Report on corporate governance and shareholding structure 2021

Report on Corporate Governance and Shareholding Structure

2021

Pursuant to Art. 123-bis of the Consolidated Law on Finance (traditional administration and control model) Website: www.bancaifis.it Document approved by the Board of Directors at its 10 March 2022 meeting

Banca Ifis S.p.A - Registered office in Via Terraglio 63 30174 Venice - Mestre - Italy. Venice Companies Register Number and Tax Code 02505630109

VAT no. 02992620274 - Group VAT 04570150278 - Economic and Administrative Index (REA) no.: VE – 247118

Fully paid-up share capital: 53.811.095 Euro - Registered with the Official List of banks under no. 5508 Parent company of the Banca Ifis S.p.A. banking group - Member of the National Guarantee Fund, the National Deposit Protection Fund, the Italian Factoring Association and Factors Chain International.

	Contents		2
	Background		5
	Glossary		6
		1. Issuer Profile	7
		Shareholders Corporate governance model Shareholders' Meeting Board of Directors Board committees Board of Statutory Auditors	8 9 9 10 11 11
2.		Information on the shareholding structure as at 31 December 2021	12
		2.1 Capital structure	12
		2.2 Restrictions on the transfer of securities	12
		2.3 Significant equity investments	12
		2.4 Securities conferring special rights	13
		2.5 Employee share ownership: mechanism for exercising voting rights	13
		2.6 Restrictions on voting rights	13
		2.7 Shareholder agreements	13
		2.8 Change of control clauses and provisions of the Articles of Association relating to takeover bids	13
		2.9 Powers to increase share capital and authorisations to purchase own shares	13
		2.10 Management and coordination activities	14
3.		Board of Directors	14
	3.1	Role of the Board of Directors	14
	3.2	Appointment and replacement	17
	3.3	Composition	19
Diversity criteria and policies in Board composition and corporate organisation Maximum number of offices held in other companies			21 23
	3.4	Function of the Board of Directors	28
	3.5	Role of the Chairman	29
		Board Secretary	30
	3.6	Executive directors	31
		Chief Executive Officer	31
		Chairman of the Board of Directors	31
		Information to the Board by the CEO	32

	3.7	Independent directors and Lead Independent Director	32
		Independent directors	32
		Lead Independent Director	33
4.		Corporate information management	34
5.		Board committees	34
6.		Director Self-Evaluation and Succession - Appointments Committee	35
	6.1	Self-Assessment and Director succession	35
	6.2	Appointments Committee	37
		Composition and functioning of the Appointments Committee	37
		Member of the Appointments Committee	38
7.		Remuneration of Directors - Remuneration Committee	39
	7.1	Remuneration of Directors	39
	7.2	Remuneration Committee	39
8.		Internal Control and Risk Management System - Control and Risk Committee	39
		a Main characteristics of the existing risk management and internal control systems in relation to the financial reporting process	48
		a.1. Background	48
		a.2. Description of the main characteristics of the existing risk management and internal control system in relation to the financial reporting process (the "System")	49
		a.2.1 Steps in the process of managing the risks of financial misstatement	49
		a.2.2 Roles and Functions involved	50
	8.1	Chief Executive Officer	51
	8.2	Control and Risks Committee	51
		Composition and functioning of the Control and Risks Committee	51
Functions assigned to the Control and Risk Committee			53
	8.3	Head of the Internal Audit Function	55
	8.4	Organisational model pursuant to Legislative Decree no. 231/2001	56
	8.5	Independent Auditors	58
	8.6	Corporate Accounting Reporting Officer and other corporate roles and functions	58
	8.7	Coordination between the parties involved in the internal control and risk management system	59
9.		Directors' interests and related party transactions	60
	10.	Board of Statutory Auditors	62
	10.1	Appointment and replacement	62
	10.2	Composition and operation	63
		Diversity criteria and policies	67
		Independence	68

	Remuneration	68
	Interest management	68
11.	Shareholder relations	69
	Access to information	69
	Dialogue with shareholders	69
12.	Shareholders' Meetings	69
13.	Considerations on the Letter from the Chairman of the Corporate Governance Committee	71

Background

The Report is available on the website of Banca Ifis S.p.A. ("Banca Ifis" or the "Bank") in the Corporate Governance section, is published at the same time as the Report on Operations and is drawn up pursuant to Art. 123-bis of the Consolidated Law on Finance and also fulfils the public disclosure obligations for banks set out in the Bank of Italy's Supervisory Provisions on corporate governance.

Banca Ifis has adhered to the Code of Corporate Governance for Listed Companies since 2001, and the Report aims to provide exhaustive and transparent information on the concrete application of the Principles of the Code, published on the website of the Corporate Governance Committee (www.borsaitaliana.it/comitato-corporategovernance/homepage/homepage.htm).

It should be noted that the provisions of the Code regarding the remuneration of directors and the Remuneration Committee are contained in the Remuneration Report to which reference should be made.

The Report was approved by the Board of Directors at its meeting on 10 March 2022, and within the Report the information, unless otherwise specified, is as of the date of its approval.

The Report was submitted to the auditing firm EY and the consistency opinion provided for by Art. 123-bis of the Consolidated Law on Finance is included in the Reports prepared pursuant to Art. 14 of Legislative Decree no. 39/2010, which are attached to the separate and consolidated financial statements.

Glossary

Code/Corporate Governance Code: the Corporate Governance Code for Listed Companies approved in January 2020 by the Corporate Governance Committee.

Civil Code /CC the Italian Civil Code.

Committee/CG Committee/Corporate Governance Committee: the Italian Committee for the Corporate Governance of listed companies, promoted by Borsa Italiana S.p.A., ABI, ANIA, Assogestioni, Assonime and Confindustria.

Board: the Issuer's Board of Directors.

Issuer: the issuer of securities to which the Report refers.

FY: the financial year to which the Report refers.

Consob Regulation on Issuers: the Regulation issued by Consob by Resolution no. 11971 of 1999 (as subsequently amended) concerning issuers.

Consob Market Regulation: the Regulation issued by Consob with resolution no. 20249 of 2017 regarding markets.

Consob Related Parties Regulation: the Regulation issued by Consob with Resolution no. 17221 of 12 March 2010 (as subsequently amended) concerning transactions with related parties.

Report: the report on corporate governance and corporate structures that companies are required to prepare and publish pursuant to Art. 123-bis of the Consolidated Law on Finance.

Remuneration Report: the report on the remuneration policy and the fees paid that companies are required to prepare and publish pursuant to Art. 123-ter of the Consolidated Law on Finance and 84-quater of the Consob Regulation on Issuers.

Consolidated Law on Finance ("TUF", Testo Unico della Finanza): Legislative Decree no. 58 of 24 February 1998 and subsequent amendments.

Consolidated Law on Banking ("TUB", Testo Unico Bancario): Legislative Decree no. 385 of 1 September 1993 and subsequent amendments.

Unless otherwise specified, the definitions in the CG Code relating to the following are also to be understood as being referred to by reference: directors, executive directors, independent directors, significant shareholder, chief executive officer (CEO), board of directors, control body, business plan, concentrated ownership company, large company, sustainable success, top management.

1. Issuer Profile

Banca Ifis is organised according to the traditional administration and control model; subject to the provisions contained in the Supervisory Provisions issued by the Bank of Italy (Circular no. 285/2013) and in particular, with regard to the issue of corporate governance pursuant to the provisions contained in the aforementioned Circular in Part I, Title IV, Chapter 1, it qualifies as a bank of greater size or operational complexity, as it is a listed bank. Banca Ifis is a Less Significant Institutions subject to the direct supervisory powers of the Bank of Italy; Banca Ifis has been listed on the Milan Stock Exchange (Star segment) since 2003.

Starting FY 2017, the Bank publishes the non-financial statement (NFS) on its website, which can be found at https://www.bancaifis.it/chi-siamo/sostenibilita/dichiarazione-non-finanziaria, pursuant to Legislative Decree no. 254/2016 as a public interest entity with the dimensional characteristics required for the application of the regulations.

The company does not fall within the definition of an SME pursuant to Article 1, paragraph 1, letter w-quater. 1) of the TUF and Art. 2-ter of Consob Regulation on Issuers and, pursuant to the definitions of the CG Code, it is included among "companies with concentrated ownership" but not among "large companies".

The Corporate Governance structure of Banca Ifis is not affected by non-Italian legal provisions as the limited size of the foreign subsidiaries, compared to the Parent company, does not affect the Corporate Governance structure of Banca Ifis in any way.

Banca Ifis is the parent company of the Banca Ifis Banking Group, an active player in speciality finance. The main business activities are the offer of services and credit solutions to businesses and the acquisition/management of impaired credit portfolios; Banca Ifis is a challenger bank made up of people, experience and technology that develops specialised solutions for the world of businesses and individuals with the aim of creating lasting and sustainable value. It meets the needs of individuals and Small Medium Enterprises, thanks to a unique specialised and diversified business model. The Banca Ifis Group identifies itself as a digital, sustainable, and authentic bank, based on solid principles of integrity, transparency, and competence, in a constant search for improvement and excellence, to provide concrete support to businesses.

Banca Ifis has embarked on an important journey to increasingly integrate ESG criteria into the business model. With a clear vision: sustainability, in all its forms, represents a lever for creating value and a fundamental driver of development, which looks at the tangible impacts on people, the environment and the community. For this reason, the new Business Plan has defined a Sustainable Bank project that sets precise objectives and commitments on the three ESG dimensions - Environment, Social and Governance - with direct connections to the business.

On 23 May 2021, as part of the intervention of the Interbank Deposit Protection Fund (FITD) in Aigis Banca, placed in compulsory administrative liquidation by the Ministry of Economy and Finance, Banca Ifis acquired an operating branch of this company, taking over the related contractual relationships and guaranteeing customers, in the immediate future, the continuity of business and services.

At the date of approval of the Report, the other companies making up the Banking Group are:

Cap.Ital.Fin. S.p.A., a financial intermediary registered in the Register pursuant to Art. 106 of the TUB, which represents the Group's consumer credit business unit, specialising in salary and pension backed loans;
Credifarma S.p.A., a financial intermediary registered in the Register pursuant to Art. 106 of the TUB of reference for pharmacies, to which it offers advances, short and medium-long term loans to already established pharmacies and loans for the purchase of new pharmacies. In agreement with Banca Ifis, it also distributes instrumental leasing and financial and payment services;
Farbanca S.p.A., a company with a banking license, specialises in the pharmacy sector, supporting pharmacist entrepreneurs in order to encourage the development processes of the sector, increasing opportunities for operational and income growth. It offers short and medium-long term financial

products made for the needs of pharmacies such as financing for the purchase and renovation of the pharmacy, advance payment of ASL credits, consolidation of debt to suppliers, restructuring of outstanding debt with banks and financial institutions, financing for the purchase of technical equipment. It also offers computerised payment services for pharmacists.

Ifis Finance IFN S.A., a financial company under Romanian law, with the aim of supporting both the domestic market and Romanian companies with receivables from foreign customers. It supports companies in their growth and innovation processes through various factoring solutions.
Ifis Finance Sp. z o.o., a financial company under Polish law specialising in factoring services which include the financing of trade receivables, the management of payments and the hedging of credit risk towards customers;
Ifis Npl 2021-1 SPV S.r.l., a company incorporated pursuant to Law 130/99 for the purposes of a loan securitisation transaction and registered in the list of vehicle companies kept by the Bank of Italy pursuant to Bank of Italy Order no. 35782.2 of 07 June 2017.
Ifis Npl Investing S.p.A., a financial intermediary registered in the Register pursuant to Art. 106 of the TUB and an active investor in the Italian market of non-performing loans. The company purchases NPL portfolios, mainly originated by financial institutions and banks, and originates for the Group investment opportunities in fund units and securitisation notes, issued by vehicles that invest in impaired loans; the company supports the Group in senior financing and special lending transactions on distressed portfolios. Ifis Npl Investing S.p.A. controls Ifis Npl Servicing S.p.A., a financial intermediary registered in the Register pursuant to Art. 106 of the TUB, which manages and integrates the various platforms for the management and recovery of non-performing loans both for the portfolio owned by Ifis Npl Investing S.p.A. and for third parties.

Ifis Npl Servicing S.p.A. controls Ifis Real Estate S.p.A., an unregulated company active in consultancy for NPL management with underlying real estate and in the valuation and marketing of real estate.

Banca Ifis also controls Ifis Rental Services S.r.l., an unregulated company specialising in the operating rental segment, not included in the Banking Group's perimeter.

Shareholders

The share capital of Banca Ifis as of 31 December 2021 is represented by 53.811.095 ordinary shares with a nominal amount of 1 Euro issued in dematerialised form, indivisible and freely transferable.

Corporate governance model

Banca Ifis adopts the traditional administration & control model, considering it to be the most suited for ensuring the efficiency of operations and effectiveness of controls given its specific characteristics.

For Banca Ifis, the traditional administration and control model has so far yielded good results in terms of value creation for shareholders, capital strengthening and financial balance. The stability of the Bank and the Group, which also emerges from the overall and fruitful dialogue with the Supervisory Authorities, in turn led to confirmation of the choice of the traditional model. The traditional model appears, also in perspective, to be the most suitable to support a harmonious and orderly development of the Group, as it places the competences for strategic supervision, management and control in a structure that has so far proved to be effective and efficient, facilitating a clear definition of responsibilities, a streamlined decision-making process and an effective dialogue between the bodies themselves.

Under the model adopted by Banca Ifis:

strategic supervision is performed by the Board of Directors;
the CEO is responsible for the company's operations. The Joint General Managers are involved in management;
control is performed by the Board of Statutory Auditors.

Shareholders' Meeting

The Shareholders' Meeting is a collective deliberative body made up of the Bank's shareholders and/or their representatives; its resolutions, taken in compliance with the law and the Articles of Association, are binding on all shareholders, even if absent or dissenting. The Shareholders' Meeting is ordinary and extraordinary in accordance with the law and can also be convened outside the registered office, provided that it is held within the national territory.

The Ordinary Shareholders' Meeting is convened at least once a year, within 120 days of the end of the financial year, to pass resolutions on the matters for which it is responsible under current legislation and the Bank's Articles of Association. In particular, the Ordinary Meeting:

approves the financial statements;
appoints by means of list voting and revokes the members of the Board of Directors and determines their remuneration;
appoints the Auditors and the Chairman of the Board of Statutory Auditors by list voting and sets their remuneration;
may appoint, even outside the members of the Board of Directors, an Honorary Chairman, chosen among people who have significantly contributed to the prestige and development of the Company;
approves the remuneration and incentive policies for the Board of Directors, the CEO, the Board of Statutory Auditors, the General Manager, the Joint General Manager(s) and other staff;
approves any remuneration plans based on financial instruments;
approves the criteria for calculating the remuneration to be agreed in the event of early termination of the employment relationship or early termination of office, including the limits established for remuneration in terms of annual instalments of fixed remuneration and the maximum amount that results from their application;
has the power to approve the ratio between the variable and fixed components of the individual remuneration of staff in excess of 100%, but in any case not exceeding the limit set out in accordance with the laws and regulations in force at the time (currently 200%, a ratio of 2:1). The proposal may be considered validly approved with the majorities provided for by the legislation applicable over time.

The Extraordinary Shareholders' Meeting resolves on amendments to the Articles of Association and on other matters reserved to it by the Articles of Association or by law.

For more information on the Shareholders' Meeting, refer to Section 12

Board of Directors

The Company is governed by a Board of Directors consisting of five to fifteen members, elected by the Shareholders' Meeting. As at 10 March 2022, the number of directors is 12 and their term of office will expire on the date of the Shareholders' Meeting called to approve the 2021 financial statements.

Members are appointed on the basis of lists submitted by the shareholders; candidates are listed in order of appearance and, in any case, their number shall not exceed the maximum number of members provided for by the Articles of Association. Only those shareholders who, at the time of submitting a list, own - alone or together with others - at least 1% of the ordinary shares are entitled to submit it.

The Articles of Association provide that: at least one quarter of the members must meet the independence requirements and must be included in the list in the first four positions in numerical order; at least one third of the candidates must belong to the less represented gender, except for the lists with less than three candidates; one director must be taken from the second list by number of votes.

The Board elects a Chairman and may elect a Deputy Chairman; it also appoints a CEO, who is in charge of managing corporate operations aimed at achieving the strategic corporate policies and objectives approved by the Board of Directors, and establishes their management powers.

For more information on the Board of Directors, refer to Section 3

Board committees

Three committees have been set up within the Board of Directors, partly in line with the provisions of the Corporate Governance Code. These committees, which have the task of making proposals, conducting investigations and providing advice, enable the body with strategic supervisory functions to take its decisions in a more informed manner:

Control and Risks Committee;
Appointments Committee;
Remuneration Committee.

The composition, operation and responsibilities of Board Committees are governed by the Rules of Procedure of the Board of Directors, the Board Committees and the Supervisory Body and the General Regulation.

See Sections 5, 6, 7, and 8 for more information on Board committees

Board of Statutory Auditors

The Board of Statutory Auditors consists of three standing auditors and two alternate members. The appointment takes place on the basis of lists submitted by the shareholders, in which the candidates are listed in order of appearance and number not exceeding the members of the body to be elected. Each list shall include two sections: one for the candidates to the office of standing auditor, and the other for the alternate auditor candidates. The Auditors' term of office will expire on the date of the Shareholders' Meeting called to approve the 2021 financial statements.

According to the Articles of Association, two Standing Auditors and one Alternate Auditor are elected from the list that obtained the majority of votes; one Standing Auditor and one Alternate Auditor are elected from the list that obtained the majority of votes. The standing auditor elected from the minority list is declared Chairman of the Board of Statutory Auditors.

The operating procedures and powers of the Board of Statutory Auditors are governed by the Articles of Association and the General Regulation.

For more information on the Board of Statutory Auditors, refer to Section 10

2. Information on the shareholding structure as at 31 December 2021

2.1 Capital structure

As of 31 December 2021 the subscribed and paid-up share capital amounted to 53.811.095,00 Euro, divided into 53.811.095 ordinary shares with a nominal amount of 1 Euro each, as shown in Tab.1:

Tab.1

	CAPITAL STRUCTURE
	No. of shares	% of share capital	Listed (market)/unlisted	Rights and obligations
Ordinary shares	53.811.095	100%	Listed (MTA)	Each ordinary share confers the right to one vote

As of 31 December 2021, no other financial instruments granting the right to subscribe for newly issued shares have been issued. With regard to treasury shares to be allocated as variable remuneration to the CEO as well as to employees included in the "identified staff" (i.e. most relevant staff), reference should be made to the Remuneration Report prepared pursuant to Art. 123 ter of the TUF and to the Information Document on remuneration plans based on financial instruments prepared pursuant to Art. 114-bis of the TUF and 84-bis of the Consob Regulation on Issuers www.bancaIfis.it in the sections "Corporate Governance" "Shareholders' Meeting".

2.2 Restrictions on the transfer of securities

There are no restrictions on the transfer of securities, except for the retention periods envisaged for the portion of variable remuneration to be paid in shares to the CEO and the former General Manager (¹ ) as well as to any other employees falling under the category of "identified staff". For details on the shares to be assigned to these corporate figures and the restrictions provided for, reference should be made to the Remuneration Report prepared pursuant to Art. 123-ter of the TUF.

2.3 Significant equity investments

On the basis of the communications made pursuant to Art. 120 of the TUF, as well as the communications made by relevant persons pursuant to Art. 152-octies of the Consob Regulation on Issuers, the following Tab.2 shows the subjects that, as at 31 December 2021 hold, directly or indirectly, shares with voting rights amounting to more than 3% of the share capital. Tab.2

SIGNIFICANT SHAREHOLDINGS IN THE CAPITAL
Declaring party	Direct shareholder	% share of ordinary capital	% share of voting capital
Ernesto Fürstenberg Fassio	La Scogliera	50,50%	50,50%
Riccardo Preve	Riccardo Preve Preve Costruzioni	3,02%	3,02%

⁽ 1 ) In accordance with the amendments to the Articles of Association approved by the Shareholders' Meeting of 28 July 2021 and the provision issued pursuant to Article 56 of the TUB by the Bank of Italy, with effect from 5 August 2021 the figure of the General Manager was replaced by that of two Joint General Managers (CCO - Chief Commercial Officer and COO - Chief Operating Officer).

It seems useful to point out that:

The purpose of La Scogliera is to ensure the compactness and continuity of the management of its controlling interest pursuant to Art. 2359 of the Civil Code in Banca Ifis;
Although La Scogliera is the majority shareholder, it does not carry out management and coordination activities with regard to Banca Ifis;
the corporate purpose of La Scogliera expressly excludes the management and coordination of the financial companies and banks in which it holds an interest.

2.4 Securities conferring special rights

No securities granting special rights of control have been issued.

2.5 Employee share ownership: mechanism for exercising voting rights

Employees who may own shares in the company shall exercise their membership rights in the same manner as other shareholders.

2.6 Restrictions on voting rights

The company is not aware of any restrictions on voting rights at the date of approval of the Report.

2.7 Shareholder agreements

The Board of Directors of Banca Ifis is not aware of the existence of shareholders' agreements among the company's shareholders pursuant to Art. 122 of the TUF.

2.8 Change of control clauses and provisions of the Articles of Association relating to takeover bids

Banca Ifis is not aware of the existence, among its shareholders, of any significant agreements that would become effective, be modified or terminated in the event of a change of control of the contracting company.

The Articles of Association of Banca Ifis do not derogate from the provisions on the passivity rule envisaged by Art. 104 paragraphs 1 and 1-bis of the TUF nor do they envisage the application of the neutralisation rules envisaged by Art. 104-bis, paragraphs 2 and 3, of the TUF.

2.9 Powers to increase share capital and authorisations to purchase own shares

As at 31 December 2021, the Board had not been granted powers to increase the share capital pursuant to Art. 2443 of the Civil Code or to issue equity instruments.

The Ordinary Shareholders' Meeting held on 28 July 2021, pursuant to Art. 2357 et seq. of the Civil Code, approved the purchase of a maximum of 1.044.000 treasury shares aimed at implementing the "Long Term Incentive Plan" addressed to the most relevant staff, in the form of stock options.

On 5 November 2021, the Bank of Italy authorized, pursuant to Articles 77 and 78 of the CRR, the purchase of a maximum of 1.044.000 treasury shares, for a total outlay of no more than 20,9 million Euro determined on the basis of a maximum price of

20 Euro per share (² ). On the basis of the provisions of the CRR, the authorisation has a duration of no more than twelve months from the date on which it was issued and, from the same date, the Bank had to deduct from the primary tier 1 capital, at individual and consolidated level, the amount relating to the maximum outlay indicated above for the repurchase of shares. At the end of the year Banca Ifis held 339.139 treasury shares in its portfolio.

2.10 Management and coordination activities

Although La Scogliera is the majority shareholder, it does not carry out management and coordination activities in Banca Ifis in compliance, among other things, with its corporate purpose, which expressly excludes the possibility for the company to carry out management and coordination activities in financial companies and banks in which it has a stake. It should be noted that:

the information required by Art. 123-bis, paragraph one, letter i) ("the agreements between the company and the directors [...] providing for indemnities in case of resignation or dismissal without just cause or if their employment relationship terminates following a takeover bid") is contained in the Remuneration Report published pursuant to Art. 123-ter of the TUF;
the information required by the first part of Article 123-bis, paragraph 1, letter l) ("the rules applicable to the appointment and replacement of directors ... if different from the laws and regulations applicable in addition") is provided in the section of the Report concerning the Board of Directors (Section 4.2).

Banca Ifis is the Parent company of the Banking Group and controls, in addition to the companies that are part of the Group, other companies that are part of the "Economic Grouping".

