Report on Corporate Governance and Shareholding Structure

2024

Report on Corporate Governance and Shareholding Structure

2024

Pursuant to Art. 123-bis of the Consolidated Finance Act (traditional administration and control model) Website: www.bancaifis.it Document approved by the Board of Directors at its 6 March 2025 meeting

Banca Ifis S.p.A - Registered office in Via Terraglio 63

30174 Venice - Mestre - Italy. Venice Companies Register Number and Tax Code 02505630109

VAT No. 02992620274 - Group VAT 04570150278 - Economic and Administrative Index (REA) No.: VE – 247118

Fully paid-up share capital: 53.811.095 Euro - Registered with the Official List of banks under No. 5508 Parent Company of the Banca Ifis S.p.A. banking group - Member of the National Guarantee Fund, the National Deposit Protection Fund, the Italian Factoring Association and Factors Chain International.

Background
Glossary		2
	1. Issuer Profile	4
	Shareholders Corporate governance model Shareholders' Meeting Board of Directors Board committees Board of Statutory Auditors	5 6 7 8 8 8
	2. Information on the shareholding structure as at 31 December 2024	10
	2.1 Capital structure	10
	2.2 Restrictions on the transfer of securities	10
	2.3 Significant equity investments	10
	2.4 Securities conferring special rights	11
	2.5 Employee share ownership: mechanism for exercising voting rights	11
	2.6 Restrictions on voting rights	11
	2.7 Shareholder agreements	11
	2.8 Change of control clauses and provisions of the Articles of Association relating to takeover bids	11
	2.9 Powers to increase share capital and authorisations to purchase own shares	12
	2.10 Management and coordination activities	12
	3. Compliance (pursuant to art. 123-bis, paragraph 2, letter a), TUF)	13
	4. Board of Directors	14
4.1	Role of the Board of Directors	14
4.2	Appointment and replacement	18
4.3	Composition	20
	Diversity criteria and policies in Board composition and corporate organisation Maximum number of offices held in other companies	24 26
4.4	Functioning of the Board of Directors	31
4.5	Role of the Chair	32
	Board Secretary	35
4.6	Executive directors	35
	Chief Executive Officer	35
	Chair of the Board of Directors	36
	Information to the Board by the CEO	37
4.7	Independent directors and Lead Independent Director	37

Independent directors Lead Independent Director 5. Corporate information management 6. Board committees 7. Director Self-Evaluation and Succession - Appointments Committee 7.1 Self-Assessment and Director succession 7.2 Appointments Committee Composition and functioning of the Appointments Committee Member of the Appointments Committee 8. Remuneration of Directors - Remuneration Committee 8.1 Remuneration of Directors 8.2 Remuneration Committee 9. Internal Control and Risk Management System - Control and Risk Committee a.Main characteristics of the existing risk management and internal control systems in relation to the financial reporting process a.1. Background a.2. Description of the main characteristics of the existing risk management and internal control system in relation to the financial and sustainability reporting process (the "System") a.2.1 Steps in the process of managing the risks of financial misstatement a.2.2 Steps in the process of managing the risks of sustainability misreporting a.2.3 Roles and Functions involved 9.1 Chief Executive Officer 9.2 Control and Risks Committee Composition and functioning of the Control and Risks Committee 9.3 Head of the Internal Audit Function 9.4 Organisational model pursuant to Legislative Decree No. 231/2001 9.5 Independent Auditors 9.6 Manager charged with preparing the company's financial reports and other corporate roles and functions 9.7 Coordination between the parties involved in the internal control and risk management system 10. Directors' interests and related party transactions 11. Board of Statutory Auditors 11.1 Appointment and replacement 11.2 Composition and operation Diversity criteria and policies Independence Remuneration
		37
		39
		40
		41
		42
		42
		44
		44
		45
		47
		47
		47
		48
		58
		58
		59
		59
		60
		61
		62
		62
		62
		67
		69
		70
		71
		72
		74
		76
		76
		77
		81
		82
		82

	Interest management	82
	11.3 Role	82
12.	Shareholder relations	84
	Access to information	84
	Dialogue with shareholders	84
13.	Shareholders' Meetings	85
14.	Considerations on the Letter from the Chair of the Corporate Governance Committee	88

TABLES

Background

This Report is available on the website of Banca Ifis S.p.A. ("Banca Ifis" or the "Bank") in the Corporate Governance section, is drawn up pursuant to Art. 123-bis of the Consolidated Law on Finance and also fulfils the public disclosure obligations for banks set out in the Bank of Italy's Supervisory Provisions on corporate governance.

Banca Ifis has adhered to the Code of Corporate Governance for Listed Companies since 2001, and the Report aims to provide exhaustive and transparent information on the concrete application of the Principles of the Code, published on the website of the Corporate Governance Committee (https://www.borsaitaliana.it/comitato-corporate governance/codice/2020.pdf).

It should be noted that the provisions of the Code regarding the remuneration of directors and the Remuneration Committee are contained in the Remuneration Report to which reference should be made.

The Report was approved by the Board of Directors at its meeting on 07 March 2024, and within the Report the information, unless otherwise specified, is as of the date of its approval.

The Report was submitted to the auditing firm PWC S.p.A. and the consistency opinion provided for by Art. 123-bis of the Consolidated Law on Finance is included in the Reports prepared pursuant to Art. 14 of Legislative Decree No. 39/2010, which are attached to the separate and consolidated financial statements.

Glossary

Code/Corporate Governance Code: the Corporate Governance Code for Listed Companies approved in January 2020 by the Corporate Governance Committee.

Civil Code /c.c.: the Italian Civil Code, Royal Decree No. 262 of 16 March 1942, as amended.

Committee/CG Committee/Corporate Governance Committee: the Italian Committee for the Corporate Governance of listed companies, promoted by Borsa Italiana S.p.A., ABI, ANIA, Assogestioni, Assonime and Confindustria.

Board: the Issuer's Board of Directors.

Ministerial Decree 169/2020: Decree No. 169 of 23 November 2020 - Regulation on the requirements and eligibility criteria for the performance of the duties of corporate officers of banks, financial intermediaries, credit consortia, electronic money institutions, payment institutions and depositor guarantee schemes.

Supervisory Provisions: Bank of Italy Circular No. 285 of 17 December 2013 and subsequent updates

Issuer: the issuer of securities to which the Report refers, i.e., Banca Ifis S.p.A..

FY: the financial year to which the Report refers.

ESRS: the sustainability reporting principles defined in Commission Delegated Regulation (EU) 2023/2772 of 31 July 2023.

Consob Issuers' Regulation: the Regulation issued by Consob by Resolution No. 11971 of 1999 (as subsequently amended) concerning issuers.

Consob Market Regulation: the Regulation issued by Consob with Resolution No. 20249 of 2017 (as subsequently amended) concerning markets.

Consob Related Parties Regulation: the Regulation issued by Consob with Resolution No. 17221 of 12 March 2010 (as subsequently amended) concerning transactions with related parties.

Report: the report on corporate governance and corporate structures that companies are required to prepare and publish pursuant to Art. 123-bis of the TUF.

Remuneration Report: the report on the remuneration policy and the fees paid that companies are required to prepare and publish pursuant to Art. 123-ter of the TUF and 84-quater of Consob Issuers' Regulation.

Consolidated Law on Finance ("TUF", Testo Unico della Finanza): Legislative Decree No. 58 of 24 February 1998 and subsequent amendments.

Consolidated Law on Banking ("TUB", Testo Unico Bancario): Legislative Decree No. 385 of 1 September 1993 and subsequent amendments.

Unless otherwise specified, the definitions in the CG Code relating to the following are also to be understood as being referred to by reference: directors, executive directors, independent directors, significant shareholder, chief executive officer (CEO), board of directors, control body, business plan, concentrated ownership company, large company, sustainable success, top management.

Furthermore, in the sections that refer to the content of the relevant ESRS, the definitions of the ESRS themselves should also be referred to by reference, in particular those relating to: lobbying, value chain, affected communities, active and passive bribery, corporate culture, consumers, sustainability statement, employee, discrimination, suppliers, own

workforce, impacts, sustainability-related impacts, workers in the value chain, non-employee workers, independent board members, metrics, business model, harassment, targets, opportunities, sustainability-related opportunities, boards of directors, management and control, policy, poor peoples, stakeholders, sustainability issues, materiality, risks, sustainability-related risks, end-users.

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

1. Issuer Profile

Banca Ifis is organised according to the traditional administration and control model; subject to the provisions contained in the Supervisory Provisions issued by the Bank of Italy (Circular No. 285/2013) and in particular, with regard to the issue of corporate governance pursuant to the provisions contained in the aforementioned Circular in Part I, Title IV, Chapter 1, it qualifies as a bank of greater size or operational complexity, as it is a listed bank. Banca Ifis is a Less Significant Institutions subject to the direct supervisory powers of the Bank of Italy; Banca Ifis has been listed on the Milan Stock Exchange (Euronext Star segment) since 2003.

Since 2017, the Bank has been publishing the non-financial statement (NFS) on its website, which can be found at https://www.bancaifis.it/la-nostra-sostenibilita/dichiarazione-non-finanziaria/, pursuant to Legislative Decree No. 254/2016 as a public interest entity with the dimensional characteristics required for the application of the regulations. Pursuant to Legislative Decree No. 125 of 6 September 2024, as of 1 January 2025, Banca Ifis is required to prepare sustainability reporting available on the website www.bancaIfis.it in the "Investor Relations - Financial Results and Presentations - 2024 Financial Statements" section. Within it - in compliance with the ESRS reporting principles defined by EFRAG - corporate governance issues, among others, are dealt with analytically. On this point, please refer to the aforementioned document for further information.

Since January 2025, the Bank has fallen within the definition of an SME pursuant to Article 1, paragraph 1, letter w-quater. 1) of the Consolidated Law on Finance and Article 2-ter of the Consob Issuers' Regulation.

Banca Ifis is the parent company of the Banca Ifis Banking Group, an active player in speciality finance. The main business activities are the offer of services and credit solutions to businesses and the acquisition/management of impaired credit portfolios; Banca Ifis is a challenger bank made up of people, experience and technology that develops specialised solutions for the world of businesses and individuals with the aim of creating lasting and sustainable value. It meets the needs of individuals and Small Medium Enterprises, thanks to a unique specialised and diversified business model. The Banca Ifis Group identifies itself as a digital, sustainable, and authentic bank, based on solid principles of integrity, transparency, and competence, in a constant search for improvement and excellence, to provide concrete support to businesses.

Banca Ifis has embarked on an important journey to increasingly integrate ESG criteria into the business model. With a clear vision: sustainability, in all its forms, represents a lever for creating value and a fundamental driver of development, which looks at the tangible impacts on people, the environment and the community. . In the 2022-2024 D.O.E.S. Industrial Plan, the "Sustainable" pillar sets precise objectives and commitments on the three ESG aspects – Environment, Social and Governance – with direct connections to the business.

In order to give impetus and effectiveness to ESG activities and initiatives, the Parent Company has set up a special Committee chaired by the Chair of the Board of Directors, in which some of the top managers of the Bank and its Subsidiaries participate, in addition to the Deputy Chair of the Board of Directors, the Chief Executive Officer, and the Co-General Managers.

At the date of approval of the Report, the other companies making up the Banking Group are:

Cap.Ital.Fin. S.p.A., a financial intermediary registered in the Register pursuant to Art. 106 of the TUB, which represents the Group's consumer credit business unit, specialising in salary and pension backed loans;
Banca Credifarma S.p.A., created on 11 April 2022 through the merger by incorporation of Credifarma into Farbanca, is the first Italian pole specialising in financial services to pharmacies. The Bank's mission is the development and growth of the pharmacy sector by offering pharmacies all the solutions to support their different business needs, assisting them from opening or acquisition to management and restructuring.

Ifis Finance I.F.N. S.A., a financial company under Romanian law, with the aim of supporting both the domestic market and Romanian companies with receivables from foreign customers. It supports companies in their growth and innovation processes through various factoring solutions.
Ifis Finance Sp. z o.o., a financial company under Polish law specialising in factoring services which include the financing of trade receivables, the management of payments and the hedging of credit risk towards customers;
Ifis Npl 2021-1 SPV S.r.l., a company incorporated pursuant to Law 130/99 for the purposes of a loan securitisation transaction and registered in the list of vehicle companies kept by the Bank of Italy pursuant to Bank of Italy Order No. 35782.2 of 7 June 2017.
Ifis Npl Investing S.p.A., a financial intermediary registered in the Register pursuant to Art. 106 of the TUB and an active investor in the Italian market of non-performing loans. The company purchases Npl portfolios, mainly originated by financial institutions and banks, and originates for the Group investment opportunities in fund units and securitisation notes, issued by vehicles that invest in impaired loans; the company supports the Group in senior financing and special lending transactions on distressed portfolios. In 2024 was the completion of the merger by
incorporation of Revalea S.p.A. financial intermediary pursuant to Article 106 of the Consolidated Banking Act of Ifis Npl Investing S.p.A.. Ifis Npl Investing S.p.A. controls:
- o Ifis Npl Servicing S.p.A., a financial intermediary registered in the Register pursuant to Art. 106 of the TUB, which manages and integrates the various platforms for the management and collection of nonperforming loans both for the portfolio owned by Ifis Npl Investing S.p.A. and for third parties;

Banca Ifis also controls Ifis Rental Services S.r.l., an unregulated company specialising in the operating rental segment, not included in the Banking Group's perimeter.

Shareholders

The share capital of Banca Ifis as at 31 December 2022 is represented by 53,811,095 ordinary shares with a nominal amount of 1 Euro issued in dematerialised form, indivisible and freely transferable.

Corporate governance model

Banca Ifis adopts the traditional administration & control model, considering it to be the most suited for ensuring the efficiency of operations and effectiveness of controls given its specific characteristics.

For Banca Ifis, the traditional administration and control model has so far yielded good results in terms of value creation for shareholders, capital strengthening and financial balance. The stability of the Bank and the Group, which also emerges from the overall and fruitful dialogue with the Supervisory Authorities, in turn led to confirmation of the choice of the traditional model.

The traditional model appears, also in perspective, to be the most suitable to support a harmonious and orderly development of the Group, as it places the competences for strategic supervision, management and control in a structure that has so far proved

to be effective and efficient, facilitating a clear definition of responsibilities, a streamlined decision-making process and an effective dialogue between the bodies themselves.

Under the model adopted by Banca Ifis:

strategic supervision is performed by the Board of Directors;
the CEO is responsible for the company's operations. The Co-General Managers are involved in management;
control is performed by the Board of Statutory Auditors.

Shareholders' Meeting

The Shareholders' Meeting is a collective deliberative body made up of the Bank's shareholders and/or their representatives; its resolutions, taken in compliance with the law and the Articles of Association, are binding on all shareholders, even if absent or dissenting. The Shareholders' Meeting is ordinary and extraordinary in accordance with the law and can also be convened outside the registered office, provided that it is held within the national territory.

The Ordinary Shareholders' Meeting is convened at least once a year, within 120 days of the end of the financial year, to pass resolutions on the matters for which it is responsible under current legislation and the Bank's Articles of Association.

In particular, the Ordinary Meeting:

approves the financial statements;
appoints by means of list voting and revokes the members of the Board of Directors and determines their remuneration;
appoints, using the list voting mechanism, the Statutory Auditors and, in accordance with the provisions of the Articles of Association, identifies, from among the appointed Statutory Auditors, the Chair of the Board of Statutory Auditors, establishing their remuneration;
may appoint, even outside the members of the Board of Directors, an Honorary Chair, chosen among people who have significantly contributed to the prestige and development of the Company;
approves the remuneration and incentive policies for the Board of Directors, the CEO, the Board of Statutory Auditors, the General Manager, the Co-General Manager(s) and other staff;
approves any remuneration plans based on financial instruments;
approves the criteria for calculating the remuneration to be agreed in the event of early termination of the employment relationship or early termination of office, including the limits established for remuneration in terms of annual instalments of fixed remuneration and the maximum amount that results from their application; and
has the power to approve the ratio between the variable and fixed components of the individual remuneration of staff in excess of 100%, however in any case not exceeding the limit set out in accordance with the laws and regulations in force at the time (currently 200%, a ratio of 2:1). The proposal may be considered validly approved with the majorities provided for by the legislation applicable over time.

The Extraordinary Shareholders' Meeting resolves on amendments to the Articles of Association and on other matters reserved to it by the Articles of Association or by law.

The Meeting is, as a rule, chaired by the Chair of the Board of Directors and the holders of the right to vote may participate in the Meeting, also by granting a proxy to the designated Representative, as provided for in the Articles of Association, for whom the Company has received, by the end of the third open market day preceding the day set for the first call of the Meeting, the communication from the authorised intermediary certifying their legitimacy.

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

For more information on the Shareholders' Meeting, refer to Section 13

Board of Directors

The Company is governed by a Board of Directors consisting of five to fifteen members, elected by the Shareholders' Meeting. As of 6 March 2025, the number of directors in office is 13; the mandate of the directors will expire on the date of the Meeting called to approve the 2024 financial statements.

The Board elects a Chair and may elect a Deputy Chair; it also appoints a CEO, who is in charge of managing corporate operations aimed at achieving the strategic corporate policies and objectives approved by the Board of Directors, and establishes their management powers.

For more information on the Board of Directors, refer to Section 4

Board committees

Three committees have been set up within the Board of Directors, partly in line with the provisions of the Corporate Governance Code. These committees, which have the task of making proposals, conducting investigations and providing advice, enable the body with strategic supervisory functions to take its decisions in a more informed manner:

Control and Risks Committee;
Appointments Committee; and
Remuneration Committee.

The composition, operation and responsibilities of Board Committees are governed by the Regulation of the Board of Directors, the Board Committees and the Supervisory Body and the General Regulation.

See Sections 6, 7, 8, and 9 for more information on Board Committees

Board of Statutory Auditors

The Board of Statutory Auditors consists of three standing auditors and two alternate members. The appointment takes place on the basis of lists submitted by the shareholders, in which the candidates are listed in order of appearance and number not exceeding the members of the body to be elected. Each list shall include two sections: one for the candidates to the office of standing auditor, and the other for the alternate auditor candidates. The current Auditors' term of office will expire on the date of the Shareholders' Meeting called to approve the 2024 financial statements.

According to the Articles of Association, two Standing Auditors and one Alternate Auditor are elected from the list that obtained the majority of votes; one Standing Auditor and one Alternate Auditor are elected from the list that obtained the majority of votes. The standing auditor elected from the minority list is declared Chair of the Board of Statutory Auditors.

The operating procedures and powers of the Board of Statutory Auditors are governed by the Articles of Association and the General Regulation.

For more information on the Board of Statutory Auditors, refer to Section 11

2. Information on the shareholding structure as at 31 December 2024

2.1 Capital structure

As at 31 December 2024, the subscribed and paid-up share capital amounted to 53,811,095.00 Euro, divided into 53,811,095 ordinary shares with a nominal amount of 1 Euro each, as shown in Tab.1:

Tab.1

Type of shares	CAPITAL STRUCTURE
	No. of shares	% of share capital	Listed (market)/unlisted	Rights and obligations
Ordinary shares	53.811.095	100%	Listed (MTA)	Each ordinary share confers the right to one vote

As at 31 December 2024, no other financial instruments granting the right to subscribe for newly issued shares have been issued.

With regard to treasury shares to be allocated as variable remuneration to the CEO as well as to employees included in the "identified staff", reference should be made to the Report on the Remuneration Policy and Remuneration Paid prepared pursuant to Art. 123-ter of the TUF and to the Information Document on remuneration plans based on financial instruments prepared pursuant to Art. 114-bis of the TUF and 84-bis of Consob Issuers' Regulation; these documents are available on the web site https://www.bancaifis.it/ in the sections "About us", "Corporate Governance", "Remuneration" and "Shareholders' meeting".

2.2 Restrictions on the transfer of securities

There are no restrictions on the transfer of securities, except for the retention periods envisaged for the portion of variable remuneration to be paid in shares to the CEO as well as to any other employees falling under the category of "identified staff". For details on the shares to be assigned to these corporate figures and the restrictions provided for, reference should be made to the Remuneration Report prepared pursuant to Art. 123-ter of the TUF.

2.3 Significant equity investments

On the basis of the notifications made pursuant to Article 120 of the TUF, as well as the notifications made by relevant persons pursuant to Article 152-octies of Consob Issuers' Regulation, the following Tab.2 shows the subjects that, as at 31 December 2024 hold, directly or indirectly, shares with voting rights amounting to more than 3% of the share capital.

Tab.2

SIGNIFICANT SHAREHOLDINGS IN THE CAPITAL
Declaring party	Direct shareholder	% share of ordinary capital	% share of voting capital
Ernesto Fürstenberg Fassio	La Scogliera SA	50.50%	50.50%
Riccardo Preve	Riccardo Preve Preve Costruzioni	3.538%	3.538%

It seems useful to point out that:

The purpose of La Scogliera SA is to ensure the compactness and continuity of the management of its controlling interest pursuant to Art. 2359 of the Civil Code in Banca Ifis;
Although La Scogliera SA is the majority shareholder, it does not carry out management and coordination activities with regard to Banca Ifis; and
the corporate purpose of La Scogliera SA expressly excludes the management and coordination of the financial companies and banks in which it holds an interest.

2.4 Securities conferring special rights

No securities granting special rights of control have been issued.

On 28 November 2024, the Bank's Shareholders' Meeting, by means of a proposal to amend the Articles of Association, introduced the ordinary enhanced vote pursuant to Art. 127-quinquies paragraph 1 of the TUF. The Board of Directors believed that the introduction of the ordinary increased vote will promote the Bank's sustainable growth path in the long term because, amongst others: (i) it incentivises the Bank's shareholders to take a medium-long term investment approach, favouring the presence of stable investors and, as a result, the realisation of projects destined to develop over a similarly medium-long time horizon, guaranteeing a more effective pursuit of sound and prudent management objectives also in the long term; and (ii) it counteracts phenomena of share volatility, often linked to the short-term choices of financial investors.

2.5 Employee share ownership: mechanism for exercising voting rights

Employees who may own shares in the company shall exercise their membership rights in the same manner as other shareholders.

2.6 Restrictions on voting rights

The company is not aware of any restrictions on voting rights at the date of approval of the Report.

2.7 Shareholder agreements

The Board of Directors of Banca Ifis is not aware of the existence of shareholders' agreements among the company's shareholders pursuant to Art. 122 of the TUF.

2.8 Change of control clauses and provisions of the Articles of Association relating to takeover bids

Banca Ifis is not aware of the existence, among its shareholders, of any significant agreements that would become effective, be modified or terminated in the event of a change of control of the contracting company.

The Articles of Association of Banca Ifis do not derogate from the provisions on the passivity rule envisaged by Art. 104 paragraphs 1 and 1-bis of the TUF nor do they envisage the application of the neutralisation rules envisaged by Art. 104-bis, paragraphs 2 and 3, of the TUF.

2.9 Powers to increase share capital and authorisations to purchase own shares

As at 31 December 2024, the Board had not been granted powers to increase the share capital pursuant to Art. 2443 of the Civil Code or to issue equity instruments.

At the close of FY 2024, Banca Ifis held 1,238,886 treasury shares in its portfolio.

2.10 Management and coordination activities

Although La Scogliera SA is the majority shareholder, it does not carry out management and coordination activities in Banca Ifis in compliance, among other things, with its corporate purpose, which expressly excludes the possibility for the company to carry out management and coordination activities in regard to banks and financial companies in which the company has a stake.

It should be noted that:

the information required by Art. 123-bis, paragraph one, letter i) ("the agreements between the company and the directors ... providing for indemnities in case of resignation or dismissal without just cause or if their employment relationship terminates following a takeover bid") is contained in the Remuneration Report published pursuant to Art. 123-ter of the TUF;
the information required by Article 123-bis, paragraph 1, letter l), first part ("the rules applicable to the appointment and replacement of directors ... if different from the laws and regulations applicable in addition") is provided in the section of the Report concerning the Board of Directors (Section 4.2); and
the information required by Article 123-bis, paragraph one, letter l), second part ("the rules applicable ... to the amendment of the articles of association, if different from the laws and regulations applicable by way of supplementary provisions") is set out in the Section of the Report devoted to the Shareholders' Meeting (Paragraph 13).

3. Compliance (pursuant to art. 123-bis, paragraph 2, letter a), TUF)

Banca Ifis has adhered to the Code of Corporate Governance for Listed Companies since 2001, and this Report aims to provide exhaustive and transparent information on the concrete application of the Principles of the Code approved by the Borsa Italiana Corporate Governance Committee in January 2020. The Code is available to the public on the Corporate Governance Committee's website at https://www.borsaitaliana.it/comitato-corporate-governance/codice/2020.pdf.

The corporate governance structure of Banca Ifis or its strategically important subsidiaries is not affected by non-Italian law provisions.

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

4. Board of Directors

4.1 Role of the Board of Directors

The Board performs the function of strategic supervision and, pursuant to the Supervisory Provisions, is called upon to deliberate on the bank's strategic guidelines and to continuously monitor their implementation, ensuring sound and prudent management with the aim of creating sustainable and lasting value.

The Board of Directors defines the overall governance and approves the organisational structure of the Bank, verifies its proper implementation and promotes timely corrective measures in the event of any shortcomings or inadequacies.

The Board of Directors is called upon, in particular, to:

ensure, to the extent of its competence, the governance of the risks to which the Bank is exposed, identifying in good time their sources, their possible dynamics, the necessary safeguards provided for by the internal control system;
approve the bank's organisational and corporate governance structure, ensuring the clear distinction of tasks and functions as well as the prevention of conflicts of interest;
approve the accounting and reporting systems;
oversee the Bank's public information and communication process; and
ensure effective dialogue with the CEO and the heads of the main corporate functions and verify over time the choices and decisions taken by them.

