Report on Corporate Governance and Ownership Structures

Approved by the Board of Directors on 27 February 2025

Intesa Sanpaolo S.p.A. Registered Office: Piazza San Carlo, 156 10121 Torino, Italy Secondary Registered Office: Via Monte di Pietà, 8 20121 Milano Italy Share Capital Euro 10,368,870,930.08 - Torino Company Register and Fiscal Code 00799960158 "Intesa Sanpaolo" VAT Group representative Vat Code No. 11991500015 (IT11991500015) Included in the National Register of Banks No. 5361 ABI Code 3069.2 Member of the National Interbank Deposit Guarantee Fund and of the National Guarantee Fund and Parent Company of the banking group "Intesa Sanpaolo" included in the National Register of Banking Groups

This is an English translation of the original Italian document. In cases of conflict between the English language document and the Italian document, the interpretation of the Italian language document prevails.

prevails.

Introduction	5	PART II CORPORATE GOVERNANCE
OVERVIEW	7	SYSTEM	49
		The Board of Directors	51
THE GOVERNANCE OF INTESA SANPAOLO	35	POWERS OF THE BOARD	51
Compliance with the Italian Corporate Governance Code	37	BOARD COMPOSITION - Composition and diversity - Qualitative and quantitative composition - Appointment mechanism - Term of office, replacement and removal	54
PART I		- Chair and Deputy Chair
OWNERSHIP STRUCTURE		- Managing Director
AND INVESTOR RELATIONS	39	SUITABILITY REQUIREMENTS	60
Information on ownership structure	41	- Independence requirements: Independent Directors
SHARE CAPITAL	41	- Management and control positions of Directors and time commitment
- Securities traded on non-European markets - Own Shares		- Board induction
SHAREHOLDER BASE - Main Shareholders	42	CONFLICTS OF INTEREST - Introduction	64
- Shareholders' Agreements		- Interests of Directors - Transactions with related parties and associated entities and obligations of bank board members and general managers
Policy for the management of dialogue
with investors Relations with shareholders, the financial community and stakeholders –	44	SELF-ASSESSMENT OF THE BOARD PURSUANT TO THE SUPERVISORY PROVISIONS AND THE ITALIAN CORPORATE GOVERNANCE CODE	65
The website	45	FUNCTIONING OF THE BOARD	66
The Shareholders' Meeting: procedures and		- Calling of meetings
shareholders' rights	46	- Reports to Directors
- Intesa Sanpaolo Shareholders' Meeting		- Conduct of meetings and the decision-making process
- Calling meetings and procedure at meetings - Additions to the agenda and submission of		- Frequency of meetings and Director attendance
new proposed resolutions - Right to ask questions prior to Shareholders'		- Corporate Bodies and Corporate Affairs
Meeting - Participation and representation - The Designated Representative - Voting rights - Challenges against shareholder meeting resolutions - Right of withdrawal		THE MANAGEMENT CONTROL COMMITTEE - Duties and powers - Composition and appointment - Term of office, replacement and removal - Suitability requirements - Functioning of the Committee	71
		- The Committee's self-assessment

BOARD COMMITTEES: COMPOSITION AND OPERATION 77 - Nomination Committee - Remuneration Committee - Risks and Sustainability Committee - Committee for Transactions with Related Parties INFORMATION FLOWS BETWEEN AND TO CORPORATE BODIES 85 PROCESSING OF CORPORATE INFORMATION 85 - Inside information and Insiders List - Internal Dealing Remuneration 86 Operating Structure 88 - Divisions, Governance Areas and Head Office Structures reporting directly to the Managing Director and CEO - Group Managerial Committees Diversity and inclusion policy 91 PART III CONTROL AND RISK MANAGEMENT SYSTEM 93 MAIN CHARACTERISTICS 95 THE ROLE OF THE CORPORATE BODIES 97 THE ROLE OF THE MANAGERIAL COMMITTEES 98 CORPORATE CONTROL FUNCTIONS 100 - The Chief Audit Officer - The Chief Risk Officer - The Chief Compliance Officer THE MANAGER RESPONSIBLE FOR PREPARING THE COMPANY'S FINANCIAL REPORTS AND THE MONITORING OF THE FINANCIAL REPORTING PROCESS 103 LEGAL AFFAIRS – GROUP GENERAL COUNSEL 104 THE SURVEILLANCE BODY AND THE ORGANISATIONAL, MANAGEMENT AND CONTROL MODEL PURSUANT TO LEGISLATIVE DECREE 231/2001 105

INDEPENDENT AUDITING 106

PART IV SUMMARY TABLES 109

Table no. 1: Composition of the Board of Directors and Committees

Table no. 2: Lists of other management and control offices of Board Directors in other companies and entities

APPENDIX 117

Table no. 1: "Check List" Table no. 2: "Art. 123-bis – Report on corporate governance and ownership structures"

Glossary 135

Introduction

BOARD COMMITTEES:

Internal Dealing

Director and CEO

PART III

Group Managerial Committees

CONTROL AND RISK

The Chief Audit Officer - The Chief Risk Officer

LEGAL AFFAIRS

The Chief Compliance Officer

THE SURVEILLANCE BODY AND

CONTROL MODEL PURSUANT TO

THE ORGANISATIONAL, MANAGEMENT AND

THE MANAGER RESPONSIBLE FOR PREPARING THE COMPANY'S FINANCIAL REPORTS AND THE MONITORING OF THE FINANCIAL REPORTING PROCESS 103

Nomination Committee - Remuneration Committee
Risks and Sustainability Committee

INFORMATION FLOWS BETWEEN AND

Inside information and Insiders List

COMPOSITION AND OPERATION 77

PART IV

SUMMARY TABLES 109

APPENDIX 117

Glossary 135

Table no. 2: "Art. 123-bis – Report on corporate

governance and ownership structures"

Table no. 1: Composition of the Board of

Table no. 2: Lists of other management and control offices of Board Directors in other

Directors and Committees

companies and entities

Table no. 1: "Check List"

Committee for Transactions with Related Parties

TO CORPORATE BODIES 85

PROCESSING OF CORPORATE INFORMATION 85

Remuneration 86

Operating Structure 88 - Divisions, Governance Areas and Head Office Structures reporting directly to the Managing

Diversity and inclusion policy 91

MANAGEMENT SYSTEM 93

MAIN CHARACTERISTICS 95

THE ROLE OF THE CORPORATE BODIES 97

THE ROLE OF THE MANAGERIAL COMMITTEES 98

CORPORATE CONTROL FUNCTIONS 100

– GROUP GENERAL COUNSEL 104

LEGISLATIVE DECREE 231/2001 105

INDEPENDENT AUDITING 106

Our Report, available in the "Governance" section of the Company's website, as well as in the authorised storage mechanism eMarket Storage, intends to provide to the market, in accordance with Article 123 bis of the Consolidated Law on Finance, annual and detailed information on ownership structures, compliance with the Italian Corporate Governance Code, the Corporate Bodies' structure and operation as well as the corporate governance practices implemented.

The Report also fulfils the disclosure obligations laid down for banks by the Supervisory Provisions on corporate governance.

The Report outlines the aspects of compliance with the Principles and Recommendations of the Code, which set out the good governance objectives and the actions considered appropriate to achieve them.

Information on the provisions of the Code concerning remuneration is mainly contained in the Report on Remuneration.

For the reader's convenience, margin notes are provided alongside the text with the relevant Principles and Recommendations of the Code, together with the requirements of paragraph 1 (ownership structures) and paragraph 2 (corporate governance) of Article 123-bis.

Next to the paragraphs are links to pages on the Company's website where the documents and information referred to in the text are published.

The Appendix to this document contains two checklists listing, respectively, the Principles and Recommendations of the Code and the provisions of Article 123-bis. Both checklists refer to the page(s) of the Report in which the matter is discussed, acknowledging that those principles and recommendations have been applied.

The checklists should be read together with the clarifications and the detailed information in the text of the Report on the effective implementation of the individual provisions.

Lastly, the Glossary provides the definitions of the terms and abbreviations used in the text.

Information contained in this Report, unless otherwise stated, refers to the position as at 27 February 2025, the date on which the Report was approved by the Board of Directors.

The Report has been audited for consistency by the independent auditors Ernst & Young, in accordance with the aforementioned Article 123-bis. Their findings are published in the Independent Auditors' Reports, prepared in accordance with Article 14 of Italian Legislative Decree No. 39/2010, and annexed to the Parent Company's and consolidated financial statements.

Overview

to the Parent Company's and consolidated financial statements.

Intesa Sanpaolo is a bank listed on Euronext Milan, a regulated market managed by Borsa Italiana. The Company's purpose is to take deposits and carry out all forms of lending activities, both directly and through its subsidiaries, together with any other transactions supporting or related to the achievement of its corporate purpose.

Governance Model and Corporate Bodies

Intesa Sanpaolo has adopted the "one-tier" management and control model, whereby management and control duties are performed, respectively, by the Board of Directors and the Management Control Committee set up within it, both appointed by the Shareholders' Meeting.

Shareholders' Meeting

The Shareholders' Meeting expresses the corporate will, in ordinary and extraordinary sessions, on the matters assigned to it by the law or by the Articles of Association. It approves the financial statements, appoints the members of the Board of Directors and of the Management Control Committee and the related Chairs, as well as one or more Board Deputy Chairs; it appoints the independent auditors.

Board of Directors		Management Control Committee
	The Board – consisting of 19 members, 14 of whom are independent – performs guidance and strategic supervision duties and resolves on the most significant transactions. The Board appoints, from among its members, the Managing Director, who oversees the management of the company and the implementation of the Board's resolutions. It also appoints the members of the Board Committees.	The Committee – consisting of 5 Members, all independent – exercises the powers and functions assigned by the applicable legislation to the control body and to the internal control and audit committee, pursuant to Legislative Decree No. 39/2010.

	Gian Maria Gros-Pietro (C)	Alberto Maria Pisani (C)
	■ Paolo Andrea Colombo (DC) Carlo Messina (CEO) Franco Ceruti Anna Gatti ■ Liana Logiurato ■ Maria Mazzarella ■ Luciano Nebbia Bruno Maria Parigi ■ Bruno Picca ■ Livia Pomodoro Maria Alessandra Stefanelli ■ Paola Tagliavini ■ Daniele Zamboni ■ ■ Alberto Maria Pisani Roberto Franchini ■ * Fabrizio Mosca ■ Milena Teresa Motta ■ Maria Cristina Zoppo ■ ■ = independent	Roberto Franchini Fabrizio Mosca Milena Teresa Motta Maria Cristina Zoppo

* = elected from the minority slate

Board Committees

In carrying out its functions, the Board is supported by special Board Committees set up within it, with proposal-making, advisory and inquiry duties, each acting within its remit.

* Directors elected from the minority slate

Governance Highlights

Intesa Sanpaolo's one-tier governance model presents distinctive characteristics and significant advantages, summarised below, which are set out in detail both in this Overview and in the Report.

▪ Availability of time and commitment to their role by Directors

Board Committees

In carrying out its functions, the Board is supported by special Board Committees set up within it, with

Remuneration Committee Paolo Andrea Colombo

Nomination Committee Livia Pomodoro (C) Independent

Committee Paola Tagliavini (C) Independent

Paolo Andrea Colombo Gian Maria Gros-Pietro Maria Mazzarella * Bruno Picca

Franco Ceruti Anna Gatti * Liana Logiurato Luciano Nebbia

Franco Ceruti Bruno Maria Parigi Bruno Picca Daniele Zamboni *

Liana Logiurato Maria Mazzarella *

Paola Tagliavini

Maria Alessandra Stefanelli

(C) Independent

Daniele Zamboni (C) * Independent

Independent

Independent Independent

Independent

Independent Independent Independent Independent

proposal-making, advisory and inquiry duties, each acting within its remit.

It performs inquiry and advisory duties on the appointment and composition of the Board and on the appointment of the bodies of the

It proposes, advises and inquires on compensation and on remuneration and

It proposes, advises and inquires on risk governance and the organisation and operation of the internal control system. It also provides support on sustainability issues

Committee for Transactions with Related Parties

It performs the tasks and duties assigned to it by the RPT Procedures, in accordance with the provisions laid down by the Consob Regulation on related parties and the Bank of

Risks and Sustainability

main subsidiaries.

incentive systems.

(ESG).

Italy regulations.

* Directors elected from the minority slate

Decision-making process

Sole discretion of the Board in key decisions
Challenge role of the Board vis-à-vis the Managing Director and the Key Managers
Structured analysis of proposals by the Board Committees
Immediate circulation of information between the Bodies
Important role of the Chair in encouraging effective debate within the Board
System of adequate and timely information flows, within the Bodies and between the Bodies and the corporate functions

Supervision and control

More direct relationship between the Board, which decides and monitors the strategic guidelines, and the Managing Director, who proposes and implements them
Enhancement of the effectiveness of the control function, centralised in the Management Control Committee established within the Board
Proactive role of the Management Control Committee
Increasing interaction between the Management Control Committee and the Risks and Sustainability Committee for the areas where this is required by the applicable legislation

Board of Directors, Management Control Committee and Board Committees

	Board of Directors	Management Control Committee
Appointment		29 April 2022
Term of office		Three financial years (2022-2024)
Expiry	Date of the Shareholders' Meeting for approval of the financial statements as at 31/12/2024
Members	19	5
Directors elected by the minority	5 (26%)	2 (40%)
Directors, less-represented gender	8 (42%)	2 (40%)
Executive Directors	1	-
Independent Directors	14 (74%)	5 (100%)
Average age of Directors	66	63
Average age of Independent Directors	64	63
Chair's status	Non-executive	Non-executive Independent

Board of Directors' breakdown

the previous two-tier governance model

Skills and expertise within the Board of Directors

Without prejudice to the general expertise required for all areas envisaged by the applicable legislation, the information provided refers to the skills declared by the individual Directors at the time they accepted the nomination. The indicated skills and expertise were subsequently strengthened and expanded through training programmes, the intensive induction plan for Board members (described in Part II of the Report) as well as in-depth discussions also during the meetings of the Corporate Bodies.

Board induction

Board of Directors, Management Control Committee and Board Committees

Appointment 29 April 2022

Term of office Three financial years (2022-2024)

Members 19 5 Directors elected by the minority 5 (26%) 2 (40%) Directors, less-represented gender 8 (42%) 2 (40%) Executive Directors 1 - Independent Directors 14 (74%) 5 (100%) Average age of Directors 66 63 Average age of Independent Directors 64 63

Expiry Date of the Shareholders' Meeting for approval

Chair's status Non-executive Non-executive

Gender

Women Men

Board of Directors' breakdown

Age range

average age 66

45/55 56/65 > 65

9 (47%)

2 (11%)

8 (42%)

11 (58%)

Board of Directors

of the financial statements as at 31/12/2024

8 (42%)

11 (58%)

Management Control Committee

Independent

Tenure*

*also takes into account the offices held in the Supervisory Board and in the

6 years

0 - 3 years 4 - 6 years

Management Board within the framework of the previous two-tier governance model

3 (16%)

5 (26%)

(**) Induction of 26/2/2025

Thematic areas examined in the Board of Directors' meetings in 2024

Thematic areas examined in the Management Control Committee's meetings in 2024

Thematic areas examined in the Risks and Sustainability Committee's meetings in 2024

(*) The support that the Committee provides to the Board in exercising its strategic supervision functions on sustainability, as well as in setting and monitoring climate and environmental risk objectives, is cross-sectoral and also covers the areas of "Governance and Risk Management", "Business Model and Strategic Guidelines" and "Most Significant Transactions".

Board of Directors' meetings in 2024

Thematic areas examined in the Board of Directors' meetings in 2024

Relations with Supervisory Authorities

Governance, Staff and Organisation, Remuneration

Activities carried out within the scope of Group management and coordination and other controls

Corporate governance and organisational structure

Monitoring relations with Supervisory Authorities

Regulatory compliance and principles of proper management

Accounting system, auditing and financial reporting

Internal control system, anti-money laundering regulations and adequacy of the organisational structure

IT Systems, Risk Management and Business Continuity

Financial Statements, CNFS, ICAAP, Budget, Business Plan

Thematic areas examined in the Management Control Committee's meetings in 2024

Other

Shareholdings

Risks and Controls, RAF

Loans and Finance

10%

12%

15%

17%

19%

23%

40%

41%

24%

Thematic areas examined in the Risks and Sustainability Committee's meetings in 2024

Internal control system

13%

19%

and Risk Management", "Business Model and Strategic Guidelines" and "Most Significant Transactions".

US Risk Committee

ESG matters (*)

IT systems and business continuity

Business model and strategic guidelines

Governance and risk management

Most Significant Transactions

	1Q → 14			2Q → 8			3Q → 8			4Q → 11

Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
						Number of monthly meetings
■ ■ ■ ■ ■ ■	■ ■ ■ ■	■ ■ ■ ■	■ ■ ■ ■ ■	■ ■	■	■ ■ ■ ■ ■	-	■ ■ ■	■ ■ ■ ■ ■	■ ■ ■	■ ■ ■
Total											41
Average length (h) 3h 50'
Attendance rate 100%
Meetings scheduled for 2025* 18

(*) until 29 April, the date of the Shareholders' Meeting to appoint the new Committee

Board Committees

Committee	Members	Female members	Independent members	Members elected by the minority	Number of meetings in 2024	Meetings' average length (h)
Nomination Committee	5	2*	3*	1	9	37'
Remuneration Committee	5	2	3*	1	16	1h 20'
Risks and Sustainability Committee	5	1*	3*	1	47	4h 40'
Committee for Transactions with Related Parties	5	4	5*	2*	14	1h 10'

(*) including the Chair

Board Evaluation

Performance	Self-assessment Regulations	External consultant
Yes, the self-assessment is conducted annually by both the Board and the Management Control Committee (for details, see the chapters on the two Bodies)	Yes	Yes, professional assistance of Crisci & Partners, independent consulting company and expert on corporate governance practices

A diagram is provided below summarising the Board's self-assessment process, the findings in terms of adequacy and progress made, as well as some practices that should be developed further

Information collection

Gathering of information on the qualitative-quantitative composition and functioning of the Body. According to the aspects considered, this stage involves the gathering of information already available to the Bank, as well as the use of questionnaires and individual interviews

Data processing

Analysis and consolidation of the information gathered, while ensuring the anonymity of the Directors

Nomination Committee review

Presentation of the findings from the data processing and their collective sharing

रम्

Formalisation of the results

Preparation of the Document "Results of the Board of Directors' Self-assessment", which summarises the methodologies adopted and the results achieved

BoD review

Presentation of the Document to the BoD assessing the adequacy of the size, composition and operations of the Board and of the Committees, taking into account the findings gathered

Main results of the self-assessment: adequacy and best practices

Size and composition

Board Evaluation

Yes, the self-assessment is conducted annually by both the Board and the Management Control Committee (for details,

see the chapters on the two Bodies)

Information collection

individual interviews

Data processing

the Directors

Nomination Committee review

sharing

BoD review

the findings gathered

Performance Self-assessment

Yes

A diagram is provided below summarising the Board's self-assessment process, the findings in terms of adequacy and progress made, as well as some practices that should be developed further

Analysis and consolidation of the information gathered, while ensuring the anonymity of

Preparation of the Document "Results of the Board of Directors' Self-assessment",

which summarises the methodologies adopted and the results achieved

Presentation of the Document to the BoD assessing the adequacy of the size, composition and operations of the Board and of the Committees, taking into account

Presentation of the findings from the data processing and their collective

Formalisation of the results

Regulations External consultant

Yes, professional assistance of Crisci & Partners, independent consulting company and expert on corporate governance practices

The Board's composition, in terms of both size and quality, is fully and completely appropriate given the Bank's complexity and structure.
The composition of the Committees is confirmed to be effective, thanks to the balanced mix of its members' skills and to the significant contribution made in analysis and preliminary assessment activities to the benefit of the Board's work.
High regard is expressed for the Chair, who is unanimously acknowledged as having great experience and authority in conducting Board meetings, stimulating debate and encouraging the involvement of all Directors in the management of decision-making processes, ensuring proper governance of the Bank with an ever balanced and effective style and approach.
Unanimous and renewed appreciation of the Managing Director and CEO for his standing, authority, professional qualities, strategic and forward-thinking vision, firm guidance, commitment and concrete achievements, ability to listen and involve, transparency and proactivity when communicating with the Board.

Induction Plans

▪ Extremely positive assessments of the Induction activity carried out in 2024, on account of the number and, above all, the scope, depth and relevance of the topics covered. Some sessions with external speakers were also particularly appreciated, contributing to the continuous improvement of the Board members' knowledge and understanding of the various topics.

Functioning of the Board and its activities

A unanimous assessment of complete adequacy on the Board's functioning, across all the factors analysed, considered to have overall further improved on the optimal level already achieved in the previous year.
The timeliness in providing documentation for the meetings was assessed very positively.
Highly positive assessment of the structure, adequacy and continuity of information flows and data flows, as well as the efficiency and effectiveness of decision-making processes, data analysis and reporting by the Committees and Board resolutions.
Unanimous satisfaction with the involvement of the Board members and their challenge role vis-à-vis the management.

Organisation of the meetings

Assessment of full adequacy of the conduct of Board meetings, with particular appreciation for the frequency and duration of meetings, and the efficiency in distributing documentation and information.
Extremely positive assessments of the Board members' preparation for Board meetings, together with their commitment, participation and contribution to the discussion and decision-making.
Assessment of full adequacy of the Committees' opinions in terms of timeliness, depth of analysis, completeness of judgment offered and manner of presentation.
Assessment of complete adequacy of the time devoted and attention paid by the Board to the different thematic areas of relevance to the Bank, including ESG and sustainability issues and technological and digital innovation.

Main practices that could be developed further

In view of the forthcoming renewal of the Corporate Bodies, it will be necessary to design an accurate and wide-ranging on-boarding programme, also for the individual Committees, for the next term of office, as was done for the previous ones. This programme is aimed at accelerating the acquisition of specific know-how on the Bank's organisation and governance, the current Business Plan and the business, and at developing positive relations, harmonisation of "soft skills" and cooperation among Board members.

Remuneration

The following table shows the remuneration of the members of the Corporate Bodies for financial years 2022/2023/2024, as approved by the Shareholders' Meeting of 29 April 2022 and by the Board of Directors at its meeting of 24 May 2022, pursuant to the Articles of Association and in line with the Remuneration Policies approved by the same Shareholders' Meeting; reimbursement of expenses incurred due to their office remains in place.

Role	Gross annual remuneration (euro)	Attendance fee (euro)
Board Member who is not also a member of the Management Control Committee	120,000	/
Chair of the Board of Directors (additional remuneration)	800,000	/
Deputy Chair of the Board of Directors (additional remuneration)	150,000	/
Board Member who is also a member of the Management Control Committee	260,000	/
Chair of the Management Control Committee (additional remuneration)	65,000	/
Managing Director (additional remuneration) (*)	500,000	/
Members of Committees appointed by the Board	/	2,500
Chairs of Committees appointed by the Board	60,000	/

(*) Consistent with the criteria defined by the Group's remuneration and incentive policies, the Managing Director, in his/her capacity as General Manager, is also entitled to receive the remuneration established by the Board, upon the proposal of the Remuneration Committee, which is reported in the Remuneration Report, to which we refer for further details.

Control and risk management system

The internal control system is built around a set of rules, functions, structures, resources, processes and procedures aimed at ensuring, in compliance with sound and prudent management, the achievement of the following objectives

Remuneration

remuneration)

(*)

Board

further details.

(additional remuneration)

incurred due to their office remains in place.

the Management Control Committee

Board Member who is not also a member of

Chair of the Board of Directors (additional

Board Member who is also a member of the

Chair of the Management Control Committee

Managing Director (additional remuneration)

Members of Committees appointed by the

Chairs of Committees appointed by the

Deputy Chair of the Board of Directors

Management Control Committee

Role Gross annual

remuneration (euro)

120,000 /

800,000 /

150,000 /

260,000 /

65,000 /

500,000 /

60,000 /

/ 2,500

Attendance fee (euro)

verification of the implementation of Company strategies and policies

containment of risks within the limits indicated by the Bank (Risk Appetite Framework)

safeguarding of asset value and protection from losses

effectiveness and efficiency of the Company processes

reliability and security of Company information and IT procedures

prevention of the risk that the Bank may be involved, including involuntarily, in illegal activities

compliance of business operations with the law and supervisory regulations, as well as internal policies, procedures and regulations

The Corporate Bodies ensure the completeness, adequacy, functionality and reliability of the internal control system at Group level, in compliance with the Supervisory Provisions on the control system and with the Supervisory Provisions on corporate governance.

The Surveillance Body – composed of parties external to the Bank and vested with independent initiative and control powers – supervises the operation and effectiveness of and compliance with the Model 231 adopted by the Bank, pursuant to Italian Legislative Decree 231/2001 on the administrative liability of entities, and supports the competent Bodies when implementing or amending the Model.

The internal control system is based on three levels:

Level I

Where possible, these controls are embedded in the IT procedures. This level consists of line controls designed to ensure the proper conduct of the operations. They may be carried out directly by the Operating and Business Structures (so-called "Level I functions"), including through units dedicated solely to control duties, or implemented in the back office.

Level II

This level consists of risk and compliance controls to ensure, inter alia, the correct implementation of the risk management process; observance of the operating limits assigned to the various functions; compliance of company operations with the rules, including selfgovernance rules. These controls are overseen by the Chief Compliance Officer Governance Area, to which the Anti Financial Crime Head Office Department also reports, and by the Chief Risk Officer Governance Area, to which the Internal Validation and Controls Coordination Area reports; these Structures (so-called "Level II control functions") are separate from the operating structures and from internal audit.

Level III

This level consists of internal audit controls – assigned to the Chief Audit Officer – to identify breaches of procedures and regulations, and to assess periodically the completeness, adequacy, functionality (in terms of efficiency and effectiveness) and reliability of the internal control system and information system at Group level.

The main activities under level III and II controls are described below:

Chief Audit Officer

Ensuring ongoing independent monitoring of the regular performance of the Bank and Group operations and processes, evaluating the functionality of the internal control system
Providing advice to the Group's corporate functions
Ensuring supervision of the subsidiaries' internal control system
Supporting corporate governance and ensuring that the Corporate Bodies and the competent Supervisory Authorities (ECB, Bank of Italy, Consob, etc.) promptly and systematically receive information on the control system

Chief Compliance Officer	Chief Risk Officer
• Ensuring monitoring of Group regulatory compliance risk	• Governing the process of RAF definition, approval, control and
• Defining guidelines and policies on Group regulatory compliance	implementation
• Coordinating the implementation of guidelines and policies on	• Assisting the Corporate Bodies in defining risk management
regulatory compliance	guidelines and policies
• Collaborating with the other corporate control functions to	• Coordinating the implementation of risk management guidelines
achieve effective integration of the risk management process	and policies by the Group units
• Managing relations with the Corporate Bodies and Supervisory	• Ensuring the measurement and control of Group exposure to the
Authorities on compliance issues	various types of risk
	• Ensuring the monitoring of credit quality • Validating internal risk measurement systems

The Corporate control functions also coordinate their work by participating in a dedicated Managerial Committee. The internal control and risk management system, as well as the roles of the Corporate Bodies and Structures involved, are described in detail in Part III of the Report.

Share capital and shareholder base

Level I

The internal control system is based on three levels:

The main activities under level III and II controls are described below:

Italy, Consob, etc.) promptly and systematically receive information on the control system

Bodies and Structures involved, are described in detail in Part III of the Report.

Level II

Level III

Chief Audit Officer • Ensuring ongoing independent monitoring of the regular performance of the Bank and Group operations and processes, evaluating

• Supporting corporate governance and ensuring that the Corporate Bodies and the competent Supervisory Authorities (ECB, Bank of

Chief Compliance Officer Chief Risk Officer

The Corporate control functions also coordinate their work by participating in a dedicated Managerial Committee. The internal control and risk management system, as well as the roles of the Corporate

implementation

guidelines and policies

various types of risk

and policies by the Group units

• Ensuring the monitoring of credit quality • Validating internal risk measurement systems

• Governing the process of RAF definition, approval, control and

• Assisting the Corporate Bodies in defining risk management

• Coordinating the implementation of risk management guidelines

• Ensuring the measurement and control of Group exposure to the

the functionality of the internal control system • Providing advice to the Group's corporate functions

• Ensuring supervision of the subsidiaries' internal control system

• Ensuring monitoring of Group regulatory compliance risk • Defining guidelines and policies on Group regulatory compliance • Coordinating the implementation of guidelines and policies on

• Collaborating with the other corporate control functions to achieve effective integration of the risk management process • Managing relations with the Corporate Bodies and Supervisory

regulatory compliance

Authorities on compliance issues

Intesa Sanpaolo's share capital amounts to 10,368,870,930.08 euro, divided into 17,803,670,501 ordinary shares without nominal value as set out below:

	No. of shares	% share capital	Listing	Rights
Ordinary shares	17,803,670,501	100%	Euronext Milan	Right to attend and vote at Ordinary and Extraordinary Shareholders' Meetings (each share carries one voting right)
Other information				YES	NO
Restrictions on voting rights x
Increased voting rights ("voto maggiorato") x
Securities granting special rights x
Limitations on share ownership			x
Restrictions on share transfers					x
Employee share ownership					x
Shareholders' agreements				x(*)
	Minimum shareholding for submission of slates			0.5%

(*) Shareholders' consultation and voting agreement concerning the submission, at the Shareholders' Meeting to be held on 29 April 2025, of a joint slate for the appointment of the Board and the Management Control Committee (see Part I of the Report)

According to the entries in the Shareholders' Register and other available information concerning the dividends paid, the approximate number of Intesa Sanpaolo shareholders is 354,000; the chart below shows the trend in their number:

(1 ) This figure refers to an estimate based on the mass survey of the Intesa Sanpaolo shareholder base available (May 2019), plus the evidence from the subscriptions to the Public Purchase and Exchange Offer on UBI Banca shares

( 2 ) This figure refers to the coupon presentation date of the distribution of part of the extraordinary reserve for the 2020 results, approved by the Ordinary Shareholders' Meeting held on 14 October 2021

( 3 ) This figure refers to the coupon presentation date for the distribution of dividends and of part of the Share premium reserve approved by the Ordinary Shareholders' Meeting held on 29 April 2022

( 4 ) This figure refers to the coupon presentation date for the distribution of dividends approved by the Ordinary Shareholders' Meeting held on 28 April 2023

( 5 ) This figure refers to the coupon presentation date for the distribution of dividends approved by the Ordinary Shareholders' Meeting held on 24 April 2024

The list of the main shareholders is provided in Part I of the Report.

The following chart shows the ownership structure by geographical area, type of shareholders and size of shareholding, on the basis of the names of the recipients of the distribution to shareholders of dividends, provided by the intermediaries (coupon presentation date 20 May 2024).

Ownership structure by geographical area

Ownership structure by type of shareholders

Ownership structure by size of shareholding

Size of shareholding	Number of shareholders	Number of shares	Share capital stake (%)
1 - 10,000	296,491	719,227,901	3.93%
10,001 - 100,000	49,716	1,391,525,834	7.61%
100,001 - 500,000	5,268	1,048,992,860	5.74%
500,001 - 1,000,000	936	585,835,615	3.20%
1,000,001 - 5,000,000	1,154	2,021,183,639	11.06%
> 5,000,000	542	12,399,202,345	67.82%

Shareholders' Meeting

42.62%

Italy

Continental Europe

USA and Canada

UK and Ireland

Rest of the world

Individual reports not available

dividends, provided by the intermediaries (coupon presentation date 20 May 2024).

5.14% 0.64%

Ownership structure by geographical area

Ownership structure by type of shareholders

28.67%

13.61%

9.33%

7.06%

Ownership structure by size of shareholding

19.86%

15.76%

Size of shareholding Number of

shareholders Number of shares Share capital stake

investors Former banking foundations Retail shareholders

investors

available

Own shares

Italian institutional

Individual reports not

Other Italian investors

56.44%

0.64% 0.14% 0.10% Foreign institutional

1 - 10,000 296,491 719,227,901 3.93% 10,001 - 100,000 49,716 1,391,525,834 7.61% 100,001 - 500,000 5,268 1,048,992,860 5.74% 500,001 - 1,000,000 936 585,835,615 3.20% 1,000,001 - 5,000,000 1,154 2,021,183,639 11.06% > 5,000,000 542 12,399,202,345 67.82%

(%)

The Shareholders' Meeting is the final step on a path of information, dialogue and discussion with Intesa Sanpaolo's shareholders, enabling them to cast an informed vote, in the manner and on the topics reserved for it by law and by the Articles of Association.

The Shareholders' Meeting is called by notice published on the Company's website at least thirty days prior to the meeting date, and, in extract, in daily newspapers.

If the Shareholders' Meeting is called to appoint Board members, the notice must be published by an earlier deadline of forty days prior to the meeting date.

Shareholders' majorities

At Intesa Sanpaolo, the quorum required for the validity of the Shareholders' Meetings and of its resolutions – both in ordinary and extraordinary session – is that determined by applicable regulations. The quorum required for Shareholders' Meetings is the proportion of share capital that must be represented in order for the Meeting to be declared valid. Voting majorities refer to the proportion of share capital required for the shareholders' resolutions to be approved.

The Shareholders' Meeting is usually held in single call, with the application of the following quorums: Ordinary Shareholders' Meeting Single call

Meeting quorum	The proportion of share capital represented by the entitled parties attending
Voting majority (*)	Absolute majority of the share capital represented at the Shareholders' Meeting

(*) Pursuant to the Supervisory Provisions on remuneration, the Board's proposal regarding the setting of a limit higher than 100% (1:1 ratio) for the ratio between the variable and the fixed component of the individual remuneration of key personnel is approved by the ordinary Shareholders' Meeting when: (i) the Meeting is held with at least half of the share capital and the resolution is taken with the favourable vote of at least 2/3 of the share capital represented at the Meeting; or (ii) the resolution is passed with a favourable vote of at least 3/4 of the share capital represented at the Meeting, regardless of the quorum with which it was constituted.

The foregoing is without prejudice to the provisions of the Articles of Association for the election of the Board and the Management Control Committee; on this point, reference is made to the detailed description contained in Part II of the Report.

Extraordinary Shareholders' Meeting	Single call

Meeting quorum	Any number of entitled parties representing at least one-fifth of the share capital
Voting majority	At least two-third majority of the share capital represented at the Shareholders' Meeting

Share capital attendance at the Shareholders' Meeting in the last five years

During financial year 2024, the Shareholders' Meeting was held on 24 April in ordinary and extraordinary session and lasted 40 minutes. All the proposed resolutions were approved; below are the items on the agenda with the respective percentages of votes in favour.

The Shareholders' Meeting can be Ordinary or Extraordinary:

The Ordinary Shareholders' Meeting, whose duties include approving the financial statements, must be called at least once a year, no later than one hundred and eighty days after the end of the financial year.
The Extraordinary Shareholders' Meeting is called to approve amendments to the Articles of Association (without prejudice to the Board's power to align the Articles of Association with the law), merger and demerger transactions in the cases provided for by law, and on any other matter within its purview pursuant to the law.

	Shareholders' Meeting of 24 April	% votes in favour
	Annual report 2023 ➢ a) Approval of the Parent Company's 2023 financial statements ➢ b) Allocation of net income for the year and distribution of dividend and part of the Share premium reserve to shareholders	99.88% 99.84%
Ordinary Part	Remuneration ➢ a) Report on remuneration policy and compensation paid: Section I - Remuneration and incentive policies of the Intesa Sanpaolo Group for 2024 ➢ b) Report on remuneration policy and compensation paid: non-binding resolution on Section II – Disclosure on compensation paid in the financial year 2023 ➢ c) Approval of the 2024 Annual Incentive Plan based on financial instruments	88.63% 93.02% 97.96%
	Own shares ➢ a) Authorisation to purchase own shares for annulment with no reduction of the share capital ➢ b) Authorisation to purchase and dispose of own shares to serve the Incentive Plans of the Intesa Sanpaolo Group ➢ c) Authorisation to purchase and dispose of own shares for trading purposes	99.76% 99.14% 99.62%
Extraordinary Part	Annulment of own shares with no reduction of the share capital and consequent amendment to Article 5 (Share Capital) of the Articles of Association	99.34%

The full text of the resolutions adopted is contained in the minutes published on the Bank's website ("Governance" / "Shareholders' Meeting"), where the reports of the Meeting and related documentation are also published, along with the Summary report of the respective votes.

The next Shareholders' Meeting will be held on 29 April 2025.

For the 2024 Shareholders' Meeting, Intesa Sanpaolo exercised the right, granted by Italian law to listed companies, to provide that those entitled to participate and vote in Shareholders' Meetings could do so exclusively through the Designated Representative pursuant to Article 135 undecies of the Consolidated Law on Finance. At the Turin headquarters, where the Shareholders' Meeting was convened, the Chair, some Directors, the Designated Representative (Computershare S.p.A.) and the Secretary (Notary) were present in person; other Board Directors participated remotely.

This participation method – suitably communicated in the notice of call of the Shareholders' Meeting – improved the flexibility and efficiency of the Shareholders' Meeting process, with clear benefits for the Company and the shareholders, enhancing the pre-meeting dialogue process with a view to giving the shareholders full reporting transparency and equal access to the information needed to make informed voting decisions.

Annual report 2023

Remuneration

Own shares

capital

the Intesa Sanpaolo Group

premium reserve to shareholders

Ordinary

Extraordinary

Part

Shareholders' Meeting of 24 April % votes in

Extraordinary:

year.

➢ b) Allocation of net income for the year and distribution of dividend and part of the Share

➢ a) Report on remuneration policy and compensation paid: Section I - Remuneration

➢ b) Report on remuneration policy and compensation paid: non-binding resolution on

➢ a) Authorisation to purchase own shares for annulment with no reduction of the share

➢ b) Authorisation to purchase and dispose of own shares to serve the Incentive Plans of

Annulment of own shares with no reduction of the share capital and consequent

amendment to Article 5 (Share Capital) of the Articles of Association 99.34%

➢ a) Approval of the Parent Company's 2023 financial statements

and incentive policies of the Intesa Sanpaolo Group for 2024

Section II – Disclosure on compensation paid in the financial year 2023 ➢ c) Approval of the 2024 Annual Incentive Plan based on financial instruments

➢ c) Authorisation to purchase and dispose of own shares for trading purposes

are also published, along with the Summary report of the respective votes.

The next Shareholders' Meeting will be held on 29 April 2025.

favour

The Shareholders' Meeting can be Ordinary or

• The Ordinary Shareholders' Meeting, whose duties include approving the financial statements, must be called at least once a year, no later than one hundred and eighty days after the end of the financial

• The Extraordinary Shareholders' Meeting is called to approve amendments to the Articles of Association (without prejudice to the Board's power to align the Articles of Association with the law), merger and demerger transactions in the cases provided for by law, and on any other matter within

its purview pursuant to the law.

99.88% 99.84%

88.63%

93.02%

97.96%

99.76%

99.14%

99.62%

Intesa Sanpaolo fully enhanced the role of the Designated Representative and fully safeguarded the shareholders' right to take part in the Shareholders' Meeting via a tool made available free of charge; moreover, where the proxy was issued through the Bank's dedicated IT platform, the deadline for giving the proxy was extended, for those entitled, until the day before the Shareholders' Meeting.

To ensure active participation in the Shareholders' Meeting decision-making processes and, hence, to confer proxy and voting instructions to the Designated Representative on an informed basis, Intesa Sanpaolo provided that the Bank's answers to the premeeting questions and new proposed resolutions submitted (including individually) by shareholders on the agenda items had to be published on the website before the deadline for giving proxy and voting instructions to the Designated Representative.

The casting of votes by shareholders and institutional investors was done in an informed and knowledgeable manner, taking into account, among other things, the Bank's answers to questions submitted in advance on the agenda items; the level of participation in the meeting was significantly higher than in the last meeting held in person (+9%).
The function of informing shareholders was fulfilled by continuously publishing information on the website, where every shareholder/investor was able to consult all the Shareholders' Meeting documents and notices, including the reports on the agenda items, and any other documentation relevant to the process leading up to the vote.
Exchanges and discussions with shareholders/investors were held continuously including when presenting the results of operations – and well in advance of the date set for the vote, in the manner laid down in the Policy for the management of dialogue with shareholders and via the additional appropriate communication channels.

Information on questions submitted in advance pursuant to Article 127 ter CLF at the Shareholders' Meetings called to approve the financial statements

Shareholders' Meeting	Number of shareholders	Number of questions submitted in advance
24 April 2024	11	412
28 April 2023	8	273
29 April 2022	6	225
28 April 2021	10	226
27 April 2020	7	207

The sustainability commitment

Intesa Sanpaolo, in setting itself the goal of continuing to generate value for all its stakeholders while building a profitable, innovative and sustainable Bank of the Future, is also aware of the impacts associated with its activities on the economy, the environment and people.

At the strategic level, the Group aims to further strengthen its leading position in ESG themes (Environmental, Social and Governance), with a world-class position in Social Impact and strong focus on climate. Indeed, ESG issues are one of the four pillars of the Group's 2022-2025 Business Plan for robust and sustainable value creation.

In order to establish a framework of values and principles, and to provide disclosures on the various sustainability/ESG issues, Intesa Sanpaolo adopts and publishes specific documents, including the Code of Ethics, the Consolidated Sustainability Statement and other significant ESG reporting, such as the Climate Report and the Responsible Banking Progress Statement1 – available on the Group's website and to which reference should be made – as well as various policies regarding specific ESG matters and areas of the Bank's activities (human rights, environment, loans to specific sectors).

1111

The Code of Ethics is a voluntary self-regulatory tool adopted by all Group companies and is an integral part of the sustainability management model. It sets out the mission, the corporate values and the principles governing relations with all parties, internal or external, directly or indirectly involved in or impacted by the performance of the company's activities (stakeholders). For some particularly important areas, the Code of Ethics refers to the rules and principles consistent with the best international standards. The Code lays the framework for embedding social and environmental considerations in corporate processes, practices and decisions, spelling out the pillars of our corporate culture. All the Group's people, in Italy and abroad, are expected to behave in a manner that complies and is consistent with the values and principles set out in the Code. Each Group company must ensure that its actions and activities match those values and principles, consistently with its specific characteristics.

The Consolidated Sustainability Statement2 is prepared in accordance with Italian Legislative Decree No. 125/2024, which transposes Directive (EU) 2022/2464 (the Corporate Sustainability Reporting Directive - CSRD) into Italian law; it aims to harmonise and unify sustainability reporting across Europe, to ensure greater consistency and comparability of information. Common European standards have been developed to this end, known as the European Sustainability Reporting Standards (ESRS). The Reporting is approved annually by the Board and includes the information necessary for understanding the Intesa Sanpaolo Group's impact on sustainability issues, as well as the information necessary for understanding how these issues affect the Group's performance, its results and its situation. With specific reference to sustainability issues, information is therefore requested on: the business model and strategy, the goals set, the role of the management and control bodies, existing policies, the actions taken to prevent or mitigate actual or potential negative impacts, the main risks generated and suffered, and the key performance indicators relating to environmental, social and governance issues.

¹ Previously the PRB Report. Report on the progress made in implementing the Responsible Banking Progress Statement, of which Intesa Sanpaolo is a founding signatory.

² Prepared for the first year with reference to the 2024 reporting period, replacing the Consolidated Non-Financial Statement (CNFS).

The sustainability commitment

robust and sustainable value creation.

which Intesa Sanpaolo is a founding signatory.

(CNFS).

The Code of Ethics is a voluntary self-regulatory tool adopted by all Group companies and is an integral part of the sustainability management model. It sets out the mission, the corporate values and the principles governing relations with all parties, internal or external, directly or indirectly involved in or impacted by the performance of the company's activities (stakeholders). For some particularly important areas, the Code of Ethics refers to the rules and principles consistent with the best international standards. The Code lays the framework for embedding social and environmental considerations in corporate processes, practices and decisions, spelling out the pillars of our corporate culture. All the Group's people, in Italy and abroad, are expected to behave in a manner that complies and is consistent with the values and principles set out in the Code. Each Group company must ensure that its actions and activities match those values and principles,

The Consolidated Sustainability Statement2 is prepared in accordance with Italian Legislative Decree No. 125/2024, which transposes Directive (EU) 2022/2464 (the Corporate Sustainability Reporting Directive - CSRD) into Italian law; it aims to harmonise and unify sustainability reporting across Europe, to ensure greater consistency and comparability of information. Common European standards have been developed to this end, known as the European Sustainability Reporting Standards (ESRS). The Reporting is approved annually by the Board and includes the information necessary for understanding the Intesa Sanpaolo Group's impact on sustainability issues, as well as the information necessary for understanding how these issues affect the Group's performance, its results and its situation. With specific reference to sustainability issues, information is therefore requested on: the business model and strategy, the goals set, the role of the management and control bodies, existing policies, the actions taken to prevent or mitigate actual or potential negative impacts, the main risks generated and suffered, and the key

performance indicators relating to environmental, social and governance issues.