Pursuant to the TUB, Banca Ifis exercises management and coordination over the companies belonging to the Banking Group and issues to them the directives necessary to ensure that the Parent company's assumptions are implemented in the subsidiaries.

Moreover, pursuant to Articles 2497 et seq. of the Civil Code, Banca Ifis also exercises management and coordination activities with respect to the companies belonging to the Economic Grouping.

3. Board of Directors

3.1 Role of the Board of Directors

The strategic supervision function is carried out by the Board of Directors, which, pursuant to the Provisions, is called upon to deliberate on the bank's strategic guidelines and to verify their implementation on an ongoing basis, ensuring sound and prudent management.

Its composition, operating procedures, powers and tasks assigned to the Board of Directors are defined by law and by the Bank's Articles of Association.

Indeed, pursuant to Art. 14 of the Articles of Association, in addition to the powers that cannot be delegated by law, the matters reserved for the exclusive competence of the Board of Directors include:

• the business model, the strategic lines and operations, as well as business and financial plans;

⁽ 2 ) On 10 March 2022, in order to obtain the funding of treasury shares necessary to implement the LTI Plan (which provides for the granting of options to the CEO partly up-front and the remainder over a deferred period subject to the positive verification of all the conditions laid down), the Board of Directors approved the launch of the share buyback program to service the LTI Plan.

the internal control system guidelines, ensuring that the system is in line with established strategic and risk appetite measures as well as being able to stay up to date with the company's risks as they evolve and the interaction between them;
the criteria for identifying the most significant transactions to be subjected to prior examination by the risk control function;
the compliance of the Articles of Association with the provisions of the regulatory framework;
the merger by incorporation of companies in the cases provided for by Articles 2505 and 2505-bis of the Civil Code;
the reduction of capital in the event of withdrawal;
an indication of which directors, in addition to those indicated in these Articles of Association, are the company's representatives;
the formation of internal committees within the Board of Directors;
the Risk Appetite Framework and the risk management policies as well as, after having heard the opinion of the Board of Statutory Auditors, assessing the completeness, suitability, functionality and reliability of the risk management and internal control system as well as the suitability of the organisational, administrative and accounting structure;
determining the Bank's general organisational structure and the subsequent internal regulations;
the setting up and organisation, also for the purposes of the articulation of the signatory powers, of Branches, Subsidiaries, Agencies, Bank Counters, Recipients, Representations, in Italy and abroad, as well as their suppression;
the transfer of the registered office within national territory;
the acquisition and sale of equity investments, companies and/or business units involving changes in the Group or investments or divestments exceeding 1% (one percent) of the shareholders' equity shown in the Company's latest approved financial statements;
determining the criteria for carrying out the Bank of Italy's instructions;
appointing, dismissing and remunerating the General Manager;
the remuneration and incentive policies to be submitted to the Shareholders' Meeting, the review, at least annually, of such policies and responsibility for their proper implementation, with the task of ensuring, moreover, that the remuneration policy is adequately documented and accessible within the corporate structure;
the establishment of company control functions, their tasks and responsibilities, the methods of coordination and collaboration, the information flows between these functions and between them and the company bodies;
the appointment, after hearing the opinion of the Board of Statutory Auditors, of the heads of control functions;
the risk management process and assessing its compatibility with the strategic guidelines and risk management policies;
the policies and the processes for assessing company activities, and, particularly, financial instruments, ensuring that they are always suitable and also establishing the Bank's maximum exposure limits to financial instruments or products that are uncertain or difficult to value;
the process for the development and validation of internal risk measurement systems not used for regulatory purposes and the periodic assessment of their proper functioning;
the process for approving new products and services, starting new operations, and entering new markets;
the company's policy regarding the outsourcing of corporate functions;
the code of ethics with which members of corporate bodies and employees are required to comply in order to mitigate the Bank's operational and reputational risks and encourage the spread of a culture of internal controls;
the approval, review and updating of the recovery plan, as well as its amendment and updating at the request of the Supervisory Authority;
the adoption, at the request of the Supervisory Authority, of the changes to be made to the activity, organisational structure or corporate form of the Bank or the Banking Group, and of the other measures necessary to achieve the aims of the recovery plan, as well as the elimination of the causes that form the basis for early intervention;
a decision to take a measure set forth in the recovery plan or to refrain from taking a measure even though the circumstances exist; and
approval of a policy to promote diversity and inclusiveness.

In setting corporate strategies, the Board of Directors considers the following profiles:

the monitoring and management of impaired loans as well as the approval of policies for their management;
any adoption of new business models, applications, processes or products, including through partnerships or outsourcing, related to the provision of technology-intensive financial services (FinTech);
the risks of money laundering and terrorist financing in consideration, among other things, of the activity carried out, the customers and the geographical areas of reference;
sustainable finance objectives and, in particular, the integration of environmental, social and governance (ESG) factors into business decision-making processes;
the risks, particularly legal and reputational, arising from any related or instrumental activities carried out;
the definition and correct implementation of funding policies, also with reference to the type of savers/investors involved, including planning and choices regarding compliance with regulations on the Minimum Requirement for own funds and Eligible Liabilities (MREL).

In February 2022, the Board of Directors approved the 2022-2024 Business Plan; its objectives include increasing industrial profits, strengthening competitive positioning and creating value for all stakeholders. The plan is based on four pillars: Digitisation, Openness to Partnerships, Efficiency and Sustainability.

Banca Ifis has in fact embarked on an important journey to increasingly integrate ESG criteria into its business model. With a clear vision: sustainability, in all its forms, represents a lever for creating value and a fundamental driver of development, which looks at the tangible impacts on people, the environment and the community. For this reason, the new Business Plan has defined a Sustainable Bank project that sets precise objectives and commitments on the three ESG dimensions - Environment, Social and Governance - with direct connections to the business. Some actions have already been implemented: the Group has set up, amongst the Steering Committees, a Sustainability Committee, to guide the strategy and consolidate the corporate culture, based on inclusion and diversity. In addition, in 2021 Banca Ifis joined the Net Zero Banking Alliance (NZBA), the United Nationssponsored initiative to speed up the sustainable transition of the international banking sector. As proof of the Group's great commitment to sustainability, Banca Ifis has been awarded the "A" rating by MSCI. These are the lines of action that will guide the Bank's work in the period 2022-2024 to contribute to the achievement of the Sustainable Development Goals (SDGs) set by the UN 2030 Agenda.

On the basis of the strategic indications provided by the Board, as well as the dimensional objectives and the additional qualitative and quantitative elements of the Strategic Plan, the Risk Appetite Framework, the ICAAP Report and the ILAAP Report are drawn up annually and approved by the Board of Directors. In compliance with the provisions of the Supervisory Provisions for banks, defined by Bank of Italy Circular 285, the Strategic Plan for ICT is also approved.

During 2021, the Board of Directors approved the guidelines for the revision of the organisational structure of Banca Ifis which provide, for the purposes of a more effective, coordinated and unified management of the Bank, for the inclusion of three new structures reporting directly to the Chief Executive Officer and the appointment of two Joint General Managers (Chief Commercial Officer and Chief Operating Officer) as an alternative to the appointment of the General Manager. Also as a result of these changes, a number of amendments were made to the Bank's Articles of Association, which were submitted for approval by the Extraordinary Shareholders' Meeting on 28 July 2021, after the Bank of Italy had obtained the relevant authorisation pursuant to Art. 56 of the TUB. As a result, a number of documents were subsequently approved as part of the process of revising organisational structures.

The Board assesses the general performance during the analysis of the financial reports provided for by Art. 154-ter of the TUF, when examining (after the approval of the half-yearly report) the comparison between planning objectives and the results actually achieved, as well as when examining the other documents included in the strategic planning process.

The Board also continuously assesses the adequacy of the Bank's general organisational, administrative and accounting structure when dealing with the matters for which it is responsible.

The adequacy of the organisational, administrative and accounting structure of the subsidiaries is assessed by the Board by means of some governance and control governance instruments, which are set out in the Group Regulations and outline the roles of the Parent company and the Subsidiaries, together with the management and coordination activities in the strategicmanagement and technical-operational control areas.

Already during the negotiation phase for the acquisition of new companies or business units, the Bank's Board of Directors has equipped itself with all the necessary tools to initiate the necessary considerations on the structures of future subsidiaries and their potential consistency with the system adopted by the Bank; following these considerations, at the end of the acquisition

process, a specific directive is issued to bring the structures and internal control systems of the new subsidiary into line with those of the Banking Group.

The description of the characteristics of the organisational model of the Group's internal control system and the breakdown of the activities carried out by the control units for the Group (i.e. within the scope of the management and coordination action carried out by the parent company over the Group companies) is contained in the document "Group guidelines on the Internal Control System" and in the regulations of the Control Organisational Units. See Section 8 for more information.

Pursuant to the said provisions contained in the Articles of Association, the Board has to examine and approve in advance transactions carried out by the Issuer and its subsidiaries, when these transactions have a significant impact on the strategy, income statement, balance sheet or financial situation. In these cases, the Board of Directors is convened by the Chairman right from the start of negotiations with the seller and/or of the dialogue with the Supervisory Authorities, so as to be able to steer the negotiations through to their conclusion, to obtaining the necessary authorisation and to the closing.

In May 2021, the acquisition by Banca Ifis of the assets included in the business unit of Aigis Banca, placed under compulsory liquidation by the Ministry of Economy and Finance, was completed and the reorganisation of the pharmacy sector through the merger by incorporation of Farbanca and Credifarma is nearing completion.

The Board has not established any general criteria to identify the transactions that have a significant strategic, economic, equity or financial relevance for the Bank, since such transactions can only be approved by the Board itself, as part of the planning process or, as it has been the case until now, as part of the significant elements that modify the strategic objectives and the risk appetite already approved.

The approach that the Bank, also in the exercise of its role as Parent company, adopts in order to ensure an effective monitoring of any risks of conflicts of interest in transactions with related parties and associated persons is outlined in the "Group Policy on transactions with related parties, associated parties and corporate representatives pursuant to Art. 136 TUB" adopted at the Board meeting of 24 June 2021, subject to receipt of an analytical and reasoned favourable opinion from the Control and Risk Committee (in its component consisting solely of independent directors) and the Board of Statutory Auditors of the Parent company regarding the suitability of the same to achieve the objectives of the regulations in force on the subject. The update was necessary in order to bring the contents of the Banca Ifis Group's regulations on related party transactions into line with the amendments approved by CONSOB to the Regulation on related party transactions (RPT) pursuant to Resolution 17221 of 12 March 2010.

As set forth in Section 4, to which reference is made for further information, the Bank has an Policy for the handling of inside information and as set forth in Section 11, during FY 2021, the adoption of the Directors' Dialogue with Investors Policy was resolved.

3.2 Appointment and replacement

The Articles of Association envisage that the Directors are appointed on the basis of the list voting mechanism by the Shareholders' Meeting; at least one quarter of the members must meet the independence requirements set out in the legislation and regulations in force over time.

The candidates are listed in the lists in progressive order and their number shall not exceed the maximum number of members provided for by the Articles of Association (fifteen). Only those shareholders who, at the time of submission of the list, own alone or together with others - at least 1% of the ordinary shares, or any other lower threshold of ownership that - pursuant to current legislation - shall be indicated in the notice of call of the Shareholders' Meeting held to resolve on the appointment of the members of the Board of Directors, are entitled to submit a list.

The stake determined by Consob pursuant to Art. 144-quarter of the Regulation on Issuers would be equal to 2,5%.

There is no provision in the Articles of Association for the outgoing Board of Directors to submit its own list.

A shareholder may not submit or vote for more than one list, even if through a third party or trust company. Shareholders belonging to the same group and shareholders who are party to a shareholders' agreement concerning the Company's shares cannot submit or vote for more than one list, not even through a third party or trust company. A candidate may only be on one list under penalty of ineligibility.

other procedures provided for by current legislation, at least twenty-one days prior to the date of the first call of the Shareholders' Meeting.

In order to prove the ownership of the number of shares necessary to submit the lists, the shareholders may produce the related certification also after the filing, provided that it is within the deadline for the publication of the lists by the Company. Lists must be supplied complete with:

information regarding the identity of the shareholders who submitted the lists, indicating the percentage of shares held;
a statement of the shareholders other than those who hold, also jointly, a controlling or relative majority interest, certifying the absence of relationships with them, as set out in Art. 147-ter of the TUF and Art. 144-quinquies of the Consob Regulation on Issuers;
a complete report on the personal and professional characteristics of the candidates as well as a declaration by the same candidates stating that they meet the requirements set out in by the law and that they accept the candidature.

Candidates may not be included in the lists if they do not meet the requirements of professionalism, integrity and independence, meet the criteria of competence and fairness and devote the necessary time to the effective performance of their duties, so as to ensure the sound and prudent management of the bank, as set out in Art. 26 of Legislative Decree no. 385/1993. Each list must also indicate:

at least one quarter of the members (if this ratio is not a whole number, it is approximated to the lower whole number if the first decimal place is less than or equal to 5; otherwise, it is approximated to the higher whole number) who comply with the independence requirements set out both by the Code of Conduct for Listed Companies issued by Borsa Italiana S.p.A. and by Art. 148, paragraph 3 of Legislative Decree no. 58/1998. These candidates must be placed on the list in the first four places in the sequential order;
no less than two-fifths of the candidates belonging to the least represented gender, as per the amendments contained in the provisions of the 2020 Budget Law, to Law no. 120 of 12 July 2011 (³ ).

In order to facilitate an optimal identification of the candidates to be proposed for the renewal of the Management Body, in support of the Shareholders and in compliance with the Supervisory Provisions for banks concerning Corporate Governance, the Board of Directors identifies in advance its own qualitative and quantitative composition, which is considered optimal, identifying and justifying the theoretical profile of the candidates.

The bank's organisational and governance structures must ensure sound and prudent management, which is the objective of the regulations, the supervisory bodies and all the stakeholders; therefore, the composition of the administrative body is of central importance for the effective performance of the tasks entrusted to it by the law, the Supervisory Provisions and the Articles of Association.

The election of the members of the Board of Directors shall proceed as follows:

1. all the Directors except one are elected from the list that obtained the highest number of votes at the Meeting, according to the order in which they are listed;
1. one director is taken from the list that obtained the highest number of votes at the Meeting and that, pursuant to Art. 147-ter, paragraph 3 of the TUF, is not connected in any way, not even indirectly, with the shareholders who submitted or voted the list that obtained the highest number of votes.

⁽ 3 ) With particular regard to gender diversification, the legal and regulatory framework on gender diversification has undergone numerous updates over the last two financial years. In particular:

^• the 2020 Budget Law (Article 1, paragraphs 302-305 of Law no. 160 of 2019) amended the criterion for the allocation of directors and members of the supervisory body, aimed at ensuring a balance between genders, providing that the less represented gender must obtain, as from the first renewal of the bodies after 1 January 2020, at least two-fifths of the directors (rounded up, where necessary, to the higher unit), instead of the quota of at least one-third (33%) provided for by the previous rules; and

^• the Supervisory Provisions, as last updated, state that the number of members of the less represented gender, including those of unlisted banks, must be at least 33% of the members of the body (if this ratio is not a whole number, it is rounded down to the lower whole number if the first decimal place is equal to or less than 5; otherwise, it is rounded up to the higher whole number).

If these drawing criteria do not guarantee the balance between genders to the extent established by the law, a scrolling mechanism shall be applied to the drawing from the list that obtained the highest number of votes at the Shareholders' Meeting, based on the sequential order in which the candidates are indicated, that excludes the candidate or candidates of the gender most represented and draws the candidate or candidates of the missing gender.

If only one list of candidates is submitted, the names indicated in this list will be elected as members of the Board of Directors, up to the number of directors to be elected minus one, which shall be appointed by the Shareholders' Meeting at its meeting, by simple majority but excluding the shareholders who submitted the single list from voting, upon proposal of the same nonexcluded shareholders entitled to vote.

If, during the year, the quotas of independent directors are not complied with, the Board shall resolve on the removal from office of one or more of its members who have lost these requirements, according to a criterion of lesser seniority in office or, if equal, of younger age, and shall co-opt one or more independent members.

The provisions of the law shall apply, without list voting, for any replacement of members of the Board of Directors, unless all Directors cease to be in office.

In order to ensure the presence of the director expressed by the list that is not the majority one, in case he/she leaves office, the Board shall first check the availability of the candidates listed in the list, according to the order in which they are listed, and shall co-opt them according to this preference criterion.

In the event of the termination of a director belonging to the least represented gender, the co-opted director shall still belong to the same gender.

3.3 Composition

The Articles of Association provide that the Company is administered by a Board of Directors numbering between five and fifteen members elected by the Shareholders' Meeting.

The Ordinary Shareholders' Meeting of 19 April 2019 determined the composition of the Board of Directors as 12 and the term of office was set at three financial years (2019-2021), the term of office expiring on the date of the Shareholders' Meeting called to approve the financial statements for FY 2021.

For the election of the Board at the Shareholders' Meeting of 19 April 2019, four lists of candidates were submitted, filed and published within the terms and in the manner required by current provisions and the Articles of Association, namely:

List 1 (LA SCOGLIERA) (shareholding equal to 50,177% of the share capital);
List 2 (Bossi, Maderna, Alchimia S.p.A.) (total equity investment equal to 5,989% of the share capital);
List 3 (Assogestioni) (total equity investment equal to 3,06% of the share capital) on behalf of the following group of investors:
- i) Arca S.G.R., manager of the fund Arca Economia Reale Equity Italia, Arca Economia Reale Bilanciato Italia 30;
- ii) EurizonCapital S.G.R. S.p.A., manager of the funds Eurizon Pir Italia 30, Eurizon Progetto Italia 20, Eurizon Progetto Italia 70, Eurizon Azioni PMI Italia, Eurizon PIR Italia Azioni and Eurizon Progetto Italia 40;
- iii) Eurizon Capital SA, manager of the Eurizon Fund-Equity Small Mid Cap Italy fund;
- iv) Fideuram Asset Management (Ireland), manager of the fund Fonditalia Equity Italy.
- v) Fideuram Investimenti SGR S.p.A., manager of the funds Fideuram Italia, PIR Piano Azioni Italia, PIR Piano Bilanciato Italia 50 and PIR Piano Bilanciato Italia 30;
- vi) Interfund Sicav InterfundEquity Italy;
- vii) Generali Investiments Luxembourg S.A. manager of the funds GSmart PIR Evoluzione Italia, GSmart PIR Valore Italia and Gis European Eqty Recov;
- viii) Mediolanum Gestione Fondi SGR S.p.A. manager of the funds Mediolanum Flessibile Futuro Italia and Mediolanum Flessibile Sviluppo Italia.
List 4 (Preve Costruzioni S.p.A.) (equity investment equal to 2,14% of the share capital).

Together with the lists, the following documents were also filed and published:

• Certification attesting the ownership of a shareholding sufficient to submit a list and the absence of any connection, as set out in Art. 147-ter of the TUF and 144-quinquies of the Regulation on Issuers;

• Declaration whereby each candidate: accepts his/her candidacy, certifies that he/she possesses the requirements of professionalism, integrity and independence provided for by current legislation and the absence of causes of ineligibility and/or incompatibility; curriculum vitae and list of offices held

Tab.3 shows the list of candidates, the list of elected members and the percentage of votes obtained in relation to the voting capital:

Tab.3

LIST	LIST OF CANDIDATES	LIST OF ELECTED MEMBERS	PERCENTAGE OF VOTES OBTAINED
1	Simona Arduini Antonella Malinconico Beatrice Colleoni Monica Billio Sebastien Egon Fürstenberg Ernesto Fürstenberg Fassio Luciano Colombini Alessandro Csillaghy de Pacser Luca Lo Giudice Daniele Umberto Santosuosso Divo Gronchi Ferruccio Di Lenardo	Simona Arduini Antonella Malinconico Beatrice Colleoni Monica Billio Sebastien Egon Fürstenberg Ernesto Fürstenberg Fassio Luciano Colombini Alessandro Csillaghy de Pacser Luca Lo Giudice Daniele Umberto Santosuosso Divo Gronchi00	69,55%
2	Giuseppe Benini Renato Giovannini		10,83%
3	Roberto Diacetti Alessandra Giuseppina Barzaghi	Roberto Diacetti	16,25%
4	Riccardo Preve Giovanni Angioni		3,18%

The composition of the Board complies with the one previously identified as optimal in the document "Optimal qualitative and quantitative composition of the Board of Directors of Banca Ifis" and the declarations made with regard to the requirements of professionalism, integrity and independence, as well as the limit to the accumulation of offices, were complied with.

All directors indicated their ability to devote sufficient time to the proper performance of their duties, and all areas of expertise identified in the FY 2018 self-assessment process were well represented on the board (Banking Business and Banking and Financial Activities and Products (7); Dynamics of the Economic and Financial System (5); Industry regulations (5); Internal control systems and risk management and control methodologies (9); Risk management and control methodologies (6); Corporate governance (8); Business management processes (8); Knowledge of organisational structure and information systems (2); Accounting and financial reporting (9)).

Following the resignation of Director Alessandro Csillaghy de Pacser, effective 31 March 2020, the Shareholders' Meeting of 23 April 2020, in order to replenish the composition of the Board, elected Riccardo Preve.

At the start of FY 2021, Director Divo Gronchi resigned (with effect from 14 January 2021) and the Board, with the support of the Appointments Committee, having verified compliance with the necessary requirements and consistency with the qualitative and quantitative composition deemed optimal, co-opted Frederik Herman Geertman on 11 February 2021.

On 22 April 2021, the Shareholders' Meeting appointed Monica Regazzi, following the resignation of Luciano Colombini and confirmed in the position of Director Frederik Herman Geertman .

The composition of the Board of Directors at the date of approval of the Report is shown in Table 4 below:

					In office				N	In	In
Office	Members	Year of birth	Date of first appointm ent *	from	to	List (pres enter s) **	List (M/m) ***	E x e c.	o n - e x e c.	d e p. C o d e	d e p. C F A	attend ance ****
Chairman	Sebastien Egon Fürstenberg	1950	1983	19/04/2019	Approval of the 2021 financial statements	A	M		X			8/19
Deputy Chairman	Ernesto Fürstenberg Fassio	1981	2019	19/04/2019	Approval of the 2021 financial statements	A M			X			19/19
CEO	Frederik Herman Geertman	1970	2021	22/04/2021	Approval of the 2021 financial statements	A	n.a.	X				17/17
Director	Monica Regazzi	1969	2021	22/04/2021	Approval of the 2021 financial statements	A	M		X	X	X	14/14
Director	Riccardo Preve	1951	2005	23/04/2020	Approval of the 2021 financial statements	A	M		X			19/19
Director	Daniele Umberto Santosuosso	1964	2013	19/04/2019	Approval of the 2021 financial statements	A	M		X	X	X	17/19
Director (LID)	Simona Arduini	1970	2019	19/04/2019	Approval of the 2021 financial statements	A M			X	X	X	18/19
Director	Monica Billio	1968	2019	19/04/2019	Approval of the 2021 financial statements	A	M		X	X	X	19/19
Director	Antonella Malinconico	1968	2016	19/04/2019	Approval of the 2021 financial statements	A	M		X	X	X	18/19
Director	Roberto Diacetti	1973	2019	19/04/2019	Approval of the 2021 financial statements	A	m		X	X	X	19/19
Director	Beatrice Colleoni	1973	2019	19/04/2019	Approval of the 2021 financial statements	A	M		X	X	X	19/19
Director	Luca Lo Giudice	1972	2019	19/04/2019	Approval of the 2021 financial statements	A	M		X			19/19
Directors leaving office during FY 2021
Director	Divo Gronchi	1939	2019	19/04/2019	14/01/2021		M		X	X	X	1/1
Director	Luciano Colombini	1955	2019	19/04/2019	22/04/2021		M	X				5/5
	Quorum required for the submission of lists by minorities for the election of one or more members (pursuant to Art. 147-ter of the TUF): 1%
	No. of meetings held during the reporting year: 19
Notes: * This means the date the director was first appointed (ever) to the Board.

