CRO's summary of the year

About this report

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

Liquidity risk is managed in accordance with the Group policy for risk management and the Group instructions for management, reporting and control of liquidity risk. The Board has set internal limits for Liquidity Coverage Ratio (LCR), Net Stable Funding Ratio (NSFR), ratio of deposits to net loans and minimum requirement for own funds and eligible liabilities (MREL) in risk appetite. In line with the bank's risk strategy and risk appetite, liquidity risk should be low and bolster the bank's financial strength. DNB aims to have a balance sheet structure which reflects the liquidity risk profile of an international bank with AA-level long-term credit ratings.

DNB had good access to financing in 2024. The Group issued a total of NOK 121 billion in long-term money market funding, of which NOK 47 billion was issued in unsecured bonds and NOK 74 billion was issued in covered bonds. The deposit/loan ratio remained at a high level and the indicators for liquidity (LCR) and stable funding (NSFR) were at satisfactory levels.

DNB is one of the few banks with a long-term credit rating of AA from both S&P Global and Moody's, AA- and Aa2, respectively. In addition, DNB has a short-term credit rating of A-1+ from S&P Global and P-1 from Moody's, both of which are the highest rating score. S&P Global and Moody's both confirmed DNB's ratings in October 2024.

Reputational risk is followed up through monitoring and analyses of media coverage and customer satisfaction. The risk appetite framework states that DNB is to work for a good reputation and deliver on expectations from society and our stakeholders. In 2024, DNB's reputation, as measured by Traction, was lower than DNB's target. In particular, persistently high interest rates and delays related to the integration of Sbanken resulted in negative media reports and customer dissatisfaction, which affected DNB's reputation.

Sustainability risk is managed in accordance with the Group policy for risk management, the Group policy for sustainability and the frameworks and instructions for risk management of the various risk types. Sustainability risk must be included in all risk assessments. According to the Group instructions for sustainability in credit activities, sustainability risk is to be assessed in the same way as other risk factors. Sustainability risk assessments are an integrated part of DNB's credit decision process for all corporate customers with credit exposure above NOK 8 million.

Efforts to strengthen the collection, structuring and analysis of sustainability data continued through 2024. Several projects are underway to assess the possible effects of climate risk. The transition plan for how we will achieve our overall goal of net zero emissions by 2050, and how we can best serve our role as a

driving force for sustainable transition, was published in October 2023 and can be found on dnb.no/ sustainability-reports.

Operational risk is managed in accordance with the Group policy for risk management and the Group instructions for operational risk. The Board has set limits in risk appetite for how much operational risk DNB is willing to accept. The Board is notified if any significant events arise. The Board receives a report on the operational risk in the Group as part of the quarterly risk report.

Total operational losses in 2024 were NOK 276 million of which more than half were due to fraud cases. Cyber attacks are among the greatest operational risks and are associated with persistently high threat levels and the possibility of incidents with major consequences. DNB has a strong cyber defence, and cyber security has a high priority and is followed up through risk appetite. IT operations were stable in 2024, with few critical incidents.

CRO's summary of the year
→ Risk statement from the Board of Directors

About this report
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

CRO's summary of the year Risk statement from the Board of Directors

Oslo, 18 March 2025 The Board of Directors of DNB Bank ASA

Olaug Svarva (Chair of the Board)

Jens Petter Olsen (Vice Chair of the Board)

Gro Bakstad Petter-Børre Furberg

Eli Solhaug Kim Wahl

Kjerstin R. Braathen (Group Chief Executive Officer, CEO)

Lillian Hattrem Haakon Christopher Sandven

Eline Skramstad (Group Chief Risk Officer, CRO)

CRO's summary of the year

→ Risk statement from the Board of Directors
Contents
About this report
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Key figures

Capital	31 Dec. 2024	31 Dec. 2023
Risk exposure amount (NOK billion)	1 121	1 100
Own funds (NOK billion)	267	247
CET1 capital ratio (per cent)	19.4	18.2
Capital adequacy (per cent)	23.8	22.5
Leverage ratio (per cent)	6.9	6.8
Liquidity
LCR, significant currencies (per cent)	134	129
NSFR, significant currencies (per cent)	113	117
Credit and counterparty credit risk
Credit risk, EAD (NOK billion)1	2 522	2 381
- of which counterparty credit risk, EAD (NOK billion)	61.5	54.5
Impairment of financial instruments (NOK billion)	(1.2)	(2.6)
Risk exposure amount, credit and counterparty credit risk (NOK billion)	990	988
Market risk
Market risk as a share of economic capital (per cent)2	10.5	11.6
Risk exposure amount, market risk (NOK billion)	10.0	12.4
Operational risk
Operational losses (NOK million)	276	1 029
Risk exposure amount, operational risk (NOK billion)	140	121
Reputational risk, Traction (points)	57	57

1 Excluding institutions, government, central banks, equity positions and exposure in associated companies. Counterparty risk has been included.

2 Including strategic ownership.

Capital adequacy ratio Leverage ratio

NOK billion

Additional Tier 1 capital Tier 2 capital

Per cent

→ Contents

About this report

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

CRO's summary of the year	2
Risk statement from the Board of Directors	5
Contents	9
About this report	10
Regulatory framework	10
Legal structure and consolidation rules	11
Significant subsidaries	12

1. Risk management and control	13
Risk management	14
Principles for corporate governance in DNB	14
Roles and responsibilities	16
Authorisations	19
Monitoring and reporting	19
Stress testing	21
Risk appetite	21
Recovery plan and public crisis management	23

2. Capital management	25
Capital adequacy and regulatory requirements	26
Capital management and ICAAP	30
Stress testing of capital	33
Change to risk weight floors for loans secured
by norwegian residential real estate	35
Norwegian implementation of CRR III	35

3. Liquidity risk and asset and
liability management	36
Developments in liquidity risk in 2024	37
Funding	38
Asset encumbrance	40
Liquidity reserve	40
Liquidity risk management and control	42
Stress testing of liquidity risk	43

4. Credit risk	45
Developments in credit risk in 2024	47
Capital requirements for credit risk	51
Overview of credit exposures	54
Impairment and default	55
Internal measurement methods (IRB)	58
Exposures in the IRB portfolios	61
Exposures under the standardised approach	62
Securitisation	63
Management and control of credit risk	64
Stress testing	67
5. Counterparty credit risk	68
Developments in counterparty credit risk
in 2024	69
Capital requirements for counterparty
credit risk	69
Risk-mitigating measures	69

Settlement risk 70

Management and control of
counterparty credit risk	71
Stress testing and wrong way risk	71
6. Market risk	72
Developments in market risk in 2024	73
Capital requirements for market risk	74
Market risk exposure	75
Management and control of market risk	80
7. Operational risk	82
Developments in operational risk in 2024	83
Capital requirements for operational risk	84
Management and control of operational risk	84
Reputational risk	86
8. Sustainability risk	87
Development in sustainability risk in 2024	89
Management and control of sustainability risks	95
Roles and responsibilities	95
Management of sustainability risk in
the different risk types	96
Stress testing of climate risk	97
9. Appendix	99
Appendix 1	100
Appendix 2	114
Appendix 3	121

CRO's summary of the year Risk statement from the Board of Directors

CRO's summary of the year Risk statement from the Board of Directors

→ About this report
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

About this report

The Pillar 3 report provides information about DNB's risk management, risk measurement and capital adequacy, and supplements the information provided in DNB's annual report, quarterly interim reports and fact books.

Regulatory framework

This report, with the additional Excel disclosures, has been prepared in accordance with the Capital Requirements Regulation and Directive (CRR and CRD) including Commission Delegation Regulation 2022/2453 as regards the disclosure of environmental, social and governance risks. Articles 431–455 in CRR II specify the reporting requirements. This report,

together with DNB's annual report and the Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)', provides the consolidated disclosure of DNB as required in these regulations and the guidelines given by the European Banking Authority (EBA) in 'Guidelines on disclosure requirements under Part Eight of Regulation (EU) No 575/2013 (GL 2016/11)'.

→ Pillar 1 covers the regulatory requirements for banks' capital and descriptions of the calculation methods for risk exposure amounts and own funds.
→ Pillar 2 sets out requirements for the Internal Capital Adequacy Assessment Process (ICAAP) and the bank's responsibility for assessing risks other than those described under Pillar 1.
→ Pillar 3 covers public disclosure requirements and allows the market to assess financial institutions' capital and risk management.

The methods used to calculate capital requirements for the various risk categories are illustrated in the figure to the left. DNB reports credit risk according to the advanced IRB approach (A-IRB), using internal risk models to calculate the capital requirement. Some credit portfolios are temporarily or permanently exempt from IRB reporting and are reported according to the standardised approach. Market risk is measured using the standardised approach. Operational risk is reported using the standardised approach.

→ About this report
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk

CRO's summary of the year Risk statement from the Board of Directors

The Board of Directors of DNB Bank ASA approves the guidelines and procedures for Pillar 3 reporting and reviews the report prior to publication. The Pillar 3 report is not subject to external audit.

Legal structure and consolidation rules

This report complements DNB's annual report with additional information and is intended to be read in conjunction with the annual report, in particular the section on Corporate Governance and the disclosures relating to remuneration. Together with the annual report, this report provides information on DNB's material risks and includes details on the Group's risk profile which form the basis for the calculation of capital requirements.

The Pillar 3 report is based on the Group's consolidated situation as at 31 December 2024. The DNB Group consists of several legal entities, where subsidiaries are defined as companies where DNB has direct or indirect control. DNB Bank ASA is the parent company in the DNB Group and has several subsidiaries, including DNB Livsforsikring AS and DNB Asset Management Holding AS, each having underlying subsidiaries. The CRR/ CRD regulations do not apply to insurance companies, therefore DNB Livsforsikring AS will publish its own Pillar 3 report, 'Solvency and Financial Condition Report', on 8 April 2025. When this report refers to 'DNB', 'the Group' or 'the bank', it normally relates to the activities in DNB that are regulated by CRR/CRD.

DNB prepares its consolidated financial statements in accordance with the international accounting standards IFRS. A description of the accounting principles is presented in the Group's annual report. When the consolidated financial statements are prepared, intra-Group transactions and balances, as well as unrealised gains or losses on these transactions between Group entities, are eliminated. The consolidation rules under the capital requirements regulations for banks and investment firms (CRR/CRD) deviate from the consolidation of the annual financial statements for the DNB Group, and the differences between the accounting and regulatory scopes of consolidation are shown in Tables EU CC2 and EU LI1 in the appendix to this report. In accordance with the capital requirements regulations, only companies in the financial sector and companies providing ancillary services are included in the consolidated capital adequacy. Associated companies are proportionally consolidated (pro rata up to 50 per cent) based on DNB's ownership interest.

For 2024, this applies to the following companies:

→ Eksportfinans ASA (ownership interest of 40 per cent). DNB Bank ASA has also issued guarantees for other loans in Eksportfinans. The transactions have been carried out on ordinary market terms as if they had taken place between independent parties.
→ Luminor Group AB (ownership interest of about 20 per cent).
→ Vipps AS (ownership interest of about 47 per cent).

At year-end 2024, DNB's share of the risk exposure amounts for credit and market risk in Eksportfinans amounted to NOK 0.8 billion, and NOK 14.6 billion in Luminor. The companies are also included in the basis for calculating capital requirements for operational risk. Risk exposure amounts in Vipps were insignificant. Consolidation of capital adequacy is based on the valuation principles used in the operating companies' financial statements. The valuation principles that form the basis for solvency calculations in the respective companies at the national level are applied to shareholdings in the foreign companies that are being consolidated. The solvency report for the consolidated Group (cross-sectoral reporting) includes the subsidiary DNB Livsforsikring AS and the pro rata consolidation of Fremtind AS, where DNB has around 28 per cent ownership interest at the end of 2024.

→ About this report
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

Significant subsidaries

DNB Boligkreditt AS is a wholly owned subsidiary of DNB Bank ASA and provides loans secured by residential property for up to 75 per cent of the value of the property. Based on developments in international capital markets, DNB Boligkreditt has been given a key role in ensuring the DNB Group long-term and solid financing. This is done through the issuance of covered bonds. DNB Boligkreditt is defined as a large institution pursuant to Article 4.1 (146) and must comply with the reporting requirement in Article 13 of the CRR. The relevant tables for DNB Boligkreditt (Articles 437, 438, 440, 442, 450, 451, 451a and 453) are shown in the Excel disclosure. The figures and information in these attachments should be viewed in the context of DNB Boligkreditt's annual report.

For an overview of the Group's legal structure, see: dnb.no/portalfront/nedlast/en/about-us/Juridisk\_ organisering\_-\_Legal\_Structure\_DNB\_Group.pdf

Information in accordance with Pillar 3 requirements is published quarterly in separate Excel files, see: ir.dnb.no/press-and-reports/financial-reports

For more information on DNB's Corporate Governance, see DNB's annual report: ir.dnb.no/press-and-reports/financial-reports

For more information on DNB's remuneration scheme, see DNB's annual report: ir.dnb.no/press-and-reports/financial-reports

1 Risk management and control Introduction 1.

2 Capital management Risk management

3 Liquidity risk and asset Principles for corporate governance in DNB

and liability management Roles and responsibilities

4 Credit risk Authorisations

Monitoring and reporting

5 Counterparty credit risk Stress testing

6 Market risk Risk appetite

7 Operational risk Recovery plan and public crisis management

8 Climate risk 2. Capital management

9 Appendix 3. Liquidity risk and asset and liability management

1. Risk management and control

The Group must at all times be able to identify, assess, manage, measure, monitor, report and control relevant risks. Risk management should support a healthy risk culture and good business practice.

A good risk culture is based on all employees being aware of their responsibilities and proactively contributing to coherent and comprehensive risk management. All levels in the organisation must have access to relevant and necessary risk information. Each individual manager must ensure that employees understand and take an active approach to risk and returns on risk.

Risk and capital management Pillar 3 | 2023 2024Risk and capital management Pillar 3 | 2023

1. Risk management and control
→ Risk management
→ Principles for corporate governance in DNB
Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
Risk appetite
Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

Risk management

Risk management includes activities, processes and actions that ensure that risks are assessed, managed, monitored, controlled and reported in a satisfactory way and in line with DNB's guidelines and requirements. Risk management must be of good quality and have high information value.

DNB's risk management must address all types of financial and non-financial risk, including emerging risks, that could affect DNB's target attainment. Risk management must be forward-looking and include assessments of how DNB can best adapt to changes in internal and external factors.

It is integrated into processes across all units and levels of the Group. Risk should be an integral part of the governance and remuneration system through indicators that operationalise risk appetite, strategies and limits, and that are followed up by managers individually.

Principles for corporate governance in DNB

Corporate governance in DNB is about how the Board and DNB's management exercise their roles to preserve and develop the company's values in an optimal manner. DNB's executives and Board of Directors carry out an annual assessment of corporate governance principles and practices.

Risk management is part of our business operations and is integrated into DNB's performance management processes and management system. Our governing documents outline how we are to work with risk management. The highest level of our governing documents is DNBs Governance principles, which include principles relating to:

→ strategy and values
→ ethics (Code of Conduct)
→ attracting, safeguarding and developing employees
→ risk management, internal control and compliance → risk appetite

The governance principles define the overarching requirements for the management and control of risk. The governance principles are elaborated in the Group policy for Risk Management.

The Board determines the long-term risk profile through DNB's risk appetite, which is assessed and renewed at least once a year. The targets and limits set out in risk appetite are reflected in other parts of risk management, including authorisations and business limits. The framework for risk appetite is described in more detail in the sub-chapter Risk appetite in this chapter.

The capitalisation assessment (Internal Capital Adequacy Assessment Process, ICAAP) is integrated into governance processes through the risk appetite framework and general monitoring of risk trends. ICAAP is described in more detail in the chapter on capital management.

The recovery plan is intended to ensure that DNB can recover from a very serious stress situation, without involvement or support from the authorities. The plan is renewed annually and is an integral part of DNB's risk and capital management. There is overlap between the indicators in the recovery plan and the risk appetite framework, so risk appetite also acts as an early warning system. Both frameworks are followed up and reported monthly to Group Management and quarterly to the Board. The recovery plan is described in more detail later in this chapter.

To be as prepared as possible to handle serious business and operational disruptions, DNB must have plans for business continuity and crisis management. This includes plans for transition to back-up solutions for information technology, for outsourced operations, for recovery from financial stress and for the continuation of critical functions in a crisis management situation.

For a more detailed description of DNB's corporate governance, see the annual report and the corporate governance report at ir.dnb.no.

1. Risk management and control
Risk management
→ Principles for corporate governance in DNB
Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
Risk appetite
Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

Governing bodies of DNB Bank ASA

As at 31 December 2024

The Board has overall responsibility for ensuring that DNB has appropriate internal control, including for risk management and compliance. The Board also determines the Group's overall risk appetite. The Board evaluates its work and competence related to the enterprise's internal control, including related to risk management and compliance, at least annually.

The CEO is responsible for ensuring that the Board's internal control guidelines, including risk management and compliance, are implemented in the business.

Roles and responsibilities related to internal control, risk management and compliance are distributed according to a corporate governance model with three lines of defence.

→ The first line of defence covers all of DNB's operational functions (business areas and Group units). Operational management is responsible for establishing, managing and following up internal control, including risk management and compliance, within its own area of responsibility. All risk is owned by the first line. Risk is to be owned at the lowest possible organisational level. Roles, responsibilities and distribution of risk between business areas and Group units within the first line are set out in the Group's governance model and are specified in the units' governing documents. Employees are responsible for maintaining good internal control in their daily work tasks.
→ The second line of defence consists of the risk management function and the compliance function. Risk management and compliance are independent control functions that report to the CEO, and have the opportunity to report their assessments directly to the Board of Directors. These functions must be involved in and contribute to risk assessments in the event of new or significant changes. The areas of responsibility
1. Risk management and control
Risk management
→ Principles for corporate governance in DNB
→ Roles and responsibilities
- Authorisations
- Monitoring and reporting
Stress testing
Risk appetite
Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

of the functions and how the tasks are to be performed are specified in the mandates for the risk management function and the compliance function.

→ The third line of defence is internal audit (Group Audit) and assists the Board in ensuring that all material elements of the Group's risk management, internal control and compliance are of satisfactory quality. Group Audit is mandated by the Board of Directors of DNB Bank ASA, which also approves the audit's annual plans and budgets. Group Audit is responsible for ensuring that adequate and effective internal control and risk management have been established and implemented. Group Audit must also assess whether management processes and control measures are effective and contribute to the Group's target attainment.

Roles and responsibilities Group Risk Management

Group Risk Management (GRM) is the independent risk management function in DNB. This function is responsible for advising the first line of defence on risk management issues and must have the competence and capacity to contribute proactively to sound risk management in all parts of the Group. In addition, GRM monitors, controls and reports on the risk situation independently of the units that own and manage the risks.

GRM is led by the Chief Risk Officer (CRO), who is a member of the Group Management team and has the opportunity to report directly to the Board of Directors. The CRO cannot be dismissed without the approval of the Board.

GRM's areas of responsibility include:

→ determining the Group's risk appetite and ensuring that the risk appetite framework functions effectively;
→ preparing frameworks and instructions for the management of the different risk types;
→ endorsing decisions on risk-taking in the areas of credit, market and liquidity risk;
→ owning and managing models and measurement methods for financial risk;
→ having the overall responsibility for the independent validation of models;
→ having the overall responsibility for stress testing and for recommending measures based on the conclusions of the stress tests;
→ carrying out independent assessments and controls of the risk level and reporting on risk to the Group Management team and the Board;
→ preparing the Group's recovery plan and following up the Group's crisis management plan.

GRM must be involved in assessments that have a material impact on DNB's overall risk exposure and must ensure that risks are adequately assessed, managed, measured, monitored, reported and controlled by the relevant business areas and Group units.

In addition to the second-line risk management function, Group Risk Management handles several Group functions that need professional expertise or a coordinated approach across the Group. Sometimes, authorities require these functions to be managed by the second line.

Sustainability risk is a risk that must be taken into account in the management of all risk types. Sustainability risk assessment requirements have therefore been incorporated into the instructions and frameworks for all risk types. GRM is responsible for collecting and reporting sustainability risk in Pillar 3.

Principles for corporate governance in DNB

Risk management

→ Roles and responsibilities

Authorisations

Monitoring and reporting
Stress testing
Risk appetite

2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

Principles for corporate governance in DNB

Risk and capital management Pillar 3 | 2024

For more on management and control see also the descriptions in separate chapters on management and control of liquidity risk, credit risk, counterparty credit risk, market risk, operational risk and sustainability risk.

The compliance function

The Group Chief Compliance Officer (GCCO) leads the compliance function. GCCO reports directly to the CEO and the Board of Directors on the compliance situation and compliance risk in the Group. All business areas and Group units, branches abroad and companies in the DNB Group licensed under the supervision of a financial supervisory authority have a compliance function as part of the Group's independent second-line of defence. The local compliance function in branches abroad and companies in the DNB Group is headed by a Head of Compliance.

The compliance function is DNB's independent control function for compliance. The compliance function checks that the company has policies and procedures in place to identify compliance risks and measures and procedures to limit compliance risk, assesses whether the above-mentioned policies, procedures and measures are sufficiently effective and assesses any measures implemented to remedy non-compliance with rules and legislation. The compliance function advises on compliance and compliance risk and helps assess risk when introducing new strategies,

organisational changes and other changes in the business. The compliance function develops the Group's framework for managing compliance risk.

The compliance function works on a risk-based basis, mainly related to rules and legislation that set requirements for the exercise of DNB's licensed activities. The compliance function's mandate covers, among other things, financial regulatory rules and legislation, as well as rules and legislation related to competition and data protection and rules and legislation aimed at counteracting money laundering, corruption and breaches of sanctions.

Group Audit

DNB's internal audit (Group Audit) assists the Board in ensuring that there is quality in all significant aspects of the Group's risk management. Group Audit takes its instructions from the Board of Directors, which also approves the audit's annual plans and budgets.

For a more detailed description see the annual report and corporate governance report at ir.dnb.no.

Group Committees

Committees have been established to assist Group Executive Vice Presidents with decision-making, monitoring and control in various specialist areas:

→ The Asset and Liability Committee (ALCO) is an advisory body to the Chief Financial Officer (CFO). The ALCO monitors the Group's capital expenditures and asset allocation. In addition, the ALCO monitors risk exposures within market and liquidity risk. The committee is a meeting place for information sharing and coordination between entities that operationally manage market and liquidity risk and Group Risk Management as an independent risk control function.
→ The Group Credit Committee (GCC) is chaired by the Chief Risk Officer (CRO). The GCC handles large or complex credit cases and credit cases with a particularly high risk of money laundering. The committee also considers administrative matters, including industry reports, credit regulations, risk reports, stress testing, model changes and credit strategies. The GCC handles and endorses credit cases based on personal authorisations. The Group Executive Vice President for the business area that has the case is the extender and CRO is the endorser. The Group Chief Compliance Officer is a permanent member of the committee.
1. Risk management and control
Risk management

→ Roles and responsibilities
- Authorisations
Monitoring and reporting
Stress testing
Risk appetite
Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

→ The Financial Markets Risk Committee (FMRC) is

chaired by the Group Executive Vice President for Market and Liquidity Risk Management and consists of members from Group Risk Management, DNB Markets and Group Treasury. The FMRC is responsible for approving and supervising principles and processes for activities involving market risk in DNB. This includes recommending market risk limits and approving and following up guidelines, methodology and control for market risk and counterparty risk.

→ The Non-Financial Risk Committee (NFRC) is chaired by the Chief Risk Officer (CRO) and contributes to developing DNB's management of non-financial risk. The NFRC contributes to a consistent approach and joint coordination of firstline responsibility for managing operational risk, compliance and reputational risk. The committee exchanges information, coordinates activities and advises on complex individual cases. Subject matter groups reporting to the NFRC follow up progress in areas such as money laundering, IT risk, thirdparty risk and data protection. The Group Chief Compliance Officer is a permanent member of the committee.

Chief Executive Officer (CEO) and Group Management Meeting

The CEO is responsible for implementing risk management that contributes to meeting the business targets set by the Board, including effective management systems and internal control. The Group Management Meeting is the CEO's collegium for senior management. All significant decisions relating to risk and capital management are generally made in consultation with the Group Management team. The Group Executive Vice Presidents of the business areas and Group units are part of the Group Management Meeting.

Board of Directors and Board Committees

DNB's Board of Directors has overall responsibility for the company's activities and establishes, among other things, the Group's strategy and overall goals, and ensures satisfactory reporting. The Board also sets limits for risk appetite and sets limits for how much risk DNB is willing to accept in order to achieve set goals and ambitions.

The Board is responsible for ensuring that the Group is adequately capitalised relative to the risk and scope of the business, in addition to ensuring compliance with capital requirements. The Board carries out an ongoing assessment of the capital situation. See further discussion of ICAAP (Internal Capital Adequacy Assessment Process) in the chapter Capital management.

Each year, the Board of Directors reviews the CEO's report on the status of internal control. The report also includes an assessment of the principal risk areas in the Group. The review documents the quality of the work on internal control and risk management, and it is intended to identify any weaknesses and needs for improvement.

Risk Management Committee

The Risk Management Committee monitors the systems for internal control, risk management and internal auditing, and ensures that they function effectively. The committee considers changes to systems and procedures that are submitted to the Board for approval. In addition, the committee advises the Board on risk profile, including risk appetite, and the committee prepares the Board's follow-up of risk development and risk management. Advice to the Board also includes strategies for capital and liquidity management, credit risk, market risk, operational risk, compliance risk, reputational risk and other risks. The committee consists of up to four Board members who are elected for two years at a time. It is also a requirement that at least one of the committee's members has extensive experience in identifying, assessing and managing risk in large and complex companies. The organisation of DNB's Risk Management Committee, and the quarterly reporting of risk management to the Board of Directors, is considered to cover the relevant requirements in the

1. Risk management and control
Risk management

Principles for corporate governance in DNB

→ Roles and responsibilities
→ Authorisations
→ Monitoring and reporting
Stress testing
Risk appetite

2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk

Risk and capital management Pillar 3 | 2024

countries in which DNB operates, including the US CFR §252.144.1

Audit Committee

The Audit Committee ensures that the DNB Group has independent, effective and objective external and internal audit procedures, as well as satisfactory financial and sustainability reporting, in accordance with laws and regulations. The Audit Committee reviews the financial and sustainability reporting process and ensures that the Group's internal control, including the internal audit and risk management systems, functions effectively. The Committee has the authority to investigate all matters relating to the Group that the Committee finds relevant for performing its tasks. The Audit Committee is answerable to the Board in connection with the implementation of its tasks.

The Audit Committee is responsible for ensuring that the Group has independent and effective external audit procedures. The Board has prepared guidelines to ensure reliable, relevant, timely and uniform reporting to shareholders and other capital market participants. The guidelines also cover in-house needs. Together, these are called guidelines for financial reporting.

1 CFR § 252.144 – 'Risk management and committee requirements for foreign banking organizations with \$100 billion or more in total consolidated assets but less than \$100 billion in total U.S. assets'

The guidelines set quality assurance requirements for the financial and sustainability reporting process that apply to all entities in the Group, including requirements to avoid any manipulation of the accounts.

Compensation and Organisation Committee

The Compensation and Organisation Committee is responsible for preparing guidelines, frameworks and matters related to remuneration to be decided by the Board, including variable remuneration for employees in all parts of the Group and other material personnelrelated matters for senior executives. The committee is also the Board's preparatory body for selected matters relating to culture, management and succession planning.

Authorisations

There must be authorisations for all credit approvals and position and trading limits in all significant financial areas. Authorisations and overall limits are decided by the Board and delegated further in the organisation. Any delegation must be approved and followed up by the immediate superior. All authorisations in DNB are personal. Authorisations are based on an assessment of the relevant individual's competence and experience, as well as the business need. When granted, information is provided about the conditions and restrictions in the authorisation. All authorisations granted in DNB are documented and monitored. For

more information on authorisations for credit, liquidity and market risk, see the chapters for the respective forms of risk.

Monitoring and reporting

All levels of the organisation must have access to relevant and necessary risk information to follow up their own risk.

Group Risk Management has the overall responsibility for risk reporting in DNB. This applies to both internal risk monitoring and risk reporting to the authorities. Group Risk Management reports DNB's risk situation to Group Management at least monthly and to the Board of Directors at least quarterly. This internal second-line risk reporting includes examining targets, frameworks and strategies.

The purpose of internal control is to ensure that the organisation meets its objectives for operational efficiency and effectiveness, reliable reporting and compliance with laws, regulations and guidelines. Group Risk Management reports DNB has a common framework for internal control. An important element is the annual attestation of internal control, where all areas of the Group make a summarised assessment of internal control in their unit.

1. Risk management and control

Risk management
Principles for corporate governance in DNB
Roles and responsibilities
Authorisations
→ Monitoring and reporting
Stress testing
Risk appetite
Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

In accordance with requirements set by the Board of Directors, the compliance function and the GCCO regularly report on the compliance situation to the CEO and to the Board. Local compliance functions regularly report on the compliance situation to the GCCO as well as to the manager of the relevant unit.

All DNB employees are responsible for reporting and handling significant incidents or deviations. Operational incidents and compliance breaches must be recorded in a loss and incident database. Actions taken must be registered for all serious incidents and compliance breaches, and the status reported to Group Management and the Board of Directors.

Risk reporting from the second line of defence to the Board of Directors of DNB

The table to the right shows the regular reports from Group Risk Management and Group Compliance to the Board. In addition, the Board is informed at the first meeting if there is a breach of risk appetite limits, breaches of threshold values in the recovery plan or other significant events or changes in the risk situation.

Risk reporting from the second line of defence to the Board of Directors of DNB

Frequency → Quarterly Report

CRO's Risk Report

The risk report provides a broad review of the risk situation, with analyses and comments. The report is a second line of defence assessment of the risk outlook. Important elements include risk level measured according to the limits set out in risk appetite, the status of the indicators set out in the recovery plan, an assessment of the Group's capitalisation and the results of stress testing and scenario analyses.

GCCO Compliance Report

Group Compliance prepares a short status on the development of the compliance situation quarterly. After the second and fourth quarters, half-yearly reports are prepared that provide a risk-based overview of the compliance situation and risk. The report is the GCCO's independent assessment and is intended to provide a clear overall picture of compliance risk in the Group and form the basis for any action taken.

Frequency → Annually Report

Recovery Plan

The recovery plan, which is part of the Bank Recovery and Resolution Directive (BRRD), is an integral part of DNB's risk and capital management. An important part of the recovery plan is a description of various identified measures that can improve DNB's capital adequacy and liquidity situation in a crisis. The plan is revised annually. The status of defined recovery indicators is reported to the Board of Directors on a quarterly basis.

Validation Report

The accuracy of the bank's internal models (IRB and IMM), which are used for capital requirements calculations, are assessed annually by the bank's independent validation unit. The results are presented to the Board of Directors. Group Audit prepares compliance reports that assess compliance with the respective requirements for IRB and IMM models. These reports are considered by the Board at the same Board meeting as the validation results.

2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

Stress testing

Group Risk Management is responsible for performing regulatory stress tests and for conducting stress tests and scenario analyses at Group level that capture the major risk factors at any given time. Stress tests are an integral part of the bank's capital and risk management. The stress tests must be forward-looking and include all relevant risk types. They cover a range of scenarios of varying degrees of severity, including scenarios that reflect severe downturns. The stress tests include assessments of the significance for the Group's financial strength and other financial objectives, and are used in the work on risk appetite.