¹ Previously the PRB Report. Report on the progress made in implementing the Responsible Banking Progress Statement, of

² Prepared for the first year with reference to the 2024 reporting period, replacing the Consolidated Non-Financial Statement

associated with its activities on the economy, the environment and people.

consistently with its specific characteristics.

The Climate Report – approved by the Board – provides climate-related information in accordance with the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD)3. The report is divided into the four pillars of the recommendations (Governance, Strategy, Risk Management, and Metrics and Targets) and, as of the 2022 edition, it includes a Transition Plan on Net Zero targets. In the 2024 report, 2030 targets for the Residential Real Estate (RRE), Agriculture, Cement and Aluminium sectors have been added to the six sectors with decarbonisation targets already published and reported in the 2023 Climate Report (Oil&Gas, Power Generation, Automotive, Coal Mining, Iron and Steel, Commercial Real Estate).

³ With the publication of the 2023 Status Report, the TCFD completed its mandate and was dissolved. Therefore, the IFRS Foundation took over the monitoring of climate disclosures.

The governance of sustainability, which has been constantly strengthened over time, is characterised by the involvement of various Bodies and Structures, whose main responsibilities are detailed below

Board of Directors

The Board, with the support of the Risks and Sustainability Committee, defines and approves the strategic guidelines and policies on sustainability (ESG), including the social and cultural responsibility model and the fight against climate change – taking into account the objectives of solid and sustainable value creation and distribution for all stakeholders; it defines and approves the risk targets, incorporating sustainability-related risks (ESG) – in particular climate and environmental risks – in its risk appetite framework; it approves the results of the impact and financial materiality analysis that identifies the environmental, social and governance sustainability aspects that are relevant with regard to the impacts, risks and opportunities considered, in accordance with applicable regulations; it approves the Consolidated Sustainability Statement, ensuring that it is drafted and published in compliance with current regulations, after review by the Management Control Committee, as well as any other reports of particular relevance in this area; it examines the annual report submitted by the Manager responsible for preparing the Company's financial reports on sustainability disclosure risk monitoring activities and the periodic reports submitted by the corporate control functions; it approves the updates to the Code of Ethics and the diversity and inclusion policy.

Risks and Sustainability Committee

The Risks and Sustainability Committee supports the Board in the performance of all the above-mentioned tasks, and specifically in the following areas: the assessment and analysis of sustainability (ESG) issues related to the Bank's operations; the approval of the list of ESG-sensitive sectors relevant to the Group's lending activities; the assessments and decisions to be made on sustainability-related impact and financial materiality analysis, also for the purpose of approving the Consolidated Sustainability Statement. This analysis identifies the aspects of environmental, social and governance sustainability that are potentially relevant with regard to the impacts, risks and opportunities considered, in accordance with applicable regulations, as well as the relevant methodology; it verifies the Group's positioning with respect to national and international best practices in the field of sustainability, with particular reference to Intesa Sanpaolo's inclusion in the major sustainability indices.

Management Control Committee

The Management Control Committee, with the support of the competent sustainability (ESG) and internal audit departments, supervises compliance with the principles and values of the Code of Ethics; with reference to the Consolidated Sustainability Statement, it monitors compliance with the provisions of Italian Legislative Decree No. 125/2024 and reports on it in the annual report to the Shareholders' Meeting, and examines the Consolidated Sustainability Statement, in the exercise of its supervisory functions, before its submission to the Board; it examines the annual report submitted by the Manager responsible for preparing the Company's financial reports on sustainability disclosure risk monitoring activities and the periodic reports submitted by the corporate control functions.

Managing Director and CEO

The Managing Director and CEO governs sustainability performance; he/she has the power to submit proposals to the Board for the adoption of resolutions within its remit; he/she ensures the consistency of the risk management process with the risk appetite and the relevant risk governance policies; he/she is informed by the Manager responsible for preparing the Company's financial reports on an annual basis about sustainability disclosure risk monitoring activities; he/she provides, jointly with the Manager responsible for preparing the Company's financial reports, for the statutory certifications on the balance sheet, income statement, financial position and sustainability disclosures required by the regulations.

Steering Committee

The Committee, in the context of the Business Plan and Sustainability (ESG) Session, collaborates, taking into account the objectives of robust and sustainable value creation and distribution for all stakeholders, in defining the strategic guidelines and sustainability policies (ESG), including the social and cultural responsibility model and the fight against climate change, which the Managing Director and CEO submits to the relevant Board Committees and the Board of Directors; it collaborates in the identification and updating of potentially relevant environmental, social and governance sustainability issues in relation to the impacts, risks and opportunities considered, in accordance with the applicable regulations, in the impact and financial materiality analysis; it examines, prior to submission to the Board, the Consolidated Sustainability Statement and any other reports of particular relevance on sustainability issues; it addresses the consistency of technological development, with specific reference to artificial intelligence/machine learning, with the Group's ethics principles.

Group Control Coordination and Non-Financial Risks Committee

In the Operational and Reputational Risk session, the Committee examines the main ESG risk profiles, which are reflected or could be reflected in the operational and reputational risk exposure. This session, chaired by the Chief Risk Officer, is attended by the heads of the Group's corporate control functions and the relevant Governance Areas.

Chief Sustainability Officer

Board of Directors

and inclusion policy.

functions.

Risks and Sustainability Committee

Management Control Committee

Managing Director and CEO

Steering Committee

disclosures required by the regulations.

The governance of sustainability, which has been constantly strengthened over time, is characterised by the involvement of various Bodies and Structures, whose main responsibilities are detailed below

specific reference to artificial intelligence/machine learning, with the Group's ethics principles.

with particular reference to Intesa Sanpaolo's inclusion in the major sustainability indices.

The CSO Governance Area has the following main functions: guiding the development and implementation of the Group's ESG strategy, also helping to identify specific actions and initiatives, and new business opportunities; collaborating on ESG reporting and promoting the dissemination of a culture of sustainability and innovation; playing an active role in the development and promotion of the local areas and communities in which the Group operates, supporting non-profit organisations and promoting social inclusion initiatives and educational interventions; promoting the innovation of businesses and territories as a key factor for sustainable development through applied research and support for start-ups, open innovation, the transition to the circular economy and the development of innovation ecosystems; promoting the Group's historical, artistic, architectural, and archive assets to contribute to the civil and cultural growth of the local areas and communities it serves, ensuring their protection and appreciation.

ESG Control Room and its Panels

The ESG Control Room is a collegiate managerial body with advisory, analysis and assessment powers, set up to support the Steering Committee in the exercise of its ESG activities, with particular reference to the strategic proposal of guidelines, policies and initiatives on ESG issues, in monitoring the achievement of objectives and in examining any actions that may be appropriate or necessary to achieve the results.

The ESG Control Room is chaired by the Head of the Chief Sustainability Officer Governance Area, with the participation of the Head of the Chief Financial Officer Governance Area, the Head of the Chief Risk Officer Governance Area and the Head(s) of ESG Steering. When deemed necessary, in relation to the issues addressed, the Heads of the other Governance Areas, the Heads of the Divisions and the Sustainability Managers, who have the task of overseeing ESG issues within their respective Governance Areas or Divisions, may be called upon to participate in the Panels set up to promote sharing and synergies within the Group with regard to ESG issues: the ESG Coordination Panel, the Sustainable Investments and Insurance Panel, and the Social Impact Panel.

In 2024, the Board strengthened ESG governance with the appointment of the Chief Sustainability Officer, responsible for a Governance Area set up to steer the Group's sustainable development strategies, with a special commitment to social matters and the fight against inequalities, which includes: i) activities distributed across various organisational units of the Group with the establishment of the Chief Social Impact Officer Governance Area in the social sphere; ii) the new ESG Steering organisational unit dedicated to strategic guidance and monitoring of ESG issues; iii) Art, Culture and Historical Heritage Structure; iv) Innovation Centre; v) Neva SGR.

The Chief Social Impact Officer Governance Area contributes to the definition of strategic guidelines and oversees the direction, governance and implementation of Social Impact initiatives and projects carried out by the Group, ensuring relations with the main stakeholders, identifying intervention models and activating system-wide actions and promoting the wellbeing and inclusion of people and their communities. It also oversees the direction, coordination and monitoring of initiatives to mitigate the direct environmental impacts generated by the Group's activities.

During 2024, the Board of Directors was engaged in all the issues related to Sustainability (ESG) as well as the planned initiatives in this area, which are included in the Business Plan.

Furthermore, the Board and the Risks and Sustainability Committee were periodically informed of the progress of the ESG initiatives envisaged in the Business Plan and monitored their progress, resolving on the implementation of individual projects where appropriate.

Below are the most relevant ESG issues examined by the Board and the Risks and Sustainability Committee, without prejudice to the support provided by the Committee to the Board in assessing and analysing sustainability issues and in approving strategic guidelines and policies.

For further details on the Group's handling of ESG issues, please refer to the specific section of the website as well as the documentation published there.

The 2022-2025 Business Plan and Sustainability

During 2024, the Board of Directors was engaged in all the issues related to Sustainability (ESG) as

Below are the most relevant ESG issues examined by the Board and the Risks and Sustainability Committee, without prejudice to the support provided by the Committee to the Board in assessing and

For further details on the Group's handling of ESG issues, please refer to the specific section of the

Consolidated Non-financial Statement Principles for Responsible Banking Report

Report on compliance with the gender equality commitments (set out in the Diversity, Equity and Inclusion Principles) Report on the implementation of the Code of Ethics and the social and environmental

Implementation of the Corporate Sustainability Reporting Directive Net Zero Banking Alliance: sector targets Reputational Risk Management

Guidelines governing transactions with subjects active in the armaments sector Guidelines for preparing the Consolidated

Gender neutrality of the Group's Remuneration Policies – Gender pay gap

Climate Report

Framework

analysis

Modern Slavery Statement

responsibility principles

Sustainability Reporting

well as the planned initiatives in this area, which are included in the Business Plan.

analysing sustainability issues and in approving strategic guidelines and policies.

BoD

ESG

RSC

on the implementation of individual projects where appropriate.

website as well as the documentation published there.

The Business Plan, approved by the Board of Directors on 3 February 2022 with the support of the Risks and Sustainability Committee, has a strong focus on ESG matters and identifies concrete actions and targets with reference to the Sustainability pillars identified by the Group.

Food and shelter programme for people in need with distribution of meals, beds, medicines and clothing	Dedicated credit support and services for non-profit organisations to promote local initiatives that benefit communities and the environment	Gallerie d'Italia, with Intesa Sanpaolo's four museum locations and the creation of a centre of excellence to promote the value of photography in the Turin location
Youth employability programmes aimed at training and access to the job market Promoting educational inclusion by strengthening partnerships with leading Italian universities and schools Social housing, promoting social housing units and student beds Contributions to support initiatives to address social needs Creation in Brescia of an organisational unit with functions of policy-making and governance of activities dedicated to social impact ("Intesa Sanpaolo for Social Impact")	Fund for Impact, with direct support for people who cannot access credit through traditional financial channels Credit for urban regeneration with investments in hospitals, smart mobility, broadband networks, education and service and sustainable infrastructure Credit for vulnerable people to support people with difficulties getting access to credit, families affected by natural disasters, with partnerships to provide microcredit to individuals or small businesses in difficulty	Temporary exhibitions, educational labs with schools and social inclusion projects dedicated to vulnerable categories "Restituzioni" programme, dedicated to restoration and promotion of the national heritage in collaboration with the Ministry of Culture Professional education programmes in art and culture Partnerships with museums, public/private institutions in Italy and abroad Sponsorship of cultural activities and events
Innovation	Climate and environment	Support to customers through the ESG transition
Development of multidisciplinary applied research projects Investments in high-potential start ups Supporting the development of international innovation ecosystems Acceleration of business transformation and support to corporates' long-term development promoting de-risking and competitiveness through Open Innovation programmes Dissemination of an innovation culture through events and new educational formats	Membership of all Net-Zero alliances on credit, investments and insurance Achieving carbon neutrality by 2030, through a 53% reduction in Scope 1+2 emissions (compared to 2019 levels) and the purchase of carbon credits for the residual portion. 100% of the energy purchased in Italy deriving from renewable sources Protection and restoration of natural capital	Sustainable credit to support green economy, circular economy and ecological transition Support for small and medium sized enterprises to finance projects aimed at improving their sustainability profile Launch of ESG Labs in the local territory, to support small and medium-sized enterprises in their approach to sustainability Enhancement of the ESG investment product offering in asset management Development of dedicated ESG insurance offering

The initiatives put in place by Intesa Sanpaolo have enabled the Group to receive several recognitions, such as inclusion for the fourteenth consecutive year – the only Italian bank – in the Dow Jones Sustainability Indices (World and Europe), which are among the most important international stock market sustainability indices.

Intesa Sanpaolo has been confirmed first in Europe for relations with institutional investors and financial analysts as well as for ESG aspects in the 2024 ranking by Extel (formerly Institutional Investor Research), which also placed Intesa Sanpaolo's Board of Directors, for the third consecutive year, at the top of its ranking of European banks' boards.

For more details, please refer to the dedicated page on the Group's website.

Allowance for charitable, social and cultural contributions

Following a well-established tradition, the Bank's Articles of Association provide for the possibility of allocating a portion of net income to support projects that focus on solidarity, social utility and the value of the individual, through the Allowance for charitable contributions.

The Chair of the Board of Directors, having consulted the Managing Director and in accordance with the guidelines approved by the Board, oversees the implementation of the initiatives falling within the Allowance's objectives.

The manner in which the Allowance is managed and used is governed by the Regulation and Guidelines approved by the Board in line with the commitments set out in the Code of Ethics.

Particular attention is paid to the underlying values, the merit of the proposed initiatives and the importance of the social needs they aim to satisfy when choosing sectors and projects for intervention.

Activities are carried out in a transparent and accountable manner, and through procedures that avoid any possible personal or corporate conflict of interest; donations are also independent of the pursuit of commercial interests.

The Intesa Sanpaolo Group

Allowance for charitable, social and cultural contributions

The Chair of the Board of Directors, having consulted the Managing Director and in accordance with the guidelines approved by the Board, oversees the implementation of the initiatives falling

The manner in which the Allowance is managed and used is governed by the Regulation and Guidelines approved by the Board in line with the commitments set out in the Code of Ethics.

Particular attention is paid to the underlying values, the merit of the proposed initiatives and the importance of the social needs they aim to satisfy when choosing sectors and projects for

Activities are carried out in a transparent and accountable manner, and through procedures that avoid any possible personal or corporate conflict of interest; donations are also independent of the

market sustainability indices.

the top of its ranking of European banks' boards.

within the Allowance's objectives.

pursuit of commercial interests.

intervention.

For more details, please refer to the dedicated page on the Group's website.

the value of the individual, through the Allowance for charitable contributions.

Intesa Sanpaolo is the Parent Company of the Banking Group with the same name. In addition to controlling the Group's companies, it holds controlling interests in other companies belonging to the broader corporate Group, which provides, among other things, insurance and business services.

As Parent Company of the Banking Group, Intesa Sanpaolo exercises, pursuant to the Consolidated Law on Banking, the functions of management and coordination of the companies belonging to the Banking Group and issues to them the necessary provisions to ensure compliance with and performance of the Bank of Italy's instructions in the interest of the Group's stability. Furthermore, pursuant to Articles 2497 et seq. of the Italian Civil Code, Intesa Sanpaolo exercises management and coordination activities over all the other subsidiaries, with the exception of Risanamento S.p.A.

Intesa Sanpaolo also exercises these activities over the insurance company Intesa Sanpaolo Assicurazioni, which, pursuant to Italian Legislative Decree No. 209/2005 (the "Private Insurance Code") and its implementing provisions, is the head company of the Intesa Sanpaolo Assicurazioni Insurance Group. As such, Intesa Sanpaolo Assicurazioni exercises management and coordination activities over the Italian companies belonging to the Insurance Group: Intesa Sanpaolo Protezione S.p.A., Fideuram Vita S.p.A., Intesa Sanpaolo Insurance Agency S.p.A. and InSalute Servizi S.p.A., pursuant to Articles 2497 et seq. of the Italian Civil Code.

Intesa Sanpaolo has adopted Group Regulations which govern the institutional operations of the Intesa Sanpaolo Group and intragroup relationships, in accordance with supervisory regulations which assign responsibility for the overall consistency of Group governance to the parent company, through management and coordination activities.

Banca dei Territori This Division focuses on the market and the central role of the territory in strengthening relationships with households, small and medium-sized enterprises and non-profit entities. The Division includes industrial credit, leasing and factoring activities, and the digital bank Isybank (which also operates in instant banking through Mooney, a partnership with the Enel Group). IMI Corporate & Investment Banking Global partner for corporates, financial institutions and the public administration in a medium/longterm perspective, at domestic and international level. It includes capital market and investment banking activities and operates in 24 countries to support the cross-border operations of its customers through a specialised network of branches, representative offices and subsidiaries that engage in corporate banking activity. International Banks This Division includes subsidiaries engaged in commercial banking activities in the following countries: Albania (Intesa Sanpaolo Bank Albania), Bosnia-Herzegovina (Intesa Sanpaolo Banka Bosna i Hercegovina), Croatia (Privredna Banka Zagreb), Egypt (Bank of Alexandria), Moldova (Eximbank), Czech Republic (the Prague branch of VUB Banka), Romania (Intesa Sanpaolo Bank Romania and First Bank), Serbia (Banca Intesa Beograd), Slovakia (VUB Banka), Slovenia (Intesa Sanpaolo Bank), Ukraine (Pravex Bank) and Hungary (CIB Bank). Private Banking This Division serves customers in the Private and High Net Worth Individuals segment by offering targeted products and services. It includes Fideuram-Intesa Sanpaolo Private Banking, with 6,814 private bankers. Asset Management This Division provides asset management solutions to the Group's customers, non-Group distribution networks and institutional customers. It includes Eurizon, with 333 billion euro of assets under management. Insurance This Division provides insurance and pension products to Group customers. With direct deposits of 177 billion euro, the Division includes Intesa Sanpaolo Assicurazioni – which controls Intesa Sanpaolo Protezione, Intesa Sanpaolo Insurance Agency and InSalute Servizi – and Fideuram Vita.

The Group's activities are divided into six Divisions.

The Governance of Intesa Sanpaolo

Art. 123 bis, 2 (a), CLF

Compliance with the Italian Corporate Governance Code

Intesa Sanpaolo complies with the Italian Corporate Governance Code, approved on 31 January 2020 and published on the website of the Italian Corporate Governance Committee1. Consequently, the Bank's governance also follows the aims and recommendations set out in the Code, to ensure effective and transparent separation of the roles and responsibilities of its Corporate Bodies. In particular, also in accordance with supervisory provisions, this approach ensures a proper balance between strategic supervision, management and control functions.

In relation to the one-tier governance model adopted by the Bank, the Principles and Recommendations of the Code concerning the board of directors and the control body, or their members, apply, respectively, to the Board of Directors and the Management Control Committee or their members.

The Company, aware that efficient corporate governance is essential for the pursuit of its objectives, constantly updates its corporate governance on the basis of past experience and changing legislation, national and international best practices and the principles and recommendations issued by the main bodies and authorities (notably the Financial Stability Board, the Basel Committee on Banking Supervision and the European Banking Authority).

Moreover, in its capacity as a Bank, Intesa Sanpaolo must ensure that its organisational structure complies with the applicable rules, including EU sectoral legislation, the Italian Consolidated Law on Banking and the measures issued by the Bank of Italy in its supervisory role. With regard to supervision, it should be noted that Intesa Sanpaolo – being a "significant supervised entity" – is subject to the direct supervision of the European Central Bank, which has specific duties of prudential supervision over credit institutions within the Single Supervisory Mechanism, including specific controls on the presence of sound corporate governance principles.

Letter from the Chair of the Italian Corporate Governance Committee

In its letter dated 17 December 2024 addressed to the Chairs of the board of directors, Chief Executive Officers and Chairs of the supervisory bodies of listed companies, the Italian Corporate Governance Committee made a number of recommendations to encourage increasingly conscious implementation of the Code and promote the evolution of corporate governance in line with the principles of the Code itself. The letter also highlighted some areas for improvement in implementing recommendations, which will require strong focus.

In particular, the Committee focused on the following areas: completeness and timeliness of pre-meeting information, transparency and effectiveness of remuneration policies and the Chair's executive role.

The Committee's recommendations were brought to the attention of the Nomination Committee, the Board of Directors and the Management Control Committee and underwent extensive examination and discussion. The exercise resulted in the joint conclusion that the recommendations are adequately complied with by Intesa Sanpaolo; they are duly reflected in this Report, notably on the pages shown in the table attached to the final check list.

¹ https://www.borsaitaliana.it/comitato-corporate-governance/homepage/homepage.en.htm

Part I - Ownership structure and investor relations

Information on ownership structure

Information on the ownership structure of Intesa Sanpaolo is set out below, in accordance with Article 123-bis, paragraph 1, of the Consolidated Law on Finance.

Some of this information is also provided in detail in the body of this Report; specifically:

shareholders' rights and voting rights at Shareholders' Meetings, in the following paragraphs of this Part;
the rules on the appointment and replacement of members of the Board of Directors and the Management Control Committee, in Part II in the chapters on said Corporate Bodies.

Lastly, information on the agreements between the Company and Board Members, concerning indemnities in the event of resignation or dismissal without just cause or termination of employment, is contained in the Report on Remuneration.

Share Capital

The Company's share capital amounts to 10,368,870,930.08 euro, divided into 17,803,670,501 ordinary shares without nominal value.

The Shareholders' Meeting of 24 April 2024 authorised the purchase of own shares for annulment (buyback), for a maximum total outlay of 1,700 million euro and a number of shares not exceeding 1,000,000,000 shares, and the annulment of the own shares purchased under this authorisation, without reducing the share capital.

On 3 May 2024, the Board of Directors – having received the ECB's authorisation and exercising the authority delegated to it by the Shareholders' Meeting – decided to execute the plan for purchase of own shares for annulment for a maximum outlay of 1,700 million euro and a number of shares not exceeding 1,000,000,000 shares.

The programme was launched the following 3 June and was completed on 18 October 2024, and involved the purchase and subsequent annulment of a total of 479,128,488 shares, equal to around 2.62% of the share capital before annulment.

In line with the strategies pursued under the 2022-2025 Business Plan, the buyback plan enabled significant value creation for all Intesa Sanpaolo shareholders.

Finally, the Shareholders' Meeting of 29 April 2022 – in the extraordinary part – granted powers to the Board of Directors, pursuant to Article 2443 of the Italian Civil Code, to approve, in one or more tranches, a capital increase without payment for the purpose of implementing the 2022-2025 Performance Share Plan Long-Term Incentive Plan, reserved for the Intesa Sanpaolo Group Management, which was authorised on the same date by the same Shareholders' Meeting. These powers must be exercised by 29 April 2027.

Each ordinary share confers the right to cast one vote at Ordinary and Extraordinary Shareholders' Meetings. There are no restrictions on voting rights and no shares with increased voting rights ("voto maggiorato").

The Articles of Association do not grant any powers to the Board of Directors to issue equity instruments.

There are no restrictions on holding or transferring shares and there are no shares conferring special control rights to their holders.

Under Intesa Sanpaolo's employee stock ownership plan, employees holding shares at the end of the Plans shall exercise the associated voting rights directly. Detailed information on the existing Incentive System based on financial instruments is provided in the Report on Remuneration.

Under the Articles of Association, resolutions on the distribution of net income are passed by the Ordinary Shareholders' Meeting, on the Board of Directors' proposal; the Board of Directors can, in turn, resolve on the distribution of interim dividends, in the manners and forms prescribed by law.

Art. 123 bis, 1 (a), CLF

Art. 123 bis, 1 (i), CLF

Art. 123 bis, 1 (m), CLF

Art. 123 bis, 1 (e), CLF

Net income as reported in the financial statements, net of the portion allocated to legal reserve and the portion which is not available pursuant to the law, is allocated as follows:

a) to all the ordinary shares to the extent that the Shareholders' Meeting approves its distribution;

b) any excess funds are allocated to the extraordinary reserve or other reserves, without prejudice to the possibility of allocating a portion thereof to charities or to social and cultural activities, by creating a specific allowance.

bis, 1 (m), CLF

Securities traded on non-European markets

American Depositary Receipts (ADRs) representing Intesa Sanpaolo ordinary shares are outstanding, currently deposited with and managed by Bank of New York Mellon. Following the deregistration of the ADRs with the SEC, the securities were admitted to trading in the United States on the OTC market only.

Art. 123-

Own shares

At the end of financial year 2024, 25,629,058 residual own shares were held in the Bank's portfolio, after the purchases and allocations made during the year in relation to the Incentive and Investment Plans in favour of Employees. Additional packets of shares are held by other Group companies as part of their ordinary banking and financial operations or to service said Incentive and Investment Plans.

Shareholder Base

Main shareholders

The table below provides the list of shareholders that, based on the disclosures made under Article 120 of the Consolidated Law on Finance and other information received by the Company, directly and/or indirectly hold more than 3% of the share capital (*).

Declaring entity	% of share capital
Fondazione Compagnia di San Paolo	6.482%
Fondazione Cariplo	5.400%

(*) Shareholders that are asset management companies may have asked to be exempted from disclosure up to 5% of share ownership. BlackRock Inc. disclosed a 5.005% holding in the share capital of Intesa Sanpaolo, notified in Form 120 A dated 9 December 2020, as well as a 5.066% aggregate holding in the Bank's share capital, notified in Form 120 B dated 4 December 2020, and has not provided any update of these holdings following the subsequent changes in the number of shares into which the share capital of Intesa Sanpaolo is divided.

Italian law (Article 120 of the Consolidated Law on Finance) requires notification to the investee company and Consob when the threshold of 3% of the voting capital held in a listed company is exceeded, as well as (Article 19 of the Consolidated Law on Banking) prior authorisation from the European Central Bank for the acquisition of material holdings in a bank or of holdings entailing the possibility of exercising significant influence over the bank or the acquisition of a holding that carries at least 10% of voting rights or of the share capital, including as a result of concerted action.

The Company's website ("Investor Relations" section) contains the updated situation of Intesa Sanpaolo's shareholder base.

Shareholders' agreements

With regard to the appointment of the Board of Directors and the Management Control Committee for the financial years 2022/2023/2024 in the Shareholders' Meeting of 29 April 2022, a shareholders' agreement pursuant to Article 122 of the Consolidated Law on Finance was signed between Compagnia di San Paolo, Fondazione Cariplo, Fondazione Cassa di Risparmio di Firenze, Fondazione Cassa di Risparmio di Padova e Rovigo, Fondazione Cassa di Risparmio in Bologna, expiring with the appointment of the Board.

On 11 November 2024, a shareholders' agreement pursuant to Article 122 of the Consolidated Law on Finance was signed, and subsequently disclosed on 13 November 2024, in accordance with the procedures provided for by law, between Fondazione Compagnia di San Paolo, Fondazione Cariplo, Fondazione Cassa di Risparmio di Firenze, Fondazione Cassa di Risparmio di Padova e Rovigo, Fondazione Cassa di Risparmio in Bologna and Fondazione Cassa di Risparmio di Cuneo. Said agreement – which aggregates a total holding of 17.87% of the share capital - concerns the prior consultation, submission, and vote at the Shareholders' Meeting expected to be held by the end of April

2025 of a joint list for the appointment of the Board of Directors and the Management Control Committee of Intesa Sanpaolo S.p.A. for the financial years 2025/2026/2027, the determination of the number of directors within the maximum limit set forth in the Articles of Association and the proposal concerning the related remuneration, as well as the proposal and appointment as Chair and Deputy Chair of, respectively, the first and the second candidate shown on the joint list.

The agreement was submitted to the authorization of the ECB pursuant to Article 22-bis of the Consolidated Law on Banking and will expire at the end of the procedures of the aforementioned Intesa Sanpaolo Shareholder's Meeting called to appoint the Board of Directors.

Further information is provided on the Bank's website.

To the Bank's knowledge, there are currently no other shareholders' agreements pursuant to Article 122 of the Consolidated Law on Finance.

"Change of control" clauses

As part of their normal business activities, the Bank and other Group companies are usually party to framework agreements and contracts (especially for funding) which, according to standard financial market practice for certain types of relationships, may envisage specific effects in the event of "change of control" (agreements "which take effect, are amended or are terminated upon a change of control of the Company and/or as a result of related events").

No such framework agreement or contract may be considered significant, per se, in terms of amount or effect on a consolidated basis.

Allocated assets

Net income as reported in the financial statements, net of the portion allocated to legal reserve and the

The Company's website ("Investor Relations" section) contains the updated situation of Intesa

ordinary banking and financial operations or to service said Incentive and Investment Plans.

Declaring entity % of share capital

Fondazione Compagnia di San Paolo 6.482% Fondazione Cariplo 5.400%

a) to all the ordinary shares to the extent that the Shareholders' Meeting approves its distribution; b) any excess funds are allocated to the extraordinary reserve or other reserves, without prejudice to the possibility of allocating a portion thereof to charities or to social and cultural activities, by creating a

portion which is not available pursuant to the law, is allocated as follows:

specific allowance.

only.

Art. 123 bis, 1 (a), CLF

Art. 123 bis, 1 (m), CLF

Art. 123 bis, 1 (c), CLF

Art. 123 bis, 1 (g), CLF divided.

Own shares

Shareholder Base

Main shareholders

including as a result of concerted action.

Sanpaolo's shareholder base.

Shareholders' agreements

appointment of the Board.

Securities traded on non-European markets

indirectly hold more than 3% of the share capital (*).

As at the reporting date, Intesa Sanpaolo has not allocated assets for specific dealings in accordance with the Italian Civil Code.

Art. 123 bis, 1 (h), CLF

Policy for the management of dialogue with investors

At the end of 2021, Intesa Sanpaolo adopted a Policy for the management of dialogue with investors (hereinafter the "Policy"), consistent with the Italian Corporate Governance Code and Supervisory Provisions on corporate governance. The initiative is also in line with the guiding principles of EU regulation aimed at encouraging the long-term engagement of the shareholders in companies listed on regulated markets (SHR-II Directive) and, in particular, of institutional investors and asset managers. P. IV R. 3

The main objective of the Policy is to define the principles that specifically govern the dialogue of the Board of Directors with investors (meaning investors, including potential investors, other than individuals and, in the case of individuals, only the holders of Intesa Sanpaolo shares) and proxy advisors.

More specifically, the Policy illustrates:

how investors and proxy advisors may submit an engagement request to the Company or how the Company may make proposals to one or more investors or proxy advisors to participate in a dialogue;
the methods and criteria used by the Company to assess its willingness to engage in direct dialogue between the members of the Board nd investors and proxy advisors;
the process of internal management of the requests submitted, including how they are reported to the Board and how responses are prepared and delivered to the parties involved.

The Policy also sets out the responsibilities of the Corporate Bodies and internal Structures supporting dialogue management.

The Board of Directors plays a guiding and monitoring role in the dialogue with investors and proxy advisors, supervises the correct application of the Policy and is constantly informed about the contents and significant developments of the dialogue. To this end, each year the Board shall assess the effectiveness and adequacy of the Policy, taking into account the outcomes of the dialogues carried out and taking care of any updates to the Policy and their implementation as appropriate.

The Chair of the Board of Directors and the Managing Director, each according to their powers and responsibilities in relation to the dialogue topics, and with the support of the Chief Governance, Operating & Transformation Officer Area and the Chief Financial Officer Area, are responsible for managing the dialogue with investors and proxy advisors in the name and on behalf of the Company (hereinafter also the "Responsible Directors"). Specifically, they shall:

decide whether to accept the engagement request, or where relevant, to submit it to the Board for assessment;
establish the timing and procedures to follow up on the request, as they may delegate all or part of the dialogue to the heads of the competent corporate Structures;
decide, where appropriate, to involve one or more Board Members in the dialogue, having regard to the content of the request and the role of those Members within the Board;
promptly inform the Board of any issues of concern identified in relation to the dialogue, the outcomes and key points of the dialogue carried out and any engagement requests that have been refused.

The contacts with investors and proxy advisors are managed, on behalf of the Company, via Financial Market Coverage, according to the instructions given by the Responsible Directors.

The topics discussed in the dialogue with investors and proxy advisors relate to matters under the responsibility of the Board of Directors.

Both the text of the Policy and the IT procedure for submitting engagement requests are available on the Bank's website.

In 2024, at the request of institutional investors, the Company entered in two dialogues involving the Chair of the Board of Directors on governance matters. The Board – which is regularly updated on the requests received and on their outcomes, as required by the Policy – was informed of the key points of the aforementioned dialogues carried out.

Taking into account all the information provided, during the annual assessment conducted at its meeting of 27 September 2024, the Board found the Policy to be effective and adequate.

Relations with shareholders, the financial community and stakeholders – The website

Policy for the management of dialogue with investors

between the members of the Board nd investors and proxy advisors;

the Board and how responses are prepared and delivered to the parties involved.

and taking care of any updates to the Policy and their implementation as appropriate.

(hereinafter also the "Responsible Directors"). Specifically, they shall:

the dialogue to the heads of the competent corporate Structures;

the content of the request and the role of those Members within the Board;

Market Coverage, according to the instructions given by the Responsible Directors.

of 27 September 2024, the Board found the Policy to be effective and adequate.

More specifically, the Policy illustrates:

dialogue management.

P. IV R. 3

assessment;

the Bank's website.

responsibility of the Board of Directors.

the aforementioned dialogues carried out.

– how investors and proxy advisors may submit an engagement request to the Company or how the Company may make proposals to one or more investors or proxy advisors to participate in a dialogue; – the methods and criteria used by the Company to assess its willingness to engage in direct dialogue

– the process of internal management of the requests submitted, including how they are reported to

The Policy also sets out the responsibilities of the Corporate Bodies and internal Structures supporting

– decide whether to accept the engagement request, or where relevant, to submit it to the Board for

– establish the timing and procedures to follow up on the request, as they may delegate all or part of

– decide, where appropriate, to involve one or more Board Members in the dialogue, having regard to

– promptly inform the Board of any issues of concern identified in relation to the dialogue, the outcomes and key points of the dialogue carried out and any engagement requests that have been refused.

The contacts with investors and proxy advisors are managed, on behalf of the Company, via Financial

The topics discussed in the dialogue with investors and proxy advisors relate to matters under the

Both the text of the Policy and the IT procedure for submitting engagement requests are available on

Taking into account all the information provided, during the annual assessment conducted at its meeting

and, in the case of individuals, only the holders of Intesa Sanpaolo shares) and proxy advisors.

It is in Intesa Sanpaolo's specific interest, as well as an obligation towards the market, to constantly keep the channels of communication open with shareholders, institutional investors, the national and international financial community operators and, more generally, the Group's relevant stakeholders, in compliance with the legislation and internal procedures on the disclosure of inside information. In this respect, the Company guarantees the systematic disclosure - including at regular intervals - of fair, comprehensive and timely information on Group operations, also in the light of Consob guidance, the principles laid down in the Italian Corporate Governance Code and national and international best practices.

Under the Articles of Association, the Chair of the Board of Directors, in coordination with the Managing Director, has the task of supervising relations with shareholders and verifying their correct management.

Given the size of the Company and the Group, Intesa Sanpaolo uses specialist Structures with appropriate human and technical resources: Financial Market Coverage handles relations with the financial community, particularly institutional investors, financial analysts and rating agency analysts, including for sustainability issues; Corporate Bodies and Corporate Affairs manages relations with individual and associated shareholders and assists them by providing them with the corporate documents subject to legal disclosure requirements. Press and media relations in general, in Italy and abroad, are managed by Media and Associations Relations, which plays this role also for Group companies.

Intesa Sanpaolo's relations with the market are based on highly transparent conduct, concerning in particular the annual and interim financial results and Group strategies, including via meetings with the national and international financial community, in a framework of constant dialogue with the market based on accurate and timely communication.

As regards relations with the Group's relevant stakeholders, the procedures for identifying and interacting with them are set out in the Consolidated Sustainability Statement, to which reference should be made.

To fully implement its transparency policy and ensure that information is disclosed as rapidly and widely as possible, Intesa Sanpaolo also relies on its website.

The Company pays special attention on this specific information channel, also in light of developments in international best practices in the sector. The website is regularly developed and upgraded, to strengthen its role as a showcase for the Group, its values and its distinctive characteristics, and to comply with the statutory and transparency requirements for online corporate disclosures, by applying high standards in market communications in terms of prompt and appropriate presentation.

On the website, available in both Italian and English and also featuring an internal search engine, stakeholders will find up-to-date information on the structure and composition of the Corporate Bodies, the Company's and Group's organisational structure, the Shareholders' Meeting, the ownership structure and dividends, as well as share performance, regular financial reports and results presentations, ratings and the prospectuses of securities issued by Intesa Sanpaolo. The website also publishes the Company's press releases, the annual calendar of major corporate events, information on significant or extraordinary transactions, as well as information regarding sustainability issues, including the reporting contained in the Consolidated Sustainability Statement and in the Climate Report.

Also available on the website is Intesa Sanpaolo's "Shareholder's Guide", which provides useful information on investing in the Bank's shares, on the rights attaching to shareholdings, and on how shareholders can build a more proactive relationship with the Company in respect of Shareholders' Meetings.

The website offers a platform for the financial community and all stakeholders to find information and engage in dialogue with the Company within a framework of ongoing, consistent and comprehensive communication. The website also shows reference contacts.

P. IV R. 1 f)

The Shareholders' Meeting: procedures and shareholders' rights

Intesa Sanpaolo's Shareholders' Meeting

Art. 123 bis, 2, (c), CLF For the Company, the Shareholders' Meetings are the culmination of a process of preparation of the most significant management decisions, entrusted to the expression of the shareholders' will, in the manner and on the matters reserved for them by law and the Articles of Association.

Intesa Sanpaolo has always been committed to facilitating the broadest representation of Shareholders at Shareholders' Meetings and guaranteeing the best quality standards for the information provided, in order to realise the full potential of the meeting.

The Shareholders' Meeting can be Ordinary or Extraordinary.

The Ordinary Shareholders' Meeting, called at least once a year, no later than one hundred and eighty days after the end of the financial year, shall:

1) approve the parent company financial statements and pass resolutions on the distribution of net income;

2) determine the number of Directors, appoint and remove them, establish their remuneration and appoint the Chair and one or more Deputy Chairs;

3) appoint and remove the Directors forming the Management Control Committee and appoint its Chair, determining their remuneration;

4) pass resolutions on the responsibility of Directors;

5) in line with the proposal set out by the Management Control Committee, appoint the independent auditors and approve their fees and, in consultation with the Committee, revoke or amend said engagement, where necessary;

6) approve the remuneration policies for Board Members and staff, as well as the plans based on financial instruments. In this area, the meeting also approves the criteria for determining severance payments in the event of early termination of employment or office, including the limits set on said payments in compliance with applicable regulations, and shall also determine, with the qualified majorities under the supervisory regulations in force, a ratio between the variable and fixed individual remuneration higher than 1:1, but not exceeding the maximum established by the same regulations;

7) approve the rules of procedure, if any, of Shareholders' Meetings;

8) pass resolutions on the other matters assigned to it by the applicable regulations and the Articles of Association;

9) authorise the most significant transactions with related parties in the cases and in the manner set out in the procedures adopted pursuant to the Articles of Association and in accordance with the relevant regulations.

The Extraordinary Shareholders' Meeting is called to approve amendments to the Articles of Association (without prejudice to the Board's power to align the Articles of Association with the law), merger and demerger transactions in the cases provided for by law, and on any other matter within its purview pursuant to the law.

Calling meetings and procedure at meetings

The Shareholders' Meeting is called by the Board of Directors whenever it deems it appropriate or, under Article 2367 of the Italian Civil Code, on the request of Shareholders representing at least one twentieth of the share capital.

The Shareholders' Meeting may also be called by the Management Control Committee, where required for the fulfilment of its duties, subject to sending notice thereof to the Chair.

The Ordinary Shareholders' Meeting must be called at least once a year, no later than one hundred and eighty days after the end of the financial year.

The Shareholders' Meeting is called at the registered office of the Bank or in another location in the municipality where Intesa Sanpaolo has its registered office, by publishing a notice on the Company's website at least thirty days prior to the date of the Shareholders' Meeting, as well as a summary notice in daily newspapers (the summary notice is normally published in "Il Sole 24 Ore" and in the major national and international newspapers). If the Shareholders' Meeting is called to appoint Directors by way of slate voting, an earlier deadline for publication of forty days prior to the date of the meeting is required.

The Shareholders' Meeting is held on single call; the Board may set a second call for the Ordinary Meeting and, only for Extraordinary Meetings, even a third call.

The Chair of the Shareholders' Meeting, through his/her powers of management and coordination pursuant to the law and the Articles of Association, specifies, in the opening session, the main rules of conduct to be observed and informs, even during the Meeting, on voting procedures.

With regard to the right to speak on the items on the agenda, the Chair, also on the basis of the number of requests put forward, sets the maximum speaking and reply time for each speaker. Requests to speak are made via an automatic booking system at specific stations in the meeting hall.

Additions to the agenda and submission of new proposed resolutions

The Shareholders' Meeting: procedures and shareholders' rights

manner and on the matters reserved for them by law and the Articles of Association.

For the Company, the Shareholders' Meetings are the culmination of a process of preparation of the most significant management decisions, entrusted to the expression of the shareholders' will, in the

The Ordinary Shareholders' Meeting, called at least once a year, no later than one hundred and eighty

1) approve the parent company financial statements and pass resolutions on the distribution of net

2) determine the number of Directors, appoint and remove them, establish their remuneration and

3) appoint and remove the Directors forming the Management Control Committee and appoint its Chair,

5) in line with the proposal set out by the Management Control Committee, appoint the independent auditors and approve their fees and, in consultation with the Committee, revoke or amend said

8) pass resolutions on the other matters assigned to it by the applicable regulations and the Articles of

The Shareholders' Meeting may also be called by the Management Control Committee, where required

The Ordinary Shareholders' Meeting must be called at least once a year, no later than one hundred and

for the fulfilment of its duties, subject to sending notice thereof to the Chair.

Intesa Sanpaolo's Shareholders' Meeting

Art. 123 bis, 2, (c), CLF

order to realise the full potential of the meeting.

days after the end of the financial year, shall:

determining their remuneration;

engagement, where necessary;

appoint the Chair and one or more Deputy Chairs;

4) pass resolutions on the responsibility of Directors;

income;

The Shareholders' Meeting can be Ordinary or Extraordinary.

7) approve the rules of procedure, if any, of Shareholders' Meetings;

Calling meetings and procedure at meetings

purview pursuant to the law.

eighty days after the end of the financial year.

of the share capital.

Association;

regulations.

required.

Pursuant to the law and the Articles of Association, within ten days of publication of the notice of call, shareholders severally or jointly representing at least one-fortieth of the share capital may request additions to the items on the agenda or submit proposed resolutions on items already on the agenda, specifying the additional items or proposals in their request.

Those entitled to vote may individually, even if they do not reach the above shareholding, submit proposed resolutions on the items on the agenda directly at the Shareholders' Meeting.

Additional items are not permitted for topics which the Shareholders' Meeting addresses, by law, upon proposal by the Board of Directors or based on a project or report prepared by the latter other than the report usually drawn up for all items on the agenda pursuant to Article 125-ter, paragraph 1, of the Consolidated Law on Finance.

Notice of additions to the agenda or the submission of additional proposed resolutions on items already on the agenda is given in the forms prescribed for the publication of the notice of call.

Right to ask questions prior to the Shareholders' Meeting

Those entitled to vote may ask questions concerning items on the agenda even prior to the Shareholders' Meeting, by the deadline stated in the notice of call; said questions are answered during the Shareholders' Meeting at the latest. The Company may provide a single response to questions with the same content.

Questions may also be submitted through the dedicated section of the website or by email, according to the specific instructions set out in the notice of call.

Participation and representation – The Designated Representative

Participation in the Shareholders' Meeting is reserved for parties that are entitled to vote at the end of the accounting day of the seventh market trading day prior to the date set for the meeting on first or single call (record date).