In addition to the powers that cannot be delegated by law, the following are the responsibility of the Board of Directors:

the appointment and dismissal of Co-General Managers;
the acquisition and disposal of strategic shareholdings;
the approval and amendment of the main internal regulations;
the possible establishment of internal committees within the corporate bodies;
the appointment and dismissal of the heads of the internal audit, compliance, anti-money laundering and risk management functions;
the appointment and dismissal, within the Board of Directors, of the Parent Company Anti-Money Laundering Officer and the Group Anti-Money Laundering Officer;
the possible approval of the minimum proportion of members of the board of directors who must belong to the least represented gender (gender diversity target) higher than that applicable under these provisions or other legislation;
with the support of the Sustainability Committee, the validation of the strategy, policies and specific initiatives in line with long-term sustainability objectives; moreover, as part of the at least annual review of remuneration policies, in accordance with Circular 285/2013, the Board of Directors analyses, with the support of the Remuneration Committee, in turn supported by the Human Resources Department, the gender gap and the gender pay gap; in particular, it verifies the gap and its evolution over time. When developing strategies for the entire Group, it takes ESG-related objectives into account;
assessing, at least once a year, the activities of the Group's anti-money laundering function and of the individual Group companies and the adequacy of the human and technical resources assigned to them, also in the light of the periodic audit carried out by the internal audit function; and
establishing rules of professional conduct for the bank's staff, including through the preparation of a code of ethics or similar instruments, and ensure their implementation and monitor their compliance.

Its composition, operating procedures, powers and tasks assigned to the Board of Directors are defined by law and by the Bank's Articles of Association.

Indeed, pursuant to Art. 14 of the Articles of Association, in addition to the powers that cannot be delegated by law, the matters reserved for the exclusive competence of the Board of Directors include:

the business model, the strategic lines and operations, as well as business and financial plans;
the internal control system guidelines, ensuring that the system is in line with established strategic and risk appetite measures as well as being able to stay up to date with the company's risks as they evolve and the interaction between them;
the criteria for identifying the most significant transactions to be subjected to prior examination by the risk control function;
the compliance of the Articles of Association with the provisions of the regulatory framework;
the merger by acquisition of companies and demergers in the cases provided for in Articles 2505 and 2505-bis of the Civil Code, also as referred to in Article 2506-ter, last paragraph, of the Civil Code;
the reduction of capital in the event of withdrawal;
an indication of which directors, in addition to those indicated in these Articles of Association, are the company's representatives;
the formation of internal committees within the Board of Directors;
the Risk Appetite Framework and the risk management policies as well as, after having heard the opinion of the Board of Statutory Auditors, assessing the completeness, suitability, functionality and reliability of the risk management and internal control system as well as the suitability of the organisational, administrative and accounting structure;
determining the Bank's general organisational structure and the subsequent internal regulations;
the setting up and organisation, also for the purposes of the articulation of the signatory powers, of Branches, Subsidiaries, Agencies, Bank Counters, Recipients, Representations, in Italy and abroad, as well as their suppression;
the transfer of the registered office within national territory;
the acquisition and sale of equity investments, companies and/or business units involving changes in the Group or investments or divestments exceeding 1% (one percent) of the shareholders' equity shown in the Company's latest approved financial statements;
the determination of criteria for exercising management and coordination activities over Group companies and compliance with supervisory regulations, including the execution of measures issued by the Bank of Italy in the interest of Group stability;
appointing, dismissing and remunerating the General Manager;
the remuneration and incentive policies to be submitted to the Shareholders' Meeting, the review, at least annually, of such policies and responsibility for their proper implementation, with the task of ensuring, moreover, that the remuneration policy is adequately documented and accessible within the corporate structure;
the establishment of company control functions, their tasks and responsibilities, the methods of coordination and collaboration, the information flows between these functions and between them and the company bodies;
the appointment, after hearing the opinion of the Board of Statutory Auditors, of the heads of control functions;
the risk management process and assessing its compatibility with the strategic guidelines and risk management policies;

the policies and the processes for assessing company activities, and, particularly, financial instruments, ensuring that they are always suitable and also establishing the Bank's maximum exposure limits to financial instruments or products that are uncertain or difficult to value;
the process for the development and validation of internal risk measurement systems not used for regulatory purposes and the periodic assessment of their proper functioning;
the process for approving new products and services, starting new operations, and entering new markets;
the company's policy regarding the outsourcing of corporate functions;
the approval, review and updating of the recovery plan, as well as its amendment and updating at the request of the Supervisory Authority;
the adoption, at the request of the Supervisory Authority, of the changes to be made to the activity, organisational structure or corporate form of the Bank (or the Banking Group), and of the other measures necessary to achieve the aims of the recovery plan, as well as the elimination of the causes that form the basis for early intervention;
a decision to take a measure set forth in the recovery plan or to refrain from taking a measure even though the circumstances exist;
the approval of a policy to promote diversity and inclusiveness; and
the code of ethics with which members of corporate bodies and employees are required to comply in order to mitigate the Bank's operational and reputational risks and encourage the spread of a culture of internal controls.

In February 2022, the Board of Directors approved the 2022-2024 Business Plan; its objectives include increasing industrial profit, strengthening the competitive positioning and creating value for all stakeholders. The plan is based on four pillars: Digitisation, Openness to Partnerships, Efficiency and Sustainability.

Banca Ifis has in fact embarked on an important journey to increasingly integrate ESG criteria into its business model. With a clear vision: sustainability, in all its forms, represents a lever for creating value and a fundamental driver of development, which looks at the tangible impacts on people, the environment and the community. For this reason, the new Business Plan has defined a Sustainable Bank project that sets precise objectives and commitments on the three ESG dimensions - Environment, Social andGovernance - with direct connections to the business. More than forty initiatives were completed over the course of the plan, confirming the Bank's leadership in the area of sustainability through an integrated and concrete approach aimed at creating value and positive social impact for all stakeholders. The Group has set up, amongst the Steering Committees, a Sustainability Committee, to guide the strategy and consolidate the corporate culture, based on inclusion and diversity. In addition, in 2021 Banca Ifis joined the Net Zero Banking Alliance (NZBA), the United Nations-sponsored initiative to speed up the sustainable transition of the international banking sector. As proof of the Group's great commitment to sustainability, Banca Ifis was awarded an 'A' rating by MSCI in 2023 and the international rating agency further raised the Banca Ifis rating to 'AA' in 2024, positioning the Bank among the leaders in the financial sector. These are the lines of action that guided the Bank's work in the period 2022- 2024 in order to contribute to the achievement of the Sustainable Development Goals (SDGs) set by the UN 2030 Agenda.

On the basis of the strategic indications provided by the Board, as well as the dimensional objectives and the additional qualitative and quantitative elements of the Strategic Plan, the Risk Appetite Framework, the ICAAP Report and the ILAAP Report are drawn up annually and approved by the Board of Directors. In accordance with the Supervisory Provisions for banks, the ICT Strategic Plan is also approved.

Starting in 2021, with a view to more effective, coordinated and unified management of the Bank, a number of initiatives were implemented to improve the organisation of governance and the structure of the general management.

As a result of these changes, the text of the Articles of Association was adjusted following the obtaining of the relevant authorisations pursuant to Article 56 of the TUB by the Bank of Italy:

on 28 July 2021, the Extraordinary Shareholders' Meeting submitted for approval the inclusion of three new structures reporting directly to the CEO and the appointment of two Co-General Managers (Chief Commercial Officer and Chief Operating Officer) as an alternative to the appointment of the General Manager;
on 28 July 2022, the Extraordinary Shareholders' Meeting submitted for approval, inter alia, the procedures for the appointment and powers of the Honorary Chair;
on 20 April 2023, the Extraordinary Shareholders' Meeting submitted for approval, inter alia, the updating of the powers and prerogatives of the Chair of the Board of Directors and the persons called upon by way of replacement in the event of the absence/impediment thereof.
on 28 November 2024, the following were submitted to the Extraordinary Shareholders' Meeting for approval:
- o the procedures for attending shareholders' meetings and the exercise of voting rights exclusively through the conferral of proxy or sub-delegation of voting rights to the representative designated by the company pursuant to Article 135-undecies of the Consolidated Law on Finance, without prejudice to the Bank's right to provide that attendance at shareholders' meetings be conducted in the ordinary manner;
- o the introduction of the ordinary enhanced vote pursuant to Article 127-quinquies, paragraph 1 of the TUF; and
- o if the number of members of the Board of Directors exceeds 10, the number of directors appointed by the minority shall be 2 instead of 1 as of the first renewal of the corporate bodies following the accrual of the ordinary increased vote by the shareholders.

The Board assesses the general performance (i) during the analysis of the financial Reports provided for by Art. 154-ter of the TUF, (ii) when examining the comparison between planning objectives and the results actually achieved, as well as (iii) when examining the other documents included in the strategic planning process.

The Board also continuously assesses the adequacy of the Parent Company Banca Ifis S.p.A.'s general organisational, administrative and accounting structure when dealing with the matters for which it is responsible.

The adequacy of the organisational, administrative and accounting structure of the subsidiaries is assessed by the Board by means of some governance and control governance instruments, which are set out in the Group Regulations and outline the roles of the Parent company and the Subsidiaries, together with the management and coordination activities in the strategicmanagement and technical-operational control areas.

The description of the characteristics of the organisational model of the Group's internal control system and the breakdown of the activities carried out by the control units for the Group (i.e. within the scope of the management and coordination action carried out by the parent company over the Group companies) is contained in the document "Group guidelines on the Internal Control System" and in the regulations of the Control Organisational Units. See Section 9 for more information.

Pursuant to the said provisions contained in the Articles of Association, the Board has to examine and approve in advance transactions carried out by the Issuer and its subsidiaries, when these transactions have a significant impact on the strategy, income statement, balance sheet or financial situation. In these cases, the Board of Directors is convened by the Chair right from the start of negotiations with the seller and/or of the dialogue with the Supervisory Authorities, so as to be able to steer the negotiations through to their conclusion, to obtaining the necessary authorisation and to the closing.

On 31 October 2023, the long-term partnership signed in May 2023 with the Mediobanca Group for the management of nonperforming loans was finalised, taking material effect with the acquisition of Revalea S.p.A, a company operating in the nonperforming loans sector, wholly owned by Ifis Npl Investing S.p.A. On 31 October 2024, Revalea S.p.A. was merged into Ifis Npl Investing S.p.A..

The Board has not established any general criteria to identify the transactions that have a significant strategic, economic, equity or financial relevance for the Bank, since such transactions can only be approved by the Board itself, as part of the planning process or, as it has been the case until now, as part of the significant elements that modify the strategic objectives and the risk appetite already approved.

The approach that the Bank, also in the exercise of its role as Parent Company, adopts in order to ensure an effective monitoring of any risks of conflicts of interest in transactions with related and associated parties is outlined in the "Group Policy on transactions with related parties, associated parties and corporate representatives pursuant to Art. 136 TUB", subject to receipt of an analytical and reasoned favourable opinion from the Control and Risk Committee (in its component consisting solely of independent directors) and the Board of Statutory Auditors of the Parent Company regarding the suitability of the same to achieve the objectives of the regulations in force on the subject.

As set forth in Section 5, to which reference is made for further information, the Bank has a Policy for the handling of inside information and as set forth in Section 12, during FY 2021, the adoption of the Directors' Dialogue with Investors Policy was resolved.

4.2 Appointment and replacement

The Articles of Association provide that Directors are appointed on the basis of the list voting mechanism by the Shareholders' Meeting; a number of members equal to at least the measure provided for by the laws and regulations applicable over time in force, including, by way of example, market regulations and codes of conduct to which the Bank adheres, must meet the requirements of independence.

The candidates are listed in the lists in progressive order and their number shall not exceed the maximum number of members provided for by the Articles of Association (fifteen). Only those shareholders who, at the time of submission of the list, own alone or together with others - at least 1% of the ordinary shares, or any other lower threshold of ownership that - pursuant to current legislation - shall be indicated in the notice of call of the Shareholders' Meeting held to resolve on the appointment of the members of the Board of Directors, are entitled to submit a list.

The shareholding determined by Consob pursuant to Article 144-quater of the Issuers' Regulation for Banca Ifis, according to Consob Determination No. 123 of 28 January 2025, is 1%.

There is no provision in the Articles of Association for the outgoing Board of Directors to submit its own list.

A shareholder may not submit or vote for more than one list, even if through a third party or trust company. Shareholders belonging to the same group and shareholders who are party to a shareholders' agreement concerning the Company's shares may not submit or vote for more than one list, not even through a third party or trust company. A candidate may only be on one list under penalty of ineligibility.

The lists are filed at the Company's registered office no later than the twenty-fifth day prior to the date of the first call of the Shareholders' Meeting and made available to the public at the registered office, on the Company's website and according to the other procedures provided for by current legislation, at least twenty-one days prior to the date of the first call of the Shareholders' Meeting.

Starting from the first renewal of the Board of Directors after 16 December 2026, in the event three or more lists are submitted, the shareholders other than the majority shareholder who submitted a list must send the Bank a written notice stating that they are not connected in any way, not even indirectly, with the shareholders who submitted one of the other lists pursuant to Article 147-ter, paragraph 3 of Legislative Decree No. 58/1998 and implementing regulations. This communication must be sent to the Bank within five days of the lists being made available to the public in the manner indicated in the call notice. Said lists must contain at least 2 candidates.

Candidates who do not meet the requirements and criteria laid down in the regulations in force may not be included in the lists and each list must also indicate:

• where there are 2 or more candidates, candidates who meet the requirements of independence provided for by current regulations, also taking into account the segment in which the shares are listed (the resulting number is

rounded up to the next unit, except for corporate bodies made up of three members, for which rounding-off is always down to the lower integer). These candidates must be the first names on the list in sequential order;

• a number of candidates, at least equal to the measure provided for in current regulations, belonging to the least represented gender, except for lists with 2 candidates, it being understood that in this case, the 2 candidates must be of different genders.

In order to facilitate an optimal identification of the candidates to be proposed for the renewal of the Management Body, in support of the Shareholders and in compliance with the Supervisory Provisions for banks concerning Corporate Governance, the Board of Directors identifies in advance its own qualitative and quantitative composition, which is considered optimal, identifying and justifying the theoretical profile of the candidates.

The bank's organisational and governance structures must ensure sound and prudent management, which is the objective of the regulations, the supervisory bodies and all the stakeholders; therefore, the composition of the administrative body is of central importance for the effective performance of the tasks entrusted to it by the law, the Supervisory Provisions and the Articles of Association.

Members of the Board of Directors are elected as follows:

1. for renewals of the Board of Directors prior to 16 December 2026:
2. a. all the Directors except one are elected from the list that obtained the highest number of votes at the Meeting, according to the sequential order in which they are listed; and
3. b. from the list that obtained the second highest number of votes at the Shareholders' Meeting and which, pursuant to Art. 147-ter, paragraph 3 of Legislative Decree No. 58/1998, is not connected in any way, not even indirectly, with the shareholders who presented or voted on the list with the highest number of votes, then the first-specified director is declared;
1. from the first renewal of the Board of Directors after 16 December 2026:
2. a. if the number of directors is 10 or less:
  - (i) all the Directors except one are elected from the list that obtained the highest number of votes at the Meeting, according to the sequential order in which they are listed;
  - (ii) from the list that obtained the second highest number of votes at the Shareholders' Meeting and which, pursuant to Art. 147-ter, paragraph 3 of Legislative Decree No. 58/1998 and implementing legislation, is not connected in any way, not even indirectly, with the shareholders who presented or voted on the list with the highest number of votes, then the first-specified director is declared;
3. b. if the number of directors exceeds 10:
  - (i) all the Directors except two are elected from the list that obtained the highest number of votes at the Meeting, according to the sequential order in which they are listed;
  - (ii) from the list that obtained the second highest number of votes at the Shareholders' Meeting and which, pursuant to Art. 147-ter, paragraph 3 of Legislative Decree No. 58/1998 and implementing legislation, is not connected in any way, not even indirectly, with the shareholders who presented or voted on the list with the highest number of votes, then the first-specified director is declared; and
  - (iii) from the list that obtained the third highest number of votes at the Shareholders' Meeting and which, pursuant to Art. 147-ter, paragraph 3 of Legislative Decree No. 58/1998 and implementing legislation, is not connected in any way, not even indirectly, with the shareholders who presented or voted on the top two lists with the highest number of votes, then the firstnamed director of the different gender to the director elected from the list under point (ii), is declared. If only two lists are submitted, the list as per point (ii) shall express two directors; in

this case, the director indicated first and the second director in progressive order belonging to the gender other than the one to which the director indicated first belongs shall be elected.

If these drawing criteria do not guarantee the balance between genders to the extent established by the governing legislation, a scrolling mechanism shall be applied to the drawing from the list that obtained the highest number of votes at the Shareholders' Meeting, based on the sequential order in which the candidates are indicated, that excludes the candidate or candidates of the gender most represented and draws the candidate or candidates of the least represented gender.

If only one list of candidates is presented, the names indicated in such list shall be elected as members of the Board of Directors, up to the number of directors to be elected minus one or - starting from the first renewal of the Board of Directors after 16 December 2026 - two, depending, respectively, on whether the number of directors to be appointed is greater than no. 10, to be appointed by the Shareholders' Meeting, which must be appointed by the Shareholders' Meeting at its meeting, by simple majority, but with the exclusion from voting of the shareholders who submitted the single list, upon the proposal of the same shareholders not excluded from the right to vote.

If, during the year, the quotas of independent directors are not complied with, the Board shall resolve on the removal from office of one or more of its members who have lost these requirements, according to a criterion of lesser seniority in office or, if equal seniority in office, of younger age, and shall co-opt one or more independent members, subject to compliance with the gender balance, at least to the extent required by the governing legislation.

The provisions of the law shall apply, without list voting, for any replacement of members of the Board of Directors, unless all Directors cease to be in office.

In order to guarantee, in the event of termination, the presence of the directors expressed by the second list and/or - starting from the first renewal of the board of directors after 16 December 2026 - by the third list that has/have obtained the presence of the director expressed by the non-majority list, the Board shall verify in advance the continued availability of the candidates listed on these lists, according to their progressive order, and shall proceed to co-opt them according to this preference criterion.

In the event of the termination of a director belonging to the least represented gender, the co-opted director shall still belong to the same gender.

For information on the role of the Board of Directors and the internal Board Committees in the processes of self-assessment, appointment and succession of directors, please refer to Section 7.

4.3 Composition

The Articles of Association provide that the Company is administered by a Board of Directors numbering between five and fifteen members elected by the Shareholders' Meeting.

The Ordinary Shareholders' Meeting of 28 April 2022 determined the composition of the Board of Directors as 13 and the term of office was set at three financial years (2022-2024), the term of office expiring on the date of the Shareholders' Meeting called to approve the financial statements for FY 2024.

On 8 February 2024, the Board of Directors took note of the resignation of Founder Sebastien Egon Fürstenberg from the sole position of director (effective 8 February 2024) in order to be dedicated full-time to the Honorary Chair office assigned by the Shareholders' Meeting on 20 April 2023; Nicola Borri was appointed by the Meeting of 18 April 2024, replenishing the number of 13 members of the Board of Directors.

Therefore, Tab.3 shows the composition of the Board in office at the date of approval of this Report.

Tab.3

POSITION	NAME AND SURNAME
Chair	Ernesto Fürstenberg Fassio
Chief Executive Officer	Frederik Geertman
Independent Director (*) and Deputy Chair	Simona Arduini
Independent Director (*)	Monica Regazzi
Independent Director (*)	Paola Paoloni
Independent Director (*)	Roberta Gobbi
Independent Director (*)	Monica Billio
Independent director (*) and Lead Independent Director	Antonella Malinconico
Independent Director (*)	Roberto Diacetti
Independent Director (*)	Beatrice Colleoni
Independent Director (*)	Giovanni Meruzzi
Independent Director (*)	Nicola Borri
Director	Luca Lo Giudice

(*) Independent directors within the meaning of the TUF and the Corporate Governance Code, as well as within the meaning of the regulations applicable to banks.

For the election of the Board at the Shareholders' Meeting of 28 April 2022, two lists of candidates were submitted, filed and published within the terms and in the manner required by current provisions and the Articles of Association, namely:

List 1 (LA SCOGLIERA SA)(shareholding equal to 50,50% of the share capital);
List 2 (on behalf of the shareholders:
- o Arca Fondi Sgr S.P.A., manager of the funds: Fondo Arca Economia Reale Equity Italia, Fondo Arca Economia Reale Bilanciato Italia 30, Fondo Arca Azioni Italia;
- o Eurizon Capital S.A. manager of the Eurizon Fund sub-funds: Eurizon Fund Italian Equity Opportunities, Eurizon Fund - Equity Italy Smart Volatility;
- o Eurizon Capital Sgr S.P.A manager of the funds: Eurizon Progetto Italia 20, Eurizon PIR Italia 30, Eurizon AM MITO 50 (Multiasset Italian Opportunities 50), Eurizon AM MITO 95 (Multiasset Italian Opportunities 95), Eurizon AM MITO 25 (Multiasset Italian Opportunities 25), Eurizon Progetto Italia 70, Eurizon Azioni Italia, Eurizon PIR Italia Azioni, Eurizon Azioni PMI Italia, Eurizon Progetto Italia 40;
- o Fideuram Asset Management Ireland manager of the fund Fonditalia Equity Italy;
- o Fideuram Intesa Sanpaolo Private Banking Asset Management Sgr S.P.A. manager of the funds: Fideuram Italia, Piano Azioni Italia, Piano Bilanciato Italia 50, Piano Bilanciato Italia 30;
- o Interfund Sicav Interfund Equity Italy;

o Generali Investments Luxembourg SA manager of the funds: Generali Investments SICAV Euro Future Leaders, Generali Smart Fund PIR Evoluzione Italia, Generali Smart Funds PIR Valore Italia;
o Mediolanum International Funds Limited Challenge Funds Challenge Italian Equity;
o Mediolanum Gestione Fondi Sgr S.P.A. manager of the funds Mediolanum Flexible Future Italy and Mediolanum Flexible Development Italy);

(total equity investment equal to 3,61745% of the share capital);

For the election of the new director at the Meeting of 18 April 2024, the proposal of the majority shareholder La Scogliera SA (holding equal to 50.50% of the share capital) to appoint Mr. Nicola Borri was presented, filed and published within the terms and methods provided for by the current provisions and the Articles of Association.

Together with the appointment proposal, the following documents were also filed and published:

Certification showing the number of shares held on the day the list is submitted;
Statement by which the candidate:
- o accepts his/her candidacy for the position;
- o certifies that he/she meets the requirements under current regulations for assuming the office and that there are no grounds for ineligibility and/or incompatibility;
- o provides comprehensive information on his/her personal and professional characteristics (CV), as well as the list of administrative, management and control positions held in other companies with a commitment, among other things, to the timely updating of this list;
Copy of the candidate's ID.

Tab.4 shows the list of candidates, the list of elected members and the percentage of votes obtained in relation to the voting capital:

LIST	LIST OF CANDIDATES	LIST OF ELECTED MEMBERS	PERCENTAGE OF VOTES OBTAINED
1	Simona Arduini Antonella Malinconico Beatrice Colleoni Monica Billio Sebastien Egon Fürstenberg Ernesto Fürstenberg Fassio Frederik Herman Geertman Monica Regazzi Paola Paoloni Giovanni Meruzzi Luca Lo Giudice Roberta Gobbi Riccardo Preve Laura Bottazzi	Simona Arduini Antonella Malinconico Beatrice Colleoni Monica Billio Sebastien Egon Fürstenberg Ernesto Fürstenberg Fassio Frederik Herman Geertman Monica Regazzi Paola Paoloni Giovanni Meruzzi Luca Lo Giudice Roberta Gobbi	71.722%
LIST	LIST OF CANDIDATES	LIST OF ELECTED MEMBERS	PERCENTAGE OF VOTES OBTAINED
2	Roberto Diacetti Francesca Daniela Pagnoni	Roberto Diacetti	28.203%

Tab.4

In the election of Mr. Borri, the only candidate, the percentage of votes obtained in in relation to the voting capital was 99.720%.

The composition of the Board, appointed in 2022, complies with the one previously identified as optimal in the document "Composition qualitative and quantitative deemed optimal of the Board of Directors of Banca Ifis" and the declarations made with regard to the requirements of professionalism, integrity and independence, as well as the limit to the accumulation of offices, were complied with.

All directors declared their ability to dedicate sufficient time to the proper performance of their duties, and all areas of expertise identified in the 2021 self-assessment process were well represented on the board.

In view of the appointment of the new director in 2024, the composition in terms of quality and quantity compared to the optimal Board of Directors was verified. As shown below in Tab. 5, the competences declared by the directors currently in office are reported:

Tab.5

COMPETENCES DECLARED BY DIRECTORS WHEN TAKING OFFICE	No.	%
Banking business and banking and financial activities and products	11	85%
Dynamics of the economic-financial system	9	69%
Sector regulation	10	77%
Internal control system and risk management and control methodologies	11	85%
Risk management and control methodologies	9	69%
Corporate governance	8	61%
Business management processes	10	77%
Knowledge of organisational structure and information systems	9	69%
Accounting and financial reporting	6	46%

In addition to the areas of competence declared by each director at the application stage, further competences were identified through the annual self-assessment process, which have been acquired in the meantime, also thanks to the annual training provided to Board members.

In particular, the self-assessment for the third year of the mandate showed that skills, professionalism, knowledge and experience were adequately represented in the Board, particularly in the following areas: Banking and Finance Regulation, ESG, Organisational and Corporate Governance Structure, Risk Management, Accounting and Financial Reporting and Risk and Money Laundering Risks related to the Bank's activities and business model.

During the same self-assessment, a specific analysis was also conducted with respect to ESG competencies. More specifically, below, Tab. 6 shows the results of the Directors' reflection on their individual competences in this area.

Tab. 6

ESG COMPETENCES LEVEL EMERGED FROM YEAR 3 SELF ASSESSMENT	Excellent (No.)	Good (No.)	Fair (No.)
Human capital management and development	6	6	-
Diversity & Inclusion management	8	4	-
Ethics and corporate social responsibility	8	4	-
Sustainable development and fight against climate change	8	4	1
ESG and sustainable Finance	10	3	-
Procurement and Supply Chain management	2	9	1
ESG regulation and standards	10	3	-

Details of the composition of the Board, at the closing date of the financial year, are reported in the table in the appendix (a.1), which indicates the data and information relating to the characteristics of the role of each member.

