Report on Corporate Governance and the Shareholding Structure

in accordance with Article 123-bis of the Consolidated Law on Finance

Report on Corporate Governance and the Shareholding Structure

in accordance with Article 123-bis of the Consolidated Law on Finance

(Traditional administration and control model)

ENGLISH TRANSLATION FOR COURTESY PURPOSES ONLY. IN CASE OF DISCREPANCIES BETWEEN THE ITALIAN VERSION AND THE ENGLISH VERSION, THE ITALIAN VERSION SHALL PREVAIL.

Issuer: BANCA MONTE DEI PASCHI DI SIENA S.P.A.

Website: www.gruppomps.it/en

Year to which the report relates: 2024

Report approval date: 14 March 2025

The 2024 Report	7
1. Company Profile	8
The Bank's corporate governance system	10
ESG Sustainability in the Governance System of the Bank and the Group	11
The Business Plan and Sustainable Success	13
Organisational structure	14
The Montepaschi Group	16
2. Information on the Shareholding Structure	17
a) Share capital structure (as per Article 123-bis, paragraph 1, letter a) of the TUF)	18
b) Restrictions on the transfer of shares (as per Article 123-bis, paragraph 1, letter b) of the TUF)	18
c) Significant equity investments (as per Article 123-bis, paragraph 1, letter c) of the TUF)	18
d) Shares with special rights (as per Article 123-bis, paragraph 1, letter d) of the TUF)	19
e) Employee share ownership: voting rights exercise mechanism (as per Article 123-bis, paragraph 1, letter e) of the TUF)	19
f) Restrictions on voting rights (as per Article 123-bis, paragraph 1, letter f) of the TUF)	19
g) Shareholder agreements (as per Article 123-bis, paragraph 1, letter g) of the TUF)	19
h) Change of control clauses (as per Article 123-bis, paragraph 1, letter h) of the TUF) and provisions of the By-Laws regarding takeover bids (as per Article 104, paragraph 1-ter and Article 104-bis, paragraph 1)	19
i) Delegated powers to increase share capital and authorisations to buy back own shares (as per Article 123-bis, paragraph 1, letter m) of the TUF)	20
l) Direction and coordination (as per Article 2497 et seq. of the Civil Code)	20
3. Compliance	21
Adherence to the Corporate Governance Code	22
Considerations on the letter of the Chairperson of the Italian Corporate Governance Committee	22
4. Board of Directors	24
4.1 Role of the Board of Directors	25
Exclusive powers of the Board	25
Activities in 2024	26
4.2 Appointment and replacement (as per Article 123-bis, paragraph 1, letter l) of the TUF)	27
Presentation of the lists of candidates	27
Election of directors	28
Minority representation	28
Independent directors	29
Gender balance	29
Supplementary appointment measure	29
Replacement of directors during their mandate	29
Shareholders' Meeting of 20 April 2023 – renewal of the corporate boadies for the period 2023-2025	30

4.3 Composition (as per Article 123-bis, paragraph 2, letter d) and d-bis) of the TUF)	32
Suitability requirements for bank directors
Time Commitment for the role	33
Limits on the number of directorships held by Directors	34
Independence requirements for Directors	34
Process of verifying the Suitability Requirements	35
The Guidelines of the Board of Directors	35
Activities in 2024	36
Diversity and Inclusion Policy	36
Diversity Policy on the composition of Corporate Bodies	37
4.4 Functioning of the Board of Directors (as per Article 123-bis, paragraph 2, letter d) of the TUF)	39
Reporting flows	40
4.5 Role of the Chairperson of the Board of Directors	41
Board Secretary	42
4.6 Executive Directors	42
Chief Executive Officer	42
4.7 Independent directors and Lead Independent Director	45
Independent directors	45
Lead Independent Director	46
5. Handling of corporate information	47
6. Board Committees	49
7. Self-assessment andsuccession of Directors – Nominations Committee	52
7.1 Self-assessment of the Board of Directors and its Committees	53
The self-assessment process adopted by the Bank	53
7.2 Succession plans for Directors and the Bank's Top Management	55
Succession plans for other corporate positions	56
7.3 Nomination Committee	56
Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)	56
Participating in the work of the Committee	56
Functions attributed to the Nominations Committee	57
Activities in 2024	58
8. Remuneration of Directors and Remuneration Policy Report – Remuneration Committee	60
8.1 Remuneration of directors	61
8.2 Remuneration Policy Report	61

Activities in 2024 61

8.3 Remuneration Committee	62
Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)	62
Participating in the work of the Committee	63
Functions attributed to the Remuneration Committee	63
Activities in 2024	64
9. Internal Control and Risk Management System – Risk and Sustainability Committee – IT and Digitalisation Committee	66
The general principles of the Internal Control System	67
The Internal Control System governance model	69
Assessment of the Internal Control and Risk Management System	70
9.1 Chief Executive Officer - Director in charge of the internal control and risk management system	70
Activities in 2024	71
9.2 Risk and Sustainability Committee	71
Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)	71
Participating in the work of the Committee	72
Functions attributed to the Risk and Sustainability Committee	72
Activities in 2024	75
9.3 IT and Digitalisation Committee	77
Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)	77
Participating in the work of the Committee	77
Functions attributed to the IT and Digitalisation Committee	78
Activities in 2024	79
9.4. Corporate Control Functions	79
9.4.1 Internal Audit Function	79
9.4.2 Risk Control Function	80
9.4.3 Compliance Function	82
9.4.4 Internal Validation Function (or Validation Function)	83
9.4.5 Anti-Money Laundering Function	84
9.5 231 Model	85
9.5.1 231 Supervisory Body	85
Composition and operations of the 231 Supervisory Body	86
Activities in 2024	87
9.6 Independent Auditors	87
9.7 Financial Reporting Officer and other Corporate Roles and Functions	88
9.8 Coordination between parties involved in the Internal Control and Risk Management System	90
Activities in 2024	91

10. Directors' interests and transactions with related parties	92
10.1 Related-Party Transactions Committee	94
Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)	94
Participating in the work of the Committee	94
Functions attributed to the Related-Party Transactions Committee	95
Activities in 2024	96
11. Board of Statutory Auditors	97
11.1 Appointment and replacement	98
Presentation of lists of candidates	98
Election of candidates	98
Replacement of members of the Board of Statutory Auditors	99
Suitability Requirements and disqualification from the office	99
11.2 Composition and operations of the Board of Statutory Auditors	100
Independence	101
Diversity criteria and policies in the composition of the Board of Statutory Auditors	101
Self-assessment of the Board of Statutory Auditors	103
Remuneration	103
Management of Interests	103
11.3 Role of the Board of Statutory Auditors	103
Activities in 2024	103
12. Relations with Shareholders and other key stakeholders	106
Access to corporate information	107
Dialogue with Shareholders, Investors and other key stakeholders	108
Purpose of the Policy with Shareholders and Investors	108
Contact point for initiating dialogue	109
Activities in 2024	109
13. Shareholders' Meetings	110
14. Additional Corporate Governance Practices	114
Tables	116
Definitions	120

The 2024 Report

The Report, approved by the Board of Directors of Banca Monte dei Paschi di Siena S.p.A. at its meeting on 14 March 2025, provides investors and the public with a description of the shareholding and corporate governance structure adopted by Banca Monte dei Paschi di Siena S.p.A., in compliance with the provisions of Article 123-bis of the TUF and the Supervisory Provisions on the Corporate Governance of Banks.

It also describes how the Company applies the Principles and Recommendations1 of good corporate governance contained in the Corporate Governance Code for listed companies, to which the Bank subscribes, in accordance with the "comply or explain"2 , principle, and also takes into account the additional recommendations that the Italian Corporate Governance Committee sends to issuers every year to facilitate the increasingly effective and consistent application of the Code itself.

The Report is based on the latest version of the "Format for the Report on Corporate Governance and the Shareholding Structure", proposed by the Corporate Governance Committee and Borsa Italiana S.p.A., published in December 2024.

The Report is subject to the review and statement of conformity of the independent auditors PricewaterhouseCoopers S.p.A., pursuant to Article 123-bis, paragraph 4 of the TUF. The results of the activities carried out are set out in the reports issued by the Auditors, pursuant to Article 14 of the Consolidated Law on Auditing and attached to the Bank's annual financial statements and consolidated financial statements.

The Report is published on the Bank's website www.gruppomps.it/en – Corporate Governance – Governance Model – Report on Corporate Governance and the Shareholding Structure and on the authorised storage platform, E-Market storage .

Unless otherwise specified, the information in this Report is current as at the date of its approval by the Board of Directors (14 March 2025).

¹ The Principles set out in the Code define the objectives of good governance; the Recommendations set out the behaviour that the Code considers appropriate to achieve the objectives set out in the Principles.

² The Code's application is guided by the principles of flexibility and proportionality. The "comply or explain" criterion requires that any deviation from a Code recommendation be clearly stated, with an explanation of the reasons – whether stemming from internal or external factors – why the practice recommended by the Code may not align with the company's functional necessities or be compatible with its governance model.

1. Company Profile

Banca Monte dei Paschi di Siena S.p.A., Parent Company of the Montepaschi Banking Group, is a bank with shares listed on the regulated market Euronext Milan, organised and managed by Borsa Italiana S.p.A. The BMPS share is part of the FTSE MIB.

The Bank carries out banking activities through the various forms of funding and lending in Italy and abroad. It can perform all transactions and banking and financial services permitted by the applicable regulations, establish and manage forms of supplementary pensions, and carry out any other transaction instrumental for, or in any case, connected to the achievement of the company purpose.

As a listed company, BMPS complies with the Italian and supranational legislative provisions relating to issuers of securities listed on a regulated market and, being a bank, is subject to the applicable legislative, regulatory and supervisory provisions for banks and banking groups.

In its role as Parent Company of the Montepaschi Group, it exercises sole direction, governance and control through the management and coordination of the Group pursuant to the TUB and the Italian Civil Code and the issuing of directives to Group companies for the implementation of instructions given by the Supervisory Authorities in the interest of maintaining the stability of the Banking Group.

Based on the criteria indicated in the Supervisory Provisions on the Corporate Governance of Banks, BMPS is a significant bank in terms of size and complex operations and is subject to the direct prudential supervision of the European Central Bank.

BMPS is a significant bank in terms of size and complex operations

Report on Corporate Governance and the Shareholding Structure 2024 - 1. Company Profile

The Bank's corporate governance system

The Bank has adopted a traditional administration and control model, consisting of a Board of Directors and a Board of Statutory Auditors appointed by the Shareholders' Meeting.

The Shareholders' Meeting, in either an ordinary or extraordinary session, expresses the will of the Company on matters within its competence as defined by law or the By-Laws: it appoints the members of the Board of Directors and the Board of Statutory Auditors as well as the independent auditors - based on a reasoned proposal by

the Board of Statutory Auditors - and establishes their compensation and responsibilities; it approves the financial statements, including the Sustainability Report, and the allocation of profits, as well as the remuneration and incentive policies, one-off transactions (such as share capital increases) and amendments to the By-Laws. The By-Laws grant the Board of Directors the authority to amend the By-Laws in accordance with regulatory provisions and approve mergers in the cases provided for by Articles 2505 and 2505-bis of the Civil Code.

The Board of Directors, as the Governing Body, defines the strategies and strategically important operations for the Bank and the Montepaschi Group, monitoring their implementation and pursuing Sustainable Success. It promotes the adoption of the most functional corporate governance system for the company's activities and

the achievement of its strategic goals.

The Board operates with the support of its own committees ("Board Committees"), each of which is responsible for specific areas of competence:

Risk and Sustainability Committee
Nominations Committee
Remuneration Committee
Related-Party Transactions Committee
IT and Digitalisation Committee

The Board of Statutory Auditors, Control Body, with the functions of the "committee for internal controls and statutory audits of accounts" pursuant to the Consolidated Law on Auditing, oversees: (a) compliance with laws, regulations and the By-Laws; (b) the financial disclosure and sustainability reporting process and the principles

of proper administration; (c) the adequacy of the company's organisational, control and administrative-accounting systems, as well as independent audit activities regarding financial disclosure and sutainability reporting; (d) the procedures for the enforcement of the corporate governance rules established by the Corporate Governance Code; (e) the adequacy of the instruction provided to the subsidiaries by the Bank pursuant to Article 114, paragraph 2 of the TUF.

The 231 Supervisory Body, responsible for overseeing the functioning, compliance, and updating of the Bank's organizational model under Legislative Decree No. 231/2001.

The auditing of accounts and certification of the Sustainability Report are assigned to an Independent Auditing Firm.

ESG Sustainability in the Governance System of the Bank and the Group

The Montepaschi Group has always been characterised by its commitment to sustainable, fair and inclusive development, with the aim of integrating sustainability principles into its business strategy. This approach seeks to protect the interests of stakeholders and foster and support relationships with customers and local communities.

With an ever-increasing awareness of the impact of its activities on the economy, people and the environment, combined with the cultural shift in recent years towards environmental, social and governance (ESG) issues by the market, customers and regulators, the Bank and the Group have progressively integrated into its governance system a model of Sustainable Success that aims to create long-term economic value and address the direct environmental and social impacts of its activities.

(1) Gender Equality Certification: introduced by the Italian National Recovery and Resilience Plan (PNRR) and approved by the EU as part of Mission 5 "Cohesion and Inclusion", was established by Law No. 162/2021. It certifies, through accredited certification bodies, a company's compliance with gender equality principles.

To continue its commitment to supporting the development of sustainable models and accelerating the transition of the global economy to zero carbon by 2050, the Group adheres to the Principles for Responsible Banking and the Net Zero Banking Alliance, which includes setting and monitoring decarbonisation targets for lending and investment portfolios as well as social impact goals.

In addition to Standard Ethics' confirmation of the Bank's Sustainability rating with a long-term expected rating of EE+ ('Very strong'), the Bank's dedication and commitment to Sustainable Success has been further reinforced by positive feedback. This includes evidence of a steady overall improvement in ESG Ratings from major unsolicited rating agencies, with upgrades from Standard & Poor's and MSCI.

The impact of the ESG approach in the Bank's corporate governance system is reflected in the roles and functions assigned to the various players involved in the aforementioned Group Directive:

Board of Directors	• committed to pursuing Sustainable Success through the creation of long-term value for the benefit of shareholders, taking into account the interests of other stakeholders relevant to the Company; • approves the Sustainability and ESG strategies and policies and the Sustainability Plan3 , in accordance with the values, principles and rules of conduct defined in the Montepaschi Group Code of Ethics, the commitments resulting from adherence to voluntary initiatives and taking into account the impact of ESG risk factors (see the following section "The Business Plan and Sustainable Success" as well as section 8 on the definition of the Group's remuneration policy); • when defining corporate strategies, considers, among other things, the profiles associated with the objec tives of sustainable finance and, in particular, the integration of ESG factors into business decision-mak ing processes; • approves the Group's Sustainability and ESG Directive as well as policy guidelines and coordination on Sustainability Reporting (see the document published on the Bank's website entitled "Group ESG and Sus tainability Guidelines"); • approves participation in national and supranational initiatives in the field of Sustainability; • ensures that the Group's Sustainability and ESG Directive is applied and implemented; • ensures that the Group's overall risk management framework includes oversight of ESG risk factors by integrating them into all existing risk assessment, management, monitoring, control and reporting pro cesses, as well as into the Group's Risk Appetite setting and Asset Adequacy and Liquidity Assessment processes (for information on the internal control and risk management system, see also section 9); • approves the analysis of "Dual Materiality" and the Sustainability Report.
Risk and Sustainability Committee	• supports the Board of Directors with assessment, proposal-making and advisory functions in assess ments and decisions relating to Sustainability and ESG risk management; • monitors the Group's Sustainability positioning.
Board of Statutory Auditors	• supervises compliance with the provisions established pursuant to Legislative Decree no. 125 of 10 Sep tember 2024 with regard to training, the preparation and publication of the Sustainability Report.
Chief Executive Officer	• submits the Sustainability and ESG strategies and policies, the Sustainability Plan, the Dual Materiality analysis and the Sustainability Report to the Board for approval; • oversees Sustainability-related activities and actions to be implemented, including the implementation of the resolutions adopted by the Board, while monitoring and ensuring the achievement of pre-fixed objectives.
Management Committee	•through the specific 'ESG and Sustainability' session, supports the Chief Executive Officer in defining stra tegic guidelines and Sustainability policies and in finalising the Sustainability Plan actions; • monitors the evolution of the Sustainability Plan actions by ensuring adequate sponsorship of initiatives and guiding the resolution of critical issues in order to achieve the Group's strategic objectives.
Head of Sustainability and ESG/ Sustainability and ESG Function	• promotes the integration of ESG issues into the Group's strategy; • supervises, while ensuring that all initiatives undertaken by the various parties in carrying out their duties, are in line with the Group's ESG strategy; • responsible for defining and promoting the ESG strategic guidelines to the top corporate bodies, and for outlining the related project initiatives and ESG objectives to be achieved in the Sustainability Plan. This includes monitoring progress and institutional reporting on Sustainability, as well as tracking ESG ratings; • supervises the implementation of commitments stemming from national and supranational Sustainability and ESG initiatives and oversee their application, monitoring and disclosure (e.g., NZBA, PRB); • supports the Chairperson of the Board of Directors and the CEO of the Parent Company in managing the dialogue with shareholders and investors on Sustainability and ESG issues (for information on the Dialogue Policy, see also Section 12); • promotes the culture of sustainable development within the Company.
Corporate Control Functions	• for the aspects under their respective responsibility, develop risk assessment, measurement and manage ment methods in line with the Sustainability strategies and actions contained in the Sustainability Plan.
Corporate Functions of the Bank/Parent Company and of the Group companies	•implement the relevant Sustainability Plan actions and support their monitoring; • contribute to the development of a Sustainability-driven culture, the definition of Sustainability strategies and policies, the Sustainability Plan and the Sustainability Report; • oversee the risks relating to their Sustainability-related activities; • promote the integration of ESG factors in processes, procedures and IT systems.

3 The Sustainability Plan outlines the project initiatives and actions, identifying deliverables, timelines, and responsibilities to achieve the objectives set by the Group's sustainability strategies. It is periodically reviewed in line with the evolution of the strategy and the external context.

The Business Plan and Sustainable Success

During 2024, the Board of Directors, supported by the Risk and Sustainability Committee, was involved in all Sustainability-related matters as well as the initiatives included in the Business Plan and the related Sustainability Plan.

At the beginning of the year, the Board of Directors approved the Sustainability Plan and project structure, known as the ESG Programme, which outlines the ESG initiatives to be implemented, with associated deliverables, timelines and ownership. The programme, which has a specific project structure and is co-sponsored by the Chief Financial Officer and the Chief Risk Officer, is divided into eight different project areas covering the four pillars of the ESG framework that the Group is developing (Strategy & Governance, Business Model, Risk & Regulation, and Reporting & Communication).

During the year, the Board of Directors, together with the Risk and Sustainability Committee and the Executive Committee in its dedicated ESG meeting, monitored the progress of the Business Plan on a quarterly basis and decided on the implementation and/or completion of individual projects.

Following the achievement of the main objectives set out in the 2022-2026 Business Plan, on 6 August 2024 the Board of Directors, assisted by the Risk and Sustainability Committee, reviewed and approved the results as at 30 June 2024 and updated the financial objectives and strategic guidelines with the approval of the new 2024-2028 Business Plan. This Plan aims to strengthen the Bank's positioning as a "Clear and Simple Commercial Bank", through digital transformation and an increasingly specialised service model for families and businesses.

"The 2024-2028 Business Plan aims to create a Bank ready for the future, capable of successfully meeting the evolving needs of customers through a process of business and technological innovation supported by an extensive investment plan, fully enhancing the Bank's talented people, further improving business sustainability, strengthening balance sheet and focusing on value distribution and creation for all BMPS stakeholders. The Plan will allow the Group to further accelerate its path towards a sustainable business model following a long-standing commitment and the goal of achieving a distinctive position in management of ESG issues, supporting clients in the upcoming "green" transformation process and contributing to the creation of a society based on sustainability, equality and inclusion"⁴ . For more information on the activities carried out during the financial year in pursuit of the Sustainable Success of the Bank and the Group, please refer to the sections of the Report devoted to the role of the Board of Directors (section 4.1) and the Risk and Sustainability Committee (section 9.2), the Group's remuneration policy (section 8), the Internal Control and Risk Management system (section 9) and the management of the dialogue with shareholders, investors and other stakeholders of the Bank and the Group (section 12).

The corporate sustainability report on the activities carried out by the Bank and the Group in 2024 is contained in the Sustainability Report included in the Annual Financial Report, which, also pursuant to Legislative Decree No. 125 of 6 September 2024, is published on the website www.gruppomps.it/en.

The 2024-2028 Business Plan aims to create a Bank ready for the future

Report on Corporate Governance and the Shareholding Structure 2024 - 1. Company Profile

Organisational structure

The Board of Directors defines the general and relevant guidelines to ensure the Group's stability and pursuit of its Sustainable Success. Within this framework, the parent company's head office performs functions of direction, coordination and control over the Group's companies.

Organisational chart of the Parent Bank's Head Offices (as at 31 December 2024)

2024 was marked by the completion of the organisational restructuring outlined in the 2022-2026 Business Plan, involving the General Management, the Regional Divisions and the Commercial Network, as well as some minor organisational adjustments.

In January 2024, 50 branches were closed, with their customers and existing accounts transferred to the corresponding incorporating branches.

In February 2024, several optimisation measures were implemented within the General Management Division, including the creation of the Commercial Deputy General Management Division⁵ , which oversees the Chief Commercial Officer for Retail and the Chief Commercial Officer for Corporate and Private.

In April 2024, further optimisation measures were introduced for product specialists and Small Business customers, including:

the centralisation of Agrifood Specialists and Wealth Management Specialists within the "Corporate Products, Subsidised Finance & OdG" and "Private" Functions reporting to the Chief Commercial Officer Corporate and Private;
the creation of 132 specialist centres, called "Small Business Districts", reporting directly to the Territorial Divisions for Corporate and Private. These centres are dedicated to the management of small business customers, previously handled at branch level, while Small Economic Operators (SEO) customers have been reassigned to the Branch Value Line.

In June 2024, the AML-CFT Function (previously reporting directly to the Chief Risk Officer) was placed under the direct supervision of the CEO. As of July 2024, responsibilities related to the governance of regulatory compliance in recovery and resolution planning for credit institutions, as required by the BRRD Directive, were assigned to the Capital Planning, BRRD, Studies & Research Function, reporting to the Chief Financial Officer (who also serves as Resolution Officer).

Further network process optimisations have been implemented to improve work quality, free up commercial time, and enhance service quality. This includes reducing response times and service delivery times through the streamlining of administrative tasks and document management costs, with a strong focus on digital process transformation.

⁵ On 6 February 2024, the Board of Directors appointed the Head of CCO Corporate and Private, Maurizio Bai, as Deputy General Manager of the Bank. This appointment is part of the new appointments to top management of some of the Bank's key functions, aimed at enhancing the Bank's wealth of internal resources, accelerating its growth trajectory to better meet the needs of its customers, and promoting the spread of a strong corporate culture focused on long-term value creation.

Report on Corporate Governance and the Shareholding Structure 2024 - 1. Company Profile

The Montepaschi Group

The Montepaschi Group is active across Italy and in some of the major international financial markets with operations focused on traditional retail and commercial banking services and a particular commitment towards household customers and Small and Medium Enterprises.

The Group operates in all key business areas: corporate finance, investment banking and factoring. The insurance-pension sector is covered by a strategic partnership with AXA while asset management activities are based on the offer of investment products of independent third parties.

The Group combines traditional services offered through its network of branches and specialised centres with an innovative self-service and digital services system enhanced by the skills of the network of financial advisors through the subsidiary Widiba Bank S.p.A. Foreign banking operations are focused on supporting the internationalisation processes of corporate clients in all major global financial markets.

Intragroup relations are managed on the basis of a "Regulation for the operating governance of the Group" which governs and coordinates the Group's activities and ensures that results are achieved by means of well-defined rules and clear procedures for assigning management responsibilities, in compliance with the instructions given by the Supervisory Authorities in the interests of the Group's stability.

For additional details, see the website www.gruppomps.it/en – About us – Presentation.

The Montepaschi Banking Group (as at 31 December 2024)

2. Information on the Shareholding Structure

7,453,450,788.44

1,259,689,706

No. OF ORDINARY SHARES

SHARE CAPITAL

2. Information on the Shareholding Structure (as per Article 123-bis, par 1 of the TUF)

a) Share capital structure (as per Article 123-bis, paragraph 1, letter a) of the TUF)

The Bank's subscribed and paid-in capital amounts to Euro 7,453,450,788.44, divided into 1,259,689,706 ordinary shares with no indication of nominal value.

There are no other categories of shares. Each share entitles the holder to one vote.

The shares are issued in dematerialised form. Procedures for the circulation and legitimation of shares are governed by law.

BMPS shares are admitted to trading on the regulated market, Euronext Milan, which is organised and managed by Borsa Italiana S.p.A.

There are no outstanding financial instruments which grant the right to subscribe newly-issued shares of the Bank.

b) Restrictions on the transfer of shares (as per Article 123-bis, paragraph 1, letter b) of the TUF)

The current By-Laws do not contain clauses restricting the transfer of shares.

c) Significant equity investments (as per Article 123-bis, paragraph 1, letter c) of the TUF)

As this is a company with listed shares, the information provided is based on the communications received by the Bank in accordance with applicable legislation (Article 120 of the TUF and Articles 117 et seq. of the Consob Issuer Regulation) and other information received by the Company and published on Consob's website.

Shareholders who directly or indirectly own ordinary shares accounting for more than 3% of the Bank's share capital and who do not fall under the exemptions provided for by Article 119-bis of Consob's Issuer Regulation, are as follows:

Significant shareholders

(1) Shareholdings held through Ausonia S.r.l., Esperia 15 S.r.l. MK 87 S.r.l., Istituto Finanziario 2012 S.p.A., Gamma S.r.l., Azufin S.p.A., VM 2006 S.r.l., Mantegna 87 S.r.l., Calt 2004 S.r.l. and Finanziari Italia 2005 S.p.A.

Report on Corporate Governance and the Shareholding Structure 2024 - 2. Information on the Shareholding Structure

The latest data on the Bank's main shareholders can be viewed at www.gruppomps.it/en – Corporate Governance – Shareholding Structure /Investor Relations – Shareholding Structure.

During 2024, the Ministry of Economy and Finance (MEF) reduced its stake in the Bank's capital from 39.232% to 11.731% through the sale of a total of 346,436,392 BMPS ordinary shares. This was done through two Accelerated Book Building (ABB) transactions, reserved for Italian and international institutional investors (the first transaction, completed on 26 March 2024, involved the sale of 157,461,216 shares, representing approximately 12.5% of the share capital. The second transaction, completed on 15 November 2024, involved the sale of 188,975,176 shares, equivalent to approximately 15% of the share capital).

d) Shares with special rights (as per Article 123-bis, paragraph 1, letter d) of the TUF)

No shares with special control rights have been issued and BMPS's By-Laws do not make provisions for shares with multiple or increased voting rights.

Notwithstanding the foregoing, companies operating in the financial and banking sector are subject to the special powers of the State (the so-called "golden power"), as established by Decree-Law No. 21 of 2012 (converted into Law No. 56 of 2012) and its implementing regulation (DPCM 179/2020, Article 8).

e) Employee share ownership: voting rights exercise mechanism (as per Article 123-bis, paragraph 1, letter e) of the TUF)

In 2024, the Shareholders' Meeting did not approve any Stock Granting Plans for employees of the Montepaschi Group, which would involve the free allocation of ordinary BMPS shares to employees.

For further information on stock granting plans approved in previous years, please refer to the disclosure on this subject pursuant to Article 84-bis of the Consob Issuer Regulation ("Information on the allocation of financial instruments to company representatives, employees or collaborators"), published, in Italian only, at www.gruppomps.it/en – Investor Relations – Azionariato e Titolo – Acquisto azioni proprie e stock granting. It should be noted that the aforementioned plans did not include mechanisms for the exercise of voting rights by employees holding BMPS shares different from those granted to other shareholders.

f) Restrictions on voting rights (as per Article 123-bis, paragraph 1, letter f) of the TUF)

There are no restrictions on voting rights.

g) Shareholder agreements (as per Article 123-bis, paragraph 1, letter g) of the TUF)

The Bank is not aware of any shareholders' agreement stipulated in any form pursuant to Article 122 of the TUF, concerning the exercise of the rights inherent in the shares or the transfer thereof.

h) Change of control clauses (as per Article 123-bis, paragraph 1, letter h) of the TUF) and provisions of the By-Laws regarding takeover bids (as per Article 104, paragraph 1-ter and Article 104-bis, paragraph 1)

In conducting its core business, the Bank stipulates funding or marketing agreements for products even of significant relevance which may envisage, according to negotiating practices, effects/modifications/settlement of the same in the event of a change of control of the contracting company.

The shareholders' agreement with AXA relating to the BMPS-AXA joint venture - a strategic partnership in life and non-life bancassurance and supplementary pension products for the distribution of insurance products through the Bank's commercial network - will remain in force until 2027.

In 2024, BMPS and its subsidiaries did not enter into any such agreements that are significant in terms of amount and effect at a consolidated level.

The By-Laws of BMPS do not provide for any exemptions to the passivity rule (Article 104, paragraphs 1 and 1-bis of the TUF) and to the neutralisation rules (Article 104-bis, paragraphs 2 and 3 of the TUF) prescribed by the TUF for takeover bids.

i) Delegated powers to increase share capital and authorisations to buy back own shares (as per Article 123-bis, paragraph 1, letter m) of the TUF)

Delegated powers

There are no powers assigned to the Board of Directors pursuant to Article 2443 of the Civil Code by the Shareholders' Meeting.

Purchase of own shares

There are no existing authorisations by the Shareholders' Meeting for the buy-back of own shares pursuant to Article 2357 of the Civil Code.

l) Direction and coordination (as per Article 2497 et seq. of the Civil Code)

BMPS is not subject to direction and coordination pursuant to Article 2497 et seq. of the Civil Code.

3. Compliance

3. Compliance (as per Article 123-bis, paragraph 2, letter a), part i of the TUF)

Adherence to the Corporate Governance Code

The Bank adheres to the Corporate Governance Code of listed companies, as approved in January 2020, accessible to the public on the website of the Committee for Corporate Governance of Borsa Italiana on the page https://www.borsaitaliana.it/comitato-corporate-governance/codice/codice.en.htm and on the Bank's website www.gruppomps.it - Corporate Governance – Governance Model.

The application of best governance practices, as defined by the Principles and Recommendations of the Corporate Governance Code, together with the additional Recommendations received each year from the Italian Corporate Governance Committee, complements the existing legal and supervisory banking and financial regulations.

The corporate governance system adopted consists of rules and structures that are coordinated in such a way as to be functional to the performance of the Bank's activities and the pursuit of its strategies aimed at sustainable development. This is achieved through the transparent and effective management of internal relations between the various bodies and functions of the Company and between the Company and its shareholders, investors and other stakeholders relevant to the Bank (such as people, companies and their communities, employees and vendors).

The Bank's adherence to the Corporate Governance Code – which fully embraces the Principles and Recommendations of the Code and of the Italian Corporate Governance Committee – is reflected in the balanced composition of the corporate bodies, the equitable distribution of powers, the clear distinction of roles and responsibilities, the prevention of conflicts of interest, and organisational principles based on the effectiveness of controls, the identification and monitoring of all corporate risks, the adequacy of information flows, as well as corporate social responsibility and its Sustainability.

Neither BMPS nor its strategically significant subsidiaries are subject to non-Italian law provisions that influence the corporate governance structure of BMPS itself.

Considerations on the letter of the Chairperson of the Italian Corporate Governance Committee

In its letter of 17 December 2024, the Chairperson of the Italian Corporate Governance Committee provided listed companies with the main general guidelines for the application of the Corporate Governance Code, which resulted from the Committee's analysis of the corporate governance reports (referring to 2023) published by issuers ("2024 Report"). The letter also included a number of Recommendations for 2025 ("2025 Recommendations") and reiterated the invitation for companies to provide adequate disclosure and, where applicable, an explanation of any non-compliance with the Code's recommendations, in accordance with the "comply or explain" principle, as clearly set out in the Code's introduction.

At its meeting of 14 March 2025, the Board of Directors, with the support of the Risk and Sustainability Committee, confirmed the substantial compliance of the Bank's corporate governance model with the Principles and Recommendations of the Corporate Governance Code and with the guidelines contained in the 2025 Recommendations.

The findings of the Board's analysis of the 2024 Report and the 2025 Recommendations are detailed in the specific sections of this Report, listed below:

2025 Recommendations	Findings
Completeness and timeliness of pre-meeting information The Committee invites companies to provide all relevant information on the applica tion of Recommendation 116 , taking into account that failure to set deadlines for the prior submission of information to the Board and its Committees, and/or the absence of information on actual compliance with the deadlines, and/or the inclusion – wheth er in the Board's Regulation or adopted practices – of exceptions allowing delays for reasons of confidentiality may constitute non-compliance with Recommendation 11 of the Code. In the event of non-compliance, companies are encouraged to clearly state this in the corporate governance report, explaining the reasons for the non-compliance, how the decision to depart from the recommendation has been made within the company, and how they intend to ensure compliance with Principle IX7 of the Code.	See Sections: 4.4 - Functioning of the Board of Directors. 6 – Board Committees.
Transparency and effectiveness of the remuneration policy The Committee invites companies to provide all relevant information on the appli cation of Recommendation 278 , taking into account that the inclusion of variable remuneration components linked to general sustainability objectives without spec ifying clear measurement parameters and/or the granting of one-time extraordinary pay-outs without identifying their nature, objectives and appropriate decision-making procedures may constitute non-compliance with Recommendation 27 of the Code. In the event of non-compliance, companies are encouraged to clearly state this in the corporate governance report, explaining the reasons for the deviation, how the decision to depart from the recommendation has been made within the company, and how they intend to ensure compliance with Principle XV9 of the Code.	See Section 8 – Remuneration of Directors and Remuneration Policy Report – Remuneration Committee. The Remuneration Policy Report is published on the website www.gruppomps.it/en/ – Remuneration.
Executive Role of the Chairperson The Committee invites companies to provide all relevant information on the appli cation of Recommendation 410, keeping in mind that the absence of a well-reasoned explanation for the delegation of significant managerial powers to the Chairperson (whether or not the Chairperson is also the CEO) may constitute non-compliance with Recommendation 4 of the Code. In the event of non-compliance, companies are encouraged to clearly state this in the corporate governance report, explaining the reasons for the deviation, how the decision to depart from the recommendation has been made within the company, and how they intend to ensure compliance with Principles V11 and X12 of the Code.	See Section 4.5 – Role of the Chairperson. This recommendation does not apply to the Bank (the Supervisory Corporate Governance Provisions require the Chairperson of the Board of Directors to hold a non-executive role and not perform any managerial functions, even in practice).

6 The board of directors adopts regulations that set out the operating rules for the board itself and its committees. These regulations include procedures for taking minutes and managing the flow of information to directors. The procedures specify deadlines for the prior submission of information and measures to protect the confidentiality of data and information exchanged, in order to ensure that the timeliness and completeness of the flow of information are not compromised.

The report on corporate governance provides adequate information on the main contents of the board of director's internal rules and on compliance with the procedures aimed at ensuring the timeliness and adequacy of the information provided to the directors.

7 The board of directors defines the rules and procedures for its functioning, ensuring an efficient flow of information to directors.
8 The remuneration policy for executive directors and the top management defines:

a) a balance between the fixed and the variable component which is consistent with the company's strategic objectives and risk management policy. Consistency is assessed taking into consideration the business's characteristics and the industry of the company. The variable component has in any case a significant weight on the overall remuneration; b) caps to the variable components; c) performance objectives, to which is linked the payment of the variable components, that are predetermined, measurable and predominantly linked to the long-termhorizon. They are consistent with the company's strategic objectives and with the aim of promoting its sustainable success and includes non-financial parameters, where relevant; d) an adequate deferral of a significant part of the variable component that has been already accrued. Such a deferral period is consistent with the company's business activity and its risk profile; e) provisions that enable the company to recover and/or withhold, in whole or in part, the variable components already paid-out or due, where they were based on data which subsequently proved to be manifestly misstated. The company can identify other circumstances in which such provisions are applied; f) clear and predetermined rules for possible termination payments, establishing a cap to the total amount that might be paid out. The cap is linked to a certain amount or a certain number of years of remuneration. No indemnity is paid out if the termination of the office is motivated by director's objectively inadequate results.

9 The remuneration policy for directors, members of the control body, and top management contributes to the pursuit of the company's sustainable success and takes into account the need to have, retain, and motivate people with the competence and professionalism deemed adequate for their role.
10 The board of directors defines the delegation of managerial powers and identifies who among the executive directors holds the position of chief executive officer. If the chair is entrusted with the position of chief executive officer or with significant managerial powers, the board of directors explains the reasons for this choice.
11 The board of directors is comprised of executive and non-executive directors. All directors ensure professional skills and competence that are appropriate to their tasks.
12 The chair of the board of directors plays a liaison role between executive and non-executive directors and ensures the effective functioning of the board.

