banca d'Italia Transparency: verifying the implementation of planned corrective actions (March-June 2022)
In-out SEPA and foreign transfers
Related Parties and Conflicts of Interest
Interbank Deposit Guarantee Fund: Single Customer View (SCV) Framework
Review of the annual validation report on algorithmic trading systems
Global Audit on ESG including Greenwashing
Top management
Definition and monitoring of the ICT strategy
Design of processes related to organisational development and sizing.

9.4 Organisational model pursuant to Legislative Decree 231/2001

On March 15, 2010, the Board of Directors approved FinecoBank's Organisation Management and Control Model (below the "Model"), pursuant to Legislative Decree no. 231 of June 8, 2001, on "Provisions for the administrative liability of company bodies, Companies and associations also without legal status" (the "Legislative Decree 231/2001"). This document was subsequently amended to take into account subsequent regulations and the current version was approved by the Board of Directors by resolution of May 10, 2022.

Currently, the Model is comprised of:

(i) a general part, divided into seven chapters, which describes the following: the scope and purposes of the Model; the applicable regulatory framework; the description of the management and control system adopted by FinecoBank to mitigate the risk of commission of offences pursuant to Legislative Decree 231/2001; the functioning of the body appointed to supervise the functioning of and compliance with the Model; the disciplinary system and related penalties; the information and training plan to be adopted in order to guarantee knowledge of the measures and provisions of the Model; the criteria for updating and adapting the Model;
(ii) a special part, containing the decision protocols.

The Model includes the following attachments, which are an integral part of it:

Attachment 1 containing the "List of predicate offences and individual criminal offences";
Attachment 2 containing the "Code of ethics pursuant to Legislative Decree 231/01" which sets out the rules to guarantee that the conduct of the Model's recipients is always based on criteria of fairness, collaboration, loyalty, transparency and mutual respect, and also to avoid conduct that may constitute the criminal offences and predicate administrative offences;
Attachment 3 "Information flows to the Supervisory Committee".

In addition, on May 11, 2012, the Board of Directors resolved to adopt the Group Integrity Charter and Code of Conduct (last updated by resolution of April 13, 2021). The document (below also the "Code") supplements the current rules on banking, investment services and employment, identifying the fundamental principles of conduct for those working for the company. The Code

therefore concerns all persons performing activities on behalf of the Company: members of supervisory, management and control bodies of the Company, employees, personal financial advisors authorised for cold-calling, outsourcers.

In accordance with provisions in Article 6, paragraph 1 of Legislative Decree 231/2001, the Company has also established a specific body (below, the "Supervisory Committee") to monitor the functioning of and compliance with the Model, and its continual updating.

For this purpose, the Supervisory Committee, among other things: (i) has independent powers to act and carry out controls, and independent spending powers;(ii) periodically reports to the Risk and Related Parties Committee on the Model's functioning; and (iii) provides the Board of Directors, on an annual basis, a written report on the implementation status of the Model, and in particular, on controls carried out and on critical aspects and anomalies identified.

The term of office of the members of the Committee is the same as the Board of Directors which appointed it and its members can be re-elected.

The current Board of Directors was appointed by resolution of the Board of Directors on June 9, 2020, for a term of three years (2020-2022). Its composition was also changed on that date, with a reduction from two to one "internal member", identified as the Head of Internal Audit, and the consequent departure of the Head of Legal & Corporate Affairs and the Compliance Officer. As a result, at the date of approval of this Report, the composition of the Supervisory Committee was as follows.

GIVEN NAME AND SURNAME	POSITION
Marianna Li Calzi	External member (Chairman)
Salvatore Messina	External Member
Patrizia Verdesca	Head of Internal Audit

The Model adopted by the Company, as described above, is available on the Issuer's website: www.finecobank.com at the following link https://images.finecobank.com/common/pub/pdf/corporate/governance/modello-organizzazione gestione.pdf.

9.5 Auditing Firm

In accordance with the regulatory provisions, FinecoBank considers the statutory auditing firm (below the "External Auditors") to be an actor in the Group's Internal Control System. As also envisaged by Legislative Decree 39 of January 27, 2010, and Regulation (EU) 537/2014, the external auditors provide their opinion on the financial statements annually in a specific report and verify, during the course of the year, that the company accounts are properly kept and that the operating events are correctly recorded in the accounting records.

In addition, the external auditors, again in accordance with the provisions of Legislative Decree 39, of January 27, 2010, and Regulation (EU) 537/2014, submit a report to the Board of Statutory Auditors on the key issues that emerged during the independent audit and in particular on any deficiencies found in the Internal Control System in relation to the financial reporting process.

The Shareholders' Meeting of April 28, 2021 assigned the engagement to KPMG S.p.A., pursuant to Article 13, paragraph 1 of Legislative Decree no. 39, of January 27, 2010, for the independent audit of FinecoBank's accounts for the financial years 2022 to 2030. In particular, the independent audit engagement involves verifying:

that the financial statements of FinecoBank S.p.A. and the consolidated financial statements of FinecoBank Group comply with the rules governing their preparation and that they give a true and fair view of the financial position and results of operations for the year;
during the course of the Year, that the company accounts have been properly kept and operating events have been correctly recorded in FinecoBank S.p.A.'s accounting records.

KPMG S.p.A. has also been awarded the engagement to carry out the voluntary audit, which includes:

issuing the provisional attestation letter on the annual accounting schedules included in the Bank's annual financial statements and in the Group's consolidated financial statements, related to the audit work carried out for the inclusion of the profit for the year in the calculation of Common Equity Tier 1 capital, as required by Article 26, paragraph 2, letter a) of Regulation (EU) No. 575/2013 of the European Parliament and of the Council, before the adoption of a formal decision to confirm the final result for the year;
the limited audit of the condensed consolidated half-yearly financial statements for the half years ending June 30, 2022 to June 30, 2030;
the limited audit of the individual financial statements prepared for the determination of the Bank's half-yearly results, for the half years ending June 30, 2022 to June 30, 2030, for the calculation of FinecoBank S.p.A.'s Common Equity Tier 1 capital as at June 30 as required by Regulation (EU) 575/2013 of the European Parliament and of the Council;
a limited audit of the individual and consolidated financial statements prepared for the determination of the Bank's and the Group's results for the 3-month periods ending March 31, 2022 to March 31, 2030 and for the 9-month periods ending September 30, 2022 to September 30, 2030, for the calculation of the Common Equity Tier 1 capital, as required by Regulation (EU) 575/2013 of the European Parliament and of the Council.

9.6 Financial Reporting Officer

By resolution of April 28, 2020, subject to approval from the Board of Statutory Auditors and in compliance with Article 154-bis, paragraph 1 of the TUF and Article 28 of the Articles of Association, the Board of Directors of the Company renewed the appointment, for a three year period, of Ms. Lorena Pelliciari (the Chief Financial Officer of the Bank) as the Financial Reporting Officer of the Company, who is assigned the duties envisaged in Article 154-bis of the TUF.

As established by Article 28 of the Articles of Association and subject to the mandatory opinion of the Board of Statutory Auditors, the Board of Directors appoints the Officer responsible for preparing the financial reports (below the "Financial Reporting Officer"), pursuant to Article 154-bis of the TUF.

The Financial Reporting Officer is selected by the Board of Directors from the senior managers of the Company that have specific expertise, in administrative and accounting terms, of lending, finance, securities or insurance. This expertise, to be verified by the Board of Directors, must be

gained from professional experience in a position of adequate responsibility for a suitable period and in enterprises comparable to the Company. The Financial Reporting Officer must also meet the good standing requirements laid down by the applicable regulations for positions indicated in the Articles of Association. If the Officer no longer meets the good standing requirements, he/she shall be removed from office.

Ms. Lorena Pelliciari has gained considerable experience as Chief Financial Officer of FinecoBank and therefore has excellent knowledge of processes for the preparation of the Company's accounting and financial documents. She therefore meets the professional standing requirements established in Article 28 of the Articles of Association.

The Board of Directors also gave Ms. Lorena Pelliciari the following powers, in order for her carry out her duties as Financial Reporting Officer:

(i) unrestricted access to all information considered relevant for her duties within the Company;
(ii) taking part in Board Meetings dealing with matters in her area of responsibility;
(iii) liaising with the Company's management and control bodies;
(iv) approving company procedures, when they have an impact on the financial statements or other documents that are certified;
(v) involvement in the design of IT systems that have an impact on the Company's financial position and performance;
(vi) using the internal audit, organisation and compliance function to map and analyse processes within her area of responsibility and carry out specific controls;
(vii) using IT systems;
(viii) updating, amending and supplementing, also with the assistance of external advisors, procedures on: (a) the standardisation of information flows to the Financial Reporting Officer; and (b) the preparation of financial statements and all other types of financial disclosure.

Lastly, the Board of Directors has granted the Financial Reporting Officer all the powers necessary, or merely appropriate, to carry out the tasks assigned to her on the basis of the applicable regulations, and has established, for the purpose of the exercise of its supervisory powers, that the Financial Reporting Officer shall report at least quarterly to the Board of Directors on activities carried out, as well as any critical aspects identified.

Financial reporting process

With regard to the main characteristics of the Internal Control and Risk System in relation to financial reporting, including the reporting of consolidated information, in accordance with Article 154-bis of the TUF, the Financial Reporting Officer of FinecoBank is responsible for (i) setting up appropriate administrative and accounting procedures for the preparation of the separate and consolidated financial statements, as well as all other forms of financial reporting; (ii) including a written statement with the documents and notices required by law or disclosed to the market, containing information and data on the financial position and performance of the Company, declaring that this information and data is accurate; (iii) arranging for the preparation of the financial statements, interim reporting; and (iv) within his/her areas of responsibility, representing the Bank in relations with the international financial community.

The Financial Reporting Officer, along with the Managing Director and General Manager, in a

report on the financial statements (including the consolidated financial statements) and condensed half-year financial statements must also certify:

the adequacy and actual adoption of administrative and accounting procedures;
compliance with applicable international accounting standards endorsed by the European Community pursuant to Regulation (EC) No 1606/2002;
the consistency of the accounting records;
the accurate representation of the financial position and performance of the Company;
the inclusion in the report on operations of reliable analysis of the company's performance, operations and situation, along with a description of main risks and uncertainties to which it is exposed.

As established by Article 28 of the Articles of Association, the Board of Directors ensures that the Financial Reporting Officer has adequate powers and resources to carry out the duties assigned to her by the applicable regulations, and to comply with administrative and accounting procedures. In carrying out her duties, the Financial Reporting Officer may be assisted by all Bank units.

9.7 Coordination between the actors involved in the risk management system of internal controls

Procedures for interaction between the corporate functions and bodies involved in the risk management and control system have been designed to prevent overlapping or gaps as far as possible, or to alter, also in substance, the main responsibilities of the corporate bodies concerning the risk management and control system.

The proper functioning of the Internal Control System is based on effective interaction in performing their duties (of providing guidelines, implementation, review and evaluations) between the corporate bodies, their internal committees, the corporate control functions, the external auditors, and the control functions.