Information on the personal and professional characteristics of each Director in office can be found on the Bank's website in the "About us - Corporate Governance - Corporate Bodies - Board of Directors" section.

Diversity criteria and policies in Board composition and corporate organisation

In accordance with current industry regulations, the Board of Directors conducts an annual assessment of its size, composition and functioning, identifying its optimal qualitative and quantitative composition. Taking into account the results of its selfassessment, the Board prepares and approves the Report on the "Composition qualitative and quantitative deemed optimal of the Board of Directors of Banca Ifis", which is made available to the public, on its website, at the time of any appointments of members of the Corporate Bodies. In the year 2024, the Shareholders were asked to consider the aforementioned needs of the Board in terms of professionalism and skills (including managerial), deemed necessary for an optimal composition of the Body with Strategic Supervision Function, for the purpose of submitting the lists of candidates for the reintegration of the number of directors following the resignation of the founder.

The document was made available to Shareholders at the registered office, "Borsa Italiana S.p.a." and the authorised storage mechanism https:/// as well as on the Company's website.

The process of selecting the members guarantees the heterogeneity of the Board, identifying within the body an adequate degree of diversification in terms of skills, which must be widespread and diversified both from a managerial and a technical point of view (legal, accounting, tax, financial, risk management and control, corporate governance, sustainability, IT processes, corporate organisation and human resources).

In order to ensure a profitable internal comparison and to contribute to the taking of decisions in line with the Bank's interests, the Board of Directors must include persons with significant and consolidated experience in the management, administration and control of banks and/or companies.

The correct performance of the functions entrusted to the strategic supervisory body requires the presence of individuals:

fully aware of the powers and obligations inherent in the functions each of them is called upon to perform (executive and non-executive functions, independent members, etc.);
with professional skills that are appropriate to the role to be covered, also in possible internal committees of the Board, and calibrated in relation to the operating and size characteristics of the bank;
with skills spread across all members and suitably diversified, so that each person, within the committees of which he or she is a member or in collective decisions, can effectively contribute, among other things, to identifying and pursuing suitable strategies and ensuring effective risk management in all areas of the bank;
who devote time and resources commensurate with the complexity of their duties, subject to compliance with the limits on the number of positions held;
who direct their actions towards the pursuit of the bank's overall interest, regardless of the corporate structure that voted for them or the list from which they are drawn;
who ensure respect for operational autonomy and judgement.

The Bank is also aware that an adequate degree of diversification in terms of age, gender, term of office and geographical origin, favours a plurality of approaches and perspectives in the analysis of problems and in the taking of decisions, avoiding the risk of behaviours of mere alignment to prevailing positions, whether internal or external to the Bank; the objectives concerning the diversity of the composition of the Board must be pursued taking into account the requirements of competence and professionalism, training courses and experience, including in managerial positions.

From this point of view, the process of selecting the Board members adopted protects and promotes their diversity starting from the appointment phase, since the list voting mechanism governed by the Articles of Association guarantees the presence of at least one director expressed by the minority shareholders which, starting from 16 December 2026, could be two directors in the case of a number of directors to be elected greater than or equal to 10, and compliance with the regulatory provisions on the number of candidates belonging to the less represented gender; in this regard, as already mentioned, within the Board of Directors the number of candidates belonging to the less represented gender must be at least two-fifths.

Also Art. 11 of Ministerial Decree No. 169/2020 in defining the criteria for the adequate collective composition of the bodies, provides that the presence in the management and control bodies of executives diversified in terms of age, gender, and length of tenure should be taken into account.

All in all, the Bank does not consider it necessary to adopt further specific diversity policies in relation to the composition of the strategic supervisory body.

The breakdown of the members of the Board of Directors as at 31 December 2024 by gender and age bracket is shown below:

Gender of current Directors Current Directors' age brackets

***

Banca Ifis has also adopted measures to promote equal treatment and opportunities between genders within the entire corporate organisation. The Group firmly condemns any discrimination against employees or applicants based on gender, age, religious or political beliefs and trade union affiliation, as well any form of nepotism and preferential treatment.

In 2021 Banca Ifis became the first Italian bank certified by the Winning Women Institute to have achieved excellence in the field of gender equality, and in 2023 it obtained the UNI/PdR 125:2022 Gender Equality Certification for having adopted and implemented measures that ensure "gender equality" in the workplace.

In 2024, Banca Ifis was awarded by Extel Institutional Investors for the "Best ESG Programme" in Europe in the Financial Institutions / Specialty finance in the Small and Mid Cap segment. The Bank also received the "Impresa Umana 2025" award from Economy magazine and the award "Best Corporate Social Responsibility Initiative Italy 2025" from Global Business & Finance Magazine 2025, testifying to its distinctive commitment to sustainability.

In its meeting of 19 October 2023, the Board approved the Group Policy for the Promotion of Diversity and Inclusivity, which identifies and formalises the diversity and inclusion principles adopted by the Banca Ifis Group in order to promote a culture that enables all its employees and associates, the "Ifis People", to be treated without direct or indirect discrimination, explicit or otherwise, on the basis of race, colour, gender, sexual identity and orientation, language, religion, political or other beliefs and opinions, national or social origin, birth, wealth or age, as well as any other condition, element or diversity characterising the person.

In accordance with the values and principles pursued by the Banca Ifis Group, the aforementioned Policy, complete with the Management System and Strategic Plan for Gender Equality, identifies the thematic areas of intervention, which make it possible to frame in the most complete way all the aspects linked to the theme of inclusiveness and embrace the complexity that characterises the Group's project on Gender Diversity and Inclusion: attraction and retention, reward and promotions, development, training, welfare policies, culture and change management.

As clearly stated in the Code of Ethics, most recently updated on 19 December 2024, the main reference for the criteria of conduct and ethics of the company, the conduct of all the people of the Group must be characterised by competence, excellence, integrity, transparency and concreteness. These rules apply also to Collaborators.

It is possible to report any conduct contrary to these principles, with the guarantee that the personal data of the complainant and the alleged offender will remain confidential, through the Whistleblowing mechanism, which is available to employees as well as collaborators and independent contractors working with the Group on a regular basis.

With regard to the composition of staff, it should be noted that, as at 31 December 2024, 52.7% of Banca Ifis employees are female and 23% of the top managers reporting to the CEO are women.

Maximum number of offices held in other companies

The Board of Directors of the Bank resolved to adjust the "Regulation on the accumulation of offices held by company representatives" on 21 October 2021 in order to incorporate the regulatory updates that occurred following the publication of Ministerial Decree No. 169/2020 "Regulation on the requirements and eligibility criteria for the performance of the duties of corporate representatives of banks, financial intermediaries, collective guarantee funds, electronic money institutions, payment institutions and depositor guarantee schemes" as well as the issuance of the 35th update of Bank of Italy Circular No. 285 of 17 December 2013, which took place on 2 July 2021.

The Regulation rules, inter alia, that the Representative accepts the position and retains the exercise of it to the extent that he believes he can devote the necessary time to the diligent performance of the relevant duties. The time required is estimated on the basis of qualitative and quantitative parameters such as, in particular:

(i) the number and type of offices held on the administrative and supervisory bodies of other companies, businesses or bodies; and
(ii) the commitment in terms of time and complexity required by the professional activities performed; and
(iii) the commitment in terms of time and complexity required by the association positions held.

With regard to the total number of offices, the Regulation provides that each Representative may not hold a total number of offices in supervised entities, companies, enterprises and bodies higher than one of the following alternative combinations:

(i) 1 executive assignment and 2 non-executive assignments; or
(ii) 4 non-executive assignments.

For the purposes of the above calculation, it should be noted that:

(i) the position held at the Bank must be included;
(ii) the office of effective member of the Board of Statutory Auditors of the Bank cannot be held by a person who is a member of the Board of Statutory Auditors of 5 companies issuing securities on regulated markets;
(iii) Exempt Assignments and those held at Small Companies are not relevant;
(iv) a standing member of the Board of Statutory Auditors of the Bank may hold other administration and control offices in joint-stock companies, limited partnerships with share capital and limited liability companies, up to a maximum limit of six points resulting from the application of the calculation model contained in Annex 5-bis, Schedule 1, of the Issuers' Regulation, unless he is a member of the supervisory body of only one issuer.

An Exempt Assignment is:

(i) pursuant to the Issuers' Regulation: (a) appointments as liquidator taken on in the proceedings referred to in Book V, Title V, Chapter VIII of the Civil Code; and (b) appointments taken on following appointment by the legal or administrative authorities in the proceedings referred to in Article 2409, paragraph 4, of the Civil Code and in the respective procedures provided for by Royal Decree No. 267 of 16 March 1942 and by special laws, including those concerning public interest companies; and
(ii) pursuant to Decree No. 169/2020, assignments: (a) at companies or entities whose sole purpose is to manage the private interests of a Representative or a spouse who is not legally separated, a person bound by a civil union or de facto cohabitation, a relative or a relative-in-law up to the fourth degree and which do not require any kind of day-to-day management by the Representative; (b) as a professional at professional partnerships; and (c) as an alternate auditor.

Exemptions are provided for the purpose of determining the limits to the accumulation of offices; the following offices held are not considered:

(i) at companies or entities whose sole purpose is to manage the private interests of a Representative or a spouse who is not legally separated, a person bound by a civil union or de facto cohabitation, a relative or a relative-in-law up to the fourth degree and which do not require any kind of day-to-day management by the Representative;
(ii) as a professional in a professional company; and
(iii) as alternate auditor.

It is also possible to aggregate assignments, so that all assignments are considered to be a single assignment:

(i) within the same group;
(ii) in banks belonging to the same institutional protection system; and

(iii) in non-Group companies in which the Bank has a qualifying holding as defined in Article 4, paragraph 1, point 36 of Regulation (EU) No. 575/2013, as subsequently amended and supplemented.

If more than one hypothesis of aggregation occurs at the same time, the assignments are added together. It is considered an Executive Appointment if at least one of the aggregated assignments is an Executive Appointment; in other cases it is considered a Non-Executive Appointment.

In the aforementioned Regulation, Executive Appointments are defined as the following positions:

(i) Chief Executive Officer;
(ii) Sole Director or equivalent positions;
(iii) General Manager, Co-General Manager, Deputy General Managers;
(iv) member of the Executive Committee;
(v) member of the Management Board; and
(vi) director with operational powers or who performs, even de facto, functions relating to the day-to-day running of the company and/or managerial duties by supervising certain areas of company management.

A non-executive position is defined instead as the following positions:

(i) non-executive director: (a) director without management powers and who does not take part in the Executive Committee, if set up; (b) member of the Supervisory Body who does not belong to the related Audit Committee, when the case provided for by Art. 2409-terdecies, letter f-bis) of the Civil Code occurs; and
(ii) control: (a) member of the Board of Statutory Auditors; (ii) member of the Supervisory Body, when the latter does not have the tasks set out in Art. 2409-terdecies, letter f-bis) of the Civil Code; (iii) member of the Control Committee set up within the Supervisory Body; and (iv) member of the Management Control Committee, in those companies which adopt the one-tier governance model.

The assumption of an additional Non-Executive Appointment for a director with respect to the above limits is permitted, subject to the Board's review, provided that it does not impair the director's ability to devote adequate time to his or her position with the Bank to effectively perform his or her duties.

For purposes of the above evaluation, the Board shall consider, among other things:

(i) the fact that the director holds an Executive Position in the Bank or is a member of board Committees;
(ii) the size, business, and complexity of the bank or other trading company where the additional assignment would be made;
(iii) the duration of the additional assignment; and
(iv) the level of expertise gained by the Director in carrying out the position in the Bank and any synergies between the different positions.

The Additional Non-Executive Assignment:

(i) is not permitted for a director who:
- a) holds the position of CEO, General Manager or Chair of the Board of Directors, of the Control and Risk Committee or of any other board Committee; or
- b) benefits, for other assignments, from the application of the aggregation mechanism described above; and
(ii) does not benefit from the assignment aggregation methods described above.

A candidate for election as a director shall provide the Board of Directors with an updated status of the administrative, managerial and supervisory positions held. The updated status of the above assignments includes timely references to:

(i) type of assignment;
(ii) summary of activities required for the purpose of the assignment;
(iii) the company, enterprise and/or body at which the assignment is carried out;
(iv) time availability required/declared for the purpose of the assignment;
(v) duration of assignment;
(vi) any possibility/commitment to renew the assignment.

After appointment, the director - before holding an administration, management or control position in other companies, enterprises or bodies for which the limit to the accumulation of offices is set - shall immediately inform the Board.

At the time of appointment, if the appointment relates to a position in a banking, insurance or financial company, the Board of Directors is also required to express its opinion on the compatibility of the appointment with the position of director of the Bank, without prejudice to the prohibition of interlocking as provided for by Art. 36 of the "Salva Italia" Decree and the need for authorisation by the Shareholders' Meeting to hold the position of director or general manager in competing companies as provided for by Art. 2390 of the Civil Code.

Upon appointment, based on information received from the Director, the Bank:

annually records the Executive and Non-Executive Appointments held by the Candidate in companies other than those belonging to the Group; and
discloses the above-mentioned offices in the public disclosure drawn up pursuant to Part One, Title IV, Chapter 1, Section VII of the Supervisory Provisions and in the Corporate Governance Report.

A director who exceeds the limit on the accumulation of offices shall promptly notify the Board of Directors and as a result of such notification, the Board of Directors:

(i) sets a deadline, not exceeding thirty calendar days, within which the director is required to take the necessary steps to restore compliance with the limit on the number of offices held. Such initiatives may be for the purpose of, but not limited to, relinquishing tenure or relinquishing miscellaneous assignments that result in exceeding the limits; and
(ii) shall immediately pronounce the forfeiture of the director if he fails to take the aforesaid steps within the aforesaid period.

At the time of writing this Report, no waivers have been granted.

Below, in Tab. 7, is the type of offices held by the Directors of Banca Ifis at the date of approval of this Report, based on the information provided by them. Moreover, in order to comply with the requirements of Circular No. 285/2013 of the Bank of Italy (Section VII, Chapter 1, Title IV, Part One), evidence was also provided of the number and type of offices held by each Director in other companies or entities, even if not considered relevant pursuant to the "Regulation on the accumulation of offices held by company representatives".

Tab.7.
--------

		Companies belonging to the Banca Ifis Group
Director	List of positions		Banking group	Non banking group
Ernesto Fürstenberg Fassio	• Chair of the Board of Directors of Banca Ifis S.p.A. • CEO of La Scogliera SA • Director of IFIS Npl Investing S.p.A.	☐ ☒ ☐	☒ ☐ ☒	☐ ☐ ☐
	• Director of the Istituto per l'Enciclopedia Italiana founded by Giovanni Treccani S.p.A.	☒	☐	☐
	• Director of the Bambino Gesù ONLUS Foundation • Chair of the Board of Directors of the Fürstenberg Fassio	☒	☐	☐
	Foundation	☒	☐	☐
	• Director of ABI	☒	☐	☐
Frederik Geertman	• CEO of Banca Ifis S.p.A. • CEO of Ifis Npl Investing S.p.A.	☐ ☐	☒ ☒	☐ ☐
	• Director and Deputy Chair of Banca Ifis S.p.A. • Director of Ifis Npl Servicing S.p.A.	☐ ☐	☒ ☒	☐ ☐
Simona Arduini	• Director of Ifis Npl Investing S.p.A. • Member of the Supervisory Committee of Veneto Banca S.p.A.	☐	☒	☐
	in l.c.a.	☒	☐	☐
	• Alternate Auditor of Europa Gestioni immobiliari S.p.A. • Auditor of Open Fiber Holding S.p.A. • Auditor of Open Fiber S.p.A.	☒ ☒ ☒	☐ ☐	☐ ☐ ☐
	• Auditor of Open Fiber Network Solutions S.c.a.r.l. • Chair of the Board of Statutory Auditors of SIMAM S.p.A.	☒ ☒	☐ ☐ ☐	☐ ☐
	• Auditor of Acea Ato2 S.p.A.	☒	☐	☐
	• Member of the Supervisory Committee of Européenne de Gestion Privée S.A. - Italian Branch in l.c.a.	☒	☐	☐
	• Member of the Supervisory Committee of Orconsult Capital Management SIM S.p.A. in l.c.a.	☒	☐	☐
	• Member of the Board of Statutory Auditors of the Special Archaeology, Fine Arts and Landscape Superintendence of Rome	☒	☐	☐
	• Auditor of Proservice S.p.A.	☒	☐	☐
Roberta Gobbi	• Director of Banca Ifis S.p.A.	☐	☒	☐
Giovanni Meruzzi	• Director of Banca Ifis S.p.A.	☐	☒	☐
	• Supervisory Board Member of SMACT Società consortile per azioni	☒	☐	☐
	• Director of Banca Ifis S.p.A.	☐	☒	☐
Monica Billio	• Director of Ifis Npl Investing S.p.A. • Director of Veneto Sviluppo S.p.A.	☐ ☒	☒ ☐	☐ ☐
	• Director of Finergis Società consortile cooperativa di garanzia collettiva di fidi	☒	☐	☐
Antonella Malinconico	• Director of Banca Ifis S.p.A. • Director of Global Assistance S.p.A.	☐ ☒	☒ ☐	☐ ☐

Director	List of positions	Companies belonging to the Banca Ifis Group
		NO	Banking group	Non banking group
	• Director of Banca Ifis S.p.A.	☐	☒	☐
	• Director of Pirelli & C. S.p.A.	☒	☐	☐
Roberto Diacetti	• Director of Saipem S.p.A.	☒	☐	☐
	• Director of Masi Agricola S.p.A.	☒	☐	☐
	• General Manager of Fondazione ENPAIA	☒	☐	☐
Beatrice Colleoni	• Director of Banca Ifis S.p.A.	☐	☒	☐
	• Director of T2D S.p.A.	☒	☐	☐
Monica Regazzi	• Director of Banca Ifis S.p.A.	☐	☒	☐
	• Director of Rexer S.p.A.	☒	☐	☐
Paola Paoloni	• Director of Banca Ifis S.p.A.	☐	☒	☐
Luca Lo Giudice	• Director of Banca Ifis S.p.A.	☐	☒	☐
	• Chair of the Board of Directors of Ifis Npl Investing S.p.A.	☐	☒	☐
	• Chair of the Board of Directors of Ifis Npl Servicing S.p.A.	☐	☒	☐
	• Director of La Scogliera SA	☒	☐	☐
	• Chair of the Board of Directors of Vulcano S.p.A.	☒	☐	☐
Nicola Borri	• Director of Banca Ifis S.p.A.	☐	☒	☐

4.4 Functioning of the Board of Directors

Since 2009, the Board of Directors of Banca Ifis has been equipped with a regulation that defines the operating rules of the body and its committees; the document has been updated over time, most recently on 19 December 2024.

The "Regulation of the Board of Directors, the Board Committees" establishes that:

the documentation supporting the discussion of the items on the agenda is made available to each Director and Auditor via a dedicated web portal that ensures confidentiality through personalised access keys, by the third working day prior to the day set for the meeting, except in cases of urgency in which the documentation is made available by the day before the meeting and in any case as soon as possible;
such documentation is transmitted or made available at the direction of the Chair by the Parent company's Corporate Affairs;
if the Chair deems it appropriate with regard to the content of the issue and the related resolution, also in order to avoid the risk of improper disclosure of confidential information, made possible by the communication tools used independently from the will of the persons concerned, the information documents can be provided directly during the meeting, by giving prior notice to the Directors and Auditors within the above-mentioned term, who, if they deem it necessary, can have access to the information, which is available at the registered office by the day before the meeting and anyway as soon as it is available.
The Secretary, or deputy thereof, is responsible for drawing up and filing the minutes of each meeting; he also supports the Chair's activities and provides impartial assistance and advice to the Board of Directors on all matters relevant to the proper functioning of the corporate governance system.

As far as minutes are concerned, the Regulation identifies the essential elements that must be present in the minutes and provide indications regarding their conservation and archiving, which may also be in digital form.

Moreover, pursuant to the "Regulation", the Chair and/or the CEO may invite to participate in the Board's meeting managers or other Company's employees, or other external subjects or consultants, whose presence is deemed useful with regard to the issues to be dealt with, limited to the discussion of the subjects for which they are responsible.

In accordance with the Articles of Association, the General Manager, if appointed, takes part in the Board meetings in an advisory capacity; as an alternative to the appointment of the General Manager and the Deputy General Managers, the Board of Directors may appoint one or more Co-General Managers. The Co-General Managers may participate, at the invitation of the Chair, in the meetings of the Board, each in an advisory capacity in accordance with their respective responsibilities.

If appointed, the Honorary Chair, who is not a director, may attend Shareholders' Meetings and meetings of the Board of Directors, in an advisory capacity and without voting rights, expressing opinions on the matters discussed.

The methods and deadlines for submitting documentation to the Board described above were generally met during FY 2024 and the Chair did not see the need to provide documents directly at the meeting. Failure to make documentation available within 3 working days prior to the date set for the meeting occurred in negligible percentage terms compared to the totality of the topics addressed by the Board and mainly to provide more accurate versions of the communications to be disseminated on the periodic financial reporting.

In FY 2024, 16 meetings were held, with an average duration of 2 hours and 50 minutes. The data on the participation of each director are shown in the table in the appendix (a.1). Participation in the meetings took place both via video link and in presence at the place where the meeting was convened.

From the start of 2025, until the date of approval of this document, 5 board meetings have been held, including the one during which this Report was approved. The number of Board meetings in 2025 can be expected to be in line with the previous year.

The Chair and/or the Chief Executive Officer may invite the Bank's executives or the Heads of the competent corporate departments or other persons or external consultants whose presence is deemed useful in relation to the matters to be discussed to attend Board meetings, also to provide appropriate in-depth studies on the topics under examination, where necessary.

In compliance with the obligations for listed issuers set out in Art. 2.6.2 of the Market Regulation of Borsa Italiana S.p.A., the Board of Directors annually approves the Corporate Events Calendar, which has to be notified to Borsa Italiana for dissemination to the public within thirty days from the end of the previous financial year.

The Transparency II Directive (2013/50/EU), implemented in Italy through Legislative Decree No. 25 of 15 February 2016, repealed the obligation to publish interim Report on Operations, but left the option of reintroducing additional periodic information with respect to financial and half-year reports, albeit only under certain conditions and subject to a regulatory impact analysis in terms of costs and benefits; this provision was integrated into the Consob Issuers' Regulation through the insertion of the new Article 82-ter, in compliance with which Banca Ifis communicated its decision to continue to draw up and publish quarterly information, in accordance with previous practice, in accordance with the provisions of Borsa Italiana regulations for the STAR segment and in order to guarantee continuity and regularity of information to the financial community.

The calendar provided shows the dates set for the Shareholders' Meeting and the Board meetings to approve the draft financial statements and the financial reports (half-yearly and quarterly).

4.5 Role of the Chair

In accordance with Art. 12 of the Articles of Association, the Board of Directors elects from among its members a Chair and may elect a Deputy Chair.

The Chair of the Board of Directors, in order to effectively perform his or her function, must be non-executive role and not perform, even on a de facto basis, management functions. The position of Chair is held by Ernesto Fürstenberg Fassio.

On 20 April 2023, upon proposal of the Board of Directors, the Shareholders' Meeting appointed Founder Sebastian Egon Fürstenberg as Honorary Chair pursuant to Article 10-bis of the Articles of Association.

On 13 July 2023, the Board of Directors appointed Professor Simona Arduini as the Bank's Deputy Chair.

In 2023, an Organisational Unit called "Chief of Staff and Chair's Communication" was established to support the Chair.

Below is a representation of the offices relating to the Chair at the date of approval of this Report.

POSITION	NAME AND SURNAME
Chair of the Board of Directors	Ernesto Fürstenberg Fassio
Honorary Chair (not a member of the Board of Directors)	Sebastien Egon Fürstenberg
Deputy Chair	Simona Arduini

The Chair acts as a link between the non-executive Directors and the CEO and ensures the effective functioning of the Board's activities by promoting the effective functioning of the corporate governance system, guaranteeing the effectiveness of the Board's debates and encouraging the participation of the Directors, especially the non-executive and independent ones, in a neutral manner, by encouraging their active participation in the discussion and resolution on the issues under discussion.

The same role is performed by the Deputy Chair, where appointed, in the event of the Chair's absence.

The Chair's roles and responsibilities are those provided for by the laws, including regulatory and internal laws, in force over time, by the Articles of Association and by the Board, also based on industry best practices for banks with similar characteristics to the Bank.

In particular, the Chair ensures - with the support of the Secretary and the contribution of the CEO - that the pre-meeting information is suitable and, if necessary, that adequate additional information is provided during the Board meetings and that the board committees meet as a matter of course in the days preceding the Board meetings in order to adequately support the Board with regard to the issues under its responsibility.

The Chair, in agreement with the Chief Executive Officer, ensured that they attended the meetings of the Board of Directors during FY 2024:

the Chief Financial Officer, the Manager Charged with preparing the Company's financial reports, the Investor Relator, the Head of Communication, Marketing, Public Affairs & Sustainability (as well as Chief of Staff and Chair Communications), especially when presenting financial reporting documents and related press releases;
in support of the discussion of the results of the individual businesses represented in the financial disclosure documents referred to in the preceding point, the Co-General Manager Chief Commercial Officer, the Co-General Manager Chief Operating Officer, the Chief Risk Officer, the Npl Department Manager (until August 2024), the General Manager of Ifis Npl Servicing S.p.A., the Chief Lending Officer and the Head of Human Resources;
numerous managers of the Bank, in addition to those mentioned above, including, but not limited to, the Head of Workout, Restructuring & Recovery, the Head of Corporate & Investment Banking, the Head of Structured Finance, the Head of Large Risks Underwriting, the Head of Commercial & Corporate Banking Underwriting, the Head of Credit Support, ESG & Monitoring, the Head of Organisation, the Head of IT & Change Management, the Head of Privacy & Security and other structure managers when examining topics relating to their activities and responsibilities.

The heads of the corporate control functions (Internal Audit, Risk Management, Compliance and Anti-Money Laundering) illustrate their reports and programmatic plans directly to the directors, in compliance with the current supervisory regulations issued by the Bank of Italy.