Those entitled to vote may be represented at the Shareholders' Meeting through proxy.

The Articles of Association allow for electronic notification of voting proxies to the Company through the appropriate section of the website or by email.

The notice of call contains detailed instructions on the proxy voting procedure, including a proxy form on the Bank's website and how to send the proxies electronically.

In addition, the notice of call may specify arrangements to enable the shareholders to attend the meeting remotely via telecommunications devices and cast their vote electronically.

To maximise participation in the Shareholders' Meeting's decision-making processes, the Articles of Association allow the Bank to appoint for each meeting and name in the notice of call one or more "Designated Representatives" that holders of voting rights can appoint as proxy with instructions to vote on all or some of the items on the agenda.

This does not affect the legal provisions on proxy solicitation by promoters or on the collection of proxies by shareholders' associations.

Intesa Sanpaolo's Articles of Association do not permit postal voting.

* * *

Since 2020, Intesa Sanpaolo has exercised the right, granted by Italian law to listed companies, to provide that participation and vote in Shareholders' Meetings could be done exclusively through the Designated Representative pursuant to Article 135-undecies of the Consolidated Law on Finance. Introduced during the pandemic, this system for holding Shareholders' Meetings has so far involved the attendance in person at the Turin headquarters, where the Shareholders' Meeting is convened, of the Chair, some Directors, the Designated Representative (Computershare S.p.A.) and the Secretary (Notary) and the remote participation of other members of the Board.

Attendance and voting at the Shareholders' Meeting exclusively through the Designated Representatives have produced significant benefits both by improving flexibility and efficiency of the meeting process and, above all, enhancing pre-meeting dialogue, ensuring that Shareholders have full reporting transparency and equal access to the information needed to make informed voting decisions. Intesa Sanpaolo has taken all appropriate measures to pursue the full expression of Shareholders' rights, enabling their participation in the Shareholders' Meeting through a tool made available free of charge by the Company and facilitating the granting of proxies to the Designated Representative. Furthermore, in order to ensure the active participation of those entitled in the Shareholders' Meeting decision-making processes by giving well-informed voting instructions to the Designated Representative, Intesa Sanpaolo has provided that the new proposed resolutions submitted (including individually) on the agenda items and the Company's replies to the pre-meeting questions have to be published on the website before the deadline for giving proxy voting instructions (15 and 2 days before the meeting, respectively).

The Shareholders' Meeting was thus the final step of a process of constant dialogue and information exchange, which took place mainly through the website, where every shareholder/investor was able to consult all the meeting documents and notices, including the reports on the agenda items, and any other information documents submitted during the exchanges and dialogue with the stakeholders, which take place seamlessly in the manner set out in the Policy for the management of dialogue with shareholders and via the additional appropriate communication channels.

* * *

Article 123-bis, 1 (f), CLF

There are no restrictions on voting rights.

Challenges against shareholders' meeting resolutions

Resolutions passed by Shareholders' Meetings in accordance with the law and the Articles of Association are binding on all shareholders, including those absent or dissenting. Resolutions passed not in accordance with the law and the Articles of Association may be challenged by absent, dissenting or abstaining shareholders.

The time limits, methods and procedures for challenging resolutions are governed by the provisions of law in force, set out in Articles 2377-2378 of the Italian Civil Code.

Right of withdrawal

Voting rights

The right of withdrawal may be exercised only in those cases exclusively provided for by Article 2437 of the Italian Civil Code. As permitted by Article 2437, paragraph 2, of the Italian Civil Code, the Articles of Association exclude the right of withdrawal for shareholders that did not take part in the approval of the resolutions concerning the extension of the duration of the Company and the introduction or cancellation of restrictions on the trading of shares.

The terms and methods for the exercise of the right of withdrawal and the criteria for determining the value of the shares and the related liquidation procedures are governed by the law.

Part II - Corporate governance system

* * *

The time limits, methods and procedures for challenging resolutions are governed by the provisions of

The terms and methods for the exercise of the right of withdrawal and the criteria for determining the

value of the shares and the related liquidation procedures are governed by the law.

(Notary) and the remote participation of other members of the Board.

and via the additional appropriate communication channels.

Challenges against shareholders' meeting resolutions

law in force, set out in Articles 2377-2378 of the Italian Civil Code.

There are no restrictions on voting rights.

of restrictions on the trading of shares.

the meeting, respectively).

or abstaining shareholders.

Right of withdrawal

Voting rights

Article 123-bis, 1 (f), CLF

P. III

P. IX

P. XI R. 16

P. I P. II

R. 4

R. 1 a)

The Board of Directors

The Board of Directors is the highest body in the one-tier corporate governance system adopted by Intesa Sanpaolo.

The Board of Directors is governed by the legal and regulatory provisions, the Articles of Association and its own Regulations.

Within the Board, the typical control functions are reserved for Directors sitting on the Management Control Committee, which is covered in a subsequent section.

In the performance of its duties, the Board is supported by Committees appointed by the Board from among its directors:

Nomination Committee
Remuneration Committee
Risks and Sustainability Committee
Committee for Transactions with Related Parties

which are described in a specific section of this Report.

The Regulations of the Board of Directors govern the organisational and operating arrangements and the powers of the Board, including in the light of the principles and rules laid down in the Italian Corporate Governance Code. The following paragraphs outline the main contents of the Board of Directors' Regulations. R. 11

Powers of the Board

The Board of Directors is responsible for exercising the Company's guidance and strategic supervision duties and for resolving on all the most important corporate actions, with the power to undertake all transactions considered necessary, useful or appropriate in achieving the corporate purpose, of both an ordinary and extraordinary nature, and to adopt all decisions reserved to it by law, by the Articles of Association and by the regulations. In specific cases and in the manner provided for by law and the Articles of Association, the most significant management decisions are submitted to the Shareholders' Meeting for approval.

The Board of Directors' Regulations state that Directors have a duty to contribute to creating value for shareholders with the aim of delivering medium- and long-term sustainability, also taking into account the interests of other stakeholders relevant for the Company, in accordance with the principles of sound and prudent management and with the reference principles and values adopted by the Bank.

With regard to its corporate management duties, the Board, without prejudice to the powers reserved for it, delegates to the Managing Director the necessary and appropriate powers to ensure consistency in day-to-day management, in implementation of the guidelines decided by the same Board. The Board determines the content, limits and methods of exercise of the powers granted to the Managing Director and establishes how he/she must report back quarterly to the Board on the delegated activities.

Furthermore, the Board of Directors may assign specific duties to its members; upon proposal of the Managing Director, the Board of Directors may also grant Executives, branch managers or other personnel specific powers to perform certain activities or categories of acts and business activities, establishing the content, limits and methods of performance of such powers and determining when the delegated persons may act separately, jointly or as part of committees.

In exercising its responsibilities, the Board of Directors pays special attention to examining key strategic issues, including, in particular, the Business Plan.

Intesa Sanpaolo's 2022-2025 Business Plan was approved by the Board on 3 February 2022.

The Business Plan Drafting Process involved input from about 58,000 Group people in identifying strategic priorities, and from all the business and governance structures in the planning process. Since June 2021, all the Directors have been involved in several brainstorming sessions to identify strategic

priorities to be incorporated into the Plan, the guidelines of which were reviewed by the Board in late December 2021, and then in January 2022 before the Plan was approved.

The Board's analysis was supported by the Risks and Sustainability Committee, which devoted several meetings to discussing the issues related to the 2022-2025 Business Plan.

The Board continuously monitors the progress and implementation of the Plan through the periodic review of dedicated information flows. In this regard, when matters are submitted to the Board, special attention is paid to contextualising them in the various development areas outlined in the Business Plan.

More information on the 2022-2025 Business Plan can be found on the Bank's website.

The following are the main responsibilities and functions of the Board of Directors under the Articles of Association and its own Regulations. For each Area of responsibility, the Board-appointed Committees that support the Board in exercising its functions are indicated. The Management Control Committee's role of examining and assessing documentation prior to Board decisions is also highlighted.

	BoD AREA OF RESPONSIBILITY	DETAILS OF FUNCTIONS
R. 1 a),
b) and c)	Business model, strategic guidelines and risk appetite	defines and approves the business model, strategic - guidelines and risk appetite, and thus approves the Risk Appetite Framework, the Company and Group strategic, business and financial plans and any amendments thereof, also taking into account the sustainability (ESG) policies and additional elements indicated by the Supervisory Provisions
		defines and approves the Company and Group risk - governance objectives and policies, as well as the general guidelines for the capital and liquidity adequacy assessment process (ICAAP and ILAAP) periodically assesses the general development of - operations, also at the time of presentation of the financial data of the Company and the Group, taking into account, in particular, the information received from the Managing Director and periodically comparing results achieved with those planned
P. XIX R. 33 a)	Internal controls	defines and approves the guidelines of the Company and - Group internal control system
R. 1 d) R. 2	Corporate governance	defines the overall governance structure and approves the - Company's organisational structure; identifies the information flows required to ensure the full circulation of information within the Board and the information flows to Bodies and Committees, including from the corporate structures approves and modifies the main internal regulations - ensures effective dialogue with the key function holders -
R. 1 f)	Accounting systems and public disclosures	approves the accounting and reporting systems - oversees the Company and Group public disclosure and - communication
		approves the Consolidated Sustainability Statement -

		P. XVI
Remuneration	drafts the remuneration and incentive policy to be - submitted to the Shareholders' Meeting and establishes remuneration and incentive systems for top managers	P. XVII
Appointment of management body members	appoints and removes the Managing Director and General - Manager, and resolves on the granting, modification or termination of his/her powers and the remuneration relating to the office appoints and removes members of the Board Committees - set up in accordance with the Articles of Association, including their Chair, and resolves on the establishment of any other Board Committees with inquiry and advisory duties resolves on the establishment of the Steering Committee - and additional Managerial Committees, as provided for by the first-level organisational structure appoints and removes the Manager responsible for - preparing the Company's financial reports and the heads of the corporate control functions appoints the head of the Safety and Protection function - appoints the members of the subsidiaries' corporate - bodies, including executive Directors	R. 4 R. 17
ESG *	approves the strategic guidelines and policies on - sustainability (ESG), including the social and cultural responsibility model and the fight against climate change – taking into account the objectives of solid and sustainable value creation and distribution for all stakeholders	P. I
Strategic transactions	adopts decisions concerning i) the purchase and sale of - equity investments amending the composition of the Banking Group, as well as the investments considered strategic under the supervisory regulations or according to the plans and policies adopted by the same Board, ii) the purchase, sale, contribution of firms, business lines, assets and legal relationships identified en bloc under Article 58 of the Consolidated Law on Banking which are deemed strategic under the criterion above, iii) the investments and divestments, including real estate, deemed to be strategic under the criterion above and, in any case, iv) transactions of the kind indicated in the previous points which exceed, individually, 3% of the total own funds of the Company's consolidated supervisory capital	R. 1 e)
Credit transactions	defines and approves credit risk governance policies - consistent with the Risk Appetite Framework and credit strategies reviews and resolves on the most significant loan - transactions at Group level	R. 1 e)
Transactions with related parties	reviews and resolves on transactions with related parties - reserved to its competence on the basis of the RPT Procedures

*For more details on ESG issues, see the Overview and the Consolidated Sustainability Statement.

priorities to be incorporated into the Plan, the guidelines of which were reviewed by the Board in late

The Board's analysis was supported by the Risks and Sustainability Committee, which devoted several

RESPONSIBILITY DETAILS OF FUNCTIONS COMMITTEES'

assessment process (ICAAP and ILAAP)

defines and approves the business model, strategic guidelines and risk appetite, and thus approves the Risk Appetite Framework, the Company and Group strategic, business and financial plans and any amendments thereof, also taking into account the sustainability (ESG) policies and additional elements indicated by the
defines and approves the Company and Group risk governance objectives and policies, as well as the general guidelines for the capital and liquidity adequacy
periodically assesses the general development of operations, also at the time of presentation of the financial data of the Company and the Group, taking into account, in particular, the information received from the Managing Director and periodically comparing results achieved with

Company's organisational structure; identifies the information flows required to ensure the full circulation of information within the Board and the information flows to Bodies and Committees, including from the corporate

approves and modifies the main internal regulations - ensures effective dialogue with the key function holders
approves the accounting and reporting systems
approves the Consolidated Sustainability Statement
oversees the Company and Group public disclosure and

EXAMINATION

December 2021, and then in January 2022 before the Plan was approved.

meetings to discussing the issues related to the 2022-2025 Business Plan.

BoD AREA OF

R. 1 f) Accounting systems and public disclosures

Business model, strategic guidelines and risk appetite

R. 1 a), b) and c)

P. XIX R. 33 a)

R. 1 d)

More information on the 2022-2025 Business Plan can be found on the Bank's website.

role of examining and assessing documentation prior to Board decisions is also highlighted.

Supervisory Provisions

those planned

R. 2 Corporate governance - defines the overall governance structure and approves the

structures

communication

Internal controls - defines and approves the guidelines of the Company and Group internal control system

Key	Management Control Committee
Nomination Committee	Risks and Sustainability Committee
Remuneration Committee	Committee for Transactions with Related Parties

Board composition

Composition and diversity

The Board of Directors is composed of a minimum of 15 to a maximum of 19 members, who need not be shareholders, appointed by the Shareholders' Meeting on the basis of slates submitted by Shareholders. Within the Board, the Management Control Committee is composed of 5 Directors, also appointed directly by the Shareholders' Meeting, in line with the Supervisory Provisions.

A key choice made was to ensure that the Board has a large majority of independent directors and appoints a single Managing Director and CEO, while no other directors may hold executive offices and the Board may not delegate its duties to an executive committee. P. VI R. 5

The less-represented gender must make up at least two fifths of members, as established by applicable regulations on equal access to the management and control bodies of listed companies.

In accordance with the Articles of Association, at least four members shall be enrolled with the Register of Statutory Auditors and shall have practised as auditors or acted as members of a limited company control body for at least three years.

The Board in office at the time of publication of this Report is composed of 19 members, all of whom were elected by the Shareholders' Meeting on 29 April 2022:

Chair	Gian Maria Gros-Pietro
Deputy Chair	Paolo Andrea Colombo
Managing Director	Carlo Messina
Director	Franco Ceruti
Director	Paola Tagliavini
Director	Luciano Nebbia
Director	Bruno Picca
Director	Livia Pomodoro
Director	Maria Alessandra Stefanelli
Director	Liana Logiurato
Director	Daniele Zamboni
Director	Maria Mazzarella
Director	Anna Gatti
Director	Bruno Maria Parigi
Director	Fabrizio Mosca
Director	Milena Teresa Motta
Director	Maria Cristina Zoppo
Director	Alberto Maria Pisani
Director	Roberto Franchini

The detailed composition of the Board is shown in Part IV, Table 1, of the Report.

The Bank website ("Governance" section) provides brief biographical and professional notes on the Directors in office.

Qualitative and quantitative composition

In line with the Supervisory Provisions, for the purpose of appointing or co-opting the Directors, the Board of Directors identifies its optimal qualitative and quantitative composition, including, among other things, an adequate level of diversification of the members also in terms of age, gender, geographical origin and skills.

In this regard, the Articles of Association specify that the Board shall take the necessary measures to ensure that each Director and the Board as a whole are constantly adequate in terms of diversity, including of experience, gender and international orientation, and in terms of competence, fairness, reputation, independence of mind and time commitment.

P. VII R. 8

P. XIII R. 23

The Board currently in office was appointed in compliance with the recommendations to shareholders on the Board's composition and diversity, made by the outgoing Board at the time of the 2022 renewal, in the document on the qualitative and quantitative composition of the Board of Directors approved on 1 March 2022 and published on 3 March 2022.

The document, taking into account the outcomes of the self-assessment, including the qualifications of the candidates, identified and justified professional characteristics and suitability qualifications deemed adequate to the purpose, as well as the diversity criteria, including gender diversity, to ensure the Board's appropriate overall composition.

With specific reference to the adequacy and diversity of the professional profiles required, a Skills Directory was created, outlining the set of very good or distinctive expertise, knowledge and skills – with very wide, medium-wide or limited scope – considered appropriate to achieve the optimal qualitative composition of the new Board, specifying the minimum time required for performing the various offices within the Board.

In addition, the professional profiles required for the Chair of the Board of Directors, the Managing Director and CEO, and the Chair of the Management Control Committee were described in detail.

Following the renewal of the Bodies in 2022, the characteristics declared by the Directors were assessed by the new Board as appropriately diversified and suitable to ensure adequate Board composition and a well-balanced composition of the Board Committees.

Similarly, the Management Control Committee assessed the compliance of its composition with the recommendations given to shareholders.

With regard to gender diversity, Intesa Sanpaolo guarantees full compliance with the gender quotas provided for by the legislation, as indicated above. In the current structure of the Board, women are present in all the Board Committees, make up 80% of the members of the Committee for Transactions with Related Parties and chair both the Risks and Sustainability Committee and the Nomination Committee.

Minority shareholders are adequately represented in the Board of Directors (5 members, representing 26% of the total, were appointed from the slate submitted by minority shareholders) and, in the current Board structure, they are represented in all Board Committees. The Management Control Committee and the Committee for Transactions with Related Parties are also chaired by directors appointed from the slate submitted by minority shareholders.

The guidelines on diversity were verified in the annual self-assessment and are also reported in the Consolidated Sustainability Statement published by the Bank pursuant to Italian Legislative Decree No. 125/2024.

Appointment mechanism

Board composition

Art. 123 bis, 2, (d) CLF P. V

P. VI R. 5

P. VII R. 8

Composition and diversity

control body for at least three years.

Managing Director Carlo Messina Director Franco Ceruti Director Paola Tagliavini Director Luciano Nebbia Director Bruno Picca Director Livia Pomodoro

Director Liana Logiurato Director Daniele Zamboni Director Maria Mazzarella Director Anna Gatti

Director Bruno Maria Parigi Director Fabrizio Mosca Director Milena Teresa Motta Director Maria Cristina Zoppo Director Alberto Maria Pisani Director Roberto Franchini

Qualitative and quantitative composition

reputation, independence of mind and time commitment.

Directors in office.

origin and skills.

Art. 123 bis, 2, (d)-bis, CLF P. VII R. 8

Chair Gian Maria Gros-Pietro Deputy Chair Paolo Andrea Colombo

Director Maria Alessandra Stefanelli

A key choice made was to ensure that the Board has a large majority of independent directors and appoints a single Managing Director and CEO, while no other directors may hold executive offices and

The less-represented gender must make up at least two fifths of members, as established by applicable

The Board in office at the time of publication of this Report is composed of 19 members, all of whom

appointed directly by the Shareholders' Meeting, in line with the Supervisory Provisions.

regulations on equal access to the management and control bodies of listed companies.

The detailed composition of the Board is shown in Part IV, Table 1, of the Report.

The Bank website ("Governance" section) provides brief biographical and professional notes on the

the Board may not delegate its duties to an executive committee.

were elected by the Shareholders' Meeting on 29 April 2022:

The Articles of Association govern in detail the process that the Shareholders' Meeting must follow to appoint the members of the Board of Directors.

In particular, the Articles of Association provide that the procedure for appointing Directors is based on slates of candidates prepared by Shareholders, in line with the legislation for listed companies. The Board of Directors is not entitled to submit a slate of candidates.

The election system defined in the Articles of Association is based on a majority principle, balanced by the appointment of a share of Directors and members of the Management Control Committee on a proportional basis.

This mechanism ensures adequate representation of minority shareholders within the Corporate Bodies, through the submission of slates of candidates to the Shareholders' Meeting at the time of Board renewal and also for the replacement of any Board Member who ceases to hold office.

The minority shareholders are indeed given the option to elect, within both the Board and the Management Control Committee, a number of Directors well above that required by the legislation.

This solution creates a governance structure in line with international standards and makes full use of the slate election system, provided for by Italian law, allowing the minorities to appoint Directors as well as members of the Management Control Committee.

Moreover, the minority slate not connected with the majority shareholders that obtains the highest number of votes in the Shareholders' Meeting is given the option to appoint, in addition to the Chair of R. 8

the Management Control Committee, also a second Director as a member of the same Committee, to further strengthen the level of protection of the minorities within the control body.

The slates, containing between a minimum of 2 and a maximum of 19 names, must comprise two sections: the first section with the names of the candidates for the positions of Director and the second with the names of the candidates for the positions of Director and member of the Management Control Committee.

For the purposes of election, all Board Members are drawn from the majority slate, except for 5 or 4 Directors, depending on their total number.

Moreover, three Directors from the majority slate are also appointed to the Management Control Committee.

Among the Directors appointed from the minority slates, two are in any case taken from the minority slate that obtained the second highest number of votes (first minority slate) and that has no connection with the majority, as required by the legislation.

The first of said Directors is appointed Chair of the Management Control Committee. The other Board Members are drawn proportionately from slates other than the one that obtained the highest number of votes, also including the first minority slate, provided that such slates, taken as a whole, obtained votes at least equal to 10% of the ordinary share capital represented at the Shareholders' Meeting.

Where it is necessary to complete the composition of the Board as a result of the proportional division, all the other additional Directors are drawn from the slate that obtained the highest number of votes, until it is exhausted.

The appointment procedure ensures that the Board composition is in line with the requirements of professionalism, independence and gender balance.

The Articles of Association establish a supplementary mechanism whereby a candidate not meeting the requirements is replaced by the candidate who meets the requirements and is drawn from the same slate as the excluded candidate.

If there are not enough candidates on the slates for that purpose and in any other case in which the established criteria do not make it possible to appoint all Directors in compliance with the necessary requirements, the full complement of the Board is ensured by the Shareholders' Meeting with replacement procedures that make it possible to meet all necessary requirements.

If only one slate of candidates is submitted, the Board Members are chosen from that slate, up to the number of candidates it contains, drawing from the second section of the slate all the members of the Management Control Committee. In this case, the office of Chair of the Committee is awarded to the first candidate in the ranking of the second section of the slate.

In the absence of slates, the Shareholders' Meeting elects the Directors and the Management Control Committee members by relative majority of the capital represented at the Shareholders' Meeting, subject to compliance with the requirements established by the applicable regulations and the Articles of Association. In this case, the Shareholders' Meeting shall appoint the Chair of the Committee when appointing the Committee members.

The Shareholders' Meeting elects the Chair of the Board of Directors and one or more Deputy Chairs by relative majority.

For additional information on the appointment of Board Members, see the relevant provisions of the Articles of Association.

Below is the appointment process for the Board at the last renewal, following the submission of two slates of candidates, the second of which by number of votes exceeded the threshold of 10% of the share capital represented.

Shareholders' Meeting of 29 April 2022:

the Management Control Committee, also a second Director as a member of the same Committee, to

For the purposes of election, all Board Members are drawn from the majority slate, except for 5 or 4

Moreover, three Directors from the majority slate are also appointed to the Management Control

The appointment procedure ensures that the Board composition is in line with the requirements of

The Articles of Association establish a supplementary mechanism whereby a candidate not meeting the requirements is replaced by the candidate who meets the requirements and is drawn from the same

The Shareholders' Meeting elects the Chair of the Board of Directors and one or more Deputy Chairs

For additional information on the appointment of Board Members, see the relevant provisions of the

Below is the appointment process for the Board at the last renewal, following the submission of two slates of candidates, the second of which by number of votes exceeded the threshold of 10% of the

replacement procedures that make it possible to meet all necessary requirements.

at least equal to 10% of the ordinary share capital represented at the Shareholders' Meeting.

further strengthen the level of protection of the minorities within the control body.

Committee.

until it is exhausted.

slate as the excluded candidate.

appointing the Committee members.

by relative majority.

Articles of Association.

share capital represented.

Directors, depending on their total number.

with the majority, as required by the legislation.

professionalism, independence and gender balance.

first candidate in the ranking of the second section of the slate.

Ahead of the next renewal of the Corporate Bodies, on the agenda of the Shareholders' Meeting called for the approval of the 2024 financial statements, the outgoing Board of Directors, in line with the criteria adopted by the same Board and set out in the applicable legislation, issued its own guidance on the optimal qualitative and quantitative composition of the bodies:

✓ taking into account the outcomes of the self-assessment, including the theoretical profile of the candidates,
✓ identifying and justifying the professional characteristics and suitability qualifications deemed adequate to the purpose, as well as the diversity criteria, including gender diversity, to ensure appropriate overall composition,
✓ specifying the minimum time required for performing the various offices within the Board.

The document is published on the Company's website well in advance of the publication of the Shareholders' Meeting notice of call.

Term of office, replacement and removal

Board Members remain in office for three financial years until the date of the next shareholders' meeting called to approve the financial statements and the proposal for allocation of net income in accordance with Article 2364 of the Italian Civil Code and may be re-elected.

The term of office for the Directors currently in office covers the financial years 2022/2023/2024. The Directors' terms of office expire at the same time as the date of the Shareholders' Meeting convened pursuant to Article 2364 of the Italian Civil Code for the approval of the financial statements and the proposal for allocation of net income for the year 2024.

In the event that a Director ceases to hold office, the Board of Directors, with the support of the Nomination Committee, may replace the outgoing Director by co-option, in compliance with the requirements of the Articles of Association, provided that the majority continues to consist of Directors appointed by the Shareholders' Meeting. In the event that the Chair of the Board of Directors ceases to hold office early, the Chair's functions shall be exercised by the Deputy Chair until the date of the next Shareholders' Meeting for the appointment of the new Chair.

If a member of the Management Control Committee ceases to hold office, the first non-elected member from the second section of the slate to which the outgoing member belonged – meeting the requirements – shall take up the position or, if the substitute thus identified fails to meet the requirements applicable under law, regulations or the Articles of Association to the outgoing member, the latter shall be replaced

R. 23

Art. 123 bis, 1, (l) CLF P. XIII

by the subsequent non-elected candidate from the second section of the same slate, who meets said requirements. If, for whatever reason, it is impossible to find a replacement using these criteria, the member of the Management Control Committee who has ceased to hold office shall be replaced by the Shareholders' Meeting that will be called without delay.

If the Chair of the Committee ceases to hold office, he/she shall be replaced by the second ranked member from the same slate as the outgoing Chair.

The new members of the Management Control Committee and the members appointed by the Board by co-option shall hold office until the next Shareholders' Meeting.

The Shareholders' Meeting called for the appointment of new Directors to replace those who ceased to hold office shall make the appointment in accordance with the principle of necessary representation of minorities, gender balance and the other requirements under the applicable regulations and the Articles of Association.

All Directors and members of the Management Control Committee may be removed by the Shareholders' Meeting at any time, without prejudice to the Directors' right to be indemnified if they are removed without just cause. However, in light of the guarantee and control functions of the Management Control Committee and pursuant to the Articles of Association, the proposal to remove one or more Committee members submitted to the Shareholders' Meeting by the Board or the Committee itself must provide an adequate account of the reasons for the removal and be adopted with the favourable vote of the absolute majority of its members in office. The removal of a member of the Management Control Committee also entails said member's removal from the Board.

Chair and Deputy Chair

The Shareholders' Meeting held on 29 April 2022 elected by a relative majority the Chair of the Board of Directors, Gian Maria Gros-Pietro, and a Deputy Chair, Paolo Andrea Colombo, confirming their respective offices.

The Chair, pursuant to the Articles of Association, has a non-executive role and does not carry out, not even de facto, management functions.

In light of the current governance model and the duties assigned to the Chair by the Articles of Association and detailed in the Regulations of the Board of Directors, the Chair plays a leading role in the Bank, enhanced by distinguished authority, skill and time commitment.

P. X R. 12 a), b), c)

The Chair oversees the work of the Board, organises and directs its activity and performs all the tasks envisaged by the supervisory legislation and the Articles of Association. In keeping with the prerogatives attributed to the role, the Chair ensures the proper functioning of the Board of Directors, fosters internal dialogue and ensures the balance of power.

P. III R. 2 Within this framework, the Chair, among the other functions:

promotes and supervises the effective functioning of the corporate governance system, including with regard to aspects concerning internal and external communication, liaising with the Board Committees on which he/she does not sit, and ensures the balance of powers, with particular regard to the day-to-day management powers delegated;
liaises as necessary and appropriate with the Managing Director;
requests and receives information also on specific aspects of the Company's and the Group's operations and on current and future trends of operations, having access to all corporate functions to this end;
oversees, thereby verifying the accuracy thereof, the management of Shareholders' relations, in agreement with the Managing Director;
handles relations with Supervisory Authorities.

In urgent cases, the Chair or, in the case of his/her absence or impediment, the Deputy Chair or the most senior Director, based on a binding proposal of the Managing Director, may make decisions on any matters within the powers of the Board of Directors, with the exception of strategic matters or those which may not be delegated and are reserved for the Board.

At the meeting held on 29 April 2022, the Board of Directors confirmed the invitation to Professor Giovanni Bazoli to continue his collaboration and perform equivalent duties to those assigned to him with the role of President Emeritus, establishing that the Chair and the Managing Director may consult him on certain institutional issues, specifically relating to the art and cultural heritage sector.

Managing Director

If the Chair of the Committee ceases to hold office, he/she shall be replaced by the second ranked

The new members of the Management Control Committee and the members appointed by the Board by

The Shareholders' Meeting held on 29 April 2022 elected by a relative majority the Chair of the Board of Directors, Gian Maria Gros-Pietro, and a Deputy Chair, Paolo Andrea Colombo, confirming their

The Chair, pursuant to the Articles of Association, has a non-executive role and does not carry out, not

The Chair oversees the work of the Board, organises and directs its activity and performs all the tasks

In keeping with the prerogatives attributed to the role, the Chair ensures the proper functioning of the

promotes and supervises the effective functioning of the corporate governance system, including with regard to aspects concerning internal and external communication, liaising with the Board Committees on which he/she does not sit, and ensures the balance of powers, with particular regard
requests and receives information also on specific aspects of the Company's and the Group's operations and on current and future trends of operations, having access to all corporate functions
oversees, thereby verifying the accuracy thereof, the management of Shareholders' relations, in

Shareholders' Meeting that will be called without delay.

co-option shall hold office until the next Shareholders' Meeting.

Committee also entails said member's removal from the Board.

the Bank, enhanced by distinguished authority, skill and time commitment.

envisaged by the supervisory legislation and the Articles of Association.

Within this framework, the Chair, among the other functions:

to the day-to-day management powers delegated;

agreement with the Managing Director; - handles relations with Supervisory Authorities.

liaises as necessary and appropriate with the Managing Director;

Board of Directors, fosters internal dialogue and ensures the balance of power.

which may not be delegated and are reserved for the Board.

member from the same slate as the outgoing Chair.

of Association.

Chair and Deputy Chair

even de facto, management functions.

respective offices.

to this end;

P. X R. 12 a), b), c)

P. III R. 2

The Board of Directors shall elect, with a qualified majority, from among its members - excluding the Chair of the Board, the members of the Management Control Committee and the minimum number of Independent Directors - a Managing Director vested with the powers related to the Company's day-today management.

At the meeting held on 29 April 2022, the Board of Directors, in continuity with the previous term of office, unanimously confirmed the appointment of Carlo Messina as Managing Director and CEO, who was granted the necessary and appropriate powers to ensure consistency in day-to-day management, in implementation of the guidelines issued by the Board.

The Managing Director:

is the CEO and General Manager and supervises the company's management to the extent of the powers assigned to him/her, in compliance with the general planning and strategic guidelines issued by the Board;
determines and issues operational directives and is responsible for personnel management;
may submit proposals for resolutions to the Board, without prejudice to the powers to make proposals held by all the other Directors and to the powers within the remit of the Board Committees, as defined by the applicable regulations and the Articles of Association;
implements the resolutions of the Board of Directors this includes in particular implementing the strategic guidelines, the Risk Appetite Framework and the risk governance policies defined by the Board;
ensures that the organisational, management and accounting structure as well as the internal control system are appropriate to the nature and size of the company and suited to furnishing a proper representation of operations;
in urgent cases, may propose that the Chair pass resolutions on any matters pertaining to the Board (except for strategic matters or those that cannot be delegated); again, in urgent cases and on an exclusive basis, the Managing Director shall pass resolutions on lending matters.

In performing his/her functions, the Managing Director relies first and foremost on support from the Steering Committee and secondly from the other Managerial Committees, reference to which is made in a specific paragraph below.

In the event of absence or impediment of the Managing Director, the powers as General Manager are exercised with joint signatures by the Chief Financial Officer and the Chief Governance, Operating & Transformation Officer.

The general guidelines of the processes, rules and methodologies relating to the succession of the Group's main management positions are set out in the Group's "Strategic Succession Planning", submitted to the Board of Directors and drawn up with the support of a leading consultancy firm. The key updates to this document are also described to the Board during induction sessions.

With regard to the succession plans for the Managing Director and General Manager, the Board of Directors has tasked the Nomination Committee to support the Board, in coordination with the Chair, in designing the succession process. This process has been incorporated into the internal regulations adopted by the Board on the assessment of the suitability requirements for office and of the overall adequacy of the Body.

R. 34

Suitability requirements

In order to ensure the sound and prudent management of the Company and the proper functioning of the Board of Directors as a whole, the Board Members must meet the suitability requirements for the office as established by the applicable regulations and the Articles of Association.

Specifically, Board Members must meet the professionalism and integrity requirements and comply with the criteria of competence, reputation and fairness and time commitment, with the specific limitation of directorships laid down in the applicable regulations and in the Articles of Association for the performance of the office of director of a bank issuing shares listed in regulated markets, and with the prohibition on interlocking directorates (established by Article 36 of Decree Law no. 201/2011, converted by Law no. 214/2011).

In particular, taking into account the corporate governance model and the characteristics of the Bank in terms of size and operations, the Articles of Association set out specific requirements for Board Members and, particularly, for members of the Management Control Committee (for more details, see the next chapter dedicated to this Committee).

Taking into account the reference legislation and the guidelines of the Regulatory and Supervisory Authorities, the Board of Directors has adopted specific criteria and rules for examining and assessing the suitability requirements for Board Members and the overall adequacy of the Board.

Assessment of the individual qualifications of Directors is usually conducted: at the time of appointment (within 30 days), when new facts arise that may affect the Director's situation, and annually when the Corporate Governance Report is approved.

According to the internal regulations, each Director is required to submit to the Board the declarations and documentation proving that he/she meets the suitability requirements and demonstrating the absence of grounds for incompatibility, and to communicate any changes.

The Board assesses the suitability for office of all Directors, except for the members of the Management Control Committee, who are assessed by the Committee itself.

Where appropriate, the Board shall disqualify or suspend any Directors who are unable to prove that they meet the established requirements, in the cases provided for in applicable regulations. For the members of the Management Control Committee, any declaration of disqualification from office is issued by the Committee itself.

Following the renewal of the Bodies in 2022, the Board and the Management Control Committee, each within the scope of their responsibilities, successfully conducted the process of ascertaining fulfilment of all the necessary suitability requirements.

The positive assessment was confirmed by the final decision of the assessment process for suitability for office concerning the members of Intesa Sanpaolo's Board of Directors adopted by the European Central Bank following the renewal on 29 April 2022.

The assessment of the Board Members' compliance with requirements, with the same positive result, was also renewed when approving this Report.

Independence requirements: Independent Directors

All Board Members act with independence of mind and awareness of the duties and rights inherent to the office, in the interest of the sound and prudent management of the Bank and in compliance with the law and any other applicable rules. In this regard, banking legislation provides for a series of relationships to be attested by each Director, and to be assessed by the Board of Directors, concerning, among other things, relations with shareholders, management body members and Intesa Sanpaolo Group companies, and the holding of any political/institutional offices.

Under the Articles of Association, at least two thirds of the Directors must meet the independence requirements provided by Article 13.4.3.

In particular, Intesa Sanpaolo, in addition to applicable regulatory provisions, including those specific to the banking sector (Ministerial Decree 169/2020), has included in its Articles of Association a particularly strict independence requirement which provides that Independent Directors must meet both the

R. 5 R. 7

R. 6 R. 7 R. 9 R. 10

conditions under Article 2 of the Italian Corporate Governance Code and the independence requirements for statutory auditors under Article 148(3) of the Consolidated Law on Finance, where these are more restrictive.

Suitability requirements

by Law no. 214/2011).

P. V P. XII

R. 5 R. 7

by the Committee itself.

the next chapter dedicated to this Committee).

Corporate Governance Report is approved.

of all the necessary suitability requirements.

was also renewed when approving this Report.

requirements provided by Article 13.4.3.

Central Bank following the renewal on 29 April 2022.

Independence requirements: Independent Directors

Group companies, and the holding of any political/institutional offices.

In order to ensure the sound and prudent management of the Company and the proper functioning of the Board of Directors as a whole, the Board Members must meet the suitability requirements for the

According to the internal regulations, each Director is required to submit to the Board the declarations and documentation proving that he/she meets the suitability requirements and demonstrating the

The Board assesses the suitability for office of all Directors, except for the members of the Management

The positive assessment was confirmed by the final decision of the assessment process for suitability for office concerning the members of Intesa Sanpaolo's Board of Directors adopted by the European

The assessment of the Board Members' compliance with requirements, with the same positive result,

Under the Articles of Association, at least two thirds of the Directors must meet the independence

the suitability requirements for Board Members and the overall adequacy of the Board.

absence of grounds for incompatibility, and to communicate any changes.

Control Committee, who are assessed by the Committee itself.

office as established by the applicable regulations and the Articles of Association.

The decision made in the Articles of Association to require such a large number of Independent Directors reflects the Bank's awareness of the undeniable value of the role played by these Directors and helps to ensure that the composition of Board Committees is in line with best international practices. In particular, both the Management Control Committee and the Committee for Transactions with Related Parties are entirely composed of Independent Directors, while the other Committees have a majority of independent members. Furthermore, the Articles of Association provide that the Committees are always chaired by Independent Directors.

When they accepted their candidature, 14 Directors declared that they met the independence requirements laid down in the Articles of Association. The Board of Directors and the Management Control Committee, the latter acting to the extent of its powers, verified the independence requirements following the appointment of the 14 Directors concerned, announcing the outcome of the assessment in a press release. This assessment was renewed successfully also at the time of the approval of this Report, based on the statements made by the parties concerned, the information available to the Bank and the criteria adopted by the Board – specified below – to evaluate the relevance of the financial, business or professional relationships entertained directly or indirectly by the Directors with the Intesa Sanpaolo Group.

Financial relationships	In order to assess the relevance of a financial relationship with the Intesa Sanpaolo Group, specific relevance indicators were applied, concerning: i. shareholding in the capital of Intesa Sanpaolo or another subsidiary; ii. shareholding of a company belonging to the Intesa Sanpaolo Group in the capital of the company in question; iii. nominal credit exposure; iv. the rating assigned to the customer based on the corporate rules. The indicators differ according to the degree of proximity of the relationship to the Director (direct relationships, with subsidiaries, with companies in which executive offices are held); if quantitative monitoring and attention thresholds are exceeded, additional weighing criteria are applied to each exposure according to the risks associated with it and its position with respect to the system, as detailed in the specific internal regulations adopted by the Board.
Business or professional relationships	To assess the relevance of a business or professional relationship with Intesa Sanpaolo or another subsidiary, the Board of Directors considers the total amount of turnover resulting from relationships with companies of the Intesa Sanpaolo Group as the main relevance indicator for the relationship.

Financial
relationships

In order to assess the relevance of a financial relationship with the Intesa
Sanpaolo Group, specific relevance indicators were applied, concerning:
i.
shareholding in the capital of Intesa Sanpaolo or another subsidiary;
ii.
shareholding of a company belonging to the Intesa Sanpaolo Group in the
capital of the company in question;
iii.
nominal credit exposure;
iv.
the rating assigned to the customer based on the corporate rules.
The indicators differ according to the degree of proximity of the relationship to
the Director (direct relationships, with subsidiaries, with companies in which
executive offices are held); if quantitative monitoring and attention thresholds
are exceeded, additional weighing criteria are applied to each exposure
according to the risks associated with it and its position with respect to the
system, as detailed in the specific internal regulations adopted by the Board.

Business or
professional
relationships

To assess the relevance of a business or professional relationship with Intesa
Sanpaolo or another subsidiary, the Board of Directors considers the total
amount of turnover resulting from relationships with companies of the Intesa
Sanpaolo Group as the main relevance indicator for the relationship.

For all the relationships reported, when pre-set quantitative thresholds are exceeded, the Board of Directors may assign different areas of assessment, within which the specific characteristics of the relationship are analysed. For each assessment area, a risk control measure of increasing intensity or an assessment providing reasons for continuous compliance with the independence requirement is required.

The Board also takes into account the relevance of other situations that may be useful to assess the Directors' financial, business and professional relationships with the Intesa Sanpaolo Group. These situations include any disputes that have given rise to legal proceedings between the Director and the Bank or another Group company.

The situations reported are assessed according to specific materiality thresholds.

Independent Directors do not hold positions in subsidiaries and do not receive any remuneration other than their fixed remuneration for their office and the remuneration established for participation in Board Committees.

At the date of approval of this Report, the following 14 Directors were found to have met the independence requirements laid down in the Articles of Association: Paolo Andrea Colombo, Paola Tagliavini, Liana Logiurato, Livia Pomodoro, Maria Alessandra Stefanelli, Bruno Maria Parigi, Daniele Zamboni, Maria Mazzarella, Anna Gatti, Fabrizio Mosca, Milena Teresa Motta, Maria Cristina Zoppo, Alberto Maria Pisani, Roberto Franchini. In this regard, it should be noted that the Chair of the Board of Directors does not qualify as independent only because he has held the chair position at Intesa Sanpaolo for more than nine years out of the last twelve.

The members of the Management Control Committee, also in their capacity as Board Members, positively assessed the correct application of the assessment criteria and procedures adopted by the Board of Directors to assess the independence of the said 14 Directors.

The Articles of Association govern the effects of the loss of the independence requirements. In particular, the loss of the requirement in the case of a Director, who is not also a member of the Management Control Committee, does not result in his/her disqualification from office if the minimum number of Directors satisfying the necessary requirements is met. However, this is without prejudice to the cessation from those offices for which said requirement is mandatory under applicable regulations or the Articles of Association.

The Board Regulations provide that Independent Directors shall meet without the other members at least once a year to discuss issues of interest to the functioning of the Board and corporate management.

In 2024, the Independent Directors met twice; they discussed, among other things, the efficiency and effectiveness of the way Board and Committee meetings were run, and expressed particular appreciation for the work performed by the Independent Directors and the Board and confirmed their mutual consideration and satisfaction with the relationship established with the Bank's management. Also in view of the approaching expiry of the term of office, at these meetings, useful reflections were also shared to continuously improve the handling of proposed resolutions and to maintain and facilitate an open dialogue in the exercise of evaluation and monitoring of significant transactions and issues with a long-term projection.

The meetings are chaired by Independent Director Livia Pomodoro, who also calls the meetings, ensures they are recorded in minutes and reports to the Board at its next meeting. Under the Board Regulations, an Independent Director may be formally appointed as lead independent director if so requested by a majority of the Independent Directors. As of the date of approval of this Report, the majority of Independent Directors have not requested the appointment of a lead independent director.

Management or control positions of Directors and time commitment

Each Director is responsible for examining and assessing the conditions which enable him/her to perform his/her duties diligently and with appropriate time commitment, also with regard to membership of Board Committees.

The members of the Corporate Bodies are required to devote appropriate time to the performance of their office at the Bank and to confirm this availability in writing.

The Articles of Association incorporate the guidelines provided for by current banking legislation on the limitation of directorships, designed to ensure maximum time commitment to the office held. R. 15

In particular, the members of the Board of Directors can hold at most the following combinations of offices at the same time in banks or other commercial companies (including their office in Intesa Sanpaolo):

a) one executive office with two non-executive offices;

b) four non-executive offices.

To this end, the following shall be considered as one single office:

i) offices held within the same Group;

ii) offices held in companies in which the Bank has a qualifying holding;

iii) offices in banks belonging to the same institutional protection system.

R. 5, last par.

R. 13 R. 14

P. XII

Directors other than the Managing Director and CEO, the Chair of the Board of Directors and the Chairs of the Management Control Committee and the other Committees appointed by the Board of Directors are allowed to hold an additional non-executive office, under specific conditions and following the necessary evaluation by the European Central Bank.

Furthermore, by virtue of the rules on interlocking directorates (Article 36 of Decree Law No. 201/2011, converted by Law No. 214/2011), Directors cannot accept or exercise offices in the management, supervisory or control bodies of competing companies or groups of companies operating in the credit, insurance or financial markets.