Specifically, the Bank has established forms of cooperation and coordination between the control functions, through specific formalised information flows on internal regulations and through managerial committees dedicated to control issues. In order to formalise existing coordination practices, with a view to an increasingly integrated and comprehensive Internal Control System, the "Control Functions Coordination Committee" was established in January 2022; the Management Committee - made up of the Head of Internal Audit, who acts as Chairman, the Head of Compliance, the Head of the Anti-Money Laundering Function, the Data Protection Officer (DPO), the Chief Risk Officer (CRO) by the Chief Internal Validation and the Chief Financial Officer (CFO) - has the task of guaranteeing the integration and connection between the Control Functions, in order to coordinate the mitigation paths of the risks detected by the same and improve the Company's overall Internal Control System. To this end, the Committee prepares integrated reports of the Control Functions, identifying the main risks to which the Bank and the Group are exposed.

Interaction between level two and level three control functions is part of a more general framework of ongoing, proactive cooperation, which is mainly formalised in specific regulations/internal regulations and includes:

participation in the process of definition and/or updating of internal regulations in relation to

risks and controls;

the exchange of information flows, documents or data, as well as access to all resources or company information in line with the control requirements of functions;
the drafting of an integrated plan for the control functions;
involvement in board and managerial committees, systematically or on request;
involvement in working groups, which are set up from time to time for risk and control issues.

The ultimate purpose of the interaction between the control functions and continual reporting by them to the corporate bodies is to establish a corporate governance system that guarantees sound and prudent management, also through more effective monitoring of risk, at all company levels.

Within FinecoBank, the coordination between the corporate bodies and control functions consists of:

coordination and cooperation procedures;
application of the Group coordination model defined as part of the management and coordination performed by the Parent Company;
coordination and cooperation information flows.

Without prejudice to their mutual independence and respective roles, operating procedures are defined to foster forms of coordination between the corporate control functions and the supervisory functions in specific areas, as well as cooperation and liaison between the corporate control functions and between them and the Corporate Bodies, in order to develop control methods in line with the corporate strategies and operations.

A series of coordination activities related to the Internal Control System implemented as part of the ordinary work of the committees.

To ensure the coordination and interaction between the various control functions and bodies (required by the corporate, accounting or supervisory regulations), an update of the document "Document on the corporate bodies and functions with supervisory tasks" was approved by the Board of Directors at its meeting of August 2, 2022, after examination by the Risk and Related Parties Committee. This document, which specifies the tasks and responsibilities of the various bodies and control functions and the methods of coordination/collaboration, as well as the information flows exchanged between them as required by the Supervisory Regulations on Corporate Governance, has been circulated to all the units concerned.

10. DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS

On November 5, 2019, the Board Of Directors, after obtaining the favourable opinion of the Risk and Related Parties Committee and Board of Statutory Auditors, adopted the Global Policy governing transactions with:

related parties in accordance with the Related-Party Regulations;
associated persons in accordance with the Supervisory Regulations (Part Three, Chapter 11);
bank corporate officers in accordance with Article 136 of the TUB;
other entities identified by the Bank on a discretionary basis.

The Global Policy has updated and replaced the previous "Procedures for the management of transactions with persons in conflict of interest".

The Global Policy addresses governance issues, the scope of the procedures and the procedural and organisational profiles relating to managing transactions with persons in potential conflict of interest in accordance with the applicable regulations above-mentioned, as regards the operations of the Parent Company and the other FinecoBank Group companies (i.e. currently solely FAM).

The Global Policy describes the activities concerning:

the identification, updating and ongoing monitoring of persons in potential conflict of interest; and
the management of transactions with persons in potential conflict of interest, with regard to, among others, the management of the approval process, the disclosure requirements and transparency.

It also sets out the:

procedures for the management of transactions with persons in potential conflict of interest;
organisational units of FinecoBank involved and their role;
internal and external information flows, also to the market;
monitoring and control activities and methods for updating the Global Policy.

With regard to FinecoBank, related parties in accordance with the Related-Party Regulations, associated persons in accordance with the Supervisory Regulations (Part Three, Chapter 11), as well as other persons in potential conflict of interest identified on a discretionary basis by the Bank, constitute the "FinecoBank Perimeter" which together with the "Perimeter of Bank Corporate Officers pursuant to Article 136 of the TUB" identifies parties in potential conflict of interest for the Company.

The "FinecoBank Perimeter", in turn, is part of the "Single Perimeter" which also includes the "Perimeter of the other Banks and Supervised Intermediaries of the FinecoBank Group". At the date of approval of this Global Policy, the FinecoBank Banking Group consisted of the Parent Company and only the subsidiary Fineco Asset Management DAC, to which the definition of Supervised Intermediary was applied on a voluntary basis, even though the conditions did not apply. Consequently, given the Group's current shareholding structure, the FinecoBank Group's Single Perimeter currently consists of the FinecoBank Perimeter (as bank and listed issuer) and the perimeter of the subsidiary Fineco Asset Management DAC.

In compliance with the Related-Party Regulations and the Supervisory Regulations (Part Three, Chapter 11), the Global Policy identifies and distinguishes, based on the materiality threshold, between material transactions, non-material transactions and minor transactions.

As regards transactions with members of the "Single Perimeter", the Global Policy requires specific information flows to:

FinecoBank Oversight Unit;
Board of Directors and Board of Statutory Auditors;
Risk and Related Parties Committee;
Compliance Function;
Chief Financial Officer.

As can be seen from the above and from the identification of the "Perimeter of Bank Corporate Officers pursuant to Article 136 of the TUB", the Global Policy also regulates transactions carried out with relevant persons pursuant to Article 136 of the Consolidated Banking Act (i.e. directors – including the Managing Director and General Manager – and Statutory Auditors – standing and stand-in – as well as certain persons potentially related to them). Pursuant to Article 136 of the TUB, bank corporate officers (or persons potentially related to them) may not enter into obligations of any kind or perform acts of sale or purchase, directly or indirectly, with the bank that they manage, direct or control unless a unanimous resolution of the Board of Directors and the favourable vote of all the members of the Board of Statutory Auditors has been passed, subject to the obligations laid down in the Civil Code with regard to directors' interests and transactions with related parties and associated persons.

Without affecting the above, on December 16, 2021, the Board of Directors, subject to the favourable opinion of the Risk and Related Parties Committee as well as the Board of Statutory Auditors, approved a new version of the Global Policy to adapt its text to the changes introduced in relation to loans to corporate officers and their related parties as transposed in the act issuing the 35th update to Bank of Italy Circular no. 285 of December 17, 2013, published on June 30, 2021, aimed at aligning the rules in this respect with the provision of Article 88 CRD, according to which Member States must ensure that data on loans granted to members of the management body (i.e. members of the administrative, management and control bodies) and their related parties are duly documented and made available to the competent authorities on request. In this respect, a specific definition of "related party" has been established. Therefore, the Global Policy in force – in addition to regulating transactions with CONSOB related parties, Bank of Italy associated persons, bank corporate officers pursuant to Article 136 of the TUB and other potentially significant parties – also regulates transactions with members of the new perimeter pursuant to Article 88 of the CRD.

It should also be noted that the Board of Directors, in its meeting of February 7, 2023, approved a new version of the Global Policy, in which the roles of the functions involved in the monitoring, collection and recording of information concerning the Single Perimeter are described in greater detail.

The full text of the Global Policy, to which reference should be made for further details, is available on the Company's website at www.finecobank.com in the "About us/Governance/Related Parties and Affiliated Parties" section.

Lastly, in compliance with the CONSOB instructions and guidelines contained in Communication no. DEM/10078683 of September 24, 2010, in order to adopt the Related-Party Regulations, the Company has assigned its Risk and Related Parties Committee the functions of the related-parties committee. For details of the composition, functioning and duties of the aforementioned Committee, see Paragraph 9.2 above.

* * *

Without prejudice to the above, directors are also subject to the provisions of Article 2391 of the Civil Code concerning directors' interests and according to which the director must inform the other members of the Board of Directors and the Board of Statutory Auditors of any interest which, on his/her own behalf or on behalf of third parties, he/she may have in a particular transaction of the company, specifying the nature, terms, origin and extent. The related resolution of the Board must adequately justify the reasons and advantages for the Company of the transaction, without prejudice to any other provisions of law or regulations applicable on the subject.

11. BOARD OF STATUTORY AUDITORS

11.1 Appointment and Replacement of Statutory Auditors

In compliance with laws and regulations applicable to listed companies, Article 23 of the Articles of Association requires the Board of Statutory Auditors to be appointed by the Shareholders' Meeting, based on lists of candidates submitted by Shareholders (each list shall contain the names of the candidates numbered progressively), according to the procedure described below.

Pursuant to Article 23, paragraph 2, of the Articles of Association (as amended by the Extraordinary Shareholders' Meeting of February 18, 2020), the Statutory Auditors must be suitable to hold the position, in accordance with the provisions of the legislation in force at the time and the Articles of Association and, in particular, they must meet the requirements of professional expertise, integrity and independence and comply with the criteria of competence, correctness and dedication of time and the specific limits on the number of positions held as set out by legislation in force at the time and by the Articles of Association and in any event those set out by the European Directive no. 36 of June 26, 2013 (CRD IV).

The Statutory Auditors, in addition to the independence requirements provided for by the legislation in force at the time, must satisfy the independence requirements provided for by Article 13, paragraph 3, of the Articles of Association and, therefore, must satisfy the independence requirements set forth in the Corporate Governance Code.

Shareholders can submit a list for the appointment of Statutory Auditors, provided that when they submit the list they hold, alone or in conjunction with other presenting shareholders, at least the minimum percentage of share capital established by the laws and regulations in force at the time. CONSOB, in its Executive Resolution by the Head of the Corporate Governance Division no. 76 of January 30, 2023, set the minimum shareholding required for FinecoBank to submit lists of candidates for election to the Board of Directors and Board of Statutory Auditors at 1% of share capital.

Ownership of the minimum shareholding required is calculated based on the shares registered for each shareholder on the day when the lists are filed at the Company; the related certification may be submitted after the lists have been filed, provided that it is done within the deadline for publication of the lists.

Each party entitled to vote (as well as (i) entitled persons belonging to the same group, intended as a party, which need not be a corporation, exercising control pursuant to Article 2359 of the Civil Code and any subsidiary controlled by, or under the control of the said party, or (ii) shareholders who are party to a shareholders' agreement pursuant to Article 122 of the TUF, or (iii) entitled persons who are otherwise associated with each other in a material relationship pursuant to current and applicable statutory or regulatory provisions) may submit individually or with others only one list, just like each candidate can be included in only one list, or otherwise be considered ineligible.

Lists are divided in two sections, containing respectively up to three candidates for the position of Statutory Auditor and up to two candidates for the position of Stand-in Statutory Auditor.

At least the first two candidates for the position of Statutory Auditor and the first candidate for the position of Stand-in Statutory Auditor in the respective lists must be entered in the Register of Auditors and have experience as statutory auditors.