Tab.4

**This column shows who submitted the list from which each director was drawn ("A": shareholders; "BoD": Board of Directors)

***In this column, the list from which each director was drawn ("M": majority list; "m": minority list) is indicated

****In this column, the attendance of the directors at the Board meetings is indicated

Information on the personal and professional characteristics of each Director in office can be found on the Bank's website in the Corporate Governance - Corporate Bodies - Board of Directors section.

Diversity criteria and policies in Board composition and corporate organisation

On the occasion of its renewal, the Board of Directors invited the Shareholders to consider, for the purposes of submitting the lists of candidates, the Board's requirements in terms of professionalism and skills (including managerial skills), deemed

necessary for an optimal composition of the Body with Strategic Supervisory Function, as illustrated in the Report on the "Optimal qualitative and quantitative composition of the Board of Directors of Banca Ifis" approved by the Board of Directors on 11 February 2019 and made available at the registered office, "Borsa Italiana S.p.a." and the authorised storage mechanism as well as on the Company's website; this document is also updated on an annual basis to support the self-assessment conducted by the directors.

The process of selecting the members guarantees the heterogeneity of the Board, identifying within the body an adequate degree of diversification in terms of skills, which must be widespread and diversified both from a managerial and a technical point of view (legal, accounting, tax, financial, risk management and control, corporate governance, IT processes, corporate organisation and human resources).

In order to ensure a profitable internal comparison and to contribute to the taking of decisions in line with the Bank's interests, the Board of Directors must include persons with significant and consolidated experience in the management, administration and control of banks and/or companies.

The correct performance of the functions entrusted to the strategic supervisory body requires the presence of individuals:

fully aware of the powers and obligations inherent in the functions each of them is called upon to perform (executive and non-executive functions, independent members, etc.);
with professional skills that are appropriate to the role to be covered, also in possible internal committees of the Board, and calibrated in relation to the operating and size characteristics of the bank;
with skills spread across all members and suitably diversified, so that each person, within the committees of which he or she is a member or in collective decisions, can effectively contribute, among other things, to identifying and pursuing suitable strategies and ensuring effective risk management in all areas of the bank;
who devote time and resources commensurate with the complexity of their duties, subject to compliance with the limits on the number of positions held;
who direct their actions towards the pursuit of the bank's overall interest, regardless of the corporate structure that voted for them or the list from which they are drawn;
who ensure respect for operational autonomy and judgement.

These skills are monitored on an annual basis through the self-assessment process, in which each director is asked to express an opinion on his or her level of technical and regulatory skills relating to the Bank's business and other matters of necessary knowledge, taking into account the activities carried out by the Bank.

The Bank is also aware that an adequate degree of diversification in terms of age, gender and geographical origin, favours a plurality of approaches and perspectives in the analysis of problems and in the taking of decisions, avoiding the risk of behaviours of mere alignment to prevailing positions, whether internal or external to the Bank; the objectives concerning the diversity of the composition of the Board must be pursued taking into account the requirements of competence and professionalism that all directors must satisfy.

From this point of view, the process of selecting the Board members adopted protects and promotes their diversity starting from the appointment phase, since the list voting mechanism governed by the Articles of Association guarantees the presence of at least one director expressed by the minority shareholders and compliance with the regulatory provisions on the number of candidates belonging to the less represented gender; in this regard, as already mentioned, within the Board of Directors the number of candidates belonging to the less represented gender must be at least one third.

All in all, the Bank does not consider it necessary to adopt further specific diversity policies in relation to the composition of the strategic supervisory body.

The breakdown of the members of the Board of Directors as of 31 December 2021 by gender and age bracket is shown below:

***

Banca Ifis has also adopted measures to promote equal treatment and opportunities between genders within the entire corporate organisation. The Group firmly condemns any discrimination against employees or applicants based on gender, age, religious or political beliefs and trade union affiliation, as well any form of nepotism and preferential treatment.

The Bank, on its institutional website, in the "Work with us" section (www.bancaifis.it/lavora-con-noi/diversita-e-inclusione) makes available information relating to diversity and inclusion issues and provides evidence of their concrete implementation; in 2021 Banca Ifis was the first Italian bank certified by the Winning Women Institute to have achieved excellence in the field of gender equality.

As clearly stated in the Code of Ethics, most recently updated on 5 August 2021, the main reference for the criteria of conduct and ethics of the company, the conduct of all the people of the Group must be characterised by competence, excellence, integrity, transparency and concreteness. These rules apply also to Collaborators.

It is possible to report any conduct contrary to these principles, with the guarantee that the personal data of the complainant and the alleged offender will remain confidential, through the Whistleblowing mechanism, which is available to employees as well as collaborators and independent contractors working with the Group on a regular basis.

With regard to the composition of staff, it should be noted that, as of 31 December 2021, 54% of Banca Ifis employees are female and 40% of the top managers reporting to the CEO are women.

Maximum number of offices held in other companies

The Board of Directors of the Bank resolved to adjust the "Regulation on the accumulation of offices held by company representatives" on 21 October 2021 in order to incorporate the regulatory updates that occurred following the publication of Ministerial Decree no. 169/2020 "Regulation on the requirements and eligibility criteria for the performance of the duties of corporate representatives of banks, financial intermediaries, collective guarantee funds, electronic money institutions, payment institutions and depositor guarantee schemes" as well as the issuance of the 35th update of Bank of Italy Circular no. 285 of 17 December 2013, which took place on 2 July 2021.

The Regulation rules, first and foremost, that the Representative accepts the position and retains the exercise of it to the extent that he believes he can devote the necessary time to the diligent performance of the relevant duties. The time required is estimated on the basis of qualitative-quantitative parameters such as, in particular:

(i) the number and type of offices held on the administrative and supervisory bodies of other companies, businesses or bodies; and
(ii) the commitment in terms of time and complexity required by the professional activities performed; and
(iii) the commitment in terms of time and complexity required by the association positions held.

With regard to the total number of offices, the Regulation provides that each Representative may not hold a total number of offices in supervised entities, companies, enterprises and bodies higher than one of the following alternative combinations:

(i) 1 executive assignment and 2 non-executive assignments; or
(ii) 4 non-executive assignments.

For the purposes of the above calculation, it should be noted that:

(i) the position held at the Bank must be included;
(ii) the office of effective member of the Board of Statutory Auditors of the Bank cannot be held by a person who is a member of the Board of Statutory Auditors of 5 companies issuing securities on regulated markets;
(iii) Exempt Assignments and those held at Small Companies are not relevant;
(iv) a standing member of the Board of Statutory Auditors of the Bank may hold other administration and control offices in joint-stock companies, limited partnerships with share capital and limited liability companies, up to a maximum limit of six points resulting from the application of the calculation model contained in Annex 5-bis, Schedule 1, of the Regulation on Issuers, unless he is a member of the supervisory body of only one issuer.

An Exempt Assignment is:

(i) pursuant to the Regulation on Issuers: (a) appointments as liquidator taken on in the proceedings referred to in Book V, Title V, Chapter VIII of the Civil Code; and (b) appointments taken on following appointment by the legal or administrative authorities in the proceedings referred to in Article 2409, paragraph 4, of the Civil Code and in the respective procedures provided for by Royal Decree no. 267 of 16 March 1942 and by special laws, including those concerning public interest companies; and
(ii) pursuant to Decree no. 169/2020, assignments: (a) at companies or entities whose sole purpose is to manage the private interests of a Representative or a spouse who is not legally separated, a person bound by a civil union or de facto cohabitation, a relative or a relative-in-law up to the fourth degree and which do not require any kind of day-to-day management by the Representative; (b) as a professional at professional partnerships; and (c) as an alternate auditor.

Exemptions are provided for the purpose of determining the limits to the accumulation of offices; the following offices held are not considered:

(i) at companies or entities whose sole purpose is to manage the private interests of a Representative or a spouse who is not legally separated, a person bound by a civil union or de facto cohabitation, a relative or a relative-in-law up to the fourth degree and which do not require any kind of day-to-day management by the Representative;
(ii) as a professional in a professional company; and
(iii) as alternate auditor.

It is also possible to aggregate assignments, so that all assignments are considered to be a single assignment:

(i) within the same group;
(ii) in banks belonging to the same institutional protection system; and
(iii) in non-Group companies in which the Bank has a qualifying holding as defined in Article 4, paragraph 1, point 36 of Regulation (EU) no. 575/2013, as subsequently amended and supplemented.

If more than one hypothesis of aggregation occurs at the same time, the assignments are added together. It is considered an Executive Appointment if at least one of the aggregated assignments is an Executive Appointment; in other cases it is considered a Non-Executive Appointment.

In the Articles of Association, Executive Appointments are defined as the following positions:

(i) Chief Executive Officer;

(ii) Sole Director or equivalent positions;
(iii) General Manager, Joint General Manager, Deputy General Managers;
(iv) member of the Executive Committee;
(v) member of the Management Board;
(vi) director with operational powers or who performs, even de facto, functions relating to the day-to-day running of the company and/or managerial duties by supervising certain areas of company management.

A non-executive position is defined as the following positions:

(i) non-executive director: (a) director without management powers and who does not take part in the Executive Committee, if set up; (b) member of the Supervisory Body who does not belong to the related Audit Committee, when the case provided for by Art. 2409-terdecies, letter f-bis) of the Civil Code occurs;
(ii) control: (a) member of the Board of Statutory Auditors; (ii) member of the Supervisory Body, when the latter does not have the tasks set out in Art. 2409-terdecies, letter f-bis) of the Civil Code; (iii) member of the Control Committee set up within the Supervisory Body; and (iv) member of the Management Control Committee, in those companies which adopt the one-tier governance model.

The assumption of an additional Non-Executive Appointment for a director with respect to the above limits is permitted, subject to the Board's review, provided that it does not impair the director's ability to devote adequate time to his or her position with the Bank to effectively perform his or her duties.

For purposes of the above evaluation, the Board shall consider, among other things:

(i) the fact that the director holds an Executive Position in the Bank or is a member of board Committees;
(ii) the size, business, and complexity of the bank or other trading company where the additional assignment would be made;
(iii) the duration of the additional assignment; and
(iv) the level of expertise gained by the Director in carrying out the position in the Bank and any synergies between the different positions.

The Additional Non-Executive Assignment:

(i) is not permitted for a director who:
- a) holds the position of CEO, General Manager or Chairman of the Board of Directors, of the Control and Risk Committee or of any other board Committee; or
- b) benefits, for other assignments, from the application of the aggregation mechanism described above; and
(ii) does not benefit from the assignment aggregation methods described above.

A candidate for election as a director shall provide the Board of Directors with an updated status of the administrative, managerial and supervisory positions held. The updated status of the above assignments includes timely references to:

(i) type of assignment;
(ii) summary of activities required for the purpose of the assignment;
(iii) the company, enterprise and/or body at which the assignment is carried out;
(iv) time availability required/declared for the purpose of the assignment;
(v) duration of assignment;
(vi) any possibility/commitment to renew the assignment.

After appointment, the director - before holding an administration, management or control position in other companies, enterprises or bodies for which the limit to the accumulation of offices is set - shall immediately inform the Board. At the time of appointment, if the appointment relates to a position in a banking, insurance or financial company, the Board of Directors is also required to express its opinion on the compatibility of the appointment with the position of director of the Bank, without prejudice to the prohibition of interlocking as provided for by Art. 36 of the "Salva Italia" Decree and the

need for authorisation by the Shareholders' Meeting to hold the position of director or general manager in competing companies as provided for by Art. 2390 of the Civil Code.

Upon appointment, based on information received from the Director, the Bank:

(i) annually records the Executive and Non-Executive Appointments held by the Candidate in companies other than those belonging to the Group; and
(ii) discloses the above-mentioned offices in the public disclosure drawn up pursuant to Part One, Title IV, Chapter 1, Section VII of the Supervisory Provisions and in the Corporate Governance Report.

A director who exceeds the limit on the accumulation of offices shall promptly notify the Board of Directors and as a result of such notification, the Board of Directors:

(i) sets a deadline, not exceeding thirty calendar days, within which the director is required to take the necessary steps to restore compliance with the limit on the number of offices held. Such initiatives may be for the purpose of, but not limited to, relinquishing tenure or relinquishing miscellaneous assignments that result in exceeding the limits; and
(ii) shall immediately pronounce the forfeiture of the director if he fails to take the aforesaid steps within the aforesaid period.

At the time of writing this Report, no waivers have been granted.

Tables 5 and 6 below show the number and type of offices held by the Directors of Banca Ifis at the date of preparation of this Report, based on the information provided by them. Moreover, in order to comply with the requirements of Circular no. 285/2013 of the Bank of Italy (Section VII, Chapter 1, Title IV, Part One), evidence was also provided of the number and type of offices held by each Director in other companies or entities, even if not considered relevant pursuant to the "Regulation on the accumulation of offices held by company representatives".

OFFICES HELD BY MEMBERS OF THE BOARD OF DIRECTORS IN OTHER COMPANIES
			OFFICES IN COMPANIES RELEVANT FOR THE PURPOSES OF THE REGULATION ON THE ACCUMULATION OF OFFICES						OFFICES IN COMPANIES NOT RELEVANT FOR THE PURPOSES OF THE REGULATION ON THE ACCUMULATION OF OFFICES		TO TA L
	POSITIONS IN THE GROUP		Companies listed on regulated markets, including foreign ones		Financial, banking, insurance companies		Companies of significant size
	E.	N.E.	E.	N.E.	E.	N.E.	E.	N.E.	E.	N.E.
Sebastien Egon Fürstenberg									1		1
Ernesto Fürstenberg Fassio		1				1			1		3
Frederik Herman Geertman		1									1
Monica Regazzi						2				1	3
Riccardo Preve		1							4	3	8
Daniele Umberto Santosuosso									2	12	14
Simona Arduini		2						2		6	10
Monica Billio		2									2
Antonella Malinconico											0
Roberto Diacetti				2					1		3
Beatrice Colleoni											0
Luca Lo Giudice		3							1	3	7

Tab.5

Tab.6.

Director	List of positions	Companies belonging to the Banca Ifis Group
		NO	Banking Group	Non banking Group
Sebastien Egon Fürstenberg	Chairman of the Board of Directors of Banca Ifis Chairman of the Board of Directors of La Scogliera SA CEO of La Scogliera SA Limited partner of AB.CO s.a.s.	X X X	X
Ernesto Fürstenberg Fassio	Deputy Chairman of the Board of Directors of Banca Ifis CEO of La Scogliera SA Chairman of the Board of Directors of IFIS Npl Servicing S.p.A. Director of Aidexa S.p.A.	X X	X X
Frederik Geertman	Chief Executive Officer of Banca Ifis Director of Ifis Npl Investing S.p.A.		X X
Monica Regazzi	Director of Banca Ifis Director of Homepal a better place s.r.l. Director of Net Insurance Spa Director of Net Insurance Life S.p.A.	X X X	X
Riccardo Preve	Chairman of the Board of Directors of Ifis Rental Services S.p.A. Director of Banca Ifis Chairman of the Board of Directors of Preve Costruzioni S.p.A. CEO of Preve Costruzioni S.p.A. Full partner of Prefin sas Managing partner of Alfra 94 S.S. Managing partner of Emmegi 89 S.S. Chairman of the Board of Directors of SEP S.r.l. Director of SEP S.r.l.	X X X X X X X	X	X
Daniele Umberto Santosuosso	Director of Banca Ifis Bankruptcy liquidator of Costruzioni Paoloni s.r.l. in liquidation Bankruptcy liquidator of Eredi Vincenzo Mandara & C. s.n.c. Bankruptcy liquidator of Casale Immobiliare s.r.l. Bankruptcy liquidator of Multitele s.r.l. Bankruptcy liquidator of MA.PE. 2003 s.r.l. Liquidator of Columbus Ilmi s.r.l. in liquidation Liquidator of Columbus Baga s.r.l. in liquidation Court-appointed liquidator of Dima Gest s.r.l. in liquidation Bankruptcy liquidator of Vini Internazionali s.r.l. in liquidation Extraordinary administrator of Alitalia S.p.A. Extraordinary administrator of Alitalia Cityliner S.p.A. Director of Università Vita-Salute San Raffaele Bankruptcy liquidator of LAI in liquidation S.r.l. Bankruptcy liquidator of RSA Trasporti soc. coo. a r.l. in liquidation	X X X X X X X X X X X X X X	X
Simona Arduini	Director of Banca Ifis Director of Ifis Npl Servicing S.p.A. Director of Ifis Npl Investing S.p.A. Member of the Supervisory Committee of Veneto Banca S.p.A. in l.c.a. Alternate Auditor of Europa Gestioni immobiliari S.p.A. Auditor of Open Fiber Holding S.p.A. Auditor of Open Fiber S.p.A. Auditor of Sustainable Ventures S.p.A. Member of the Supervisory Committee of Europeenne de Gestion Privee S.A.-Italian Branch in l.c.a. Member of the Supervisory Committee of Orconsult Capital Management Italia S.p.A. in l.c.a. Member of the Supervisory Committee of Banca Popolare delle Province Calabre s.c.p.a. in l.c.a. Member of the Board of Statutory Auditors of Rentokil Initial Italia S.p.A.	X X X X X X X X X	X X X
Monica Billio	Director of Banca Ifis Director of Farbanca S.p.A. Director of Ifis Npl Investing S.p.A.		X X X

Director	List of positions	Companies belonging to the Banca Ifis Group
		NO	Banking Group	Non banking Group
Antonella Malinconico	Director of Banca Ifis		X
Roberto Diacetti	Director of Banca Ifis Director of Pirelli & C. S.p.A. Director of Saipem S.p.A. General Manager of Fondazione ENPAIA	X X X	X
Beatrice Colleoni	Director of Banca Ifis		X
Luca Lo Giudice	Director of Banca Ifis Chairman of the Board of Directors of Ifis Npl Investing S.p.A. Chairman of the Board of Directors of Ifis Real Estate S.p.A. Director of Ifis Npl Servicing S.p.A. Chairman of the Board of Directors of CISFI S.p.A. Director of INTERPORTO CAMPANO S.P.A. Director of CALVI HOLDING S.p.A. CEO of Vulcano S.p.A.	X X X X	X X X	X

3.4 Function of the Board of Directors

Since 2009, the Board of Directors of Banca Ifis has been equipped with a regulation that defines the operating rules of the body and its committees; the document has been updated over time, most recently on 21 October 2021.

The "Regulations of the Board of Directors, the Board Committees and the Supervisory Body" establishes that:

the documentation supporting the discussion of the items on the agenda is made available to each Director and Auditor via a dedicated web portal that ensures confidentiality through personalised access keys, by the third working day prior to the day set for the meeting, except in cases of urgency in which the documentation is made available by the day before the meeting and in any case as soon as possible;
such documentation is transmitted or made available at the direction of the Chairman by the Bank's Corporate Affairs;
if the Chairman deems it appropriate with regard to the content of the issue and the related resolution, also in order to avoid the risk of improper disclosure of confidential information, made possible by the communication tools used independently from the will of the persons concerned, the information documents can be provided directly during the meeting, by giving prior notice to the Directors and Auditors within the above-mentioned term, who, if they deem it necessary, can have access to the information, which is available at the registered office by the day before the meeting and anyway as soon as it is available.
The Secretary, or his deputy, is responsible for drawing up and filing the minutes of each meeting; he also supports the Chairman's activities and provides impartial assistance and advice to the Board of Directors on all matters relevant to the proper functioning of the corporate governance system.

As far as minutes are concerned, the Regulation identifies the essential elements that must be present in the minutes and provide indications regarding their conservation and archiving.

Moreover, pursuant to the "Regulation", the Chairman and/or the CEO may invite to participate in the Board's meeting managers or other Company's employees, or other external subjects or consultants, whose presence is deemed useful with regard to the issues to be dealt with, limited to the discussion of the subjects for which they are responsible.

In accordance with the Articles of Association, the General Manager, if appointed, takes part in the Board meetings in an advisory capacity; as an alternative to the appointment of the General Manager and the Deputy General Managers, the Board of Directors

may appoint one or more Joint General Managers. The Joint General Managers may participate, at the invitation of the Chairman, in the meetings of the Board, each in an advisory capacity in accordance with their respective responsibilities.

The methods and deadlines for submitting documentation to the Board described above were generally met during FY 2021. Almost never did the Chairman see an opportunity to provide documents directly in the meeting. This occurred in negligible percentages compared to the overall topics dealt with by the Board, mainly to provide more accurate versions of the communications to be disseminated on the periodic financial report or as part of the negotiations concerning the extraordinary transaction related to the acquisition of AIGIS Banca's business unit.

In FY 2021, 19 meetings were held whose average duration was 3 hours and 15 minutes. Attendance percentages are shown in Table 4 on page 22. The meetings were mainly held via video link in compliance with the specific indications of the Bank's Chairman and Top Management and in compliance with the stringent measures adopted by the competent Authorities regarding the containment and management of the epidemiological emergency from COVID-19, as well as the precautionary measures adopted within the Banca Ifis Group.

From the start of 2022 until the date of approval of this document, 4 board meetings have been held, including the one during which the "Report" was approved. The number of meetings held by the Board of Directors in 2022 can be expected to be in line with the previous year.

In compliance with the obligations for listed issuers set out in Art. 2.6.2 of the Regulation of Markets of Borsa Italiana S.p.A., the Board of Directors annually approves the Corporate Events Calendar, which has to be notified to Borsa Italiana for dissemination to the public within thirty days from the end of the previous financial year.

The Transparency II Directive (2013/50/EU), implemented in Italy through Legislative Decree no. 25 of 15 February 2016, repealed the obligation to publish interim Report on Operations, but left the option of reintroducing additional periodic information with respect to financial and half-yearly reports, albeit only under certain conditions and subject to a regulatory impact analysis in terms of costs and benefits; this provision was integrated into the Consob Regulation on Issuers through the insertion of the new Article 82-ter, in compliance with which Banca Ifis communicated its decision to continue to draw up and publish quarterly information, in accordance with previous practice, in accordance with the provisions of Borsa Italiana regulations for the STAR segment and in order to guarantee continuity and regularity of information to the financial community.

The calendar provided shows the dates set for the Shareholders' Meeting and the Board meetings to approve the draft financial statements and the financial reports (half-yearly and quarterly).

3.5 Role of the Chairman

Pursuant to Art. 12 of the Articles of Association, in order to carry out his function effectively, the Chairman of the Board must have a non-executive role and not carry out management functions, not even on a de facto basis; during FY 2021, he did not receive management powers and did not play a specific role in the planning of corporate strategies.

The Chairman acts as a link between the non-executive Directors and the CEO and ensures the effective functioning of the Board's activities by promoting the effective functioning of the corporate governance system, guaranteeing the effectiveness of the Board's debates and encouraging the participation of the Directors, especially the non-executive and independent ones, in a neutral manner, by encouraging their active participation in the discussion and resolution on the issues under discussion.

The same role is performed by the Deputy Chairman in the event of the Chairman's absence.

In particular, the Chairman ensures - with the support of the Secretary and the contribution of the CEO - that the premeeting information is suitable and, if necessary, that adequate additional information is provided during the Board meetings and that the board committees meet as a matter of course in the days preceding the Board meetings in order to adequately support the Board with regard to the issues under its responsibility.