Directors holding offices that are covered by the prohibition must inform the Board of the option exercised within 90 days of their appointment. If the option is not exercised by said deadline, the Director in question must attest to the Board that the offices held do not give rise to situations of incompatibility pursuant to the abovementioned Article 36, stating the reasons in detail.

Directors are required to re-attest each year that they do not hold offices in the management, supervisory or control bodies of competing companies or groups of companies, to allow the plenary meeting of the Board to perform its annual assessment. The assessment was concluded with a positive outcome also at the time of approval of this Report.

Directors are required to inform the Bank of any office they hold in other companies and institutions. Table 2 of Part IV of this Report lists the management or control offices that the Board Members have stated they hold.

For the sake of completeness, it should lastly be specified that Directors cannot act in the capacity of general partners in competing companies, or engage themselves in a competing business on their own account or on behalf of third parties, or take the office of directors or general managers in competing companies, unless authorised by the Shareholders' Meeting (Article 2390 of the Italian Civil Code).

It should be noted that the Board of Directors, in the document of 1 March 2022 on the optimal qualitative and quantitative composition of the Board, quantified and disclosed the minimum time required for the performance of the various offices within the Board.

Taking these indications into account, all the Directors have consistently confirmed the required availability, both at the time of their appointment and during the annual self-assessment, having regard to the overall number of offices held and the professional activities performed.

Board induction

The members of the Management Control Committee, also in their capacity as Board Members, positively assessed the correct application of the assessment criteria and procedures adopted by the

The Board Regulations provide that Independent Directors shall meet without the other members at least once a year to discuss issues of interest to the functioning of the Board and corporate

Each Director is responsible for examining and assessing the conditions which enable him/her to perform his/her duties diligently and with appropriate time commitment, also with regard to membership

The members of the Corporate Bodies are required to devote appropriate time to the performance of

The Articles of Association incorporate the guidelines provided for by current banking legislation on the

In particular, the members of the Board of Directors can hold at most the following combinations of offices at the same time in banks or other commercial companies (including their office in Intesa

limitation of directorships, designed to ensure maximum time commitment to the office held.

Sanpaolo for more than nine years out of the last twelve.

Board of Directors to assess the independence of the said 14 Directors.

Management or control positions of Directors and time commitment

their office at the Bank and to confirm this availability in writing.

To this end, the following shall be considered as one single office:

ii) offices held in companies in which the Bank has a qualifying holding; iii) offices in banks belonging to the same institutional protection system.

a) one executive office with two non-executive offices;

Committees.

the Articles of Association.

a long-term projection.

of Board Committees.

b) four non-executive offices.

i) offices held within the same Group;

Sanpaolo):

management.

R. 5, last par.

R. 13 R. 14

P. XII

R. 15

The Board of Directors, with the support of the Nomination Committee, taking into account the individual and collective skills and experience of the Directors, ensures the implementation of induction plans for all Board members, as well as onboarding programmes for newly appointed Directors.

In this context, on the Chair's instructions and on the basis of the outcomes of the self-assessments, initiatives for Board Members are held to increase their knowledge of the Bank's and the Group's sector of activity, corporate dynamics and their development, the principles of sound risk management and the applicable regulatory and self-regulatory framework, as well as formal and informal meetings aimed at further reviewing strategic matters ("ongoing induction").

The induction plans are drawn up periodically following (i) the first assessment carried out after appointment and (ii) the self-assessment carried out annually by the Board of Directors. In any event, Directors are given the opportunity to make individual requests for training in a specific area, whenever they consider it necessary.

During the annual self-assessment, the Board, with the support of the Nomination Committee, expresses its opinion on the implementation and quality of the past induction plan, also to help refine the process and strengthen the quality of training.

The induction sessions are organised in a well-structured manner: the Directors are formally invited by the Chair to take part, they are provided in advance with the relevant documentation and are given the option to connect via videoconference if they are unable to attend in person.

R. 12 d)

R. 15

P. XII

In 2024, and in 2025 up to the approval of this Report, 13 induction sessions were held to allow the Directors to examine and discuss the various aspects of the Bank's and Group's activity, the applicable regulatory framework and the duties and responsibilities of their office. See the Overview for details of the matters.

Lastly, in order to promote better understanding of the applicable corporate and regulatory framework and its development, a collection of governance documents, regulatory references, key correspondence with the Supervisory Authorities, financial reports and any additional documentation conducive to the performance of their duties is made available to Directors – and regularly updated – through a dedicated IT platform.

Conflicts of interest

Introduction

The Intesa Sanpaolo Group has adopted special measures to manage the risk of possible conflicts of interest arising from the close connections that some parties and entities may have with company decision-makers.

The set of rules and measures adopted is aimed at ensuring that the transactions entered into by the Group are carried out transparently and in line with criteria of fairness and correctness and in compliance with the principle of sound and prudent management, in line with corporate law, banking supervisory regulations and Consob provisions.

The management and control measures in place to safeguard the Bank's and the Group's capital against potential conflicts of interest are described below.

Interests of Directors

Any member of the Board of Directors holding an interest, on his/her own account or on behalf of third parties, in a specific Company transaction submitted to the attention of the Board of Directors or the internal Board committee of which he or she is a member shall give timely notice thereof, specifying its nature, terms, origin and scope and, where there is a conflict of interest, he/she shall abstain from the resolution.

The Board of Directors' resolution in favour of the transaction must adequately justify the reasons and convenience thereof for the Company.

The Board always has exclusive jurisdiction over decisions regarding transactions in which the Managing Director has an interest on his/her own account or on behalf of a third party and must therefore abstain from carrying out the transaction, entrusting it to the Board as per Article 2391 of the Italian Civil Code.

In this regard, the Board has adopted a policy for managing situations involving Directors with conflicts of interest.

Furthermore, in accordance with the provisions of the Group's Code of Conduct and the RPT Procedures (see paragraph below), all management body members, employees and other staff, in the performance of their respective duties, must abstain from making decisions and engaging in activities contrary to, or in conflict with, the interests of the Company and/or the Group, or otherwise incompatible with their duties.

The above is in any event without prejudice to the application of the special decision-making procedure set forth in Article 136 of the Consolidated Law on Banking and the regulations regarding transactions with related parties and associated entities, whenever the specific conditions exist.

Transactions with related parties and associated entities and obligations of bank board members and general managers

The RPT Procedures take into account both the regulations issued by Consob, pursuant to Article 2391 bis of the Italian Civil Code, and the Supervisory Provisions implementing Article 53(4) et seq. of the Consolidated Law on Banking, and, in addition, the rules laid down in Article 136 of the Consolidated Law on Banking.

R. 37

The Procedures apply to the entire Group and govern, with reference to the transactions with related parties of Intesa Sanpaolo and associated entities of the Intesa Sanpaolo Group, the following aspects:

the criteria for identifying related parties and associated entities;
the process of analysis, decision-making and reporting to the Corporate Bodies on transactions executed with related parties and associated entities, with an important role of the Committee of independent directors within the Board of Directors;
market disclosure for transactions with related parties;

The Intesa Sanpaolo Group has adopted special measures to manage the risk of possible conflicts of interest arising from the close connections that some parties and entities may have with company

The management and control measures in place to safeguard the Bank's and the Group's capital against

The Board of Directors' resolution in favour of the transaction must adequately justify the reasons and

In this regard, the Board has adopted a policy for managing situations involving Directors with conflicts

Transactions with related parties and associated entities and obligations of bank board members and

with related parties and associated entities, whenever the specific conditions exist.

Overview for details of the matters.

IT platform.

Introduction

Conflicts of interest

decision-makers.

Interests of Directors

resolution.

R. 37 par. 1

Code.

of interest.

with their duties.

general managers

Law on Banking.

regulations and Consob provisions.

convenience thereof for the Company.

potential conflicts of interest are described below.

the prudential limits and obligations for periodic reporting to the Bank of Italy for assets at risk in relation to associated entities;
the rules governing organisational controls and safeguards;
the general rules for disclosure and abstention for the management of the personal interests of all body members, employees and other staff, qualifying as associated entities or otherwise.

As a form of self-regulation, the Bank has extended the regulation on transactions with related parties, as well as that on risk assets and conflicts of interest with respect to associated entities to cover a wider scope than that required by the regulations.

A more detailed description of the Group procedures is provided in Part H of the Notes to the Parent Company and consolidated financial statements, available on the Bank's website, where the full text of the Procedures is also published.

The Procedures also govern operations with Directors and parties associated to them pursuant to Article 136 of the Consolidated Law on Banking.

This rule requires the adoption of a more thorough decision-making procedure (unanimous decision by the Board excluding the vote of the Director concerned, and the favourable vote of the Management Control Committee members) in order to allow the Directors to undertake obligations, directly or indirectly, with the Bank.

Self-assessment of the Board pursuant to the Supervisory Provisions and the Italian Corporate Governance Code

In 2025, the Board of Directors, supported by the Nomination Committee, carried out the annual selfassessment of the composition, performance, conduct and dynamics characterising the Board and the Board Committees.

A similar self-assessment was carried out by the Management Control Committee, to which reference is made in the relevant paragraph.

The self-assessment process was performed in accordance with the provisions of the specific Board Regulations, adopted in implementation of the Supervisory Provisions on corporate governance, as well as in light of the recommendations of the Italian Corporate Governance Code.

The Chair ensures that the self-assessment process is performed effectively, that the manner of its performance is consistent with the complexity of the Board's work and that corrective measures are adopted to remedy any deficiencies identified.

The self-assessment is also an opportunity for the Board to assess the adequacy of the governance system chosen by the Company and that it meets the corporate needs.

The Board's self-assessment was performed with the professional assistance of Crisci & Partners, an expert consulting firm which has already supported the Bank in the board review process. This firm was deemed to possess the requirements of neutrality, objectivity, competence and independence envisaged by the Board Regulations. With regard to independence, it is specified that Crisci & Partners has not recently had any economic dealings with the Bank and/or Group companies, except for the previous assignments granted to the firm for its assistance in drafting the guidelines on the Board of Directors' qualitative and quantitative composition and the self-assessment process.

Pursuant to the provisions of the Board Regulations, Crisci & Partners assisted the Board of Directors in the following phases of the self-assessment process:

Information collection: information was gathered on the qualitative-quantitative composition and functioning of the Body. According to the aspects considered, this stage involved the collection of information already available to the Bank, as well the use of questionnaires and individual interviews.

R. 12 e)

Data processing: the information collected during the previous stage was analysed and consolidated, taking care to ensure the anonymity of the Directors.
Preparation of results: Crisci & Partners, after discussing the results of the data processing with the Nomination Committee, and having collectively shared them, formalised the self-assessment results in the document "Results of the Self-assessment of the Board of Directors and of the Board Committees – Financial Year 2024", which summarises the methods used and results achieved.

Before conducting the interviews, the consultants from Crisci & Partners appointed to carry them out carefully read all the minutes of the Board of Directors' meetings relating to financial year 2024, including the pre-meeting documentation, as well as, regarding the Board Committees, all the agendas and a large sample of the minutes of the meetings for the same year, including the Committees' pre-meeting documentation, in order to become acquainted with and examine the issues dealt with during the year, the comments expressing the diversified skills within the Body and the discussions held.

The questionnaire, in line with the approach adopted in the board review of the last few years, focused on various areas regarding the composition and operations of the Board and the Board Committees.

The main aspects assessed were the following:

qualitative and quantitative composition of the Board and Committees with attention to the presence of Independent Directors and diversity in terms of age, gender and seniority of service;
frequency and quality of induction meetings;
functioning of the body as a whole;
conduct of meetings in terms of frequency, topics discussed, duration, Board attendance and participation methods;
role of the Chair and the Chief Executive Officer;
composition, role and functioning of the Board Committees and the quality of their contribution to the Board;
information flows between bodies;
the support provided by the Secretary of the Board and the secretariat.

For the results of the self-assessment process of the Intesa Sanpaolo Board and Board Committees, please refer to the Overview.

Functioning of the Board

Calling of meetings

Art. 123 bis, 2, (d) CLF P. IX R. 11 R. 18

The Board of Directors is called by the Chair whenever deemed useful or necessary, or when a written request is made by the Managing Director or by at least two Directors, therein specifying the agenda items to be dealt with; subject to prior notification to the Chair, the Board may also be convened by the Management Control Committee or its members, even individually.

The Board appoints a Secretary, who may also not be one of its members, evaluating also his or her professionalism and the independence of judgment in relation to the role held. The Secretary supports the Chair and the Board in performing their respective functions, coordinating all matters necessary to the overall functioning of Board operations and providing assistance and advice to the Board of Directors on all aspects relevant to the proper operation of the corporate governance system. At its meeting of 29 April 2022, the Board appointed Andrea Vismara, Head of Corporate Bodies and Corporate Affairs, as Secretary.

The Chair, upon calling the Board meeting, sets the agenda, also taking into account any requests put forward by the Directors, even individually, and ensuring that priority is given to matters of strategic importance.

The notice of call, containing the agenda of matters to be discussed, must be sent to the Directors at least four days before the meeting, by any suitable means to provide proof of receipt thereof. In particularly urgent cases, the meeting may be called by simply giving a twelve-hour notice. In any event, a Board meeting will be deemed to be validly constituted when, even in the absence of a formal call, it is attended by all Directors.

Agenda items are grouped by topic areas and it is also specified whether the item will be subject to resolution or examined merely for information purposes.

The Board usually alternates between meeting at the Turin registered office and at the Milan secondary registered office or, exceptionally, at another location in Italy. The Articles of Association also provide that Board meetings may be held remotely, provided that the identity of those attending can be verified and that all are able to follow the discussions and intervene in real time on the matters on the agenda as well as to view, receive and transmit documents.

Reports to Directors

Data processing: the information collected during the previous stage was analysed and consolidated,
Preparation of results: Crisci & Partners, after discussing the results of the data processing with the Nomination Committee, and having collectively shared them, formalised the self-assessment results in the document "Results of the Self-assessment of the Board of Directors and of the Board Committees – Financial Year 2024", which summarises the methods used and results achieved.

qualitative and quantitative composition of the Board and Committees with attention to the presence
conduct of meetings in terms of frequency, topics discussed, duration, Board attendance and
composition, role and functioning of the Board Committees and the quality of their contribution to the

For the results of the self-assessment process of the Intesa Sanpaolo Board and Board Committees,

Agenda items are grouped by topic areas and it is also specified whether the item will be subject to

of Independent Directors and diversity in terms of age, gender and seniority of service;

the comments expressing the diversified skills within the Body and the discussions held.

taking care to ensure the anonymity of the Directors.

The main aspects assessed were the following:

frequency and quality of induction meetings;
role of the Chair and the Chief Executive Officer;
the support provided by the Secretary of the Board and the secretariat.

Management Control Committee or its members, even individually.

resolution or examined merely for information purposes.

functioning of the body as a whole;
information flows between bodies;

participation methods;

please refer to the Overview.

Functioning of the Board

Calling of meetings

Secretary.

Art. 123 bis, 2, (d) CLF

R. 18

P. IX R. 11

importance.

is attended by all Directors.

Board;

The Chair, aided by the Secretary where necessary, ensures that documentation relating to items on the agenda is brought to the attention of all Directors in accordance with criteria of completeness and suitably in advance of the meeting date; in this regard, the Board Regulations set out that the documentation must be made available, as a rule, four days before the meeting. Moreover, continuing the process to provide Directors with information on matters to be addressed by the Board further in advance, in 2024 the documentation was made available on average more than 7 days before the Board meeting.

The documentation must include everything that is necessary, useful and adequate, in quantitative and qualitative terms, with respect to the subject matters to be discussed.

Where the matters to be resolved on must be submitted in advance to the Board Committees, the Chair ensures that the documentation is made available to them in the manner and timing indicated in the specific Regulations; subsequently, the Chair ensures that the documentation in support of the Board's activities includes the opinions or any proposals put forward, on the basis of the records of the minutes of each Committee. The documentation made available to the members of a Board Committee for the performance of the related activities shall also be made available to the other Directors.

Where the documentation contains price-sensitive elements, the proposing structure shall indicate the assessments performed to guarantee the correct processing of the inside information and full compliance with the disclosure obligations established by law.

Proposals to the Board are first presented to the Chair in order to enable the latter to appropriately assess the issues to be placed on the agenda and the adequacy of the information provided to the Directors.

Particularly lengthy or complex documentation is accompanied by an executive summary highlighting the most significant points for decisions to be made, without prejudice to the fact that such document is in no way a replacement for the complete documentation sent to Directors. The resolution proposed to the Board on each agenda item is set out in a specific summary document, prepared by the Board secretariat, also highlighting the control measures adopted and the reference regulations on the Board's decision-making powers.

Directors are duty-bound to observe the Bank's internal procedures in order to ensure the absolute confidentiality of the documentation made available to them for the purpose of their decisions.

Normally, Directors consult said documentation by accessing a dedicated IT platform, which is managed by the secretariat of the Board of Directors. Directors who intend to access the documentation by other means must be authorised to do so in advance by the Chair, who may refuse authorisation if he/she believes that the requested access methods may jeopardise the confidentiality of the documentation.

In highly exceptional situations where for justified reasons the documentation could not be provided in advance, this may be supplied directly at the meeting specifying that it constitutes additional material, subject to the Chair's assessment of appropriateness and devoting to the topic all the necessary indepth analysis for the Directors to obtain full knowledge in order to make related decisions (e.g. need to ensure timely external replies, also related to requests from the Authorities, or to obtain independent expert opinions before completing negotiations with counterparties, need to fine-tune internal control procedures by involving a number of corporate functions).

In any event, the Board documentation is kept – remaining available to Board Members – on the dedicated IT platform, as well as at the secretariat of the Board of Directors.

R. 1 f)

R. 12 a)

R. 12 b)

Timeline reflecting standard practice and showing average figures for the individual steps concerning the preparation and provision of documentation to Directors.

By 31 December	Approval of meeting calendar The Board meets according to a calendar approved during the fourth quarter of the previous financial year and published within the terms provided for by current legislation
~ T-13	Communication of topic titles by the Bank's Structures The Structures communicate to the Secretary the titles of the topics to be submitted to the
	Board, accompanied by a special information sheet for the purpose of preparing the draft meeting agenda
~ T-8	Forwarding of documents by the Structures The Structures forward to the Secretary the documents relating to matters within their competence

~ T-8	Forwarding of documents to the CEO and the Chair The Secretary forwards the draft agenda to the CEO and the Chair, together with the relevant documents, for their respective approval, also for the purpose of calling the meeting

~ T-7 T-4*	Notice of call The notice of call, containing the agenda of the topics to be discussed, is sent to the members of the Board
~ T-7
T-4*	Sharing of documents on e-board The documents relating to the subjects to be dealt with are made available to the Directors via a special IT platform (e-board)

T = BoD meeting * Maximum time limit under the BoD Regulations

Conduct of meetings and the decision-making process

The meeting of the Board of Directors is duly constituted where the majority of its members are in attendance.

The Chair chairs the meetings and coordinates discussions, ensuring adequate space is given to the discussion of each topic on the agenda, including the examination of financial reporting, giving priority to key strategic issues and ensuring that the necessary amount of time is dedicated to them in order to guarantee a constructive debate. The Chair invites the Directors to provide their own contributions and endeavours in a neutral way to ensure that the Board's resolutions are the result of appropriate discussion, in particular between the Managing Director and the other Directors, and of the informed and reasoned contribution of all its members. In any case, the meeting must ensure the full and exhaustive discussion of each item and special attention to the content of the documents that could not be made available in advance.

P. X

R. 17 par. 2

P. VI

R. 12 c)

The Chair of each of the Board Committees shall report on the activities carried out by the Committee on the matters under discussion falling within its remit, also providing, where appropriate, the Committee's opinion or proposal about the decision to be made.

Directors actively participate in board discussions, contribute to discussions based on their respective skills and knowledge and analyse the various topics from different viewpoints, contributing to carrying out a reasoned decision-making process and to reaching well-pondered Board resolutions. Without prejudice to the prerogatives of the Managing Director or – where expressly so provided – the Committees, each Director may formulate proposals or motions regarding the items on the agenda to the Board of Directors.

Consistent with the provisions of the Board of Directors' Regulations, the Board, according to the subject matter to be discussed, may admit to its meetings employees and/or management body members of the Bank or Group, advisors or external experts of the Bank or other internal or external parties, for tasks within their purview and in view of the need for further information, where the presence of these individuals is howsoever deemed helpful to improve the performance of the Board's duties. The Chief Governance, Operating & Transformation Officer and the Head of Corporate Bodies and Corporate Affairs attend Board meetings. Furthermore, the Regulations of the Steering Committee, in which the Bank's top managers participate, expressly regulate how these managers participate in the meetings of the Board (i) as speakers for specific items on the agenda; (ii) when annual and interim results are presented; and (iii) by invitation, at least once a year, to present relevant activities and major projects.

The direct participation of management functions in the Board's proceedings allows the Directors to obtain clarification and additional information on items on the agenda and is particularly important in encouraging the appropriate contribution and involvement of Corporate Structures in the decisionmaking process. The Board meetings held during 2024 were regularly attended by Executives of the Bank and the Group companies, as well as by the Heads of the relevant corporate functions competent in the matters dealt with from time to time.

The Board normally resolves by absolute majority vote of those in attendance; in the event of a tie, the Board member chairing the meeting shall have the casting vote. Resolutions concerning the appointment and removal of the Managing Director, the assignment, modification or revocation of his/her powers and the determination of his/her remuneration, the replacement by co-option of Directors who ceased to hold office, the proposed revocation of the members of the Management Control Committee, the appointment and removal of the Manager responsible for preparing the Company's financial reports and the disqualification of Independent Directors or Directors elected by minorities other than members of the Management Control Committee are passed with the favourable vote of the majority of members in office.

The Chair, with the assistance of the Secretary, oversees the preparation of the minutes of the meetings – except when they are prepared by a notary pursuant to the law – ensuring their transcription in the appropriate mandatory corporate registers and their storage with IT tools, at the secretariat of the Board of Directors, also for consultation purposes.

The minutes describe in a detailed and exhaustive manner the conduct of the debate between the Board Directors, in order to record the opinions expressed and the decision-making process, also reporting the related reasons.

Each Director has the right to ensure that the minutes include a note of any contrary vote or abstention and the related reasons.

Resolutions passed by the Board on the agenda items are sent by the secretariat to the Corporate Structures involved, to ensure timely reporting or the subsequent implementation of the resolutions within the Bank or the Group.

Frequency of meetings and Director attendance

Conduct of meetings and the decision-making process

attendance.

~ T-7 T-4*

By 31 December

P. X

be made available in advance.

The meeting of the Board of Directors is duly constituted where the majority of its members are in

T = BoD meeting * Maximum time limit under the BoD Regulations

Timeline reflecting standard practice and showing average figures for the individual steps concerning the preparation and provision of documentation to Directors.

The Structures communicate to the Secretary the titles of the topics to be submitted to the Board, accompanied by a special information sheet for the purpose of preparing the draft

The Structures forward to the Secretary the documents relating to matters within their

The Secretary forwards the draft agenda to the CEO and the Chair, together with the relevant documents, for their respective approval, also for the purpose of calling the

The notice of call, containing the agenda of the topics to be discussed, is sent to the

The documents relating to the subjects to be dealt with are made available to the Directors

The Board meets according to a calendar approved during the fourth quarter of the previous

financial year and published within the terms provided for by current legislation

~ T-13 Communication of topic titles by the Bank's Structures

Approval of meeting calendar

~ T-8 Forwarding of documents by the Structures

~ T-8 Forwarding of documents to the CEO and the Chair

Sharing of documents on e-board

via a special IT platform (e-board)

meeting agenda

competence

meeting

Notice of call

members of the Board

The Board meets on a regular basis, on average twice a month. This frequency ensures that the number of items included in the agenda is appropriate to ensure their proper discussion and constructive debate. Usually, meetings are run so that the Chairs of the Committees, involved in advance, report on the outcomes of the discussions carried out on each topic.. The rapporteur explains the documentation,

P. IX

where deemed necessary or appropriate in relation to the document's relevance or the subject matter; the rapporteur also answers the Directors' questions or requests for further details.

Accordingly, Directors are asked to submit in advance to the Secretariat of the Board any requests on topics deemed to be of interest on individual agenda items without prejudice to their further intervening during the meeting. The Secretariat then forwards the questions to the relevant Corporate Structures, to enable them to reply before the start of the meeting; in any case, the rapporteur reports on the answers during the Board meeting, for the benefit of all present.

The Board's meetings

❖ in 2024, 21 Board meetings were held, with an average duration of approximately 3 hours and 25 minutes, which was considered sufficient time to thoroughly examine and discuss the items on the agenda, also in view of the appropriate meeting and pre-meeting information and of the number of meetings held
❖ in 2025, as at the date of approval of this Report, the Board has held 3 meetings; 18 further meetings are scheduled for the remainder of the financial year
❖ Director attendance at the meetings was constant and amounted to 99%; in particular, 17 Directors attended 100% of meetings, 1 Director attended 90% and 1 Director attended 95%. Details on Director attendance are given in Summary Table No. 1

Attendance at the meetings ensured the systematic contribution of all Directors to corporate and Group affairs, thereby allowing the Bank to make full use of the professional skills on the Board. For all Directors, the overall commitment also includes the activities associated with the meetings (study of documentation on items on the agenda, meeting preparation, talks and requests for information, etc.) and the activities relating to participation in Board Committees.

R. 18

Board of Directors meetings to approve results for the period – Financial Calendar 2025

27 February	review of the Draft Financial Statements as at 31 December 2024
6 May	review of the Interim Statement as at 31 March 2025
30 July	review of the Half-yearly Report as at 30 June 2025
31 October	review of the Interim Statement as at 30 September 2025

Corporate Bodies and Corporate Affairs

In support of the activity of the Board and the Committees, Corporate Bodies and Corporate Affairs coordinates the functions of the secretariat, ensures the information and advisory support necessary for the Bodies' functioning, and coordinates the definition of the rules and proposals of the main corporate governance documents within the remit of the Secretary of the Board, to be submitted to the Bodies for approval.

Concurrently, the measures concerning the specialised monitoring of the Group's main corporate governance processes are prepared, ensuring legal advice for the proper functioning of the governance provisions, including those relating to the suitability requirements of management body members, transactions with related parties, as well as the associated interactions with the Supervisory Authorities.

The Management Control Committee

Duties and powers

where deemed necessary or appropriate in relation to the document's relevance or the subject matter;

❖ in 2024, 21 Board meetings were held, with an average duration of approximately 3 hours and 25 minutes, which was considered sufficient time to thoroughly examine and discuss the items on the agenda, also in view of the appropriate meeting and pre-meeting information and of the

❖ in 2025, as at the date of approval of this Report, the Board has held 3 meetings; 18 further

❖ Director attendance at the meetings was constant and amounted to 99%; in particular, 17 Directors attended 100% of meetings, 1 Director attended 90% and 1 Director attended 95%.

Board of Directors meetings to approve results for the period – Financial Calendar 2025

27 February review of the Draft Financial Statements as at 31 December 2024 6 May review of the Interim Statement as at 31 March 2025 30 July review of the Half-yearly Report as at 30 June 2025 31 October review of the Interim Statement as at 30 September 2025

the rapporteur also answers the Directors' questions or requests for further details.

meetings are scheduled for the remainder of the financial year

Details on Director attendance are given in Summary Table No. 1

answers during the Board meeting, for the benefit of all present.

Corporate Bodies and Corporate Affairs

to participation in Board Committees.

The Board's meetings

number of meetings held

approval.

R. 18

The Management Control Committee, appointed by the Shareholders' Meeting and established within the Board of Directors pursuant to the Articles of Association, performs the duties assigned by applicable regulations to the control body of the listed parent company of a banking group heading a financial conglomerate, as established by the legal and regulatory provisions, as well as the Articles of Association and the Committee Regulations.

The Regulations govern the Committee's operations and organisation, in compliance with the provisions of laws, regulations and the Articles of Association and, to the extent applicable, with the provisions of the Corporate Governance Code.

Among other activities, the Committee supervises:

(i) compliance with the regulations, the principles of correct management and the actual implementation of the corporate governance rules set forth in the Corporate Governance Code,

(ii) the adequacy of the Company's organisational, administrative and accounting structure,

(iii) the statutory audit process and accounting and financial disclosures,

(iv) the adequacy, efficiency and functionality of the internal control system,

(v) the adequacy, efficiency and functionality of the risk governance and management process and the business continuity plan.

In its role as Internal Control and Audit Committee, the Committee exercises the functions assigned to it by Article 19 of Legislative Decree no. 39/2010.

The Committee is also exclusively entrusted with the task of examining and conducting a prior assessment of the accounting/financial documentation to the Board of Directors' resolutions.

The Committee has independent powers of initiative and control and its members may at any time, also individually, carry out inspections and controls, also on Group companies, or delegate one of its members to do so. For the purpose of performing its duties, the Committee has unrestricted access to all the Bank's corporate functions. It may also independently appoint external consultants and has adequate financial resources to this end.

The Committee or any of its members, also individually, may also ask the heads of the corporate control functions to report any relevant data and information to the Committee.

The Committee promptly submits to the competent Authorities all the notifications required by the applicable regulations.

The Committee promptly notifies the Board and the Managing Director of any gaps and irregularities found, also as a result of checks specifically requested by the Supervisory Authorities, requires that suitable corrective measures be taken and monitors their effectiveness over time.

In any event, the Committee Chair shall inform the Board of the supervisory activities, checks and audits conducted and their outcomes at least every quarter.

Composition and appointment

The Management Control Committee is composed of 5 Board Members, all independent pursuant to the current regulations and the Articles of Association. Two members must belong to the lessrepresented gender.

The members of the Committee in office at the time of the approval of this Report were elected by the Shareholders' Meeting of 29 April 2022, which also appointed Alberto Maria Pisani as Chair.

Members	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Alberto Maria Pisani – Chair	X	100%
Roberto Franchini	X	100%
Fabrizio Mosca	X	100%
Milena Teresa Motta	X	100%
Maria Cristina Zoppo	X	100%

R. 32 f)

P. VIII

P. VIII R. 8

R. 35 h)

No member of the Committee is a member of any other Board-appointed committees, although the Articles of Association would allow them to also be members of the Risks and Sustainability Committee and the Committee for Transactions with Related Parties.

With regard to the election of the Committee members and its Chair, see the contents previously illustrated in the paragraph on the appointment of the Board Members, which refers to the provisions of the Articles of Association under which the Committee is elected on the basis of slates of candidates submitted by the Shareholders.

Term of office, replacement and removal

The members of the Management Control Committee remain in office for the entire term of office of the Board of Directors in which they were elected; the term of the current members covers the 2022/2023/2024 financial years and expires at the subsequent Shareholders' Meeting called to approve the financial statements for the last year of their term of office.

With regard to the replacement and removal of the Committee members, see the paragraph on the replacement and removal of Board Members.

Suitability requirements

The members of the Management Control Committee must all be independent and meet the requirements applicable to Board Members (see the relevant paragraph on the Board), as well as the additional requirements of professionalism laid down in the regulations and the Articles of Association, under penalty of disqualification from office.

Committee members must also comply with the limitation of directorships provided by the law and by the current regulations for appointment as members of the control bodies of a bank issuing shares listed on regulated markets. Furthermore, they must comply with the additional limitations set out in the Articles of Association, which prohibit Committee members from taking up:

✓ executive offices in other undertakings;
✓ more than two non-executive offices in corporate bodies (including as members of control bodies) of other large companies.

Moreover, in compliance with supervisory regulations, the members of the Committee cannot take up offices in bodies other than control bodies of other Group companies, companies belonging to the financial conglomerate and companies in which the Bank holds a strategic interest. As members of the control body of a company with listed shares, Committee members are also subject to the rules on the limitation of directorships laid down in Article 148-bis of the Consolidated Law on Finance and the related implementing regulations: these rules set out the limits and parameters to be applied to determine the limit on the number of offices held, as well as the manner and deadline of the disclosure to Consob and the public.

For each Committee member, the loss of the requirements of independence or professionalism, or the failure to comply with the limitation of directorships pursuant to the Articles of Association, will result in the Board Member's disqualification from office.

Therefore, if an Independent Director who is a member of the Committee no longer meets the independence requirement, he/she will also be disqualified from being a Committee member and a Director. The same applies if he/she ceases to be a statutory auditor, even if another three members of the Committee who are statutory auditors remain in office.

In accordance with the requirements of the Supervisory Provisions and the internal regulations, following the renewal of the Bodies in 2022, the Committee, based on the statements made by the parties involved and on the information available to the Bank, confirmed that each of its members met the necessary requirements, including that of independence, giving notice thereof to the Board. The members declared they met the professionalism and integrity requirements and complied with the criteria of competence, reputation and fairness, independence and time commitment, complied with the specific limitation of directorships and were unaffected by the incompatibilities referred to in the applicable regulations and the Articles of Association. The Committee also found that its overall composition met the recommendations addressed to shareholders published in March 2022. R. 9 R. 10

The positive assessment was confirmed by the final decision of the assessment process for suitability for office concerning the members of Intesa Sanpaolo's Board of Directors, adopted by the ECB following the renewal on 29 April 2022.

The assessment of suitability requirements was successfully renewed by the Committee also at the time of the approval of this Report.

Art. 123 bis, 1, (l) CLF

P. VIII R. 9

Functioning of the Committee

No member of the Committee is a member of any other Board-appointed committees, although the Articles of Association would allow them to also be members of the Risks and Sustainability Committee

With regard to the replacement and removal of the Committee members, see the paragraph on the

✓ more than two non-executive offices in corporate bodies (including as members of control bodies)

The positive assessment was confirmed by the final decision of the assessment process for suitability for office concerning the members of Intesa Sanpaolo's Board of Directors, adopted by the ECB

The assessment of suitability requirements was successfully renewed by the Committee also at the time

and the Committee for Transactions with Related Parties.

the financial statements for the last year of their term of office.

of Association, which prohibit Committee members from taking up:

submitted by the Shareholders.

Art. 123 bis, 1, (l) CLF

P. VIII R. 9

P. XII R. 15

R. 9 R. 10 Suitability requirements

the public.

Term of office, replacement and removal

replacement and removal of Board Members.

under penalty of disqualification from office.

✓ executive offices in other undertakings;

the Board Member's disqualification from office.

following the renewal on 29 April 2022.

of the approval of this Report.

the Committee who are statutory auditors remain in office.

recommendations addressed to shareholders published in March 2022.

of other large companies.

The Committee normally meets – including remotely, as allowed by its Regulations – on a weekly basis; the meeting is convened by a notice of call containing the agenda, sent by the Committee's Secretariat. The secretariat ensures compliance with the planned manner and timing and with the procedures to ensure compliance with any instructions issued by Authorities.

In line with the provisions of the Committee Regulations, the meeting is convened at least three days prior to the date set for the meeting and, in any case, in time to allow the members to obtain adequate information on the items under discussion. In particularly urgent cases, the meeting may take place with a twenty-four hour advance notice. The notice is usually accompanied by the documentation necessary for the performance of the Committee members' duties. The average timeframe for making documentation available is fully consistent with the deadlines set out in the Regulations. A comprehensive discussion of every topic and any in-depth analysis required is also ensured at the meeting.

The Chair of the Committee convenes and chairs the meetings, directs, coordinates and moderates the discussion and, on behalf of the Committee, describes the results of the activities carried out to the Board.

In the performance of its duties, the Committee relies on the corporate control functions and, in particular, on the internal audit function, which also reports functionally to the Committee, which monitors the function's independence, adequacy, effectiveness and efficiency.

The Committee receives from the heads of the corporate control functions reports on specific situations, breaches or significant shortcomings – periodically or at the Committee's express request – and examines their activity plans.

The Committee coordinates with the Risks and Sustainability Committee for the matters under its competence. Certain information flows are discussed in joint meetings, while each Committee makes its assessments independently. Since none of the members of the Management Control Committee currently sits in the Risks and Sustainability Committee, one of the Management Control Committee members, appointed in rotation, attends the meetings of the Risks and Sustainability Committee without voting rights, and then reports back to the Control Body.

During 2024, the Committee held 41 meetings. For details, see Summary Table No. 1 contained in Part IV of the Report.

The meetings lasted on average 3 hours and 50 minutes, which was considered an adequate amount of time to ensure (thorough) examination and discussion of the items on the agenda, also in light of the appropriate prior disclosures and of the number of meetings held.

In 2025, at the date of approval of this Report, the Committee has held 10 meetings.

The main activities carried out by the Committee in 2024, in compliance with its powers and its Regulations, were:

Areas of activity	Key themes	Summary of the main activities carried out
Compliance with regulations and correct management	Compliance with the law, regulations and the Articles of Association	The Committee examined, among other things, the proposal to update the following internal regulations: - Group Internal Code of Conduct; - Guidelines on equity investments; - Guidelines for the management of the National Cyber Security Perimeter; - Rules on disallowance of unauthorised payment transactions. The Committee also supervised the procedures for the effective implementation of the corporate governance rules laid down in the Corporate Governance Code, also through a review of the Report on Governance.

R. 11

R. 35 e) g)

R. 37 par. 2

	Compliance with the principles of correct management	The Committee: - received the usual quarterly report on transactions with related parties of Intesa Sanpaolo and associated entities of the Group, pursuant to the Group Regulations and Article 150(1) and (2) of the Consolidated Law on Finance. On that occasion, the Committee also received the report on the interests declared by the Directors when the Bank carried out certain transactions, pursuant to Article 2391 of the Italian Civil Code and/or Article 53(4) of the Consolidated Law on Banking; - examined the proposed update to the RPT Procedures.
Internal control system	Meetings with the heads of the Corporate Control Functions	The Committee met with the heads of the Corporate Control Functions to discuss the following issues, among others: Chief Audit Officer - results of the investigations conducted on disputing unauthorised payment transactions, which showed the completion of the remedial actions communicated to the Authority; - results of the checks carried out on the Covered Bonds programmes, which did not reveal any significant anomalies; - ICT monitoring with a focus on Cloud Computing. Chief Compliance Officer - progress of the Compliance Next Programme, aimed at implementing digitalisation, efficiency and internationalisation of the compliance function; - technological developments adopted by the Bank in compliance with the EBA Guidelines on the use of remote customer onboarding solutions. Chief Risk Officer - management of the process for Most Significant Transactions. The Committee also reviewed the update to the Risk Assessment carried out by the Corporate Control Functions on the progress of the macro-initiatives of the 2022-2025 Business Plan, discussing the main aspects subject to monitoring and the actions identified to mitigate the related potential risks.
Administrative accounting and financial reporting system	Supervision of the administrative accounting system	The Committee deepened the project initiative aimed at implementing the Sustainability Reporting framework defined by Directive (EU) 2022/2464 (Corporate Sustainability Reporting Directive – CSRD). In this context, it examined the Guidelines for preparing the Consolidated Sustainability Reporting and the Methodological Rules for its preparation. The Committee also analysed, among other things, the proposals to expand the tasks to be conferred to the Independent Auditors for the limited assurance of the Sustainability Reporting and for the audit related assignment related to Pillar 3, due to the quantitative and qualitative disclosures on ESG issues, expressing a favourable opinion.
	Statutory audit process	The Committee: - received periodic reports on the set of tasks assigned to the Independent Auditors pursuant to the relevant Group Regulations, with the aim of assessing their independence and monitoring that relevant regulations are applied; - reviewed the Audit Plan and the activities under way for formulating the opinion on the 2024 Financial Statements.
	Accounting and financial information	The Committee met with the Manager responsible for preparing the Company's financial reports, the relevant corporate functions and the Independent Auditors, to review the Interim Statement as at 31 March 2024, the consolidated Half-yearly Report as at 30 June 2024, the Interim Statement as at 30 September 2024, and the Financial Statements as at 31 December 2024. In this context, the Manager responsible for preparing the Company's financial reports also provided information on the most significant transactions with regard to

		profitability, financial position and assets and liabilities pursuant to Article 150(1) and (2) of the Consolidated Law on Finance.
Relations with Supervisory Authorities	ECB and International Authorities	In its relations with the ECB, the Committee received regular updates on the development of the Supervisory Plans for the ECB's Inspections, Thematic Reviews and Deep Dives, as well as on the drafting and progress of the related Action Plans. The Committee reviewed the programme of actions for compliance with the "Guide on effective risk data aggregation and risk reporting – RDARR" issued in May 2024 by the ECB regarding the implementation of BCBS 239 Principles, aimed at enhancing the capacity for risk data aggregation. As regards relations with international Supervisory Authorities, the Committee received, among others, the results of the annual inspection conducted by the New York State Department of Financial Services on the New York branch.
	Italian Authorities	The Committee reviewed, among other things: - the developments in the proceedings notified by the AGCM (Italian Competition Authority) to Intesa Sanpaolo RBM Salute and Previmedical; - the closure of the proceedings (without finding an infringement) of the AGCM against Intesa Sanpaolo and Isybank; - the action plan drawn up to tackle the key points highlighted by the Bank of Italy as a result of the inspection conducted on the subject of combating money laundering with reference to outsourced activities; - IVASS's expectations regarding the governance and control of insurance products as well as the main findings of the self assessment carried out with reference to them and the improvement measures that the Group intends to implement.
IT systems, risk management and business continuity	IT systems	The Committee discussed in depth with the Chief Data, A.I., Innovation and Technology Officer and, on some aspects, also with the Chief Risk Officer: - the Group's IT security plan, including the Information Security Principles; - the outcomes of the annual review on Operational Risk and ICT Risk Assessment processes in payment services; - the evolution of Level I controls to monitor ICT and Security Risk, implemented also through the definition of a new IT and Cyber control model.
	Risk management and business continuity	The Committee: - continued to monitor the aspects related to the conflict between Russia and Ukraine; - met with the Chief Lending Officer and other Bank Managers to discuss the launch of the new FLAG (Forward Looking Lending for sustainable Asset Growth) Programme, aimed at implementing a new credit decision-making model capable of managing the entire credit process cycle, from origination to credit assessment, monitoring and management; - examined the results of the checks and controls of the Group's Business Continuity Plan.
Anti-Financial Crime	Anti-money laundering and terrorist financing	The Committee met with the head of the Anti-Money Laundering Function to review: - the state of progress of the ENIF long-term strategic plan, focusing in particular on the data governance and data quality mechanisms activated by applying the Group's framework to the relevant areas; - an update on the CFT (Countering the Financing of Terrorism) risk control framework adopted by the Bank. On this occasion it was also informed about the strengthened measures adopted in relation to the emerging risk connected to the Israeli-Palestinian conflict and transactions to/from Iran;

Compliance with the principles of correct management

Meetings with the heads of the Corporate Control Functions

Supervision of

administrativeaccounting system

Statutory audit process

Accounting and financial information

the

Internal control

Administrativeaccounting and financial reporting system

system

The Committee:

Chief Audit Officer

Chief Compliance Officer

compliance function;

related potential risks.

solutions. Chief Risk Officer

preparation.

opinion.

The Committee:

relevant regulations are applied;

the opinion on the 2024 Financial Statements.

received the usual quarterly report on transactions with related parties of Intesa Sanpaolo and associated entities of the Group, pursuant to the Group Regulations and Article 150(1) and (2) of the Consolidated Law on Finance. On that occasion, the Committee also received the report on the interests declared by the Directors when the Bank carried out certain transactions, pursuant to Article 2391 of the Italian Civil Code and/or Article 53(4) of the Consolidated Law on Banking;

The Committee met with the heads of the Corporate Control Functions

results of the investigations conducted on disputing unauthorised payment transactions, which showed the completion of the remedial
results of the checks carried out on the Covered Bonds programmes,
progress of the Compliance Next Programme, aimed at implementing digitalisation, efficiency and internationalisation of the
technological developments adopted by the Bank in compliance with the EBA Guidelines on the use of remote customer onboarding

The Committee deepened the project initiative aimed at implementing the Sustainability Reporting framework defined by Directive (EU) 2022/2464 (Corporate Sustainability Reporting Directive – CSRD). In this context, it examined the Guidelines for preparing the Consolidated Sustainability Reporting and the Methodological Rules for its

The Committee also analysed, among other things, the proposals to expand the tasks to be conferred to the Independent Auditors for the limited assurance of the Sustainability Reporting and for the auditrelated assignment related to Pillar 3, due to the quantitative and qualitative disclosures on ESG issues, expressing a favourable

received periodic reports on the set of tasks assigned to the Independent Auditors pursuant to the relevant Group Regulations, with the aim of assessing their independence and monitoring that
reviewed the Audit Plan and the activities under way for formulating

The Committee met with the Manager responsible for preparing the Company's financial reports, the relevant corporate functions and the Independent Auditors, to review the Interim Statement as at 31 March 2024, the consolidated Half-yearly Report as at 30 June 2024, the Interim Statement as at 30 September 2024, and the Financial Statements as at 31 December 2024. In this context, the Manager responsible for preparing the Company's financial reports also provided information on the most significant transactions with regard to

management of the process for Most Significant Transactions. The Committee also reviewed the update to the Risk Assessment carried out by the Corporate Control Functions on the progress of the macro-initiatives of the 2022-2025 Business Plan, discussing the main aspects subject to monitoring and the actions identified to mitigate the
examined the proposed update to the RPT Procedures.

to discuss the following issues, among others:

actions communicated to the Authority;

which did not reveal any significant anomalies; - ICT monitoring with a focus on Cloud Computing.