4. Board of Directors

4.1 Role of the Board of Directors

The Board of Directors leads the Bank while pursuing Sustainable Success, with a view to improving the long-term financial performance as well as the social and environmental impact of the Bank's and the Group's business activity.

The Board is vested with all powers of ordinary and extraordinary administration, in compliance with the powers assigned to the Shareholders' Meeting and those conferred on it by law, regulations, the By-Laws, and its own internal Regulation, according to the distribution of powers delegated by the Board itself and, in general, on the basis of the proposal-making powers conferred on the Chairperson, the Chief Executive Officer (if appointed) and the General Manager.

The Board carries out its functions with the support of Board Committees – the Risk and Sustainability Committee, the Nominations Committee, the Remuneration Committee, the Related-Party Transactions Committee, and the IT and Digitalisation Committee – which oversee matters assigned to them by their respective regulations and applicable laws.

Exclusive powers of the Board

Under its exclusive powers (which may not be delegated), the Board of Directors:

defines and approves the business model, the strategic guidelines for the Bank and the Group, the respective business and financial plans as well as the strategic transactions, integrated with the environmental, social and governance sustainability profiles relevant for the generation of long-term value and the pursuit of Sustainable Success (see Section 1);
periodically monitors the correct and consistent implementation of the strategic guidelines and business plan in relation to the developments in company management and in the external context of reference, such as the competitive and regulatory scenario; at least every quarter, and also when the Company's and the Group's financial results are presented, it assesses the general operating performance, taking into account the information received from the Chief Executive Officer and the delegated bodies and based on a comparison of the results achieved against those that were forecast;
prepares the draft financial statements¹³ and submits it to the Shareholders' Meeting;
defines the Risk Appetite Framework ("RAF"), i.e., the risk appetite, the tolerance thresholds, the risk limits, the risk governance policies (detection, management and assessment over time) as well as the relevant processes in line with the maximum level of risk that can be assumed, the business model and the approved strategic plan (on this subject, please refer to Section 9);
determines the principles for the general organisation of the Bank, approving (and amending) its organisational structure and main internal regulations, and monitoring their adequacy over time; it ensures on an ongoing basis that tasks and responsibilities are assigned in a clear and appropriate manner, through the definition of a general organisational model and appropriate delegation procedures; it expresses the general guidelines for the structure and operations of the Banking Group, determining the criteria for the coordination and management of the subsidiaries belonging to the same Banking Group, as well as for the implementation of the instructions issued by the Bank of Italy;
defines and approves the guidelines of the internal control system, verifying its adequacy, coherence, functionality, efficiency and effectiveness in compliance with the applicable supervisory regulations, in line with the strategic plan, the RAF, the ICAAP/ILAAP¹⁴ and the budget, taking timely corrective measures in the event of deficiencies and anomalies;
approves the accounting and reporting system (on this subject, please refer to Section 9.7);
has general responsibility for setting guidelines for and controlling the information system;

¹³ Starting from 2024, the Bank's Annual Financial Report includes the Sustainability Report, which replaces the Non-Financial Statement (as previously required by Legislative Decree 254/2016, now repealed).

¹⁴ ICAAP - Internal Capital Adequacy Assessment Process, ILAAP - Internal Liquidity Adequacy Assessment Process.

• establishes the Committees with advisory and proposal-making duties towards the Board (with regard to the Board Committees: Risk and Sustainability Committee, Nominations Committee, Remuneration Committee, IT and Digitalisation Committee and Related-Party Transactions Committee - please refer to Sections 6,7, 8, 9 e 10);
resolves on the appointment and removal from office of the General Manager and one or more Deputy General Managers (including the Acting Deputy General Manager, if any) and the Managers in charge of the Internal Audit, Compliance, Risk Control and Anti-Money Laundering Functions (after consulting the Board of Statutory Auditors), adopting all measures relating to their legal and economic status, as well as the appointment of the Managers in charge of the Key Corporate Functions, as defined by the regulations in force at the time15, for which appointment by the Board is required;
resolves on the appointment and removal from office of the Employer for the protection of health and safety at work, based on the criteria laid down by law;
makes decisions with regard to the transactions of the Bank and, as Parent Company, of its subsidiaries (in this case through the "Parent Company's prior opinion" tool) concerning relevant matters16 (matters that have a significant strategic, economic, capital or financial relevance, entailing the assumption of additional risks and for all other matters governed/identified as such by the By-Laws of the Parent Company and the subsidiaries and by Group regulations)17;
approves major transactions with related parties or minor transactions falling within the competence of the Board of Directors (on this subject, please refer to Section 10);
supervises the public disclosure process as well as the communication of the Bank's and the Group's corporate information, with particular regard to inside information (on this subject, please refer to Section 5), and promotes dialogue with shareholders and other relevant stakeholders of the Bank, taking also account of the rules and criteria established by corporate regulations, its own internal Regulations and its specific Policy for Dialogue with the Bank's shareholders and investors (current and potential), regarding which additional information is provided in Sections 5 and 12).

Activities in 2024

During the Year, the Board of Directors exercised its powers with the support of the Board Committees for matters within their respective areas of responsibility, as described in the relevant sections of the above Report.

¹⁵ Pursuant to MEF Decree no. 169/2020, the "Heads of the key corporate functions" are: the Heads of the anti-money laundering function, the regulatory compliance function, the risk control function and the internal audit function (as defined by the provisions on internal controls issued pursuant to Article 53 of the Consolidated Law on Banking) and the Chief Financial Officer of the company, as well as, where present and if different from the latter, the Financial Reporting Officer as provided for in Article 154-bis of the Consolidated Law on Finance.

¹⁶ The By-Laws (Article 17, paragraph 1) in particular, reserves to the Board the power to resolve upon mergers by incorporation of companies entirely owned or held with a share of at least 90% of the capital (see Articles 2365, 2505 and 2505-bis of the Italian Civil Code), as well as the establishment and closing of secondary offices, and any adjustment to the By-Laws in order to comply with regulations. The Board of Directors is also responsible for deciding on the acquisition and disposal of strategic shareholdings or shareholdings involving changes in the banking group or business units.

¹⁷ The "Group's Operational Governance Regulation" approved by the Board of Directors, governs – in close synergy with the other internal regulations – the strategic and operational responsibilities of the Parent Company and the Group Companies with regard to corporate processes, operational procedures and the circulation of information flows, in order to ensure that common objectives are achieved in compliance with the legal autonomy of the Group companies and the principles for their proper corporate and business management.

Meetings of the Board of Directors in 2024

Meetings of the Board of Directors in the period 2022-2024

(*)Information on each Director's attendance at the meetings of the Board of Directors in 2024 is provided in the section Tables – Table no. 1 – Structure of the Board of Directors (1 January – 31 December 2024).

4.2 Appointment and replacement (as per Article 123-bis, paragraph 1, letter l) of the TUF)

The Ordinary Shareholders' Meeting appoints the Board of Directors and determines the number of its members, which cannot be less than nine or more than fifteen, on the basis of lists of candidates submitted by the shareholders in accordance with the procedure and methods set out in Article 15 of the By-Laws, as described below.

Directors' term of office is three years and expires on the day of the shareholders' meeting called to approve the financial statements of the most recent financial year of their term. Directors may be re-appointed for a maximum of two consecutive terms after the first one, with the exception of the Chief Executive Officer/Chief Executive Officers.

Directors may be removed from office by the Shareholders' Meeting at any time, subject to the director's right to compensation for damages, if his/her removal is without just cause.

In the event that the majority of directors terminate their office, the entire Board of Directors shall be deemed to have resigned, with effect from the date the new Board is re-established.

Presentation of the lists of candidates

Only shareholders that, either individually or together with other shareholders, collectively hold shares representing at least 1% of the Company's share capital with voting rights at the Ordinary Shareholders' Meeting, or a different percentage required by applicable regulations are entitled to submit lists of candidates for the office of director¹⁸.

The By-Laws do not include any provisions allowing the outgoing Board of Directors to submit a list of candidates for the election of the Board Members.

Each shareholder may submit or contribute to the submission of one list only and each candidate may stand for election in one list only, under penalty of ineligibility.

18 The quota set by Consob for 2024 is 1% of the Bank's share capital.

When drawing up the lists, shareholders are required to comply with the criteria set out in Article 15 of the By-Laws, ensuring that the composition of the new Board includes:

gender balance: the lists must include candidates of different genders, in accordance with the legislation in force at the time19;
an adequate number of independent directors: in each list, at least two specifically named candidates or the only candidate or, in the case of lists with more than six (6), at least one third20 (or the higher percentage provided for by the laws, regulations and Corporate Governance Code in force at the time), must meet the independence requirements²¹ established by the applicable laws and regulations in force and the additional ones provided by the Code.

The notice convening the Shareholders' Meeting states the deadline for submitting the lists of candidates to the Company and the deadline for their publication; it further specifies, from time to time, the documents that must be submitted to the Company together with the lists in accordance with the law, including the regulations in force from time to time. The lack of documentation regarding an individual candidate on a list does not automatically result in the exclusion of the entire list, but only of the candidate concerned.

For further details on the minimum requirements for candidates, please refer to Article 15 of the By-Laws published on the website www.gruppomps.it/en – Corporate Governance – Governance Model.

Lists submitted that do not comply with the By-Laws cannot be voted.

Election of directors

Each shareholder entitled to vote may vote for only one list.

In accordance with Article 15 of the By-Laws, the Board of Directors is elected as follows:

a) the number of Directors to be elected, less three, or the minimum number of directors which exhausts all the candidates included in the same list, shall be drawn from the list obtaining the majority of the votes expressed in the progressive order in which they appear on that list;
b) the remaining directors shall be drawn from the other lists using the so-called "quotients", which are calculated by dividing the total number of votes obtained by each list by the numbers one, two, three, four, etc., according to the number of directors still to be elected. The quotients thus obtained shall be assigned to the candidates of each list according to their related order. The quotients assigned to the candidates of the various lists shall be listed in descending order. The candidates obtaining the highest quotients shall be elected.

If several candidates have obtained the same quotient, the candidate of the list that has not yet elected a director or that has elected the lowest number of directors shall be elected.

Minority representation

Notwithstanding the previous provisions, at least one director must be selected from the minority list that obtained the highest number of votes and that is not connected, directly or indirectly, with the parties who submitted or voted for the list that obtained the highest number of votes.

For the allocation of the directors to be elected, the Bank's By-Laws do not provide for the exclusion of the lists that have not obtained a percentage of votes equal to at least half the one required by the By-Laws for the presentation of such lists (a provision set forth in Article 147-ter, Paragraph 1 of the TUF), i.e. at present, at least 1% of the share capital of the Bank with voting rights in the ordinary Shareholders' Meeting (or the different percentage applicable under the rules in force).

20 Rounded up if the quota of one third does not correspond to a whole number.

¹⁹ The regulations on gender balance (Articles 147-ter and 148 of the TUF and Articles 144-undecies.1 of Consob's Issuer Regulation) establish that the lessrepresented gender must make up at least two fifths of the members of the management and control bodies of listed companies.

²¹ Pursuant to Article 15 of the By-Laws, the independence requirements are those established by Article 147-ter and Article 148, paragraph 3, of the TUF, Article 13 of MEF Decree No. 169/2020, and Article 2 of the Corporate Governance Code.

Independent directors

If, as a result of the voting, at least one third (or the higher percentage provided by the laws, regulations and the Corporate Governance Code in force at the time) of the directors that meet the independence requirements set by the regulations have not been appointed, the required number of last non-independent directors shall be replaced with independent candidates - drawn from the same lists of the replaced candidates - who have obtained the highest quotient.

The candidate replaced for the purpose of allowing the appointment of the minimum number of independent directors shall in no case be drawn from the minority list which obtained the majority of votes and no way be linked, directly or indirectly, with the parties that submitted or voted the list which obtained the majority of votes. In this case, the non-independent candidate which ranked last but one by quotient achieved shall be replaced.

Gender balance

If application of the foregoing procedures does not ensure compliance with the current regulations in force on gender balance, the quotient of votes to be assigned to each candidate from the lists shall be calculated by dividing the number of votes obtained by each list by the progressive number of listing of each candidate. The candidate of the most represented gender with the lowest quotient among the candidates taken from all the lists is replaced by the candidate of the least represented gender who has obtained the highest quotient in the same list as the replaced candidate. If candidates from different lists have obtained the same quotient, the candidate of the list with the highest number of directors, or the candidate from the list with the lowest number of votes or, at a parity of votes, the candidate obtaining the lowest number of votes from the Shareholders' Meeting during a specific voting, shall be replaced.

Supplementary appointment measure

In the event of application of the above procedures, should the number of directors necessary to comply with the minimum number of independent directors and of directors of the least represented gender not be appointed due to an insufficient number , the Shareholders' Meeting shall appoint the missing directors by resolution approved by simple majority on the basis of the candidatures proposed, there and then, primarily by the parties that submitted the list of the candidate or candidates to be replaced.

For the appointment of directors who, for any reason whatsoever, are not appointed in accordance with the procedure described herein, the Shareholders' Meeting shall decide in accordance with and by the majorities provided by law, without prejudice to the criteria set forth in the regulations in force and in the By-Laws regarding independent directors and gender balance.

Replacement of directors during their mandate

In the event of the replacement of a Director during his or her term of office, the list voting procedure provided for the renewal of the Board of Directors does not apply. The appointment may be made by resolution of the Shareholders' Meeting or by co-optation by the Board of Directors in accordance with Article 2386 of the Italian Civil Code, always ensuring compliance with the principles of minority representation, gender balance, the required fit and proper requirements and consistency between the overall qualitative and quantitative composition considered optimal ex ante in the Board's guidelines and the actual composition resulting from the appointment process, with particular attention to the contribution of skills, expertise and diversity requirements.

The appointment process during the term of office involves the activation of the "Succession Plans for Directors" adopted by the Bank for the positions of CEO/Chairperson/Independent/Non-Executive Director, as described in section 7 of the Report. In order to facilitate succession in the event of the replacement of Directors during their term of office, the Board of Directors has approved a number of proposed amendments to Article 15 of the By-Laws aimed at simplifying the process of co-opting new Directors. These proposals will be submitted to the Shareholders' Meeting scheduled for 17 April 2025, subject to prior approval by the Supervisory Authorities.

Report on Corporate Governance and the Shareholding Structure 2024 - 4. Board of Directors

Shareholders' Meeting of 20 April 2023 – renewal of the corporate boadies for the period 2023-2025

In line with the Supervisory Provisions and the recommendations of the Corporate Governance Code (Recommendation 23), during the Shareholders' Meeting for the renewal of corporate bodies on 20 April 2023, the outgoing Board of Directors, with the support of the Nominations Committee, approved on 19 January 2023, the document "Guidelines of the Board of Directors of Banca Monte dei Paschi di Siena S.p.A. to Shareholders on the size and composition of the new Board of Directors" - the "Board Guidelines").

The Board Guidelines of the outgoing Board of Directors, prepared taking into account the results of the periodic self-assessment carried out by the Board of Directors, were published on the Company's website on 2 March 2023, well in advance of the Shareholders' Meeting. This was done in order to assist shareholders in the selection of candidates for the Board of Directors to be included in the lists to be submitted to the Shareholders' Meeting, with the aim of facilitating the appointment of a new Board of Directors with an appropriate composition in terms of size and diversity, both quantitatively and qualitatively, ensuring the presence of the managerial and professional figures deemed necessary for the sound and prudent management of the Bank and in line with its strategic objectives. In the explanatory reports of the Board of Directors, drawn up in accordance with Article 125-ter of the TUF with regard to the items on the agenda of the Shareholders' Meeting of 20 April 202322, shareholders were invited to submit their candidates in accordance with the recommendations contained in the Board Guidelines for the preparation of candidate lists (without prejudice, of course, to the possibility for shareholders to make their own independent assessments) and to justify any differences with the analyses carried out by Board of Directors. Shareholders were also asked to indicate their preferred candidate for the position of Chairperson of the Board of Directors.

The shareholders submitted three (3) candidate lists for the position of director of the Bank.

In accordance with the criteria laid down in the By-Laws, the law and the regulations to ensure the presence of directors expressed by minority shareholders, gender diversity, and the minimum number of independent directors, the twelve candidates from the majority list (list no. 1) submitted by the Ministry of Economy and Finance ("MEF") and the three candidates from the minority list obtaining the second highest number of votes (List no. 2), submitted by institutional investors, were elected as members of the new Board of Directors, as shown in information provided in the following table.

²² "Appointment of the members of the Board of Directors for financial years 2023-2024-2025; related and consequent resolutions" (item 6 on the agenda of the Shareholders' Meeting) and "Appointment, among the members of the Board of Directors, of the Chairperson and Deputy Chairpersons in the number resolved by the Shareholders' Meeting; related and consequent resolutions" (item 7 on the agenda of the Shareholders' Meeting).

Details of the resolutions adopted by the Shareholders' Meeting with regard to the three lists of candidates proposed by the shareholders for the renewal of the Board of Directors.

List of candidates23	Shareholder	Candidates	Votes obtained by the list at the Shareholders' Meeting
List no. 1 - majority list24	Ministry of Economy and Finance, hold er of 809,130,220 shares (64.23% of the share capital ).	Maione Nicola, Lovaglio Luigi, Lucantoni Paola, Negri-Clementi Anna Paola, Mar tiniello Laura, Visconti Donatella, Bran cadoro Gianluca, Foti Belligambi Lucia, Lombardi Domenico, Fabris De Fabris Paolo, Sala Renato e Di Stefano Stefano.	Total votes 840,898,303, accounting for 80.977787% of the shares entitled to vote and counted and 66.754400% of the share capital. All the candidates were elected.
List no. 2 - minority list25	List submitted by investment fund man agers, holding a total of 17,401,244 shares (1.38139% of share capital).	Giorgino Marco, Barzaghi Alessandra Gi useppina e De Martini Paola.	Total votes 157,937,995, accounting for 15.209294% of the shares entitled to vote and counted and 12.537849% of the share capital. All the candidates were elected.
List no. 3 - minority list	Fondazione Monte dei Paschi di Siena, Compagnia di San Paolo, Fondazione Cariplo, Fondazione Cassa dei Risparmi di Forlì, Fondazione Cassa di Risparmio di Cuneo, Fondazione Cassa di Rispar mio di Firenze, Fondazione Cassa di Risparmio di Lucca, Fondazione Cassa di Risparmio di Pistoia e Pescia, Fon dazione Cassa di Risparmio di Torino, Fondazione di Sardegna, holding a total of 29,037,771 shares (2.305% of share capital ).	Gabbi Giampaolo, Patrini Donata Paola, Perrone Andrea Paolo, Guglielmetti An tonella.	n. 39.531.994 voti, pari al 3,806897% delle azioni ammesse e computate nel voto e al 3,138233% del capitale sociale. No candidate was elected.

On 18 May 2023, the new Board of Directors appointed by the Shareholders' Meeting verified that each Director met the necessary Suitability Requirements for bank officers, in accordance with the process described in Section 4.3 below. In addition, the Board assessed the appropriateness and consistency of the overall composition of the new Board of Directors against the qualitative and quantitative composition set out in the Board Guidelines of the outgoing Board, taking account of the contribution of managerial skills, professionalism, independence and diversity requirements, compliance with the limits on the accumulation of offices and the time commitment appropriate to the performance of the role.

For further details on the appointment of the Board of Directors elected for the period 2023-2025 by the Shareholders' Meeting of 20 April 2023, please refer to the documents published on the website www.gruppomps.It/en – Shareholders' Meetings and BoD.

25 On 13 November 2023, the Director Marco Giorgino resigned from his position as Director of the Bank.

²³ On 27 March 2023, the Board of Directors, in compliance with Article 148, paragraph 2 of the TUF and Article 144-quinquies of the Consob Issuer Regulation, and taking into account the recommendations contained in Consob's Notification DM/9017893 of 26 February 2009, declared that, to the best of the Bank's knowledge, there is no relationship of affiliation pursuant to the above legislation, between the persons who submitted the so-called "minority lists" for the election of the Board of Directors (identified above as List no.2 and List no.3) and the controlling shareholder MEF (which holds a controlling interest of 64.23% of the Bank's share capital).

²⁴ On 17 December 2024, the Directors Fabris De Fabris Paolo, Foti Belligambi Lucia, Martiniello Laura, Negri-Clementi Anna Paola and Visconti Donatella resigned from their positions.

Report on Corporate Governance and the Shareholding Structure 2024 - 4. Board of Directors

4.3 Composition (as per Article 123-bis, paragraph 2, letter d) and d-bis) of the TUF)

The current Board of Directors was appointed by the Shareholders' Meeting of 20 April 2023, with 15 members, for the years 2023-2024-2025 and will remain in office until the Shareholders' Meeting that approves the financial statements for the financial year 2025.

At the Shareholders' Meeting of 11 April 2024, Raffaele Oriani was appointed as a new Director of the Bank, following a proposal by some minority shareholders, replacing Marco Giorgino, who had resigned.

On 17 December 2024, the independent Directors Paolo Fabris De Fabris, Lucia Foti Belligambi, Laura Martiniello, Anna Paola Negri-Clementi and Donatella Visconti, who had been nominated in List No. 1 submitted by the Ministry of Economy and Finance at the renewal of the Board of Directors in April 2023, resigned from their positions.

At the meeting of the Board of Directors held on 27 December 2024, five new Directors were co-opted pursuant to Article 2386 of the Italian Civil Code, with unanimous approval and a favourable opinion from the Board of Statutory Auditors. The new directors are Alessandro Caltagirone, Elena De Simone, Marcella Panucci, Francesca Paramico Renzulli and Barbara Tadolini.

The table below shows the Directors in office at the date of this Report.

	Board member	Office		Board member	Office
1	Maione Nicola (*)	Chairperson	9	Lombardi Domenico (*)	Director Chairperson of the Nominations Committee Member of the Risk and Sustainability Committee Member of the Related-Party Transactions Committee
2	Brancadoro Gianluca (*)	Deputy Chairperson Chairperson of the Remuneration Committee	10	Lucantoni Paola (*)	Director Member of the Risk and Sustainability Committee Member of the IT and Digitalisation Committee
3	Lovaglio Luigi	Chief Executive Officer (CEO) General Manager	11	Oriani Raffaele (*)	Director Chairperson of the IT and Digitalisation Committee Member of the Related-Party Transactions Committee
4	Barzaghi Alessandra (*)	Director Chairperson of the Risk and Sustainability Committee Member of the IT and Digitalisation Committee	12	Panucci Marcella (*)	Director Member of the Remuneration Committee Chairperson of the Related-Party Transactions Committee
5	Caltagirone Alessandro (**)	Director Member of the Nominations Committee Member of the Remuneration Committee	13	Paramico Renzulli Francesca (*)	Director Member of the Nominations Committee Member of the IT and Digitalisation Committee
6	De Martini Paola (*)	Director Member of the Nominations Committee	14	Sala Renato (*)	Director Member of the Nominations Committee Member of the Remuneration Committee Member of the Related-Party Transactions Committee
7	De Simone Elena (**)	Director Member of the Remuneration Committee Member of the IT and Digitalisation Committee	15	Tadolini Barbara (*)	Director Member of the Risk and Sustainability Committee Member of the Related-Party Transactions Committee
8	Di Stefano Stefano	Director Member of the Risk and Sustainability Committee

(*) Director who meets the independence requirements established by Article 15 of the By-Laws: independence requirements set out by Article 147-ter and Article 148, paragraph 3 of the TUF, Article 13 of MEF Decree no. 169/2020 and Article 2 of the Corporate Governance Code. (**) Director who only meets the independence requirements set out by Articles 147-ter and 148, paragraph 3 of the TUF. All members of the Board of Directors, with the exception of the Chief Executive Officer, are non-executive Directors, as defined in section 4.6.

Suitability requirements for bank directors

In order to ensure the sound and prudent management of the Bank, all directors must, under penalty of ineligibility or forfeiture, meet the "Suitability Requirements" for the performance of their duties as set out in the applicable regulations for listed banks in force from time to time26 as well as those set out in the By-Laws. These include the requirements of reputation, professionalism and independence, compliance with the standards of integrity27 and competence28, and have sufficient time to commit to the role in compliance with the limit on the number of directorships and the so-called ban on interlocking (which prohibits holding or exercising the positions of director, statutory auditor or general manager in competing companies or groups of companies active in the credit, insurance and financial markets).

All members of the Board of Directors must act with full independence of judgement and awareness of the rights and duties inherent in their office, in the interests of the sound and prudent management of the Bank and in compliance with the law and any other applicable regulations.

Specific skills or suitability profiles are also required by the EBA-ESMA Guidelines and the ECB Guide on the assessment of fit and proper requirements, taking into account the role, responsibilities and position of each director (e.g. for the role of Chairperson of the Board).

With regard to the overall composition of the Board of Directors, at least one third of its members must meet the independence requirements (so-called formal independence) in accordance with the criteria set out in Article 15 of the By-Laws. In addition, at least two-fifths²⁹ of the members of the Board of Directors must belong to the less represented gender. For further details, please refer to the section "Independence requirements for Directors".

Time Commitment for the role

As part of the Suitability Requirements assessment, the Board considers whether the Directors can devote sufficient time to fulfil their responsibilities on the Board and, where applicable, on the Board Committees ("Time Commitment").

To ensure that candidates for the role of Director can make informed decisions about their availability, the outgoing Board, with the assistance of the Nominations Committee, estimates the Time Commitment required. This estimate is set out in the Board's Guidelines on the ideal qualitative and quantitative composition of the Board, which is made available to shareholders intending to submit lists of candidates for Board renewal or to propose individual candidates in the event of a replacement.

The Group Directive on Suitability Requirements establishes specific criteria and a reference methodology30 for determining and continuously updating the Time Commitment required, both at Board level and for each Director. The Time Commitment is defined as the minimum time, expressed in working days per year, estimated as necessary to effectively perform the role.

26 The regulatory and self-regulatory framework applicable to the Bank with regard to the Suitability Requirements for Directors and Auditors includes: the CRD Directive and Regulation (EU) No. 575/2013 of the European Parliament and of the Council of 26 June 2013 relating to prudential requirements for credit institutions and investment firms (CRR), Article 26 of the Consolidated Law on Banking (TUB) and MEF Decree No. 169/2020; Articles 147-ter and 148 paragraph 3 of the Consolidated Law on Finance (TUF); Article 36 of Decree-Law No. 201/2011, converted into Law no. 214/2011 (so-called ban on interlocking); "Guide to fit and proper assessments" issued by the ECB; "Guidelines on the assessment of the suitability of members of the management body and key function holders" issued by EBA-ESMA; Internal governance guidelines issued by the EBA; Supervisory Corporate Governance Provisions for banks and the "Supervisory provisions on the procedure for assessing the suitability of corporate officers of banks, financial intermediaries, electronic money institutions, payment institutions, and deposit guarantee schemes" issued by the Bank of Italy on 4 May 2021 ("Supervisory provisions on the procedure for assessing the suitability of bank officers of the Bank of Italy of 4 May 2021"); the By-Laws; Principles and Recommendations of the Corporate Governance Code; Regulation of the Board of Directors; "Internal Regulation on the Self-Assessment Process"; "Guidelines on the management of regulatory requirements for assessing the eligibility of Corporate Officers and Heads of Key Functions" ("Group Directive on Suitability Requirements"); Policy on Diversity of Corporate Bodies; Guidelines on the Qualitative and Quantitative Composition of the Board of Directors.
27 The integrity criterion requires the Board to assess the personal and professional conduct, including past behaviour, of the Corporate Officer on the basis of all relevant information provided directly by the candidate and any other reasonably available information at the Bank's disposal. The Board must also consider any other factors that may indicate the Officer's unsuitability to ensure the sound and prudent management of the Bank, safeguard its reputation, and maintain public confidence. This includes, but is not limited to, any serious misconduct in business dealings or interactions with Supervisory Authorities that have resulted in judicial and/or administrative proceedings, as well as any sanctions or restrictive measures imposed in connection with professional activities or positions held.
28 With regard to the competence criterion, the Board evaluates the experience of each Corporate Officer in terms of theoretical knowledge acquired through education, training, and academic positions, as well as practical expertise gained from previous employment and roles. This assessment takes into account relevant qualitative and quantitative elements, including the specific areas and duration of experience, to verify the adequate composition and collective diversification of the Board. Such evaluation aligns with the Bank's management needs, operational complexity, and size, while also taking into account its key risks and strategic objectives at both Bank and Group level.
29 The minimum threshold established by the gender balance regulations in force since 1 January 2020 (Articles 147-ter and 148 of the TUF and Article 144-undecies.1 of the Consob Issuers' Regulation) members of the management and control bodies of listed companies. Recommendation 8 of the Code requires that at least one third of the members of these corporate bodies belong to the less-represented gender. The Supervisory Provisions on the Corporate Governance of Banks require that the number of members of the less-represented gender should account for at least 33% of the members of the Board (rounded down to the nearest whole number if the first decimal is equal to or less than 5).
30 Criteria considered include the estimated time required to prepare for the meeting, the role of the corporate officer, and the time required for induction and/or ongoing and general training.

Each Director is responsible for reviewing and declaring his or her availability to meet the required Time Commitment and must promptly inform the Board of any changes that occur during his or her term of office. The Board periodically assess whether the actual time dedicated by the Corporate Officers to their role with BMPS remains appropriate and may require them to reassess their availability if necessary.

Limits on the number of directorships held by Directors

In accordance with Recommendation No. 15 of the Corporate Governance Code, which requires the Board of Directors to establish specific guidelines for limiting the number of directorships held by its members, the Board of Directors has incorporated into its own Regulations the criteria set out in Article 17 of MEF Decree No. 169/2020. These criteria apply to banks having a significant size and operational complexity, such as BMPS.

Independence requirements for Directors

According to the criteria set out in Article 15 of the By-Laws, independent Directors are those Directors who, in addition to possessing independence of mind (a requirement for all Directors), meet the independence requirements established by the applicable legal and regulatory provisions in force from time to time, as well as the additional independence requirements set out in the Corporate Governance Code (so-called formal independence). As of now, this includes directors who meet the independence requirements established under Articles 147-ter and 148 paragraph 3 of the TUF, Article 13 of MEF Decree No. 169/2020 and Article 2 (Recommendation 7) of the Corporate Governance Code.

In order to identify relationships that may be relevant to the assessment of both formal independence and independence of mind, each Director is required to declare, by means of a specific questionnaire, any circumstances that he/she considers may materially affect his/her independence of mind. This enables the Board to make the necessary assessments and decisions in accordance with applicable regulations.

As part of the independence assessment, the Board specifically evaluates so-called Significant Relationships arising from the circumstances described in Article 13, paragraph 1, letter h) of MEF Decree No. 169/2020 and Recommendation 7 (Article 2) of the Corporate Governance Code. These include direct or indirect relationships31 - whether current or occurring within the three financial years prior to taking office – related to self-employment or employment relationships or other commercial, financial, investment or professional relationship – even if not on an ongoing basis – with the Bank or its executive officers or its Chairperson or Top Management; with the Bank's subsidiaries or their executive officers or Chairpersons, or with a Significant Shareholder of the Bank or its executive officers, Chairperson or Top Management.

In assessing the materiality of Significant Relationships, the Board takes into account the following information provided by the Corporate Officer, as set out in the Group Directive on Suitability Requirements:

for financial/investment relationships, including direct or indirect lending relationships³²: their size and specific characteristics, their weight versus the system data (for credit exposures) and, where applicable, the economic and financial situation of the borrower/individual concerned;
for commercial and professional relationships: the nature of the transaction/relationship, the amount of the consideration/annual turnover of the individual concerned and, where applicable, their ratio to the overall annual turnover and/ or the overall activity carried out and/or the annual costs incurred by BMPS and/or the Montepaschi Group for similar contractual relationships or comparable positions;
the current payment, or payment in the three previous financial years, of significant additional remuneration by the Bank, a subsidiary or the parent company, on top of the fixed remuneration paid for the office and for the participation in committees as recommended by the Corporate Governance Code or as provided for by applicable regulations.

The Board also considers specific materiality and significance thresholds - as defined and introduced in the Group Directive on Suitability Requirements in 2024 - below which it can be reasonably deemed that the identified Significant Relationships do not jeopardize a Director's independence. It also takes account of tolerance thresholds, above which such relationships are considered material for independence purposes.

For further details on the Board of Directors' independence assessment, please refer to section 4.7.

³¹ E.g. through subsidiaries, trust companies, intermediaries or on the basis of agreements in any form whatsoever entered into, the purpose or the effect of which is the concerted exercise of the relevant rights of control; or through companies of which he/she is an executive director, or a partner in a professional firm or consulting company.

³² Exposures related to "companies controlled" by the Corporate Officer or a "close family member" (for the definitions of "close family member" and "control", see the Bank of Italy Circular 285/13, Part III, Chapter 11).

Process of verifying the Suitability Requirements

The process of verifying the Suitability Requirements is conducted by the Board of Directors, with the support of the Nominations Committee, in compliance with the applicable regulatory and self-regulatory framework, as well as the Group Directive on Suitability Requirements.

The assessment is carried out at the time of the appointment of the Director (within 30 days of the shareholders' resolution or in advance in the case of an appointment by a non-shareholder, except in duly justified urgent cases) and throughout the term of office in the event of any subsequent developments³³. In any case, it is carried out at least once a year, coinciding with the overall self-evaluation process of the Board, as described in Section 7. The assessment is based on the information and documentation provided by the Director, verifying compliance with the necessary requirements and the absence of any incompatibilities. It also takes into account any other relevant and reasonably available information available to the Bank in accordance with the company rules and the Board of Directors' Regulation.

The results of the Suitability Requirements assessment of the Bank's Directors and those of the Group companies are disclosed to the public in accordance with the Consob Issuers' Regulation and the Corporate Governance Code. They are also subject to review by the Bank of Italy and the European Central Bank, in accordance with the Supervisory provisions on the procedure for assessing the suitability of bank officers of the Bank of Italy of 4 May 2021. In order to facilitate this process, the Group Directive on Suitability Requirements defines the information flows between the Parent Company and the relevant Group companies, ensuring effective coordination of the administrative procedures initiated with the Supervisory Authorities.

The Guidelines of the Board of Directors

As required by the Supervisory Corporate Governance and in compliance with the Corporate Governance Code, the Board, assisted by the Nominations Committee, determines the optimal qualitative and quantitative composition of the Board based on the results of its periodic self-assessment process. This process includes defining and justifying the theoretical profile of the Directors and setting diversity targets for the Board, which are documented in a specific report ("Board Guidelines"). The Board Guidelines set out the outgoing Board's recommendations to shareholders for the selection of individuals to be included in the slate of candidates to be nominated for election at the Shareholders' Meeting, whether for the renewal of the entire Board or for the appointment of individual directors. The objective is to ensure that the overall composition of the Board is qualitatively and quantitatively optimal for the effective fulfilment of the duties and responsibilities assigned to the Directors under applicable laws, regulatory requirements and the Company's By-Laws.

At the time of Board renewal, the outgoing Board Guidelines are published on the Bank's official website well in advance³⁴ of the notice convening the Shareholders' Meeting.

As part of the process of assessing the Suitability Requirements of newly appointed directors and conducting periodic self-assessments, the Board must also review the overall appropriateness and balanced diversification of its composition, as determined through the appointment or self-assessment process, against the pre-defined Board Guidelines.

The principles and objectives underlying the Board Guidelines are in line with Article 11 of MEF Decree No. 169/2020 and the Supervisory Corporate Governance Provisions, which require the following:

1) from a quantitative standpoint a number of members commensurate with the size and complexity of the bank's organisational structure, ensuring the board's effectiveness and avoiding an excessive number of members, while also providing effective oversight of all the company's operations in terms of management and control;
2) from a qualitative standpoint to properly fulfil its strategic oversight duties and responsibilities, the board must include directors who:
- are fully aware of the powers and obligations inherent in the functions that each individual is required to carry out (supervisory or management function, executive and non-executive functions, independent members);
- possess the professional requirements to perform the duties assigned to them, including roles within any board committees, in alignment with the bank's operational scale and complexity;

³³ If, after the appointment of the officers, there are any events which – in relation also to the bank's operating circumstances – affect the officer's situation, his/her role within the corporate organisation or the collective composition of the Board, the latter shall carry out a new assessment of the fit and proper requirements of the officers concerned, as well as the suitability of the Board's collective composition and its compliance with the maximum number of directorships that can be held.

³⁴ For the Shareholders' Meeting of 20 April 2023, which renewed the corporate bodies, the document was published on 2 March 2023. For the Shareholders' Meeting of 11 April 2024, which appointed a new director, the document was published on 8 March 2024.