Important stress tests that are carried out at least annually in DNB:

→ Stress testing of capitalisation and liquidity is carried out quarterly and presented to Group Management and the Board of Directors as part of the risk report.
→ Stress testing is carried out as part of the annual ICAAP reporting to Finanstilsynet (the Financial Supervisory Authority of Norway), see the chapter on capital management.
→ Crisis scenarios are developed and tested as part of the yearly update of DNB Group's recovery plan and crisis management plan.
→ Stress tests of specific credit portfolios are carried out on an ongoing basis, normally quarterly. Climate risk is part of the stress testing of the credit portfolios.
→ Stress tests are carried out on DNB Boligkreditt's financial strength in the yearly ICAAP. In addition, the resilience in the event of a fall in housing prices are stress tested on a quarterly basis.
→ Counterparty risk is stress tested monthly to reveal undesirable outcomes of the overall counterparty risk exposure, both in isolation and in the context of the bank's credit risk exposure.
→ Stress tests are performed for market risk semiannual to measure potential losses based on changes in market prices.

Risk appetite

Risk appetite is defined as the risk the Group is willing to accept to achieve its goals. The Board determines DNB's long-term risk profile by setting the Group's risk appetite. The risk appetite renewal process is carried out independently of strategic and financial planning processes. By setting limits for risk taking, risk appetite helps optimise the risk/earnings ratio and ensure sustainable value creation over time.

All employees must be aware of the risk associated with the activities and tasks they perform, and not make choices that impose unwanted risk on the Group. The intention of the principles for risk appetite is to create a shared understanding of what constitutes acceptable risk in DNB and what happens if the risk appetite limits are exceeded. Together with DNB's Code of Conduct and DNB's Governance principles, the principles for risk appetite are intended to help contribute to creating a risk culture that covers DNB's shared norms, attitudes and behaviour relating to the management and control of risk at all levels.

The limits in risk appetite are implemented throughout the organisation. Risk indicators at lower organisational levels support the risk appetite limits. Risk indicators can be expressed as limits for quantifiable risk or as qualitative assessments of risk level. They do not have to be expressed through the same measurement parameters used at Group level,

1. Risk management and control

Risk management
Principles for corporate
governance in DNB Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
→ Risk appetite

2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

but it must be possible to link them to the same types of risk and measure the same development. Monitoring of the risk indicators is adapted to the individual business areas and must ensure that the risk is kept within the established level in risk appetite.

The risk level is measured against the risk appetite limits each month, which provides an overall summary of the risk situation in the DNB Group. Risk appetite includes 16 dimensions of risk, across risk types and business areas. The table to the right shows an overview of risk types in risk appetite and associated dimensions that were applicable at year-end 2024. Sustainability risk assessments must be included in risk assessments for all risk types.

Risk types and associated dimensions in the risk appetite framework

Risk types	Dimensions
Profitability and loss-absorbing ability	→ Risk-adjusted return
Capital adequacy	→ Common Equity Tier 1 (CET1) ratio
	→ Solvency Capital Requirements, DNB Livsforsikring AS, without transition rules
	→ Minimum Requirements for own funds and Eligible Liabilities (MREL)
Market risk	→ Market risk, measured as a proportion of economic capital
Credit risk	→ Concentration risk, within industries and counterparties
	→ Credit quality (expected credit loss), total and per customer segment
	→ Credit growth, total credit portfolio and per customer segment
Liquidity risk	Liquidity Coverage Ratio (LCR) →
	→ Net Stable Funding Ratio (NSFR)
	→ Deposit-to-loan ratio
Operational risk	→ IT risk – operational performance (forward-looking assessment)
	IT risk – operational performance (backward-looking assessment) →
	→ Past loss events
	→ Cyber resilience
Reputational risk	→ Overall risk assessment and reputation score

1. Risk management and control

Risk management
Principles for corporate
governance in DNB
Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
→ Risk appetite
→ Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

Measurement and monitoring

Through continuous follow-up of risk appetite, DNB ensures that the risks identified as the most significant at an overarching level are subject to follow-up and discussion in the organisation's operational units. Managers are responsible for operating the business in accordance with established principles for risk appetite, including ensuring adequate internal control.

Risk appetite is monitored monthly. In situations of financial stress, DNB must have the capacity to monitor risk exposures more frequently.

The status of the risk appetite statements is reported in the form of a green, yellow, orange or red status light. A red status light represents a breach of DNB's risk appetite for the risk appetite statement in question. The status light is set based on the set thresholds and limits for risk appetite. Any status light other than green triggers the need for clearly defined measures.

In case of a breach of limit or threshold values, DNB has the following defined action rules:

→ Yellow status light can be dealt with by the Group Management team.
→ Orange status light can be dealt with by the Group Management team, but the Board must be informed.
→ Red status light must be reported to the Board as part of the agenda at the next Board meeting. Specific proposals for measures to manage the risk must be submitted.

Governance principles for risk appetite

The Governance Principles for Risk Appetite describe procedures and responsibilities for the entire Group.

→ Ownership: The principles for risk appetite are owned by the Board of Directors. All changes to the governance principles, risk appetite statements or risk appetite limits must be approved by the Board.
→ Responsibility: Each risk appetite statement has a coordinator in Group Risk Management who is responsible for following up and preparing any action plans if the risk levels are exceeded. The coordinator is also responsible for assessing whether the measurement adequately captures risk trends.
→ Annual review: The risk appetite statements and limits must be reviewed at least once a year, independently of the strategic and financial planning process.
→ Reporting: The Board must be briefed at least quarterly on the status and development of risk exposures in relation to the set limits in risk appetite. The status and development must be available to Group Management and the Asset and Liability Committee (ALCO) at least monthly.

Recovery plan and public crisis management

DNB has prepared a recovery plan in accordance with the EU's Bank Recovery and Resolution Directive (BRRD). The recovery plan is drawn up as an integral part of the Group's risk and capital management framework and takes effect in the event of a breach of predefined indicators. The indicators cover all significant risk areas, and breaches of the indicators trigger a thorough assessment of the situation and whether measures should be implemented. In addition to recovery indicators, the recovery plan defines a set of metrics to be monitored, including developments in sustainability risk.

The recovery plan is designed to ensure that the Group can recover from a very serious stress situation, without involvement or support from the authorities. DNB has also submitted a liquidation plan, called a Living Will, to the US authorities regarding operations in the US.

A contingency plan for liquidity has also been drawn up, which describes, among other things, how the bank should handle a liquidity crisis that applies either only to the bank or to the industry as a whole. Depending on the type of crisis affecting the bank's liquidity situation, and the assessments made by the ALCO and the Group Management team, Group Treasury sets up an action plan for remedying liquidity shortfall. The plan contains trigger points and timeframes within each measure to be implemented, as well as priority

1. Risk management and control
Risk management
Principles for corporate
governance in DNB
Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
Risk appetite
→ Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

of funding sources and costs for alternative solutions, as well as any impact on the bank's capital adequacy. Possible measures could be the issuance of covered bonds using available reserves in the collateral pool in DNB Boligkreditt AS, change of terms on deposits and limitation of lending, as well as exploiting the market for repurchase agreements (the repo market) and central bank facilities through pledging of securities holdings.

DNB has a hierarchy of contingency measures, illustrated in the figure to the right. The risk appetite should function as an early warning system, and there are therefore several overlaps between the indicators in risk appetite and the recovery plan.

The recovery plan includes:

→ strategic analysis of the DNB Group and socially critical functions performed by DNB;
→ operational and legal dependencies, externally and internally within the Group;
→ governance processes in recovery planning and in implementing the plan;
→ crisis scenarios that could trigger a recovery situation;
→ recovery measures that could improve the Group's capital adequacy and liquidity situation;
→ preparatory measures to ensure the implementation of the recovery measures;
→ communication plan in a crisis.

Connection between risk appetite, different preparedness measures within the Group and the recovery plan

Normal situation	→ Financial optimisation → Return to green 'traffic lights' in risk appetite		Li qu id
Recovery phase	→ Prevent crisis from happening and return to preferred risk profile → Resolve the crisis effectively and return to a normal situation	C ap ita l i nd ic at or	ity a nd fu nd in g in	O th er in di ca to rs
Resolution phase	→ Manage the crisis effectively to ensure minimal loss to society and continuation of systemically important functions	s	di ca to rs

The recovery plan is updated annually and then assessed by Finanstilsynet and the supervisory college.2 The supervisory authorities may propose improvements but may also issue direct orders for changes. The indicators in the recovery plan are followed up monthly in the risk reporting to the ALCO and quarterly to the Board of Directors.

2 DNB's supervisory college is composed of the supervisory authorities in the countries in the EU/EEA area where DNB has subsidiaries

If the bank's recovery were to be unsuccessful, the bank would be subject to resolution, carried out under the auspices of public authorities. Finanstilsynet, in consultation with the resolution college3 for DNB, prepares an annual crisis management plan for DNB. The plan describes how Finanstilsynet would handle a crisis in DNB if the bank is not restored after implementing measures from the recovery plan.

3 DNB's resolution college is composed of the crisis management authorities in the countries in the EU/EEA area where DNB has subsidiaries.

1 Risk management and control

2 Capital management

3 Liquidity risk and asset and liability management Capital adequacy and regulatory requirements

4 Credit risk Capital management and ICAAP

5 Counterparty credit risk 6 Market risk Change to risk weight floors for loans secured by norwegian residential real estate

7 Operational risk 8 Climate risk Norwegian implementation of CRR III

9 Appendix 3. Liquidity risk and asset and liability management

Risk and capital management Pillar 3 | 2023 2024Introduction 1. 2. Capital management

2. Capital management

Capital management is an ongoing process that includes periodic capitalisation assessments, updating financial goals and updating risk appetite.

CET1 capital ratio Per cent

19.4 (18.2)

Capital ratio Per cent

23.8 (22.5)

(2023 figures)

1. Risk management and control
2. Capital management
→ Capital adequacy and regulatory requirements
Capital management and ICAAP
Stress testing of capital
Change to risk weight floors for loans secured by norwegian residential real estate
Norwegian implementation of CRR III
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

Capital adequacy and regulatory requirements

At the end of 2024, the Common Equity Tier 1 (CET1) capital ratio for the DNB Group was 19.4 per cent, which was 2.8 percentage points above the supervisory authorities' expectation, including the Pillar 2 Guidance.

Capital adequacy

Capital adequacy is measured in accordance with the EU Capital Requirements Regulation for banks and investment firms (CRR II/CRD V), which was implemented in Norway on 1 June 2022.

The table on the next page shows the various elements that comprise the capital adequacy requirements for DNB. In addition to the regulatory capital requirement, Finanstilsynet's (the Financial Supervisory Authority of Norway) view is that DNB should maintain a margin in the form of CET1 capital that is 1.25 percentage points above the overall capital requirement (Pillar 2 Guidance). At year-end 2024, the CET1 capital requirement was 15.4 per cent, while the expectation from the supervisory authorities, including the Pillar 2 Guidance, was 16.6 per cent. This requirement will vary due to the countercyclical buffer and systemic risk buffer, which are determined based on DNB's total exposure in each country.

CET1 capital ratio

Per cent

Supervisory authorities' expectation ¹
Surplus of CET1 capital
1 Including Pillar 2 Guidance 1.25 per cent

The Tier 1 capital ratio for DNB was 21.2 per cent and the total capital adequacy ratio was 23.8 per cent at year-end, compared with 20.0 and 22.5 per cent, respectively, a year earlier. CET1 capital increased by NOK 17.3 billion to NOK 217.2 billion at year-end 2024.

Capital ratio

CET1 capital ratio Additional Tier 1 capital Tier 2 capital

See the chapter Liquidity risk and asset and liability management for information about MREL.

1. Risk management and control
2. Capital management
→ Capital adequacy and regulatory requirements
Capital management and ICAAP
Stress testing of capital
Change to risk weight floors for loans secured by norwegian residential real estate
Norwegian implementation of CRR III
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Composition of different capital adequacy requirements

Per cent	Dec. 2024	Dec. 2023	Dec. 2022
Minimum Common equity Tier 1 capital requirement	4.5	4.5	4.5
Systemic risk buffer	3.2	3.2	3.2
Buffer for other systemically important institutions (O-SII)	2.0	2.0	2.0
Countercyclical buffer	2.2	2.2	1.7
Capital conservation buffer	2.5	2.5	2.5
Pillar 2 capital requirement that can be made up of CET1 capital	1.0	1.1	1.2
Common equity Tier 1 (CET1) capital requirement1	15.3	15.6	15.0
Minimum capital requirement that can be made up of Additional Tier 1 capital	1.5	1.5	1.5
Pillar 2 capital requirement that can be made up of Additional Tier 1 capital	0.3	0.4	0.4
Tier 1 capital requirement1	17.1	17.4	16.9
Minimum capital requirement that can be made up of Tier 2 capital	2.0	2.0	2.0
Pillar 2 capital requirement that can be made up of Tier 2 capital	0.4	0.5	0.5
Own funds requirement1	19.6	19.9	19.4

1 Pillar 2 Guidance 1.25 per cent

Risk exposure amount

Risk Exposure Amount (REA) is a measure of the Group's exposure to various types of risk, including credit risk, counterparty risk, market risk and operational risk. This calculation is used to determine the capital requirements that DNB must meet. REA is also used for the calculation of the capital conservation buffer, systemic risk buffer, buffer for systemically important institutions (O-SII) and countercyclical capital buffer.

REA increased by NOK 21.2 billion during the year and amounted to NOK 1 121.1 billion at the end of 2024.

REA for credit risk, included counterparty credit risk increased by NOK 3.2 billion. REA for market risk and CVA was NOK 2.5 billion lower. REA for securitisation positions increased by NOK 1.5 billion while operational risk increased by NOK 18.8 billion.

Capital requirements

According to the capital adequacy regulations, DNB must meet minimum requirements and combined buffer requirements under Pillar 1 and the requirements under Pillar 2.

Minimum requirement under Pillar 1

The minimum requirement for capital adequacy under Pillar 1 is that own funds must constitute at least 8 per cent of the bank's REA. The requirement must be fulfilled by at least 4.5 per cent Common Equity Tier 1 (CET1) capital and at least 6 per cent by Tier 1 capital, including Additional Tier 1 capital (AT1 capital). The remaining 2 per cent can be fulfilled by Tier 2 capital.

SREP and Pillar 2 requirements

Finanstilsynet conducts assessments to determine whether individual institutions have a need for additional capital to cover risk elements that are not adequately covered by the capital requirements under Pillar 1. These are referred to as Pillar 2 requirements. Pillar 2 requirements are normally determined on an annual basis by Finanstilsynet, based on an overall assessment of the risk and capital situation through the Supervisory Review and Evaluation Process (SREP). The main conclusion of Finanstilsynet's assessment in the 2024 SREP process was that, based on the prevailing risk level and external factors, the DNB Group was adequately capitalised as at 31 December 2023. The Pillar 2 requirement for the DNB Group is 1.7 per cent of REA and must be met with a minimum of 56.25 per cent CET1 capital and a minimum of 75 per cent Tier 1 capital.

1. Risk management and control
2. Capital management
→ Capital adequacy and regulatory requirements
Capital management and ICAAP
Stress testing of capital
Change to risk weight floors for loans secured by norwegian residential real estate
Norwegian implementation of CRR III
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk exposure amount

Buffer requirements under Pillar 1

The combined buffer requirement is the sum of the capital conservation buffer, the systemic risk buffer, the buffer for systemically important institutions (Other Systemically Important Institutions, O-SII) and the countercyclical buffer. These buffer requirements must all be met by CET1 capital.

Development in risk exposure amount

The institution-specific countercyclical buffer requirement amounted to 2.2 per cent by year-end 2024. This requirement is set as a weighted average of the prevailing countercyclical buffer requirements in the countries in which the bank operates. The countercyclical buffer requirement in Norway was 2.5 per cent as at 31 December 2024.

The institution-specific systemic risk buffer for DNB was 3.2 per cent at year-end 2024 and is a weighted average of the systemic buffer rates applicable

for the bank's exposures. From the end of 2020, DNB's systemic risk buffer has been 4.5 per cent for Norwegian exposures.

The Norwegian capital buffer requirement for systemically important banks is 1.0 per cent or 2.0 per cent, depending on the size of the bank, and applies to the entire REA. For DNB, the requirement is 2.0 per cent.

Capital management and ICAAP

2. Capital management
→ Capital adequacy and regulatory requirements

Change to risk weight floors for loans secured by norwegian residential real estate

Norwegian implementation of CRR III

3. Liquidity risk and asset and liability management

The total combined buffer requirement for DNB was 9.9 per cent at the end of 2024, and the supervisory expectation for the CET1 ratio was 16.6 per cent.1

The table to the right shows DNB's compliance with the minimum and buffer requirements under Pillar 1 and the Pillar 2 requirements. By year-end 2024, CET1 capital exceeded the corresponding requirement by NOK 52.7 billion.

Leverage ratio

Following the global financial crisis, leverage ratio was introduced as a supplement to the risk-weighted capital requirements. When CRR II/CRD V was implemented in Norway in June 2022, the Norwegian buffer requirements for leverage ratio were removed.

The capital base for the leverage ratio is Tier 1 capital, which comprises AT1 capital in addition to CET1 capital. The exposure amount consists of both balance sheet items and off-balance sheet items. The latter is calculated using the conversion factors from the standardised approach for the capital adequacy calculation. In addition, some adjustments are made for derivatives and repo transactions. The definitions of leverage ratio and the calculation methodology are in accordance with CRR II.

1 Including Finanstilsynet's expectation of a margin of 1.25 per cent in relation to the requirements (Pillar 2 Guidance)

Total capital requirements, 31 December 2024

NOK million	Rate	DNB Group
Risk exposure amount		1 121 130
Minimum Common equity Tier 1 capital requirements	4.5 %	50 451
Minimum Tier 1 capital requirement	6.0 %	67 268
Minimum Total own funds requirement	8.0 %	89 690
Pillar 2 capital requirement	1.7 %	22 423
of which to be made up of Tier 1 capital	0.956 %	10 721
of which to be made up of Common equity Tier 1 Capital	0.319 %	3 574
Common equity Tier 1 buffer requirements:
Capital conservation buffer	2.5 %	28 028
Systemic risk buffer	3.2 %	36 160
Buffer for other systemically important institutions (O-SII)	2.0 %	22 423
Counter-cyclical buffer	2.2 %	24 820
Combined buffer requirement	9.9 %	111 432
Allocation of capital to cover capital requirements:
Total capital		266 585
Total capital requirement		219 222
Surplus of Total capital		47 363
Tier 1 capital		237 410
Tier 1 capital requirement		188 461
Surplus of Tier 1 capital		48 949
Common equity Tier 1 capital		217 240
Common equity Tier 1 capital requirement		164 496
Surplus of Common equity Tier 1 capital		52 744

1. Risk management and control
2. Capital management
→ Capital adequacy and regulatory requirements
→ Capital management and ICAAP

Change to risk weight floors for loans secured by norwegian residential real estate
Norwegian implementation of CRR III
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Leverage ratio

Per cent

Through CRR II/CRD V, the EU adopted a minimum requirement for a leverage ratio of 3 per cent, where only globally systemically important banks are subject to a buffer requirement on top of the minimum requirement. Any institution-specific risk of 'excessive leverage' must be addressed by Pillar 2 requirements. DNB's leverage ratio requirement as at 31 December 2024 was 3.0 per cent.

Minimum requirement

At year-end 2024, DNB's leverage ratio was 6.9 per cent. The leverage ratio is significantly influenced by the level of central bank deposits on the balance sheet. DNB's leverage ratio, excluding claims on central banks, was 7.2 per cent at year-end 2024.

Capital management and ICAAP Targets and principles for capital management

The Chief Financial Officer (CFO) is responsible for capital management, and the principles for capital management are laid down in Group instructions. Capital management balances several considerations, and DNB has a process for assessing capital adequacy that entails that the Group:

→ meets regulatory requirements with a margin that corresponds to the Group's risk profile and risk tolerance;
→ achieves competitive terms in funding markets;
→ achieves a competitive return on equity;
→ can fulfil the Group's dividend policy;
→ has flexibility to take advantage of growth opportunities in the market.

Capital assessment process

The process for assessing capital adequacy (Internal Capital Adequacy Process, ICAAP) must ensure that DNB's capitalisation is adapted to the risk level. The process must be in line with Finanstilsynet's requirements for the ICAAP and is based on the following:

→ Assessments of risk, regulatory requirements and capital needs are forward-looking and are based on DNB's business strategies and financial plans. DNB's capitalisation, liquidity and funding are subject to stress tests. The capital assessment process includes

1. Risk management and control
2. Capital management Capital adequacy and

regulatory requirements

→ Capital management and ICAAP

Change to risk weight floors for loans secured by norwegian residential real estate
Norwegian implementation of CRR III
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk

Risk and capital management Pillar 3 | 2024

risks that are not covered by the requirements under Pillar 1. Risk is quantified and assessed based on calculations of economic capital and stress tests, in addition to the regulatory risk exposure amount.

→ Risks and capital are assessed on an ongoing basis, and this forms an integral part of DNB's framework for risk and financial management. Financials and risk assessments are reported monthly (see also discussion in the chapter Risk management and control). Assessments of risk and capital needs are submitted to the Board of Directors on a quarterly basis. Financial plans for the coming years, prepared in the Group's annual financial plan, are an integral part of the ICAAP and the ICAAP stress test (see the section on stress testing of capital).
→ In the financial strategy process, the target for the Group's return on equity is converted to a required return on allocated capital. A key principle of DNB's governance model is that the Group's capital requirements are to be fully allocated to the business areas. Economic capital, i.e. capital needs calculated by internal risk models, is one of the bases for capital allocation.
→ The capital assessment process is documented at least annually through a separate ICAAP report for the Group and its most important subsidiaries and is approved by the respective Boards of Directors. The

Group's self-assessment of funding and liquidity needs (ILAAP) is included in the report. Several of DNB's subsidiaries prepare their own ICAAP documentation, which is included in the Group's ICAAP. The supervisory authorities perform annual assessments of the ICAAP and ILAAP processes as part of the Supervisory Review and Evaluation Process (SREP).

→ DNB's quarterly and annual reports describe the composition of own funds, terms applying to the different capital instruments included in own funds and regulatory deductions from own funds. To facilitate efficient capital allocation and risk management in the Group, own funds may be reallocated to various legal entities within the Group. DNB may to reallocate own funds within the Group to the extent permitted by relevant laws and regulations where DNB's legal entities are domiciled. DNB sees no other material obstacles to transfers of own funds within the Group.

Internal assessments of capital adequacy Margin to regulatory capital requirements Under normal market conditions, DNB will operate with a headroom to Finanstilsynet's expectation for CET1 ratio (including Pillar 2 Guidance). This headroom is intended to cover unexpected volatility in REA and in the capital base, underpin strategic flexibility and provide confidence in DNB's ability

to pay dividends according to dividend policy and coupons on Additional Tier 1 capital. DNB's long-term dividend policy is to have a pay-out ratio of more than 50 per cent of profits as cash dividends, provided that the capital adequacy is at a satisfactory level. DNB will use other regulatory capital instruments than CET1 capital to ensure that capital requirements are fulfilled cost effectively. The leverage ratio will, under normal market conditions, meet regulatory requirements by a reasonable margin. DNB is one of the best capitalised financial services groups in the Nordic region.

Capitalisation of subsidiaries must be in compliance with relevant Norwegian and other national and international rules on transfer pricing. The capitalisation of subsidiaries must otherwise reflect that capital resources are kept as high in the corporate structure as possible. Profits in subsidiaries are channelled to DNB Bank ASA through dividends and Group contributions. DNB Boligkreditt AS must operate with a headroom to regulatory requirements to cover for volatility in earnings and capital caused by the mark-tomarket valuation of derivative contracts related to its funding. DNB Livsforsikring AS must fulfil the solvency requirements with a reasonable margin, see the 'Solvency and Financial Condition Report', to be published on 8 April 2025.

1. Risk management and control
2. Capital management
Capital adequacy and regulatory requirements
→ Capital management and ICAAP
Stress testing of capital
Change to risk weight floors for loans secured by norwegian residential real estate
Norwegian implementation of CRR III
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

Capitalisation of international subsidiaries is based on fulfilment of applicable local regulatory requirements with a reasonable margin and a specific and comprehensive assessment of borrowing capacity, reflecting the risk profile and creditworthiness of the subsidiary, local peer group references and the size and tenor of funding from DNB Bank ASA.

Comparison of economic capital and regulatory minimum requirements

DNB calculates economic capital for all main risk categories. Economic capital should cover 99.9 per cent of unexpected losses within a horizon of one year, in other words economic capital should cover a 'one-in-a-thousand-year loss'. DNB employs a simulation model that calculates unexpected losses for the different types of risks and for the Group as a whole. The quantification is based on historical data. A diversification effect arises when risks are assessed together, as it is unlikely that all loss events occur at the same time. Due to the diversification effects between different risk categories and business areas, the Group's economic capital needs are lower than they would have been if all the business areas had been independent companies.

The figure on the next page shows a comparison of economic capital and the regulatory minimum capital requirements in Pillar 1, i.e. 8 per cent of the risk exposure amount (REA). Economic capital and the

Economic capital

NOK million	31 Dec. 2024	31 Dec. 2023
Credit risk	39 784	37 156
Market risk	8 702	9 483
Life insurance risk3	15 761	16 140
Operational risk	10 195	8 845
Business risk	8 793	7 619
Gross economic capital	83 235	79 243
Diversification effect	(19 487)	(18 805)
Net economic capital	63 749	60 438
Diversification effect in per cent of gross economic capital	23	24

3 Economic capital related to DNB Livsforsikring AS is included in the table, even though it is outside the regulatory scope (CRD-group), because it has a significant impact on the Group's total economic capital.

regulatory minimum requirements are based on the same level of confidence: 99.9 per cent of unexpected losses.

At the end of 2024, economic capital was lower than the regulatory minimum requirement under Pillar 1. The difference is primarily attributable to the measurement of credit risk. The main reason being that a portion of the credit portfolio is measured according to the standardised approach in the regulatory capital adequacy requirement. At the end of 2024, 33 per

cent of the risk exposure amount for credit was measured according to the standardised approach, which assigns higher risk weights than the IRB method. Internal classification models are used for calculating economic capital for all portfolios, regardless of whether the models have formal IRB approval. The credit portfolio is considered well diversified with respect to industries and there is therefore no addition in economic capital for sector concentration risks. There is, however, a small addition for concentration risk for individual customers.

1. Risk management and control
2. Capital management Capital adequacy and
regulatory requirements
→ Capital management and ICAAP
→ Stress testing of capital
Change to risk weight floors for loans secured by norwegian residential real estate
Norwegian implementation of CRR III
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

Comparison of capital requirements and economic capital

NOK billion

Economic capital for market risk is higher than the regulatory minimum capital adequacy requirement under Pillar 1. The main difference is that equity investments in the banking book are treated as credit risk in the capital adequacy calculations under Pillar 1, with a risk weighting of 100 per cent and a corresponding minimum capital adequacy requirement of 8 per cent. Economic capital for the same investments is approximately 40 per cent of the exposure. The internal market risk measurement also includes elements that are not covered by the regulatory Pillar 1 requirements. These are risk aspects that are covered by Pillar 2 requirements in the regulatory capital requirement.

The methodology for calculating economic capital for insurance risk is based on DNB Livsforsikring's capital requirements under the Solvency II regulations, adjusted to a 99.9 per cent confidence level. In the regulatory Pillar 1 capital requirements, significant

investments in insurance companies above a threshold allowance are deducted from regulatory capital.

Business risk is not covered by the Pillar 1 requirements. In the calculation of economic capital, business risk is treated as a residual risk and reflects the risk of losses that cannot be linked to the other quantified risk categories.

Stress testing of capital ICAAP stress test

At least once a year, a comprehensive stress test (the ICAAP stress test) is presented to the Board as a basis for evaluating the robustness of the Group's capitalisation. This is normally done in connection with the consideration of the Group's strategy and financial targets for the next three years. The results of the financial planning process (Target Process) and the ICAAP stress test are important parts of DNB's ICAAP.

The ICAAP stress test assumes a severe deterioration in macroeconomic conditions and shows how this could affect the Group's risks, profits and capitalisation. As a starting point for the annual stress test, the stress scenario is prepared based on relevant risk factors. The macroeconomic scenario for the stress test is reviewed by the bank's ALCO committee and approved by the Chief Risk Officer.

1. Risk management and control

Capital adequacy and regulatory requirements

Capital management and ICAAP
→ Stress testing of capital
Change to risk weight floors for loans secured by norwegian residential real estate
Norwegian implementation of CRR III
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

In the stress test, loan losses are estimated by the model for calculating expected credit losses in the credit portfolio with supplementary analyses of individual portfolios. The Group's model for calculating economic capital is used to estimate losses related to market risk, operational risk and business risk.

Some key features of the macroeconomic scenario used in the ICAAP stress test:

→ The policy rate is assumed to rise to around 6 per cent in 2025 in response to expectations of sustained high inflation, before the rate is gradually reduced to 3.3 per cent in 2028. Higher money market premiums will keep 3-month NIBOR between 6.7 and 3.6 per cent throughout the stress test period.
→ Norwegian mainland GDP falls by 2.1 and 2.5 per cent in 2026 and 2027, respectively.
→ The registered unemployment rate rises to 6.3 per cent, somewhat above the level from the Norwegian banking crisis in the early 1990s.
→ House prices nominally drop around 40 per cent. Households respond to falling house prices, declining real wage growth and an uncertain labour market by reducing their spending.
→ Global GDP growth falls by 3.0 per cent in 2026. Norwegian exports of traditional goods and services are weakened substantially despite a weaker NOK.

History ICAAP stresstest

Per cent

FSA expectation as at 31 Dec. 2024 (16.6%)
Regulatory requirement including Pillar 2 Guidance, but without countercyclical capital buffer (14.8%)

The results from the stress test show weak annual results over the four years. The weak profit development is due to loan losses and losses related to operational risk, business risk and market risk. REA increases throughout the period as a result of increased credit risk. The CET1 capital ratio drops from 19.4 in 2024 to 17.1 per cent in 2025, until positive results restore it to 18.0 per cent in 2028.

DNB conducts periodic stress tests of all or parts of the Group. The results are included in the CRO's risk report to the Board. In addition to DNB's own stress testing, Finanstilsynet carries out an annual stress test of DNB. US regulatory requirements for stress testing are fulfilled according to CFR § 252.146.2

2 CFR § 252.146 – 'Capital stress testing requirements for foreign banking organizations with total consolidated assets of \$100 billion or more and combined U.S. assets of less than \$100 billion.'

1. Risk management and control

Capital adequacy and regulatory requirements

Capital management and ICAAP

→ Change to risk weight floors for loans secured by norwegian residential real estate
→ Norwegian implementation of CRR III
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk

Risk and capital management Pillar 3 | 2024

Change to risk weight floors for loans secured by norwegian residential real estate

The Norwegian authorities have decided to increase the minimum requirements on average risk weights for loans secured by Norwegian residential real estate applicable to banks using the internal ratings-based approach (IRB) from 20 to 25 percent, with effect from 1 July 2025. The new minimum requirement will increase the DNB Group's risk exposure amount (REA) and is estimated to reduce the CET1 ratio by approximately 0.7 percentage points.

The minimum requirement is imposed in accordance with Article 458 of the Capital Requirements Regulation and will apply until 31 December 2026. The Norwegian authorities will ask the European Systemic Risk Board (ESBR) to recommend other countries to reciprocate the new minimum requirements in order for them to also be applicable to foreign banks' residential real estate loans in Norway.