		- the remedial measures envisaged to address the recommendations made by the Bank of Italy as a result of the thematic analysis carried out on the implementation of Delegated Regulation (EU) 2019/758 (on money laundering and terrorist financing risk in countries outside the European Economic Area).
Coordination activities carried out by the Parent Company	Focus on the main critical issues	The Committee: - met with the Board of Statutory Auditors of Isybank to discuss in particular aspects related to: (i) the Subsidiary's internal control system and organisational structure and (ii) the main issues found by the Corporate Control Functions in the Company; - examined the state of progress of initiatives to implement the derisking programme for the International Network Information System (SIRE), which led to an overall reduction in the level of residual risk, and the interventions under development on the Core Banking Systems of the Group's International Subsidiary Banks, which are expected to be completed within the planned deadlines.
Adequacy of the organisational structure	The Committee examined the proposed evolution of the organisational Corporate structure of the Chief Risk Officer Governance Area – which led to the Control establishment of two new Coordination Areas (one relating to the Functions Credit, Enterprise and Operational Risk areas, the other dedicated to the monitoring of the risk management of the Divisions and the Financial and Market Risks) – in order to: i) facilitate the succession planning process, ii) guarantee effective and synergic supervision in contiguous areas, iii) enable the promotion of talented people in the Governance Area.
	Other functions of the Bank	The Committee was informed about the creation of the Chief Sustainability Officer Governance Area, which aims to steer the Group's sustainable development strategies, together with the planning and monitoring of the related activities.

R. 35 h)

On a quarterly basis, the Committee illustrated to the Board of Directors the supervisory, due diligence and examination activities carried out and their results; it also periodically met with the Managing Director to further investigate specific topics of interest and examine the key points highlighted in its reports.

The Committee's self-assessment

P. XIV R. 21 R. 22

R. 22

Each year, the Management Control Committee performs a separate self-assessment on its own composition and functioning, in line with its mandate as a control body to supervise the correct and effective performance of the corporate governance functions. In doing so, it applies criteria and methods consistent with the characteristics of its function within the one-tier governance model.

The self-assessment process is performed in accordance with the provisions of the Regulations on the Board of Directors' self-assessment process; it covers the Committee as a whole and the contribution of its individual Members to its work.

Given the need for consistency and overall coherence of the results, the process is typically entrusted to the same individuals designated by the Board, who in this case, however, report directly to the Chair of the Management Control Committee, who remains responsible for the process as a whole.

The self-assessment for the year 2024 was performed with the professional assistance of Crisci & Partners, an expert independent consulting firm which at the same time also supported the Board of Directors in its self-assessment process.

The qualitative and quantitative results have confirmed the full adequacy of the Committee and the high level of overall compliance with the provisions of the Corporate Governance Code, the EBA guidelines, the provisions of Bank of Italy Circular No. 285/2013 and the best practices of other listed companies, in so far as comparable with the Bank.

The Committee therefore assessed the Committee's own size, composition and functioning as being satisfactory.

P. XI R. 16 R. 17

R. 11

R. 17 par. 1

R. 20

R. 26

R. 35 par. 1 and 2

Board Committees: composition and operation

the remedial measures envisaged to address the recommendations made by the Bank of Italy as a result of the thematic analysis carried out on the implementation of Delegated Regulation (EU) 2019/758 (on money laundering and terrorist financing risk in countries outside
met with the Board of Statutory Auditors of Isybank to discuss in particular aspects related to: (i) the Subsidiary's internal control system and organisational structure and (ii) the main issues found by
examined the state of progress of initiatives to implement the derisking programme for the International Network Information System (SIRE), which led to an overall reduction in the level of residual risk, and the interventions under development on the Core Banking Systems of the Group's International Subsidiary Banks, which are expected to be completed within the planned deadlines.

The Committee examined the proposed evolution of the organisational structure of the Chief Risk Officer Governance Area – which led to the establishment of two new Coordination Areas (one relating to the Credit, Enterprise and Operational Risk areas, the other dedicated to the monitoring of the risk management of the Divisions and the Financial and Market Risks) – in order to: i) facilitate the succession planning process, ii) guarantee effective and synergic supervision in contiguous areas, iii) enable the promotion of talented people in the

The Committee was informed about the creation of the Chief Sustainability Officer Governance Area, which aims to steer the Group's sustainable development strategies, together with the

planning and monitoring of the related activities.

the Corporate Control Functions in the Company;

the European Economic Area).

The Committee:

Governance Area.

The self-assessment for the year 2024 was performed with the professional assistance of Crisci & Partners, an expert independent consulting firm which at the same time also supported the Board of

The Committee therefore assessed the Committee's own size, composition and functioning as being

of the Management Control Committee, who remains responsible for the process as a whole.

consistent with the characteristics of its function within the one-tier governance model.

Coordination activities carried out by the Parent Company

Adequacy of the organisational structure

reports.

R. 35 h)

P. XIV R. 21 R. 22

R. 22

satisfactory.

The Committee's self-assessment

of its individual Members to its work.

Directors in its self-assessment process.

in so far as comparable with the Bank.

Focus on the main critical issues

Corporate Control Functions

Other functions of the Bank

The Committees are the organisational bodies through which the Board of Directors increases the effectiveness of its strategic supervision role. Without prejudice to the Board's corporate powers and responsibilities, the Committees have the proposal, advisory and inquiry duties (including expressing opinions, where provided for by applicable rules) assigned to them by applicable regulations and, to the extent applicable, the Corporate Governance Code and the Articles of Association. They also perform those duties that, in accordance with each Committee's function, are specifically assigned to them by the Regulations approved by the Board, which also govern their organisation and operation.

Pursuant to the Articles of Association, the Committees are composed of a minimum of three and a maximum of five non-executive Board Members, who are mainly independent. No Director may be a member of more than two Committees.

As also provided for in the Supervisory Provisions, the following Committees are established within the Board of Directors:

− Nomination Committee: 5 members, including the Deputy Chair and the Chair of the Board of Directors, 3 of whom are independent pursuant to the applicable regulations and the Articles of Association; 2 members are enrolled with the Register of Statutory Auditors and have practised for at least three years;
− Remuneration Committee: 5 members, including the Deputy Chair of the Board of Directors, 3 of whom are independent pursuant to the applicable regulations and the Articles of Association; 1 member is enrolled with the Register of Statutory Auditors and has practised for at least three years;
− Risks and Sustainability Committee: 5 members, 3 of whom are independent pursuant to the applicable regulations and the Articles of Association; 3 members are enrolled with the Register of Statutory Auditors and have practised for at least three years.

The Committee for Transactions with Related Parties is also in place; it is composed of 5 members, all independent pursuant to the applicable regulations and the Articles of Association; 2 members are enrolled with the Register of Statutory Auditors and have practised for at least three years.

In establishing the Committees, the Board took into consideration the professional characteristics and experience of the Board Members, so that each Committee is composed of members whose skills and professionalism are consistent with the duties assigned to them and who are able to ensure the performance of their tasks with adequate time commitment.

Within the Board Committees, there is also a qualified representation of minorities: all the Committees have one director elected by the minority, while the Committee for Transactions with Related Parties has two, one of whom is the Chair.

All Committees have at least 3 members who do not sit on other Committees.

The work of each Committee is coordinated and directed by a Chair, who must be independent and may not serve as the Chair of any other Board Committee.

The Chair calls the meetings, ensuring the effectiveness of the Committee's discussions, and reports on the Committee's activities, proposals and opinions during Board meetings. In the event of absence or impediment of the Chair, the longest-serving independent member or, in the case of equal terms of service, the eldest member takes on the functions.

In line with the provisions of each of the Committee Regulations, the meeting is convened at least three days prior to the date set for the meeting and, in any case, in time to allow the members to obtain adequate information on the items under discussion. The notice will usually include the documentation necessary to ensure the best performance of the Committee members' duties. The average timeframe for making documentation available is fully consistent with the deadlines set out in the Regulations.

Meetings are usually held at the secondary office in Milan and may also be validly held via telecommunication methods. In that case, they are considered to have been held at the Chair's location.

The Regulations of each Committee require that the minutes of each meeting be prepared by an appointed secretary, who may also be a non-member, in which case the secretary should be selected from the secretariat supporting the Bodies.

R. 17 par. 2

R. 11

Each Committee may contact the corporate functions to access the information required to perform its tasks. Committees can also make use of external consultants, as indicated in each set of Regulations.

Individuals who are not part of a Committee may attend Committee meetings provided they are invited by the Chair of the Committee concerned, also to discuss specific items on the agenda. The Chief Governance, Operating & Transformation Officer and the Secretary of the Board of Directors are invited to and may attend the Committees' meetings, including by delegating a staff member. Also considering the time dedicated to each task, the Committees' work is always performed in a constructive environment based on exchange and dialogue among the respective members, encouraging personal contributions, open discussion and dialectic not only among Board Members but also with the heads of the control functions, Divisions, Governance Areas and of the various Structures involved from time to time in the meetings within the scope of their responsibility. R. 17 par. 3

Art. 123 bis, 2, (d) CLF

R. 17 last par.

Detailed information is provided below on each of the Committees that the Board established on 6 May 2022 for the financial years 2022/2023/2024, including their composition, duties and activities in 2024, together with details on meetings held and members' attendance.

Nomination Committee

Members	Enrolment with the Register of Statutory Auditors Practice as an auditor	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Livia Pomodoro – Chair		X	100%
Paolo Andrea Colombo	X	X	100%
Gian Maria Gros-Pietro			100%
Maria Mazzarella		X	100%
Bruno Picca	X		100%

In 2024, the Committee met 9 times, with an average meeting duration of 37 minutes.

The Committee performs inquiry and advisory duties supporting the Board in the following areas:

in defining the policies on the suitability requirements for the members of the Parent Company's Bodies and the related guidance and coordination criteria for the Group companies;
the process of appointing or co-opting the Directors to ensure that the Board's composition, in terms of size and professionalism, enables it to fulfil its duties efficiently. In this regard, the Committee supports the Board in identifying in advance the qualitative and quantitative composition considered to be optimal, including the qualifications of the candidates, to be presented at the Shareholders' Meeting in time for the appointment of the Directors;
in assessing the suitability of Directors other than members of the Management Control Committee and the correspondence between the composition deemed optimal and that resulting from the appointment;
in assessing, at the time of each significant update and at least once a year, the Directors' continuous compliance with the suitability requirements (excluding from the assessment the members of the Management Control Committee);
in designing the body's self-assessment procedure and implementing it on an annual basis;
in adopting the criteria for appointing the members of the Corporate Bodies of the subsidiaries, as well as evaluating the proposals for appointing the members of the Corporate Bodies of the main subsidiaries.
Moreover, the Committee is specifically heard by the Board when selecting the Managing Director. In coordination with the Chair of the Board of Directors, the Committee also supports the Board in defining the process governing succession plans for its members, including the Managing Director. Lastly, the Committee supports the Risks and Sustainability Committee in preparing proposals for appointing and removing the heads of the Compliance, Risk Management and Internal Audit Functions. R. 19 e) R. 24

R. 19 b) c)

R. 19 a)

Areas of activity	Key themes	Summary of the main activities carried out
Assessment of the suitability requirements for each Board Member and of the appropriate Board composition. Self-assessment procedure	• Review of the suitability requirements of Board Members on an annual basis • Self-assessment of the Board and the Board Committees	The Committee supported the Board: • in assessing the suitability of Board members on an annual basis and in reviewing any updates to their positions in line with the relevant regulations; • in the annual suitability assessment of Key Function Holders; • in designing the Body's self-assessment process and implementing it for the year 2024, with the aid of an external consultant.
Identification of the optimal qualitative and quantitative composition of the new Board	• Review of the document on the qualitative and quantitative composition of the Board of Directors	The Committee supported the Board of Directors in identifying in advance the qualitative and quantitative composition of the Board considered to be optimal, including the theoretical profile of the candidates, to be presented at the Shareholders' Meeting in time for the appointment of the Directors.
Appointment, composition and nomination of members of the Corporate Bodies of major subsidiaries	• Nominations in subsidiaries	The Committee supported the Board in reviewing the nomination of certain members of the Corporate Bodies of 27 subsidiaries, including 11 Italian and 16 foreign subsidiaries.

Below are the main issues reviewed and discussed in 2024:

Remuneration Committee

Individuals who are not part of a Committee may attend Committee meetings provided they are invited

The Chief Governance, Operating & Transformation Officer and the Secretary of the Board of Directors are invited to and may attend the Committees' meetings, including by delegating a staff member. Also considering the time dedicated to each task, the Committees' work is always performed in a constructive environment based on exchange and dialogue among the respective members, encouraging personal contributions, open discussion and dialectic not only among Board Members but also with the heads of the control functions, Divisions, Governance Areas and of the various Structures

Detailed information is provided below on each of the Committees that the Board established on 6 May 2022 for the financial years 2022/2023/2024, including their composition, duties and activities in 2024,

Register of Statutory

Practice as an auditor

Livia Pomodoro – Chair X 100% Paolo Andrea Colombo X X 100% Gian Maria Gros-Pietro 100% Maria Mazzarella X 100% Bruno Picca X 100%

The Committee performs inquiry and advisory duties supporting the Board in the following areas: - in defining the policies on the suitability requirements for the members of the Parent Company's

the process of appointing or co-opting the Directors to ensure that the Board's composition, in terms of size and professionalism, enables it to fulfil its duties efficiently. In this regard, the Committee supports the Board in identifying in advance the qualitative and quantitative composition considered to be optimal, including the qualifications of the candidates, to be presented at the Shareholders'
in assessing the suitability of Directors other than members of the Management Control Committee and the correspondence between the composition deemed optimal and that resulting from the
in assessing, at the time of each significant update and at least once a year, the Directors' continuous compliance with the suitability requirements (excluding from the assessment the members of the
in adopting the criteria for appointing the members of the Corporate Bodies of the subsidiaries, as well as evaluating the proposals for appointing the members of the Corporate Bodies of the main

Moreover, the Committee is specifically heard by the Board when selecting the Managing Director. In coordination with the Chair of the Board of Directors, the Committee also supports the Board in defining

Lastly, the Committee supports the Risks and Sustainability Committee in preparing proposals for appointing and removing the heads of the Compliance, Risk Management and Internal Audit Functions.

in designing the body's self-assessment procedure and implementing it on an annual basis;

the process governing succession plans for its members, including the Managing Director.

Bodies and the related guidance and coordination criteria for the Group companies;

Auditors

Independent pursuant to the applicable regulations and the Articles of Association

Attendance percentage at meetings

by the Chair of the Committee concerned, also to discuss specific items on the agenda.

involved from time to time in the meetings within the scope of their responsibility.

together with details on meetings held and members' attendance.

In 2024, the Committee met 9 times, with an average meeting duration of 37 minutes.

Meeting in time for the appointment of the Directors;

Members Enrolment with the

Nomination Committee

R. 17 last par.

R. 17 par. 3

Art. 123 bis, 2, (d) CLF

R. 19 b) c)

R. 19 a)

R. 19 e) R. 24

appointment;

subsidiaries.

Management Control Committee);

Members	Enrolment with the Register of Statutory Auditors Practice as an auditor	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Paolo Andrea Colombo – Chair	X	X	100%
Franco Ceruti			100%
Anna Gatti		X	100%
Liana Logiurato		X	100%
Luciano Nebbia			100%

In 2024, the Committee met 16 times, with an average meeting duration of 1 hour and 20 minutes.

The Remuneration Committee members must have knowledge and experience relevant to the areas of competence of the Committee and in particular in the field of finance or remuneration policies.

Pursuant to its Regulations, the Committee inquires, proposes and advises on remuneration and incentive matters to support the Board of Directors and, among other things:

supports the Board in formulating proposals to be submitted to the Shareholders' Meeting for approval concerning:
- Remuneration Policies for Board Members, employees and other staff not bound by an employment agreement, Remuneration and Incentive Plans based on financial instruments, criteria for calculating severance payments in the event from early termination of employment (contract) or office and the Report on Remuneration;
- the establishment of the ratio of the variable to fixed component of individual staff remuneration higher than 1:1;
makes proposals to the Board, based on the Remuneration Policies approved by the Shareholders' Meeting, with regard to:

R. 26 par. 1

P. XVI R. 25 a) b)

the additional remuneration, including in a variable amount, due for the specific office of Managing Director and General Manager, the remuneration to be paid to other Directors that have been assigned additional specific offices in accordance with the Articles of Association (except for the compensation of its members, which is determined by the Board) and the remuneration for the members of the Surveillance Body;
the remuneration and incentive systems and compensation of the Group's Top Risk Takers; ▪ supports the Board in verifying the proper implementation of the remuneration policies approved by

the Shareholders' Meeting and in reviewing said policies at least annually, with a focus on their

P. XVII R. 25 c) d)

R. 26 par. 2

adequacy and overall consistency; ▪ also performs the duties of Committee for Transactions with Related Parties in accordance with the provisions of the RPT Procedures, with regard to transactions concerning remuneration.

Below are the main issues reviewed and discussed in 2024:

Areas of activity	Key themes	Summary of the main activities carried out
Remuneration proposals to be submitted to the Shareholders' Meeting for approval	- Remuneration policies - Report on remuneration policy	The Committee supported the Board: • in updating the internal regulations on remuneration, in the parts concerning both the Remuneration Policies and the Implementing Provisions; • in approving the Report on remuneration policy and compensation paid drawn up pursuant to Article 123- ter of the Consolidated Law on Finance.
Proposals based on the remuneration policies approved by the Shareholders' Meeting	- Remuneration and incentive systems for Top Risk Takers - Determination of compensation to be granted in the event of early termination of employment or office - Selection of an external consultant	The Committee, also in its capacity as Committee for Transactions with Related Parties, made proposals to the Board regarding: • the Remuneration System and the 2024 Incentive System of the Group's Top Risk Takers and was involved – to the extent of its remit – in the areas pertaining to the management profiles of the Top Risk Takers; • the compensation due to Top Risk Takers in the case of early termination of employment. The Committee confirmed the annual appointment of its external consultant to provide support on certain issues within the Committee's remit, and also decided to extend the appointment until the end of the current mandate (April 2025).
Support in identifying staff who have an impact on the Group's risk profile	- Key personnel identification process	The Committee supported the Board in defining the scope of Risk Takers both at Group level and at the level of Intesa Sanpaolo as a Legal Entity, in accordance with the relevant Guidelines.
Verification of the proper implementation of remuneration rules	- Verification of achievement of performance targets - Verification of remuneration policies and practices - Verification of the gender neutrality of Remuneration and Incentive Policies	The Committee provided input on the achievement of the performance targets associated with the incentives plans and verified the other conditions required for the payment of the remuneration, also using the information provided by the relevant corporate functions and without prejudice to the assessments by the Risks and Sustainability Committee and the Management Control Committee, within the scope of their responsibility. The Committee also examined the Report of the Chief Audit Officer on the findings of the audits on the Group's remuneration policies and practices (Phase I and II). Lastly, the Committee verified the results of the analysis on the gender pay gap and its evolution over time.

For more details on remuneration, please refer to the specific Sections of the "Report on Remuneration Policy and Compensation Paid".

R. 32 c) R. 35

R. 35 par. 2

R. 37 par. 2

R. 35 d)

Risks and Sustainability Committee

the additional remuneration, including in a variable amount, due for the specific office of Managing Director and General Manager, the remuneration to be paid to other Directors that have been assigned additional specific offices in accordance with the Articles of Association (except for the compensation of its members, which is determined by the Board) and the remuneration for the
the remuneration and incentive systems and compensation of the Group's Top Risk Takers; ▪ supports the Board in verifying the proper implementation of the remuneration policies approved by the Shareholders' Meeting and in reviewing said policies at least annually, with a focus on their

▪ also performs the duties of Committee for Transactions with Related Parties in accordance with the

Board regarding:

Takers;

2025).

Guidelines.

For more details on remuneration, please refer to the specific Sections of the "Report on Remuneration Policy and Compensation

The Committee supported the Board:

and the Implementing Provisions;

ter of the Consolidated Law on Finance.

of early termination of employment.

• in updating the internal regulations on remuneration, in the parts concerning both the Remuneration Policies

• in approving the Report on remuneration policy and compensation paid drawn up pursuant to Article 123-

The Committee, also in its capacity as Committee for Transactions with Related Parties, made proposals to the

• the Remuneration System and the 2024 Incentive System of the Group's Top Risk Takers and was involved – to the extent of its remit – in the areas pertaining to the management profiles of the Top Risk

• the compensation due to Top Risk Takers in the case

The Committee confirmed the annual appointment of its external consultant to provide support on certain issues within the Committee's remit, and also decided to extend the appointment until the end of the current mandate (April

The Committee supported the Board in defining the scope of Risk Takers both at Group level and at the level of Intesa Sanpaolo as a Legal Entity, in accordance with the relevant

The Committee provided input on the achievement of the performance targets associated with the incentives plans and verified the other conditions required for the payment of the remuneration, also using the information provided by the relevant corporate functions and without prejudice to the assessments by the Risks and Sustainability Committee and the Management Control Committee,

The Committee also examined the Report of the Chief Audit Officer on the findings of the audits on the Group's remuneration policies and practices (Phase I and II). Lastly, the Committee verified the results of the analysis on

within the scope of their responsibility.

the gender pay gap and its evolution over time.

provisions of the RPT Procedures, with regard to transactions concerning remuneration.

Areas of activity Key themes Summary of the main activities carried out

members of the Surveillance Body;

Below are the main issues reviewed and discussed in 2024:

Remuneration policies - Report on remuneration
Remuneration and incentive systems for Top Risk Takers - Determination of compensation to be granted in the event of early termination of employment or office - Selection of an external

consultant

Key personnel
Verification of achievement of performance targets
Verification of

and practices - Verification of the gender neutrality of Remuneration and Incentive Policies

remuneration policies

identification process

policy

adequacy and overall consistency;

Remuneration proposals to be submitted to the Shareholders' Meeting for approval

R. 26 par. 2

P. XVII R. 25 c) d)

Proposals based

approved by the Shareholders' Meeting

Support in identifying staff who have an impact on the Group's risk profile

Verification of the proper implementation of remuneration

rules

Paid".

on the remuneration policies

Members	Enrolment with the Register of Statutory Auditors Practice as an auditor	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Paola Tagliavini - Chair	X	X	100%
Franco Ceruti			100%
Bruno Maria Parigi		X	100%
Bruno Picca	X		100%
Daniele Zamboni	X	X	100%

In 2024, the Committee met 47 times, with an average meeting duration of 4 hours and 40 minutes.

The Risks and Sustainability Committee supports the Board of Directors with proposals, advice and fact finding, and issues opinions where required by the applicable regulations. It focuses in particular on activities instrumental to the Board's accurate and effective determination of the Risk Appetite Framework (RAF) and risk governance policies, as well as other risk-related determinations reserved to it by the applicable law.

Committee members have the knowledge, skills and experience necessary to be able to fully understand and monitor the Bank's risk strategies and guidelines, including with respect to sustainability. The presence of a common member between the Risks and Sustainability Committee and the Remuneration Committee ensures adequate interaction with the issues relating to remuneration and incentive policies. One member of the Management Control Committee, appointed on a rotating basis by the Committee itself, takes part in the Committee meetings, without voting rights, to ensure coordination in the performance of their respective duties and functions.

The Committee supports the Board in exercising strategic supervisory functions in the areas of:

business model, strategic guidelines and risk appetite;
corporate governance and the organisational structure of the Bank and the Group;
internal control system, with qualified involvement in the process of appointing the heads of control functions; R. 35 e) f)
risk governance and management;
sustainability (ESG), which pertains to the corporate responsibility model and includes environmental, social and cultural issues; R. 35 c)
information systems and business continuity;
control of Most Significant Transactions, subject to prior review by the Risk Management function.

The Committee also acts as "US Risks Committee" in accordance with the provisions of Section 165 of the Dodd-Frank Act and the tighter supervisory standards for foreign banks operating in the United States issued by the Federal Reserve.

The Chair of the Committee reports at each Board meeting on the Committee's activity and main findings, through specific reports and via a summary. R. 35 h)

Areas of activity	Key themes	Summary of the main activities carried out
Business model, strategic guidelines	- Budget - Business Plan monitoring - Evolution of the macroeconomic context	The Committee reviewed the 2024 Budget, including the Capital Plan and the Funding Plan. On a half-yearly basis, it also monitored: - the progress of the strategic initiatives of the Business Plan, with a focus on Capital Budget and ESG KPIs; - the Risk Assessment by Corporate Control Functions on the Plan's macro-initiatives, with a focus on potential risks and related mitigation actions. In this context, the Committee paid particular attention to the strategic risks arising from the changing geopolitical environment, digitalisation and the use of Artificial Intelligence systems.

Below are the main issues reviewed and discussed in 2024:

		The Committee also received quarterly updates on the evolution of: - the macroeconomic context, to assess its consistency with the risk parameters used in defining the valuation models, the prudence and to assess the continuing soundness of the revenue targets in the Business Plan, even in adverse contexts; - the Funding Plan. In light of the high operational and reputational risks, the Committee agreed to further restrictions on activities in Russia and reinforcements of controls, also in compliance with ECB's recommendations.
Internal control system	- Reports and Tableau de Bord of the Corporate Control Functions - Responses to the Supervisory Authorities - Evolution of internal regulations	In order to verify the consistency of the internal control system with the strategic guidelines and risk appetite, the Committee reviewed, on a half-yearly basis, the Reports and information from the Tableau de Bord and Integrated Tableau de Bord of the Corporate Control Functions, which summarise the main issues requiring attention within the Group, as well as the actions taken to resolve them, monitoring their timely and effective implementation. The Committee also reviewed draft responses to the Authorities and the proposals to issue and/or update first level internal regulations, with particular reference to the management of emerging risks and making the appropriate recommendations.
Risk governance and management	- Defining and monitoring the RAF - Development of loan portfolio - Financial and market risk trends - ICAAP/ILAAP - Updating the status of internal models - Model Change Applications	The Committee reviewed the 2024 RAF, as well as the internal assessment process of the current and future capital and liquidity position adequacy (ICAAP/ILAAP 2024). On a quarterly basis, the Committee monitored: - compliance with RAF limits; - development of the loan portfolio; - trends in the exposure to market and financial risks. In addition, the Committee received regular updates on the evolution of the Sector Framework for credit risk governance and activities for capital adequacy. With reference to internal models, it examined: - the Corporate Control Functions' annual reports on internal risk measurement systems and the annual update of the IRB Regulatory Roadmap; - the half-yearly reports on the status of Pillar I and Pillar II internal models; the Model Change applications, monitoring the - progress of any remedial actions requested. Lastly, the Committee expressed its appreciation for: - the organisational evolution of the Chief Risk Officer Governance Area, with the creation of two coordination areas and a structure dedicated to Level II data controls; the progress of the Risk Data Aggregation and Risk - Reporting, Forward-looking Lending for Sustainable Asset Growth and Basel IV projects.
ESG Themes	- CNFS, PRB and TCFD Reports - Climate Stress Test - ESG/Climate Credit Framework - Diversity, Equity & Inclusion	The Committee reviewed key topics in the area of sustainability, together with the Consolidated Non Financial Statement, the Principles for Responsible Banking Report and the Task Force on Climate-related Financial Disclosures Report. The Committee shared the ESG KPIs for the 2024 Budget and the sector targets under the Net Zero Banking Alliance. It also examined the progress of the activities to implement the Corporate Sustainability Reporting Directive and the process to identify and monitor climate and environmental risks.

		Each year, the Committee assesses the report on compliance with the gender equality commitments set out in the Diversity, Equity and Inclusion Principles. It also assesses the implementation of the Code of Ethics and the social responsibility principles, as well as the Environmental Head's Report. Lastly, the Committee commended the establishment of the new Chief Sustainability Officer Governance Area, with strategic guidance, planning and monitoring functions.
Information systems and business continuity	- Group Technology Plan - Data Strategy - Digital Attacker - Cyber Security and Business Continuity	The Committee shared the evolution of the ICT Strategy, which defines the path for the development and adoption of technology solutions for the evolution of services and business models, and monitored the progress: - of the Digital Strategy, verifying opportunities and threats; - of the Cybersecurity Action Plan; - of the Digital Operational Resilience Act project. It received an annual briefing on the use of Artificial Intelligence Systems and regular updates on the risk from potential Digital Attackers. It then reviewed the Business Continuity activities, verifying the adequacy of the safeguards in place. Lastly, the Committee endorsed the establishment of the new Chief Security Officer Governance Area, for centralised oversight of physical and cyber security.

Committee for Transactions with Related Parties

The Committee also received quarterly updates on the

the macroeconomic context, to assess its consistency with the risk parameters used in defining the valuation models, the prudence and to assess the continuing soundness of the revenue targets in the Business

In light of the high operational and reputational risks, the Committee agreed to further restrictions on activities in Russia and reinforcements of controls, also in compliance

In order to verify the consistency of the internal control system with the strategic guidelines and risk appetite, the Committee reviewed, on a half-yearly basis, the Reports and information from the Tableau de Bord and Integrated Tableau de Bord of the Corporate Control Functions, which summarise the main issues requiring attention within the Group, as well as the actions taken to resolve them, monitoring their timely and effective implementation. The Committee also reviewed draft responses to the Authorities and the proposals to issue and/or update firstlevel internal regulations, with particular reference to the management of emerging risks and making the

The Committee reviewed the 2024 RAF, as well as the internal assessment process of the current and future capital and liquidity position adequacy (ICAAP/ILAAP

trends in the exposure to market and financial risks. In addition, the Committee received regular updates on the evolution of the Sector Framework for credit risk
the Corporate Control Functions' annual reports on internal risk measurement systems and the annual
the half-yearly reports on the status of Pillar I and
the Model Change applications, monitoring the progress of any remedial actions requested. Lastly, the Committee expressed its appreciation for: - the organisational evolution of the Chief Risk Officer Governance Area, with the creation of two coordination areas and a structure dedicated to Level
the progress of the Risk Data Aggregation and Risk Reporting, Forward-looking Lending for Sustainable

The Committee reviewed key topics in the area of sustainability, together with the Consolidated Non-Financial Statement, the Principles for Responsible Banking Report and the Task Force on Climate-related

The Committee shared the ESG KPIs for the 2024 Budget and the sector targets under the Net Zero Banking Alliance. It also examined the progress of the activities to implement the Corporate Sustainability Reporting Directive and the process to identify and monitor climate

Asset Growth and Basel IV projects.

On a quarterly basis, the Committee monitored:

governance and activities for capital adequacy. With reference to internal models, it examined:

update of the IRB Regulatory Roadmap;

Plan, even in adverse contexts;

evolution of:

Internal control

Reports and Tableau de Bord of the Corporate Control Functions - Responses to the Supervisory Authorities - Evolution of internal regulations
Defining and monitoring
Financial and market risk
Updating the status of internal models - Model Change Applications
Development of loan

the RAF

portfolio

trends - ICAAP/ILAAP

ESG Themes - CNFS, PRB and TCFD Reports

Climate Stress Test - ESG/Climate Credit Framework - Diversity, Equity & Inclusion

system

Risk

governance and management

the Funding Plan.

with ECB's recommendations.

appropriate recommendations.

compliance with RAF limits; - development of the loan portfolio;

Pillar II internal models;

II data controls;

Financial Disclosures Report.

and environmental risks.

2024).

Members	Enrolment with the Register of Statutory Auditors Practice as an auditor	Independent pursuant to the applicable regulations and the Articles of Association	Attendance percentage at meetings
Daniele Zamboni – Chair	X	X	100%
Liana Logiurato		X	100%
Maria Mazzarella		X	100%
Maria Alessandra Stefanelli		X	93%
Paola Tagliavini	X	X	100%

In 2024, the Committee met 14 times, with an average meeting duration of 1 hour and 10 minutes.

The Committee performs the duties and functions assigned to it by the RPT Procedures, in accordance with the provisions of the Consob Regulation on Related Parties, the Bank of Italy regulations and Article 136 of the Consolidated Law on Banking.

The Committee issues its prior opinions to the Board of Directors on the transactions that fall within the scope of the above Procedures, in the cases and in the manner provided for therein, in order to assess: - the Company's interests in carrying out the transaction;

the economic interest and material correctness of the related terms and conditions.

In discharging its duties, the Committee complies with the guidelines issued by the competent Supervisory Authorities.

In 2024 the following activities were carried out:

Areas of activity	Summary of the main activities carried out
Review of transactions with related parties	As a result of its review of the transactions submitted to it, the Committee issued 21 favourable, reasoned and non-binding opinions, of which 7 on the granting of credit, 10 on equity transactions, 2 on de-risking transactions, 1 on the unwinding of a securitisation, as well as 1 on the amendment of the Procedures regulating the conduct of transactions with related parties.
Disclosure of transactions	On a quarterly basis, the Committee reviewed reports on transactions, submitted by the Parent Company Divisions/Departments and by the Subsidiaries, in line with the provisions of the RPT Procedures. It also noted the reports on transactions for which a Director or Key Manager declared a situation of interest on his/her own behalf or on behalf of a third party.
Amendment of the RPT Procedures	The Committee expressed a favourable opinion on the specific proposals to update the Procedures, as part of the customary three-yearly review, aimed at maintaining a high level of risk control and ensuring consistency with the overall framework of compliance rule management in the Group.

P. XX R. 11

Information flows between and to Corporate Bodies

Effective information flows between and within the Corporate Bodies are an essential element of Intesa Sanpaolo's organisation and corporate governance. They enable the smooth fulfilment of the tasksof the Board of Directors, the Board Committees and the Management Control Committee, and of the obligations imposed by the applicable regulations, as well as effective interaction with the Corporate Structures, including Control ones.

In this regard, the Articles of Association and the Regulations of the Board and the Committees contain provisions aimed at achieving these objectives, as well as more effective coordination and full discussion between the Bodies. Specifically, the Board Regulations include, as an integral part thereof, a specific "Document on information flows" that summarises the required information flows between the Board, the Management Control Committee, other Committees and the Managing Director.

Information can be circulated periodically at pre-established deadlines or as needed in the case of events subject to reporting obligations. These flows are a key condition for fully achieving the targets of efficient management and effective controls.

The system in place for the exchange of information between the Board as a whole, the Managing Director, the Management Control Committee and the other Committees, is appropriate, in terms of frequency and content, to ensure close and fast coordination of the functions of said Bodies, while ensuring the clear separation of their respective tasks.

Processing of corporate information

Inside information and Insiders List

In 2024 the following activities were carried out:

Review of transactions with

Disclosure of transactions

Amendment of the RPT

related parties

Procedures

Areas of activity Summary of the main activities carried out

As a result of its review of the transactions submitted to it, the Committee issued 21 favourable, reasoned and non-binding opinions, of which 7 on the granting of credit, 10 on equity transactions, 2 on de-risking transactions, 1 on the unwinding of a securitisation, as well as 1 on the amendment of the Procedures

On a quarterly basis, the Committee reviewed reports on transactions, submitted by the Parent Company Divisions/Departments and by the

It also noted the reports on transactions for which a Director or Key Manager declared a situation of interest on his/her own behalf or on behalf of a third party.

The Committee expressed a favourable opinion on the specific proposals to update the Procedures, as part of the customary three-yearly review, aimed at maintaining a high level of risk control and ensuring consistency with the overall

regulating the conduct of transactions with related parties.

framework of compliance rule management in the Group.

Subsidiaries, in line with the provisions of the RPT Procedures.

In line with the rules on the prevention of market abuse set out in Regulation (EU) 596 of 16 April 2014 (the "MAR Regulation") and the related European and national implementing provisions, the Bank has adopted the "Group Procedures for the management of the inside information of Intesa Sanpaolo" and the associated Process Guide; together, they govern the management of inside information regarding Intesa Sanpaolo and the Group Companies.

The Procedures are aimed at ensuring fair, efficient, prompt and transparent reporting by the Group Companies issuing financial instruments traded on regulated markets, multilateral trading systems and organised markets.

The organisational safeguards put in place to implement the applicable regulations govern the circulation of information that could have a significant effect on the prices of the financial instruments issued by Group Companies and include information monitoring and segregation measures that normally precede the entry of a record in the Insider List.

The Procedures designate the Managing Director and CEO, the Chair of the Board of Directors and other specified Group employees and structures as the persons authorised to issue disclosures to the market regarding inside information on the Bank and the Group.

Internal Dealing

In line with EU rules on market abuse, Intesa Sanpaolo has adopted an Internal Dealing Regulation governing the disclosure obligations and operating restrictions applicable to the Board Members and to the Bank's key managers and the people closely associated with them, in relation to the execution of transactions involving the Bank's listed financial instruments (or other associated instruments).

Any transactions carried out by said parties are disclosed, including through the Bank's website, where the above Regulation can also be found.

R. 1 f)

Remuneration

For the detailed mandatory information on the Remuneration of Directors and Key Managers1 and on the indemnities in the event of early termination of office or termination of employment agreement, see the Report on remuneration policy and compensation paid which is published by the Company as required by law and includes the Group Remuneration Policy, pursuant to Article 123-ter of the Consolidated Law on Finance, Article 84-quater of the Issuers' Regulation and the Supervisory Provisions on remuneration. In compliance with the Provisions issued by the Banking Supervisory Authority, the Group Remuneration Policy also includes the Rules for identifying risk takers.

Full compliance is ensured with the binding regulatory provisions for banks and with the Principles and Recommendations of the Italian Corporate Governance Code.

Furthermore, at Intesa Sanpaolo the remuneration policy for Directors and Key Managers contributes to the pursuit of the Company's sustainable success and takes into account the need to have, retain and motivate people with the competence and professional skills required to successfully perform their role. P. XV R. 25 par. 2

The remuneration of Non-executive Directors is set as a fixed amount at the time of their appointment and is proportionate to the competence, professional skills and commitment required by the duties entrusted to each of them within the Board also taking into account that they may be members of one or more Committees, and avoiding incentive schemes in line with the Supervisory Provisions. The remuneration for attending Board Committees includes a fixed annual amount for the Chairs of the Committees, plus an attendance fee for Committee members for each meeting actually attended. R. 29
The remuneration of the members of the Management Control Committee is set by the Shareholders' Meeting at the time of their appointment and for the entire term of their office, proportionate to the competence, professional skills and commitment required. This specific remuneration consists exclusively of a fixed amount, which is equal for each Member and higher for the Chair. R. 30

The Remuneration policy for the Managing Director and CEO and the Key Managers is established by the Board of Directors, with the support of the Remuneration Committee. The policy, which complies with the Supervisory Provisions and the principles and recommendations of the Italian Corporate Governance Code, establishes, among other things:

a correct balance between the fixed and variable components of the remuneration, consistent with the strategic objectives and risk management policy, providing that the variable component makes up a significant proportion of the overall remuneration;
specific performance targets, including non-financial ones, linked to the payment of the variable components, which are predetermined, measurable and relating to a significant extent to the medium-long term horizon. Said targets are consistent with the company's strategic objectives, aim to promote its sustainable success and are adjusted for the risks taken;
caps on the payment of the variable component2;
an appropriate deferral period for the payment of a portion of the variable component;
the payment of a portion of the variable remuneration in financial instruments subject to post-vesting holding periods (retention);

¹ This category also includes top management pursuant to the Italian Corporate Governance Code.

² The Intesa Sanpaolo Group set the cap on variable remuneration, in general, at 100% of fixed remuneration, except for Corporate Control Function roles, who have a cap of 33% of fixed remuneration, as well as roles similar to Corporate Control Functions (i.e. the Manager responsible for preparing the Company's financial reports and the Head of the Group Administrative Governance and Control Structure) and the Heads of the Group Human Resources Function, who have a cap of 60% of fixed remuneration. The cap has been raised for some specific categories of staff, including the Managing Director and CEO and the Key Managers, in compliance with the provisions and procedures laid down in applicable regulations, as described in detail in the Report on remuneration policy and compensation paid.

R. 31 R. 28

clawback and malus mechanisms; as well as

Remuneration

P. XV R. 25 par. 2

R. 29

R. 30

P. XVI R. 25 a) R. 27

Full compliance is ensured with the binding regulatory provisions for banks and with the Principles and

The remuneration of Non-executive Directors is set as a fixed amount at the time of their appointment and is proportionate to the competence, professional skills and commitment required by the duties entrusted to each of them within the Board also taking into account that they may be members of one or more Committees, and avoiding incentive schemes in line with the Supervisory Provisions. The remuneration for attending Board Committees includes a fixed annual amount for the Chairs of the Committees, plus an attendance fee for Committee members for each meeting actually attended.

The remuneration of the members of the Management Control Committee is set by the Shareholders' Meeting at the time of their appointment and for the entire term of their office, proportionate to the competence, professional skills and commitment required. This specific remuneration consists

a correct balance between the fixed and variable components of the remuneration, consistent with the strategic objectives and risk management policy, providing that the variable component makes
specific performance targets, including non-financial ones, linked to the payment of the variable components, which are predetermined, measurable and relating to a significant extent to the medium-long term horizon. Said targets are consistent with the company's strategic objectives, aim
the payment of a portion of the variable remuneration in financial instruments subject to post-vesting

exclusively of a fixed amount, which is equal for each Member and higher for the Chair.

Authority, the Group Remuneration Policy also includes the Rules for identifying risk takers.

Recommendations of the Italian Corporate Governance Code.

Governance Code, establishes, among other things:

caps on the payment of the variable component2;

holding periods (retention);

remuneration policy and compensation paid.

up a significant proportion of the overall remuneration;

to promote its sustainable success and are adjusted for the risks taken;

¹ This category also includes top management pursuant to the Italian Corporate Governance Code.

an appropriate deferral period for the payment of a portion of the variable component;
clear and predetermined rules for possible severance indemnities.

The share-based remuneration and incentive plans (both short and long term) for the Managing Director and CEO and the Key Managers are aligned with the interests of the shareholders over a medium/longterm horizon, and include appropriate vesting and retention periods, in line with the applicable regulations.

For the heads of the Corporate Control Functions, as defined by the Supervisory Provisions on the control system, the incentive schemes are consistent with the tasks assigned and independent of the results achieved by the areas subject to their control.

The Articles of Association, in accordance with applicable regulations, require the approval of the Bank's Ordinary Shareholders' Meeting for:

the remuneration policies for members of the Board of Directors and for personnel;
plans based on financial instruments;
the criteria for determining severance payments for early termination of employment or early cessation of office, including the caps on such payments in accordance with current regulations;
the proposal, if any, by the Board of Directors to set a limit on the ratio of the variable to the fixed components of remuneration for individual employees of more than 1:1 but not exceeding the maximum limit established by regulations.

Operating structure

Divisions, Governance Areas and Head Office Structures reporting directly to the Managing Director and CEO

To maximise organisational focus on the individual business areas and the specialisation of operating and business processes, and to ensure the necessary overall coherence of Group governance, the Parent Company is divided into Divisions – each consisting of groups of business lines with similar characteristics in terms of products and services provided and regulatory framework, and into Central Structures grouped into Governance Areas reporting directly to the Managing Director and CEO.

Said functions are set out below:

Banca dei Territori Division
IMI Corporate & Investment Banking Division
International Banks Division
Wealth Management Divisions, which consists of the following Divisions: Private Banking Division, Asset Management Division and Insurance Division
Chief Sustainability Officer Governance Area, which includes the Chief Social Impact Officer Governance Area
Chief Governance, Operating & Transformation Officer Governance Area, which includes the Chief Equity, Legal & M&A Officer Governance Area, the Chief Transformation & Organisation Officer Governance Area and the Chief People & Culture Officer Governance Area
Chief Institutional Affairs and External Communication Officer Governance Area
Chief Data, A.I. and Technology Officer Governance Area
Chief Security Officer Governance Area
Chief Cost Management Officer Governance Area
Chief Lending Officer Governance Area
Chief Financial Officer Governance Area
Chief Risk Officer Governance Area
Chief Compliance Officer Governance Area.