- bring a broad and appropriately diversified range of skills across all members, in order to: foster robust internal debate and dialogue within the Board and Board Committees, encouraging a range of approaches and perspectives in the analysis of issues and decision making, while mitigating the risk of mere alignment with prevailing positions, whether internal or external to the bank; effectively support the company's processes for strategy development, business management, and robust risk governance across all areas of the bank, as well as oversight of senior management performance; take into account the multiple interests that contribute to the sound and prudent management of the bank;
dedicate adequate time and resources to the complexity of their task, subject to the compliance with the limitations on the plurality of offices as provided by applicable regulations;
address their action to the pursuit of the overall interests of the bank, regardless of the shareholders who voted for them or the list from which they are selected; they shall operate with independent judgment.

The establishment of the Board Guidelines is also an integral part of, and a tool for implementing, the Bank's diversity policy with regard to the collective composition of its corporate bodies (Board of Directors and Board of Statutory Auditors), as described in the sections below.

Activities in 2024

The Board of Directors of 6 May 2024, assisted by the Nominations Committee, confirmed the fulfilment of the Suitability Requirements for the newly appointed Director, Raffaele Oriani35, who was elected by the Shareholders' Meeting on 11 April 2024. The Board also assessed whether its overall composition, following his appointment, was in line with the Board Guidelines for the renewal of corporate bodies, published for the Shareholders' Meeting of 20 April 2023. These Guidelines were further supplemented by a recommendation to shareholders emphasising the opportunity to enhance the Board's experience and skills in information and communication technology (ICT).

The Board of Directors of 23 January 2025 verified the Suitability Requirements of the newly co-opted Directors - Alessandro Caltagirone, Elena De Simone, Marcella Panucci, Francesca Paramico Renzulli and Barbara Tadolini - appointed by the Board on 27 December 2024. The Board confirmed that the resulting collective composition continues to meet the established criteria for an appropriate structure and diversity within the Board.

Diversity and Inclusion Policy

With the adoption of its Code of Ethics, the Group has set out the principles and values to which its corporate bodies, employees, financial advisors and collaborators must adhere, thereby establishing itself as an important governance tool for promoting equal treatment and opportunities between genders across the entire corporate organisation.

The Code of Ethics values differences and promotes a culture of inclusion, recognising diversity as an essential asset and ensuring that all people are guaranteed the same opportunities regardless of age, sexual orientation, religious belief, gender, ethnicity or diverse abilities, fostering a working environment that is free from any form of discrimination. Its application is monitored and checked within the framework of the internal control system.

The Group has also developed concrete actions to support diversity and inclusion through an organizational model that is centred on the complexity and heterogeneity of the cultural environment: as of 2022 the Bank has adopted the corporate regulatory document "Rules on Inclusion", which, with the aim of valuing diversity and promoting an inclusive work environment, sets out the underlying principles that will guide development in the company as well as the main areas involving all BMPS people: selection, training, professional growth, assessment, remuneration policies, welfare, inclusive communication36 and termination of employment.

As of 2023, the "Group Sustainability and ESG Directive" defines responsibilities in the area of gender equality, diversity and inclusion; the "'Gender Equality Policy'" outlines the Bank's commitments in this regard, while the "Rules on Preventing and Combating Gender Harassment in the Workplace" set out the general principles and prohibited behaviours to ensure a work environment free from gender discrimination, violence and harassment (these documents are available on the Bank's website www.gruppomps.it/en - Sustainability). In addition, a key corporate document, the "Gender Equality Management System Policy" has been issued, detailing internal procedures to ensure compliance with gender equality rules. The operational management of these procedures is entrusted to various specialised Group functions.

³⁵ The Director was appointed to replace the resigning Marco Giorgino, based on a joint proposal from some institutional investor shareholders. For further details, please refer to the related document published on the website www.gruppomps.it/en – Shareholders' Meetings and BoD.

³⁶ Communication, which is a fundamental means of sharing company information, uses language that can help counteract the formation of stereotypes and prejudices and eliminate discrimination towards employees, customers and the general public. Effective peer-to-peer communication ensures that people are represented, listened to and treated equally in corporate media messages, respecting differences and promoting inclusion, in compliance with both the indications contained in EU Directive/54/2006 and the UN Convention on the Rights of Persons with Disabilities, which Italy has signed. In addition to these are the guidelines set out in the handbook "Gender neutrality in the language used in the European Parliament" (2008), which states: "Gender-neutral language is a generic term covering the use of non-sexist language, inclusive language or gender-fair language".

Through these and other initiatives, the Group continues its successful trajectory, which led to the achievement of the Gender Equality Certification in December 2023. This certification was reconfirmed in 2024 following a periodic maintenance audit by an independent certifying body.

Diversity Policy on the composition of Corporate Bodies

In February 2025, after consultation with the Nominations Committee, the Board of Directors adopted the "Diversity Policy on the composition of Corporate Bodies" ("Diversity Policy"). With this policy, the Bank has formalised its objectives, tools and criteria, which were already set out in the Company's By-Laws, the Group's Sustainability and ESG policies, the Suitability Requirements, the principles and recommendations of the Corporate Governance Code and relevant national and international regulations (for example, the MEF Decree, the Supervisory Provisions on Corporate Governance, the EBA-ESMA Guidelines and the ECB Guide) as well as the minimum threshold for the under-represented gender set by the TUF (Articles 147-ter, paragraph 1-ter and 148, paragraph 1-bis) to ensure gender balance.

The policy sets out the tools and criteria considered essential to ensure appropriate diversity within the Board (including its internal committees) and the Audit Committee. It recognises and promotes the benefits of diversity in all its aspects, including skills and experience, educational and professional background, gender, age, tenure, geographical and international representation and independence of its members.

Emphasising diversity helps to ensure equal opportunities for individuals regardless of age, sexual orientation, religious belief, gender, ethnicity or disability and promotes an environment free from discrimination. The policy encourages a collaborative and inclusive atmosphere within corporate bodies, where different perspectives, knowledge, skills, values and aspirations contribute to meaningful discussions. This diversity of viewpoints enhances critical debate and supports the effective functioning of boards by recognising and valuing the unique contributions of each member.

The Diversity Policy also requires the Board, with the assistance of the Nominations Committee, to monitor the achievement of diversity objectives, targets and goals as part of its annual self-assessment process. It also evaluates the effectiveness and appropriateness of the policy over time, considering any necessary updates or improvements based on regulatory changes, best practice, strategic developments or adjustments to the Group's structure.

The Diversity Policy is adopted by the Group companies in accordance with the guidelines issued by the Bank as part of its management and coordination role as the parent company of the Montepaschi Group, taking into account their specific characteristics.

The Diversity Policy is published on the Bank's website www.gruppomps.it/en – Corporate Governance.

In the Sustainability Report included in the Annual Financial Report, published on the website www.gruppomps.it/en further information is provided on the concrete actions implemented to ensure equal opportunities and the promotion of diversity and inclusion in the organisational model of the Bank and the Group, and, in general, on environmental, social and HR-related issues as well as issues concerning the respect of human rights and the fight against corruption.

Diversity in the composition of the Board of Directors

37 38

The current composition of the Bank's Board of Directors does not include any employee/worker representatives, as their appointment to corporate bodies is not currently provided for by Italian law or the By-Laws of BMPS.

A summary of the personal and professional characteristics of each current Director, highlighting their skills and professional experience, is published on the Bank's website at www.gruppomps.it/en – Corporate Governance – Board of Directors. Further information on the composition of the Board of Directors can be found in section 7.1 on the results of the 2024 self-assessment and in section Tables - Tables 1 and 1-bis.

³⁷ This represents approximately 47% of the members of the Board of Directors, which is above the minimum threshold of two-fifths set by regulations and is in line with the EU average (the average threshold for companies listed on the FTSE Mib is around 44%, according to the "2024 Report on the Evolution of Corporate Governance of Listed Companies" – Italian Corporate Governance Committee).

³⁸ The average tenure is two years, with three Directors having served for more than four years.

4.4 Functioning of the Board of Directors (as per Article 123-bis, paragraph 2, letter d) of the TUF)

The Regulation of the Board of Directors sets out the rules and procedures it has adopted for its operations, particularly regarding the management of information to be provided to directors, including the members of the Board Committees, so as to ensure efficient management and effective controls. In order to ensure, inter alia, that each member of the Board of Directors devotes an appropriate amount of time to his or her role in the Bank, the Regulation includes specific provisions on Time Commitment (see section 4.3 above).

The directors observe the strictest confidentiality of all document contents and information received in the course of their duties.

The agenda is set by the Chairperson of the meeting, having heard the Chief Executive Officer and/or General Manager and the Chairpersons of the Board Committees. The Chairperson convenes the meetings according to the procedures and timescales established in its Regulation and by the By-Laws.

Unless otherwise specified, the agenda is sent to the directors and statutory auditors, as well as to all members of the Management Committee and to the Financial Reporting Officer pursuant to Article 154-bis of the TUF, with the latter having the right to request to have access to specific items of interest.

The directors may also take part in the meetings by using teleconference and video conference systems.

The Chairperson ensures that all directors are provided with adequate and comprehensive information and documentation on the agenda items for the Board of Directors' meeting, with suitable advance notice and in a gradual order according to the importance, relevance and complexity of the individual positions to be examined, always complying with the rule that the documentation shall be made available to directors sufficiently in advance to enable them to participate in the discussion and deliberation of the items on the agenda in an informed and considered manner, and, in the case of the Board Committee meetings, to allow the latter to issue the required supporting opinions to the Board of Directors.

In accordance with internal procedure, the provision of Board documents to directors and statutory auditors is carried out in a protected manner using a dedicated procedure, with access to the documents only permitted in a way that ensures appropriate security standards. In this way, each of the directors is able to view the proposals and annexes and have all the necessary preliminary information at their disposal. There are no generic exemptions for the provision of supporting documentation to directors for Board evaluations and decisions, except in the cases provided for by specific internal rules or corporate governance policies adopted by the Bank, as per banking regulations, in order to address the risk that specific situations of conflict of interest, even potential ones, may affect the independence of judgment of officers or the decisions of the body to which they belong.

The methods and timing for submitting documentation to the Board of Directors and the Internal Board Committees are governed by internal regulation, except in circumstances where shorter deadlines are required.

The documents, prepared for the Board of Directors that is not convened on an urgent basis under the By-Laws, are sent to the members of the Board of Directors and the Board of Statutory Auditors, normally within five (5) days prior to the date of the convened Board meeting.

In order to encourage more effective utilisation of the work of the Board Committees, the calendar of Committee meetings is organised in close correlation with the Board meetings. Unless specific requirements are established by the Chairpersons of the Board Committees concerned, at least three (3) days for the Risk and Sustainability Committee and two (2) days for the other Committees must ordinarily elapse between the date of the Committee meeting and the date of the Board meeting that will address the corresponding item on the Board agenda. This allows the directors to examine the documentation and have at their disposal all the preliminary information necessary so as to be able to participate in the discussion and deliberation of the items on the agenda of the Board meeting in an informed and considered manner, based also on the opinions of the Board Committees provided for each specific matter.

During the course of the meeting, all members are entitled to intervene in the discussion, request information or clarifications and make comments. The Chairperson governs and regulates the discussion and, at the end, invites the directors to cast their vote openly.

In carrying out the task of leading the Board's meetings and discussions, the Chairperson relies on the contributions of the Heads of the Corporate Functions responsible for the matters being examined by the Board of Directors, as well as on the contribution of consultants for certain topics.

Subject to the consent of the Chairperson, the Chief Audit Executive regularly attends the meetings of the Board of Directors and has full visibility over all the documentation submitted.

The Chief Risk Officer and the Chief Compliance Executive may request permission from the Chairperson to attend the meeting with regard to specific items within their competence discussed by the Board and may ask to see the documentation submitted to the Board regarding the items of their interest.

The Control Functions (Audit, Risk, Compliance) have full access to the Board's documentation and other documents submitted for prior examination/opinion by the Risk and Sustainability Committee.

In agreement with the Bank's CEO, having consulted the Chairperson, the management of the Bank and Group Companies regularly attend the Board meetings, whenever an issue or proposal relevant to their Division is addressed and discussed, thereby ensuring the direct participation of the various Corporate Functions in Board proceedings.

The Chairperson begins the meeting by ensuring that the meeting itself has been duly convened and constituted and reminds the directors present to comply with the requirements regarding directors' interests (Article 2391 of the Civil Code and Article 53 of the TUB), the obligations of bank corporate officer (Article 136 TUB), related-party transactions and other internal corporate governance policies or controls (as indicated above) and invites them to declare any interests in the agenda items and, if so, to comply with all due obligations and procedures.

In such cases, the provisions of the same legislation and of Articles 17(3) and 19(1) of the By-Laws shall apply.

The specific minutes of each meeting are drawn up and signed by the Chairperson and the Secretary, so as to enable a reconstruction of the discussion and the various positions expressed. The minutes of the meetings are made available to each director through a secure, dedicated procedure and are submitted to the Supervisory Authorities as required by regulations or upon their request.

Reporting flows

The By-Laws, the internal regulations of the corporate bodies (Board of Directors, Board Committees and Board of Statutory Auditors), as well as the corporate and intra-group regulations, govern the flow of information to and between the corporate bodies, as well as between the Bank and its Group companies. These information flows, which must be clear, complete, transparent and accurate, enable the governing and management bodies and the Corporate Functions to act in an informed manner within their respective roles and responsibilities. They also support effective controls and the appropriate understanding, assessment and management of the risks inherent in the activities of both the Bank and the Group.

The Board of Directors receives information flows on a regular (annual, semi-annual or quarterly) or ad hoc basis, including in response to regulatory disclosure requirements to Supervisory or market Authorities.

The Corporate Control Functions regularly report to the Board on the results of their activities and promptly communicate any significant critical issues identified (in this regard, reference is made to section 9.8, which deals with the coordination and flow of information between the various entities involved in the internal control and risk management system.)

The Board Committees ensure reporting flows on their activities to support the work of the Board of Directors, according to the rules set out in their respective regulations (for further details, please refer to the relevant sections of the Report).

Delegated Officers report to the Board of Directors on a regular basis, normally quarterly, on the exercise of the powers delegated to them in accordance with the procedures established by the Board of Directors. In particular, in accordance with Article 18(5) of the By-Laws, the Delegated Officers report to the Board of Directors and the Board of Statutory Auditors, at least every three months, on the decisions taken, the general course of business and the expected outlook, as well as on the most significant transactions, in terms of size or nature, carried out by the Company and its subsidiaries.

4.5 Role of the Chairperson of the Board of Directors

The Chairperson of the Board of Directors is responsible for the effective operation of the corporate governance system, ensuring the balance of powers with respect to the Chief Executive Officer (the sole executive director of the Bank); the Chairperson also acts as the contact point for the internal control bodies and Board Committees. The Chairperson calls and chairs the meetings of the Board of Directors, ensuring the effective management of the Board's work through the management of board information and an adequate flow of information within the Board and between the Board and the Board Committees; the Chairperson ensures the effective coordination between the activities of the Board.

In order to carry out his role effectively while safeguarding his authority and impartiality, as required by the Supervisory Provisions on the Corporate Governance of Banks, the Chairperson receives no management mandate39 does not play a specific role in the development of corporate strategies and is neither the Chief Executive Officer (CEO) nor the controlling shareholder of the Bank.

Regarding the organisation of reporting flows to the Board, the Chairperson sets the agenda after hearing the opinion of the Chief Executive Officer and/or the General Manager and the Chairpersons of the Board Committees, and convenes the Board meetings in accordance with the procedures and timeframes provided for by the By-Laws (at least five days before the meeting and, in cases of urgency or for additions to the meeting agenda, at least twenty-four hours in advance) and the Board Regulation.

The By-Laws, internal regulations and specific corporate regulations in force establish the criteria for preparing – with the support of the relevant Corporate Functions – the information flows, procedures, working methods, meeting schedules and operating practices that ensure the effectiveness and timeliness of the board's and the committee's activity.

The Chairperson presides over the work and discussion, giving priority to strategic issues, with the possibility, during the Board meeting, to make use of the informative contributions of the Bank's and the Group's executive managers, or of consultants regarding the specific topics under discussion.The Chairperson has the important task of promoting internal dialogue and ensuring the balance of powers. In accordance to the duties assigned to the Chairperson by the Civil Code, within the context of the Board's work, he/she encourages and promotes open and critical debate, which is respectful of any differing points of view, and works to ensure that the resolutions reached by the Board are the result of appropriate discussion as well as the informed and reasoned contribution of all its members, promoting constructive debate among the Board Members and ensuring an adequate level of understanding of the issues dealt with, thus facilitating a critical review of the proposals by the Board and a balanced decision-making process. For the functions performed by the Chairperson within the board, please refer to section 4.4 above.

The Chairperson also provides opportunities for all directors to meet, even outside the Boardroom, to discuss and debate strategic issues, requesting the participation of all directors in these occasions.

The Chairperson, with the support of the Nominations Committee, also ensures: i) that the Board's self-assessment process is carried out effectively, in a manner consistent with the degree of complexity of the Board's work, and that any corrective actions identified to address any shortcomings are taken; ii) the preparation and implementation of induction programmes and training plans for Board Members; and iii) the adoption of succession plans for directors.

The Chairperson, in agreement with the Chief Executive Officer, serves as the point of reference for handling dialogue requests received under the provisions of the Shareholder and Investor Dialogue Policy adopted by the Bank (see Section 12).

For the duties of the Chairperson in relation to Shareholders' Meetings, please refer to Section 13.

At the commencement of the new term of the Board of Directors in 2023, the Chairperson oversaw the "Board Induction" programme for the members of the newly appointed corporate bodies. The programme comprised twelve (12) training sessions open to all members (directors and auditors) and focused on an in-depth analysis of the strategic choices contained in the Bank's Business Plan, including those relating to sustainability issues, risk management across the various areas of activity (e.g. credit, anti-money laundering, banking transparency, administrative liability, exceptional legal risks, IT security) and remuneration policy.

In 2024, the training activities for the members of the corporate bodies continued with eleven (11) training sessions for all key persons (directors and auditors), focusing on topics such as corporate governance in banks, sustainability governance, the development of sustainability reporting, risk identification processes and cybersecurity. In addition, five induction training sessions were held specifically for those appointed by the Shareholders' Meeting of 11 April 2024. The sessions were organised by the Bank's management, in some cases with the support of external trainers and experts.

³⁹ Without prejudice to the powers that may be exercised on an urgent basis pursuant to Article 21 of the By-Laws, on the binding proposal of the General Manager and/or the Chief Executive Officer (if appointed), on any business or transaction falling under the Board of Directors' competence, with the exception of those reserved to the latter's exclusive authority. The Chairperson ensures that the Board is informed of such decisions at the first subsequent meeting of the Board.

For 2025, training activities will continue with the support of the Nominations Committee, focusing on topics such as risk, sustainability, technological innovation, cybersecurity, digital transformation and artificial intelligence. In addition, a specific induction training plan tailored to the needs of new members joining the Board as of 27 December 2024 has been initiated.

Board Secretary

As provided for in Article 16 of the By-Laws, the Board Secretary is appointed by the Board from among the Bank's Senior Management.

The current Board Secretary is the Head of the Group General Counsel Division, Mr. Riccardo Quagliana, who has extensive legal training and skills and long-standing experience in corporate law and the corporate governance of listed issuers and banks.

The Board Secretary supports the activities of the Chairperson and, with impartial judgement, provides assistance and advice to the Board of Directors on all aspects relevant to the proper functioning of the corporate governance system. He is also responsible for drafting the minutes of Board meetings, which are signed jointly with the Chairperson and provide a detailed description of the debate and the various positions expressed.

4.6 Executive Directors

In accordance with the supervisory provisions, the Regulation of the Board of Directors defines the following as "executive" directors:

the Chief Executive Officer;
the directors who have received mandates;
the directors holding the office of Chief Executive Officer in a strategically significant subsidiary;
the directors who carry out operations relative to the management of the business, such as the directors who hold management positions at the Bank or at one of its subsidiaries, or who are assigned the task to supervise specific areas of the management of the company, through constant presence in the company, acquiring information on the relative operating structures, participating in management committees and reporting to the Board on the activities carried out.

This definition makes it possible to consider all the members of the Board of Directors, except for the Chief Executive Officer, as "non-executive directors", since the Board of Directors:

has not assigned mandates to its own members, except for the Chief Executive Officer;
there are no directors who are managers of the Bank or one of its subsidiaries, except for the Chief Executive Officer who is also the General Manager of BMPS;
there are no directors with executive responsibilities, as these are defined above, in subsidiaries.

Chief Executive Officer

The Chief Executive Officer, who, at present, also serves as General Manager, is primarily responsible for the management of the Bank.

As General Manger, in addition to the powers delegated by the Board of Directors, he/she exercises the powers specified in Article 22 of the By-Laws. The General Manager thus:

signs all documents relating to current business, oversees the Company's organisational structure and is responsible for it;
carries out all transactions of ordinary business which are neither specifically reserved (i) to the Board of directors, nor delegated by the Board to the Chief Executive Officer/s, or (ii) to the Employer for the protection of health and safety at work;
makes reasoned proposals to the competent governing bodies with regard to lending operations, the co-ordination of the Banking Group, personnel matters and general expenses; submits reasoned reports to these governing bodies on any other matter falling under their authority;

ensures that the resolutions taken by the Board of Directors and Chief Executive Officer/Officers are implemented, and that the activities of the subsidiaries belonging to the Group are coordinated, in accordance with the criteria and general guidelines established by the Board of Directors pursuant to Article 17(2), letter i) of the By-Laws;
allows the cancellation of mortgage registrations, transcriptions, liens and any other formalities thereof, the subrogations in favour of third parties and the release of liens once secured credit is fully paid-off or non-existent;
is the head of personnel and exercises, in respect of personnel, the functions assigned to him/her by labour laws and regulations;
if necessary and in urgent cases, like the CEO (if appointed), has the power to make binding proposals for decisions to be taken by the Chairperson of the Board of Directors on all matters and operations falling under the competence of the Board of Directors, with the exception of those reserved to the latter's exclusive authority.

As Chief Executive Officer, he/she performs his/her duties within the limits of delegation and in the manner determined by the Board of Directors, regarding:

the power to submit proposals to the Board of Directors, including, inter alia:
- strategic guidelines, strategic transactions, long-term plans and annual budgets for the Bank and Group, including the Plan of project activities;
- the organisational model of the Bank; organisational structure of the Parent Company's central units (changes in responsibilities and functional perimeters between organisational models, changes in units reporting to the Top Corporate Bodies, changes in the structure of the Corporate Control Functions up to Level 1) and of the Regional Divisions/Regional Credit Divisions; number and responsibilities of the Regional Divisions; Committees with the duty to support the Board of Directors and provide strategic guidelines;
- general operating policies, including corporate reporting lines;
- outsourcing strategies, intra-group outsourcing of the Corporate Control Functions; intra-group or extra-group outsourcing of essential or key functions, including the information system (full outsourcing) or its critical components, and their sub-outsourcing outside the Group; intra-group or extra-group outsourcing of other Corporate Functions of over the amount of Euro 20 million, or of any amount if with the transfer or assignment of human resources or if the contractual agreement exceeds 9 years; authorisation of ancillary changes to intra-group and extra-group outsourcing of over the amount of Euro 20 million;
- key corporate regulations, policies and Group directives on matters under the responsibility of the Board of Directors, in addition to the system of delegated powers, definition of the business model and strategic guidelines for the assumption, management, monitoring and mitigation of the risks to which the Group is exposed;
- development and management policies, the incentive system and hiring plans;
- definition of internal policies and regulations regarding the legal and economic status of personnel;
- ordinary legal disputes, labour disputes, tax disputes for amounts over Euro 10 million; filing of complaints;
- the acquisition of shareholdings of any amount and the disposal of shareholdings exceeding Euro 20 million, as well as those that are strategic and/or result in changes to the Banking Group and provides an opinion to subsidiaries on the same type of transactions; acquisition and disposal of business units, membership of or withdrawal from trade associations;
- appointment of representatives of the Group and administrative and operational decisions in strategic equity investments of more than Euro 20 million and in trade associations;
- final recognition in the income statement of one-off income and expenses in excess of Euro 10 million;
- sale/transfer of operating or non-operating properties and related management of real and personal property rights for more than Euro 10 million;
- negotiation and sale of artworks owned by the Bank for any amount if lower than the appraisal or book value, or for an amount higher than Euro 3 million, accumulated over 24 months with the same counterparty;
- spending for strategic/management intervention amounting to more than Euro 10 million;
decision-making powers, which include, inter alia, the power to:
- manage the Bank's finance portfolio with regard to market risk, liquidity risk and interest rate risk in the banking book, as defined by the Board of Directors and in compliance with the approved budget and within the risk tolerance limits established in the Bank's Risk Appetite Framework;
- authorise expenses of up to a maximum amount of Euro 20 million, within the budget limits approved by the Board of Directors (with the exception of those that fall within the exclusive competence of the Employer for the protection of health and safety at work40);
- authorise the purchase of operating or non-operating properties, when the latter are bundled together with operating properties, for up to a maximum amount of Euro10 million;
- authorise the sale/exchange of operating or non-operating properties and the related management of real and personal property rights for up to a maximum amount of Euro10 million;
- exercise decision-making powers in matters of personnel, regarding resources of any order and level (except for cases under the exclusive responsibility of the Board of Directors and of the Employer for the protection of health and safety at work);
- resolve on disposals of non-strategic equity investments which do not involve changes to the Banking Group and equity instruments up to the amount of Euro 20 million;
- resolve on the waiver to exercise option/pre-emption rights, assignment of option rights on capital increases for equity investments/equity instruments classified as non-strategic;
- resolve on participation in and withdrawal from committees of non-trade associations, as well as entities and foundations, excluding trade bodies;
- provide the subsidiaries with a prior opinion on divestments of shareholdings within the amount of Euro 20 million for non-strategic investments;
- appoint representatives of the Montepaschi Group in non-strategic equity investments, except where the appointees are members of the corporate bodies of the Bank;
- promote executive, summary, insolvency and voluntary jurisdiction proceedings and relative litigation, as well as disputes by the company or counterclaims, also aimed at credit recovery and tax disputes relative to liquidation of taxes on court or out-of-court documents connected to or dependent on recovery, or appear before the court in disputes against the company, without amount limits; disputes by the company or counterclaims even for labour disputes, in addition to appeals and challenges before the tax court for an undefined amount or up to the maximum amount of Euro 10 million;
- file criminal disputes, bring civil action in a criminal proceeding, or withdraw from such proceedings, exercise all other powers envisaged within a criminal proceeding, with the exception to propose or file complaints;
- waive, abandon, rescind the actions and acts and accept similar withdrawals from the other parties; authorise court transactions and resolve to waive appeals against decisions against the Bank for an undefined amount or up to the maximum amount of Euro 10 million;
- approve the contents of regulations (except for those under the responsibility of the Board) and their publication within the internal regulations;
- approve the organisational structure of the Parent Company's central units and network within the pre-established hierarchical levels;
- authorise the final recognition in the income statement of one-off income and expenses in excess of Euro 10 million;
- negotiate spending for strategic/management activities for any amount and authorise them up to Euro 10 million;
- authorise intra-group and extra-group outsourcing of other Corporate Functions (other than essential or key functions or Corporate Control Functions) for up to Euro 20 million, without the disposal or secondment of human resources and with a contractual agreement of less than or equal to 9 years; ancillary changes on intra-group and extra-group outsourcing for up to Euro 20 million;
- approve the negotiation and sale of artworks owned by the Bank for amounts greater than or equal to the appraisal or book value up to Euro 3 million, accumulated over 24 months with the same counterparty;

- authorise, within the limits of the total approved expenditure, any necessary or appropriate changes in the composition of the portfolio of strategic initiatives included in the Project Activity Plan approved by the Board of Directors;
approve new products except those with significant strategic value/risk changes to or delisting of existing ones, as well as economic aspects (rates, conditions, commissions, ceilings, etc.) connected with or in any case attributable to the management of relations with customers and of the products/services distributed by the Bank.

The Chief Executive Officer has not been vested with specific powers regarding loan disbursement and the management of bad loan positions41, which are instead delegated to the General Manager.

The Chief Executive Officer, in agreement with the Chairperson, serves as the point of reference for handling dialogue requests received under the provisions of the Shareholder and Investor Dialogue Policy adopted by the Bank (see Section 12).

In the event of the absence or impediment of the Chairperson of the Board of Directors and the Deputy Chairperson, the powers which the Chairperson may exercise in an emergency in accordance with the procedures established by the By-Laws, are attributed to the Chief Executive Officer. The decisions taken when exercising these powers must be communicated to the competent body at the first subsequent meeting.

For the powers attributed to the Chief Executive Officer as the person in charge of establishing and maintaining the Internal Control and risk management System, please refer to Section 9.1.

The Chief Executive Officer does not hold any directorships in other banks.

4.7 Independent directors and Lead Independent Director

Independent directors

As already set out in the previous section 4.3, all directors must act with complete independence of judgement and be aware of the duties and rights associated with their role, in the interests of the sound and prudent management of the Bank and in compliance with the law and any other applicable regulations. In accordance with the By-Laws and applicable legislation, at least one third of the directors must meet the additional independence requirements.

The independence requirements for non-executive directors are assessed by the Board in accordance with applicable legal, regulatory and self-regulatory requirements, the Regulation of the Board of Directors and the Company's policies as set out in the Suitability Requirements Directive. This policy defines the qualitative and quantitative criteria for assessing the significance of situations that could materially affect the independence of a director.

In accordance with the process and the relevance criteria established for the assessment of independence (both formal and of judgement), the Board of Directors, in its annual periodic review of the eligibility of its members on 6 March 2025, based on the information provided by each Director and any other relevant information available to the Bank, confirmed the independence of the non-executive directors appointed by the Shareholders' Meeting in 2023 and 2024, namely Nicola Maione (Chairperson), Gianluca Brancadoro (Deputy Chairperson and Chairperson of the Remuneration Committee), Alessandra Barzaghi (Chairperson of the Risk and Sustainability Committee), Paola De Martini (Lead Independent Director), Domenico Lombardi (Chairperson of the Nominations Committee), Paola Lucantoni, Raffaele Oriani (Chairperson of the IT and Digitalisation Committee) and Renato Sala42. With regard to these Directors, who were already considered independent at the time of their appointment by the Shareholders' Meeting43, no subsequent events have occurred that would alter the previous assessment of their independence, in accordance with the criteria set out in the By-Laws and the materiality and significance thresholds defined by the Board in the Group Directive on Suitability Requirements. More specifically, these directors have not had any significant financial, credit, asset or professional/commercial relationship with the Bank or its affiliates, either directly or through companies or professional firms/associations in which they are or have been professionally involved, including during the three years prior to assuming their positions.

With regard to the five new non-executive directors co-opted in December 2024, at its meeting of 23 January 2025, the Board confirmed the independence requirements for the following directors, in accordance with the process and criteria described above: Marcella Panucci (Chairperson of the Related-Party Transactions Committee), Francesca Paramico Renzulli and Barbara Tadolini. It is also clarified that the non-executive directors Alessandro Caltagirone and Elena De Simone,

⁴¹ With the exception of the autonomy of Euro 10 million in the area of legal disputes also in relation to bad loan positions.

⁴² The annual periodic review did not include the directors appointed by co-optation in December 2024, whose fit and proper requirements were assessed by the Board on 23 January 2025.

⁴³ As announced to the market in a specific press release, at the beginning of the new term of office, the newly elected Board of Directors, at its meeting of 18 May 2023, assessed the independence requirements for thirteen (non-executive) directors out of the fifteen members of the Board appointed by the Shareholders' Meeting of 20 April 2023. This assessment was confirmed at the annual review on 6 February 2024. In addition, at its meeting of 6 May 2024, the Board of Directors verified the independence requirements for Director Raffaele Oriani, appointed by the Shareholders' Meeting of 11 April 2024

as declared by the directors themselves, meet the independence requirements of the TUF (Consolidated Law on Finance) but do not meet the independence requirements of MEF Decree No. 169/2020 and Recommendation 7 of the Corporate Governance Code and are therefore not considered independent under the Bank's By-Laws.

Currently, the Board of Directors is composed of 11 independent directors out of a total of 15, representing more than half of the members of the Board of Directors, i.e. 73%, which is well above the minimum threshold established in the By-Laws, and a number appropriate to the needs of the company, the functioning of the Board of Directors and the creation of the Board Committees.

The Board of Statutory Auditors verifies the correct application of the criteria and assessment procedures adopted by the Board of Directors for the evaluation of its members' independence and will communicate this in its report to the Shareholders' Meeting convened for the approval of the financial statements.

There is no evidence that directors who qualified as independent in the list of candidates have undertaken to maintain this requirement for the entire duration of their term of office or, if necessary, to resign.

Lead Independent Director

The Board's Regulation allows for the appointment of an independent director as Lead Independent Director, at the request of the majority of the independent directors or in other cases provided for by the Corporate Governance Code44.

At the unanimous request of the independent directors, the Board of Directors, at its meeting of 12 December 2024, appointed, with the abstention of the interested party, Ms Paola De Martini, lawyer and independent director, as Lead Independent Director of the Bank. She will remain in office until the expiry of the current term of office of the Board of Directors, and in particular until the Shareholders' Meeting called to approve the Bank's financial statements for the year ending 31 December 2025.

As established by the Code (Recommendation no. 14), the Lead Independent Director is a point of reference and coordinates the requests and contributions of non-executive directors and, in particular, of the independent ones, and has the task of convening and coordinating the meetings of just the independent directors so that they can discuss the issues deemed relevant in the absence of the other Directors.

In 2024, the independent directors met three times (6 and 25 November and 11 December) without the other directors present.

⁴⁴ Recommendation no. 13 of the Corporate Governance Code: "The board of directors appoints an independent director as lead independent director: a) if the chair of the board of directors is the chief executive officer or holds significant managerial powers; b) if the office of chair is held by the person who controls, also jointly, the company; c) in large companies, even in the absence of the conditions indicated in letters a) and b), if requested by the majority of independent directors."

5. Handling of corporate information

With regard to the strategic supervisory powers assigned to it by the By-Laws, in compliance with the Supervisory Provisions on the Corporate Governance of Banks and the Corporate Governance Code, the Board of Directors has adopted specific rules for the internal management and external communication of documents and information concerning the Issuer, in order to regulate the flow of such information, particularly inside information.

The information is made available to the public, according to the methods provided for by the regulations, on the website www.gruppomps.it/en, and, if the requirements are met, on the authorised storage and distribution platform E-Market storage - **.

External communications

The corporate rules contained in "Group Directive on Communications and External Relations" (the "Communications Directive") define the responsibilities for managing the public information process with regard to the external disclosure of documents and information concerning the Bank, according to the nature of the information to be published (institutional, economic-financial and corporate, commercial, Sustainability-related), the objectives, methods and means of distribution and the recipient of the communication.

For each type of communication, the Communications Directive identifies the so-called "relevant" communications according to the nature and importance of the content of the information to be published, or as determined by the relevant legal and regulatory provisions, identifying specific monitoring processes with varying degrees of involvement of the internal functions and corporate bodies of the Parent Company and the Group.

The Communications Directive governs the certification of the Financial Reporting Officer for documents and communications disclosed to the market regarding accounting information (e.g. press releases and presentation of the periodic financial results), in which he/she is required to declare, pursuant to Article 154-bis, paragraph 2 of the TUF, that the accounting information contained in the published documents corresponds to the accounting documents, books and records.

Management of inside information

The corporate rules contained in the "Group Directive on the Management of Compliance Requirements regarding Market Abuse" (the "Group Market Abuse Directive") regarding the management and disclosure of inside information pursuant to Article 17 of Regulation (EU) No. 596/2014 (MAR) and Article 114 of the Consolidated Law on Finance, provides for a specific authorisation procedure involving the Chief Executive Officer, the Divisions of the Group General Counsel, the Chief Risk Officer, the Chief Financial Officer, the Chief Compliance Executive, the Communications Function and the internal functions responsible for generating and processing the information flows relevant to these purposes.

The Group Market Abuse Directive and the operating instructions regarding the management of regulatory compliance with regard to market abuse set out the principles and guidelines for the internal management of inside information.

The inside information management process ensures that confidentiality is strictly protected and monitored during the circulation of such information before it is disclosed to the public, in order to prevent any rumours and leaks as well as the misuse of inside information – not aligned with the relevant regulatory provisions – by those who come to know of it, either directly or indirectly.

The company regulation therefore contains specific standards of conduct which employees with access to confidential information must adhere to, in addition to specific security measures which must be complied with that concern the handling of such information. A register of persons with access to inside information concerning both the Parent Company and listed third-party issuers has been created and is constantly monitored.

The Parent Company's corporate officers (directors, statutory auditors, strategic executives and individuals closely connected to them) are also subject to the duty of disclosure to the market and Consob, as indicated on the Bank's website in the "Managers' Transactions Regulation", regarding any transactions carried out by them, including through third parties, involving financial instruments issued by BMPS (such as shares and debt instruments) or other linked financial instruments (such as derivatives).

