Glossary 3
1. Issuer profile 4
Governance4 Mission 6 Corporate social responsibility 7
2. Information on the shareholding structure (ex-Article 123-bis, paragraph 1, TUF) 8
a) Share capital structure (ex-Article 123-bis, paragraph 1, letter a), TUF) 8 b) Restrictions on the transfer of shares (ex-Article 123-bis, paragraph 1, letter b), TUF) 8 c) Significant shareholdings (ex-Article 123-b, paragraph 1, letter c), TUF)8 d) Shares granting special rights (ex-Article 123-bis, paragraph 1, letter d), TUF)9 e) Employee shareholdings: mechanism for exercising voting rights (ex-Article 123-bis, paragraph 1, letter e), TUF) f) Restrictions on voting rights (ex-Article 123-bis, paragraph 1, letter f), TUF)9 g) Shareholder agreements (ex-Article 123-bis, para. 1, letter g), TUF)9 h) Change-of-control clauses (ex-Article 123-b, paragraph 1, letter h), TUF) and statutory provisions on takeover bids (ex-Articles 104, paragraph 1-ter, and 104-bis, paragraph 1)9 i) Powers to increase share capital and authorisation to buy treasury shares (ex-Article 123-bis, paragraph 1, letter m), TUF) 9 l) Management and administration activity (ex-Article 2497 et seq., Italian Civil Code)9	9
3. Compliance (ex-Article 123-bis, paragraph 2, letter a), TUF)10
4. Board of Directors 10
4.1. Appointment and replacement (ex-Article 123-bis, paragraph 1, letter l), TUF)10 4.2. Composition (ex-Article 123-bis, paragraph 2, letter d), TUF)12
4.3. Role of the Board of Directors (ex-Article 123-bis, paragraph 2, letter d), TUB)17
4.4. Delegated Bodies21 4.5. Other Executive Directors24 4.6. Independent Directors25 4.7. Lead Independent Director 25
5. Processing corporate information 26
6. Internal Board Committees (ex-Article 123-bis, paragraph 2, letter d), TUF) 26
7. Appointments Committee 26
8. Remuneration Committee 27
9. Directors' remuneration28
10. Risk Management and Internal Control Committee 28
11. Risk management and internal control system 30
11.1. Director in charge of the risk management and internal control system 34 11.2. Head of Internal Audit35 11.3. Organisational Model ex-Italian Legislative Decree no. 231/2001 36 11.4. External Auditor 38 11.5. Financial Reporting Officer responsible for preparing company accounts and other roles and company functions
38 11.6. Coordination between individuals involved in the risk management and internal control system39
12. Directors' interests and related-party transactions40
13. Appointment of Statutory Auditors 41

14. Composition and functioning of the Board of Statutory Auditors (ex-Article 123-bis, paragraph 2, letter d), TUF)43
15. Relations with shareholders46
16. Shareholders' Meetings (ex–Article 123-bis, paragraph 2, letter c), TUF)46
17. Further corporate governance practices (ex-Article 123-bis, paragraph 2, letter a), TUF)48
18. Changes since the end of the reference financial year48
19. Considerations on the letter dated 21st December 2018 from the President of the Corporate Governance Committee	48
TABLES 50
TABLE 1: STRUCTURE OF THE BOARD OF DIRECTORS AND ITS COMMITTEES 50
TABLE 2: POSTS HELD BY MEMBERS OF THE BOARD OF DIRECTORS IN OTHER COMPANIES	51
TABLE 3: STRUCTURE OF THE BOARD OF STATUTORY AUDITORS 52
TABLE 4: POSITIONS HELD BY THE MEMBERS OF THE BOARD OF STATUTORY AUDITORS IN OTHER
COMPANIES 53

Glossary

Code/Corporate Governance Code: the Corporate Governance Code for Listed Companies approved in July 2015 by the Corporate Governance Committee and promoted by Borsa Italiana S.p.A., ABI, Ania, Assogestioni, Assonime and Confindustria.

Cod. civ./c.c.: Italian civil code.

Board: the Issuer's Board of Directors.

Issuer: the issuer of securities to which this Report refers.

Financial year: the corporate financial year to which this Report refers.

Consob Issuer Regulations: the Regulations concerning issuers implemented with Consob's (Italian financial market regulator) resolution no. 11971 of 1999 (as amended).

Consob Market Regulations: the Regulations concerning markets implemented with Consob's resolution no. 16191 of 2007 (as amended).

Consob Related Party Transactions Regulations: the Regulation relating to transactions with related parties implemented with Consob's resolution no. 17221 of 12 March 2010 (as amended).

Report: the report on corporate governance and company shareholding structure that companies are required to prepare pursuant to Article 123-bis of the Italian Consolidated Finance Law (TUF).

Italian Consolidated Finance Law (TUF): Italian Legislative Decree no. 58 of 24 February 1998.

Italian Consolidated Banking Law (TUF): Italian Legislative Decree no. 385 of 1st September 1993.

1. Issuer profile

Governance

Banca IFIS is the Parent Company of the Banca IFIS Banking Group and adopts the traditional model of administration and control, believing it to be the most suitable for its business to ensure efficient administration and effective control.

For Banca IFIS, the traditional model of administration and control has so far yielded good results in terms of creating value for shareholders, strengthening capital and ensuring financial balance. The presence of minority shareholders within Management Bodies, thanks to the list vote mechanism that has been included for some time in the Articles of Association, the growing ability to provide financial support for SMEs and to return insolvent private parties to a status as solvent debtors and potential borrowers of new credit, in addition to the steady growth in the number of employees, enhance the Group's ability to meet the expectations of its stakeholders. The stability of the Bank and the Group, which is also evident from the comprehensive and fruitful dialogue with the Supervisory Authorities, has, in turn, confirmed the choice of the traditional model.

The traditional model appears, including from a future viewpoint, to be the most suitable to secure a harmonious and orderly development for the Group, in that it places strategic supervision, administration and control skills within a structure that has so far proved to be effective and efficient, facilitating a clear definition of responsibilities, a streamlined decision-making process and effective dialogue between the bodies themselves.

The traditional administration and control system adopted by the Bank suggests that:

strategic supervision is carried out by the Board of Directors;
management is carried out by the Chief Executive Officer. The General Manager assists in this management function;
control is performed by the Board of Statutory Auditors.

There are three committees set up within the Board of Directors, which provide the strategic supervision body with proposals and consultation work that allows it to take its decisions with greater knowledge. These committees are:

Risk Management and Internal Control Committee;
Appointments Committee;
Remuneration Committee.

The General Manager assists with the management function and, coordinating with the Chief Executive Officer, implements the Board of Directors' directives.

Three Management Committees have also been introduced: the Investments Committee, the Leasing Committee and the Overdrafts Committee. These committees have been granted powers to make decisions regarding assuming credit risk.

Finally, the following control departments have been set up within Banca IFIS S.p.A.:

Internal Audit;
Risk Management;
Compliance Office;
Anti-Money Laundering Unit.

In accordance with what is set out in Circular 285/2013 (Section II, Chapter 3, Heading IV, Part I), "corporate governance sources and legislation attribute, thus, control tasks to specific departments (other than control departments) or to committees within the management body, whose activities are to be structured in line with the internal control system".

In particular, the following have been instituted within Banca IFIS, in relation to its status as a banking business with listed shares:

a Supervisory Board, constituted pursuant to Italian Legislative Decree 231/2001, which oversees the effectiveness of, compliance with and updating of the "organisational, management and control models" capable of preventing crimes set out in Italian Legislative Decree 231/2001;
a Financial Reporting Officer (Article 154-bis, Italian Consolidated Finance Law (TUF)), who is supported in their activities by the Financial Reporting Monitoring and Control organisational unit.

The current overall structure of corporate governance is represented by the following diagram:

As regards the Bank of Italy's supervisory provisions on corporate governance (Circular no. 285 of 17th December 2013 as amended), Banca IFIS falls under the category of banks that are larger or more complex in terms of their operations as it is a company listed on the Italian Stock Exchange.

Banca IFIS does not fall under the definition of an SME pursuant to Article 1, paragraph 1, letter w-quarter 1) of the Italian Consolidated Finance Law (TUF) and Article 2-ter of the Consob Issuer Regulations.

During the 2018 financial year, IFIS Leasing S.p.A., bought from the GE Group in 2016, was merged by incorporation, the assignment of Banca IFIS's business division dedicated to non-deteriorated credit to IFIS NPL S.p.A. was completed, and the companies Cap.Ital.Fin. S.p.A. and Credifarma S.p.A. were bought. On 22nd November, the Bank of Italy issued its authorisation to purchase a controlling shareholding in FBS S.p.A.: that transaction was completed on 7th January 2019.

Therefore, at 31th December 2018 the Banking Group is currently made up of:

Parent Company Banca IFIS S.p.A.;
IFIS Finance Sp. z o.o., a financial company under Polish law, already 100% controlled by Banca IFIS S.p.A.;
IFIS NPL S.p.A., a a financial intermediary registered in the single register ex-Article 106, formed on 5th December 2017 and 100% controlled by Banca IFIS S.p.A, which purchases and collects non-performing credit;
Cap.Ital.Fin. S.p.A., a financial company ex-Article 106, Italian Consolidated Banking Act (TUB), specialising in salary-backed loans, 100% controlled by Banca IFIS S.p.A.;
Credifarma S.p.A., a financial intermediary registered in the single register ex-Article 106, Italian Consolidated Banking Act (TUB) and 70% controlled by Banca IFIS S.p.A., whose purpose is the granting of short- and mediumterm financing to pharmacies and the organised and coordinated management of transactions aimed at facilitating the disposal, administration and collection of trade credits granted by these pharmacies to the Italian National Health Service and public and private healthcare providers.

Banca IFIS S.p.A. also controls a non-financial company specialising in operating leases (IFIS Rental Services S.r.l.), which – like Two Solar Park 2008 S.r.l., included in the Group's consolidated financial statements – is not included in the Banking Group's business lines.

As anticipated, on 7th January the acquisition of FBS S.p.A.: FBS is a financial intermediary registered in the single register ex-Article 106, Italian Consolidated Banking Act (TUB) no. 67, 90% controlled by Banca IFIS S.p.A., which assesses, manages (including as a servicer pursuant to Italian Law no. 130 of 1999) and purchases impaired credit provided by Italian credit institutions. FBS S.p.A. also holds a 99.28% stake in FBS Real Estate S.p.A., a commercial estate agent company.

Mission

The Banking Group currently carries out the following operational activities:

financial support: principally to SMEs, through factoring activities in Italy and abroad, carried out both through the Parent Company's internal structures (International Area) and through the subsidiary IFIS Finance;
leasing: Banca IFIS has entered the finance lease and operating lease markets (managed by IFIS Rental Services), with particular reference to the transportation, instrumentation and technology sectors;
corporate banking (managed by Banca IFIS): aimed at supporting companies to develop internal or external business lines and, in particular, in extraordinary transactions aimed at repositioning, expanding, and/or developing alliances or mergers;
outright purchase: mainly concerning receivables claimed against Italian healthcare providers and through packages of solutions offered to pharmacists, which include instalment financing for current debt consolidation;
the non-recourse purchase (through IFIS NPL) of non-performing loans (due almost exclusively from individuals) from other intermediaries (mainly consumer credit companies and banks) and management (including through FBS for property and/or corporate credit) of the associated credit assessment chain, from assisting debtors in drawing up sustainable repayment plans through a variety of communication channels (call centre, professional agents and external debt collection companies) to collecting these loans (also through enforced recovery where debtors have the economic, financial and asset resources to be able to pay but are unwilling to do so) or transformation into salary-backed loans (through Cap.Ital.Fin.);
purchase and management of tax credits;
granting of short- and medium-term financing to pharmacies (through Credifarma) and the organised and coordinated management of transactions aimed at facilitating the disposal, administration and collection of credits granted by these pharmacies to the Italian National Health Service and public and private healthcare providers;
financing through INPDAP or INPS pension-backed loans, salary-backed loans (for public, state or private employees) and authorised salary deductions;
online retail deposits developed through the rendimax deposit account and the contomax current account.

In June 2017, the Bank was also authorised to carry out investment services and activities pursuant to Article 19, paragraph 4, of the Italian Consolidated Finance Law (TUF).

The guidelines regarding Banca IFIS's competitive positioning, for 2018, were soundness, liquidity and sustainable profitability.

Soundness: safeguarding assets through high levels of solvency that are capable of supporting the Bank's growth;
Liquidity: availability of retail deposits and eligible assets for refinancing through the Eurosystem; maintenance of assets that can be converted into cash for tactical purposes; extension of funding maturity dates in line with the increase in medium- to long-term exposures (commercial lending transactions, structured financing, …).

Sustainable profitability: use of high yield in line with risk; growth in profitability in absolute terms for all of the Bank'ssectors; electing to use resources based on yield in line with risk (MDI/Investment, absorbed net profit/capital – RORAC).

Corporate social responsibility

Banca IFIS supports the addition of economic, social and environmental sustainability into its business strategies, in the knowledge that the process of creating value is not limited to its profitable component.

The Bank introduced its Code of Ethics as a result of the Board resolution passed on 4 July 2003 and last updated on 22 December 2016. This Code states the rights, duties and responsibilities of the Group's components as regards all parties with whom they have dealings in order to accomplish their company purpose (clients, debtors, suppliers, employees and/or external contract workers, shareholders, supervisory authorities, institutions). It is therefore a directive with rules of conduct that must be followed when carrying out daily operations, in compliance with the legislation and regulations in force in all the countries where the Group operates. The Code establishes standards and rules of conduct designed to reinforce corporate decision-making processes and guide the conduct of all contract workers in the Group's companies. The Code of Ethics requires consistent behaviour from management and other contract workers, i.e. actions which do not, even if only in spirit, differ from corporate ethical principles. Each Contract Worker must respect the rules contained in this Code of Ethics in the course of their activities. The Code of Ethics also aims to contribute to greater cohesion among Group Contract Workers, making them aware and attentive, within their functions and responsibilities, in pursuing, in different situations, business objectives with correct and fair methods. Finally, the Code of Ethics is based on the assumption that working in an environment that gives equal value to propriety contributes to the growth of the working capacity of the individual and the company as a whole. The document is available on the company website www.bancaifis.it in the "Corporate Governance/The value of ethics" section.

As part of its corporate responsibility obligations and with the desire to ensure that its business activities are carried out transparently and fairly, Banca IFIS has elected to adopt an organisational and management model in line with what is set out in Italian Legislative Decree 231/2001 to protect its institutional role and its image, and to satisfy the expectations of shareholders and those who work for and with the Bank.

The Organisational Model was adopted in the belief that it is a sound means of informing those who work for and with the Bank, so that they behave correctly and fairly when performing and conducting their activities, so as to prevent the risk of the offences set out in Italian Legislative Decree no. 231/2001 being committed.

This is an organic set of principles, rules, provisions, organisational structures and connected tasks and responsibilities aimed at creating and diligently managing a system to monitor and control sensitive activities for the purposes of preventing the offences set out in Italian Legislative Decree 231/2001 being committed. The Model – adopted in 2004 and last updated in February 2019 to ensure it is constantly in line with current legislation and regulatory provisions – forms part of a wider system of controls formed principally by the internal control systems and by Banca IFIS's Corporate Governance rules.

Banca IFIS, believing that the organisational and management model is a fundamental part of the Group's business policy tools, extends the organisational tools referred to in the Organisational Model adopted by the Bank, as far as they apply, to the Bank's Subsidiary Companies.

Finally, Banca IFIS, fulfilling the obligations introduced by Italian Legislative Decree 254/2016 (with which Italy implemented Directive 2014/95/EU), from the 2017 financial year, has published the Non-Financial Declaration, a document with which large companies or groups and public interest bodies, report on subjects regarding the environment, society, staff, respect for human rights, the fight against active and passive corruption, based on the significance of these subject for each business, also in light of their activities and characteristics.

2. Information on the shareholding structure (ex-Article 123-bis, paragraph 1, TUF)

a) Share capital structure (ex-Article 123-bis, paragraph 1, letter a), TUF)

As at 31 December 2018, subscribed and fully paid-up share capital equalled €53,811,095.00, divided into 53,811,095 ordinary shares with a nominal value of €1.00 each, as shown in the following table:

SHARE CAPITAL STRUCTURE	No. of shares	% of share capital	Listed (market) / unlisted	Rights and obligations
Ordinary shares	53,811,095	100%	Listed (on MTA - Milan electronic equity market)	Each ordinary share attributes the right to one vote

At 31 December 2018, there were no other financial instruments issued that attribute the right to subscribe to newly issued shares.

For the shares to be allocated as variable remuneration to the Chief Executive Officer, the General Manager and to any other employee considered as "Key personnel", please refer to the Remuneration Report prepared pursuant to Article 123-ter of the Italian Consolidated Finance Law (TUF) and the Information Document on equity-based remuneration plans pursuant to Articles 114-bis of TUF, and 84-bis of the Consob Issuer Regulations. These documents are available on our website www.bancaifis.it in the "Shareholders' Meetings" and "Remuneration" sections.

b) Restrictions on the transfer of shares (ex-Article 123-bis, paragraph 1, letter b), TUF)

There are no restrictions on the transfer of shares, save for the retention periods required for shares to be allocated as variable remuneration to the Chief Executive Officer, the General Manager and any other employee considered to be "Key personnel". For more details on the shares to be assigned to these Corporate Officers, please refer to the Remuneration Report prepared pursuant to Article 123-ter of the Italian Consolidated Finance Law (TUF).

c) Significant shareholdings (ex-Article 123-b, paragraph 1, letter c), TUF)

Based on communications issued pursuant to Article 120 of the Italian Consolidated Finance Law and communications issued by key personnel pursuant to Article 152-octies of the Consob Issuer Regulations, the following table shows who, at 31st December 2018, possesses, directly or indirectly, shares with voting rights representing more than 3% of share capital.

Declarant	Direct Shareholder	% of ordinary capital	% of voting capital
SEBASTIEN EGON FÜRSTENBERG	La Scogliera S.p.A.	50.168%	50.168%
GIOVANNI BOSSI	Giovanni Bossi	3.454%	3.454%

It is appropriate to point out that:

La Scogliera aims to ensure unity and continuity in managing its controlling shareholding in Banca IFIS S.p.A. pursuant to Article 2359, Italian Civil Code;
Even though it is the majority shareholder, La Scogliera S.p.A. does not perform any management and administration activity regarding Banca IFIS S.p.A.;
La Scogliera S.p.A.'s company purpose expressly excludes management and administration of the financial companies and banks in which it owns shareholdings.

d) Shares granting special rights (ex-Article 123-bis, paragraph 1, letter d), TUF)

No shares have been issued that grant special control rights.

e) Employee shareholdings: mechanism for exercising voting rights (ex-Article 123-bis, paragraph 1, letter e), TUF)

Any employees holding shares of the Company exercise their shareholder rights in the same ways as other shareholders.

f) Restrictions on voting rights (ex-Article 123-bis, paragraph 1, letter f), TUF)

The Company knows of no restrictions on voting rights.

g) Shareholder agreements (ex-Article 123-bis, para. 1, letter g), TUF)

Banca IFIS S.p.A.'s Board of Directors knows of no agreements between the Company's shareholders as defined by Article 122 of the Italian Consolidated Finance Law (TUF). However, during acquisition, the Bank has stipulated shareholders' agreements with minority shareholders in Credifarma and FBS.

h) Change-of-control clauses (ex-Article 123-b, paragraph 1, letter h), TUF) and statutory provisions on takeover bids (ex-Articles 104, paragraph 1-ter, and 104-bis, paragraph 1)

Banca IFIS knows of no significant agreements between its shareholders that take effect, are modified or cease in the event of a change in control of its contracting company.