Board meetings were attended during FY 2021:

• the Chief Financial Officer and the Corporate Accounting Reporting Officer, the Head of Business Plan Governance, Planning and Management Control, the Investor Relator and the Head of Communications, Marketing and External Relations, especially when presenting financial reporting documents and related press releases;

in support of the discussion of the results of the individual businesses represented in the financial reporting documents referred to in the previous point, the Head of the NPL Central Management Department, the General Manager of Ifis Npl Servicing S.p.A., the Head of the Capital Markets Department, the General Manager of Banca Ifis (until October) and, starting from October, the Joint General Manager Chief Commercial Officer and the Joint General Manager Chief Operating Officer;
numerous managers of the Bank, in addition to those mentioned above, including the Chief Lending Officer (with effect from October, as he is the former General Manager of Banca Ifis), the Head of Problem Loans, the Head of Corporate Finance, the Head of Structured Finance, the Head of the Major Risks and Monitoring Department, the Head of Operations Evaluation, the Head of Organisation, the Head of ICT & Change Management and other structure managers during the examination of topics relating to their activities and responsibilities.

The Head of Internal Audit, the Chief Risk Officer and the Heads of Compliance and Anti-Money Laundering illustrate their reports and plans directly to the directors, in compliance with the current supervisory regulations issued by the Bank of Italy. Finally, Giuseppe Rumi of Studio Bonelli Erede as the Bank's external legal counsel of reference has also taken part in Board meetings since April 2019.

The training plan prepared for the members of the Board of Directors and the Board of Statutory Auditors, extended also to the General Manager and subsequently to the Joint General Managers, was carried out always providing for training courses issued by leading training companies and, for some issues, further contribution with internal teaching in order to create the right balance between external updating and concrete positioning for issues relating to ESG, regulation of transactions with related parties, strategic risk, evaluation and management of IT risk and NPL.

The Chairman participates in the self-assessment process of the Board of Directors and the Board Committees, playing a central role in the preparation and management of the process, ensuring that it is carried out effectively and in a manner consistent with the degree of complexity of the Board's work, and making sure that the corrective measures envisaged to address any shortcomings identified are actually taken.

The Appointments Committee is involved, in support of both the Chairman and the Board of Directors, from the initial stages.

The execution of the self-assessment process for the second and third and final year of the term was carried out with the assistance of the company EgonZehnder as an external professional to support the internal staff, identified by the Chairman.

The company also performed head-hunting activities for the Group.

The Chairman, with the collaboration of the Deputy Chairman and the CEO, ensured that the Board was informed, by the first useful meeting, on the development and significant contents of the dialogue held with all shareholders.

Board Secretary

Pursuant to Art. 12 of the Articles of Association, the Board appointed the Head of Legal and Corporate Management as secretary of the Board of Directors and the Head of Corporate Affairs as deputy.

Appointment shall be by the Board, after consultation with the Chairman, and the Secretary may be chosen from outside the membership of the administrative body.

The requirements and attributions are defined in the Regulation of the Board of Directors and envisage that the secretary and his deputy are chosen from among the Bank's managers who, in performing the tasks entrusted to them, have demonstrated the requisites of confidentiality, accuracy and specific skills in legal matters.

The secretary's duties include drawing up and filing the minutes, supporting the Chairman's activities and providing impartial assistance and advice to the Board of Directors on all aspects relevant to the proper functioning of the corporate governance system, as well as ensuring that specific requirements are met at the Chairman's request following decisions taken by the Board or in compliance with regulatory provisions.

During FY 2021, the secretary ensured:

that the pre-board disclosures and supplemental information were adequate to enable directors to act in an informed manner;
that the activities of board committees were coordinated with the activities of the Board of Directors in order to provide its support in the form of preliminary, propositional or advisory activities;
the interventions in the meetings of both the Board and the Committees made by the managers to provide the appropriate insights in coordination with the CEO;
the organisation, in agreement with the HR Department and top management, of courses that involved internal teaching;
• the self-assessment process as identified as the internal manager for managing the process.

3.6 Executive directors

Chief Executive Officer

In the model adopted by Banca Ifis, the Board of Directors appoints a CEO from among its members and establishes the powers of the CEO, who implements the resolutions of the Board of Directors, also with the aid of the Joint General Managers.

Management delegations are divided into the following main areas:

staff management;
purchase and disposal of goods and services;

The distribution of management delegations is graduated according to decreasing levels of authorisation, from the Board of Directors to the operational structures.

The most significant limits - in terms of value and subject matter - applied to the powers delegated to the CEO can be summarised as follows, without prejudice to the fact that systematic information flows are provided for with regard to the exercise of the powers assigned over time, as well as compliance with the related quantitative limits:

STAFF MANAGEMENT

Decisions regarding the commencement, management and termination of the employment relationship of executives, without prejudice to the powers retained by the Board of Directors in respect of the relationships of executives with strategic responsibilities and/or reporting to the Board itself and without prejudice, however, to the Board's prerogatives over the heads of the control functions established by the supervisory provisions for Banks.

Loans to employees, in the event of derogation from the Regulation for granting loans to Banca IFIS Group employees, the joint signature of the Head of Human Resources and the CEO is required

POWERS DELEGATED IN CONNECTION WITH THE PURCHASE AND DISPOSAL OF GOODS AND SERVICES

Loans to employees, in the event of derogation from the Regulation for granting loans to Banca IFIS Group employees, the joint signature of the Head of Human Resources and the CEO is required

Chairman of the Board of Directors

In compliance with the provisions of the Articles of Association (Art. 12), the Chairman of the Board is not the main person responsible for the management of Banca Ifis, has not received any management delegation or proxy in the elaboration of corporate strategies and is not the controlling shareholder of the Bank.

Information to the Board by the CEO

Pursuant to Art. 15 of the Articles of Association, the CEO can, in case of urgency, take resolutions concerning any business or operation that is not under the exclusive competence of the Board of Directors, by immediately informing the Chairman and informing the Board during the first subsequent meeting.

In all other cases, the CEO reports to the Board on his activities with the frequency detailed below:

Information	Frequency
Liquidity situation report	monthly
Breakdown of the investment portfolio	monthly
Credit disbursement and monitoring activities	monthly
Report on the exercise of delegated powers for the management of Human Resources	half-yearly
Incentive system (report on criteria adopted by Top Management)	annual

Other executive directors

There are no other directors to be considered executive officers, other than the Chief Executive Officer, because:

they hold management positions in Banca Ifis;
they hold the office of Chairman of a subsidiary of strategic importance, with delegated powers in the management or elaboration of corporate strategies;
they hold the office of CEO, or management positions, in a subsidiary with strategic importance, or in the parent company.

3.7 Independent directors and Lead Independent Director

Independent directors

The Board makes its own assessments of the Code's requirements for directors who qualify as independent at the first meeting following appointment by the Shareholders' Meeting and periodically assesses the independence of directors. On 19 April 2019, after the appointment, it ascertained that seven of its members (Simona Arduini, Antonella Malinconico, Beatrice Colleoni, Monica Billio, Daniele Umberto Santosuosso, Divo Gronchi and Roberto Diacetti) met the independence requirements according to the criteria contained in the Corporate Governance Code for listed companies and paragraph 3 of Art. 148 of the TUF.

In order to verify the independence requirements, the information related to the existence of direct or indirect relationships (credit, commercial/professional and employment relationships, as well as relevant offices held) with (i) the Bank, (ii) the Parent company and/or Group companies by the Directors, as well as (iii) the Chairman of the Board of Directors, executive directors and key managers of the companies under (i) and (ii) above was taken into account.

The Company has deemed it appropriate to adopt specific criteria for verifying the independence requirements, since such verification requires a broader assessment that takes into account subjective and objective factors.

The criteria identified for this purpose, and drawn up also taking into account best practices, were, among others: (i) the nature and characteristics of the relationship; (ii) the amount in absolute and relative terms of the transactions; and (iii) the subjective profile of the relationship.

Specifically, in assessing the significance of the relationship, information was considered, if available: 1) as regards credit relationships, the absolute amount of the credit granted, its percentage weight with regard to the total value of the borrower's indebtedness and, where applicable, the borrower's economic-financial situation; 2) as regards professional/commercial relationships, the characteristics of the transaction/relationship, the amount of the consideration and, where applicable, the counterparty's economic-financial situation; 3) as regards employment relationships, the duration and characteristics of the related relationship and the expected remuneration 4) with regard to the offices held in group companies and/or in the parent company, the total amount of the related remuneration and its percentage weight with regard to the overall economic-financial situation of the director concerned; as well as any further remuneration and/or remuneration received for any reason, in the last three financial years, from (i) Banca Ifis, (ii) the parent company and/or the companies of the group, including any additional remuneration (with respect to the "fixed" emolument as a non-executive director and the remuneration for participation in committees) also in the form of participation in incentive plans linked to company performance, including share-based plans.

Moreover, the Board of Statutory Auditors - pursuant to the application criterion 3 C.5 of the Corporate Governance Code, in force as at the date of the audit, verified on the same date the application of the assessment criteria and procedures adopted by the Board of Directors to assess the independence of its members, deeming them to be compliant with the indications provided by the Corporate Governance Code.

The outcome of the valuations carried out was announced in a press release issued to the market on the same date, i.e. 19 April 2019.

As at the date of approval of the Report, 7 Directors qualified as independent, since Monica Regazzi was appointed by the Shareholders' Meeting on 22 April 2021; the Chairman of the Board does not qualify as independent.

The number of independent directors appointed is higher than both the provisions of the Articles of Association, which require the presence of ¼ of the members, and the indications of the Corporate Governance Code; this choice made it possible to compose the Control and Risk Committee and the Appointments Committee entirely with independent directors; the independent director elected by minorities is a member of the Control and Risk Committee and Chairman of the Appointments Committee.

The Board of Directors verifies on an annual basis compliance with the independence requirements set out in the Corporate Governance Code and in paragraph 3 of Art. 148 of the TUF. This review was conducted for the second year on 22 April 2021 and for the third year of the term of office at the Board meeting of 13 January 2022, after prior analysis by the Appointments Committee; the independence status was confirmed for all 7 directors.

Two meetings of the independent directors coordinated by Lead Independent Director Simona Arduini were held during 2021:

on 1 June, issues relating to the training program for Directors and updates on governance issues regarding new legislation and the Corporate Governance Code were discussed.
on 15 December, the independent Directors made considerations regarding the launch of self-assessment activities for the third and final year of their term of office and initial feedback on training activities was shared.

Lead Independent Director

In line with the guidelines established at the time by the Corporate Governance Code for listed companies (application criterion 2.C.4), taking into account that the role of Chairman of the Board of Directors coincided with the person who, as majority shareholder of La Scogliera, held the control of Banca Ifis, on 19 April 2019 the Board of Directors appointed Prof. Simona Arduini as Lead Independent Director for the three-year period 2019/2021.

They have the task of representing a point of reference and coordination for the requests and contributions of the directors (non-executive and, in particular, independent directors) and of collaborating with the Chairman of the Board of Directors in order to guarantee that the directors receive complete and timely information flows.

The same has the power to convene, when deemed appropriate or upon proposal of other directors, special meetings dedicated solely to independent directors to discuss issues deemed of interest with respect to the functioning of the Board of Directors or the management of the Company.

After the changes made to the figure of the indirect parent company and communicated to the market by La Scogliera S.p.A. on 23 May 2020, there were no changes in the presence of the current Lead Independent Director within the Issuer.

4. Corporate information management

The Bank has a "Policy for the handling of inside information", most recently updated in September 2019. The Policy details the identification, internal handling, and public disclosure of inside information; In addition, it establishes the duties and responsibilities of the Bank's representatives in the context of the meetings with the financial community. The policy calls for the creation of a Relevant Information List (the "RIL") with the aim of mapping ex ante the types of inside information that may concern the Bank or its subsidiaries in order to facilitate their subsequent ongoing identification. For each piece of relevant information, the mapping indicates the organisational roles that routinely have access to it in order to facilitate the compilation of the register of persons with access to inside information.

On an ongoing basis, each piece of information concerning Banca Ifis or a subsidiary company is checked to see whether or not it is material and, if so, whether or not it can be qualified as privileged.

5. Board committees

In implementation of Article 12-bis of the Articles of Association, the Board of Directors has set up three internal committees which, with propositional, investigative and advisory functions, enable the body with strategic supervisory functions to take its decisions with greater knowledge of the facts:

Control and Risks Committee;
Appointments Committee;
Remuneration Committee.

The composition, functioning and responsibilities of the Board Committees are governed by the General Regulation and the Regulation of the Board of Directors, the Board Committees and the Supervisory Body, most recently updated on 21 October 2021; information is provided in the various sessions of the report dedicated to each Committee; the composition of the committees has been carried out by the Board avoiding an excessive concentration of offices.

No function was distributed differently than recommended by the Code or was reserved for the entire Board.

Tab.7 shows information on the composition of the Committees and the actual participation of each member in the meetings.

Tab.7						Control and Risks Committee		Appointments Committee	Remuneration Committee
Members	Exec.	Non exec.	Indep. Code	Indep . CFA	Position held	meeting attendance	Position held	meeting attendance	Position held	meeting attendance
Sebastien Egon Fürstenberg		X
Ernesto Fürstenberg Fassio		X
Frederik Herman Geertman	X
Monica Regazzi		X	X	X
Riccardo Preve		X
Daniele Umberto Santosuosso		X	X	X	M	18/21
Simona Arduini		X	X	X	C	21/21
Monica Billio		X	X	X	M	21/21	M	12/12
Antonella Malinconico		X	X	X	M	21/21			C	9/9
Roberto Diacetti		X	X	X	M	17/21	C	12/12
Beatrice Colleoni		X	X	X			M	12/12	M	9/9
Luca Lo Giudice		X							M	9/9
						Members who ceased office during FY 2021
Divo Gronchi		X	X	X			M
Luciano Colombini	X

6. Director Self-Evaluation and Succession - Appointments Committee

6.1 Self-Assessment and Director succession

Banca Ifis has a Regulation on the self-assessment process of the Corporate Bodies, most recently updated in October 2021, which identifies in a manner consistent with the complexity of the Bank and the activity of the Corporate Bodies the persons involved, the phases, the object of the assessment and the methods and tools with which to carry out the various phases of the process itself.

At its meeting on 15 July 2021, the Board completed its annual self-assessment process on the size, composition, and functionality of the Board and its Committees for its second year in office. The evaluation process took place from April to July 2021 and was conducted with the assistance of the consulting firm Egon Zehnder, through:

use of questionnaires based on corporate governance best practices, on the specificities of Banca Ifis and on the results of the Self-Assessment of the first year of the mandate, taking into particular consideration the areas that presented opportunities for improvement, in order to verify progress compared to the previous year;
individual interviews between the Egon Zehnder team and each Director.

The self-assessment process was carried out in compliance with the provisions of the Supervisory Provisions for banks on corporate governance and taking due account of the EBA guidelines on internal governance, the EBA/ESMA guidelines on the

requirements of directors and key function holders and the ECB guide for verifying requirements, as well as the principles of the Corporate Governance Code and the Recommendations formulated by the Corporate Governance Committee for 2021. With regard to the procedures, first of all the Board - having heard the opinion of the Appointment Committee - decided to make use of the support of an external professional to carry out the process and identified the internal staff in charge of carrying out the same, having taken into account the criteria identified by the Bank within the Regulation on the self-assessment process and, subsequently, the process was divided into the following phases:

i. investigation phase
ii. processing phase
iii. phase of preparing the outcomes of the process
iv. phase of collegial discussion of the results and of predisposition of eventual opportune corrective measures
v. phase of verification of the state of implementation of the initiatives previously taken for self-assessments subsequent to the first.

The results of the self-assessment for FY 2020 paint a positive picture of the functioning of the Board of Directors and its Committees.

Specifically, the findings highlight the following strengths:

Qualitative-quantitative profile of the Board of Directors;
Operation and functioning of the Board in terms of meetings, scheduling, agenda and minutes, and internal climate;
Leadership of the Chair, quality of relationships between the Board and the new CEO, and the collaborative relationship between the Board and Senior Management;
Information flow in terms of clarity and completeness of documents;
Current structure of the Board Committees;
Governance structure and related controls;
Collaborative relationship between the Board and the Board of Statutory Auditors and appreciation for the role of the Chairman of the Board of Statutory Auditors.

As for food for thought for the future, the Board shared the following topics:

Need to effectively balance the flexibility of the web application used to manage documentation for directors and auditors in use since FY 2021;
Strengthening of the quality profile with managerial skills, experience in the CSR/Sustainability area, technological/digital and operations experience and international experience;
Adoption of the executive summary format, with a view to increasing efficiency and synthesis and improving the timing of the provision of documentation.
Scheduling of Committee meetings by providing more time between them and Board meetings.

The third and final self-assessment, covering FY 2021, was initiated in December 2021 with the assistance of the consulting firm Egon Zehnder.

In view of the forthcoming renewal of the corporate bodies, having taken into account the results of the self-assessment, the Board will express its own opinion on the quantitative and qualitative composition deemed optimal by publishing the document on the website well in advance of the meeting relating to the renewal, as provided for by Art. 11 of the Articles of Association.

The Board considered adopting a plan for the succession of executive directors and, as a result, the Appointments Committee in 2020 had initiated the development of a comprehensive succession plan for senior management following the presentation of the 2020-2022 Business Plan. In order to be able to correctly outline the succession plans, the Board deemed it necessary to implement the internal reorganisation activity and to identify the business sectors and areas of strategic interest for the future of the Group.

During 2021, the activities of analysis and definition of the succession plan continued, also following the change in the role of CEO and the preparation of the new business plan 2022-2024, and in mid-2021 the drafting of the succession tables was finalized.

It is expected to be completed in early 2022.

6.2 Appointments Committee

Composition and functioning of the Appointments Committee

The Regulation of the Appointments Committee establishes that it is made up, as a rule, of between 3 and 5 members chosen from among the non-executive members of the Board of Directors, the majority of whom are independent. Members must have competences that are functional to the fulfilment of the tasks they are called to perform and the Committee shall be chaired, in turn, by one of its members chosen by the Board of Directors from the independent directors.

The chairmanship of the Appointments Committee lasts eighteen months from the date of appointment, unless the office of director or member of the Appointments Committee is forfeited, revoked or the person resigns. When the presidency expires, the Board of Directors confers the office of Chairman to a different member of the Appointments Committee holding the aforementioned requirements. Notwithstanding the rotation of the office of Chairman, members of the Appointments Committee may serve as Chairman more than once, preferably not consecutively.

If a member of the Appointments Committee leaves office for any reason whatsoever, also as a consequence of termination of office, the Board of Directors shall immediately appoint a new member at the first useful meeting. Members of the Appointments Committee appointed to replace those who have ceased to serve shall expire at the same time as those in office at the time of their appointment, unless otherwise determined by the Board of Directors. Each member of the Appointments Committee may be removed by resolution of the Board of Directors, which shall at the same time provide for his or her replacement. The term of office of the members of the Appointments Committee is equivalent to that of the Board of Directors which appointed it, whose early termination, for any reason, determines the simultaneous termination of the Appointments Committee.

The Chairman shall call and preside over meetings of the Appointments Committee, prepare its proceedings, and direct, coordinate and moderate discussions. The Chairman shall report to the Board of Directors on the activities carried out by the Appointments Committee and on the related proposals and guidelines in the most appropriate form at the first useful meeting. The Chairman shall sign, on behalf of the Appointments Committee, reports and opinions to be submitted to the Board of Directors and/or other bodies or functions of the Bank.

The Appointments Committee also meets whenever requested by one of its members who submits a written request to the Chairman, indicating the items to be included in the agenda. Meetings of the Appointments Committee shall be called with at least three days' notice, indicating the place, day, time and items on the agenda. In cases of urgency, the Appointments Committee may be convened with one day's notice prior to the scheduled meeting date. In any case, a meeting shall be deemed to be validly constituted if all members of the Appointments Committee are present, even without formal convocation. The notice of call must be sent to the regular members of the Board of Statutory Auditors and, in copy for information, to the Chairman of the Board of Directors. Any documentation relating to the items on the agenda shall normally be made available at the same time as the meeting is convened and in any case with the advance notice appropriate to the circumstances.

The Regulation provides that the members of the Board of Statutory Auditors and, at the invitation of the Chairman of the Appointments Committee, the Chairman of the Board of Directors, the Deputy Chairman, the CEO and the General Manager (if appointed) may attend the Committee's meetings. Lastly, the Appointments Committee may avail itself of and/or request the presence of external consultants and any corporate representative or employee of the Bank or of another Group company competent in the matter in question, informing the CEO thereof.

A majority of the members in office must be present for the meetings of the Appointments Committee to be valid. Decisions/resolutions of the Appointments Committee are made by an absolute majority of those in attendance.

The meetings of the Appointments Committee can be validly held also by means of suitable audio, video or teleconference systems, provided that all those entitled can take part and be identified, and that they are able to follow the meeting and take part in real time in the discussion of the issues, as well as receive, transmit and view documents, thus enabling a simultaneous

examination and resolution/decision-making process. The Appointments Committee may meet anywhere, provided that it is in Italy.

The secretariat of the Committee is provided by the Legal and Corporate Affairs Department. Minutes of the meetings of the Appointments Committee shall be drawn up by the secretary. The minutes shall be transcribed in the appropriate book and signed by the chairman of the meeting and the secretary.

The Committee currently in office is comprised of independent directors Roberto Diacetti, who serves as Chairman, Beatrice Colleoni and Monica Billio, who was appointed by the Board of Directors on 14 January 2021 following the resignation of Divo Gronchi.

In FY 2021, the Appointments Committee met 12 times, including once in joint mode with the Remuneration Committee; the meetings averaged approximately thirty minutes in length. As of the date of approval of this Report, the Appointments Committee has met three times and 5 meetings have been scheduled for FY 2022.

The members of the Board of Statutory Auditors attended all Committee meetings held in 2021.

Member of the Appointments Committee

The Committee performs the following investigative, propositional and advisory functions:

it provides opinions to the Board of Directors in respect of: (a) the size and qualitative and quantitative composition of the Board and expresses recommendations concerning the professional figures whose presence within the Board is deemed appropriate; (b) the maximum number of administration and control offices, in compliance with the sector's legislation and the internal regulations in force over time; (c) the assessment, if any, of significant positions pursuant to Article 2390 of the Civil Code. With reference to the need to ensure an adequate degree of diversification in the collective composition of the body, the Appointments Committee without prejudice to the obligations set out by the regulations for listed banks - sets a target in terms of the share of the less represented gender and prepares a plan to increase this share up to the set target;
it proposes to the Board of Directors candidates for the office of director in cases of co-option;
it evaluates, at the request of the Board of Directors, the candidacies of individuals who will hold positions in the subsidiaries;
it conducts the investigation into the preparation of succession plans;
it supervises the self-assessment process of the corporate bodies; in particular, it proposes to the Chairman of the Board of Directors the staff appointed to conduct the self-assessment process of the Bodies with strategic supervision and management functions;
it proposes to the Board the areas of the training plan that emerged from the implementation of the selfassessment process and supervise the use of the courses selected by the Board, providing evidence thereof for the purposes of drawing up the Report on Corporate Governance and shareholding structure;
it verifies the existence of the requirements of professionalism, integrity and independence of the subjects carrying out administrative, management and control functions, pursuant to Art. 26 of Legislative Decree no. 385/1993 (TUB).