Each list for the position of Statutory Auditor and Stand-in Auditor must include a number of candidates of the less represented gender such that the list satisfies at least the minimum gender

balance required by the applicable laws and regulations(24) .

In order to be valid, the lists must be filed at the Registered Office or Head Office, also by means of remote communication and in accordance with procedures stated in the notice of call which allows for the identification of parties filing the lists, no later than twenty-five days before the date of the Shareholders' Meeting (or within a different deadline according to applicable laws) and must be made available to the public at the registered office, on the Company's website and through other channels provided for under current laws at least twenty-one days prior to the date of the Shareholders' Meeting (or within a different deadline according to applicable laws).

Minority shareholders who are not affiliated with the Shareholders concerned shall be entitled to extend the deadline for submitting lists in the circumstances and according to the procedures in applicable laws and regulations.

Each eligible voter may vote for one list only.

The members of the Board of Statutory Auditors are elected as follows:

(a) 2 (two) Statutory Auditors and 1 (one) Stand-in Auditor are taken from the list that has received the highest number of votes cast by entitled persons, in the order in which they appear on the list;
(b) the remaining Statutory Auditor and Stand-in Auditor are taken from the list that has received the most votes after the one referred to in (a) and the first candidates of the relevant section are appointed as the Statutory Auditor and Stand-in Auditor, respectively.

The Chairmanship of the Board of Statutory Auditors will go to the first candidate of the minority list of Statutory Auditors receiving the most votes.

If, in accordance with the deadlines and procedures set forth above, only one list or no list has been submitted, or the lists do not contain the required number of candidates to be elected, the Shareholders' Meeting shall pass a resolution for the appointment or completion of the Board of Statutory Auditors by relative majority. If there is a tie vote between several candidates, a runoff election is held between them with a further vote of the Shareholders' Meeting. The Shareholders' Meeting is required to ensure compliance with the provisions of applicable laws and regulations concerning gender balance.

In the event of death, resignation, withdrawal or removal from office for any other reason of a Statutory Auditor, he/she shall be replaced by the Stand-in Statutory Auditor, from the same list as the outgoing Auditor, in the order in which they appear on the list, in compliance with the minimum number of members entered in the Register of Auditors who have been engaged in auditing activities, and in adherence to gender equality principles. If this is not possible, the outgoing Auditor shall be replaced by the Stand-in Statutory Auditor meeting the specified requirements, taken from the minority list that received the most votes, according to the order in which they appear on the list. Where the appointment of Statutory Auditors is not carried out using the list voting system, the Stand-in Statutory Auditor shall take over pursuant to statutory provisions. If it is necessary to replace the Chairman, the Stand-in Statutory Auditor taking over shall also serve as Chairman. The Shareholders appoint or replace Statutory Auditors in meetings

⁽ ²⁴) Resolution no. 21359 of May 13, 2020, amended Article 144-undecies.1 of the Issuer Regulations, paragraph 3 of which, in its current wording, establishes that "Where the application of gender division criteria does not result in a whole number of members of the management or control body belonging to the least represented gender, this number is rounded up, except for the corporate bodies made up of three members, for which the rounding takes place by default to the lower unit".

called in accordance with Article 2401, paragraph 1 of the Civil Code in compliance with the principle of adequate representation of minority shareholders and gender balance. Where the appointment of the Stand-in Statutory Auditor to replace the Statutory Auditor is not confirmed by the Shareholders' Meeting, he/she shall return to his/her position as Stand-in Auditor.

Pursuant to the Corporate Bodies Regulations, the composition of the Board of Statutory Auditors must be gender balanced as provided for by the laws in force at the time, as well as reflect an adequate degree of diversification in terms of, inter alia, skills, experience, age and international exposure, which will be defined, at each renewal, following completion of the self-assessment process of the Board of Directors (described in Annex A of the Corporate Bodies Regulations) and communicated to Shareholders and the market through the publication of the document on the qualitative and quantitative composition of the Board.

11.2 Composition and Functioning of the Board of Statutory Auditors (pursuant to Article 123-bis(2)(d) and (d-bis) of the TUF)

Pursuant to Article 23 of the Articles of Association and in compliance with current rules and regulations, at least 2 Statutory Auditors and 1 Stand-in Auditor must have been entered in the Register of Auditors for at least three years and have at least three years' experience as a statutory auditor. Statutory Auditors who are not entered in the Register of Auditors must have gained at least three years' experience in:

(a) professional activities as a certified public accountant or lawyer, rendered primarily to the banking, insurance and financial sectors;
(b) performing university teaching on subjects relating to in the legal field banking, commercial, tax and financial markets law and – in the business/finance field – banking operations, business economics, accountancy, economics of the securities market, economics of financial and international markets, corporate finance;
(c) performing managerial duties in public entities or public administrations, in the credit, financial and insurance sector or in the provision of investment services or in collective asset management, as both defined by the TUF.

Pursuant to the Articles of Association in force as at the date of this Report, the Statutory Auditors must be suitable to hold the position, in accordance with the provisions of the legislation in force at the time and the Articles of Association and, in particular, they must meet the requirements of professional expertise, integrity and independence and comply with the criteria of competence, correctness and dedication of time and the specific limits on the number of positions held as set out by legislation in force at the time and by the Articles of Association and in any event those set out by the European Directive no. 36 of June 26, 2013 (CRD IV)(25) .

In addition, the Statutory Auditors of FinecoBank must meet the independence requirements set forth in Article 2, paragraph 7, of the Corporate Governance Code as well as the requirements set

⁽ ²⁵) As at the date of this Report, the suitability requirements and criteria to be met by bank officers are governed by Ministerial Decree 169/2020, also taking into account further regulations on the subject issued at European level.

forth in Article 148, paragraph 3, of the TUF.

In application of Article 144-novies of the Issuer Regulations and the above Application Criterion, the satisfaction of the above requirements by the members of the Board of Statutory Auditors is assessed by the competent body: (i) following appointment, the outcome of which is disclosed to the market by means of a press release; (ii) on an annual basis, reporting the results thereof in the annual corporate governance report.

The Company's Board of Statutory Auditors currently in office was appointed by the Shareholders' Meeting held on April 28, 2020 and will remain in office until the approval of the financial statements for the year 2022.

The Statutory Auditors were appointed based on a list voting system, pursuant to Article 23 of the Articles of Association and in compliance with applicable laws and regulations. Specifically, a list of candidates was submitted by several asset management companies and institutional investors (owners of a total of 32,243,324 ordinary shares representing 5.29155% of the share capital), which nominated: (a) Elena Spagnol, Massimo Gatto and Chiara Orlandini for the position of Statutory Auditor; (b) Luisa Marina Pasotti and Giacomo Ramenghi for the position of Stand-in Auditor.

The following documents were filed and published along with the two lists, in the manner required:

(i) a statement from shareholders other than shareholders that hold, also jointly, a controlling or relative majority interest, certifying the absence of any connection and/or significant relations with the latter as provided for by Article 147-ter, paragraph 3 of the TUF and Article 144-quinquies of the Issuer Regulations, having also taken note of the CONSOB recommendations in its Communication no. DEM/9017893 of February 26, 2009;
(ii) comprehensive information on the personal and professional characteristics of the candidates included in the list (curriculum vitae and the list of administration, management and control positions they hold in other companies, relevant under law);
(iii) statements whereby individual candidates irrevocably accepted the position (subject to their appointment) and certified, under their responsibility, that there were no grounds for their ineligibility or incompatibility to stand as a candidate, and that they met the requirements of applicable laws, regulatory provisions, the Articles of Association and the Corporate Governance Code.

The lists, together with the above documents, were filed on the Company's website ("About us/Governance/Shareholders' Meetings" section).

The Shareholders' Meeting of April 28, 2020, then appointed the Board of Statutory Auditors (comprising three Statutory Auditors and two Stand-In Auditors) for the 2020-2022 period in the persons of Elena Spagnol, Massimo Gatto and Chiara Orlandini, as Statutory Auditors, and Luisa Marina Pasotti and Giacomo Ramenghi, as Stand-In Auditors.

For details of the percentage votes for the above list with respect to voting capital, see the summary report on voting, available on the Company's website ("About us/Governance/Shareholders' Meeting" section).

The Shareholders' Meeting also resolved, taking into account the indications from the Board of Directors and the recommendations from the Remuneration Committee, to set the annual remuneration of the Chairman of the Board of Statutory Auditors at €65,000.00 and of the Statutory Auditors at €50,000.00, in addition to an attendance fee of €600.00 for each meeting of

the Board of Statutory Auditors and the Board of Directors. In this context, the remuneration is commensurate with the commitment required, the importance of the role covered, the size of the company and the characteristics of its industry sector, also taking into account the assumption by FinecoBank of the role of Parent Company of a Banking Group following its departure from the UniCredit Group, and the consequent greater commitment required from the Board, which is in line, moreover, with the provisions of the Qualitative/Quantitative Profile of the Board of Statutory Auditors (as defined below).

On September 16, 2020, Ms. Elena Spagnol resigned from her position as Chairman of the Board of Statutory Auditors of the Bank, with effect from October 1, 2020, and in compliance with laws and the Articles of Association, the Stand-in Auditor Ms. Luisa Marina Pasotti, also from the list submitted by several asset management companies and institutional investors, took over the position of Statutory Auditor and Chairman of the Board of Statutory Auditors with effect from that date. Moreover, on October 5, 2020, Ms. Chiara Orlandini also tendered her resignation from the office of Statutory Auditor of the Bank, effective as of October 12, 2020 and, pursuant to the provisions of the law and the Articles of Association, the Stand-In Auditor Mr. Giacomo Ramenghi, also drawn from the same list submitted by a plurality of asset management companies and institutional investors, took over the office of Statutory Auditor as of the same date.

At the Shareholders' Meeting held on April 28, 2021, the Shareholders resolved to confirm Ms. Luisa Marina Pasotti and Mr. Giacomo Ramenghi as Chairman of the Board of Statutory Auditors and Statutory Auditor of the Bank, respectively, as well as to integrate the control body by appointing two new Stand-In Auditors: Ms. Lucia Montecamozzo and Mr. Alessandro Gaetano.

To this end, following the self-assessment carried out and the regulatory changes regarding the suitability requirements for bank corporate officers introduced by Ministerial Decree 169/2020, by resolution of March 15, 2021, the Board of Statutory Auditors approved an updated version of the document "Qualitative and quantitative composition of the Board of Statutory Auditors of FinecoBank S.p.A.", which was also submitted to the Board of Directors for information at the meeting held on March 16, 2021. This document is available on FinecoBank's website ("About us/Governance/Shareholders' Meeting" section).

The table below provides relevant information about each member of the Board of Statutory Auditors in office as at the date of this Report.