However, with regard to the constraints on transferring shares, it should be noted that:

the agreements undertaken between Banca IFIS and Federfarma when the Bank purchased control of Credifarma S.p.A. state that the two shareholders cannot transfer, in whole or in part, the Credifarma shares they hold at any one time until the end of the 5th year following the agreement being stipulated; shares can be transferred from one of the Parties to one of its Subsidiary Companies;
the agreements undertaken between Banca IFIS and the Main Shareholder in FBS S.p.A. when the Bank purchased the company state that the two shareholders cannot transfer, in whole or in part, the FBS S.p.A. shares they hold at any one time until the end of the 3rd year following 7th January 2019; shares can be transferred to a Subsidiary Company.

Banca IFIS S.p.A.'s Articles of Association do not contravene the passivity rule set out by Article 104, paragraphs 1 and 2, of TUF, nor do they envisage the application of the neutralisation rules set out by Article 104-b, paragraphs 2 and 3, of TUF.

i) Powers to increase share capital and authorisation to buy treasury shares (ex-Article 123-bis, paragraph 1, letter m), TUF)

As at 31st December 2018, the Board was not empowered to increase share capital pursuant to Article 2443, Italian Civil Code, or to issue equity financial instruments.

The Ordinary Shareholders' Meeting of 19th April 2018 has not authorised the purchase of treasury shares, pursuant to Articles 2357 et seq., Italian civil code and Article 132 of Italian Legislative Decree 58/98.

l) Management and administration activity (ex-Article 2497 et seq., Italian Civil Code)

Even though it is the majority Shareholder, La Scogliera S.p.A. does not perform any management and administration activity within Banca IFIS S.p.A. In this regard, as noted above, it is noted that La Scogliera S.p.A.'s company purpose expressly excludes management and administration of the financial companies and banks in which it owns shareholdings.

It should be noted that:

the information required by Article 123-bis, paragraph 1, letter i) ("agreements between the Company and its Directors …. which set out indemnities in the event of resignation or dismissal without just cause or if the employment contract ceases following a takeover bid"), can be found in the Remuneration Report published pursuant to Article 123-ter, TUF;
the information required by Article 123-bis, paragraph 1, letter l) ("rules applicable to the appointment and replacement of Directors … as well as any amendment of the Articles of Association, apart from supplementations resulting from additional legislative and regulatory provisions"), is illustrated in the section of this Report dedicated to the Board of Directors (Section 4.1).

3. Compliance (ex-Article 123-bis, paragraph 2, letter a), TUF)

Banca IFIS S.p.A. complies with the Corporate Governance Code for listed companies approved in 2006 by the Corporate Governance Committee and promoted by Borsa Italiana S.p.A., last updated in July 2018.

The Code is available to the public on the Corporate Governance Committee's website at: http://www.borsaitaliana.it/borsaitaliana/regolamenti/corporategovernance/codice2015.pdf.

Banca IFIS's Corporate Governance structure is not influenced by non-Italian laws.

IFIS Finance Sp. z o.o., a factoring company 100% owned by the Issuer, is a Polish legal entity and is therefore subject to Polish legislation. However, this in no way affects Banca IFIS S.p.A.'s Corporate Governance structure because of the subsidiary's limited size in relation to the Parent Company.

4. Board of Directors

4.1. Appointment and replacement (ex-Article 123-bis, paragraph 1, letter l), TUF)

Members of the Board of Directors are appointed on the basis of lists presented by shareholders. Candidates are listed in sequential order and their number must not exceed the maximum number of Members established by the Articles of Association (fifteen).

Only shareholders who, alone or together with others, own at least 1% of ordinary shares at the time of submission have the right to submit lists. A lower ownership threshold is possible and – as per current legislation – must be indicated in the notice convening the Shareholders' Meeting called to vote to appoint the Board of Directors.

A shareholder can neither submit nor vote for more than one list, not even via agents or trust companies. Shareholders belonging to the same group and shareholders forming part of a shareholder agreement concerning the Company's shares cannot submit or vote for more than one list, not even via agents or trust companies. A candidate may only appear on one list or they are considered ineligible.

Lists must be submitted to the Company's registered office at least twenty-five days prior to the date set for the first-call Shareholders' Meeting, and must be made available to the public at the Company's registered office, on the Company's website and via other methods provided for by current legislation and regulatory provisions at least twenty-one days prior to the date set for the first-call Shareholders' Meeting.

The ownership of the minimum number of shares needed to submit lists is determined by taking into account the shares recorded in the name of the individual shareholder or multiple shareholders jointly, on the day the lists are submitted to the Company. In order to prove ownership of the number of shares needed to submit lists, shareholders can produce the relevant certification even after the submission of lists, provided this is prior to the deadline set for the Company to publish the lists.

The lists must be accompanied by:

information relating to the identity of shareholders who submitted lists, stating the overall percentage of shares held;

a declaration of the shareholders other than those who hold, including jointly, a controlling or relative majority shareholding, certifying the absence of relationships with the latter, as indicated in Article 147-ter, TUF, and Article 144-quinquies of Consob Issuer Regulations;
exhaustive information on candidates' personal and professional characteristics, as well as a declaration by the candidates themselves certifying possession of the requirements established by law and their acceptance of candidacy.

Candidates who do not meet the requirements of integrity, professionalism and independence established by Article 26, Italian Legislative Decree no. 385/1993 cannot be included on lists. It should be noted that the legislation implementing Article 26, Italian Consolidated Banking Act (TUB) – for which definitive approval is awaited – is also based on the contents of the ECB's Fit and Proper Assessment Guidelines, proposing the introduction of new parameters for the suitability of corporate officers, including: the criteria of fairness, experience, independence of mind and independence from members of management bodies, as well as integrity and professionalism.

Each list must also indicate:

at least a quarter of the members (if this ratio is not an integer, round it down to the next lowest whole number if the first decimal is less than or equal to 5; otherwise round it up to the next highest whole number) that meet the independence obligations provided for both by the Corporate Governance Code for Listed Companies required by Borsa Italiana S.p.A. and Article 148, paragraph 3, Italian Legislative Decree no. 58/1998. These candidates must be the first four names on the list in sequential order;
at least a third of the list must be made up of candidates representing the least represented gender, except for lists containing fewer than three candidates.

Members of the Board of Directors are elected as follows:

1. all Directors except one are elected from the list obtaining the highest number of votes at the Shareholders' Meeting, according to the sequential order with which they are indicated on the list;
1. one Director is elected from the list obtaining the highest number of votes at the Shareholders' Meeting and who, pursuant to Article 147-ter, paragraph 3, TUF, is in no way connected, not even indirectly, with the shareholders who submitted or voted for the list that came first in terms of the number of votes obtained.

Should this selection criteria fail to ensure proper gender balance to the extent established on a case by case basis by Italian Law, a sliding mechanism is applied to the selection from the list which obtained, during the Shareholders' Meeting, the highest number of votes based on the sequential order in which the candidates are indicated. This mechanism excludes the candidate or candidates of the most represented gender and selects the candidate or candidates of the unrepresented gender.

If just one list of candidates is submitted, the names indicated on that list will be elected as Members of the Board of Directors, up to the number of Directors to be elected less one, who shall be elected by the Shareholders' Meeting there and then, based on a simple majority but excluding from the vote the shareholders who submitted the single list, and based on the proposal of the shareholders not excluded from the right to vote.

In any case, at least a quarter of the Members of the Board of Directors must meet the independence requirements established both by the Corporate Governance Code for Listed Companies prepared by Borsa Italiana S.p.A. and Article 148, paragraph 3, Italian Legislative Decree no. 58/1998.

If, during the year, less than a quarter of the Directors are found to meet such requirements, the Board will resolve to terminate the role of one or two of its Members who have ceased to meet such requirements, based on a criterion of shorter tenure, or, in the case of equal tenure, lower age, and will co-opt one or two independent members.

The laws in force, without the involvement of list voting, shall govern any replacement of Directors, except in the event that all Directors cease their roles.

In the event that the Director elected from the list that obtained the highest number of votes at the Shareholders' Meeting ceases, and provided that, pursuant to Article 147-ter, paragraph 3, Italian Consolidated Finance Law (TUF), listed candidates have no connections, not even indirectly, with the shareholders who submitted or voted for the list that came first in terms of number of votes obtained, the Board will first check the continued availability of the candidates included on the list, according to the its sequential order, and will co-opt members based on this criterion of preference.

If a Director belonging to the least represented gender ceases, the co-opted Director shall be of the same gender.

Succession Plans

Our reflections on governance during 2018 led the Board to confirm the decision not to adopt a succession plan for Executive Directors in light of the interchangeability between the CEO and the General Manager for ordinary management purposes.

4.2. Composition (ex-Article 123-bis, paragraph 2, letter d), TUF)

In accordance with the Company's Articles of Association, the Board of Directors is composed of a minimum of five up to a maximum of fifteen members, elected by the Shareholders' Meeting. They remain in office for a maximum of three years, as established at their appointment, and will leave office on the date of the Shareholders' Meeting convened to approve the financial statements for their last year of office.

The composition of the Board in office as at the end of the 2018 financial year, as also shown in Table 1 attached to this Report, is as follows:

Sebastien Egon Fürstenberg (President of the Board of Directors);
Alessandro Csillaghy de Pacser (Vice President of the Board of Directors; Executive Director);
Giovanni Bossi (Chief Executive Officer);
Giuseppe Benini (Lead Independent Director);
Francesca Maderna (Independent Director);
Antonella Malinconico (Independent Director);
Marina Salamon;
Riccardo Preve;
Daniele Santosuosso (Independent Director).

The present Board of Directors was elected at the Ordinary Shareholders' Meeting of 22 March 2016 for the 2016, 2017 and 2018 financial years and will leave office on the date the Shareholders' Meeting meets to approve the 2018 financial statement.

A list of candidates was submitted by the majority shareholder "LA SCOGLIERA S.p.A." and Daniele Santosuosso was proposed by "Studio Legale Trevisan & Associati" to be appointed as a member of the Board of Directors on behalf of the following group of investors:

Arca S.G.R., Arca Economia Reale Equity Italia fund manager;
Eurizon Capital S.G.R. S.p.A., Eurizon Azioni Italia and Eurizon Azioni PMI Italia fund manager;
Eurizon Capital SA, Eurizon EasyFund-Equity Italy LTE and Eurizon EasyFund-Equity Italy fund manager;
Fideuram Asset Management (Ireland), Fonditalia Equity Italy fund manager.

The group of shareholders, whose overall shareholding in the Bank was equivalent to 0.38%, confirmed the absence of connections and/or significant relationships with shareholders who hold, separately or jointly, controlling or relative majority shareholdings as set out in Article 147-ter, paragraph 3, TUF, and 144-quinquies of the Consob Issuer Regulations approved with resolution 11971/99 and, more generally, the Articles of Association and current legislation and regulatory provisions.

The list of candidates, the list of those people elected and the percentage of votes obtained in relation to voting capital are shown below:

	List of candidates	List of those elected	Percentage of votes obtained
List submitted by the majority shareholder "LA SCOGLIERA S.p.A."	Sebastien Egon Fürstenberg Giuseppe Benini Francesca Maderna Antonella Malinconico Alessandro Csillaghy de Pacser Giovanni Bossi Riccardo Preve Marina Salamon Marzia Scarpa	Sebastien Egon Fürstenberg Giuseppe Benini Francesca Maderna Antonella Malinconico Alessandro Csillaghy de Pacser Giovanni Bossi Riccardo Preve Marina Salamon	97.88%
Proposed for appointment by "Studio

Legale Trevisan & Associati" on behalf of a group of investors (total shareholding 0.38%)

Daniele Santosuosso Daniele Santosuosso 97.11%

Diversity policies

The Board of Directors, when its mandate was renewed, invited Shareholders to consider, for the purposes of submitting lists of candidates, the Board's needs in terms of professionalism and skills (including managerial skills) deemed to be necessary to ensure that the composition of the Strategic Supervisory Body is optimal, as shown in the report on "Optimal Qualitative and Quantitative Composition of Banca IFIS's Board of Directors" approved by the Board of Directors on 2nd February 2016 and made available at the company's registered office, "Borsa Italiana S.p.A." and the authorised storage mechanism , as well as the Company's website. This document will be updated annually to support the selfassessment carried out by the Directors.

The process of selecting Board members ensures that the Board is diverse, guaranteeing that the Body has an adequate degree of diversification in terms of abilities, which must be extensive and diversified from both a managerial and technical perspective (in terms of legal, accounting, tax, financial, risk management and control, corporate governance, IT process, business organisation and human resources knowledge).

To ensure successful internal assessment and to contribute to decisions being made in the Bank's interests, members of the Board of Directors possess further specific skills and experience, reflecting the Bank's wide range of operations.

The correct performance of duties entrusted to the strategic supervisory body requires individuals who:

are fully aware of the powers and obligations attached to the duties they are required to carry out (executive and nonexecutive duties, independent members, etc.);
have a level of expertise that is appropriate for the role, including with regard to the Board's internal committees, and adjusted to the operating characteristics and size of the Bank;
have common yet diversified skills, in order to ensure that each member, both within their committees and as part of collective decision-making process, contributes to identify and pursue suitable strategies and to assure effective risk management in all areas of the Bank;
dedicate sufficient time and resources to the complexity of their duties, respecting the combined limits of the duties;
address their actions to the pursuit of the Bank's overall interests, regardless of the shareholding structure that voted for them or the list from which they are drawn;
guarantee operational and judgemental independence.

These skills are monitored annually through the self-assessment process, which requires each Director to judge their own level of technical-regulatory competences in relation to the Bank's business and any other subjects deemed necessary considering the Bank's activities.

The Bank is also aware that an appropriate degree of diversification in terms of age, gender and geographic origin gives a plurality of approaches and perspectives in analysing problems and taking decisions, avoiding the risk of behaviour that aligns with a dominant position, within or outside the Bank. Objectives regarding diversity in the composition of the Board must be pursued considering the skills and professionalism requirements which all directors must possess.

To this end, the adopted Board member selection process protects and promotes diversity right from the nomination phase, as the list vote mechanism governed by the Articles of Association ensures that at least one Director is chosen from minority shareholdings and that the regulatory provisions on the number of candidates belonging to the least represented gender are complied with. As already mentioned, at least a third of the Board of Directors must be made up of the least represented gender; the ideal composition of Banca IFIS's Board of Directors, considering requirements contained in the Articles of Association and relevant legislative and regulatory provision, provides for at least three members of the least represented gender.

As a result, the Bank does not consider it necessary to adopt additional specific diversity policies relating to the composition of the strategic supervisory body.

***

Banca IFIS has also adopted measures to promote equal opportunity and treatment of gender within the entire business organisation. In its selection process and in all aspects of staff management, the Group condemns discriminatory behaviour in respect of gender, age, religious or political belief and union membership, as well as all forms of nepotism and favouritism.

As clearly set out in the Code of Ethics, which represents the primary guideline for company conduct and ethics, all Group staff must behave with the utmost correctness, respecting the dignity and moral personality of each person. These rules also apply to Contract Workers.

Any behaviour contrary to these principles may be reported, with the personal data of the person making the report and the person accused of the violation being guaranteed, through the Whistleblowing mechanism. This is available to employees and contract workers and freelance professionals alike who regularly work with the Group. In 2018, no reports of discriminatory behaviour were made.

Regarding staff composition, it should be noted that 54% of the Group's employees are women. More precisely, around 40% of employees in a position of responsibility (Executives and Managers) are women.

The differences in base remuneration between men and women range from 2% to 21% in favour of men, in accordance with grade.

***

Below is a summary of the personal and professional characteristics of each Director in office as at the end of 2018 (pursuant to Article 144-decies, Consob Issuer Regulations) based on the declarations provided by each of them and attached to the lists, as well as any subsequent updates notified by those concerned.

President of the Board of Directors – Sebastien Egon Fürstenberg

Sebastien Egon Furstenberg has operated in the factoring sector for more than 30 years; in 1983 he founded the company I.Fi.S. S.p.A. – Istituto di Finanziamento e Sconto (now Banca IFIS S.p.A.).

He was Sole Director from 1992 and, since 2 February 2009, he has been President of the Board of Directors of La Scogliera S.p.A., a company whose purpose is to purchase, manage and sell investments in banks and financial companies and which is the majority shareholder in Banca IFIS S.p.A.

Vice President – Alessandro Csillaghy de Pacser

Alessandro Csillaghy de Pacser has operated in the factoring sector for more than 30 years and has been the Bank's Vice President since 1996, performing an executive role to develop the Bank's presence abroad, by establishing contact with local institutions and foreign entrepreneurs designed to further Banca IFIS's foreign business.

In particular, he has established representative offices in Central Europe, specifically in Romania and Hungary, and, for a while, worked at the Bank's office in Paris, France. Since 2011, he has been responsible for organising and developing the activities of the subsidiary company IFIS Finance Sp. z o.o., a Polish factoring company, as part of his role as President of the Board of Directors.

Chief Executive Officer – Giovanni Bossi

A graduate in Economics & Commerce and a chartered accountant, Giovanni Bossi has been registered in the Italian Register of Auditors since 1992. In the past, he has taught at the faculty of Finance Science and Law at Rome's Luiss University.

As a self-employed professional, he provided consulting services to industrial and financial groups located in Northern Italy, including those controlled by European public companies, as well as to Italian businesses regarding setting up and developing industrial and financial activities in East European countries.

Since May 1995, he has been the issuer's Chief Executive Officer. He was also Chief Executive Officer and then a Director of La Scogliera S.p.A. He resigned from this post on 20 November 2012.

Since 2018, he has also held the post of Chief Executive Officer of IFIS NPL and President of the Board of Directors of Cap.Ital.Fin., and assumed the role of President of the Board of Directors of of FBS in January 2019.

Director – Giuseppe Benini

Giuseppe Benini holds a degree in Economics and Business Administration from the University of Padua and has been enrolled since 1986 in the Verona Association of Chartered Accountants (section A) and in the Italian Register of Auditors. He works as a chartered accountant and auditor and has acquired significant experience in:

legal and accounting controls;
organisational models (Italian Legislative Decree 231/2001) for banking, industrial and service companies;
corporate restructurings ex-Articles 67 and 182-bis of the Italian Insolvency Act.

Director – Francesca Maderna

Francesca Maderna graduated in Economics and Business Administration in 1988 and has been registered in the Belluno Association of Chartered Accountants since 1990 and in the Italian Register of Auditors under no. 33675 since 1995.

She currently holds the post of Chief Executive Officer of Clinica Mediterranea S.p.A. and is Sole Director of Immobiliare del Nord S.p.A., a property management company.

She has also held the post of Director in various companies operating in the hollow glass sector (Gruppo AVIR).

Director - Antonella Malinconico

Antonella Malinconico graduated in Economics and Business Administration from the Federico II University of Naples, she received a PhD at the same University in Business and Financial Sciences. She is Associate Professor of Financial Intermediary Economics at the University of Sannio and is Professor of Financial Intermediary Economics and Corporate Finance. Her research on numerous subjects (including credit risk in banking intermediaries, management of non-performing loans, risk management, prudential supervision and SME financing) has led to her writing numerous publications.

Licensed to practise as a chartered accountant since 1995, she is a consultant on financial issues for many banking institutions, for which she also carries out training activities.

Previously she served as Deputy Director of the Bank of Italy's Naples Office and as a Director of Banca Antonio Capasso S.p.A.

Director – Riccardo Preve

A Sociology graduate, in 1980 Riccardo Preve founded Preve Costruzioni S.p.A., a public works infrastructure construction company that controls other road signage and construction companies.

He operates mainly in the property sector and has invested in the solar power sector.

He is currently President, Chief Executive Officer and Technical Director of various industrial companies, and is a Member of the Confindustria Council of Cuneo.

He has many years of experience in various financial companies and was President of Banca di Credito Cooperativo.

Director – Marina Salamon

With a university degree in History (specialising in Economic History), in 1982, Marina Salamon founded Altana S.p.A., one of Europe's foremost mid-range/luxury children's apparel companies.