6. Board Committees

6. Board Committees (as per Article 123-bis, paragraph 2, letter d) of the TUF)

In accordance with the provisions of the By-Laws and applicable self-regulatory standards, the Board of Directors has established internal committees with advisory functions (including the provision of formal opinions where required) and proposal-making functions ("Board Committees").

The role of the Board Committees is crucial in supporting the work of the Board by providing a significant contribution in terms of analysis. In this way, while retaining its collective prerogatives and responsibilities, the Board strengthens its strategic oversight function, separating it from the operational management function. These Committees contribute significantly to the overall effectiveness of corporate governance.

The Board Committees are composed of between three and five non-executive directors, the majority of whom are independent⁴⁵, with the exception of the Related-Party Transactions Committee, which is composed entirely of independent directors. Committee members are selected in such a way as to ensure the presence of at least one director of the under-represented gender and at least one director elected by minority shareholders (where applicable), while at the same time ensuring the necessary competencies to effectively perform the tasks assigned.

At its meeting on 20 April 2023, the Board of Directors appointed the following Board Committees:

Risk and Sustainability Committee: supports the Board in defining the guidelines of the internal control and risk governance system and assessing its adequacy, effectiveness and functioning; approves policies and procedures for evaluating business activities; assists in sustainability-related evaluations and decisions, analysing issues relevant to long-term value creation, and assessing the suitability of both financial and non-financial periodic reporting to accurately represent the business model, the company's strategies, the impact of its activities, and the performance achieved.
Remuneration Committee: proposes to the Board the remuneration of the Chief Executive Officers and of the other directors holding special offices, as well as that of the General Manager, while monitoring the related Board decisions; periodically reviews the criteria adopted for the remuneration of executives with strategic responsibilities, monitoring their application and providing the Board with general recommendations on the matter.
Nominations Committee: submits proposals to the Board for the appointment of directors, Chief Executive Officers, or candidates for office in cases of co-optation pursuant to Article 2386 of the Civil Code; for the assessment of the Suitability Requirements of directors and Heads of Key Corporate Functions; for the qualitative and quantitative self-assessment of the Board of Directors and Board Committees; for the definition of succession plans (including the Chairman of the Board, the Chief Executive Officer, the General Manager, and independent directors).
Related-Party Transactions Committee: with advisory functions on transactions with related parties, as defined in the Related Parties Directive, in accordance with Consob's Related Parties Regulation and the Supervisory Provisions on Connected Persons.

In September 2024, the Board of Directors established a new Board Committee with the creation of the IT and Digitalisation Committee, which was entrusted with supporting functions related to the Bank's information and digital technologies (i.e., Information Technology, Information & Communication Technology, and Digitalisation), while also taking into account the strategic guidelines approved in the 2024-2028 Business Plan "A Clear and simple commercial bank, revolving around customers, combining technology with human touch", published on the website www.gruppomps.it/en/.

The Board Committees operate in accordance with specific regulations approved and updated by the Board itself, as well as with supervisory regulations and the Corporate Governance Code in force.

Each regulation sets out: the criteria and rules for the composition of the Committee, the roles of the Chairperson and the Secretary, the procedures and timing for convening meetings, and the conduct and validity of meetings, the participants who may attend committee meetings, the location of the meeting, the duties and functions of the committee; the rules for making available the documentation relating to the agenda items (normally, at least three days in advance, except in urgent cases); the information flow and monitoring rules; the availability of resources (including information resources) for

⁴⁵ If the Chairperson of the Board of Directors, who is deemed independent, is a member of the Committee, the majority of the other members must be independent directors.

carrying out its tasks; the interactions with the Corporate Functions to ensure access to the information necessary for the performance of the assigned duties; the procedures for engaging external advisors.

No functions of one or more Committees have been reserved for the Board as a whole.

Each Committee may also, for the tasks assigned to it and to assist with its analysis, engage external independent experts, at the Bank's expense. However, the role of these experts does not replace that of the Committee, which remains responsible for delivering its own opinion (if required).

Specific Competencies in the Composition of the Board Committees

In accordance with the tasks assigned to them, as outlined in their respective regulations, the composition of the Board Committees must ensure the presence of additional specific competencies, assessed by the Board at the time of appointment: (i) for the Remuneration Committee, at least one member must have knowledge and experience in financial matters or remuneration policies; (ii) for the Risk and Sustainability Committee, all members must have the knowledge, skills and experience to fully understand and monitor the Bank's strategies and risk orientations and at least one member must have appropriate accounting and financial or risk management experience (iii) for the IT and Digitalisation Committee, members must collectively have sufficient knowledge, skills and experience to fully understand and monitor the Bank's strategies and orientations in ICT and Digitalisation, in line with market trends and developments.

Roles within the Committee

Each committee appoints from among its members:

i. a Chairperson, selected from among the independent directors in accordance with the criteria set out in its Regulation, with the task of convening and chairing meetings and coordinating the Committee's work;
ii. a Secretary, chosen from among the Bank's senior management.

Reporting flows

The Chairperson of each Committee, assisted by the Secretary, ensures that adequate information and relevant documentation on the topics to be discussed in Committee meetings are provided in good time.

The Secretary is responsible for sending out the invitations, preparing and distributing the minutes of the meeting, archiving documents, including opinions and reports within the Committee's remit, and ensuring the confidential storage of the Committee's meeting minutes.

The Committee's meeting schedule is coordinated with the Board's meetings to promote more effective use of its work and to ensure an appropriate flow of information to the Board.

The minutes of each Committee meeting, once approved, are made available to the Board of Directors and the Board of Statutory Auditors through a secure procedure to ensure timely and continuous information on the matters discussed. Furthermore, the Committee Chairperson reports at the next available Board meeting on any matters deemed urgent or significant, either orally or through formal documentation.

In particular, the Risk and Sustainability Committee and the Board of Statutory Auditors exchange all relevant information of mutual interest and, where appropriate, coordinate on the performance of their respective duties.

The management of the Bank and the Group companies have access to the documentation relating to the Committee's work and attend the Committee meetings in accordance with the criteria set out in the respective Committee regulations and described in the Sections dedicated to each Committee in this Report.

7. Self-assessment and succession of Directors – Nominations Committee

7. Self-assessment and succession of Directors - Nominations Committee

7.1 Self-assessment of the Board of Directors and its Committees

The Board, assisted by the Nominations Committee, assesses on an ongoing basis, and at least once a year, its collective suitability and the degree of diversity in its composition in terms of knowledge, skills, experience (including management experience), education, gender, age, tenure and term of office of its members. The assessment concerns the Board as a whole and the contribution of each director to the Board's work and is extended to its Board Committees (Risk and Sustainability Committee, Nominations Committee, Remuneration Committee, Related-Party Transactions Committee and the IT and Digitalisation Committee). The self-assessment also aims to:

ensure a review of the correct and effective functioning of the Board and its appropriate composition;
ensure substantial compliance with supervisory provisions and the goals they aim to achieve;
promote the updating of the internal regulations governing the functioning of the Board to ensure their suitability in light of changes resulting from the evolution of activities and the operational context;
identify key areas of weakness, promote discussion within the Board and define corrective actions to be taken;
strengthen the relationships of collaboration and trust between the individual members;
encourage the active participation of each member, ensuring full awareness of each individual's specific role and the responsibilities associated with it.

The results of the self-assessment serve as a basis for the development of guidelines on the ideal overall qualitative and quantitative composition of the Board, diversified to the extent deemed appropriate to pursue the strategic objectives of the Bank and the Group over time and to ensure sound and prudent management. The Board's Guidelines are made available to shareholders at the time of appointment or renewal of Board of Directors.

The self-assessment process adopted by the Bank

The self-assessment process is defined by the "Internal Regulation on the Self-Assessment Process" ("Self-Assessment Regulation"), approved by the Board of Directors in accordance with the Supervisory Provisions on the Corporate Governance of Banks and in line with the recommendations of Article 4 of the Corporate Governance Code and applicable national and European regulations on the suitability of directors and the overall suitability of the Board. The Regulation sets out the purposes, methods and timeframes of the self-assessment process, the results of which are reported in the minutes of the relevant Board meeting and made available to the Supervisory Authorities.

The Chairperson of the Board of the Directors, assisted by the Nominations Committee, oversees the self-assessment process and ensures that it is carried out effectively, transparently and in a manner commensurate with the complexity of the work of the Board and its Committees (in consultation with their Chairpersons).

In view of how the process is structured, in addition to the members of the Board of Directors, the members of the Board of Statutory Auditors and other internal subjects are also involved. These are identified by the Chairperson – with the support of the Nominations Committee – at the time of each specific self-assessment, on the basis that they have a background of information that enables them to express an opinion on the work of the corporate boards examined. The self-assessment process also includes the prior structural involvement of the Compliance Function with regard to potential compliance issues.

The Self-Assessment Regulation requires that the self-assessment be carried out at least once every three years with the assistance of an external professional or advisory firm.

Report on Corporate Governance and the Shareholding Structure 2024 - 7. Self-assessment andsuccession of Directors – Nominations Committee

Stages of the self-assessment process

The actions taken following the findings of the previous self-assessment along with any indications received from the Supervisory Authorities are assessed, also considered are the corporate events that took place during the year, the Bank's situation, changes to industry regulations as well as all information that is useful for the preparation of the questionnaires to be given to the directors.

Information is gathered through questionnaires and/or interviews focusing on the main areas of interest (size, composition, functioning of the Board). Interaction with the Directors makes it possible to collect each of their comments, observations, evaluations and reflections on the topics covered by the questionnaire, including any relating to the Board Committees of which they are members. All analyses, questionnaires and comments are processed and kept anonymous and confidential.

A report summarises the data and information collected, including the analysis of company documentation, and presents the results of the self-assessment process, identifying strengths and areas for improvement.

Based on the Board's examination of this report, the Board – with the support of the Nominations Committee – identifies and reviews key strengths and areas for improvement and adopts appropriate measures for the performance of its duties, including the implementation of any training programmes aimed at enhancing the skills and knowledge of its members.

Activities in 2024

In January 2025, the Board of Directors completed its periodic self-assessment of the adequacy of the composition and effectiveness of the Board and its Committees in 2024. The self-assessment process, which covered the second year of the current three-year mandate, was carried out in accordance with the Self-Assessment Regulation and with the professional assistance of Heidrick & Struggles, the firm appointed for the next two years. An expert in corporate governance advisory, the firm meets the requirements of neutrality, objectivity, competence and independence set out in the Self-Assessment Regulation.

Stages of the self-assessment process for 2024

In accordance with the provisions of the Self-Assessment Regulation, the Board Evaluation process, carried out with the assistance of the consultant Heidrick & Struggles and with the support of the Nominations Committee, included: interviews with each member of the Board; completion of two online questionnaires - the Personalised Questionnaire and the Board Accelerator Questionnaire (BAQ); a review of relevant documents provided by the Nominations Committee; and an in-depth analysis of the skills demonstrated by the Directors.

The scope of the assessment covered the qualitative and quantitative composition of the Board, identifying areas of greatest effectiveness as well as areas for improvement.

Scope of assessment

The key aspects assessed were as follows:

overall assessment of the Board's activities in relation to its role and responsibilities as a strategic oversight body;
size and composition of the Board and its Committees, taking into account the presence of independent directors and diversity in terms of age, gender and tenure, as well as the presence of appropriate expertise in specialised areas (such as Digitalisation, ICT and Security, Sustainability and ESG, Climate and Environmental Risk);
frequency and effectiveness of induction and onboarding sessions; overall functioning of the Board; conduct of meetings including frequency, subjects covered, duration, level and manner of participation within the Board; the roles of the Chairperson and CEO;
composition, role and functioning of the Board Committees and the quality of their contribution to the Board;
flow of information between the corporate bodies.

In particular, the questionnaires and interviews covered various topics in order to assess:

the effectiveness of the Board of Directors with regard to relevant issues such as the definition of strategies, the internal control and risk management system, Sustainability, etc.;
the organisation and conduct of Board meetings, with particular reference to the quality of information flows and minute meetings as well as relations with Top Management;
the dynamics of board discussions and related decision-making processes;
the role and responsibilities of the Board Members, with a particular focus on the Chairman and the CEO;
the functioning of the Board Committees and the effectiveness of their activities in supporting the Board of Directors;
the proper amount of time the Board devotes to debating issues relevant to the Bank, including risk control and management and long-term strategy;
the awareness of all Board Members of ESG and Sustainability-related issues and principles.

The Board's deliberations were supported by a benchmark analysis of other listed Italian banks (with regard to the composition of their Boards in terms of average age, gender representation, independence requirements and the existence of internal Board Committees).

Summary and assessment of information collected

Based on its examination of the Report, the Board of Directors, upon the proposal and with the support of the Nominations Committee, has identified and examined the main strengths and areas for improvement.

Strengths	Areas for improvement
•Information oversight and monitoring	•
•	Optimization of organisational processes and timelines
Ability to identify and manage risks	•
•	Greater cohesion within the Board and with the Management Team
Focus on training and skill development	•Improvement of board discussions and better use of individual skills
•	•
Service-oriented mindset and constructiveness of the debate	Strengthening of skills

7.2 Succession plans for Directors and the Bank's Top Management

The Bank has established "Succession Plans for Directors" for the positions of Chief Executive Officer (CEO), General Manager, Chairperson of the Board, and non-executive/independent Directors. These plans are designed to ensure the operational stability and continuity of the Bank and the Group and to mitigate potential economic and reputational risks in the event of the early termination of one or more directors, either simultaneously or within a short period of time.

More specifically, the Succession Plans for Directors, approved by the Board of Directors with the advice of the Nominations Committee, include:

the identification of the key competencies required for the role in question (Chairperson, Independent Directors, CEO and General Manager), taking into account the results of the most recent self-assessment process and the Board's guidelines on the overall qualitative and quantitative composition;
the definition of the process for identifying the most suitable candidates for succession (with the assistance of an external consultant, if necessary) and for the appointment of the new Director by the Board, assisted by the Nominations Committee;
a triennial update in line with the expiry of the Board's mandate, and an annual evaluation of the adequacy of the process by the Appointment's Committee for potential early revisions.

Succession plans for other corporate positions

To support the appointments processes for the key positions of responsibility, BMPS has also put in place succession plans for other corporate positions. This tool enables the Bank to ensure management continuity by:

Report on Corporate Governance and the Shareholding Structure 2024 - 7. Self-assessment andsuccession of Directors – Nominations Committee

planning the professional requirement for the Bank's key positions of responsibility, identifying a pool of potential replacements – whose suitability is assessed on the basis of their managerial profiles and experience acquired46 – and determining the time required for their development;
monitoring the risks associated of filling corporate positions that may become vacant over time due to a lack of potential successors;
enhancing the value of employees with management growth potential, with a particular focus on inclusion and diversity.

7.3 Nomination Committee

Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)

The following table shows the composition of the Committee at the date of this Report, together with any changes that occurred up to that date.

Members	Office	List M/m (1)	Non-executive	Meetings 2024 (2)
Lombardi Domenico (*)	Chairperson	M	X	19/19
Caltagirone Alessandro (**) (3)	Member	n.a.	X	0/0
De Martini Paola (*)	Member	m	X	19/19
Paramico Renzulli Francesca (*) (3)	Member	n.a.	X	0/0
Sala Renato (*)	Member	M	X	16/19
Directors who resigned
Martiniello Laura (*) (4)	Member	M	X	16/17
Visconti Donatella (*) (4)	Member	M	X	17/17

(*) Director who meets the independence requirements established by Article 15 of the By-Laws: independence requirements established by Article 147-ter and Article 148, paragraph 3 of the TUF, Article 13 of MEF Decree no. 169/2020 and Article 2 of the Corporate Governance Code.

(**) Director who meets the independence requirements established by Article 147-ter and 148, paragraph 3 of the TUF.

(1) Director elected from the majority list ("M") or minority list ("m").

(2) Number of meetings attended by the Director out of the total number of meetings held during the financial year.

(3) Appointed as member of the Committee on 5 February 2025.

(4) Resigned on 17 December 2024.

Participating in the work of the Committee

The members of the Control Body (i.e. the Board of Statutory Auditors) may participate in the work of the Committee.

The Chairperson of the Board of Directors is invited to participate in the work of the Committee on a permanent basis; the other members of the Board of Directors may attend the meetings of the Committee upon specific request to the Chairperson of the Committee or at the invitation of the Chairperson. The CEO and the General Manager may be invited to attend the meetings of the Committee when deemed appropriate in view of the matters under discussion.

The Bank's Chief Risk Officer, Chief Audit Executive and Compliance Officer are formally and regularly informed of the Committee's meeting agenda and may attend Committee meetings at the invitation of the Chairperson; they may decide at their own discretion whether to attend the meetings and may request access to and visibility of the relevant documents of each Committee meeting on agenda items of interest to them, subject to specific topics, including potential conflicts of interest, for which the Chairperson of the Committee does not deem it necessary to extend visibility.

⁴⁶ Pursuant to the provisions of MEF Decree no. 169/2020, the Board of Directors also assesses whether the requirements of integrity, as well as the criteria of correctness and competence, are met by the Managers in charge of the Bank's Key Corporate Functions: the Chief Compliance Executive (CCE), the Chief Risk Officer (CRO), the Head of the Anti-Money Laundering Function, the Chief Financial Officer (CFO), the Financial Reporting Officer and the Chief Audit Executive).

Functions attributed to the Nominations Committee

The Committee has the right of access to all company information necessary for the performance of its duties. It may also engage external consultants when needed, within the limits of the financial resources allocated by the Bank in a specific budget to ensure the Committee's operational independence.

The Nominations Committee mainly supports the Board of Directors in the following processes:

appointment or co-optation of directors;
self-assessment of the Board of Directors and Board Committees;
verification that the requirements and suitability criteria are met by the members of the Board of Directors and the Managers in charge of the Key Corporate Functions, providing an opinion on the size and adequate collective composition of the Board of Directors and of the Board Committes, as well as on the professional skills deemed necessary within the Board itself;
definition of the succession plans for the top executive positions (currently the Chief Executive Officer and the General Manager);
any presentation of a list by the outgoing Board of Directors.

In carrying out its duties, the Committee takes into account the objective of avoiding that the decision-making processes of the Board of Directors are dominated by a single individual or groups of individuals that can cause harm to the Bank:

A) submits proposals to the Board of Directors:

for the appointment of candidates to the office of director in the cases provided under Article 2386, first paragraph of the Civil Code, when a director needs to be replaced;
on the indication of the Chairperson, for the appointment of the CEO or CEOs;
for identification of the individuals required to carry out the self- assessment process of the Board of Directors;

B) expresses its opinions to the Board of Directors:

on the proposal of the CEO, regarding the appointment and succession plans for the General Manager (if different from the CEO) and the staff whose appointment is the exclusive and non-delegable responsibility of the Board of Directors, in accordance with the By-Laws and applicable laws in force;
on the proposal of the General Manager, regarding the appointments of the Acting Deputy General Manager and the Deputy General Managers;
on the proposal of the Chief Executive Officer, which will be discussed with the Chairperson of the Board of Directors, regarding the appointment of directors and statutory auditors in subsidiaries and investee companies, the decision-making powers of which lie with the Board of Directors;
in the event that lists are submitted by the Board of Directors to the Shareholders' Meeting, on the methods used to ensure that the list is drawn up and presented in a transparent manner and on the suitability of the candidates, based on an analysis carried out in advance by the Board of Directors itself;
upon proposal of the CEO, with regard to the assessment of the suitability of the members of the Board of Directors, the Heads of the AML, Compliance, Risk Control and Internal Audit Functions, the Chief Financial Officer and the Financial Reporting Officer ("Heads of the Key Corporate Functions");
for the dismissal of independent directors or banking officers elected by minority shareholders, on the basis of an assessment of the suitability of the banking officer, if requested by the Chairperson of the Board of Directors;
C) supports the Board of Directors in its duties and the achievement of its objectives attributed to it by the supervisory regulations:
- in identifying the qualitative and quantitative composition of the Board of Directors considered to be optimal;
- in the subsequent verification of the qualitative and quantitative composition considered to be optimal and the composition that ensues from the appointment process;
- with regard to the need to ensure an appropriate level of diversity in the collective composition of the Board of Directors, and without prejudice to the obligations imposed by the rules applicable to listed banks, the Committee seta a target for the proportion of the under-represented gender and draws up a plan to increase this proportion to the set target;
D) provides its own contribution to the Risk and Sustainability Committee:
- for identifying and recommending the Heads of the Corporate Control Functions (Heads of Internal Audit, Regulatory Compliance, Risk Control, Anti-Money Laundering and Validation Functions) to be appointed and for their possible removal.

Activities in 2024

In 2024, the Committee supported the Board of Directors with proposals and/or advice on the:

self-assessment of the Board of Directors and Board Committees;
co-optation/appointment of directors;
periodic and/or post-appointment assessment of Suitability Requirements, limits on the number of positions held and compliance with the ban on interlocking directorates, in accordance with the applicable rules;
periodic review of Fit and Proper Requirements for the Heads of the Corporate Control Functions;
definition of internal regulations for the Succession Process of the Chairperson, the Board, and non-executive/independent directors;
appointment of directors and statutory auditors of subsidiaries and/or investee companies;
appointment of the Bank's representatives within ABI;
2025 Board Induction program for the Board of Directors and the Board of Statutory Auditors;
2024 SREP Decision;
assignment of responsibilities pursuant to Article 17 of the By-Laws;
amendments to the By-Laws.

The Committee also provided the Board with a quarterly update on the activities carried out.Lta.

Meetings of the Nominations Committee in 2024

(*) In addition to scheduled meetings, the Committee shall meet at the request of the Chairperson whenever matters within its purview require discussion.

Meetings of the Nominations Committee in the period 2022-2024

(*)Information on each Director's attendance at the Committee meetings in 2024 is provided in the first table of the Section.

8. Remuneration of Directors and Remuneration Policy Report – Remuneration Committee

8.1 Remuneration of directors

In compliance with the provisions of Articles 13 and 26 of the By-Laws, the Ordinary Shareholders' Meeting determines the remuneration of the directors and statutory auditors and approves the remuneration and incentive policies, the compensation plans based on financial instruments applicable to the members of the board, the employees and collaborators who are not employees of the Bank and the criteria for determining the compensation payable in the event of early termination of the work relationships or early termination of the office, including the limits set for said compensation in terms of the years of fixed remuneration and the maximum amounts arising from their application.

As provided for in Article 26 of the By-Laws, the Board of Directors, after hearing the opinion of the Board of Statutory Auditors and upon the proposal of the Remuneration Committee, establishes the remuneration of directors holding particular offices pursuant to the By-Laws, including the directors who are members of Board Committees (Nominations Committee, Remuneration Committee, Risk and Sustainability Committee, Related-Party Transactions Committee, and IT and Digitalisation Committee), except for the remuneration of the Chairperson of the Board of Directors, which is set by the Shareholders' Meeting.

8.2 Remuneration Policy Report

The Board of Directors, with the support of the Remuneration Committee (see Section 8.3) and of the relevant corporate functions involved in the process provided for by the Group Policy on remuneration and incentive policies and practices, prepares and submits to the Shareholders' Meeting an annual "Report on the remuneration policy and emoluments paid", drawn up in accordance with the requirements under Article 123-ter of the TUF as well as those deriving from the Supervisory Provisions on Remuneration Policies and Practices in Banks and Banking groups (hereinafter also "Remuneration Policy") and the applicable European regulations.

The purpose of the Remuneration Policy is to provide shareholders with a clear and comprehensible annual presentation of the policy that the Bank and the Group intend to adopt for the coming year with regard to the remuneration of members of corporate bodies, employees47 and collaborators of the Group for the coming year (Section I). It also provides detailed information on the implementation of the remuneration policy in the previous year with regard to the remuneration paid (Section II).

The Shareholders' Meeting expresses a binding vote on Section I of the Remuneration Policy and a non-binding vote for Section II.

Overall, the Remuneration Policy contributes to the corporate strategy, the pursuit of long-term interests and the sustainability of the Company and illustrates how it makes this contribution.

Activities in 2024

The remuneration model developed for 2024 aims to consolidate certain aspects that characterise the Remuneraton Policy, such as the:

meritocracy of the remuneration systems;
link between remuneration, risk, and sustainable performance by expanding and strengthening the integration of ESG objectives into short- and long-term business strategies;
consistency with benchmark market practices and compliance with the current regulatory framework;
transparency towards shareholders and investors.

The Bank has, therefore, adopted a remuneration policy that is not focused exclusively on economic and financial results, but is able to express its commitment to values and principles such as sustainability, gender neutrality, inclusiveness, equal opportunities, as well as listening to, engaging and involving employees.

The 2024 Remuneration Policy, which was developed in line with previous remuneration commitments that are no longer in force, is designed to support the achievement of corporate objectives with a focus on Sustainable Success and long-

⁴⁷ In particular, with regard to the so-called Identified Staff, i.e. those persons whose professional activities have or may have a significant impact on the risk profile of the Bank or Banking group, identified by the Parent Company in accordance with the relevant regulatory and legal provisions in force.

term value creation. It emphasises responsible risk management while ensuring greater consistency in remuneration for comparable roles and responsibilities, taking into account their complexity and strategic importance within the Group and offering everyone the same development and career opportunities.

In accordance with the commitments undertaken, with the applicable legal and regulatory framework, and the objectives of the 2022-2026 Business Plan, the Shareholders' Meeting of 11 April 2024 – within the scope and in alignment with the provisions of the Remuneration Policy adopted for 2024 – approved the 2024 Incentive System and the use of Phantom Shares48 for the payment of variable remuneration (and any severance payments49) in favour of the Executive Directors and the employees identified within the Montepaschi Group's framework of Identified Staff.

For further information on this subject, and in particular on the remuneration received by the Bank's Directors and Top Management in 2024, the principles governing the accrual and payment of remuneration, the provisions on sustainability criteria in incentive systems, the relevant regulations in force, and the indemnities paid to Directors in the event of resignation, dismissal or termination of employment following a public takeover bid (pursuant to Article 123-bis, paragraph 1, letter i) del TUF), please refer to the Remuneration Policy Report , published on the website at www.gruppomps.it/en – Corporate Governance – Remuneration.

8.3 Remuneration Committee

Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)

The following table shows the composition of the Committee at the date of this Report, together with any changes that occurred up to that date.

Members	Office	List M/m (1)	Non-executive	Meetings in 2024 (2)
Brancadoro Gianluca (*)	Chairperson	M	X	10/10
Caltagirone Alessandro (**) (3)	Member	n.a.	X	0/0
De Simone Elena (**) (3)	Member	n.a.	X	0/0
Panucci Marcella (*) (3)	Member	n.a.	X	0/0
Sala Renato (*)	Member	M	X	8/10
Members who resigned
De Martini Paola (*) (4)	Member	m	X	8/10
Foti Belligambi Lucia (*) (5)	Member	M	X	10/10
Negri-Clementi Anna Paola (*) (5)	Member	M	X	10/10

(**) Director who meets the independence requirements established by Article 147-ter and 148, paragraph 3 of the TUF.

(1) Director elected from the majority list ("M") or minority list ("m").

(2) Number of meetings attended by the Director out of the total number of meetings held during the financial year.

(3) Appointed as member of the Committee on 5 February 2025.

(4) Member of Committee until 5 February 2025.

(5) Resigned on 17 December 2024.

⁴⁹ Severance: amounts received under agreements for early termination of employment (for the part exceeding the cost of notice and excluding what is provided for by law) or for termination of office, to be paid partly in financial instruments in accordance with the Supervisory Provisions and Remuneration Policy (including the fees for any non-competition clause, for the amount exceeding one year's fixed remuneration of the Beneficiary).

⁴⁸ Phantom Shares: synthetic financial instruments that can be converted into cash, granted free of charge and non-transferable inter vivos under any title, on the basis of the market value of the Bank's ordinary shares, in accordance with the agreed deadlines for the payment of financial instrument shares to Identified Staff under the 2024 Incentive System as well as any Severance payments. The mechanism excludes the use of the Bank's own shares.

Participating in the work of the Committee

The CEO and the General Manager may be invited to attend the meetings of the Committee when deemed appropriate in view of the matters under discussion.

The members of the Board of Statutory Auditors may participate in the work of the Committee.

The Bank's Chief Risk Officer, Chief Audit Executive and Compliance Officer are formally and regularly informed of the Committee's meeting agenda and may be invited by the Chairperson to attend Committee meetings at their request. They may request access to and visibility of the relevant documents of each Committee meeting on agenda items of interest to them. Other Functions of the Bank may be invited to participate in the work of the Committee.

Functions attributed to the Remuneration Committee

The Committee has access to the corporate information necessary for the performance of its duties. Within the limits of the financial resources made available by the Bank in a specific budget to ensure its operational independence, the Committee may also have recourse to external advisors, experts in remuneration policy, provided that they do not at the same time provide services to the Chief Human Capital Officer, to directors or to managers with strategic responsibilities that are of such importance as to specifically compromise the independent judgement of the advisors themselves.

The Remuneration Committee performs the duties set out in its Regulation in accordance with the applicable regulations regarding remuneration and incentive policies and practices (in particular, the Supervisory Provisions on corporate governance and the Corporate Governance Code):

it makes proposals regarding the compensation of personnel, and the remuneration and incentive systems for the latter are decided upon by the Board of Directors;
it provides an opinion on the results of the process to determine Identified Staff, including any exclusions, based also on the information received from the relevant Corporate Functions;
it provides recommendations for determination of the criteria to be adopted for the remuneration of all the Identified Staff;
it periodically assesses the criteria adopted for the remuneration of executive managers with strategic responsibilities and monitors their application;
it directly monitors correct application of the rules relative to the remuneration of the managers of the Corporate Control Functions, in close cooperation with the Board of Statutory Auditors;
it handles the preparation of the documentation to be submitted to the Board of Directors for the relative decisions to be taken;
it collaborates with the other internal committees of the Board of Directors, in particular the Risk and Sustainability Committee;
it ensures that the competent Corporate Functions are involved in the process of setting up and monitoring the remuneration and incentive policies and practices;
including through the use of information received from the qualified Corporate Functions, it expresses its opinion on whether the performance objectives connected to the incentive schemes have been reached and ascertains that other terms and conditions set for the granting of the remuneration have been fulfilled;
it assists the Board of Directors in the development of the Remuneration Policy and ensures the involvement of the relevant business functions in the process of developing and monitoring remuneration and incentive policies and practices, with a particular focus on gender neutrality;
it monitors the practical application of the Remuneration Policy and expresses its opinion, also on the basis of the information received from the relevant Corporate Functions, on the achievement of the performance targets and other conditions (performance targets and conditions set both at corporate level and – for the only professional figures whose remuneration is decided by the Board of Directors – at individual level) to which the incentive plans are linked;
it provides appropriate feedback on the activities of the corporate bodies, including the Shareholders' Meeting;
• it expresses an independent opinion regarding the Group's remuneration policies and practices, in general, with reference to the reconciliation of the staff retention objectives and the limitation of the corporate risks;
it expresses its opinion on the results of the identification process for Identified Staff, including any exclusions, also taking into account the information received from the relevant Corporate Functions.

In this context, the Committee also carries out the following tasks:

A) submits proposals to the Board of Directors:

at the proposal of the Chairperson of the Board of Directors, in the absence of the directly interested parties, regarding the remuneration of the Chief Executive Officers and other Directors who hold special offices under the By-Laws, including the remuneration of the Directors who are members of the Committees established within the Board of Directors in accordance with Article 17, paragraph 4, of the By-Laws, inclusive of any stock option plans or allotment of shares or financial instruments in connection therewith;

B) expresses its opinions to the Board of Directors:

on the proposal of the Chief Executive Officer, regarding the Bank's stock option plans or on the allotment of shares or related instruments;
on the determination of the compensation payable in the event of early termination of the employment relationship for the Executive Directors, the General Manager and the Senior Executives, if it is not in accordance with the provisions of the Remuneration Policy, and on the compensation paid, which is approved annually by the Bank's Shareholders' Meeting.

Activities in 2024

In 2024, the Committee provided proposals/or advice on the:

Remuneration Policy Report pursuant to Article 123-ter TUF and identification of Identified Staff;
remuneration policies incentive system, with the support of an independent advisor.;
remuneration of Identified Staff;
examination of retribution items external benchmark analysis;
report on compliance of remuneration and incentive policies;
determination of remuneration for the members of the IT and Digitalisation Committee;
analysis of the use of performance shares for the payment of any severance;
the "Directors & Officers Liability" ("D&O") insurance coverage;
analysis of periodic reports prepared by the Chief Human Capital Officer Division;
process regarding succession plans for top corporate positions;
SREP Decision 2024.

The Committee also provided the Board with a quarterly update on the activities carried out.

Meetings of the Remuneration Committee in 2024

(*) In addition to scheduled meetings, the Committee shall meet at the request of the Chairperson whenever matters within its purview require discussion.

Meetings of the Remuneration Committee in the period 2022-2024

(*) Information on each Director's attendance at the Committee meetings in 2024 is provided in the first table of the Section.

9. Internal Control and Risk Management System – Risk and Sustainability Committee – IT and Digitalisation Committee

The Board of Directors defines the guidelines for the internal control and risk management system ("Internal Control System" or "ICS"), so that the main risks of the Bank and its subsidiaries are correctly identified, adequately measured, managed and monitored, while also determining the level of compatibility of these risks with a management that is consistent with the strategic objectives identified and integrated with the elements that are important for the company's Sustainable Success.

In 2024, the Board of Directors approved the updated "Group Policy on the Internal Control System" (hereinafter referred to also as the "Policy"), which sets out the general principles and guidelines of the Internal Control System, the governance model, the methods of coordination, collaboration and reporting flows between the functions with control tasks and the corporate bodies as well as towards the Supervisory Authorities.

The Policy represents the internal regulatory framework of reference for the functioning and evolution of a "complete, adequate, functional and reliable" control system capable of ensuring sound and prudent management that is consistent with the legislation and regulations (in particular with the Supervisory Provisions on the Internal Control System) and the Group's organisational structure and is in line with national and international standards and best practices.

The general principles of the Internal Control System

The Internal Control System adopted by the Montepaschi Group consists of a set of rules, functions, structures, resources, processes and procedures designed to ensure the sound and prudent management of the company. It therefore plays a central role in the organisation of the company, given that it:

represents a key element of knowledge for the company bodies to ensure they are fully aware of the situation and effective monitoring of company risks and their interrelationships;
directs the changes in strategic guidelines and company policies and ensures the consistent alignment of the organisational framework;
monitors the efficiency of operational systems and compliance with the prudential supervisory authorities;
helps promote a culture of risk awareness, compliance with the law and the respect of corporate values.

Consequently, the Internal Controls System takes on a strategic role for the Group and the culture of control assumes a significant position in the scale of corporate values, involving the Bank's entire organisation (company bodies, organisational units, hierarchical levels, staff) in the development and application of logical and systematic methods for identifying, measuring, disclosing and managing risks.

Within the Group model, the components that characterise the Internal Control System are:

the control environment which formalises the roles and responsibilities in the corporate processes, ensuring transparency, accountability and compliance with the principles of sound and prudent management;
risk control through the identification, assessment, management and monitoring of risks originating from the various operating segments. The Group has developed advanced risk management models by adopting organizational systems aimed at integrating strategic/governance processes and management/control processes, in accordance with the "Risk Appetite Framework" (the "RAF") defined by the relevant corporate bodies;
controls structure with appropriate rules and instruments adopted by the individual Corporate Functions to ensure adequate control activity;
information and communication through the identification, collection and distribution of relevant information through information flows that enable all levels of the structure to adequately perform their respective management tasks and adhere to the obligations set by the internal regulations and legal provisions;
monitoring the Internal Control System to ensure it functions adequately and is update, where necessary.

In the Group's approach to the Internal Control System, the Corporate Functions are divided as follows:

Corporate Control Functions in charge of overseeing the internal control system both for specific risk areas (Risk Management, Validation, Compliance and Anti-Money Laundering), through second-level controls, and for the system as a whole (Internal Audit) through third-level controls;
Control Functions in charge of overseeing the Internal Control System for the specific areas of competence assigned by the legislative, regulatory, statutory and corporate governance frameworks,

(hereinafter, jointly referred to as the "Corporate Control Functions");

Functions with Control Tasks (with "targeted" oversight responsibilities within the ICS):
- the Financial Reporting Risk Control Function (risks inherent in Law 262/2005) in support of the Financial Reporting Officer as outlined in Section 9.7; the Lack of Business Continuity Risk Control Function;
- the Occupational Health and Safety Risk Control Function;
- the Human Resources/Compensation Function, which, within the frameworks and rules adopted by the Group regarding remuneration and incentive policies and practices, is responsible for developing the technical content of the annual proposal on remuneration and incentive policies and practices to be presented to the Board (with prior involvement of the Remuneration Committee) for subsequent submission to the Shareholders' Meeting for approval; the Function also oversees the proper implementation of the remuneration policies approved by the Shareholders' Meeting;
- the Budget and Planning Control Function, whose purpose is to ensure that the Parent Company and the Group as a whole maintain an economic, financial and equity balance;
- the Lack of Control of Outsourced Activities Risk Control Function;
- IT Security Control aimed at defining security policies and overseeing and managing system infrastructure and application anomalies;
- the Risk Management Model function, which oversees Model Risk management and therefore Model Change of internal risk measurement models;
- the ICT Third-Party Oversight Function, aimed at ensuring the supervision of ICT third parties and maintaining overall consistency of the model in compliance with Supervisory Regulations.