Position	Members	Born in	Date of first appointment (*)	In office since	In office until	List (**)	Indep enden t (Corp orate Gover nance Code):	Participation in Board of Statutory Auditors' meetings (***)	Number of other positions (****)
Chairman	Luisa Marina Pasotti	1961	April 28, 2020 (Initially appointed as stand-in auditor; subsequently appointed as statutory auditor on October 1, 2020 until the next Shareholders'	April 28, 2021	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	34/34 (100%)	3

			Meeting on April 28, 2021)
Statutory Auditor	Massimo Gatto	1963	April 28, 2020	April 28, 2020	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	34/34 (100%)	3
Statutory Auditor	Giacomo Ramenghi	1970	April 28, 2020 (Initially appointed as stand-in auditor; subsequently appointed as statutory auditor on October 12, 2020 until the next Shareholders' Meeting on April 28, 2021)	April 28, 2021	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	34/34 (100%)	3
Stand-in Auditor	Lucia Montecam ozzo	1966	April 28, 2021	April 28, 2021	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	-	-
Stand-in Auditor	Alessandro Gaetano	1962	April 28, 2021	April 28, 2021	Shareholder s' Meeting approval of the Financial Statements as at December 31, 2022	n/a	X	-	-
			STATUTORY AUDITORS LEAVING OFFICE DURING THE YEAR
/	/	/	/	/	/		/	/	/
			Indicate the number of meetings held during the Financial Year: 34
			Quorum required for the submission of lists for the last appointment: 1%
	(*) The date of first appointment of each Statutory Auditor means the date when the statutory auditor was appointed for the first time

(ever) to the Board of Statutory Auditors of the Company.

(**) This column indicates the list that each Statutory Auditor was taken from ("M": member from the majority list; "m": member from the minority list).

(***) This column indicates the participation of the statutory auditors in the meetings of the Board of Statutory Auditors (indicating the number of meetings attended compared to the total number of meetings that could have been attended; 6/8; 8/8, etc.).

(****) Number of positions pursuant to Article 148-bis of the TUF and relevant provisions implementing the Issuer Regulations. The complete list of positions is published by CONSOB on its website in accordance with Article 144-quinquiesdecies of the CONSOB Issuer Regulations.

Diversity criteria and policies

Subject to the applicable laws and regulations, on March 11, 2020, the Board of Statutory Auditors approved the above-mentioned Qualitative/Quantitative Profile of the Board for the renewal of the Board, which contains the general guidelines on structure, composition and diversity, both in terms of gender and age and previous professional experience. A new version of the Profile that takes into account the enactment of Ministerial Decree 169/2020 was approved by the Board on March 15, 2021 in view of the necessary supplementation of the control body, through the appointment of two statutory auditors and stand-in auditors, approved by the Shareholders' Meeting as mentioned above. The Qualitative-Quantitative Profile of the Board has also been drafted taking into account the Joint EBA and ESMA Guidelines and the EBA Guidelines on Internal Governance. It should also be noted that in view of the renewal of the corporate bodies to be resolved upon by the next Shareholders' Meeting, the Board of Statutory Auditors took steps to define the new guidelines for the optimal composition of the Board of Statutory Auditors and, therefore, approved on March 13, 2023 an updated version of the document "Qualitative and quantitative composition of the Board of Statutory Auditors of FinecoBank S.p.A.". The aforementioned document - which takes into account not only the provisions of Ministerial Decree 169/2020 and the EBA and ESMA Guidelines, but also the recommendations set out in the ECB Guidance - is available on the Bank's website in the "About us/Governance/Shareholders' Meeting" section.

A breakdown of the members in office of the Board of Statutory Auditors by age and gender is provided below.

* * *

The members of the Board of Statutory Auditors meet the requirements of applicable laws and regulations.

For details of the personal and professional profile of each Auditor, see the information published on FinecoBank's website (www.finecobank.com "About us/Governance" section).

The members of the Board of Statutory Auditors have not provided advisory services to the Issuer.

After its appointment, the Board of Statutory Auditors verified, among other things, that each member met the independence requirements of the TUF and the former Self-regulation Corporate Governance Code and sent the results to the Board of Directors. Similarly, the Board again verified the requisites of Ms. Luisa Marina Pasotti and Mr. Giacomo Ramenghi on the occasion of their taking over, respectively, the positions of Chairman of the Board of Statutory Auditors and Statutory Auditor, following the resignation of Ms. Elena Spagnol and Ms. Chiara Orlandini. With regard to the statutory auditors who took over during 2021, the verification of the independence requirements was carried out in accordance with the TUF and the Corporate Governance Code and Ministerial Decree 169/2020, also following their appointment by the Shareholders' Meeting of April 28, 2021, and for the two new stand-in auditors.

In particular, with regard to the independence requirements, no additional criteria were used apart from the criteria laid down in Article 148, paragraph 3 of the TUF, in any applicable industry regulations, and in the Corporate Governance Code or by the Corporate Governance Code (for the verifications after its entry into force). The results of the verifications were published in a press release to the market.

During the course of the Financial Year, on March 11, 2022, the Board of Statutory Auditors carried out the annual verification of the independence requirements provided for by the TUF and the Corporate Governance Code on each of its members, and forwarded the results of these verifications to the Board of Directors.

With regard to the application of materiality criteria and thresholds with reference to financial, business and professional relationships (as well as to assumptions of additional remuneration) for the purpose of assessing independence, please refer to Section 4.7 (section "Criteria and materiality thresholds for assessing independence").

The Statutory Auditors are subject to the limit on the number of positions held pursuant to Article 144-terdecies of the Issuer Regulations. To the best of the Company's knowledge, as at the date of approval of this Report, none of the members of the Board of Statutory Auditors exceeds the limits on the number of board mandates referred to in Article 144-terdecies of the Issuer Regulations. In addition to the above, the table below shows the overall number of positions held by Statutory Auditors in office at the date of approval of this Report (including the position held in FinecoBank). The limit on the accumulation of Directors' positions, in line with the limits prescribed by the CRD IV Directive, Ministerial Decree 169/2020 and the Joint EBA and ESMA Guidelines, was considered respected in light of the applicable weightings for positions held in the same group, for those held in non-commercial companies (not relevant for the purposes of accumulation) and the declarations made by the same.

Name	Total number of positions held by the Statutory Auditors	Number of relevant positions held
------	-------------------------------------------------------------	--------------------------------------

Luisa Marina Pasotti Chairman	6 non-executive positions	4 non-executive positions (1 )
Massimo Gatto Statutory Auditor	6 non-executive positions	4 non-executive positions (3)
Giacomo Ramenghi Statutory Auditor	8 non-executive positions	4 non-executive positions (1 ) 2 ( )

( 1 ) Considering the impact of positions held in non-commercial companies, the total number of positions held complies with the limits set.

( 2 ) Considering the impact of positions in the same group, the total number of positions held complies with the limits set.

(3) In view of his role as a member of the Supervisory Board of the companies in which he is a member of the Board of Auditors.

The Statutory Auditors must also take into account the provisions of Article 36, of Decree Law no. 201 of December 6, 2011, converted with amendments into Law no. 214 of December 22, 2011, containing provisions on "personal crossholdings in the credit and financial markets" under which it is forbidden for "those who hold positions in the management, control and supervisory bodies and the senior officers of firms or groups of firms engaged in credit, insurance and financial markets, to accept or exercise similar positions in competing firms or groups of firms" (ban on interlocking directorates). Those who hold incompatible positions must notify the option exercised within 90 days of the appointment. Otherwise, on expiry of this deadline, they shall be removed from both offices. As regards the above, incompatibility due to interlocking positions does not apply for any of the Statutory Auditors in office.

The special authorisation procedure pursuant to Article 136 of the TUB applies, in the case of obligations of any kind or sale transactions undertaken by members of the Board of Statutory Auditors, directly or indirectly, with the bank in which they hold a position.

Statutory Auditors that have an interest in a specific transaction of the Issuer, on their own account or on behalf of others, must promptly inform other Statutory Auditors and the Chairman of the Board of Directors in detail regarding the nature, terms, origin and extent of their interest.

* * *

Article 24 of the Articles of Association establishes that, in order to properly perform its tasks, and in particular to fulfil its obligation to promptly inform the Bank of Italy, and other Supervisory Authorities where required, on management irregularities or regulatory violations, the Board of Statutory Auditors is vested with the broadest powers provided for by current laws and regulations.

The Board of Statutory Auditors, without prejudice to any other or more specific duty and power

assigned to it by primary and secondary laws and regulations in force, monitors compliance with laws, regulations and the Articles of Association, as well as proper management, the adequacy of organisational and accounting arrangements of the Bank, the risk management and control system, and the functioning of the overall internal control system, the independent audit of the accounts, the independence of the external auditors, and the financial reporting process.

In performing its duties, the Board of Statutory Auditors liaises with the Internal Audit function and the Risk and Related Parties Committee, through ongoing communication and the exchange of information, and by taking part in meetings of the aforementioned Committee.

Subject to the right of all Statutory Auditors to attend the meetings and the duty to attend the meetings of the Risk and Related Parties Committee for the Chairman of the Board or another Auditor designated by that Chairman, the Chairman of each board committee may invite the Chairman of the Board of Statutory Auditors or another auditor designated by him/her.

* * *

The Chairman of the Board of Directors ensures that Statutory Auditors can take part, after their appointment and during their term of office, in the most appropriate way, in initiatives to give them adequate knowledge of the sector in which the Issuer operates, of company dynamics and their evolution, principles of correct risk management as well as the applicable legal and selfregulatory framework. During the Year, all the Statutory Auditors took part in "induction and training courses" referred to in Paragraph 4.5. of this Report, and in specific cases in external courses.

* * *

The Board of Statutory Auditors met thirty-four times during the Financial Year. Each meeting lasted on average three hours and forty-four minutes. With reference to the 2023 financial year, without prejudice to further meetings that will be planned on the basis of needs, a minimum of nineteen meetings of the Board of Statutory Auditors have been scheduled - up to the date of the Shareholders' Meeting called, inter alia, to resolve on the renewal of corporate bodies - eleven of which have already been held at the date of approval of the Report.

For further information on the establishment, duties and functioning of the Board of Statutory Auditors, see the chapter "Board of Statutory Auditors" of FinecoBank's Corporate Bodies Regulations, available on the Issuer's website.

Self-assessment

The Board of Statutory Auditors carried out its annual self-assessment pursuant to the Corporate Bodies Regulations adopted in compliance with the Supervisory Regulations on Corporate Governance and the recommendations of the Corporate Governance Code. Its assessment confirmed the suitability of all members of the Board of Statutory Auditors and the adequacy of the composition of the Board with respect to the requirements set forth by the applicable regulations, as well as a balanced distribution of competences within the Board. The Board reported on its self-assessment during the meeting of the Board of Directors held on March 14, 2023.

12. RELATIONS WITH SHAREHOLDERS

Access to information

The Company considers it in its own interests and a duty towards the market to engage with its shareholders and institutional investors, in compliance with the procedure for disclosing company documents and information to the market, and in general in compliance with laws and regulations governing the disclosure of inside information applicable to listed companies.

In this context, the Company considers the Shareholders' Meeting as an important opportunity for shareholders and directors to engage, and consequently adopts measures that encourage shareholders to take part in the Shareholders' Meeting and exercise their right to vote. In this respect, subject to the conditions described in Paragraph 13, below, Shareholders' Meetings are held on single call, in accordance with Article 7 of the Articles of Association.