The Committee also:

• supports the Control and Risk Committee in identifying and proposing to the Board of Directors the heads of the corporate control functions to be appointed;

In 2021, the following topics were dealt with: the evaluation of the candidatures of persons to be co-opted both in Banca Ifis and in its subsidiaries, the Self-Assessment Process of the Board of Directors, the Succession Plan, the annual verification of the requirements set forth in Art. 26 of the TUB, the annual verification of the requirements of independent Directors, the annual verification of the absence of offices in competing companies or groups of companies, the optimal qualitative and quantitative composition of the Board of Directors, the training plan for the members of the Board of Directors.

In carrying out its functions, the Committee has access to all relevant corporate information and functions, as well as to external consultants, within the terms set out by the Board of Directors and in compliance with the Group's policy for the management of inside information.

The Appointments Committee has at its disposal financial resources, which can be activated autonomously, in the amount of 60.000 Euro per year, and it is expected to report to the Committee on the possible use of the funds at least once a year, usually during the examination of the Report on Corporate Governance and Shareholding Structure.

The Appointments Committee sees to the setting up of mechanisms to ensure the timely exchange of information with the Board of Statutory Auditors, guaranteeing the availability of information relevant to the performance of their respective duties and the coordination of activities in the areas of shared responsibility for the improved efficiency of the internal control systems.

7. Remuneration of Directors - Remuneration Committee

7.1 Remuneration of Directors

Refer to the relevant parts of the remuneration report published pursuant to Art. 123-ter of the TUF.

7.1 Remuneration Committee

Refer to the relevant parts of the remuneration report published pursuant to Art. 123-ter of the TUF.

8. Internal Control and Risk Management System - Control and Risk Committee

The internal control system plays a central role in the company's organisation, representing a fundamental element of knowledge for the company bodies in order to guarantee full awareness of the situation and effective monitoring of the company risks and their interrelationships; it guides the changes in the strategic lines and company policies and allows the organisational context to be adapted in a coherent manner, it supervises the functionality of the management systems and compliance with the institutions of prudential supervision; it also favours the diffusion of a correct culture of risks, legality and company values. The Board of Directors, in the document "Group guidelines on the Internal Control System", most recently updated in February 2022, defined the following are the guidelines at Group level:

a) the principles on which the system of internal controls is based;
b) the process of developing the system of internal controls, with an exhaustive breakdown of the tasks of the governing bodies with regard to the phases of:
- I. design of the system of internal controls;
- II. implementation of the system of internal controls;
- III. evaluation of the system of internal controls;
- IV. external communication on the system of internal controls;
c) the elements that characterise risk management;
d) the organisational control model;
e) the roles and control tasks assigned to the organisational units that hinge the company's control functions;
f) the methods of connection between organisational units that hinge on company control functions;

g) information flows between the organisational units that hinge the company control functions and between these and the company bodies;
h) the coordination of the Group's internal controls.

Banca Ifis pursues the following general principles of organisation:

decision-making processes and the assignment of functions to staff are formalised and allow the unambiguous identification of tasks and responsibilities and are suitable for preventing conflicts of interest. In this context, the necessary separation between operational and control functions is ensured;
human resource management policies and procedures ensure that staff are provided with the necessary skills and professionalism to carry out their assigned responsibilities;
the risk management process is effectively integrated. In actual fact: a) there is a common language in the management of risks at all levels; b) the methods and tools used to detect and assess risks are consistent with each other; c) risk reporting models are defined in order to facilitate understanding and correct assessment, also in an integrated logic; d) coordination moments are identified for the purposes of the respective activities; e) information flows are provided for on an ongoing basis between the various departments in relation to the results of the control activities of their own relevance; f) the remedial actions identified are shared;
the processes and methodologies for the valuation, including for accounting purposes, of the company's assets/liabilities are reliable and integrated with the risk management process. To this end: the definition and validation of the valuation methodologies are entrusted to different units; the valuation methodologies are robust, tested under stress scenarios and do not rely excessively on a single source of information; the valuation of a financial instrument is entrusted to a unit that is independent of the one that trades that instrument;
operating and control procedures minimise the risks associated with fraud or employee infidelity, prevent or, where not possible, mitigate potential conflicts of interest and, moreover, prevent involvement, even unknowingly, in money laundering, usury or terrorist financing;
the information system complies with the requirements of the supervisory regulations in force at the time;
the levels of business continuity guaranteed are adequate and comply with the provisions of the supervisory regulations in force over time.

Banca Ifis further establishes:

formalised procedures for coordination and liaison between the components of the Group and the Parent company for all areas of activity subject to management and coordination;
tasks and responsibilities of the control bodies and functions within the Group, coordination procedures, organisational reporting, information flows and related links;
mechanisms for integrating information systems and data management processes, also in order to ensure the reliability of surveys on a consolidated basis;
periodic information flows that allow for the effective exercise of the various forms of control over the components of the Group;
procedures to ensure an effective group risk management process at a centralised level;
systems to monitor cash flows, credit relationships (particularly the provision of guarantees) and other relationships between Group entities;
controls on the achievement of IT security and business continuity objectives defined for the entire Group and individual components.

Banca Ifis formalises and makes known to its Subsidiaries the criteria that govern the various phases that make up the risk management process and validates the risk management processes within the Group. The Parent company decides on the adoption of the internal systems to be used for measuring risks, and determines its main characteristics, thus taking on the responsibility of carrying out the project as well as supervising the correct implementation of these systems and their constant adjustment from a methodological, organisational and procedural point of view.

The Bank also provides its Subsidiaries with guidelines for the design of the company's internal control system. The Subsidiaries must adopt an internal control system that is consistent with the strategy and the policies of the Group, in terms of controls, without prejudice to compliance with regulations applicable on an individual basis. In any case, it is necessary for the Parent company, in compliance with local constraints, to adopt all initiatives aimed at guaranteeing standards of control and supervision comparable to those envisaged by Italian supervisory provisions, even in cases where foreign regulations do not envisage similar levels of attention.

The process of developing the Group's system of internal controls is defined by Banca Ifis through a cyclical process divided into the following phases:

1. design
1. implementation
1. evaluation
1. outward communication.

The Board of Directors of the Parent company, in the exercise of its strategic supervisory function, designs the internal control system and, in this context, it:

1. defines and approves:
2. a) the Group's business model, being aware of the risks to which this model exposes Banca Ifis and its Subsidiaries and understanding the ways in which these risks are detected and assessed;
3. b) the Group's strategic guidelines, which are updated in line with developments in the company's business and the external context;
4. c) the risk objectives, tolerance threshold (where identified) and risk governance policies;
5. d) the Group RAF, taking into account the specific operations and related risk profiles of both Banca Ifis and its Subsidiaries, so as to ensure consistency and integration. The Board of Directors of each Subsidiary is responsible for the implementation of the Group's RAF as far as aspects relating to its own business are concerned;
6. e) guidelines for the design of the system of internal controls;
7. f) the criteria for identifying "Major Transactions" to be submitted for prior examination to the Parent company's Risk Management; it also approves those defined by the Subsidiaries, as defined by the Policy for the management of Major Transactions;
8. g) the process for assessing the Group's liquidity adequacy (ILAAP), promoting full use of the results for management purposes;
9. h) the Contingency Funding Plan (hereinafter "CFP"), which defines the actions to be taken in the event of a market crisis or specific situations for the Group;
10. i) the process for managing crisis situations to which the Parent company and its Subsidiaries may be exposed and the Recovery Plan;
11. j) the organisational structure, ensuring on an ongoing basis that tasks and responsibilities are allocated in a clear and appropriate manner and ensuring that operational functions are separated from control functions;
1. approves:
2. a) the establishment of Parent company control functions, their tasks and responsibilities, the methods of coordination and collaboration, the information flows between these functions and between them and the company bodies;
3. b) internal systems for reporting violations;
4. c) the stress testing programme;
1. it prepares, submits to the General Meeting and reviews, at least once a year, the Group's remuneration and incentive policy;
1. at least once a year, it approves the programme of activities, including the annual and multi-year audit plan prepared by the Parent company's Internal Audit, and examines the annual reports prepared by the Parent company's Control Functions;
1. it defines the guidelines for the design of the internal control system of the subsidiaries.

On the proposal of the Chief Executive Officer of the Parent company, it also approves:

a) the group's risk management process and assesses its compatibility with strategic guidelines and risk governance policies;
b) the group process for the development and validation of internal risk measurement systems, even if not used for regulatory purposes, but exclusively for management purposes;
c) the organisational and methodological reference framework for the analysis of group IT risk, promoting the appropriate exploitation of information on technological risk within ICT and integration with risk measurement and management systems (especially operational, reputational and strategic);
d) the Group's IT risk appetite, with regard to internal services and those offered to customers, in accordance with the risk objectives and the framework for determining risk appetite defined at Group level;
e) the Cybersecurity Policy;
f) the group Policy regarding the outsourcing of company functions;
g) the group Anti-Money Laundering Policy;
h) the structure of delegated powers and decision-making powers (for both the Parent company and Group Companies) in line with the strategic guidelines and risk orientations established, and checking that they are exercised;
i) Group policies and processes for the valuation of corporate assets and, in particular, of financial instruments, verifying their constant adequacy; it also establishes the maximum limits for the exposure of the Group as a whole and of each Group company to financial instruments or products whose valuation is uncertain or difficult;
j) the Group's process for approving new products services, starting up new activities, entering new markets; the process for approving new products and services, starting up new activities, entering new markets;
k) the Code of Ethics with which members of corporate bodies and Group employees are required to comply in order to mitigate operational and reputational risks;
l) with regard to credit and counterparty risks, the general outlines of the system for managing risk mitigation techniques that governs the entire process of acquiring, evaluating, controlling and implementing the risk mitigation instruments used.

With regard to the internal control system of each single Subsidiary, the related body with strategic supervisory function carried out the appropriate assessments for the best protection of the Company's interests and within the scope of the provisions received:

it implements the Group's strategic guidelines and business model, with particular reference to the component for which it is responsible;
it implements the Group's RAF, for the parts under their responsibility;
it implements the guidelines provided by the Parent company for the design of its internal control system;
it defines any additions to be made to the system of internal controls, in line with the internal regulations on management and coordination defined by the Parent company.

The Board of Directors of the Parent company delegates adequate powers to the CEO so that, in his capacity as the body with management functions, he implements the internal control system, both at Group and corporate level, consistently with the choices made during the planning stage. In particular, the powers delegated by the Board of Directors to the CEO are such as to enable the latter to:

implement the strategic guidelines, the Group's RAF and the risk management policies;
adopt measures to ensure that the organisation and the internal control system comply with the applicable principles and regulatory requirements, and monitoring compliance on an ongoing basis.

The Chief Executive Officer of the Parent company, in particular:

defines and oversees the implementation of the Group's risk management process. Within that framework:
- o he establishes operating limits (also specifying those relating to the individual companies that make up the Group, including the Parent company) for taking on the various types of risk, in line with the Group's

and individual's propensity to accept risk, taking explicit account of the results of stress tests and changes in the economic scenario. In addition, as part of risk management, it ensures that, for each type of risk, appropriate and independent internal analyses are carried out;

o he facilitates the development and dissemination at all levels of an integrated risk culture in relation to the various types of risk and extended to the entire Group. In particular, training programmes are developed and implemented to make employees aware of their risk responsibilities so that the risk management process is not confined to specialists or control functions;
o he establishes the responsibilities of the organisational units (both of the Parent company and of the Subsidiaries) involved in the group risk management process, so that the relative tasks are clearly assigned and potential conflicts of interest are prevented; it also ensures that the relevant activities are managed by qualified staff with an adequate degree of autonomy of judgement and with experience and knowledge appropriate to the tasks to be carried out;
o he examines Major Transactions for which Risk Management has issued a negative opinion, including those generated by Subsidiaries, and, if necessary, authorises them: it informs the Board of Directors and the Board of Statutory Auditors of such transactions;
o he is responsible for the implementation and performance of the stress testing program and ensures that clear responsibilities and sufficient resources are assigned and distributed and that all program elements are appropriately documented and regularly updated in internal procedures;
he defines the organisational, methodological and procedural framework for the process of analysing IT risk, pursuing an appropriate level of connection with the Parent company's Risk Management for the processes of estimating operational risk. The analysis process is carried out with the assistance of the responsible user and the Parent company's ICT & Change Management, Risk Management and Compliance functions, according to methodologies and responsibilities formally defined by the CEO;
with reference to the ICAAP and ILAAP process, he implements it ensuring that it is in line with the Group's strategic guidelines and the Group's RAF and that it meets the following requirements: it considers all relevant risks; it incorporates prospective assessments; it uses appropriate methodologies; it is known and shared by the internal structures; it is adequately formalised and documented; it identifies the roles and responsibilities assigned to the organisational units of the company; it is entrusted to competent resources, sufficient in quantity, placed in a hierarchical position adequate to enforce the planning and is an integral part of the management activity;
with specific reference to credit and counterparty risks, in line with strategic guidelines, he approves specific guidelines aimed at ensuring the effectiveness of the system for managing risk mitigation techniques and guaranteeing compliance with the general and specific requirements of these techniques.
he defines and oversees the implementation of the Group's process (managers, procedures, conditions) for approving investments in new products, the distribution of new products or services or the launch of new activities or entry into new markets;
he defines and oversees the implementation of the Group Policy for the outsourcing of company functions;
he defines and manages the implementation of the Group's processes for the evaluation of company activities, ensuring that they are constantly updated;
he defines the internal information flows aimed at ensuring that corporate bodies and the organisational units responsible for controls have full knowledge and control of risk factors and can verify compliance with the Group's RAF;
within the scope of the Group's RAF, if a tolerance threshold has been defined, he authorises exceeding of the risk propensity within the limit represented by the tolerance threshold and promptly informs the Board of Directors, identifying the management actions necessary to bring the assumed risk back within the predetermined objective;
he defines the crisis management process, the main assumptions underlying the stress scenarios, the recovery indicators used, the recovery options and the relevant communication plan; supervises the drafting and updating of the Recovery Plan;
he sets up the initiatives and measures needed to ensure the ongoing completeness, adequacy, functionality and reliability of the internal control system and reports the results of the checks carried out to the Board of Directors;

• he prepares and implements the necessary corrective or adjustment actions when deficiencies or anomalies emerge, or following the introduction of new products, activities, services or relevant processes.

With regard to the internal control system of each single Subsidiary, the related body with management functions:

defines the organisational, methodological and procedural framework for the process of analysing IT risk, pursuing an appropriate level of connection with the Parent company's Risk Management for the processes of estimating operational risk;
with reference to the ICAAP/ILAAP processes, provides the necessary support to the Parent company's Risk Management for the parts under their respective responsibility;
implements the initiatives and measures needed to ensure the ongoing completeness, adequacy, functionality and reliability of its internal control system, in line with the internal regulations on management and coordination defined by the Parent company. It brings the results of the checks carried out to the attention of the body with strategic supervisory functions, where the roles of the body with management functions and the body with strategic supervisory functions do not coincide.

The Parent company's Board of Directors carries out, also through the structures that hinge the corporate control functions, checks to ascertain the consistency between what has been defined - approved and the related implementation.

The Chief Executive Officer of the Parent company ensures:

the consistency of the Group's risk management process with its risk appetite and risk management policies, bearing in mind also the evolution of the internal and external conditions in which Group companies operate;
proper, timely and secure management of information for accounting, management and reporting purposes.

The Board of Statutory Auditors of the Parent company supervises compliance with the law, regulations and Articles of Association, proper administration and the adequacy of the Bank's organisational and accounting structures.

The Board of Statutory Auditors of the Parent company may avail itself of the Bank's internal structures and control units in order to carry out and direct its own audits and necessary checks. To this end, it receives adequate information flows from them on a regular basis or in relation to specific situations or company trends. As a result of this close link, the Board of Statutory Auditors is specifically consulted not only on decisions concerning the appointment and revocation of the heads of company control units, but also on the definition of the essential elements of the overall architecture of the control system (powers, responsibilities, resources, information flows, management of conflicts of interest).

The Board of Statutory Auditors of the Parent company verifies and analyses in detail the causes and remedies of management irregularities, performance anomalies and shortcomings in the organisational and accounting structures, paying particular attention to compliance with the rules on conflicts of interest.

The controls carried out by the Board of Statutory Auditors must cover the entire company organisation, including checks on systems and procedures, the various branches of activity and operations. It also verifies the correct performance of the strategic and management control activities carried out by Banca Ifis on its Subsidiaries.

The Board of Statutory Auditors of the Parent company ascertains the adequacy of all the functions involved in the control system, the correct performance of their duties and their adequate coordination, promoting corrective action in the event of shortcomings or irregularities.

With reference to the audit carried out by the Independent Auditors, the Board of Statutory Auditors retains the tasks related to the assessment of the adequacy and functionality of the accounting system, including the related information systems, in order to ensure a correct representation of corporate events. Also, to that end, it coordinates with the latter on a continuous basis.

The Board of Statutory Auditors of the Parent company also:

a) notifies the Board of Directors and the CEO of the shortcomings and irregularities found, without prejudice to the obligations to report to the Bank of Italy, requests the adoption of suitable corrective measures and verifies their effectiveness over time;

b) verifies its adequacy, in terms of powers, functioning and composition, taking into account the size, complexity and activities carried out by the bank;
c) is responsible for supervising the completeness, adequacy, functionality and reliability of the system of internal controls and the Group's RAF. In carrying out this task, it monitors compliance with the supervisory provisions in force over time, with particular reference to the internal control system and the ICAAP and ILAAP processes;
d) supervises the completeness, adequacy, functionality and reliability of the internal rating system used for management purposes and its compliance with the requirements laid down in the regulations for internal rating systems adopted for regulatory purposes, which the Board of Directors of the Bank has deemed it necessary to comply with in order to guarantee its correct and effective functioning.

With regard to the internal control system of each single Subsidiary, the related control body is responsible for supervising the completeness, adequacy and reliability of its own internal control system, by carrying out, to the extent applicable, the same functions as those described above with regard to the Board of Statutory Auditors of the Parent company. The Board of Directors of Banca Ifis ensures that information on the internal control system and risks is provided in all cases envisaged by the regulations, guaranteeing the correctness and completeness of the information provided.

The following control functions are identified, framed within the levels provided for by the supervisory regulations in force:

Third level controls, carried out by Internal Audit. These are carried out with the aim of identifying breaches of procedures and regulations as well as regularly assessing the comprehensiveness, adequacy, functionality (in terms of both efficiency and effectiveness), and reliability of the internal control and IT systems (ICT audit) on a regular basis based on the nature and extent of the risks;
Second level controls, carried out by Risk Management, Compliance and Anti-Money Laundering. Amongst others, they are intended to ensure the risk management process is correctly implemented in accordance with the operational limits assigned to the various functions, and that business operations comply with regulations including corporate governance rules.
First level or line controls, aimed at ensuring that operations are carried out correctly, carried out by the production structures themselves or performed as part of back-office activities. The operational structures are primarily responsible for the risk management process: as part of their day-to-day operations, they shall identify, measure or assess, monitor, mitigate, and report the risks arising from ordinary operations in accordance with the risk management process; they shall comply with the operational limits assigned to them in accordance with the risk objectives and the procedures that form part of the risk management process.

The Head of Internal Audit reports directly to the body with strategic supervisory functions. He has direct access to the Board of Statutory Auditors and communicates with it without restriction or intermediation.

The effective functioning of the organisational model envisaged, based on the availability to Internal Audit of information on management and business developments, is also ensured by the systematic information link with the CEO of the Parent company on the activities carried out.

The Heads of Risk Management, Compliance and Anti-Money Laundering report directly to the management body. In any case, they have direct access to the Board of Directors and the Board of Statutory Auditors and communicate with them without restrictions or intermediation. In particular, the heads of the control units that are responsible for second-level corporate control functions report directly to the Board of Directors and to the Board of Statutory Auditors, usually on a quarterly basis or at the specific request of the latter and, in any case, whenever they deem it necessary.

The Heads of Internal Audit, Risk Management, Compliance and Anti-Money Laundering:

must meet appropriate professional standards;
are appointed and revoked by the Board of Directors, after consulting the Board of Statutory Auditors;
do not have direct responsibility for operational areas under control.

The Internal Audit, Risk Management, Compliance and Anti-Money Laundering control functions are organisationally separate and are assigned to structures that are not involved in risk-taking processes. The structures which are deemed to be involved in risk assumption, have the following characteristics (even not collectively):

a) authorise the taking of a risk;
b) are remunerated to an extent linked to company performance or have objectives that involve risk-taking;
c) are coordinated by subjects included in the previous categories (points a and b).

As part of the internal control system, roles and tasks have been assigned to the organisational units responsible for second and third level controls, which are detailed in the relative organisational Regulations or in the Group's Anti-Money Laundering Policy.

Without prejudice to their mutual independence and respective roles, Internal Audit, Risk Management, Compliance, Anti-Money Laundering and the Corporate Accounting Reporting Officer collaborate with each other and with the other organisational units in order to develop their control methods in a manner consistent with the company's strategies and operations.

In addition, the heads of organisational control units interact, coordinate and collaborate in order to avoid overlaps, develop synergies, and optimise collaboration.

The information flows relating to the Internal Control System between the organisational units that hinge the corporate control functions and between these and the corporate bodies are highlighted:

Internal Audit. The frequency with which the Head of Internal Audit of the Parent company must report on his or her work to the Board of Directors must be such as to ensure that the latter is always able to intervene promptly. Therefore, in addition to periodic and systematic reporting on a quarterly basis (Tableau de bord), it is essential to provide information on an occasional basis in order to inform the Board of Directors of any events that may require sudden corrective and/or improvement action. In this context, the results of the assessments that conclude with negative judgements or that reveal significant shortcomings are transmitted in full, promptly and directly to the corporate bodies.

With regard to planning activities and periodic reporting, the Parent company's Internal Audit submits to the Parent company's Board of Directors:

the plan of audit activities (annual and multi-year);
the quarterly tableau de bord;
the annual report on the activity carried out;
the annual report on the checks carried out on the Subsidiaries;
information on the checks carried out on the compliance of remuneration practices with policies and the regulatory framework;
information on audits relating to the governance and management of liquidity risk;
the report on essential and important functions outsourced outside the banking group;
the annual report on the proper functioning of internal systems for reporting violations (whistleblowing);
the report on internal audit activity on investment services.

The Parent company's Internal Audit also promptly sends the Board of Directors the results of the assessments that have been concluded with negative opinions or that show significant shortcomings.

Stable forms of collaboration are also envisaged between the Board of Statutory Auditors, the Control and Risk Committee, the Supervisory Body and the Parent company's Internal Audit, which are implemented by means of:

a mutual exchange of information;
the possibility for the Board of Statutory Auditors, the Control and Risk Committee and the Supervisory Body to ask the Parent company's Internal Audit to carry out checks on specific operational areas or particular company operations.

In addition, the Head of Internal Audit of the Parent company:

• reports to the Board of Statutory Auditors, the Control and Risk Committee and the Supervisory Body, at the latter's request, on the activities carried out;

brings to the attention of the heads of the other control units any inefficiencies, weaknesses or irregularities that have emerged during the verification activities carried out that may be of interest for the activities for which they are responsible;
informs the heads of the organisational structures concerned of any inefficiencies, weaknesses or irregularities found, for the implementation of the measures for which they are responsible.

Risk Management. Submits to the Board of Directors for approval (or final review, with specific reference to the periodic reports produced) and to the Board of Statutory Auditors and the Risk Control Committee:

programmes of activities in which the main risks to which the group is exposed are identified and assessed and the relevant management actions are planned;
the report on the activities carried out which illustrates the checks carried out, the results obtained, the weaknesses detected and the measures to be taken to remove them (both for Banca Ifis and its subsidiaries);
the Group's public disclosures;
the Group's RAF;
the government's risk management policies;
the Group's ICAAP ILAAP report;
the Contingency Funding Plan;
the Group's Recovery Plan;
the quarterly tableau de bord;
periodic reports on the "Major Transactions" for which it has expressed its opinion on the consistency with the RAF, highlighting those for which, although with a negative opinion, a favourable resolution followed;
the report on risk control activities on investment services.