Finally, Giuseppe Rumi of Studio Bonelli Erede as the Bank's external legal consultant of reference has also taken part in Board meetings since April 2019.

For the three-year term of the Board of Directors, an advanced training course was created for all Banca Ifis representatives, also extended to the Co-General Managers.

The training interventions were delivered by leading training companies and are integrated with additional contributions from internal teaching in order to create the right balance between external theoretical updating and practical study of specific case studies relating to the Banca Ifis Group.

In this regard, the topics of the training course for the year 2024 concerned:

1) The Banking Context: the following topics were covered in this webinar:

Summaries of the main trends;
Evolution of business models and main drivers of innovation;
ESG and banking;
Social Banking: which areas have the greatest impact;
2) Digital Journey: the following topics were covered in this webinar:
- Cloud strategy and digitalisation;
- Benchmarking;
- Duties and responsibilities of the board with the advent of DORA;
- Cyber risk and data governance in the digital journey;
3) AI: the following topics were addressed in this webinar:
- Definition and types;
- Regulating AI (AI Act);
- Main applications of AI in business processes and control and staff activities;
- AI and ethics;
- Impact of IA on work organisation.

At the same time, an induction course dedicated to members of the Boards of Directors and Boards of Statutory Auditors of all the Group's Italian subsidiaries is provided.

The Chair participates in the self-assessment process of the Board of Directors and the Board Committees, playing a central role in the preparation and management of the process, ensuring that it is carried out effectively and in a manner consistent with the degree of complexity of the Board's work, and making sure that the corrective measures envisaged to address any shortcomings identified are actually taken.

The Appointments Committee is involved, in support of both the Chair and the Board of Directors, from the initial stages.

The execution of the self-assessment process for the third year of the term of office was carried out with the help of the consultancy firm Egon Zehnder, appointed as an external professional to support the internal staff, identified by the Chair; the company also head hunts for the Group.

The Chair, with the collaboration of the Deputy Chair and the CEO, ensures that the Board is informed, by the first useful meeting, on the development and significant contents of the dialogue held with all shareholders. During 2024, there were no requests from shareholders for dialogue with the Directors.

Board Secretary

The Board, pursuant to Article 12 of the Articles of Association, resolved on 28 April 2022 to confirm the secretary of Board of Directors as the General Counsel and the Head of Corporate Affairs as deputy.

Appointment shall be by the Board, after consultation with the Chair, and the Secretary may be chosen from outside the membership of the administrative body.

The requirements and attributions are defined in the Regulation of the Board of Directors and envisage that the secretary and his deputy are chosen from among the Bank's managers who, in performing the tasks entrusted to them, have demonstrated the requisites of confidentiality, accuracy and specific skills in legal matters.

The secretary's duties include drawing up and filing the minutes, supporting the Chair's activities and providing impartial assistance and advice to the Board of Directors on all aspects relevant to the proper functioning of the corporate governance system, as well as ensuring that specific requirements are met at the Chair's request following decisions taken by the Board or in compliance with regulatory provisions.

The secretary, providing support to the Chair, took care during FY 2024 that:

the preparation phases of the meetings and the preparation of the agenda of the Board of Directors were respectful of the Chair's guidelines given for the effective organisation of the meetings;
the pre-board disclosures and supplemental information were adequate to enable directors to act in an informed manner;
the activities of board committees were coordinated with the activities of the Board of Directors in order to provide its support in the form of preliminary, propositional or advisory activities;
the managers intervened in the meetings of both the Board and the Committees to provide the appropriate insights in coordination with the CEO;
courses could be organised, in agreement with the HR Department and top management, which involved internal teaching;
the self-assessment process was carried out in an appropriate and transparent manner, as the internal manager for managing the process was identified.

Finally, the Secretary provided impartial assistance and advice to the Board on any aspect relevant to the proper functioning of the corporate governance system.

4.6 Executive directors

Chief Executive Officer

In the model adopted by Banca Ifis, the Board of Directors appoints a CEO from among its members and establishes his powers of management and representation, as well as the powers assigned ex lege; the CEO implements the resolutions of the Board of Directors, also with the aid of the Co-General Managers.

The Board of 28 April 2022, in the exercise of its statutory and by-law powers, in continuity with the previous term of office, unanimously confirmed Frederik Geertman in the position of Chief Executive Officer, entrusted with the management of the company's operations aimed at realising the strategic corporate guidelines and objectives, and established his management powers.

Management delegations are divided into the following main areas:

staff management;
purchase and disposal of goods and services; and
capital market.

The distribution of management delegations is graduated according to decreasing levels of authorisation, from the Board of Directors to the operational structures.

The most significant limits - in terms of value and subject matter - applied to the powers delegated to the CEO can be summarised as follows, without prejudice to the fact that systematic information flows are provided for with regard to the exercise of the powers assigned over time, as well as compliance with the related quantitative limits:

HR management

Decisions regarding the commencement, management and termination of the employment relationship of executives, without prejudice to the powers retained by the Board of Directors in respect of the relationships of executives with strategic responsibilities and without prejudice, however, to the Board's prerogatives over the heads of the control functions established by the supervisory provisions for Banks.

Loan transactions with employees, in the event of a derogation from the Regulation on granting loans to employees, in joint signature with the Head of Human Resources.

Purchase and disposal of goods and services

With regard to investments and operating costs, up to the amount of 1.000.000 Euro with suppliers who are not Associated Parties and have no family, affinity or close ties with employees and company representatives.

Concerning leases receivable and payable up to 200.000 Euro in annual rent; concerning the disposal of assets within the limit of 150.000 Euro.

On the appointment of the Independent Auditing Firm, up to the amount of 50.000 Euro (prior information to Board of Statutory Auditors and CFO).

Capital Market

As regards the Position in Exchanges, exceeding the individual imbalance limit up to a maximum of 2% of Total Own Funds at consolidated level.

With reference to the Credit Facilities of Banking and Financial Counterparties, authorisation for temporary increase in the event of exceeding the credit limit resolved at Group level related to i) settlement risk, for amounts exceeding 25% of the same; and ii) counterparty risk, for amounts exceeding 20% of the same.

Chair of the Board of Directors

In compliance with the provisions of the Articles of Association (Article 12), the Chair of the Board is not the main person responsible for the management of Banca Ifis; no management delegations or proxies in the elaboration of corporate

strategies have been conferred on the Chair in office during the year. The Chair in office at the time of writing is the controlling shareholder of the Bank through the company La Scogliera SA.

Information to the Board by the CEO

Pursuant to Art. 15 of the Articles of Association, the CEO can, in case of urgency, take resolutions concerning any business or operation that is not under the exclusive competence of the Board of Directors, by immediately informing the Chair and informing the Board during the first subsequent meeting.

Other executive directors

In addition to the Chief Executive Officer, there are no other directors to be considered executive directors as:

they hold management positions in Banca Ifis;
they hold the office of Chair of a subsidiary of strategic importance, with delegated powers in the management or elaboration of corporate strategies; or
they hold the office of CEO, or management positions, in a subsidiary with strategic importance, or in the parent company.

4.7 Independent directors and Lead Independent Director

Independent directors

The Board makes its own assessments of the Code's requirements for directors who qualify as independent at the first meeting following appointment by the Shareholders' Meeting and periodically assesses the independence of directors. On 28 April 2022, after his appointment, he identified the quantitative and qualitative criteria of general and abstract scope aimed at determining the materiality of commercial, financial and professional relationships and additional remuneration set out in Recommendation No. 7 of the Code, as well as the persons who can be counted among the close family members. Subsequently, it ascertained that nine of its members (Simona Arduini, Antonella Malinconico, Beatrice Colleoni, Monica Billio, Monica Regazzi, Giovanni Meruzzi, Paola Paoloni and Roberto Diacetti) met the independence requirements in accordance with the criteria identified and the combined provisions of Articles 147-ter, paragraph 4, and 148, paragraph 3, of the TUF. During 2024, the independence requirement was also verified, with positive results, for the new director Nicola Borri.

Without prejudice to the occurrence of specific circumstances to be assessed on a case-by-case basis, in keeping with the principle of 'substance over form' adopted by the Corporate Governance Code, the Board resolved to consider:

as "Significant" a commercial, financial or professional relationship involving gross annual aggregate consideration in favour of (i) the director or auditor of the Bank whose independence is at issue and/or their Close Family Members (as defined below) ("Interested Subjects") (ii) companies controlled by the Interested Subjects or of which the Interested Subjects are executive directors ("Interested Companies"), and/or (iii) a firm or professional association or consulting firm of which the Interested Subjects are partners, associates or associates ("Interested Professional Organisations"), the amount of which is equal to or greater than:
- a) 5% of the total annual income of the Interested Subject or the Professional Organisations concerned, in the case of commercial, financial or professional relations entertained directly with the Interested Subjects or the Professional Organisations concerned;

b) 3% of the total annual turnover of the Interested Company, in the case of commercial, financial or professional relations with Interested Companies;

not including commercial, financial or professional relations:

➢ relations deriving from positions on corporate bodies, committees or other bodies of the Bank, of the Bank's parent companies or of its subsidiaries (including positions as members of administrative bodies, internal board committees, control bodies and supervisory bodies, positions within such administrative bodies, control bodies and committees, and the position of sole auditor), which may instead be relevant for the purposes of assessing the "significant additional remuneration" referred to in letter d) of Recommendation No. 7 of the Corporate Governance Code; and
➢ credit contracts, pointing out the advisability of not proceeding to the identification of mere predefined economic quantities the exceeding of which may presumptively indicate the impairment of the independence requirement, since such verification appears to require a broader assessment that takes into consideration subjective and objective factors, including, among others, the amount in absolute value of the credit granted, the economic conditions applied, its percentage weight with respect to the overall value of the debtor's indebtedness and, where appropriate, the latter's economic-financial position;
as "Significant additional remuneration" the additional remuneration received by the director or statutory auditor (or by their respective Close Family Members, as defined below) for the additional offices entrusted and/or for the offices held in corporate bodies, committees or other bodies of the Bank (other than those identified below), of subsidiaries of the Bank and/or of the parent company of the Bank which, taken together, result in a gross annual amount in excess of 75% of the fixed remuneration received by the director or statutory auditor whose independence is at issue for the office held in Banca Ifis and for participation in the internal Board Committees, whereby the following terms are intended
- ➢ as "fixed remuneration for the office" (i) the annual remuneration determined by the Shareholders' Meeting for all directors and statutory auditors or established by the Board of Directors for all non-executive directors within the overall amount resolved by the Shareholders' Meeting for the entire Board of Directors and the related attendance fee; and (ii) the annual remuneration, if any, attributed due to the particular office held by the individual non-executive director within the Board of Directors (Chair, Deputy Chair, Lead Independent Director, etc.) defined according to the best practices set forth in the Corporate Governance Code (i.e., taking into account the remuneration practices prevailing in the reference sectors and for companies of similar size, also considering comparable foreign experiences); and
- ➢ as "remuneration for participation in internal Board Committees" the remuneration as member and/or Chair of the Control and Risks Committee, the Appointments Committee, the Remuneration Committee as well as any other internal Board committee possibly set up by the Bank having functional competences in the application of the Corporate Governance Code and/or of the regulations in force at the time (with the exception of the Executive Committee, if any);
as "Close relatives" in accordance with the provisions of Chapter 11 of Part Three of the Bank of Italy Circular No. 285/2013 on risk activities and conflicts of interest in respect of associated parties - the relatives up to the second degree and the spouse or common-law partner of an Interested Party, as well as the latter's children ("Close Relatives").

The Board of Statutory Auditors verifies the correct application of the assessment criteria and procedures adopted by the Board.

The outcome of the valuations carried out was announced in a press release issued to the market on the same date, i.e. 28 April 2022 as well as 18 April 2024 for the director Nicola Borri.

The Chair of the Board does not qualify as independent.

The number of appointed independent directors is higher than both the provisions of the Articles of Association requiring the presence of a quarter of the members and the indications of the Corporate Governance Code. This choice made it possible to compose the Control and Risk Committee and the Appointments Committee entirely with independent directors; the independent director elected by minorities is a member of the Control and Risk Committee and the Appointments Committee.

The Board of Directors verifies on an annual basis compliance with the independence requirements set out in the Corporate Governance Code and in paragraph 3 of Art. 148 of the TUF. This review was conducted for the third year of office on 23 January 2025 after prior analysis by the Appointments Committee; the independence status was confirmed for all 10 directors.

During 2024, two meetings of the independent directors were held, coordinated by Lead Independent Director Antonella Malinconico, during which topics were covered related to:

development of a policy to govern the evaluation procedures of Group Executives; and
update in the field of sustainability: the Social Banking project.

Lead Independent Director

The Board of Directors, during its meeting of 28 April 2022, on the basis of the results of the self-assessment process related to 2021 and in consideration of the indications included in the document "Qualitative and quantitative composition deemed optimal of the Board of Directors 2022", as well as on the basis of industry best practices, deemed it appropriate to proceed with the appointment of Ms Antonella Malinconico as Lead Independent Director (LID), even if not expressly required by current provisions.

Therefore, the company was already compliant with recommendation No. 13 of the Code following the change in the role of Chair of the Board of Directors on 10 November 2022, Ernesto Furstenberg Fassio being the controlling shareholder of Banca Ifis through La Scogliera SA.

The LID has the task of representing a point of reference and coordination for the requests and contributions of the directors (non-executive and, in particular, independent directors) and of collaborating with the Chair of the Board of Directors in order to guarantee that the directors receive complete and timely information flows.

The same has the power to convene, when deemed appropriate or upon proposal of other directors, special meetings dedicated solely to independent directors to discuss issues deemed of interest with respect to the functioning of the Board of Directors or the management of the Company.

5. Corporate information management

The Bank has a "Policy for the handling of inside information", most recently updated in September 2019.

The Policy details the identification, internal handling, and public disclosure of inside information; In addition, it establishes the duties and responsibilities of the Bank's representatives in the context of the meetings with the financial community.

The policy calls for the creation of a Relevant Information List (the "RIL") with the aim of mapping ex ante the types of inside information that may concern the Bank or its subsidiaries in order to facilitate their subsequent ongoing identification. For each piece of relevant information, the mapping indicates the organisational roles that routinely have access to it in order to facilitate the compilation of the register of persons with access to inside information.

On an ongoing basis, each piece of information concerning Banca Ifis or its subsidiary company is checked to see whether or not it is material and, if so, whether or not it can be qualified as privileged.

6. Board committees

In implementation of Article 12-bis of the Articles of Association, the Board of Directors has set up three internal committees which, with propositional, investigative and advisory functions, enable the body with strategic supervisory functions to take its decisions with greater knowledge of the facts:

Control and Risks Committee;
Appointments Committee; and
Remuneration Committee.

The composition, functioning and powers of the Board Committees are governed, in compliance with industry regulations, in the Regulation of the Board of Directors, the Board Committees approved by the Board of Directors on 7 May 2009 and most recently updated in the meeting of 19 December 2024.

All Committees adopt the same operating rules with reference to the Chair, meetings and deliberations; all committees have financial resources, which can be activated autonomously, to the extent established by the Board of Directors and with provision for reporting to the Board of Directors on the possible use of funds at least once a year, normally at the time of examination of this Report.

The Chair of the Board Committees shall hold office for 18 months from the date of appointment, unless the office of director or member of the Committees is forfeited, revoked or the person resigns. When the presidency expires, the Board of Directors confers the office of Chair to a different member of the Committee holding the envisaged legal and regulatory requirements. Notwithstanding the rotation of the office of Chair, members of the Board Committees may serve as Chair more than once, preferably not consecutively.

The Committee chairmen routinely report at board meetings on the activities carried out by the committees with regard to their own activities.

For matters not directly regulated in the Regulation of the Committees, the rules of operation of the Board of Directors apply, insofar as they are compatible.

Specific information is provided in the various sessions of the report dedicated to each Committee; the composition of the committees was carried out by the Board avoiding an excessive concentration of tasks and favouring the competence and experience of their members.

No function was distributed differently than recommended by the Code or was reserved for the entire Board.

The respective Chairs may invite the Chair of the Board of Directors, the Deputy Chair, the Chief Executive Officer and the General Manager (if appointed) or he Co-General Managers (if appointed) to attend the meetings of the Committees; the Committees may avail themselves of and/or request the attendance of external consultants and any representative or corporate officer of the Bank or other Group company competent in the matter, informing the Chief Executive Officer thereof.

The table in the appendix (a.2) shows information on the composition of the Committees and the actual participation of each member in the meetings.

7. Director Self-Evaluation and Succession - Appointments Committee

7.1 Self-Assessment and Director succession

Banca Ifis has a Regulation on the self-assessment process of the Corporate Bodies, most recently updated in October 2021, which identifies in a manner consistent with the complexity of the Bank and the activity of the Corporate Bodies the persons involved, the phases, the object of the assessment and the methods and tools with which to carry out the various phases of the process itself.

At its meeting on 10 February 2025, the Board completed the annual self-assessment process on the size, composition, and functionality of the Board and its Committees for the third year in office. The assessment process took place from the beginning of November 2024 to the beginning of February 2025 and was conducted with the assistance of the consulting firm Egon Zehnder, through:

the use of questionnaires based on corporate governance best practices, the specificities of Banca Ifis and the findings of the 2023 Self-Assessment. The questionnaire investigated, inter alia, placing greater emphasis on the assessment of strategic performance as well as identifying the best board composition in view of renewals and disclosures to be made pursuant to Part One, Title IV, Chapter 1, Section IV of the Supervisory Provisions (Circular 285); and
individual interviews between the Egon Zehnder team and each Director.

The self-assessment process was carried out in compliance with the provisions of the Supervisory Provisions for banks on corporate governance and taking due account of the EBA guidelines on internal governance, the EBA/ESMA guidelines on the requirements of directors and key function holders and the ECB guide for verifying requirements, as well as the principles of the Corporate Governance Code and the Recommendations formulated by the Corporate Governance Committee for 2024.

With regard to the procedures, first of all the Board - having heard the opinion of the Appointments Committee - decided to make use of the support of an external professional to carry out the process and identified the internal staff in charge of carrying out the same, having taken into account the criteria identified by the Bank within the Regulation on the self-assessment process and, subsequently, the process was divided into the following phases:

i. investigation phase;
ii. processing phase;
iii. phase of preparing the outcomes of the process;
iv. phase of collegial discussion of the results and of predisposition of eventual opportune corrective measures; and
v. phase of verification of the state of implementation of the initiatives previously taken for self-assessments subsequent to the first.

The conclusion of the self-assessment process for the third year of the mandate (FY 2024) was completed, the excellent results of which highlight the following strengths of the Board ("Areas of Excellence"):

the Board expresses its full appreciation for the content and effectiveness of the training programme organised for the benefit of the Bank's corporate bodies during the term of office;
the Board renews its appreciation for the work of the Chair Office Honorary Chair, Chair and Deputy Chair as well as for the constructive and balanced relations that have been established over the years;

the Chair is recognised for the ability to proactively govern the Board of Directors in an all-round manner, including from a technical point of view with regard to Corporate Governance issues. This is coupled with a style that favours moments dedicated to priority activities for the Bank, giving adequate space in the Board so that topics are treated with the right level of depth and that the agenda reflects the priority of the topics themselves;
the Chair is also appreciated for leadership and authoritative qualities, as well as the commitment to ensuring the functional organisation of work and the adequacy and timeliness of the flow of information for meetings;
appreciation for the role covered by the Deputy Chair is confirmed;
the Board confirms its appreciation of the work of the CEO, also with respect to the ability to provide everyone with informative frameworks and analyses that allow them to act informed with an increasingly clear understanding of the business and reference context;
the Board's relationship with senior management is open and collaborative, and management contributions in Board and Committee meetings are recognised;
the Directors confirm their appreciation of the information flows;
the Bank's strategy remains clear and shared by all Directors;
the main causes of risk are confirmed to be adequately investigated, their profiles appear to be effectively integrated into decision-making processes, and risk governance is satisfactory;
the Board is fully aligned with the Bank's ESG commitments;
general satisfaction with the Board committees is confirmed, with reference to their composition, organisation and functioning, as well as their contribution to the Board;
the Board reiterates its full satisfaction with the constructive and balanced interactions between the Board of Auditors, the Board and the other Bodies;
the Chair of the Board of Statutory Auditors is also appreciated for authoritativeness, high credibility and competence in control and risk matters and ability to act as a real 'sparring partner' of the Board of Directors; and
the internal climate of the Board is generally positive, as are the interpersonal dynamics within the body.

As for food for thought for the future, the Board shared the following topics:

extending sittings in the future to ensure adequate time for questions and debate on more complex issues; and
exploring comparison with competitors/market benchmarks and with respect to the internal and social climate.

The Board, in view of the renewal of the bodies as well as any appointments of new members, following the selfassessment process, approves and publishes on its website in the section dedicated to Meetings, the document relating to its "Composition qualitative and quantitative deemed optimal of the Board of Directors of Banca Ifis".

The orientation, contained within the aforementioned document, has the purpose of facilitating the process of defining the best proposals for the qualitative and quantitative composition that the shareholders present on the occasion of the renewal of the Board of Directors and/or appointments of its members.

Succession Plans

On 1 December 2022, the Board adopted the Banca Ifis Group Succession Plans Policy, after consulting the Appointments Committee. The Policy complies with the recommendations of the Regulator and the Corporate Governance Code and demonstrates, also vis-à-vis proxy advisors, shareholders and stakeholders, the best practice approach adopted by Banca Ifis in its governance.

The Plan is based on four essential pillars:

business continuity as the main objective of the Plans in line with the requirements of the Regulator;
an appointment process of potential candidates for succession. In addition to defining the scope of the most strategic roles, the Plans aim at defining a process to search for the best solution to fill the positions left unfilled, a solution that must be sought both internally and externally within the Group;
the definition of the target requirements for top and strategic positions, aimed at identifying the profiles expected to fill the position;
the definition of a Talent Development Plan aimed at ensuring a strategy for the professional/managerial development and growth of talent aligned with current and future corporate objectives, capable of meeting the short and long-term needs of all stakeholders.

The positions concerned concern, in addition to the CEO, the senior roles of Banca Ifis and its subsidiaries, as well as the positions whose appointment is a non-delegable competence of the Board of Directors; the process is governed by the Appointments Committee, which, with the support of the Human Resources Department, establishes the timing and procedures.

7.2 Appointments Committee

Composition and functioning of the Appointments Committee

The Regulation of the Appointments Committee establishes that it is made up, as a rule, of between 3 and 5 members chosen from among the non-executive members of the Board of Directors, the majority of whom are independent. Members must have competences that are functional to the fulfilment of the tasks they are called to perform and the Committee shall be chaired, in turn, by one of its members chosen by the Board of Directors from the independent directors.

The Chair of the Appointments Committee shall hold office for eighteen months from the date of appointment, unless the office of director or member of the Appointments Committee is forfeited, revoked or the person resigns. When the Chair office expires, the Board of Directors confers the office of Chair to a different member of the Appointments Committee holding the aforementioned requirements. Notwithstanding the rotation of the office of Chair, members of the Appointments Committee may serve as Chair more than once, preferably not consecutively.

If a member of the Appointments Committee leaves office for any reason whatsoever, also as a consequence of termination of office, the Board of Directors shall immediately appoint a new member at the first useful meeting. Members of the Appointments Committee appointed to replace those who have ceased to serve shall expire at the same time as those in office at the time of their appointment, unless otherwise determined by the Board of Directors. Each member of the Appointments Committee may be removed by resolution of the Board of Directors, which shall at the same time provide for replacement thereof. The term of office of the members of the Appointments Committee is equivalent to that of the Board of Directors which appointed it, whose early termination, for any reason, determines the simultaneous termination of the Appointments Committee.

The Chair shall call and preside over meetings of the Appointments Committee, prepare its proceedings, and direct, coordinate and moderate discussions. The Chair shall report to the Board of Directors on the activities carried out by the Appointments Committee and on the related proposals and guidelines in the most appropriate form at the first useful meeting. The Chair shall sign, on behalf of the Appointments Committee, reports and opinions to be submitted to the Board of Directors and/or other bodies or functions of the Bank.

The Appointments Committee also meets whenever requested by one of its members who submits a written request to the Chair, indicating the items to be included in the agenda. Meetings of the Appointments Committee shall be called with at least three days' notice, indicating the place, day, time and items on the agenda. In cases of urgency, the Appointments Committee may be convened with one day's notice prior to the scheduled meeting date. In any case, a meeting shall be deemed to be validly constituted if all members of the Appointments Committee are present, even without formal convocation. The notice of call

must be sent to the regular members of the Board of Statutory Auditors and, in copy for information, to the Chair of the Board of Directors. Any documentation relating to the items on the agenda shall normally be made available at the same time as the meeting is convened and in any case with the advance notice appropriate to the circumstances.

The Regulation provides that the members of the Board of Statutory Auditors and, at the invitation of the Chair of the Appointments Committee, the Chair of the Board of Directors, the Deputy Chair, the CEO and the General Manager (if appointed) or the Co-General Managers (if appointed) may attend the Committee's meetings. Lastly, the Appointments Committee may avail itself of and/or request the presence of external consultants and any corporate representative or employee of the Bank or of another Group company competent in the matter in question, informing the CEO thereof.

A majority of the members in office must be present for the meetings of the Appointments Committee to be valid. Decisions/resolutions of the Appointments Committee are made by an absolute majority of those in attendance.

The meetings of the Appointments Committee can be validly held also by means of suitable audio, video or teleconference systems, provided that all those entitled can take part and be identified, and that they are able to follow the meeting and take part in real time in the discussion of the issues, as well as receive, transmit and view documents, thus enabling a simultaneous examination and resolution/decision-making process. The Appointments Committee may meet anywhere, provided that it is in Italy.

The secretariat of the Committee is provided by the General Counsel - Corporate Affairs Parent Company. Minutes of each meeting of the Appointments Committee shall be drawn up by the secretary. The minutes shall be transcribed in the appropriate book and signed by the Chair of the meeting and the secretary.