Pursuant to Article 135-undecies of the TUF, the Company may designate, for each Shareholders' Meeting, by means of a specific indication contained in the notice of call, a person (the so-called Designated Company Representative) to whom shareholders may grant proxy with voting instructions on all or some of the proposals on the agenda, within the terms and according to the procedures provided for by law.

Relations with institutional investors are, on the other hand, handled by the Investor Relator, whose task is to report continually to the Company's Senior Management on requirements concerning disclosure to the financial market and in particular to investors.

The Investor Relator is therefore the point of contact between the Issuer and the market and works with the entire company to maintain and promote compliance with regulations on company reporting.

Dialogue with shareholders

With a view to the pursuit of "sustainable success" by listed companies, the Corporate Governance Code assigns the latter's board of directors the task of "promoting, in the most appropriate forms, dialogue with shareholders and other stakeholders relevant to the company" (Corporate Governance Code, Principle IV).

Recommendation 3 of the Code further specifies that, in the Report on the corporate governance, companies should adopt and describe a policy for managing dialogue with all shareholders, also taking into account the engagement policies adopted by institutional investors and asset managers.

To this end, at its meeting of December 16, 2021, the Bank's Board of Directors approved a specific "Policy for managing dialogue with the Financial Community" aimed at defining the set of rules, responsibilities and processes for conducting and managing dialogue with the Financial Community, in line with the recommendations of the Corporate Governance Code, the Assonime Principles, the engagement policies adopted by institutional investors and asset managers, and the related international best practice (the "Policy").

Under this Policy, the dialogue is managed in accordance with the principles of transparency of information provided to the Financial Community, ensuring that it is clear, complete, truthful and not misleading. The Bank also respects the principle of equal treatment of the bearers of financial instruments issued by the Company and the provisions of the applicable laws and regulations, with particular attention to those relating to the banking and listed issuer nature of the Company (especially the regulations on market abuse and inside information), as well as the internal rules

of governance, in full cooperation and transparency with the supervisory authorities.

In the course of the Financial Year, the following topics in particular are emphasised: questions related to the new interest rate scenario, investing and managed funds in the current environment, outlook for brokerage revenues and competition in the industry, plans for expansion abroad and ESG issues.

Specifically, the Policy is divided into 4 main sections and related sub-sections, the contents of which are summarised below:

1. Introduction

The introductory part, in addition to listing the definitions used in the text, is devoted to the purpose and scope of the Policy by recalling the recommendations of the Corporate Governance Code, as well as the principles of transparency of information provided to the financial community, equal treatment of financial instrument holders and the legal and regulatory provisions applicable to the Bank in its capacity as a listed issuer. It also identifies the applicable regulatory framework, at both European and national level.

2. Conduct of the Dialogue between the Company and the Financial Community

The second part is divided into sub-sections, each of which governs more specifically the individual elements that constitute the dialogue with the Financial Community. The following are identified in particular:

• examples of topics that may be the subject of dialogue: these include topics relating to corporate strategy, business, remuneration and corporate governance;

• the Company actors involved in the dialogue by defining their respective roles and tasks: the Board of Directors, the Responsible Director, the Contact Point (i.e. Investor Relations) and any other relevant structures involved. The Chairman is given an active role with regard to corporate governance, as well as accompanying/supporting the Responsible Director identified, pursuant to the Policy, as the Managing Director, for the remaining topics;

• the tools for conducting the dialogue and, therefore, the channels that can be used to disseminate complete, transparent and timely information: press releases, periodic meetings with the financial community, the Company's website, Investor days, shareholders' meetings;

• activation of dialogue and timing. Two different ways of activation are identified: upon request from the Financial Community or on the Company's initiative. Meetings can be held in one of the following ways: one-way, two-way, individual, and collective. In accordance with the Assonime Principles, it is also specified that if a Director receives a request for dialogue from an investor, he/she must refrain from initiating the dialogue and promptly inform the Corporate Law & Board Secretary's Office and Investor Relations, which will follow the procedure established with regard to the process for activating the dialogue;

• the evaluation criteria to be taken into account by the Managing Director – where applicable in agreement with the Chairman – for the purposes of accepting or rejecting requests for dialogue;

• acceptance or rejection of the request for Dialogue. The Managing Director – where applicable in agreement with the Chairman – with the support of Investor Relations and the specialised Functions involved from time to time, decides whether to (i) accept the request for Dialogue as received from the Stakeholder; (ii) accept the request for Dialogue but establishing that it shall be conducted in a different manner from that requested by the

Stakeholder; (iii) reject the request for Dialogue on the grounds of the Bank's best interests, assessment criteria and other circumstances that may be relevant. The Policy specifies that Investor Relations, in coordination with the Specialised Functions involved from time to time, shall ensure timely communication to the Stakeholder of the decision taken by the Bank, giving reasons for any refusal;

• the procedures for conducting the dialogue if the request is accepted, which envisage the support of the Investor Relations function and, where appropriate, of the other functions concerned in each case.

3. Information flows within the Dialogue

The third section is devoted to information flows within the dialogue and specifically envisages the following steps: (i) preparing a report of requests not accepted (accompanied by the reasons for the rejection) and of the dialogue conducted by Investor Relations in coordination with the other competent structures concerned; (ii) sending that report to the Managing Director to enable him/her, in agreement with the Chairman of the Board and any Director who took part in the dialogue, to inform the management body. On the understanding that in the presence of matters of particular importance or interest or of necessity, the person who has directly participated in the dialogue has the duty to promptly inform the Managing Director and the Chairman. The Chairman is in any case responsible for ensuring that the Board is promptly informed of the developments and significant content of the various forms of dialogue.

4. Adoption of the policy, disclosure and updates

The last section of the Policy describes the process for approving the document, which is the responsibility of the Board of Directors – upon proposal from the Chairman, formulated in agreement with the Managing Director – after examination by the Corporate Governance and Environmental and Social Sustainability Committee. In addition, as mentioned above, the Policy, as well as the management of the dialogue with the Financial Community, must be reported annually in the Report on Corporate Governance and Ownership Structure. Subsequent updates to the document follow the process described above

The "Policy for managing dialogue with the Financial Community" is available on the Bank's website www.finecobank.com (About us/Investors) to which reference is made for further details.

* * *

The Company has created a specific section on its website www.finecobank.com – which is easily identifiable and accessible – with information on the Company that is significant for shareholders, to enable them to exercise their rights in an informed manner. In particular, the section includes updated information on the Company and services offered, key documents on corporate governance, as well as all press releases on main company events, in addition to financial and accounting information. Information on the website is updated as promptly as possible, to guarantee the transparency and effectiveness of the disclosure to the public.

13. SHAREHOLDERS' MEETINGS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER C) OF THE TUF)

In compliance with regulatory and legal provisions in force, the Ordinary Shareholders' Meeting, pursuant to the Articles of Association, is convened at least once a year, within 120 (one hundred and twenty) days from the end of the financial year, to resolve on items in its remit as established by the applicable regulations and the Articles of Association. The Extraordinary Shareholders' Meeting is convened whenever there is a need to resolve on items in its remit as established by the applicable regulations.

The Shareholders' Meeting is convened as one session in compliance with laws in force, however, in order to maintain adequate organisational flexibility, the Articles of Association establish that the Board may convene several sessions for individual Shareholders' Meetings.

Meetings are convened within the legal deadlines, by notice published on the Company's website, and through the other methods envisaged by the applicable regulations. The Agenda set within the deadlines set by and the Articles of Association, by the person with powers to convene Shareholders' Meetings.

Before the deadline for publishing the notice convening the meeting, based on each item on the agenda – or another deadline set by law – the Board of Directors makes available to the public a report on each item on the Agenda.

The Agenda may be supplemented – according to the circumstances, procedures and deadlines established by the applicable regulations – by shareholders that, also jointly, represent at least 2.5% of the share capital. Shareholders that request the addition of an item to the agenda must prepare a report stating the reasons for the proposals to resolve on the new items. Shareholders may also submit further proposals for resolutions on items already on the Agenda, giving the related reasons.

The Shareholders' Meeting meets at the Registered Office of the company or at another venue in Italy, indicated in the notice of meeting, and resolves with the majorities established by the applicable regulations.

Quorums are not envisaged in the Articles of Association, therefore in order for the Shareholders' Meeting to be duly established and for resolutions to be passed, laws in force shall be observed.

Pursuant to the Articles of Association, and in line with laws in force on remuneration and incentive policies and practices issued by CONSOB, and, for banks and banking groups, issued by the Bank of Italy, the Ordinary Shareholders' Meeting establishes the fees of the bodies it appoints, and also approves: (i) remuneration policies for Board Directors, employees and persons working for the company on a self-employed basis; (ii) remuneration plans based on financial instruments; (iii) payments agreed on in the event of the early termination of employment or early termination of an appointment, including the limits established for said fees in terms of annual fixed remuneration.

When approving remuneration policies, the Shareholders' Meeting may increase the limit of the ratio between variable and fixed remuneration up to a maximum of 2:1 or, if lower, to the maximum allowed by the applicable regulations. The Shareholders' Meeting votes on the Company's policy on the remuneration of the members of the Board of Directors, the General Manager and Key Management Personnel, and the procedures used to adopt and implement that policy.

13.1 Legitimation, procedures for taking the floor and voting

Pursuant to the applicable regulations, referred to in Article 8 of the Articles of Association, persons may take part in the Shareholders' Meeting and exercise their voting rights following notification sent to the Company, within the legal established time limits, by the intermediary authorised by law to keep the accounts, based on entries in accounting records relative to the end of the accounting day of the seventh open market day prior to the date established for the Shareholders' Meeting convened as a single session, or as a first session if the Board of Directors has planned for further sessions to take place.

The Articles of Association enable shareholders to take part in the Shareholders' Meeting using telecommunication means and to exercise voting rights digitally. The decision to activate these means is taken by the Board of Directors for each Shareholders' Meeting.

Pursuant to Article 8 of the Articles of Association, each shareholder who is entitled to take part in Shareholders' Meetings can be represented by written proxy by another person, who is not necessarily a shareholder, provided this complies with legal provisions. Voting by proxy may also be authorised by a document signed digitally in accordance with the applicable regulations and notified to the Company at the email address and according to procedures indicated in the notice of meeting, or by means envisaged by the applicable laws and regulations.

In accordance with the best practice that sees the attendance of Directors at Shareholders' Meetings as an important opportunity for discussion between the Directors themselves and the Shareholders, the Shareholders' Meetings of the Company are normally attended by all Directors.

The Board reports to the Shareholders' Meeting on past and planned activities within the context of the Directors' Report on Operations. It acts to ensure shareholders are given sufficient information on items necessary for them to make informed decisions during Shareholders' Meetings, in particular making sure that reports of Directors and additional information are made available within the deadlines set by the applicable laws and regulations.