In addition, Risk Management sends to the Control and Risk Committee:

periodic reports on the significant risks taken on by the group with evidence of the differences between actual exposure levels and the set risk objectives;
any specific reports on the risks that can potentially be taken on as a result of the launch of new products and/or as a result of entering new markets.

The Head of Risk Management informs the Heads of the other control units of the Parent company of critical issues detected in their control activities that may be of interest to the activities of each.

It is also foreseen the reciprocal transmission, normally for knowledge and in relation to the area of competence, of the results of the individual interventions carried out.

Compliance. Submits to the Board of Directors for approval (or final review, with specific reference to the periodic reports produced) and to the Board of Statutory Auditors and the Risk Control Committee:

the programme of activities in which the main risks of non-compliance with standards are identified and assessed and the relevant management actions are planned;
the report illustrating the checks carried out, the results obtained, the weaknesses detected and the proposals for action to be taken to remove them;
the quarterly tableau de bord;
a report on the overall situation of complaints received, the adequacy of procedures and organisational solutions;
the Transparency Report (Transparency of banking and financial transactions and services, Correctness of relations between intermediaries and clients, Checks on internal procedures);
the report on investment services and complaints received.

The Head of Compliance informs the Heads of the other corporate control units of the Parent company of critical issues detected in their control activities that may be of interest to the activities of each. It is also foreseen the reciprocal

transmission, normally for knowledge and in relation to the area of competence, of the results of the individual interventions carried out.

Anti-Money Laundering. Submits to the Board of Directors for approval (or final review, with specific reference to the periodic reports produced) and to the Board of Statutory Auditors and the Risk Control Committee:

plan of activities;
the quarterly tableau de bord;
the annual report on the activity carried out;
the document containing the results of the risk self-assessment exercise and the relative plan of action for adaptation.

The Head of Anti-Money Laundering informs the Heads of the other corporate control units of the Parent company of the critical points detected in their control activities which may be of interest for the activities of each. Moreover, the reciprocal transmission of the results of the single interventions carried out is foreseen, normally for information and in relation to the area of competence.

Corporate Accounting Reporting Officer. In compliance with the provisions of Art. 154-bis of the TUF, the Parent company's Corporate Accounting Reporting Officer shall:

issue an attestation, jointly with the CEO of the Parent company, certifying:
- o the adequacy and effective implementation of the administrative and accounting procedures;
- o the compliance of accounting documents with IAS/IFRS;
- o that the accounting documents coincide with the results of the accounting ledgers and records;
- o that they provide a true and correct representation of the financial position of the Bank and the subsidiaries and consolidated companies;
- o that the "Report on Operations" includes a reliable analysis of the performance and result of operations as well as the situation of the Bank and the Group;
issue a statement certifying that the documents and communications of the company disclosed to the market and related to the accounting information, including interim information of the same company, correspond to the documented results, books and accounting records (Art. 154-bis, par. 2).

Together with the explicit provisions of the above-mentioned reference legislation, the Corporate Accounting Reporting Officer prepares:

the annual plan of its activities, within which the scope of the analyses to be carried out on an annual basis is outlined. He submits this document to the CEO for sharing, with subsequent presentation to the Control and Risk Committee;
the half-yearly report (in correspondence with the annual and abridged half-yearly financial statements) on the results of the activities carried out and informs the CEO and the Control and Risk Committee.
if necessary and/or upon request of the corporate bodies, specific and dedicated reporting.

a Main characteristics of the existing risk management and internal control systems in relation to the financial reporting process

a.1. Background

The risk management system and the internal control system in relation to the financial reporting process are elements of the same System, aimed, among other things, at ensuring the reliability, accuracy and timeliness of financial reporting.

In order to ensure adequate control and proper mitigation of the risk of incorrect financial reporting, Banca Ifis has adopted a specific framework of analysis that cuts across the various corporate processes and is aimed at identifying and controlling the

main risks to which the Company is exposed when executing the significant transactions that generate the information contained in the financial statements and, in general, in any other financial reporting.

The application of the framework is designed to ensure accuracy, reliability and timeliness of financial reporting, pursuing integration with the overall internal control and risk management system.

The provisions of the Articles of Association concerning the "Corporate Accounting Reporting Officer" (hereinafter also the "Reporting Officer"), the appointment of the current Reporting Officer, the Group's Policy for the management of the risk of incorrect financial reporting, the update of the "scope of activities of the Reporting Officer" and the "Regulations for the Corporate Accounting Reporting Officer and for the Monitoring and Control of Financial Reporting", approved by the Board of Directors, constitute, together with the body of administrative and accounting procedures, the set of measures adopted by the Bank to monitor the risk of incorrect financial reporting.

The framework consists of several levels of analysis that in combined action lead to the definition of appropriate administrative and accounting procedures at group level. It is inspired by the principles and guidelines defined by the Internal Control - Integrated Framework issued by the Committee of Sponsoring Organisations of the Treadway Commission (known as CoSO) and by the Control Objectives for Information and related Technology (known like CobiT), considered as reference models accepted internationally.

The levels of analysis in the framework are as follows:

Process-level controls: these are controls that operate at process level and whose implementation provides evidence that adequate administrative and accounting procedures are in place to ensure effective internal control over financial reporting;
Controls on Information Technology (IT General Controls or "ITGC"): controls that operate at corporate level and that are specifically linked to the processes of managing Information Technology in support of the execution of corporate processes; they concern, for example, the processes of software acquisition and maintenance, the management of physical and logical security, and the development and maintenance of applications.

a.2. Description of the main characteristics of the existing risk management and internal control system in relation to the financial reporting process (the "System")

The process for managing the risk of financial misreporting and the methods of collaboration and coordination between the Monitoring and Control of Financial Reporting structure, Accounting and Budgets and the other structures and Bodies of the Bank are defined within the Group Policy for the management of the risk of financial misreporting, approved by the Board of Directors. Accounting and Budgets is responsible for fulfilling administrative and accounting requirements, as well as for producing the financial information prepared with the contribution of the Reporting Officer and certified by him pursuant to Art. 154-bis of the TUF.

a.2.1 Steps in the process of managing the risks of financial misstatement

The operational approach that characterises the overall financial misinformation risk management process is divided, consistently with the phases of the risk management process the Bank has adopted, into the following sub-processes:

Identification: the Monitoring and Control of Financial Reporting, also with the operational support of Accounting and Financial Statements, identifies the entities to be included in the scope of verification activities. The significance of subsidiaries is assessed annually on the basis of the criteria adopted.
Risk assessment: identified risks are assessed in potential terms taking into account the relative frequency and materiality of impacts. Subsequently, the Monitoring and Control of Financial Reporting assesses the adequacy of the organisational controls defined in terms of prevention of the risks of incorrect financial reporting and consistency with the external regulations in force, as well as with the main best practices (socalled assessment of control design).
Monitoring: in view of the adequacy of administrative and accounting procedures, the Monitoring and Control of Financial Reporting checks that the controls identified are actually implemented in accordance with the procedures and intervals laid down, and that they are tracked through the filing of the related evidence (socalled "verification of the effective application of controls").

As part of the management and coordination activity performed by the Parent company over the companies of the Group, the Parent company's Reporting Officer, through the Monitoring and Control of Financial Reporting, analyses the documentation produced by the Finance representatives at the subsidiaries (where considered significant in the annual planning process) and assesses the results of the controls performed by them for the purposes of ensuring correct consolidated financial reporting. A summary of any critical issues that emerge is summarized in the report that the Parent company's Reporting Officer produces every six months and brings to the attention of the Board of Directors.
Mitigation: the adequacy assessment and enforcement reviews may highlight any deficiencies in the organisational controls in place to mitigate the risk of financial misreporting. Therefore, the Organisation, having received the results of the Assessment and Monitoring activities, defines, with the support of the Monitoring and Control of Financial Reporting as well as of Accounting and Budgets, the necessary corrective actions and/or actions to strengthen the existing controls.
Reporting: the Monitoring and Control of Financial Reporting prepares a report every six months, which it shares with the CEO and subsequently presents to the Board of Directors, the Control and Risk Committee and the Board of Statutory Auditors. The report describes the verification activities carried out, their results and any criticalities found. The assessment of adequacy and effective implementation of the administrative and accounting procedures is used by the Reporting Officer for drawing up the certifications required pursuant to Art. 154-bis, paragraph 5 of Legislative Decree no. 58/98.

a.2.2 Roles and Functions involved

In the light of the significant responsibilities entrusted to him, the Reporting Officer is granted adequate powers and means to carry out his functions, as specified in paragraph 8.6 of this Report. The Reporting Officer receives from all the Bank's organisational units the maximum cooperation necessary to carry out the activities for which he is responsible, having guaranteed free access to all environments, information, accounting records and documentation relating to his activities. Moreover, if necessary, the latter may request information or documents located at external suppliers, through the relevant internal contact for the outsourced activity. Finally, the Reporting Officer may agree with each organisational unit involved in the process on the methods for transmitting the information flows necessary for the performance of its activities.

In order to carry out the activities for which he is responsible, the Reporting Officer avails himself of the Monitoring and Control of Financial Reporting organisational unit, whose objective is to assess the completeness, adequacy, functionality and reliability of the internal control system, with specific reference to the production of financial information and the management of the risk that the latter may be incorrect.

Internal Audit assesses the completeness, adequacy, functionality and reliability of the financial misstatement risk management process.

As part of the management and coordination activities carried out by the Parent company with regard to Group companies, the Parent company's Finance Department issues methodological guidelines on administrative and accounting matters to be followed by the Organisational Units of the latter, which are appointed for this purpose, when carrying out the activities for which they are responsible.

In view of the fact that the Group's configuration envisages the presence of entities considered significant when defining the scope of the manager responsible for financial reporting (the "identification phase"), Banca Ifis, as part of the management and coordination action it exercises over its subsidiaries, asks, through the Parent company's Reporting Officer, to:

send quarterly check-lists to the Finance contact persons at these entities, so that on the basis of these checks the Parent company's Reporting Officer can assess the adequacy and effective application of the administrative and accounting procedures for the preparation of financial reports. The evidence produced by the Finance contacts at the controlled entities, together with the declaration made by them concerning the effective performance of the required controls and the application of the Group accounting policies, is obtained, assessed and filed by the Monitoring and Control of Financial Reporting. Check-lists are reviewed quarterly, as needed;
carry out, by means of the Monitoring and Control of Financial Reporting, verification activities at such entities in accordance with the provisions of the annual plan which is ratified by the Board of Directors of Banca Ifis.

8.1 Chief Executive Officer

The Board of Directors, in order to implement the system of internal controls, both at Group and company level, has delegated to the CEO adequate powers for this purpose, as detailed in Section 8.

In his capacity as the Body with management function, he constantly reported to the Board of Directors on all aspects of company management and:

ensured, through the competent structures, the identification of the main corporate risks;
implemented the guidelines established by the Board;
monitored, through the competent operational structures, the need to update the Group's policies for the governance and management of the main corporate risks;
implemented the guidelines defined by the Board with regard to the internal audit and risk management system, constantly assessing its adequacy and effectiveness;
ensured the adaptation of the company and group internal control system to the dynamics of the operating conditions of the legislative and regulatory context.

8.2 Control and Risks Committee

The Control and Risk Committee has the task of supporting the Board's assessments and decisions relating to the internal control and risk system, the approval of periodic financial and non-financial reports and supporting the Board in analysing issues relevant to the generation of long-term value with a view to sustainable success.

The Control and Risk Committee is made up, as a rule, of three to five members chosen from among the non-executive members of the Bank's Board of Directors, the majority of whom are independent. The members of the Control and Risk Committee must have knowledge, skills and experience, primarily in the business sector in which the Bank operates, such that they can fully understand and monitor the Company's strategies and risk orientations. At least one member of the Control and Risk Committee must have appropriate accounting and financial or risk management experience, to be evaluated by the Board of Directors at the time of appointment.

Composition and functioning of the Control and Risks Committee

As of the date of publication of this Report, the Committee, in accordance with Recommendation 35, is made up of 5 independent and non-executive Directors: Simona Arduini (serving as Chairman as of 15 October 2020), Daniele Umberto Santosuosso, Monica Billio, Antonella Malinconico and Roberto Diacetti.

The Control and Risk Committee is chaired, in turn, by one of its members chosen by the Board of Directors from among the independent directors with adequate knowledge and experience in accounting and finance or risk management. The chairmanship of the Control and Risk Committee shall be for a term of eighteen months from the date of appointment, unless terminated, revoked or resigned as a director or member of the Control and Risk Committee. When the chairmanship expires, the Board of Directors confers the office of Chairman to a different member of the Control and Risk Committee holding the aforementioned requirements. Without prejudice to the rotation of the office of Chairman, the members of the Control and Risk Committee may hold the office of Chairman more than once, preferably not consecutively.

If, for any reason whatsoever, also as a consequence of the termination of the office of director, a member of the Control and Risk Committee leaves office, the Board of Directors shall promptly appoint a new member at the first useful meeting. Members of the Control and Risk Committee appointed to replace those who have ceased to serve shall expire at the same time as those in office at the time of their appointment, unless otherwise determined by the Board of Directors. Each member of the Control and Risk Committee may be revoked by a resolution of the Board of Directors, which shall, at the same time, replace him/her. The term of office of the members of the Control and Risk Committee is equivalent to that of the Board of Directors which appointed it, whose early termination, for any reason, determines the simultaneous termination of such Committee.

The Chairman convenes and chairs the meetings of the Control and Risk Committee, prepares its work, directs, coordinates and moderates the discussion, and reports to the Board of Directors on the activities carried out by the Committee and on the related proposals and guidelines in the most appropriate form at the first useful meeting. The Chairman shall sign, on behalf of the Control and Risk Committee, reports and opinions to be submitted to the Board of Directors and/or other bodies or functions of the Bank. In the event of the Chairman's absence, unavailability or impediment, his functions are performed by the most senior member of the Control and Risk Committee.

The Control and Risk Committee is convened by the Chairman or, in the event of his absence, impediment or delay in providing for it, by the most senior member of the Control and Risk Committee; it also meets whenever requested by one of its members or by the head of the Internal Audit function who submits a written request to the Chairman, indicating the items to be included on the agenda.

Meetings shall be convened with at least three days' notice, indicating the place, day, time and items on the agenda; in case of urgency, the Committee may be convened with one day's notice prior to the date scheduled for the meeting. The notice of call must be sent to the regular members of the Board of Statutory Auditors and, in copy for information, to the Chairman of the Board of Directors. Any documentation relating to the items on the agenda shall normally be made available at the same time as the meeting is convened and in any case with the advance notice appropriate to the circumstances.

The Chairman of the Board of Statutory Auditors, or another member designated by him, takes part in the work of the Control and Risk Committee. When deemed appropriate in relation to the issues to be dealt with, the Control and Risk Committee and the Board of Statutory Auditors meet jointly. At the invitation of the Chairman of the Control and Risk Committee, the Chairman of the Board of Directors, the Deputy Chairman, the CEO and the General Manager of the Bank (if appointed) may also attend the meetings. The Chairman of the Control and Risk Committee is also entitled to invite to the meetings the director in charge of the internal control and risk management system and the other members of the Board of Directors, the statutory auditor or the representatives of the auditing firm and the members of the management and control bodies of the Group companies with reference to all or some of the items on the agenda, unless issues concerning them are discussed. Lastly, the Control and Risk Committee may avail itself of and/or request the presence of independent consultants and any corporate representative or employee of the Bank or of another company of the Group that is competent in this field, informing the CEO thereof.

For the meetings of the Control and Risk Committee to be valid, the majority of the members in office must be present and the decisions/resolutions are taken by an absolute majority of those present. In the event that the Control and Risk Committee is composed of an even number of members, in the event of a tie, a subsequent vote shall be taken in which the decision that obtained the Chairman's vote shall prevail. Voting may not be by proxy and each member is entitled to one vote.

The meetings of the Control and Risk Committee may be validly held also through the use of suitable audio, video or teleconference systems, provided that all the persons entitled may participate and be identified and that they are allowed to follow the meeting and intervene in real time in the discussion of the issues, as well as to receive, transmit and view documents, implementing simultaneous examination and decision-making/deliberation. The Committee may meet anywhere, provided it is in Italy.

The secretariat of the Committee is provided by the Legal and Corporate Affairs Department, which is responsible for drawing up concise minutes. The minutes shall be transcribed in the appropriate book and signed by the Chairman of the meeting and the Secretary.

In 2021, the Committee met 21 times, five of which jointly with the Board of Statutory Auditors; the average duration of the meetings was approximately two hours and twenty minutes. All members of the Board of Statutory Auditors attended all meetings held in 2021.

From the beginning of 2022 until the date of approval of this document, the Committee met six times, including twice jointly with the Board of Statutory Auditors; 21 meetings have been scheduled for 2022.

In addition to holding joint meetings with the Board of Statutory Auditors, during its meetings the Committee has discussed specific issues with the General Manager (until October, then appointed Chief Lending Officer), the Corporate Accounting Reporting Officer (and Chief Financial Officer), the Head of the Business Plan Governance, Planning and Management Control Department, the Head of Compliance, the Anti-Money Laundering Officer, the Independent Auditors and the Chief Risk Officer. The Committee systematically met with the Head of Internal Audit, who usually attends the Committee's meetings with a view to achieving synergy between the various players in the internal control system. The Committee met again, with a view to preliminary work in relation to the Board's work, with the Head of Capital Markets Department, the Head of Problem Loans, the Head of Accounting and Budgets, the Head of Monitoring and Control of Financial Information, the Head of Organisation, the Head of Privacy & Security, the Head of Complaints,the Head of Validation and, as from October, with the Joint General Manager, Chief Operating Officer.

Functions assigned to the Control and Risk Committee

The Control and Risk Committee performs support functions for the body with strategic supervisory functions with regard to risks and the internal control system.

The Control and Risk Committee has the following investigative, propositional and advisory functions:

to assess, together with the Corporate Accounting Reporting Officer pursuant to Art. 154-bis of Legislative Decree no. 58 of 24 February 1998, as subsequently amended and supplemented (the "Reporting Officer") and having consulted the Independent Auditors (or auditing firm) and the Board of Statutory Auditors, the correct use of the accounting standards and, in case of groups, their uniformity for the purposes of drawing up the consolidated financial statements;
to assess the suitability of periodic financial and non-financial information to correctly represent the Company's business model, strategies, the impact of its activities and the performance achieved;
to analyse issues relevant to long-term value generation from the perspective of sustainable success;
to express opinions on specific aspects concerning the identification and management of the main corporate risks;
to examine in advance the programmes of activities (including the audit plan) and the annual reports of the corporate control functions of the Company and, where present, of the Group companies, concerning the assessment of the internal control and risk management system, as well as those of particular importance prepared by the Internal Audit function;
to monitor the autonomy, adequacy, effectiveness and efficiency of the Internal Audit function and the control functions, where present, of the Group companies;
to assess and express opinions to the Board of Directors on compliance with the principles with which the internal control system and the corporate organisation must comply, and on the requirements to be met by the corporate control functions, bringing to the attention of the Board of Directors any weak points and the consequent corrective actions to be promoted; to this end, it assesses the proposals made by the body with management functions;
to ask the Internal Audit function to carry out checks on specific operational areas, simultaneously notifying the Chairman of the Board of Statutory Auditors;
to report to the Board of Directors, when the annual and interim financial reports are approved, on the activities carried out and on the adequacy of the internal control and risk management system;
to assist the Board of Directors in supervising the actual functioning of the risk management and control processes in compliance with the laws and regulations in force;
to support, with an adequate preliminary activity, the evaluations and decisions of the Board of Directors relating to the management of risks deriving from prejudicial facts of which the Board of Directors has become aware;
to identify and propose, with the help of the Appointments Committee, the heads of the corporate control functions to be appointed;
to contribute, by means of assessments and opinions, to the definition of the company policy for the possible outsourcing of corporate control functions;
to verify that all company control functions correctly comply with the indications and guidelines approved by the Board of Directors and assisting the latter in drawing up the document coordinating the control functions and, in general, the system of company and group internal controls.

The Control and Risk Committee also issues its own prior opinion to the Board of Directors:

on the guidelines of the internal control and risk management system, so that the main risks concerning the Company and its subsidiaries are correctly identified, as well as adequately measured, managed and monitored, also determining the degree of compatibility of the risks with a management of the company that is consistent with the identified strategic objectives;
on the adequacy of the internal control and risk management system with respect to the characteristics of the company and the risk profile assumed, as well as its effectiveness;

on the activity programmes (including the audit plan) and annual reports prepared by the head of the Internal Audit function and the heads of the control functions, where present, of the Group companies;
on the description, in the Report on Corporate Governance and Shareholding Structures, of the main characteristics of the internal audit and risk management system and of the coordination methods between the subjects involved in it, including the assessment of its adequacy;
on the findings set out by the statutory auditor (or audit firm) in the letter of recommendations, if any, and in the report on key matters arising from the statutory audit.

With reference to the appointment, revocation, adequacy of the resources assigned to perform its functions, as well as the fixed and variable remuneration of the head of the Internal Audit function of the Bank and, where present, of the Group companies, the Committee supports the Board of Directors in its decisions, also by issuing prior opinions where required by the legislation in force over time or by the Board of Directors.

With particular reference to the tasks related to risk management and control, the Committee carries out support functions for the body charged with strategic supervision:

in the definition and adoption of the strategic guidelines and risk management policies. As part of the RAF, the Control and Risk Committee performs the evaluation and proposal activity necessary for the Board of Directors to define and approve the risk objectives and tolerance threshold;
in verifying the correct implementation of strategies, and management policies for risks and the RAF;
in the definition of policies and processes for the assessment of company activities, including verification that the price and conditions of transactions with customers are consistent with the business model and strategies concerning risks.

Without prejudice to the responsibilities of the Remuneration Committee, the Control and Risk Committee shall ascertain that the incentives underlying the Company's remuneration and incentive system are consistent with the RAF.

In the performance of its duties, it has access to all the information and company departments that are relevant for the performance of its tasks, and can avail itself of external consultants, within the terms established by the Board of Directors and in compliance with the Group's policy for the management of inside information.

The Control and Risk Committee carries out its activities by making ordinary use of the information provided by the Board of Directors, the director in charge of the internal control and risk management system, the Head of the Internal Audit function and of the other control functions, the Reporting Officer, the Supervisory Body provided for by Legislative Decree no. 231 of 08 June 2001, as subsequently amended and supplemented, and the statutory auditor or representatives of the auditing firm, as well as the results of the activities carried out by the other committees set up by the Board of Directors.

It sees to the setting up of mechanisms to ensure the timely exchange of information with the Board of Statutory Auditors, guaranteeing the availability of information relevant to the performance of their respective duties and the coordination of activities in the areas of shared responsibility for the improved efficiency of the internal control systems.

The Control and Risk Committee has financial resources, which can be activated autonomously, in the amount of 60.000 Euro per year, established by the Board of Directors and with provision for reporting to the Board on the possible use of the funds at least once a year, usually at the time of examination of the Report on Corporate Governance and Shareholding Structure.

With regard to transactions with related parties and/or associated parties, the Control and Risk Committee, consisting solely of independent directors, also performs the functions assigned to it by the Board of Directors, as governed by current internal regulations.