Norwegian implementation of CRR III

Regulation (EU) 2024/1623 (CRR III) was adopted in the EU on 31 May 2024. The amendments implement the majority of the remaining Basel III recommendations. The rules will enter into force in the EU from 1 January 2025, except for new capital requirements for market risk (FRTB) which have been postponed until 2026. Furthermore, on 6 December 2024, the Norwegian Ministry of Finance adopted regulatory amendments that determined how CRR III is to be implemented in Norway. The Regulations will enter into force in Norway 1 April 2025.

The rules for calculating capital requirements will be changed for credit, market and operational risk, as well as risk of impaired creditworthiness (CVA). A more risk-sensitive standard method will be introduced, and there will be more restrictions on the use of internal models (IRB methodology). Among other things, there will be a lower limit for input floor (IRB) key figures and new restrictions on the distance between the standard method and the IRB method (output floor). The IRB system is also limited by the fact that capital requirements for the largest corporate customers must be calculated according to the basic IRB method (F-IRB).

Once the EU's Banking Package (CRR III) has been implemented, it will have a negative effect of around 20 basis points on the CET1 capital ratio.

1 Risk management and control

2 Capital management

3 Liquidity risk and asset and liability management 3. Liquidity risk and asset liability management

4 Credit risk Developments in liquidity risk in 2024

5 Counterparty credit risk Funding

6 Market risk Asset encumbrance

7 Operational risk Liquidity risk management and control

8 Climate risk Stress testing of liquidity risk

9 Appendix 4. Credit risk

3. Liquidity risk and asset and liability management

The objective of DNB's liquidity management is to ensure that the Group is always able to meet its payment obligations. DNB aims to maintain well-diversified funding, which includes a broad deposit and funding base from both personal and corporate customers, in addition to market funding. The Norwegian market is not large enough to fund all the bank's lending in Norwegian kroner (NOK), and DNB therefore relies on funding in foreign currencies. In 2024, DNB had ample access to funding. The ratio of deposits to net loans remained at a high level and the liquidity situation was satisfactory.

Definition

Liquidity risk is the risk that the Group will be unable to meet its payment obligations when they fall due or will be unable to meet its liquidity obligations without a substantial rise in associated costs. Liquidity is vital for financial operations, but as a rule this risk does not materialise until other events give rise to concern about DNB's ability to meet its financial obligations.

Development in total LCR

100 150 200 Per cent

0 50 Dec. Dec. Dec. Dec. Dec. 2020 2021 2022 2023 2024

Liquid assets NOK billion 854 (824)

Average LCR in 2024

134 (129)

Per cent

(2023 figures)

Long-term debt securities NOK billion

533 (506)

NSFR Per cent 113 (117)

Risk and capital management Pillar 3 | 2023 2024Introduction 1. 2. Capital management

2. Capital management

3. Liquidity risk and asset and liability management
→ Developments in liquidity risk in 2024

Asset encumbrance
Liquidity reserve
Liquidity risk management and control
Stress testing of liquidity risk
4. Credit risk
5. Counterparty credit risk

7. Operational risk
8. Sustainability risk
9. Appendix

Developments in liquidity risk in 2024

DNB had ample access to both long-term and shortterm market funding throughout the year, and a satisfactory liquidity situation at year-end. The ratio of deposits to net loans remained relatively stable at high levels throughout the year. DNB raised a total of NOK 121 billion in long-term market funding in 2024, where 47 billion was issued in unsecured bonds and 74 billion was issued in covered bonds.

Funding levels decreased somewhat during 2024. In terms of volume, most long-term market funding was issued in euros (EUR), followed by Swedish kronor (SEK), US dollars (USD) and then Norwegian kroner (NOK). The Group has increased the share of long-term funding in covered bonds this year compared to previous years, as the bank completed the phase-in of unsecured MRELqualifying debt in 2023.

The EU Capital Requirements Regulation (CRR) stipulates that institutions must at all times have a liquidity reserve (Liquidity Coverage Ratio, LCR) of at least 100 per cent for all currencies combined. This means that an institution's holdings of liquid assets must correspond to at least 30 days' net liquidity outflow in the financial market. The LCR stayed well above the minimum requirement. At the end of 2024, the LCR was 148 per cent, compared with 146 per cent the previous year.

On 1 January 2025, the part of the CRR/CRD regulation that sets LCR requirements in significant currencies

was repealed. This requirement will henceforth be set as a pillar 2 requirement based on the FSA's SREP assessment. DNB Bank ASA has therefore received, on a consolidated and non-consolidated basis, a preliminary company-specific LCR requirement for significant foreign currencies of at least 100 per cent (EUR and USD). In addition, the bank received a minimum requirement for LCR in Norwegian kroner (NOK) of at least 50 per cent. This is identical to the requirements that previously followed from the CRR/ CRD regulation and will apply until the bank receives the next SREP decision.

The Net Stable Funding Ratio (NSFR) specifies a minimum requirement for long-term stable funding of assets. In accordance with the CRR, the available long-term stable funding must be at least the same as the necessary stable funding. In other words, the requirement for the NSFR indicator is at least 100 per cent. DNB's NSFR was 113 per cent at the end of 2024, compared with 117 per cent in 2023.

The table below shows the LCR and NSFR in DNB's main currencies and in total at year-end 2023 and 2024.

LCR development, significant currencies

Per cent	EUR	USD	NOK	Total
31 December 2024	155	356	68	148
31 December 2023	179	314	65	146

NSFR development, significant currencies

Per cent	EUR	USD	NOK	Total
31 December 2024	357	147	90	113
31 December 2023	435	195	87	117

Issued senior debt and covered bonds

		Senior debt		Covered bonds
NOK Billion	NOK	Currencies	NOK	Currencies
31 December 2024	4.4	207.8	65.9	255.2
31 December 2023	6.1	214.9	52.9	232.4

3. Liquidity risk and asset and liability management

2. Capital management

→ Funding

Liquidity risk management and control

Composition and drivers of LCR

In the short term, the LCR depends on the composition of daily inflows and outflows, and the LCR indicator is thus volatile by nature. The numerator of DNB's LCR mainly consists of level 1 assets in the form of central bank deposits, government-issued bonds, SSAs and covered bonds. The outflows in the denominator mainly consist of estimated deposit outflows and funding falling due in the coming 30-day period. The inflows in the denominator are mainly lending that falls due in the 30-day period. Another important contributor to the denominator of the LCR is derivatives. Cashflows related to derivatives include contractual inflows and outflows, as well as collateral outflows from the impact of an adverse market scenario calculated using the Historical Look Back Approach (HLBA). The DNB Group is subject to minimum requirements for LCR in NOK, EUR and USD, as well as a requirement for all currencies combined. With ample access to both EUR and USD, the LCR indicators for these currencies are consistently at a higher level than the NOK indicator, which is lower as a result of relatively little access to liquid securities with low credit risk. Changes in the LCR in 2024 can mainly be explained by changes in the composition of the deposit balance and variations in the maturity profile of the market funding.

Funding

DNB is funded mainly through customer deposits, bonds and short-term funding.

Long-term debt securities issued by the Group amounted to NOK 533 billion at year-end 2024, compared with NOK 506 billion the previous year. Senior preferred bonds, senior non-preferred bonds and subordinated loans are mainly issued through the European Medium-Term Note (EMTN) programme. Senior programmes in US dollars have also been established. A European Covered Bond (Premium) Programme has been established in the covered bond market.

Covered bonds are an important instrument for longterm funding in DNB and are issued by the subsidiary DNB Boligkreditt AS. Investors have a preferential claim over a pool of mortgages in DNB Boligkreditt. In turbulent times, covered bonds have proved to be a more robust funding instrument with smaller price fluctuations than senior preferred bonds. DNB's covered bond programme is approved as a European Covered Bond Premium Programme in accordance with the EU Covered Bond Directive.1

In addition to covered bonds, senior preferred bonds are an important source of funding for DNB. European banks are required to have a minimum amount of own funds and eligible liabilities (MREL) that can be written down or converted in connection with crisis management. Therefore, the Group has a significant volume outstanding in senior unsecured bonds and senior non-preferred bonds.

1 Directive (EU) 2019/2162

3. Liquidity risk and asset and liability management

2. Capital management

→ Funding
Asset encumbrance
Liquidity reserve
Liquidity risk management and control
Stress testing of liquidity risk
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

covered bonds and green unsecured funding (senior preferred bonds and senior non-preferred bonds). The funds raised through the programme will be used to finance green loans within mortgages, renewable energy, green transport and green commercial properties, based on pre-defined criteria aligned with the criteria in the EU Taxonomy. Read more about our green finance framework and our ambitions for sustainable value creation at ir.dnb.no/funding-and-rating/green-bond-framework and dnb.no/en/about-us/sustainability

DNB has established a framework for issuing green

The figure to the right shows the development in average term to maturity for DNB's long-term funding at year-end 2024, divided between senior preferred bonds, senior non-preferred bonds and covered bonds.

At the end of 2024, the average residual maturity for debt securities issued was 3.6 years, almost the same as in 2023. The average term to maturity for longterm funding has been 3–4 years in recent years. The figure on the next page shows the development in average term to maturity for long-term funding, which is composed of senior unsecured bonds, senior nonpreferred bonds and covered bonds.

Long-term funding, maturity profile

The ratio of deposits to net loans is measured as customer deposits in per cent of net lending to customers, adjusted for short-term money market positions. Customer deposits overall remained at high levels throughout the year and the ratio of deposits to net loans reached 72.0 per cent at the end of 2024, which is around the same level as the previous year.

Senior bonds Senior non-preferred bonds Covered bonds

Short-term wholesale funding is provided using various commercial paper programmes. These programmes give DNB ample access to short-term funding. Using several funding channels contributes to greater robustness for the funding. DNB is a bank with a good credit rating in a strong economy and attracts substantial funds from other banks, central banks and money market funds. Together with commercial paper funding, these funds constitute a short-term liquidity buffer.

3. Liquidity risk and asset and liability management

2. Capital management

→ Asset encumbrance
→ Liquidity reserve Liquidity risk management and control

Asset encumbrance

The use of covered bonds has contributed to greater awareness of asset encumbrance. This is because almost all lending is kept on the bank's balance sheet, as the market for securitisation in Europe is immature. In addition, the home ownership rate is high in Norway and this ownership is financed by loans.

At year-end 2024, encumbered assets accounted for NOK 474 billion, which is about 13 per cent of the balance sheet, compared with NOK 409 billion and 13 per cent, respectively, the previous year. The current level of encumbered assets in DNB is comfortable, considering the Group's balance sheet composition, capitalisation and liquidity.

Liquidity reserve

To support its ongoing liquidity management, DNB holds a reserve of high-quality liquid assets (HQLA). The liquidity reserve is mainly held in the form of liquid bonds and central bank deposits. Among other things, DNB uses these securities as collateral for short-term loans from central banks, and they form part of the liquidity buffers for compliance with the regulatory liquidity requirements. Total liquid assets at the end of 2024 amounted to NOK 854 billion, compared with NOK 824 billion in 2023.

Average term to maturity for long-term funding, senior unsecured bonds, senior non-preferred bonds and covered bonds

DNB has a dedicated bond portfolio where the primary purpose of the portfolio is to serve as a liquidity buffer for the bank. The portfolio consists of high-quality liquid assets that can be sold or pledged at any time. Additionally, the portfolio should contribute to the Group meeting regulatory liquidity requirements. At year-end 2024, the total bond portfolio amounted to NOK 296 billion, of which the NOK portfolio totalled

Years

NOK 104 billion and the international portfolio in foreign currencies totalled NOK 192 billion. The high credit quality of the bond portfolio reflects its function as an HQLA for the bank. At the end of 2024, 100 per cent of the portfolio had a credit rating category of AA or better, and no bonds in the portfolio were rated lower than category A+. The weighted average credit duration for the bonds was

3. Liquidity risk and asset and liability management

2. Capital management

Asset encumbrance
→ Liquidity reserve Liquidity risk management and control

Risk and capital management Pillar 3 | 2024

2.1 years at year-end 2024. With reference to the categorisation of liquid assets within the LCR framework, the total bond portfolio at year-end 2024 exclusively consisted of level 1 and level 2A assets, where level 1 represents the most liquid assets. All of the bonds held in the bank's liquidity reserve are eligible for collateralisation in central banks and are thus available for intraday liquidity needs and liquidity facilities.

At the end of 2024, DNB's deposits in central banks amounted to NOK 143 billion. In addition, DNB has other liquid assets that qualify as HQLA in LCR of NOK 415 billion.

Liquid assets by currency,

31 December 2024

Per cent

Customer deposits (NOK billion) Ratio of deposits to loans (per cent) Ratio of deposits to loans adjusted for short-term money market investments in New York (per cent)

Liquid assets, 31 December 2024

Per cent

3. Liquidity risk and asset and liability management

2. Capital management

Liquidity reserve
→ Liquidity risk management and control

4. Credit risk
5. Counterparty credit risk

7. Operational risk
8. Sustainability risk

Liquidity risk management and control

The organisation of liquidity risk management in DNB is based on an authorisation and reporting structure that is in conformance with regulatory requirements. The Board of Directors sets the risk appetite, risk limits, strategy and overall guidelines for liquidity management, and regularly reviews the bank's liquidity risk. The liquidity limits are adopted every year, or more often if needed. Group Finance is responsible for calculating and reporting risk exposure. Group Risk Management monitors the risk development against set risk limits, in addition to performing independent assessments and controls of risk levels. Furthermore, Group Risk Management is responsible for model risk management, which includes independent validation of models.

The Group's risk appetite defines the limits for liquidity management in DNB. Internal risk appetite limits are set for the LCR, NSFR, the ratio of deposits to net loans and the Group's MREL. The risk appetite is operationalised through DNB's liquidity strategy and liquidity limit process. This is reviewed annually, or more often if needed.

In line with the bank's risk appetite and risk strategy, the liquidity risk should be low and bolster the bank's financial strength. This means, among other things, that the bank should seek to have a balance sheet composition that reflects the liquidity risk profile of an international bank with a long-term AA credit rating from respected rating agencies. The object of liquidity limits is to reduce DNB's dependence on short-term funding from domestic and international money and capital markets. To avoid increasing pressure on long-term funding, the liquidity risk profile must have a healthy ratio of deposits to net loans. The principles set out in the Group risk management policy are elaborated on in the Group instructions for the management, reporting and control of liquidity risk, which describe requirements relating to organisation, division of responsibilities and reporting. Group Treasury is responsible for ongoing operational balance and liquidity management, including obtaining wholesale funding and managing the bank's liquidity reserves, as well as ensuring that the Group is always within the applicable liquidity limits.

The DNB Group's liquidity risk management is centralised in and delegated to Group Treasury. The liquidity risk in branch offices and subsidiaries is consolidated in the Group's balance sheet and included in the basis for the Group's liquidity management. Within the Group, liquidity is managed both on a consolidated and an individual level.

The subsidiaries DNB Livsforsikring AS and DNB Asset Management AS manage customer assets. This management is covered by internal liquidity rules in the respective companies. Group Treasury is responsible for providing funding to subsidiaries and branch offices outside Norway. DNB Bank ASA and DNB Boligkreditt AS have entered into a bilateral agreement that regulates the coordination of funding and liquidity between these two entities. Group Treasury is also responsible for ensuring that the Group stays within the liquidity limits at all times, and for managing the bank's liquidity portfolio.

Liquidity risk is managed and controlled primarily through the LCR and NSFR indicators. In addition, DNB has limits for internal indicators that supplement the regulatory indicators. The objective of the liquidity risk limits is to reduce the bank's dependence on short-term funding and secure stable and long-term funding for the Group. This is because short-term funding is generally more sensitive to credit and market conditions than ordinary deposits, especially deposits covered by a deposit guarantee scheme. This is why DNB also operates with internal limits and ambitions for the proportion of the bank's funding that is to be covered by deposits from customers.

3. Liquidity risk and asset and liability management

2. Capital management

→ Liquidity risk management and control
→ Stress testing of liquidity risk
4. Credit risk
5. Counterparty credit risk

The liquidity risk and the utilisation of liquidity risk limits are monitored on an intraday basis. The LCR and other liquidity risk indicators for each significant currency are reported daily to Group Treasury and Group Risk Management. The NSFR and its limits are also monitored closely and are calculated and reported to the Asset and Liability Committee (ALCO) and Group Management monthly. According to the principles of risk appetite, both the LCR and NSFR are reported to the Board at least on a quarterly basis as part of the Group's risk report. In the event of deviations from the liquidity limits, established escalation procedures will be implemented for reporting to relevant parties and committees. Deviations from the LCR and NSFR limits must be immediately reported to Group Treasury, Group Risk Management and the Chief Financial Officer (CFO). All deviations from risk limits are to be reported to and considered at the same decisionmaking or authorisation level as that at which they were approved. Any deviations from risk limits that have been adopted by the Board must therefore be reported to and considered by the Board.

The credit ratings of the underlying securities in the bond portfolio are continuously monitored and reported. The chapter Market risk contains a description of how market risk in the liquidity portfolio is monitored.

DNB has also prepared a contingency plan for liquidity, which is briefly discussed in chapter Risk management and control.

Stress testing of liquidity risk

DNB regularly conducts stress testing to ensure that the Group has sufficient liquid assets to cope with liquidity stress. The underlying assumptions that are applied to the stress tests are reviewed at least once a year. This includes an assessment of the bank's liquid assets and the extent to which these can be used as collateral in Norges Bank or other central banks.

Liquidity stress tests are an integral part of the bank's liquidity risk management and control, and the results from these form part of the decision-making basis when preparing risk targets and risk limits for liquidity. The stress testing is also used in assessing the bank's contingency plans for funding.

The stress tests are run on a quarterly basis and comprise four scenarios. A market stress scenario, a bank-specific stress scenario, a combined systemic and bank-specific stress scenario and a regulatory LCR scenario. The results are reported to ALCO and the Board. The stress factors used in each scenario are based on both historical and hypothetical events, as well as the LCR methodology. A significant fall in housing prices is used in the market-based and combined scenarios. A fall in housing prices would

reduce the issuance capacity for covered bonds and could in severe cases require the transfer of liquid assets to DNB Boligkreditt AS to secure necessary overcollateralisation within the cover pool. In the LCR scenario, the stress factors correspond to the requirements in the LCR delegated regulation. This scenario includes a prognosis of how many days of net outflows it takes for the LCR indicator to breach 100 per cent. All scenarios cover a time horizon of up to 12 months.

A reverse liquidity stress test is also carried out to assess which circumstances would lead to the bank's liquidity reserves being depleted within defined time horizons. The reverse stress test is based on the combined scenario. In addition to the assumptions in the combined scenario, there are various stressed additional incidents, like an inability to refinance covered bonds and an increase in withdrawals from customer deposits. These incidents are adapted to provoke situations where the liquidity buffer is exhausted at different time horizons, ranging from 30 to 180 days.

In addition to the stress test described above, additional stress tests are also used to assess liquidity needs related to collateral requirements. This includes any need to strengthen DNB Boligkreditt AS' cover pool in the event of a steep drop in housing prices, as well as collateral outflows related to changes in

3. Liquidity risk and asset and liability management

2. Capital management

Liquidity risk management and control

→ Stress testing of liquidity risk

2 CFR Section 252.145 – Liquidity risk-management requirements for foreign banking organisations with total consolidated assets of USD 250 billion or more and combined US assets of less than USD 100 billion.

the value of derivative contracts due to changes in underlying prices, rates and currency exchange rates. Read more in the chapter Counterparty credit risk.

DNB's liquidity stress tests are deemed to cover all requirements relating to liquidity risk in all countries in which DNB operates. This includes the principles and requirements of the Basel Committee and the US CFR

Section 252.145.2

Ratings

Credit ratings are forward looking and describe the issuer's creditworthiness. The credit rating represents the rating agencies' assessment of the issuer's capacity and willingness to meet financial obligations in full and on time. High credit ratings from recognised rating agencies are thus important for ensuring predictable and flexible access to funding.

The short-term credit rating is an expression of the probability of an issuer failing to meet its financial obligations in the current year, and of the expected financial loss resulting from non-fulfilment of the obligations. A long-term credit rating is an expression of the same but over a period of one year or more.

DNB Bank has a long-term credit rating for senior unsecured debt of AA- from S&P Global and Aa2 from Moody's. DNB Bank also has a short-term credit rating of A-1+ from S&P Global and P-1 from Moody's, both of which are the highest levels. DNB Boligkreditt has a credit rating of AAA from S&P and Aaa from Moody's. For more information, see ir.dnb.no/funding-and-rating/rating.

Rating DNB Bank ASA

Rating agency	Rating	Latest rating report	Latest rating action
S&P	Resolution Counterparty Rating: AA- (LT) Senior Preferred Rating (LT): AA Outlook: Stable Senior Non-Preferred: A Tier 2 (LT): A AT1 (LT): BBB Short term: A-1+	S&P rating report – October 2024	22 January 2019
Moody's	Counterparty Risk Rating (LT): Aa1 Outlook: Stable Senior Preferred Rating (LT): Aa2 Outlook: Stable Senior Non-Preferred Rating (LT): A2 Tier 2 (LT): A3 AT1 (LT): Baa2 Short term: P-1	Moody's rating report – October 2024	3 September 2024

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk 4.

5 Counterparty credit risk Developments in credit risk in 2024

6 Market risk Capital requirements for credit risk

7 Operational risk Overview of credit exposures

8 Climate risk Impairment and default

9 Appendix Internal measurement methods (IRB)

Risk and capital management Pillar 3 | 2023

DNB has a robust credit portfolio, with loans to private individuals and small and medium-sized enterprises in Norway accounting for about 60 per cent. Credit quality was generally stable through 2024, but geopolitical turmoil and an intensified trade war between the USA, the EU and China continues to pose risks for disruptions in global trade and supply chains, contributing to uncertainty. Costs for businesses and households continue to rise. Losses decreased in 2024 after a slight increase in 2023.

Definition

20244. Credit risk Credit risk is the risk of financial losses due to failure by the Group's customers to meet their payment obligations. Credit risk refers to all claims against customers, mainly loans, but also commitments in the form of other extended credit, guarantees, interest-bearing securities, unutilised credit lines, derivative trading and interbank deposits. Credit risk also includes concentration risk, which is risk associated with large exposures to a single customer or concentration within geographical areas or industries, as well as risks related to homogeneous customer groups.

Development in total credit portfolio1, EAD

NOK billion

Risk exposure amount NOK billion

970 (966)

Economic capital NOK billion

39.8 (37.2)

Impairments NOK billion (1.2) (-2.6)

(2023 figures)

3. Liquidity risk and asset and liability management

4. Credit risk

Risk and capital management Pillar 3 | 2024

Terms used in the discussion of credit risk

Nominal exposure is the aggregate credit exposure prior to impairments, collateral and conversion factors. It is the sum of the amount deducted and off-balance-sheet items such as unused lines of credit and guarantees. The term 'net exposures' reflects the corresponding amount adjusted for impairments.

Exposure at default (EAD) indicates how much of the allocated exposure is expected to be deducted in the event of a future default. EAD is the sum of the amount deducted and off-balance-sheet items multiplied by a conversion factor (CCF). The calculation of CCF assumes a downturn in the market and must be equal to or more conservative than the long-term average. EAD is reported as exposure before impairments.

Probability of default (PD) is the calculated probability that a customer will not be able to service their credit within the next 12 months. PD is calculated using statistical models on the basis of a combination of financial and non-financial factors. The PD forms the basis for DNB's risk classification of customers. Defaulted exposures are automatically assigned a PD of 100 per cent.

Loss given default (LGD) indicates how much the Group expects to lose if the customer defaults on their obligations, at the same time as there is a major downturn. The LGD calculation used in the IRB reporting must always be more conservative than the longterm average. The models consider the collateral associated with the exposure, future cash flow and other relevant factors.

Expected loss (EL) indicates the average annual expected losses over a business cycle, taking into account in the bank's IRB models. EL is calculated as PD x LGD x EAD. Under normal circumstances, this figure should be higher than the actual losses.

Expected Credit Loss (ECL) is calculated according to the IFRS9 financial reporting standard. ECL is calculated as PD x LGD x EAD, where both PD and LGD should correspond to the actual observed level, and projected values depend on the bank's view of future macroeconomic development. DNB's model for calculating expected credit losses is based on the IRB models. Conservative buffers and adjustments for cyclicality are removed so that the estimates are point-in-time.

In DNB's internal monitoring of credit risk, credit exposures are grouped based on calculated PD.

The breakdown is defined as follows:

→ Low risk: PD 0.01 0.75 per cent.
→ Medium risk: PD 0.75 3 per cent.
→ High risk: PD over 3 per cent, including defaulted exposures where PD=100 per cent.
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2024
Capital requirements for credit risk
Overview of credit exposures
Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios
Exposures under the standardised approach
Securitisation
Management and control of credit risk
Stress testing
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

Developments in credit risk in 2024

DNB's portfolio of loans and credit to customers amounted to NOK 2 522 billion, measured in EAD, at the end of 2024. Counterparty credit risk is included in these figures. The portfolio was almost evenly distributed between loans and credit to corporates and private individuals.

Credit quality was generally good, but there were still challenges for housing and cottage builders and for commodity trade in building materials, electronics and furniture. Car sales to private individuals in Norway, Sweden and Finland have fallen sharply, but the corporate market is holding up total volumes. Commercial real estate sales picked up in 2024 compared with 2023. The credit quality of the portfolio of loans to private individuals was good and unchanged.

Total impairments for the year ended at NOK 1.2 billion, which is a decrease from the previous year, and lower than normalised losses. The accumulated writedowns in stage 3 (non-performing loans) amounted to NOK 5.8 billion at year-end, down 0.7 billion from the previous year-end.

International financial markets remained volatile in 2024. The rise in prices for food and other consumer goods contributed to weak developments in household demand, but a strong labour market

Development in credit portfolio1, EAD

NOK billion

1 Excluding central banks, bonds and exposure in associated companies

2 Do not represent DNB's reporting segments

supported consumption. Price growth dropped somewhat at the end of the year.

The figure shows developments in the credit portfolio measured in EAD. The bank's credit portfolio increased by NOK 141 billion in 2024. Loans to small and medium-sized enterprises increased by 4.1 per cent, and loans to personal customers increased by 1.9 per

cent in 2024. Adjusted for exchange rate effects, large corporates and the international portfolio increased by 7.1 per cent, small and medium-sized enterprises increased by 3.7 per cent and personal customers increased by 1.7 per cent.

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2024
Capital requirements for credit risk
Overview of credit exposures
Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios

Risk and capital management Pillar 3 | 2024

Development in mortgages2, EAD NOK billion

2 Norwegian mortgage portfolio

Loan-to-value mortgages, granted volume

50 Per cent

2023 2024

Loans to private individuals

Loans to private individuals consist mainly of mortgages. DNB has low activity in the areas of credit card and consumer finance and places emphasis on responsibility and sustainability in its lending practices. The portfolio of car financing to private individuals is described under loans to corporates.

Norway has a very high proportion of privately owned dwellings. More than 80 per cent of the population owns their own dwelling, and dwellings are primarily financed by floating-rate mortgages. The housing market in Norway has experienced a sharp rise in prices in recent years. After several interest rate hikes and increased costs for households, growth slowed, ending at 6.4 per cent for 2024.

DNB's mortgage portfolio amounted to NOK 1 079 billion, measured in EAD, at the end of 2024 and mainly consists of mortgages and certificates of financing for homes in Norway. 89 per cent of the portfolio is reported using the IRB method. For the time being, the Sbanken portfolio is reported using the standardised method. Certificates of financing are also reported according to the standard method in addition to some smaller mortgage portfolios in Poland and Luxembourg, and the mortgage portfolio in Luminor, which is reported pro rata. The comments below relate to the Norwegian mortgage portfolio.

DNB's mortgage portfolio is of high quality. The proportion of defaulted mortgages was 0.4 per cent at the end of 2024, and 99 per cent of the loans were classified as low or medium risk based on the bank's own PD calculations. In the reporting of capital adequacy, a conservative addition to the PD calculation is required for the mortgage portfolio. Based on external PD values, 98 per cent of the portfolio was classified as low or medium risk. The proportion of loans with instalment deferral was at 24.7 per cent at the end of 2024, up 0.7 percentage points over the year.

78 per cent of the bank's mortgage portfolio is accounted for in DNB Boligkreditt and forms the basis for issuing covered bonds.

For the mortgage portfolio, the loan-to-value (LTV) ratio is calculated as the loan's share of the property's market value. Short-term intermediate financing is not included in the calculation. The market value of all mortgaged homes is updated every quarter. The loan-to-value ratio for DNB's Norwegian mortgage portfolio, was 56.8 per cent at the end of 2024 compared with 58.5 at the previous year-end. The chart on the lefthand side shows the mortgage portfolio broken down by object-oriented loan-to-value ratio.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2024
Capital requirements for credit risk
Overview of credit exposures

Risk and capital management Pillar 3 | 2024

The Norwegian Lending Regulations (Utlånsforskriften), which has previously been temporary and renewed every two years, was made permanent from 1 January 2025. The regulations apply to loans for mortgages, unsecured loans to consumers and loans to consumers secured by assets other than dwellings, such as loans secured by cars or boats. Financial institutions may grant loans that do not satisfy all the conditions in the regulations for up to 10 per cent of the value of total loans granted. For loans secured by collateral in dwellings in Oslo, the limit for deviations is set at a maximum of 8 per cent. DNB monitors lending practices closely to ensure compliance with the regulations in all parts of the bank.

Loans to corporates in Norway and internationally

DNB's corporate loans amounted to NOK 1 313 billion at the end of the year, measured in EAD and including counterparty credit risk. Of this, loans to Norwegian and Norwegian-owned companies amounted to NOK 753 billion, with NOK 560 billion in loans to international customers.

Commercial real estate

DNB's portfolio of loans to the real estate sector accounts for about 30 per cent of all corporate credit. The majority of the portfolio is incomegenerating properties, i.e. completed real estate projects where the loan is serviced by rental income.

Development in loans to the real estate sector, EAD

NOK billion

Other commercial real estate Leasing of shopping centres Leasing of office premises Leasing of hotels Leasing of warehouse/ logistics/combination Leasing of retail store facilities Leasing of residential property Housing cooperative financing Residential building loans

3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2024
Capital requirements for credit risk
Overview of credit exposures
Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios

Management and control of credit risk
Stress testing

Risk and capital management Pillar 3 | 2024

short-term loans for housing development projects, with a high degree of advance sales. The portfolio of commercial real estate loans is predominantly comprised of Norwegian customers. The credit quality of the portfolio of loans to office properties was stable throughout the year. The price level of the most attractive office properties in Oslo and other large Norwegian cities has been rising for many years, but fell through 2022 and 2023 as a result of rising interest rates and thus higher yield requirements. Due to expectations of a levelling off or decline in interest rates and the yield requirements, the market values have shown a stable development through 2024. Low vacancy rates and a small supply of new properties have contributed to this. So far, no lower demand for office property has been registered due to increased use of hybrid working methods. Within merchandise real estate, the shopping centre segment has shown positive development throughout the year. Merchandise real estate in connection with bulk retail ('big-box') has a somewhat higher risk as a result of being exposed to vulnerable industries that are still struggling, such as electronics, furniture and building materials. Some retail players have announced the closure of stores, which may lead to increased vacancy. The bank's risk exposure to commercial real estate used for retail trade purposes is limited and

developments are being monitored closely.

The residential property portfolio mainly involves

Seafood

The seafood portfolio accounted for 7.7 per cent of total corporate credit, measured in EAD, at the end of the year. Fish farming accounts for 80 per cent of the portfolio. In Norway, fish farmers have struggled with infestations of salmon lice, as well as other biological challenges throughout the year. This has contributed to weaker profitability despite somewhat reduced inflation and a reduction in feed costs. At the end of the year, 96 per cent of loans to the sector were classified as low or medium risk.