During the Financial Year, a Shareholders' Meeting was held in April. The Shareholders' Meeting, convened in ordinary and extraordinary session, focused, among other things, on the approval of the financial statements, as well as the granting of proxies to the Board of Directors in order to resolve capital increases to implement the 2021 and 2022 Incentive Schemes. In consideration of the epidemiological emergency situation and the provisions issued by the Government, the Shareholders' Meeting was held with the participation of the Shareholders through the Designated Representative, notwithstanding the physical presence in the meeting room of the Chairman of the Board of Directors and the Chairman of the Board of Statutory Auditors; 9 Directors and 1 Statutory Auditor attended the meeting via audio-video conference connection.

13.2 Proceedings of shareholdings' meetings

In accordance with the best practices in the sector, on the proposal of the Board of Directors, the Shareholders' Meeting adopted regulations to govern the orderly and functional proceedings of its meetings (hereinafter, the "Meeting Regulations"). The Regulations for Shareholders' Meetings are available on the Company's website ("About us/Governance/Documents" section).

Under Article 8 of the Regulations for Shareholders' Meetings, persons who are entitled to take part in Shareholders' Meetings may take the floor regarding each item to be discussed. Persons intending to take the floor shall request permission from the Chairman, submitting a written request with details of the issue the request refers to, after the Chairman has read the items on the

Agenda and until he/she declares the discussion on the issue that the request refers to as close. The Chairman may authorise requests to take the floor to be made with a show of hands, and in this case persons take the floor in the alphabetical order of their surnames.

Article 10 of the Articles of Association also establishes that the Chairman is assisted by a Secretary, selected by the attendees, who may also be a non-shareholder, by majority of those present. Other than in the cases provided for by law, when the Chairman considers it appropriate, a notary may perform the function of Secretary, selected by the Chairman.

13.3 Significant changes in capitalisation and composition of the company structure

The capitalisation of FinecoBank went up by €55 million during the Year, reaching €9,469 million as at December 31, 2022.

No proposals were made to the Shareholders' Meeting for amendments to the Articles of Association regarding the percentages established for the exercise of the shares and the prerogatives imposed for the protection of non-controlling interests.

14. ADDITIONAL CORPORATE GOVERNANCE PRACTICES

Corporate governance practices – in addition to those already indicated above – and besides the obligations established by laws or regulations, include the Company adopting a system for the internal reporting of violations (whistleblowing), in compliance with the Supervisory Regulations on Corporate Governance (Part I, Title IV, Chapter 3, Paragraph VIII).

In this context, the Company has appointed the Head of the Compliance Department as the person responsible for the whistleblowing process, with the necessary autonomy and independence from control functions. This position ensures proper management of the procedure and reports directly and without delay to corporate bodies on information reported, where relevant.

In addition, since July 2017, the Company has been admitted to the cooperative compliance regime, in accordance with Articles 3 to 7 of Legislative Decree no. 128, of August 5, 2015, and the identification of an adequate tax risk management and control system is one of the essential requirements not only for admission but also for remaining in the aforementioned regime. Accordingly, in 2022, as in previous years, in the context of contacts with the Inland Revenue, both the effectiveness and the adequacy of the system with respect to changes in the scope of business processes, were analysed with positive results.

Moreover, in compliance with the obligations provided for, under the above-mentioned collaborative compliance regime, the Head of the Taxation and Consultancy Unit shares, with the Management and Control Bodies, the prescribed annual report on the management of tax risk containing, in particular, the relevant tax information concerning the Group (i.e., the tax fulfilments carried out, the checks carried out in relation to these, the results that emerged, the mitigation actions taken to remedy any anomalies detected, as well as the planned activities) for the examination and consequent assessments.

In confirmation of its high level of sensitivity in terms of tax risks the Bank has adopted, by resolution of the Board of Directors, (i) from 2017, FinecoBank's tax strategy, updated in January 2020, which focuses on the guidelines and principles adopted by the Bank in managing tax issues and in particular the associated risk (whether of a sanctioning or reputational nature) in line with its strategic objectives and in compliance with OECD recommendations; (ii) in December 2020, the "Escalation procedure for the analysis and assessment of tax risk and interaction with the Inland Revenue", which aims to inform the Bank's units about the importance of tax issues and assigns the Taxation and Consulting Unit the task of assessing and measuring tax risk, as well as involving senior management in that assessment, in accordance with the provisions of the escalation process.

In particular, in line with the role of guidance and supervision of Tax Compliance, as assigned in the aforementioned tax strategy document, the involvement of senior management (CFO, Managing Director, Board of Directors, following reporting to the Risk and Related Parties Committee) is scaled according to the materiality of the risk or the nature of the damage, both financial and reputational, that the assumption of the tax risk may entail for the Bank.

15. CHANGES SINCE THE END OF THE REPORTING YEAR

No changes in the corporate governance structure have occurred after the end of the Financial Year, other than those specifically described in the Report.

16. CONSIDERATIONS ON THE LETTER OF JANUARY 25, 2023 FROM THE CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE

The Chairman of the Board of Directors received and informed the Board, during the meeting of February 7, 2023, of the recommendations in the letter of January 25, 2023 of the Chair of the Corporate Governance Committee. The contents of this letter were reported to the Corporate Governance and Environmental and Social Sustainability Committee, the Remuneration Committee, the Appointments Committee and the Risk and Related Parties Committee, in the meetings of February 2, 6, and 1, 2023 respectively, as well as in the meetings of March 10 and 13, 2023. The recommendations made in the letter have also been submitted to the Board of Statutory Auditors for the aspects within its remit.

The Directors, having examined the issues and principles set out in the letter, taking into account the initiatives already adopted by the Bank both on the occasion of specific regulatory measures and Recommendations in previous years, or in compliance with the best practices of the market, including international ones, virtuously adopted by the Company, which have led over time to a consistent revision of FinecoBank's internal regulations (e.g. timeframe for pre-Board meeting reporting extended - without exceptions by subject matter - to 5 calendar days, participation of heads of corporate functions in Board meetings for the illustration of matters within their competence (see Section 4.4.), sustainable success, adoption of a policy dedicated to dialogue with shareholders and relevant stakeholders, gender equality) and the adoption of increasingly structured and refined processes (e.g. nomination and succession of the board, specific plans for the CEO and the Chairman, definition of guidelines on the optimal composition of the administration and control bodies), thus considering the Bank's general system and corporate governance rules on nomination, succession of directors and Fit & Proper status (which respond to market best practices), bearing in mind the integration of sustainability within the Bank's strategy (part of a path already initiated in previous years) and the remuneration policies defined in accordance with the most rigorous criteria and interpretations of the Regulators that also take into account ESG parameters, they consider that the governance of the Company is consistent and substantially aligned with the recommendations of the aforementioned letter. In addition, it should be noted that - without prejudice to what has already been defined on the subject of assessing the independence of directors - in this context, the Board of Directors decided to define in greater detail in this Report the quantitative parameters and qualitative criteria for assessing the significance of financial, commercial and professional relationships and relations, as better specified in Section 4.7. Finally, with regard to the recommendation under which the Committee invites companies to highlight in summary form the essential information indicating adherence to the specific recommendations of the Code or their setting aside, providing the relevant reasons, it is deemed that the current layout of the Report is consistent with the complexity of the Company's organisational structure and operations - Fineco being a bank of significant size - as well as with the level of representation of the information required by investors and proxy advisors.

ANNEX 1

CURRICULA VITAE OF THE COMPANY OFFICERS IN OFFICE AT THE DATE OF THIS REPORT

Marco Mangiagalli - Chairman

Marco Mangiagalli, a graduate in Political Economics from the Università Commerciale Luigi Bocconi, spent most of his career with the Eni Group. He has also worked in the Barclays Group in Italy and in the Nuovo Banco Ambrosiano Group. At Eni he held various positions of increasing responsibility until taking on the position of Chief Financial Officer from 1993 to 2008.

He has served on the Board of Directors of numerous companies, including: Agip S.p.A., Polimeri Europa S.p.A., Nuovo Pignone S.p.A., Snamprogetti S.p.A., Saipem S.p.A., Eni International Holding B.V., Eni International Bank Ltd, Albacom S.p.A., Emittenti Titoli S.p.A., Oil Investment Corp., Snam Rete Gas S.p.A., Falck Renewables S.p.A. He was Chairman of Eni Coordination Center S.A. and Enfin S.p.A..

He was a member of the Supervisory Board, Chairman of the Risk Committee, Chairman of the Remuneration Committee and member of the Related Party Transactions Committee of Intesa Sanpaolo S.p.A. in different periods from 2010 to 2016. Following the adoption of the one-tier system by Intesa Sanpaolo S.p.A., he also held the position of member of the Board of Directors and Chairman of the Management Control Committee of the Bank for the three-year period 2016- 2019.

He has also held the following positions:

2009-2014: member of the Board of Directors and the Control and Risk Committee of Luxottica S.p.A.

2011-2013: member of the Board of Directors and the Control and Risk Committee and Corporate Governance Committee of Autogrill S.p.A.

2008-2010: Chairman of Saipem S.p.A.

He was a member of the Senior Advisory Board of the investment fund Global Infrastructure Partners from 2011 to 2017.

Currently, in addition to his position as Chairman of FinecoBank, he holds the following positions: (i) Chairman of the Board of Directors of E.I. Towers S.p.A. and (ii) member of the Board of Directors of Finarvedi S.p.A..

Francesco Saita – Vice Chairman

He graduated in Business Economics from the Bocconi University of Milan in 1991. Since 2005, he has been a full professor at the Department of Finance at Bocconi University in Milan, where he was previously a researcher and then an associate professor. He is currently Director of the Financial Education research unit of the Baffi Carefin research centre at Bocconi University. At Bocconi University he has held various positions in the past, including Director of the Baffi Carefin research centre (2015-2017) Dean of the Graduate School (2010-2014) and Director of the Department of Finance (2007-2010). He is the author of numerous publications on risk management in banks, asset management companies and insurance companies, and on derivative instruments. He is an honorary member of AIFIRM (Italian Association of Financial Risk Managers) and has been a member since the foundation of the G53 Financial Literacy and Personal Finance Research Network. He was an independent director at Fondi Alleanza SGR (2003-2006) and at Banca Aletti (2012 -2014). Since 2014, Francesco Saita has been Deputy Chairman of the Board of Directors and Chairman of FinecoBank's Risk and Related Parties Committee (formerly Audit and Related Parties Committee), of which he was also a member of the Corporate Governance, Appointments and Sustainability Committee (2017-2020) and then of the Corporate Governance and Environmental and Social Sustainability Committee (since 2020). Over the years he has also provided risk management and derivatives consulting services to banks, insurance companies and asset management companies.

No appointments in other listed or large companies.

Board member in Aessedomus Srl (family-owned real estate company).

Alessandro Foti - Managing Director and General Manager

Alessandro Foti graduated with honours in 1984 in Business and Economics from the Luigi Bocconi University of Milan.