In addition to the aforesaid Functions, the Chief Audit Officer reports directly to the Board of Directors to ensure his/her necessary autonomy and independence.

In particular, in March 2024, the Board of Directors resolved on a new organisational structure for the Group, in line with the objective of consolidating the overall structure, strengthening the supervision of adjacent governance and business areas, and optimising managerial and organisational synergies.

In line with the above goals, the Bank's organisation was updated by setting up the following Structures:

Chief Governance, Operating & Transformation Officer Governance Area which combines activities and structures previously under the remit of the Chief Operating Officer and Chief Governance Officer Governance Areas, in order to manage the design of: (i) transformation, innovation and organisational evolution strategies supporting business development and governance structures, (ii) Group-wide HR and industrial relations policies, (iii) the evolutionary strategy for the Group's organisational model and (iv) proposals for extraordinary finance transactions
Chief Sustainability Officer Governance Area, to steer the Group's sustainable development strategies, with a special commitment to social matters and the fight against inequalities.
Wealth Management Divisions, which include the Insurance, Asset Management and Private Banking Divisions, so as to unify wealth management activities under a single umbrella, with the aim of accelerating their growth and boosting the integration of product factories.

In October 2024, the new Chief Security Officer Governance Area was established to oversee physical security, cybersecurity and business continuity, in order to establish a single control centre for security models and solutions, and consolidate Group-wide compliance with the best international standards and models.

At the same time, the following were set up: (i) the Group's Significant Projects Control Room, tasked with studying and analysing the key projects designed to achieve the strategic objectives set out in the Business Plan and which need to be assessed by the Managing Director and CEO; (ii) the "Fees & Commissions" Control Room, chaired by the Managing Director and CEO, which monitors, oversees and coordinates the strategies to increase the fee and commission income of all the Group's Divisions.

The Heads of the Organisational Structures of the Divisions, of the Governance Areas and of Group companies are tasked with achieving the objectives set for their respective areas within the framework of the general policies and guidelines, also through the optimum use of the human and technical resources assigned to each.

For additional information on Intesa Sanpaolo's organisational structure, see the Bank's website ("Intesa Sanpaolo Group" / "About us", "Organisational structure and Top Management" pages).

All the Bank Structures operate on the basis of specific Regulations establishing the scope of their powers and responsibilities, which are disseminated throughout the Bank, together with the operating procedures that govern how all the Bank's various processes are to be performed. All the main decisionmaking and implementing processes concerning Bank operations are codified and can be monitored and viewed by the entire Structure.

Group Managerial Committees

Operating structure

Said functions are set out below:

▪ Banca dei Territori Division

▪ International Banks Division

Governance Area

transactions

models.

▪ IMI Corporate & Investment Banking Division

▪ Chief Security Officer Governance Area

▪ Chief Lending Officer Governance Area ▪ Chief Financial Officer Governance Area ▪ Chief Risk Officer Governance Area

▪ Chief Compliance Officer Governance Area.

Asset Management Division and Insurance Division

▪ Chief Data, A.I. and Technology Officer Governance Area

▪ Chief Cost Management Officer Governance Area

to ensure his/her necessary autonomy and independence.

and CEO

Divisions, Governance Areas and Head Office Structures reporting directly to the Managing Director

▪ Wealth Management Divisions, which consists of the following Divisions: Private Banking Division,

▪ Chief Sustainability Officer Governance Area, which includes the Chief Social Impact Officer

▪ Chief Governance, Operating & Transformation Officer Governance Area, which includes the Chief Equity, Legal & M&A Officer Governance Area, the Chief Transformation & Organisation Officer

In addition to the aforesaid Functions, the Chief Audit Officer reports directly to the Board of Directors

In line with the above goals, the Bank's organisation was updated by setting up the following Structures:

• Chief Governance, Operating & Transformation Officer Governance Area – which combines activities and structures previously under the remit of the Chief Operating Officer and Chief Governance Officer Governance Areas, in order to manage the design of: (i) transformation, innovation and organisational evolution strategies supporting business development and governance structures, (ii) Group-wide HR and industrial relations policies, (iii) the evolutionary strategy for the Group's organisational model and (iv) proposals for extraordinary finance

• Chief Sustainability Officer Governance Area, to steer the Group's sustainable development strategies, with a special commitment to social matters and the fight against inequalities.

• Wealth Management Divisions, which include the Insurance, Asset Management and Private Banking Divisions, so as to unify wealth management activities under a single umbrella, with the

aim of accelerating their growth and boosting the integration of product factories.

Governance Area and the Chief People & Culture Officer Governance Area ▪ Chief Institutional Affairs and External Communication Officer Governance Area

As part of the mechanisms put in place to guarantee effective management of the operational matters relevant to the entire Group, monitor the Group's risk profile effectively, and ensure an appropriate level of internal communication and discussion, special Managerial Committees are established within the Bank, composed of Executives of the Bank and Top Managers of the Group companies.

The Articles of Association assign to the Board of Directors the task of establishing and determining the composition, duties and powers of each of the Committees.

During 2024, the following Committees operated on the basis of their own organisational and operating Regulations approved by the Board:

✓ assists the Managing Director and CEO;
✓ collaborates with the Managing Director and CEO in the preparation of the Business Plan and in the implementation of the main managerial initiatives;
✓ strengthens the coordination and the cooperation mechanisms between the various business, governance and control areas of the Bank and the Group, with a view to sharing the main corporate choices;
✓ contributes to ensuring coordination and integrated management of risks and the safeguarding of the corporate value at Group level, including the correct functioning of the internal control system;
✓ approves the proposed adjustment plans needed to provide guidance in the solution of any main issues identified by the Supervisory Authority, monitoring their level of implementation and the adequacy of the relevant investments.

To this end, the Committee operates both through Plenary Sessions (where the Managing Director considers it useful to involve the entire top management on major issues), and through specific separate thematic sessions (Business Plan and Sustainability (ESG), Shareholdings, Investments, Group Risks Analysis, Credit Strategies, Recovery & Resolution Plan, Supervisory Remediation Plans).

GROUP FINANCIAL RISKS COMMITTEE: a technical body with decision-making, advisory and reporting powers, focused both on the banking business (market risk, financial risks for banking books, liquidity risk, financial risks for client investments, control and monitoring of the business models as well as Active Value Management) and the life and non-life insurance business (exposure of results to the trend in market and technical variables), including for both types of business the assessment criteria for financial instruments.

GROUP CONTROL COORDINATION AND NON-FINANCIAL RISKS COMMITTEE: a technical body operating in line with the guidelines set by the Board and on the basis of the operational and functional powers delegated to it by the Board itself, with the aim of strengthening coordination and cross-functional cooperation mechanisms:

o with regard to the Group internal control system, facilitating the integration of the risk management process;
o in relation to non-financial and reputational risks, supporting their effective management.

GROUP CREDIT COMMITTEE: a technical body, with decision-making and advisory powers, that is tasked with ensuring the coordinated management of issues relating to credit risk, making decisions on credit facilities and adjustments/write-offs to the extent of its assigned powers, and issuing "compliance opinions" on proposed resolutions on credit granting submitted by subsidiaries.

HOLD TO COLLECT AND SELL (HTCS) SIGN-OFF COMMITTEE: a technical body with qualified competence concerning the market risk-taking proposals made by the business structures of the Parent Company or the subsidiaries, on the HTCS shares envisaged for Originate to Share ("OtS") transactions. These transactions consist of loans – originated with the twofold objective of holding a portion of the loan while transferring the risk of the other portion to third parties, by selling it on the primary, post-primary or secondary market, or by means of risk hedging instruments (synthetic derisking) – which at origination had a variable holding period according to the borrower's risk rating and loan type.

CREDIT RISK AND PILLAR 2 INTERNAL MODELS COMMITTEE: a technical body with decisionmaking, advisory and reporting powers, established in order to assess the issues relating to the relevant models and supports the Managing Director in performing the associated duties. Its scope of operation includes: i) internal credit risk measurement and management models and ii) internal models relating to Pillar 2 risks (excluding Pillar 2 models for the measurement and quantification of Banking Book financial risks, which fall under the responsibility of the Group Financial Risks Committee, and Pillar 2 models for the measurement and quantification of operational and reputational risks, which are within the scope of the Group Control Coordination and Non-Financial Risks Committee).

R. 8

Diversity and inclusion policy

STEERING COMMITTEE: a managerial body with decision-making, advisory and reporting powers – chaired by the Managing Director and CEO and composed of the Bank's first management line – where the Managing Director and his/her direct reports discuss and share decisions/processes of particular relevance to the company's management; in this context, the Committee: ✓ assists the Managing Director and CEO; ✓ collaborates with the Managing Director and CEO in the preparation of the Business Plan and in the implementation of the main Board and on the basis of the operational and functional powers delegated to it by the Board itself, with the aim of strengthening coordination and cross-functional cooperation mechanisms: o with regard to the Group internal control system, facilitating the integration of the risk

o in relation to non-financial and reputational risks, supporting their effective management.

management process;

by subsidiaries.

rating and loan type.

Committee).

✓ strengthens the coordination and the cooperation mechanisms between the various business, governance and control areas of the Bank and the Group, with a view to sharing the

✓ contributes to ensuring coordination and integrated management of risks and the safeguarding of the corporate value at Group level, including the correct functioning of the

✓ approves the proposed adjustment plans needed to provide guidance in the solution of any main issues identified by the Supervisory Authority, monitoring their level of implementation and the adequacy of the

GROUP CONTROL COORDINATION AND NON-FINANCIAL RISKS COMMITTEE: a technical body operating in line with the guidelines set by the

managerial initiatives;

main corporate choices;

internal control system;

relevant investments.

Supervisory Remediation Plans).

financial instruments.

Intesa Sanpaolo does not tolerate any kind of discrimination and, to this end, has adopted Principles on Diversity, Equity & Inclusion in order to translate into practice its commitment to implementing and disseminating, within and outside the Group, an inclusion policy that embraces all forms of diversity (gender, gender identity and/or expression, romantic and sexual orientation, marital status and family situation, age, ethnicity, religious belief, political and trade union membership, social and economic status, nationality, language, cultural background, physical and mental condition, physical appearance or any other personal characteristic, including those related to the expression of thought).

The document complements the Group's Code of Ethics and Internal Code of Conduct, building on the message concerning the Group's core values and contributing to implement the provisions on Diversity and Inclusion laid down in the Business Plan.

The Principles set out in the document apply to all Intesa Sanpaolo Group people in their dealings with internal and external stakeholders and to the members of the management and control corporate Bodies. All persons who cooperate with Intesa Sanpaolo but are not employees (e.g. non-employee financial agents/advisors, suppliers and subcontractors) are also required to comply with the Principles.

The principles underpinning the inclusion policy are: (i) respect for all individuals in the expression of their identity and diversity, (ii) promotion of each person's talents, (iii) meritocracy and (iv) equal opportunities.

Specifically, Intesa Sanpaolo has a strong focus on gender equality, with precise commitments to achieve gender-balanced career opportunities, encourage greater presence of women at all levels of the hierarchy and contrast the gender pay gap.

The Group's recruitment practices are also characterised by the promotion of gender balance and all dimensions of diversity, including multicultural elements.

The Chief People & Culture Officer (i) identifies the DE&I objectives and defines the strategy to achieve them, (ii) periodically adjusts and communicates the benchmarks on gender equality commitments for the Divisions/Governance Areas, (iii) reports annually to the Parent Company's Board of Directors and the Risks and Sustainability Committee on the results achieved.

The DE&I Head (i) proposes DE&I goals and guidelines to the Chief People & Culture Officer, (ii) promotes and coordinates the implementation of the goals and guidelines through projects and work plans within the Group, (iii) monitors the Group's progress with regard to DE&I, and (iv) acts as a representative both internally and externally to promote the benefits of the inclusive policy.

More broadly, Intesa Sanpaolo has received a number of international recognitions for its commitment to Diversity & Inclusion.

Intesa Sanpaolo is the top-ranked bank worldwide in the list of the 100 most inclusive and diversityconscious workplaces, the FTSE Diversity & Inclusion Index – Top 100 (former Refinitiv Global Diversity and Inclusion Index). It is ranked as the seventh company globally, and it is the first and only Italian banking group on the list. The index analysed more than 15,500 listed companies worldwide, assessing them on the basis of 24 parameters in the following categories: gender diversity, inclusion, people development and disputes.

As a sign of its commitment to inclusion, Intesa Sanpaolo was the first banking group to achieve PDR 125:2022 gender equality certification, according to the criteria established by the National Recovery and Resilience Plan (NRRP) in Mission 5 "Inclusion and Cohesion". In 2024, the Group underwent and passed its second certification maintenance audit.

In 2021, Intesa Sanpaolo was the first bank in Italy and among the first in Europe to obtain the international certification Gender Equality European & International Standard (GEEIS-Diversity), aimed at assessing the commitment of organisations to diversity and inclusion.

Furthermore, the Group's policy envisages actions to promote the value of inclusion also externally, in the socio-economic context and the communities in which the Group operates.

Part III - Control and risk management system

P. XVIII P. XIX P. XX

Main characteristics

In accordance with the Supervisory Provisions on the control system, the Company has adopted the "Integrated Internal Control System Regulation", which sets out the guidelines for the internal control system of Intesa Sanpaolo, in its capacity as Bank and Parent Company of the Banking Group. The Regulation implements the reference principles and establishes the responsibilities of the Bodies and functions with control duties, which contribute, within their respective remits, to the proper functioning of the internal control system. The Regulation also establishes the coordination arrangements and information flows supporting the system's integration.

The document establishes the reference framework of the Intesa Sanpaolo Group's internal control system, which includes the principles and rules on controls that must be reflected and incorporated in the Group's internal regulations with reference to specific areas of prudential supervision.

The Group companies have implemented the Regulation and – where applicable – adopted a corresponding internal regulation setting out the guidelines of their respective internal control system.

The internal control system is built around a set of rules, functions, structures, resources, processes and procedures aimed at ensuring, in compliance with sound and prudent management, the achievement of the following objectives:

verification of the implementation of company strategies and policies;
containment of risks within the limits set out in the reference framework for determining the Bank's risk appetite (Risk Appetite Framework);
safeguard of asset value and protection from losses;
effectiveness and efficiency of corporate processes;
reliability and security of corporate information and IT procedures;
prevention of the risk that the Bank may be involved, even unbeknownst to it, in illegal activities (especially those linked to money laundering, usury and terrorist financing);
compliance of business operations with the law and supervisory regulations, as well as internal policies, procedures and regulations.

The internal control system plays a crucial role and involves the entire corporate organisation (Bodies, structures, hierarchical levels, all personnel).

In line with laws, Supervisory regulations and the recommendations of the Corporate Governance Code, the internal control system put in place by the Bank is suitable for continuously identifying, measuring, managing and monitoring the typical risks of its business activity and of the Group companies' activities. The system involves the Corporate Bodies, Managerial Committees, special internal control functions, the Surveillance Body and the Manager responsible for preparing the Company's financial reports. The independent auditors also contribute to the control system.

In compliance with the guidelines issued by the Corporate Bodies, the internal control system has been designed so as to constantly identify, manage and monitor business-related risks. The system is built on, among others, the Supervisory Provisions on the control system, on corporate governance and on investment services and activities, and takes into account the developments in international best practices.

The internal control system is based on three levels, in line with the current regulations:

The first level consists of line controls, which are designed to ensure the proper conduct of operations and where possible, are incorporated into IT procedures. They are carried out by the same operating and business structures ("Level I control functions"), including through units dedicated solely to control duties reporting to the heads of the same structures or performed as part of the back office.
The second level consists of the risks and compliance controls, which are intended to ensure, among other things:
- o correct implementation of the risk management process;
- o compliance with the operating limits assigned to the various functions;
- o compliance of business operations with the rules, including those on self-regulation.

The functions responsible for these controls ("Level II control functions") are separate from operating functions and contribute to defining the risk governance policies and risk management process. In the Intesa Sanpaolo Group, Level II functions are carried out by the following Parent Company structures and the corresponding structures in the Group companies, where existing:

Chief Compliance Officer Governance Area, to which the Anti Financial Crime Head Office Department also reports;
Chief Risk Officer Governance Area, to which the Internal Validation & Controls Coordination Area reports.

In accordance with the Supervisory Provisions, which require that said functions should be independent from operating structures and separate from internal auditing, the Heads of the Chief Risk Officer Governance Area and the Chief Compliance Officer Governance Area report directly to the Managing Director and CEO and, as required by the legislation, have direct access to the Corporate Bodies, to which they report, without restrictions or intermediation, on the findings from the monitoring activities carried out.

As specialised forms of compliance risk supervision, specialist functions have also been identified for specific regulatory areas, based on their expertise, organisational characteristics and activities.

The third level consists of internal audit controls, aimed at identifying violations of procedures and regulations, as well as periodically assessing the completeness, adequacy, functionality (in terms of efficiency and effectiveness) and reliability of the internal control system and information system (ICT audit) at Group level. The frequency of these controls is scheduled according to the nature and extent of the risks. R. 32 d)

Internal auditing is carried out by the Parent Company's Chief Audit Officer and by the equivalent local units of Group companies, where established.

In line with the Supervisory Provisions, the Chief Audit Officer reports directly to the Board of Directors and functionally to the Management Control Committee.

The internal control system has a comprehensive set of information flows with the Corporate Bodies, the various structures concerned and the Group companies to enable full and effective control of risk factors.

As mentioned, the "Integrated Internal Control System Regulation" of Intesa Sanpaolo also establishes specifically the procedures for coordination and collaboration between the Functions having control duties, to ensure the control system is effectively integrated and all corporate risks are appropriately controlled.

The single elements of the internal control system are monitored by the Control Functions themselves, within the scope of their respective competence and within Group Control Coordination and Non-Financial Risks Managerial Committee, in the Integrated Internal Control System session. The aim of this session is to strengthen coordination and cross-functional cooperation mechanisms on the internal control system and to aid the integration of the risk management process.

To this end, the Control Functions put in place appropriate coordination and collaboration mechanisms, based on specific "integration parameters", applied across the phases of the risk management process:

building a common language;
adopting detection and assessment methods and instruments;
designing risk reporting templates;
holding official coordination sessions for activity planning;
ensuring continuous information flows;
sharing the identification of remedial actions;
building a risk culture.
P. XIX R. 33 a)

In this context, the adequacy of the system's key elements is assessed on an ongoing basis by the Corporate Bodies, and is taken into consideration, respectively, in the report on operations attached to the financial statements, in this Report and in the Report pursuant to Article 153 of the Consolidated Law on Finance.

To strengthen further the internal control system and in compliance with the regulations issued by the Bank of Italy and the Italian Legislative Decree No. 24/2023, the "Group rules on the internal system for reporting violations (whistleblowing)" have been established to report facts or conduct that may infringe European and Italian regulations, which harm the public interest or the integrity of Intesa Sanpaolo and the Group Companies, knowledge of which is acquired in the work environment or as a result of a legaleconomic relationship existing with the Group.

P. XX

The reporting system ensures the confidentiality of the whistle-blower and the individuals involved in various capacities and mentioned in the report, protecting them from possible retaliatory or discriminatory behaviours.

After the above overview, the main elements of the internal control system are described below, including the structure of financial information controls (comprising the duties of the Manager responsible for preparing the Company's financial reports, the financial information control system and the independent audit), the role performed by the Corporate Control Functions as defined in the Supervisory Provisions (risk control, regulatory compliance, internal auditing, anti-money laundering and validation) and crime prevention models.

The role of the Corporate Bodies

Chief Compliance Officer Governance Area, to which the Anti Financial Crime Head Office
Chief Risk Officer Governance Area, to which the Internal Validation & Controls Coordination

Internal auditing is carried out by the Parent Company's Chief Audit Officer and by the equivalent

In line with the Supervisory Provisions, the Chief Audit Officer reports directly to the Board of

The third level consists of internal audit controls, aimed at identifying violations of procedures and regulations, as well as periodically assessing the completeness, adequacy, functionality (in terms of efficiency and effectiveness) and reliability of the internal control system and information system (ICT audit) at Group level. The frequency of these controls is scheduled according to the nature and extent

Department also reports;

the monitoring activities carried out.

local units of Group companies, where established.

Directors and functionally to the Management Control Committee.

control system and to aid the integration of the risk management process.

• adopting detection and assessment methods and instruments;

• holding official coordination sessions for activity planning;

Area reports.

of the risks.

factors.

R. 32 d)

R. 35 f) R. 36

P. XX

P. XIX R. 33 a) controlled.

• building a common language;

• building a risk culture.

Law on Finance.

• designing risk reporting templates;

• ensuring continuous information flows; • sharing the identification of remedial actions;

economic relationship existing with the Group.

The task of ensuring the completeness, adequacy, functionality and reliability of the internal control system at Group level is entrusted to the Corporate Bodies, in compliance with the Supervisory Provisions on the control system and the Supervisory Provisions on corporate governance. Specifically, in order to ensure an integrated and consistent internal control system and adequate monitoring of the risks to which the Group is or may be exposed, the Group-level strategic decisions concerning the internal control and risk management system are under the remit of the Board of Directors of Intesa Sanpaolo, as the Parent Company. Thus, the Board plays this role not only with reference to the Parent Company, but also assessing the Group's overall operations and the overall risks to which it is exposed.

The Board, with the support of the Risks and Sustainability Committee and taking into account the proposals of the Managing Director and CEO, is in charge of establishing and approving the overall governance and organisational structure of the Bank and the Group, the guidelines of the internal control system, the risk appetite and the risk governance policies and processes. The Board is also responsible for the guidance and control of the information system (including supervision of IT and security risk analysis) and business continuity, and approves the guidelines for the development and use of Artificial Intelligence systems.

The Board also approves the establishment of the company control functions, outlining their duties and responsibilities, and appoints the Manager responsible for preparing the Company's financial reports and the heads of the Corporate Control Functions (Chief Audit Officer, Chief Risk Officer, Chief Compliance Officer, Head of the Validation Function of internal risk measurement systems, Head of the Anti-Money Laundering Function). The Board also appoints the Head of Suspicious Activity Reporting in line with the anti-money laundering regulation, the Head of the Business Continuity Plan and the Data Protection Officer.

The Board examines the reports prepared, at least annually, by the Corporate Control Functions and approves the annual work plan, including the audit plan and the multi-year audit plan prepared by the head of the internal audit function, after their examination by the Risks and Sustainability Committee and the Management Control Committee. R. 33 c) R. 36 a)

In addition, the Board evaluates the remarks made by the independent auditor in the letter of recommendations, if any, and in the additional independent audit report, pursuant to Article 11 of Regulation (EU) No 537/2014, after their examination by the Management Control Committee.

In performing its strategic supervision and guidance functions on the internal control system and risk matters, the Board is supported by the Risks and Sustainability Committee. R. 32 c)

With regard to financial information, the Management Control Committee has been assigned on an exclusive basis the task of examining and assessing accounting/financial documentation prior to Board decisions by dividing the responsibilities between the two Committees in relation to financial information "according to subject matter", taking into account the control function assigned by law to the Management Control Committee.

R. 33 g)

P. XIX R. 32 a)

R. 33 f)

R. 35 a) b)

Indeed, the Management Control Committee, which acts as the statutory Control Body, is tasked with supervising the completeness, adequacy, functionality and reliability of the internal control system and Risk Appetite Framework, as well as the business continuity plan. R. 32 f)

The Committee verifies the effectiveness of all the structures and functions involved in the control system and their proper coordination, and promotes actions to correct any deficiencies or irregularities detected.

The Committee also supervises:

the effectiveness of the control, internal auditing and risk management systems, as well as the adequacy and functionality of the administrative-accounting system – including the related information system – as well as its suitability to give a proper representation of operations;
also in its capacity as Internal Control and Audit Committee pursuant to Italian Legislative Decree No. 39/2010, the financial reporting process, formulating any recommendations or proposals aimed at ensuring its correctness. In this role, it is also tasked with notifying the Board of Directors of the outcome of the independent audit and sending to it the report pursuant to Article 11 of Regulation (EU) No. 537/2014.

To carry out its functions, the Committee receives adequate information flows from the other Corporate Bodies and the corporate functions, including control functions.

Specifically, the Committee receives from the control functions the work plans, the periodic reports, which are prepared at least annually, and information flows on specific situations or company trends, in particular on any significant deficiencies or breaches detected.

The Committee exchanges information of mutual interest and, where appropriate, coordinates with the Risks and Sustainability Committee for the performance of the respective duties, including in relation to acts and disclosures of mutual interest; it also liaises closely with the subsidiaries' control bodies, to contribute to the timely exchange of all relevant information.

The Managing Director and CEO:

has the power to submit proposals for resolutions concerning the internal control and risk system, without prejudice to the power of proposal reserved for individual Directors and Board Committees;
is in charge of implementing all the Board resolutions, in particular implementing the strategic guidelines, the RAF and the risk governance policies defined by the Board;
ensures the integrated management of all corporate risks, assessing the internal and external factors that may give rise to them and their interaction, and takes the measures necessary to make the organisation and the internal control system compliant with the regulatory principles and provisions, continuously monitoring compliance at Bank and Group level;
issues provisions to ensure that the various corporate functions implement the risk management and control process at Bank and Group level, taking care of the set-up and functioning of the structure and operations of the internal risk measurement systems and the ICAAP and ILAAP process, in line with the Supervisory Provisions, the strategic guidelines, the RAF and the risk governance policies defined and approved by the Board;
exercises the responsibilities and functions assigned by the Supervisory provisions to the member responsible for the anti-money laundering also at Group level.

The role of the Managerial Committees

Within the scope of the risk control and management system, a key role is performed by the Managerial Committees operating within the scope of the Bodies' prerogatives and the specific competences of the corporate control functions.

For a description of the Managerial Committees' duties, see the preceding paragraph "Group Managerial Committees" in the "Operating structure" chapter in Part Two.

With reference to the internal control and risk management system, the activities carried out by the following Committees are noted below:

➢ the Group Control Coordination and Non-Financial Risks Committee pursues the goal of reinforcing coordination and cross-functional cooperation mechanisms within the Group internal control system, promoting the integration of the risk management process.

In the context of the Integrated Internal Control System Session, the Committee monitors the implementation and ongoing maintenance of the integrated internal control system.

R. 37 par. 2

R 32 b) R. 34

Within the Operational and Reputational Risk Session, it has the task of issuing prior opinions on Group policies for operational and reputational risk control submitted for approval by the Board of Directors. The Committee is also tasked with overseeing the management of events of significant impact and relevance as well as the Group's overall non-financial risk profile, assessing the mitigation plans (approving them if the RAF early warning thresholds for the monitoring of the internal control system are exceeded) and monitoring the implementation of the mitigation measures identified (possibly based on guidance from the Corporate Bodies and/or the Steering Committee) and approving, on the instructions of the Board of Directors, the operational risk transfer strategies.

• the effectiveness of the control, internal auditing and risk management systems, as well as the adequacy and functionality of the administrative-accounting system – including the related

To carry out its functions, the Committee receives adequate information flows from the other Corporate

has the power to submit proposals for resolutions concerning the internal control and risk system, without prejudice to the power of proposal reserved for individual Directors and Board Committees; - is in charge of implementing all the Board resolutions, in particular implementing the strategic
ensures the integrated management of all corporate risks, assessing the internal and external factors that may give rise to them and their interaction, and takes the measures necessary to make the organisation and the internal control system compliant with the regulatory principles and
issues provisions to ensure that the various corporate functions implement the risk management and control process at Bank and Group level, taking care of the set-up and functioning of the structure and operations of the internal risk measurement systems and the ICAAP and ILAAP process, in line with the Supervisory Provisions, the strategic guidelines, the RAF and the risk
exercises the responsibilities and functions assigned by the Supervisory provisions to the member

For a description of the Managerial Committees' duties, see the preceding paragraph "Group Managerial

With reference to the internal control and risk management system, the activities carried out by the

➢ the Group Control Coordination and Non-Financial Risks Committee pursues the goal of reinforcing coordination and cross-functional cooperation mechanisms within the Group internal control

implementation and ongoing maintenance of the integrated internal control system.

In the context of the Integrated Internal Control System Session, the Committee monitors the

guidelines, the RAF and the risk governance policies defined by the Board;

provisions, continuously monitoring compliance at Bank and Group level;

information system – as well as its suitability to give a proper representation of operations; • also in its capacity as Internal Control and Audit Committee pursuant to Italian Legislative Decree No. 39/2010, the financial reporting process, formulating any recommendations or proposals aimed at ensuring its correctness. In this role, it is also tasked with notifying the Board of Directors of the outcome of the independent audit and sending to it the report pursuant to Article 11 of Regulation

Risk Appetite Framework, as well as the business continuity plan.

Bodies and the corporate functions, including control functions.

particular on any significant deficiencies or breaches detected.

contribute to the timely exchange of all relevant information.

governance policies defined and approved by the Board;

Committees" in the "Operating structure" chapter in Part Two.

system, promoting the integration of the risk management process.

The role of the Managerial Committees

corporate control functions.

following Committees are noted below:

responsible for the anti-money laundering also at Group level.

detected.

R. 32 f)

R. 37 par. 2

R 32 b) R. 34

The Committee also supervises:

(EU) No. 537/2014.

The Managing Director and CEO:

Within the Compliance Risk Session, it examines the results of the periodic compliance risk assessment process; it monitors the evolution of legislation and of the Regulators' expectations and their main impacts on the processes; it examines, assesses and monitors the mitigation plans prepared by the structures in charge of resolution actions in the event of high-impact and highrelevance problems, and it monitors the development of Risk Appetite Framework limits and thresholds.

The Committee Sessions are attended, among others, by the Heads of the Corporate Control Functions and by the Manager responsible for preparing the Company's financial reports. Participation in the Committee Sessions by the Manager responsible for preparing the Company's financial reports as a permanent member helps said Manager to discharge his statutory duties and fulfil his/her role under the Company Regulations to supervise the financial reporting process. It also furthers the cross-functional coordination and integration of control activities in this area;

➢ the Steering Committee contributes to coordination and integrated risk management and to the safeguarding of the corporate value at Group level, including the correct functioning of the internal control system. In particular, the Group Risk Analysis Session is aimed at ensuring risk monitoring and management, in implementation of the strategic guidelines and management policies defined by the Board. This Session has several risk-related responsibilities, including examining the draft Group Risk Appetite Framework and the risks Tableau de Bord; in this Session, the Committee is also informed of the contents of the Group's ICAAP and ILAAP package;
➢ the Group Financial Risks Committee performs its functions through the following structure:
- the Risk Analysis and Valuation Session, responsible for evaluating, ahead of the Board of Directors' approval, the guidelines on undertaking and measuring financial and liquidity risk, and the proposals for operational limits, and responsible, within the scope of its powers, for assigning the related values to the Parent Company, with possible breakdown by Division or operational segment, and to the Group Banks and Companies. The session also verifies absorptions and possible breaches of the limits/early warnings for the risk profiles it monitors, exercising its powers within the escalation processes defined in the relevant company regulations, and monitoring the approved come-back procedures;
- the Management Guidelines and Operating Choices Session, which provides operational guidelines in implementation of the strategic guidelines and risk management policies laid down by the Board of Directors, in respect of management of the banking book, liquidity, interest rate and exchange risk, and periodically verifies the qualitative and quantitative impact of the actions taken and the guidelines provided;
- the ALCO Session Extended, which analyses the performance of loans and funding, in current and prospective terms, together with the expected trend in Risk-Weighted Assets (RWAs) and financial assets (debt securities and loans) measured at Fair Value through Other Comprehensive Income (FVOCI reserves), in order to monitor and assess their impact on the Group's liquidity and capital profiles; the Session also reviews the quarterly reports produced on sector performance indicators.

The control and risk system also includes the Credit Risk and Pillar 2 Internal Models Committee, the Hold To Collect and Sell (HTCS) Sign-Off Committee and the Group Credit Committee.

Corporate Control Functions

The Chief Audit Officer

The Internal Audit Function is carried out by the Chief Audit Officer, who reports directly to the Board of Directors (and, on its behalf, to the Chair), and also reports functionally to the Management Control Committee, while appropriately liaising with the Managing Director and CEO. The Chief Audit Officer does not have any direct responsibilities for the operational areas.

This Function has a structure and a control model in line with the organisational structure of Intesa Sanpaolo and the Group.

R. 36 a) e)

R. 32 d) R. 36 par. 1

The Chief Audit Officer - to whom the Internal Audit Structures of the Italian and international companies of the Group functionally report - enjoys the necessary autonomy and independence from the operating structures; the Function has access to all the activities conducted at both the head office and the local structures. The Bank's audit function cannot be entrusted to external parties; where third parties are entrusted with relevant services for the operation of the internal control system (e.g. data processing), the Internal Audit Function must have access also to the activities of said parties.

The structure performs a level-III assessment of the completeness, adequacy, functionality and reliability of the components of the internal control system, the risk management process and the corporate processes, also with regard to their ability to identify and prevent errors and irregularities. In this context, inter alia, it audits the risk and regulatory compliance corporate control functions, also through participation in projects, so as to generate added value and improve the effectiveness of the control and corporate governance processes.

The Internal Audit Function is also responsible for assessing the effectiveness of the RAF definition process, the internal consistency of the overall framework and the compliance of business operations with the RAF. In the context of the RAF, the Chief Audit Officer contributes to the Integrated Risk Assessment conducted by the corporate control functions and by the Manager responsible for preparing the Company's financial reports.

The structure has personnel with the appropriate professional skills and expertise and operates in accordance with best practices and the international standards for the professional practice of internal auditing established by the Institute of Internal Auditors (IIA). The internal auditors conduct their activity in line with the principles laid down in the Internal Auditor's Code of Ethics, which is modelled on that proposed by the Institute of Internal Auditors. As required by the international standards, this Function undergoes an external Quality Assurance Review at least every five years. The latest review was launched at the end of 2021, three years after the previous review, in accordance with the frequency agreed with the Management Control Committee, and ended in the first quarter of 2022, confirming the highest assessment on the scale ("Generally Compliant"). At the end of 2024, a new audit was started; it will be completed in the first quarter of 2025.

R. 36 b), c) The Internal Audit Function uses structured risk assessment methods to identify the most sensitive areas and the main new risk factors. Based on the findings of the risk assessment and the resulting priorities, as well as on any specific requests for further investigation made by the Top Management or the Corporate Bodies, it prepares and submits an Annual Action Plan for prior examination by the Management Control Committee and subsequent approval by the Board of Directors, on the basis of which it conducts its activities during the year. The Function also prepares a Multi-Year Plan.

The Plan may be revised during the year as a result of extraordinary events, also deriving from potential risk evolution, and of new requests from the Corporate Bodies.

The Chief Audit Officer ensures the proper performance of the internal whistleblowing management process.

The Chief Audit Officer supports corporate governance and ensures that Top Management, the Corporate Bodies and the competent Authorities (ECB, Bank of Italy, Consob, etc.) promptly and systematically receive information on the status of the control system, the outcome of activities performed and the progress of any corrective measures. The Chief Audit Officer also contributes to the spreading of a culture of risk-awareness within the Bank and the Group.

Audits are performed directly for the Parent Company, as well as for subsidiaries under an outsourcing contract; for other Group entities that have their own internal audit functions, on the other hand, indirect control is maintained.

In the latter case, the indirect audit is conducted via the guidance and functional coordination of the Auditing structures in the Italian and international banks and subsidiaries, to ensure consistent controls

and due examination of the different types of risks, also verifying the structural and operational effectiveness and efficiency of said auditing structures. Furthermore, direct audit and verification are also performed in the institutional capacity as Parent Company.

Any weaknesses are systematically reported to the Corporate Functions concerned for prompt remedial action, with appropriate follow-up to monitor the effectiveness of said action.

Summary internal control system assessments from the checks are periodically submitted to the Management Control Committee and the Board.

The audit reports with a negative opinion or major shortcomings are sent to the Board, the Managing Director and the Management Control Committee, as well as the Boards of Directors and Boards of Statutory Auditors of the subsidiaries concerned.

The main weaknesses detected and their evolution over time are included in the Audit Tableau de Bord, with evidence of the ongoing mitigation actions, the parties responsible for implementing them and the relevant deadlines, to ensure systematic follow-up.

The Chief Audit Officer coordinates the "Integrated Internal Control System" session of the Group Control Coordination and Non-Financial Risks Committee; he/she supports the "231 Model" Surveillance Body in ensuring constant and independent verification of the regular performance of operations and processes, to prevent or detect anomalous and risky conduct or events, and in monitoring the compliance and effectiveness of the rules in the 231 Model; lastly, he/she participates in the Plenary, Business Plan and Sustainability (ESG), Group Risk Analysis and Supervisory Remediation Plans sessions of the Steering Committee and, upon specific request, also in the Investments session.

The Internal Audit Function ensures constant self-assessment of its efficacy and efficiency in line with the internal "quality assurance and improvement" plan drafted in accordance with the recommendations of the international standards for the professional practice of internal auditing. In this context, in 2024, the strategic audit innovation programme, named Strategic Audit Innovation Line-up (SAIL), continued for the period 2022-2025 in line with the new Business Plan.

The Chief Risk Officer

Corporate Control Functions

does not have any direct responsibilities for the operational areas.

the Internal Audit Function must have access also to the activities of said parties.

This Function has a structure and a control model in line with the organisational structure of Intesa

The Chief Audit Officer - to whom the Internal Audit Structures of the Italian and international companies of the Group functionally report - enjoys the necessary autonomy and independence from the operating structures; the Function has access to all the activities conducted at both the head office and the local structures. The Bank's audit function cannot be entrusted to external parties; where third parties are entrusted with relevant services for the operation of the internal control system (e.g. data processing),

The structure performs a level-III assessment of the completeness, adequacy, functionality and reliability of the components of the internal control system, the risk management process and the corporate processes, also with regard to their ability to identify and prevent errors and irregularities. In this context, inter alia, it audits the risk and regulatory compliance corporate control functions, also through participation in projects, so as to generate added value and improve the effectiveness of the control and

The Internal Audit Function is also responsible for assessing the effectiveness of the RAF definition process, the internal consistency of the overall framework and the compliance of business operations with the RAF. In the context of the RAF, the Chief Audit Officer contributes to the Integrated Risk Assessment conducted by the corporate control functions and by the Manager responsible for preparing

The structure has personnel with the appropriate professional skills and expertise and operates in accordance with best practices and the international standards for the professional practice of internal auditing established by the Institute of Internal Auditors (IIA). The internal auditors conduct their activity in line with the principles laid down in the Internal Auditor's Code of Ethics, which is modelled on that proposed by the Institute of Internal Auditors. As required by the international standards, this Function undergoes an external Quality Assurance Review at least every five years. The latest review was launched at the end of 2021, three years after the previous review, in accordance with the frequency agreed with the Management Control Committee, and ended in the first quarter of 2022, confirming the highest assessment on the scale ("Generally Compliant"). At the end of 2024, a new audit was started;

The Internal Audit Function uses structured risk assessment methods to identify the most sensitive areas and the main new risk factors. Based on the findings of the risk assessment and the resulting priorities, as well as on any specific requests for further investigation made by the Top Management or the Corporate Bodies, it prepares and submits an Annual Action Plan for prior examination by the Management Control Committee and subsequent approval by the Board of Directors, on the basis of

The Plan may be revised during the year as a result of extraordinary events, also deriving from potential

The Chief Audit Officer ensures the proper performance of the internal whistleblowing management

which it conducts its activities during the year. The Function also prepares a Multi-Year Plan.

The Chief Audit Officer

R. 32 d) R. 36 par. 1

R. 33 b) R. 36 par. 1

R. 36 a) e)

R. 36 b), c)

Sanpaolo and the Group.

corporate governance processes.

the Company's financial reports.

process.

control is maintained.

it will be completed in the first quarter of 2025.

risk evolution, and of new requests from the Corporate Bodies.

spreading of a culture of risk-awareness within the Bank and the Group.

The Chief Risk Officer, directly reporting to the Managing Director and CEO, is the head of the Governance Area of the same name in charge of the risk management functions, which includes the controls on the risk management process and, through the Internal Validation and Controls Coordination Area, the internal validation process.

The following functions report to the Chief Risk Officer Governance Area:

Credit, Enterprise & Operational Risk Management
Business Units, Market & Financial Risk Management
Internal Validation & Controls.

The Chief Risk Officer Governance Area is one of the pillars of the "second line of defence" of the internal control system, and as such it is separate and independent from the business functions. Functional reports to this Area include the risk control functions of subsidiaries with a decentralised management model.

The main duties of the Chief Risk Officer Governance Area are as follows:

governing the macro-process of definition, approval, control and implementation of the Group's Risk Appetite Framework (RAF) with the support of the other corporate functions involved;
consistent with corporate strategies and objectives, assisting the Bodies in defining and implementing risk management guidelines and policies;
coordinating the implementation of risk management guidelines and policies by the relevant Group business units, also in the Group companies;
designing, developing and maintaining internal risk measurement, management and assessment systems, both for regulatory and – for the matters under its competence – management purposes, ensuring they are incorporated into the relevant business processes;
measuring and controlling the Group's exposure to the various types of risk, also verifying the implementation of the guidelines and policies regarding risk management;

formulating a prior opinion on the consistency of the Most Significant Transactions with the RAF, ensuring that all the risk profiles associated with such Transactions are assessed;
performing level II monitoring and controls to monitor IT and security risk, as well as non-credit risks;
continuously and iteratively validating risk measurement and management systems used both to calculate capital requirements and for non-regulatory purposes – to assess their compliance with regulatory provisions, company operational needs and reference market demands and to manage the internal validation process at Group level; in this context, also guaranteeing the monitoring and validation of the Group Data Governance framework and ensuring the definition and monitoring of the model risk governance framework;
performing level II monitoring and controls on credit quality, the composition and evolution of the various loan portfolios and the proper classification and measurement of individual exposures ("Single name" controls).

The Chief Risk Officer Governance Area structures implement the management and strategic guidelines along the Bank's entire decision-making process, down to individual operational units.

The Chief Compliance Officer

The Chief Compliance Officer reports directly to the Managing Director and CEO, and is independent from operating structures and separate from internal auditing; this function ensures the monitoring of regulatory compliance risk at Group level, covering both operational and reputational risk, including the risk of sanctions, losses or damage arising from improper conduct towards customers or such as to jeopardise the integrity and orderly functioning of the markets (so-called conduct risk).

The following functions report to the Chief Compliance Officer: (i) the Anti-Money Laundering ("AML") function, within the Anti Financial Crime Head Office Department, which has the tasks and responsibilities laid down in the regulations on anti-money laundering, counter-terrorism and monitoring of financial sanctions, anti-corruption and (ii) the Data Protection Officer function, within the Compliance Governance, Privacy and Controls Head Office Department, which performs the tasks assigned by data protection legislation.

The Chief Compliance Officer Governance Area performs the following tasks:

defining the guidelines and methodological rules for monitoring and assessing compliance risk;
identifying and assessing compliance risks and the related controls, and planning the necessary mitigation measures;
identifying the applicable regulations, assessing their impact on corporate processes and procedures and proposing the resulting organisational and procedural changes;
providing support to the corporate structures in all matters that might involve compliance risk and in the preliminary assessment of innovative projects, including the launching of new activities and the entry in new markets, of operations and new products and services to be placed on the market;
monitoring, ex post, the adequacy and effective application of internal processes and procedures and of the organisational changes implemented to prevent compliance risk; more broadly, monitoring compliance with external and internal regulations by the corporate structures;
fostering a corporate culture founded on the principles of honesty, fairness and respect for the spirit and the letter of the rules as well as the enhancement of technical and professional skills, including in the area of Digital knowledge;
managing relations with the Authorities with regard to compliance issues and non-compliance events.

The Chief Compliance Officer reports directly to the Governing Bodies and has access to all the Bank's activities, as well as any useful information for the performance of his/her duties.

The regulatory scope, including Environmental, Social and Governance issues (ESG factors) and the procedures for monitoring regulatory areas subject to significant compliance risks for the Group are defined in the Group Compliance Guidelines, in the Guidelines for combating money laundering and the financing of terrorism and for managing embargoes, in the Group Anti-corruption Guidelines and in the Guidelines on the protection of personal data of natural persons. The Chief Compliance Officer reports to the Corporate Bodies on the adequacy of compliance monitoring, with reference to all regulatory areas applicable to the Bank exposed to compliance risks.