Power and renewables

At year-end, power and renewables accounted for approximately 8.8 per cent of total corporate credit, measured in EAD. The portfolio consists mainly of Nordic power production and distribution grids, as well as renewable power production in North and South America. High gas prices as a result of sanctions against Russia and the decommissioning of nuclear power in Sweden and Germany have led to very high and volatile electricity prices in the Nordic region also in 2024. The power industry experienced high margins also in 2024. At year-end, 97 per cent of loans to the sector were classified as low or medium risk.

Oil, gas and offshore

The portfolio related to oil, gas and offshore accounted for 5.9 per cent of the total corporate portfolio at the end of the year. The credit quality has developed positively because of high oil and gas prices. The combination of increased attention to energy security and rising earnings through 2024 provides a more positive outlook than it has been for several years. At the end of 2024, 94.3 per cent of the oil and gas portfolio was classified as low or medium risk, as measured in EAD. For the offshore portfolio, the share of low and medium risk was 86 per cent.

Retail trade

At the end of the year, the bank's exposure to retail trade amounted to approximately 4.9 per cent of total exposure to corporate customers, measured in EAD. Overall, retail trade experienced weak development through 2024. Building materials was the sub-segment with the weakest development during the year. Furniture and consumer electronics also had a negative volume development, while sports equipment showed some improvement.

Car financing

DNB's portfolio of loans for passenger cars (for both businesses and private individuals) amounted to NOK 110 billion of which NOK 64 billion to private individuals, measured in EAD, at the end of the year. 2024 was also marked by reduced profitability and low new car sales. The focus for the industry in 2024 has been to reduce costs combined with tight inventory control. A stable sale of used cars

3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2024
→ Capital requirements for credit risk

Risk and capital management Pillar 3 | 2024

to the retail market, together with service and parts sales, have contributed positively to the industry. At the end of 2024, 87 per cent of the portfolio was classified as low or medium risk.

Capital requirements for credit risk

The total risk exposure amount (REA) for credit risk, including counterparty credit risk, was NOK 970 billion for the DNB Group at the end of 2024, NOK 3.2 billion higher than the year before. The table on the next page shows the specification of REA for credit risk.

The figure on the right-hand side shows changes in REA for the credit portfolio distributed among the most substantial portfolios. The REA for the IRB portfolio increased by NOK 16 billion. This is due to growth in both the corporate portfolio and mortgages. See a more detailed analysis of development in the IRB portfolio in the sub-chapter Internal measurement methods (IRB).

The REA for portfolios reported according to the standardised method amounted to NOK 308 billion, of which NOK 44 billion is mortgages.

Development in risk exposure amount (REA) for credit risk

NOK billion

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

Developments in credit risk in 2024
→ Capital requirements for credit risk
Overview of credit exposures
Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios
Exposures under the standardised approach
Securitisation
Management and control of credit risk
Stress testing
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

Specification of risk exposure amounts (REA) for credit risk

NOK million	Original exposure	EAD	Average risk weight	Risk exposure amount 2024	Risk exposure amount 2023
IRB approach
Specialised Lending (SL)	38 422	33 766	43 %	14 389	2 349
Small and medium enterprises (SME)	216 910	198 833	40 %	80 065	92 035
Other corporates	1 095 555	859 840	39 %	336 508	329 522
Retail, secured by real estate property	963 233	963 233	22 %	210 447	201 714
Other retail	81 666	67 613	30 %	20 598	20 631
Total credit risk, IRB approach	2 395 786	2 123 287	31 %	662 007	646 251
Standardised approach
Central governments or central banks	273 529	273 235	0 %	102	86
Regional governments or local authorities	59 740	52 494	1 %	666	727
Public sector entities	107 562	105 555	0 %	17	14
Multilateral developments banks	64 659	65 678	0 %	0	594
International organisations	724	724	0 %	0
Institutions	93 238	57 569	30 %	17 175	18 679
Corporates	167 074	150 951	65 %	97 962	114 560
Retail	185 082	81 824	75 %	61 110	50 659
Secured by mortgages on immovable property	116 572	108 572	41 %	43 997	53 842
Exposures in default	4 564	3 462	135 %	4 676	4 061
Items associated with particularly high risk	764	757	150 %	1 135	1 099
Covered bonds	59 015	59 015	10 %	5 902	5 401
Claims in the form of CIU	3 302	3 302	26 %	864	568
Equity exposures	24 192	24 191	237 %	57 256	53 586
Other items	30 065	30 065	56 %	16 735	16 233
Total credit risk, standardised approach	1 190 081	1 017 395	30 %	307 597	320 109
Total credit risk	3 585 867	3 140 682	31 %	969 604	966 360

3. Liquidity risk and asset and liability management

4. Credit risk

→ Capital requirements for credit risk

Risk and capital management Pillar 3 | 2024

Definition of default

DNB's definition of default is in line with the updated EBA guidelines published in 2016. The definition of default under IFRS 9 is fully in line with the regulatory definition of default. The application of the definition of default is different for corporate and personal customers.

Corporate customers

There is qualified payment default if an engagement exceeding NOK 2 000 and more than 1 per cent of the borrower's total exposure with DNB has lapsed by more than 90 days.

Expected default on payment exists if it is unlikely that the borrower will pay what they owe DNB without having to implement measures, such as the realisation of collateral, to finance the payment. Whether there is an expected default on payment depends on an assessment of the probability of future payment default. There is a wide range of circumstances that may be relevant to consider. Expected defaults can be caused by indicators that are absolute, such as:

→ bankruptcy proceedings
→ sale of loans with a discount of more than 5 per cent related to credit risk
→ forced restructuring where debt is expected to be reduced by more than 1 per cent

Furthermore, several indicators should be considered when determining whether expected defaults have occurred.

These indicators are not absolute. Examples of this include:

→ expected failure to service all financial obligations, including refinancing risks
→ violation of financial clauses
→ deterioration in the ratio of loan to income
→ sale of collateral that weakens the bank's creditor position

If a default occurs, all obligations that the customer has in DNB will be deemed to be in default. Contagion can also occur between financially dependent borrowers where one customer's financing or payment difficulties are also likely to lead to payment difficulties for one or more other customers.

If specific criteria are met, a customer can exit default status and return to being a healthy borrower after a 3- or 12-month return-to-non-default period. The 12-month return-tonon-default period is for customers who exit default after forced restructuring.

Personal customers

For personal customers, a qualified payment default exists if a commitment exceeding NOK 1 000 and more than 1 per cent of the defaulted amount under the agreement with DNB is overdue by more than 90 days.

The absolute requirements for expected defaults for personal customers are similar to those for corporate customers. Other indicators of expected default include a reduction in the customer's income, for example due to unemployment, a significant increase in LTV ratio, or a situation where the guarantor or co-borrower is in a bankruptcy or debt settlement process.

For personal customers, defaults apply at the agreement level. Therefore, in principle, there will be no contagion between agreements belonging to the same borrower. An important exception to this rule is contagion between instruments within the same product category, for example between two mortgages to the same borrower. If there is also a default related to one or more agreements totalling at least 20 per cent of the customer's total exposure with DNB, all agreements with the bank will be deemed to be in default.

If specific criteria are met, a customer can exit default status and return to being a healthy borrower after a 3- or 12-month return-to-non-default period. The 12-month returnto-non-default period is for customers who exit default after debt settlement has been completed.

Definition of past due exposures

Past due exposures are overdue amounts on loans and overdrafts on credit, assuming a deterioration of customer solvency or unwillingness to pay.

Financial assets qualify as past due when any amount of principal, interest or fee has not been paid at the date it was due. Past due loans and overdrafts on credit lines are monitored on an ongoing basis.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Overview of credit exposures

Risk and capital management Pillar 3 | 2024

Overview of credit exposures Exposures by segment, industry and country Gross carrying amount and maximum exposure amounted to NOK 3 743 billion at the end of 2024. The figures show exposure by segment and country.

Loans and credit to personal customers accounted for 38 per cent of exposure. Loans to corporate customers accounted for 39 per cent. Exposures with governments and central banks, equity positions and other assets are included in the graph as 'other'. The credit portfolio is mainly linked to Norway or Norwegian customers. The Norwegian-related portfolio accounted for 60 per cent at the end of 2024. See additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)' for more information.

Gross carrying amount, split by segments, 31 December 2024

Gross carrying amount, split by country, 31 December 2024

Per cent

Forborne exposures

Forborne exposures are defined as credit exposures where the loan terms have been changed as a result of the customer having had financial problems.

Forborne exposures include both defaulted and non-defaulted exposures. The objective of forbearance is to assist the customer through a financially challenging period. It is a prerequisite that customers must be expected to be able to meet their obligations at a later date.

The most common forms of forbearance are:

→ changing the term of the loan
→ refinancing
→ debt remission, including remission of overdue interest payments
→ deferment of overdue interest payments

Forbearance is an element of DNB's strategy for limiting losses. Procedures for handling these exposures have been incorporated in the credit process. DNB has operative guidelines describing how business units should identify, analyse and approve forbearance cases. Developments in the volume of forborne exposures are reported quarterly to the Board.

For more information see Note G4 Credit risk management in DNB's annual report.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Impairment and default

Risk and capital management Pillar 3 | 2024

Impairment and default

When calculating expected credit losses, all credit exposures are divided into three groups:

→ Stage 1: Includes exposures that have not had a significant increase in credit risk since the agreement was entered into. According to IFRS 9, an expected credit loss must be calculated for the next 12 months.
→ Stage 2: Includes exposures with significant negative development in lifetime PD compared to lifetime PD upon entering into the agreement. In addition, it includes loans with PD between 5 and 40 per cent, exposures with forbearance, and personal customers with payments that are between 30–60 days overdue. For these, an expected credit loss is calculated over the entire life of the agreement.
→ Stage 3: Includes defaulted loans. Like stage 2, stage 3 will calculate the expected credit loss without any time limitation. For customers in default (stage 3), PD is set to 100 per cent.

For the exposures in stages 1 and 2, expected losses are estimated using DNB's Expected Credit Loss (ECL) model, which is based on internal models for EAD, PD, and LGD, and on forecasts for future economic developments.

The stage 3 ECL impairment is calculated as the difference between the carrying value and the present value of estimated future cash flows discounted by the original effective interest rate. The estimated future cash flows are based on developments in the customer's exposure, the value of collateral, experience with the customer, the likely outcome of negotiations and expected macroeconomic developments that will affect the customer's expected cash flow. If the exposure is collateralised, the value of the collateral is included in the estimated future cash flows regardless of whether foreclosure is probable or not.

ECL for stage 3 credit exposures for customers with exposures of more than NOK 50 million is calculated as probability-weighted ECL from considered scenarios. The scenarios should represent the actual opportunities for a customer in financial difficulty.

The rule is that three different scenarios should be considered.

→ Going concern: What is the probability of a development where all debt is repaid without concessions in the form of debt conversion or writeoffs? The ECL in this scenario is zero.
→ Restructuring: What is the likelihood of a development where the customer must restructure its capital structure to maintain going concern, and what will ECL be for DNB in such a restructuring?

→ Liquidation: What is the probability of a development where a company is liquidated through bankruptcy, orderly liquidation etc., and what is the ECL for DNB in this scenario?

The ECL for each scenario, and the probability of each scenario occurring, will depend on both market conditions and customer-specific factors. The sum of the scenarios must always be 100 per cent. If a scenario is highly unlikely, the probability can be set to zero.

The ECL in a restructuring scenario will depend on the discounted present value of the customer's expected future cash flows, as well as the expected level of debt that can be agreed with the stakeholders in a restructuring. The ECL in a liquidation scenario will depend on the expected realisation value of collateral on the sale of assets – for example, as part of a bankruptcy or orderly liquidation.

The ECL in stage 3 is calculated for corporate customers with loans below NOK 50 million using the bank's ECL model. The model is based on the probability that a loan will be 'recovered', expressed as Cure Rate (CR), and an estimated loss given that the loan remains in default, expressed as Loss Given Loss (LGL). Both CR and LGL take into account customer- and agreement-specific information, as well as a forward-looking component similar to the methodology for customers in stages 1 and 2.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Impairment and default

Risk and capital management Pillar 3 | 2024

For private individuals with loans of more than NOK 5 million as defaults, an individual assessment of collateral and debt-servicing capacity is carried out to determine the ECL. For private individuals with loans of less than NOK 5 million, a portfolio approach is used to calculate ECL in stage 3. The estimate is calculated using a discounted expected collateral value that provides expected recovery rates for a representative sample of customers in default. The expected recovery rates are then applied to customers with similar characteristics to the customers in the sample. When a customer is in the 3- or 12-month return-tonon-default period, the customer will continue to be presented in stage 3, but with stage 2 lifetime ECL from the ECL model.

Impairment of loans and financial instruments

Net impairments are the sum of all impairments in the period, minus all reversals made in the same period. The figure shows developments in net impairments in 2024.

The figure on the right-hand side shows developments in accumulated write-downs of loans to customers at amortised costs and financial exposures from the end of 2023 to the end of 2024. Accumulated impairments amounted to NOK 8.8 billion at year-end, a reduction of NOK 700 million from 2023. The change in accumulated impairments includes provisions due to the origination of new financial instruments during the

Net defaulted exposures 0 5 10 15 20 25 30 NOK billion

Oil, gas and offshore Personal customers Retail industries Commercial Real estate

Personal customers Corporate customers

1Q 2024 2Q 2024 3Q 2024 4Q 2024

2023 2024 Shipping Power and renewables Manufacturing Other sectors

Development in accumulated impairment of loans and financial commitments

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

Developments in credit risk in 2024
Capital requirements for credit risk
Overview of credit exposures
→ Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios
Exposures under the standardised approach
Securitisation
Management and control of credit risk
Stress testing
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

period. The figure also shows increases and decreases in expected credit loss resulting from changes in input parameters and assumptions, including macro forecasts, as well as the effect of partial repayments on existing facilities and the unwinding of the time value of discounts due to the passage of time. Further, the table includes write-offs, changes in provisions due to the derecognition of financial instruments during the period and exchange rate effects.

Non-performing exposures

Net non-performing exposures fell by NOK 1.7 billion in 2024 and amounted to NOK 21.5 billion at the end of the year. 26 per cent of DNB's non-performing exposures are in the retail segment. The nonperforming volume in this segment increased by NOK 0.9 billion in 2024 and amounted to NOK 5.5 billion. This corresponds to 0.5 per cent of the total exposure in this segment compared to 0.43 per cent in 2023. DNB's non-performing exposures in oil, gas and offshore amounted to NOK 2.3 billion in 2024. This is a reduction of NOK 2.6 billion from 2023. The positive development in credit quality is a result of higher oil and gas prices and completed restructurings.

The figure on the previous page shows the distribution of net non-performing exposures by industry. More detailed information can be found in the additional Pillar 3 disclosures 'Risk and capital management – Pillar 3 attachment (Excel)'.

Historical development of impairment of financial instruments

The figure shows the net annual impairments as a proportion of lending for the period 1957–2024. From 1992, net impairments are also broken down between personal and corporate customers, excluding the public sector and credit institutions. The period from 1987 to 1993 is referred to as the Norwegian banking crisis and stands out from other years. Other years that stand

out are 2009, when the financial crisis led to increased impairments, inter alia linked to Baltic operations, and 2016 when DNB was compelled to record substantial impairment in the oil-related portfolio. The coronavirus pandemic did not affect the impairments in 2020 to any great extent. The increase in 2020 was due to further impairments in the offshore portfolio, while 2021, 2022, 2023 and 2024 were normal, with low impairments.

3. Liquidity risk and asset and liability management

4. Credit risk

Overview of credit exposures Impairment and default

→ Internal measurement methods (IRB)

Risk and capital management Pillar 3 | 2024

Internal measurement methods (IRB) DNB has used internal credit risk models since 1995. The calculations from models approved for measuring credit risk in the capital adequacy are integrated into the bank's internal management tools.

In the internal monitoring of credit risk, internal models are used to calculate CCF (EAD), PD and LGD for all credit exposures, regardless of whether they are approved for calculating capital requirements. The risk parameters that DNB uses to measure risk in the large corporates and mortgage portfolios are different from those that have been approved for calculating capital adequacy according to the advanced IRB approach. The approved models have mandatory mechanisms

Reporting methods for credit portfolios in DNB

Exposure class	Main reporting methods
Corporate and Specialised Lending (SL)	A-IRB
Retail, mortgage loans	IRB
Retail, other exposures	IRB
Governments and central banks	Standardised approach
Institutions	Standardised approach
Equity positions and other assets	Standardised approach

that ensure more stable capital adequacy requirements over time and are more conservative in their calibration levels. More risk-sensitive risk models are preferable for internal management purposes.

DNB uses the Advanced IRB (A-IRB) approach for its corporate portfolio. The personal customer portfolios are reported according to the IRB method, as there is no distinction between A-IRB and F-IRB for loans to personal customers. Some portfolios in subsidiaries or specific segments are exempted. The table shows the reporting methods used for the different credit portfolios in DNB, distributed among exposure classes. Reporting methods will change with the introduction of CRR III.

The purpose of the IRB system is to ensure sound risk management. This calls for high quality and transparency throughout the value chain. The Board of Directors assesses the need for capital on the basis of risk measurements and an overall evaluation of operating parameters and business and strategic targets.

The models are regularly monitored by the model owner, and the independent entity responsible for model risk conducts annual validations of the IRB models. Regular controls of model use are carried out through the Credit Risk Review Institute. Furthermore, periodic theme-based self-assessments of the most important parts of the IRB value chain are carried out. Group Audit prepares an annual report with an assessment of whether the IRB system in DNB meets external requirements.

The areas of application for the IRB models are:

→ capital adequacy calculations
→ decision-support in the credit process
→ limits in the risk appetite framework and credit strategies
→ risk measurement and ongoing reporting
→ pricing of credit risk
→ measuring portfolio profitability
→ basis for models applied in stress testing and calculation of expected credit loss

3. Liquidity risk and asset and liability management

4. Credit risk

Overview of credit exposures Impairment and default

→ Internal measurement methods (IRB)

Risk and capital management Pillar 3 | 2024

Models used in IRB reporting

An overview of the IRB models used, with comments where the models have been adjusted to meet requirements from Finanstilsynet, is shown in the additional Excel disclosure to this report.

In 2020, DNB applied for approval for a new PD model for residential mortgages. In December 2024, Finanstilsynet granted permission to use the new PD model, and DNB will therefore use this from the first quarter of 2025 for capital adequacy calculations.

In order to comply with the new regulation of the definition of default, effective from 1 January 2021, new calibration levels were calculated for the IRB models. Calibration levels were calculated in accordance with new EBA estimation guidelines that were also in effect from 1 January 2021. An application to use the new calibration levels was submitted to Finanstilsynet in March 2021.

In December 2022, DNB submitted an application to expand the application of the retail mortgage models and for permission to report Sbanken's retail mortgage portfolio using the IRB method.

DNB applied for approval of new models for object financing and unsecured credit in 2023. An application for approval of a new LGD model for object financing for personal and corporate customers in Norway and Sweden was submitted in March 2023. The model has been implemented as a complementary model in internal risk management until Finanstilsynet gives its formal approval for use in capital adequacy calculations. An application for approval of new PD and LGD models for unsecured credit for private individuals was submitted in May 2023.

Special requirements for DNB's IRB models

Corporates: Finanstilsynet has stipulated that the PD level in the large corporates portfolio must be relatively stable, irrespective of economic conditions, in order to avoid large variation in the capital requirement. In addition, a floor has been set for certain LGD models, which makes the models more conservative than warranted on a statistical basis.

Mortgages: Finanstilsynet has set requirements for PD and LGD in the mortgage portfolio. There is a minimum PD requirement of 0.2 per cent for all credit agreements. In addition, LGD should not be lower than 20 per cent at the portfolio level. As a result of these requirements, the risk weights for the mortgage portfolio are higher than they would have been if they had been based on unbiased estimated PD and LGD. These requirements will change with the introduction of CRR III.

Risk classification

DNB divides the healthy credit portfolio into ten risk classes based on the exposures' probability of default, PD. See the table below. Exposures that are in default are assigned a PD of 100 per cent.

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

Developments in credit risk in 2024
Capital requirements for credit risk
Overview of credit exposures Impairment and default
→ Internal measurement methods (IRB)
Exposures in the IRB portfolios
Exposures under the standardised approach
Securitisation
Management and control of credit risk
Stress testing
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
9. Appendix

Risk and capital management Pillar 3 | 2024

DNB's credit risk classification

Probability of default (per cent)				External rating
Risk grade	Risk classification	As from	Up to	Moody's	S&P Global
1		0.01	0.10	Aaa - A3	AAA - A÷
2		0.10	0.25	Baa1 - Baa2	BBB+ - BBB
3	Low risk	0.25	0.50	Baa3	BBB÷
4		0.50	0.75	Ba1	BB+
5		0.75	1.25	Ba2	BB
6	Medium risk	1.25	2.00
7		2.00	3.00	Ba3	BB÷
8		3.00	5.00	B1	B+
9	High risk	5.00	8.00	B2	B
10		8.00	Impaired*	B3, Caa/C	B÷, CCC/C

DNB's risk classification system, where 1 represents the lowest risk and 10 the highest risk.

* PD in risk grade 10 goes to maximum 40 per cent

IRB model validation

Independent validation is a key control function of DNB's IRB system. It is carried out by Model Risk Management, an entity that is independent of the entities in charge of the model development process and the establishment and renewal of loans.

New IRB models and material changes to existing models are subject to initial validation, while existing IRB models are validated annually. The validation results provide a basis for assessing the performance of the Group's IRB models consistently and meaningfully. Riskmitigating actions are recommended in cases where the validation results indicate a need for improvement. The CRO decides on the actions to be taken. The results of this work are presented at least annually to DNB's Board of Directors.

Models are assessed based on six risk elements: design and development, input data, implementation, model use, performance and governance. Each element is assessed for each model using qualitative and quantitative methods. Validation of governance is a qualitative analysis that provides an assessment of whether the governance of the models is consistent and sound throughout the model's life cycle.

The assessment of the model's performance consists largely of quantitative analyses, with a particular focus on the ranking of borrowers' creditworthiness (discriminatory power) and estimation of the level of risk parameters (calibration). A PD model with good discriminatory power can largely distinguish between customers who will default on their loan obligations and those who will not. An LGD model should be able to predict which non-performing credit exposures will result in relatively large and small losses. Validation of the calibration level provides an assessment of whether the risk parameters have been established at the appropriate level. Discrepancies between predicted and observed levels are expected. Whether the deviations are acceptable depends on the risk parameter and the part of the business cycle in which the deviations occur. Since the LGD level should correspond to the loss severity during an economic downturn, the loss level observed during a normal period should be lower than the LGD estimate. The same applies to EAD.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Exposures in the IRB portfolios

Risk and capital management Pillar 3 | 2024

Exposures in the IRB portfolios

The proportion of DNB's credit portfolio reported under the IRB method amounted to NOK 2 123 billion, measured in EAD, at the end of 2024. The figure shows the IRB portfolio, including counterparty credit risk by exposure category. EAD increased by 7.8 per cent in 2024. Exchange rate fluctuations contributed to a fourth of the increase in the IRB portfolio's EAD, mainly related to NOK versus USD and EUR. Counterparty credit risk accounts for 1.1 per cent of the IRB portfolios EAD and 0.5 per cent in REA.

The credit quality was generally strong throughout the year, but especially for small and mediumsized enterprises, the risk weight increased for the performing portfolio. On the other hand, customers moving from the non-performing to the performing portfolio contribute to decreasing the risk weight in both the large corporate segment and for small and medium-sized enterprises. An increased volume that qualifies for the SME Supporting Factor (SSF) also contributed to improved effective risk weight throughout the year.

The implementation of CRR II in 2023 introduced the Infrastructure Supporting Factor (ISF) for exposures that have the specific purpose of funding essential public infrastructure. This was implemented in DNB in the first quarter of 2024.

Exposure classes in the IRB portfolio, EAD, 31 December 2024

Per cent

Development in Risk Exposure Amount for the IRB portfolio

NOK billion

3. Liquidity risk and asset and liability management

4. Credit risk

→ Exposures under the standardised approach

Risk and capital management Pillar 3 | 2024

Exposures under the standardised approach

About 30 per cent of the Group's credit portfolio measured in EAD was reported according to the standardised approach at the end of 2024. Key figures for the portfolios reported according to the standardised approach are presented in the section on capital requirements for credit risk.

Finanstilsynet has granted DNB permission from to use the standardised approach to calculate risk exposure amounts (REA) for governments and central banks and for equity positions. Sbanken, subsidiaries in Poland and Luxembourg and associated companies calculate REA according to the standardised approach. Other portfolios that are reported according to the standardised approach are exposures to institutions, factoring and housing cooperatives in Norway. In addition, the approach is used when DNB does not have sufficient data to calculate REA according to the IRB approach.

DNB's exposures calculated according to the standardised approach are allocated to 15 different exposure classes.

→ governments and central banks
→ regional governments and local authorities
→ public sector entities
→ multilateral development banks
→ international organisations
→ institutions (banks, credit institutions, investment firms)
→ corporates (non-financial and financial companies, insurance companies, housing cooperatives)
→ retail (private individuals)
→ secured by mortgages on immovable property
→ exposures in default (exposures overdue for 90 days)
→ high risk
→ covered bonds
→ mutual funds, collective investment undertakings (exposures in the form of units or shares in CIUs)
→ equity exposures (holdings of shares and other equity instruments not in the trading book)
→ other exposures (prepaid expenses, cash in hand, deferred tax assets etc.).

Exposure classes in the standardised portfolio, EAD, 31 December 2024

Per cent

According to the regulation, either the rating from an export credit agency or, where not available, the country rating from eligible credit assessment agencies such as Moody's, S&P Global and Fitch can be used to determine the risk weight for exposures to central governments, central banks and institutions.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Securitisation

Risk and capital management Pillar 3 | 2024

Securitisation

Securitisation transactions support the Originate-and-Distribute (OAD) business model in DNB by unlocking regulatory capital through reducing credit risk for DNB. DNB has acted as the originator on one synthetic securitisation transaction. Although the complete regulatory framework has not formally entered into force in Norway, the transaction was structured in line with the Simple, Transparent and Standardised (STS) framework in the Securitisation Regulation. The transaction unlocks capital for green projects while transferring credit risk to a third party. DNB does not engage in re-securitisation activities or invest in securitisation transactions originated by third parties.

Risk management and retention

DNB's exposure to risk in securitisation activities is limited to the positions retained in transactions it has originated.

→ Senior tranches: The bank retains the senior tranche, which represents a low-risk position due to its credit enhancement.
→ Junior tranches: The bank retains the junior tranche and a synthetic excess spread, which bears the firstloss risk.

DNB applies the CRR for calculating risk-weighted exposure amounts for its securitisation positions. The senior and junior tranches are assessed in accordance with the capital requirements for STS securitisations under the CRR framework.

DNB does not have exposure to third-party SSPEs used in securitisation transactions, nor provided support to any legal entities in connection with securitisation activities, as outlined in Chapter 5, Title II, Part Three of the CRR.

No legal entities affiliated with DNB invest in securitisation positions originated by the bank or issued by the SSPE associated with the bank's securitisation activities. The securitised exposures and retained tranches are accounted for in accordance with DNB's general accounting policies. The relevant transaction is reported as a synthetic on-balance-sheet transaction and follows accounting recognition rules specific to guarantees. DNB does not engage in re-securitisation activities.

DNB does not rely on external credit ratings from External Credit Assessment Institutions (ECAIs) for its securitisation transactions. Securitisations are monitored according to DNB's relevant Group instructions. The transactions necessitate close collaboration and alignment across multiple departments within the bank. Milestones and decisions are reviewed and approved by the Asset and Liability Committee (ALCO), ensuring that the transaction is fully aligned with the bank's strategic objectives and meets all regulatory and risk management standards. Continuous risk monitoring and alignment with the bank's risk management framework, stress testing and performance evaluations will be carried out throughout the lifecycle of each transaction. The bank remains fully committed to overseeing the servicing, management and collection of the securitised loans, ensuring efficient oversight and maintaining robust operational control.

See more in the Excel attachment.

Liquidity risk and asset and liability management

4. Credit risk

→ Management and control of credit risk

Risk and capital management Pillar 3 | 2024

Management and control of credit risk

The risk appetite defines maximum limits for credit exposure. Limits have been set for annual growth, risk concentrations and credit quality. There is an upper limit for growth, measured in terms of EAD, for each customer segment. To limit concentration risk, there are limits for risk exposure related to individual customers and industry segments. The limits for credit quality are designed as limits for Expected Credit Loss (ECL) and apply to all types of credit risk. ECL is measured using internal credit risk models and forward-looking macroeconomic assumptions.

In addition to the principle of risk appetite, there are credit strategies for the individual customer segments. Risk should be an integral part of the governance and remuneration system through indicators that operationalise risk limits and strategies, and are followed up by managers individually. To read more about risk appetite, see the chapter Risk management and control.

Decision-making processes and authorisations

Group Risk Management is responsible for checking and monitoring the quality of credit portfolios and the effectiveness of the credit process. Group Credit Management is part of Group Risk Management and is responsible for establishing the framework for the credit process and for credit management in all business areas.

Credit decisions in DNB

4 The Chief Risk Officer (CRO) is the head of the Group Credit Committee (GCC).

3. Liquidity risk and asset and liability management

4. Credit risk

→ Management and control of credit risk

Risk and capital management Pillar 3 | 2024

Each business area is responsible for managing its own credit activities and portfolios within the confines of the risk appetite limits and credit strategies. To ensure effective, high-quality decisions, DNB has established multiple levels of credit approval authorisations, see the figure. The levels are based on the size, complexity of the credit, the required expertise and the risk involved.

All extension of credit is based on the 'four eyes' principle. This means that one person makes a decision based on the recommendation of another person. In cases where the requested credit exceeds a specific level, the decision must be endorsed by a credit officer in Group Credit Management. For the smallest amounts of credit in the corporate segment, however, automated risk classification can replace one of the 'pairs of eyes'.

In the personal banking market, credit applications should, as a rule, be processed using automated measurement and decision-support systems. Applications from low-risk personal customers with good debt-servicing capacity and a moderate debt/ asset ratio are approved digitally. The process automatically collects data on income, debt and assets, as well as updated information about the value of the collateral in connection with refinancing existing loans and issuing pre-qualification letters.

If the customer has not proven a satisfactory debtservicing capacity, credit should normally not be granted even if the collateral is satisfactory. The customer's debt-servicing capacity is determined based on future cash flows. The main sources of these cash flows are income from business operations for corporate customers and wage income for personal customers. In addition, the extent to which realisation of the collateral will cover the bank's exposure in the event of default, and any reductions in future cash flows, are taken into account.

All corporate customers with credit exposures must be risk-classified for each approval of a material amount, and at least once a year. The risk classification should reflect the long-term risk related to the customer and the exposure. See the text box Watchlist.

Management of the risk classification system is organisationally independent of operational activity and is handled by Group Risk Management. The risk classification models are designed to cover portfolios of exposures. If a model is considered to provide a substantially incorrect classification for a single exposure, the model-generated classification may, in exceptional cases, be manually overridden. Overrides must be satisfactorily justified and made only after an assessment by an independent entity. Risk classifications of exposures to personal customers are never overridden. For more information, see the

description of the classification system in the section on credit models and risk classification.

Authorisations

All credit approval and endorsement authorisations are personal. The exception is the Board of Directors, which approves credit proposals as a collegiate body. The Board decides on credit applications of an extraordinary nature. These are primarily credit applications corresponding to more than 10 per cent of the bank's Tier 1 capital.