In 2021, the Committee's activities were carried out along a number of main lines, with a view to preparing the work of the Board of Directors:

discussions with the Heads of Intensive Audit, Risk Management, Anti-Money Laundering and Compliance on the respective annual plans and reports, and on the quarterly Tableau de Bord sent to the Bank of Italy;
quarterly evaluations of accounts receivable and other balance sheet items in preparation for periodic financial reports;
semi-annual evaluations of complaint handling;

Banca Ifis | 2021 Report on Corporate Governance and Shareholding Structure

dialogue, also in joint form, with the Board of Statutory Auditors, the Reporting Officer and the company appointed to carry out the statutory audit of the accounts;
transactions falling within the scope of the Group's related parties;
interaction with the Business Continuity Plan manager and relevant managers on ICT governance (strategic plan, reporting, disaster recovery and business continuity plans and tests);
dialogue falling within the scope of the outsourced Essential or Important Functions;
updates to internal regulations (regulations, policies, organisational processes and procedures, methodological manuals, delegation system);
discussions with the Head of the Business Plan Governance, Planning and Management Control Department regarding the Parent company's operating budget;
discussions with the Validation Function regarding the validation reports on the Risk Management models adopted by the Bank in its individual businesses.

8.3 Head of the Internal Audit Function

Angelo Ferracchiati has held the position of Head of Internal Audit since 1 June 2019.

Mr Ferracchiati was appointed on the proposal of the director in charge of overseeing the functionality of the internal control and risk management system, at the Board meeting of 30 May 2019, after receiving the favourable opinion of the Control and Risk Committee and after consulting the Board of Statutory Auditors.

Upon appointment, the Board - based on the proposal made by the Remuneration Committee - entrusted the CEO, the General Manager (who was at that time part of the corporate organisational chart) and the Head of Human Resources with the definition of remuneration issues.

The unit is located on the staff of the Board of Directors and is not responsible for any operational area; it is provided over time with adequate resources to carry out its activities.

The positioning of the Internal Audit unit within the corporate organisational chart on the staff of the Board of Directors not only ensures the independence of the unit itself, in line with the indications of the Bank of Italy and with the best practices in the sector, but also facilitates the appropriate exchange of information with the Control and Risk Committee, the Board of Statutory Auditors and, in general, with corporate bodies and organisations.

The mission assigned to Internal Audit by the relevant regulations, approved by the Board of Directors, includes checking that the internal control and risk management system is complete, adequate, functional and reliable.

***

The Group's Internal Audit Regulations require the Parent company's Internal Audit Function to define a programmed plan of activities which, based on a structured process of analysis and prioritisation of the main risks ("risk based"), takes account of the different degree of risk of the various activities and structures of the Parent company and its Subsidiaries. With regard to the companies of the Banca Ifis Group, a contact person for the Internal Audit Function has been identified, which each subsidiary has outsourced to the Bank; the contact person reports hierarchically to the Head of the Bank's Audit Function, but functionally to the Administrative and Control Bodies of the subsidiaries.

The Programmatic Plan of Audit activities indicates the audit activities planned for the three-year period (multi-year plan) and has a specific section for information system audit activities (ICT auditing).

Without prejudice to the coordination and collaboration with the other control functions, taking into account the importance of the activities planned by the second-level control functions, the Programmatic Plan of Audit activities is normally submitted not before the Risk Management, Compliance and Anti-Money Laundering control units of the Parent company have drawn the attention of the corporate bodies to the planning of their activities.

The Programmatic Plan is simultaneously transmitted to the Board of Statutory Auditors, the Control and Risk Committee, the Chairman of the Board of Directors, the Director in charge of the internal control and risk management system (as well as the CEO) for subsequent examination by the Board of Directors. The Plan is updated whenever necessary, at the request of the corporate bodies and/or at the proposal of the Head of Internal Audit.

During FY 2020, a new "Audit Programmatic Plan 2020-2022" was approved by the Board, subject to the favourable opinion expressed by the Control and Risk Committee. The activities planned for 2021, in continuity with FY 2020, were mainly developed

along two lines: one of a project nature aimed at developing a system of remote indicators to be used by the Function and aimed at ensuring continuity in the action of internal auditing of the main Group processes. During 2021, the Head of Internal Audit, among other things:

had direct access to all information relevant to the performance of their duties;
constantly interacted with the Control and Risk Committee, the Board of Statutory Auditors and the Supervisory Body pursuant to Legislative Decree no. 231/2001 (of which he is a member) reporting, among other things, on his work;
sent the results of the minutes of all meetings to the Board of Statutory Auditors, the Chairman of the Board of Directors, the Director in charge of the internal control and risk management system (as well as the CEO);
discussed the quarterly tableau de bord with the Control and Risk Committee and the Board of Statutory Auditors, highlighting the main results of the activities carried out during the quarter;
reported on its work to the corporate bodies, providing, with reference to the processes and/or areas subject to audit, adequate information on the activities carried out as well as assessments of the internal control system and the residual risk, also by means of indications on compliance with the plans defined for the containment of risks. This includes the quarterly report mentioned above, the Tableau de bord, the Annual Report as well as further reports and information on specific issues of particular importance;
carried out specific interventions regarding the reliability of information systems and accounting systems.

The main activities carried out by the Head of Internal Audit during 2021, on the basis of the aforementioned Programmatic Plan, concerned both the Parent company (Banca Ifis) and its subsidiaries from a risk-based perspective.

The main areas of intervention concern the NPL sector with particular regard to the main processes of the two Group companies operating in the sector (Ifis Npl Investing and Ifis Npl Servicing), the commercial banking sector and specifically the leasing, factoring and pharma business units and corporate cash management. In addition, checks were carried out on the IT system, the second-level control functions and some transversal corporate processes that are not directly and unambiguously correlated to specific business areas, in particular, with reference to the management process of operational continuity and the compliance of remuneration practices with the regulatory context.

In addition to the quarterly report (Tableau de bord) and the annual report on activities carried out, in compliance with the provisions of the Supervisory Authorities, the Head of Internal Audit prepared specific checks regarding

audits of subsidiaries;
remuneration policies;
ICAAP process;
liquidity risk management and governance;
essential and important functions outsourced;
investment services;
functioning of internal systems for reporting violations (whistleblowing).

Lastly, Internal Audit interacted with the second-level control structures with reference to the risk areas they oversee, constantly promoting coordination and sharing meetings.

8.4 Organisational model pursuant to Legislative Decree no. 231/2001

The Banca Ifis Group, sensitive to the need to ensure conditions of transparency and correctness in the conduct of its business activities, in order to safeguard the image of the individual companies that make up the Group, the expectations of its shareholders and of those who work for and with the companies of the Group, has deemed it compliant with its principles to proceed with the implementation of the Organisational and Management Model provided for by Legislative Decree no. 231/2001.

This initiative was also taken in the belief that the adoption of the Organisational Model can be a valid tool for raising the awareness of those who work for the Bank so that, in carrying out and conducting their activities, they adopt correct and

straightforward conduct, such as to prevent the risk of committing the offences contemplated in Legislative Decree no. 231/2001.

The Banca Ifis Group condemns any conduct contrary to the provisions of the law in force and to the ethical principles also affirmed in the Code of Ethics most recently updated in August 2021. In this context, the adoption and effective implementation of the Model improve the Bank's Corporate Governance, as they limit the risk of offences being committed and make it possible to benefit from the exemption provided for in Legislative Decree no. 231/2001.

The Board of Directors has appointed a Supervisory Body with autonomous powers of initiative and control pursuant to Italian Legislative Decree no. 231/2001, since 26 October 2004; at the meeting of 19 April 2019, it confirmed the decision, already taken by the previous directors, not to entrust the duties of the Supervisory Body to the Board of Statutory Auditors, providing for a composition consisting of an Auditor, the Heads of the Internal Audit and Compliance functions as well as two independent directors, one of whom with the position of Chairman.

In preparing the Organisational Model, most recently updated on 5 August 2021, Banca Ifis was inspired by the "Guidelines of the Italian Banking Association for the adoption of organisational models on the administrative liability of banks" which constitute a guideline for the interpretation and analysis of the legal and organisational implications deriving from the introduction of Legislative Decree no. 231/2001.

In preparing the Model, account was taken of the existing procedures and control systems already widely operating within the company, as they are also suitable for use as crime prevention and process control measures. The Model is part of the broader control system consisting mainly of the Internal Control System required by the Bank of Italy and the company's existing Corporate Governance rules.

In addition, viewing its organisational and management model as a key company policy tool, Banca Ifis extends the organisational instruments that form part of the Organisational Model adopted by the Bank to its subsidiaries as applicable. Part of the model is available on the Banca Ifis website in the Corporate Governance - the Value of Ethics - Organisation, Management and Control Model section.

With regard to the offences to which the discipline in question applies, these are currently of the following types:

offences against the Public Administration;
conduct referable to computer crimes;
corruption and offences envisaged and punished by Articles 25 and 25 ter of Leg. Legislative Decree no. 231/2001;
forgery of money, public credit cards, revenue stamps and identification instruments or signs;
conduct relating to offences against industry and commerce and offences relating to the violation of copyright;
certain types of corporate offences;
conduct referable to organised crime offences; offences with the purpose of terrorism and subversion of the democratic order; transnational offences; offences against the person; inducement not to make statements to the legal authority;
offences relating to market abuse;
conduct referable to offences related to safety at work;
offences of receiving stolen goods, money laundering and use of money, goods or utilities of illegal origin, as well as self-laundering;
environmental crimes
tax offences

The Supervisory Body is made up of one Auditor, chosen by the Board of Statutory Auditors, the Heads of the Internal Audit and Compliance functions and two independent Directors, chosen by the Board, one of whom acts as Chairman; the Supervisory Body remains in office for three years and meets at least once every six months. The secretariat of the Supervisory Body is provided by the Legal and Corporate Affairs Department and the secretary, on behalf of the Chairman, is responsible for drawing up the minutes of the meetings, which are kept by the Legal and Corporate Affairs Department. The Chairman, or another member designated by the Chairman over time, reports to the Board of Directors, at the first useful meeting, on the activities carried out and, where appropriate, on the activities in progress and/or planned as well as on the possible activation of financial autonomy.

This Body is endowed with autonomous powers of initiative and control, pursuant to Legislative Decree no. 231/2001 ""Rules for the administrative liability of legal entities, companies and associations, including those without legal status".

The Supervisory Body's Regulations are available on the Bank's website, in the Corporate Governance - The Value of Ethics - Supervisory Body's Regulations section.

8.5 Independent Auditors

The Shareholders' Meeting of 17 April 2014 appointed EY S.p.A. to perform the statutory audit of the annual financial statements and the consolidated financial statements of the Group as well as the limited audit of the half-yearly report of Banca IFIS for each of the nine financial years ending 31 December 2014 to 31 December 2022.

The Additional Report has been made available to the Board of Directors by the Board of Statutory Auditors together with its own observations.

EY S.p.A. was also entrusted, through separate formal agreements, with the auditing of the financial statements of the parent company and of the subsidiaries of Banca Ifis.

8.6 Corporate Accounting Reporting Officer and other corporate roles and functions

On 12 April 2016, the Board of Directors appointed Mariacristina Taormina as "Corporate Accounting Reporting Officer", with effect from 18 April 2016.

Pursuant to Article 19 of the Articles of Association:

the Board of Directors, pursuant to Art. 154-bis of Legislative Decree no. 58/1998, appoints a Corporate Accounting Reporting Officer, subject to the mandatory opinion of the Board of Statutory Auditors;
the Corporate Accounting Reporting Officer must meet the requirements of integrity laid down for election to the office of auditor in Art. 2 of Ministerial Decree no. 162 of 30 March 2000 and of the professional requirements for election to the position of Board member of banks established as joint-stock companies, as provided for in Art. 1, paragraph 1 of Ministerial Decree no. 161, dated 18 March 1998.

The Board of Directors grants the Reporting Officer autonomous spending powers, in line with the programme of activities that he plans to carry out. The Reporting Officer must periodically report to the Board of Directors on the exercise of his spending powers. It should be noted that no expenses other than those envisaged for the normal functioning of the organisational unit in charge of monitoring activities were incurred during the activities carried out in 2021. In addition, the Reporting Officer has the power to:

acquire information from within the Bank regarding events, risk indicators or proposals for technical and organisational adjustments relating to administrative and accounting procedures;
propose changes to the internal control system where deemed necessary;
attend the meetings of the Board of Directors and the Board of Statutory Auditors and have access to the minutes of those meetings whose agenda includes the examination and/or approval of the economic and financial data of the Bank and the Group.

***

The Heads of the other corporate functions with specific tasks in terms of internal control and risk management are indicated below:

the role of Head of Risk Management (Chief Risk Officer) is attributed to Walter Vecchiato; Risk Management had been assigned a budget for 2021 of 900.000 Euro that may be used for any recourse to external consultants and for staff training, which may be activated autonomously;
the role of Head of Compliance is attributed to Francesco Peluso; a budget of 90.000 Euro was allocated to Compliance for 2021, which may be used for any recourse to external consultants and 15.000 Euro for training, which may be activated autonomously by the Head;

• the role of Head of Anti-Money Laundering is assigned to Giovanna Bazzaro; Anti-Money Laundering was allocated a budget for 2021 of 135.000 Euro that may be used for any recourse to external consultants and 15.000 Euro for training, which may be activated independently by the Head.

The Heads of Internal Audit, Risk Management, Compliance and Anti-Money Laundering:

must meet appropriate professional standards;
are appointed and revoked by the Board of Directors, after consulting the Board of Statutory Auditors;
do not have direct responsibility for operational areas under control.

The duties and responsibilities of the aforementioned second and third level Control Organisational Units are in line with the provisions of the Supervisory Provisions on the system of controls.

8.7 Coordination between the parties involved in the internal control and risk management system

As part of the Internal Control System at Group level, the Parent company is responsible for setting up a unitary system at consolidated level that allows effective control over both the strategic decisions of the Group as a whole and the management balance of the individual components.

The correct functioning of the internal control system is based on the profitable interaction in the exercise of the tasks (of guidance, implementation, verification, assessment) between the corporate bodies, any committees set up within them, the persons entrusted with the legal auditing of the accounts and the control functions.

For this reason, in accordance with the requirements of the Corporate Governance Code, the Board of Directors, appointed by the Shareholders' Meeting of 19 April 2019, confirmed the CEO as the director responsible for overseeing the functionality of the internal control and risk management system.

In addition, the fruitful interaction and coordination between the senior figures involved in the internal control and risk management system is facilitated by cross-membership mechanisms and a non-redundant composition of committees and bodies; in particular, the Control and Risk Committee and the Board of Statutory Auditors interact frequently during their meetings and, when necessary, with the CEO, the Corporate Accounting Reporting Officer, the Independent Auditors, the Chief Risk Officer, the Head of Compliance and the Head of Anti-Money Laundering. They also interact systematically with the Head of Internal Audit, who normally attends the meetings of both bodies.

The Supervisory Body pursuant to Legislative Decree no. 231/2001 benefits from the same mechanisms of cross-membership and similar systematic interaction with the other subjects of the internal control and risk management system.

The heads of organisational control units interact, coordinate and collaborate in order to avoid overlaps, develop synergies, and optimise collaboration.

On at least a quarterly basis, usually at the initiative of the Parent company's Head of Internal Audit, the heads of the Parent company's organisational control units participate in formalised meetings to discuss and compare notes on the following issues:

sharing of the planning of the respective main verification/control activities (also with regard to subsidiaries);
analysis of the main results of the interventions carried out, of the remedial actions initiated or requested;
analysis of the evolution of the levels of exposure to the various risks;
sharing the risk map, also broken down by risk taker organisational unit, and the potential significance of the risks identified;

sharing of reporting, methodologies and terminologies;
as well as, more generally, for a profitable exchange of information and for the analysis of possible forms of collaboration.

Meetings are subject to adequate traceability and, with reference to individual issues to be discussed, representatives of other organisational units may also be invited to participate.

The minutes of the meetings as well as other documentation of common interest are:

archived in a dedicated computer folder shared between the organisational control units;
subsequently reported to the Corporate Bodies when specific requests are made, as well as during the presentation of the "Annual reports on the activities carried out" prepared by the second and third level control organisational units.

The "Group Policy for the Management of Information Flows" describes the information flows that the control functions of the Bank and its Subsidiaries produce to the Corporate Bodies. This policy also defines the principles relating to the preparation and management of information flows that are also applicable to those that the control functions exchange with each other and with the Supervisory Authority, as well as those addressed to the Shareholders' Meeting.

9.Directors' interests and related party transactions

In June 2021 the Board of Directors approved - subject to the favourable opinion of the Board of Statutory Auditors and the Control and Risk Committee (consisting solely of independent directors) - the issuance of the new "Group Policy on transactions with related parties, associated parties and corporate representatives pursuant to Art. 136 TUB", last updated in February 2022 (the "Policy"). The Policy is available on the website www.bancaifis.it (in the section "Corporate Governance - Reports and documents - Related parties and associated persons").

In particular, following the update of 10 December 2020 of CONSOB Regulation no. 17221 of 12 March 2010, it became necessary to revise the internal regulations on transactions with related parties and associated parties. In this context, a unique perimeter of related parties and connected persons has been identified and is described in paragraph 2.2 and Appendix 1 of the Policy (the "Single Perimeter").

A specific Related Parties Committee has not been set up, since the Board of Directors has assigned the tasks that the Consob Regulations and the Bank of Italy's Provisions assign to Independent Directors to the Control and Risk Committee (for the component of Independent Directors, which in its current composition coincides with all members).

In particular, with reference to transactions with related parties, the Committee is responsible for

the issuing of prior, reasoned and binding opinions (for the purposes of the resolution of the Board of Directors of Banca Ifis) on the suitability of internal regulations and subsequent updates and amendments to achieve the objectives of the external regulations. This opinion is in addition to the similar opinion required from the supervisory body;
the issue, when expressly provided for, of prior and reasoned opinions, binding or non-binding, in the case of transactions with members of the Single Perimeter carried out directly or indirectly by the Bank, on the interest of the Bank in carrying out such transactions, as well as on the convenience and substantial correctness of the related conditions;
in the case of Transactions of Greater Significance, the timely involvement if deemed by the Committee, through one or more delegated members - in the negotiation phase and in the preliminary phase through the receipt of a complete and updated information flow and with the power to request information as well as to make observations to the delegated Bodies and the subjects in charge of the negotiations or the preliminary phase; and

• the constant monitoring, also for the purpose of formulating any corrective measures, of the transactions with components of the Single Perimeter carried out directly or indirectly by Banca Ifis, other than Exiguous Transactions, for which the procedural exemptions described below have been applied.

Refer to paragraph 8.2 for activities during FY 2021.

The Policy, which outlines the approach that the Bank, also in exercising its role as Parent company, adopts in order to ensure effective monitoring of any risks of conflicts of interest in transactions with related parties and associated persons, as well as the criteria for identifying the persons whose transactions may fall within the scope of application of the Policy itself and the procedures for the preliminary investigation, proposal and approval of transactions, is available on the website www.bancaifis.it (in the section "Corporate Governance - Reports and documents - Related parties and associated persons").

The Board has adopted further operating solutions suitable to facilitate the identification and adequate management of situations in which a director has an interest on his own behalf or on behalf of third parties by means of the Policy on Personal Transactions (last updated in February 2020), the Policy on transactions carried out by Relevant Persons and Persons Closely Related to them in shares, credit instruments and related financial instruments issued by Banca Ifis (last updated in April 2021) and the Policy of Group Policy for the Management of Conflicts of Interest (last updated June 2020) and the Group Organisational Procedure for the Management of Transactions with Relevant Persons pursuant to Article 2391 (last updated August 2021).

The Policy on Personal Transactions regulates the requirements connected with the identification of Relevant Persons and the information that the Bank must provide to them; the rules that Relevant Persons must comply with in order to report to the Bank Personal Transactions Subject to Notification carried out on Financial Instruments; the procedures for keeping the Register of Relevant Persons, the Register of Third Party Issuers and Personal Transactions.

Trading of a financial instrument carried out by, or on behalf of, a Relevant Person (including members of the Board of Directors) are regulated, provided that at least one of the following conditions is met:

a) the Relevant Person acts outside the scope of the activities he/she performs in his/her professional capacity;
b) the transaction is performed on behalf of any of the following persons:
- o the Relevant Person;
- o a person with whom the Relevant Person has a family relationship (spouse or common-law partner, children, any other relative of the Relevant Person who has cohabited with the Relevant Person for at least one year as of the date of the Personal Transaction) or Close Relatives;
- o a person who has a relationship with the Relevant Person such that the Relevant Person has a significant direct or indirect interest in the outcome of the transaction that is other than the payment of fees or commissions for the execution of the transaction.

On the other hand, the Policy on transactions carried out by Relevant Persons and Persons Closely Related to them in shares, debt securities and related financial instruments issued by Banca Ifis governs:

a) the fulfilments connected with the identification of the Relevant Persons (including the members of the Board of Directors) and of the "closely related" persons;
b) the management of information relating to transactions exceeding the Minimum Amount Threshold on units, credit securities or Related Instruments issued by Banca Ifis, carried out, directly or indirectly, by a Relevant Person or by a "Closely Related Person" and subject to the reporting requirements. The following are included:
- o transactions covered by Article 19 par. 7 of EU Regulation 596/2014
- o the transactions provided for in Article 10 of EU Delegated Regulation 522/2016;
c) the handling of closed periods, i.e. those periods during which the Relevant Persons must refrain from trading in shares or other debt instruments issued by Banca Ifis as well as financial instruments linked to them.

The Policy is available on the website www.bancaifis.it (in the "Corporate Governance - Internal Dealing" section).

The Group's Conflict of Interest Policy governs the principles assumed and the organisational process adopted in order to manage and mitigate or prevent actual or potential Conflicts of Interest arising from the various activities (hereinafter the Services) carried out by the supervised companies belonging to the Banca Ifis Banking Group.

The Group's Organisational Procedure for handling transactions with relevant persons pursuant to Art. 2391 governs the provisions to be observed in handling transactions with relevant persons pursuant to Art. 2391 of the Civil Code in order to guard against the risk that the proximity of certain parties to the decision-making structures of the Companies may compromise the objectivity and impartiality of decisions by virtue of their own interests or those of third parties in the performance of the Company's operations, with possible distortions in the process of allocating resources and exposure to risks that are not adequately measured or monitored by the Company over time; and to regulate the approval process for significant transactions pursuant to Article 2391 of the Civil Code.

10. Board of Statutory Auditors

10.1 Appointment and replacement

The appointment of the members of the Board of Statutory Auditors is governed by Art. 21 of the Articles of Association and takes place on the basis of lists submitted by the shareholders, in which the candidates are listed in order of appearance and number not exceeding the members of the body to be elected. The list shall include two sections: one for the candidates to the office of standing auditor, and one for the alternate auditor candidates.

A list can be submitted by the shareholder(s) who, at the time of submission of the list, own a shareholding equal to at least 1% of the ordinary shares or any other lower shareholding threshold that - pursuant to current legislation - is indicated in the notice of call of the Shareholders' Meeting convened to resolve on the appointment of the Auditors. The shareholding determined by Consob pursuant to the Issuers' Regulations is 2,5%.

Two standing auditors and one alternate auditor are elected from the list that obtained the highest number of votes, according to the sequential order in which they are listed; from the list that obtained the highest number of votes among the lists submitted and voted by shareholders who are not connected with the reference shareholders pursuant to Art. 148, paragraph 2 of Italian Legislative Decree no. 58/1998, the candidate indicated in the first position of the related section of the list is elected as Standing Auditor; from the same list, the candidate indicated in the first position of the related section of the list is elected as Alternate Auditor.

In the event of a tie between two or more lists, the most elderly candidates shall be elected as Auditors.

The Articles of Association do not envisage the possibility of drawing alternate auditors from the minority list to replace the minority member in addition to the minimum required by Consob regulations.