The Other Corporate Functions (other central and peripheral functions of the Company and the Group companies) ensure the evolution of the Internal Control System (ICS) by updating it in line with the dynamics and strategies for the development and diversification of the Group's products and business areas, and with the need for ever higher levels of reliability in the processes under their responsibility, which may give rise to business risks related to core activities (such as credit risks, market risks, etc.). With a view to integrated management, the areas for improvement identified are communicated to the Control Functions in relation to the specific areas of competence, also using mechanisms for coordination and exchange between these entities. The identified areas for improvement must also be systematically "followed up".

The Bank has also set up an organisational unit to manage the internal whistleblowing system for reporting violations. The unit is responsible for receiving, investigating and assessing all reports made in good faith by staff members and qualified external parties using the prescribed procedure, concerning negligent, illicit, irregular or improper circumstances and behaviours in the workplace that the reporting person suspects or has become aware of in the course of their duties.

Depending on the principle of proportionality, the Group companies either have their own structures for autonomous control functions or the functions are centralised within the Parent Company. The criteria and decisions of the individual companies for the different areas must be coordinated with the respective Parent Company Function, as set out in the specific regulations for each matter. In the case of centralisation of functions in the Parent Company, specific agreements must be drawn up in accordance with the provisions of the "Policy on Outsourcing of Corporate Functions".

Types of internal controls

The Internal Control System contains the following types of control:

First-level controls, aimed at ensuring the correct performance of transactions, governed and conducted directly by the operational structures through dedicated units or incorporated into the procedures.

Second-level controls, performed by the Risk Management, Compliance, Anti-Money Laundering and Validation Functions, are aimed at ensuring the proper implementation of the risk management process, compliance with the assigned operating limits and regulatory compliance.

The responsibility for the management and monitoring of ICT and security risks, as required by the supervisory provisions on information system control⁵⁰ is assigned to the Risk Control Function and the Compliance Function in accordance with their roles, responsibilities and competencies;

Third-level controls, carried out by the Internal Audit Function, are aimed at identifying violations of the procedures and of the regulations, as well as periodically evaluating the adequacy, operations and reliability of the Internal Control System, providing company management and the Supervisory Authorities with an annual assessment of its suitability.

The Internal Control System governance model

The Group's Internal Control System, while engaging the entire corporate organisation and every hierarchical level, is structured around a model that entails the participation of the following bodies/functions with control responsibilities:

Board of Directors	the Board of Directors (strategic supervisory body), with the support of the Risk and Sustainability Committee, which defines and approves the guidelines of the Internal Control System, verifying that it is consistent with the strategic guidelines and the established risk appetite, and that it is capable of monitoring the evolution of corpo rate risks and the interaction among them.
Risk and Sustainability Committee	the Risk and Sustainability Committee, established within the Board of Directors with the task of supporting the Board of Directors in its evaluations and decisions regarding the internal control and risk management system and in approving the periodic financial reports and the Sustainability-related reports, with a particular focus on activi ties that are crucial for the Board of Directors to properly and effectively determine the RAF and risk management policies, also with a view to contributing to the Sustainable Success of the Bank (see Section 9.2).
Chief Executive Officer	the Chief Executive Officer (CEO) in charge of establishing and maintaining the internal control and risk manage ment system (in his/her capacity as "Director in charge of the internal control and risk management system"), assisted by the Committee for the Coordination of Functions with Control Tasks (see section 9.8.).
Board of Statutory Auditors	the Board of Statutory Auditors (Control Body), which monitors compliance with legal, regulatory and statutory requirements and the proper administration, adequacy, functionality and reliability of the ICS and RAF.
231 Supervisory Body	the 231 Supervisory Body, which monitors the effectiveness of the 231 Model adopted by the Parent Company, evaluating its adequacy and ongoing compliance with soundness and functionality requirements, while also ensur ing that it is updated (for information on the duties of the 231 SB, see section 9. 5.1).
Corporate Control Functions	the Corporate Control Functions, for which the Policy defines the essential requirements to ensure the proper per formance of their duties, including the appointment and removal of their respective Heads, independence, author ity, and functional separation, available resources, remuneration and incentive systems, and access to corporate information.

⁵⁰ Bank of Italy Circular 285 - Part I - Title IV - Chapter 4 (Information System) - Section II (Management, organisation and control of the information system) - Point 4 - The ICT and security risk control function.

Assessment of the Internal Control and Risk Management System

The Corporate Control Functions provide periodic and regular reports to the Board of Directors, the Risk and Sustainability Committee, and the Board of Statutory Auditors regarding the outcomes of their assessments and any identified issues related to Risk Management, Compliance, Internal Validation, Anti-Money Laundering, and Internal Audit.

On an annual basis, the Board of Directors, with the support of the Risk and Sustainability Committee, reviews the following annual reports prepared by the control functions within their respective areas of competence:

Annual Risk Management Report,
Annual Compliance Report,
Annual Validation Report,
Annual Anti-Money Laundering Report
Annual Report prepared by the Internal Audit Function on the activities carried out and the assessment of the Control System.

The Board of Directors also approves the annual activity plans prepared by the Corporate Control Functions, taking into account regulatory developments (both national and international), any issues or shortcomings identified by the supervisory authorities (ECB, Bank of Italy and Consob) or by the Bank's Internal Audit function.

9.1 Chief Executive Officer - Director in charge of the internal control and risk management system

The Board of Directors has appointed the Chief Executive Officer pro tempore as the 'Director in charge of the internal control and risk management system', who is responsible for establishing and maintaining an effective internal control and risk management system. As part of this responsibility, the CEO:

oversees the identification of the main corporate risks, taking into account the characteristics of the activities carried out by the Bank and its subsidiaries, and submits them periodically to the Board of Directors for review;
implements the guidelines defined by the Board of Directors, overseeing the design, deployment and management of the internal control and risk management system and constantly monitoring its adequacy and effectiveness;
adjusts the system to changes in the operating conditions and in the legislative and regulatory landscape;
may ask the Internal Audit Function to carry out audits on specific operating areas and on the compliance of business operations with rules and internal procedures. Such requests are simultaneously conveyed to the Chairperson of the Board of Directors, the Chairperson of the Risk and Sustainability Committee and the Chairperson of the Board of Statutory Auditors;
reports promptly to the Risk and Sustainability Committee (and to the Board of Directors) on problems and critical issues that emerged during the performance of his or her activity or of which he or she nevertheless has information so that the Committee (or the Board) may take the appropriate action.

Activities in 2024

In 2024, in his capacity as Director responsible for the internal control and risk management system, the CEO exercised his prerogatives by identifying the main corporate risks, implementing the guidelines established by the Board of Directors regarding the Internal Control and risk management system and following the development of operating conditions as well as the relevant legislative and regulatory framework, in constant liaison with the other corporate bodies and structural units involved and on the basis of the information flows established within the scope of the Internal Control and risk management system and those, in particular, from the Committee for the Coordination of Functions with Control Tasks51 (annual plans and reports, inspections on the adequacy and effectiveness of the internal control and risk management system; ongoing monitoring – also through discussions with the Management Committee52 – of the mitigation activities identified for the management of gaps that emerged from the inspections carried out by the supervisory bodies, whether internal to the Bank or external, as well as the findings from the controls requested and/ or received, meetings with the 231 Supervisory Body).

In these activities, the CEO is assisted by the "CEO and Regulatory Affairs Staff Unit", which performs technical and specialist tasks in this area.

The "CEO and Regulatory Affairs Staff Unit", which also acts as the Secretariat of the Committee for the Coordination of Functions with Control Tasks, provided its technical and specialist support to the CEO by carrying out the following activities:

centralised management of relations with the Supervisory Authorities as part of the Single Supervisory Mechanism and the Single Resolution Mechanism (SRM) – without prejudice to the relations between the Corporate Control Functions and the same Supervisory Authorities for their respective areas of responsibility;
monitoring the execution of the Group's Restructuring Plan;
shared management and coordination of the remedial actions identified by the Supervisory Authorities during their inspections;
supervision and monitoring of the main lines of development of the European regulatory framework.

9.2 Risk and Sustainability Committee

Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)

The following table shows the composition of the Committee at the date of this Report, together with any changes that occurred up to that date.

Members	Office	List M/m (1)	Non-executive	Meetings in 2024 (2)
Barzaghi Alessandra (*) (3)	Chairperson	m	X	16/16
Di Stefano Stefano	Member	M	X	13/16
Lombardi Domenico (*)	Member	M	X	16/16
Lucantoni Paola (*)	Member	M	X	16/16
Tadolini Barbara (*) (4)	Member	n.a.	X	0/0
Directors who resigned
Martiniello Laura (*) (5)	Member	M	X	16/16

(1) Director elected from the majority list ("M") or minority list ("m").

(3) Appointed as Chairperson of the Committee on 14 December 2023.

(4) Appointed as member of the Committee on 5 February 2025.

(5) Appointed as member of the Committee on 14 December 2023. Resigned on 17 December 2024.

Accounting, financial and risk management skills are adequately represented on the Committee.

51 For the functions carried out by the Committee, please see Section 9.8.

⁽²⁾ Number of meetings attended by the Director out of the total number of meetings held during the financial year.

⁵² The Management Committee is divided into four sessions (Ordinary, Budget and Business Planning, Stress/Crisis Governance, ESG and Sustainability) and is composed of the CEO/General Manager and the Bank's Top Management, as identified in Regulation no. 1 – Organisation of Banca MPS, according to the nature of the session convened and the topics to be addressed.

Participating in the work of the Committee

The Chairperson of the Board of Statutory Auditors or another auditor designated by him/her participates in the work of the Committee on a permanent basis. The other auditors may also participate. The Committee and the Board of Statutory Auditors exchange all information of mutual interest and, where appropriate, coordinate their work.

The Chairperson of the Board of Directors has a permanent invitation to attend the Committee meetings; other members of the Board, including the Chairpersons of the other Board Committees may attend the Committee's meetings at the express request of the Chairperson of the Committee.

The CEO, General Manager and Director in charge of the Risk Management and Internal Controls System (currently the CEO) may be invited to attend the Committee's meetings where it is deemed appropriate for the issues under discussion.

The Bank's Chief Risk Officer, Chief Audit Executive and Compliance Officer are formally and regularly informed of the Committee's meeting agenda and may, at their request, attend Committee meetings at the invitation of the Chairperson; they have access to and visibility of the relevant documents for each Committee meeting and may, after informing the Chairperson, include specific items on the meeting agenda for proactive discussion within the Committee.

The Chief Financial Officer, as Head of the Bank's Sustainability Department, is regularly briefed on the agenda of the Committee's meetings on Sustainability matters and is entitled to include specific Sustainability-related items in the meeting agenda, having informed the Chairperson and the CEO.

Functions attributed to the Risk and Sustainability Committee

The Committee has access to the corporate information necessary to carry out its duties and, where appropriate, communicates directly with the Internal Audit, Risk Management and Compliance and Sustainability Functions. It may also engage external consultants when needed, within the limits of the financial resources allocated by the Bank in a specific budget to ensure the Committee's operational independence.

The Committee supports the Board of Directors so that the Board of Directors can:

(i) define the guidelines of the Internal Control and risk governance System, assess its adequacy, effectiveness and actual effectiveness, and approve the policies and processes for evaluating the company's activities;
(ii) carry out assessments and make decisions on Sustainability, analyse issues relevant to long-term value generation, assess whether periodic financial and non-financial information is suitable to correctly illustrate the business model, the Company's strategies, the impact of its activities and the performance achieved;
(iii) approve the periodic financial and non-financial reports.

Pursuant to the Supervisory Provisions on the Internal Control System, the Committee:

identifies and proposes to the Board of Directors, with the support of the Nominations Committee, the Managers in charge of the Corporate Control Functions to be appointed, and provides its opinion on the revocation of any such appointments;
expresses its opinion prior to the determination of the remuneration structure of the Managers in charge of the Corporate Control Functions, and their annual allowance for this position;
examines in advance the program of operations (including the audit plan) and the annual reports of the Corporate Control Functions addressed to the Board of Directors;
expresses its evaluations and opinions to the Board of Directors regarding compliance with the principles of the Internal Control System and corporate organization and the requirements that must be fulfilled by the Corporate Control Functions, informing the Board of any critical areas and consequent corrective actions to be adopted; to this end, it assesses the proposals of the Chief Executive Officer and/or General Manager;
through its assessments and opinions, contributes to the definition of the Company's policy for outsourcing Corporate Control Functions;
verifies that the Corporate Control Functions comply with the indications and guidelines provided by the Board of Directors and assists the latter in preparing the coordination document required by the Supervisory Provisions on the Internal Control System;
assesses the correct use of the accounting principles for the drafting of the consolidated and separate financial statements and, to this end, coordinates with the Financial Reporting Officer and the Board of Statutory Auditors.

With particular regard to the duties regarding risk management and control, the Committee will provide support to the Board of Directors in:

defining and approving the strategic guidelines and risk governance policies. For the RAF issue, the Committee provides the recommendations and assessments required in order to allow the Board of Directors to define and approve the risk appetite and risk tolerance, as required by Supervisory Provisions on the Internal Control System;
verifying the correct implementation of the strategies, risk governance policies and the RAF;
evaluating and deciding on Sustainability-related matters, analysing issues relevant to long-term value generation, assessing whether the periodic financial and non-financial information is suitable to correctly represent the business model, the Company's strategies, the impact of its activities and the performance achieved;
examining the content of periodic non-financial information relevant to the internal control and risk management system;
defining the policies and evaluation processes for corporate operations, including verification that the price, terms and conditions governing transactions with customers are in line with the business model and risk strategies.

The Committee also expresses an opinion on the adequacy of the number of resources allocated to the Head of Internal Audit for the performance of his or her duties and on the determination of his or her remuneration in accordance with the Company's policies.

Without prejudice to the responsibilities assigned to the Remuneration Committee, the Committee ensures that the incentives of the Bank's remuneration and incentive system are in line with the RAF.

In compliance with the requirements set out in the Corporate Governance Code, it provides its prior support and opinion to the Board of Directors on the occasions when the latter:

reviews and approves the Bank's or Group's business plan, including an analysis of issues relevant to long-term value creation;
defines the guidelines for the Internal Control and risk management System, so that the main risks of the Bank and its subsidiaries are correctly identified, as well as adequately measured, managed and monitored, while also determining the level of compatibility of these risks with Bank management that is coherent with the strategic objectives identified, including all the elements that can be relevant for the company's Sustainable Success;
assesses, at least once per year, the adequacy of the Internal Control and risk management System against the characteristics of the Bank and the risk profile assumed, as well as its effectiveness;
approves the periodic financial and non-financial statements, assessing whether they are suitable to correctly illustrate the Bank and the Group's business model, strategies, the impact of their business and the performance achieved with particular attention to aspects relevant to the internal control and risk management system as well as Sustainability;
approves, at least annually, the work schedule prepared by the Internal Audit Function, after having received the opinion of the Board of Statutory Auditors and the CEO/Director in charge of the internal control and risk management system;
assigns the supervisory functions pursuant to Article 6, paragraph 1, letter b) of Legislative Decree 231/2001 to the Control Body or a body specifically set up for this purpose;
report as well as the methods of coordination between the persons involved, indicating the models and best practices applied, providing its opinion on the system's adequacy and giving an account of the choices made regarding the composition of the 231/2001 Supervisory Body referred to in the previous point;
after hearing the Board of Statutory Auditors, it assesses the findings reported by the external auditor also after specific discussions with the latter – in the suggestions letter, if applicable, and in the report on the main issues resulting from the audit.

Regarding Sustainability, the Committee:

supervises Sustainability issues relating to the exercise of business and to its interactions with all stakeholders;
assesses proposals for guidelines and strategic macro-objectives regarding Sustainability, ensuring their compliance with strategic guidelines;
formulates proposals regarding environmental and social strategy as well as annual objectives and targets and monitors their implementation over time;
oversees the development of Sustainability, according also to the relevant international guidelines and principles and monitors performance;

• examines and approves matters relating to Sustainability, including the approval of the "Materiality Matrix" for the Sustainability Report.

In supporting the Board of Directors, the Committee:

assesses, after hearing the Financial Reporting Officer, the auditors and the Board of Statutory Auditors, the correct application of accounting standards and their consistency when preparing the consolidated financial statements;
provides opinions on specific aspects regarding the identification of key corporate risks;
examines the periodic reports, in compliance with applicable regulations, on the assessment of the internal control and risk management system, as well as the reports of particular relevance prepared by the Corporate Control Functions;
monitors the autonomy, adequacy, effectiveness and efficiency of the Corporate Control Functions;
may request the Internal Audit Function to audit specific operating areas, giving notice of this to the Chairperson of the Board of Statutory Auditors;
reports to the Board of Directors, on a quarterly basis, with a full account of the activities carried out during the quarter.

Activities in 2024

In 2024, as part of its support and assistance to the Board of Directors, the Committee made proposals and/or provided advice on: (i) the regular information flows prepared by the Corporate Control Functions (Internal Audit, Risk Control, Compliance, Anti-Money Laundering and Validation) on the activities carried out, the annual activity plans and organisational changes in the aforementioned functions; and (ii) communications from the Chief Financial Officer's Division (Funding Plan, Contingency Funding Plan for the Group, etc.).

The Committee also carried out its duties, in particular with regard to:

the Bank's key strategic projects; review of the 2024-2028 Business Plan and analysis of capital adequacy and liquidity; strategic program in the area of AML;
activities related to compliance with the DORA Regulation and the PERDAR (Principles for Effective Risk Data Aggregation and Risk Reporting) Project;
Sustainability and initiatives included in the 2022-2024 Business Plan: Sustainability plan and related project structure (so-called ESG programme); ESG developments, Net Zero Banking Alliance target setting; issuance and/or updating of Group policies and guidelines on risk management, governance, etc.;
the review of the 2023 Consolidated Non-Financial Statement and the relevant materiality matrix;
Group Risk Appetite Statement, RAF, SREP⁵³, MREL54; Legal Risk Report; Legal Risk Accounting Methodologies; IT and Information Security Strategic Plan; IT Risk and Security Incident Report; Budget Guidelines and Macroeconomic Scenarios; Capital Plan;
governance and integrated management of logical and physical security, and appointment of the Manager in charge of the Business Continuity Plan;
lending policies, monitoring the performance of the loan book, early warning system and IRB models;
reports prepared by the Financial Reporting Officer; meetings with the independent auditors for the approval of the financial statements and half-year report;
annual report on outsourced corporate activities and on how investment services and activities are performed;
meetings with the 231 Supervisory Body and with the Director in charge of the Internal Controls and Risk Management system;
analysis, investigations and monitoring exercises concerning assessments, requests and reports made by the Supervisory Authorities (ECB, Bank of Italy, Consob, etc.);
Business Continuity and Business Continuity Plan; Report on the adequacy of the Business Continuity Management System, Business Continuity Management Testing Plan, Cyber Resilience Stress Test;
activities of alignment with BRRD (Bank Recovery and Resolution Directive55);
measures and actions pursuant to Article 17 of the By-Laws.

The Committee, in coordination with the IT and Digitalisation Committee, carried out preparatory activities in support of the Board on specific topics (as described in section 9.3).

The Committee also provided the Board of Directors and the Board of Statutory Auditors with a quarterly update on the activities carried out.

⁵³ Supervisory Review Evaluation Process - Evaluation Process - a review and evaluation process, governed by the CRD and Circular 285, conducted on banks on an annual basis by the competent authorities (ECB and national supervisors).

⁵⁴ MREL - Minimum Requirement for Own Funds and Eligible Liabilities - a minimum amount of own funds and eligible liabilities that banks must prudentially hold in order to be able to absorb losses in the event of the bail-in mechanism being applied, to ensure the required Tier 1 capital for banking and to provide sufficient market confidence.

⁵⁵ Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014, which introduced harmonised rules for the prevention and management of crises of banks and investment firms in all European countries, a directive implemented in Italy by Legislative Decrees nos. 180 and 181 of 16 November 2015.

(*) In addition to scheduled meetings, the Committee shall meet at the request of the Chairperson whenever matters within its purview require discussion.

Meetings of the Risk and Sustainability Committee in the period 2022-2024

(*) Information on each Director's attendance at the Committee meetings in 2024 is provided in the first table of the Section.

9.3 IT and Digitalisation Committee

Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)

In September 2024, the Board of Directors set up a new Board Committee, the IT and Digitalisation Committee, initially composed of three directors and increased to five by resolution of 5 February 2025.

The following table shows the composition of the Committee at the date of this Report, together with any changes that occurred up to that date.

Members	Office	List M/m (1)	Non-executive	Meetings in 2024 (2)
Oriani Raffaele (*)	Chairperson	n.a.	X	4/4
Barzaghi Alessandra (*)	Member	m	X	4/4
De Simone Elena (**) (3)	Member	n.a.	X	0/0
Lucantoni Paola (*)	Member	M	X	4/4
Paramico Renzulli Francesca (*) (3)	Member	n.a.	X	0/0
Directors who resigned

(**) Director who meets the independence requirements established by Article 147-ter and 148, paragraph 3 of the TUF

(1) Director elected from the majority list ("M") or minority list ("m").

(2) Number of meetings attended by the Director out of the total number of meetings held during the financial year.

(3) Appointed as member of the Committee on 5 February 2025.

Participating in the work of the Committee

The CEO, General Manager, and the Director responsible for the internal control and risk management system may be invited to attend the Committee's meetings if deemed appropriate in relation to the matters under discussion.

Members of the Control Body (i.e. the Board of Statutory Auditors) may also attend the Committee's meetings.

The Chairperson of the Risk and Sustainability Committee, if not already a member of the Committee, is invited to attend its meetings on a permanent basis for matters relating to the tasks assigned to the Risk and Sustainability Committee in accordance with its regulations.

The Bank's Chief Risk Officer, Chief Audit Executive and Chief Compliance Executive are institutionally and regularly informed of the Committee's agenda and may be invited by the Chairperson to attend Committee meetings upon their request. They have access to and visibility of the relevant documentation for each Committee meeting, except for specific topics, including potential conflicts of interest, where the Chairperson deems it inappropriate to extend visibility. In addition, the Chief Risk Officer, Chief Audit Executive and Chief Compliance Executive may request the Chairperson to include specific items on the agenda of the Committee meetings, which they will then proactively present to the Committee.

The Chief Safety Security Officer, Chief Operation Officer and Chief Financial Officer, as Heads of the Bank's divisions responsible for the strategic planning of the Group's ICT investments and digitalisation, including the evolution, development and transformation of the company's ICT system, information security and related processes, are regularly informed of the Committee's agenda. They may request the Chairperson to include specific items related to these matters on the Committee's agenda, informing the CEO.

The Chairperson may, if deemed appropriate and in relation to the items to be discussed, invite the Functions that prepared the documentation and/or formulated the proposals, one or more representatives of the divisions responsible for the matter under discussion, such as the Head of Information Technology, as well as other Heads of Bank Functions and third parties, to participate in the Committee's work, informing the CEO.

To support its analysis and provide informed opinions on the tasks assigned to it, the Committee may engage independent experts in the field of ICT and digitalisation, particularly within the banking sector, in accordance with the rules set out in the Committee's Regulations.

Functions attributed to the IT and Digitalisation Committee

The Committee performs preparatory, advisory and support functions for the Board of Directors in matters of ICT and Digitalisation, focusing on all activities that are instrumental and necessary to enable the Board of Directors to fulfil its responsibilities in the supervision and control of the information system. The aim of this support is to ensure the optimal use of technological resources in line with the Company's strategies and their monitoring, considering guidelines from the perspective of market trends and developments, as well as ICT and digitalisation aspects (ICT governance, IT architecture and systems, ICT adequacy, analysis and vulnerabilities of IT assets), while also taking into account the provisions set out in the Bank of Italy Circular 285/2013 (in particular Part 1, Title IV, Chapter 4), the EBA guidelines on the subject and, for relevant topics, the EU Regulation 2022/2554 (Digital Operational Resilience Act - DORA).

The Committee provides its opinion, in an advisory capacity, to the Board of Directors – and, where necessary, for matters of common interest – to the Risk and Sustainability Committee, regarding the management, control, governance, and organisation of information systems, and ICT and Digitalisation issues, with particular reference to the following areas:

a) the Bank's ICT⁵⁶ and Digitalisation strategy, taking into account the evolution of the relevant sector and in line with current and future processes and the reference model for the information systems architecture;
b) the KPI framework, contributing to the development of ICT performance indicators that allow the review and monitoring of the actual adequacy of the digital transformation system;
c) the processes and procedures for governing the information system and, in coordination with the Risk and Sustainability Committee, the management of ICT and security risks and business continuity;
d) the implementation of the strategy defined in the Group ICT Strategic Guidelines document, together with any necessary amendments, additions or recovery plans;
e) the Cybersecurity Policy and its periodic review plan, in coordination with the Risk and Sustainability Committee;
f) the overall organisational and ICT framework.
In fulfilling its role, the Committee:
a) is regularly informed on the implementation of the ICT strategy and is promptly informed in the event of major business disruptions due to system incidents or malfunctions;
b) oversees the development, sharing and updating of ICT-related knowledge within the company, including the control and cybersecurity functions. It also ensures the implementation of training plans and verifies actual attendance at relevant courses;
c) reviews the activity programmes and periodic reports of the Corporate Control Functions to the Board of Directors on ICT and Digitalisation matters.

In performing its duties, the Committee may, in cases of proven and specific need, engage external consultants at the Bank's expense, subject to the prior approval of the Board of Directors, in accordance with any unplanned specific requirements.

The Committee has access to corporate information relevant to its areas of responsibility, as necessary for the performance of its duties.

In supporting and assisting the Board of Directors, the Committee provides the following contributions:

a) it provides opinions on specific aspects related to the identification of key elements, assessing issues related to the implementation of ICT and Digitalisation activities, as well as the guidelines and supervision of the information system and its development. However, the more strictly regulatory analysis of risks related to ICT and Digitalisation is the responsibility of the Risk and Sustainability Committee, which issues the relevant opinions in accordance with the applicable regulations;
b) it prepares a summary report of its activities on a quarterly basis and submits it to the Board of Directors and the Board of Statutory Auditors;
c) to ensure continuous reporting, in addition to the periodic reports, the Committee makes available to the Board the minutes of each meeting, once approved, and provides timely updates on the topics discussed;
d) it reports on urgent or significant matters at the next available Board meeting, either orally through the Chairperson or through formal documentation.

⁵⁶ Bank of Italy Circular 285/2013, First Part, Title IV, Chapter 4, Section II, Paragraph 2.1 explicitly states that "The ICT strategy defines: a) how the company's ICT system should evolve to effectively support and contribute to the business strategy, including the evolution of the organisational structure, changes to the ICT systems and key dependencies on third parties; b) the planned evolution of the ICT architecture, including dependencies on third parties; c) clear objectives regarding information security, in particular with regard to ICT systems and services, personnel and processes." In this regard, the provisions set out in the Final Report of the EBA on Guidelines on ICT and security risk management are also taken into account.

As part of its role in assisting the Board of Directors, the Committee – where required by its own Rules or by applicable laws and regulations – issues written opinions, which are circulated in advance of Board meetings.

Activities in 2024

In 2024, as part of its function to support and assist the Board of Directors, the Committee, in coordination with the Risk and Sustainability Committee, carried out preparatory work on the following:

DORA (Digital Operational Resilience Act) Regulation;
Digital Resilience Strategy;
Information Technology Organisation;
ICT topics and Project Plan.

Meetings of the IT and Digitalisation Committee since its establishment (September 2024)

(*) In addition to scheduled meetings, the Committee shall meet at the request of the Chairperson whenever matters within its purview require discussion.

(*) Information on each Director's attendance at the Committee meetings in 2024 is provided in the first table of the Section.

9.4. Corporate Control Functions

9.4.1 Internal Audit Function

The appointment and dismissal of the Head of Internal Audit is the sole responsibility of the Board of Directors.

As of 2021, the Manager in charge of the Internal Audit Function, i.e. the Bank's Chief Audit Executive, is Mr. Massimiliano Bosio, whose reputation and compliance with the criteria of integrity and competence have been verified by the Board of Directors with the support of the Nominations Committee. This assessment was conducted in accordance with the provisions of Article 20 of MEF Decree No. 169/2020 and the internal company procedures

set out in the Group Directive on Suitability Requirements.

The Chief Audit Executive reports to the Board of Directors, has direct access to all information relevant for the performance of his duties and is not responsible for any operational unit. Autonomy and impartiality are ensured through relational mechanisms with the corporate bodies. The independence requirements and objectives are ensured by an organisational structure that avoids hierarchical dependency and/or influence (conditioning) from any operational unit manager, and by a remuneration framework approved by the Board of Directors in line with the Group's policies and practices on remuneration and incentives.

The Internal Audit Function has dedicated financial resources to carry out its tasks.

The Chief Audit Executive regularly attends the meetings of the Board of Statutory Auditors, the Risk and Sustainability Committee and the Board of Directors, interacting with these bodies on an ongoing basis.

All components of the Internal Control System are subject to an internal audit aimed at assessing their adequacy, functionality and coherence with the Group's organisational evolution and the external legislative framework. The approach is primarily risk-based.

The activities of the Internal Audit Function, which are defined in the annual audit plan based on a regularly updated Risk Control Self-Assessment, are framed within a broader three-year audit plan (audit cycle). This plan is presented to the Board of Directors for approval and serves as the framework through which the Internal Audit Function defines its audit universe coverage objectives from a risk-based perspective.

In accordance with this plan, the Internal Audit Function must:

evaluate the completeness, adequacy, functionality, and reliability of the other components of the Internal Control System (ICS), the risk management process, and other business processes. This assessment should also consider the system's ability to detect errors and irregularities while ensuring the ICS evolves in response to internal and external contextual factors and remains aligned with regulatory requirements;
assess the effectiveness of the process for defining the Risk Appetite Framework (RAF), the internal consistency of the overall structure and the company's compliance with the RAF. In the case of particularly complex financial structures, it must also assess their compliance with the strategies approved by the Corporate Bodies;
monitor the business continuity plan;
verify the compliance and propriety of various business activities, including outsourced activities;
assess the adequacy, overall reliability and security of the information system.

If anomalies arise from its activities, the Internal Audit Function ensures they are promptly communicated to and addressed by the relevant structures, monitoring the methods and timelines for their management and mitigation.

Each year, the Internal Audit Function submits a report to the corporate bodies in accordance with the provisions of Bank of Italy Circular No. 285/2013. This report summarises the activities carried out—including those aimed at verifying the reliability of information systems, including accounting systems—the main findings, the progress of corrective actions, and an overall assessment of the Bank's Internal Control System.

In order to strengthen the overall supervision of the Group's control system, the Parent Company's Internal Audit Function also carries out centralised auditing activities for Banca Widiba and Monte Paschi Fiduciaria, two of the Group's main companies, and periodically informs the corporate bodies of the Parent Company and of the Italian subsidiaries that have centralised the Internal Audit function of the results of its activities and the status of any follow-up actions; it also submits the necessary reports to the Supervisory Authorities, as required by supervisory regulations.

In performing its duties, the Internal Audit Function, which has access to all company data and outsourced activities, adheres to the international professional standards, as applied in accordance with the methodologies defined by the function itself in its internal regulations. In line with the requirements of these standards, the Internal Audit Function undergoes an external evaluation by a qualified firm at least once every five years to certify the quality of its internal audit services.

The Internal Audit Function promotes the professional development of its resources, also through the acquisition of appropriate professional certifications and qualifications, favouring the Certified Internal Auditor CIA, issued by the Italian Association of Internal Auditors and internationally recognised for the profession of internal auditor.

9.4.2 Risk Control Function

The appointment and dismissal of the Head of the Risk Control Function is the sole responsibility of the Board of Directors.

Following the resignation of Mr. Leonardo Bellucci in 2024, the Board of Directors, assisted by the Nominations Committee, in accordance with Article 20 of MEF Decree No. 169/2020, verified the reputation requirements

and the fulfilment of the criteria of integrity and competence for Mr. Lorenzo Boetti (formerly Head of First-Level Risk Management at Banca MPS) to assume the role of Chief Risk Officer of the Bank. In February 2025, the European Central Bank (ECB) formally informed the Bank of its positive decision regarding Dr Boetti's suitability for the position.

The appointment and dismissal of the Head of the Risk Control Function is the sole responsibility of the Board of Directors.

The Chief Risk Officer regularly attends the meetings of the Board of Statutory Auditors, the Risk and Sustainability Committee and the Board of Directors, interacting with these bodies on an ongoing basis.

The Risk Control Function participates in the definition of the RAF and is involved in the risk governance policies (constantly reviewing their adequacy) and the various phases that make up the risk management process, as well as in the setting of operational limits for the assumption of various types of risk.

More specifically, the Risk Control Function:

constantly verifies the adequacy and effectiveness of the risk identification, measurement and management process;
develops integrated risk analysis and monitoring methods by planning and implementing the operational measurement system and supporting the Supervisory Authority in overseeing regulatory measurement, setting appropriate mitigation measures accordingly, and verifying their effectiveness and adequacy;
ensures the consistency of the risk measurement and control systems with the processes and methods of evaluation of company activities, coordinating with the company structures concerned;
constantly monitors the actual risk assumed by the Bank and its consistency with the risk objectives assumed through the Risk Appetite Statement, as well as compliance with the operating limits deriving therefrom, assigned to the operating units in relation to the assumption of the various types of risk;
verifies the correct monitoring of the trend in individual credit exposures;
collaborates in the preparation, drafting and monitoring of the Recovery Plan;
defines, coordinates and prepares risk reporting information for the corporate boards and Top Management;
participates in the process of analysing the risks of new products and services and those resulting from the entry into new operating and market segments.

With reference to the RAF and the ICAAP and ILAAP processes, the Risk Control Function has the task of:

defining the risk appetite, as well as the related tolerance and capacity thresholds to be proposed to the Board;
formulating consistent risk limits to be assigned to the risk-taking operational units, subject to approval by the Chief Executive Officer/General Manager;
determining the Group's risk profile and its positioning against the established thresholds, by measuring risks and comparing them with the respective limits and tolerance and capacity thresholds;
carrying out an independent assessment with respect to regulatory requirements of the capital adequacy within the scope of the ICAAP process and the adequacy of the liquidity profile within the scope of the ILAAP process;
submitting in collaboration with the Planning Function the proposed Risk Appetite Statement to the Board of Directors;
monitoring performance, activating the relevant escalation processes, carrying out an annual check of the framework's overall effectiveness through appropriate Risk Appetite Monitoring (RAM) and Risk Appetite Review (RAR) processes);
defining common operating risk evaluation metrics in line with the RAF, coordinating with the Compliance Function, ICT Function and the Lack of Business Continuity Risk Control Function (BCM);
providing a prior opinion on the compliance of major transactions with the RAF and, depending on the nature of the transaction, may seek the opinion of other Functions involved in the risk management process.

The Risk Control Function is also required to present the corporate bodies with the 'Annual Group Risk Management Report' containing the results of the activities carried out during the previous financial year. The report is also sent to the Supervisory Authorities.

Taking into account the complexity and scope of the activities carried out, the Parent Company's Risk Control Function is organised into specialist structures/units, reporting directly to the Manager in charge of the function, in order to perform its tasks in an efficient and effective manner.

The Group has opted for a mixed Risk Control Function, based on the following:

centralised model for the Italian subsidiaries, identified according to principles of proportionality in relation to their complexity; to this end, the Group avails itself of a Local Representative who has a functional reporting line to the corresponding Parent Corporate Function, guaranteeing support whenever necessary;
for the foreign subsidiary (Monte Paschi Banque S.A.), there is a specific Risk Control Function which has a functional reporting line to the Parent Company Risk Control Function. In order to ensure the management and coordination of the parent company's activities, the Risk Control Function of the Parent Company is involved in the definition and monitoring of the objectives assigned to the corresponding function of the foreign subsidiary, subject to the constraints of local regulations. The hierarchical positioning of the Risk Control Function is formalised in the individual company regulations;
for the foreign branches⁵⁷ there is a local Risk Control Function which has a functional reporting line to the Parent Company Risk Control Function.

⁵⁷ Only the Shanghai branch.

Report on Corporate Governance and the Shareholding Structure 2024 - 9. Internal Control and Risk Management System – Risk and Sustainability Committee – IT and Digitalisation Committee

The appointment and dismissal of the Head of the Compliance Function is the sole responsibility of the Board of Directors.