The Board has delegated credit approval authorisation to the Group Chief Executive Officer (CEO). The CEO has further delegated this authorisation to the business areas and Group Risk Management. These authorisations are exercised in a decision-making system where the business area approves the application and Group Credit Management endorses decisions up to the Board level on behalf of Group Risk Management.

A credit decision must be brought before a higher decision-making body if the decision-maker is in doubt as to whether the credit is within their own authority. The same applies if the case is unusual or raises ethical or reputational issues. For new clients that present a high sustainability risk, a decision must be made at the highest level below the Board level. Read more about management and control of sustainability risk in the chapter Sustainability risk.

3. Liquidity risk and asset and liability management

4. Credit risk

Developments in credit risk in 2024 Capital requirements for

credit risk

→ Management and control of credit risk

Risk and capital management Pillar 3 | 2024

Collateral and other risk-mitigating measures

Collateral is used to mitigate credit risk. Collateral primarily consists of physical assets such as homes, commercial properties or vessels, or in the form of guarantees, cash deposits, netting agreements or credit insurance. As a rule, physical assets must be insured. In addition, the bank uses negative pledge clauses, which prohibit customers from pledging assets to other lenders. The value of collateral assets is assessed continuously during the term of the credit and haircuts are applied to most collateral categories. For larger/complex pledged objects, specialist environments in the bank may be consulted. In the large corporates segment, the bank's relative position as a pledgee must be considered. DNB has internal guidelines and procedures for the valuation of real estate as collateral for loans, including the use of statistical models and valuations made by independent external parties or internal appraisers.

Guarantors are largely private individuals, businesses, governments, municipalities, export credit agencies and banks. The value of a guarantee depends on the guarantor's debt-servicing capacity and financial wealth and is assessed individually. In cases where the bank is given a guarantee by a company, the value of the guarantee will fluctuate along with the company's financial performance and financial strength. A guarantee provided by a private limited company could be subject to the restrictions on the

pledging of collateral by a private limited company stipulated in the Norwegian Private Limited Liability Companies Act.

DNB has credit committees at multiple levels. These credit committees work in an advisory capacity, providing assistance to the extender in the relevant business area and to the endorser in the independent risk organisation. There is a hierarchy of committees, where the Group Credit Committee (GCC), headed by the Chief Risk Officer (CRO), considers cases that are of interest to more than one business area.

Credit risk review

Through Credit Risk Review (CRR), DNB has an independent second-line function that controls compliance with Group Instructions for Credit Activities, Group Instructions for Sustainability in DNB's Credit Activities, credit strategies and DNB's Credit Manual. The results from the CRR is reported directly to CRO as well as to the manager of the relevant unit. CRR involves performing controls in all of the bank's credit areas. One of the elements of CRR is a Model Input Review (MIR), which aims to ensure the correct and consistent application of IRB models that include subjective input. CRR findings, including MIR findings, are used to implement improvement measures in daily credit work and for training purposes.

Credit risk reporting

The economic capital required to cover credit risk is calculated for all credit agreements and forms the basis for evaluating the profitability of the agreements. The calculation is based on the risk parameters in the internal credit models and considers factors such as industry concentration, geographic concentration, particularly volatile segments and large individual exposures.

Exposure relative to the limits set in the risk appetite framework is reported to Group Management each month. If limits are exceeded, a report is sent to the Board of Directors to inform them of the cause, together with an action plan. The Group's quarterly risk report to the Board of Directors provides an extensive description of the risk appetite status and other developments in the credit risk situation. Group Risk Management has established an independent secondline function that conducts reporting and analysis of credit risk, including the follow-up of risk appetite. In the internal monitoring of credit risk, all portfolios are measured and reported using internal models, irrespective of whether or not the internal models have been approved for use in capital adequacy calculations.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Stress testing
5. Counterparty credit risk

Management and control of counterparty credit risk

Risk and capital management Pillar 3 | 2024

Watchlist

DNB continually updates lists of exposures that need to be monitored extra carefully. The objective is to identify customers who require close monitoring so as to implement the necessary improvement measures or terminate the customer relationship while the customer still has financial control, in addition to taking the necessary measures to prevent or reduce losses.

An exposure will be put on a watchlist for special monitoring in case of breach of financial covenants or when the customer has been granted grace periods on principal payments or other payment relief due to liquidity problems (forbearance). In addition, exposures with the following characteristics are considered as candidates for the watchlist:

→ Customers classified as high risk.
→ Customers whose financial situation has deteriorated, for instance due to a material reduction in income, the loss of important business areas, material changes to operating parameters or the loss of key personnel.

When a customer is placed on a watchlist, a new risk assessment is performed, the collateral is reviewed and an action plan is prepared for the customer relationship. If anticipated default is considered a likely option, an assessment is performed to determine whether this calls for impairment of the exposure. See the section on impairment and default earlier in this chapter. For more information about exposures with payment relief see the text box Forborne exposures.

Stress testing

DNB's credit portfolios are subjected to a variety of stress tests, both at an overall level and for specific portfolios. The stress tests are used to gauge vulnerability to losses resulting from either loss of income or customer defaults within a business area or a specific portfolio. Stress tests are used to identify critical drivers for credit risk and capital adequacy. Stress testing of the total credit portfolio is done at least quarterly as part of the internal capitalisation assessment and reported to Group Management and the Board of Directors. Stress testing of the credit portfolio is also carried out in connection with ICAAP reporting to Finanstilsynet and is part of the Group's recovery plan and crisis management plan. Read more about stress testing in the chapter Capital management.

Several methods are used to estimate credit losses in connection with stress testing. Group-wide stress tests use the model for calculating expected credit loss (ECL). Starting with a stressed macroeconomic scenario like the one described in the chapter on capital management and ICAAP, the PD, LGD and EAD for each individual borrower are calculated forward in time using the stressed scenario as input to the models. The new PD, LGD and EAD values are then applied in new estimates of expected credit loss.

DNB uses a bottom-up methodology, specially developed scenarios and custom tools for stress testing subsidiaries, business areas and specific portfolios. These may consist of fewer macroeconomic variables or involve more direct changes to risk parameters in the models, depending on the needs of the different subsidiaries, business areas or portfolios.

Credit customers are exposed to climate risk, both physical climate risk and transition risk. DNB has initiated several initiatives to incorporate climate risk into models for measuring credit risk. Read more about stress testing on climate risk in the chapter Sustainability risk.

Stress testing of credit portfolios is an important tool that is actively used in the management of credit risk. Results from the stress tests are included in the quarterly reporting to the Board.

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk 4. 5.

5 Counterparty credit risk

6 Market risk Developments in counterparty credit risk in 2024

7 Operational risk Capital requirements for counterparty credit risk

8 Climate risk Risk-mitigating measures

9 Appendix Settlement risk

Stress testing and wrong way risk

Risk and capital management Pillar 3 | 2023

20245. Counterparty credit risk Counterparty credit risk is sensitive to market changes, such as fluctuations in interest and exchange rates and in the price of commodities. Counterparty credit risk in DNB, measured as Exposure at Default (EAD), increased in 2024 and was 13 per cent higher than the previous year. DNB enters derivative contracts on the basis of customer demand for hedging instruments and to hedge its own market positions resulting from customer activity. In addition, derivatives are used to hedge positions in the trading portfolio, for general position-taking and to hedge foreign exchange and interest rate risks that arise in connection with funding and lending.

Definition

Counterparty credit risk is the risk of financial loss related to the counterparty's ability to meet their contractual obligations. Counterparty credit risk is a form of credit risk that arises from trading in financial instruments, such as derivatives, loans secured by securities or repurchase agreements (repo). It differs from other credit risk in that exposure usually depends on market risk factors such as interest rates, exchange rates, commodity prices or equity prices. Derivatives are most often traded Over-the-Counter (OTC), i.e. not traded on an asset exchange but bilaterally between two counterparties.

Counterparty credit risk, EAD

NOK billion

Risk exposure amount for counterparty credit risk NOK billion

20.8 (21.5)

(2023 figures)

3. Liquidity risk and asset and liability management

Management and control of counterparty credit risk

5. Counterparty credit risk

→ Developments in counterparty credit risk in 2024
→ Capital requirements for counterparty credit risk
→ Risk-mitigating measures

Settlement risk

Stress testing and wrong way risk

Risk and capital management Pillar 3 | 2024

Developments in counterparty credit risk in 2024

During 2024, counterparty credit risk in DNB increased by 13 per cent to NOK 61.5 billion at year-end 2024, measured as EAD. About 65 per cent of EAD arises from derivatives and the remainder from securities financing transactions and repurchase agreements.

The change in EAD was a result of changes in interest and exchange rates, commodity prices and increased trading volumes.

Capital requirements for counterparty credit risk

The Risk Exposure Amount (REA) for counterparty credit risk in DNB was NOK 20.8 billion at year-end, down from NOK 21.5 billion at year-end 2023. REA for counterparty credit risk stands for around 2 per cent of DNB's total REA.

DNB uses a combination of the standardised approach (Standardised Approach for Counterparty Credit Risk, SA-CRR) and internal models (Internal Model Method, IMM). The SA-CCR method is used to calculate the exposure to commodity and equity derivatives. EAD for interest rate and cross-currency derivatives is measured using IMM. Using IMM to calculate counterparty credit risk better reflects the risk sensitivity than standardised models. DNB's IMM models are approved to use a regulatory scaling factor (alpha) of 1.4.

REA for counterparty credit risk is calculated using the credit risk method approved for the counterparty (Internal Ratings-Based Approach (IRB) or standardised method). For more information on calculating capital requirements, see the chapter on credit risk. For information about capital requirements for Credit Valuation Adjustment (CVA), see the chapter Market risk.

Risk-mitigating measures

To mitigate counterparty credit risk vis-à-vis individual counterparties, DNB enters into netting agreements with its customers. These agreements make it possible to net the positive and negative market values linked to contracts under the same netting set.

Collateral Management is also an important aspect of risk mitigation. For SFTs, it is an integral part of the product because the counterparty can only borrow against part of the market value of the collateral. The loan-to-value ratio is set conservatively. For SFTs, Global Master Repurchase Agreements (GMRA) and Global Master Securities Lending Agreements (GMSLA) are used as standard master agreements to protect the rights of the participants. For derivatives, collateral management is either managed through clearing or bilateral margining of non-cleared derivatives.

Regulatory requirements under the European Market Infrastructure Regulation (EMIR) require mandatory clearing for several types of OTC derivatives. By clearing derivatives, counterparty credit risk is moved from several single counterparties to one central counterparty with full netting of all agreements. Central counterparties are regulated and have procedures for mitigating risk. Among other things, the financial requirements for members include both initial margin and variation margin, as well as contributions to the default fund. They also have thorough procedures for dealing with any member default. The central counterparties hold several layers of capital to absorb losses resulting from defaults among the members. The principle is that the defaulting party must cover losses in the first instance via deposited funds. Then, part of the Central Counterparties (CCPs) own capital will be used before the other members' default funds.

DNB is a member of several central counterparties and clears interest rate, equity and commodity derivatives, as well as repurchase agreements. The largest exposure is with respect to London Clearing House (LCH) and stems from interest rate derivatives. As at year-end 2024, approximately 90 per cent of DNB's outstanding volume of standard interest rate derivatives had been cleared through LCH Swapclear.

3. Liquidity risk and asset and liability management

Developments in counterparty credit risk in 2024

5. Counterparty credit risk

Capital requirements for counterparty credit risk

→ Risk-mitigating measures
→ Settlement risk

Management and control of counterparty credit risk

Stress testing and wrong way risk

Risk and capital management Pillar 3 | 2024

DNB also enters into bilateral margin agreements with financial derivative counterparties, in addition to an increasing number of non-financial counterparties. These agreements are called Credit Support Annex (CSA) agreements. Under these agreements, the market value of all derivative contracts between DNB and the counterparty is calculated daily and the variation margin is posted. The CSA agreements with the biggest financial counterparties also require an initial margin. Variation margin and initial margin largely eliminate counterparty credit risk. The collateral posted is mainly cash for variation margin and securities for initial margin.

The agreements are not normally dependent on the credit quality of the counterparty. A minority of the CSA agreements the bank has entered into state that DNB must provide additional collateral for the counterparties' exposures if DNB's credit rating falls below certain thresholds. The agreements then state that the threshold value for collecting collateral will be lowered, in order to further reduce the credit risk for the other counterparty. The number of levels depends on the rating agency, since DNB has different ratings with different agencies and because their requirements are different. At year-end 2024, a downgrade of three levels would have resulted in NOK 359 million of increased collateral.

Counterparty credit risk split by sector, EAD, 31 December 2024

Per cent

Capital requirements are calculated for exposures to central counterparties in accordance with CRR/ CRD. At year-end 2024, REA related to exposures to central counterparties amounted to NOK 630 million. Counterparty credit risk in equity derivatives, securities financing transactions and currency trading for private customers is reduced by the fact that increases and decreases in market value are settled daily.

Settlement risk

Settlement risk is linked to the settlement of transactions where the bank has met its obligation to deliver the agreed security or sum without knowing whether the counterparty has met its obligation to deliver the agreed security or sum to the bank. One example is a currency exchange where the bank sends the agreed amount in one currency before receiving the agreed amount in the other currency.

DNB has established various measures for mitigating and controlling settlement risk. One important measure is a balance check on the account. This means that the bank does not make payment to the counterparty until it is established that the balance in the counterparty's account is sufficient to cover the obligation. Moreover, in connection with settlements of securities transactions, one of the conditions attached to the securities account is that securities cannot be delivered before the bank has received payment. The normal procedure in the banking market is that the main currencies are settled through Continuous Linked Settlement (CLS). CLS ensures payment versus payment, which means that the final transfer of the bank's payment is not executed until the counterparty's payment takes place. In addition, settlement risk limits have been established which entail a ceiling for a single counterparty's total settlement amounts that fall due on the same day.

3. Liquidity risk and asset and liability management

Developments in counterparty credit risk in 2024

5. Counterparty credit risk

Capital requirements for counterparty credit risk

Risk-mitigating measures

Settlement risk

→ Management and control of counterparty credit risk
→ Stress testing and wrong way risk

6. Market risk

5 Counterparty credit risk

Risk and capital management Pillar 3 | 2024

Management and control of counterparty credit risk

DNB has elaborated on the responsibility of counterparty credit risk management in two different governing documents: Credit Risk and Market Risk. The former governs the quantification of credit quality measures as well as the processes and principles related to the assignment and control of credit limits and utilisation. The Market Risk Framework governs the risk metrics underlying the exposure element of CCR. In addition, a separate CCR Management Framework ensures that DNB has an effective management and control structure for CCR, clarifying responsibilities, promoting prudent counterparty credit risk management and ensuring compliance with relevant regulatory requirements.

The Financial Markets Risk Committee (FMRC) has a special responsibility for assessing and approving measurement methods related to internal models. The decision maker for changes to internal models is the Chief Risk Officer (CRO). If a proposed amendment requires an application for approval from Finanstilsynet (the Financial Supervisory Authority of Norway) before it can be implemented or will have a material impact on the bank's capital in accordance with the regulation or the definition of materiality in the instructions for changes to the IMM model, the CRO will submit the proposed amendment to the Board of Directors for approval.

See the chapter Risk management and control for a more detailed description of FMRC.

The CCR models are continuously monitored and upgraded so DNB can ensure that they are always suitable for the area of application. The IMM models are subject to yearly testing and validation by the independent validation function, according to the guidelines defined in the framework for governing of model risk. Among other things, the models' predictive power is tested quarterly through automated backtesting. For more information about the validation principles, see the chapter Credit risk.

In addition, Group Audit conducts an annual review of the models' compliance with CRR requirements. Both validation and audit reports are considered by the FMRC and by Group Management before being presented to the Board.

Stress testing and wrong way risk

DNB has established a special programme for stress testing counterparty credit risk. The stress testing programme is designed to identify undesired future outcomes of the total counterparty credit risk exposure, both in isolation and together with the bank's total credit risk exposure. Central to stress tests is the design of various scenarios. Additional stress testing related to exposures in some commodity markets are also taken into account in the credit decision.

In addition to identifying potential losses related to counterparty credit risk exposure, stress tests also identify specific and general correlation risk between credit risk and market risk factors, so-called Wrong Way Risk (WWR). WWR is an additional risk that may arise through an adverse correlation between counterparty exposures and the credit quality of the counterparties.

To define and manage WWR, DNB has drawn up specific governing documents that describe how the risk is to be identified in individual cases and at the portfolio level. WWR is reported to the management of DNB Markets and Group Risk Management, among others. Particularly significant instances of WWR are followed up by the FMRC.

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk

6 Market risk 4. 5. 6.

7 Operational risk Developments in market risk in 2024

8 Climate risk Capital requirements for market risk

9 Appendix Market risk exposure

Market risk in DNB remained stable and moderate in 2024. There are significant diversification effects within market risk in DNB. Market risk arises primarily from the bank's asset and liability management, customer activities in DNB Markets and equity investments.

Definition

20246. Market risk Market risk is the risk of financial loss due to unhedged positions in the foreign exchange, interest rate, commodity and equity markets. The risk reflects potential fluctuations in profit due to volatility in market prices or exchange rates. Market risk occurs in several segments of DNB and includes both risk arising through ordinary trading activities and risk arising as parts of banking activities and other business operations.

Risk exposure amount for market risk NOK billion

9.9 (12.4)

Market value of equity and real estate investments in the banking portfolio NOK billion

21.6  (22.4)

(2023 figures)

3. Liquidity risk and asset and liability management

6. Market risk

→ Developments in market risk in 2024

Market risk exposure

Developments in market risk in 2024

Economic capital is estimated using an internally developed simulation model that determines the capital requirement related to losses at the 99.9th percentile and covers all material risks in DNB. At the end of 2024, economic capital for market risk was NOK 8.7 billion, compared with NOK 9.2 billion at the end of 2023. Market risk as a share of economic capital was gradually reduced throughout 2024 and remained within the Board's risk appetite for the entire year. The main reasons for the decrease are a reduction in market risk from both banking and trading activities.

Utilisation of the market risk limits was moderate, with only small adjustments to the limits in 2024. The limits for market risk are discussed later in this chapter.

The trading portfolio

DNB's trading portfolio consists of positions in financial instruments, commodities and credit derivatives held for the purpose of resale or to take advantage of price or interest rate fluctuations in the short term, as well as hedging such positions. For example, the instruments in the trading portfolio are related to customer transactions through DNB Markets and include 'market making' and facilitating corporate financing. The definition of the trading portfolio is given in the CRR/CRD regulations and DNB's framework for market risk, which describes limits to the trading portfolio. The different trading portfolios each have their own strategy document that defines their scope and how they are governed, including guidelines related to risk-mitigating measures.

The main purpose of the bank's market risk positions in the trading portfolio is to support the bank's and the customers' management and mitigation of market risk. The bank will thus convey market risk to a greater extent between market participants and to a lesser extent take market risk on its own account.

The banking portfolio

DNB refers to market risk that is related to positions and activities that are not included in the trading portfolio as the banking portfolio. The banking portfolio is composed of financial instruments that, among other things, come from the Group's financing activities and equity capital investments. There is market risk in the banking portfolio, which is partly due to different fixed-rate periods for debt and assets. In addition, the banking portfolio is exposed to credit spread risk, basis spread risk, currency risk, equity risk and residual value risk.

3. Liquidity risk and asset and liability management

6. Market risk

→ Capital requirements for market risk

Market risk exposure

Capital requirements for market risk

Capital requirements are calculated according to the CRR/CRD regulations, and DNB reports market risk according to the standardised approach. According to CRR/CRD, capital requirements under Pillar 1 are calculated for interest and equity risks associated with the trading portfolio. For currency and commodity risk, the capital requirement under Pillar 1 is calculated for the overall portfolio. The capital requirement for market risk under Pillar 1 decreased compared to 2023. The most important reason was a decrease in the capital position and general risk associated with debt instruments.

The market value of derivative contracts depends on the counterparty's creditworthiness and other market risk factors. CVA is an adjustment of the market value of Over-the-Counter (OTC) derivatives in order to account for impaired creditworthiness of the counterparty. Provisions are calculated for CVA and recognised in the income statement. The capital requirement for CVA should cover the risk associated with the volatility of CVA provisions. DNB calculates capital adequacy requirements under Pillar 1 for CVA risk according to the standardised approach in CRR/CRD. The development in the risk exposure amount (REA) for CVA risk in the DNB Group is shown in the figure to the right.

In addition, there are capital requirements under Pillar 2 for market risk in the banking portfolio and other risk not covered by Pillar 1.

Risk exposure amount (REA) for market risk

NOK million	31 Dec. 2024	31 Dec. 2023
Position and general risk, debt instruments	6 163	8 136
Position and general risk, equity instruments	602	757
Currency risk	6	0
Commodity risk	74	5
Credit value adjustment risk (CVA)1	3 107	3 500
Total market risk	9 952	12 399

1 In the in CRD reporting (Corep) the CVA risk is not included in market risk

Development in REA for CVA risk

NOK billion

3. Liquidity risk and asset and liability management

6. Market risk

→ Market risk exposure

Market risk exposure Market risk limits

An overall limit on market risk has been set in the risk appetite framework, expressed as the maximum share of economic capital. For more on risk appetite, see the chapter Risk management and control.

Furthermore, detailed limits have been established for the various market risk types, including interest rate, currency, commodity and equity risk. The limits for market risk are intended to help ensure that market risk is within the risk appetite set by the Board.

The limits for material market risk exposures are determined by the Board of Directors. Limits are set at least annually and will automatically expire if not renewed. The limits are delegated by the Board of Directors to the Chief Executive Officer (CEO), who delegates them further to risk-taking entities that make investment or trading decisions. If limits are breached, this must be reported immediately both to whomever delegated the limits and to Group Risk Management (GRM).

Administrative limits and escalation levels are set for exposures that are defined as less significant. Such limits are used when there is a need for operational scope of action. Administrative limits are determined by the Group Executive Vice Presidents.

Market risk limits, 31 December 2024

		Limit, trading	Limit, banking
NOK million		portfolio	portfolio	Total	Description
	Interest rate risk*	4	7	11	Sensitivity limit
	Currency risk	2 500		2 500	Market value limit
Limits set by the board	Equity risk	2 050	1 315	3 365	Market value limit
	Commodities risk	300		300	Market value limit
	Basis swap risk*	15/(-30)		15/(-30)	Sensitivity limit
	Real estate risk	-	1 025	1 025	Market value limit
	Physical asset risk**		10 250	10 250	Market value limit
	Strategic investments	-	24 500	24 500	Market value limit
Administrative limits	Basiscurve risk*	62		62	Sensitivity limit
	Bond risk	30 000		30 000	Market value limit
	Credit spread risk***	7	111	118	Sensitivity limit

* NOK million per basis point value

** Includes residual value of vehicles associated with leasing operations

***Markets, Treasury and GF

Any changes to administrative limits must be reported to GRM and the Chief Risk Officer (CRO). The table above gives an overview of the most important administrative limits and limits set by the Board that applied at the end of 2024. In addition to these, smaller limits are set for options.

3. Liquidity risk and asset and liability management

6. Market risk

→ Market risk exposure Management and control

of market risk

Interest rate risk

Interest rate risk occurs when financial instruments change value because of interest rate fluctuations and occurs both in the banking and the trading portfolios. Interest rate risk is expressed as NOK per basis point value (BPV), which represents how much the present value of the positions will change if the underlying interest rate changes by one basis point. BPV is thus a measure of how sensitive the value of the bank's portfolios is to changes in interest rate levels. The figures on the next page show the interest rate risk in the trading and banking portfolios, respectively. The average exposure to interest rate risk over the whole year was NOK 1.1 million per BPV for the trading portfolio and NOK 3.1 million per BPV for the banking portfolio.

DNB's total interest rate risk limit at the end of 2024 amounted to NOK 11 million per basis point change, distributed between NOK 4 million in the trading portfolio and NOK 7 million for other exposures. Separate limits are set for each currency and the different intervals on the yield curve. Interest rate risk is measured and reported daily in DNB Markets and Group Treasury. The limits were not breached in 2024.

Interest rate exposure in the trading activities, BPV, 2024

Interest rate exposure in the banking activities, BPV, 2024

NOK million

3. Liquidity risk and asset and liability management

6. Market risk

→ Market risk exposure

Interest rate risks and non-trading book activites

According to the risk appetite statement for market risk the total market risk must constitute a non-dominant share of the total risk and primarily be the result of customer activities. The risk appetite statement for market risk is operationalised by setting and delegating limits for different types of market risk, including interest rate risk. Market risk accounts for a small part of DNB's total risk. Group Treasury is the unit responsible for, among other things, managing the Group's liquidity and market risk that arises in the bank portfolio. The Group's strategy for interest rate risk management is conservative and adapted to the bank's size and risk capacity.

Measurement of IRRBB exposures is performed through the calculation of various indicators, including change in economic value of equity (EVE), change in net interest income (NII), and change in market value of instruments at fair value (MV), in addition to other internal risk measures and stress test methodologies.

DNB measures and reports exposure to interest rate risk and the daily utilisation of related limits to management. Group Risk Management executes daily second line controls.

Interest rate risks and non-trading book activities (IRRBB) is defined as current and future risk for the bank that arises from unexpected and adverse movements in interest rates that affect the banking portfolio, both through changes in present value and in future cash flows for interest-sensitive financial instruments. The main sources of interest rate risk can be classified as:

Gap risk: risk arising from the maturity structure of interest-rate sensitive instruments and resulting from differences in the timing of interest rate changes. This includes changes in the yield curve maturity structure that occur either consistently across yield curves (parallel risk) or differently between periods (non-parallel risk).

Base risk: risk that arises from relative changes in interest rates on interest-rate sensitive instruments with similar maturities, but which are priced based on different yield curves.

Option risk: risk associated with options (embedded and explicit), where the institution or its client may change the level and timing of its cash flows.

In addition to the minimum requirement for quarterly reporting to governing bodies stated in the EBA guidelines, delta NII (net interest income), delta EVE (economic value of equity), delta MV (market value changes) and other key figures are calculated and reported at least monthly, and more frequently, if necessary, to other relevant recipients, including the management of Group Treasury and the Asset Liability Committee (ALCO). Group Risk Management is responsible for developing and distributing internal and external reports.

Basis point value (BPV) is the key risk metric for interest rate, spread and basis risk. To quantify the interest rate risk in the banking portfolio, DNB calculates changes in expected future profitability (delta net interest income, delta NII) and the change in the net present value of different interest-ratesensitive assets and liabilities over their remaining life as a result of an interest rate shock (delta economic value of equity, delta EVE). The bank's interest rate risk metrics include both gap, basis and option risk elements.

The change in net interest income (dNII) and net present value of interest-sensitive instruments (dEVE) for the bank portfolio is calculated in accordance with regulatory stress scenarios specified in the regulatory standard, the Supervisory Outlier Test (EBA/RTS/2022/10).

3. Liquidity risk and asset and liability management

6. Market risk

→ Market risk exposure Management and control

of market risk

The scenarios considered are an instantaneous upwards and downwards parallel shift in the yield curves. In addition, methods and assessments that are appropriate for the bank's characteristics and business activities are internally developed, which include a rate fall scenario of 100 bps to account for the level of rates in the individual currencies in scope and non-parallel shocks to consider basis and credit risk.

The key modelling and parametric assumptions used by the bank for IRRBB measures are the same as those used to produce the figures included in the template EUR IRRBB1 in the additional Excel disclosure 'Risk and capital management – Pillar 3 attachment' on ir.dnb.no.

The bank's prioritised approach to managing interest rate risk in the bank portfolio is based on financial risk. Follow-up of interest rate risk in the bank portfolio is carried out daily. Interest rate risk is mainly hedged through the use of financial derivatives, in the form of basis swaps, FX swaps and interest rate swaps. Hedge accounting is used for a portfolio of investments in fixed-rate securities in FX and bond borrowings in fixedrate currency. For a description of accounting policies, see the note to the principles in the DNB Group's annual report. Other information that is relevant in relation to the reporting of IRRBB is the following note information: note on 'Interest rate sensitivity'; note on 'Financial Derivatives and Hedge Accounting'; note on 'Net Interest Income'; note on 'Net Profit on Financial

Instruments at Fair Value'; note on 'Classification of Financial Instruments'; note on 'Fair value of financial instruments at amortised cost; and note on 'Financial instruments at fair value'.

In the bank's calculation of IRRBB, constant balance for dNII and run-off balance for dEVE are used. The bank's equity is not subject to a long-term fixed interest rate, but rather a short-term fixed interest rate that corresponds to the notification deadline for changes to loan terms for PT-priced loans (i.e. interest rate changes). The repricing frequency for assets and liabilities without contractual maturities, except for those subject to the regulatory notification deadline, is set to one day.

Considerations around customer margins are included for the calculation of dNII, while they are excluded from the calculation of dEVE. When aggregating the calculations for dEVE and dNII, positive changes in the individual currency as a result of the stress scenario are given a weight of 50 per cent, while negative effects are weighted 100 per cent. The effect of a zerointerest rate floor on negative interest rates is included in the bank's assessments.

For relevant deposit categories, the bank has decided not to attribute interest rate risk beyond what follows the regulatory notification deadline for interest rate changes (8 weeks). For categories that are not affected by the regulatory notification deadline, the repricing

period for deposits without contractual maturity is set to one day (overnight).

Deposits with contractual maturities are processed in accordance with the contractual remaining maturity and repetition frequency. Consideration for early dismissal is considered marginal because

→ they have a short-term profile that discourages early withdrawal,
→ they represent a marginal part of the bank's total liabilities,
→ early withdrawal requires approval from the bank.

The calculation of interest rate risk on fixed-rate loans is based on contractual maturity. Early termination is considered to be non-relevant by acknowledging that the bank has the right to charge customers for the present value of interest losses and the cost of the advance redemption.

For dEVE, calculated with positions at year-end 2024, the scenario 'short rates up' gives the worst outcome, with a negative effect equal to NOK 1 253 million. For the dNII, calculated with positions at year-end 2024, the scenario 'parallel shift of interest rates down 200 basis points' gives the worst outcome, with a negative effect equal to NOK 3 280 million. For developments over time, see Table IRRBB1 in the additional Excel disclosure 'Risk and capital management – Pillar 3 attachment' on ir.dnb.no.

3. Liquidity risk and asset and liability management

6. Market risk

→ Market risk exposure

Traditional banking, such as deposits and loans, has a fundamental sensitivity to interest rate changes. A large part of the bank's balance sheet is exposed to floating interest rates (direct or indirectly), which represents a natural hedge against interest rate risk. In addition, DNB manages interest rate risk based on Board-set risk limits.

For most products that are subject to floating interest rates (PT rates), the bank's own discretionary assessment is used as a basis when the product is priced. Such products have no interest rate risk or lock-in period beyond the regulatory notification deadline.

The average and longest repricing maturity assigned to non-maturity deposits is approximately eight weeks.

Equity investments

As a shareholder, DNB actively exercises ownership in selected companies through their Boards of Directors. Exposure relative to market risk limits is measured based on the investments' market value, including any future commitments in Private Equity funds (PE funds). The fair value of the investments is NOK 21.6 billion, slightly down from NOK 22.4 billion at year-end 2023.The reduction is a result of the overall development in all portfolios, which in particular has contributed to the divestment of previously acquired exposures and the payment of dividends from strategic financial investments.