If the above-mentioned drawing criteria do not ensure the presence on the Board of at least one Standing Auditor and one Alternate Auditor belonging to the less represented gender, a scrolling mechanism shall be applied to the drawing from the list that obtained the highest number of votes at the Shareholders' Meeting, based on the sequential order in which the candidates are indicated, that excludes the candidate or candidates of the most represented gender and draws the candidate or candidates of the missing gender.

The Chairman of the Board of Statutory Auditors is the Standing Auditor elected from the above-mentioned minority list.

Outgoing Auditors may be re-elected, for no more than three terms, in accordance with the rules and the Corporate Governance Code.

If, despite the provisions of the Articles of Association and as specified above, only one list is submitted or only one list receives votes, three Standing Auditors and two Alternate Auditors shall be elected - provided that this list receives the majority of votes at the Meeting - in the order in which they are indicated for their office in that list, and the candidate for Standing Auditor indicated in first place in that list shall be appointed Chairman of the Board of Statutory Auditors.

In case of replacement of a Standing Auditor, the Alternate Auditor belonging to the same list as the outgoing one takes over. If it is necessary to appoint standing and/or alternate auditors in order to integrate the Board of Statutory Auditors following the early termination of office of auditors, the Meeting shall proceed as follows: if auditors elected in the majority list need to be replaced, the auditor(s) shall be appointed by majority vote, without any list constraint. If, on the other hand, it is necessary to replace an auditor appointed by the minority, the Shareholders' Meeting shall replace him by a relative majority vote, choosing

him among the candidates included in the list to which the auditor to be replaced belonged, who confirmed their candidature at least twenty-five days prior to the date of the first call of the Shareholders' Meeting, together with the statements concerning the non-existence of any reason for ineligibility or incompatibility, as well as the existence of the requirements for the office.

The lists are filed at the Company's registered office no later than the twenty-fifth day prior to the date of the first call of the Shareholders' Meeting and made available to the public at the registered office, on the Company's website and according to the other procedures provided for by current legislation, at least twenty-one days prior to the date of the first call of the Shareholders' Meeting.

The ownership of the minimum shareholding required in order to submit lists is determined by taking into account the shares registered in favour of each single shareholder or of several shareholders jointly on the day when the lists are filed with the Company. In order to prove the ownership of the number of shares necessary to submit the lists, the shareholders may produce the related certification also after the filing, provided that it is within the deadline for the publication of the lists by the Company. Lists must be supplied complete with:

information regarding the identity of the shareholders who submitted the lists, indicating the percentage of shares held;
a declaration by the shareholders other than those who hold, also jointly, a controlling interest or a relative majority, certifying the absence of relationships of connection as provided for by Art. 144-quinquies of the "Regulation implementing Legislative Decree no. 58/1998 governing issuers" with the latter as well as other significant relationships;
a complete report on the personal and professional characteristics of the candidates as well as a declaration by the same candidates stating that they meet the requirements set out in by the law and that they accept the candidacy.

Candidates who already hold positions as auditor in five other listed companies or who do not comply with the requirements of integrity, professionalism and independence set out in the applicable legislation, or who fall within the cases described in Art. 148, paragraph 3 of Italian Legislative Decree 58/1998, cannot be included on the lists.

Each list must contain at least one candidate for the office of Standing Auditor and at least one candidate for the office of Alternate Auditor belonging to the less represented gender; this requirement does not apply to lists containing fewer than three candidates.

10.2 Composition and operation

The composition of the Board of Statutory Auditors in office at the end of the financial year 2021 is as follows:

Chairman: Giacomo Bugna,
Standing Auditor: Franco Olivetti,
Standing Auditor: Marinella Monterumisi,
Alternate Auditor: Giuseppina Manzo,
Alternate Auditor: Alessandro Carducci Artenisio.

The current Board of Statutory Auditors was appointed by the Ordinary Shareholders' Meeting on 19 March 2019 for FYs 2019, 2020 and 2021 and will expire on the date of the Shareholders' Meeting called to approve the financial statements for FY 2021. For the election of the Board at the Shareholders' Meeting of 19 April 2019, three lists of candidates were submitted, filed and published within the terms and in the manner required by current provisions and the Articles of Association, namely:

List 1 (LA SCOGLIERA) (shareholding equal to 67,04% of the share capital);
List 2 (Assogestioni) on behalf of the following group of investors (22,58% of the share capital):
- i. Arca S.G.R., manager of the fund Arca Economia Reale Equity Italia, Arca Economia Reale Bilanciato Italia 30;
- ii. Eurizon Capital S.G.R. S.p.A., manager of the funds Eurizon Pir Italia 30, Eurizon Progetto Italia 20, Eurizon Progetto Italia 70, Eurizon Azioni PMI Italia, Eurizon PIR Italia Azioni and Eurizon Progetto Italia 40;
- iii. Eurizon Capital SA, manager of the Eurizon Fund-Equity Small Mid Cap Italy fund;

iv. Fideuram Asset Management (Ireland), manager of the fund Fonditalia Equity Italy.
v. Fideuram Investimenti SGR S.p.A., manager of the funds Fideuram Italia, PIR Piano Azioni Italia, PIR Piano Bilanciato Italia 50 and PIR Piano Bilanciato Italia 30;
vi. Interfund Sicav InterfundEquity Italy;
vii. Generali Investiments Luxembourg S.A. manager of the funds GSmart PIR Evoluzione Italia, GSmart PIR Valore Italia and Gis European Eqty Recov;
viii. Mediolanum Gestione Fondi SGR S.p.A. manager of the funds Mediolanum Flessibile Futuro Italia and Mediolanum Flessibile Sviluppo Italia.
List 3 (Preve Costruzioni S.p.A.) (equity investment equal to 5,70% of the share capital).

Together with the lists, the following documents were also filed and published:

Certification attesting the ownership of a shareholding sufficient to submit a list and the absence of any connection, as set out in Art. 147-ter of the TUF and 144-quinquies of the Regulation on Issuers;
Declaration whereby each candidate: accepts his/her candidacy as Standing or Alternate Auditor, certifies that he/she possesses the requirements of professionalism, integrity and independence provided for by current legislation and the absence of causes of ineligibility and/or incompatibility; curriculum vitae and list of offices held.

Tab.8 shows the list of candidates, the list of those elected and the percentage of votes obtained in relation to the voting capital, while Tab.9 provides various information concerning the Board of Statutory Auditors for FY 2021.

List	Candidate List	Elected List	Percentage of votes obtained
1	Standing Auditors: Franco Olivetti Marinella Monterumisi Alternate Auditors: Anna Maria Salvador Alessandro Carducci Artenisio	Standing Auditors: Franco Olivetti Marinella Monterumisi Alternate Auditors: Alessandro Carducci Artenisio	67,04%
2	Standing Auditors: Giacomo Bugna Alternate Auditors: Giuseppina Manzo	Chairman: Giacomo Bugna Alternate Auditors: Giuseppina Manzo	22,58%
3	Standing Auditors: Paolo Bifulco Alternate Auditors: Giorgio Stefano Marcolongo		5,70%

Tab.8

Office	Members	In office		Date of
		from	to	first appointme nt	List (M/m)*	Indep. Code	BoA meeting attendance
Chairman	Giacomo Bugna	19/04/2019	Approval of the 2021 financial statements	2013	m	X	26/26
Standing Auditor	Franco Olivetti	19/04/2019	Approval of the 2021 financial statements	2019	M	X	26/26
Standing Auditor	Marinella Monterumisi	19/04/2019	Approval of the 2021 financial statements	2019	M	X	26/26
Alternate Auditor	Giuseppina Manzo	19/04/2019	Approval of the 2021 financial statements	2019	m	X
Alternate Auditor	Alessandro Carducci Artenisio	19/04/2019	Approval of the 2021 financial statements	2019	M	X
Quorum required for the submission of lists by minorities for the election of one or more members (pursuant to Art. 147-ter of the TUF): 1%
No. of meetings held during the reporting year: 27
Notes:

* This column shows the list from which each auditor has been drawn ("M": majority list; "m": minority list).

The members of the Board of Statutory Auditors comply with the requirements set out by the regulations in force; the requirements of integrity, correctness, professionalism, competence and independence, as well as the compliance with the prohibition of interlocking were verified, on the occasion of the renewal of the body, by the Board of Directors on 9 May 2019. In addition to the provisions of Art. 148, paragraph 3 of the TUF and the Code, in the assessment of the requirements of all corporate representatives, the requirements were verified on the basis of the Regulations in force in relation to the Requirements pursuant to Art. 26 of the TUB, also verifying the absence of any critical elements in relation to the criteria set out in the Draft Decree concerning the requirements of integrity, correctness, professionalism, competence, independence and independence of judgement.

Information on the personal and professional characteristics of each auditor can be found on the Bank's website under section Corporate Governance - Corporate Bodies - Board of Statutory Auditors.

The following table shows the breakdown of the members of the Board of Statutory Auditors by age bracket and gender.

In FY 2021, the Board of Statutory Auditors met 27 times (5 jointly with the Control and Risks Committee and 2 jointly with the Boards of Statutory Auditors of the Subsidiaries); the average duration of the meetings was approximately 2 hours and 40 minutes. As of the date of approval of this Report, 7 meetings have been held, 2 of which jointly with the Control and Risk Committee; 22 meetings have been scheduled for 2022.

In tab.10 and 11, in order to comply with the requirements of Circular no. 285/2013 of the Bank of Italy (Section VII, Chapter 1, Title IV, Part One), the number and type of offices held by the standing members of the Board of Statutory Auditors of Banca Ifis at the date of approval of this Report are shown, based on the information provided by them.

OFFICES HELD BY MEMBERS OF THE BOARD OF AUDITORS IN OTHER COMPANIES
	Management and control offices in the companies referred to in Book V, Title V, Chapters V, VI and VII of the Civil Code				Other assignments		T O
	BANKING GROUP		Other				TA
	E.	N.E.	E.	N.E.	E.	N.E.	L
Giacomo Bugna				2*			2
Franco Olivetti		2		3**		1	6
Marinella Monterumisi		3		3		9	15
E.: executive N.E.: non-executive

Tab.10

* Office of Chairman of the Board of Statutory Auditors of Ifis Rental Services s.r.l. and Member of the Board of Statutory Auditors of Ifis Real Estate S.p.A. belonging to the (non-banking) Banca Ifis group. **Office of Standing Auditor in Ifis Real Estate S.p.A. belonging to the (non-banking) Banca Ifis group.

Auditor	List of positions	Companies belonging to the Banca Ifis Group
		NO	Banking Group	Non banking Group
Giacomo Bugna	Chairman of the Board of Statutory Auditors of Banca Ifis Auditor of Ifis Real Estate S.p.A. Chairman of the Board of Statutory Auditors of Ifis Rental Services s.r.l		X	X X

Tab. 11

Auditor	List of positions	Companies belonging to the Banca Ifis Group
		NO	Banking Group	Non banking Group
Franco Olivetti	Auditor of Banca Ifis Auditor of Ifis Real Estate S.p.A. Auditor of Farbanca S.p.A. Auditor of Credifarma S.p.A. Auditor of Justlex Italia società tra avvocati per azioni Alternate Auditor of Cap.Ital.Fin. S.p.A. Alternate Auditor of Ifis Npl Investing S.p.A. Sole auditor/auditor of Atesina San Marco S.r.l.	X X	X X X X X	X
Marinella Monterumisi	Auditor of Banca Ifis Director of MARR S.p.A. Alternate Auditor of NEODECORTECH S.p.A Auditor of Farbanca S.p.A. Alternate Auditor of Nuova Madonnina S.p.A. in liquidation Alternate Auditor of Solution Bank S.p.A. Auditor of Società Agricola Le Cicogne S.r.l. Auditor of Lugo Immobiliare S.r.l. - In liquidation Alternate Auditor of Justlex Italia Società tra avvocati per azioni Liquidator of Gestioni Cinematografiche - GE.CI di De Sarno Pignano Renato, Succi Massimo, Berti Ferruccio, Berti Flavio - S.n.c. (inactive company) Chairman of the Board of Statutory Auditors of Promozione alberghiera società cooperativa Bankruptcy liquidator Urru Aldo Chairman of the Board of Statutory Auditors of Renè Caovilla S.p.A. Sole Auditor of SPES S.p.A. Auditor of Pesaresi Giuseppe S.p.A. Partner and liquidator of Team Work di Miria e Marinella Monterumisi S.n.c. Liquidator of Immobiliare Appia s.a.s. di Daniele Bernhard Sole Auditor of Rimini Welcome - Destination Management Company Società consortile a r.l. Auditor of Ifis Npl Investing S.p.A. Auditor of Ifis Npl Servicing S.p.A.	X X X X X X X X X X X X X X X X	X X X X

Diversity criteria and policies

Indications regarding the composition of the corporate bodies, both in terms of gender and in terms of diversification of skills, experience, age and international projection are contained in the Articles of Association.

One of the aims of the self-assessment process to which the Board of Statutory Auditors was subject when it took office is to check the correct and effective functioning of the body and its adequacy in terms of qualitative composition, skills and professionalism.

The qualitative composition, in terms of average age and gender, is good, also thanks to the provision contained in the Articles of Association according to which at least one Standing Auditor and one Alternate Auditor must belong to the less represented gender.

The self-assessment carried out also made it possible to highlight the adequacy of professional skills and characteristics, as well as their spread and diversification, in line with the complexity and activities carried out by the Bank.

The diversification of skills and professionalism allows the Auditors to make an adequate contribution to the activity of the Board itself and favours a variety of approaches and perspectives in the analysis of problems and in the eventual decision to intervene. In this sense, the diversification of skills within the same was considered substantially adequate in relation to the main activities of competence, which concern:

• the internal control system;

the organisational and accounting structures;
the regulation of conflicts of interest;
the systems and procedures of the Bank's business and operations.

On the other hand, the diversification of professionalism has been highlighted during the verification of the possession of the requirements of professionalism, integrity and independence for directors and auditors, without prejudice to the obligation to enrol in the register of auditors of the subjects carrying out control functions (Art. 3 of Ministerial Decree 161/98).

The Board of Statutory Auditors, in view of the renewal of the Body during the Shareholders' Meeting that will approve the financial statements for 2021, also approved the document "Qualitative and quantitative composition deemed optimal of the Board of Statutory Auditors" to be made available to the shareholders.

All in all, the Bank does not consider it necessary to adopt further specific diversity policies in relation to the composition of the supervisory body.

Independence

The criteria adopted comply with the independence requirements set out in the Corporate Governance Code and Art.148, paragraph 3 of the TUF; the positive results were notified to the Board of Directors, which informed the public by means of a press release issued on the same date, i.e. on 19 April 2019.

The verification related to the permanence of independence requirements was subsequently carried out on 11 March 2020; the outcome of the verification was communicated to the Board on 12 March 2020 and all the criteria set out by the Code with reference to the independence of directors were applied, in addition to the above-mentioned criteria. Finally, lastly, the verification of the permanence of the requirements was carried out on 12 May 2021.

The members of the Board of Statutory Auditors must meet the requirements of integrity and professionalism laid down in the Regulations adopted by Ministry of Justice Order no. 162 of 30 March 2000, as well as the independence requirements laid down in Legislative Decree no. 58/1998 (TUF) and provided for in the Corporate Governance Code (Art. 8).

The Board periodically checks the suitability of its members to carry out the functions of the control body in terms of professionalism, time availability and independence, as well as their adequacy in terms of powers, functioning and composition, taking into account the size, complexity and activities carried out by Banca Ifis.

Remuneration

The remuneration of Auditors is one of the issues subject to self-assessment by the members of the body; it is correctly proportionate to the commitment required, the importance of the role covered and the size and sector characteristics of the company.

Interest management

In accordance with the provisions of the Corporate Governance Code, and also pursuant to the provisions of Art. 136 TUB paragraph 1 ("Obligations of bank representatives"), if the auditor - on his/her own behalf or on behalf of third parties - has an interest in a certain transaction of the Issuer, he/she shall promptly and exhaustively inform the other auditors and the Chairman of the Board about the nature, terms, origin and extent of his/her interest. Auditors are also covered by the scope of application of the "Group Policy on transactions with related parties, associated parties and corporate representatives pursuant to Art. 136 TUB", which is discussed in Section 10.

11. Shareholder relations

Access to information

During FY 2020, the rebranding of Banca Ifis was carried out and a key point of the project was to harmonise the digital infrastructures to enable a better experience for users accessing the channels, as well as making services more easily accessible. The measures adopted make it easy to identify specific sections of the Company's website in which information relevant to its shareholders is made available, so that they can exercise their rights in an informed manner. In particular, it is possible to identify the material of interest in the sections Corporate Governance, Investor Relations, About Us and Sustainability. The Head of Investor Relations, as of November 2018, is Andrea Martino Da Rio.

Dialogue with shareholders

The Board of Directors in November 2021 approved, on the proposal of the Chairman of the Board of Directors, in agreement with the CEO and with the support of the Head of Investor Relations and Corporate Development, the Policy for the Management of Dialogue by Directors with Investors, available on the institutional website of Banca Ifis www.bancaifis.it following the path Investor Relations - strategy and strengths.

The Bank, with the aim of fostering transparency towards the financial community and markets, through building, maintaining and developing an active relationship of trust with Investors, in the Policy, establishes among other things:

1) the identification of the Directors Responsible for managing the Dialogue, identified as Chairman, Deputy Chairman, CEO or Lead Independent Director, who exercise this power with the support of the corporate functions, in particular the Head of Investor Relations and Corporate Development;
2) the differences between the procedures relating to the dialogue initiated at the initiative of Banca Ifis, through the organisation of collective or bilateral meetings with Investors, and that initiated at the initiative of the Investors, who may make a written request by addressing it to the Head of Investor Relations and Corporate Development who will inform the Secretary of the Board;
3) relevant issues on which to establish Dialogue, such as:
- a) corporate governance;
- b) social and environmental sustainability;
- c) the policies on the remuneration of Directors and key management staff and their implementation;
- d) the internal control and risk management system;
- e) the strategy;
- f) financial and non-financial results, and
- g) capital structure;
4) the provision of a periodic report, on a quarterly basis (unless there were no meetings during the reference period), to the corporate bodies on the conduct of meetings with investors and the related outcomes.

12. Shareholders' Meetings

The Shareholders' Meeting adopted the "Regulations for Shareholders' Meetings", whose current version was approved on 23 April 2020, in order to enable the orderly and proper functioning of the meetings, while guaranteeing the right of each shareholder to take the floor on the issues under discussion.

The "Regulations", which describe the maximum duration of individual interventions, their order, voting procedures, the interventions of Directors and Auditors, as well as the powers to settle and prevent conflict situations during the meetings, are available on the website www.bancaifis.it (under section "Corporate Governance - Shareholders' Meetings").

The Shareholders' Meeting is usually chaired by the Chairman of the Board of Directors and may be attended by the holders of voting rights for whom the Company has received, by the end of the third trading day prior to the date set for the Shareholders' Meeting on first call, the communication from the authorised intermediary certifying their entitlement. The notification is made on the basis of the evidence relating to the end of the accounting day of the seventh trading day prior to the date set for the first call of the meeting.

The legitimacy to attend and exercise the right to vote remains unchanged in case such communication is received by the Company after the above-mentioned deadline, provided that it is received before the beginning of the meeting's work for each single call.

Those who have the right to vote may be represented at the Shareholders' Meeting, pursuant to the law, by means of a written or electronic proxy.

Electronic notification of the proxy may be made through the use of a special application available on the Company's website.

For each Shareholders' Meeting, the Company appoints one or more persons to whom the holders of voting rights may grant a proxy with voting instructions on all or some of the proposals on the agenda, in accordance with the procedures provided for by the applicable regulatory provisions. The proxy is only effective with regard to proposals for which voting instructions have been given.

With regard to the majorities required for the validity of resolutions and the drafting of the minutes, reference is made to the provisions of the law, the applicable regulations, the Articles of Association and the Regulations for Shareholders' Meetings.

All those who speak shall have the right to speak on each of the subjects under discussion. Entitled parties may ask questions on the items on the agenda even before the Meeting within the time limit set out by current legislation and indicated in the notice of call. Questions received by the deadline indicated in the notice shall be answered at the latest during the Meeting; a single answer may be given to questions with the same content. Those who intend to speak must ask the Chairman to do so by submitting a written request containing an indication of the item to which the request refers, after he has read out the items on the agenda and until he has declared discussion of the item to which the request to speak refers closed. As a rule, the Chairman shall give the floor in the chronological order in which the applications are submitted; if two or more applications are submitted at the same time, the Chairman shall give the floor in the alphabetical order of the applicants' last names. The Chairman may authorise the presentation of requests to speak by a show of hands; in this case the Chairman shall grant the floor in alphabetical order of the applicants' surnames. Members of the Board of Directors, the Board of Statutory Auditors and the General Management of the Bank or of the other Group companies, as well as representatives of the Independent Auditors, and staff of the Company and the Group, may ask to take part in the discussion when this is deemed useful by the Chairman in relation to the subject under discussion.

***

Three Shareholders' Meetings were held during 2021.

During the Ordinary Shareholders' Meeting held on 22 April 2021, the whole Board of Directors was present, partly physically and partly through the use of remote connection systems in compliance with current regulations, with the exception of the Directors Roberto Diacetti and Daniele Umberto Santosuosso, who were unable to attend; all members of the Board of Statutory Auditors were also present. Shareholders were briefed by the Chairman of the Remuneration Committee on how the Committee's functions are to be carried out in the context of the Remuneration Report.

During the meeting of the Extraordinary and Ordinary Shareholders' Meeting held on 28 July 2021, the whole Board of Directors was present, partly physically and partly by means of remote connection systems in compliance with the provisions in force, with the exception of the Directors Roberto Diacetti and Daniele Umberto Santosuosso, who were unable to attend; all the members of the Board of Statutory Auditors were also present.

At the Ordinary Shareholders' Meeting held on 21 December 2021, the entire Board of Directors was present, through the use of remote connection systems in compliance with the provisions in force, with the exception of the Chairman of the Board of Directors Sebastien Egon Furstenberg, the Directors Roberto Diacetti, Daniele Umberto Santosuosso and Monica Billio who were unable to attend; also present, through the use of remote connection systems in compliance with the provisions in force, were all the members of the Board of Statutory Auditors with the exception of the Chairman of the Board of Statutory Auditors Giacomo Bugna.

During the meetings, the CEO, as representative of the Board of Directors, is available to report on the activities carried out and planned by the Board, in any case in compliance with the rules on inside information. The Board - also by means of the reports made available to the shareholders according to the terms set out by the TUF and by means of the progressive improvement of the organisation of institutional communication through the website - does its best to ensure that the shareholders receive

adequate information on the elements necessary to take the decisions for which the Shareholders' Meeting is responsible, with full knowledge of the facts.

***

During the year, the Board did not deem it necessary to define a different corporate governance system as the existing one is functional to the company's needs.

13.Considerations on the Letter from the Chairman of the Corporate Governance Committee

The letter from the Committee Chairman and the annual report, addressed to the listed companies on 3 December 2021, were the subject of specific disclosure by the Chief Executive Officer to the Board of Directors at the meeting held on 16 December 2021, resulting in the documentation being made available to the directors and auditors.

The contents of the letter were also brought to the attention of the Independent Directors by the Lead Independent Director at the meeting of the Independent Directors only, held on 15 December 2021, and will be discussed at a future meeting of the Independent Directors.

The recommendations, made by the Committee over time, are adequately implemented by Banca Ifis and are reflected in this Report, as far as governance aspects are concerned, and in the Remuneration Report, as far as this matter is concerned.