The Committee, appointed on 28 April 2022, was composed of the following independent directors: Antonella Malinconico, as Chair, Monica Regazzi and Roberto Diacetti.

On 19 October 2023, on the occasion of the rotation of the Chair and following the resignation of independent director Monica Ragazzi, independent director Roberta Gobbi was appointed as Chair.

Therefore, the current Appointments Committee is composed of the following independent directors: Roberta Gobbi as Chair, Antonella Malinconico and Roberto Diacetti as members.

In the financial year 2024, the Appointments Committee met on 10 occasions. Meetings had an average duration of about thirtytwo minutes. As of the date of approval of this Report, the Appointments Committee has met three times and 9 meetings have been scheduled for FY 2025.

The Board of Statutory Auditors was present, with at least one member, at all meetings held in 2024.

Member of the Appointments Committee

The Committee performs the following investigative, propositional and advisory functions:

it provides opinions to the Board of Directors in respect of: (a) the size and qualitative and quantitative composition of the Board and expresses recommendations concerning the professional figures whose presence within the Board is deemed appropriate; (b) the maximum number of administration and control offices, in compliance with the sector's legislation and the internal regulations in force over time; (c) the assessment, if any, of significant positions pursuant to Article 2390 of the Civil Code. With reference to the need to ensure an adequate degree of diversification in the collective composition of the body, the Appointments Committee without prejudice to the obligations set out by the regulations for listed banks - sets a target in terms of the share of the less represented gender and prepares a plan to increase this share up to the set target;
it proposes to the Board of Directors candidates for the office of director in cases of co-option;

it evaluates, at the request of the Board of Directors, the candidacies of individuals who will hold positions in the subsidiaries;
it prepares, in agreement with the competent corporate functions, the Succession Plans of the Banca Ifis Group and coordinates the process regulated therein;
it supervises the self-assessment process of the corporate bodies; in particular, it proposes to the Chair of the Board of Directors the staff appointed to conduct the self-assessment process of the Bodies with strategic supervision and management functions;
it proposes to the Board the areas of the training plan that emerged from the implementation of the selfassessment process and supervise the use of the courses selected by the Board, providing evidence thereof for the purposes of drawing up the Report on Corporate Governance and Shareholding Structure;
it verifies the existence of the requirements and criteria laid down in Article 26 of Legislative Decree No. 385/1993 (TUB) and the relevant implementing rules, including those of a regulatory nature, in force from time to time, for persons performing administrative, management and control functions;
it verifies the presence, within the Corporate Bodies (Board of Directors and CEO), of adequate knowledge, skills and experience to understand the money laundering risks related to the activity and business model.

The Committee also supports the Control and Risk Committee in identifying and proposing to the Board of Directors the heads of the corporate control functions to be appointed.

In 2024, the following topics were dealt with: the evaluation of candidates to be appointed in the subsidiaries, the Board of Directors' Self-Assessment Process, the verification of the suitability requirements of corporate officers (annual and/or as a result of significant changes occurring), the optimal qualitative and quantitative composition of the Board of Directors, the Training Path for the members of the Banca Ifis Group's Top Management Bodies for 2024-2025 and analysis of the Policy on the governance of the procedures for the assessment of corporate officers.

In carrying out its functions, the Committee has access to all relevant corporate information and functions, as well as to external consultants, within the terms set out by the Board of Directors and in compliance with the Group's policy for the management of inside information.

The Appointments Committee has at its disposal financial resources, which can be activated autonomously, in the amount of 60.000 Euro per year, and it is expected to report to the Committee on the possible use of the funds at least once a year, usually during the examination of the Report on Corporate Governance and Shareholding Structure.

The Appointments Committee sees to the setting up of mechanisms to ensure the timely exchange of information with the Board of Statutory Auditors, guaranteeing the availability of information relevant to the performance of their respective duties and the coordination of activities in the areas of shared responsibility for the improved efficiency of the internal control systems.

8. Remuneration of Directors – Remuneration Committee

8.1 Remuneration of Directors

Refer to the relevant parts of the remuneration report published pursuant to Art. 123-ter of the TUF.

8.2 Remuneration Committee

Refer to the relevant parts of the remuneration report published pursuant to Art. 123-ter of the TUF.

9. Internal Control and Risk Management System - Control and Risk Committee

The internal control system plays a central role in the company's organisation, representing a fundamental element of knowledge for the company bodies in order to guarantee full awareness of the situation and effective monitoring of the company risks and their interrelationships; it guides the changes in the strategic lines and company policies and allows the organisational context to be adapted in a coherent manner, it supervises the functionality of the management systems and compliance with the institutions of prudential supervision; it also favours the diffusion of a correct culture of risks, legality and company values.

The Board of Directors, in the document "Group guidelines on the Internal Control System", most recently updated in February 2022, defined the following are the guidelines at Group level:

a) the principles on which the system of internal controls is based;
b) the process of developing the system of internal controls, with an exhaustive breakdown of the tasks of the governing bodies with regard to the phases of:
- I. design of the system of internal controls;
- II. implementation of the system of internal controls;
- III. evaluation of the system of internal controls;
- IV. external communication on the system of internal controls;
c) the elements that characterise risk management;
d) the organisational control model;
e) the roles and control tasks assigned to the organisational units that hinge the company's control functions;
f) the methods of connection between organisational units that hinge on company control functions;
g) information flows between the organisational units that hinge the company control functions and between these and the company bodies;
h) the coordination of the Group's internal controls.

Banca Ifis pursues the following general principles of organisation:

decision-making processes and the assignment of functions to staff are formalised and allow the unambiguous identification of tasks and responsibilities and are suitable for preventing conflicts of interest. In this context, the necessary separation between operational and control functions is ensured;
human resource management policies and procedures ensure that staff are provided with the necessary skills and professionalism to carry out their assigned responsibilities;
the risk management process is effectively integrated. In actual fact: a) there is a common language in the management of risks at all levels; b) the methods and tools used to detect and assess risks are consistent with each other; c) risk reporting models are defined in order to facilitate understanding and correct assessment, also in an integrated logic; d) coordination moments are identified for the purposes of the respective activities; e) information flows are provided for on an ongoing basis between the various departments in relation to the results of the control activities of their own relevance; f) the remedial actions identified are shared;
the processes and methodologies for the valuation, including for accounting purposes, of the company's assets/liabilities are reliable and integrated with the risk management process. To this end: the definition and validation of the valuation methodologies are entrusted to different units; the valuation methodologies are robust, tested under stress scenarios and do not rely excessively on a single source of information; the valuation of a financial instrument is entrusted to a unit that is independent of the one that trades that instrument;

operating and control procedures minimise the risks associated with fraud or employee infidelity, prevent or, where not possible, mitigate potential conflicts of interest and, moreover, prevent involvement, even unknowingly, in money laundering, usury or terrorist financing;
the information system complies with the requirements of the supervisory regulations in force at the time;
the levels of business continuity guaranteed are adequate and comply with the provisions of the supervisory regulations in force over time.

Banca Ifis further establishes:

formalised procedures for coordination and liaison between the components of the Group and the Parent Company for all areas of activity subject to management and coordination;
tasks and responsibilities of the control bodies and functions within the Group, coordination procedures, organisational reporting, information flows and related links;
mechanisms for integrating information systems and data management processes, also in order to ensure the reliability of surveys on a consolidated basis;
periodic information flows that allow for the effective exercise of the various forms of control over the components of the Group;
procedures to ensure an effective group risk management process at a centralised level;
systems to monitor cash flows, credit relationships (particularly the provision of guarantees) and other relationships between Group entities;
controls on the achievement of IT security and business continuity objectives defined for the entire Group and individual components.

Banca Ifis formalises and makes known to its Subsidiaries the criteria that govern the various phases that make up the risk management process and validates the risk management processes within the Group. The Parent company decides on the adoption of the internal systems to be used for measuring risks, and determines its main characteristics, thus taking on the responsibility of carrying out the project as well as supervising the correct implementation of these systems and their constant adjustment from a methodological, organisational and procedural point of view.

The Bank also provides its Subsidiaries with guidelines for the design of the company's internal control system. The Subsidiaries must adopt an internal control system that is consistent with the strategy and the policies of the Group, in terms of controls, without prejudice to compliance with regulations applicable on an individual basis. In any case, it is necessary for the Parent company, in compliance with local constraints, to adopt all initiatives aimed at guaranteeing standards of control and supervision comparable to those envisaged by Italian supervisory provisions, even in cases where foreign regulations do not envisage similar levels of attention.

The process of developing the Group's system of internal controls is defined by Banca Ifis through a cyclical process divided into the following phases:

1. design;
1. implementation;
1. measurement; and
1. outward communication.

The Board of Directors of the Parent company, in the exercise of its strategic supervisory function, designs the internal control system and, in this context, it:

defines and approves:

a) the Group's business model, being aware of the risks to which this model exposes Banca Ifis and its Subsidiaries and understanding the ways in which these risks are detected and assessed;
b) the Group's strategic guidelines, which are updated in line with developments in the company's business and the external context;
c) the risk objectives, tolerance threshold (where identified) and risk governance policies;
d) the Group RAF, taking into account the specific operations and related risk profiles of both Banca Ifis and its Subsidiaries, so as to ensure consistency and integration. The Board of Directors of each Subsidiary is responsible for the implementation of the Group's RAF as far as aspects relating to its own business are concerned;
e) guidelines for the design of the system of internal controls;
f) the criteria for identifying "Major Transactions" to be submitted for prior examination to the Parent company's Risk Management; it also approves those defined by the Subsidiaries, as defined by the Policy for the management of Major Transactions;
g) the process for assessing the Group's liquidity adequacy (ILAAP), promoting full use of the results for management purposes;
h) the Contingency Funding Plan (hereinafter "CFP"), which defines the actions to be taken in the event of a market crisis or specific situations for the Group;
i) the process for managing crisis situations to which the Parent company and its Subsidiaries may be exposed and the Recovery Plan;
j) the organisational structure, ensuring on an ongoing basis that tasks and responsibilities are allocated in a clear and appropriate manner and ensuring that operational functions are separated from control functions;
1. approves:
2. a) the establishment of Parent company control functions, their tasks and responsibilities, the methods of coordination and collaboration, the information flows between these functions and between them and the company bodies;
3. b) internal systems for reporting violations;
4. c) the stress testing programme;
1. it prepares, submits to the General Meeting and reviews, at least once a year, the Group's remuneration and incentive policy;
1. at least once a year, it approves the programme of activities, including the annual and multi-year audit plan prepared by the Parent company's Internal Audit, and examines the annual reports prepared by the Parent company's Control Functions;
1. it defines the guidelines for the design of the internal audit system of the subsidiaries.

On the proposal of the Chief Executive Officer of the Parent company, it also approves:

a) the group's risk management process and assesses its compatibility with strategic guidelines and risk governance policies;
b) the group process for the development and validation of internal risk measurement systems, even if not used for regulatory purposes, but exclusively for management purposes;
c) the organisational and methodological reference framework for the analysis of group IT risk, promoting the appropriate exploitation of information on technological risk within ICT and integration with risk measurement and management systems (especially operational, reputational and strategic);

d) the Group's IT risk appetite, with regard to internal services and those offered to customers, in accordance with the risk objectives and the framework for determining risk appetite defined at Group level;
e) the Cybersecurity Policy;
f) the group Policy regarding the outsourcing of company functions;
g) the Group Anti-Money Laundering Policy;
h) the structure of delegated powers and decision-making powers (for both the Parent company and Group Companies) in line with the strategic guidelines and risk orientations established, and checking that they are exercised;
i) Group policies and processes for the valuation of corporate assets and, in particular, of financial instruments, verifying their constant adequacy; it also establishes the maximum limits for the exposure of the Group as a whole and of each Group company to financial instruments or products whose valuation is uncertain or difficult;
j) the Group's process for approving new products services, starting up new activities, entering new markets; the process for approving new products and services, starting up new activities, entering new markets;
k) the Code of Ethics with which members of corporate bodies and Group employees are required to comply in order to mitigate operational and reputational risks;
l) with regard to credit and counterparty risks, the general outlines of the system for managing risk mitigation techniques that governs the entire process of acquiring, evaluating, controlling and implementing the risk mitigation instruments used.

With regard to the internal control system of each single Subsidiary, the related body with strategic supervisory function carried out the appropriate assessments for the best protection of the Company's interests and within the scope of the provisions received:

it implements the Group's strategic guidelines and business model, with particular reference to the component for which it is responsible;
it implements the Group's RAF, for the parts under their responsibility;
it implements the guidelines provided by the Parent company for the design of its internal control system;
it defines any additions to be made to the system of internal controls, in line with the internal regulations on management and coordination defined by the Parent company.

The Board of Directors of the Parent company delegates adequate powers to the CEO so that, in his capacity as the body with management functions, he implements the internal control system, both at Group and corporate level, consistently with the choices made during the planning stage. In particular, the powers delegated by the Board of Directors to the CEO are such as to enable the latter to:

implement the strategic guidelines, the Group's RAF and the risk management policies; and
adopt measures to ensure that the organisation and the internal control system comply with the applicable principles and regulatory requirements, and monitoring compliance on an ongoing basis.

The Chief Executive Officer of the Parent company, in particular:

defines and oversees the implementation of the Group's risk management process. Within that framework:
- o he establishes operating limits (also specifying those relating to the individual companies that make up the Group, including the Parent company) for taking on the various types of risk, in line with the Group's and individual's propensity to accept risk, taking explicit account of the results of stress tests and changes in the economic scenario. In addition, as part of risk management, it ensures that, for each type of risk, appropriate and independent internal analyses are carried out;

o he facilitates the development and dissemination at all levels of an integrated risk culture in relation to the various types of risk and extended to the entire Group. In particular, training programmes are developed and implemented to make employees aware of their risk responsibilities so that the risk management process is not confined to specialists or control functions;
o he establishes the responsibilities of the organisational units (both of the Parent company and of the Subsidiaries) involved in the group risk management process, so that the relative tasks are clearly assigned and potential conflicts of interest are prevented; it also ensures that the relevant activities are managed by qualified staff with an adequate degree of autonomy of judgement and with experience and knowledge appropriate to the tasks to be carried out;
o he examines Major Transactions for which Risk Management has issued a negative opinion, including those generated by Subsidiaries, and, if necessary, authorises them: it informs the Board of Directors and the Board of Statutory Auditors of such transactions;
o he is responsible for the implementation and performance of the stress testing program and ensures that clear responsibilities and sufficient resources are assigned and distributed and that all program elements are appropriately documented and regularly updated in internal procedures;
he defines the organisational, methodological and procedural framework for the process of analysing IT risk, pursuing an appropriate level of connection with the Parent company's Risk Management for the processes of estimating operational risk. The analysis process is carried out with the assistance of the responsible user and the Parent company's ICT & Change Management, Risk Management and Compliance functions, according to methodologies and responsibilities formally defined by the CEO;
with reference to the ICAAP and ILAAP process, he implements it ensuring that it is in line with the Group's strategic guidelines and the Group's RAF and that it meets the following requirements: it considers all relevant risks; it incorporates prospective assessments; it uses appropriate methodologies; it is known and shared by the internal structures; it is adequately formalised and documented; it identifies the roles and responsibilities assigned to the organisational units of the company; it is entrusted to competent resources, sufficient in quantity, placed in a hierarchical position adequate to enforce the planning and is an integral part of the management activity;
with specific reference to credit and counterparty risks, in line with strategic guidelines, he approves specific guidelines aimed at ensuring the effectiveness of the system for managing risk mitigation techniques and guaranteeing compliance with the general and specific requirements of these techniques;
he defines and oversees the implementation of the Group's process (managers, procedures, conditions) for approving investments in new products, the distribution of new products or services or the launch of new activities or entry into new markets;
he defines and oversees the implementation of the Group Policy for the outsourcing of company functions;
he defines and manages the implementation of the Group's processes for the evaluation of company activities, ensuring that they are constantly updated;
he defines the internal information flows aimed at ensuring that corporate bodies and the organisational units responsible for controls have full knowledge and control of risk factors and can verify compliance with the Group's RAF;
within the scope of the Group's RAF, if a tolerance threshold has been defined, he authorises exceeding of the risk propensity within the limit represented by the tolerance threshold and promptly informs the Board of Directors, identifying the management actions necessary to bring the assumed risk back within the predetermined objective;
he defines the crisis management process, the main assumptions underlying the stress scenarios, the recovery indicators used, the recovery options and the relevant communication plan; supervises the drafting and updating of the Recovery Plan;

he sets up the initiatives and measures needed to ensure the ongoing completeness, adequacy, functionality and reliability of the internal control system and reports the results of the checks carried out to the Board of Directors;
he prepares and implements the necessary corrective or adjustment actions when deficiencies or anomalies emerge, or following the introduction of new products, activities, services or relevant processes.

With regard to the internal audit system of each single Subsidiary, the related body with management functions:

defines the organisational, methodological and procedural framework for the process of analysing IT risk, pursuing an appropriate level of connection with the Parent company's Risk Management for the processes of estimating operational risk.
with reference to the ICAAP/ILAAP processes, provides the necessary support to the Parent Company's Risk Management for the parts under their respective responsibility;
implements the initiatives and measures needed to ensure the ongoing completeness, adequacy, functionality and reliability of its internal control system, in line with the internal regulations on management and coordination defined by the Parent Company. It brings the results of the checks carried out to the attention of the body with strategic supervisory functions, where the roles of the body with management functions and the body with strategic supervisory functions do not coincide.

The Parent company's Board of Directors carries out, also through the structures that hinge the corporate control functions, checks to ascertain the consistency between what has been defined - approved and the related implementation.

The Chief Executive Officer of the Parent company ensures:

the consistency of the Group's risk management process with its risk appetite and risk management policies, bearing in mind also the evolution of the internal and external conditions in which Group companies operate;
proper, timely and secure management of information for accounting, management and reporting purposes.

The Board of Statutory Auditors of the Parent company supervises compliance with the law, regulations and Articles of association, proper administration and the adequacy of the Bank's organisational and accounting structures.

The Board of Statutory Auditors of the Parent company may avail itself of the Bank's internal structures and control units in order to carry out and direct its own audits and necessary checks. To this end, it receives adequate information flows from them on a regular basis or in relation to specific situations or company trends. As a result of this close link, the Board of Statutory Auditors is specifically consulted not only on decisions concerning the appointment and revocation of the heads of company control units, but also on the definition of the essential elements of the overall architecture of the control system (powers, responsibilities, resources, information flows, management of conflicts of interest).

The Board of Statutory Auditors of the Parent company verifies and analyses in detail the causes and remedies of management irregularities, performance anomalies and shortcomings in the organisational and accounting structures, paying particular attention to compliance with the rules on conflicts of interest.

The controls carried out by the Board of Statutory Auditors must cover the entire company organisation, including checks on systems and procedures, the various branches of activity and operations. It also verifies the correct performance of the strategic and management control activities carried out by Banca Ifis on its Subsidiaries.

The Board of Statutory Auditors of the Parent company ascertains the adequacy of all the functions involved in the control system, the correct performance of their duties and their adequate coordination, promoting corrective action in the event of shortcomings or irregularities.

With reference to the audit carried out by the Independent Auditors, the Board of Statutory Auditors retains the tasks related to the assessment of the adequacy and functionality of the accounting system, including the related information

systems, in order to ensure a correct representation of corporate events. Also, to that end, it coordinates with the latter on a continuous basis.

The Board of Statutory Auditors of the Parent company also:

a) notifies the Board of Directors and the CEO of the shortcomings and irregularities found, without prejudice to the obligations to report to the Bank of Italy, requests the adoption of suitable corrective measures and verifies their effectiveness over time;
b) verifies its adequacy, in terms of powers, functioning and composition, taking into account the size, complexity and activities carried out by the bank;
c) is responsible for supervising the completeness, adequacy, functionality and reliability of the system of internal controls and the Group's RAF. In carrying out this task, it monitors compliance with the supervisory provisions in force over time, with particular reference to the internal control system and the ICAAP and ILAAP processes;
d) supervises the completeness, adequacy, functionality and reliability of the internal rating system used for management purposes and its compliance with the requirements laid down in the regulations for internal rating systems adopted for regulatory purposes, which the Board of Directors of the Bank has deemed it necessary to comply with in order to guarantee its correct and effective functioning.

With regard to the internal audit system of each single Subsidiary, the related control body is responsible for supervising the completeness, adequacy and reliability of its own internal audit system, by carrying out, to the extent applicable, the same functions as those described above with regard to the Board of Statutory Auditors of the Parent company.

The Board of Directors of Banca Ifis ensures that information on the internal control system and risks is provided in all cases envisaged by the regulations, guaranteeing the correctness and completeness of the information provided.

The following control functions are identified, framed within the levels provided for by the supervisory regulations in force:

Third level controls, carried out by Internal Audit. These are carried out with the aim of identifying breaches of procedures and regulations as well as regularly assessing the comprehensiveness, adequacy, functionality (in terms of both efficiency and effectiveness), and reliability of the internal control and IT systems (ICT audit) on a regular basis based on the nature and extent of the risks;
Second level controls, carried out by Risk Management, Compliance and Anti-Money Laundering. Amongst others, they are intended to ensure the risk management process is correctly implemented in accordance with the operational limits assigned to the various functions, and that business operations comply with regulations including corporate governance rules.
First level or line controls, aimed at ensuring that operations are carried out correctly, carried out by the production structures themselves or performed as part of back-office activities. The operational structures are primarily responsible for the risk management process: as part of their day-to-day operations, they shall identify, measure or assess, monitor, mitigate, and report the risks arising from ordinary operations in accordance with the risk management process; they shall comply with the operational limits assigned to them in accordance with the risk objectives and the procedures that form part of the risk management process.

The Head of Internal Audit reports directly to the body with strategic supervisory functions. Has direct access to the Board of Statutory Auditors and communicates with it without restriction or intermediation.

The effective functioning of the organisational model envisaged, based on the availability to Internal Audit of information on management and business developments, is also ensured by the systematic information link with the CEO of the Parent company on the activities carried out.

The heads of Risk Management, Compliance and Anti-Money Laundering report directly to the management body. In any case, they have direct access to the Board of Directors and the Board of Statutory Auditors and communicate with them

without restrictions or intermediation. In particular, the heads of the control units that are responsible for second-level corporate control functions report directly to the Board of Directors and to the Board of Statutory Auditors, usually on a quarterly basis or at the specific request of the latter and, in any case, whenever they deem it necessary.

The heads of Internal Audit, Risk Management, Compliance and Anti-Money Laundering:

must meet appropriate professional standards;
are appointed and revoked by the Board of Directors, after consulting the Board of Statutory Auditors;
do not have direct responsibility for operational areas under control.

The Internal Audit, Risk Management, Compliance and Anti-Money Laundering control functions are organisationally separate and are assigned to structures that are not involved in risk-taking processes. The structures which are deemed to be involved in risk assumption, have the following characteristics (even not collectively):

a) authorise the taking of a risk;
b) are remunerated to an extent linked to company performance or have objectives that involve risk-taking;
c) are coordinated by subjects included in the previous categories (points a and b).

As part of the internal control system, roles and tasks have been assigned to the organisational units responsible for second and third level controls, which are detailed in the relative organisational Regulations or in the Group's Anti-Money Laundering Policy.

Without prejudice to their mutual independence and respective roles, Internal Audit, Risk Management, Compliance, Anti-Money Laundering and the Manager charged with preparing the company's financial reports collaborate with each other and with the other organisational units in order to develop their control methods in a manner consistent with the company's strategies and operations.

In addition, the heads of organisational control units interact, coordinate and collaborate in order to avoid overlaps, develop synergies, and optimise collaboration.

The information flows relating to the Internal Control System between the organisational units that hinge the corporate control functions and between these and the corporate bodies are highlighted:

Internal Audit. The frequency with which the Head of Internal Audit of the Parent company must report on his or her work to the Board of Directors must be such as to ensure that the latter is always able to intervene promptly. Therefore, in addition to periodic and systematic reporting on a quarterly basis (Tableau de bord), it is essential to provide information on an occasional basis in order to inform the Board of Directors of any events that may require sudden corrective and/or improvement action. In this context, the results of the assessments that conclude with negative judgements or that reveal significant shortcomings are transmitted in full, promptly and directly to the corporate bodies.

With regard to planning activities and periodic reporting, the Parent company's Internal Audit submits to the Parent company's Board of Directors:

the plan of audit activities (annual and multi-year);
the quarterly tableau de bord;
the annual report on the activity carried out;
the annual report on the checks carried out on the Subsidiaries;
information on the checks carried out on the compliance of remuneration practices with policies and the regulatory framework;
information on audits relating to the governance and management of liquidity risk;
the report on essential and important functions outsourced outside the banking group;
the annual report on the proper functioning of internal systems for reporting violations (whistleblowing);
the report on internal audit activity on investment services.

Stable forms of collaboration are also envisaged between the Board of Statutory Auditors, the Control and Risk Committee, the Supervisory Body and the Parent company's Internal Audit, which are implemented by means of:

a mutual exchange of information;
the possibility for the Board of Statutory Auditors, the Control and Risk Committee and the Supervisory Body to ask the Parent company's Internal Audit to carry out checks on specific operational areas or particular company operations;
the participation, as a rule, of the Director of the Audit Function in the meetings of the Board of Auditors and the Control and Risk Committee;
the appointment of the Director of Internal Audit as a member of the Supervisory Board of the Parent Company Banca Ifis.

In addition, the Head of Internal Audit of the Parent company:

reports to the Board of Statutory Auditors, the Control and Risk Committee and the Supervisory Body, at the latter's request, on the activities carried out;
brings to the attention of the heads of the other control units any inefficiencies, weaknesses or irregularities that have emerged during the verification activities carried out that may be of interest for the activities for which they are responsible;
informs the heads of the organisational structures concerned of any inefficiencies, weaknesses or irregularities found, for the implementation of the measures for which they are responsible.