In 2014, she acquired a majority shareholding in Forest/Save the Duck, a leading sustainable sportswear company.

She controls Connexia S.p.A., one of Italy's largest market research and digital communication companies. The group also has minority holdings in Doxa, Next14, Turbo and Zero Studios (programmatic advertising and content marketing companies).

All business and financial assets belong to the holding company, Alchimia S.p.A., 100% controlled, which also has a strong presence in the property sector.

Alchimia S.p.A. has also invested in the solar power sector, through the construction or acquisition of solar parks in various Italian locations.

Director – Daniele Santosuosso

After obtaining his degree in Commercial Law, Daniele Santosuosso embarked on an academic path initially as a Scholar and Visiting Fellow at various foreign universities. He then became a Researcher, an Associate Professor in Commercial Law at "La Sapienza" University in Rome, a Temporary Professor and, finally, a Full Professor in Commercial Law at the same university. He is the author of many papers, articles, essays and books, as well as a contributor to various scientific publications and the Italian newspaper, Il Sole 24 Ore. He is also the founder and managing director of "Rivista di Diritto Societario" (Corporate Law Review). He has been enrolled in the Italian Register of Lawyers since 1992, has his own law firm and has held various institutional and corporate management posts (including as a Member of the Government Commission for the reform of company law in 2003 and the Government Commission for the reform of the law on distressed businesses – the so-called "Rordorf Reform").

Maximum number of posts held in other companies

The "Regulation on the maximum number of posts held in other companies by company officers" was approved by the Shareholders' Meeting of 30th June 2009.

This Regulation first of all establishes that:

"The Officers of Banca IFIS S.p.A. accept their post and hold it insofar as they believe themselves able to dedicate the necessary time to the diligent performance of their tasks, taking into account both the number and the quality of posts held in the administration and control bodies of other companies and the commitment required of them by their other professional activities and by associated posts held".

To calculate the limits on the maximum number of posts in other companies as governed by the "Regulation", the following are considered significant:

a) companies with shares listed in Italian or foreign regulated markets;
b) Italian or foreign companies with shares not listed in regulated markets and that operate in the insurance and banking sectors and in the financial sector in general. As regards the latter sector, the only financial companies considered significant are those subject to prudential supervision by the Bank of Italy and registered on the list of financial intermediaries as set out in Article 106, Italian Legislative Decree no. 385/1993. An equivalent assessment is made for foreign companies;
c) "companies of significant size" (that is, those that have individual net equity of at least €100m based on the last approved financial statement).

Offices held within the Banca IFIS Group or in companies other than those listed above, are not considered significant.

In the Regulation, the term "executive posts" refers to the following posts:

Chief Executive Officer
General Manager
Member of the Management Board;
Member of the Executive Committee.

The terms "Non-executive Director or controlling posts" refer to the following posts:

Member of the Board of Directors without powers;
Standing Auditor on the Board of Statutory Auditors;
Member of the Supervisory Board.
In addition to the post held at the Bank, an Executive Director:
may not hold other executive posts in the companies identified, in terms of type or size, as significant per the Regulation;
may hold up to a maximum of five posts as Non-executive Director or Statutory Auditor in these companies.

In addition to the office held at the Bank, a Non-executive Director cannot hold more than ten posts as Director or Statutory Auditor in other companies identified, in terms of type or size, as significant per the Regulation, of which not more than two can be Executive posts.

Candidates for appointment as Director or Statutory Auditor of Banca IFIS S.p.A. must provide the Bank with an updated statement of the administration, management and control posts held by each of them.

Following their appointment, the Company's Directors and Statutory Auditors must promptly notify the Banca IFIS S.p.A.'s Corporate Affairs Department of any changes regarding the posts held by them in the administration and control bodies of other companies.

Banca IFIS S.p.A.'s Board of Directors has the authority to grant exceptions, including temporary ones, to the maximum limit set out in the Regulation. As of the date of this Report, no such exceptions have been granted.

When appointment lists were submitted by the Shareholders' Meeting on 22nd March 2016, all candidates declared – when accepting their candidacy and possible appointment – to have read the "Regulation" and to have declared that they do not hold a number of posts in other companies that exceed the prescribed limits.

Table 2 shows the number and type of positions held by Banca IFIS Directors to 31 December 2018, based on the information provided by them. In addition, in order to comply with the requirements of Bank of Italy Circular no. 285/2013 (Section VII, Chapter 1, Title IV, Part One), evidence was also provided of the posts held in the companies that are not considered significant for the purposes of the "Regulation on the maximum number of posts held in other companies by company officers".

Induction Programme

Having noted that, pursuant to the 1st update of 6th May 2014 of Bank of Italy Circular no. 285 of 17th December 2013, banks are required to adopt appropriate training plans to ensure that the technical skills of the members of the management and control bodies and the heads of the main business functions, which are required to properly fulfil their roles, be preserved over time. Based on the training needs identified following the self-assessment process concluded on 19th January 2018, a training programme has been prepared to improve the skills of the members of the Board of Directors and the Board of Statutory Auditors, which is also designed to encourage agreement of interpretations and discussion and exchange of experiences on the major issues faced by the company's officers on a daily basis.

The training session was divided into the following modules:

The Risk Appetite Framework: market practices and their applications

1. ICAAP and ILAAP: operational issues and major challenges for the system
1. Non-Performing Loans: the macroeconomic environment and the implications for the banking industry
1. The scenario and trends of the ICT market in the banking sector: ICT as a strategic element for business development
1. Management roles and responsibilities in the evolving legislative and regulatory environment
1. Lending, ratings, mitigation, provisioning
1. Performance of MIFIS II MIFIR investment services
1. Risks and legal liabilities in granting credit to distressed businesses
1. Digital transformation and IT risk
1. Risk data quality Aggregation and reporting

4.3. Role of the Board of Directors (ex-Article 123-bis, paragraph 2, letter d), TUB)

During 2018, the Board of Directors met 19 times, each lasting approximately three hours on average. Attendance percentages are shown in Table 1, attached to this Report.

Since the beginning of 2019 to the date this Report was approved, the Board of Directors met 4 times, including the one during which the "Report" was approved. In 2019, the Board of Directors is expected to hold a number of meetings in line with last year.

To meet the obligations established for listed issuers by Article 2.6.2 of the Market Regulations of Borsa Italiana S.p.A., the Board of Directors annually approves the Corporate Events Calendar, to be notified to Borsa Italiana for disclosure to the public, within 30 days of the end of the previous financial year.

The Transparency Directive II (2013/50/EU), implemented in Italy by Italian Legislative Decree no. 25 of 15 February 2016, removed the obligation to publish interim management reports but retains the right to reintroduce periodic information in addition to financial and six-monthly reports, albeit only under certain conditions and subject to regulatory impact analysis and to cost/benefit analysis. This provision has been integrated into the Consob Issuer Regulations through the inclusion of the new Article 82-ter, in view of which Banca IFIS has announced its choice to continue preparing and publishing quarterly information, in accordance with previous practice, in accordance with the Borsa Italiana regulations for the STAR segment and in order to ensure continuity and regularity of information made available to the financial community.

Therefore, the dates fixed for the Shareholders' Meeting to consider the financial statement and the Board of Directors meetings to approve the draft financial statement and the quarterly/half-yearly financial reports have been included on the Calendar.

The "Regulation on the convening and functioning of Board of Directors Meetings", last updated on 18th October 2018, states that:

the documentation supporting discussion of agenda items is made available to each Director and Statutory Auditor, using suitable means, by the end of the third working day prior to the date fixed for the meeting, except in urgent cases when documentation is made available by the end of the day before the meeting and in any case as soon as possible;
this documentation is to be sent or made available, at the President's request, by the Bank's Corporate Affairs Department;
where the President deems it advisable in relation to the topics in question and related resolution, and in order to avoid risk of disclosing confidential information, which may be possible given the means of communication used and regardless of the intentions of those concerned, the information documentation can be provided directly at the meeting, advising Directors and Statutory Auditors of this prior to the deadline indicated above so that, if they deem it appropriate, they can access the information at the Company's registered office by the end of the day before the meeting and in any case as soon as it is available.

The methods and time limits for sending the documentation to the Board as described above were normally complied with during 2018. The situation whereby the President deemed it appropriate to provide documents directly during a meeting almost never arose. This occurred in negligible percentage terms compared with the total number of issues addressed by the Board, mainly to provide more accurate versions of communications on periodic financial notices, and as regards negotiations concerning potential extraordinary transactions discussed within Banca IFIS during the year.

In accordance with the Articles of Association, Board meetings are attended by the General Manager in a consulting role. The Board of Directors chose the Corporate Affairs Office to be the department responsible for carrying out the duties that the Articles of Association entrust to the Secretary responsible for drafting minutes. Moreover, in accordance with the above "Regulation", the President and/or Chief Executive Officer can invite managers or other Company employees to attend Board meetings. Invitations may also be extended to other external parties or advisors whose presence is deemed useful in relation to the matters to be addressed.

During 2018, the Head of Corporate Affairs and some organisational unit staff attended the meetings.

Participants also included:

the Financial Reporting Officer, the Accounts Manager and the Investor Relations Officer, especially where financial reporting documents were presented;
the Heads of Counterparty Assessment and Overdraft Assessment sections (or other employees at these facilities) to assist the Board in assessing lending practices;
the Head of ICT, to support the President in reporting to the Board on the evolution of information systems that led the Bank to migrate its core banking to Cedacri;
a number of the Bank's managers including the Head of Organisational Office, the Head of Workout & Recovery Solutions, the Head of Equity Investment, the Head of Structured Finance, IFIS NPL's Transactions Manager, the Digital Factory Manager, the Retail Marketing Manager and other department Heads when topics addressed related to their activities and responsibilities.

The Head of Internal Audit, the Chief Risk Officer and the Heads of the Compliance Office and the Anti-Money Laundering Unit presented their reports and work plans directly to Directors, in accordance with current Bank of Italy supervisory regulations.

Finally,some representatives from legal counsel or consultancy offices participated in some Board meetings, primarily to support directors to assess the possibility of investing in some company projects.

***

Pursuant to Article 14 of the Articles of Association, besides the duties that cannot be delegated by law, the matters deemed to be the exclusive prerogative of the Board of Directors include:

the business model, the strategic lines and operations, as well as business and financial plans;
the internal control system guidelines, ensuring that the system is in line with established strategic and risk appetite measures as well as being able to stay up to date with the company's risks as they evolve and the interaction between them;
the criteria for identifying large transactions to be submitted for prior approval by the risk control department;
ensuring that the Articles of Association comply with legislation and regulatory provisions;
merger by incorporation of companies in the cases set out by Articles 2505 and 2505-bis, Italian Civil Code;
reducing the share capital in the event of withdrawal;
an indication of which director(s), in addition to those indicated in the Articles of Association, is/are the company's representative(s);
the formation of internal committees within the Board of Directors;
the Risk Appetite Framework and the risk management policies as well as, after having heard the opinion of the Board of Statutory Auditors, assessing the completeness, suitability, functionality and reliability of the risk management and internal control system as well as the suitability of the organisational, administrative and accounting structure;
determining the Bank's general organisational structure and the subsequent internal regulations;
opening and organising, including for the purposes of setting out the right of signature, of Subsidiary Offices, Branches, Agencies, Information Points, Contact Addresses, Representative Offices, in Italy and abroad, as well as closing them;
transferring the company's registered office within national territory;
acquiring and disposing of shareholdings, businesses and/or business divisions leading to changes in the group, or investments or disinvestments exceeding 1% (one percent) of the shareholders' net equity reported in the Company's latest approved financial statements;
determining the criteria for carrying out the Bank of Italy's instructions;
appointing and dismissing the General Manager;
remuneration and incentive policies to be submitted to Shareholders' Meeting, reviewing these policies, at least annually, and being responsible for their correct implementation, with the task of ensuring that the remuneration policy is adequately documented and accessible within the corporate structure;
the formation of the company control bodies, their tasks and responsibilities, the methods of administration and collaboration, information flows between these departments and between them and management;
the appointment of the heads of control departments, after having heard the opinion of the Board of Statutory Auditors;
the risk management process and assessing its compatibility with the strategic guidelines and risk management policies;
the policies and the processes for assessing company activities, and, particularly, financial instruments, ensuring that they are always suitable and also establishing the Bank's maximum exposure limits to financial instruments or products that are uncertain or difficult to value;
the process to develop and validate the internal systems to measure risks not used for regulatory purposes and periodically assessing that they function correctly;
the process for approving new products and services, starting new activities and entering new markets;
the company policy for outsourcing business functions;
the code of ethics which management personnel and employees are obliged to comply with to mitigate the Bank's operating and reputational risks and to promote a culture of internal audit.

Based on the Board of Directors' strategic indications, as well as size objectives and additional qualitative-quantitative elements set out in the Strategic Plan, the Risk Appetite Framework, the ICAAP and ILAAP Reports are drawn up and approved annually by the Board of Directors. In accordance with the requirements of the Supervisory Provisions for banks, as defined by Bank of Italy Circular no. 285, the ICT Strategic Plan is also approved.

As in 2016 and 2017, in 2018, the Board of Directors approved some documents that are part of the review process of organisational and informational structures. In fact, in 2018, the extension of the Group's business areas again resulted in the need to update several internal regulation documents including the General Regulations, the system of responsibilities for managing and assuming credit, and the internal accounting, internal control system and risk management regulations.

The Board will assess the general management performance when analysing the Financial Report required by Article 154-ter of TUF, the comparison between the plan objectives and the results achieved (this analysis is forecasted to occur after the half-yearly report is approved), and other documents required by the strategic planning process.

The Board also continually assesses, as part of its responsibilities, the suitability of the Bank's general organisational, administration and accounting structure.

The suitability of the organisational, administration and general accounting structure of the Bank's subsidiaries is assessed by the Board of Directors by using corporate governance and control tools, identified in the Group Regulations which define the roles of the Parent Company and its Subsidiary Companies, as well as the management/administration activities as part of strategicmanagement and technical-operational control activities.

When negotiating regarding the acquisition of new companies, the Bank's Board of Directors has all the tools required to assess the future subsidiary's structures and whether they are in line with the system adopted by the Bank. These reflections lead the Board to issue a special directive, following acquisition, to adapt the new subsidiary's structures and internal control systems to those of the Banking Group.

A description of the organisational model characteristics of the Group's internal control system and of the activities carried out by the Group's control units (that is, as part of the Parent Company's management and administration activities over its Subsidiary Companies) is contained in the "Group internal control system guidelines" and in the regulations governing control organisational units.

In accordance with the provisions of the Articles of Association highlighted earlier, the Board has the power to review and give prior approval for the Issuer's transactions and those of its Subsidiary Companies, when these transactions are of significant strategic, economic, capital or financial importance. In this case, the Board of Directors will be convened by the President at the start of negotiations with the selling counterparty and/or liaison with the Supervisory Authority, thus being able to guide negotiations until they are concluded, until necessary authorisations are obtained and until closing.

The Board has not established general criteria to identify transactions of significant strategic, economic, capital or financial importance for the Bank, since these operations can only be approved by the Board itself, as part of the planning process or, as has occurred so far, as part of the key points that modify the strategic objectives and risk appetite that have already been approved.

In contrast, the general criteria to identify transactions with associated persons that have a significant impact on the Bank's strategic, economic, capital or financial positions are set out in the "Procedures for transactions with associated persons" which has been updated, together with the Policies to control risk assets and conflicts of interest in relation to associated persons, at its meeting of 29th June 2018, following the favourable opinion of the Financial Reporting Officer, the Board of Statutory Auditors and the Risk Management and Internal Control Committee made up of independent directors. A small update to the Procedures was approved by the General Manager on 9th October 2018.

Under these Procedures, the following are considered to be significant:

a) all transactions dealt with exclusively by the Shareholders' Meeting or the Board of Directors by law or under the Articles of Association;
b) all transactions not classed as minor transactions.

The Board of Directors, based on appropriate considerations, have the right to classify which transactions carried out by the Bank or its Subsidiary Companies are significant.

Significant transactions are divided into:

a) transactions of greater importance, that is, those that exceed the threshold of 5% of either equivalence value significance index, asset significance index or liabilities significance index;
b) transactions of lesser significance, those transactions where one of the indices mentioned above, to be applied depending on the specific transaction, is less than or equal to the 5% threshold and whose equivalence value exceeds:
- €50,000 for purchases of goods and/or services;
- €250,000 for granting loans.

As previously stated, the Board of Directors, at its meeting of 18th January 2019, and also in light of the provisions and instructions provided by the Bank of Italy, concluded its annual assessment of the functioning of the Board and its committees as well as on their size and composition. This assessment was carried out by means of distributing a questionnaire, in the weeks prior, which varied according to the role of the person due to complete it (e.g. the President of the Board of Directors, Members of Internal Committees etc.).

This assessment was carried out taking into account the usual elements, such as Board members' professional characteristics and experience, both managerial and general, as well as their seniority in office, including with a view to preparing the opinions to be expressed to shareholders on those people whose presence on the Board is deemed to be appropriate.

With regards to the assessment methods used, first of all the President chose the Bank's internal staff to take part in the selfassessment process, taking into account the criteria set by the Bank in its Self-Assessment Process Regulations. During the selfassessment process, the designated individual (Head of Corporate Affairs) was assisted by an external professional, Mr. Ferdinando Parente, from the company Parente & Partners S.r.l., who formerly carried out technical assistance and consultancy roles to ensure that the Bank complies with its obligations.

His consultancy role mainly focussed on preparing the questionnaire and providing assistance to Corporate Affairs to define the quantitative and qualitative assessment criteria for the members of the Board of Directors and also in the following selfassessment on whether each member possesses the relevant requirements.

After preparing the questionnaire, Mr. Parente provided support during the following phases of the self-assessment process:

investigation: helping to gather the information and data on which the assessment was based, including through interviews with the individuals involved;
processing: helping to analyse the information acquired and presenting the results;
formulating the results of the process within a specific document;
Board-level discussion of the results and preparation of any appropriate corrective measures.

The questionnaire, in addition to having an opening section in which general questions to the Director are included (such as age and education), consists of two main parts: (i) Assessment of the Board of Directors and (ii) Self-assessment of skills.

Specifically, the questionnaire contained the following sections:

Qualitative composition of the Board of Directors;
Functioning of the Board of Directors;
The Board of Directors' strategic role;
The degree to which the Board of Directors is involved in defining risk appetite and the preparation of suitable information on risk performance;
Information flows and circulation of information;
Assessment of the remuneration and incentive system for Board Members;
Assessment of the President of the Board of Directors;
Self-assessment of the President of the Board of Directors;
Assessment of the Chief Executive Officer;
Self-assessment of the members of the Committees set up within the Board of Directors;
Self-assessment of personal and combined skills.

Specifically, the last section aims to assess if certain knowledge and skills exist within the Bank's Board of Directors, regarding:

laws and regulations applying to the activities carried out;
specific areas ensuring the sound and prudent management of the Bank.

The information gathered from the questionnaire is assessed by the Board and the overall results help to define the actions to be taken to resolve any weak points identified.

The questions contained in the questionnaire required an answer in the form of a rating from 1 to 5, where one is the lowest score and five is the highest.

The main positives obtained from the self-assessment are summarised as follows:

the involvement of independent and non-executive members of the Board of Directors is deemed to be satisfactory;
the President's role has been key to chairing and stimulating meetings, as well as his ability to promote effective corporate governance;
the relationship between the President and Senior Management, and with the Internal Committees is deemed to be constructive and balanced, and the relationship between the Board of Directors and Senior Management has been considered open and collaborative;
the Chief Executive Officer correctly implemented the strategic guidelines defined by the Strategic Supervision Body, demonstrating that he has a deep understanding of all company risks and, as part of integrated management, of how they relate to each other and with the evolution of the external context;
controls over the preparation of minutes are deemed to be suitable;
training plans for Board members for the 2018 financial year are deemed to be suitable.