In October 2018, the Board of Directors appointed Mr. Ettore Carneade as Chief Compliance Executive or Compliance Officer. With the assistance of the Nominations Committee, the Board of Directors verified that he met

the reputation requirements and the criteria of integrity and competence, in accordance with Article 20 of MEF Decree no. 169/2020 and the Company's internal regulations contained in the Group Directive on Suitability Requirements.

At the invitation of the respective Chairpersons, the Chief Compliance Executive regularly attends the meetings of the Board of Statutory Auditors, the Risk and Sustainability Committee and the Board of Directors, maintaining continuous communication with them, without restrictions or intermediaries.

Using a risk-based approach, the Compliance Function oversees the management of the risk of non-compliance with regard to all corporate activities, checking that the internal procedures are adequate for preventing such risk, as provided by the "Group Directive on non-compliance risk management".

Excluded from the scope of the Compliance Function are the activities of the Internal Audit Function and those regulatory areas where the monitoring of compliance risks is ensured by another second-level corporate control function. Also excluded from the scope of the Compliance Function are all those regulatory areas for which risk control is ensured by Control Functions established pursuant to primary legislation (231 Supervisory Body and the Financial Reporting Officer). In terms of risk control, the scope of the Compliance Function is extended to include the monitoring of internal and external regulatory compliance through the exchange of dedicated information flows and appropriate coordination mechanisms.

Specifically, regarding the control of ICT and Security risks58, compliance with regulations is ensured within the broader context of the "Cyber Risk Management Framework", as outlined in the Group's Policy on ICT Risk Management and Security.

In light of such principles, the Compliance Function is directly responsible for managing the risk of non-compliance for all the regulations falling within the scope of activities of the Parent Company and of the Group's Italian subsidiaries subject to supervision. Exceptions are the regulatory areas "Health and Safety in the Workplace and Environmental Protection" and "Tax Compliance - FATCA/CRS", for which specific forms of specialised oversight have been identified within the Parent Company Supervisory Provisions on the Internal Control System and the individual Group Companies, in compliance with the. In these circumstances, the Compliance Function is nevertheless responsible for the overall governance process and, in collaboration with the specialised functions in charge, for defining the methods or evaluating non-compliance risk and identifying the relative procedures, which are also subject to periodic auditing, in order to assess the ability to prevent compliance risk. Special reporting mechanisms between the specialised oversight units and the Compliance Function are in place for this area.

The following are among the main duties of the Compliance Function:

the ongoing identification of the regulations which are applicable to the Bank and measurement/assessment of their impact on processes and procedures;
the determination of the level of regulatory risk, regular assessments and the calculation of the residual risk to which the Group is exposed;
proposing organisational measures and procedures the objective of which is to ensure adequate risk monitoring for non-compliance;
assessing the effectiveness, adequacy and proper implementation of procedures and processes to prevent the identified risk, as well as the proposed organisational adjustments to prevent the risk of non-compliance;
preparing information flows directed to the corporate bodies and departments involved;
ex-ante assessment of all innovative projects that the bank intends to develop in terms of their compliance with regulations, intervening also in preventing and managing conflicts of interest whether between the various activities carried out by the bank or in respect to employees and corporate officers;
providing advice and support to the corporate bodies on matters where the risk of non-compliance is significant;
collaborating in training activities relevant to the function, also with a view to promoting a corporate culture based on the principles of reputation and integrity.

⁵⁸ Bank of Italy Circular 285 (Part I - Title IV - Chapter 4 - Section II - Point 4, "The ICT Risk and Security Control Function") and Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector ("Digital Operational Resilience Act" - DORA).

This is without prejudice to the responsibilities of the Compliance Function as identified by specific regulations, such as, the rules on remuneration and incentive policies and practices, transparency of transactions, reputation of Bank-customer relations, related-party transactions, activities involving risks and conflicts of interest of related parties.

In order to manage the risk of non-compliance, the Compliance Function has established specific information flows to the corporate bodies. This includes an annual report containing the results of its activities, which is also submitted to the Supervisory Authority.

In the Parent Company, the Compliance function reports hierarchically to the Chief Executive Officer.

The Group has opted for a centralised Compliance model, which provides for the provision of regulatory compliance monitoring services to the Italian Group companies, using methods and procedures that comply with the requirements of the Supervisory Authority and are based on established guidelines and principles on outsourcing and the Internal Control System. The centralisation of the Compliance Function to the Parent Company not only results in more effective and integrated controls but also provides for the appointment of a Local Representative, for each centralised subsidiary, who has a functional reporting line to the Parent Company's Compliance Function. The foreign branches59 have a local Compliance Function that has a hierarchical reporting line to the Parent Company's Compliance Function.

9.4.4 Internal Validation Function (or Validation Function)

The Internal Validation Function is required to constantly verify the alignment of the risk measurement systems with the company policies and the regulations of the Supervisory Authority. The Internal Validation Function is responsible for validating the advanced internal models of Pillar I as well as some of those of Pillar II identified year by year in the Validation Plan approved by the Board of Directors. It also has the task of preparing the re-

quired disclosure on the validated models.

As of June 2021, the Head of the Internal Validation Function is Mr. Stefano Moni.

In carrying out its activity, the Internal Validation Function:

verifies the process of development of internal risk measurement models and the connected management and data quality processes, according to a special methodological framework developed for each risk subject to validation;
coordinates the functions involved in the validation process which is targeted at assessing the accuracy of the estimates of the internal systems for the measurement of significant risks not used for regulatory purposes, and expressing a judgment on the regular functioning, predictive capacity and performance of the aforementioned internal systems, taking direct action in relation to those falling within the risk perimeter defined;
monitors the correct functioning of the advanced internal risk measurement models, evaluates the adequacy of measures implemented to fill any gaps and puts the competent bodies into operation if significant delays are identified in the completion of the shared corrective actions;
periodically informs the company bodies of the results of its activities and the progress status of follow-up activities;
pre-authorises the rollout of any significant changes to models, processes and/or procedures related to validated risks;
prepares an annual validation report summarising the results of the activities carried out, as well as specific validation reports on risks with the advanced internal model.

Although the Internal Validation Function reports hierarchically to the Parent Company's Risk Control Function, its autonomy and independence are ensured by mechanisms that facilitate relationships and functional links with the Corporate Bodies having strategic supervision, management and control functions.

For risks included within the scope of validation, the Group opts for a centralised internal validation model implemented in accordance with the outsourcing contracts. To this end, the Internal Validation Function avails itself of Local Representative who guarantee support whenever necessary.

9.4.5 Anti-Money Laundering Function

The monitoring of anti-money laundering (AML) risks is ensured by the Anti-Money Laundering Function, in accordance with the provisions of the Bank of Italy's Regulation on "Rules on the organisation, procedures and internal controls aimed at preventing the use of financial intermediaries for money laundering and terrorist financing purposes" of 26 March 2019 (hereinafter referred to as the "Bank of Italy Regulation").

Responsibility for the Anti-Money Laundering Function, including at Group level, is vested in the AML-CFT Officer, who reports directly to the Chief Executive Officer. The appointment and dismissal of the AML-CFT Officer is the sole responsibility of the Board of Directors.

As of May 2024, Mr. Roberto Regoli has assumed the role of Head of the Anti-Money Laundering Function for both the Bank and the Group. The Board of Directors, with the support of the Appointment Committee, has verified his reputation and compliance with the criteria of integrity and competence, in accordance with Article 20 of the Decree and in compliance with the Group Directive on Suitability Requirements, as required by the applicable regulations for "Heads of Key Corporate Functions" of the Bank.

The Anti-Money Laundering Function is an independent entity and is equipped with resources that are both qualitatively and quantitatively suitable for the tasks to be performed. It reports any significant breaches or deficiencies to the top corporate bodies on and has access to all activities of the Group companies, as well as to all information relevant for the performance of its duties.

After assessment by the Board of Statutory Auditors and the Risk and Sustainability Committee, the Group has adopted a centralized model for the Group's Italian subsidiaries and a decentralized model for the foreign branches60 and the foreign subsidiary61. The decentralized model provides for the presence of a specific Anti-Money Laundering Function at the foreign subsidiary and at the foreign branches. The Functions are free from hierarchical relationships with the managers in charge of the operational units and have a functional reporting line to the Anti-Money Laundering Department of the Parent Company.

In view of the centralised model adopted at Group level, the Bank's Head of Anti-Money Laundering is also designated as Head of the Group Anti-Money Laundering Function and works with the Heads of the Anti-Money Laundering Functions and the internal counterparts of the Group companies, including those abroad, to ensure that they perform their duties in a coordinated manner and in accordance with policies and procedures consistent with those of the Group.

To ensure the operational continuity of the Anti-Money Laundering (AML) Function, the Parent Company has established organisational solutions to deal with the absence of the Head of AML, in accordance with the delegations defined in internal documents.

The responsibilities and duties of both the AML Function and its Head are set out in the internal document "Group Directive on the Prevention and Countering of Money Laundering and Terrorism Financing", in accordance with the provisions of the Bank of Italy Regulation. Meanwhile, the risk governance model for money laundering adopted by the Parent Company is formalised in the "Group Policy for the Governance of Money Laundering and Terrorism Financing Risk", which defines general standards for the procedures and controls adopted by the Parent Company to ensure compliance with AML/CFT regulations throughout the Group, covering key areas of reference and ensuring consistency and information sharing at a consolidated level.

In summary, the Montepaschi Group's risk management framework in this area is mainly based on the following activities:

identification of applicable regulations, assessment of their impact on processes and procedures, and updating of the internal regulatory framework;
implementation of appropriate IT procedures to ensure effective risk management, proper due diligence, data and information retention, continuous monitoring of customers and transactions, detection of potentially suspicious activities, reporting to the Financial Intelligence Unit (FIU) and implementation of measures to freeze funds and restrict economic resources of individuals or entities subject to such sanctions under applicable regulations;
assessment of the adequacy of the risk management process and the suitability of the internal control systems, and procedures;
provision of AML and counter-terrorism training for all employees.

As required by current regulations, the AML Function submits an annual report to the Board of Directors. This report details the initiatives taken, the deficiencies identified and the corrective actions required, as well as the results of the self-assessment on money laundering and terrorism financing risks.

⁶⁰ Only the Shanghai branch.

⁶¹ Monte Paschi Banque S.A..

9.5 231 Model

The organisational model adopted by the Bank and by Group company for the prevention of risks pursuant to Italian Legislative Decree 231/2001 (or "231 Decree" or "Decree") contains the ethical and operating rules aimed at preventing the significant offences pursuant to the aforementioned Decree (the so-called "predicate offences"). It is updated periodically, or on an event-by-event basis when pre-established cases of necessity occur, such as the detection of the model's inability to prevent the offences pursuant to Legislative Decree no. 231/2001, strategic changes or changes with a significant impact within the organisational structure or processes, the addition of new offences to the scope of application of the 231 Decree, new regulations and/or legislation regarding the administrative liability of entities deemed to have a significant impact on the company's activities.

The 231 Model consists of the documents:

Group Directive for the Management of Regulatory Compliance with Italian Legislative Decree 231/2001 on administrative liability, published on the Bank's website, www.gruppomps.it/en – Corporate Governance – Governance model, at the link Direttiva 231\_2020.indd (gruppomps.it) / legislative-decree-23101.pdf to which reference should be made for detailed information on the model and the types of offences it includes;
Control protocols pursuant to Article 6 of Italian Legislative Decree 231/2001;
Group Code of Ethics, published on the Bank's website at www.gruppomps.it/en Corporate Governance Governance Model;
Management of regulatory compliance with Italian Legislative Decree 231/2001 on administrative liability MPS Group Corruption prevention rules, published on the Bank's website www.gruppomps.it/en – Corporate Governance – Governance Model.

In particular, the Control Protocols available on the company intranet explain, for each corporate organisational unit, the predicate offences that can theoretically be committed, the control measures in place, as well as references to the relevant internal company regulations.

9.5.1 231 Supervisory Body

The Board of Directors has appointed a 231 Supervisory Body with the task of supervising the effectiveness of and compliance with the 231 Model and ensuring that it is kept updated. The 231 Supervisory Body is provided with constant information in order to carry out ongoing supervision of activities with a risk committing offences pursuant to Legislative Decree 231/2001.

The 231 Supervisory Body, which is separate from the Board of Statutory Auditors, has its own internal regulations governing its duties, composition and operating procedures, and its own reporting flows with the Board of Directors, the Board of Statutory Auditors and the 231 Supervisory Bodies of the subsidiaries.

The Board of Directors considered it appropriate to establish a "mixed" 231 SB, composed of at least three members (meeting the requirements of reputation, independence and professionalism), which include two external professionals and a member of the Board of Directors who meets the independence requirements. Both genders must be represented in the SB by at least one member, provided that the necessary competencies to fulfil the role and ensure the effective performance of related duties are met.

The members of the SB serve for the term determined by the Board at the time of their appointment. In the absence of a specific determination by the Board, the SB remains in office for the full term of the Board that appointed it. However, if it is not possible to renew the composition of the SB at the end of its term of office and at the same time as renewing the management body, the existing members - including the Director serving on the SB who ceases to be a Director as a result of the expiry of their mandate - will continue to perform their duties on a pro tempore basis until the new SB is appointed.

Composition and operations of the 231 Supervisory Body

The following table shows the composition of the Committee at the date of this Report, together with any changes that occurred up to that date.

Members	Office	Qualification
Guglielmetti Romina	Chairperson	External professional
De Martini Paola (*) (1)	Member	Independent Director
Tognozzi Gianluca	Member	External professional
Members who resigned
Fabris de Fabris Paolo (*) (2)	Member	Member of the Board of Directors

(1) Appointed as a member of the Committee on 5 February 2025.

(2) Resigned on 17 December 2024.

In exercising its functions, the 231 Supervisory Body is guided by the principles of independence, autonomy, professionalism and continuity; it has autonomous powers of initiative and control, including powers of inspection and monitoring, which may be exercised without the need for prior authorisation. This includes the power to request and receive information from every level and operational sector of the Bank, making use of the relevant Bank Functions, and to have access to documents deemed relevant for the purposes of 231. In exercising its independent powers of initiative and control, it avails itself of specialised tools and techniques in order to be able to perform the activities for which it is responsible, using also internal and/or external specialised collaborations.

Each year, the Board of Directors provides the 231 Supervisory Board with the financial resources it requires in order to acquire the services and consulting needed for the discharge of its institutional duties.

It is the recipient of the information which must be reported under the 231 Model, particularly regarding the communication of information on the perpetration or attempted perpetration – in the interest or to the advantage of the Bank – of the offences set out in Legislative Decree no. 231/2001, as well as any violations of the rules of conduct laid down in the 231 Model and in the Code of Ethics. To protect its full autonomy and confidentiality, reports may be made directly to the 231 Supervisory Body through a dedicated electronic channel (the Supervisory Body's email inbox), as indicated in the corporate websites of the Parent Company and of all the other Group companies.

In carrying out its duties with respect to the 231 Model, the 231 Supervisory Body:

assesses the adequacy of the Model, that is, its essential capacity to prevent conducts which do not comply with the law;
monitors the efficiency and effectiveness of the Model, verifying coherence between the actual conduct and the Model, and reports any violations to the Board and the Board of Statutory Auditors;
analyses the Model's ongoing reliability and efficiency, with specific reference to organisational changes and newly emerging risks;
updates the Model, presenting its proposals for amendments to the Board and verifying the implementation and effectiveness of the solutions adopted;
promotes initiatives to increase awareness and comprehension of the Model by all Bank staff and Top Corporate Bodies and plans and monitors the relevant training activities following any amendments and/or supplements to the 231 Decree.

Moreover:

on a yearly basis, it prepares a plan of assessments to be conducted with the support of the Bank's internal control functions, informing both the Board of Directors and the Board of Statutory Auditors;
it reports to the Board of Directors on the activities carried out in good time for examination of the documentation at the time of the approval of the Bank's financial statements and half-yearly financial report;
considering that each Group company has its own specific 231 Model and its own 231 Supervisory Body, the SB provides guidance for the implementation and updating of the 231 Model company and coordinates the relevant 231 Supervisory Bodies.

Activities in 2024

In 2024, certain amendments were made to the Regulations of the Supervisory Body (SB) in order to align them with the Regulations of the Board Committees, in particular with regard to: (i) the fit and proper requirements of reputation, professionalism and independence for the members of the Committee, with provisions for periodic reviews, at least annually and ideally coinciding with the periodic review of requirements for the members of the Board; (ii) the grounds for ineligibility and disqualification.

In order to fulfil its responsibility to monitor the operation of and compliance with the model and to ensure its regular updating, the SB is the recipient of the information flows set out in the internal rules.

The activities to update the BMPS 231 Model, approved by the Board resolution of 29 February 2024, have been completed. These activities included:

revision of the general documents of the BMPS 231 Model (Group Directive on the Administrative Liability of Entities, Montepaschi Group Code of Ethics, Anti-Corruption Rules document);
performance of the 231 risk self-assessments by the Bank's operational structures, the results of which were presented to the SB;
updating the 231 Protocols of the Bank's operational structures, identifying the 231 risks associated with the responsibilities of each business unit and the measures taken to mitigate them;
performance of the 231 Risk Self-Assessment by the Board of Directors, the results of which were reviewed at the Board of Directors' meeting on 6 May 2024, with no critical issues identified.

Following the approval of the update of the 231 Model, activities were launched to update specific training courses on the administrative liability of companies under Legislative Decree 231/2001, the Code of Ethics and anti-corruption measures. These courses are currently being delivered to all employees.

9.6 Independent Auditors

The firm PricewaterhouseCoopers S.p.A. (the "Independent Auditor") has been appointed to carry out the statutory audit of the Bank's accounts for the period 2020-2028. The task and the related remuneration were assigned by the Shareholders' Meeting of 11 April 2019, in accordance with Article 13 of the By-Laws and the Consolidated Law on the Statutory Audit of Accounts.

The same Auditing Firm has been assigned a limited assurance engagement to verify the compliance of the Bank's Sustainability Report with the relevant regulations and European Sustainability Reporting Standards (ESRS) for the period 2024- 2028. The mandate and corresponding fee were approved by the Board of Directors at its meeting on 23 January 2025, following a reasoned proposal by the Board of Statutory Auditors.

The Independent Auditor liaises with the Financial Reporting Officer in order to maintain an ongoing dialogue and exchange information on the administrative and accounting procedures and on the "Financial reporting process"62, as well as with the corporate bodies and Board Committees, in accordance with the applicable provisions in force.

Once a year, the Independent Auditor issues an opinion in a specific report on the annual financial statements as at 31 December and on the interim financial statements as at 30 June. During the financial year, it also checks that the Company's accounts have been kept properly and that transactions have been correctly recorded in the accounts. The audit report on the financial statements includes the key aspects of the audit, i.e. those aspects which, in the auditor's professional judgement, are considered to be the most important in the context of the audit. The audit report also expresses an opinion on the consistency of the management report with the financial statements and on certain specific information contained in the Report on Corporate Governance and the Shareholding Structure and its compliance with legal requirements.

The findings presented by the Independent Auditor in the additional report as per Article 11 of European Regulation n. 537/2014, addressed to the Board of Statutory Auditors along with any recommendations, are sent to the Board of Directors for appropriate evaluation, with the prior opinion of the Risk and Sustainability Committee.

⁶² See Section 9.7 "Financial Reporting Process – Main features of the risk management and internal control system pursuant to Article 123-bis, paragraph 2, letter b) of the TUF".

Report on Corporate Governance and the Shareholding Structure 2024 - 9. Internal Control and Risk Management System – Risk and Sustainability Committee – IT and Digitalisation Committee

9.7 Financial Reporting Officer and other Corporate Roles and Functions

The Board of Directors, assisted by the Nominations Committee, has appointed, upon the proposal of the General Manager and after obtaining the mandatory opinion of the Board of Statutory Auditors, the Bank's Financial Reporting Officer, selected from among the company managers with proven accounting and financial experience, conferring upon this person appropriate powers and resources to perform the tasks assigned to them by law (as set out in Article 29 of the By-Laws, in compliance with Article 154-bis of the Consolidated Law on Finance).

Since November 2016, the Financial Reporting Officer has been Nicola Massimo Clarelli, who meets the requirements of reputation in accordance with the standards of integrity and competence in relation to the duties of the role and the size and operational characteristics of the Bank, as verified by the Board of Directors with the support of the Nominations Committee, in accordance with Article 2063 of MEF Decree no. 169/2020 and the Company's internal regulations contained in the Group Directive on Suitability Requirements.

Starting from 31 December 2024, with the entry into force of Legislative Decree no. 125/2024, which transposes Directive 2022/2464/EU (the so-called Corporate Sustainability Reporting Directive - CSRD)⁶⁴ into national law, the new paragraph 5-ter introduced in Article 154-bis of the TUF requires the issuance of a specific report in which the delegated administrative bodies and the Financial Reporting Officer of the Issuer subject to sustainability reporting requirements certify the compliance of the Sustainability Report included in the Annual Report with the European Sustainability Reporting Standards (ESRS).

For the purposes of the financial reporting checks, the Financial Reporting Officer prepares appropriate accounting administrative procedures for the drawing up of the financial statements and declares, with a special report (pursuant to Article 81-ter of the CONSOB Issuer Regulation) attached to the financial statements and the consolidated financial statements:

the adequacy of the internal control system, in relation to the administrative and accounting procedures and their actual application during the period to which the accounting documents refer;
compliance with the applicable international accounting standards recognised by the European Union pursuant to EC Regulation no.1606/2002 of the European Parliament and the Council dated 19 July 2002;
that they correspond to the book and accounting entries and that they provide a true and accurate representation of the equity, economic and financial position of the Bank;
that the management report includes a reliable analysis of operational performance and results together with a description of the main risks and uncertainties to which the Bank and the business included in the consolidation are exposed.

For the documents, communications and accounting disclosures (including interim) disclosed to the market, this Financial Reporting Officer also prepares a declaration confirming correspondence of the disclosures with the accounting records, the accounting books and the documents.

The above declarations are provided together with the Board of Directors, which normally delegates one of its members (usually the Chief Executive Officer).

With regard to financial disclosure, the Board of Directors has also approved, through a specific Directive, an internal model for the evaluation of the adequacy of the internal control system for administration and accounting and the verification of its effectiveness; this model takes as a reference the main frameworks at the international level (COBIT and CoSo Reports).

In accordance with the model provided for in this Directive and for the purposes set out above, the Financial Reporting Officer has been vested with the organisational and management powers necessary for the performance of the tasks assigned to him on the basis of the regulations in force and the By-Laws. In particular, the Financial Reporting Officer has free and direct access to all the information necessary for the preparation of the accounting data, without the need for any authorisation; he supervises the Company's procedures that have an impact on the economic, equity and financial situation of the Group, and may request binding changes in the event of criticality.

In order to exercise the powers conferred on him, the Chief Financial Officer is authorised to organise an appropriate support structure within his area of activity and to prepare a specific dedicated budget, informing the Board of Directors through the ordinary human resources and finance management procedures.

The Board of Directors monitors the adequacy of the powers and resources vested in the Financial Reporting Officer for the performance of the duties laid down by law and, if it considers that they are not sufficient for the performance of those duties or are not effective, it must ensure that they are supplemented and/or made effective; the Financial Reporting Officer reports periodically to the Board of Directors on this matter.

⁶³ Rules applicable to Heads of key Business Functions in larger or more operationally complex banks.

⁶⁴ The aim of this Directive is to increase the level of harmonisation of non-financial reporting rules and to promote the dissemination of adequate information on the risks that sustainability issues pose to companies, as well as the impact of their activities on communities and the environment.

During the Year, the Financial Reporting Officer issued the confirmations and declarations required, while maintaining, as part of his own activity, all those contacts and relations with other external and internal control body, such as the Board of Statutory Auditors, the Independent Auditors, the Supervisory Authorities, the Risk and Sustainability Committee, the Committee for the coordination of functions with control tasks and the Chief Audit Executive Division.

FINANCIAL REPORTING PROCESS – Main features of the risk management and internal control system pursuant to Article 123-bis, paragraph 2, letter b) of the TUF

The Montepaschi Group's financial reporting process, which is integrated into the overall Internal Control and Risk Management System, aims to ensure the credibility⁶⁵, accuracy66, reliability67 and timeliness68 of financial reporting and thus enhances the governance of controls.

The methodological model for overseeing the risk of reliability of the financial disclosure of the Montepaschi Group is set forth within the "Group Directive regarding management of compliance with the provisions for Law 262/2005 (Savings Law)" and was developed in accordance with the "CoSo Framework" and "COBIT Framework" methodologies, for the IT component, both of which are generally accepted references internationally.

Description of the main features of the existing risk management and internal control system in relation to the financial reporting process

The Montepaschi Group is required to apply the provisions of Law 262/2005, in the dual context of BMPS' individual financial statements and the Group's consolidated financial statements. With this in mind, the Group companies have implemented the regulations and guidelines issued by the Parent Company and have defined the roles, responsibilities and expected conduct on their respective matters of competence.

The Group Internal Control System Policy defines the methods of coordination and collaboration between the functions with control tasks and the company bodies, the methods of coordination between all functions with control tasks and the flows of information between the control bodies and functions. Coordination is ensured by the role of the CEO/ Director in charge of the internal control and risk management system and the presence of the Committee for the Coordination of the Functions with Control Tasks described above, and by the coordinated and integrated management of the "areas of improvement" identified over time.

A) Stages of the existing risk management and control system in relation to the financial reporting process

The reference models indicated above and the methodological approach of the Montepaschi Group are based on two fundamental premises:

the existence of an adequate Internal Control System at corporate level able to reduce the risks of error and improper conduct in terms of the accounting and financial disclosures (Entity Level Control – ELC);
oversight and maintenance of appropriate sensitive processes for financial disclosures, through formalisation of the activities and the controls and verification in time of their adequacy and effective application.

The methodological approach was developed according to a succession of macro-phases of work that took place prior to releasing the certification, as better detailed below:

identification of the "sensitive" application perimeter (companies and accounts/processes);
assessment of the significant administrative and accounting processes69 (Risk & Control Assessment⁷⁰). The processes selected are assessed in terms of potential risk for financial disclosure purposes;
evaluation of the IT System (Information Technology General Controls ITGC). It consists of evaluating the set of rules of the technological infrastructure and IT applications supporting the administrative and accounting processes. To this end, the Montepaschi Group opted to request the ISAE 3402 Type II certification from an independent auditor for the evaluation of the design and effective operation of the IT control system;

⁶⁵ Credibility (of information): information which is correct and compliant with the generally accepted accounting principles and has the requirements demanded by applicable laws and regulations.

⁶⁶ Accuracy (of information): Information that is neutral and precise. Information is considered neutral if it is free of bias aimed at influencing the decisionmaking process of its users in order to obtain a predetermined result.

⁶⁷ Reliability (of information): information that is clear and complete enough to lead to informed investment decisions by investors. Information is considered clear if it facilitates understanding of complex aspects of the company's business, without becoming excessive or superfluous.

⁶⁸ Timeliness (of information): disclosure that meets the deadlines for its publication.

⁶⁹ The significance of information is assessed in terms of the effect that its omission or misrepresentation could have on the decisions of those to whom it is disclosed in the financial statements.

⁷⁰ In the Montepaschi Group, risk assessment pursuant to Italian Law 262/05 is placed in the "Integrated Multi Compliance" Area (Operating Risks; Italian Legislative Decree 231/01).

• assessment of the effectiveness/actual application of the key controls71 over the reporting period carried out by the structure managed by the Financial Reporting Officer and supplemented by an ISAE 3402 Type II certifications on the administrative-accounting services governed by the Bank's Back Office Function⁷².

B) Roles and functions involved

In compliance with the rules and the control process described above, an organisational model has been adopted which involves various functions and structures required to perform specific activities and roles.

Control Function, Law 262/2005 supports the Financial Reporting Officer in the operating management, updating and monitoring of the compliance process of the Group, pursuant to Law 262/2005. To this end, it carries out autonomous checks in order to ascertain the effectiveness of the controls over the administrative and accounting procedures and the actual application thereof.
Internal Audit Function interacts with the Financial Reporting Officer in assessing the adequacy of the internal control systems (ELC) and the oversight of the risks relating to the administrative and accounting processes. The function also provides the Financial Reporting Officer with useful information in terms of the facts that emerge, based on the activities carried out, with reference to the risks and the adequacy of the system of controls on the administrative and accounting process.
Organisation Function of the Parent Company and the Group companies carries out analysis and maintains the documentation (operating regulations) for the Group processes.
IT Function⁷³ manages, governs, coordinates and controls the correct operation of the Group's ICT systems. In order to ensure consistency with the methodologies identified by the Financial Reporting Officer (COBIT) it employs the ISAE 3402Type II certification.
Local 262 contact persons in the companies that are part of the perimeter: contact persons identified within the Group companies involved in "262 activities" to support the Financial Reporting Officer. In particular, the local contacts are responsible for issuing a letter – addressed to the Parent Company's Financial Reporting Officer – certifying that the data transmitted to the Parent Company conform to the results of the accounting books and records.

9.8 Coordination between parties involved in the Internal Control and Risk Management System

The Parent Company, within the context of the Group's management and coordination activities, equips the Group with a common system which permits effective control of both the Group's strategic decisions as a whole and of the management balance of the individual components.

Within this context, the Parent Company carries out the following controls:

strategic, on the evolution of the different areas of activity in which the Group operates and of the risks incumbent on the activities performed;
management, aimed at ensuring that the conditions for economic, financial and capital balance are maintained by both the individual companies and the Group as a whole; to this end, the Parent Company oversees the preparation of plans, programmes and budgets (company and Group) and, through an analysis of the periodic situations, the interim accounts, the separate financial statements of the individual companies and the consolidated financial statements;
technical-operational, aimed at assessing the various risk profiles contributed to the Group by the individual subsidiaries as well as the overall risks of the Group.

Within the Internal Control System of the Group, coordination of the various components is ensured by:

the Director in charge of the internal control and risk management system (currently the CEO), who is responsible for establishing and maintaining an effective internal control and risk management system;
the interaction between the Board of Statutory Auditors and the Risk and Sustainability Committee, which exchange all information of mutual interest and, where appropriate, coordinate in the performance of their respective duties. The Chairperson of the Board of Statutory Auditors, or another auditor designated by them, always attends the meetings of the Committee;
the Committee for the Coordination of Functions with Control Tasks (hereinafter in this paragraph, the "Committee"), which is responsible for coordination activities between these functions and implementing them a continuous basis;

⁷¹ "Key" controls are those controls whose absence or inadequacy could, in itself, have a significant impact on the correct representation of the financial information.

⁷² This includes the units that operate in the administrative-accounting area managed by the Operations Functions, as well as the Budget and Accounting organisational unit.

⁷³ Function reporting to the Chief Operating Officer.

• the collaboration between the Functions with Control Tasks, and between the latter and the Control Functions, also through interaction and participation in Management Committees, for the integrated management of the risks to which the Group is exposed;
the coordinated management of the areas of improvement originating from the Corporate Control Functions, the Control Functions and the Supervisory Authorities, with the aim of assessing their relevance and, subsequently, defining the overall intervention strategies;
the coordination in reporting activities, interrelationships and communication with the Supervisory Authorities regarding the Internal Control System;
appropriate reporting tools;
a comprehensive and well-structured mapping and standardised taxonomy of business processes and risks, designed to effectively and efficiently meet the specific needs of each function. This approach allows continuous and up-to-date alignment of processes throughout the Group and the adoption of a common language;
evaluation metrics that, while differing among the Corporate Functions with Control Responsibilities, still ensure the dissemination of a common risk management language;
the coordinated management of evaluation mechanisms that assess the effectiveness of the controls implemented by the Control Functions, in line with the mitigating actions implemented to address identified areas for improvement.

The role of Committee coordinator was assumed by the Chief Audit Executive, in line with the provisions of "Regulation no. 1 - Organisation of Banca MPS".

The CEO/ Director in charge of the internal control and risk management system is kept updated on the activities carried out by the Committee by receiving the minutes of the Committee's meetings.

The Committee meetings are an opportunity for review and discussion among the various Corporate Control Functions (in 2024, the Committee held a total of 10 meetings).

The circulation of information between the corporate bodies and the Functions with Control Tasks is essential for achieving the objectives regarding the efficiency of the management and the effectiveness of the internal control system. In addition, the preparation of adequate information flows within a timeframe commensurate with the relevance and complexity of the information ensures that the different levels of responsibility within the company organisation are fully exploited. In this respect, the Group is equipped with a mapping of information flows, last updated and streamlined in February 2024, aimed at ensuring "valuable interaction in the exercise of duties (guidance, implementation, verification and evaluation)" between the entities that make up the Group's internal control system. More specifically, the following are identified:

the vertical flows, or structured and formalised information, exchanged between the company bodies and the Functions with Control Tasks;
the horizontal flows, or structured and formalised information, exchanged between the Corporate Control Functions and the other Control Functions, both between Functions with Control Tasks and the committees with management duties.

For each identified information flow, the frequency and any applicable deadline for compliance are also defined.

In addition, coordination between the Corporate Control Functions is ensured by specific protocols - updated in 2024 - which define the procedures for the mutual transmission of these information flows.

Relations with the Supervisory Authority are managed by the individual companies of the Group and by the Parent Company to the extent of their respective responsibilities; in particular, CEO Staff and Regulatory Affairs oversees relations with the Supervisory Authorities within the framework of the Single Supervisory Mechanism and Single Resolution Board, acting as both interface and coordinator.

In compliance with the obligations set out in the Supervisory Provisions on the Internal Control System the Parent Company coordinates and provides the Supervisory Authorities with an annual report on the activities of the Corporate Control Functions across all banks within the Group. The report of the Internal Audit Function also includes an assessment of the Internal Control System.

Activities in 2024

In 2024, the above reports, along with the Report on the activities conducted by the Anti-Money Laundering Department, were approved by the Board of Directors and submitted to the Bank of Italy by each of the Corporate Control Functions and to the European Supervisor by the CEO and Regulatory Affairs Staff Unit.

10. Directors' interests and transactions with related parties

The Board of Directors of the Parent Company, after obtaining the favourable opinion of the Related-Party Transactions Committee and the favourable opinion of the Board of Statutory Auditors, approved the contents of the "Group Directive governing regulatory requirements regarding related parties, connected persons and the obligations of banking officers" (hereinafter the "Related-Parties Group Directive"), which incorporates in a single document the provisions that apply to the Group regarding the regulation of conflicts of interest pursuant to:

Consob's Related Parties Regulation, implementing the power attributed to Consob by Article 2391-bis of the Civil Code in relation to the transparency and substantive and procedural correctness of transactions with related parties entered into by listed companies;
the Supervisory Provisions on Connected Persons, implementing the power attributed to the Bank of Italy by Article 53 of the TUB in relation to the conditions and limits for the banks' assumption of risks from the engaging into activities with those who can exercise, directly or indirectly, an influence over the management of the Bank or the banking group as well as entities related to them;
article 136 of the TUB on the obligations of bank executives74;
article 88 of the CRD concerning loans granted to members of the management body and their related parties75.

The Related-Parties Group Directive sets out the principles and rules for the Montepaschi Group for to manage the risk deriving from situations of possible conflict of interest with certain persons close to the Bank's decision-making centre, defining in particular the scope of related parties and connected persons, the obligations relating to the authorisation procedure for transactions with said persons, and the decisions regarding the exceptions applicable to such transactions (with the consequent exclusion of the prior opinion of the Related-Party Transactions Committee).

The Related-Parties Group Directive also defines the rules applicable to the Montepaschi Group in order to ensure constant compliance with prudential limits and decision-making procedures.

With specific reference to the provisions governing the obligations of bank officers, the Directive applies the procedure provided for in Article 136 of the TUB to the obligations undertaken directly or indirectly by the officer with the bank in which he/she exercises administrative, management or control functions.

For the purposes of the above regulations, the Bank, with the cooperation of all bank officers and other related parties, maintains a complete and up-to-date archive of significant parties in accordance with the rules on transactions with related parties and connected persons, and Article 136 of the TUB.

Also relevant to this issue are a number of provisions of the By-Laws which provide for specific information flows (Articles 17 and 19 of the By-Laws, to which reference should be made).

The Regulation of the Board of Directors also affirms the obligation of directors to inform the Board of any situation or reason which, in his or her opinion, may materially affect his or her independence of judgment, thus enabling the Board to make the evaluations and decisions required by the applicable regulations⁷⁶.

The Related-Parties Group Directive is published on the Company's website and sent to the subsidiaries for implementation. In compliance with the provisions of Consob's Related Parties Regulation and the Supervisory Provisions on Connected Persons, the procedures are published on the Bank's website and can be accessed at the following link: https:// www.gruppomps.it/corporate-governance/operazioni-con-le-parti-correlate.html.