Equity investments in the banking portfolio are grouped into:

→ Direct investments an investment portfolio of unlisted companies.
→ Venture investments through DNB Venture's mandate, venture investments comprise an investment portfolio of Nordic start-ups with considerable innovation capabilities. The target companies may have synergy effects for the DNB Group.
→ Credit portfolio the purpose of the credit portfolio is to secure or recover the value of credit exposures through ownership and subsequent realisation. Based on business-related and long-term assessments, the bank may decide to sell equities pledged as collateral or convert defaulted debt into equity and ownership.
→ Strategic financial investments investments in the financial sector with a strategic perspective. Ownership of Fremtind Forsikring AS, Luminor Group AB and Vipps AS are among the largest investments.
→ Real estate exposures either strategic real estate investments or properties repossessed as a result of credit default. Real estate exposure is measured as the market value of the underlying properties, regardless of the financing structure.
→ PE portfolio consists of shares in unlisted PE funds. The portfolio consists mainly of acquisition funds that invest in mature enterprises and a smaller proportion in venture funds investing in companies in the start-up phase.

Other exposures

Basis swap spread risk arises because a substantial portion of DNB's assets in NOK is funded with foreign currency through covered bonds issued by DNB Boligkreditt AS or through other debt instruments. The currency is swapped to NOK through basis swaps with the same or shorter term. A basis swap is a combined interest rate and currency swap where the parties exchange future cash flows and agree to pay and receive interest. Basis swaps are normally held to maturity and value is assessed daily. This entails that the recognised value of a swap fluctuates during the term of the swap. There are no limits on basis swaps that are used in connection with funding.

Currency risk in the Group is hedged against DNB Markets, which is thus the only entity that is directly exposed to traditional currency risk. The exposure is low and is predominantly linked to business operations and, to some extent, to supporting customer trades.

Asset risk is exposure to direct ownership of physical assets that are not standardised. Examples of such assets are industrial equipment and construction machinery. The majority of the limit for this risk covers exposure to the residual value of vehicles associated with leasing operations.

3. Liquidity risk and asset and liability management

6. Market risk

→ Market risk exposure
→ Management and control of market risk
7. Operational risk

5 Counterparty credit risk

Credit spread risk mostly arises as a result of the bank's liquidity risk management through the management of bonds in the liquidity portfolio. See the chapter Liquidity risk and asset and liability management for more details on the liquidity portfolio. In addition, there is some credit spread risk in the trading portfolio as a result of secondary market trading and investments in the primary market. Secondary market trading takes place mainly through market-making of Norwegian bonds and commercial papers. The credit spread is the add-on to the reference interest rate in a bond coupon. Credit spread risk is the risk of changes in market assessments of the credit spread.

Equity-related risk in the trading portfolio arises mainly from DNB Markets performing market-making in shares and equity derivatives on electronic marketplaces and to customer brokers. In addition, DNB Markets sets prices for convertible bonds. Market risk, as a result of these activities, is managed on an ongoing basis within the relatively moderate equity limits allocated to the trading portfolio.

In addition, there are limits for commodity risk and basis curve risk. The commodity exposure and the associated risk are moderate. Basis curve risk occurs when interest rate instruments denominated in the same currency are not valued with the same yield curve.

Management and control of market risk

The Group Policy for Risk Management sets out overall requirements, roles and responsibilities for risk management in DNB. For market risk, the policy is elaborated and specified in the framework for market risk management that establishes definitions, principles for delegation of limits and requirements for the management of market risks, including interest rate risk in the banking book (IRRBB). The framework for market risk is reviewed and updated at least annually. Local instructions for business areas with material market risk exposure have been implemented. The local instructions operationalise the framework in the individual business area.

In addition to the market risk framework, there is also a Group strategy for market risk. Together with the market risk limits, the market risk strategy elaborates and specifies the bank's risk appetite for the trading portfolio and the banking portfolio, respectively. Market risk arises from business activities, and only certain DNB business areas are to be exposed to market risk. The market risk strategy is therefore formulated by these areas and reflects their adaptation of their operations.

All business areas and Group units with activities that result in exposure to market risk are responsible for managing and controlling this exposure. Risk Management Group follows up to ensure that this is carried out to a sufficient extent. Risk management The Group therefore monitors developments in market risk exposures and advises and challenges the front line on issues relating to risk management. Furthermore, Risk Management also carries out regular independent controls of, among other things, the utilisation of the market risk limits and control of risk data.

DNB uses various risk metrics in the management and control of market risk:

→ Economic capital is used to measure the overall market risk and in internal risk and capitalisation assessments.
→ Value at Risk (VaR) is used to measure aggregated risk across asset classes and is a supplementary risk metric. VaR is calculated for interest rate, equity and currency risk. Limits are not set for VaR.
→ Sensitivity metrics are used to report and monitor exposures against specific limits, e.g. yield curve intervals. Sensitivity metrics in the market risk metric reflect how much the bank risks losing in the event of a given change in the underlying risk type. The sensitivity metrics are important for the qualitative risk assessment and are also used as a basis for quantitative risk modelling.
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

6. Market risk

Developments in market risk in 2024
Capital requirements for market risk
Market risk exposure
→ Management and control of market risk
7. Operational risk
8. Sustainability risk
9. Appendix
→ Some limits are expressed as market value and thus the risk and exposure related to limits are measured in terms of market value.
→ To take the non-linear nature of options into account, the risk limits are set as scenario limits, meaning that the exposure is measured by stress testing both the underlying instrument and the corresponding volatility.
→ Stress tests of EVE and NII are used to measure interest rate risk outside the trading portfolio (IRRBB).

In addition, stress testing is used to identify exposures and losses that could arise under extreme but, at the same time, plausible market conditions.

The Financial Markets Risk Committee (FMRC) follows up the framework for managing market risk related to the bank's activities in financial markets, including methodology and control procedures. See a more detailed description of FMRC in the chapter Risk management and control.

Market risk exposure, risk appetite and limit utilisation are reported monthly to Group Management and the ALCO, and quarterly to the Board.

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk

6 Market risk 4. 5. 6. 7.

7 Operational risk

8 Climate risk Developments in operational risk in 2024

9 Appendix Capital requirements for operational risk

Management and control of operational risk

20247. Operational risk DNB's operations were stable throughout 2024. Although financial crime was a significant challenge, operational losses were limited. Geopolitical tension and international conflicts influence the threat landscape.

Definition

Operational risk is the risk of loss resulting from inadequate or failed processes, people and systems or from external events. Reputational risk is not covered by this definition but is discussed at the end of this chapter.

Clients, Products & Business Practices Damage to Physical Assets Execution, Delivery & Process Management External Fraud Internal Fraud Business Disruption & System Failures Employment Practices & Workplace Safety Category not confirmed

Operational losses

1 200

NOK million

Risk exposure amount (REA) for operational risk NOK billion

140.0 (121.2)

Operational events Number

4 097 (4 681)

(2023 figures)

3. Liquidity risk and asset and liability management

Capital requirements for operational risk

7. Operational risk

→ Developments in operational risk in 2024

Management and control of operational risk

Developments in operational risk in 2024 During 2024, DNB had a total of 4 097 operational events, a reduction from 4 681 in 2023. Operational losses in 2024 amounted to NOK 276 million, a significant reduction from the previous year. The losses are normal compared with the last ten years.

The largest single loss was related to irregularities in a bankruptcy of a corporate customer and is being investigated by the police. Fraud constitutes more than half of the total loss in 2024. Most other incidents only impacted internal costs and loss of income for DNB, but without significant consequences for our customers

Geopolitical unrest

The turbulent global situation continued in 2024, with geopolitical uncertainty and high levels of conflict, including armed conflicts in Ukraine and the Middle East. This increases the likelihood of incidents in several categories, such as cyber attacks and supply chain disruptions. DNB did not incur significant losses as a result of such incidents in 2024.

Financial crime

A year ago, we saw a change where Swedish criminal groups had established themselves in Norway, with fraud as their primary focus. The connection between criminal networks and fraud became more apparent in 2024 and fraud attempts amounted to NOK 2.5 billion, an increase of 39 per cent from the previous year.

In some cases, fraud has occurred with in-person visits to the victim. This is particularly taxing for the individual affected. The bank has extensive financial responsibility when the victim is a private individual, and DNB's losses have increased significantly compared with previous years. DNB is actively working against financial crime and is cooperating with both authorities and other banks on this matter. Read more under the topic ESRS G1 Financial crime' in our annual report on ir.dnb.no.

DNB monitors the geopolitical situation and trends in financial crime and works systematically to prevent DNB's products and services from being used for criminal activities.

Sbanken

After the merger with Sbanken in 2023, customers were transferred to DNB's IT platform in March to enable the phasing out of redundant systems. Some customers chose to leave Sbanken as the online bank was decommissioned in favour of a mobile bank-only approach. The number of cases led to long processing times for many who wanted to transfer their equity savings accounts (ASK) to other providers. DNB/Sbanken decided to compensate customers who were out of the market for more than the required ten days.

Technology and security

DNB is continuously modernising its IT services and the way they are managed. Long-term projects to replace legacy core and payment systems are underway. Such projects are important to ensure stable and secure operations for the future.

DNB has been working extensively on preparations for the EU regulation on digital operational resilience (DORA). This work is expected to result in even better management and control of IT services. DORA has not yet come into effect in Norway, but DNB provides services in several EU countries, and much of our business operations are therefore subject to the requirements from 17 January 2025.

The primary indicator for IT operations in DNB is 'green days'. A green day is a day when all IT services operate without serious negative consequences for our customers. Operational stability has been improved significantly over the past few years, and in 2024, we had 96 per cent green days, which is slightly better than in 2023. The incidents that caused 'red' and 'yellow days' were spread throughout the year and involved different services, including errors in supplier systems. Errors in our online and mobile banks are usually the ones that affect our customers directly. DNB publishes the current status on such incidents at dnbstatus.no (Norwegian only).

3. Liquidity risk and asset and liability management

→ Developments in operational risk in 2024

→ Capital requirements for operational risk
→ Management and control of operational risk

Risk exposure amount (REA) for operational risk

NOK million	Factors	31 Dec. 2024	31 Dec. 2023
Corporate finance	18 %	5 026	4 876
Trading and sales	18 %	9 955	9 331
Retail brokerage	12 %	31	40
Commercial banking	15 %	85 579	71 814
Retail banking	12 %	26 996	24 205
Payment end settlements	18 %	8 247	7 088
Agency services	15 %	781	722
Asset management	12 %	3 419	3 113
Sum REA	15 %	140 035	121 190

Security is a high priority at DNB. Cyber attacks such as ransomware are among the biggest operational risks at DNB, even when they occur through third parties. The status of cybersecurity is regularly reported to the Board through indicators in the risk appetite. As is the case with most large institutions, DNB is subjected to attempted cyber attacks on an ongoing basis, but this rarely has noticeable consequences. Both internal and external assessments indicates that DNB has a strong cyber defence.

Capital requirements for operational risk

DNB uses the standardised approach to calculate capital requirements for operational risk. Calculating the risk exposure amount (REA) using the standardised approach is done by grouping the bank's revenue over the last three years by business activities and calculating a weighted average multiplied by 12.5. REA for operational risk (Pillar 1) was NOK 140.0 million at year-end 2024, an increase of NOK 18.9 million from the previous year. The risk exposure amount will always increase from the previous year as long as this years' revenue is higher than the revenue three years ago.

Management and control of operational risk

Operational Risk Management contributes to efficient business operations and reduces losses. Good risk management includes establishing a healthy risk culture, as well as clear roles and responsibilities for working with operational risk. Managers in DNB must be aware of and manage operational risk in their own processes, systems, products and services. All business areas have their own risk departments.

The Group Operational Risk division in Group Risk Management is DNB's central specialist unit for operational risk management and constitutes the Group's second line defence for such risk. This is an independent control function responsible for the framework for operational risk management, Group reporting and risk mitigation through insurance. Employees in the unit monitor operational risk in all business areas and Group units, in subsidiaries and at international offices.

The figure on the next page shows the key elements of DNB's operational risk management. In a healthy risk culture, there is a focus on understanding risk assessments, establishing, implementing and evaluating risk management measures, and ensuring effective reporting to relevant stakeholders. All identified losses and incidents must be continuously recorded in a dedicated incident database.

3. Liquidity risk and asset and liability management

Developments in operational risk in 2024

7. Operational risk

Capital requirements for operational risk

→ Management and control of operational risk

8. Sustainability risk

Operational risk management in DNB

The Group's governing documents, together with laws and regulations, set the premises for managing operational risk. DNB's governing principles contain overarching guidelines for risk management, which are elaborated in policies, instructions and processes for operational risk. Regulations and guidelines from the authorities in Norway and other countries where DNB operates give further requirements for risk management, for example though EU's DORA and AI Act.

The Group's risk appetite sets the limits for both cyber risk, IT operations risk, reputation risk and loss events in general. Risk identification and assessment, together with registration and follow-up of operational incidents, should provide an overall picture of the operational risk and contribute to keeping operations within the risk appetite.

The Group's business areas report their most significant risks and incidents to their respective Group Executive Vice President quarterly. Group Risk Management submits a quarterly risk report to the Board of Directors, which includes information on developments in risks that are considered material to the Group, such as cyber risk.

DNB has an established process for approval of products and services to ensure high quality, competitiveness, customer satisfaction and compliance. Dedicated instructions ensure that the risk is assessed before a product or a service is approved. In addition, there must be descriptions of what the product or service means to the customer, who the target group is and who in DNB is responsible for the product.

Common principles provide DNB with a conceptual framework and overall understanding of internal control and form the basis of a framework for structured internal control work. An important

element is the annual internal control assessment, where all the business areas and Group units make a summary assessment of the internal control in their area. This includes risk assessments, controls and mitigating actions. Group Executive Vice Presidents and the Group CEO are responsible for approving and submitting these summary assessments to the Board of Directors.

The Non-Financial Risk Committee (NFRC) plays a key role in coordinating the management of operational risk across DNB. Associated subject matter groups work on prioritised topics. Each group reports and can escalate matters to the committee. Read more about the NFRC, in the chapter Risk management and control.

The Group has an extensive insurance programme designed to mitigate the financial consequences of undesirable events that may occur despite established security procedures and other preventive risk measures. In addition to fire, burglary and business interruption, the insurance covers crime, embezzlement, costs and losses from cyber attacks, professional liability, and directors' liability for the Group's operations worldwide. This year's insurance renewals resulted in a reduction of the total premium, even though property insurance and reinsurance have generally become more expensive due to large and more frequent natural disasters.

3. Liquidity risk and asset and liability management

Developments in operational risk in 2024

7. Operational risk

Capital requirements for operational risk

Management and control of operational risk

→ Reputational risk

Reputational risk

Reputation is important to DNB. As a driving force for sustainable transition, our commitment to compliance, along with ongoing dialogue with customers and stakeholders, aims to build trust and strengthen our reputation. DNB monitors reputational risk in close connection with operational risk. DNB's risk appetite framework states that DNB aims to have a good reputation and deliver on expectations from society and stakeholders.

Changes in reputational risk mainly come from two sources: internally within the company (changes in business practices, new or revised products, marketing campaigns, infrastructure downtime or other technical issues) or externally (changes in the business environment, market trends, expectations from stakeholders, changes in public opinion).

Our Code of Conduct provides employees with guidance on how to behave and what to consider in their daily activities. DNB manages reputational risk through corporate governance and business activities. In accordance with the product approval process, reputational risk must be assessed for all products and services, and subject matter experts are involved in these assessments.

Development in reputation score

Traction score, quarterly

DNB measures the brand's reputation with Traction, a Norwegian market analysis that enables DNB to assess its reputation against competitors and comparable companies in other sectors. In Traction, a company receives a score between 0 and 100, where a score of 65 or higher is considered 'good', which is also DNB's target. The reputation varied throughout 2024, and the score of 57 points at the end of the year corresponds to a moderately good reputation. Proactive work is being done across the Group to raise the results to the desired level.

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk

5 Counterparty credit risk 4. 5. 6. 7. 8. Sustainability risk

6 Market risk

7 Operational risk

8 Climate risk

9 Appendix Development in sustainability risk in 2024

Management of sustainability risk in the different risk types

Risk and

capital management Pillar 3 | 2023 Risk and capital management Pillar 3 | 2024

8. Sustainability risk

Climate change, environmental degradation, social issues and governance (ESG) factors pose considerable challenges for the economy. It is expected that environmental risks, including climate-related risk, will become even more prominent going forward and may affect the financial risks to which financial institutions are exposed. Social and governance factors such as human rights and corruption may also represent sources of financial risk for financial institutions. DNB is exposed to sustainability risk through the companies the Group finances and invests in, and through these companies' ability to adapt to climate change, promote ethical labour practices, and facilitate the transition to a low-emission society.

Real estate portfolio – energy efficiency of collaterals

3. Liquidity risk and asset and liability management

Management of sustainability risk in the different risk types

Risk and capital management Pillar 3 | 2024

Definition

Sustainability risk (ESG risk) is the risk of financial losses and other negative consequences arising from events related to climate and environmental factors (E), social issues (S) or corporate governance (G). ESG factors can affect a variety of risk types in both financial and non-financial risk. Climate risk is further divided into the following risk types: → Physical climate risk – risk associated with the consequences of climate change that lead to

damage or loss in a physical sense. Within physical risk, a distinction is also made between chronic and acute risk, depending on how fast the risk occurs.
→ Transition risk risk associated with the consequences of the changes resulting from measures to climate change mitigation. There may be political, regulatory, technological or socio-economic changes in the transition to a low-emission society.
→ Liability risk risk associated with the liability to account for or mitigate climate-related damage or losses, such as legal action being taken against a company for its contribution to climate change or for failing to disclose climate-related risks to its investors.

Social issues are risks associated with factors such as human and labour rights and changes in social norms or expectations.

Corporate governance are risks associated with factors such as corporate governance, ethics, transparency, anti-corruption and anti-money laundering and tax matters.

3. Liquidity risk and asset and liability management

of sustainability risks Roles and responsibilities

8. Sustainability risk
→ Development in sustainability risk in 2024

Management and control

Management of sustainability risk in the different risk types

Development in sustainability risk in 2024

2024 was the warmest year on record globally, and the first year in which the average global temperature was over 1.5 degrees higher than pre-industrial levels.1 Extreme weather and climate-related events had negative consequences for nature, wildlife, people and the economy. Climate politics is therefore still relevant and for the 29th time, the Climate Summit was held, where a new agreement was reached after overtime negotiations. At the same time, the year was characterised by uncertainty due to geopolitical turmoil and intensified trade wars, which increased the risk of disruptions to global trade and value chains. In such an environment, it is important to ensure that capital is channelled into the climate transition to achieve the transition to a low-carbon economy. At DNB, we work to be a driving force for sustainable transition and will use our position and expertise to actively help customers in a more sustainable direction through advice, financing and clear expectations. By the end of 2024, DNB had contributed a total of NOK 751.8 billion to financing and facilitating the sustainable transition since 2020.

1 Copernicus Climate Change Service. (2025, 10 January). https:// climate.copernicus.eu/copernicus-2024-first-year-exceed-15degcabove-pre-industrial-level

Since April 2023, DNB has been required to report on sustainability risks in line with Commission Delegation Regulation (EU) 2022/2453. The requirements include DNB's sustainability risks related to climate change transition risk, climate change physical risk and mitigation actions. The implementation of these requirements has been handled together with DNB's other reporting obligations on sustainability, i.e. the EU Taxonomy, to ensure consistent data and logics. The development and integration of data is an ongoing process. See the Appendix 2 to this report, as well as the additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)' for more information about sustainability risk.

DNB reported in accordance with the Corporate Sustainability Reporting Directive (CSRD) for the first time in 2024.The Group has identified material topics within the European Sustainability Reporting Standards (ESRS) E1 Climate change, E3 Water and marine resources, S1 Own workforce, S4 Consumers and end-users and G1 Business conduct. Additionally has DNB identified three company-specific topics, cyber security, financial crime, and financial infrastructure and financial stability which is reported under S4 and G1. DNB's report under the Norwegian Transparency Act, which describes how DNB carries out the due diligence process for fundamental human rights and decent working conditions, has been published on dnb.no/ sustainability-reports.

Building a system to map and monitor DNB's risk, ensuring strategic target attainment and meeting reporting requirements are important factors in DNB's approach to risk management. DNB's long-term profitability depends on our customers incorporating sustainability into their business models and strategic choices. By setting requirements for accountability on the part of our customers, DNB can have a positive impact on social development, while at the same time reducing customers' and own risk. Throughout 2024, DNB continued to develop and improve the identification, management and control of sustainability risk, and initiated a project to meet the requirements of CRD IV and EBA GL/2025, which are expected to be implemented in Norway in 2026.

3. Liquidity risk and asset and liability management

Management and control of sustainability risks Roles and responsibilities

→ Development in sustainability risk in 2024

Management of sustainability risk in the different risk types

Risk and capital management Pillar 3 | 2024

Climate risk

Climate risk is one of the most significant sustainability drivers that can affect the Group's financials. If companies that DNB finances do not take climate risk into account, their viability and profitability will be affected, which in turn may impact on DNB's value creation. Both transition risk and physical risk can have significant financial consequences, which can affect DNB, for example through loan defaults, decreased value of collateral, credit impairments, investment losses and higher insurance settlements. In the short to medium term, transition risk is more significant than physical risk for DNB. The table to the right shows examples of how climate-related risk can affect DNB within different risk types:

	Transition risk	Physical risk
Credit risk	Companies can face negative consequences, such as loss of income due to changes in preferences or increased costs (relating to legal matters, statutory compliance and technological changes). This can have negative effects on company's cash flow and its ability to repay debt, further leading to a higher probability of default and increased credit risk.	Credit exposure could increase if climate related risk drivers reduce borrowers' ability to repay and service debt (income effect) or banks' ability to fully recover the value of a loan in the event of default (wealth effect).
Market risk	Transition risk could lead to a shift in market conditions, leading to a decrease in the value of financial asset and negative price adjustments where transition risk is not yet incorporated into prices.	Climate change could imply a decrease in the value of financial assets, including the potential to trigger large, sudden and negative price adjustments where climate risk is not yet incorporated into prices. Climate change could also lead to a breakdown in correlations between assets or a change in market liquidity for particular assets, undermining risk management assumptions.
Liquidity risk	Banks' access to stable sources of funding could be reduced as market conditions change. Climate-related risk drivers may cause banks' counterparties to draw-down deposits and credit lines.	Climate change and severe physical events may lead to a greater demand for liquidity and changes in marked liquidity for particular assets.
Operational risk	Increasing legal and regulatory compliance risk associated with climate-sensitive investments and businesses. Reputational risk could also arise from shifting sentiment among customers and increasing attention and scrutiny from other stakeholders (investors, regulators etc.) on how businesses respond to climate change.	Severe physical events may lead to physical damage to DNB's properties, branch offices or data centres, leading to disruption of operations.

3. Liquidity risk and asset and liability management

Management and control of sustainability risks Roles and responsibilities

8. Sustainability risk

→ Development in sustainability risk in 2024

Management of sustainability risk in the different risk types

Exposure to climate risk in the loan portfolio

The table to the right lists the sectors in the loan portfolio that DNB considers to have the greatest climate risk. The key risk factors are listed for each sector, as well as the proportion of the corporate loan portfolio. There are also great opportunities associated with the corporate market portfolio, as the green shift will require large amounts of capital. This offers opportunities for DNB and makes the Group responsible for supporting the transition through financing, advisory services and requirements. DNB's efforts to be a driving force in the climate transition are described in greater detail in the sub-chapter ESRS E1 Climate change in DNB's annual report on dnb.no/sustainability-reports.

Physical climate risk

Physical climate risk could impact DNB's customers in the form of lower revenues and higher costs due to supply chain disruption and other impacts that strain production. Such risks could also lead to damage to customers' property or operations, which could impair the value of assets and the creditworthiness, leading to increased default rates, delinquencies, write-offs and impairment charges in DNB's portfolios. In addition, the Group's premises and assets may also suffer physical damage due to weather-related events, leading to increased costs.

In the loan portfolio, assessments of physical risk are conducted for the real estate portfolio.

Proportion of the corporate loan portfolio, EAD (per cent)

Sector	Climate risk - most important risk factors	2024	2023
Commercial and residential property	1 Market risk (most prominent for commercial property), e.g. energy standard and efficiency, upgrading needs.
	2 Regulatory changes (most prominent for residential property), e.g. changes in requirements relating to building standards, waste management/recycling	29,6	32,2
Oil, gas and offshore	1 Regulatory changes, e.g. relating to CO2 emissions, taxes and framework conditions
	2 Markets risk, e.g. reduction in access to credit and lower level of interesent from equity investors.
	3 Physical risk, e.g. extreme weather events	5,9	6,1
Shipping	1 Regulatory changes, e.g. emissions requirements
	2 Technology, e.g. reductions of CO2 in fuel, support from the authorities
	3 Markets risk (varies in the different sub-sectors), e.g. a shift in demand towards ships with lower emissions, transport of goods with high CO2 content.	4,1	3,8
Renewable energy	1 Market risk (considerable variation between the risk drivers in the areas of solar power, wind power, hydropower and power distribution), e.g. pace of development nationally and globally, infrastructure, export capacity
	2 Regulatory changes, e.g. stability in framework conditions, support from the authorities.	8,8	7,5
Building and construction industry	1 Market risk (most prominent in commercial property), e.g. stricter requirements for reduced emissions on building sites, upgrading of machinery
	2 Regulatory changes, e.g. increased technical requirements, emissions and reporting requirements for the value chain with associated increases in costs.	2,0	2,1

2. Capital management
3. Liquidity risk and asset and liability management

Management and control of sustainability risks Roles and responsibilities

7. Operational risk
8. Sustainability risk
→ Development in sustainability risk in 2024

Management of sustainability risk in the different risk types

These assessment makes use of data from the Eiendomsverdi property database, and data related to physical climate risk events is linked to properties through the Norwegian Land Register. Physical climate risk is further defined as chronic or acute risk as follows:

→ Chronic risk is defined as current sea level rise and sea level in 2050. The scenarios are defined based on the average maturity of our portfolio.
→ Acute risk is defined as risk of flooding, both current and future risk of flood, the current level of risk of landslides, avalanche hazard areas and major landslides.

At year-end 2024, commercial and residential real estate exposure related to chronic or acute climate change events amounted to NOK 212 billion, an increase of NOK 37 billion from 2023. The increase is mainly driven by an increase in the loan portfolio of NOK 125 billion and the composition of the portfolio.

Exposure to physical climate risk is assessed based on third-party data collected from Eiendomsverdi, and all buildings are classified based on a risk scale from 1 to 6, where risk scores 1–2 are designated as low risk, 3–4 as medium risk and 5–6 as high risk. The score is mainly based on two factors, (1) the degree of touch on the property and (2) the probability of different scenarios occurring. For 2024, properties classified as medium and high risk is included.

Exposure subject to climate change physical risk

As at 31 December 2024

		2024		2023
Amount in NOK billion	Total gross carrying amount	Chronic climate change events	Acute climate change events	Total gross carrying amount	Chronic climate change events	Acute climate change events
Loans collateralised by residential immovable property	972	17	129	862	14	117
Loans collateralised by commercial immovable property	261	12	54	261	7	37

Due to lack of data, the exposure to chronic and acute climate change events is only calculated in the loan portfolio collateralised by residential and commercial immovable properties. Data related to climate change and the link to assets other than real estate is an ongoing work and efforts are being made to improve data quality and implementation.

Read more about DNB's exposure subject to physical risk in the additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)' published on ir.dnb.no.

Transition risk

The EU Energy Efficiency Directive aims to reduce energy consumption and greenhouse gas emissions from buildings and is one of the action points in the EU's Green Deal. The latest directive was adopted in the EU in May 2024. The directive is based on much of the content of the directive from 2010 and 2018, but also contains a number of new provisions. The Ministry of Energy is working to assess the 2024 directive. For DNB's residential and commercial real estate portfolio, the directive may result in increased costs for satisfying new requirements. The directive is essential in the EU's efforts to achieve net-zero emissions by 2050.

To assess DNB's transition risk, the energy efficiency in the portfolio of commercial and residential real estate has been calculated. DNB's mortgage portfolio mainly consists of mortgages in Norway. To calculate the energy efficiency, the logic is based on EPC labels for the Norwegian portfolio. In the absence of EPC labels and energy consumption, the building's energy efficiency is estimated based on average energy consumption from Enova.

3. Liquidity risk and asset and liability management

8. Sustainability risk

→ Development in sustainability risk in 2024

Management of sustainability risk in the different risk types

Risk and

Pillar 3 | 2024

At year-end 2024, 9 per cent of the portfolio of residential properties had EPC label A or B, a decrease of 6 percentage points compared with 2023. For the portfolio of commercial properties, 9 per cent was labelled A or B, an increase of 2 percentage points from 2023. Due to lack of data, the proportion without an EPC label for residential and commercial properties was 53 per cent at year-end 2024, a decrease of 22 percentage points from 2023. The increased share of properties without EPC label is due to a change in methodology. Estimated EPC labels are in 2024 placed in the category 'Without EPC label'. This was done in order to be able to distinguish the proportion of actual and estimated EPC labels to a greater extend.

At year-end 2024, the data coverage and quality for energy consumption and EPC labels for the portfolio of properties outside Norway was low. The energy efficiency in this portfolio was therefore not estimated. We will continue to work on improving energy consumption data for our international portfolio in 2025.

To ensure a higher energy efficiency and decarbonisation of the building stock, we are continuing to strengthen DNB's in-house competence on the topic in order to further support our customers. In 2024, an internal training programme was carried out for employees in the business areas and in the investments (DNB Asset Management, DAM) on climate and climate transition. DNB also work actively in relation to policymakers, to discuss the importance of publicprivate and cross-border collaboration for achieving the broader decarbonisation efforts. Obtaining data on the actual energy performance of buildings would allow us to monitor and report on developments in energy intensity, but this data is currently not available. Read more about our work on portfolios for home mortgages, housing cooperatives and commercial real estate in the transition plan, which is available at dnb.no/sustainability-reports.

For a complete review of our energy efficiency of collaterals, see the additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)', published on ir.dnb.no.

Financed emissions

In 2021, DNB launched an ambition of reaching net zero emissions by 2050 across its lending and investment portfolio as well as in its own operations. In 2023, the Group launched its transition plan, which is a continuation of the net zero target and an important strategic tool that helps DNB understand the business implications of the net zero commitment, and to address the challenges and opportunities posed by climate change and the transition to a low-carbon economy. The plan is an integral part of DNB's corporate strategy, where delivering sustainable value creation and mitigating climate change are central.

The transition plan describes how DNB will be a driving force for the transition, and what tools DNB has to engage in dialogue with and guide customers and the companies in which it invests, with the aim of reducing their greenhouse gas emissions. The decarbonisation targets set for the loan portfolio cover 70 per cent of the financed emissions.

For the remaining part of the portfolio that was not covered, the reason is that it consists of, among other things, sectors with low emissions, sectors where DNB has low exposure or where suitable calculation methods and climate scenarios were not available. However, DNB is working to review the remaining sectors to determine whether sufficient data is available, whether it can find calculation methods and credible 1.5-degree climate scenarios for the sector.

2024 is the first year the Group has estimated financed emissions in Scope 1, 2 and 3 for the loan portfolio. The companies covered are in sectors that highly contribute to climate change. At the end of 2024, DNB's financed emissions in sectors that highly contribute to climate change totalled at 9.3 million tonnes of CO2e, of which 3.7 million tonnes CO2e were in Scope 3. The calculations of financed emissions are made by collecting company-reported data and extrapolating in the event of lack of data. There is no limit on PCAF data quality scores, which means that parts of reported financed emissions are calculated

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk
→ Development in sustainability risk in 2024
Management and control of sustainability risks
Roles and responsibilities
Management of sustainability risk in the different risk types
Stress testing of climate risk

GHG financed emissions towards sectors that highly contribute to climate change

Of which scope 3 Per 31 December 2024

based on the companies' assets and revenues. At the end of 2024, the PCAF data quality score for financed emissions for the mentioned sectors in Scope 3 was 3.6. As a result of an increase in company-reported

GHG financed emissions (scope 1,2,3)

Per 31 December 2024

emissions, the quality, as measured by the PCAF data quality score, will eventually increase. This increase in quality is also expected to result in increased financed emissions for DNB.