The Board of Directors' self-assessment process has also allowed it to identify some points for attention and improvement in relation to the functioning of the Board of Directors. With regard to the composition of the Board, please see the document on the qualitative-quantitative composition of the Board of Directors, which will be made available on the company's website at the same time as the Shareholders' Meeting convened to approve the 2018 financial statement.

With regard to its functioning, the assessment results highlighted the need to rationalise the number of documents prepared, to improve some aspects of the reporting process and to dedicate more time to specific subjects such as, among others, those relating to company management, analysing the planned and achieved performance levels, outsourcing policies, the RAF, the ICAAP, the ILAAP, the Recovery Plan and the risk measurement systems. These improvements would generally have a positive influence on the information regarding risk performance and, also, on the Board of Directors' involvement in defining the credit risk appetite.

The Shareholders' Meeting has not authorised any exceptions to the ban on competition set out in Article 2390, Italian Civil Code.

4.4. Delegated Bodies

Chief Executive Officers

In the model adopted by Banca IFIS:

strategic supervision is carried out by the Board of Directors;
the management function has been assigned to the Chief Executive Officer. The General Manager also performs management functions.

Management powers cover the following main areas:

Staff management;
Granting and use of credit;
Treasury;
Acquisition and disposal of goods and services;
Management of shareholdings in non-financial businesses and indirect equity investments.

Management powers are distributed at a decreasing rate in accordance with the management level, from the Board of Directors down to operating units.

The most significant limits, in terms of value and subject, applied to the Chief Executive Officer's powers are summarised below, notwithstanding the fact that systematic information flows are required concerning the exercise of powers at any given time, and related quantitative limits must be observed:

ASSUMPTION OF CREDIT RISK		Limit of powers
	Granting of overdrafts	from €20m to €30m and a with-recourse credit maximum between €50m and €75m and from €20m to €30m for without-recourse credit maximum
Trade credit	Short- and medium-to-long-term financing to pharmacists	from €1.5m to €2.5m
	Medium-to-long-term financing not assisted by the Direct Guarantee from the Guarantee Fund	from €5m to €10m
	Granting guaranteed credit	from €5m to €10m
	Non-complementary flexibility transactions	from €1m to €2m
	Structured finance transactions	from €10m to €20m
Corporate Finance	Acquisition and disposal of shareholdings	up to €5m per acquisition/disposal of non qualified shareholdings and €7.5m for qualified shareholdings as part of the business managed by the Equity Investment BU
	Special Situations	up to €5m
Leasing		from €10m to €15m
Tax credits		from €3m to €10m per low-risk transactions and from €1.5m to €5m for high-risk transactions.
Problem credits		from €10m to €20m

As part of risk positions falling within the scope of or assumed by the Board of Directors, the Chief Executive Officer is also granted the following powers:

to suspend, revoke and resume operations;
to change the amount of risk, convert its technical form and change its operational characteristics without worsening the overall risk position;
to distribute risk in terms of "joint overdrafts", loan duration, credit maximum (for individual or group debtors) and multiple group overdraft.

	MANAGEMENT OF CREDIT RISK	Limit of powers
Trade credit	Negative balances and/or temporary unplanned overdrafts (Euros)	Max 20% of the overdraft
	Waiving of credit for principal, interest and/or fees	from €250,000 to €500,000
	Suspension/restoration of credit lines, unloading management, management of blocked positions and reassignment and/or release of debtors

	Administration Repositioning maturity dates and/or defining repayment plans (with obligation to report to the direct manager)	from €5m to €10m
	Waiving of credit for principal resulting from out of-court activity Public	from 50% to 100% of the nominal value of the credit provided that it is within the carrying amount estimated on a case by case basis
	mers Waiving of credit for default interest and/or extension calculated using the rate set out in Italian Large custo Legislative Decree 231/2002	up to 100%
Pharma	Waiving of credit for default interest resulting from out-of court activity, and waiving of credit for default interest for which legal action has begun as part of the business financing operations managed by the Pharma BU	no limit
Corporate Finance	Waiving of credit	from €250 to €500,000
credits Tax	Transactions with no predefined limits and, in any case, with a maximum loss (in relation to the greater between the amortised cost and the price paid) of €500,000
Special	Waiving of credit for principal, interest and/or fees	from €250,000 to €500,000
Structured Finance -	Repositioning maturity dates and/or defining repayment plans (with obligation to report to the direct manager)	maximum amount €4,000,000
	Temporary concession of credit beyond pre-agreed limits as part of the business financing operations managed by the Problem Credits BU	up to a maximum of 20% of the overdraft granted
Credits	Suspension of/abstention from legal action	up to €10m
m	Acceptance of a creditors arrangement, filing proof of claim	up to €4m
Situation - Proble	Suspension/restoration of credit lines, unloading management, management of blocked positions and reassignment and/or release of debtors
	Financing granted to employees, in derogation from the Regulations governing the concession of loans to Banca IFIS Group employees, requires the joint signature of the Head of Human Resources and the Chief Executive Officer.
TREASURY
 Forward repurchase agreements (assets), liability deposits and forward repurchase transactions (financing) ranging from 12 to 24 months;  Securities trading within the limits set by the Board of Directors. In particular, the total financial leverage limit is 5 times the consolidated net equity while the financial leverage limit for securities with a residual life greater than 18 months is 2.5 times the consolidated net equity.
STAFF MANAGEMENT
Decisions concerning the start, management and cessation of managers' employment contracts, subject to the authority maintained by the Board for the contracts of key managers and/or those who are on staff on the Board and notwithstanding the fact that the Board retains prerogatives regarding managers of control functions established by the supervisory provisions for Banks.
DELEGATED POWERS REGARDING THE ACQUISITION AND DISPOSAL OF GOODS AND SERVICES

Authorisation for all types of expenditure from €500,000 and €1,000,000 (only for suppliers who are not associated persons)
Decisions regarding lease assets and liabilities, whose annual fee ranges from €100,000 and €200,000
Disposal of goods whose original cost ranged from €75,000 and €150,000

 Appointing external auditors for activities whose costs are lower than €50,000
INVESTMENT IN SHAREHOLDINGS
	NON-QUALIFIED	QUALIFIED
Performing non-financial businesses	≤ €5m	≤ €7.5m
Non-financial businesses in temporary financial difficulty	≤ €10m	≤ €15m
Non-financial businesses for recovery of credit	≤ €10m	≤ €15m
Intermediary organisations	≤ €5m	≤ €7.5m

Pursuant to Article 15 of the Articles of Association, in emergencies, the Chief Executive Officer can take decisions concerning any deal or transaction that is not the sole prerogative of the Board of Directors, immediately informing the President and notifying the Board at its next available meeting.

President

The President has not been given any management powers.

As he is the majority shareholder, the President, via the corporate governance mechanisms described in this Report and particularly at Shareholders' Meetings, plays a significant role in determining corporate strategies.

Executive Committee (ex-Article 123-bis, paragraph 2, letter d), TUF)

The Articles of Association do not envisage the formation of an Executive Committee.

Reporting to the Board

During 2018, the Chief Executive Officer approved a small number of urgent resolutions pursuant to Article 15 of the Articles of Association, immediately informing the President and notifying the Board of Directors at its next available meeting.

The Board received reports on the exercising of management powers at different intervals depending on the purpose of the power involved.

The rules for reporting on the use of powers are summarised below:

Report on liquidity status	monthly
Composition of investment securities portfolio	monthly
Credit-granting activity	monthly
Report on use of spending powers	quarterly
Report on use of Human Resources management powers	half-yearly
Incentive system (report on criteria adopted by Senior Management)	annually

4.5. Other Executive Directors

In addition to the Chief Executive Officer, the definition of "Executive Director" also includes the Vice President in relation to activities promoting the corporate image and commercial development that are carried out in some foreign markets.

There are no other directors considered to be Executive Directors because they hold:

the post of Chief Executive Officer or President of a strategically significant Subsidiary Company;
management posts within the Bank or in a strategically significant Subsidiary Company or in the controlling company.

4.6. Independent Directors

The Board carries out its own assessments of the requirements established by the Corporate Governance Code for directors classified as independent at the first meeting after appointment by the Shareholders' Meeting. It also periodically assesses the directors' level of independence. On 22nd March 2016, following its appointment, the Board ascertained that four of its members (Giuseppe Benini, Francesca Madera, Antonella Malinconico and Daniele Santosuosso) met the independence requirements as set out in the Corporate Governance Code for Listed Companies, making the outcome of its assessments known by means of a communication to the market.

In addition, on the same date, the Board of Statutory Auditors, pursuant to Application Criterion 3.C.5 of the Corporate Governance Code, checked the application of the criteria and certification procedures used by the Board of Directors to assess the independence of its members and deemed it to be compliant with the guidelines provided by the Corporate Governance Code.

The Board of Directors annually checks the ongoing existence of the independence requirements set out in the Corporate Governance Code and in paragraph 3, Article 148, TUF regarding the following directors: Giuseppe Benini, Francesca Madera, Antonella Malinconico and Daniele Santosuosso. The last check was performed at the Board meeting of 20th December 2018.

At the meeting of 17th January 2018, the Board of Statutory Auditors verified that the criteria and procedures adopted by the Board on this occasion had been correctly applied.

The independent directors have not considered it necessary to hold official meetings in the absence of other directors considering that the Risk Management and Internal Control Committee, consisting in its entirety of independent directors, and part of the Appointments Committee and Remunerations Committee, formed mostly of non-executive independent directors, provide sufficient opportunities for communication between themselves. In addition to that, during 2018, the independent directors often asked for advice on a variety of subjects, holding both informal discussions among themselves and discussions alongside Internal Committee meetings and Board of Directors meetings.

As of the date of this Report, those directors who, in the lists for appointment of the Board (March 2016) had indicated that they qualify as independent, maintained their independence.

4.7. Lead Independent Director

In line with the guidelines established by the Corporate Governance Code for Listed Companies, as the President of the Board of Directors is also the majority shareholder of La Scogliera S.p.A. and thus controls Banca IFIS, the Board of Directors has designated an independent director as Lead Independent Director. The Lead Independent Director is the point of reference and coordination for Directors' (non-executive and, particularly, independent) requests and contributions toward improving Board operations, also ensuring that information flows between directors are constant and effective.

The Lead Independent Director has the power to convene, when deeming it appropriate or at the request of other Directors, specific meetings solely for independent Directors for significant matters relating to Board operations and/or to company management in general.

On 22 March 2016, the Board of Directors appointed Mr. Giuseppe Benini as Lead Independent Director for the period 2016- 2018, renewing his mandate for the years 2013-2015.

In his role as President of the Risk Management and Internal Control Committee, the Lead Independent Director guided its activity and encouraged the convening of meetings prior to those of the Board of Directors to discuss specific topics, in the areas of competence and also through exchange with the reference manager, reporting a summary of this preliminary investigation to the Board.

The Lead Independent Director played an active role within the Bank's operations with related parties and associated persons, with particular regard to acquisitions and mergers involving the Bank, ensuring timely analysis and discussion on quarterly reports and on the list of entities surveyed, monitoring the evolution of information systems and stimulating dialogue focussing on advance opinions that existing procedures reserve for members of the Risk Management and Internal Control Committee who classify as independent directors.

5. Processing corporate information

The Bank, following preliminary studies carried out by the Risk Management and Internal Control Committee and the Supervisory Body under Italian Legislative Decree 231/2001, and the subsequent Board approval on 11th February 2019, has adopted the "Policy for Managing Inside Information" pursuant to application criterion 1.C.1., letter j of the Corporate Governance Code.

The document was updated to implement the more detailed guidelines provided by Consob in its "Guidelines for managing inside information".

The Policy governs in detail the identification, internal management and external communication of inside information. It also governs the tasks and responsibilities regarding dealings with the financial community.

The policy requires the creation of an inside information register (RIL) with the aim of mapping in advance the types of inside information which may affect the Bank or its Subsidiary Companies in order to make subsequent continuous identification easier. For each type of significant information, the map indicates the organisational roles who ordinarily have access to it for the purposes of facilitating the compilation of the register of persons who have access to inside information.

In future, information regarding Banca IFIS or a Subsidiary Company will be checked to see if it is significant information and, if so, if it can be classed as inside information.

6. Internal Board Committees (ex-Article 123-bis, paragraph 2, letter d), TUF)

The following Committees have been formed within the Board of Directors:

The Risk Management and Internal Control Committee, consisting of four non-executive and independent directors, as specified in greater detail in Section 10;
The Appointments Committee, consisting of three non-executive directors, two of whom are independent, with an independent president, as specified in greater detail in Section 7;
The Remuneration Committee, consisting of three non-executive directors, two of whom are independent, with an independent President.

The Board of Directors has also appointed a Supervisory Board equipped with autonomous powers of initiative and control pursuant to Italian Legislative Decree no. 231/2001, currently presided over by an external member and composed of three permanent members (two independent directors and the Head of Internal Audit), all as specified in greater detail in the third paragraph of Section 11.

No function of one or more of the Committees set out in the Corporate Governance Code has been reserved for the entire Board, under the President's administration.

No further committees have been set up in addition to those listed in this section.

7. Appointments Committee

Composition and role of the Appointments Committee (ex-Article 123-bis, paragraph 2, letter d), TUF)

The Appointments Committee must be made up of at least three members chosen from among the non-executive members of the Parent Company's Board of Directors, the majority of whom must be independent.

The Committee therefore consists of Giuseppe Benini (independent and non-executive director), Riccardo Preve (non-executive director), and its president, Daniele Santosuosso (independent and non-executive director).

The Group Regulations allow the President of the Parent Company's Board of Statutory Auditors, or another Statutory Auditor delegated on a case by case basis, to take part in the Appointments Committee activities. The other members of the Board of Auditors can also take part in meetings. The Parent Company's Chief Executive Officer and General Manager may also take part where the subjects to be discussed do not concern them.

Finally, the Committee may use and/or request the presence of:

external consultants, who can be chosen from among the members of the Parent Company's Board of Directors, provided that these experts do not simultaneously provide the Parent Company and/or its Subsidiary Companies, with services of such significance as to compromise their independent judgement;
any Corporate Officer or employee of the Parent Company or other Group companies.

In 2018, the Appointments Committee met three times to discuss the subjects under its remit. Meetings lasted around forty minutes and other directors attended them. Mr. Ferdinando Parente and a representative from Parente & Partner S.r.l.'s consultancy office were also invited to attend by the Committee to discuss specific agenda items. Staff from Corporate Affairs attended meetings as usual.

In 2018, the Appointments Committee worked exclusively on the self-assessment process.

In the first part of 2019, the Appointments Committee met twice to give its opinion regarding the Board of Directors approval

of the document summarising the Board's self-assessment process, which began in November 2018 and concluded at the Board meeting held on 18th January 2019, and
of the document on the optimal qualitative-quantitative composition of the Board of Directors.

Duties of the Appointments Committee

This Committee assists the Board of Directors and other corporate bodies in the following processes:

appointing or co-opting directors: the Committee gives advice during the advance identification phase regarding the optimal size and qualitative-quantitative composition of the Board of Directors, including in terms of professionals whose presence on the Board is deemed to be appropriate and in light of current legislation and regulatory provisions. The Committee also gives advice after the appointment process has taken place, checking that the optimal qualitativequantitative composition of the Board identified prior to this process have been met by the appointment process. In the event that independent directors are to be replaced through co-option, the Committee proposes candidates to the Board;
the self-assessment of company bodies: specifically, the Committee submits proposals to the President of the Board of Directors regarding the staff tasked with the self-assessment process of company bodies with strategic supervision and management functions;
verifying that those individuals with accounting, management and control roles possess the requisites of professionalism, integrity and independence, in accordance with Article 26, Italian Legislative Decree no. 385/1993 (TUB);
defining succession plans for senior management positions (Chief Executive Officer and General Manager) due to expiry of mandates or for any other reason, in order to ensure business continuity and to avoid economic and reputational damage.

Furthermore, this Committee:

assists the Risk Management and Internal Control Committee in finding and proposing suitable candidates to the Board of Directors to be appointed as heads of company control bodies;
gives its opinion to the Board of Directors on limits to the total number of posts that Directors and Statutory Auditors can hold and on any derogations from the non-competition clause ex-Article 2390, Italian Civil Code.

The President of the Committee reports to the Board of Directors on activities carried out, at its next available meeting.

Committee meetings are properly minuted and signed by the members.

The Committee may access all company information deemed relevant to the performance of its tasks and may have autonomous use of a set of financial resources to the limit established by the Board. The Committee is required to report to the Board regarding the use of funds, at least once a year, usually during the review of the Report on Corporate Governance and Shareholding Structures.

With its resolution of 3rd February 2015, the Board of Directors assigned annual financial resources of €60,000 to the Appointments Committee that can be used autonomously, with the requirement that the Committee submits a report to the Board detailing its use of these funds as per the applicable Regulations.

8. Remuneration Committee

Please refer to the relevant parts of the Remuneration Report published pursuant to Article 123-ter, TUF.

9. Directors' remuneration

Please refer to the relevant parts of the Remuneration Report published pursuant to Article 123-ter, TUF.

10. Risk Management and Internal Control Committee

A Risk Management and Internal Control Committee was established within the Board of Directors.

Composition and role of the Risk Management and Internal Control Committee (ex.-Article 123-bis, paragraph 2, letter d), TUF)

The Committee consists of the following independent and non-executive directors: Giuseppe Benini (as President), Francesca Maderna, Antonella Malinconico and Daniele Santosuosso.

Its work is coordinated by the President and meetings are duly minuted.

During 2018, the Committee met 26 times, as shown in Table 1 enclosed with this report, eight of which were joint meetings with the Board of Statutory Auditors and one was a joint meeting with the control body and the Supervisory Board, with meetings lasting an average of one hour and fifty minutes.

Since the beginning of 2019, until the date this document was approved, the Committee met six times, of which two were jointly held with the Board of Statutory Auditors.

It is expected that this Committee will not hold fewer meetings in 2019 than the last financial year.

The Risk Management and Internal Control Committee is made up of four of the nine members of the Board of Directors chosen from among the non-executive directors, all of whom are independent in accordance with Principle 7.P.4. of the Corporate Governance Code. Members of this Committee must have the necessary knowledge, skills and experience to be able to fully understand and monitor the Bank's risk strategies and guidelines.

At least one Committee member must have suitable experience in financial and accounting matters or in risk management, to be assessed by the Board of Directors upon appointment. The Board of Directors has chosen Giuseppe Benini from among its independent members to act as President of the Committee, as he has the necessary experience in these matters. The Board's decided Mr. Benini had the requisite experience when he was appointed, at its meeting of 22 March 2016 and again later during the self-assessment process for senior management bodies.

In addition to holding joint meetings with the control body, during its meetings, the Committee also interacted, based on prior agreement and to address individual subjects, with the Chief Executive Officer, the General Manager, the Financial Reporting Officer, the Heads of Compliance and Anti-Money Laundering, the external auditing firm and the Chief Risk Officer. It systematically interacted with the Head of Internal Audit, who normally attends the Committee's meetings with a view to achieving synergy between the various stakeholders in the internal control system. The Committee also met, to analyse the Board's work, with the Head and other employees of Problem Credits, the Head of Accounting, the Head of Monitoring and Control of Financial Information and Head of Regulatory Reporting, the Head of Operations, the Head and other employees of the Organisational Office, the Head of Overdraft Assessments, the Head of Counterparty Assessment and the Head of Treasury, the Head of Tax Credits BU, the Head of Banca IFIS Impresa Italian division, the Head of Privacy and Security Management, the Head of Complaints, the Head of Validation, the Head of Human Resources, the Head of Taxation and the Head of ICT.

The Head and/or other employees of Corporate Affairs are normally invited to Risk Management and Internal Control Committee meetings.