The Guidelines establish the adoption of two distinct models in relation to guidance, coordination and control of the Group. These models are organised in such a way as to take into account the Group's structure in operational and territorial terms. In particular:

for specifically identified Italian Banks and Companies, whose operations are highly integrated with the Parent Company, the compliance supervision is centralised at the Parent Company;
for the other Companies, that have a legal obligation or have been specifically identified based on the business conducted, as well as the International Branches, an internal compliance/anti-money laundering function is established and a local Compliance/AML Officer is appointed who is responsible for these issues. The Compliance/AML Officers of the subsidiaries functionally report to the Chief Compliance Officer structures, while those of the International Branches, except where not permitted by local regulations, hierarchically report to the Chief Compliance Officer structures. Functional reporting is also in place for the local Data Protection Officers of Group Companies established in the European Union.

The Manager responsible for preparing the Company's financial reports and the monitoring of the financial reporting process

Pursuant to Article 154-bis of the Consolidated Law on Finance, Intesa Sanpaolo appoints a Manager responsible for preparing the Company's financial reports.

He/she meets specific professionalism requirements, namely appropriate mastery of financial accounting and management and control of the related administrative procedures, as required by the Articles of Association; he/she must also meet the integrity requirements established by the applicable regulations for the members of the control bodies of listed companies.

The Manager responsible for preparing the Company's financial reports has adequate powers and means for the performance of his/her functions; to this end, he/she relies on:

a dedicated organisational structure supporting him/her, which is adequate in terms of number and technical and professional skills;
the Administration, Regulatory Reporting & Tax Affairs structures;
the contribution:
formulating a prior opinion on the consistency of the Most Significant Transactions with the RAF,
performing level II monitoring and controls to monitor IT and security risk, as well as non-credit
continuously and iteratively validating risk measurement and management systems – used both to calculate capital requirements and for non-regulatory purposes – to assess their compliance with regulatory provisions, company operational needs and reference market demands and to manage the internal validation process at Group level; in this context, also guaranteeing the monitoring and validation of the Group Data Governance framework and ensuring the definition and monitoring of
performing level II monitoring and controls on credit quality, the composition and evolution of the various loan portfolios and the proper classification and measurement of individual exposures

The Chief Risk Officer Governance Area structures implement the management and strategic guidelines

defining the guidelines and methodological rules for monitoring and assessing compliance risk; - identifying and assessing compliance risks and the related controls, and planning the necessary
identifying the applicable regulations, assessing their impact on corporate processes and procedures
providing support to the corporate structures in all matters that might involve compliance risk and in the preliminary assessment of innovative projects, including the launching of new activities and the entry in new markets, of operations and new products and services to be placed on the market; - monitoring, ex post, the adequacy and effective application of internal processes and procedures and of the organisational changes implemented to prevent compliance risk; more broadly, monitoring
fostering a corporate culture founded on the principles of honesty, fairness and respect for the spirit and the letter of the rules as well as the enhancement of technical and professional skills, including
managing relations with the Authorities with regard to compliance issues and non-compliance events.

The Chief Compliance Officer reports directly to the Governing Bodies and has access to all the Bank's

ensuring that all the risk profiles associated with such Transactions are assessed;

along the Bank's entire decision-making process, down to individual operational units.

jeopardise the integrity and orderly functioning of the markets (so-called conduct risk).

The Chief Compliance Officer Governance Area performs the following tasks:

and proposing the resulting organisational and procedural changes;

compliance with external and internal regulations by the corporate structures;

activities, as well as any useful information for the performance of his/her duties.

areas applicable to the Bank exposed to compliance risks.

risks;

the model risk governance framework;

("Single name" controls).

The Chief Compliance Officer

protection legislation.

mitigation measures;

in the area of Digital knowledge;

of the corporate control functions and, in particular, the Internal Audit Function, which is responsible for conducting overall assurance activities over the internal control system as indicated in the "Integrated Internal Control System Regulation" and from which the said Manager acquires the outcomes of the activities carried out, in relation to the effects on the financial reporting process and on the reliability of corporate information;
of the other functions of the Parent Company and the Group companies.

The correctness of the company financial reports, the financial reporting process and the Consolidated Sustainability Statement are monitored in compliance with the provisions of Article 154-bis and its implementing provisions as well as the rules on the administration and accounting system applicable to corporations controlling non-EU companies (Article 15 of Consob Market Regulation no. 20249/2017).

Pursuant to the above-mentioned regulations, the Manager responsible for preparing the Company's financial reports provides Group-wide guidance and coordination in administrative matters and in the monitoring of the internal control system for accounting and financial reporting and supervises the fulfilment of the legal obligations with a Group-wide approach, defined by specific internal regulations.

Control over the financial reporting process is based on the review of:

the adequacy of the procedures followed to draft the company's financial reports and any other relevant financial disclosure pursuant to Article 154-bis. The audits focus on the controls implemented to oversee the work stages that, within corporate procedures, entail the recording, processing, evaluation and presentation of data and information contained in financial communications disseminated to the public. Equal importance is given to the IT architecture and applications used to manage such information, to information processing systems and to the development measures for data synthesis systems;
the completeness and consistency of the information disclosed to the market through the maintenance of a system of reports and information flows with the functions of the Parent Company

Art. 123 bis, 2, (b) CLF

and companies on the significant events for the purposes of financial reporting, especially as regards the main risks and uncertainties to which they are exposed.

Control over sustainability reporting process includes appropriate verification and monitoring activities to ensure that the Consolidated Sustainability Statement complies with the applicable legislation. The updating of internal regulations will be finalised during 2025 in line with the expected evolution of the relevant legislation.

Italian legislation refers to no predefined standards for assessing the adequacy of the administrative and accounting procedures and ensuring the effectiveness of the related internal control system and technology infrastructure. The international benchmarks – typically also used by independent auditors – are the COSO Framework¹ for internal control systems and the COBIT Framework² for information systems. Intesa Sanpaolo follows these benchmarks since they ensure uniformity of analysis and valuation methodologies with internationally accepted practice, based on authoritative references and widely recognised, regularly updated and accompanied by interpretative notes fostering smooth and straightforward dialogue with the regulators, the independent auditors, the relevant bodies and among the control functions.

In this regard, "financial reporting risk" is included in the Group's integrated risk taxonomy and has a measurement metric consistent with the principles of the "Integrated internal control system regulation". Lastly, it should be noted that to assess the adequacy of the relevant financial reporting processes, the Manager responsible for preparing the Company's financial reports uses the results of the controls carried out by the Structures reporting directly to him/her, by the Internal Audit Function and the other Corporate Control Functions. To this end, within the Group Control Coordination and Non-Financial Risks Committee, the Corporate Control Functions and the Manager responsible for preparing the Company's financial reports share their annual verification plans and their findings. Any critical issues arising from inspections conducted by external entities (Independent Auditors, Supervisory Authorities) relating to financial reporting risk are also gathered and assessed.

Legal Affairs – Group General Counsel

The Legal Affairs – Group General Counsel Head Office Department, in accordance with the organisational model, oversees legal risks at Group level. In particular:

it manages pre-litigation and litigation in and out of court for the Parent Company and for the Group companies on an outsourcing basis;
it monitors, steers and coordinates the management of Group litigation, assessing its risk, also together with the Chief Risk Officer, and reports on litigation to the Corporate Bodies of Intesa Sanpaolo;
it provides legal advice and assistance to the central structures of the Parent Company, Divisions and Group Companies on an outsourcing basis;
it defines guidelines, through directives and instructions, for the management of the Group's legal risk and collaborates with the Chief Risk Officer and the Chief Compliance Officer in defining those for the management of other risks;
it exercises guidance and coordination over the legal functions of the Divisions and Areas, and in general of the Group, which report functionally to the Head Office Department, and collaborates in the management of relations with the Supervisory Authorities;
it plays the role of validating function in POG and outsourcing governance processes;
it carries out, for the Chief Risk Officer, the prior assessment of the legal risks associated with the Most Significant Transactions.

¹ The COSO Framework was prepared by the Committee of Sponsoring Organizations of the Treadway Commission, the U.S. organisation dedicated to improving the quality of financial reporting through ethical standards and an effective corporate governance and organisation system. ² The COBIT Framework - Control OBjectives for IT and related technology - is a set of rules prepared by the IT Governance Institute, the U.S. organisation set up to define and improve the standards of corporate IT.

R. 33 e)

Members	Independent pursuant to Article 148(3) of the CLF	Independent pursuant to the Code	Attendance percentage at meetings
Paolo Vernero – Chair	X	X	100%
Andrea Cortellazzo	X	X	100%
Franco Dalla Sega	X	X	100%
Massimo Bianchi (alternate)	X	X	N/A
Elena Brero (alternate)	X	X	N/A
Oreste Cagnasso (alternate)	X	X	N/A

The Surveillance Body and the Organisational, Management and Control Model pursuant to Legislative Decree 231/2001

Duties and operation

and companies on the significant events for the purposes of financial reporting, especially as regards

The Legal Affairs – Group General Counsel Head Office Department, in accordance with the

it manages pre-litigation and litigation in and out of court for the Parent Company and for the Group
it monitors, steers and coordinates the management of Group litigation, assessing its risk, also together with the Chief Risk Officer, and reports on litigation to the Corporate Bodies of Intesa
it provides legal advice and assistance to the central structures of the Parent Company, Divisions
it defines guidelines, through directives and instructions, for the management of the Group's legal risk and collaborates with the Chief Risk Officer and the Chief Compliance Officer in defining those
it exercises guidance and coordination over the legal functions of the Divisions and Areas, and in general of the Group, which report functionally to the Head Office Department, and collaborates in
it carries out, for the Chief Risk Officer, the prior assessment of the legal risks associated with the

¹ The COSO Framework was prepared by the Committee of Sponsoring Organizations of the Treadway Commission, the U.S. organisation dedicated

to improving the quality of financial reporting through ethical standards and an effective corporate governance and organisation system. ² The COBIT Framework - Control OBjectives for IT and related technology - is a set of rules prepared by the IT Governance Institute, the U.S.

it plays the role of validating function in POG and outsourcing governance processes;

the main risks and uncertainties to which they are exposed.

relating to financial reporting risk are also gathered and assessed.

organisational model, oversees legal risks at Group level. In particular:

the management of relations with the Supervisory Authorities;

Legal Affairs – Group General Counsel

companies on an outsourcing basis;

for the management of other risks;

Most Significant Transactions.

organisation set up to define and improve the standards of corporate IT.

and Group Companies on an outsourcing basis;

relevant legislation.

the control functions.

Sanpaolo;

The Surveillance Body is responsible for supervising the effective implementation and proper operation of and compliance with the Organisational, Management and Control Model ("Model") pursuant to Italian Legislative Decree No. 231/2001, as well as for proposing its updating in order to improve its effectiveness in preventing criminal and administrative offences.

In performing its supervisory and control duties, the Body liaises and interacts directly with the heads of the Internal Auditing and Compliance Functions. Said function heads, within the scope of their responsibility, provide the Body with appropriate information and fact-finding support, thereby ensuring coordination between the various players of the internal control and risk management system set up in accordance with the Code of Corporate Governance. Coordination is strengthened by joint meetings held by the Body with a cooperation approach with the Management Control Committee and/or other Committees for issues of mutual interest, each within the scope of their responsibilities.

The Body is also required to submit, at least every six months, to the Board of Directors and to the Management Control Committee, a specific report on the adequacy of and compliance with the Model.

For each category of offences contemplated by Italian Legislative Decree No. 231/2001, it identifies "sensitive" company areas and, for each area, the company activities exposed to the risk of said offences being committed (so-called "sensitive activities"). For each sensitive activity, mandatory control principles and rules of conduct have been established for the people involved in those activities.

The Model is fully and effectively implemented in daily operations through the connection between each sensitive area and the dynamic management of processes and the reference internal regulations, which form an integral part of the Model itself.

The Model was last updated in November 2023.

In order to pursue its functions with total independence, the Body has autonomous spending powers based on an annual budget, approved by the Board subject to the prior favourable opinion of the same Body.

Composition and duties

The Body is composed of three individuals not belonging to Intesa Sanpaolo, who meet the specific professionalism, integrity and independence requirements laid down in the Model. Three alternate members are also appointed.

The Bank's choice to appoint a Body composed entirely of external members is intended to ensure and strengthen the Body's independence from the management functions, also in the light of the governance model adopted by the Bank.

R. 33 g)

The Board of Directors, in its meeting of 24 May 2022, appointed the Surveillance Body for the period 2022/2024, confirming its standing members.

The scope of activities, operational arrangements and duties of the Body, which met 12 times in 2024, in addition to being set out in the Model, are also detailed in the "Regulation for the Surveillance Body pursuant to Italian Legislative Decree 231/2001". The Regulation provides that the Chair may be appointed on an annual rotating basis from among its members. Accordingly, on 20 May 2024, the Body

appointed Paolo Vernero as Chair – confirming his role – with term of office until the date of the Shareholders' Meeting called to approve the financial statements as at 31 December 2024.

As for the specific activities carried out in 2024, the following highlights are provided:

monitoring of the implementation of the Code of Ethics and the social and environmental responsibility principles;
analysis of the periodic reports issued by the corporate control functions;
periodic meetings with the Human Resources function and the Internal Audit function to report on disciplinary measures imposed on employees;
analysis of the updates to the Guidelines for combating money laundering and the financing of terrorism and for managing embargoes and the Anti-Corruption Guidelines;
analysis of the Internal Audit function's Report on the controls carried out in 2023 on the essential or important functions outsourced outside the Group;
in-depth analysis by the Internal Audit Department on, among other matters, Financial Sanctions and the procedure for monitoring management body members holding offices in both the Parent Company and Subsidiaries;
review of the results of the checks carried out by the Internal Audit Department and the other competent corporate functions following reports made by the Body.

Furthermore, the Body, while considering that the Bank's Model as a whole is effectively implemented and is correctly and promptly updated to reflect regulatory changes and organisational evolutions, has deemed it appropriate to launch an extensive review of the Model, with the support of the Bank's competent structures, to confirm its continuing effectiveness. In particular, considering that the Model is a dynamic document and is one of the elements determining the adequacy of the Bank's organisational structures, and referring to the Bank's Business Plan, the Body decided to focus its examination on specific innovative areas such as (i) the protocols contained in the Model relating to the offences under Italian Legislative Decree 231 that are linked to ESG factors, and (ii) the protocols contained in the Model (and related processes) connected to the risk of computer crimes under Italian Legislative Decree 231, also in relation to the growing role of AI and digitalisation. This activity will be completed during the current financial year.

With regard to the promotion of the Model, Intesa Sanpaolo continued to implement the internal communication and staff training plan, to ensure that full knowledge of the topic and compliance with the rules become embedded in each employee's professional profile.

Furthermore, without prejudice to the separate responsibility of each Group company to adopt and implement their own models under Italian Legislative Decree 231/2001, the Bank, in its capacity as Parent Company, has established a series of guidelines on this topic for its subsidiaries covering, among other things, the appointment of the Surveillance Body, the preparation of staff training plans, the implementation of suitable controls for sensitive processes, and the submission of periodic reports to the Parent Company's compliance function.

The Surveillance Bodies of the subsidiaries are responsible for monitoring the functioning of the model adopted by each Company and the fulfilment of the obligations laid down in the regulations and for submitting their reports on the activities carried out, usually every six months, to the Management Control Committee and the Parent Company's Surveillance Body, in order to facilitate the exchange of information and allow for an improved and more effective supervision of the prevention measures within the individual corporate entities.

The Organisational, Management and Control Models adopted by Intesa Sanpaolo and the Group's Italian companies are available on the Bank's website.

Independent Auditing

Since Intesa Sanpaolo is a listed company (Public Interest Entity pursuant to the relevant regulations), the statutory auditing of its accounts must be carried out by an independent auditing firm (Independent Auditors). In the audit report, the independent auditors formalise their professional opinion on the annual and consolidated financial statements, formed following the auditing activities carried out and the conclusions reached on the basis of the audit findings acquired. The audit report also expresses an opinion on the consistency with the financial statements of the Report on Operations and of some specific information contained in the Report on Corporate Governance and Ownership Structures and on their compliance with regulatory requirements. In addition, the audit report includes an opinion on whether the financial statements comply with the provisions of Delegated Regulation (EU) 2019/815

("ESEF Regulation"). The audit report includes the "Key Audit Matters", i.e. the aspects that, according to the auditors' professional opinion, were most significant in the context of the audit of the financial statements in question. The independent auditors are also entrusted, on a voluntary basis, with the limited review of the consolidated half-yearly report and the consolidated interim statements.

appointed Paolo Vernero as Chair – confirming his role – with term of office until the date of the

monitoring of the implementation of the Code of Ethics and the social and environmental
periodic meetings with the Human Resources function and the Internal Audit function to report on
analysis of the updates to the Guidelines for combating money laundering and the financing of
analysis of the Internal Audit function's Report on the controls carried out in 2023 on the essential or
in-depth analysis by the Internal Audit Department on, among other matters, Financial Sanctions and the procedure for monitoring management body members holding offices in both the Parent
review of the results of the checks carried out by the Internal Audit Department and the other

With regard to the promotion of the Model, Intesa Sanpaolo continued to implement the internal communication and staff training plan, to ensure that full knowledge of the topic and compliance with

The Organisational, Management and Control Models adopted by Intesa Sanpaolo and the Group's

Shareholders' Meeting called to approve the financial statements as at 31 December 2024.

As for the specific activities carried out in 2024, the following highlights are provided:

analysis of the periodic reports issued by the corporate control functions;

competent corporate functions following reports made by the Body.

the rules become embedded in each employee's professional profile.

terrorism and for managing embargoes and the Anti-Corruption Guidelines;

disciplinary measures imposed on employees;

important functions outsourced outside the Group;

responsibility principles;

Company and Subsidiaries;

current financial year.

the Parent Company's compliance function.

Italian companies are available on the Bank's website.

the individual corporate entities.

Independent Auditing

With reference to the Consolidated Sustainability Reporting, included in the Report on Operations, the independent auditors perform limited assurance activities and provide, in their report pursuant to Article 14-bis of Italian Legislative Decree No. 39/2010, their conclusions on:

the Reporting's compliance with the provisions of Italian Legislative Decree No. 125 of 6 September 2024, which establishes the criteria for its drafting;
the Reporting's compliance with the disclosure requirements under Article 8 of Regulation (EU) 2020/852.

In order to monitor compliance with the laws governing independent auditing firms engaged for the auditing of the accounts of Group companies by ensuring the conditions to protect the independence of independent auditors, Intesa Sanpaolo applies the "Group Regulation for the granting of assignments to independent auditors and their networks" which established a supervision system to monitor the nature and eligibility of the proposed mandates for the provision of services by auditors and related parties.

The independent auditors are EY S.p.A. The firm was appointed for financial years 2021-2029 by the Ordinary Shareholders' Meeting of 30 April 2019, in line with the proposal set out by the Management Control Committee.

109

Part IV - Summary tables

Table no. 1: Composition of the Board of Directors and Committees

Board of Directors								Management Committee Control		Nomination Committee	Remuneration Committee		Sustainability Risks and Committee		Related Party Transactions Committee
Director	Age	In office since	Executive	Slate (1)	Independent (2)	No. of other pursuant to held article 17 169/2020 M.D. offices	(3)	Positi on (4)	on (3)	(3) Positi (4)	Positi (4) on	(3)	Positi (4) on	(3)	(4) Positi on	(3)
Chair
Gian Maria Gros-Pietro	83	09/05/2013		Ms		1	100%			100% M
Deputy Chair
Paolo Andrea Colombo	64	27/04/2016		Ms	X	2	100%			100% M	C	100%
Managing Director and CEO
Carlo Messina	62	29/09/2013	X	Ms			100%
Directors
Franco Ceruti	72	27/04/2016		Ms			100%				M	100%	M	100%
Anna Gatti	53	30/04/2019		ms	X	2	100%				M	100%
Liana Logiurato	56	29/04/2022		Ms	X		100%				M	100%			M	100%
Maria Mazzarella	74	27/04/2016		ms	X	1	100%			100% M					M	100%
Luciano Nebbia	71	30/04/2019		Ms		1	90%				M	100%
Bruno Maria Parigi	67	29/04/2022		Ms	X		100%						M	100%
Bruno Picca	74	09/05/2013		Ms		1	100%			100% M			M	100%
Livia Pomodoro	84	27/04/2016		Ms	X	2	100%			100% C
Maria Alessandra Stefanelli	61	30/04/2019		Ms	X		95%								M	92%
Paola Tagliavini	56	29/04/2022		Ms	X	1	100%						C	100%	M	100%
Daniele Zamboni	65	27/04/2016		ms	X		100%						M	100%	C	100%

Board of Directors								Management Committee Control		Nomination Committee		Remuneratio n Committee		Sustainability Risks and Committee		Related Party Transactions Committe
Director	Age	In office since	Executive	Slate (1)	Independent (2)	No. of other pursuant to held article 17 169/2020 M.D. offices	(3)	(4) Positi on	(3)	Positi (4) on	(3)	(4) Positi on	(3)	(4) Positi on	(3)	Positio (4) n	(3)
Alberto Maria Pisani	70	27/04/2016		ms	X		100%	C	100%
Roberto Franchini	69	27/04/2020		ms	X		100%	M	100%
Fabrizio Mosca	56	30/04/2019		Ms	X	3	100%	M	100%
Milena Teresa Motta	65	27/04/2016		Ms	X	1	100%	M	100%
Maria Cristina Zoppo	53	27/04/2016		Ms	X	3	100%	M	100%

(1) Ms = "majority" slate / ms = "minority" slate

(2) Independent pursuant to article 13.4 of the Articles of Association, the Italian Corporate Governance Code and article 148, paragraph 3, of the Consolidated Law on Finance

(3) Attendance percentage at, respectively, Board of Directors and Committees meetings

Position in the Committee: "C": Chair; "M": Member

(4)

Director	Position	E/NE	R Company/Entity
Gian Maria Gros-Pietro	Member, Executive Board Member, Executive Board Chair, Board of Directors Director Director Director Director Director	NE	• Associazione Bancaria Italiana Università Guido Carli Fondazione Felice Gianani ABI Servizi S.p.A. ASSONIME COTEC LUISS – FEBAF ABI – ISPI
Paolo Andrea Colombo	Chair, Board of Statutory Auditors Director	NE NE	• • S.r.l. Colombo Advisory Humanitas S.p.A.
Carlo Messina	Director Director		Associazione Bancaria Italiana Università Bocconi ABI –
Franco Ceruti	Chair, Board of Directors Chair, Board of Directors Chair, Board of Directors Director Director	NE NE NE	Intesa Sanpaolo Expo Institutional Contact S.r.l. (1) Fondazione per l'Innovazione del Terzo Settore 1) ( Intesa Sanpaolo Private Banking S.p.A. 1) Società Benefit Cimarosa 1 S.p.A. ( CCIAA Milano Monza Brianza Lodi
Anna Gatti	Director Director	NE NE	• • Wizz Air Holdings PLC WiZink Bank S.A.
Maria Mazzarella Liana Logiurato	Director Director	NE	• International Alumni Association Finance for Food S.p.A. Business School - IMD

Table no. 2: List of other management and control offices of Board Directors in other companies and entities

Board of Directors

Director Alberto Maria Pisani

Roberto Franchini 69

Fabrizio Mosca 56

Milena Teresa Motta

Maria Cristina Zoppo

(1) Ms = "majority" slate / ms = "minority" slate

(2) Independent pursuant to article

(4)

Position in the Committee: "C": Chair; "M": Member

(3) Attendance percentage at, respectively, Board of Directors and Committees meetings

13.4 of the Articles of Association, the Italian Corporate Governance Code and article

148, paragraph 3, of the Consolidated Law on Finance

27/04/2016

30/04/2019

27/04/2020

27/04/2016

ms ms Ms Ms Ms

100%

100

100%

Age

In office since

Executive

Slate (1)

Independent

No. of other

offices held pursuant to

article 17

(3)

Positi on (4)

(3)

Positi on (4)

(3)

Positi on (4)

(3)

Positi on (4)

(3)

n (4)

Positio

(3)

M.D.

169/2020

(2)

Management

Nomination

Remuneratio

Risks and

Related Party

Transactions

Committe

Sustainability

Committee

n Committee

Committee

Control

Committee

Luciano Nebbia	Deputy Chair, Board of Directors	NE	• Equiter S.p.A.
Bruno Maria Parigi	-
Bruno Picca	Director	NE	• Voluntary Scheme - Interbank Deposit Protection Fund
Livia Pomodoro	Member, Executive Board Member, Executive Board Chair, Board of Directors Chair, Board of Directors Chair, Executive Board Director Director	NE NE	• • Sustainability and Inclusion for Food S.r.l. NO'HMA IN CAMMINO Milan Center for Food Law and Policy Spazio Teatro No'hma Fondazione Sodalitas Touring Club Italiano Giubileo 2025 – Febo S.p.A.
Maria Alessandra Stefanelli	-
Paola Tagliavini	Director	NE	• Rai Way S.p.A.
Daniele Zamboni	-
Alberto Maria Pisani	-
Roberto Franchini	Executive Board Chair, Board of Auditors Member,		Fondazione per l'infanzia Ronald Mc Donald Italia British Chamber of Commerce for Italy (*)
Fabrizio Mosca	Chair, Board of Statutory Auditors Chair, Board of Statutory Auditors Chair, Board of Statutory Auditors Chair, Board of Statutory Auditors Chair, Board of Statutory Auditors Sole Director	NE NE NE NE NE E	• • (2) Mindicity S.r.l. Società Benefit Bolaffi Metalli Preziosi S.p.A. (2) Diasorin Italia S.p.A. Aste Bolaffi S.p.A. (2) Bolaffi S.p.A. Fly S.r.l. (**)

Milena Teresa Motta	Director	NE	• Strategie & Innovazione S.r.l.
Maria Cristina Zoppo	Chair, Board of Directors Standing Auditor Director	NE NE NE	• • • S.A.M.I. S.p.A. Newlat Food S.p.A. S.p.A. Michelin Italiana REAM SGR

Luciano Nebbia

Bruno Maria Parigi

Bruno Picca Livia Pomodoro

Director Chair, Executive Board

Member, Executive Board

Director

Febo S.p.A.

Touring Club Italiano

Spazio Teatro No'hma

Sustainability and Inclusion for Food S.r.l.

Giubileo 2025 –

NO'HMA IN CAMMINO

Director

Chair, Board of Directors

Member, Executive Board

Maria Alessandra Stefanelli

Paola Tagliavini

Daniele Zamboni

Alberto Maria Pisani

Roberto Franchini

Fabrizio Mosca

Chair, Board of Auditors

Fondazione per l'infanzia Ronald Mc Donald Italia

British Chamber of Commerce for Italy (*)

Member,

Executive Board

Chair, Board of Statutory Auditors

Bolaffi S.p.A. (2)

•

Aste Bolaffi S.p.A.

(2) Bolaffi Metalli Preziosi S.p.A.

(2)

Fly S.r.l. (**)

Diasorin Italia S.p.A.

•

Mindicity S.r.l. Società Benefit

Chair, Board of Statutory Auditors

Sole Director

Chair, Board of Statutory Auditors

Director

Rai Way S.p.A.

•

Interbank Deposit Protection Fund

Milan Center for Food Law and Policy

Fondazione Sodalitas

Voluntary Scheme

•

Deputy Chair, Board of Directors NE

Equiter S.p.A.

•

E/NE = Executive/Non Executive

R = Positions relevant pursuant to article 17, Ministerial Decree no. 169/2020

(1) Companies belonging to Intesa Sanpaolo Group
- (2) Companies belonging to Bolaffi Group
(*) No-profit entity with registered office in the United Kingdom
(**) company incorporated at the exclusive aim of managing personal economic interests

117

Appendix

Table no. 1: "Check List"

Article 1. Role of the board of directors ✓ P I The board of directors leads the company by pursuing its page 51, 53 sustainable success. ✓ P II The board of directors defines the strategies of the company and page 51 the group it heads in accordance with principle I and monitors its implementation. ✓ P III The board of directors defines the corporate governance system page 51, 58, 65 that is most functional for carrying out the company's business and pursuing its strategies, taking into account the flexibility offered by the legal framework. If necessary, the board of directors evaluates and promotes the appropriate changes and submit them to the shareholders' meeting when such changes are necessarily subject to the shareholders' vote. ✓ P IV The board of directors promotes dialogue with shareholders and page 44, 45 other stakeholders which are relevant for the company, in the most appropriate way. R 1 The board of directors: ✓ a) reviews and approves the business plan of the company and page 51, 52 the group it heads, also on the basis of matters that are relevant for the long-term value generation. That analysis is carried out with the possible support of a committee whose composition and functions are defined by the board of directors; ✓ b) periodically monitors the implementation of the business plan page 52 and assesses the general course of the business, comparing the results achieved with those planned; ✓ c) defines the nature and level of risk compatible with the page 52 company's strategic objectives, including all the elements that can be relevant for the company's sustainable success; ✓ d) defines the corporate governance system of the company and page 52 the structure of the group it heads, and assesses the adequacy of the company's organisational, administrative and accounting structure and of its strategically important subsidiaries, with particular reference to the internal control and risk management system; ✓ e) approves transactions of the company and its subsidiaries that page 53 have a significant impact on the company's strategies, profitability, assets and liabilities or financial position; to this end, it establishes










the general criteria for identifying significant transactions;
✓ f) on proposal of the chair in agreement with the chief executive page 45, 52, 67, officer, adopts a procedure for the internal and external 85 management of documents and information concerning the company, with particular reference to inside information, in order to ensure the correct management of corporate information.
✓ R 2 If deemed necessary for the effectiveness of the company's page 41, 52, 58, corporate governance system, the board of directors develops 65 specific proposals to be submitted to the shareholders' meeting on the following issues: a) choice and characteristics of the corporate model (traditional,

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	"one-tier", "two-tier"); b) size, composition and appointment of the board of directors and term of office of its members; c) structure of the shares' administrative and property rights; d) percentages established for the exercise of the prerogatives set up to safeguard minority shareholders. In particular, if the board of directors intends to propose to the shareholders' meeting the introduction of increased voting rights (so-called "voto maggiorato"), it provides adequate reasons in the report that will be submitted to the shareholders prior to their annual meeting. The report indicates the expected effects on the company's ownership and control structure and its future strategies. In the same report, the board discloses the decision-making process followed for the definition of such a proposal and any dissenting opinions voiced within the board.
R 3	Upon proposal of the chair in agreement with the chief executive officer, the board of directors adopts and describes in the corporate governance report a policy for managing dialogue with the generality of shareholders, taking also into account the engagement policies adopted by institutional investors and asset managers. The chair ensures that the board of directors is in any case informed, within the first suitable meeting, of the development and the significant contents of the dialogue that has taken place with all the shareholders.	✓ ✓	page 44
	Article 2. Composition of the corporate bodies
P V	The board of directors is comprised of executive and non executive directors. All directors ensure professional skills and competence that are appropriate to their tasks.	✓	page 54, 59, 60
P VI	The number and skills of non-executive directors ensure significant influence in the decision-making process of the board and guarantee an effective monitoring of management. A significant number of non-executive directors is independent.	✓	page 54, 69
P VII	The company applies diversity criteria, including gender ones, to the composition of the board of directors, ensuring the primary objective of adequate competence and professionalism of its members.	✓	page 54
P VIII	The control body's composition is appropriate for ensuring the independence and professionalism of its function.	✓	page 71, 72
R 4	The board of directors defines the delegation of managerial powers and identifies who among the executive directors holds the position of chief executive officer. If the chair is entrusted with the position of chief executive officer or with significant managerial powers, the board of directors explains the reasons for this choice.	✓	page 51, 53, 59
R 5	The number and skills of independent directors are appropriate to the needs of the company and to the well-functioning of the board of directors, as well as to the establishment of board committees.	✓	page 54, 60
	The board of directors includes at least two independent directors, other than the chair.	✓
	In large companies with concentrated ownership, independent directors account for at least one third of the board. (*)

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	In other large companies, independent directors account for at least half of the board.	✓
	In large companies, independent directors meet, in the absence of the other directors, on a periodic basis and at least once a year to evaluate the issues deemed of interest to the functioning of the board of directors and to the corporate management.	✓	page 62
R 6	The board of directors assesses the independence of each non executive director immediately after his or her appointment. The assessment is renewed during the mandate upon the occurrence of circumstances that concern his or her independence and at least once a year.	✓	page 61
	Each non-executive director provides all the elements necessary or useful for the assessment of the board of directors. On the basis of all the information available, the board considers any circumstance that affects or could affect the independence of the director.	✓
R 7	The circumstances that jeopardise, or appear to jeopardise, the independence of a director are at least the following: a) if he or she is a significant shareholder of the company; b) if he or she is, or was in the previous three financial years, an executive director or an employee: - of the company, of its subsidiary having strategic relevance or of a company subject to joint control; - of a significant shareholder of the company; c) if he or she has, or had in the previous three financial years, a significant commercial, financial or professional relationship, directly or indirectly (for example through subsidiaries, or through companies of which he or she is an executive director, or as a partner of a professional or a consulting firm): - with the company or its subsidiaries, or with their executive directors or top management; - with a subject who, also together with others through a shareholders' agreement, controls the company; or, if the control is held by a company or another entity, with its executive directors or top management; d) if he or she receives, or received in the previous three financial years, from the company, one of its subsidiaries or the parent company, significant remuneration other than the fixed remuneration for the position held within the board and for the membership in the committees recommended by the Code or required by law; e) if he or she has served on the board for more than nine years, even if not consecutive, of the last twelve years; f) if he or she holds the position of executive director in another company whereby an executive director of the company holds the office of director; g) if he or she is a shareholder, quota-holder or director of a company or other legal entity belonging to the network of the external auditor of the company; h) if he or she is a close relative of a person who is in any of the circumstances set forth in previous letters. The board of directors defines ex ante, at least at the beginning of its mandate, the quantitative and qualitative criteria for assessing	✓ ✓	page 60, 61
	the significance of the situations set forth above in letters c) and d). If the director is also a partner in a professional or a consulting firm, the board of directors assesses the significance of the professional relationships that may have an effect on his or her position and role within the professional or the consulting firm and

b) size, composition and appointment of the board of directors and

In particular, if the board of directors intends to propose to the shareholders' meeting the introduction of increased voting rights (so-called "voto maggiorato"), it provides adequate reasons in the report that will be submitted to the shareholders prior to their annual meeting. The report indicates the expected effects on the company's ownership and control structure and its future strategies. In the same report, the board discloses the decision-making process followed for the definition of such a proposal and any

c) structure of the shares' administrative and property rights; d) percentages established for the exercise of the prerogatives set

R 3 Upon proposal of the chair in agreement with the chief executive officer, the board of directors adopts and describes in the corporate governance report a policy for managing dialogue with the generality of shareholders, taking also into account the engagement policies adopted by institutional investors and asset

P V The board of directors is comprised of executive and nonexecutive directors. All directors ensure professional skills and

P VI The number and skills of non-executive directors ensure significant influence in the decision-making process of the board and guarantee an effective monitoring of management. A significant number of non-executive directors is independent.

P VII The company applies diversity criteria, including gender ones, to the composition of the board of directors, ensuring the primary objective of adequate competence and professionalism of its

P VIII The control body's composition is appropriate for ensuring the independence and professionalism of its function.

R 4 The board of directors defines the delegation of managerial powers and identifies who among the executive directors holds the position of chief executive officer. If the chair is entrusted with the position of chief executive officer or with significant managerial powers, the board of directors explains the reasons

R 5 The number and skills of independent directors are appropriate to the needs of the company and to the well-functioning of the board of directors, as well as to the establishment of board committees.

directors account for at least one third of the board. (*)

The board of directors includes at least two independent

In large companies with concentrated ownership, independent

competence that are appropriate to their tasks.

The chair ensures that the board of directors is in any case informed, within the first suitable meeting, of the development and the significant contents of the dialogue that has taken place with all

"one-tier", "two-tier");

managers.

members.

for this choice.

directors, other than the chair.

the shareholders.

Article 2. Composition of the corporate bodies

term of office of its members;

up to safeguard minority shareholders.

dissenting opinions voiced within the board.

Applied with

adaptations as

✓

appropriate

Not applied

Page of Report

page 44

✓ page 54, 59, 60

✓ page 54, 69

✓ page 54

✓ page 71, 72

✓ page 54, 60

✓

✓ page 51, 53, 59

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	in any event those pertaining to important transactions of the company and the group it heads, even regardless of the quantitative parameters.
	The chair of the board of directors, who has been nominated for such role according to recommendation 23, can be assessed as independent if none of the circumstances set forth above occurs. If the independent chair is member of the board committees recommended by the Code, such committees are made up in majority of independent directors, other than the chair. The independent chair of the board of directors cannot chair the remuneration committee and the control and risk committee.	✓
R 8	The company defines the diversity criteria for the composition of the board of directors and the control body and identifies the most suitable tool for their implementation, taking into account its ownership structures.	✓	page 54, 55, 71, 91
	At least a third of the board of directors and the control body, where the latter is autonomous, is to be comprised of members of the less represented gender.	✓
	Companies adopt measures to promote equal treatment and opportunities among genders within the entire organisation, monitoring their specific implementation.	✓
R 9	All members of the control body meet the independence requirements set out in recommendation 7 for directors. The independence assessment is carried out, with the timing and manner provided for by recommendation 6, by the board of directors or by the control body; such an assessment is based on the information provided by each member of the control body.	✓	page 61, 72
R 10	The outcome of the assessments of independence of directors and members of the control body referred to in recommendations 6 and 9 is disclosed to the market immediately after the appointment through a specific press release and, later, in the corporate governance report. In both cases, the outcome of the assessment provides information about: the criteria used for the assessment of the significance of the relationships and, in case of any deviation from the circumstances set forth in recommendation 7, a clear and detailed reason for this choice motivated by the individual situation and characteristics of the director concerned.	✓	page 61, 72
Article 3. Functioning of the board of directors and the role of the chair
P IX	The board of directors defines the rules and procedures for its functioning, ensuring an efficient flow of information to directors.	✓	page 51, 66, 67, 69
P X	The chair of the board of directors plays a liaison role between executive and non-executive directors and ensures the effective functioning of the board.	✓	page 58, 67, 68
P XI	The board of directors ensures an adequate division of its functions and establishes board committees with preliminary, propositional and consultative functions.	✓	page 51, 77

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
P XII	Each director ensures adequate time commitment for the fulfilment of their board responsibilities.	✓	page 60, 62, 63, 72
R 11	The board of directors develops internal rules that define the functioning of the board and its committees, including the means for recording the minutes of the meetings and the procedures for providing information to directors. These procedures identify the prior notice for the submission of the documentation, ensuring that confidentiality issues are properly managed without affecting the timeliness and completeness of the flow of information.	✓	page 51, 66, 67, 73, 77, 85
	The corporate governance report provides adequate information on the main contents of the board of director's internal rules and on compliance with the procedures aimed at ensuring the timeliness and adequacy of the information provided to the directors.	✓
R 12	The chair of the board of directors, with the help of the board secretary, ensures that:
	a) the pre-meeting information and the complementary information provided during the meeting are suitable to allow directors to act in an informed manner;	✓	page 58, 67
	b) the activity of the board committees with preliminary, propositional and consultative functions is coordinated with the activity of the board of directors;	✓	page 58, 67
	c) in agreement with the chief executive officer, the managers of the company and those of the companies of the group it heads, who are competent on the issues concerned, participate in the relevant board meetings to provide appropriate insights on the items on the agenda, also upon request of one or more directors;	✓	page 58, 69
	d) all the members of the board of directors and control body can take part, after the appointment and during the mandate, in initiatives aimed at providing them with adequate knowledge of the industry in which the company operates, the company dynamics and their evolution, also in relation to the company's sustainable success. Such initiatives also cover the risk management issues as well as any relevant part of the regulatory and self-regulatory framework;	✓	page 63
	e) to provide for the adequacy and transparency of the board review, with the support of the nomination committee.	✓	page 65
R 13	The board of directors appoints an independent director as lead independent director: a) if the chair of the board of directors is the chief executive officer or holds significant managerial powers; b) if the office of chair is held by the person who controls, also jointly, the company; c) in large companies, even in the absence of the conditions indicated in letter a) and b), if requested by the majority of independent directors.	✓	page 62

quantitative parameters.

ownership structures.

the less represented gender.

monitoring their specific implementation.

in any event those pertaining to important transactions of the company and the group it heads, even regardless of the

The chair of the board of directors, who has been nominated for such role according to recommendation 23, can be assessed as independent if none of the circumstances set forth above occurs. If the independent chair is member of the board committees recommended by the Code, such committees are made up in majority of independent directors, other than the chair. The independent chair of the board of directors cannot chair the remuneration committee and the control and risk committee.

R 8 The company defines the diversity criteria for the composition of the board of directors and the control body and identifies the most suitable tool for their implementation, taking into account its

At least a third of the board of directors and the control body, where the latter is autonomous, is to be comprised of members of

Companies adopt measures to promote equal treatment and opportunities among genders within the entire organisation,

R 9 All members of the control body meet the independence requirements set out in recommendation 7 for directors. The independence assessment is carried out, with the timing and manner provided for by recommendation 6, by the board of directors or by the control body; such an assessment is based on the information provided by each member of the control body.

R 10 The outcome of the assessments of independence of directors and members of the control body referred to in recommendations 6 and 9 is disclosed to the market immediately after the appointment through a specific press release and, later, in the corporate governance report. In both cases, the outcome of the assessment provides information about: the criteria used for the assessment of the significance of the relationships and, in case of any deviation from the circumstances set forth in recommendation 7, a clear and detailed reason for this choice motivated by the individual situation and characteristics of the director concerned.

Article 3. Functioning of the board of directors and the role of the chair

P IX The board of directors defines the rules and procedures for its functioning, ensuring an efficient flow of information to directors.

P X The chair of the board of directors plays a liaison role between executive and non-executive directors and ensures the effective

P XI The board of directors ensures an adequate division of its functions and establishes board committees with preliminary,

functioning of the board.

propositional and consultative functions.

Applied with

adaptations as

✓

appropriate

Not applied

Page of Report

✓ page 54, 55, 71, 91

✓ page 61, 72

✓ page 51, 66, 67, 69

✓ page 58, 67, 68

✓ page 51, 77

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
R 14	The lead independent director: a) collects and coordinates the requests and contributions of non executive directors and, in particular, of independent ones; b) coordinates the meetings of the independent directors.	✓	page 62
R 15	In large companies, the board of directors expresses its guidelines on the maximum number of offices that can be considered compatible with an effective performance and the time commitment required by the role of the directors. The relevant offices are those held in corporate bodies of other listed companies and of companies having a significant size.	✓	page 62, 63, 72
R 16	The board of directors sets up internal committees with preliminary, propositional and consultative functions regarding appointments, remuneration and control and risks. These functions can be either assigned to the three board committees recommended by the Code or distributed in a different manner or even combined in a single committee. In any case, the company ensures an adequate disclosure on the tasks and activities carried out by each of the assigned functions, as well as an adequate composition of each committee.	✓	page 51, 77
	The functions of one or more committees can even be assigned to the board of directors, under the coordination of the chair, provided that: a) independent directors represent at least half of the board; b) the board dedicates adequate sessions to the performance of such functions. (*)
	In the event that the functions of the remuneration committee are assigned to the board of directors, the last paragraph of recommendation 26 applies. (*)
	Companies other than large ones may assign the functions of the control and risk committee to the board of directors even in absence of the condition set forth above in letter a). (*)
	Companies with concentrated ownership, even large ones, can assign the functions of the nomination committee to the board of directors even in absence of the condition set forth above in letter a). (*)
R 17	The board of directors defines the tasks of the committees and their composition, favouring the competence and experience of their members and avoiding, in large companies, an excessive concentration of offices.	✓	page 53, 77
	Each committee is coordinated by a chair who informs the board of directors about the committee's activities at the first useful board meeting.	✓	page 69, 77
	The chair of the committee may invite the chair of the board of directors, the chief executive officer, the other directors and, by informing the chief executive officer, the managers of the corporate functions that are competent on the matters of the committee meeting, to individual committee's meetings. The members of the control body can attend the meetings of each committee.	✓	page 78

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	Board committees can have access to the information and the corporate functions that are necessary for the performance of their duties. Board committees have adequate financial resources and can avail themselves of external consultants according to the conditions set forth by the board of directors.	✓	page 78
R 18	The board of directors, upon proposal of the chair, provides for the appointment and dismissal of the board secretary and defines his or her professional requirements and attributes in the board's internal rules.	✓	page 66, 70
	The board secretary supports the activities of the chair and provides impartial assistance and advice to the board of directors on all aspects relevant to the proper functioning of the corporate governance system.	✓
	Article 4. Appointment of directors and board evaluation
P XIII	The board of directors ensures, within its competence, that the process of appointment and succession of directors is transparent and functional to achieve the optimal composition of the board according to the principles set forth in Article 2.	✓	page 55, 57, 59
P XIV	The board of directors periodically evaluates, through formalised procedures, its effectiveness and the contribution made by individual directors. The implementation of the board evaluation procedures is supervised by the board itself.	✓	page 65, 76
R 19	The board of directors entrusts the nomination committee to support it on:
	a) the evaluation of the board and its committees; b) the definition of the optimal composition of the board and its	✓ ✓	page 78 page 78
	committees; c) the identification of candidates in case of the director's co	✓	page 78
	optation; d) the possible submission of a slate by the outgoing board, ensuring the transparency of the process that led to the slate's	✓	page 55
	structure and proposition; e) the development, updating and implementation of succession plan for the chief executive officer and the other executive directors.	✓	page 78
R 20	The majority of directors of the nomination committee are independent.	✓	page 77
R 21	The board evaluation assesses the size, composition and functioning of the board and its committees. It includes also the board's active involvement in the definition of the company's strategy and in the monitoring of the management of the company's business as well as the appropriateness of the internal control and risk management system.	✓	page 65, 76
R 22	The board evaluation is conducted at least every three years, before the renewal of the board of directors.	✓	Page 65, 76
	In large companies other than those with concentrated ownership, the board evaluation is conducted on an annual basis and can be diversified according to the term of the board's mandate. In such companies, the board considers whether to appoint an external facilitator for its evaluation at least once every three years.	✓

a) collects and coordinates the requests and contributions of nonexecutive directors and, in particular, of independent ones; b) coordinates the meetings of the independent directors.