Risk Management. Submits to the Board of Directors for approval (or final review, with specific reference to the periodic reports produced) and to the Board of Statutory Auditors and the Risk Control Committee:

programmes of activities in which the main risks to which the group is exposed are identified and assessed and the relevant management actions are planned;
the report on the activities carried out which illustrates the checks carried out, the results obtained, the weaknesses detected and the measures to be taken to remove them (both for Banca Ifis and its subsidiaries);
the Group's public disclosures;
the risk map of the Group and individual Legal Entities;
the Group's RAF;
the risk management governance policies;
the Validation Policy for internal risk measurement systems not used for regulatory purposes;
the stress test methodology manual;
the Group's ICAAP ILAAP report;
the Contingency Funding Plan;
the Group's Recovery Plan;
monitoring the risks associated with the outsourced functions;

the quarterly tableau de bord;
reporting on ICT, Security and Third-Party ICT risk monitoring;
reporting on the monitoring of operational and reputational risks;
Materiality assessment;
periodic reports on the "Major Transactions" for which it has expressed its opinion on the consistency with the RAF, highlighting those for which, although with a negative opinion, a favourable resolution followed;
the report on risk control activities on investment services.

In addition, Risk Management sends to the Control and Risk Committee:

periodic reports on the significant risks taken on by the group with evidence of the differences between actual exposure levels and the set risk objectives;
any specific reports on the risks that can potentially be taken on as a result of the launch of new products and/or as a result of entering new markets.

The Head of Risk Management informs the Managers of the other control units of the Parent Company of critical issues detected in their control activities that may be of interest to the activities of each.

It is also foreseen the reciprocal transmission, normally for knowledge and in relation to the area of competence, of the results of the individual interventions carried out.

Compliance. It reports to the Board of Directors, the Board of Statutory Auditors and the Risk Control Committee:

the programme of activities in which the main risks of non-compliance with standards are identified and assessed and the relevant management actions are planned;
the annual report on activities conducted illustrating, inter alia, the checks carried out, the results obtained, the weaknesses detected and the proposals for action to be taken to remove them;
the quarterly tableau de bord;
a report on the overall situation of complaints received, the adequacy of procedures and organisational solutions;
the Transparency Report (Transparency of banking and financial transactions and services, Correctness of relations between intermediaries and clients, Checks on internal procedures);
the report on investment services and complaints received;
the report on insurance distribution activities.

The Head of Compliance informs the Heads of the other corporate control units of the Parent company of critical issues detected in their control activities that may be of interest to the activities of each. It is also foreseen the reciprocal transmission, normally for knowledge and in relation to the area of competence, of the results of the individual interventions carried out.

Anti-Money Laundering. Submits to the Board of Directors for approval (or final review, with specific reference to the periodic reports produced) and to the Board of Statutory Auditors and the Risk Control Committee:

the annual plan of activities;
the quarterly tableau de bord;
the annual report on the activity carried out;

• the document containing the results of the risk self-assessment exercise and the relative plan of action for adaptation.

The Head of Anti-Money Laundering informs the Heads of the other corporate control units of the Parent company of the critical points detected in their control activities which may be of interest for the activities of each. Moreover, the reciprocal transmission of the results of the single interventions carried out is foreseen, normally for information and in relation to the area of competence.

Manager charged with preparing the company's financial reports. In compliance with the provisions of Art. 154-bis of the TUF, the Parent company's Manager charged shall:

issue an attestation, jointly with the CEO of the Parent company, certifying:
- o the adequacy and effective implementation of the administrative and accounting procedures;
- o the compliance of accounting documents with IAS/IFRS;
- o that the accounting documents coincide with the results of the accounting ledgers and records;
- o that they provide a true and correct representation of the financial position of the Bank and the subsidiaries and consolidated companies;
- o that the "Report on Operations" includes a reliable analysis of the performance and result of operations as well as the situation of the Bank and the Group;
issue a statement certifying that the documents and communications of the company disclosed to the market and related to the accounting information, including interim information of the same company, correspond to the documented results, books and accounting records (Art. 154-bis, paragraph 2).

Together with the explicit provisions of the above-mentioned reference legislation, the Manager charged prepares:

the annual plan of its activities, within which the scope of the analyses to be carried out on an annual basis is outlined. He submits this document to the CEO for sharing, with subsequent presentation to the Control and Risk Committee;
the half-yearly report (in correspondence with the annual and abridged half-yearly financial statements) on the results of the activities carried out and informs the CEO and the Control and Risk Committee.
if necessary and/or upon request of the corporate bodies, specific and dedicated reporting.

a. Main characteristics of the existing risk management and internal control systems in relation to the financial reporting process

a.1. Background

The risk management system and the internal control system in relation to the financial and sustainability reporting process are elements of the same System, aimed, among other things, at ensuring the reliability, accuracy and timeliness of financial and sustainability reporting.

In order to ensure adequate control and proper mitigation of the risks of incorrect financial reporting and incorrect sustainability reporting, Banca Ifis has adopted a specific framework of analysis that cuts across the various corporate processes and is aimed at identifying and controlling the main risks to which the Company is exposed when executing the significant transactions that generate the information contained in the financial statements, in the Report on Operations and, in general, in any other financial/sustainability reporting.

The application of the framework is designed to ensure accuracy, reliability and timeliness of reporting, pursuing integration with the overall internal control and risk management system.

The provisions of the Articles of Association concerning the "Manager charged with preparing the company's financial reports" (hereinafter also the "Manager charged"), the appointment of the current Manager charged, the Group's Policy for the management of the risk of incorrect financial and sustainability reporting, the update of the "scope of activities of the Manager charged" and the "Regulation of the Manager charged and of the Financial & Sustainability Reporting Monitoring & Control", approved by the Board of Directors, constitute, together with the body of administrative-accounting and sustainability procedures, the set of measures adopted by the Bank to monitor the risk of incorrect financial and sustainability reporting.

The framework consists of several levels of analysis that in combined action lead to the definition of appropriate administrative, accounting and sustainability procedures at Group level. It is inspired by the principles and guidelines defined by the Internal Control - Integrated Framework issued by the Committee of Sponsoring Organisations of the Treadway Commission (known as CoSO) and by the Control Objectives for Information and related Technology (known like CobiT), considered as reference models accepted internationally.

The levels of analysis in the framework are as follows:

Entity Level Controls (ELC): controls operating at company level, which provide the framework within which controls at the individual process level can be defined:
Process-level controls (PC): these are controls that operate at process level and whose implementation provides evidence that adequate administrative, accounting and sustainability procedures are in place to ensure effective internal control over financial and sustainability reporting;
Controls on Information Technology (IT General Controls or "ITGC"): controls that operate at corporate level and that are specifically linked to the processes of managing Information Technology in support of the execution of corporate processes; they concern, for example, the processes of software acquisition and maintenance, the management of physical and logical security, and the development and maintenance of applications.

a.2. Description of the main characteristics of the existing risk management and internal control system in relation to the financial and sustainability reporting process (the "System")

The process for managing the risk of financial and sustainability misreporting and the methods of collaboration and coordination between the Financial & Sustainability Reporting Monitoring & Control, Accounting & Reporting structure and the other structures and Bodies of the Bank are defined within the Group Policy for the management of the risk of financial and sustainability misreporting, approved by the Board of Directors. Accounting & Reporting is responsible for fulfilling administrative and accounting requirements, as well as for producing the financial information prepared with the contribution of the Manager charged with preparing the Company's financial reports and certified pursuant to Art. 154-bis of the TUF. Sustainability Reporting is instead responsible for fulfilling non-financial reporting requirements, as well as for producing the financial reporting prepared with the contribution of the Manager charged with preparing the Company's financial reports and certified pursuant to Art. 154 bis of the TUF.

a.2.1 Steps in the process of managing the risks of financial misstatement

The operational approach that characterises the overall financial misreporting risk management process is divided, consistently with the phases of the risk management process the Bank has adopted, into the following sub-processes:

• Identification: The Financial & Sustainability Reporting Monitoring & Control, also with the operational support of Accounting & Reporting, identifies the significant accounting items and entities to be included in the scope of verification activities. The significance of subsidiaries is assessed annually on the basis of the criteria adopted. After identifying entities and significant accounting items, the Financial & Sustainability Reporting Monitoring & Control structure assesses the risks of financial misreporting that affect them. Assessment: the risks identified are assessed in potential terms. Subsequently, the Financial & Sustainability Reporting

Monitoring & Control structure assesses the adequacy of the organisational controls (internal controls) defined in terms of preventing the risks of financial misreporting (so-called control adequacy assessment).

Monitoring: The Financial & Sustainability Reporting Monitoring & Control structure, in consideration of the adequacy expressed on the adequacy of the internal control design, checks that the controls identified are actually implemented in accordance with the procedures and intervals laid down, and that they are tracked through the filing of the related evidence (so-called verification of the effective application of controls).
Mitigation: the adequacy assessment and enforcement reviews may highlight any deficiencies/recommendations in the organisational controls in place to mitigate the risk of financial misreporting. Therefore, on the basis of the outcomes, of the Assessment and Monitoring activities, it defines the necessary corrective actions and/or actions to reinforce the existing safeguards.
Reporting: The Financial & Sustainability Reporting Monitoring & Control structure prepares a quarterly report, which it shares with the CEO and subsequently presents to the Board of Directors, the Control and Risk Committee and the Board of Statutory Auditors. The report describes the verification activities carried out, their results and any criticalities found. The assessment of adequacy and effective implementation of the administrative and accounting procedures is used by the Manager in charge of drawing up the certifications required pursuant to Art. 154-bis of Legislative Decree No. 58/98.

As part of the management and coordination activity performed by the Parent Company over the companies of the Group, the Manager charged, through the Financial & Sustainability Reporting Monitoring & Control structure, analyses the documentation produced by the Finance representatives at the subsidiaries (where considered significant in the annual planning process) and assesses the results of the controls performed by them for the purposes of ensuring correct consolidated financial reporting. The summary of any critical issues that emerge is summarised in the report that the Parent Company's Manager Charged produces on a quarterly basis in accordance with the procedures defined in the previous paragraph.

a.2.2 Steps in the process of managing the risks of sustainability misreporting

The operational approach that characterises the overall sustainability misreporting risk management process is divided, consistently with the phases of the risk management process the Bank has adopted, into the following sub-processes:

Identification: The Financial & Sustainability Reporting Monitoring & Control structure, also availing itself of the operational support of Sustainability Reporting, identifies the significant qualitative and quantitative data points, applicable to the Banca Ifis Group, that concern sustainability reporting to be included in the scope of verification activities and subsequently, the Financial & Sustainability Reporting Monitoring & Control structure identifies the risks of sustainability misreporting concerning them.
Assessment: risks identified are assessed in terms of their inherent risk. Subsequently, the Financial & Sustainability Reporting Monitoring & Control structure assesses the adequacy of the organisational controls (internal controls) defined in terms of preventing the risks of sustainability misreporting (so-called control adequacy assessment).
Monitoring: The Financial & Sustainability Reporting Monitoring & Control structure, in consideration of the adequacy expressed on the adequacy of the internal control design, checks that the controls identified are actually implemented in accordance with the procedures and intervals laid down, and that they are tracked through the filing of the related evidence (so-called verification of the effective application of controls).
Mitigation: the adequacy assessment and enforcement reviews may highlight any deficiencies/recommendations in the organisational controls in place to mitigate the risk of sustainability misreporting. Therefore, on the basis of the outcomes, of the Assessment and Monitoring activities, it defines the necessary corrective actions and/or actions to reinforce the existing safeguards.
Reporting: The Financial & Sustainability Reporting Monitoring & Control structure prepares an annual report on the activities carried out in the area of sustainability misreporting risk management, which it shares with the CEO and subsequently submits to the Board of Directors, the Control and Risk Committee and the Board

of Statutory Auditors. The report describes the verification activities carried out, their results and any criticalities found. The assessment of the adequacy and effective application of the system of internal controls over sustainability reporting is used by the Manager in charge to certify, in accordance with Art. 58/98 (as amended), that the sustainability disclosures included in the Report on Operations have been prepared in accordance with the reporting standards applied pursuant to 2013/34/EU and the legislative decree adopted in implementation of Article 13 of Law no. 15 of 21 February 2024 and with the specifications adopted pursuant to Article 8 paragraph 4 of Regulation (EU) 2020/852.

a.2.3 Roles and Functions involved

In the light of the significant responsibilities entrusted to him, the Manager charged is granted adequate powers and means to carry out his functions, as specified in paragraph 8.6 of this Report. The Manager charged receives from all the Bank's organisational units the maximum cooperation necessary to carry out the activities for which he is responsible, having guaranteed free access to all environments, information, accounting records and documentation relating to his activities. Moreover, if necessary, the latter may request information or documents located at external suppliers, through the relevant internal contact for the outsourced activity. Finally, the Manager charged may agree with each organisational unit involved in the process on the methods for transmitting the information flows necessary for the performance of its activities.

In order to carry out the activities for which he is responsible, the Manager Charged avails of the Financial & Sustainability Reporting Monitoring & Control organisational unit, whose objective is to assess the completeness, adequacy, functionality and reliability of the internal audit system, with specific reference to the production of financial and sustainability reporting and the management of the risk that the latter may be incorrect.

Internal Audit assesses the completeness, adequacy, functionality and reliability of the management process of the aforementioned risk.

As part of the management and coordination activities carried out by the Parent company with regard to Group companies, the Parent company's Finance Department issues methodological guidelines on administrative - accounting matters (Financial Reporting) to be followed by the Organisational Units of the latter, which are appointed for this purpose, when carrying out the activities for which they are responsible.

In view of the fact that the Group's configuration envisages the presence of entities considered significant when defining the scope of the Manager charged (the "identification phase"), Banca Ifis, as part of the management and coordination action it exercises over its subsidiaries, asks, through the Manager charged of the Parent company, to:

send quarterly check-lists to the Finance contact persons at these entities, so that on the basis of these checks the Parent company's Manager charged can assess the adequacy and effective application of the administrative and accounting procedures for the preparation of financial reports. The evidence produced by the Finance contacts at the controlled entities, together with the declaration made by them concerning the effective performance of the required controls and the application of the Group accounting policies, is obtained, assessed and filed by the Financial & Sustainability Reporting Monitoring & Control structure. Check-lists are reviewed quarterly, as needed.
Carry out, by means of the Financial & Sustainability Reporting Monitoring & Control structure, verification activities at such entities in accordance with the provisions of the annual plan which is ratified by the Board of Directors of Banca Ifis.

The process of data collection and preparation of the Sustainability Report is managed centrally at the Parent Company level, through a logic of ownership of the consolidated data at the individual data point level and not through supply and reporting by individual subsidiary.

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

9.1 Chief Executive Officer

The Board of Directors, in order to implement the system of internal controls, both at Group and company level, has delegated to the CEO adequate powers for this purpose, as detailed in Section 9.

In his capacity as the Body with management function, he constantly reported to the Board of Directors on all aspects of company management and:

ensured, through the competent structures, the identification of the main corporate risks;
implemented the guidelines established by the Board;
monitored, through the competent operational structures, the need to update the Group's policies for the governance and management of the main corporate risks;
implemented the guidelines defined by the Board with regard to the internal audit and risk management system, constantly assessing its adequacy and effectiveness;
ensured the adaptation of the company and group internal control system to the dynamics of the operating conditions of the legislative and regulatory context.

9.2 Control and Risks Committee

The Control and Risk Committee has the task of supporting the Board's assessments and decisions relating to the internal control and risk system, the approval of periodic financial and non-financial reports and supporting the Board in analysing issues relevant to the generation of long-term value with a view to sustainable success.

The Control and Risk Committee is made up, as a rule, of three to five members chosen from among the non-executive members of the Bank's Board of Directors, the majority of whom are independent. The members of the Control and Risk Committee must have knowledge, skills and experience, primarily in the business sector in which the Bank operates, such that they can fully understand and monitor the Company's strategies and risk orientations. At least one member of the Control and Risk Committee must have appropriate accounting and financial or risk management experience, to be evaluated by the Board of Directors at the time of appointment.

Composition and functioning of the Control and Risks Committee

The Committee at the date of publication of this Report, in compliance with to Recommendation 35 of the Corporate Governance Code, is made up of 5 independent, non-executive Directors appointed at the Board of Directors' meeting of 28 April 2022: Simona Arduini, Paola Paoloni, Monica Billio, Antonella Malinconico and Roberto Diacetti.

From the date of the Committee's establishment until 18 October 2023, Simona Arduini held the position of its Chair. As of 19 October 2023, the independent director and Lead Independent Director Antonella Malinconico was appointed as Chair.

The Control and Risk Committee is chaired, in turn, by one of its members chosen by the Board of Directors from among the independent directors with adequate knowledge and experience in accounting and finance or risk management. The Chair of the Control and Risk Committee shall hold office for a term of eighteen months from the date of appointment, unless terminated, revoked or resigned as a director or member of the Control and Risk Committee. When the office of Chair expires, the Board of Directors confers the office of Chair to a different member of the Control and Risk Committee holding the aforementioned requirements. Without prejudice to the rotation of the office of Chair, the members of the Control and Risk Committee may hold the office of Chair more than once, preferably not consecutively.

If, for any reason whatsoever, also as a consequence of the termination of the office of director, a member of the Control and Risk Committee leaves office, the Board of Directors shall promptly appoint a new member at the first useful meeting. Members of the Control and Risk Committee appointed to replace those who have ceased to serve shall expire at the same time as those in office at the time of their appointment, unless otherwise determined by the Board of Directors. Each member of the Control and Risk Committee may be revoked by a resolution of the Board of Directors, which shall, at the same time, replace him/her. The term of office of the members of the Control and Risk Committee is equivalent to that of the Board of Directors which appointed it, whose early termination, for any reason, determines the simultaneous termination of such Committee.

The Chair convenes and chairs the meetings of the Control and Risk Committee, prepares its work, directs, coordinates and moderates the discussion, and reports to the Board of Directors on the activities carried out by the Committee and on the related proposals and guidelines in the most appropriate form at the first useful meeting. The Chair shall sign, on behalf of the Control and Risk Committee, reports and opinions to be submitted to the Board of Directors and/or other bodies or functions of the Bank. In the event of the Chair's absence, unavailability or impediment, his functions are performed by the most senior member of the Control and Risk Committee.

The Control and Risk Committee is convened by the Chair or, in the event of his absence, impediment or delay in providing for it, by the most senior member of the Control and Risk Committee; it also meets whenever requested by one of its members or by the head of the Internal Audit function who submits a written request to the Chair, indicating the items to be included on the agenda.

Meetings shall be convened with at least three days' notice, indicating the place, day, time and items on the agenda; in case of urgency, the Committee may be convened with one day's notice prior to the date scheduled for the meeting. The notice of call must be sent to the regular members of the Board of Statutory Auditors and, in copy for information, to the Chair of the Board of Directors. Any documentation relating to the items on the agenda shall normally be made available at the same time as the meeting is convened and in any case with the advance notice appropriate to the circumstances.

The Chair of the Board of Statutory Auditors, or another member identified by the Chair, takes part in the work of the Control and Risk Committee. When deemed appropriate in relation to the issues to be dealt with, the Control and Risk Committee and the Board of Statutory Auditors meet jointly. At the invitation of the Chairman of the Control and Risk Committee, the Chairman of the Board of Directors, the Deputy Chairman, the CEO and the General Manager of the Bank (if appointed) or the Co-General Managers (if appointed) may also attend the meetings. The Chair of the Control and Risk Committee is also entitled to invite to the meetings the director in charge of the internal control and risk management system and the other members of the Board of Directors, the statutory auditor or the representatives of the auditing firm and the members of the management and control bodies of the Group companies with reference to all or some of the items on the agenda, unless issues concerning them are discussed. Lastly, the Control and Risk Committee may avail itself of and/or request the presence of independent consultants and any corporate officer or employee of the Bank or of another company of the Group that is competent in this field, informing the CEO thereof.

For the meetings of the Control and Risk Committee to be valid, the majority of the members in office must be present and the decisions/resolutions are taken by an absolute majority of those present. In the event that the Control and Risk Committee is composed of an even number of members, in the event of a tie, a subsequent vote shall be taken in which the decision that obtained the Chair's vote shall prevail. Voting may not be by proxy and each member is entitled to one vote.

The meetings of the Control and Risk Committee may be validly held also through the use of suitable audio, video or teleconference systems, provided that all the persons entitled may participate and be identified and that they are allowed to follow the meeting and intervene in real time in the discussion of the issues, as well as to receive, transmit and view documents, implementing simultaneous examination and decision-making/deliberation. The Committee may meet anywhere, provided it is in Italy.

The secretariat of the Committee is provided by the General Counsel - Corporate Affairs Parent Company which is responsible for drafting concise minutes. The minutes shall be transcribed in the appropriate book and signed by the Chair of the meeting and the Secretary.

In 2024, the Committee met 21 times, five of which jointly with the Board of Statutory Auditors; the average duration of the meetings was approximately two hours and twenty minutes. The Board of Statutory Auditors, either in its entirety or by ensuring the presence of at least two standing members, attended all meetings held in 2024.

From the beginning of 2025 until the date of approval of this document, the Committee met six times, including twice jointly with the Board of Statutory Auditors; 21 meetings have been scheduled for 2025.

In addition to holding joint meetings with the Board of Statutory Auditors, during its meetings the Committee has discussed specific issues with the Chief Financial Officer, the Manager charged with preparing the company's financial reports, the Head of Accounting & Reporting, the Head of Financial & Sustainability Reporting Monitoring & Control, the Head of Compliance, the Head of Anti-Money Laundering, the Chief Risk Officer and the independent auditing firm. It also systematically and continuously met with the Head of Internal Audit, who usually attends the Committee's meetings with a view to achieving synergy between the various players in the internal control system. The Committee met again with the Sustainability & Website Manager, the Head of Capital Markets, the Chief Lending Officer, the Head of Workout, Restructuring & Recovery, the Head of Legal Recovery, the Head of Taxation, the Head of Organisation, the Head of Privacy & Security, the Head of ICT & Change Management, the Head of IT Strategy, the Head of Group Claims, the Head of Validation & Institutional Reporting, the Head of Risk Management Subsidiaries, the Head of Risk Management Parent Company, the Head of Operational & IT Risk, the Head of Credit Risk, the Co-General Manager Chief Operating Officer and the Co-General Manager Chief Commercial Officer.

Functions assigned to the Control and Risk Committee

The Control and Risk Committee performs support functions for the body with strategic supervisory functions with regard to risks and the internal control system.

The Control and Risk Committee has the following investigative, propositional and advisory functions:

assess, together with the Manager charged with preparing the company's financial reports pursuant to Art. 154 bis of Legislative Decree No. 58 of 24 February 1998, as subsequently amended and supplemented (the "Manager charged") and having consulted the Independent Auditors (or auditing firm) and the Board of Statutory Auditors, the correct use of the accounting standards and, in case of groups, their uniformity for the purposes of drawing up the consolidated financial statements and sustainability report;
assess the suitability of periodic financial and non-financial information to correctly represent the Company's business model, strategies, the impact of its activities and the performance achieved;
analyse issues relevant to long-term value generation from the perspective of sustainable success;
express opinions on specific aspects related to the identification and management of the main corporate risks, including climate and environmental risks and, more generally, sustainability risks;
examine in advance the programmes of activities (including the audit plan) and the annual reports of the corporate control functions of the Company and, where present, of the Group companies, concerning the assessment of the internal control and risk management system, as well as those of particular importance prepared by the Internal Audit function;
monitor the autonomy, adequacy, effectiveness and efficiency of the Internal Audit function and the control functions, where present, of the Group companies;
express evaluations and formulate opinions to the Board of Directors on compliance with: (i) the principles to which the internal control system and the corporate organisation must conform; (ii) the requirements to be met by the corporate control departments (iii) the activities of the Group's anti-money laundering function and of the individual Group companies, as well as the adequacy of the human and technical resources assigned to the antimoney laundering function, also in the light of the periodic checks carried out by the internal audit function,

bringing to the attention of the Board of Directors any weaknesses and the consequent corrective actions to be promoted; to this end, it assesses the proposals of the body with management functions;

request that the Internal Audit Unit carry out checks on specific operating areas, providing simultaneous communication to the Chair of the Board of Statutory Auditors;
report to the Board of Directors, when the annual and interim financial reports are approved, on the activities carried out and on the adequacy of the internal control and risk management system;
assist the Board of Directors in supervising the actual functioning of the risk management and control processes in compliance with the laws and regulations in force;
support, with an adequate preliminary activity, the evaluations and decisions of the Board of Directors relating to the management of risks deriving from prejudicial facts of which the Board of Directors has become aware;
identify and propose, with the help of the Appointments Committee, the heads of the corporate control functions to be appointed;
contribute, by means of assessments and opinions, to the definition of the company policy for the possible outsourcing of corporate control functions;
verify that all company control functions correctly comply with the indications and guidelines approved by the Board of Directors and assisting the latter in drawing up the document coordinating the control functions and, in general, the system of company and group internal controls.

The Control and Risk Committee also issues its own prior opinion to the Board of Directors:

on the guidelines of the internal control and risk management system, so that the main risks concerning the Company and its subsidiaries are correctly identified, as well as adequately measured, managed and monitored, also determining the degree of compatibility of the risks with a management of the company that is consistent with the identified strategic objectives;
on the adequacy of the internal control and risk management system with respect to the characteristics of the company and the risk profile assumed, as well as its effectiveness;
on the activity programmes (including the audit plan) and annual reports prepared by the head of the Internal Audit function and the heads of the control functions, where present, of the Group companies;
on the description, in the Report on Corporate Governance and Shareholding Structure, of the main characteristics of the internal audit and risk management system and of the coordination methods between the subjects involved in it, including the assessment of its adequacy;
on the findings set out by the statutory auditor (or audit firm) in the letter of recommendations, if any, and in the report on key matters arising from the statutory audit.

With reference to the appointment, revocation, adequacy of the resources assigned to perform its functions, as well as the fixed and variable remuneration of the head of the Internal Audit function of the Bank and, where present, of the Group companies, the Committee supports the Board of Directors in its decisions, also by issuing prior opinions where required by the legislation in force over time or by the Board of Directors.

With particular reference to the tasks related to risk management and control, the Committee carries out support functions for the body charged with strategic supervision:

in the definition and adoption of the strategic guidelines and risk management policies. As part of the RAF, the Control and Risk Committee performs the evaluation and proposal activity necessary for the Board of Directors to define and approve the risk objectives and tolerance threshold;
in verifying the correct implementation of strategies, and management policies for risks and the RAF;

• in the definition of policies and processes for the assessment of corporate activities, including verification that the price and conditions of transactions with customers are consistent with the business model and strategies concerning risks.