Duties of the Risk Management and Internal Control Committee

The Committee provides its preliminary opinion to the Board of Directors on:

the guidelines of the internal audit and risk management system;
the suitability of the internal audit and risk management system with respect to the company's characteristics and the risk profile assumed, and its effectiveness;
the work plan prepared by the Head of Internal Audit;
the main characteristics of the internal audit and risk management system and its suitability;

the results presented by the external auditor in the letter of recommendations, if any, and in the report on the main issues which came up during external audit.

The Risk Management and Internal Control Committee is required to provide its favourable opinion (which is binding) regarding the appointment and dismissal of the Head of the Internal Audit and the allocation of adequate resources by the Board so that the Head of Internal Audit can carry out his or her duties.

When assisting the Board of Directors, the Risk Management and Internal Control Committee:

assesses, together with the Financial Reporting Officer, and having heard the opinion of the external auditor and the Board of Statutory Auditors, the correct application of accounting standards and their uniformity for the purpose of preparing the financial statement and the consolidated financial statement;
expresses opinions on specific aspects regarding the identification of the main business risks;
examines the periodical reports covering the evaluation of the internal audit and risk management system, and those of particular significance prepared by Internal Audit;
monitors the autonomy, suitability, effectiveness and efficiency of Internal Audit;
may ask Internal Audit to carry out checks on specific operational areas, notifying the President of the Board of Statutory Auditors at the same time;
examines the annual plans of the control functions and the reports on their implementation;
identifies and proposes, with the contribution of the Appointments Committee, the heads of the company control functions to be appointed;
contributes, through assessments and opinions, to defining the company's policy on any outsourcing of company control functions;
ensures that all company control functions correctly conform to the indications and guidelines approved by the Board of Directors and assists the latter in developing the coordination document for the control functions and for the company/group internal audit and risk management system in general.

With particular reference to the tasks relating to managing and controlling risks, the Committee acts as support to the body with strategic supervisory function:

in defining and approving strategic risk management guidelines and policies. As part of the RAF [Risk Appetite Framework], the Committee carries out assessments and makes proposals so that the Board of Directors can define and approve the risk objectives and the tolerance threshold;
in verifying the correct implementation of strategies, risk management policies and the RAF;
in defining the evaluation policies of business activities, including verifying that the price and terms of transactions with customers are in line with the business model and risk strategies.

Without prejudice to the powers of the Remuneration Committee, the Risk Management and Internal Control Committee certifies that the incentives underlying the Bank's remuneration and incentive system are in line with the RAF.

The President of the Risk Management and Internal Control Committee reports to the Board of Directors at its next available meeting, on the activities carried out, whether it used any of the finances allocated to it, as well as on the suitability of the internal audit and risk management system. The President of the Committee, where necessary, assesses whether further forms of reporting are appropriate.

On the subject of transactions with related parties and/or associated persons, the Risk Management and Internal Control Committee (consisting of independent directors only), also performs the roles assigned to it by the Board of Directors, as governed by the current "Procedures".

During 2018, the Committee's activity concerned the following key guidelines:

the transactions with related parties procedures (advance opinions received from independent directors regarding merger transactions involving the Bank during the year, as well as reception of a quarterly report on position trends);
presentation and implementation of the Audit Program Plan 2018-2020 and the other reports provided for by Internal Audit's governing regulations;
discussions with the Heads of Risk Management, Anti-Money Laundering and Compliance regarding their respective plans and annual reports, on the quarterly Tableau de Bord then sent to the Bank of Italy, and in particular discussions with the Chief Risk Officer regarding the ICAAP/ILAAP and RAF reporting, the Recovery Plan and the Contingency Funding Plan;
investigation on the work of the Board of Directors for matters concerning:
- quarterly assessments of receivables and other financial statement items, in view of the periodic financial reports;
- half-yearly complaint management assessments;
dialogue, together with the Board of Statutory Auditors, with the Financial Reporting Officer and with the external auditor;
dialogue with the Head of the Business Continuity Plan and with the executives responsible for ICT governance (strategic plan, reports, disaster recovery and business continuity tests and plans);
dialogue with the Head of Privacy & Security Management regarding changes to internal privacy and data protection regulations (General Data Protection Regulation – GDPR);
dialogue with contacts from the Outsourced Important Operating Functions;
examination of the proposals to distribute new products and/or start new businesses;
examination of the Group's internal control system guidelines;
internal regulation (regulations, policies, organisational processes and procedures, methodological manuals, responsibilities);
management trends and forecasts.

The Committee has also actively participated in the process which led the Board of Directors to express a positive assessment on the fact that the internal control system and the business organisation are aligned with the principles laid down in Part I, Heading IV, Chapter 3 of Bank of Italy circular no. 285/2013 as amended and that company control functions meet the requirements and comply with the provisions of Section III of the above Supervisory Regulations.

The President of the Board of Statutory Auditors - or another Auditor delegated by the President on a case by case basis - assists with the Committee's work. If deemed appropriate in connection to the issues to be discussed, the Risk Management and Internal Control Committee and the Board of Statutory Auditors meet jointly.

Committee meetings are properly minuted and signed by the members.

The Risk Management and Internal Control Committee may access all company information deemed relevant for the performance of its tasks and may have autonomous use of a set of financial resources to the limit established by the Board. The Committee is required to report to the Board regarding the use of funds.

The Board of Directors assigned annual financial resources of €60,000 to the Risk Management and Internal Control Committee that can be used autonomously, with the requirement that the Committee submits a report to the Board detailing its use of these funds.

11. Risk management and internal control system

As part of the strategic plan, the Board of Directors has defined the nature and level of risk compatible with the Bank's strategic objectives, including in its assessment all risks which may be deemed significant from a perspective of medium- to long-term sustainability.

The definition of the Strategic Plan allows the Bank's expected strategic objectives to be checked for consistency with the competitive environment in which Banca IFIS and its subsidiaries operate and with the results achieved in previous years. In fact, the Group's strategic planning process is based on a three-year strategic plan approved annually by the Board of Directors.

Finally, the definition of the Strategic Plan enables the assessment of consistency between business strategy, Risk Appetite Framework (RAF), Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment Process (ILAAP).

The processes of defining RAF, ICAAP and ILAAP and strategic planning are strongly interrelated insofar as the first three are based on strategic assumptions related to the industrial plan and projections contained in it, while the strategic plan is necessary from a perspective of risk-adjusted profitability, balance sheet strength, as well as sound liquidity.

The Parent Company's Board of Directors defines the Group's RAF - in line with the Group's risk capacity, the business model and the strategic plan - that establishes, at overall group level and for each individual component, the risk appetite, the tolerance thresholds, the risk limits, the risk management policies and the processes necessary to define and implement them.

The group RAF set out the circumstances, including the results of the stress scenarios, which the Chief Executive Officer uses, with the support of the Parent Company's Risk Management department and the company departments concerned, to define and implement specific containment actions.

The risk objectives and the tolerance thresholds are also set out by considering:

capital adequacy;
profitability;

overall liquidity position.

Besides the "Group RAF", the Parent Company's Board of Directors defines:

a) within the "Group Policy for Assessing Capital Adequacy" and "Group Policy for Managing Significant Risk":
- the Group's capital adequacy assessments process (ICAAP);
  - the Group's processes for managing significant assumed and assumable risks;
b) as part of the non-concessional credit management policies the latter being Business Unit-specific as well as the "Group Regulations":
- the lending process adopted by each individual Parent Company BU;
- the ways in which Subsidiary Companies must apply to the Parent Company, depending on the case, for prior authorisation or consent to respectively take or implement decisions.

In line with the strategic directions and the risk appetite established, the internal control system is able to identify the evolution of corporate risks and the interaction between them. The internal control system in fact consists of a set of rules, functions, departments, resources, processes and procedures aimed at ensuring, in line with healthy and prudent management, that various purposes are achieved, including containment of risk within the limits indicated by the RAF. The risk management and internal control system also:

contributes to managing the company in line with business objectives defined by the Board, encouraging informed decision-making;
helps to ensure the safeguarding of company assets, the efficiency and effectiveness of business processes, the reliability of information provided to governing bodies and to the market, compliance with laws and regulations, and with the Articles of Association and internal procedures.

The Board of Directors approved the document "Guidelines on the internal control system" that defines:

a) the principles underlying the internal control system;
b) the internal control system's development process, with comprehensive division of tasks between the governing bodies regarding the following phases: a) design of the internal control system; b) implementation of the internal control system; c) evaluation of the internal control system; d) external communication concerning the internal control system;
c) the elements that characterise risk governance;
d) the organisational control model;
e) the control roles and tasks assigned to the organisational units that carry out the company control functions;
f) the liaison methods between organisational units that carry out the company control functions;
g) the information flows between the organisational units that carry out the company control functions and between the organisational units and management;
h) the administration of the Group's internal controls.

The Parent Company, Banca IFIS, formalises and informs its Subsidiary Companies of the criteria governing the different stages that make up the risk management process. It also validates the risk management process within the Group. Regarding credit risk, the Parent Company establishes the assessment criteria for positions and creates a common database to enable Subsidiary Companies to know the Group's overall customer exposure as a whole, as well as assessments of the positions of trusted entities. The Parent Company decides on the adoption of internal risk-measurement systems and determines their essential characteristics, assuming responsibility for implementing the project, overseeing the correct functioning of these systems and ensuring that their methods, organisation and procedures are appropriate.

The Parent Company also issues Subsidiary Companies with directives regarding the design of the company internal control system. The Subsidiary Companies adopt an internal control system that is consistent with the Group's control strategy and policy, subject to compliance with individually applicable regulations. It is, however, necessary that the Parent Company, while respecting local constraints, adopts all initiatives aimed at ensuring control standards and safeguards that are comparable to those set out in Italian supervisory regulations, including in cases where foreign legislation does not provide for similar levels of attention.

To check whether the behaviour of Companies belonging to the Group complies with the Parent Company's guidelines, and to check the effectiveness of the internal control system, the Parent Company works so that, within the limits of the framework, the Group's internal audit department carries out on-site periodic checks on members of the Group, considering the significance of the various types of risk assumed by the different entities.

The Internal Control System has been designed taking into account the applicable legislation and regulatory provisions, as well as the peculiarities of the business carried out by Banca IFIS and its Subsidiary Companies and foresees, in general, the setting up of control functions. This may be departed from according to the operational characteristics present, as well as the low level of risk each individual company poses for the Group, as is the case, for example, with IFIS Rental Services, FBS Real Estate and IFIS Finance, in which control functions have not been set up. In IFIS Finance, however, in compliance with local legislation and regulatory provisions, a member of its Board has been appointed as Head of its anti-money laundering operations.

With particular reference to the Companies belonging to the Group in which specific control functions have not been established, the Parent Company, in any case, through its own control functions, carries out the activities necessary to guarantee the functioning of the Internal Control System at consolidated level.

With reference to the other Group companies, on the reporting date, in IFIS NPL and FBS the control functions are centralized at the Parent Company, while in Cap.Ital.Fin. and Credifarma, the Internal Auditing Office has been centralized in the Parent company and an organizational structure carrying out risk management, management of the risk of regulatory non-compliance and anti-money laundering activities has been set up, responsibility for which has been given to a manager currently working in the Parent Company, with a view to strengthening supervision over sound and prudent management of the intermediary.

The overall assessment of the internal control system is based on "system assessments" and "operation checks".

System assessments are performed by verifying that the choices regarding rules, information procedures and organisational structures are in line with:

a) external legislation and regulatory provisions ("conformity assessment");
b) internal regulations that are not reflected in external legislation or, in the absence of internal regulations, with market standards identified in advance, in line with the defined objectives and the operations being carried out ("adequacy assessments").

Operation checks are carried out to ensure that activities being carried out are done so properly, in line with:

a) external legislation and regulatory provisions and any relevant internal regulations that implement them ("conformity assessment");
b) internal regulations that are not reflected in external legislation or, in the absence of internal regulations, with market standards identified in advance, in line with the defined objectives and the operations being carried out ("adequacy assessments").

Following internal controls, the Banca IFIS Group prepares and updates from time to time, based on liaison with the Bank of Italy, a Recovery Plan, in line with what is set out in Directive 2014/59/EU – Bank Recovery and Resolution Directive (BRRD) –, by the relevant provisions of TUB and TUF, the delegated Regulation no. 2016/1075 of 23rd March 2016 of the European Commission as well as the EBA/GL/2015/02 guidelines on the minimum list of qualitative and quantitative indicators included in recovery plans and EBA/GL/2014/06 guidelines on the set of scenarios to be used in recovery plans. This tool allows:

the preparation of an integrated Risk Governance framework to monitor the Group's risk profile;
the identification of scenarios and related timescales that may lead the Group to a situation of non-viability;
the assessment of the consequences on third parties arising from the Group undergoing a crisis situation;
the prior identification of the actions that the Group intends to take to restore its capital and financial equilibrium;
the regulation of the methods of implementing identified recovery options.

The Board of Directors plays a key role in assessing the effective functioning of the risk management and internal control system which is important for the issuer's sustainability in the medium to long term. As already reported, at its meeting on 19th January 2018, the Board of Directors, noting the Risk Management and Internal Control Committee's assessment, expressed a positive evaluation on the fact that the internal control system and the company's organisation are aligned with the principles indicated in Heading V, Chapter 7, Section I of Bank of Italy Circular 263, now contained in Part One, Heading IV of Bank of Italy Circular 285 (11th Update of 21st July 2015).

***

a. Key characteristics of the current risk management and internal control systems in relation to the financial reporting process

a.1. Introduction

In relation to the financial reporting process, the risk management and internal control system are components of the same overall "System", which is designed, among other things, to ensure the credibility, accuracy, reliability and timeliness of financial reporting.

To ensure appropriate safeguards and correct mitigation against the risk of inaccurate financial reporting, Banca IFIS has a specific analysis framework that crosses the various business processes and aims to identify and control the main risks that the Company is exposed to in carrying out significant transactions that generate the information contained in the financial statement and any other report of a financial nature.

The application of the framework is designed to ensure accuracy, reliability and timeliness of financial reporting, working towards integration with the overall risk management and internal control system.

The provisions in the Articles of Association concerning the Financial Reporting Officer, the appointment of the current Financial Reporting Officer, the Group's Risk Management Policy Regarding Inaccurate Financial Reporting, the updated "Financial Reporting Officer's Scope of Activity" and the "Financial Reporting Officer's Regulations and the Monitoring and Control of Financial Reporting", approved by the Board of Directors, comprise, together with the overall set of administrative and accounting procedures, the collection of measures adopted by the Bank to cover the risk of inaccurate financial reporting.

The framework is made up of several levels of analysis that, together, define adequate Group administrative and accounting procedures. It is based on the principles and guidelines defined by Internal Control – Integrated Framework issued by the Committee of Sponsoring Organisations of the Treadway Commission (known as CoSO) and by the Control Objectives for Information and related Technology (known as CobiT), considered to be internationally accepted reference models.

The framework analysis levels are as follows:

Process-level controls: these are checks carried out at the process level. Their implementation provides evidence that adequate administrative and accounting procedures are applied in order to ensure effective internal control over financial reporting;
IT General Controls or "ITGC": these are checks that operate at the company level and are specifically related to the Information Technology management processes that support the execution of business processes. They relate, for example, to software acquisition and maintenance, physical and data security management, application development and maintenance, etc.

a.2. Description of key characteristics of the current risk management and internal control systems in relation to the financial reporting process (the "System")

The process of managing the risk of inaccurate financial reporting and the methods of collaboration and coordination between the Monitoring and Control of Financial Reporting department, the Accounting and Financial Statement department and the Bank's other departments and bodies are defined within the Group Policy to manage the risk of inaccurate financial reporting, approved by the Board of Directors. The Accounting and Financial Statement department is required to perform administrative and accounting tasks, as well as producing financial reports with the contribution of the Financial Reporting Officer and certified by the latter pursuant to Article 154-b, TUF.

a.2.1 Phases of the risk management process regarding inaccurate financial reporting

The operational approach that characterises the overall process of risk management of inaccurate financial reporting is divided, in line with the Bank's risk management process phases, into the following sub-processes:

Identification: the Monitoring and Control of Financial Reporting department, with operational support from the Accounting and Financial Statement section, identifies entities to be included in the scope of verification activities. The significance of Subsidiary Companies is assessed annually on the basis of the criteria adopted.
Risk Assessment: the risks identified are assessed in terms of potential, considering the relative frequency and severity of impact. Subsequently, the Monitoring and Control of Financial Reporting department evaluates the adequacy of the defined organisational safeguards in terms of preventing the risk of inaccurate financial reporting and ensuring compliance with current external legislation, in addition to principal best practice (control design assessment).
Monitoring: The Monitoring and Control of Financial Reporting department, considering the suitability expressed regarding the administrative and accounting procedures, checks that the identified controls are actually put into practice in the manner and frequency prescribed and are tracked by filing the relevant evidence (verifying the effective application of control).
As part of the management and administration actions exercised by the Parent Company over Group companies, the Parent Company's Financial Reporting Officer, by means of the Monitoring and Control of Financial Reporting department, analyses the documentation produced by the contacts at each Subsidiary Company's Financial Office (where considered significant during annual planning) and assesses the results of checks carried out by them for the purposes of accurate consolidated financial reporting. Any problems emerging will be summarised in a report prepared by the Parent Company's Financial Reporting Officer, submitting it for the attention of the Board of Directors.
Mitigation: suitability assessment and checks on effective application can highlight potential deficiencies in organisational safeguards set out to reduce the risk of inaccurate financial reporting. On receipt of the results of

Assessment and Monitoring activities, the Organisational Office will define, with the support of the Monitoring and Control of Financial Reporting and Accounting and Financial Statement departments, the necessary corrective action and/or actions to strengthen the existing safeguards.

Reporting: the Monitoring and Control of Financial Reporting department prepares a report every six months which it agrees with the Chief Executive Officer and subsequently submits to the Board of Directors, the Risk Management and Internal Control Committee and the Board of Statutory Auditors. The report shows the checks carried out, their results and any problems encountered. The Financial Reporting Officer uses the suitability and effective application assessments on the administration and accounting procedures to provide the certification required pursuant to Article 154-b, paragraph 5, Italian Legislative Decree no. 58/98.

a.2.2 Roles and Departments involved

In light of the significant responsibilities entrusted to him, the Financial Reporting Officer is attributed appropriate powers and resources to perform their duties, as detailed in the last paragraph, number 11.5. The Financial Reporting Officer receives all cooperation necessary from all of the Bank's organisational units to carry out the activities of the role, having guaranteed free access to all areas, information, accounting records and documents relating to the role's activities. In addition, if necessary, this may require information or documents held by external suppliers, through the relevant contact point for the outsourced activity. Finally, the Financial Reporting Officer may agree with each organisational unit involved in the process on the procedures for transmitting the information flows necessary to carry out his/her duties.

The Financial Reporting Officer, in performing their activities, has access to the Monitoring and Control of Financial Reporting organisational unit. This OU assesses the completeness, suitability, functionality and reliability of the internal control system, focusing on producing financial reports and managing the risk of their potential inaccuracy.

The Monitoring and Control of Financial Reporting section works closely with the Finance, Organisation and Operations organisational units, each in relation to its own activities.

Internal Audit assesses the completeness, suitability, functionality and reliability of the process to manage the risk of inaccurate financial reporting.

As part of the management and administration activities exercised by the Parent Company over Group Companies, the Parent Company's Finance Department issues administrative and accounting guidance to which the organisational units of the Group Companies must abide by when carrying out the activities under their responsibility.