He started his professional career in IBM's Financial Management in 1985. After three years of experience in Montedison SpA, where he became the Head of financial coordination of the group's subsidiaries, he joined Fin-Eco Holding S.p.A. in 1989 with responsibility for the capital market. In 1993, he became Head of Operations for administration, asset management and trading at Fin-Eco Sim SpA. After being appointed member of the Board of Directors, General Manager and Managing Director, he became Chairman of Fin-Eco Sim SpA in 2002. In October 1999, he was appointed member of the Board of Directors of FinecoBank, when he had already been a member of the Management Committee of Assosim for three years.

In 2001, he became a member of the Supervisory Board of Entrium Direct Bankers AG. From 2003 to 2005, he was a member of the Board of Directors of Ducati Motors Holding S.p.A. and General Manager of FinecoGroup S.p.A. (a company listed on the Midex segment of the Milan Stock Exchange).

From October 1999 to December 2000, he was a member of the Board of Directors of FinecoBank. Since December 2000 the Managing Director of FinecoBank; since July 2014, he has also held the position of General Manager.

From May 2010 to January 2015, he served as Vice Chairman of the Supervisory Board of DAB Bank AG. From April 2012 to April 2014 member of the Assoreti Steering Committee. From 2013 to 2019, member of the Executive Management Committee of UniCredit Group. Since April 2014, Director and Vice President of Assoreti. From July 2014 to October 2020, he was a member of the Borsa Italiana S.p.A..

In 2017, 2018, 2019 and 2022, he was named by Institutional Investor best CEO in Europe in the banking sector in the Small&Mid Cap category.

Since 9 November 2018, he has been a member of the Board of Directors of Bocconi University in Milan.

Patrizia Albano - Director

She is registered with the Bar Association of Rome. She began her activity working as an internal lawyer at Istituto Mobiliare Italiano S.p.A. from 1981 to 1999, then moved to San Paolo IMI S.p.A. as Head of the Central Legal Department of the Major Customers Division until 2000.

She was General Counsel of IBI (today, Alerion Clean Power S.p.A.) and Head of the Corporate Secretariat of Risanamento Napoli S.p.A. and Fincasa S.p.A., both listed on the Italian Stock Exchange.

From 2003 to 2007, Ms Albano worked at Studio Legale Carbonetti.

Since 2007 she has been practicing at her own firm in Rome and Milan in the field of corporate law and is mainly involved in corporate consulting and capital transactions, banking and financial transactions, as well as institutional and corporate compliance (privacy, anti-money laundering, security, administrative liability of legal persons pursuant to Law 231/2001).

She has advised the Prada Group on an ongoing basis. In particular, she assisted Prada S.p.A. in its listing on the Hong Kong Stock Exchange and served as Head of the Group's Corporate Affairs Department, Secretary to the Board of Directors and Company Secretary. In this area, she has dealt with the governance and corporate legal issues of the listed Parent Company and subsidiaries in Italy and worldwide; she has supervised the Corporate Secretariat, the Shareholdings, compliance and has overseen extraordinary transactions. She represented the Company in Assolombarda where she served as Chair of the Fashion and Design Group in February 2015/January 2018.

In the period April-October 2015 she was a member of the Board of Directors of Banca Carim - Cassa di Risparmio di Rimini S.p.A.. In the period June/December 2016, she also served as a member of the Board of Directors of Mediacontech S.p.A. In the period April 2020/March 2022 she also held the position of Chairman of Supervisory Body of Fiocchi Munizioni S.p.A..

She currently holds the following offices: (i) member of the Board of Directors and the Corporate Governance and Environmental and Social Sustainability Committee and the Appointments Committee of FinecoBank S.p.A. (since 2017); (ii) Chair of the Board of Statutory Auditors of Artemide Italia S.p.A. and Statutory Auditor on the Board of Statutory Auditors of Artemide Group S.p.A. and the Board of Statutory Auditors of Artemide S.p.A. (from 2014); (iii) member of the Board of Directors of Piaggio & C. S.p.A. (since 2018); (iv) Stand-In Auditor of Edison S.p.A. (from 2020) and (v) Member of the Investment Committee of Be Cause Sicaf SpA (from 2022).

Elena Biffi - Director

Elena Biffi is graduated with Honors in Political Economics from Bocconi University and since 1989 works in the financial-insurance sector, developing mathematical models for optimization, risk analysis and evaluation.

Independent Director of FinecoBank, Arnoldo Mondadori Editore, REVO Insurance as well as being Insolvency Official Receiver of "Concordia SpA in LCA" (appointed by IVASS).

She is founding partner of EM Associates (2002) and SEM Data (2021), a technology consultancy and provider of Technology Business Management solutions.

Member of the Advisory Board at Assofintech, the Italian Association for fintech, insurtech and proptech.

Member at the Friend of the Sea (World Sustainability Organization) Technical Committee for sustainability, respect, and promotion of the Marine Environment.

Member of the Javotte Bocconi Institute.

Mentor and investor of innovative benefit startups.

Member of AIFIRM (Italian Association of Financial Industry Risk Managers).

In the past, she was:

Chairman of the Board of Statutory Auditors and of the SB pursuant to Legislative Decree 231/2001 of Fondartigianato (appointment of the Ministry of Labor and Social Policies).
Independent Director of REVO SPAC and Elba Assicurazioni, Mediolanum S.p.A., Mediolanum Vita and Mediolanum Assicurazioni;
Member of the supervisory body of the Vittoria Lavoro pension fund (nine years period);
Co-founder at CSIP, Certified Sustainability Insurance Partners, for sustainability in the insurance sector.

Between 1991 and 2001, she worked at Studio Attuariale G. Ottaviani, at Grant Thornton Assicurazione & Finanza (as CEO), and at Shandwick Corporate Communication.

In 1995, she specialized in financial risks at the Scuola Normale Superiore of Pisa; she was a researcher, lecturer and professor at the Catholic University of the Sacred Heart and Sapienza of Rome in quantitative subjects.

She wrote several publications, lately: Sustainability Game (with M. Pedol, S. Melzi), in "Corporate Social Responsibility and Environmental Management, Vol. 28, Issue 4. I quattro cavalli, Franco Angeli, 2022. Ecosistema d'argento (EA): un modello sostenibile; I bisogni degli anziani: le risposte del nuovo welfare e della silver economy.

Giancarla Branda - Director

Giancarla Branda graduated in Law and Economics from La Sapienza University in Rome, where she also obtained a postgraduate diploma in banking. She works as a tax lawyer and is an expert in business income and indirect taxation in the industrial and financial sector. She has carried out numerous due diligence assignments related to the acquisition and privatisation of banking and financial companies. She provides technical assistance in tax litigation at the levels of merit and legitimacy.

She is currently a non-equity partner of Studio Salvini e Soci - Studio Legale e Tributario fondato da F. Gallo.

In the course of her career she has gained the following experience:

1994-2000: Associate Attorney at Law and Tax Firm Ernst & Young International

1988-1994: Associate Attorney at KPMG International Legal and Tax Firm

During the 12th Legislature she collaborated, as an independent technical consultant, with the President of the Finance Committee of the Chamber of Deputies on the drafting of legislative texts on tax matters.

She has taught at the Higher School of Economics and Finance as well as in postgraduate master'sdegrees.

To date, in addition to her role as a member of the Board of Directors and of the Remuneration Committee of FinecoBank, she holds positions on the boards of directors and auditors of major Italian listed and unlisted companies. She is also a member of the Supervisory Committee of Banca Network Investimenti in compulsory administrative liquidation by appointment of the Minister of Economy and Finance at the proposal of the Bank of Italy.

Paola Giannotti De Ponti - Director

Born in Alessandria on 13 July 1962, Paola Giannotti De Ponti graduated in Political Economics with honours from Bocconi University in Milan and attended university semesters at Universität zu Köln (Cologne, Germany) and New York University.

She has over 30 years of international experience in the financial sector and in the Corporate and Investment Banking area with expertise in corporate finance, equity and bond capital markets, working capital management, structured finance, mergers and acquisitions, project finance. Over the years between New York, London, Milan, Frankfurt and Paris, she has held a variety of operational and management roles within leading global institutions such as Morgan Stanley, Citigroup, Dresdner Bank and BNP Paribas where she was responsible for its strategic clientele in Italy (including MEF, Telecom Italia, Eni, Enel, Terna, Ferrovie, Finmeccanica) and the Oil, Gas & Energy sector.

In the past she was a Director of TIM S.p.A., Ansaldo STS S.p.A., UBI Banca S.p.A., EPS Equita PEP SPAC S.p.A. and EPS Equita PEP SPAC 2 S.p.A. and Dresdner Kleinwort Wasserstein SGR. In 2002 she was awarded the Bellisario Foundation Prize as Manager of the Year. From 2000 to 2012 she was a member of the Council for Italy-United States Relations, under the honorary chairmanship of David Rockfeller. In 2019 she was included in the group of 100 Italian women leaders drawn up by Forbes magazine.

To date, in addition to her position as a member of the Board of Directors, the Risk and Related Parties Committee and the Remuneration Committee of FinecoBank, she holds positions in the Board of Directors and in the Board committees of Terna S.p.A.

Marin Gueorguiev - Director

He graduated in Business Economics from the Bocconi University of Milan in 1998. He was certified as a Chartered Financial Analyst (CFA) in 2002.

For more than twenty years, he has been a management consultant on risk management and internal control systems at companies in the financial services and Energy & Utilites sectors in Italy and Europe.

In the course of his career, he has gained the following experience:

2018-2019: Co-founder of Quantum S.r.l. (IT consultancy in the field of big data analysis)

2009-2017: Managing Director, Risk & Compliance of Protiviti

2007-2009: Senior Manager, Finance & Risk of Oliver Wyman

2004-2007: Director of Protiviti

1997-2004: Senior Manager, Capital Market and Auditing of Deloitte.

Gianmarco Montanari - Director

Gianmarco Montanari is General Director of the Most Foundation (National Research and Development Foundation on Sustainable Mobility).

Previously, he was General Director of the Italian Institute of Technology in Genoa, City Manager (i.e. Managing Director) of the City of Turin after working for twenty years as a manager in top positions in the Automotive, Financial Services, Management Consulting and Central Public Administration sectors, always managing processes of reorganization and digital transformation of complex companies with modern organization.

He received a degree in Management Engineering from the Politecnico of Turin followed by four other degrees in Management, Economics, Political Science and Law and is formally certified as a F.I.G.C. Sports Management Collaborator, ACOI Coach and OIV Band 3 by the Ministry of Public Administration.

Over the years, he has achieved numerous specializations at the main International Business Schools (i.e. Harvard Business School, IMD, INSEAD, Columbia University, Bocconi) on management, innovation, digitization, high-tech and governance including:

Board Director Diploma awarded with Distinction, IMD of Lausanne;
International Directors Program, at INSEAD;
Making Corporate Board More Effective, at the Harvard Business School.

He has been a member of numerous boards of private and public companies including the Turin Transport Group, Agenzia delle Entrate in Italy and AGID (Digital Italian Agency).

He was honoured first as "Cavaliere" of the Italian Republic and then as an "Ufficiale al Merito" of the Italian Republic.