For more detailed information on the Group's financed emissions and methodology, see the subchapter ESRS E1 Climate change in DNB's annual report on dnb.no/sustainability-reports.

3. Liquidity risk and asset and liability management

Management of sustainability risk in the different risk types Stress testing of climate risk

→ Management and control of sustainability risks
→ Roles and responsibilities

Management and control of sustainability risks

Climate and environment, social conditions and corporate governance are integrated into DNB's strategy and corporate governance. Governing documents set out how we will work with sustainability and sustainability risk. Group Sustainability Policy is DNB's overarching governing document for sustainability and forms the basis for how the Group works with sustainability. The Group Policy for Risk Management, which covers all risk types in DNB, stipulates that sustainability risks must be taken into account in the management of all risk types. Sustainability risk assessment requirements have therefore been incorporated into the frameworks for all risk types. Read more about our sustainability governance in the sub-chapter ESRS 2 General disclosures in DNB's annual report published on dnb.no/sustainability-reports.

DNB's transition plan also serves to reduce the level of climate risk in the loan and investment portfolios. The targets set out in the plan are designed to ensure that, as a financial institution, DNB further integrates climate change considerations into processes, including the selection of – and engagement with – customers and the companies in which DNB invests. Read more about the responsibility for following up the plan in our transition plan, which is published on dnb.no/ sustainability-reports.

The recovery plan is prepared as an integral part of the Group's risk and capital management and comes into effect in the event of a breach of predefined indicators. In addition to recovery indicators, the recovery plan defines a set of metrics to be monitored, including developments in sustainability risks.

Roles and responsibilities Board of Directors

In accordance with the Board's instructions, the Board has overall responsibility for the management of DNB and for ensuring proper organisation of the business. The Board of Directors of DNB sets the Group's strategy and overall goals, including DNB's sustainability ambitions, DNB's transition plan and DNB's ambition for sustainable financing. The Board also sets requirements and expectations for business conduct and culture in the Group through the governing document Code of Conduct.

The Board has three sub-committees: the Risk Committee, the Audit Committee and the Compensation and Organisation Committee. In accordance with the instructions of the Risk Committee and the Audit Committee, it is the Risk Committee that prepares the Board's follow-up of risk management in the Group, and the Audit Committee that prepares the Board's monitoring of the process for sustainability reporting with associated internal control.

The Board follows up progress in its work on climate and the environment, social conditions and corporate governance through regular reporting. The Board also receives information about risks related to climate and the environment, social conditions and corporate governance in the quarterly risk reporting. Read more about the Board's role and responsibility in sustainability in the sub-chapter ESRS 2 General disclosures in DNB's annual report published on dnb.no/sustainability-reports.

The Group Chief Executive Officer and Group Management

The CEO has overall responsibility for the implementation of the Group's strategy and overall goals, including DNB's sustainability ambitions. Group management regularly discusses various issues related to the work on climate and the environment, social conditions and corporate governance. The Executive Vice Presidents are responsible for ensuring that their own area's operations are in accordance with adopted goals and strategies, including the Group's sustainability ambitions. Each Executive Vice President must ensure that employees within their own area of responsibility are aware of these. Read more about the roles and responsibilities of the CEO and Group Management in the area of sustainability in the chapter ESRS 2 General disclosures in DNB's annual report on dnb.no/sustainability-reports.

3. Liquidity risk and asset and liability management

→ Roles and responsibilities
→ Management of sustainability risk in the different risk types

Sustainability in Group Finance

The Sustainability Division of Group Finance, which is the Group's central unit for sustainability, is responsible for the strategic and operational development of the Group's sustainability work. The work includes DNB's sustainability ambitions, transition plan and ambitions for sustainable financing. The unit has expertise in this area and advises the Group Management and business areas on various sustainability topics. The EVP of the Sustainability Division is organised in the line of the CFO and is part of the CFO's management team. The CFO informs the CEO of matters of material importance.

Non-financial Risk Committee (NFRC)

The committee is chaired by the Chief Risk Officer (CRO) and contributes to developing DNB's management of non-financial risk. The NFRC contributes to a consistent approach and joint coordination of first-line responsibility for managing operational risk, compliance and reputational risk. The committee exchanges information, coordinates activities and advises on complex individual cases. Subject matter groups reporting to the NFRC follow up progress in areas such as money laundering, IT risk, third-party risk and data protection.

Group Risk Management

Group Risk Management (GRM) has the overall responsibility for monitoring and reporting risks related to climate, the environment and social conditions. GRM is led by the CRO, who is part of the Group Management team and has an independent reporting ability directly to the Board. The business areas and Group units are responsible for establishing, managing and following up risk management, including sustainability risk within their own area of responsibility.

GRM is responsible for the preparation of frameworks and instructions for the management of the different risk types. Sustainability risk must be integrated into the management of all types of risk.

This means that all divisions in GRM are responsible for integrating sustainability risk into their risk management processes. GRM is also responsible for the development of models and processes that ensure sound and consistent assessments of sustainability risk, in addition to being responsible for collecting data and reporting sustainability risk in Pillar 3. For more information on management and control see the chapter Risk management and control.

Management of sustainability risk in the different risk types

Requirements for sustainability risk assessment have been included in the frameworks for all risk types. However, our approach to sustainability and associated risks is rapidly evolving, and as a result, sustainability risk in processes and internal control will be further developed in the years to come. The Group considers credit risk to be the most significant of the types of risk affected by sustainability risk. The management of sustainability risk for credit risk is explained below. Other risk types are integrated into relevant processes.

Credit risk

Sustainability risk assessments are integrated into DNB's credit decisions and are managed in accordance with the Group Policy for Risk Management and the Group Instructions for Sustainability in Credit Activities. According to the instructions, activities on the part of a borrower that affect sustainability risk must be analysed in credit proposals in the same way as other potentially relevant risk drivers. DNB measures and follows up the average sustainability risk level for borrowers in the categories low, medium and high risk. This work uses a sustainability score diagram, which is sector-specific, allowing us to address the most significant risks in the different industry segments. The instructions also specify which customers DNB does not grant credit to.

3. Liquidity risk and asset and liability management

→ Management of sustainability risk in the different risk types
→ Stress testing of climate risk

Risk and capital management Pillar 3 | 2024

DNB also uses an internally developed classification tool model for assessing companies' sustainability risk. The tool covers four thematic areas: climate, the environment, social conditions and corporate governance. The sustainability classification is a very important part of the decision-making process in connection with the establishment of new credit commitments. All corporate customers are assessed in relation to sustainability, but for customers that have a total credit commitment of more than NOK 8 million, sustainability risk must be commented on in the credit proposal. For corporate customers that have a credit commitment of more than NOK 50 million, a risk classification is also required, using the in-house developed sustainability risk assessment tool. DNB´s own sustainability assessments are supplemented by sustainability analyses from third parties. A sustainability customer dialogue form has also been developed to ensure that customers have a good understanding of which sustainability areas DNB perceives as significant in relation to risk management.

In the event of high sustainability risk, the credit decision is escalated to the highest decision level below the Board. Customers with high sustainability risk must also establish an internal action plan to follow up the thematic areas that cause the risk to be assessed as high. The action plan must cover a 12-month period and must contain milestones and specify the person who is responsible. The action plan also serves as basis for further dialogue with the customer. The risk model and process are assessed on a regular basis.

For customers with moderate or high sustainability risk, specific comments must be made on how sustainability risk may affect their future debt-servicing capacity in the financial analysis section of the credit documentation.

For project financing that is subject to the Equator Principles,2 separate assessments must document compliance with the principles.

2 The Equator Principles are a common risk management framework for financial institutions to identify, assess and manage environmental and social risks in project financing.

Stress testing of climate risk

As part of the general risk assessment, DNB conducts analyses of how climate risk may inflict credit losses on the bank under different short-, medium- and longterm scenarios. The analyses are important as part of DNB's risk management, and help to make it possible to implement strategic measures to avoid potential financial losses. The development of flexible tools and the implementation of various analyses are important steps. DNB expects access to and quality of relevant data to improve steadily. The same applies to the development of scenarios and assumptions that are used as a basis for the analyses.

In 2024, DNB conducted an analysis of transition risk in the bank´s portfolio of loans to non-financial companies except real estate and agriculture. The analysis was carried out using DNB´s in-house developed tool. The analysis was made with a time horizon until 2040, and thus covers the short (0–1 year), medium term (2–5 years) and long term (more than 5 years). The scenario focuses on the entire time period and is not intended specifically for shortterm analyses. The time period includes a significant part of the emission reductions from the NGFS3 scenario Net Zero 2050. It is planned to incorporate scenarios with several time horizons in the future.

3 Network for Greening the Financial System.

3. Liquidity risk and asset and liability management

8. Sustainability risk

Management and control of sustainability risks Roles and responsibilities

Management of

sustainability risk in the different risk types

→ Stress testing of climate risk

The analysis includes how increased costs related to greenhouse gas emission may affect customers over the time horizon. The costs associated with emissions, such as carbon prices and necessary investments in emission-reducing technologies and measures, have been assessed on the basis of both current regulations and scenario-based changes. To provide a comprehensive picture of the resilience of the loan portfolio to climate-related transition risk, the analysis is based on data that takes into account differences between industries and regions where such information is available.

Overall, the analysis showed few signs that DNB is exposed to transition risk in the portfolios analysed. There are variations between industries, and the greatest impact is within maritime industries, but with great uncertainty. The greatest uncertainty is related to shipping and offshore in the Net Zero 2050 scenario. These sectors have relatively high emissions in Scope 1 and 3 today, and the impact will be greater if a fall in oil and gas production is assumed, combined with limited opportunities to pass on increased costs to customers.

Shipping will be phased into the European capand-trade system in the coming years. The quota obligation will vary based on whether the transport takes place within or outside the EU, which makes it difficult to assess how much of its own emissions a

shipping company will have to cover. There can also be large differences in investment costs between different companies in the same industry.

Inadequate data quality and several uncertain assumptions make it challenging to draw any conclusions about the consequences for DNB. Analyses of this type are not forecasts, but rather investigations of possible outcomes on the basis of assumptions, scenarios and a given loan portfolio. Nevertheless, they give DNB a good indication of which industries may be most exposed to climate risk given different assumptions, and thus where it will be most important to strengthen the availability and quality of data and assumptions in order to strengthen insight into the risk. This insight will provide us with a better basis for deciding what measures DNB can take to reduce the risk of climate-related credit losses. The analysis shows that customers' greenhouse gas emissions are important for DNB's business model. Read more about stress testing of the loan portfolio in the sub-chapter ESRS E1 Climate change in DNB's annual report on dnb.no/sustainability-reports .

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk

5 Counterparty credit risk 4. 5. 6. 7. 8. Sustainability risk

6 Market risk

7 Operational risk

8 Climate risk

9 Appendix 9.

Appendix 2: Qualitative information in accordance with Article 449a CCR

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

capital management Pillar 3 | 2023 Risk and capital management Pillar 3 | 2024

Risk and

9. Appendix

This report, Risk and capital management – Disclosure according to Pillar 3 2024, together with DNB's annual report and the additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)', provides the consolidated disclosure of DNB as required in the regulations and the guidelines given by the European Banking Authority (EBA) in 'Guidelines on disclosure requirements under Part Eight of Regulation (EU) No 575/2013 (GL 2016/11)' including Commission Delegation Regulation 2022/2453 as regards the disclosure of environmental, social and governance risks.

Requirements on disclosures regarding banks' risk and capital management are stipulated in the accounting and capital requirement regulations. As of 2024, the risk and capital information that is applicable in order to fulfil both sets of regulations is presented in DNB's Annual report for 2024. The disclosures that are specific to CRR can be found in this report in the form of quantitative information to be provided as stipulated in EBA/GL/2016/11 and in explanatory texts to the tables.

More information about DNB's risk management can be found in the Annual report 2024.

Information to be provided quarterly as stipulated in EBA/GL/2016/11 is published on DNB's website. For each article in Part Eight of Regulation (EU) No 575/2013 (CRR), the reference table below states in which of the publications the information can be found. This mapping is followed by a separate reference table for the additional Excel disclosures to the Pillar 3 report.

Appendix 1

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

Appendix 1: Reference table for CRR part 8

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
Title I	General principles
Article 431	Disclosure requirements and policies
1-2	General disclosure requirements	This report, Risk and capital management Disclosure according to Pillar 3 2024		Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
3	Requirement to have a formal policy and internal processes, systems and controls to comply with the disclosure requirements	Ch. 0: Risk Statement
4	All quantitative disclosures shall be accompanied by a qualitative narrative and any other supplementary information that may be necessary in order for the users of that information to understand the quantitative disclosures,
5	Upon request, explanations of rating decisions to SMEs or other corporate applicants for loans	Can be provided upon request
Article 432	Non-material, proprietary or confidential information
1-3	Institutions may exclude non-material, proprietary or confidential information under certain conditions	Information items not disclosed under EBA/GL/2016/11	EU templates not applicable for DNB are documented
Article 433	Frequency and scope of disclosures	Ch. 0: Introduction		Financial Calendar in Annual report and on ir.dnb.no
	General information about disclosures
Article 433a	Disclosures by large institutions	Ch. 0: Introduction		Financial Calendar in Annual report and on ir.dnb.no
	Frequency requirements for publishing disclosures of Pillar 3 information for large institutions		Contents page
Article 433b	Disclosures by small and non-complex institutions	Not applicable
Article 433c	Disclosures by other institutions	Not applicable
Article 434	Means of disclosures			Financial Reports on ir.dnb.no
1	Information medium for Pillar 3 disclosures and references to equivalent and additional data in other media
2	Reference to the locations where Pillar 3 and additional disclosures are published

1. Risk management and control

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in DNB's annual report and interim reports or on the DNB website
Title II	Technical criteria on transparency and disclosure
Article 435	Disclosure of risk management objectives and policies
1	Institutions shall disclose their risk management objectives and policies for each separate category of risk, including the risks referred to under this Title. These disclosures shall include:		Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
1a	Strategies and processes to manage the risks	Ch. 2: Capital management; Ch. 3: Liquidity risk and asset and liability management; Ch. 4: Credit risk; Ch. 5: Counterparty credit risk; Ch. 6: Market risk; Ch. 7: Operational risk; Ch.8 Sustainability risk	Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
1b	Structure and organisation of the risk management organisation including its authority and statutes	Ch. 2: Capital management; Ch. 3: Liquidity risk and asset and liability management; Ch. 4: Credit risk; Ch. 5: Counterparty credit risk; Ch. 6: Market risk; Ch. 7: Operational risk; Ch. 8: Sustainability risk	Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
1c	Scope and nature of risk reporting and measurement systems	Ch. 2: Capital management; Ch. 3: Liquidity risk and asset and liability management; Ch. 4: Credit risk; Ch. 5: Counterparty credit risk; Ch. 6: Market risk; Ch. 7: Operational risk; Ch.8 Sustainability risk	Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
1d	Policies for hedging and mitigating risk	Ch. 2: Capital management; Ch. 4: Credit risk; Ch. 5: Counterparty credit risk; Ch. 6: Market risk; Ch. 7 Operational risk	Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
1e	Declaration of conformity that the risk management system is fit-for-purpose in relation to the institution's profile and strategy	Ch.0: Risk Statement; Ch. 7: Operational Risk	Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
1f	Risk statement with overall risk profile	Ch.0: Risk statement; Ch. 1: Risk management and control	Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
2	Institutions shall disclose the following information, including regular, at least annual updates, regarding governance arrangements:			Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
2a- c	Corporate governance disclosures	Ch. 1: Risk management and control		Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
2d	Whether or not the institution has set up a separate risk committee	Ch. 1: Risk management and control		Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
2e	Description of the information flow on risk to the management body	Ch. 1: Risk management and control		Annual report 2024, chapter 'The Board of Directors' report on corporate Governance' and 'ESRS 2 - General disclosures'
Article 436	Disclosure of the scope of application
a	Name of the institution to which the requirements in CRR apply	Front page and Ch. 0: About this report
b	Reconciliation between the consolidated financial statements prepared in accordance with the applicable accounting framework and the consolidated financial statements prepared in accordance with the requirements on regulatory consolidation	Ch. 0: About this report	LI1, LI2, LI3
c	a breakdown of assets and liabilities of the consolidated financial statements prepared in accordance with the requirements on regulatory consolidation pursuant to Sections 2 and 3 of Title II of Part One, broken down by type of risks		LI1, CC2
d	a reconciliation identifying the main sources of differences between the carrying value amounts in the financial statements under the regulatory scope of consolidation as defined in Sections 2 and 3 of Title II of Part One, and the exposure amount used for regulatory purposes		LI2
e	for exposures from the trading book and the non-trading book that are adjusted in accordance with Article 34 and Article 105, a breakdown of the amounts of the constituent elements of an institution's prudent valuation adjustment, by type of risks, and the total of constituent elements separately for the trading book and non-trading book position		PV1

1. Risk management and control

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
f	any current or expected material practical or legal impediment to the prompt transfer of own funds or to the repayment of liabilities between the parent undertaking and its subsidiaries	Ch. 2: Capital Management
g	the aggregate amount by which the actual own funds are less than required in all subsidiaries that are not included in the consolidation, and the name or names of those subsidiaries;		LI3
h	where applicable, the circumstances under which use is made of the derogation referred to in Article 7 or the individual consolidation method laid down in Article 9.		LI3
Article 437	Disclosure of own funds	Ch. 2: Capital management		Annual report note G3 on Capitalisaton and capital adequacy
	Institutions shall disclose the following information regarding their own funds:		A01, A03
a	General disclosure requirements regarding own funds		CC1, CC2
b	Description of the main features of capital instruments		CCA
c	Full terms and conditions of capital instruments		CCA
d i-iii	Separate disclosures on the nature of prudential filters, deductions, and items not deducted		CC1
e	Description of restrictions applied to the calculation of own funds		CC1
f	Explanation of the basis on which capital ratios have been calculated if other than the basis specified in CRR	Not applicable	CC1
Article 438	Disclosure of own funds requirements and risk-weighted exposure amounts	Ch. 2: Capital management		Annual report note G3 on Capitalisaton and capital adequacy
	Institutions shall disclose the following information regarding the compliance by the institution with the requirements laid down in Article 92 of this Regulation and in Article 73 of Directive 2013/36/EU:		A02, A03
a	Institution's approach to assessing the adequacy of its internal capital
b	the amount of the additional own funds requirements based on the supervisory review process as referred to in point (a) of Article 104(1) of Directive 2013/36/EU and its composition in terms of Common Equity Tier 1, additional Tier 1 and Tier 2 instruments;		KM1
c	upon demand from the relevant competent authority, the result of the institution's internal capital adequacy assessment process;	Provided upon request; DNB's ICAAP-report

1. Risk management and control 2. Capital management 3. Liquidity risk and asset and liability management 4. Credit risk 5. Counterparty credit risk 6. Market risk 7. Operational risk 8. Sustainability risk 9. Appendix → Appendix 1: Reference table for CRR part 8 Appendix 2: Qualitative information in accordance with Article 449a CCR Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures Article in CRR Description management – Disclosure according to Pillar 3 2024 additional Excel disclosures report and interim reports or on the DNB website d the total risk-weighted exposure amount and the corresponding total own funds requirement determined in accordance with Article 92, to be broken down by the different risk categories set out in Part Three and, where applicable, an explanation of the effect on the calculation of own funds and risk-weighted exposure amounts that results from applying capital floors and not deducting items from own fund Ch. 4: Credit risk OV1 e the on- and off-balance-sheet exposures, the risk-weighted exposure amounts and associated expected losses for each category of specialised lending referred to in Table 1 of Article 153(5) and the on- and off-balance-sheet exposures and risk-weighted exposure amounts for the categories of equity exposures set out in Article 155(2); CR10 f the exposure value and the risk-weighted exposure amount of own funds instruments held in any insurance undertaking, reinsurance undertaking or insurance holding company that the institutions do not deduct from their own funds in accordance with Article 49 when calculating their capital requirements on an individual, sub-consolidated and consolidated basis OV1, INS1 g the supplementary own funds requirement and the capital adequacy ratio of the financial conglomerate calculated in accordance with Article 6 of Directive 2002/87/EC and Annex I to that Directive where method 1 or 2 set out in that Annex is applied; INS2 h the variations in the risk-weighted exposure amounts of the current disclosure period compared to the immediately preceding disclosure period that result from the use of internal models, including an outline of the key drivers explaining those variations CR8, CCR7 Article 439 Disclosure of exposures to counterparty credit risk Ch 5: Counterparty credit risk a Methodology to assign internal capital and credit limits for counterparty credit exposures b Policies for securing collateral and establishing credit reserves c Policies with respect to wrong-way risk exposures d Impact of the amount of collateral the institution would have to provide given a downgrade in its credit rating e the amount of segregated and unsegregated collateral received and posted per type of collateral, further broken down between collateral used for derivatives and securities financing transactions CCR5 f for derivative transactions, the exposure values before and after the effect of the credit risk mitigation as determined under the methods set out in Sections 3 to 6 of Chapter 6 of Title II of Part Three CCR1

Reference in Risk and capital

Reference in Pillar 3

Risk and capital management Pillar 3 | 2024

Reference in DNB's annual

1. Risk management and control

2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk

9. Appendix

→ Appendix 1: Reference table for CRR part 8
Appendix 2: Qualitative information in accordance with Article 449a CCR
Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
g	for securities financing transactions, the exposure values before and after the effect of the credit risk mitigation as determined under the methods set out in Chapters 4 and 6 of Title II of Part Three,		CCR1
h	the exposure values after credit risk mitigation effects and the associated risk exposures for credit valuation adjustment capital charge, separately for each method as set out in Title VI of Part Three		CCR2
i	The exposure value to central counterparties and the associated risk exposures within the scope of Section 9 of Chapter 6 of Title II of Part Three, separately for qualifying and non-qualifying central counterparties, and broken down by types of exposures;		CCR8
j	the notional amounts and fair value of credit derivative transactions; credit derivative transactions shall be broken down by product type; within each product type, credit derivative transactions shall be broken down further by credit protection bought and credit protection sold	Not applicable	CCR6
k	the estimate of alpha where the institution has received the permission of the competent authorities to use its own estimate of alpha in accordance with Article 284(9)	Not applicable	CCR1
l	separately, the disclosures included in point (e) of Article 444 and point (g) of Article 452		CCR3, CCR4
m	for institutions using the methods set out in Sections 4 to 5 of Chapter 6 of Title II Part Three, the size of their on- and off-balance-sheet derivative business as calculated in accordance with Article 273a(1) or (2), as applicable.		CCR1
Article 440	Disclosure of countercyclical capital buffers	Ch. 2: Capital Management
a	Geographic distribution of credit exposures for calculating the countercyclical capital buffer		CCyB1
b	Amount of the countercyclical capital buffer		CCyB2
Article 441	Disclosure of indicators of global systemic importance	Not applicable
	Indicators used for determining the score of the institution in accordance with the identification methodology
Article 442	Disclosure of exposures to credit and dilution risk	Ch. 4: Credit risk
a	the scope and definitions that they use for accounting purposes of 'past due' and 'impaired' and the differences, if any, between the definitions of 'past due' and 'default' for accounting and regulatory purposes;			Annual report note G1 Accounting principles and note G4 Credit risk management
b	Methods for determining specific and general credit risk adjustments			Annual report note G4 Credit risk management

1. Risk management and control

3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
c	Information on the amount and quality of performing, non-performing and forborne exposures for loans, debt securities and off-balance-sheet exposures, including their related accumulated impairment, provisions and negative fair value changes due to credit risk and amounts of collateral and financial guarantees received;		CQ1, CQ3, CQ4, CQ5, CQ7,CR1	Annual report note G8 Impairment of financial instruments and G10 Development in accumulated impairment of financial instruments
d	an ageing analysis of accounting past due exposures;		CQ3
e	The gross carrying amounts of both defaulted and non-defaulted exposures, the accumulated specific and general credit risk adjustments, the accumulated write-offs taken against those exposures and the net carrying amounts and their distribution by geographical area and industry type and for loans, debt securities and off-balance-sheet exposures;		CQ4, CQ5	Annual report note G8 Impairment of financial instruments and G10 Development in accumulated impairment of financial instruments
f	Any changes in the gross amount of defaulted on- and off-balance-sheet exposures, including, as a minimum, information on the opening and closing balances of those exposures, the gross amount of any of those exposures reverted to non-defaulted status or subject to a write-off;		CR1
g	the breakdown of loans and debt securities by residual maturity.		CR1-A
		Ch. 3: Liquidity management and
Article 443	Disclosure of encumbered and unencumbered assets Institutions shall disclose information concerning their encumbered and unencumbered assets. For those purposes, institutions shall use the carrying amount per exposure class broken down by asset quality and the total amount of the carrying amount that is encumbered and unencumbered. Disclosure of information on encumbered and unencumbered assets shall not reveal emergency liquidity assistance provided by central banks.	asset and liability management	AE1, AE2, AE3
Article 444	Disclosure of the use of the Standardised Approach	Ch. 4: Credit risk
	Institutions calculating their risk-weighted exposure amounts in accordance with Chapter 2 of Title II of Part Three shall disclose the following information for each of the exposure classes set out in Article 112:
a	Names of the nominated ECAIs and ECAs and the reasons for any changes in those nominations over the disclosure period;		CR5
b	Exposure classes for which each ECAI or ECA is used		CR5
c	Description of the process used to transfer the issuer and issue credit assessments onto items not included in the trading book	Not applicable
d	Association of the external rating of each nominated ECAI or ECA with the institution's scale of credit quality steps	Not applicable
e	Exposure values before and after credit risk mitigation associated with each credit quality step		CR4, CR5, CCR3

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
Article 445	Exposure to market risk	Ch. 6: Market risk
	Capital requirements for market risk		MR1	Annual report note G3 on Capitalisaton and capital adequacy and note G12 Market risk.
Article 446	Disclosure of operational risk management	Ch. 2: Capital management; Ch. 7: Operational risk
	Institutions shall disclose the following information about their operational risk management:
a	Approaches for the assessment of own funds requirements for operation risk that the institution qualifies for;
b	where the institution makes use of it, a description of the methodology set out in Article 312(2), which shall include a discussion of the relevant internal and external factors being considered in the institution's advanced measurement approach;	Not applicable
c	in the case of partial use, the scope and coverage of the different methodologies used.	Not applicable	OR1
Article 447	Disclosure of key metrics
a	Composition of own funds and own funds requirements		KM1
b	Total risk exposure amount		KM1
c	Amount and composition of additional own funds which the institutions are required to hold		KM1
d	Combined buffer requirement which the institutions are required to hold		KM1
e	Leverage ratio and the total exposure measure as calculated in accordance with Article 429		KM1
f (i-iii)	Information in relation to liquidity coverage ratio as calculated		KM1
g (i-iii)	Information in relation to net stable funding requirement as calculated		KM1
h	Own funds and eligible liabilities ratios and their components, numerator and denominator		KM2, TLAC1
Article 448	Disclosure of exposures to interest rate risk on positions not included in the trading book	Ch.6: Market risk, section IRRBB
	Institutions shall disclose the following information on their exposure to interest rate risk on positions not included in the trading book:		IRRBB1

1. Risk management and control

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
1a	the changes in the economic value of equity calculated under the six supervisory shock scenarios referred to in Article 98(5) of Directive 2013/36/EU for the current and previous disclosure periods;
1b	the changes in the net interest income calculated under the two supervisory shock scenarios referred to in Article 98(5) of Directive 2013/36/EU for the current and previous disclosure periods;
1c	a description of key modelling and parametric assumptions, other than those referred to in points (b) and (c) of Article 98(5a) of Directive 2013/36/EU used to calculate changes in the economic value of equity and in the net interest income required under points (a) and (b) of this paragraph;
1d	an explanation of the significance of the risk measures disclosed under points (a) and (b) of this paragraph and of any significant variations of those risk measures since the previous disclosure reference date;
1e	the description of how institutions define, measure, mitigate and control the interest rate risk of their non-trading book activities for the purposes of the competent authorities' review in accordance with Article 84 of Directive 2013/36/EU, including:
(i)	a description of the specific risk measures that the institutions use to evaluate changes in their economic value of equity and in their net interest income;
(ii)	a description of the key modelling and parametric assumptions used in the institutions' internal measurement systems that would differ from the common modelling and parametric assumptions referred to in Article 98(5a) of Directive 2013/36/EU for the purpose of calculating changes to the economic value of equity and to the net interest income, including the rationale for those differences;
(iii)	a description of the interest rate shock scenarios that institutions use to estimate the interest rate risk;
(iv)	an outline of how often the evaluation of the interest rate risk occurs;
1f	the description of the overall risk management and mitigation strategies for those risks;
1g	average and longest repricing maturity assigned to non-maturity deposits.
2	Nature of the interest rate risk and key assumptions and frequency of measurement of interest rate risk
	By way of derogation from paragraph 1 of this Article, the requirements set out in points (c) and (e)(i) to (e)(iv) of paragraph 1 of this Article shall not apply to institutions that use the standardised methodology or the simplified standardised methodology referred to in Article 84(1) of Directive 2013/36/EU. interest rate risk, broken down by currency

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
Article 449	Disclosure of exposures to securitsation positions
	Exposure to securitisation positions	Ch. 4: Credit risk	SEC1, SEC3
Article 449a	Disclosure of environmental, social and governance risks (ESG risks)	Ch. 8: Sustainability risk
Table 1	Qualitative information on Environmental risk	Ch. 8: Sustainability risk, Appendix 2: 'Qualitative information in accordance with Article 449a CCR'
Table 2	Qualitative information on Social risk	Ch. 8: Sustainability risk, Appendix 2: 'Qualitative information in accordance with Article 449a CCR'
Table 3	Qualitative information on Governance risk	Ch. 8: Sustainability risk, Appendix 2: 'Qualitative information in accordance with Article 449a CCR'
Template 1	Banking book- Indicators of potential climate Change transition risk: Credit quality of exposures by sector, emissions and residual maturity		ESG1
Template 2	Banking book - Indicators of potential climate change transition risk: Loans collateralised by immovable property - Energy efficiency of the collateral		ESG2
Template 3	Banking book - Indicators of potential climate change transition risk: Alignment metrics		ESG3
Template 4	Banking book - Indicators of potential climate change transition risk: Exposures to top 20 carbon-intensive firms		ESG4
Template 5	Banking book - Indicators of potential climate change physical risk: Exposures subject to physical risk		ESG5
Template 6	Summary of key performance indicators (KPIs) on the Taxonomy-aligned exposures		ESG6	Annual report 2024, sub chapter: EU Taxonomy
Template 7	Mitigating actions: Assets for the calculation of GAR		ESG7	Annual report 2024, sub chapter: EU Taxonomy
Template 8	GAR (%)		ESG8	Annual report 2024, sub chapter: EU Taxonomy
Template 9	Mitigating actions: BTAR	Voluntary, not reported as at 31 December 2024
Template 10	Other climate change mitigating actions that are not covered in Regulation (EU) 2020/852		ESG10