Without prejudice to the responsibilities of the Remuneration Committee, the Control and Risk Committee shall ascertain that the incentives underlying the Company's remuneration and incentive system are consistent with the RAF.

In the performance of its duties, it has access to all the information and company departments that are relevant for the performance of its tasks, and can avail itself of external consultants, within the terms established by the Board of Directors and in compliance with the Group's policy for the management of inside information.

The Control and Risk Committee carries out its activities by making ordinary use of the information provided by the Board of Directors, the director in charge of the internal control and risk management system, the head of the Internal Audit function and of the other control functions, the Manager charged with preparing the company's financial reports, the Supervisory Body provided for by Legislative Decree no. 231 of 8 June 2001, as subsequently amended and supplemented, and the statutory auditor or representatives of the auditing firm, as well as the results of the activities carried out by the other committees set up by the Board of Directors.

It sees to the setting up of mechanisms to ensure the timely exchange of information with the Board of Statutory Auditors, guaranteeing the availability of information relevant to the performance of their respective duties and the coordination of activities in the areas of shared responsibility for the improved efficiency of the internal control systems.

The Control and Risk Committee has financial resources, which can be activated autonomously, in the amount of 60.000 Euro per year, established by the Board of Directors and with provision for reporting to the Board on the possible use of the funds at least once a year, usually at the time of examination of the Report on Corporate Governance and Shareholding Structure.

With regard to transactions with related parties and/or associated parties, the Control and Risk Committee, consisting solely of independent directors, also performs the functions assigned to it by the Board of Directors, as governed by current internal regulations.

In 2024, the Committee's activities were carried out along a number of main lines, with a view to preparing the work of the Board of Directors:

discussions with the heads of control functions Internal Audit, Risk Management, Anti-Money Laundering and Compliance on the respective annual plans and reports, and on the quarterly Tableau de Bord sent to the Bank of Italy;
discussions with the Head of Internal Audit in the area of handling reports of violations (whistleblowing);
quarterly evaluations of accounts receivable and other balance sheet items in preparation for periodic financial reports;
half-year evaluations of complaint handling;
dialogue, also in joint form, with the Board of Statutory Auditors, the Manager charged and the company appointed to carry out the statutory audit of the accounts;
transactions falling within the "Single Perimeter" of the Group's related parties;
interaction with the Business Continuity Plan manager and relevant managers on ICT governance (strategic plan, reporting, disaster recovery and business continuity plans and tests);
dialogue with the Data Protection Officer;
dialogue falling within the scope of the outsourced Essential or Important Functions (EIFs);

updates to internal regulations (regulations, policies, organisational processes and procedures, methodological manuals, delegation system);
discussions with the Validation Function (formerly Group Validation Function) regarding the validation reports on the Risk Management internal models adopted by the Bank in its individual businesses;
discussions with the Bank's internal working parties on the progress of projects aimed at adapting the Group to the laws and regulations issued from time to time by the national and European Authorities.

9.3 Head of the Internal Audit Function

Angelo Ferracchiati has held the position of Head of Internal Audit since 1 June 2019.

Mr Ferracchiati was appointed on the proposal of the director in charge of overseeing the functionality of the internal control and risk management system, at the Board meeting of 30 May 2019, after receiving the favourable opinion of the Control and Risk Committee and after consulting the Board of Statutory Auditors.

Upon appointment, the Board - based on the proposal made by the Remuneration Committee - entrusted the CEO, the General Manager (who was at that time part of the corporate organisational chart) and the Head of Human Resources with the definition of remuneration issues.

The unit is located on the staff of the Board of Directors and is not responsible for any operational area; it is provided over time with adequate resources to carry out its activities.

The positioning of the Internal Audit unit within the corporate organisational chart on the staff of the Board of Directors not only ensures the independence of the unit itself, in line with the indications of the Bank of Italy and with the best practices in the sector, but also facilitates the appropriate exchange of information with the Control and Risk Committee, the Board of Statutory Auditors and, in general, with corporate bodies and organisations.

The mission assigned to Internal Audit by the relevant regulations, approved by the Board of Directors, includes checking that the internal control and risk management system is complete, adequate, functional and reliable.

***

The Group's Internal Audit Regulations require the Parent company's Internal Audit Function to define a programmed plan of activities which, based on a structured process of analysis and prioritisation of the main risks ("risk based"), takes account of the different degree of risk of the various activities and structures of the Parent company and its Subsidiaries. With regard to the companies of the Banca Ifis Group, a contact person for the Internal Audit Function has been identified, which each subsidiary has outsourced to the Bank; the contact person reports hierarchically to the Head of the Bank's Audit Function, but functionally to the Administrative and Control Bodies of the subsidiaries.

The Programmatic Plan of Audit activities indicates the audit activities planned for the three-year period (multi-year plan) and has a specific section for information system audit activities (ICT auditing).

Without prejudice to the coordination and collaboration with the other control functions, taking into account the importance of the activities planned by the second-level control functions, the Programmatic Plan of Audit activities is normally submitted not before the Risk Management, Compliance and Anti-Money Laundering control units of the Parent company have drawn the attention of the corporate bodies to the planning of their activities.

The Programmatic Plan is simultaneously transmitted to the Board of Statutory Auditors, the Control and Risk Committee, the Chair of the Board of Directors, the Director in charge of the internal control and risk management system (as well as the CEO) for subsequent examination by the Board of Directors. The plan is updated whenever necessary, at the request of the corporate bodies and/or at the proposal of the Head of Internal Audit.

During FY 2023, a new "Audit Programmatic Plan 2023-2025" was approved by the Board, subject to the favourable opinion expressed by the Control and Risk Committee, whereby the following objectives in particular, are pursued:

targeting audit activities on business processes characterised by higher risk, on the basis of the evolution of operations and the strategic objectives of the Business Plan and industry regulations;
ensuring, within a three-year time horizon, adequate coverage of the Audit Universe;
directing control activities according to a risk-based-process-oriented approach calibrated to the significance of risks and their evolution (emerging risks).

The three-year Plan is operationally implemented through planning activities on an annual basis, through which the correct implementation of the planned activities is monitored and new intervention needs are identified or corrective actions are taken with respect to the initially defined target processes.

During 2023, the Head of Internal Audit, among other things:

had direct access to all information relevant to the performance of their duties;
constantly interacted with the Control and Risk Committee, the Board of Statutory Auditors and the Supervisory Body pursuant to Legislative Decree No. 231/2001 (of which he is a member) reporting, among other things, on his work;
sent the results of the minutes of all meetings to the Board of Statutory Auditors, the Chair of the Board of Directors, the Chair of the Controls and Risks Committee and the Director in charge of the internal control and risk management system (as well as the CEO);
discussed the quarterly tableau de bord with the Control and Risk Committee and the Board of Statutory Auditors, highlighting the main results of the activities carried out during the quarter;
reported on its work to the corporate bodies, providing, with reference to the processes and/or areas subject to audit, adequate information on the activities carried out as well as assessments of the internal control system and the residual risk, also by means of indications on compliance with the plans defined for the containment of risks. This includes the quarterly report mentioned above, the Tableau de bord, the Annual Report as well as further reports and information on specific issues of particular importance;
carried out specific interventions regarding the reliability of information systems and accounting systems.

The main activities carried out by the Head of Internal Audit during 2024, on the basis of the aforementioned programmatic Plan, concerned both the Parent company (Banca Ifis) and Banca Credifarma, as well as the other Banca Ifis Group companies, from a risk-based perspective.

The main areas of intervention concern the Npl Segment with particular regard to the main processes of the two Group companies operating in the sector (Ifis Npl Investing and Ifis Npl Servicing), the commercial banking sector and specifically the leasing, factoring and corporate cash management business units. In addition, checks were carried out on the IT system, the second-level control functions and some transversal corporate processes that are not directly and unambiguously correlated to specific business areas, in particular, with reference to the management process of operational continuity and the compliance of remuneration practices with the regulatory context and the process of outsourcing important essential functions.

In addition to the quarterly report (Tableau de bord) and the annual report on activities carried out, in compliance with the provisions of the Supervisory Authorities, the Head of Internal Audit prepared specific checks regarding

audits of subsidiaries;
remuneration policies;
ICAAP process;

liquidity risk management and governance;
essential and important functions outsourced;
investment services;
functioning of internal systems for reporting violations (whistleblowing).

Lastly, Internal Audit interacted with the second-level control structures with reference to the risk areas they oversee, constantly promoting coordination and sharing meetings.

9.4 Organisational model pursuant to Legislative Decree No. 231/2001

The Banca Ifis Group, sensitive to the need to ensure conditions of transparency and correctness in the conduct of its business activities, in order to safeguard the image of the individual companies that make up the Group, the expectations of its shareholders and of those who work for and with the companies of the Group, has deemed it appropriate to adopt an Organisational and Management Model provided for by Legislative Decree No. 231/2001.

This initiative was also taken in the awareness that the adoption and concrete application of the Organisational Model is a valid tool for raising the awareness of those who work for the Bank so that, in carrying out and conducting their activities, they adopt correct and straightforward conduct, such as to prevent the risk of committing the offences contemplated in Legislative Decree No. 231/2001.

The Banca Ifis Group condemns any conduct contrary to the provisions of the law in force and to the ethical principles also affirmed in the Code of Ethics most recently updated in December 2024. In this context, the adoption and effective implementation of the Model improve the Bank's Corporate Governance, in that they limit the risk of offences being committed in connection with corporate activities and processes and allow, even if such risks materialise, to benefit from the exemption provided for in Legislative Decree No. 231/2001.

The Board of Directors has appointed a Supervisory Body with autonomous powers of initiative and control pursuant to Italian Legislative Decree No. 231/2001, since 26 October 2004; at the meeting of 28 April 2022, it confirmed the decision, already taken by the previous directors, not to entrust the duties of the Supervisory Body to the Board of Statutory Auditors, providing for a composition consisting of an Auditor, the Heads of the Internal Audit and Compliance functions as well as two independent directors, one of whom with the position of Chair.

In preparing the Organisational Model, most recently updated on 22 October 2024, Banca Ifis was inspired by the "Guidelines of the Italian Banking Association for the adoption of organisational models on the administrative liability of banks" which constitute a guideline for the interpretation and analysis of the legal and organisational implications deriving from the introduction of Legislative Decree No. 231/2001.

In preparing the Model, account was taken of the existing procedures and control systems already widely operating within the company, as they are also suitable for use as crime prevention and process control measures. The Model is part of the broader control system consisting mainly of the Internal Control System required by the Bank of Italy and the company's existing Corporate Governance rules.

Furthermore, Banca Ifis, considering that the organisational and management model is a fundamental part of the Group's corporate policy instruments, has provided that each Group company should adopt an autonomous Organisational Model that replicates the structure of the Parent company's Model declined according to the operational specificities of each individual entity; the General Part of the model is available on the Banca Ifis website in the About us - Corporate Governance - the Value of Ethics - Organisation, Management and Control Model section.

The Special Section of the Banca Ifis Organisational Model provides for an articulated system of organisational and behavioural safeguards specifically aimed at preventing the commission of the following offences included in the catalogue set out in Articles 24 et seq. of Legislative Decree No. 231/2001:

offences against the Public Administration, pursuant to Article 24 of Legislative Decree 231/2001;
conduct relating to computer crime, pursuant to Article 24-bis;
offences of corruption/concussion pursuant to Articles 25 and 25-ter;
forgery of money, public credit cards, revenue stamps and identification instruments or signs, pursuant to Article 25-bis;
conduct relating to offences against industry and commerce and offences relating to the violation of copyright, pursuant to Articles 25-bis, paragraph 1, letter f-bis), 25-bis.1 and 25-novies;
certain cases of corporate offences pursuant to Article 25-ter;
conduct attributable to organised crime offences pursuant to Art. 24 ter; offences with the purpose of terrorism and subversion of the democratic order, pursuant to Art. 25-quater; transnational offences Art. 10 L. 146/2006); offences against the person, pursuant to Art. 25 quinquies; offences of Inducement not to make statements to the judicial authorities, pursuant to Art. 25-decies;
offences relating to market abuse conduct pursuant to Article 25-sexies;
conduct referable to offences related to safety at work, pursuant to Article 25-septies;
offences of receiving stolen goods, money laundering and use of money, goods or utilities of illegal origin, as well as self-laundering, pursuant to Art. 25-opties;
offences relating to non-cash means of payment pursuant to Article 25-octies;
environmental offences, pursuant to Article 25-undecies;
tax offences, pursuant to Article 25-quinquiesdecies;
offences against the cultural heritage, pursuant to Article 25-septesdecies, and offences relating to the laundering of cultural goods and the devastation and looting of cultural and landscape heritage, pursuant to Article 25 duodevicies;

The Supervisory Body is made up of one Auditor, chosen by the Board of Statutory Auditors, the Managers of the Internal Audit and Compliance departments and two independent Directors, chosen by the Board, one of whom acts as Chair; the Supervisory Body remains in office for three years and meets at least once every six months. The secretariat of the Supervisory Body is provided by the General Counsel - Corporate Affairs Parent Company Department and the secretary, on the instructions of the Chair, takes the minutes of the meetings, which are kept by the General Counsel - Corporate Affairs Parent Company Department. The Chair, or another member designated by the Chair over time, reports to the Board of Directors, at the first useful meeting, on the activities carried out and, where appropriate, on the activities in progress and/or planned as well as on the possible activation of financial autonomy. In order to strengthen the autonomy and independence requirements necessary for the exercise of the activities referred to in Art. 6, letter b of Italian Legislative Decree No. 231/2001, the Supervisory Body is endowed with adequate economic resources, approved in advance by the Board of Directors, which the Body disposes of autonomously.

9.5 Independent Auditors

The Shareholders' Meeting of 28 April 2022 appointed PricewaterhouseCoopers S.p.A. to perform the statutory audit of the annual financial statements and the consolidated financial statements of the Group as well as the limited audit of the half-year report of Banca Ifis for each of the nine financial years ending 31 December 2023 to 31 December 2031.

The Additional Report has been made available to the Board of Directors by the Board of Statutory Auditors together with its own observations.

PricewaterhouseCoopers S.p.A. was also entrusted, through separate formal agreements, with the auditing of the financial statements of the subsidiaries of Banca Ifis.

9.6 Manager charged with preparing the company's financial reports and other corporate roles and functions

On 13 July 2023, the Board of Directors appointed Massimo Luigi Zanaboni as "Manager Charged with preparing the Company's financial reports".

Pursuant to Article 19 of the Articles of Association:

the Board of Directors, pursuant to Art. 154-bis of Legislative Decree No. 58/1998, appoints a Manager charged with preparing the company's financial reports, subject to the mandatory opinion of the Board of Statutory Auditors;
The Manager Charged with preparing the Company's financial reports must comply with the regulations regarding both the requisites of integrity and of professionalism envisaged by Governing Legislation.

The Board of Directors grants the Manager charged with preparing the company's financial reports autonomous spending powers, in line with the programme of activities that he plans to carry out. The Manager charged with preparing the company's financial reports must periodically report to the Board of Directors on the exercise of his spending powers. It should be noted that no expenses other than those envisaged for the normal functioning of the organisational unit in charge of monitoring activities were incurred during the activities carried out in 2024.

In addition, the Manager charged with preparing the company's financial reports has the power to:

acquire information from within the Bank regarding events, risk indicators or proposals for technical and organisational adjustments relating to administrative and accounting procedures;
propose changes to the internal control system where deemed necessary;
attend the meetings of the Board of Directors and the Board of Statutory Auditors and have access to the minutes of those meetings whose agenda includes the examination and/or approval of the economic and financial data of the Bank and the Group.

The Heads of the other corporate functions with specific tasks in terms of internal control and risk management are indicated below:

***

the role of Head of Risk Management (Chief Risk Officer) is attributed to Walter Vecchiato; Risk Management had been assigned a budget for 2024 of 1,000,000 Euro that may be used for any recourse to external consultants and for staff training, which may be activated autonomously;
the role of Head of Compliance is attributed to Francesco Peluso; a budget of 400,000 Euro was allocated to Compliance for 2024, which may be used for any recourse to external consultants and for training, which may be activated autonomously by the Head;
the role of Head of Anti-Money Laundering is assigned to Giovanna Bazzaro; Anti-Money Laundering was allocated a budget for 2024 of 275,000 Euro that may be used for any recourse to external consultants and/or external suppliers and for training, which may be activated independently by the Head.

The Heads of Internal Audit, Risk Management, Compliance and Anti-Money Laundering:

must meet appropriate professional standards;
are appointed and revoked by the Board of Directors, after consulting the Board of Statutory Auditors;
do not have direct responsibility for operational areas under control.

The duties and responsibilities of the aforementioned second and third level Control Organisational Units are in line with the provisions of the Supervisory Provisions on the system of controls.

9.7 Coordination between the parties involved in the internal control and risk management system

As part of the Internal Control System at Group level, the Parent company is responsible for setting up a unitary system at consolidated level that allows effective control over both the strategic decisions of the Group as a whole and the management balance of the individual components.

The correct functioning of the internal control system is based on the profitable interaction in the exercise of the tasks (of guidance, implementation, verification, assessment) between the corporate bodies, any committees set up within them, the persons entrusted with the legal auditing of the accounts and the control functions.

For this reason, in accordance with the requirements of the Corporate Governance Code, the Board of Directors, appointed by the Shareholders' Meeting of 28 April 2022, confirmed the CEO as the director responsible for overseeing the functionality of the internal control and risk management system.

In addition, the fruitful interaction and coordination between the senior figures involved in the internal control and risk management system is facilitated by cross-membership mechanisms and a non-redundant composition of committees and bodies; in particular, the Control and Risk Committee and the Board of Statutory Auditors interact frequently during their meetings and, when necessary, with the CEO, the Manager charged with preparing the company's financial reports, the Independent Auditors, the Chief Risk Officer, the Compliance Officer and the Anti-Money Laundering Officer. They also interact systematically with the Head of Internal Audit, who normally attends the meetings of both bodies.

The Supervisory Body pursuant to Legislative Decree No. 231/2001 benefits from the same mechanisms of cross-membership and similar systematic interaction with the other subjects of the internal control and risk management system.

The heads of organisational control units interact, coordinate and collaborate in order to avoid overlaps, develop synergies, and optimise collaboration.

At the initiative of the Parent company's Head of Internal Audit, the heads of the Parent company's organisational control units participate in formalised meetings to discuss and compare notes on the following issues:

sharing of the planning of the respective main verification/control activities (also with regard to subsidiaries);
analysis of the main results of the interventions carried out, of the remedial actions initiated or requested;
analysis of the evolution of the levels of exposure to the various risks;
sharing the risk map, also broken down by risk taker organisational unit, and the potential significance of the risks identified;
sharing of reporting, methodologies and terminologies; and
as well as, more generally, for a profitable exchange of information and for the analysis of possible forms of collaboration.

Meetings are subject to adequate traceability and, with reference to individual issues to be discussed, representatives of other organisational units may also be invited to participate.

The minutes of the meetings as well as other documentation of common interest are:

archived in a dedicated computer folder shared between the organisational control units;
subsequently reported to the Corporate Bodies when specific requests are made, as well as during the presentation of the "Annual reports on the activities carried out" prepared by the second and third level control organisational units.

The "Group Policy for the Management of Information Flows" describes the information flows that the control functions of the Bank and its Subsidiaries produce to the Corporate Bodies. This policy also defines the principles relating to the preparation and management of information flows that are also applicable to those that the control functions exchange with each other and with the Supervisory Authority, as well as those addressed to the Shareholders' Meeting.

10. Directors' interests and related party transactions

In June 2021 the Board of Directors approved - subject to the favourable opinion of the Board of Statutory Auditors and the Control and Risk Committee (consisting solely of independent directors) - the issuance of the new "Group Policy on transactions with related parties, associated parties and corporate officers pursuant to Art. 136 TUB", last updated in July 2024 (the "Policy").

In particular, following the update of 10 December 2020 of CONSOB Regulation No. 17221 of 12 March 2010, it became necessary to revise the internal regulations on transactions with related parties and associated parties. In this context, a unique perimeter of related and associated parties has been identified and is described in paragraph 2.2 and Appendix 1 of the Policy (the "Single Perimeter").

Since a specific related parties committee has not been established, the Board of Directors has assigned to the independent directors who are members of the Control and Risk Committee (currently composed of only independent directors) the tasks that the Consob Regulation and the Bank of Italy Provisions assign to independent directors.

In particular, with reference to transactions with related parties, the Committee is responsible for

the issuing of prior, reasoned and binding opinions (for the purposes of the resolution of the Board of Directors of Banca Ifis) on the suitability of internal regulations and subsequent updates and amendments to achieve the objectives of the external regulations. This opinion is in addition to the similar opinion required from the supervisory body;
the issue, when expressly provided for, of prior and reasoned opinions, binding or non-binding, in the case of transactions with members of the Single Perimeter carried out directly or indirectly by the Bank, on the interest of the Bank in carrying out such transactions, as well as on the convenience and substantial correctness of the related conditions;
in the case of Transactions of Greater Significance, the timely involvement if deemed by the Committee, through one or more delegated members - in the negotiation phase and in the preliminary phase through the receipt of a complete and updated information flow and with the power to request information as well as to make observations to the delegated Bodies and the subjects in charge of the negotiations or the preliminary phase; and
the constant monitoring, also for the purpose of formulating any corrective measures, of the transactions with components of the Single Perimeter carried out directly or indirectly by Banca Ifis, other than Minor Transactions, for which the procedural exemptions described below have been applied.

Refer to paragraph 9.2 for activities during FY 2024.

The Policy, which outlines the approach that the Bank, also in exercising its role as Parent company, adopts in order to ensure effective monitoring of any risks of conflicts of interest in transactions with related parties and connected persons, as well as the criteria for identifying the persons whose transactions may fall within the scope of application of the Policy itself and the procedures for the preliminary investigation, proposal and approval of transactions, is available on the website https://www.bancaifis.it/ (in the section "About Us - Corporate Governance - Reports and documents - Related parties and associated parties").

The Board has adopted additional operational solutions to facilitate the identification and appropriate handling of situations in which a director has an interest on his own behalf or on behalf of a third party by means of:

the Personal Transactions Policy (last updated February 2020),
the Policy on transactions carried out by Relevant Persons and Closely Related People in shares, debt securities and related financial instruments issued by Banca Ifis (last updated April 2021),
the Group's Conflict of Interest Policy (last updated January 2025), and

• the Group's Organisational Procedure for handling transactions with relevant persons pursuant to Article 2391 (last updated November 2024).

The Policy on Personal Transactions regulates the requirements connected with the identification of Relevant Persons and the information that the Bank must provide to them; the rules that Relevant Persons must comply with in order to report to the Bank Personal Transactions Subject to Notification carried out on Financial Instruments; the procedures for keeping the Register of Relevant Persons, the Register of Third Party Issuers and Personal Transactions.

Trading of a financial instrument carried out by, or on behalf of, a Relevant Person (including members of the Board of Directors) are regulated, provided that at least one of the following conditions is met:

a) the Relevant Person acts outside the scope of the activities he/she performs in his/her professional capacity;
b) the transaction is performed on behalf of any of the following persons:
- o the Relevant Person;
- o a person with whom the Relevant Person has a family relationship (spouse or common-law partner, children, any other relative of the Relevant Person who has cohabited with the Relevant Person for at least one year as of the date of the Personal Transaction) or Close Relatives;
- o a person who has a relationship with the Relevant Person such that the Relevant Person has a significant direct or indirect interest in the outcome of the transaction that is other than the payment of fees or commissions for the execution of the transaction.

On the other hand, the Policy on transactions carried out by Relevant Persons and Persons Closely Related to them in shares, debt securities and related financial instruments issued by Banca Ifis governs:

a) the fulfilments connected with the identification of the Relevant Persons (including the members of the Board of Directors) and of the "closely related" persons;
b) the management of information relating to transactions exceeding the Minimum Amount Threshold on units, credit securities or Related Instruments issued by Banca Ifis, carried out, directly or indirectly, by a Relevant Person or by a "Closely Related Person" and subject to the reporting requirements. The following are included:
- o transactions covered by Article 19 par. 7 of EU Regulation 596/2014;
- o the transactions provided for in Article 10 of EU Delegated Regulation 522/2016;
c) the handling of closed periods, i.e. those periods during which the Relevant Persons must refrain from trading in shares or other debt instruments issued by Banca Ifis as well as financial instruments linked to them.

The Group's Conflict of Interest Policy governs the principles assumed and the organisational process adopted in order to manage and mitigate or prevent actual or potential Conflicts of Interest arising from the various activities (hereinafter the Services) carried out by the supervised companies belonging to the Banca Ifis Banking Group.

The Group's Organisational Procedure for handling transactions with relevant persons pursuant to Art. 2391 governs the provisions to be observed in handling transactions with relevant persons pursuant to Art. 2391 of the Civil Code in order to guard against the risk that the proximity of certain parties to the decision-making structures of the Companies may compromise the objectivity and impartiality of decisions by virtue of their own interests or those of third parties in the performance of the Company's operations, with possible distortions in the process of allocating resources and exposure to risks that are not adequately measured or monitored by the Company over time; and to regulate the approval process for significant transactions pursuant to Article 2391 of the Civil Code.

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

11. Board of Statutory Auditors

11.1 Appointment and replacement

The appointment of the members of the Board of Statutory Auditors is governed by Art. 21 of the Articles of Association and takes place on the basis of lists submitted by the shareholders, in which the candidates are listed in order of appearance and number not exceeding the members of the body to be elected. Each list consists of two sections: one for candidates for the office of Standing Auditor, and the other for candidates for the office of Alternate Auditor.

A list can be submitted by the shareholder(s) who, at the time of submission of the list, own a shareholding equal to at least 1% of the ordinary shares or any other lower shareholding threshold that - pursuant to current legislation - is indicated in the notice of call of the Shareholders' Meeting convened to resolve on the appointment of the Auditors. The shareholding determined by Consob pursuant to Article 144-quater of the Issuers' Regulation, according to Consob Determination No. 123 of 28 January 2025, is 1%.