In view of the fact that the Group's configuration includes entities considered as significant in defining the scope of the Financial Reporting Officer's activities (the identification phase), Banca IFIS, as part of the management and administration activities it exercises over Subsidiary Companies, requires the following to be carried out, via the Parent Company's Financial Reporting Officer:

The quarterly issue of an appropriate control checklist to the Finance contact at these entities, so that the Parent Company's Financial Reporting Officer can assess the suitability and effective application of the administrative and accounting procedures for the preparation of financial reports, based on these checks. The evidence produced by the Finance contacts at these entities, together with the declaration they issue regarding the effective performance of the required checks and application of the Group's accounting policies, is obtained, assessed and stored by the Monitoring and Control of Financial Reporting department. The checklists are reviewed quarterly, when the need arises.
The Monitoring and Control of Financial Reporting department is to carry out assessments at these entities, in accordance with what is set out in annual plans that are ratified by Banca IFIS's Board of Directors.

11.1. Director in charge of the risk management and internal control system

The Board of Directors, appointed by the shareholders at the Ordinary Shareholders Meeting of 22nd March 2016, has confirmed that the Chief Executive Officer is the director in charge of overseeing the functionality of the risk management and internal control system.

In his managing role, he constantly reported back to the Board of Directors on all aspects of business management, including verification of the overall suitability, effectiveness and efficiency of the risk management and internal control system.

The Chief Executive Officer also:

coordinated the preparation of Group Policies to control and manage the main business risks and their submission to the Board of Directors for approval on a case by case basis (compliance risk, operating risk, credit risk, interest rate risk, concentration risk, IT risk, etc.);

coordinated the submission of updates to the document regarding individual company and Group internal control systems to the Board of Directors;
oversaw the adaptation of this system to changes in operating conditions due to the legislative and regulatory frameworks governing them.

11.2. Head of Internal Audit

Since mid-2006, the post of Head of Internal Audit, reporting to the Board of Directors, has been held by Ruggero Miceli. The mission assigned to Internal Audit by the relevant regulations approved by the Board of Directors also includes verification that the risk management and internal control system is always complete, suitable, functional and reliable.

Mr. Miceli was appointed at the Board meeting held on 4th August 2006, on the proposal of the director overseeing the functionality of the risk management and internal control system. Based on the supervisory provisions and corporate governance rules in force at the time, no other explicit opinions were acquired.

On appointment, Mr. Miceli's remuneration was approved by a Committee from within the Board that, at the time, had duties similar to those of the current Remuneration Committee. Remuneration policies for corporate officers, employees and contract workers of Banca IFIS Banking Group approved by the Shareholders' Meeting subsequently decided to exclude him from stock option plans, as with other managers of control functions, as established by supervisory requirements regarding organisation and corporate governance in the banking sector. The mechanism for potential variable salary components is governed by "policies" approved by the Shareholders' Meeting, and requires the opinion of the Remuneration Committee and the authority of the Board of Directors.

Internal Audit is not responsible for any operational area and from time to time is provided with resources that are adequate to carry out its own activities. The positioning of the Internal Audit in the organisational chart as a staff department of the Board of Directors, in addition to assuring its independence – in line with the Bank of Italy's guidance and with sector best practice – facilitates the appropriate exchange of information with the Risk Management and Internal Control Committee, with the Board of Statutory Auditors and, in general, with company bodies and management.

***

The Group's Internal Auditing Regulations require the Parent Company's Internal Audit department to define a plan of activities that is based on a structured process of analysis and prioritisation of the main risks and takes into account the different levels of risk involved in the various activities and structures of the Parent Company and its Subsidiary Companies.

The Audit Plan lists the controls planned for a three-year period (multi-year plan) and contains a separate and detailed presentation of the activities planned for the first 18 months. A specific section of the Audit Plan is dedicated to ICT auditing.

Subject to the administration of and cooperation with other control functions, taking into account the importance of the activities programmed by second-level control functions, the Audit Plan is not usually submitted until the Parent Company's Risk Management, Compliance and Anti-Money Laundering control units have submitted their own activity programmes to management.

The Audit Plan is forwarded simultaneously to the Board of Statutory Auditors, to the Risk Management and Internal Control Committee, to the President of the Board of Directors, to the director in charge of the risk management and internal control system (who is also the Chief Executive Officer) as well as to the Parent Company's General Manager for subsequent review by the Board of Directors. The Audit Plan is updated as and when it is deemed necessary, upon request from management and/or when proposed by the Head of Internal Audit.

During 2018, the Head of Internal Audit:

had direct access to all information useful to perform their role;
liaised constantly with the Risk Management and Internal Control Committee, the Board of Statutory Auditors and the Supervisory Body (of which they are a member) pursuant to Italian Legislative Decree no. 231/2001, reporting on their own work among other things;
submitted reports of all activities to the Risk Management and Internal Control Committee, the Board of Statutory Auditors, the President of the Board of Directors and the director in charge of the risk management and internal control system (who is also the Chief Executive Officer), as well as the General Manager;
reported on their own work to management providing, in relation to the processes and/or areas subject to audit, adequate information on the activity carried out, as well as assessing the residual risk and internal control system, including through guidelines on compliance with the plans defined to mitigate risks. The quarterly reports (Tableau de bord), the Annual Report and any other reports and documents on specific significant topics fall within this scope;
carried out specific activities concerning the reliability of IT and accounting systems.

During approval of the 2018-2020 Audit Plan, the Board of Directors also confirmed that the Head of Internal Audit has decisionmaking autonomy with regard to training Internal Audit staff, purchasing publications and association membership fees, as well as granting a further budget of €100,000, that the Head of Internal Audit can use independently for external consultancy.

The main activities carried out by the Head of Internal Audit during 2018 were based on the above Audit Plan and concerned, to varying degrees in accordance with the level of risk, the Parent Company (Banca IFIS S.p.A.) and its Subsidiary Companies.

Audit activities regarding the Polish subsidiary, IFIS Finance, were conducted by Internal Audit, either directly or with the cooperation of BDO Sp. z o.o.

The auditing of Group companies mainly referred to the following operating areas: business loans, non-performing loans, online deposits, salary-backed loans, general accounting, outsourcing important operating functions and management of business liquidity. Audit activities were also carried out on the IT system, the Anti-Money Laundering and Compliance second-level control functions and some cross-business processes that are not directly and individually attached to specific business areas (in particular, with reference to the process of managing business continuity, ensuring that remuneration practices comply with legislation and regulatory provisions and banking transparency provisions). Further checks were carried out on specific request of the Bank of Italy.

Alongside the quarterly reports (Tableau de Bord) and the Annual Report on the work carried out, in compliance with the supervisory bodies' provisions, the Head of Internal Audit also prepared specific reports concerning:

assessments on Subsidiary Companies;
remuneration policies;
the ICAAP process;
the government and management of liquidity risk;
outsourced important operating functions;
investment services;
whistleblowing systems.

Finally, Internal Audit also liaised with second-level control units regarding the areas of risk they cover.

11.3. Organisational Model ex-Italian Legislative Decree no. 231/2001

The Banca IFIS Group, sensitive to the need to ensure that its business is conducted transparently and fairly in order to safeguard the image of each Company belonging to the Group, as well as the expectations of shareholders and those who work for and with Group companies, has deemed it consistent with its corporate policies to implement the Organisational & Management Model set out in Italian Legislative Decree no. 231/2001.

This initiative was also launched in the belief that applying the Organisational Model is a sound means of informing those who work for the Bank, spurring them to act fairly and consistently when carrying out their activities, in order to limit the risk of the crimes set out in Italian Legislative Decree no. 231/2001 being committed.

The Banca IFIS Group condemns behaviour that is contrary to current legislation and the ethics principles set out in the Bank's Code of Ethics. The application and effective implementation of the Model improves the Bank's Corporate Governance, limiting the risk of the crimes set out in Italian Legislative Decree no. 231/2001 being committed.

In preparing its Organisational Model, updated on 11th February 2019, Banca IFIS used the ABI's (Italian Banking Association) "Guidelines for the adoption of organisational models regarding a bank's administrative liability". These provide guidance on the interpretation and analysis of the legal and organisational implications resulting from the introduction of Italian Legislative Decree no. 231/2001.

In preparing its Model, Banca IFIS considered its existing and widely operated procedures and control systems, in that they are suitable as measures to prevent crimes and to control processes. The Model is part of a wider control system made up primarily by the internal control system required by the Bank of Italy and the Company's Corporate Governance rules.

The "Banca IFIS Organisational Model" is currently made up of the following organisational tools:

Internal Control System;
Company procedures;
Group Regulations;
Banca IFIS's General Regulations;
Banca IFIS's Organisational Unit Regulations;
Code of Ethics;
Supervisory Board;
Disciplinary System;
Corporate Governance Code for Listed Companies;
Group Policy for managing violation reports;
The Policy on transactions carried out by Key Personnel and by people closely associated with them regarding shares, negotiable instruments and financial instruments issued by Banca IFIS;
Internal policy regarding control of risk assets and conflicts of interest in relation to associated persons;
Procedure for managing transactions with associated persons;
Policy for managing inside information;
Policy for managing the list of people who have access to inside information;
Policy for managing conflicts of interest in the provision of investment services;
Policy regarding personal transactions;
Group policy for governing and managing the risk of non-compliance;
Group policies for managing risk of money laundering and financing of terrorism and the Anti-Money Laundering Manual;
Group Policy for the Outsourcing of Corporate Functions;
Organisational Procedures regarding the Outsourcing of Corporate Functions;
Group Policy for Managing IT Security;
Remuneration and Incentive Policies;
Group Policy for Managing the Purchasing Cycle;
Policy for approving new products and services, starting new activities and entering new markets;
Group Internal Control System Guidelines;
Group IT System Guidelines;
Group Policy for Managing the Risk of Inaccurate Financial Reporting;
Group Accounting Manual and Financial Reporting Procedures;
System of Responsibilities;
Risk Management and Internal Control Committee;
Appointments Committee;
Remuneration Committee;
Internal Communications;
Privacy Guidelines;
Health and Safety in the Workplace Risk Assessment Document and Integrated Safety and Environment Manual.

The Supervisory Board's Regulations are available on the Bank's website, in the section "Corporate Governance – The Value of Ethics".

Crimes pursuant to Italian Legislative Decree no. 231/2001

At present, the rules in question refer to the following types of crime:

crimes in dealings with Public Administration;
computer crimes and unlawful processing of data;
organised crime;
counterfeiting of coins, legal tender, government stamps and instruments or signs of recognition;
crimes against industry and trade;
some types of corporate crimes;
crimes with terrorist intent or aiming to subvert the democratic order;
female genital mutilation;
crimes against the person;

market abuses;
crimes (manslaughter and serious or grievous bodily harm) committed as a result of violations of health and safety in the workplace regulations;
receiving stolen goods, money laundering and use of money, assets or other benefits of unlawful provenance, as well as self-laundering (as from 1st January 2015);
copyright breaches;
convincing people to be silent or to make false statements to law enforcement agencies;
environmental crimes;
employing illegal foreign workers;
corruption between private individuals;
racism and xenophobia.

The Supervisory Board (SB) is responsible for ensuring compliance with and updating the "organisational, management and control" model adopted by the Company to limit the risk of the above crimes being committed.

With its resolution of 8th November, the Board of Directors reviewed the composition of the Group's Supervisory Boards with the aim of ensuring they are uniform.

At the date this Report was prepared, the SBs of Cap.Ital.Fin., Credifarma, and IFIS NPL are made up of an Auditor from the respective company, who takes the post of President of the body, and of the Heads of the Parent Company's Compliance and Internal Audit control functions, Francesco Peluso and Ruggero Miceli, who will carry out the role of administration and liaison, as well as guaranteeing the necessary information flows between the Supervisory Boards of Group companies, also in line with the provisions of the Bank of Italy's Circular no. 285, Part One, Heading IV, Chapter 3, Section II. To follow, the composition of Banca IFIS and IFIS Rental Services will be reviewed, which will remain in office until the expiry of their mandate, and finally of FBS and FBS Real Estate

Banca IFIS's Supervisory Board, instituted by resolution of the Board of Directors appointed by the Shareholders' Meeting of 22nd March 2016, is currently chaired by the external member, Andrea Martin and is composed of another three permanent members: directors Giuseppe Benini and Daniele Santosuosso, and the Head of Internal Audit, Ruggero Miceli.

The Board remains in post for three years and meets at least once a quarter. Meetings are regularly minuted and recorded in the register of minutes. The President of the Supervisory Board, or other member as designated on a case by case basis by the President, reports to the Board of Directors, at its first available meeting, on the activities already carried out and, where this is the case, the activities being carried out and/or planned and whether any of its autonomous budget has been used.

The Board has autonomous powers of initiative and control, pursuant to Italian Legislative Decree no. 231/2001 "Governance of administrative liability of legal persons, companies and associations including without legal status".

11.4. External Auditor

The Shareholders' Meeting of 17th April 2014 appointed EY S.p.A. to audit the Company's annual financial statement and the Group's consolidated financial statement as well as the limited auditing of Banca IFIS's half-yearly interim report, for each of the nine financial years with closing dates from 31st December 2014 until 31st December 2022.

EY S.p.A. have also been tasked, by means of separate formalised agreements, with auditing the controlling company's financial statement and those of Banca IFIS's Subsidiary Companies.

11.5. Financial Reporting Officer responsible for preparing company accounts and other roles and company functions

On 12th April 2016, the Board of Directors appointed Mariacristina Taormina as Financial Reporting Officer with effect from 18th April 2016.

Pursuant to Article 19 of the Articles of Association:

the Board of Directors, pursuant to Article 154-bis of Italian Legislative Decree no. 58/1998, after having received the mandatory opinion of the Board of Statutory Auditors, appoints the Financial Reporting Officer;
the Financial Reporting Officer must be in possession of the integrity requirements set out for election to the role of Statutory Auditor by Article 2, Italian Ministerial Decree no. 162 of 30th March 2000 and the professionalism requirements set out for election to the Board of Directors of banks incorporated in the form of a limited company by Article 1, paragraph 1, Italian Ministerial Decree no. 161 of 18th March 1998.

The Board of Directors gives the Financial Reporting Officer autonomous spending powers, according to the programmed plan of activities they intend to implement. The Financial Reporting Officer must report periodically to the Board of Directors if they use any of their budget.

The Financial Reporting Officer also has the right to:

acquire from within the Bank information relating to events, risk indicators or proposals for technical or organisational adjustments relating to administrative and accounting procedures;
propose modifications to the system of internal controls when deemed appropriate;
participate in Board of Directors meetings and Board of Statutory Auditors meetings and access the minutes of those meetings where the agenda includes the examination and/or the approval of the economic and financial data of the Bank and the Group.

The names of the Heads of the other company functions who have been assigned specific tasks on risk management and internal control are shown below:

***

the role of head of Risk Management (Chief Risk Officer) has been assigned to Kristian Tomasini. Risk Management is given a budget of €500,000 for the use of external consultants, which can be used independently;
the role of Head of Compliance has been assigned to Francesco Peluso. Compliance is given an annual budget of €50,000 for the use of external consultants, which can be used independently;
the role of Head of the Anti-Money Laundering Unit has been assigned to Giovanna Bazzaro. The Anti-Money Laundering Unit is given an annual budget of €50,000 for the use of external consultants, which can be used independently.

The Heads of Internal Audit, Risk Management, Compliance and the Anti-Money Laundering Unit:

must possess suitable professional expertise;
are appointed and removed by the Board of Directors, after consulting with the Board of Statutory Auditors;
have no direct responsibility for operational areas subject to audit.

The duties and responsibilities of the above second- and third-level control functions are in line with the supervisory provisions on internal control systems issued with the 15th Update to the Bank of Italy Circular no. 263/2006 mentioned above and now contained in Part One, Title IV of the Bank of Italy Circular no. 285 (11th Update of 21st July 2015).

11.6. Coordination between individuals involved in the risk management and internal control system

As part of the Group's internal control system, the Parent Company is responsible for creating a unitary system at Group level that enables the effective control of both the Group's strategic choices as a whole and the balanced management of its individual components.

The correct functioning of the internal control system is based on successful interaction whilst carrying out of tasks (guidance, implementation, verification, assessment) between management, any committees formed within management bodies, external auditors and control functions.

For this reason, in line with what is required by the Corporate Governance Code, the Board of Directors, appointed by the Ordinary Shareholders' Meeting of 22nd March 2016, has confirmed that the Chief Executive Officer is the director in charge of overseeing the functionality of the risk management and internal control system.

In his managing role, the Chief Executive Officer constantly reported back to the Board of Directors on all aspects of business management, including assessment of the overall suitability, effectiveness and efficiency of the risk management and internal control system. The administration activities carried out by the Chief Executive Officer have been set out in paragraph 11.1.

The Chief Executive Officer also:

coordinated the preparation of Group Policies to control and manage the main business risks and submitted them to the Board of Directors, which has approved them (compliance risk, operating risk, credit risk, interest rate risk, concentration risk, IT risk, etc.);
coordinated the submission of updates to the document regarding individual company and Group internal control systems to the Board of Directors;
oversaw the adaptation of this system to changes in operating conditions due to the legislative and regulatory provisions governing them.

In addition, the successful interaction and coordination between Senior Management figures involved in the risk management and internal control system is facilitated by cross-membership mechanisms and by a balanced composition of committees and bodies. In particular, the Risk Management and Internal Control Committee and the Board of Statutory Auditors liaise frequently during their meetings and, on occasion, with the Chief Executive Officer, the Financial Reporting Officer, the External Auditor, the Chief Risk Officer, and the Heads of Compliance and the Anti-Money Laundering Unit. They also liaise regularly with the Head of Internal Audit, who usually attends the meetings of both bodies.

In accordance with Italian Legislative Decree. no. 231/2001, the Supervisory Board also benefits from the same crossmembership mechanisms and similar regular liaison with other individuals involved in the risk management and internal control system.

The Heads of the control organisational units liaise with each other, coordinating and collaborating, to avoid overlapping, to develop synergies and to optimise partnership.

At least quarterly, normally initiated by the Head of Internal Audit, the Heads of organizational units who manage the Parent Company's control functions¹ take part in the control functions' coordination meetings convened at certain times to discuss and exchange views on the following issues:

to agree the plans of their respective principal audit/control activities (including for Subsidiary Companies);
to analyse the main findings from audit activities and remedial actions either under way or requested;
to check the current status of various risk exposure levels;
to agree the risk map, also divided per risk-taking organisational unit, and the potential significance of identified risks;
to agree reporting systems, methodologies and terminology;
and, in a more general sense, to successfully exchange information and analyse possible ways of collaboration.

Meetings are subject to appropriate tracking and, in relation to the specific matters to be discussed, representatives of other organisational units may be invited to participate.

Meeting minutes and other documentation of common interest are:

stored in an appropriate dedicated network folder to which all control organisational units have access;
subsequently reported to Management, on specific requests and when the "Annual Report on Activities", prepared by second- and third-level control organisational units, are submitted.

12. Directors' interests and related-party transactions

In June 2018, the Board of Directors approved – following favourable opinion from the Board of Statutory Auditors, the Risk Management and Internal Control Committee (composed of only independent directors) and the Financial Reporting Officer – an update to the "Policy to control risk assets and conflicts of interest in dealings with associated persons" and the "Procedure to manage related-party transactions" (a definition which includes, in accordance with the Bank of Italy's supervisory provisions, "related parties" and persons "associated" with them). A minor update to the Procedure was approved by the General Manager on 9th October 2018.

The Policy, which outlines the Bank's approach to achieve effective management of risks associated with conflicts of interest in transactions with related parties and associated persons, and the Procedure, which describes, among other things, the criteria for identifying transactions that must be approved by the Board after receiving opinion from (or involving) the Risk Management

¹ Invitations to these meetings may be extended to contacts or Heads of Group Company control functions, where established, if deemed to be appropriate by the Parent Company.

and Internal Control Committee, is available on the website www.bancaifis.it (under "Corporate Governance – Corporate Documents – Related Parties and Associated Persons").

The Board has adopted further appropriate operational solutions to identify and adequately manage situations in which a director holds an interest in their own name or on behalf of a third-party. These are the Policy on Personal Transactions and the Policy on transactions carried out by Key Personnel and by people closely associated with them regarding shares, negotiable instruments and associated financial instruments issued by Banca IFIS.