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
Article 450	Disclosure of remuneration policy			Annual Report note G47 Remunerations etc. and 'Remuneration report for executive and non-executive directors for 2024' on dnb.no.
1	Remuneration policy and practices:
1-a	Decision-making process used for determining remuneration policy, and number of meetings held by main body overseeing remuneration during the financial year		EU REMA
1-b	link between pay and performance		EU REMA
1 c-f	Criteria for performance measurement, parameters and rationale for any variable component scheme		EU REMA
1 g-j	Aggregate quantitative information on remuneration, including breakdowns		EU REM1
2	Quantitative information about remuneration to members of the institution's management body for significant institutions		EU REM1, EU REM5
Article 451	Disclosure of leverage ratio	Ch. 2: Capital management
1-a	Leverage ratio		LR1, LR2
1-b	a breakdown of the total exposure measure as well as a reconciliation of the total exposure measure with the relevant information disclosed in published financial statements;		LR1, LR2, LR3
1-c	The amount of exposures calculated in accordance with Articles 429(8) and 429a(1) and the adjusted leverage ratio calculated in accordance with Article 429a(7);		LR2
1-d	Description of the processes used to manage the risk of excessive leverage
1-e	Description of factors that had an impact on the leverage ratio during the period		LR1
2	Disclosures for public development institutions
3	Large institutions shall disclose the leverage ratio and the breakdown of the total exposure measure referred to in Article 429(4) based on averages		LR2

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk

9. Appendix

→ Appendix 1: Reference table for CRR part 8
Appendix 2: Qualitative information in accordance with Article 449a CCR
Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures
Article 451a	Dislosure of liquidity requirements	Ch. 3: Liquidity risk and asset and liability management
1	General requirement
2	Disclosure of information in relation to liquidity coverage ratio (LCR)		LIQ1
a-c	Disclosure of averages based on end-of-the-month observations over the preceding 12 months for each quarter of the relevant disclosure period		LIQ1
3	Disclosure of information in relation to net stable funding ratio (NSFR)		LIQ2
a-c	Quarter-end figures of available and required stable funding		LIQ2
4	Institutions shall disclose the arrangements, systems, processes and strategies put in place to identify, measure, manage and monitor their liquidity risk
Title III	Qualifying requirements for the use of particular instruments or methodologies
Article 452	Disclosure of the use of the IRB approach to credit risk	Ch. 4: Credit risk
a	Competent authority's permission of the approach or approved transition
b	for each exposure class referred to in Article 147, the percentage of the total exposure value of each exposure class subject to the Standardised Approach or to the IRB Approach, as well as the part of each exposure class subject to a roll-out plan		CR6-A
c	the control mechanisms for rating systems at the different stages of model development, controls and changes, which shall include information on:
(i)	the relationship between the risk management function and the internal audit function;
(ii)	the rating system review;
(iii)	the procedure to ensure the independence of the function in charge of reviewing the models from the functions responsible for the development of the models;
(iv)	the procedure to ensure the accountability of the functions in charge of developing and reviewing the models;
d	the role of the functions involved in the development, approval and subsequent changes of the credit risk models; separately for each IRB exposure class
e	the scope and main content of the reporting related to credit risk models;
f	description of the internal ratings process by exposure class, including the number of key models used with respect to each portfolio and a brief discussion of the main differences between the models within the same portfolio, covering:

1. Risk management and control

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Pillar 3 additional Excel disclosures
(i)	definitions, methods and data for estimation and validation of PD, which shall include information on how PDs are estimated for low default portfolios, whether there are regulatory floors and the drivers for differences observed between PD and actual default rates at least for the last three periods;
(ii)	where applicable, the definitions, methods and data for estimation and validation of LGD, such as methods to calculate downturn LGD, how LGDs are estimated for low default portfolio and the time lapse between the default event and the closure of the exposure;
(iii)	where applicable, the definitions, methods and data for estimation and validation of conversion factors, including assumptions employed in the derivation of those variables;
g	as applicable, the following information in relation to each exposure class referred to in Article 147:	CR6, CCR4
(i)	gross on-balance-sheet exposure	CR6
(ii)	off-balance-sheet exposure values prior to the relevant conversion factor	CR6
(iii)	exposure after applying the relevant conversion factor and credit risk mitigation;	CR6
(iv)	any model, parameter or input relevant for the understanding of the risk weighting and the resulting risk exposure amounts disclosed across a sufficient number of obligor grades (including default) to allow for a meaningful differentiation of credit risk	CR6
(v)	separately for those exposure classes in relation to which institutions have received permission to use own LGDs and conversion factors for the calculation of risk weighted exposure amounts, and for exposures for which the institutions do not use such estimates, the values referred to in points (i) to (iv) subject to that permission	CR6
h	institutions' estimates of PDs against the actual default rate for each exposure class over a longer period, with separate disclosure of the PD range, the external rating equivalent, the weighted average and arithmetic average PD, the number of obligors at the end of the previous year and of the year under review, the number of defaulted obligors, including the new defaulted obligors, and the annual average historical default rate.	CR9

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures	Reference in DNB's annual report and interim reports or on the DNB website
				Annual report note G4 Credit risk management and note G6
Article 453	Disclosure of the use of credit risk mitigation techniques	Ch. 4: Credit risk		Credit risk exposure
a	Policies and processes for on- and off-balance-sheet netting
b	Policies and processes for collateral valuation and management
c	Main types of collateral taken by the institution
d	Main types of guarantor and credit derivative counterparty and their creditworthiness
e	Information about market or credit risk concentrations within the credit mitigation taken	Not applicable
f	Exposure value covered by eligible financial and other collateral for exposures under the standardised approach or the IRB approach without own estimates of LGD and CCF		CR3
g	Conversion factor and the credit risk mitigation associated with the exposure and the incidence of credit risk mitigation techniques with and without substitution effect
h	For institutions calculating risk-weighted exposure amounts under the Standardised Approach, the on- and off-balance-sheet exposure value by exposure class before and after the application of conversion factors and any associated credit risk mitigation		CR4
i	For institutions calculating risk-weighted exposure amounts under the Standardised Approach, the risk-weighted exposure amount and the ratio between that risk-weighted exposure amount and the exposure value after applying the corresponding conversion factor and the credit risk mitigation associated with the exposure; the disclosure set out in this point shall be made separately for each exposure class;		CR4
j	Credit risk mitigation impact of credit derivatives
Article 454	Use of the Advanced Measurement Approaches to operational risk	Not applicable
	Description of the use of insurance and other risk transfer mechanisms to mitigate operational risk
Article 455	Use of Internal Market Risk Models	Not applicable
a-g	Institutions calculating their capital requirements in accordance with Article 363 shall disclose the following information:

Appendix 2

3. Liquidity risk and asset and liability management

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Appendix 2: Qualitative information in accordance with Article 449a CCR

	Environmental risk – table 1
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
	Business strategy and processes
(a)	Institution's business strategy to integrate environmental factors and risks, taking into account the impact of environmental factors and risks on institution's business environment, business model, strategy and financial planning	Ch. 8: Sustainability risk		'Strategy' and 'ESRS E1 Climate change' in DNB´s annual report 2024 'DNB's sustainability ambitions' and 'DNB´s transition plan' published on dnb.no/sustainability-reports
(b)	Objectives, targets and limits to assess and address environmental risk in short-, medium-, and long-term, and performance assessment against these objectives, targets and limits, including forward-looking information in the design of business strategy and processes			'ESRS E1 Climate change' in DNB´s annual report 2024 'DNB's sustainability ambitions' and 'DNB's transition plan' published on dnb.no/sustainability-reports
(c)	Current investment activities and (future) investment targets towards environmental objectives and EU Taxonomy-aligned activities		ESG 6 ESG 7 ESG 8	'ESRS E1 Climate change' and 'Disclosure of information in accordance with Article 8 of Regulation (EU) 2020/852 (the Taxonomy regulation)' in DNB´s annual report 2024
(d)	Policies and procedures relating to direct and indirect engagement with new or existing counterparties on their strategies to mitigate and reduce environmental risks	Ch. 8 Sustainability risk		'DNB's transition plan', 'Sustainability in DNB's credit activities – Group instructions', 'Assessment tool for CSR/ESG risk', 'Group policy sustainability', 'Group instructions for responsible investments', 'Guidelines for voting in Norway' and 'Global voting guidelines' published on dnb.no/sustainability-reports
	Governance
(e)	Responsibilities of the management body for setting the risk framework, supervising and managing the implementation of the objectives, strategy and policies in the context of environmental risk management covering relevant transmission channels	Ch. 0: Risk statement from the Board of Directors Ch. 8: Sustainability risk		'The Board of Directors' report on corporate governance' and 'ESRS 2 General disclosures' in DNB´s annual report 2024
(f)	Management body's integration of short-, medium- and long term effects of environmental factors and risks, organisational structure both within business lines and internal control functions			'Corporate Governance at DNB' published on dnb.no/sustainability-reports

3. Liquidity risk and asset and liability management

9. Appendix

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

	Environmental risk – table 1
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
(g)	Integration of measures to manage environmental factors and risks in internal governance arrangements, including the role of committees, the allocation of tasks and responsibilities, and the feedback loop from risk management to the management body covering relevant transmission channels	Ch. 0: Risk statement from the Board of Directors Ch. 8: Sustainability risk		'ESRS 2 General disclosures' in DNB´s annual report 2024 'Group policy sustainability' and 'Corporate Governance at DNB' published on dnb.no/sustainability-reports
(h)	Lines of reporting and frequency of reporting relating to environmental risk	Ch. 8: Sustainability risk Ch. 1: Risk management and control	Content page	'ESRS 2 General disclosures' in DNB´s annual report 2024
(i)	Alignment of the remuneration policy with institution's environmental risk-related objectives			'ESRS 2 General disclosures', Annual report 2024 'Guidelines for the Remuneration of Executive and Non-executive Directors' published on dnb.no/en/about-us
	Risk management
(j)	Integration of short-, medium- and long-term effects of environmental factors and risks in the risk framework	Ch. 8: Sustainability risk		ESRS 2 General disclosures' in DNB´s annual report 2024
(k)	Definitions, methodologies and international standards on which the environmental risk management framework is based	Ch. 8: Sustainability risk		'ESRS 2 General disclosures' and 'ESRS E1 Climate change' in DNB´s annual report 2024
(l)	Processes to identify, measure and monitor activities and exposures (and collateral where applicable) sensitive to environmental risks, covering relevant transmission channels	Ch. 8: Sustainability risk	ESG 5	'ESRS 2 General disclosures' and 'ESRS E1 Climate change' in DNB´s annual report 2024
(m)	Activities, commitments and exposures contributing to mitigate environmental risks	Ch. 8: Sustainability risk	ESG 7 ESG 8 ESG 10	'ESRS E1 Climate change' and 'Disclosure of information in accordance with Article 8 of Regulation (EU) 2020/852 (the Taxonomy regulation) in DNB´s annual report 2024 'DNB's transition plan' published on dnb.no/sustainability-reports
(n)	Implementation of tools for identification, measurement and management of environmental risks	Ch. 8: Sustainability risk		'ESRS E1 Climate change' in DNB´s annual report 2024
(o)	Results and outcome of the risk tools implemented and the estimated impact of environmental risk on capital and liquidity risk profile	Ch. 8: Sustainability risk		'ESRS E1 Climate change' in DNB´s annual report 2024

3. Liquidity risk and asset and liability management

management framework

9. Appendix

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Environmental risk – table 1
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
(p)	Data availability, quality and accuracy, and efforts to improve these aspects	Ch. 8: Sustainability risk		'ESRS E1 Climate change' in DNB´s annual report 2024
(q)	Description of limits to environmental risks (as drivers of prudential risks) that are set, and triggering escalation and exclusion in the case of breaching these limits	Ch. 8: Sustainability risk		'ESRS E1 Climate change' in DNB´s annual report 2024 'Sustainability in DNB's credit activities - Group instructions' published on dnb.no/sustainability-reports
(r)	Description of the link (transmission channels) between environmental risks with credit risk, liquidity and funding risk, market risk, operational risk and reputational risk in the risk	Ch. 8: Sustainability risk		'ESRS E1 Climate change' in DNB´s annual report 2024

3. Liquidity risk and asset and liability management

9. Appendix

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Social risk – table 2
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
	Business strategy and processes
(a)	Adjustment of the institution's business strategy to integrate social factors and risks taking into account the impact of social risk on the institution's business environment, business model, strategy and financial planning	Ch. 8: Sustainability risk		'Strategy' and 'ESRS S1 Own workforce' and 'ESRS S4 consumer and end users' in DNB´s annual report 2024 'DNB's sustainability ambitions' published on dnb.no/sustainability-reports
(b)	Objectives, targets and limits to assess and address social risk in short-term, medium-term and long-term, and performance assessment against these objectives, targets and limits, including forward-looking information in the design of business strategy and processes			'ESRS S1 Own workforce' and 'ESRS S4 consumer and end-users' in DNB´s annual report 2024 'DNB's sustainability ambitions', 'Disclosure under the Norwegian Transparency Act 2024' published on dnb.no/sustainability-reports
(c)	Policies and procedures relating to direct and indirect engagement with new or existing counterparties on their strategies to mitigate and reduce socially harmful activities			'ESRS 2 General discloures' in DNB´s annual report 2024 'Group policy sustainability', 'Group instructions for responsible investments', 'Sustainability in DNB's credit activities - Group instructions' published on dnb.no/sustainability-reports
	Governance
(d)	Responsibilities of the management body for setting the risk framework, supervising and managing the implementation of the objectives, strategy and policies in the context of social risk management covering counterparties' approaches to:	Ch. 8: Sustainability risk		'ESRS 2 General discloures', 'ESRS S1 Own workforce' and 'ESRS S4 consumer and end-users' in DNB´s annual report 2024 'DNB's sustainability ambitions' 'Disclosure under the Norwegian Transparency Act 2024' 'Group policy sustainability' published on dnb.no/sustainability-reports
(i)	Activities towards the community and society
(ii)	Employee relationships and labour standards
(iii)	Customer protection and product responsibility
(iv)	Human rights
(e)	Integration of measures to manage social factors and risks in internal governance arrangements, including the role of committees, the allocation of tasks and responsibilities, and the feedback loop from risk management to the management body	Ch. 8: Sustainability risk		'ESRS 2 General disclosures' in DNB´s annual report 2024 'Group policy sustainability' published on dnb.no/sustainability-reports

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

	Social risk – table 2
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
(f)	Lines of reporting and frequency of reporting relating to social risk	Ch. 8: Sustainability risk		'Disclosure under the Norwegian Transparency Act 2024', 'Group policy sustainability', 'Group instructions for responsible investments' and 'Sustainability in DNB's credit activities - Group instructions' published on dnb.no/sustainability-reports
(g)	Alignment of the remuneration policy in line with institution's social risk-related objectives			'ESRS 2 General disclosures' in DNBs annual report 2024 'Guidelines for the Remuneration of Executive and Non-executive Directors' published on dnb.no/en/about-us
	Risk management
(h)	Definitions, methodologies and international standards on which the social risk management framework is based			'ESRS 2 General discloures', 'ESRS S1 Own workforce' and 'ESRS S4 consumer and end-users' in DNB´s annual report 2024 'Group policy sustainability' 'Sustainability in DNB's credit activities - Group instructions', 'Group instructions for responsible investments' and 'Assessment tool for CSR/ESG risk' published on dnb.no/sustainability-reports
(i)	Processes to identify, measure and monitor activities and exposures (and collateral wher applicable) sensitive to social risk, covering relevant transmission channels			'ESRS 2 General discloures', 'ESRS S1 Own workforce' and 'ESRS S4 consumer and end-users' in DNBs annual report 2024 'Group policy sustainability' 'Sustainability in DNB's credit activities - Group instructions', 'Group instructions for responsible investments' and 'Assessment tool for CSR/ESG risk' published on dnb.no/sustainability-reports
(j)	Activities, commitments and assets contributing to mitigate social risk			'Disclosure under the Norwegian Transparency Act 2024' 'Group policy sustainability' 'Sustainability in DNB's credit activities - Group instructions', 'Group instructions for responsible investments' and 'Assessment tool for CSR/ESG risk' published on dnb.no/sustainability-reports
(k)	Implementation of tools for identification and management of social risk			'Disclosure under the Norwegian Transparency Act 2024' 'Group policy sustainability' 'Sustainability in DNB's credit activities - Group instructions', 'Group instructions for responsible investments' and 'Assessment tool for CSR/ESG risk' published on dnb.no/sustainability-reports

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
(l)	Description of setting limits to social risk and cases to trigger escalation and exclusion in the case of breaching these limits			'ESRS S1 Own workforce' and 'ESRS S4 Consumers and end-users', Annual report 2024 'Disclosure under the Norwegian Transparency Act 2024' 'Group policy sustainability' 'Sustainability in DNB's credit activities - Group instructions', 'Group instructions for responsible investments' and 'Assessment tool for CSR/ESG risk' published on dnb.no/sustainability-reports
(m)	Description of the link (transmission channels) between environmental risks with credit risk, liquidity and funding risk, market risk, operational risk and reputational risk in the risk management framework	Ch. 8: Sustainability risk

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Governance risk – table 3
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2024	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
	Governance
(a)	Institution's integration in their governance arrangements governance performance of the counterparty, including committees of the highest governance body, committees responsible for decision-making on economic, environmental, and social topics	Ch. 8: Sustainability risk		'ESRS 2 General disclosures', Annual report 2024 'Group policy sustainability' and 'Corporate Governance at DNB' published on dnb.no/sustainability-reports
(b)	Institution's accounting of the counterparty's highest governance body's role in non-financial reporting	Ch. 8: Sustainability risk		'ESRS 2 General disclosures', Annual report 2024 'Group policy sustainability', 'DNB's ethical guidelines for third parties', 'DNB's ethical principles – Code of Conduct' and 'Corporate Governance at DNB' published on dnb.no/sustainability-reports
(c)	Institution's integration in governance arrangements of the governance performance of their counterparties including:		'Group policy sustainability', 'DNB's ethical guidelines for third parties', 'Assessment tool for CSR/ESG risk', 'DNB's ethical principles – Code of
(i)	Ethical considerations			Conduct' and 'Corporate Governance at DNB' published on dnb.no/ sustainability-reports
(ii)	Strategy and risk management
(iii)	Inclusiveness
(iv)	Transparency
(v)	Management of conflict of interest
(vi)	Internal communication on critical concerns
	Risk management
(d)	Institution's integration in risk management arrangements the governance performance of their counterparties considering:			'Group policy sustainability', 'DNB's ethical guidelines for third parties', 'Assessment tool for CSR/ESG risk', 'DNB's ethical principles – Code of
(i)	Ethical considerations			Conduct' and 'Corporate Governance at DNB' published on dnb.no/
(ii)	Strategy and risk management			sustainability-reports
(iii)	Inclusiveness
(iv)	Transparency
(v)	Management of conflict of interest
(vi)	Internal communication on critical concerns

Appendix 3

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. Sustainability risk

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

→ Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

				31 December 2024
	Unless otherwise stated, figures in the templates are figures for DNB Group – regulatory consolidation	Annex	Article in CRR II	Updated
Own funds
CC1	Composition of regulatory own funds	Annex VII	Points (a), (d), (e) and (f) of Article 437	Semi-Annually
CC2	Reconciliation of regulatory own funds to balance sheet in the audited financial statements	Annex VII	Point (a) of Article 437	Semi-Annually
A01	Own funds and capital ratios, DNB Bank ASA and DNB Group		Article 437	Quarterly
	Key metrics and overview of risk exposure amounts
OV1	Overview of risk exposure amounts	Annex I	Point (d) of Article 438	Quarterly
KM1	Key metrics (at consolidated group level)	Annex I	Points (a) to (g) of Article 447 and point (b) of Article 438	Quarterly
INS1	Insurance participations	Annex I	Point (f) of Article 438	Annually
INS2	Financial conglomerates information on own funds and capital adequacy ratio	Annex I	Points (g) of Article 438	Annually
A02	Specification of risk exposure amounts and capital requirements, DNB Group and DNB Bank ASA		Article 438	Quarterly
A03	Specification of risk exposure amounts and capital requirements, associated companies		Article 438	Quarterly
	Scope of application
LI1	Differences between accounting and regulatory scopes of consolidation and the mapping of financial statement categories with regulatory risk categories	Annex V	Point (c) of Article 436	Annually
LI2	Main sources of differences between regulatory exposure amounts and carrying values in financial statements	Annex V	Point (d) of Article 436	Annually
LI3	Outline of the differences in the scopes of consolidation (entity by entity)	Annex V	Point (b) of Article 436	Annually
PV1	Prudent valuation adjustments (PVA)	Annex V	Point (e) of Article 436	Annually
Credit risk quality
CQ1	Credit quality of forborne exposures	Annex XV	Point (c) of Article 442	Semi-Annually
CQ3	Credit quality of performing and non-performing exposures by past due days	Annex XV	Points (c) and (d) of Article 442	Annually
CQ4	Quality of non-performing exposures by geography	Annex XV	Points (c) and (e) of Article 442	Semi-Annually
CQ5	Credit quality of loans and advances by industry	Annex XV	Points (c) and (e) of Article 442	Semi-Annually
CQ7	Collateral obtained by taking possession and execution processes	Annex XV	Point (c) of Article 442	Semi-Annually
CR1	Performing and non-performing exposures and related provisions	Annex XV	Points (c) and (f) of Article 442	Semi-Annually

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

→ Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

				31 December 2024
	Unless otherwise stated, figures in the templates are figures for DNB Group – regulatory consolidation	Annex	Article in CRR II	Updated
CR1-A	Maturity of exposures	Annex XV	Point (g) of Article 442	Semi-Annually
CR2	Changes in the stock of non-performing loans and advances	Annex XV	Point (f) of Article 442	Semi-Annually
	Credit risk mitigation techniques
CR3	Disclosure of the use of credit risk mitigation techniques	Annex XVII	Point (f) of Article 453	Semi-Annually
	Standardised approach
CR4	Standardised approach – Credit risk exposure and CRM effects	Annex XIX	Points (g), (h) and (i) of Article 453 CRR and point (e) of Article 444	Semi-Annually
CR5	Standardised approach	Annex XIX	Point (e) of Article 444	Semi-Annually
	IRB approach to credit risk
CR6	IRB approach – Credit risk exposures by exposure class and PD range	Annex XXI	Point (g) of Article 452	Semi-Annually
CR6-A	Scope of the use of IRB and SA approaches	Annex XXI	Point (b) of Article 452	Annually
CR7-A	IRB approach – Disclosure of the extent of the use of CRM techniques	Annex XXI	Point (g) of Article 453	Semi-Annually
CR8	REA flow statements of credit risk exposures under the IRB approach	Annex XXI	Point (h) of Article 438	Quarterly
CR9	IRB approach – Back-testing of PD per exposure class (fixed PD scale)	Annex XXI	Point (h) of Article 452	Annually
	Exposures to counterparty credit risk
CCR1	Analysis of CCR exposure by approach	Annex XXV	Points (f), (g), (k) and (m) of Article 439	Semi-Annually
CCR2	Transactions subject to own funds requirements for CVA risk	Annex XXV	Point (h) of Article 439	Semi-Annually
CCR3	Standardised approach – CCR exposures by regulatory exposure class and risk weights	Annex XXV	Point (l) of Article 439 referring to point (e) of Article 444	Semi-Annually
CCR4	IRB approach – CCR exposures by exposure class and PD scale	Annex XXV	Point (l) of Article 439 referring to point (g) of Article 452	Semi-Annually
CCR5	Composition of collateral for CCR exposures	Annex XXV	Point (e) of Article 439	Semi-Annually
CCR7	REA flow statements of CCR exposures under the IMM	Annex XXV	Point (h) of Article 438	Quarterly
CCR8	Exposures to CCPs	Annex XXV	Point (i) of Article 439	Semi-Annually
	Standardised approach and internal model for market risk
MR1	Market risk under the standardised approach	Annex XXIX	Article 445	Semi-Annually
	Standardised approach and internal model for market risk
SEC1	Securitisation exposures in the non-trading book	Annex XXVII	Article 449	Semi-Annually
SEC3	Securitisation exposures in the non-trading book and associated regulatory capitalrequirements	Annex XXVII	Article 449	Semi-Annually

institution acting as originator or as sponsor

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

→ Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

31 December 2024

	Unless otherwise stated, figures in the templates are figures for DNB Group – regulatory consolidation	Annex	Article in CRR II	Updated
Key Metrics
CCyB1	Geographical distribution of credit exposures relevant for the calculation of the countercyclical buffer	Annex IX	Point (a) of Article 440	Semi-Annually
CCyB2	Amount of institution-specific countercyclical capital buffer	Annex IX	Point (b) of Article 440	Semi-Annually
Leverage ratio
LR1 LR2	Summary reconciliation of accounting assets and leverage ratio exposures Leverage ratio common disclosure	Annex XI Annex XI	Point (b) of Article 451(1) Article 451(3) – Rows 28 to 31a Points (a), (b) and (c) of Article 451(1) and Article 451(2) – Rows up to row 28. Annual (for rows 28 to 31a)	Semi-Annually Semi-Annually
LR3	Split up of on balance sheet exposures (excluding deratives, SFTs and exempted exposures)	Annex XI	Point (b) of Article 451(1)	Semi-Annually
Liquidity requirements
LIQ1	Quantitative information of LCR	Annex XIII	Article 451a(2)	Quarterly
LIQ2	Net Stable Funding Ratio	Annex XIII	Article 451a(3)	Semi-Annually
	MREL-minimum requirement eligible liabilities
KM2	Key metrics - MREL	Annex V	Article 447 (h)	Quarterly
TLAC1	Composition - MREL	Annex V	Article 447 (h)	Semi-Annually
TLAC3b	Creditor ranking - resolution entity	Annex V		Semi-Annually
	Encumbered and unencumbered assets
AE1	Encumbered and unencumbered assets	Annex XXXV	Article 443	Annually
AE2	Collateral received and own debt securities issued	Annex XXXV	Article 443	Annually
AE3	Sources of encumbrance	Annex XXXV	Article 443	Annually
Operational risk
OR1	Operational risk own funds requirements and risk-weighted exposure amounts	Annex XXXI	Articles 446 and 454	Annually
Remuneration policy
REMA	Remuneration policy	Annex XXXIII	Point a-f, j and k of Article 450(1) , 450(2)	Annually
REM1 REM2	Remuneration awarded for the financial year Special payments to staff whose professional activities have a material impact on institutions' risk profile (identified staff)	Annex XXXIII Annex XXXIII	Point (h)(i)-(ii) of Article 450(1) Point (h)(v) to (vii) of Article 450(1)	Annually Annually

	Introduction

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

→ Appendix 3: DNB Risk and capital management / Pillar 3 additional disclosures

				31 December 2024
	Unless otherwise stated, figures in the templates are figures for DNB Group – regulatory consolidation	Annex	Article in CRR II	Updated
REM3	Deferred remuneration	Annex XXXIII	Point (h)(iii) and (iv) of Article 450(1)	Annually
REM4	Remuneration of 1 million EUR or more per year	Annex XXXIII	Point (i) of Article 450(1)	Annually
REM5	Information on remuneration of staff whose professional activities have a material impact on institutions' risk profile (identified staff)	Annex XXXIII	Point (g) of Article 450(1)	Annually
Sustainability risk
ESG qualitative	Qualitative information in accordance with Article 449a CCR	Annex XXXIX	Article 449a	Semi-Annually
ESG1	Banking book - Climate Change transition Risk: Credit Quality of exposures by sector, emissions and residual maturity	Annex XXXIX	Article 449a	Semi-Annually
ESG2	Banking book - Climate change transition risk: Loans collateralised by immovable property - Energy efficiency of the collateral	Annex XXXIX	Article 449a	Semi-Annually
ESG3	Banking book - Climate change transition risk: Alignment metrics	Annex XXXIX	Article 449a	Semi-Annually
ESG4	Banking book - Climate change transition risk: Exposures to top 20 carbon-intensive firms	Annex XXXIX	Article 449a	Semi-Annually
ESG5	Banking book - Climate change physical risk: Exposures subject to physical risk	Annex XXXIX	Article 449a	Semi-Annually
ESG6	Summary of GAR KPIs	Annex XXXIX	Article 449a	Semi-Annually
ESG7	Mitigating actions: Assets for the calculation of GAR	Annex XXXIX	Article 449a	Semi-Annually
ESG8	GAR (per cent)	Annex XXXIX	Article 449a	Semi-Annually
ESG10	Other climate change mitigating actions that are not covered in the EU Taxonomy	Annex XXXIX	Article 449a	Semi-Annually
	Interest rate risk in the banking book
IRRBB1	Interest rate risks of non-trading book activities	Annex XXXVII	Article 448 (1)	Semi-Annually
Additional information
CCA	Disclosure of main features of regulatory capital instruments as at 31 December 2024	Annex VII	Points (b) and (c) of Article 437	Quarterly
CCA footnotes	Disclosure of main features of regulatory capital instruments – footnotes			Quarterly
DNB Boligkreditt
	DNB Boligkreditt - Key metrics		Article 433a (2)	Quarterly
	DNB Boligkreditt - Credit Risk		Article 433a (2)	Semi-Annually

31 December 2024
------------------	--

	Unless otherwise stated, figures in the templates are figures for DNB Group – regulatory consolidation	Annex	Article in CRR II	Updated
	The following EU templates are not applicable for DNB as at 31 December 2024
CR2a	Changes in the stock of non-performing loans and advances and related net accumulated recoveries	Annex XV	The level of DNB's NPL-ratio is below 5%	Semi-Annually
CR7	IRB approach – Effect on the RWEAs of credit derivatives used as CRM techniques	Annex XXI	DNB has no credit derivatives as at 31 December 2024	Semi-Annually
CR9.1	IRB approach – Back-testing of PD per exposure class (only for PD estimates according to point (f) of Article 180(1) CRR)	Annex XXI	DNB does not apply article 180(1)	Annually
CR10	Specialised lending and equity exposures under the simple riskweighted approach	Annex XXIII
CQ2	Quality of forbearance	Annex XV	The level of DNB's NPL-ratio is below 5%	Semi-Annually
CQ6	Collateral valuation – loans and advances	Annex XV	The level of DNB's NPL-ratio is below 5%	Semi-Annually
CQ8	Collateral obtained by taking possession and execution processes – vintage breakdown	Annex XV	The level of DNB's NPL-ratio is below 5%	Semi-Annually
MR2-A	Market risk under the internal Model Approach (IMA)	Annex XXIX	DNB uses the standardised approach to market risk	Semi-Annually
MR2-B	REA flow statements of market risk exposures under the IMA	Annex XXIX	DNB uses the standardised approach to market risk	Quarterly
MR3	IMA values for trading portfolios	Annex XXIX	DNB uses the standardised approach to market risk	Semi-Annually
MR4	Comparison of VaR estimates with gains/losses	Annex XXIX	DNB uses the standardised approach to market risk	Semi-Annually
CCR6	Credit derivatives exposures	Annex XXV	DNB has no credit derivatives as at 31 December 2024	Semi-Annually
SEC2	Securitisation exposures in the trading book	Annex XXVII	DNB has no securitisation in the trading book as at 31 December 2024	Semi-Annually
SEC4	Securitisation exposures in the non-trading book and associated regulatory capital requirements – institution acting as investor	Annex XXVII	Not applicable as at 31 December 2024	Semi-Annually
SEC5	Exposures securitised by the institution – Exposures in default and specific credit risk adjustments	Annex XXVII	DNB has no securitisation positions in default as at 31 December 2024	Semi-Annually
TLAC2	Creditor ranking - Entity that is not a resolution entity	Annex V	Not applicable	Quarterly
ESG9	Mitigating actions: BTAR	Annex XXXIX	Voluntary – not reported as at 31 December 2024	Semi-Annually

3. Liquidity risk and asset and liability management

9. Appendix