The most significant related-party transactions in terms of amount carried out by the Bank in 2024 are described in detail in Part H of the Notes to the Financial Statements as at 31 December 2024.

The document "Rules on personal transactions in the provision of investment services", approved by the Board of Directors, outlines the Group's general principles and rules to ensure compliance with the rules regarding personal transactions in the provision of investment services (Article 91 of the Intermediaries Regulation, adopted by Consob with resolution

76 For information on internal controls and corporate governance policies, see Section 4.

⁷⁴ Article 136 of the TUB establishes that persons performing administrative, managerial or control functions in a bank may not enter into obligations of any kind or directly or indirectly enter into purchase or sale agreements with the bank which they administer, manage or control, without a prior resolution adopted unanimously by the administrative body - with the exclusion of the vote of the bank officer concerned – and a favourable vote of all the members of the control body, without prejudice to the obligations laid down in the Civil Code on directors' interests and related-party transactions, and in Article 53 of the TUB.

⁷⁵ Article 88 of the CRD requires banks to ensure that "data on loans to members of the management body and their related parties are properly documented and made available to competent authorities upon request". The provision provides for a specific definition of "members of the management body" and their "related party".

no. 20307 of 15 February 2018) by relevant persons, i.e., those who are involved in activities that may give rise to conflicts of interest in the performance of investment services or who have access to privileged or confidential information. The personal transactions carried out by such persons, both at Group banks and through third-party intermediaries, are filed in a special electronic "Register".

As of 2019, the Bank has adopted a "Group Directive governing regulatory requirements regarding the conflict of interest of personnel", most recently updated in September 2024, which sets out the MPS Group's policy aimed at identifying and preventing or managing any financial or non-financial conflicts of interest of "personnel", including members of the Board of Directors, that could affect the performance of their duties and responsibilities, adopting measures pursuant to Bank of Italy Circular 285/2013, the EBA Guidelines on the internal governance of Banks and Investment Firms (section 12), taking also account of Articles 2391 and 2629 of the Italian Civil Code as well as the provisions of Articles 53 and 136 of the TUB and the regulations on related-party transactions.

10.1 Related-Party Transactions Committee

Composition and operations (as per Article 123-bis, paragraph 2, letter d) of the TUF)

The following table shows the composition of the Committee at the date of this Report, together with any changes that occurred up to that date.

Members	Office	List M/m (1)	Non-executive	Meetings in 2024 (2)
Panucci Marcella (*) (3)	Chairperson	n.a.	X	0/0
Lombardi Domenico (*) (3)	Member	M	X	0/0
Oriani Raffaele (*) (3)	Member	n.a.	X	0/0
Sala Renato (*) (4)	Member	M	X	1/1
Tadolini Barbara (*) (3)	Member	n.a.	X	0/0
Directors who resigned
Barzaghi Alessandra (*) (5)	Member	m	X	9/9
Fabris de Fabris Paolo (*) (6)	Member	M	X	8/8
De Martini Paola (*) (7)	Chairperson	m	X	1/1
Foti Belligambi Lucia (*) (6)	Member	M	X	8/8
Negri-Clementi Anna Paola (*) (6)	Chairperson	M	X	8/8
Visconti Donatella (*) (6)	Member	M	X	8/8

Director who meets the independence requirements established by Article 15 of the By-Laws: independence requirements established by Article 147-ter and Article 148, paragraph 3 of the TUF, Article 13 of MEF Decree no. 169/2020 and Article 2 of the Corporate Governance Code.

(1) Director elected from the majority list ("M") or minority list ("m").

(2) Number of meetings attended by the Director out of the total number of meetings held during the financial year.

(3) Appointed as member of the Committee on 5 February 2025.

(4) Appointed as member of the Committee on 27 December 2024.

(5) Committee member until 5 February 2025.

(6) Resigned on 17 December 2024.

(7) Member and Chairperson of the Committee from 27 December 2024 to 5 February 2025.

Participating in the work of the Committee

The Chairperson of the Board of Directors, the Chief Executive Officer and the General Manager may be invited to attend the meetings of the Committee when deemed appropriate in view of the matters under discussion; the other members of the Board of Directors may attend the meetings of the Committee upon specific request to the Chairperson of the Committee or at the invitation of the Chairperson.

Members of the Control Body (i.e. the Board of Statutory Auditors) may attend the meetings of the Committee.

The Bank's Chief Compliance Executive is formally and regularly informed of the Committee's meeting agenda. He/she may decide, at his/her discretion, to attend meetings and has access to and visibility of the relevant documents of each Committee meeting.

If deemed appropriate and depending on the subject under discussion, the Chairperson may invite the Corporate Functions that prepared and/or formulated the proposal, one or more representatives of senior management, as well as the other Heads of the Bank's Functions and third parties (for example, but not limited to, an independent expert) to participate in the Committee's work.

In carrying out its duties, the Committee may also use the services of independent external experts, with costs borne by the Bank.

Functions attributed to the Related-Party Transactions Committee

The Committee carries out the activities and tasks assigned to it by the Bank's internal regulations approved by the Board of Directors and, in particular, by the Directive and the "Group Regulation on regulatory requirements regarding related parties, connected persons and the obligations of banking officers", adopted pursuant to Consob's Related Parties Regulation, the Supervisory Provisions on Connected Persons and Article 136 of the TUB ("Obligations of banking officers"), published on the Bank's website.

In particular, the Committee:

provides a prior analytical and reasoned opinion on the overall appropriateness of the structures and measures put in place in relation to the objectives of the supervisory regulations rules when approving and updating the Related Parties Directive. The Committee's opinion is binding on the Board of Directors' decisions and is also given in the event that the Compliance Function, on the occasion of the annual review of the Directive, deems it unnecessary to amend it;
assesses the transactions of minor and major importance carried out by the Bank that do not fall within the cases of exemption, issuing a reasoned opinion on the interest of the company in carrying out the transaction, as well as the economic convenience of the transaction and the substantial correctness of the conditions applied;
once the analysis on the existence of the requirements of interest and economic convenience of the transaction and substantial correctness of its conditions is completed, the Committee issues its opinion which can be favourable/ subject to observations/contrary;
provides its opinion in the cases required by the Directive in relation to the transactions to be carried out by the subsidiaries of the Bank;
monitors the transactions carried out, including ordinary transactions of minor significance that are concluded at arm's length or standard conditions, which are subject to periodic reporting;
issues a binding opinion, which is analytical and justified, regarding the amendments to the Bank's By-Laws which refer to the issue of related parties and connected parties, where required by the supervisory regulations;
carries out a role in which it evaluates, supports and recommends on issues of organization and conducting internal controls on the overall activity of assuming and managing risks with related parties and connected parties, verifying the coherence of the activity carried out with the strategic and operating guidelines;
when updating the control policies in accordance with the relevant supervisory provisions, issues a prior binding, analytical and reasoned opinion, also in relation to their suitability for achieving the objectives of the supervisory regulations;
provides a prior binding opinion on the proposal to the Board of Directors regarding the definition of operational limits with regard to connected persons, in accordance with the Risk Appetite as periodically defined by the specific internal rules in force.

Activities in 2024

The main activities carried out by the Committee in 2024 were as follows:

examination and issue of a prior opinion to the competent decision-making bodies regarding proposals for transactions with related parties and connected persons;
examination of quarterly reports prepared by the Compliance Division on transactions with related and connected parties;
examination of quarterly reports prepared by the Chief Risk Officer Division on the consolidated analysis of risks to connected parties;
deep-dive meetings regarding commercial agreements for the relevant profiles;
"Group Risk Appetite Statement 2024" limits for operations with Connected Persons;
assessment and periodic review of the Group Directive on managing regulatory compliance regarding related parties, connected persons, and the obligations of bank officers.

The Committee also reported quarterly to the Board of Directors and Board of Statutory Auditors on activities carried out.

The minutes of the Committee meeting were approved and provided to the Board of Directors and the Board of Statutory Auditors through a secure process.

The meetings of the Related-Party Transactions Committee in 2024

(*) In addition to scheduled meetings, the Committee shall meet at the request of the Chairperson whenever matters within its purview require discussion.

The meetings of the Related-Party Transactions Committee in the period 2022-2024

(*) Information on each Director's attendance at the Committee meetings in 2024 is provided in the first table of the Section.

11. Board of Statutory Auditors

The Board of Statutory Auditors, as a control body with functions also as an "Audit Committee" or "Internal Control and Audit Committee" as defined in the Consolidated Law on the Statutory Audit of Accounts, oversees compliance with legal, regulatory and statutory provisions, proper administration, the adequacy of the organisational, control and administrative-accounting structures of the Company, the statutory audit of the accounts, the concrete implementation of the corporate governance rules provided for in the Corporate Governance Code, and the adequacy of the instructions given by the Bank to its subsidiaries in accordance with Article 114, paragraph 2 of the TUF.

11.1 Appointment and replacement

Presentation of lists of candidates

The Board of Statutory Auditors is appointed by the Shareholders' Meeting in accordance with the procedure and methods laid down in Article 25 of the By-Laws. It is composed of three standing auditors and two alternate auditors, who serve a three-year term. Their mandate expires on the date of the Shareholders' Meeting called to approve the financial statements for the last year of their term. They may be re-elected.

The election of the Control Body takes place on the basis of lists submitted by shareholders who, either individually or together with other shareholders, collectively hold shares representing at least 1% of the Company's share capital with voting rights at the Ordinary Shareholders' Meeting (without prejudice to the application of a different threshold required by law) and in accordance with the procedures outlined below.

The lists submitted by the shareholders are divided into two sections: one for the appointment of the standing auditors and one for the appointment of the alternate auditors. The candidates must be listed by progressive number and their number must not exceed the number of members to be elected. The lists with a number of candidates equal to or above three must include candidates of different gender in the first two places of the list under the section of the candidates for the office of standing auditors, as provided for in the notice of call of the Shareholders' Meeting, in compliance with the applicable laws and regulations in force at the time on gender balance. If the section of the alternate auditors of the above lists has two candidates, they must be of different gender.

Each shareholder may submit or participate in the submission of only one list, and each candidate may appear on only one list, under penalty of ineligibility.

The notice convening the Shareholders' Meeting specifies the deadline for the submission of lists of candidates to the Company and their subsequent publication; it also specifies, as applicable, the documents to be submitted with the lists in accordance with the law, including the regulations in force from time to time. The lack of documentation regarding an individual candidate on a list does not automatically result in the exclusion of the entire list, but only of the candidate concerned.

Lists submitted that do not comply with the statutory provisions cannot be voted.

For further details, please refer to Article 25 of the By-Laws.

Election of candidates

Each shareholder entitled to vote may vote only one list.

The appointment of the members of the Board of Statutory Auditors - whose composition is based on diversity criteria defined by the Bank pursuant to applicable legal and regulatory provisions and in compliance with the Corporate Governance Code (Recommendation no. 8) – is carried out as detailed below:

a) the first two candidates of the list which has obtained the majority of votes and the first candidate of the list ranking second by number of votes which is not related, directly or indirectly, pursuant to the applicable laws and regulations in force at the time, to the parties who submitted or voted the list ranking first by number of votes shall be elected as standing auditors;
b) the first candidate of the list which has obtained the majority of votes and the first candidate or the second candidate if the first is of the same gender as the first candidate of the list which has obtained the highest number of votes - of the list ranking second by number of votes which is not related, directly or indirectly, pursuant to the applicable laws and regulations in force at the time, to the parties who submitted or voted the list ranking first by number of votes shall be elected as alternate auditors;
c) in the case of parity of votes between the first two or more lists, the Shareholders' Meeting shall hold a new voting, voting only the lists with equal votes. The same rule shall apply in the case of parity between the lists ranking second by number of votes which are not related, directly or indirectly, pursuant to applicable laws and regulations, to the parties who submitted or voted the list ranking first by number of votes;
d) if an elected candidate cannot accept the appointment, the first non-elected candidate in the list of the candidate who did not accept shall be appointed;
e) the standing auditor taken from the list ranking second by number of votes, and that is not directly or indirectly connected, pursuant to the applicable laws and regulations in force at the time, to the persons who submitted or voted for the list ranking first by number of votes shall be elected Chairperson, provided that they meet the specific professional requirements required by the applicable laws and regulations in force at the time.

Replacement of members of the Board of Statutory Auditors

In the event of the death, resignation or termination of the Chairperson of the Board of Statutory Auditors, the alternate auditor elected from the list ranking second by number of votes, which, in accordance with the laws and regulations in force, is not directly or indirectly related to the persons who submitted or voted for the list ranking first by number of votes, shall take over the office of Chairperson until the Board is integrated by the Shareholders' Meeting in compliance with Article 2401 of the Italian Civil Code.

In the event of death, resignation or termination of a standing auditor, he/she shall be replaced by an alternate belonging to the same list as the auditor being replaced.

Based upon the above appointment criteria for the alternate auditors, in the event that gender balance is not complied with, the alternate auditor of the least represented gender shall take office regardless of whether he/she is included in the same list as the auditor being replaced.

In order to appoint auditors who have not been appointed for any reason whatsoever according to the above-mentioned process, the Shareholders' Meeting resolves by the majority provided for by law, without prejudice to the principle of necessary representation of minority shareholders and the principle of gender balance provided for by legislation in force.

The appointment of Statutory Auditors for the purpose of completing the Board pursuant to Article 2401 of the Civil Code is resolved upon by the Shareholders' Meeting by relative majority. However, it is understood that the principle of necessary representation of minority shareholders shall be complied with as well as the principle of gender balance provided for by the legislation in force at the time.

Suitability Requirements and disqualification from the office

Individuals who are in situations of incompatibility, as defined by law, or who do not meet the requirements and/or fail to comply with the established eligibility criteria cannot be appointed as auditors or, if appointed, are removed from office. This is without prejudice to the limits on the number of offices held and the time commitment required for the role, as set out in the national and supranational legal and regulatory provisions in force at the time77.

At least one Statutory Auditor and at least one alternate auditor, appointed according to the list voting procedure, must be registered in the register of statutory accountants and have carried out statutory auditing for at least three years.

Auditors may not hold positions in other banks, except for those belonging to the Montepaschi Group or those where there is joint control. Furthermore, they may not hold positions in corporate bodies other than control bodies within other companies of the Group or in companies where the Bank holds, even indirectly, a strategic shareholding.

The members of the Board of Statutory Auditors can be removed from office by the Shareholders' Meeting only in the cases and according to the procedures provided for by law and, therefore, only due to just cause and by means of a resolution approved by court order, after hearing the person concerned.

77 See the regulatory and self-regulatory framework applicable to the Bank regarding the Suitability Requirements for directors and auditors.

11.2 Composition and operations of the Board of Statutory Auditors

The current Board of Statutory Auditors was appointed by the Shareholders' Meeting of 20 April 2023 for the financial years 2023-2024-2025 and was subsequently supplemented by the Shareholders' Meeting of 11 April 2024 following the resignation of certain auditors, as described below. It will remain in office until the date of the Shareholders' Meeting called to approve the financial statements for 2025.

Three lists of candidates for members of the Board of Statutory Auditors were submitted to the Shareholders' Meeting of 20 April 2023. In accordance with the criteria set out in the By-Laws and the regulations, which were applied to ensure gender diversity and the presence of representatives proposed by minority shareholders, three candidates from the majority list (list no. 1) and two candidates from the minority list receiving the second highest number of votes (list no. 2) were elected as members of the new Board of Statutory Auditors).

The table summarises the details of the resolutions adopted by the Shareholders' Meeting with regard to the three lists of candidates submitted by the shareholders:

List of candidates78	Shareholder	Candidates	Votes obtained by the list at the Shareholders' Meeting
List no. 1 - majority list	Ministry of Economy and Finance hold er of 809,130,220 shares (64.23% of the share capital)	Roberto Serrentino (Standing auditor) - elected Lavinia Linguanti (Standing auditor) – elected Pierpaolo Cotone (Alternate auditor) - elected Valeria Giancola (Alternate auditor)	Total votes 840,898,303 accounting for 80.977787% of the shares entitled to vote and counted and 66.7544% of the share capital.
List no. 2 - minority list	List presented by investment fund managers collectively holding 17,401,244 shares (1.38139% of the share capital).	Enrico Ciai (Chairperson) - elected Piera Vitali (Alternate auditor) - elected	Total votes 157,511,551 accounting for 15.168228% of the shares entitled to vote and counted and 12.503996% of the share capital.
List no. 3 - minority list	Fondazione Monte dei Paschi di Siena, Compagnia di San Paolo, Fondazione Cariplo, Fondazione Cassa dei Rispar mi di Forlì, Fondazione Cassa di Ris parmio di Cuneo, Fondazione Cassa di Risparmio di Firenze, Fondazione Cas sa di Risparmio di Lucca, Fondazione Cassa di Risparmio di Pistoia e Pescia, Fondazione Cassa di Risparmio di Tori no, Fondazione di Sardegna, collective ly holding 29,037,771 shares (2.305 % of the share capital)	Paolo Prandi (Standing auditor) Antonella Giachetti (Standing auditor) Antonia Coppola (Alternate auditor) Simone Ennio Zucchetti (Alternate auditor)	Total votes 39,531,994 accounting for 3.806897% of the shares entitled to vote and counted and 3.138233% of the share capital.

At the Shareholders' Meeting of 11 April 2024 following the resignations of Alternate Auditor Piera Vitali on 2 May 2023 and of Standing Auditor Roberto Serrentino on 15 May 2023, and in accordance with the applicable statutory and regulatory provisions - while ensuring the necessary representation of minority shareholders and compliance with the gender balance requirements in force at the time - the following appointments were made for the remainder of the current mandate: Giacomo Granata was appointed as Standing Auditor, based on a proposal submitted by the Ministry of Economy and Finance (MEF) on 27 March 2024, and Paola Lucia Isabella Giordano was appointed as Alternate Auditor, based on a proposal submitted by institutional shareholders/investors on 25 March 2024. In addition, Pierpaolo Cotone, who had assumed the role of Standing Auditor on 15 May 2023, following the resignation of Roberto Serrentino, returned to his previous position as Alternate Auditor as of 11 April 2024.

⁷⁸ On 27 March 2023, the Board of Directors, in compliance with Article 148, para. 2 of the TUF and Article 144-quinquies of the Consob Issuer Regulation and considering the recommendations contained in Consob's Notification DEM/9017893 of 26 February 2009, assessed and declared that, to the Bank's knowledge, there existed no material relationships of affiliation between the parties that submitted the so-called "minority list" for the election of the Board of Directors – identified above as List. No. 2 and List no. 3 – and the controlling shareholder, the MEF.

Report on Corporate Governance and the Shareholding Structure 2024 - 11. Board of Statutory Auditors

The following table shows the composition of the Board of Statutory Auditors at the date of this Report.

	Members	Office
1	Ciai Enrico	Chairperson
2	Linguanti Lavinia	Standing auditor
3	Granata Giacomo	Standing auditor
4	Cotone Pierpaolo	Alternate auditor
5	Giordano Paola Lucia Isabella	Alternate auditor

A summary of the personal and professional background of each of the current Standing Auditors, highlighting their expertise and professional experience, is available on the Bank's website at www.gruppomps.it/en - Corporate Governance - Board of Statutory Auditors.

Independence

None of the members of the Board of Statutory Auditors is related to other members of the Board of Statutory Auditors, members of the Board of Directors, the Financial Reporting Officer, the General Manager or the main executives of the company.

The number and the type of duties covered by the Statutory Auditors is in line with the regulations governing the limits on the maximum number of positions for members of Control Bodies, as set forth in Title V-bis, Section V, Chapter II of the Consob Issuer Regulation and in Article 17 of MEF Decree no. 169/2020.

In compliance with current legislation (Article 26 of the TUB, Article 148 of the TUF, combined with Articles 13, 14 and 15 of Ministerial Decree no. 169/2020) and the Corporate Governance Code (Recommendation no. 9), during the year the Board of Statutory Auditors verified that its members meet the independence requirements.

The results of the assessment were communicated to the Board of Directors, as required by the Code itself.

Notwithstanding the above, the Board of Statutory Auditors is required to review its independence at least once a year and, in any event, whenever a situation arises that could compromise its continued independence.

The Board of Statutory Auditors has also verified that its composition complies with the qualitative and quantitative composition indicated as optimal in the document "Guidelines to Shareholders on the Qualitative and Quantitative Composition of the Board of Statutory Auditors", which was approved by the outgoing Board of Statutory Auditors in preparation for the Shareholders' Meeting of 20 April 2023 and made available to shareholders through its publication on the website www. gruppomps.it/en -Shareholders' Meetings and BoD.

For further information on the composition of the Board of Statutory Auditors in 2024, please refer to the section Tables - Table No. 2.

Diversity criteria and policies in the composition of the Board of Statutory Auditors

With regard to gender diversity, the By-Laws stipulate that the composition of the Board of Statutory Auditors must ensure a gender balance in accordance with the applicable legislation. In this regard, it should be noted that the gender balance regulations, which came into force on 1 January 2020, require that the less represented gender must constitute at least two-fifths of the members of the management and control bodies of listed companies. It is further specified that in cases such as BMPS, where the control body consists of three members, the number must be rounded down to the nearest whole number79.

Compliance with this criterion is ensured by the By-Laws, to which reference should be made.

Furthermore, the composition of the Board of Directors complies with the provisions of MEF Decree no. 169/2020, which requires appropriate diversification in terms of age, gender, length of service and skills.

In accordance with the above, the Board of Statutory Auditors of the BMPS is composed of one third of female members and two thirds of male members. Furthermore, the relative heterogeneity of the professional profile of the auditors and their respective tenures confirms that the Board of Statutory Auditors is sufficiently diversified.

⁷⁹ Recommendation no. 8 of the Corporate Governance Code establishes that at least one third of these corporate bodies must be composed of members of the less represented gender. The Supervisory Corporate Governance Provisions require that the number of members of the less-represented gender must account for at least 33% of the corporate body, rounding down to the nearest whole number if the first decimal is equal to or less than 5.

For further details on this topic, please refer to section 4.3, which outlines the "Diversity Policy on the Composition of Corporate Bodies" formalised by the Bank in February 2025.

Diversity in the composition of the Board of Statutory Auditors

Operations of the Board of Statutory Auditors

The operations of the Board of Statutory Auditors are governed, subject to legal provisions, by the Company's By-Laws and by a specific Regulation approved by the same Control Body, outlining the rules and procedures for the corporate governance concerning the Board of Statutory Auditors.

Pursuant to this Regulation, the Board of Statutory Auditors is normally convened before the meetings of the Board of Directors and whenever necessary to address matters within its jurisdiction.

Except in urgent cases, the notice convening the meeting is given at least three days before the date of the meeting.

With regard to supporting documents and preliminary information, the Regulation stipulates that the Chairperson of the Board of Statutory Auditors shall ensure the circulation of information by ensuring that all the Auditors receive adequate information, both in terms of quality and quantity, on the items on the agenda.

Meetings are held at the Company's registered office or at other premises of the Bank's Head Office, or elsewhere in Italy. If necessary, meetings of the Board of the Board of Statutory Auditors may be held by means of teleconferencing in accordance with the provisions of the By-Laws.

A majority of Auditors must be present for resolutions to be valid, and decisions are taken by majority vote.

The Board of Statutory Auditors may, from time to time and in relation to specific agenda items, invite persons to attend meetings whose contribution may enrich the information available to the Auditors.

With regard to the minutes of the meetings, the Regulation provides that the Chairperson, assisted by the organisational unit supporting the Board of Statutory Auditors (the Board of Statutory Auditors Staff Unit), draws up the minutes and the resolutions.

While the Board of Statutory Auditors normally operates on a collegial basis, individual activities and direct controls may be conducted as deemed necessary and appropriate. The results of its activities are recorded and transcribed in the Book of Meetings and Resolutions of the Board of Statutory Auditors.

Self-assessment of the Board of Statutory Auditors

In compliance with the Supervisory Corporate Governance Provisions for Banks and its own Regulation, the Board of Statutory Auditors underwent a self-assessment process for 2024 using the support of an external advisor (Heidrick & Struggles, an independent advisory firm, specialised and expert in corporate governance practices).

The self-assessment was, therefore, conducted though the completion of specific questionnaires given to the Auditors by the consultants as well as subsequent individual interviews.

At the end of the analysis, the Advisor produced a document presenting the results of the assessment, in which no specific areas for improvement of the Board of Statutory Auditors' operations were identified. The document provides an overall positive picture, highlighting the full and consistent adequacy of both the composition of the Board of Statutory Auditors in terms of individual members and the body as a whole - and its functioning.

Remuneration

The remuneration of the members of the Board of Statutory Auditors, including the Chairperson, is determined by the Shareholders' Meeting at the time of their appointment for the entire duration of their mandate, taking into account the role and responsibilities of this Body. The members of the Board of Statutory Auditors do not receive any form of variable remuneration. For further information, please refer to Section 8 and to the Remuneration Policy Report published on the website www.gruppomps.it/en - Corporate governance - Remuneration.

Management of Interests

In accordance with the Corporate Governance Code (Recommendation No. 37) and the Regulations of the Board of Statutory Auditors, any Statutory Auditor of BMPS who, on his or her own behalf or on behalf of third parties, has an interest in a specific transaction of the Issuer must provide prompt and exhaustive information to the other Auditors and the Chairperson of the Board of Directors about the nature, terms, origin, and extent of his or her interest.

The Statutory Auditors are also subject to the Group's Related Parties and Conflicts of Interest regulations, which set out principles and rules for managing risks arising from potential conflicts of interest with related parties or connected persons. For further details on these regulations, please refer to Section 10 of this Report.

11.3 Role of the Board of Statutory Auditors

Activities in 2024

During the year, in addition to its regular meetings, the Board of Statutory Auditors held dedicated meetings to discuss and, in some cases, decide on opinions and considerations to be presented to the Board of Directors or to the Supervisory Authorities. In other cases, these meetings were held to gather information on specific topics from the Auditor or from individual Heads of Corporate Functions.

In order to adequately perform its supervisory duties in accordance with the principles of proper administration, the Board of Statutory Auditors attended the only Ordinary Shareholders' Meeting as well as 14 meetings of the Board of Directors held during the year (with an attendance rate of 100%).

Ongoing and timely information is also exchanged with the Risk and Sustainability Committee, whose meetings are regularly attended by the Auditors. As provided for in the Regulations of this Committee, at least the Chairperson of the Board of Statutory Auditors or an Auditor appointed by them also participates in the work of the Committee. Joint meetings between the Risk and Sustainability Committee and the Board of Statutory Auditors were held during the year when deemed necessary.

The Board of Statutory Auditors consistently attended, through at least one of its members, the meetings of the Related-Party Transactions Committee, the Nominations Committee, the Remuneration Committee, and the newly established IT and Digitalisation Committee. Additionally, joint meetings between these Board Committees and the Control Body were held during the year whenever deemed necessary.

The Board of Statutory Auditors interacted constantly with the Supervisory Body pursuant to Legislative Decree no. 231/01, to which the Board of Directors resolved to assign the relevant monitoring tasks. The exchange of information with the Board of Statutory Auditors was therefore deemed appropriate and certain actions taken by the Internal Audit Function on the more critical areas were agreed on.

The Board of Statutory Auditors constantly worked with the control functions, particularly with the Internal Audit Function, both to receive the necessary assistance for the execution of its own audits, and as the recipient of all the inspection

reports received based on the agreed distribution criteria. The Statutory Auditors were thus able to assess the reliability and efficiency of the internal control system adopted by the Bank, not only based on its own corporate setup, but also as a structure overseeing a banking group. In compliance with the applicable regulations, the Board monitored the adequacy of the organisational structure of the Corporate Control Functions, including the development of the Bank's staffing levels.

The Board of the Statutory Auditors also oversaw the Issuer's administrative and accounting system through assessments conducted either directly or through the periodic exchange of information with the independent auditors, i.e. PricewaterhouseCoopers S.p.A.. As part of its own assessment of the independence of the auditing firm, the Board of Statutory Auditors did not find any critical aspects with regard to compliance with the relevant regulations, nor did it receive any such reports from PricewaterhouseCoopers.

In addition, the Board of Statutory Auditors carried out the functions of the "Internal Control and Audit Committee" established by the Consolidated Law on the Statutory Audit of Accounts, supervising the financial disclosure process and analysing the contents of the work plan provided by the independent auditors, ensuring its adequacy in relation to the Bank's size as well as organisational and business complexity.

In accordance with the applicable regulations, the Board of Statutory Auditors monitored compliance with the rules established by the legal framework on corporate sustainability reporting and the process of preparing the Sustainability Report, pursuant to Legislative Decree no. 125/2024. To this end, the Board of Statutory Auditors monitored the adequacy of the organisational, administrative, reporting and control systems in place to ensure the correct and comprehensive presentation in the individual and/or consolidated sustainability reports of "the information necessary to understand both the impact of the Issuer on sustainability issues and the impact of sustainability issues on the performance, results and position of the Bank" (Article 3, paragraph 1, Article 4, paragraph 1 and Article 10, paragraph 1 of Legislative Decree 125/2024).

In the course of 2024, the Board of Statutory Auditors continuously monitored the implementation of the strategic operations, and the activities aimed at aligning with the recommendations of the ECB as indicated in the SREP Decision, as well as the actions initiated by management to fulfil the requirements and recommendations of the Authority as outlined in the same Decision. The Board of Statutory Auditors also conducted specific in-depth assessments of the findings from inspections carried out by domestic and foreign Supervisory Authorities. Particular attention was given, inter alia, to monitoring the additional commitments made by the Bank with the Supervisory Authorities regarding all remedial actions identified to address their concerns, as well as the ongoing development of initiatives aimed at addressing the gaps identified by the control functions during their overall review activities.

The Board of Statutory Auditors also oversaw efforts to strengthen the governance of ICT and security risks, in line with the European Digital Operational Resilience Act (DORA) Regulation, which entered into force on 17 January 2025. This regulation addresses digital operational resilience for the financial sector and aims to consolidate and update requirements related to cyber risks, defining common rules and approaches for financial institutions and increasing the level of harmonisation in this area.

Moreover, the Auditors verified that related party transactions took place in compliance with the criteria of transparency, substantive integrity and procedural correctness, as set out in the applicable regulations.

It is the responsibility of the Control Body to verify the proper application of the criteria and procedures adopted by the Board of Directors for the assessment of the independence of its members throughout 2024, following the resolutions adopted by the Board of Directors on 23 January and 6 March 2025 (as described in section 4.7).

The Parent Company's Board of Statutory Auditors also exchanged information with the corresponding bodies of the main subsidiaries regarding their systems of administration and control and the general performance of company activities.

For more detailed information on the activities carried out by the Board of Statutory Auditors in 2024, reference is made to the Report of the Board of Statutory Auditors to the Shareholders' Meeting convened to approve the Bank's financial statements for the year ended 31 December 2024, prepared in accordance with Article 2429, second paragraph, of the Civil Code and Article 153, first paragraph, of the Consolidated Law on Finance (TUF).

With regard to training activities, in order to ensure the continuity and preservation of the experience acquired by the Board of Statutory Auditors and to continuously deepen their knowledge of the sectors in which the Bank and the Group operate, in 2024 the members of the Board of Statutory Auditors participated in both the Board Induction sessions organised by the Bank (described in section 4.5) and in training programmes provided by external providers, including industry associations, such as the training courses organised by "ABI Formazione" for members of the Boards of Statutory Auditors of banks.

As encouraged by the Bank of Italy's Supervisory Provisions and the Corporate Governance Code, the training and induction programmes also provided an opportunity for in-depth discussion of topical issues relevant to the banking system, including those related to technology and Sustainability.

Meetings of the Board of Statutory Auditors in 2024

(*) In addition to scheduled meetings, the Committee shall meet at the request of the Chairperson whenever matters within its purview require discussion. (1) Of the 43 meetings, which had an average duration of approximately 3 hours and 50 minutes, 19 were single-topic meetings with an average duration of about 1 hour. Therefore, the average duration of ordinary meetings, excluding these single-topic sessions, increases to approximately 5 hours and 50 minutes.

Meetings of the Board of Statutory Auditors in the period 2022-2024

(*) Information on each Auditor's attendance at the meetings of the Board of Statutory Auditors in 2024 is provided in the section Tables - Table No. 2: Structure of the Board of Statutory Auditors (1 January - 31 December 2024).

12. Relations with Shareholders and other key stakeholders

Access to corporate information

BMPS maintains an active relationship with its Shareholders, Investors and other key shareholders to ensure the dissemination of clear, truthful and comprehensive information on its activities. This approach aims to correctly position the Company in the market, guaranteeing equal treatment and openness to discussion, with a view to creating value for all stakeholders.

Information to the market, investors and the media is provided through the corporate website, www.gruppomps.it/en, which is updated on an ongoing and timely basis, and the distribution – via the storage platform selected by the Bank (currently **) – of press releases, reports, financial-economic and non-financial documents, among which, in particular:

the explanatory reports on the items on the agenda of shareholders' meetings, aimed at enabling shareholders to exercise their rights in an informed manner, as provided for in detail by the relevant regulations for listed issuers;
the presentation of business plans;
the publication of the yearly and half-yearly Financial Reports, the interim management reports80 and the corporate Sustainability and ESG reports;
the Remuneration Policy reports;
the Report on Corporate Governance and the Shareholding Structure.

The information and documents published on the Group website and deemed of interest to investors and relevant stakeholders are available in Italian and English.

The Corporate Governance Section, which can be consulted at Corporate Governance – Banca MPS (gruppomps.it), contains information on the Bank's corporate governance: By-Laws, information on the governance model and the control system adopted, the composition of corporate bodies and Board Committees, the annual reports on corporate governance and the shareholding structure, the annual reports on remuneration policies, documents relating to Shareholders' meetings (notices of call, information reports, proxy-granting procedures, shareholders' meeting regulations, minutes of the meetings, guidelines on the qualitative and quantitative composition of the Board of Directors and the Diversity Policy for the composition of BMPS's corporate) and the regulations for the management of regulatory requirements relating to related parties, connected persons and obligations of bank officers.

The Investor Relations Section, which can be consulted at Investor Relations - Banca MPS – ENG, publishes press releases and financial and economic documents: yearly and half-yearly financial reports, periodic management statements, presentations to the financial community, performance of the BMPS share price, strategic plans and documents concerning extraordinary transactions, rating agency ratings, shareholder information, financial calendar, analysts' references, MPS Group bond issues and related documents.

The Sustainability Section, which can be consulted at Sustainability - Banca MPS – ENG, is dedicated to presenting the Bank's commitment to sustainability. The section contains reports and ESG sustainability statements on the activities carried out by the Bank and the Group, as well as the relevant corporate governance policies, documents, and tools for stakeholder engagement.

The BMPS website is one of the main channels through which the Bank provides the financial community and other key stakeholders for the Bank and the Group with information content and dialogue tools as part of a more complete and constant communication activity. The website is constantly updated and developed in line with industry best practices in order to ensure an appropriate standard of transparency, easy access to different information and to promote opportunities for contact and direct dialogue with Shareholders, Investors and other stakeholders.

An additional communication channel is the Investor Relations Function, through which the Bank can establish and maintain an ongoing dialogue - both proactive and reactive - with key stakeholders. These relationships are initiated and strengthened by organising or participating in meetings with the financial community, which may include active management participation. These include conference calls, dedicated meetings with rating agencies, road shows and industry conferences.

⁸⁰ Since January 2017, the Bank has voluntarily published additional periodic financial information as at 31 March and 30 September of each financial year. These reports consist of interim management statements approved by the Board of Directors.

Report on Corporate Governance and the Shareholding Structure 2024 - 12. Relations with Shareholders and other key stakeholders

The Corporate Functions dedicated to overseeing these relationships are the:

• Chief Financial Officer Division, which handles relations with the Shareholders, Investors and other players in the national and international financial community through its Investor Relations Staff Unit;

moreover, for dialogue with Shareholders and Investors on Sustainability and ESG issues, the CFO Department supports the Chairperson of the Board and the Chief Executive Officer through its own Sustainability and ESG Staff Unit;

• Group General Counsel Division, which is responsible for corporate reporting on corporate governance and for relations with Shareholders, also with regard to their participation in Shareholders' Meetings.

Dialogue with Shareholders, Investors and other key stakeholders

The Company By-Laws grant the Bank's Board of Directors exclusive authority to oversee the Bank's public information and communications process.

Within this context, in 2022, the Board, on the proposal of the Chairperson formulated in agreement with the Chief Executive Officer and subject to the opinion of the Risk and Sustainability Committee, approved BMPS's "Policy for the management of dialogue with Shareholders and Investors" ("Dialogue Policy" or "Policy"), in order to promote an ongoing transparent, easily accessible and constructive dialogue with the Bank's Investors81, encouraging an exchange of views capable of improving mutual understanding of their respective expectations and facilitating the exercise of the legitimate rights of the stakeholders involved.