The Policy on Personal Transactions governs trading in a financial instrument carried out by or on behalf of a key member of personnel (including the members of the Board of Directors), provided at least one of the following conditions is met:

a) the Key Personnel member is acting outside the scope of the activities they carry out as a Key Personnel member;
b) the transaction is carried out on behalf of any of the following people:
- o the Key Personnel member;
- o a person related to the Key Personnel member up to the fourth degree or to whom they are Closely Associated;
- o a person whose relationship with the Key Personnel member is such that the Key Personnel member has a significant direct or indirect interest in the outcome of the transaction, other than a fee or commission for executing the transaction.

The Policy on transactions carried out by Key Personnel and by people closely associated with them regarding shares, negotiable instruments and associated financial instruments issued by Banca IFIS governs matters regarding:

a) the identification of Key Personnel (including members of the Board of Directors) and "closely associated" persons and
b) the management of information regarding transactions above the Minimum Amount Threshold² on shares, negotiable instruments or Associated Instruments issued by Banca IFIS, directly or indirectly executed by a Key Personnel member or by a "Closely Associated Person" and subject to notification requirements. They include:
- o transactions covered by Article 19, paragraph 7 of EU Regulation 596/2014;
- o transactions set out in Article 10 of EU Delegated Regulation 522/2016.

The Policy also governs management of the "closure period", that is, those periods in which Key Personnel must abstain from executing transactions in shares and other negotiable instruments issued by Banca IFIS, as well as on financial instruments associated with them.

The Policy is available at www.bancaifis.it (under "Corporate Governance – Internal Dealing").

13. Appointment of Statutory Auditors

The appointment of members of the Board of Statutory Auditors is regulated by Article 21 of the Articles of Association and is based on lists presented by shareholders on which candidates are listed in sequential order and with a number of candidates not exceeding the number of members to be elected. Each list consists of two sections: one for candidates for the office of Standing Auditor, and the other for candidates for the office of Alternate Auditor.

A list can be presented by the shareholder or shareholders who, at the time of submission, own an equity interest equal to at least 1% of ordinary shares, or to another lower ownership threshold that – pursuant to current legislation and regulatory provisions – must be indicated in the notice convening the Shareholders' Meeting called to pass a resolution to appoint Statutory Auditors.

Two Standing Auditors and one Alternate Auditor are elected from the list that obtained the highest number of votes, based on the sequential order in which they appear on the list. The candidate who is in first position of the relevant section of the list that obtained the highest number of votes among the lists submitted and voted upon by shareholders who are not associated with the

² Minimum Amount Threshold: the quantitative threshold beyond which transactions are subject to notification requirements. In particular, pursuant to Article 19, paragraph 8 of EU Regulation 596/2014, all transactions above a total of €20,000.00 over a calendar year are subject to notification requirements. The total amount is calculated by totalling the Transactions executed, without set-off between purchases and sales.

reference shareholders pursuant to Article 148, paragraph 2, Italian Legislative Decree no. 58/1998, is elected as Standing Auditor. The candidate who is in first position of the relevant section of that same list is elected as Alternate Auditor.

In the case of a tie between two or more lists, the oldest candidates will be elected as Statutory Auditors.

If the selection criteria do not ensure election of at least one Standing Auditor and one Alternate Auditor belonging to the least represented gender, a sliding mechanism is applied to the selection from the list obtaining, during the Shareholders' Meeting, the highest number of votes based on the sequential order in which the candidates are indicated. This mechanism excludes the candidate or candidates of the most represented gender and selects the candidate or candidates of the missing gender.

The Standing Auditor elected from the minority list mentioned above is appointed as President of the Board of Statutory Auditors.

Outgoing Statutory Auditors can be re-elected.

If, despite the provisions of the Articles of Association and what is set out above, only one list is presented or only one list receives votes, three Standing and two Alternate Auditors will be elected – on condition that the list in question receives the majority of the votes represented at the Shareholders' Meeting – in the order in which they are indicated on that list for the respective post. The Standing Auditor candidate indicated in first place on the list will be appointed President of the Board of Statutory Auditors.

If a Standing Auditor is to be replaced, their post will go to the Alternate Auditor belonging to the same list as the Auditor who has ceased to hold office.

If it is necessary to appoint Standing and/or Alternate Auditors to supplement the Board of Statutory Auditors following early termination of the auditors in office, the Shareholders' Meeting will act as follows: if auditors elected from the majority list must be replaced, the auditor(s) are appointed by majority vote, without list constraints. If, however, it is necessary to replace a Statutory Auditor designated from the minority list, the Shareholders' Meeting will replace them by relative majority vote, choosing the candidate from among the candidates on the list from which the auditor to be replaced was elected. These candidates will have confirmed their candidacy at least 25 days before the date set for the first-call Shareholders' Meeting, together with statements confirming that no reasons for ineligibility or incompatibility exist, and that they possess the requirements needed to hold the post.

Lists must be submitted to the Company's registered office at least twenty-five days prior to the date set for the first-call Shareholders' Meeting, and are made available to the public at the registered office, on the Company's website and through the other methods provided for by current legislation and regulatory provisions at least twenty-one days prior to the date of the firstcall Shareholders' Meeting.

Ownership of the minimum number of shares needed to submit a list is determined by taking into account the shares recorded in the name of the individual shareholder or multiple joint-shareholders on the day lists are submitted to the Company. In order to prove the ownership of the number of shares needed to submit lists, shareholders can produce the relevant certification, even after the submission of lists, provided this is prior to the deadline set for the Company to publish the lists.

The lists must be accompanied by:

information relating to the identity of shareholders who submitted the lists, stating the overall percentage of shares held;
a statement from the shareholders other than those who hold, separately or jointly, controlling or relative majority shareholdings, certifying the absence of connections with them as set out in Article 144-quinquies of the "Implementing regulations of Legislative Decree no. 58/1998 concerning the regulation of issuers", or any other significant relationships;
exhaustive information on candidates' personal and professional characteristics, as well as a declaration by the candidates themselves confirming certifying possession of the requirements established by law and their acceptance of candidacy.

Candidates who already hold the post of auditor in five other listed companies or who do not possess the integrity, professionalism and independence requirements as set out in applicable regulations or that fall within the cases referred to in Article 148, para. 3 of Italian Legislative Decree no. 58/1998, may not be included in candidate lists. It should be noted that Italian Legislative Decree no. 72/2015 initiated a comprehensive reform to the requirements of corporate officers, aimed at integrating the objective requirements of integrity and professionalism with skills and correctness criteria that will be incorporated in secondary legislation to be issued by the Ministry of Economy and Finance. As of the date of this Report, the new legislation has not been defined by the Ministry.

Each list must contain at least one candidate for the post of Standing Auditor and at least one candidate for the post of Alternate Auditor belonging to the least represented gender.

This requirement does not apply to lists with fewer than three candidates.

14. Composition and functioning of the Board of Statutory Auditors (ex-Article 123-bis, paragraph

2, letter d), TUF)

The composition of the Board of Statutory Auditors in post as at the close of the 2018 financial year, as shown in Table 3 attached to this Report, is as follows:

President: Giacomo Bugna;
Standing Auditor: Giovanna Ciriotto;
Standing Auditor: Massimo Miani;
Alternate Auditor: Guido Gasparini Berlingieri;
Alternate Auditor: Valentina Martina.

The present Board of Statutory Auditors was elected at the Ordinary Shareholders' Meeting of 22nd March 2016 for the 2016, 2017 and 2018 financial years and its office will expire on the date on which the Shareholders' Meeting is convened to approve the 2018 Annual Financial Statement.

The majority shareholder "LA SCOGLIERA S.P.A." submitted a list of candidates. "Studio Legale Trevisan & Associati" submitted a proposal to appoint the Standing Auditor, Giacomo Bugna, as President of the Board of Auditors and the Alternate Auditor, Anna Maria Allievi, on behalf of the following group of investors (total shareholding equal to 0.38%):

Arca S.G.R., Arca Economia Reale Equity Italia fund manager;
Eurizon Capital S.G.R. S.p.A., Eurizon Azioni Italia and Eurizon Azioni PMI Italia fund manager;
Eurizon Capital SA, Eurizon EasyFund-Equity Italy LTE and Eurizon EasyFund-Equity Italy fund manager;
Fideuram Asset Management (Ireland), Fonditalia Equity Italy fund manager.

The group of shareholders confirmed that they have no connections and/or significant relationships with shareholders who hold, separately or jointly, controlling or relative majority shareholdings as set out in Article 147-ter, paragraph 3, Italian Consolidated Finance Law (TUF) and 144-quinquies of the Consob Issuer Regulations approved with resolution 11971/99 and, more generally, the Articles of Association and current legislation.

The majority shareholder "LA SCOGLIERA S.p.A." also submitted a proposal to the Bank's Board of Directors regarding the allocation of remuneration to the Board of Statutory Auditors.

The list of candidates, the list of those people elected and the percentage of votes obtained in relation to voting capital are shown below:

	List of candidates	List of those elected	Percentage of votes obtained
	For the office of Standing Auditor
	Giovanna Ciriotto	Giovanna Ciriotto	97,90%
List submitted by the majority shareholder "LA SCOGLIERA	Massimo Miani	Massimo Miani
S.p.A."	For the office of Alternate Auditor
	Guido Gasparini Berlingieri	Guido Gasparini Berlingieri
	Martina Valentina	Martina Valentina
Proposed for appointment by "Studio	For the office of Standing Auditor and President
Legale Trevisan & Associati" on	Giacomo Bugna	Giacomo Bugna	97,48%
behalf of a group of investors (total	For the office of Alternate Auditor
shareholding 0.38%)	Anna Maria Allievi

The personal and professional characteristics of each auditor (pursuant to Article 144-decies of the Consob Issuer Regulations), based on the statements provided by each of them and attached to the lists, and on any subsequent updates notified by those concerned, are summarised below.

President of the Board of Statutory Auditors – Giacomo Bugna

Giacomo Bugna acquired his experience at a leading auditing firm, providing both auditing and advisory services for financial institutions.

In 1997-1998, he was responsible for introducing the certification of financial statements at the Bank of Italy. From 2011, and until April 2014, he was a Member of the Board of the "Fédération des Experts-comptables Européens" (Federation of European Expert Accountants), which groups together the professional associations of the 27 EU Member States.

Standing Auditor – Giovanna Ciriotto

Giovanna Ciriotto is a graduate in Economics & Commerce from the Ca' Foscari University of Venice. Since 1986, she has been a practising accountant, focusing on corporate law and corporate governance, extraordinary transactions, tax & property consultancy and planning, tax litigation.

She is a partner with the accountancy firm De Perini & Ciriotto, based in Venice.

She is adjunct professor in Business Management, Management Department, Ca' Foscari University of Venice.

She has held many institutional posts, including 20 years as Director of the Venice Association of Chartered Accountants and five years as Director of the Fondazione Università Ca' Foscari.

Standing Auditor – Massimo Miani

After graduating in Economics & Commerce from the Ca' Foscari University of Venice, since 1989, Massimo Miani has been practising as a chartered accountant, specialising in corporate consulting for medium and large businesses as a partner of the accountancy firm, Studio Fieldfisher – Studio Associato Servizi Professionali Integrati. He has dealt with and still deals with aspects of corporate governance and some extraordinary corporate transactions in leading national companies.

He held the post of director and, later, auditor and Supervisory Board member at Cassa di Risparmio di Venezia. He is currently standing auditor and director in several medium to large companies.

He currently holds the post of President of the National Council of Chartered Accountants.

Alternate Auditor – Guido Gasparini Berlingieri

Gasparini Berlingieri graduated in Business Management from Ca' Foscari University of Venice. Since 1991, he has been enrolled in the Venice Register of Chartered Accountants and the Register of Auditors. Since 2011, he has carried out accountancy activity in "GBA Studio Legale Tributario" of which he is a founding partner.

He is the author of many articles published in specialist tax publications and is a speaker at numerous conferences. He was Professor of Tax Law at Ca' Foscari University of Venice and a member of local and national study boards.

Currently, he is a member of the Civil Committee of the Organismo Italiano Contabilità [an Italian accounting body], lecturer at the Scuola di Alta Formazione delle Tre Venezie and member of the Editorial Committee of the Abstract Office of the Veneto Regional Tax Commission.

Alternate Auditor – Martina Valentina

A graduate in Economics & Commerce from Ca' Foscari University of Venice, Martina Valentina has been a member of the Venice Association of Chartered Accountants since 1989.

She owns Studio Martina and is a founding partner of the firm "EKIP Studio Associato Economisti e Giuristi d'Impresa" based in Venice-Mestre.

Since 1993, she has held various public insolvency roles, acting as trustee and liquidator. She is an auditor in several companies in the Veneto region.

During 2018, the Board of Statutory Auditors met a total of 28 times at the Bank, during which it held discussions with the Chief Executive Officer, the General Manager, the Risk Management and Internal Control Committee, the Supervisory Board in accordance with Italian Legislative Decree no. 231/2001, the External Auditors, the Head of Internal Audit, the Financial Reporting Officer and the other control function organisational units as well as with many of the Bank's managers and employees. Meetings lasted, on average, about two and a half hours.

Since the beginning of 2019, until the date of approval of this Report, the Board of Statutory Auditors has met six times, two of which were joint meetings with the Risk Management and Internal Control Committee. During 2019, the Board of Statutory Auditors is likely to hold a similar number of meetings to that of 2018.

There have been no changes in the composition of the Board of Statutory Auditors since the close of the financial year.

The members of the Board of Statutory Auditors must possess the requirements of integrity and professionalism established by the Regulations adopted with the Italian Ministry of Justice decree no. 162 of 30th March 2000, and the independence requirements established by Italian Legislative Decree no. 58/1998 (TUF) and set out by the Corporate Governance Code (Article 8).

The above Corporate Governance Code also states that the Board of Statutory Auditors must confirm that its members meet the requirements of independence following appointment and must re-confirm this on an annual basis, sending the results of the checks to the Board of Directors. After appointment, the Board of Directors will publicise this via a communication released to the market and, subsequently, as part of the Corporate Governance Report, using the same methods as those adopted to communicate information about directors. The results of the first check on the Board of Statutory Auditors currently in post were publicised by issuing a press release on 22nd March 2016.

In addition, the Board of Statutory Auditors periodically checks whether its members are suitable to perform the functions of the control body in terms of professionalism, availability of time and independence, as well as its own suitability in terms of powers, functioning and composition, taking into account the size, complexity and type of activities carried out by of Banca IFIS.

As part of these checks, the members of the Board of Statutory Auditors have periodically been proved to meet the requirements of independence. This last occurred at its meeting of 17th January 2019. In carrying out these checks, the Board of Statutory Auditors has applied all the criteria set out by the Code with regard to directors.

In 2018 the Board of Statutory Auditors participated in training sessions mentioned above provided to directors by Parente & Partners.

Banca IFIS's Statutory Auditors' remuneration is in line with the commitment required, the importance of the post and the size of the company and its activities.

In line with the provisions of the Corporate Governance Code and also pursuant to the provisions of Article 136, paragraph 1, TUB ("Obligations of banking officers"), if a Statutory Auditor, either directly or on behalf of a third party, has an interest in a particular transaction of the Issuer, they must inform the other Statutory Auditors and the President of the Board of Directors promptly and exhaustively about the nature, terms, origin and extent of their interest. The Statutory Auditors also fall within the scope of the "Procedure to manage related-party transactions" outlined in Section 12.

To coordinate with the other stakeholders of the risk management and internal control system, the Board of Statutory Auditors liaised mostly, as set out by the Corporate Governance Code, with Internal Audit, whose Head normally attends the Board of Statutory Auditors meetings, as well as with the Appointments Committee – whose meetings are normally attended by the President of the Board of Statutory Auditors – and the Risk Management and Internal Control Committee and the Remuneration Committee.

In addition, during 2018, eight joint meetings of the Board of Statutory Auditors and the Risk Management and Internal Control Committee were held.

Table 4, in order to meet the obligations set out by Bank of Italy Circular no. 285/2013 (Part One, Heading IV, Chapter 1, Section VII) shows the number and type of posts held by the standing members of Banca IFIS's Board of Statutory Auditors at the time this Report was submitted, based on information provided by its members.

Diversity policies

The aims of the self-assessment process that the Board of Auditors undergoes annually include that of checking the correct and effective functioning of the Body and its suitability in terms of composition, skills and professionalism.

For average age and gender, the Bank scored well, including with regard to the statutory provision which states that at least one standing auditor and one alternate must belong to the least represented gender.

The self-assessment process also highlighted the suitability of professional skills and characteristics, as well as noting that the spread and diversification of skills are in line with the Bank's complexity and its activities.

The diversification of skills and professionalism enables Auditors to make an appropriate contribution to the activities of the Board of Statutory Auditors and promotes multiple approaches and perspectives to analysing problems and making decisions on which actions to carry out.

In this sense, the diversification of Board members' skills was believed to be mostly appropriate in relation to the their main activities, which include:

internal control system;
the organisational and accounting structures;
the regulation of conflicts of interest;
the systems and procedures for the Bank's activities and operations.

During checks on whether the Auditors possess the professionalism, integrity and independence required of Directors and Auditors, differentiation of expertise was noted; it should also be noted that the independence requirement is subject to the obligation for individuals who perform control functions to be entered in the Register of Auditors (Article 3, Italian Ministerial Decree no. 161/98).

In any case, the Bank, aware of the need for members of administration and control bodies to have the technical skills to enable them to properly fulfil their roles, invited members of the Board of Auditors to take part in the training sessions provided to the Board of Directors, as mentioned above.

As a result, the Bank does not consider it necessary to adopt additional specific diversity policies relating to the composition of this control body.

15. Relations with shareholders

The Bank has created some easily identifiable and accessible sections on its website, which make important information available to shareholders, in order to enable them to exercise their rights in an informed manner. The following sections contain information of interest: "Corporate Governance" – "Shareholders' Meetings", "Institutional Investor Relations" and "Private Investor Relations".

On 29th November 2018, the Board of Directors ratified the appointment of Andrea Martino da Rio as Head of Bank IFIS's Investor Relations department, starting from the beginning of December.

16. Shareholders' Meetings (ex–Article 123-bis, paragraph 2, letter c), TUF)

The duties of the Shareholders' Meeting are similar to those for shareholders' meetings of the majority of listed Italian banks. Specifically, the Shareholders' Meeting:

approves the financial statement;
appoints (using the list vote mechanism) and removes members of the Board of Directors, establishing their remuneration;
appoints (using the list vote mechanism) the members and the president of the Board of Statutory Auditors, establishing their remuneration;
passes resolutions on remuneration policies for directors, employees and contract workers, and receives reports regarding all of them;
passes resolutions on any remuneration plans based on financial instruments;
passes resolutions on transactions that involve amendments to the Articles of Association;
passes resolutions on other matters reserved for it by the Articles of Association or by law.

Shareholders' Meetings may also be held outside the Company's registered office, provided that the venue is in Italy. The Shareholders' Meeting is held at least once a year, within 120 days of the end of the Company's financial year.

Shareholders' Meetings may be attended by holders of voting rights whose legitimacy has been confirmed to the Company via authorised intermediary before the end of the third day of open trading preceding the date set for the first-call Shareholders' Meeting. The communication is made based on the evidence at the end of the seventh accounting day of open trading before the day set for the first-call Shareholders' Meeting.

This is subject to legitimate attendance and the exercising of the right to vote if such communication is received by the Company after the established deadline, providing this is before the start of the single-call Shareholders' Meeting works.

Anyone entitled to vote may be represented at the Shareholders' Meeting, pursuant to the law, by means of written proxy or proxy granted by electronic means.

Electronic notification of proxy may be made using the special form available on the Company website.