He is the author of the book "Tech Impact. Luci ed ombre dello sviluppo tecnologico" ("Tech Impact. The Lights and Shadows of Technological Development") and many other publications, as well as being an authoritative speaker on innovation, technology and change management. He is the inventor of IED® Intergenerational Environmental Debt.

Currently, in addition to being a member of the Board of Directors, the Nominations Committee as well as Chairman of the Remunerations Committee of FinecoBank, he is also a member of the Board of Directors of Reale ITES, a leading provider of IT and related services, as well as an Independent Director and Member of the Remuneration Committee of the Tinexta Group, a company listed in the Star segment and a leading European operator in four business areas: Digital Trust, Cybersecurity, Credit Information & Management and Innovation & Marketing Services.

Alessandra Pasini - Director

Graduated in Business Administration at Luigi Bocconi University, she began her career in the management control of Kraft Jacobs Suchards. In 1997, she joined Citi where she held various positions in the credit and corporate banking departments, also taking on the role of Chief of Staff of the Country Manager for some time. In 2000, she joined the Investment Banking team and was personally involved in the separation of Snam Rete Gas from Eni and its listing as well as in significant M&A transactions, bank debt and capital markets and equity in particular in the utilities, telecom & media and infrastructure sectors.

In 2013, she joined Barclays as Deputy Head of Investment Banking for Italy and in 2015 she became Head of Investment Banking for Italy, overseeing several relevant transactions including the listing of Enav and the demerger of Italgas from Snam, the sale of Telecom Argentina by Telecom Italia and the sale by Eni of its upstream activities in Russia.

She joined Snam in November 2016 as CFO with responsibilities on administration, budget and tax, planning and control, finance, M&A. Since November 2019, she has also taken responsibility for the management of foreign affiliates, international development and Snam Global Solutions. Since February 2022 she has been CEO of Stogit (100% owned by Snam), Europe's largest gas storage company.

She is currently an independent director of FinecoBank as well as Executive Director of Zhero BV and was a member of the board of De Nora, but more importantly she was for more than 5 years Chief Financial Officer of Snam, where she also served as Co-CEO Storage Business.

Maria Alessandra Zunino De Pignier - Director

Holder of a Degree in Economics from Catholic University of the Sacred Heart in Milan, she is registered as a chartered accountant and auditor.

Since 1995 she has been providing consulting services to banks and financial intermediaries, with particular reference to issues of governance, compliance, internal audit, risk and staff training after gaining extensive work experience in asset management and financial intermediation. She is co-founder of Alezio.net Consulting S.r.l.

She has been a board member of banks and bank holding companies (Mediolanum S.p.A., Veneto Banca and Banca Intermobiliare di investimenti e gestione, Deutsche Bank Mutui S.p.A.) and a member of risk committees. She has held positions as auditor of listed companies and asset management companies (Gefran S.p.A., Terna S.p.A., CDP Real Asset SGR).

She was the chair of the Investment Committee of Banca Ipibi - Financial Advisors S.p.A.

Currently, in addition to her position as a member of the Board of Directors, Risk and Related Parties Committee and Chairman of FinecoBank's Corporate Governance and Environmental and Social Sustainability Committee, she is an auditor of SABAF S.p.A. and a member of PFE S.p.A.'s 231 Supervisory Board.

Luisa Marina Pasotti – Chair of the Board of Statutory Auditors

Graduated with honours in Business Administration from the Bocconi University of Milan in 1986, she qualified as a chartered accountant in 1989. She is registered in the Register of Chartered Accountants of Varese and is enrolled with the Register of Statutory Auditors.

Founding member of "Studio Associato Pasotti" located in Varese, she has been a member of the Board of Directors of the Register of Chartered Accountants and Accounting Experts of Varese since January 2017 to February 2022.

She has been a member of the Board of Auditors of OIV ("Organismo Italiano di Valutazione") since March 2018. She has served as Auditor for over twenty years, also holding the position of Chairman and Auditor of the accounts of joint stock companies and public bodies. Member of the Board of Statutory Auditors of Servizi Aerei S.p.A. - company subject to the management and coordination of ENI S.p.A. - from 15.04.2022 until the approval of the Financial Statements at 31.12.2024.

She served as a member – independent and non-executive – of the Board of Directors of BANCA CARIGE S.p.A. from July 11, 2017 to January 2, 2019, and as a member of the Remuneration Committee, of the Risk Committee and of the Nomination and Governance Committee. She has also been a member of the Board of Directors of Carige REOCO S.p.A. until May 2019.

Past Contract lecturer for non-institutional teaching activities at the Carlo Cattaneo University – LIUC – University in Castellanza (Varese, Italy)..

Massimo Gatto - Statutory Auditor

Massimo Gatto was born in Rome on 27 June 1963. He graduated in Economics and Business from University of "La Sapienza" in Rome, he is Chartered accountant registered in Order of Roma and in the Register of Legal Auditors.

He is a consultant for several companies operating in the commercial sector.

He has served as Chairman of the Board of Statutory Auditors and Statutory Auditor of listed companies, focusing on governance in terms of controls and risks.

He currently carries out his professional activity in his own firm in Rome.

He holds the following significant positions pursuant to Article 148-bis of the Italian Consolidated Law on Finance ("TUF") on the accumulation of offices:

Chairman of the Board of Statutory Auditors of MARR S.p.A., Chairman of the Board of Statutory Auditors of Poste Welfare Servizi S.r.l., Statutory Auditor of SACE BT S.p.A (SACE GROUP).

Member of supervisory bodies pursuant to Decree 231 of Italian stock companies.

Giacomo Ramenghi - Statutory Auditor

Giacomo Ramenghi was born in Bologna on 9 October 1970. He is Certified Public Account and is registered in the Register of Chartered Accountants of Bologna and in the Register of Statutory Auditors since 2003.

He began his collaboration with Studio Gnudi (offices in Bologna, Milan and Rome) in 2000 and has been a partner since 2006. He has worked, among others, with a leading international auditing firm. He is mainly involved in corporate, accounting and tax consulting, extraordinary transactions (mergers, demergers, contributions), valuation of companies and shareholdings. He has gained particular experience in advising on international accounting standards.

He has been Statutory Auditor of numerous companies, including listed ones. Over the years he has gained various experiences in companies belonging to the financial sector (banks, SIM, SGR and payment institutions).

He has been adjunct professor in financial statements matters since 2012 on the Master's Degree Course in "Economics and Profession" at the Faculty of Economics of the University of Bologna. He is registered in the Register of Technical Consultants of the Court of Bologna.

AI Terminal

FinecoBank

4321_cgr_2023-03-27_e87e5a56-ac3a-40fc-9848-76f788d33b83.pdf

REPORT ON THE CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURE

Contents

GLOSSARY

INTRODUCTION

1. PROFILE OF THE ISSUER

1.1. The corporate governance model

1.1.1 Shareholders' Meeting

1.1.2 Board of Directors

1.1.3 Board committees

1.1.4 Board of Statutory Auditors

1.1.5 External Auditors

2. INFORMATION ON OWNERSHIP STRUCTURES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, TUF)

a) Share Capital Structure (pursuant to Article 123-bis, paragraph 1, letter a) of the TUF)

b) Restrictions on the transfer of securities (pursuant to Article 123-bis, paragraph 1, letter b) of the TUF)

c) Significant holdings in capital (pursuant to Article 123-bis, paragraph 1, letter c), of the TUF)

d) Securities conferring special rights (pursuant to Article 123-bis, paragraph 1, letter d), of the TUF)

e) Employee Shareholdings: mechanism for exercising voting rights (pursuant to Article 123-bis, paragraph 1, letter e), of the TUF)

f) Restrictions on voting rights (pursuant to Article 123-bis, paragraph 1, letter f), of the TUF)

g) Shareholder agreements (pursuant to Article 123-bis, paragraph 1, letter g), of the TUF)

h) Change of control clauses (pursuant to Article 123-bis, paragraph 1, letter h), of the TUF) and articles of association provisions on takeover bids (pursuant to Article 104, paragraph 1-ter, and 104-bis, paragraph 1, of the TUF)

i) Delegations to increase share capital and authorisations to purchase treasury shares (pursuant to Article 123-bis, paragraph 1, letter m) of the TUF)

l) Management and coordination activities (pursuant to Article 2497 et seq of the

Italian Civil Code)

3. COMPLIANCE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER A) OF THE TUF)

4. BOARD OF DIRECTORS

4.1 Role of the Board of Directors

4.1.1 Duties

4.1.2 Competing activities

4.2. Appointment and replacement (pursuant to Article 123-bis, paragraph 1, letter l), part 1, of the TUF)

4.3 Composition (pursuant to Article 123-bis, paragraph 2, letter d), and d)bis of the TUF)

Code.

4.3.1 Diversity criteria and policies in the composition of the Board and the company organisation

4.3.2. Maximum number of positions held in other companies

* * *

4.4 Functioning of the Board of Directors (pursuant to Article 123-bis, paragraph 2, letter d) of the TUF)

4.5 Role of the Chairman of the Board of Directors

Secretary of the Board

4.6 Executive Directors

4.6.1 Managing Directors: Managing Director and General Manager

4.6.2 The Chairman of the Board of Directors

4.6.3 Reporting to the Board of Directors by Directors/Delegated Bodies

4.6.4 Other executive directors

4.7 Independent directors and lead independent directors

Criteria and materiality thresholds for assessing independence

4.7.1 Lead Independent Director

5. PROCESSING OF COMPANY INFORMATION

6. INTERNAL COMMITTEES OF THE BOARD OF DIRECTORS (PURSUANT TO ARTICLE 123- BIS, PARAGRAPH 2, LETTER D) OF THE TUF)

6.1 CORPORATE GOVERNANCE AND ENVIRONMENTAL AND SOCIAL SUSTAINABILITY COMMITTEE

6.1.1 Composition and functioning of the Corporate Governance and Environmental and Social Sustainability Committee

6.1.2 Functions of the Corporate Governance and Environmental and Social Sustainability

Committee

6.1.3 Activities performed

7. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE

7.1 Self-assessment and succession of Directors

Succession plans

7.2 Appointments Committee

7.2.1 Composition and functioning of the Appointments Committee

7.2.2 Functions of the Appointments Committee

7.2.3 Activities performed

8. REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE

8.1 Remuneration of Directors

8.2 Remuneration Committee

8.2.1 Composition and functioning of the Remuneration Committee (pursuant to Article 123-bis, paragraph 2, letter d), TUF)

8.2.2 Functions of the Remuneration Committee

9. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM - RISK AND RELATED PARTIES COMMITTEE

Board of Directors and Risk and Related Parties Committee;

Board of Statutory Auditors

Control Functions

The Risk Management function

The Compliance Function

9.1 Chief Executive Officer

9.2 Risk and Related Parties Committee

9.2.1 Composition and functioning of the Risk and Related Parties Committee (pursuant to Article 123-bis, paragraph 2, letter d) of the TUF)

9.2.2 Functions assigned to the Risk and Related Parties Committee

9.2.3 Activities performed

9.3 Head of the Internal Audit Function

9.4 Organisational model pursuant to Legislative Decree 231/2001