The Dialogue Policy is in line with the Supervisory Provisions on the Corporate Governance of Banks, the Principles and Recommendations of the Corporate Governance Code for listed issuers to which the Bank adheres and the objectives of the Shareholders' Rights Directive (SHRD)82, which introduced measures to encourage the long-term commitment of Shareholders, taking also account of the interests of other relevant stakeholders, with a view to the long-term pursuit of sustainable social and environmental value creation.

Purpose of the Policy with Shareholders and Investors

The Dialogue Policy addresses the management of the dialogue outside the Shareholders' Meeting between the Bank and its Investors on matters falling within the competence of the Board of Directors relating to: general operating performance; the financial statements and periodic financial results; corporate strategy; the pursuit of Sustainable Success; the capital structure; transactions of significant strategic, economic, capital or financial importance, and extraordinary and/or particularly significant events; corporate governance (for example, aspects that characterise the governance system adopted by the Bank, the appointment and composition of corporate bodies, including Board Committees); the Internal Control and risk management System, as well as the remuneration policies adopted by the Bank.

The Policy does not concern the management of the dialogue relating to the conduct of the Shareholders' Meetings or the exercise of the rights of Shareholders falling within the scope of the regulations applicable to listed issuers, for which reference should be made to Section 13 (Shareholders' Meetings), nor does it concern the requests for dialogue with the Bank from parties other than Investors (e.g. customers, suppliers, other stakeholders) who, while qualifying as Investors, have interests other than those of their investment in the Bank's capital.

The Dialogue Policy therefore represents a tool that is in addition and supplementary to the other ways in which the Bank interacts on an ordinary and ongoing basis with Shareholders, Investors and more generally with the financial community, through the ongoing and timely updating of its website (www.gruppomps.it/en), as well as through the Investor Relations Function, for example when there are meetings with the financial community (conference calls and road shows), which, in addition to being attended by the Investor Relations Function, may also be attended by the Chief Executive Officer and/or other Group executives whose presence is deemed appropriate.

The management of the dialogue governed by the Policy is entrusted to:

the Chairperson of the Board of Directors, in agreement with the Chief Executive Officer, for matters of corporate governance or regarding the effectiveness of the Board of Directors and its internal commitees;
the Chief Executive Officer, in agreement with the Chairperson of the Board of Directors, for matters of strategy including Sustainability – management, business and/or issues relating to the periodic financial results.

⁸¹ The Policy defines "Investors" as "current or prospective shareholders of the Bank, as well as holders (current or prospective) of financial instruments issued by the Bank, holders of interests relating to the ownership of shares and other financial instruments and rights arising from shares in the capital of the Bank for their own account or for the account of third parties (including, for example, Institutional Investors and asset managers)".

⁸² Directive 2007/36/EC of the European Parliament and of the Council of 11 July 2007, relating to the exercise of certain rights of shareholders of listed companies, as amended by Directive (EU) 2017/828 of the European Parliament and of the Council of 17 May 2017.

In agreement with the Chief Executive Officer, and at the first subsequent meeting, the Chairperson informs the Board of Directors on the significant developments and contents of the dialogue with Investors, in compliance with the timeframe envisaged for pre-meeting reporting and in consideration of the relevance, urgency and interest for the Bank.

Contact point for initiating dialogue

The Investor Relations Function is the Bank's point of contact, to which all requests for dialogue pursuant to the Dialogue Policy must be sent by Investors, Proxy advisors and rating agencies using the contact details published on the website at www.gruppomps.it/en - Investor Relations.

The dialogue is conducted by the Bank on a reactive or proactive basis, in compliance with any requirements of confidentiality that some information may present, also in light of the regulations on insider information, privacy and confidentiality and the guidelines and recommendations provided by the Supervisory Authorities, as part of the principles, rules and controls adopted by the Bank's Board of Directors for the internal management and external communication of documents and information regarding BMPS.

Moreover, it should be noted that the Policy adopted by the Bank expressly states that dialogue may also be initiated at the request of Shareholders and Investors, defining the methods and procedures to be followed for submitting a request, in accordance with the recommendations of the Corporate Governance Committee.

Activities in 2024

In 2024, in line with the Bank's Dialogue Policy, developed with the support of the Nominations Committee and an external advisor (Executive Search Spencer Stuart), discussions were held with certain shareholders who had acquired stakes in BMPS following the sale of shares by the Ministry of Economy and Finance. Given the expressed intention of some of these shareholders to maintain a stable position within the Bank's shareholding structure, these discussions aimed to identify five new Directors to be co-opted following the resignation of the independent directors originally included in the MEF's list submitted on 27 March 2023.

Throughout the year, the Bank's Investor Relations Function continued to maintain relations with the financial community on a regular and ongoing basis. In addition, following the implementation of some of the Bank's key strategic initiatives provided for in the 2022-2026 Business Plan, the presentation of the new 2024-2028 Business Plan, the resumption of dividend payouts, as well as developments in the Bank's shareholder structure and potential sector consolidation, there has been an increased interest from analysts, investors and rating agencies in the Bank's activities and strategies, leading to more opportunities for engagement.

Dialogue with Shareholders, Investors and the financial community at large was carried out both through the systematic, correct and timely dissemination of clear, truthful and complete information, which the Bank ensures with regard to the financial results for the period and the Non-Financial Statement on Sustainability issues, as well as through conference calls, meetings dedicated to rating agencies, roadshows and sector conferences.

For further details, such as on how to request or initiate a dialogue with the Board of Directors, please refer the Dialogue Policy published at www.gruppomps.it/en - Investor Relations.

13. Shareholders' Meetings

The Bank's duly constituted Shareholders' Meeting represents the entire body of its shareholders and its resolutions, passed in accordance with the law and the By-Laws, are binding on all the shareholders, including absent or dissenting shareholders. It is normally convened in Siena and may also be convened in a location other than the registered office, provided that it is in Italy.

The Shareholders' Meetings are regulated by the applicable laws and regulations as well as the By-Laws.

The ordinary or extraordinary General Meeting is held in a single call.

The ordinary Shareholders' Meeting must be held at least once a year, within 120 days of the financial year end.

Quorum for meetings and decision-making

The Shareholders' Meetings (ordinary and extraordinary) are duly constituted and pass resolutions when the quorums required by law for meetings in single call are represented.

The ordinary Shareholders' Meeting passes resolutions by an absolute majority of the votes cast, except for the appointment of members of the Board of Directors and the Board of Statutory Auditors, which are determined through list voting in accordance with Articles 15 and 25 of the By-Laws.

Meeting information

The Shareholders' Meeting constitutes the Bank's main opportunity for dialogue and discussion with its shareholders, particularly regarding the items on the agenda, in compliance with information equality and insider trading regulations.

The Board of Directors facilitates the active participation of shareholders and the informed exercise of their rights by providing comprehensive, accurate and timely information in advance of the meeting. Well in advance and always in compliance with applicable regulations, the relevant information and documents relating to the Shareholders' Meeting are made available at the Company's registered office, published on the website www.gruppomps.it/en - Corporate Governance - Shareholders' Meetings and BoD and disseminated through the authorised storage platform E-Market Storage - www. emarketstorage.it.

Procedures for shareholders' participation and exercise of rights

The participation of shareholders in Shareholders' Meeting is governed by the applicable legal and regulatory provisions and the By-Laws, as well as by the Bank's Shareholders' Meeting Regulation, which is published on the Bank's website.

Shareholders with voting right who provide proof of their entitlement in accordance with the procedures provided for by the applicable regulations in force, may attend the Shareholders' meeting83. They also have the option to grant a proxy and submit it to the Bank through one of the methods indicated in the notice of call, including: the dedicated section of the Bank's website; digital banking (for shareholders who hold their shares in custody with the Bank and have subscribed to and activated this service); certified email ("PEC"); fax; or by delivering a copy of the proxy at the pre-meeting registration.

The Bank's customers who are shareholders are also guaranteed the possibility of using the digital banking service to request the necessary communication that entitles them to attend the Shareholders' Meeting and exercise their voting rights. The same digital banking service can be used not only for the Bank's Shareholders' Meetings but also for those of all other listed companies.

To further facilitate the participation of shareholders in the Meetings as well as the exercise of their rights, the Bank appoints a representative pursuant to Article 135-undecies of the TUF ("Appointed Representative") to whom each shareholder may grant their proxy with voting instructions – free of charge – on all or some of the proposals on the agenda of the meeting, by signing a form whose content is regulated by the Consob Issuers' Regulation. The proxy must be submitted no later than the end of the second trading day preceding the date of the Meeting. The proxy may only be exercised for the proposals for which voting instructions have been given.

The Bank's By-Laws do not provide for postal voting.

The procedures for attending the Shareholders' Meeting and exercising shareholders' rights are detailed in the notice of call of the specific meeting.

⁸³ Communication sent to the Bank by an authorised intermediary, on behalf of and at the request of the party entitled to vote, based on the accounting records at the close of business on the seventh trading day preceding the date fixed for the Shareholders' Meeting (the so-called record date).

Report on Corporate Governance and the Shareholding Structure 2024 - 13. Shareholders' Meetings

Proposals by shareholders and additions to the shareholders' meeting agenda

Shareholders may actively participate in the life of the Company, not only by exercising their right to vote on the items on the agenda of the Shareholders' Meeting, but also by submitting alternative proposals to those formulated by the Board of Directors, in compliance with applicable regulations: shareholders that represent, even jointly, at least 2.5% of the share capital may request – withing ten days of the publication of the notice of call of the Shareholders' Meeting (or five days for the specific cases indicated by the regulations) - additions to the list of items to be discussed, indicating in their request the additional items they propose, or submit resolution proposals on items already on the agenda.

Any supplement to the list of items to be discussed is not allowed for items that, by law, are proposed by the directors or on the basis of a draft or a report prepared by them other than those ordinarily provided for in Article 125-ter, paragraph 1, of the TUF.

The requesting shareholders must prepare a report stating the reasons for the proposed resolutions on the new items they propose to address or the reasons for further proposed resolutions on items already on the agenda.

Amendments to the agenda of the Shareholders' Meeting and the related report are made available to shareholders by publication in the form and terms prescribed by law.

Those who are entitled to vote may individually submit resolution proposals to the Shareholders' Meeting, regardless of the number of shares represented.

Right to ask questions before the Shareholders' Meeting

Shareholders have the right to ask questions, even before the Shareholders' Meeting, by submitting them to the Company within the terms and according to the procedures specified in the notice of call.

Within the deadline specified in the notice of the meeting, the Company provides answers to the questions deemed relevant to the items on the agenda of the meeting.

The role of the Chairperson

The Chairperson has plenary powers to lead and direct the discussion and exercises these prerogatives having regard to the interest to guarantee the swiftness of the Meeting's vote, ensuring - where necessary, – that the length of the Shareholders' Meeting's business does not prejudice the ability to participate and to express the vote, and that regular course of the Shareholders' Meeting is not disturbed.

The Chairperson establishes the procedures for requesting to speak as well as the maximum duration and order of speeches. During the Meeting, the Chairperson acknowledges the publication of the notice of call, as well as the filing of the documents required by the applicable regulations (e.g. the documents concerning the items on the agenda, including the explanatory reports and the related resolution proposals) at the company's registered office, on the storage platform and their publication on the Group website, so that they are available to the shareholders and the public).

Shareholders' Meeting Regulation

Since 2013, the Bank has adopted a Shareholders' Meeting Regulation, which governs the constitution and conduct of the Shareholders' Meetings. The Chairperson refers to this Regulation to exercise his/her powers for the effective management of the meeting, ensuring shareholder interventions and any subsequent responses.

The Shareholders' Meeting Regulation is made available to shareholders when each meeting is convened, in the dedicated section of the Bank's website.

The 2024 Shareholders' Meeting

At the Ordinary Shareholders' Meeting of 11 April 2024, convened to approve the 2024 financial statements, attendance was restricted to those entitled to vote by granting a specific proxy (or sub-proxy) and voting instructions to the Bank's Appointed Representative pursuant to Article 135-undecies of the Italian Consolidated Law on Finance (TUF), in accordance with the provisions of Article 106 of Legislative Decree No. 18 of 17 March 2020⁸⁴. In-person participation or participation through audioconference⁸⁵ was only allowed for members of the Board of Directors and the Board of Statutory Auditors, the Appointed Representative, the appointed Notary Public and other persons authorised by the Chairperson in relation to the items on the agenda.

Considering that participation was only possible through the Appointed Representative and in order to facilitate the exercise of shareholders' rights as much as possible, ensuring an effective dialogue between them and the Company, the notice convening the Shareholders' Meeting established carefully set deadlines to enable those entitled to do so to submit any:

questions relating to items on the agenda and, consequently, for the Bank to publish the relevant answers,
individual proposals for additions to the agenda and, consequently, for the Bank to publish them,

before the deadline set for shareholders entitled to vote to give voting instructions to the Appointed Representative.

The purpose of this was to ensure that shareholders had sufficient time to consider the items on the agenda and to provide the Appointed Representative with the relevant voting instructions, as well as to enable the Bank to provide full, transparent and equal information to all shareholders. With these objectives in mind, various technical methods and channels for contacting the Appointed Representative have also been made available.

Amendments to the By-Laws Regarding the Conduct of the Shareholders' Meeting

In December 2024, taking into account the Bank's experience during the emergency period and the new regulatory framework aimed at simplifying and streamlining the conduct of shareholders' meetings for listed companies - introduced by the so-called Capital Law (Law No. 21/2024) with the addition of Article 135-undecies.1 of the Italian Consolidated Law on Finance (TUF) ("Participation in the meeting through the Appointed Representative") - the Bank's Board of Directors approved a proposal to amend Article 14 of the By-Laws. This amendment is subject to the prior approval of the Supervisory Authorities and will be submitted for approval at the Shareholders' Meeting of 17 April 2025.

The proposal introduces into Article 14 of the By-Laws the discretionary power of the Board of Directors to determine, on a case-by-case basis, when convening an Ordinary or Extraordinary Shareholders' Meeting, whether shareholders entitled to attend may exercise their voting rights exclusively through the Appointed Representative designated by the Bank. In such cases, shareholders would grant a proxy (or sub-proxy) and provide voting instructions to the Appointed Representative in accordance with the procedures set out in the notice of meeting and in compliance with the applicable laws and regulations in force at the time. In addition, both individual proposals86 for resolutions on agenda items and any questions87 may only be submitted to the Company before the Shareholders' Meeting, not during it, in accordance with Article 135-undecies.

⁸⁴ D.L. converted with modifications by Law n. 27/2020, as extended by art. 3 paragraph 12-duodecies of the D.L. n. 215/2023, converted with modifications by Law n. 18 of 23 February 2024.

⁸⁵ Audio conferencing systems ensuring, inter alia, the identification of participants and the possibility of exchanging documents related to these topics.

⁸⁶ Those entitled to do so may submit individual proposals for resolutions on items on the agenda no later than the fifteenth day before the Shareholders' Meeting. These proposals will be published on the Company's website within two days of the deadline.

⁸⁷ Answers to questions submitted will be provided by the Company at least three days before the Shareholders' Meeting.

14. Additional Corporate Governance Practices

14. Additional Corporate Governance Practices (as per Article 123-bis, paragraph 2, letter a) of the TUF)

Banca Monte dei Paschi di Siena was founded in 1472 to provide aid to the needy, combat usury and support the development of the city of Siena at a difficult moment in history.

More than five hundred years of being in contact with the needs of the people and its communities has led the Montepaschi Group to develop a strong sense of responsibility.

For the MPS Group, active involvement in the local community is the most effective way to contribute to the sustainable growth of society. Companies today are not only called on to generate profits but must do so by adopting responsible practices and undertaking worthwhile projects.

This commitment is reflected in the Group's strong focus on the needs of individuals, the community and the environment and is implemented through corporate decisions, individual behaviour and ongoing dialogue with key internal and external stakeholders. By embracing the opportunities presented by the transition to more sustainable practices, the Group places particular emphasis on climate change, reinforcing its positive social role, supporting the growth of its customers, the environment and society, while effectively managing the associated risks.

The Bank and the Montepaschi Group have adopted a Code of Ethics which is the foundation of the Group's activities. Inspired by the highest ethical and professional standards, it sets out the guiding principles, values and rules of conduct (in addition to legal and regulatory obligations) that directors, auditors, managers and employees of the Group's companies are committed to respecting and promoting when performing their duties and according to their respective responsibilities.

Moreover, the Group is committed to encouraging the adoption of the Code of Ethics by associated companies, subsidiaries, affiliates, business partners, consultants and collaborators. Compliance with the Code is a factor in assessing current and future relationships.

The Code of Ethics is therefore an important tool of governance tool as well as an essential and integral part of the 231 Model, which is binding for all those involved. Its application is monitored and verified within the internal control system.

The Code of Ethics also refers to the principles of Sustainability, Diversity and Inclusion, Environmental Protection and Risk Culture within the corporate governance framework. This aims to ensure the effective and prudent management of Group companies, with a focus on a customer-centric approach, the remuneration policies, and the rules governing transactions with counterparties operating in "sensitive or controversial sectors".

The Code of Ethics is published on the website www.gruppomps.it/en - Corporate Governance - Governance Model.

For any further corporate governance practices adopted by the Bank, please refer to the previous sections of this Report.

Tables

Table no. 1: STRUCTURE OF THE BOARD OF DIRECTORS (1 January – 31 December 2024)

Office	Members	Year of birth	Date of first appoint- ment (*)	In office since	called to approve the financial statements In office until Share- holders' Meeting for	List (submitter) (**)	List (M/m) (***)	Executive	Non-executive	Independence under Code	Independence under TUF	Number of other offices (****)	Meetings (*)
Chairperson	Maione Nicola	1971	21/12/2017	20/04/2023	2025	Shareholders	M		X	X	X	//	14/14
Deputy Chairperson	Brancadoro Gianluca	1956	20/04/2023	20/04/2023	2025	Shareholders	M		X	X	X	2	14/14
Chief Executive Officer/CEO and General Manager	Lovaglio Luigi (1)	1955	07/02/2022	20/04/2023	2025	Shareholders	M	X				//	14/14
Director	Barzaghi Alessandra	1955	18/05/2020	20/04/2023	2025	Shareholders	m		X	X	X	//	14/14
Director	Caltagirone Alessandro (2)	1969	27/12/2024	27/12/2024	2024	n.a.	n.a.		X		X	8	0/0
Director	De Martini Paola – (LID)	1962	18/05/2020	20/04/2023	2025	Shareholders	m		X	X	X	2	13/14
Director	De Simone Elena (2)	1975	27/12/2024	27/12/2024	2024	n.a.	n.a.		X		X	3	0/0
Director	Di Stefano Stefano	1960	12/04/2022	20/04/2023	2025	Shareholders	M		X			1	13/14
Director	Lombardi Domenico	1969	20/04/2023	20/04/2023	2025	Shareholders	M		X	X	X	//	14/14
Director	Lucantoni Paola	1968	20/04/2023	20/04/2023	2025	Shareholders	M		X	X	X	//	14/14
Director	Oriani Raffaele	1975	11/04/2024	11/04/2024	2025	n.a.	n.a.		X	X	X	1	9/9
Director	Panucci Marcella (2)	1971	27/12/2024	27/12/2024	2024	n.a.	n.a.		X	X	X	//	0/0
Director	Paramico Renzulli Francesca (2)	1972	27/12/2024	27/12/2024	2024	n.a.	n.a.		X	X	X	//	0/0
Director	Sala Renato	1953	20/04/2023	20/04/2023	2025	Shareholders	M		X	X	X	//	14/14
Director	Tadolini Barbara (2)	1960	27/12/2024	27/12/2024	2024	n.a.	n.a.		X	X	X	4	0/0
Directors who resigned during the Year
Director	Fabris De Fabris Paolo	1970	20/04/2023	20/04/2023	Resigned on 17/12/2024	Shareholders	M		X	X	X	n.a.	13/13
Director	Foti Belligambi Lucia	1972	20/04/2023	20/04/2023	Resigned on 17/12/2024	Shareholders	M		X	X	X	n.a.	13/13
Director	Martiniello Laura	1976	20/04/2023	20/04/2023	Resigned on 17/12/2024	Shareholders	M		X	X	X	n.a.	13/13
Director	Negri Clementi Anna Paola	1970	20/04/2023	20/04/2023	Resigned on 17/12/2024	Shareholders	M		X	X	X	n.a.	13/13
Director	Visconti Donatella	1956	20/04/2023	20/04/2023	Resigned on 17/12/2024	Shareholders	M		X	X	X	n.a.	13/13
Minimum participation in the capital required for the submission of lists for the final appointment: 1%

(1) Confirmed as CEO and Director in charge of the internal control and risk management system on 20 April 2023. General Manager of the Bank since 8 February 2022.

(2) Co-opted by the Board of Directors on 27 December 2024.

(LID) Lead Independent Director since 12 December 2024.

(*) Date on which the Director was first appointed to the Bank's Board of Directors.

(**) Indicates whether the list from which each director was elected was submitted by the shareholders ("Shareholders") or by the Board of Directors ("BoD"). In the case of an appointment without the use of list voting as provided for in the By-Laws, "n.a." is indicated

(***) Director elected from the "majority" list ("M") or "minority" list ("m"). In the case of an appointment without the use of list voting as provided for in the By-Laws, "n.a." is indicated

(****) Number of directorships or auditorships held by the officer in other listed companies or significant-sized companies as at 31 December 2024 shown in Table 1-bis.

(*****) Number of meetings (out of the total number held) attended by the Director.

Report on Corporate Governance and the Shareholding Structure 2024 - Tables

Table no. 1-bis: OFFICES HELD BY BANK DIRECTORS IN LISTED OR SIGNIFICANT-SIZED COMPANIES (as at 31 December 2024)

DIRECTOR	LIST OF OFFICES		COMPANY BELONGING TO THE MPS GROUP
		YES	NO
Maione Nicola - Chairperson	N/A
Brancadoro Gianluca - Deputy Chairperson	Member of the Board of Directors of Fondo Italiano di Investimento SGR S.p.A.		X
	Chairperson of Scouting Investments S.p.A.		X
Lovaglio Luigi - Chief Executive Officer/CEO and General Manager	N/A
Barzaghi Alessandra	N/A
Caltagirone Alessandro	Member of the Board of Directors of ACEA S.p.A.		X
	Deputy Chairperson of the Board of Directors of Aalborg Portland Holding A/S		X
	Member of the Board of Directors of Caltagirone S.p.A.		X
	Deputy Chairperson of the Board of Directors of Caltagirone Editore S.p.A.		X
	Deputy Chairperson of the Board of Directors of Cementir Holding N.V.		X
	Chairperson of the Board of Directors of Immobiliare Caltagirone S.p.A.		X
	Member of the Board of Directors of Società per lo Sviluppo Urbano S.p.A.		X
	Member of the Board of Directors of Vianini Lavori S.p.A.		X
De Martini Paola	Member of the Board of Directors of Growens S.p.A.		X
	Standing Auditor of Sol S.p.A.		X
De Simone Elena	Chairperson of the Board of Directors of Domus Italia S.p.A.		X
	Member of the Board of Directors of Immobiliare Caltagirone S.p.A.		X
	Member of the Board of Directors of Amministrazione di Caltagirone S.p.A.		X
Di Stefano Stefano	Member of the Supervisory Board of STMicroelectronics Holding N.V. – STM		X
Lombardi Domenico	N/A
Lucantoni Paola	N/A
Oriani Raffaele	N/A
Panucci Marcella	N/A
Sala Renato	N/A
Tadolini Barbara	Chairperson of the Board of Statutory Auditors of ENEL S.p.A.		X
	Standing Auditor of Parmalat S.p.A.		X
	Chairperson of the Board of Statutory Auditors of Francesco Baretto S.p.A.		X
	Standing Auditor of GB Bernucci S.r.L.		X

Table no. 2: STRUCTURE OF THE BOARD OF STATUTORY AUDITORS (1 January – 31 December 2024)

Office	Members	Year of birth	Date of first appointment (*)	In office since	to approve the financial holders' Meeting called In office until Share- statements for	List (**)	Independence under Code	Meetings (***)	Number of other offices (****)
Chairperson	Ciai Enrico	1957	18/05/2020	20/04/2023	2025	m	X	43/43	//
Standing Auditor	Granata Giacomo	1964	11/04/2024	11/04/2024	2025	n.a.	X	20/20	//
Standing Auditor	Linguanti Lavinia	1987	20/04/2023	20/04/2023	2025	M	X	43/43	//
Alternate Auditor	Cotone Pierpaolo	1951	20/04/2023	11/04/2024 (1)	2025	M	X	23/23	//
Alternate Auditor	Giordano Paola Lucia Isabella	1962	11/04/2024	11/04/2024	2025	n.a.	X	n.a.	//
Auditors who resigned during the Year
//

Minimum participation in the capital required for the submission of lists for the final appointment: 1%

NOTES

(*) Date on which the Auditor was first appointed to the Bank's Board of Statutory Auditors.

(**) Auditor elected from the "majority" list or "minority" list. "n.a." means that the appointment was made without the use of list voting as provided for in the By-Laws.

(***) Number of meetings (out of the total number held) attended by the Auditor.

(****) Number of directorships or auditorships held as at 31 December 2024 by the individual that are significant pursuant to Article 148-bis of the TUF. The full list of offices is published by Consob on its website pursuant to Article 144-quinquiesdecies of Consob Issuer Regulation.

(1) Alternate Auditor Pierpaolo Cotone, who assumed the role of Standing Auditor on 15 May 2023 following the resignation of Standing Auditor Roberto Serrentino, returned to his position as Alternate Auditor with effect from the Shareholders' resolution of 11 April 2024.

Definitions

DEFINITIONS

231 Model: Organisation, management and control model for the prevention of crimes pursuant to Italian Legislative Decree 231/2001.

231 Supervisory Body/231 SB: Established by the Board of Directors to oversee the operation, compliance and updating of the Bank's organisational, management and control model pursuant to Italian Legislative Decree 231/2001.

BMPS/Bank/Parent Company/Issuer/Company: Banca Monte dei Paschi di Siena S.p.A., Parent Company of the Monte dei Paschi di Siena banking group, with registered office in Piazza Salimbeni, 3 – 53100 Siena (SI) – Italy.

Board Committees: The committees formed within the Board of Directors of the Issuer.

Board Members/directors: The members of the Board of Directors of the Issuer.

Board of Directors/Board: The Board of Directors of the Issuer.

Board of Statutory Auditors/Control Body: The Board of Statutory Auditors of the Issuer.

By-Laws: The current By-Laws of Banca Monte dei Paschi di Siena S.p.A., available at www.gruppomps.it/en - Governance Model) which entered into force following the amendments approved by the Extraordinary Shareholders' Meetings of 15 September 2022.

Civil Code: The Italian Civil Code pursuant to R.D. no. 262 of 16 March 1942.

Code/Corporate Governance Code: The Corporate Governance Code, approved by the Corporate Governance Committee on 31 January 2020, applicable as of January 2021.

Code of Ethics: The Code, approved by the Board of Directors, is the foundation of the Group's activities and sets out the guiding principles, values and rules of conduct (in addition to legal and regulatory obligations) that directors, auditors, management and employees of the Group, business partners, consultants and collaborators are required to abide by.

Consob Issuer Regulation: The Regulation for Issuers issued by Consob with its resolution no. 11971 of 14 May 1999.

Consob's Related Parties Regulation: The Regulation for transactions with related parties issued by Consob with its resolution no. 17221 of 12 March 2010.

Consolidated Law on Banking/TUB (Testo Unico Bancario): Italian Legislative Decree no. 385 of 1 September 1993.

Consolidated Law on Finance/TUF (Testo Unico della Finanza): Italian Legislative Decree no. 58 of 24 February 1998.

Consolidated Law on the Statutory Audit of Accounts: Italian Legislative Decree no. 39 of 27 January 2010, implementing Directive 2006/43/EC).

Corporate Functions: the individual functions within the Bank's organisational structure, which perform the set of activities required to achieve the company purpose and objectives of the Issuer.

CRD Directive: Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013, as subsequently amended, on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms.

ESG Sustainability: Sustainability is to be understood as a model of sustainable development aimed at creating long-term value for a company, its employees, its customers, the community and the social and environmental context in which it operates, capable of ensuring that the needs of the present generation are met without compromising the ability of future generations to meet their own needs. It develops along three dimensions: environmental (E), social (S) and governance (G). Specifically, the acronym ESG (Environment, Social, Governance) refers to non-financial criteria aimed at assessing the environmental impact, adherence to social values and aspects of good governance of an organisation in the conduct of its activities.

ESRS: (European Sustainability Reporting Standards) are the sustainability reporting principles established by the European Commission's Delegated Regulation (EU) 2023/2772 of 31 July 2023.

Financial Reporting Officer: Manager in charge of drawing up the corporate accounting documents pursuant to Article 154-bis of the Consolidated Law on Finance.

Report on Corporate Governance and the Shareholding Structure 2024 - Definitions

MEF Decree no.169/2020: "Regulation on requirements and eligibility criteria for the appointment of corporate officers of banks, financial intermediaries, collective guarantee financial consortia "Confidi", electronic money institutions, payment institutions and deposit guarantee schemes" issued by the Ministry of Economy and Finance with Decree no. 169 of 23 November 2020, effective for appointments after 30 December 2020.

Montepaschi Group/Group: Monte dei Paschi di Siena banking group of which the Issuer is the Parent Company.

Related-Parties Directive: "Group Directive on the management of regulatory compliance regarding related parties, connected persons and the obligations of banking officers" approved by the Board of Directors (most recently on 19 January 2022).

Remuneration Policy Report: Report on the remuneration policy and emoluments paid prepared in accordance with Article 123-ter TUF.

Report: the report on the corporate governance and shareholding structure of BMPS, drawn up in accordance with Article 123-bis of the TUF.

Shareholders' Meeting: Meeting of the shareholders of the Banca Monte dei Paschi di Siena S.p.A.

Significant shareholder: the person who directly or indirectly (through subsidiaries, trustees or third parties) controls the Company or is able to exercise significant influence over it or who participates, directly or indirectly, in a shareholders' agreement through which one or more persons exercise control or significant influence over the company.

Supervisory Authorities: the national or EU authorities which perform supervisory functions over the Issuer's operations according to specific legal and regulatory provisions.

Supervisory Provisions on Connected Persons: Bank of Italy Circular no. 285/2013, Chapter 11, Part III, on risk assets and conflicts of interest with respect to related parties.

Supervisory Provisions on the Corporate Governance of Banks: Bank of Italy Circular no. 285/2013, Part I, Title IV, Chapter 1.

Supervisory Provisions on the Internal Control System: Bank of Italy Circular no. 285/2013, Part I, Title IV, Chapter 3.

Supervisory Provisions on Remuneration Policies and Practices: Bank of Italy Circular no. 285/2013, Part I, Title IV, Chapter 2.

Sustainability Report: Corporate reporting on Sustainability issues published by the Bank in accordance with Legislative Decree No. 125 of 6 September 2024, which transposes European Directive No. 2022/2464 (known as CSRD). This report follows the standards adopted by the European Commission (ESRS principles). The Sustainability Statement, which is included in the Bank's Annual Financial Report, is available on the Bank's website www.gruppomps.it/en - Sustainability - Reports.

Sustainable Success: the objective that guides the actions of the Board of Directors and that consists of creating long-term value for the benefit of the shareholders, taking into account the interests of other stakeholders relevant to the company.

Top Management: senior managers who are not members of the Board of Directors and have the power and responsibility for planning, directing and controlling the activities of the company and the group it heads.

Year: the financial year to which the Report refers, ending 31 December 2024.

The definitions contained in the new Corporate Governance Code in force as of 1 January 2021 are also indicated in capital letters.

For the Sustainability-related items indicated in capital letters, please also refer to the definitions in the Group Directive, "Sustainability and ESG Guidelines", published on the website www.gruppomps.it/en - Sustainability.

The rules, regulations and laws applicable to the Issuer from time to time are referred to in the Report in their most recent amended or supplemented version following their enactment.

Legal information	Banca Monte dei Paschi di Siena S.p.A.
	Registered Office in Siena, Piazza Salimbeni, 3
	Share Capital: € 7.453.450.788,44
	Tax code and registration no. with the Arezzo – Siena Companies' Register: 00884060526 – MPS VAT Group – VAT no. 01483500524
	Monte dei Paschi di Siena Banking Group – Bank Code 1030.6 – Group Code 1030.6
	Registered in the Register of Banks at Bank of Italy under no. 5274.
	Member of the Italian Interbank Deposit Protection Fund and Nation al Guarantee Fund

Dialogue with the company
GROUP WEBSITE	www.gruppomps.it/en
COMMERCIAL WEBSITE	www.mps.it
Relations with shareholders, investors and stakeholders in the national and internal financial community. Contact point for areas covered by the Company's Dialogue Policy	www.gruppomps.it/en/ - Investor Relations Staff Investor Relations - Elisabetta Pozzi E-mail: [email protected]
Relations with shareholders and investors on Sustainability and ESG issues	www.gruppomps.it/en - Sustainability Sustainability and ESG Staff Unit - Maria Costante E-mail: [email protected]
Information on Corporate governance and relationships with shareholders regarding the Shareholders' Meeting	www.gruppomps.it/en - Corporate Governance Group General Counsel Division - Riccardo Quagliana E-mail: [email protected]

AI Terminal

Banca Monte dei Paschi di Siena

4171_cgr_2025-05-12_e66e7d89-4896-4f45-932e-1b3b90e48ebc.pdf

Report on Corporate Governance and the Shareholding Structure

Report on Corporate Governance and the Shareholding Structure

Contents

The 2024 Report

1. Company Profile

1. Company Profile

The Bank's corporate governance system

ESG Sustainability in the Governance System of the Bank and the Group

The Business Plan and Sustainable Success

Report on Corporate Governance and the Shareholding Structure 2024 - 1. Company Profile

Organisational structure

Organisational chart of the Parent Bank's Head Offices (as at 31 December 2024)

The Montepaschi Group

The Montepaschi Banking Group (as at 31 December 2024)

2. Information on the Shareholding Structure

2. Information on the Shareholding Structure (as per Article 123-bis, par 1 of the TUF)

a) Share capital structure (as per Article 123-bis, paragraph 1, letter a) of the TUF)

b) Restrictions on the transfer of shares (as per Article 123-bis, paragraph 1, letter b) of the TUF)

c) Significant equity investments (as per Article 123-bis, paragraph 1, letter c) of the TUF)

Significant shareholders

d) Shares with special rights (as per Article 123-bis, paragraph 1, letter d) of the TUF)

e) Employee share ownership: voting rights exercise mechanism (as per Article 123-bis, paragraph 1, letter e) of the TUF)

f) Restrictions on voting rights (as per Article 123-bis, paragraph 1, letter f) of the TUF)

g) Shareholder agreements (as per Article 123-bis, paragraph 1, letter g) of the TUF)

h) Change of control clauses (as per Article 123-bis, paragraph 1, letter h) of the TUF) and provisions of the By-Laws regarding takeover bids (as per Article 104, paragraph 1-ter and Article 104-bis, paragraph 1)

i) Delegated powers to increase share capital and authorisations to buy back own shares (as per Article 123-bis, paragraph 1, letter m) of the TUF)

Delegated powers

Purchase of own shares

l) Direction and coordination (as per Article 2497 et seq. of the Civil Code)

3. Compliance

3. Compliance (as per Article 123-bis, paragraph 2, letter a), part i of the TUF)

Adherence to the Corporate Governance Code

Considerations on the letter of the Chairperson of the Italian Corporate Governance Committee

4. Board of Directors

4. Board of Directors

4.1 Role of the Board of Directors

Exclusive powers of the Board

Activities in 2024

Meetings of the Board of Directors in 2024

Meetings of the Board of Directors in the period 2022-2024

4.2 Appointment and replacement (as per Article 123-bis, paragraph 1, letter l) of the TUF)

Presentation of the lists of candidates

Election of directors

Minority representation

Independent directors

Gender balance

Supplementary appointment measure

Replacement of directors during their mandate

Shareholders' Meeting of 20 April 2023 – renewal of the corporate boadies for the period 2023-2025

4.3 Composition (as per Article 123-bis, paragraph 2, letter d) and d-bis) of the TUF)

Suitability requirements for bank directors

Time Commitment for the role

Limits on the number of directorships held by Directors

Independence requirements for Directors

Process of verifying the Suitability Requirements

The Guidelines of the Board of Directors

Activities in 2024

Diversity and Inclusion Policy

Diversity Policy on the composition of Corporate Bodies

Diversity in the composition of the Board of Directors

4.4 Functioning of the Board of Directors (as per Article 123-bis, paragraph 2, letter d) of the TUF)

Reporting flows

4.5 Role of the Chairperson of the Board of Directors

Board Secretary

4.6 Executive Directors

Chief Executive Officer

4.7 Independent directors and Lead Independent Director

Independent directors

Lead Independent Director

5. Handling of corporate information

5. Handling of corporate information

External communications

Management of inside information

6. Board Committees

6. Board Committees (as per Article 123-bis, paragraph 2, letter d) of the TUF)

Specific Competencies in the Composition of the Board Committees

Roles within the Committee