For each Shareholders' Meeting, as indicated in the convening notice, the Company designates one or more individuals to whom the holders of voting rights can grant, following the methods established by applicable legislation and regulatory provisions, a proxy with voting instructions on all or some of the subjects on the agenda. The proxy is valid only with regards to the subjects for which voting instructions have been provided.

Majorities for the validity of resolutions and the drafting of the minutes are those established by legislation, applicable regulations, the Articles of Association and the Shareholders' Meeting Regulations.

Only shareholders who, separately or jointly, own at least 1% of ordinary shares at the time of submission have the right to submit lists to appoint members of the Board of Directors. A lower ownership threshold is possible – as per current legislation and regulatory provision – and must be indicated in the convening notice for the Shareholders' Meeting called to appoint members to the Board of Directors. A shareholder can neither submit nor vote for more than one list, not even via agents or trust companies. Shareholders belonging to the same group and shareholders forming part of a shareholder agreement concerning the Company's shares cannot submit or vote for more than one list, not even via agents or trust companies. A candidate may only appear on one list or they are considered ineligible. One Director must be taken from a list other than the one receiving the most votes. If a Director leaves office during their mandate, the Board will first check the continued availability of the candidates appearing on the list from which the Director was elected, according to its sequential order, and will then co-opt based on this order.

***

The "Shareholders' Meeting Regulations", the current version of which was approved by the Shareholders' Meeting on 30th April 2013, governs the manner in which meetings are called and held.

The "Regulations", which specify the maximum duration of individual contributions by attendees, their order, the voting procedure, the contributions of Directors and Statutory Auditors, and also the powers to settle and prevent the occurrence of conflicts of interest during Shareholders' Meetings, is available on the website www.bancaifis.it (in the section "Shareholders' Meetings").

As per the Shareholders' Meeting Regulations, the President of the Meeting, also drawing on the assistance of Company personnel, checks: that proxies are correct, that attendees have the right to take part in the Meeting and that the Meeting is proper constituted.

All those who attend have the right to speak on each of the topics discussed. Those with rights may ask questions on the items on the agenda before the Shareholders' Meeting takes place, within the terms set out by current legislation and regulatory provisions and indicated in the convening notice. Questions received before the deadline indicated in the notice will be answered, at the latest, during the Meeting. A single answer may be given to questions with the same content. Those who intend to speak must ask the President, by written request containing an indication of the topic to which the question refers, after the President has read out the agenda items and until the moment the President declares discussion of the related topic closed. As a rule, the President gives permission to speak according to the chronological order in which requests are submitted. If two or more requests are submitted simultaneously, the President gives permission to speak according to the alphabetical order of the requesters' surnames. The President can authorise the submission of requests to speak by a show of hands. In this case, the President gives permission to speak according to the alphabetical order of requesters' surnames. Members of the Board of Directors, the Board of Statutory Auditors and the Bank's general management, or that of other Group companies, as well as the representatives from the External Auditors and Company and Group personnel may all ask to join the discussion when the President deems it useful in connection with the topic to be discussed.

During the Ordinary Shareholders' Meeting held on 19th April 2018, only one member of the Board of Directors was absent. Therefore, 8 directors attended the meeting. All members of the Board of Statutory Auditors were present.

***

During the Shareholders' Meetings, the Chief Executive Officer, on behalf of the Board of Directors, makes himself available to report on the activity performed and planned by the Board, while observing the rules on inside information. The Board, including through reports made available to shareholders under the terms established by the TUF and through ongoing fine-tuning of the organisation of institutional communication via the website, is committed to ensuring that shareholders receive sufficient information on agenda items to enable them to take informed decisions on the resolutions proposed at Shareholders' Meetings.

Three members of the Remuneration Committee, Francesca Maderna (President), Daniele Santosuosso and Riccardo Preve (Board members), attended the Ordinary Shareholders' Meeting held on 19th April 2019. Shareholders were informed of the methods used to carry out the Committee's functions through the Remuneration Report ex-Article 123-ter, TUF.

***

During the financial year, no changes occurred in Banca IFIS S.p.A.'s control structure.

The market capitalisation of shares recorded the following values at the beginning and end of the period:

Date	Share price (€)	No. of shares forming share capital	Capitalisation (€)
29th December 2017	40,77	53.811.095,00	2.193.878.343,15
28th December 2018	15,44	53.811.095,00	830.843.306,8

The effects on capitalisation reflect the trends observed regarding Banca IFIS shares. There were no resulting assessments on the prerogatives intended to protect minority shareholders, who can designate the President of the Board of Statutory Auditors and one director and exercise company rights based on the large amount of information made available to investors and market operators.

17. Further corporate governance practices (ex-Article 123-bis, paragraph 2, letter a), TUF)

No further committees have been appointed other than those described in the previous sections. Adoption of the Organisational Model pursuant to Legislative Decree no. 231/2001 is described in the third paragraph of Section 11.

The Bank has an internal system whereby employees can report any irregularities or infringements of relevant legislation and regulatory provisions and internal procedures (whistleblowing systems), which guarantees a specific and confidential information channel and the anonymity of the person making the report. This system is also accessible from the "Corporate Governance" > "The Value of Ethics" section of the Banca IFIS website.

18. Changes since the end of the reference financial year

As already described, the process to acquire FBS S.p.A. concluded on 7th January.

19. Considerations on the letter dated 21st December 2018 from the President of the Corporate Governance Committee

The recommendations set out in the letter were brought to the attention of the Board of Directors and the Board of Statutory Auditors on 11th January 2019. At its meeting on 18th January 2019 and also as part of the self-assessment process, the Board of Directors carried out preliminary research regarding the main areas of improvement identified in 2018 by the Corporate Governance Committee, the contents of which are summarised below.

Areas of improvement identified in 2018	Considerations
The Committee invites the Boards of Directors to assess the suitability of the information received prior to Board meetings during the financial year. In particular, the Presidents of the Boards of Directors are invited to support this assessment and to ensure that the need for confidentiality is safeguarded without compromising the suitability and promptness of the information flows that precede Board meetings.	The Board of Directors, following the self-assessment process for the 2018 financial year, expressed that it was satisfied with the technical methods (the technological infrastructure and precautions adopted to guarantee that meetings are confidential) with which Board meetings were held. Furthermore, the timescales with which documentation and information regarding the subjects on the agenda were made available to directors were believed to be predominantly suitable to guarantee accurate scrutiny of the documentation, so that an informed opinion may be formed regarding the proposed subjects, especially in relation to specific subjects.
The Committee invites the Boards of Directors and the Remuneration Committees to assess the suitability of the	Please refer to the relevant parts of the Remuneration Report published in compliance with Article 123-ter, TUF.

Areas of improvement identified in 2018

Considerations

The Committee invites the Boards of Directors to assess the
suitability of the information received prior to Board meetings
during the financial year. In particular, the Presidents of the
Boards of Directors are invited to support this assessment and
to ensure that the need for confidentiality is safeguarded
without compromising the suitability and promptness of the
information flows that precede Board meetings.

The Board of Directors, following the self-assessment process
for the 2018 financial year, expressed that it was satisfied with
the technical methods (the technological infrastructure and
precautions
adopted
to
guarantee
that
meetings
are
confidential) with which Board meetings were held.
Furthermore, the timescales with which documentation and
information regarding the subjects on the agenda were made
available to directors were believed to be predominantly
suitable to guarantee accurate scrutiny of the documentation,
so that an informed opinion may be formed regarding the
proposed subjects, especially in relation to specific subjects.

The Committee invites the Boards of Directors and the
Remuneration Committees to assess the suitability of the

Please refer to the relevant parts of the Remuneration Report
published in compliance with Article
123-ter, TUF.

remuneration policies to ensure that the company's activities are sustainable in the medium to long term.
In particular, the Committee recommends, especially for the competent bodies of medium-large issuers, that the link between variable remuneration and parameters tied to long term objectives is strengthened and to limit the possibility of paying sums not tied to predetermined parameters (i.e. ad hoc bonuses) to individual exceptional cases, following adequate explanation.
The Committee invites the Board of Directors to ensure greater transparency regarding the methods of carrying out Board reviews. Especially for larger issuers, the Committee would like to see a member of the Board of Directors oversee the Board review process and methods be adopted that promote the individual contribution of each director.	The Regulations on the Bodies' self-assessment process and the related Methodological Note, which are currently in force, were approved by the Board of Directors on 18th December 2014. The Appointments Committee oversees the process, in particular with reference to the definition of the extent and methods of carrying out the process, which were the subject of discussion by the committee at its meeting of 7th November. The individual contribution is suitably promoted, providing for the possibility of liaising with individual directors and that directors can report any subjects deemed deserving of further investigation.
The Committee invites the administrative bodies to apply the independence criteria defined by the Code with greater rigour, and the control bodies to oversee the correct application of these criteria. The Committee underlines that any non application of these criteria must be exceptional and, especially, be the subject of deeper assessment at individual level, with reference to the situations in which individual	The independence criteria are applied with rigour by Banca IFIS's Boards of Directors, and checked annually during the self-assessment process.

directors find themselves, and of exhaustive explanation in the

corporate governance report.

TABLE 1: STRUCTURE OF THE BOARD OF DIRECTORS AND ITS COMMITTEES

						Board of Directors							Risk Man. & Int. Ctrl C'ttee		Appointmen ts Committee		Remun. C'ttee
Post	Members	Year of birth	Date of first appoint.*	In post since	In post until	List (M/m) **	Exec.	Non Exec.	Indep. per Code	Indep. per TUF	Number other posts ***	(*)	(**)	(*)	(**)	(*)	(**)	(*)
President	Sebastien Egon Fürstenberg	1950	05/08/1983	2016	2018	M		X			-	18/19
Vice President	Alessandro Csillaghy de Pacser	1966	09/05/1995°	2016	2018	M	X				-	19/19
CEO	Giovanni Bossi	1960	09/05/1995	2016	2018	M	X				1	19/19
Director (LEAD IND.)	Giuseppe Benini	1954	30/04/2013	2016	2018	M		X	X	X	-	19/19	P	26/26	M	3/3
Director	Francesca Maderna	1963	29/04/2010	2016	2018	M		X	X	X	-	15/19	M	22/26			P	9/9
Director	Antonella Malinconico	1968	22/03/2016	2016	2018	M		X	X	X		19/19	M	26/26
Director	Riccardo Preve	1951	10/10/2005	2016	2018	M		X			-	19/19			M	3/3	M	9/9
Director	Marina Salamon	1958	10/10/2005	2016	2018	M		X			2	18/19
Director	Daniele Santosuosso	1964	30/04/2013	2016	2018	m		X	X	X	1	19/19	M	26/26	P	3/3	M	9/9
	DIRECTORS WHO LEFT DURING THE 2018 FINANCIAL YEAR
-	-	-	-	-	-	-	-	-	-	-	-	-	-	-	-	-	-	-
	Quorum required for the presentation of lists during last appointment: 1%
No. of meetings held during the financial year in question:				BoD: 19	RM&IC: 26		AppC'ttee: 3		RemC'ttee: 9

NOTES

* Date of first appointment means the date on which the Director was appointed to the Bank's Board of Directors for the very first time (absolutely).

** This column indicates the list from which each director was elected ("M": majority list; "m": minority list; "BoD": the list submitted by the Board of Directors).

*** This column shows the number of posts held by the named individual as director or statutory auditor in other companies listed on regulated markets, including foreign markets, in financial companies, banks, insurance companies or companies of significant size. Table 2 shows the posts in full.

(*). This column lists each member's attendance record at Board of Directors meetings and at the Board's Committees meetings, respectively.

(**).This column shows the Director's role in the Committee: "P": president; "M": member.

°Alessandro Csillaghy de Pacser has been the Vice President of the Bank since 1996.

TABLE 2: POSTS HELD BY MEMBERS OF THE BOARD OF DIRECTORS IN OTHER COMPANIES

POSTS HELD BY MEMBERS OF THE BOARD OF DIRECTORS IN OTHER COMPANIES
	POSTS HELD IN THE BANKING GROUP			POSTS HELD IN SIGNIFICANT COMPANIES FOR THE PURPOSES OF THE REGULATION ON THE TOTAL NUMBER	POSTS HELD IN NOT SIGNIFICANT
			Companies listed on regulated markets including foreign markets		Financial, banking, insurance companies		Companies of significant size		COMPANIES FOR THE PURPOSES OF THE REGULATION ON THE TOTAL NUMBER OF POSTS		TO TA L
	Ex.	Non-Ex	Ex.	Non-Ex	Ex.	Non-Ex	Ex.	Non-Ex	Ex.	Non-Ex
Fürstenberg Sebastien Egon										1	1
Csillaghy de Pacser Alessandro		1									1
Bossi Giovanni	1	2							1		4
Benini Giuseppe		2						1*		24	27
Maderna Francesca									2		2
Antonella Malinconico		1									1
Preve Riccardo									4		4
Salamon Marina								2**	6	5	13
Santosuosso Daniele								1***		2	3
OTHER CORPORATE OFFICERS
Staccione Alberto		3								1	4
* Irideos S.p.A. Illy Caffè S.p.A, Morellato spa * Lottomatica Holding S.r.l.

Ex: executive – Non-Ex.: non-executive

TABLE 3: STRUCTURE OF THE BOARD OF STATUTORY AUDITORS

Board of Statutory Auditors
Post	Members	Year of birth	Date of first appoint.*	In post since	In post until	List **	Indep. per Code	***	Number of other posts held****
President	Giacomo Bugna	1953	30/04/2013	2016	2018	m	X	28/28	5
Standing Auditor	Massimo Miani	1961	22/03/2016	2016	2018	M	X	25/28	9
Standing Auditor	Giovanna Ciriotto	1961	30/04/2013	2016	2018	M	X	28/28	6
Alternate Auditor	Valentina Martina	1959	22/03/2016	2016	2018	M	X	-	N/D
Alternate Auditor	Guido Gasparini Berlingieri	1965	22/03/2016	2016	2018	M	X	-	N/D
------------------STATUTORY AUDITORS WHO LEFT DURING THE 2018 FINANCIAL YEAR------------------
-	-	-	-	-	-	-	-	-	-

No. of meetings held during the year in question: 28

Quorum required for minority shareholders to present lists for the election of one or more members (ex-Article 148, TUF): 1%

NOTES

* Date first appointed means the date on which the Auditor was appointed to the Bank's Board of Statutory Auditors for the very first time (absolutely).

** This column indicates the list from which each auditor was elected ("M": majority list; "m": minority list).

*** This column lists the participation of auditors at meetings of the Board of Statutory Auditors.

**** This column shows the number of posts held by the named individual as director or statutory auditor in other companies as per Article 148-bis, TUF. The full list of posts is published by Consob on its website as per Article 144-quinquiesdecies of the Consob Issuer Regulations. Those Directors or Statutory Auditors with a controlling role in only one issuer are excluded from this disclosure obligation.

TABLE 4: POSITIONS HELD BY THE MEMBERS OF THE BOARD OF STATUTORY AUDITORS IN OTHER COMPANIES

POSITIONS HELD BY THE MEMBERS OF THE BOARD OF STATUTORY AUDITORS IN OTHER COMPANIES

	Administration and control posts held in companies referred to in Book V, Heading V, Chapters V, VI, and VII of the Italian Civil	Code	Other posts	TO TA
	Banking group			Other			L
	Ex	Non-Ex	Ex	Non-Ex	Ex
Giacomo Bugna		3		2*			5
Massimo Miani		1		8**		1	10
Giovanna Ciriotto		1		5***			6

Ex: executive – Non-Ex.: non-executive

* Post of President of the Board of Statutory Auditors in IFIS Rental Services and Standing Auditor in FBS Real Estate; both non-banking companies belong to the Banca IFIS Group.

** Post of President of the Board of Statutory Auditors in the listed company, Pininfarina S.p.A.

*** These include the post of Standing Auditor in IFIS Rental Services, a non-banking company belonging to the Banca IFIS Group.

AI Terminal

Banca Ifis

4153_cgr_2019-03-28_0c6146f6-0c24-4248-a462-edbf93de1f5a.pdf

Contents

Glossary

1. Issuer profile

Governance

Mission

Corporate social responsibility

2. Information on the shareholding structure (ex-Article 123-bis, paragraph 1, TUF)

a) Share capital structure (ex-Article 123-bis, paragraph 1, letter a), TUF)

b) Restrictions on the transfer of shares (ex-Article 123-bis, paragraph 1, letter b), TUF)

d) Shares granting special rights (ex-Article 123-bis, paragraph 1, letter d), TUF)

e) Employee shareholdings: mechanism for exercising voting rights (ex-Article 123-bis, paragraph 1, letter e), TUF)

l) Management and administration activity (ex-Article 2497 et seq., Italian Civil Code)

4. Board of Directors

4.1. Appointment and replacement (ex-Article 123-bis, paragraph 1, letter l), TUF)

Succession Plans

4.2. Composition (ex-Article 123-bis, paragraph 2, letter d), TUF)

Diversity policies

President of the Board of Directors – Sebastien Egon Fürstenberg

Vice President – Alessandro Csillaghy de Pacser

Chief Executive Officer – Giovanni Bossi

Director – Giuseppe Benini

Director – Francesca Maderna

Director - Antonella Malinconico

Director – Riccardo Preve

Director – Marina Salamon

Director – Daniele Santosuosso

Maximum number of posts held in other companies

Induction Programme

4.3. Role of the Board of Directors (ex-Article 123-bis, paragraph 2, letter d), TUB)

***

4.4. Delegated Bodies

Chief Executive Officers

President

Executive Committee (ex-Article 123-bis, paragraph 2, letter d), TUF)

Reporting to the Board

4.5. Other Executive Directors

4.6. Independent Directors

4.7. Lead Independent Director

5. Processing corporate information

6. Internal Board Committees (ex-Article 123-bis, paragraph 2, letter d), TUF)

7. Appointments Committee

Composition and role of the Appointments Committee (ex-Article 123-bis, paragraph 2, letter d), TUF)

Duties of the Appointments Committee

8. Remuneration Committee

9. Directors' remuneration

10. Risk Management and Internal Control Committee

Composition and role of the Risk Management and Internal Control Committee (ex.-Article 123-bis, paragraph 2, letter d), TUF)

Duties of the Risk Management and Internal Control Committee

11. Risk management and internal control system

***

a. Key characteristics of the current risk management and internal control systems in relation to the financial reporting process

a.1. Introduction

a.2. Description of key characteristics of the current risk management and internal control systems in relation to the financial reporting process (the "System")

a.2.1 Phases of the risk management process regarding inaccurate financial reporting

a.2.2 Roles and Departments involved

11.1. Director in charge of the risk management and internal control system

11.2. Head of Internal Audit

11.3. Organisational Model ex-Italian Legislative Decree no. 231/2001

Crimes pursuant to Italian Legislative Decree no. 231/2001

11.4. External Auditor

11.5. Financial Reporting Officer responsible for preparing company accounts and other roles and company functions

11.6. Coordination between individuals involved in the risk management and internal control system

12. Directors' interests and related-party transactions

The Policy on transactions carried out by Key Personnel and by people closely associated with them regarding shares, negotiable instruments and associated financial instruments issued by Banca IFIS governs matters regarding:

13. Appointment of Statutory Auditors

14. Composition and functioning of the Board of Statutory Auditors (ex-Article 123-bis, paragraph

President of the Board of Statutory Auditors – Giacomo Bugna

Standing Auditor – Giovanna Ciriotto

Standing Auditor – Massimo Miani

Alternate Auditor – Guido Gasparini Berlingieri

Alternate Auditor – Martina Valentina

Diversity policies

15. Relations with shareholders

16. Shareholders' Meetings (ex–Article 123-bis, paragraph 2, letter c), TUF)

17. Further corporate governance practices (ex-Article 123-bis, paragraph 2, letter a), TUF)

18. Changes since the end of the reference financial year

19. Considerations on the letter dated 21st December 2018 from the President of the Corporate Governance Committee