R 15 In large companies, the board of directors expresses its guidelines on the maximum number of offices that can be considered compatible with an effective performance and the time commitment required by the role of the directors. The relevant offices are those held in corporate bodies of other listed

companies and of companies having a significant size.

adequate composition of each committee.

provided that:

a). (*)

such functions. (*)

recommendation 26 applies. (*)

concentration of offices.

board meeting.

committee.

R 16 The board of directors sets up internal committees with preliminary, propositional and consultative functions regarding appointments, remuneration and control and risks. These functions can be either assigned to the three board committees recommended by the Code or distributed in a different manner or even combined in a single committee. In any case, the company ensures an adequate disclosure on the tasks and activities carried out by each of the assigned functions, as well as an

The functions of one or more committees can even be assigned to the board of directors, under the coordination of the chair,

In the event that the functions of the remuneration committee are assigned to the board of directors, the last paragraph of

Companies other than large ones may assign the functions of the control and risk committee to the board of directors even in

Companies with concentrated ownership, even large ones, can assign the functions of the nomination committee to the board of directors even in absence of the condition set forth above in letter

Each committee is coordinated by a chair who informs the board of directors about the committee's activities at the first useful

The chair of the committee may invite the chair of the board of directors, the chief executive officer, the other directors and, by informing the chief executive officer, the managers of the corporate functions that are competent on the matters of the committee meeting, to individual committee's meetings. The members of the control body can attend the meetings of each

absence of the condition set forth above in letter a). (*)

R 17 The board of directors defines the tasks of the committees and their composition, favouring the competence and experience of their members and avoiding, in large companies, an excessive

a) independent directors represent at least half of the board; b) the board dedicates adequate sessions to the performance of

R 14 The lead independent director:

Applied with

adaptations as

appropriate

Not applied

✓ page 62

✓ page 62, 63, 72

✓ page 51, 77

✓ page 53, 77

✓ page 69, 77

✓ page 78

Page of Report

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
R 23	In companies other than those with concentrated ownership, the board of directors: - sets forth guidelines on board composition deemed optimal before its renewal, considering the outcome of the board evaluation; - requires anyone submitting a slate with a number of candidates that is higher than half the number of members to be elected to provide adequate information on the compliance of the slate with the board guidelines mentioned above, and with the board diversity criteria set forth in principle VII and recommendation 8. In such cases, the slate also identifies its candidate for the chairmanship of the board, whose appointment is conducted according to the company's bylaws. All the information mentioned in this paragraph are disclosed in the documentation attached to the slate during its filing process. The board guidelines are published on the company's website before the publication of the notice of the shareholders' meeting convened for the board's renewal. They identify the managerial and professional profiles and the skills deemed necessary, having due consideration of the company's sectoral characteristics, the board diversity criteria set forth in principle VII and recommendation 8 as well as the board guidelines on the maximum number of offices set forth in recommendation 15.	✓ ✓	page 55, 57
R 24	In large companies, the board of directors: - elaborates, with the support of the nomination committee, a plan for the succession of the chief executive officer and executive directors by identifying, at least, the procedures to be followed in the event of an early termination of office; − ascertains the existence of appropriate procedures for the	✓ ✓	page 59, 78
	succession of the top management.
	Article 5. Remuneration
P XV	The remuneration policy for directors, members of the control body and the top management contributes to the pursuit of the company's sustainable success and takes into account the need to have, retain and motivate people with the competence and professionalism deemed adequate for their role.	✓	page 86
P XVI	The remuneration policy is developed by the board of directors through a transparent procedure.	✓	page 53, 79, 86
P XVII	The board of directors ensures that the remuneration paid and accrued is consistent with the principles and criteria defined in the policy, considering the results achieved and any other circumstances relevant for its implementation.	✓	page 53, 80
R 25	The board of directors entrusts the remuneration committee with the task of: a) supporting it in the development of the remuneration policy; b) submitting proposals or expressing opinions on the remuneration of executive directors and other directors who hold specific responsibilities, as well as on the setting of performance objectives related to the variable component of this remuneration; c) monitoring the actual application of the remuneration policy and verifying the effective achievement of the performance objectives; d) periodically assessing the adequacy and overall consistency of the remuneration policy for directors and the top management.	✓ ✓ ✓ ✓	page 79, 86 page 79 page 80 page 80

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	In order to have people with adequate competence and professionalism, the remuneration of executive and non-executive directors and of the members of the control body is defined with due consideration of the remuneration practices that are common with regards to the company's reference sectors and size. It also considers comparable international practices, with the possible support of an independent consultant.	✓	page 86
R 26	The remuneration committee is made up of non-executive directors, the majority of whom are independent, and is chaired by an independent director. At least one member of the committee has adequate knowledge and experience in financial matters or remuneration policies; such skills are assessed by the board of directors before his or her appointment.	✓	page 77, 79
	No director takes part in the meetings of the remuneration committee in which proposals relating to his or her remuneration are made.	✓	page 80
R 27	The remuneration policy for executive directors and the top management defines: a) a balance between the fixed and the variable component which is consistent with the company's strategic objectives and risk management policy. Consistency is assessed taking into consideration the business's characteristics and the industry of the company. The variable component has in any case a significant weight on the overall remuneration; b) caps to the variable components; c) performance objectives, to which is linked the payment of the variable components, that are predetermined, measurable and predominantly linked to the long-term horizon. They are consistent with the company's strategic objectives and with the aim of promoting its sustainable success and includes non financial parameters, where relevant; d) an adequate deferral of a significant part of the variable component that has been already accrued. Such a deferral period is consistent with the company's business activity and its risk profile; e) provisions that enable the company to recover and/or withhold, in whole or in part, the variable components already paid-out or due, where they were based on data which subsequently proved to be manifestly misstated. The company can identify other circumstances in which such provisions are applied; f) clear and predetermined rules for possible termination payments, establishing a cap to the total amount that might be paid out. The cap is linked to a certain amount or a certain number of years of remuneration. No indemnity is paid out if the termination of the office is motivated by director's objectively inadequate results.	✓	page 86
R 28	The share-based remuneration plans for executive directors and the top management are aligned with the interests of the shareholders over a long-term horizon, providing that a predominant part of the plan has an overall vesting and holding period of at least five years.	✓	page 87

board of directors:

the slate during its filing process.

R 24 In large companies, the board of directors:

succession of the top management.

through a transparent procedure.

Article 5. Remuneration

the task of:

the event of an early termination of office;

evaluation;

R 23 In companies other than those with concentrated ownership, the

sets forth guidelines on board composition deemed optimal before its renewal, considering the outcome of the board
requires anyone submitting a slate with a number of candidates that is higher than half the number of members to be elected to provide adequate information on the compliance of the slate with the board guidelines mentioned above, and with the board diversity criteria set forth in principle VII and recommendation 8. In such cases, the slate also identifies its candidate for the chairmanship of the board, whose appointment is conducted according to the company's bylaws. All the information mentioned in this paragraph are disclosed in the documentation attached to

The board guidelines are published on the company's website before the publication of the notice of the shareholders' meeting convened for the board's renewal. They identify the managerial and professional profiles and the skills deemed necessary, having due consideration of the company's sectoral characteristics, the board diversity criteria set forth in principle VII and recommendation 8 as well as the board guidelines on the maximum number of offices set forth in recommendation 15.

elaborates, with the support of the nomination committee, a plan for the succession of the chief executive officer and executive directors by identifying, at least, the procedures to be followed in

− ascertains the existence of appropriate procedures for the

P XV The remuneration policy for directors, members of the control body and the top management contributes to the pursuit of the company's sustainable success and takes into account the need to have, retain and motivate people with the competence and

P XVI The remuneration policy is developed by the board of directors

P XVII The board of directors ensures that the remuneration paid and accrued is consistent with the principles and criteria defined in the policy, considering the results achieved and any other

R 25 The board of directors entrusts the remuneration committee with

a) supporting it in the development of the remuneration policy; b) submitting proposals or expressing opinions on the remuneration of executive directors and other directors who hold specific responsibilities, as well as on the setting of performance objectives related to the variable component of this remuneration; c) monitoring the actual application of the remuneration policy and verifying the effective achievement of the performance objectives; d) periodically assessing the adequacy and overall consistency of the remuneration policy for directors and the top management.

professionalism deemed adequate for their role.

circumstances relevant for its implementation.

Applied with

adaptations as

✓

✓ ✓

✓

appropriate

Not applied

Page of Report

✓ page 55, 57

✓ page 59, 78

✓ page 86

✓ page 53, 79, 86

page 79, 86 page 79

page 80

✓ page 53, 80

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
R 29	The remuneration of non-executive directors is adequate to the competence, professionalism and commitment required by their role within the board of directors and its committees; this remuneration is not related to financial performance objectives, except for a non-significant part.	✓	page 86
R 30	The remuneration of the members of the control body is adequate to the competence, professionalism and commitment required by their role and the company's size, industry and current situation.	✓	page 86
R 31	On the occasion of the termination of office and/or dissolution of the relationship with an executive director or general manager, a press release is published as soon as the internal processes that led to the assignment or the recognition of any indemnities and/or other benefits has been concluded. The press release provides for detailed information on: a) the assignment or the recognition of indemnities and/or other benefits, the circumstances that justify their accrual (e.g. due to the expiration of the term of office, its termination or a settlement agreement) and the decision-making process followed for this purpose within the company; b) the total amount of the indemnity and/or other benefits, the related components (including non-monetary benefits, the vesting of rights connected with incentive plans, the compensation for non-competitive commitments or any other remuneration allocated to any reason and in any form) and the timing of their disbursement (distinguishing the part paid immediately from the part subject to deferral mechanisms); c) the application of any claw-back or malus clauses; d) the compliance of the elements indicated in letters a), b) and c) consistently with the remuneration policy, with a clear indication of the reasons and the decision-making process followed in the event of non-compliance, even if only partial, with the policy itself; e) the procedures that have been or will be followed for the replacement of the executive director or the general manager whose office has been terminated.	✓	page 87
Article 6. Internal control and risk management system
P XVIII	The internal control and risk management system consists of a set of rules, procedures and organisational structures for an effective and efficient identification, measurement, management and monitoring of the main risks, aimed at contributing to the sustainable success of the company.	✓	page 95
P XIX	The board of directors defines the guidelines of the internal control and risk management system in accordance with the company's strategies and annually assesses its adequacy and effectiveness.	✓	page 52, 95, 96, 97
P XX	The board of directors defines the principles concerning the coordination and the flow of information among the parties involved in the internal control and risk management system. Such principles aim at maximising the effectiveness of the system itself, reducing the duplication of activities and ensuring the successful performance of the duties of the control body.	✓	page 85, 95, 96

Principles and Recommendations of the Corporate Governance Code Applied with adaptations as appropriate Not applied Page of Report R 32 The organisation of the internal control and risk management system involves: a) the board of directors, which plays a role in guiding and assessing the adequacy of the system; b) the chief executive officer, in charge of establishing and maintaining the internal control and risk management system; c) the control and risk committee set up within the board of directors, with the task of supporting the board of directors' assessments and decisions relating to the internal control and risk management system and the approval of periodical financial and non-financial reports. In companies that adopt the "one-tier" or "two-tier" corporate model, the functions of the control and risk committee can be assigned to the control body; d) the head of the internal audit function who is in charge of verifying that the internal control and risk management system is functional, adequate and consistent with the guidelines defined by the board of directors; e) the other corporate functions involved in the internal control and risk management system (such as the risk management functions and the functions dealing with legal and non-compliance risk) which are articulated in relation to the company's size, sector, complexity and risk profile; f) the control body, which monitors the effectiveness of the internal control and risk management system. ✓ ✓ ✓ ✓ ✓ ✓ page 95, 97 page 95, 98 page 81, 95, 97 page 95, 96, 100 page 95 page 71, 95, 98 R 33 The board of directors, with the support of the control and risk committee: a) defines the guidelines of the internal control and risk management system consistently with the company's strategies and assesses, at least once a year, the adequacy of this system with respect to the company's characteristics and its risk profile, as well as its effectiveness; ✓ page 52, 96, 97 b) appoints and dismisses the head of the internal audit function, defining his or her remuneration which is consistent with the company policies. The board ensures that he or she has adequate resources to carry out his or her duties. If the internal audit function is entrusted, as a whole or by operating segments, to an external entity, the board ensures that it meets the adequate requirements of professionalism, independence and organisation, providing adequate reasons for this choice in the corporate governance report; ✓ page 97, 100 c) approves, at least on an annual basis, the work plan prepared by the head of the internal audit function, after hearing the control body and the chief executive officer; ✓ page 97 d) evaluates the opportunity to take measures to ensure the effectiveness and impartial assistance of the other corporate functions mentioned in recommendation 32(e). To this end, the board verifies that such functions have adequate professionalism and resources; ✓ page 97 e) assigns the supervisory functions pursuant to Art. 6(1)(b) of Legislative Decree No. 231/2001 to the control body or to a body established specifically for this purpose (the so-called functions of the "Organismo di Vigilanza"). If the body does not correspond to the control body, the board of directors considers whether to appoint within the body at least one non-executive director and/or a member of the control body and/or the head of a legal or supervisory function of the company, in order to ensure coordination among the various parties involved in the internal ✓ page 105

Principles and Recommendations of the Corporate Governance Code

except for a non-significant part.

other benefits has been concluded.

part subject to deferral mechanisms);

whose office has been terminated.

Article 6. Internal control and risk management system

sustainable success of the company.

effectiveness.

purpose within the company;

R 29 The remuneration of non-executive directors is adequate to the competence, professionalism and commitment required by their role within the board of directors and its committees; this remuneration is not related to financial performance objectives,

R 30 The remuneration of the members of the control body is adequate to the competence, professionalism and commitment required by their role and the company's size, industry and current situation.

R 31 On the occasion of the termination of office and/or dissolution of the relationship with an executive director or general manager, a press release is published as soon as the internal processes that led to the assignment or the recognition of any indemnities and/or

The press release provides for detailed information on:

c) the application of any claw-back or malus clauses;

P XVIII The internal control and risk management system consists of a

P XIX The board of directors defines the guidelines of the internal control and risk management system in accordance with the company's strategies and annually assesses its adequacy and

P XX The board of directors defines the principles concerning the coordination and the flow of information among the parties involved in the internal control and risk management system. Such principles aim at maximising the effectiveness of the system itself, reducing the duplication of activities and ensuring the

successful performance of the duties of the control body.

set of rules, procedures and organisational structures for an effective and efficient identification, measurement, management and monitoring of the main risks, aimed at contributing to the

a) the assignment or the recognition of indemnities and/or other benefits, the circumstances that justify their accrual (e.g. due to the expiration of the term of office, its termination or a settlement agreement) and the decision-making process followed for this

b) the total amount of the indemnity and/or other benefits, the related components (including non-monetary benefits, the vesting of rights connected with incentive plans, the compensation for non-competitive commitments or any other remuneration allocated to any reason and in any form) and the timing of their disbursement (distinguishing the part paid immediately from the

d) the compliance of the elements indicated in letters a), b) and c) consistently with the remuneration policy, with a clear indication of the reasons and the decision-making process followed in the event of non-compliance, even if only partial, with the policy itself; e) the procedures that have been or will be followed for the replacement of the executive director or the general manager Applied with

adaptations as

appropriate

Not applied

✓ page 86

✓ page 87

✓ page 95

✓ page 52, 95, 96, 97

✓ page 85, 95, 96

Page of Report

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	control and risk management system;
	f) evaluates, after consultation with the control body, the results presented by the statutory auditor in any letter of suggestions and in the additional report addressed to the control body;	✓	page 97
	g) describes, in the corporate governance report, the main characteristics of the internal control and risk management system and the methods of coordination among the subjects involved. The report provides information about the national and international reference models and best practices adopted and the board's overall assessment of the adequacy of the system itself. Moreover, it provides an adequate explanation of the composition of the control body referred to in letter e) above.	✓	page 97, 105
R 34	The chief executive officer: a) identifies the main business risks, considering the characteristics of the activities carried out by the company and its subsidiaries, and periodically submit them to the examination of the board of directors;	✓	page 59, 98
	b) implements the guidelines defined by the board of directors, providing for the design, implementation and management of the internal control and risk management system and constantly verifying its adequacy and effectiveness, as well as adapting it to the dynamics of the operating conditions and the legislative and regulatory landscape;
	c) can entrust the internal audit with the tasks of carrying out specific controls on defined operational areas and on compliance with internal rules and procedures in the implementation of company transactions. Such requests are contextually conveyed to the chair of the board of directors, to the chair of the control and risk committee and to the chair of the control body;
	d) reports promptly to the control and risk committee on problems and critical issues that emerged in the performance of his or her activity or of which he or she nevertheless has information so that the committee can take appropriate actions.
R 35	The control and risk committee is comprised of non-executive directors, the majority of whom are independent, and is chaired by an independent director.	✓	page 77, 81
	The committee has expertise that is consistent with the company's industry and assessment of its risks; at least one member of the committee has adequate knowledge and experience in accounting, finance or risk management.	✓	page 77, 81
	The control and risk committee, in assisting the board of directors:
	a) assesses the external auditor and the control body, the correct application of the accounting principles and, in the case of groups, their homogeneity for the purposes of preparing the consolidated financial statement, after hearing the manager responsible for the corporate financial documents;	✓	page 71, 97
	b) assesses whether the periodic financial and non-financial information is suitable to correctly represent the company's business model, its strategies, the impact of its business and the performance achieved, in coordination with the committee mentioned in recommendation 1(a), if established;	✓	page 71, 97

	Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Page of Report
	c) examines the content of the periodic non-financial information relevant to the internal control and risk management system;	✓	page 81
	d) expresses opinions on specific aspects relating to the identification of the main corporate risks and supports the board of directors' assessments and decisions relating to the management of risks deriving from prejudicial facts of which the latter has become aware;	✓	page 81
	e) examines the periodic and particularly relevant reports prepared by the internal audit function;	✓	page 73, 81
	f) monitors the autonomy, adequacy, effectiveness and efficiency of the internal audit function;	✓	page 81, 96
	g) can entrust the internal audit with the task of carrying out specific controls on defined operational areas. Such a request is contextually conveyed to the chair of the control body;	✓	page 71, 73
	h) reports to the board of directors, at least upon the approval of the annual and half-yearly financial report, on the activities carried out and on the adequacy of the internal control and risk management system.	✓	page 71, 76, 81
R 36	The head of the internal audit function is not responsible for any operational area. He or she depends hierarchically on the board of directors and has direct access to all information that is useful for carrying out his or her duty.	✓	page 96, 100
	The head of the internal audit function:
	a) verifies, both on an ongoing basis and in relation to specific needs and in compliance with international standards, the functioning and the suitability of the internal control and risk management system according to the audit plan. The audit plan is approved by the board of directors and is based on a structured process of analysis and prioritisation of the main risks;	✓	page 97, 100
	b) prepares periodic reports containing adequate information on its activity, on the ways in which risk management is conducted, as well as on compliance with the plans defined for the containment of risks. The periodic reports contain an assessment of the suitability of the internal control and risk management	✓	page 100
	c) prepares promptly, at the request of the control body, reports	✓	page 71, 100
	d) submits the reports referred to in letters b) and c) to the chairs of the control body, of the control and risk committee and of the board of directors, as well as to the chief executive officer, except in cases where the matter of these reports specifically concerns	✓	page 101
	e) verifies, as part of the audit plan, the reliability of the information systems, including the accounting systems.	✓	page 100
R 37	The member of the control body who, on his or her own behalf or on behalf of third parties, has an interest in a specific transaction of the company, provides prompt and exhaustive information to the other members of the same body and to the chair of the board of directors about the nature, terms, origin and extent of his or her interest.	✓	page 64
	system; on events of particular relevance; the activity of these subjects;

in the additional report addressed to the control body;

f) evaluates, after consultation with the control body, the results presented by the statutory auditor in any letter of suggestions and

g) describes, in the corporate governance report, the main characteristics of the internal control and risk management system and the methods of coordination among the subjects involved. The report provides information about the national and international reference models and best practices adopted and the board's overall assessment of the adequacy of the system itself. Moreover, it provides an adequate explanation of the composition of the control body referred to in letter e) above.

a) identifies the main business risks, considering the characteristics of the activities carried out by the company and its subsidiaries, and periodically submit them to the examination of

b) implements the guidelines defined by the board of directors, providing for the design, implementation and management of the internal control and risk management system and constantly verifying its adequacy and effectiveness, as well as adapting it to the dynamics of the operating conditions and the legislative and

c) can entrust the internal audit with the tasks of carrying out specific controls on defined operational areas and on compliance with internal rules and procedures in the implementation of company transactions. Such requests are contextually conveyed to the chair of the board of directors, to the chair of the control

d) reports promptly to the control and risk committee on problems and critical issues that emerged in the performance of his or her activity or of which he or she nevertheless has information so that

The committee has expertise that is consistent with the company's industry and assessment of its risks; at least one member of the committee has adequate knowledge and

The control and risk committee, in assisting the board of directors: a) assesses the external auditor and the control body, the correct application of the accounting principles and, in the case of groups, their homogeneity for the purposes of preparing the consolidated financial statement, after hearing the manager

b) assesses whether the periodic financial and non-financial information is suitable to correctly represent the company's business model, its strategies, the impact of its business and the performance achieved, in coordination with the committee

and risk committee and to the chair of the control body;

R 35 The control and risk committee is comprised of non-executive directors, the majority of whom are independent, and is chaired

experience in accounting, finance or risk management.

responsible for the corporate financial documents;

mentioned in recommendation 1(a), if established;

the committee can take appropriate actions.

by an independent director.

control and risk management system;

R 34 The chief executive officer:

the board of directors;

regulatory landscape;

Applied with

adaptations as

appropriate

Not applied

✓ page 97

✓ page 97, 105

✓ page 59, 98

✓ page 77, 81

✓ page 71, 97

Page of Report

Principles and Recommendations of the Corporate Governance Code	adaptations as Applied with appropriate	Not applied	Page of Report
The control body and the control and risk committee promptly exchange relevant information for the performance of their respective duties. The chair or an other member of the control body designated by its chair, of the takes part control body in the meetings of the control and risk committee.	✓		page 73, 81, 98

(*) Recommendation incompatible with banking regulations or not applicable to Intesa Sanpaolo, as a large company with non-concentrated ownership

Corporate Governance Committee Recommendations	Reference in the Report
Completeness and timeliness of pre-meeting information: companies are invited to provide all relevant information on how Recommendation 11 is applied, bearing in mind that the lack of predetermined deadlines for the prior submission of pre-meeting information to the board and committees and/or the lack of information on the actual compliance with the deadlines and/or the provision in the board regulations or adopted in practices of the possibility of derogating from the above mentioned deadlines for reasons of confidentiality may represent a disapplication of Recommendation 11 of the Code. In the case of actual non-compliance, companies are therefore encouraged to clearly state it in their Corporate Governance Report, explaining: the reasons for the non-compliance, how the decision was made within the company, and how they intend to ensure compliance with Principle IX of the Code.	page 51, 66, 67, 73, 77, 85
Transparency and effectiveness of remuneration policy: companies are invited to provide all relevant information on how Recommendation 27 is applied, taking into account that the provision in the remuneration policy of variable components linked to generic sustainability objectives, for which specific evaluation parameters are not provided, and/or one-time extraordinary payouts, for which the nature and objectives are not identified and adequate decision-making procedures are not defined, may constitute a disapplication of Recommendation 27 of the Code. In the case of actual non compliance, companies are therefore asked to expressly indicate it in the Corporate Governance Report, explaining: the reasons, how the decision to disapply was made within the company, and how it is intended to ensure compliance with Principle XV of the Code.	page 86
Executive role of the Chair: companies are invited to provide all relevant information on how Recommendation 4 is applied, considering that the lack of an adequately reasoned explanation of the decision to assigning significant managerial powers to the Chair (whether the CEO or not) may qualify as a disapplication of Recommendation 4 of the Code. In the case of actual non compliance, companies are therefore asked to expressly indicate it in the Corporate Governance Report, explaining: the reasons, how the decision to disapply was made within the company, and how it is intended to ensure compliance with Principles V and X of the Code.	page 51, 53, 59

Table No. 2: "Art. 123-bis - Report on corporate governance and ownership structures"

Principles and Recommendations of the Corporate Governance Code

meetings of the control and risk committee.

with non-concentrated ownership

The control body and the control and risk committee promptly exchange relevant information for the performance of their respective duties. The chair or an other member of the control body designated by its chair, of the takes part control body in the

Completeness and timeliness of pre-meeting information: companies are invited to provide all relevant information on how Recommendation 11 is applied, bearing in mind that the lack of predetermined deadlines for the prior submission of pre-meeting information to the board and committees and/or the lack of information on the actual compliance with the deadlines and/or the provision in the board regulations or adopted in practices of the possibility of derogating from the above mentioned deadlines for reasons of confidentiality may represent a disapplication of Recommendation 11 of the Code. In the case of actual non-compliance, companies are therefore encouraged to clearly state it in their Corporate Governance Report, explaining: the reasons for the non-compliance, how the decision was made within the company, and

how they intend to ensure compliance with Principle IX of the Code.

compliance with Principle XV of the Code.

compliance with Principles V and X of the Code.

Transparency and effectiveness of remuneration policy: companies are invited to provide all relevant information on how Recommendation 27 is applied, taking into account that the provision in the remuneration policy of variable components linked to generic sustainability objectives, for which specific evaluation parameters are not provided, and/or one-time extraordinary payouts, for which the nature and objectives are not identified and adequate decision-making procedures are not defined, may constitute a disapplication of Recommendation 27 of the Code. In the case of actual noncompliance, companies are therefore asked to expressly indicate it in the Corporate Governance Report, explaining: the reasons, how the decision to disapply was made within the company, and how it is intended to ensure

Executive role of the Chair: companies are invited to provide all relevant information on how Recommendation 4 is applied, considering that the lack of an adequately reasoned explanation of the decision to assigning significant managerial powers to the Chair (whether the CEO or not) may qualify as a disapplication of Recommendation 4 of the Code. In the case of actual noncompliance, companies are therefore asked to expressly indicate it in the Corporate Governance Report, explaining: the reasons, how the decision to disapply was made within the company, and how it is intended to ensure

(*) Recommendation incompatible with banking regulations or not applicable to Intesa Sanpaolo, as a large company

Corporate Governance Committee Recommendations Reference in the Report

Applied with

adaptations as

appropriate

Not applied

Page of Report

page 51, 66, 67, 73, 77, 85

page 86

page 51, 53, 59

✓ page 73, 81, 98

	Art 123-bis - Report on corporate governance and ownership structures	Page of Report
	1. The report on operations of issuers with securities admitted to trading on regulated markets shall contain a specific section entitled: "Report on corporate governance and ownership structures", providing detailed information on:
	a) the capital structure, including securities not traded on a regulated market in an EU Member State, with an indication of the different classes of shares and, for each class of shares, the related rights and obligations and the percentage of total share capital represented;	page 41, 42
	b) any restriction on the transfer of securities, e.g. limitations in the possession of securities or the need to obtain consent from the company or other securities holders;	page 41
c)	significant direct and indirect equity investments, for example through pyramid structures and cross-investments, as stated in reports submitted pursuant to article 120;	page 42
	d) if known, the holders of any securities with special control rights and a description of such rights;	page 41
	e) the mechanism for the exercise of voting rights in any employee share ownership scheme where voting rights are not exercised directly by the employees;	page 41
f)	any restrictions on voting rights, such as limitations of the voting rights of holders of a given percentage or number of votes, deadlines for the exercise of voting rights, or systems whereby, with the company's cooperation, the financial rights attached to the securities are separate from the holding of securities;	page 41, 48
	g) agreements known to the company pursuant to article 122;	page 42
	h) any significant agreements to which the company or its subsidiaries are parties and which take effect, alter or terminate upon a change of control of the company, and the effects thereof, except where their nature is such that their disclosure would be seriously prejudicial to the company; this exception shall not apply where the company is specifically obliged to disclose such information on the basis of other legal requirements;	page 43
i)	agreements between companies and directors, members of the management board or supervisory board which envisage indemnities in event of resignation or dismissal without just cause, or if their employment contract should terminate as a result of a takeover bid;	page 41
l)	rules applying to the appointment and replacement of directors and members of the management board or supervisory board, and to amendments to the articles of association, if different from those envisaged by legal and regulatory provisions applicable as supplementary measures;	page 55, 57, 72
	m) the existence of delegated powers regarding share capital increases pursuant to article 2443 of the Italian Civil Code or powers of the directors or members of the management board to issue equity instruments or to authorise the purchase of own shares.	page 41, 42

	Art 123-bis - Report on corporate governance and ownership structures	Page of Report
provided regarding:	2. In the same section of the report referred to in subsection 1, information shall be
	a) adoption of a corporate governance code of conduct issued by regulated market management companies or trade associations, giving reasons for any decision not to adopt one or more provisions, together with the corporate governance practices actually applied by the company over and above any legal or regulatory obligations. The company shall also indicate where the adopted corporate governance code of conduct may be accessed by the public;	page 37
	b) the main characteristics of existing risk management and internal control systems used in relation to the financial reporting process, including consolidated reports, where applicable;	page 103
c)	the operating procedures of the shareholders' meeting, its main powers, shareholders' rights and their terms of exercise, if different from those envisaged by legal and regulatory provisions applicable as supplementary measures;	page 46
	d) the composition and operations of the management and control bodies and their committees.	page 54, 59, 66, 71, 78
	d-bis) a description of the diversity policies applied regarding the composition of the administrative and control bodies in relation to aspects such as age, gender composition, disabilities or training/professional courses taken, with a description of the objectives, implementation methods and results of said policies. If no policy is applied, the company shall clearly and precisely indicate the reasons for said choice. If this information is included in the sustainability reporting referred to in Article 3 and 4 of the Legislative Decree adopted in accordance with Article 13 of Law no. 15 of 21 February 2024, the obligations referred to in this subparagraph shall be deemed complied with on condition that reference thereto is made in the report on corporate governance.	page 54

Glossary

European Central Bank or ECB

The European Central Bank, the EU institution performing specific tasks in the field of prudential supervision of banks within the Single Supervisory Mechanism, which comprises the same ECB and the national competent authorities. Its main aim is to contribute to the safety and soundness of the banking system and the stability of the financial system within the EU as well as to ensure a consistent and efficient prudential supervision (www.ecb.europa.eu)

Bank of Italy

Bank of Italy – the central bank of Italy, part of the Eurosystem comprising the central banks of the Eurozone and the European Central Bank – is a public institution whose main functions are designed to ensure, among others, the stability and efficiency of the financial system by pursuing the sound and prudent management of financial intermediaries as well as compliance with relevant laws in force (www.bancaditalia.it)

Italian Stock Exchange or Borsa Italiana

Borsa Italiana S.p.A. is the company responsible in Italy for the organisation, management and development of markets for the trading of financial instruments, on which Intesa Sanpaolo S.p.A. instruments are also listed (www.borsaitaliana.it)

c.c.

Italian Civil Code

Parent Company

Intesa Sanpaolo, the Parent Company of the Banking Group, pursuant to the Consolidated Law on Banking

Italian Corporate Governance Code or Code

Italian Corporate Governance Code, approved by the Corporate Governance Committee on 31 January 2020

Board

The Board of Directors of Intesa Sanpaolo

Director/Directors

Member/Members of the Board of Directors of Intesa Sanpaolo

Consob

Commissione Nazionale per le Società e la Borsa, the Italian financial market supervisory authority, which monitors the transparency and proper conduct of operators (www.consob.it)

Consolidated Non-financial Statement

Statement drawn up and published pursuant to Italian Legislative Decree No. 254/2016, implementing European Directive No. 2014/95/EU containing information on environmental, social, personnelrelated issues, respect for human rights, and the fight against corruption. Legislative Decree no. 125/2024 repealed Legislative Decree no. 254/2016 and replaced previous regulations on the Non-financial Statement with the provision of the Sustainability Statement included in a specific section of the Report on Operations

Manager responsible for preparing the Company's financial reports

Manager responsible for preparing the Company's financial reports (pursuant to Article 154-bis of the Consolidated Law on Finance)

Supervisory Provisions

Provisions issued by the Bank of Italy as part of its supervisory functions, applicable to banks and banking groups

Supervisory Provisions on remuneration

Provisions regarding remuneration and incentive policies and practices in banks and in banking groups, laid down in Circular 285 of 17 December 2013 (First Part, Title IV, Chapter 2)

Supervisory Provisions on corporate governance

Provisions on bank corporate governance, laid down in Circular 285 of 17 December 2013 (First Part, Title IV, Chapter 1)

Supervisory Provisions on the control system

Provisions on the banks' internal control system, laid down in Circular 285 of 17 December 2013 (First Part, Title IV, Chapter 3)

European Banking Authority or EBA

European Banking Authority, an independent European Union authority, which works to ensure an efficient and standardised level of regulation and prudential supervision in the European banking sector

Financial Stability Board or FSB

Financial Stability Board, an independent body that collaborates with the national and international financial institutions to develop and implement effective regulatory, supervisory and other specific sector policies in the interest of global financial stability (www.financialstabilityboard.org)

Banking Group or Intesa Sanpaolo Banking Group

The Banking Group is composed of the Parent Company Intesa Sanpaolo and the banking, financial and instrumental companies – with registered offices in Italy and abroad – controlled directly or indirectly by the Parent Company

Group or Intesa Sanpaolo Group

The Group is composed of the Parent Company Intesa Sanpaolo and the companies controlled directly or indirectly by the same, including companies that are not part of the Banking Group – with registered offices in Italy and abroad

Intesa Sanpaolo or Company or Bank

Intesa Sanpaolo S.p.A.

Surveillance Body

Body with independent initiative and control powers, which is entrusted – pursuant to Italian Legislative Decree No. 231/2001 on the administrative liability of companies – with the task of supervising effective implementation, operation and compliance with the Organisational, Management and Control Model pursuant to the aforesaid Decree

Borsa Italiana Regulations

Regulations governing markets organised and managed by Borsa Italiana

Issuers' Regulation

Regulation implementing the Consolidated Law on Finance and governing issuers, adopted by Consob Resolution No. 11971 of 14 May 1999, and subsequent amendments thereto

Consob Regulation on related parties

Regulation issued by Consob Resolution No. 17221 of 12 March 2010 (and subsequent amendments), governing transactions with related parties

RPT Procedures

Group Procedures regulating the conduct of transactions with Related Parties of Intesa Sanpaolo S.p.A., Associated Entities of the Group and Relevant Persons pursuant to Article 136 of the Consolidated Law on Banking, updated by the Board of Directors in June 2021

Report on Governance

The Report on Corporate Governance and Ownership Structures drawn up pursuant to Article 123-bis of the Consolidated Law on Finance

Report on Remuneration

The Report on the remuneration policy and the remuneration paid drawn up pursuant to Article 123 ter of the Consolidated Law on Finance and subsequent implementation provisions

Consolidated Sustainability Statement

Reporting drawn up pursuant to Legislative Decree no. 125/2024 implementing European Directive no. 2022/2464/UE and included in a specific section of the Report on Operations, containing the necessary information to assess the Company's impact on sustainability items, as well as the necessary information to assess how sustainability items influence the Company's performance, results and situation

Bank's website or Company's website

The website group.intesasanpaolo.com

Articles of Association

Intesa Sanpaolo's Articles of Association (available in the Governance section of the Bank's website)

Consolidated Law on Banking

Italian Legislative Decree No. 385 of 1 September 1993 – Consolidated Law on Banking

Consolidated Law on Finance (CLF)

Italian Legislative Decree No. 58 of 24 February 1998 – Consolidated Law on Finance

Contacts

Group or Intesa Sanpaolo Group

with registered offices in Italy and abroad

Intesa Sanpaolo or Company or Bank

pursuant to the aforesaid Decree

subsequent amendments thereto

Consob Regulation on related parties

governing transactions with related parties

Borsa Italiana Regulations

managed by Borsa Italiana

Issuers' Regulation

RPT Procedures

Intesa Sanpaolo S.p.A.

Surveillance Body

The Group is composed of the Parent Company Intesa Sanpaolo and the companies controlled directly or indirectly by the same, including companies that are not part of the Banking Group –

Consolidated Law on Banking, updated by the Board

The Report on Corporate Governance and Ownership Structures drawn up pursuant to Article

The Report on the remuneration policy and the remuneration paid drawn up pursuant to Article 123 ter of the Consolidated Law on Finance and

Intesa Sanpaolo's Articles of Association (available in the Governance section of the Bank's website)

Italian Legislative Decree No. 385 of 1 September

Italian Legislative Decree No. 58 of 24 February 1998

123-bis of the Consolidated Law on Finance

subsequent implementation provisions

Consolidated Sustainability Reporting

Bank's website or Company's website The website group.intesasanpaolo.com

Articles of Association

Consolidated Law on Banking

– Consolidated Law on Finance

1993 – Consolidated Law on Banking

Consolidated Law on Finance (CLF)

of Directors in June 2021

Report on Governance

Report on Remuneration

situation

Regulations governing markets organised and

Regulation implementing the Consolidated Law on Finance and governing issuers, adopted by Consob Resolution No. 11971 of 14 May 1999, and

Regulation issued by Consob Resolution No. 17221 of 12 March 2010 (and subsequent amendments),

Registered Office:

Piazza San Carlo, 156 10121 Torino Telephone: +39 011 5551

Secondary Registered Office: Via Monte di Pietà, 8 20121 Milano Telephone: +39 02 87911

Parent Company Corporate Advisory, Corporate Duties and Governance [email protected]

Internet group.intesasanpaolo.com

Scan the QR Code with your smartphone to directly access the website

Premedia & print: Agema®

Antonio Joli, View of the Gulf of Naples from the slopes of Vesuvius

This large painting by eighteenth-century painter and scenographer Antonio Joli forms part of the Intesa Sanpaolo art collections, and is permanently exhibited in the Gallerie d'Italia in Naples as part of the exhibition "From Caravaggio to Gemito", which also includes two other views of Naples by his predecessor Gaspar van Wittel.

Cover:

Antonio Joli (Modena, 1700 around - Naples 1777) View of the Gulf of Naples from the slopes of Vesuvius, 1765-1770 ca oil on canvas, 157 x 235.5 cm Intesa Sanpaolo Collection Gallerie d'Italia - Naples

The evocative depiction of the Gulf of Naples seen from the slopes of Vesuvius (one of the most significant examples of Joli's celebratory Vedutism) belongs to the artist's mature period post-1762. At that time, after frequent stays in Rome and Venice, he settled and worked in Naples, as a brilliant scenographer and view painter in the manner of Canaletto and Bellotto. From this later period of production, the painting in question reveals his most typical characteristics, including the choice to represent particular moments of court life, within wide and scenic views of the city of Naples. In this case, to animate the landscape, the result of Joli's careful and lucid observation of reality, there is a procession of dignitaries strolling in the garden of the Royal Villa of Portici, together with Viceroy Ferdinand IV of Bourbon as a Capuchin friar kneels in homage. In other paintings, Ferdinando's horseback ride in the Capodimonte park, the ball game at the Aragonese fortifications, or the return by carriage of Ferdinando and Maria Carolina along the Via di Foria in Naples, all offer the painter suitable subjects to orchestrate evocative views of Naples. This view of the city, also including the Campi Flegrei and Ischia, follows the drawing made by Joli himself for the decorative apparatus of the "Topographic Map" of Naples, proposed by Duke Giovanni Carafa from Noja in 1750 but not actually published until 1775. As frequently occurs with the artist, the perspectives of this view multiply, skillfully combining into a global, authentic, and complex image. The author's eye captures Naples in its entirety, encircling the city, with a visual layout that constitutes the true modernity of Joli's vedutism, as an artist supported by remarkable technical expertise and a highly suggestive pictorialism. The sequence of trees that punctuates the sky, in fact, opens up to an image not only described in detail, but also vibrant with light and colours, measured out in light tones and on the delicate chiaroscuro differences, created between the shaded foregrounds and illuminated background.

Report on Corporate Governance and Ownership Structures

AI Terminal

Intesa Sanpaolo

4465_cgr_2025-03-28_9709155f-d534-4e3d-b3b6-5da86c45ef08.pdf

Report on Corporate Governance and Ownership Structures

Contents

PART IV SUMMARY TABLES 109

APPENDIX 117

Glossary 135

Introduction

Overview

Governance Model and Corporate Bodies

Shareholders' Meeting

Board Committees

Governance Highlights

Decision-making process

Supervision and control

Board of Directors, Management Control Committee and Board Committees

Board of Directors' breakdown

Board induction

Thematic areas examined in the Board of Directors' meetings in 2024

Thematic areas examined in the Management Control Committee's meetings in 2024

Thematic areas examined in the Risks and Sustainability Committee's meetings in 2024

Board of Directors' meetings in 2024

Board Evaluation

Information collection

Data processing

Nomination Committee review

Formalisation of the results

BoD review

Main results of the self-assessment: adequacy and best practices

Size and composition

Induction Plans

Functioning of the Board and its activities

Organisation of the meetings

Main practices that could be developed further

Remuneration

Control and risk management system

The internal control system is based on three levels:

Level I

Level II

Chief Audit Officer

Share capital and shareholder base

Ownership structure by geographical area

Shareholders' Meeting

Shareholders' majorities

The Shareholders' Meeting is usually held in single call, with the application of the following quorums: Ordinary Shareholders' Meeting Single call

Share capital attendance at the Shareholders' Meeting in the last five years

The Shareholders' Meeting can be Ordinary or Extraordinary:

The sustainability commitment

The governance of sustainability, which has been constantly strengthened over time, is characterised by the involvement of various Bodies and Structures, whose main responsibilities are detailed below

Board of Directors

Risks and Sustainability Committee

Management Control Committee

Managing Director and CEO

Steering Committee

Group Control Coordination and Non-Financial Risks Committee

Chief Sustainability Officer

ESG Control Room and its Panels

The 2022-2025 Business Plan and Sustainability

Allowance for charitable, social and cultural contributions

The Intesa Sanpaolo Group

Compliance with the Italian Corporate Governance Code

Letter from the Chair of the Italian Corporate Governance Committee

Part I - Ownership structure and investor relations

Information on ownership structure

Share Capital

Securities traded on non-European markets

Art. 123-

Shareholder Base

Main shareholders

Shareholders' agreements

"Change of control" clauses

Allocated assets

Policy for the management of dialogue with investors

Relations with shareholders, the financial community and stakeholders – The website

The Shareholders' Meeting: procedures and shareholders' rights

Intesa Sanpaolo's Shareholders' Meeting

The Shareholders' Meeting can be Ordinary or Extraordinary.

Calling meetings and procedure at meetings

Additions to the agenda and submission of new proposed resolutions