A shareholder may not submit or vote for more than one list, even through a third party or a trust company. Shareholders belonging to the same group and shareholders who are party to a shareholders' agreement concerning the Company's shares may not submit or vote for more than one list, not even through a third party or trust company. A candidate may only be on one list under penalty of ineligibility.

Two standing auditors and one alternate auditor are elected from the list that obtained the highest number of votes, according to the sequential order in which they are listed; from the list that obtained the highest number of votes among the lists submitted and voted by shareholders who are not connected with the reference shareholders pursuant to Art. 148, paragraph 2 of Italian Legislative Decree No. 58/1998, the candidate indicated in the first position of the related section of the list is elected as Standing Auditor; from the same list, the candidate indicated in the first position of the related section of the list is elected as Alternate Auditor.

In the case of a tie between two or more lists, the oldest candidates will be elected as Statutory Auditors.

The Articles of Association do not envisage the possibility of drawing alternate auditors from the minority list to replace the minority member in addition to the minimum required by Consob regulations.

If the above-mentioned drawing criteria do not ensure the presence on the Board of at least one Standing Auditor and one Alternate Auditor belonging to the less represented gender, a scrolling mechanism shall be applied to the drawing from the list that obtained the highest number of votes at the Shareholders' Meeting, based on the sequential order in which the candidates are indicated, that excludes the candidate or candidates of the most represented gender and draws the candidate or candidates of the missing gender.

The Chair of the Board of Statutory Auditors is the Standing Auditor elected from the aforementioned minority list.

Outgoing Auditors may be re-elected, for no more than three terms, in accordance with the rules and the Corporate Governance Code.

If, despite the provisions of the Articles of Association and as specified above, only one list is submitted or only one list receives votes, three Standing Auditors and two Alternate Auditors shall be elected - provided that this list receives the majority of votes at the Meeting - in the order in which they are indicated for their office in that list, and the candidate for Standing Auditor indicated in first place in that list shall be appointed Chair of the Board of Statutory Auditors.

In case of replacement of a Standing Auditor, the Alternate Auditor belonging to the same list as the outgoing one takes over.

If it is necessary to appoint standing and/or alternate auditors in order to integrate the Board of Statutory Auditors following the early termination of office of auditors, the Meeting shall proceed as follows: if auditors elected in the majority list need to be replaced, the auditor(s) shall be appointed by majority vote, without any list constraint. If, however, it is necessary to replace a Statutory Auditor designated from the minority list, the Shareholders' Meeting will replace them by relative majority vote, choosing the candidate from among the candidates on the list from which the auditor to be replaced was elected. These candidates will have confirmed their candidacy at least twenty-five days before the date set for the first-call Shareholders' Meeting, together with statements confirming that no reasons for ineligibility or incompatibility exist, and that they possess the requirements needed to hold the post.

The ownership of the minimum shareholding required in order to submit lists is determined by taking into account the shares registered in favour of each single shareholder or of several shareholders jointly on the day when the lists are filed with the Company. In order to prove the ownership of the number of shares necessary to present the lists, the shareholders may produce the related certificate even after the deposit, on the condition that this is done within the deadline foreseen for the publication of the lists by the Company.

The lists must be accompanied by:

information regarding the identity of the shareholders who submitted the lists, indicating the percentage of shares held;
a declaration by the shareholders other than those who hold, also jointly, a controlling interest or a relative majority, certifying the absence of relationships of connection as provided for by Art. 144-quinquies of the "Regulation implementing Legislative Decree No. 58/1998 governing issuers" with the latter as well as other significant relationships;
a complete report on the personal and professional characteristics of the candidates as well as a declaration by the same candidates stating that they meet the requirements set out in by the law and that they accept the candidacy.

Candidates who already hold the post of auditor in five other listed companies or who do not satisfy the requirements and criteria provided for by Article 26 of Legislative Decree No. 385/1993 and the relative implementation regulations, also of a regulatory nature, in force at the time or that fall within the cases referred to in art. 148, paragraph 3 of Legislative Decree No. 58/1998 may not be included in the candidate list.

Each list must contain at least one candidate for the office of Standing Auditor and at least one candidate for the office of Alternate Auditor belonging to the less represented gender; this requirement does not apply to lists that, considering both sections, contain fewer than three candidates.

11.2 Composition and operation

The current Board of Statutory Auditors was appointed by the Ordinary Shareholders' Meeting on 28 April 2022 for FYs 2022, 2023 and 2024 and will expire on the date of the Shareholders' Meeting called to approve the financial statements for FY 2024.

• List 1 (LA SCOGLIERASA) (shareholding equal to 50,50% of the share capital);

List 2 (on behalf of the shareholders:
- o Arca Fondi Sgr S.P.A., manager of the funds: Fondo Arca Economia Reale Equity Italia, Fondo Arca Economia Reale Bilanciato Italia 30, Fondo Arca Azioni Italia;
- o Eurizon Capital S.A. manager of the Eurizon Fund sub-funds: Eurizon Fund Italian Equity Opportunities, Eurizon Fund - Equity Italy Smart Volatility;
- o Eurizon Capital Sgr S.P.A manager of the funds: Eurizon Progetto Italia 20, Eurizon PIR Italia 30, Eurizon AM MITO 50 (Multiasset Italian Opportunities 50), Eurizon AM MITO 95 (Multiasset Italian Opportunities 95), Eurizon AM MITO 25 (Multiasset Italian Opportunities 25), Eurizon Progetto Italia 70, Eurizon Azioni Italia, Eurizon PIR Italia Azioni, Eurizon Azioni PMI Italia, Eurizon Progetto Italia 40;
- o Fideuram Asset Management Ireland manager of the fund Fonditalia Equity Italy;
- o Fideuram Intesa Sanpaolo Private Banking Asset Management Sgr S.P.A. manager of the funds: Fideuram Italia, Piano Azioni Italia, Piano Bilanciato Italia 50, Piano Bilanciato Italia 30;
- o Interfund Sicav Interfund Equity Italy;
- o Generali Investments Luxembourg SA manager of the funds: Generali Investments SICAV Euro Future Leaders, Generali Smart Fund PIR Evoluzione Italia, Generali Smart Funds PIR Valore Italia;
- o Mediolanum International Funds Limited Challenge Funds Challenge Italian Equity;
- o Mediolanum Gestione Fondi Sgr S.P.A. manager of the funds Mediolanum Flexible Future Italy and Mediolanum Flexible Development Italy)

(total equity investment equal to 3,61745% of the share capital);

Together with the lists, the following documents were also filed and published:

Certification of share ownership sufficient for the submission of a list;
Declaration with which each candidate: accepts his/her candidacy as standing or alternate auditor, certifies that he/she meets the requirements and criteria provided for by current legislation and the absence of causes of ineligibility and/or incompatibility; curriculum vitae, list of administration, management and control positions held in other companies with the commitment to promptly update this list, copy of identity document.

Tab.8 below shows the list of candidates, the list of elected members and the percentage of votes obtained in relation to the voting capital.

List	Candidate List	Elected List	Percentage of votes obtained
1	Standing Auditors: Annunziata Melaccio Franco Olivetti Alternate Auditors: Marinella Monterumisi Ferruccio di Lenardo	Standing Auditors: Annunziata Melaccio Franco Olivetti Alternate Auditors: Marinella Monterumisi	71.722%
2	Standing Auditors: Andrea Balelli Alternate Auditors: Emanuela Rollino	Chair: Andrea Balelli Alternate Auditors: Emanuela Rollino	28.143%

Tab.8

In accordance with the provisions of Article 12 of Italian Ministerial Decree No. 169/2020, the expiring Board of Statutory Auditors made available to shareholders, in order to facilitate the process of defining the best proposals for the quantitative and qualitative

composition of the new Board of Statutory Auditors, the document "Qualitative and quantitative composition of the Board of Statutory Auditors 2022" approved by the control body on 9 March 2022.

As at the date of approval of this Report, the Board of Statutory Auditors had the following members:

Office	Name and surname
Chair of the Board of Statutory Auditors	Andrea Balelli
Standing Auditor	Franco Olivetti
Standing Auditor	Annunziata Melaccio
Alternate Auditor	Marinella Monterumisi
Alternate Auditor	Emanuela Rollino

See the table in appendix (a.3) for further information on the composition of the Board of Statutory Auditors and Tab. 9 for positions of administration, management or control declared by the executives.

The members of the Board of Statutory Auditors are in possession of the requirements envisaged by current regulations; the possession of the requirements was verified, with regard to independence as per the provisions of the TUF and the Corporate Governance Code, on 28 April 2022 while, on 27 May, within 30 days of the appointment, the Controlling Body verified the remaining requirements provided for by the regulations in force, compliance with the prohibition of interlocking as well as the correspondence between the optimal qualitative and quantitative composition indicated in the document "Qualitative and quantitative composition deemed optimal of the Board of Statutory Auditors 2022" and the actual composition resulting from the appointment process. In addition, the Board carries out annual checks on permanence and compliance with the aforementioned requirements and prohibitions.

Information on the personal and professional characteristics of each auditor can be found on the Bank's website under section "About us - Corporate Governance - Corporate Bodies - Board of Statutory Auditors".

The following table shows the breakdown of the members of the Board of Statutory Auditors by age bracket and gender.

In FY 2024, the Board of Statutory Auditors met 23 times (5 jointly with the Control and Risks Committee and once jointly with the Boards of Statutory Auditors of the Group companies); the average duration of the meetings was approximately 1 hour and 29 minutes.

As of the date of approval of this Report, 7 meetings have been held, 2 of which jointly with the Control and Risk Committee; 25 meetings have been scheduled for 2025.

Tab.9 below shows the type of offices held by each statutory auditor of Banca Ifis, as at the date of preparation of this Report, based on the information provided by them. Moreover, in order to comply with the requirements of Circular No. 285/2013 of the Bank of Italy (Section VII, Chapter 1, Title IV, Part One), evidence was also provided of the number and type of offices held by each of them in other companies or entities, even if not considered relevant pursuant to the "Regulation on the accumulation of offices held by company representatives".

Tab. 9

			Companies belonging to the Banca Ifis Group
Auditor	List of positions	NO	Banking group	Non-banking group
	• Chair of the Board of Statutory Auditors of Banca Ifis	☐	☒	☐
	• Chair of the Board of Statutory Auditors of Salvatore Ferragamo	☒	☐	☐
	S.p.A.
	• Standing Auditor of Pillarstone S.p.A.	☒	☐	☐
	• Standing Auditor of PS Management Holdco s.r.l.	☒	☐	☐
	• Standing Auditor of Sirti S.p.A.	☒	☐	☐
	• Standing Auditor of PS Reti S.p.A.	☒	☐	☐
	• Chair of the Board of Statutory Auditors of Sirti Digital Solutions
	S.p.A.	☒	☐	☐
	• Chair of the Board of Statutory Auditors of Wellcomm Engineering
	S.p.A.	☒	☐	☐
	• Sole director of Fedaia Spv s.r.l.	☒	☐	☐
	• Sole director of Rienza Spv s.r.l.	☒	☐	☐
Andrea Balelli	• Sole director of Gardenia Spv s.r.l.	☒	☐	☐
	• Sole director of Restart Spv s.r.l.	☒	☐	☐
	• Sole director of Italian Credit Recycle s.r.l.	☒	☐	☐
	• Chair of the Board of Statutory Auditors of Ifis Npl Investing S.p.A.	☐	☒	☐
	• Sole director of Malfante 2009 s.r.l.	☒	☐	☐
	• Sole director of Loira Reoco s.r.l.	☒	☐	☐
	• Alternate auditor of società italiana per azioni per il traforo del
	monte bianco	☒	☐	☐
	• Alternate auditor of Recordati S.p.A.	☒	☐	☐
	• Alternate auditor of Amplia Infrastructures S.p.A.	☒	☐	☐
	• Alternate auditor of AD Moving S.p.A.	☒	☐	☐
	• Alternate auditor of IDS Airnav s.r.l.	☒	☐	☐
	• Alternate auditor of Tecne Speri Bridge Designers s.r.l.	☒	☐	☐
	• Alternate auditor of Tecne - Systra sws advanced Tunneling s.r.l.	☒	☐	☐
	• Auditor of Banca Ifis S.p.A.	☐	☒	☐
	• Chair of the Board of Statutory Auditors of Ifis Rental Services s.r.l.	☐	☐	☒
	• Auditor of Banca Credifarma S.p.A.	☐	☒	☐
Franco Olivetti	• Alternate Auditor of Ifis Npl Investing S.p.A.	☐	☒	☐
	• Auditor of Justlex Italia società fra avvocati per azioni	☒	☐	☐
	• Auditor of Atesina San Marco s.r.l.	☒	☐	☐

		Companies belonging to the Banca Ifis Group
Auditor	List of positions	NO	Banking group	Non-banking group
	• Auditor of Banca Ifis S.p.A.	☐	☒	☐
	• Chair of the Board of Statutory Auditors of Cap.Ital.Fin. S.p.A.	☐	☒	☐
Annunziata	• Chair of the Board of Directors of Decalia SIM S.p.A.	☒	☐	☐
Melaccio	• Chair of the Board of Statutory Auditors of Anthilia SGR S.p.A.	☒	☐	☐
	• Alternate auditor of Ambienta SGR S.p.A.	☒	☐	☐
	• Director of Bocconi Endowment Management s.r.l.	☒	☐	☐

Diversity criteria and policies

Indications regarding the composition of the corporate bodies, both in terms of gender and in terms of diversification of skills, experience, age and international projection are contained in the Articles of Association and Supervisory Provisions under Title IV, Chap. I, Section III.

One of the aims of the self-assessment process to which the Board of Statutory Auditors is subject every year indicatively, between December and February, is to check the correct and effective functioning of the body and its adequacy in terms of qualitative composition, skills and professionalism.

The qualitative composition, in terms of average age and gender, is deemed adequate, also thanks to the provision contained in the Articles of Association according to which at least one Standing Auditor and one Alternate Auditor must belong to the less represented gender.

The self-assessment carried out also made it possible to highlight the adequacy of professional skills and characteristics, as well as their spread, diversification and complementary nature of such, in line with the complexity and activities carried out by the Bank.

The diversification of skills and professionalism allows the Auditors to make an adequate contribution to the activity of the Board itself and favours a variety of approaches and perspectives in the analysis of problems and in the eventual decision to intervene.

In this sense, the diversification of skills within the same was considered adequate in relation to the main activities of competence, which concern:

organisational and corporate governance structures;
risk management;
internal control systems and other operating mechanisms;
regulation in the banking and finance industry;
ESG, social and environmental sustainability;
banking and financial activities and products;
accounting and financial reporting;
banking sector for Banca Ifis;
financial markets; and
strategic planning and guidelines.

The diversification of professions was also considered to be adequately represented.

All in all, the Bank does not consider it necessary to adopt further specific diversity policies in relation to the composition of the supervisory body.

Independence

The members of the Board of Statutory Auditors must be chosen from persons who do not find themselves in one of the conditions of ineligibility or disqualification provided for in Article 148, paragraph 3, of the TUF; in addition, the Statutory Auditors must meet the independence requirements set forth in Article 14 of Ministerial Decree 169/2020 and, finally, independence is also assessed in accordance with the Corporate Governance Code. In performing the checks on the Code, the criteria adopted by the Board of Statutory Auditors were the same as those identified by the Board of Directors and reported in paragraph 4.7; the positive results were communicated to the Board of Directors, which informed the public by means of a press release to the market on the same date, i.e. 28 April 2022.

The check on the permanence of the requirements, including those of independence, was carried out most recently on 22 January 2025; all the information made available by each member of the Board of Statutory Auditors was taken into account in all the assessments made.

Remuneration

The remuneration of the Statutory Auditors was determined by the Ordinary Shareholders' Meeting of 28 April 2022 in accordance with Article 2402 of the Civil Code.

The Shareholders' Meeting resolved to pay 105,000 Euro gross per annum to the Chair of the Board of Statutory Auditors and 70,000 Euro gross per annum to the Standing Auditors. Remuneration was one of the topics subject to self-assessment by the members of the body; it was assessed as adequate and in line with the functions performed and the related responsibilities.

Interest management

In accordance with the provisions of the Corporate Governance Code, and also pursuant to the provisions of Art. 136 paragraph 1 TUB ("Obligations of bank representatives"), if auditors - on own behalf or on behalf of third parties - have an interest in a certain transaction of the Issuer, they shall promptly and exhaustively inform the other auditors and the Chair of the Board about the nature, terms, origin and extent of related interest. Auditors are also covered by the scope of application of the "Group Policy on transactions with related parties, associated parties and corporate representatives pursuant to Art. 136 TUB", which is discussed in Section 10.

11.3 Role

The Board of Statutory Auditors, in accordance with Article 22 of the Articles of Association, monitors compliance with the law, the Articles of Association and the regulations, ensuring compliance with the principles of proper administration. It also verifies the adequacy of the organisational, administrative and accounting structure adopted by the Company and its actual functioning, the completeness, adequacy, functionality and reliability of the internal control and risk management system. The Board of Statutory Auditors monitors compliance with regulatory sustainability reporting requirements, verifying that the company has implemented appropriate procedures and processes to ensure the reliability and transparency of non-financial information. In addition, it supervises the management and coordination activities carried out by the Bank as well as the other acts and facts specified by the Law, fulfilling all the functions entrusted to it in compliance with the relevant provisions of the Law.

The Board of Auditors ensures that all functions and structures involved in the system of internal controls are adequately coordinated, including the auditing firm. It promotes, where necessary, the appropriate corrective actions and exchanges data and information with the auditing firm to carry out its tasks.

The auditors may make use of the internal control structures for the necessary checks and inspections at any time. In addition, the Board of Statutory Auditors may request information from directors, the General Manager or Co-General Managers (if appointed), managers and employees, including with regard to subsidiaries, and exchange information with the corresponding bodies of subsidiaries.

Lastly, the Board of Auditors has the task of reporting to the Board of Directors any deficiencies and irregularities found as well as requesting corrective measures and verifying their effectiveness over time, while maintaining the obligation to report to the Supervisory Authorities any management irregularities or regulatory violations. Please note that further information on the main activities carried out by the Board of Auditors in 2024 can be found in the "Report of the Board of Auditors to the Shareholders' Meeting", drafted pursuant to Article 153 of Legislative Decree 58/1998 and Article 2429, paragraph 2 of the Civil Code. The document is available at https://www.bancaifis.it/ in the section "Investor Relations - Financial Results and Presentations - 2024 Financial Statements".

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

12. Shareholder relations

Access to information

During the rebranding process of Banca Ifis in 2020, the digital infrastructures were, among other things, harmonised to allow a better experience for users accessing the channels, as well as making the services more easily accessible. The measures adopted, in fact, make it easier to identify specific sections of the Company's website in which information relevant to its shareholders is made available, so that they can exercise their rights in an informed manner. In particular, it is possible to identify the material of interest in the sections "About us, Investor Relations and Sustainability".

The Head of Investor Relations & Corporate Development, as of November 2018, is Andrea Martino Da Rio.

Dialogue with shareholders

The Board of Directors in November 2021 approved, on the proposal of the Chair of the Board of Directors, in agreement with the CEO and with the support of the Head of Investor Relations & Corporate Development, the Policy for the Management of Dialogue by Directors with Investors, available on the institutional website of Banca Ifis https://www.bancaifis.it/ following the path "Investor Relations - Strategy and Strengths".

The Bank, with the aim of fostering transparency towards the financial community and markets, through building, maintaining and developing an active relationship of trust with Investors, in the Policy, establishes among other things:

1) the identification of the Directors Responsible for managing the Dialogue, identified as Chair, Deputy Chair, CEO or Lead Independent Director, who exercise this power with the support of the corporate functions, in particular the Head of Investor Relations and Corporate Development;
2) the differences between the procedures relating to the dialogue initiated at the initiative of Banca Ifis, through the organisation of collective or bilateral meetings with Investors, and that initiated at the initiative of the Investors, who may make a written request by addressing it to the Head of Investor Relations and Corporate Development who will inform the Secretary of the Board;
3) relevant issues on which to establish Dialogue, such as:
- a) corporate governance;
- b) social and environmental sustainability;
- c) the policies on the remuneration of Directors and key management staff and their implementation;
- d) the internal control and risk management system;
- e) the strategy;
- f) financial and non-financial results, and
- g) capital structure;
4) the provision of a periodic report, on a quarterly basis (unless there were no meetings during the reference period), to the corporate bodies on the conduct of meetings with investors and the related outcomes.

During 2024, there were no requests from shareholders for dialogue with the Directors. The dialogue with shareholders and other relevant stakeholders was managed by the Chair, the Chief Executive Officer and the Investor Relations Function, amongst others, during various meetings and conference calls in which the macroeconomic and regulatory environment in which the Bank operates, the business model and the Bank's economic, capital and financial performance were also discussed.

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

13. Shareholders' Meetings

The Shareholders' Meeting adopted the "Regulation for Shareholders' Meetings", whose current version was approved on 23 April 2020, in order to enable the orderly and proper functioning of the meetings, while guaranteeing the right of each shareholder to take the floor on the issues under discussion.

The "Regulation", which describes the maximum duration of individual interventions, their order, voting procedures, the interventions of Directors and Auditors, as well as the powers and procedures to settle and prevent conflict situations during the meetings, are available on the website https://www.bancaifis.it/ (in the section "About us - Corporate Governance - Shareholders' meeting").

The Shareholders' Meeting is usually chaired by the Chair of the Board of Directors and may be attended by the holders of voting rights for whom the Company has received, by the end of the third trading day prior to the date set for the Shareholders' Meeting on first call, the communication from the authorised intermediary certifying their entitlement. The notification is made on the basis of the evidence relating to the end of the accounting day of the seventh trading day prior to the date set for the first call of the meeting.

The legitimacy to attend and exercise the right to vote remains unchanged in case such communication is received by the Company after the above-mentioned deadline, provided that it is received before the beginning of the meeting's work for each single call.

Without prejudice to the provisions set out below, voting right holders may have themselves represented in the Shareholders' Meeting, pursuant to the law, by means of written proxy or proxy granted by electronic means.

The procedures for the notification and transmission of proxies are specifically outlined in the notices of the Shareholders' Meeting published at the time in the section "About Us - Corporate Governance - Shareholders' Meetings" available on the Company's website.

The Company may designate for each Meeting, indicating it accordingly in the notice to convene, an individual to whom the holders of voting rights may grant, following the methods established by applicable normative provisions, a proxy with voting instructions on all or some of the proposals on the agenda. The proxy has effect with regard to the proposals for which voting instructions have been provided.

The Board of Directors may declare in the call notice that attendance and the exercise of voting rights at the Shareholders' Meeting shall take place exclusively through the granting of proxy (or sub-delegation) of voting rights to a person, with the role of designated representative pursuant to the applicable regulations.

In the event that the Board of Directors should avail itself of as set forth above and/or where provided for and/or permitted by the applicable pro-tempore laws and regulations in force, the Board of Directors may establish in the notice of call of the Shareholders' Meeting that the participation in the Shareholders' Meeting by the persons entitled pursuant to the law and the Articles of Association (including the directors, statutory auditors, the notary public or the secretary, the designated representative and other persons allowed to participate in the Shareholders' Meeting) shall also or must only take place by means of conference call and/or video conference call. In this case the following must be guaranteed:

the Chair of the Shareholders' Meeting must be able to ascertain the identity and legitimacy of those present, to regulate the proceedings of the meeting, and to ascertain and proclaim the results of the vote;
the person taking the minutes must be able to adequately perceive the meeting events being recorded; and
those in attendance must be able to participate in the discussion and simultaneous vote on the items on the agenda.

With regard to the majorities required for the validity of resolutions and the drafting of the minutes, reference is made to the provisions of the law, the applicable regulations, the Articles of Association and the Regulations for Shareholders' Meetings.

All those who have the right to participate in accordance with the law and the Articles of Association may take part in the Meeting on each of the items under discussion. It is also possible to intervene through the representative appointed in accordance with applicable regulations. Entitled parties may ask questions on the items on the agenda even before the Meeting within the time limit set out by current legislation and indicated in the notice of call. Questions received by the deadline indicated in the notice shall be answered at the latest during the Meeting; a single answer may be given to questions with the same content.

Those who intend to speak must ask the Chair to do so by submitting a written request containing an indication of the item to which the request refers, after he has read out the items on the agenda and until he has declared discussion of the item to which the request to speak refers closed. As a rule, the Chair shall give the floor in the chronological order in which the applications are submitted; if two or more applications are submitted at the same time, the Chair shall give the floor in the alphabetical order of the applicants' last names. The Chair may authorise the presentation of requests to speak by a show of hands; in this case the Chair shall grant the floor in alphabetical order of the applicants' surnames.

The members of the Board of Directors and the designated representative, the members of the Board of Auditors and the General Management of the Company or other Group companies well as the representatives of the Company responsible for the legal audit of the accounts, the personnel of the Company and the Group may intervene in the discussion, when deemed useful by the Chair in relation to the matter to be discussed.

***

During 2024, 2 Meetings were held. In particular:

Ordinary Shareholders' Meeting of the Bank, held on 18 April 2024, in which the Company in accordance with the provisions of art. 106, paragraph 4, of Legislative Decree 17 March 2020 no. 18 converted into law with amendments by Law 24 April 2020 no. 27 and subsequent amendments and additions (the "Cura Italia Decree"), the effectiveness of which was lastly extended to the meetings to be held by 30 April 2024 by art. 3, paragraph 12-duodecies, of Legislative Decree 30 December 2023 no. 215, as converted with Law 23 February 2024 no. 18 - decided to avail itself of the option to provide that the intervention of the Shareholders in the Meeting would take place exclusively through the granting of a proxy (or sub-proxy) to the representative designated by the Company pursuant to art. 135-undecies of Legislative Decree 24 February 1998 no. 58 (the "TUF"); and
Extraordinary and Ordinary Shareholders' Meeting of the Bank, held on 28 November 2024, in which the Company in accordance with the provisions of art. 106, paragraph 4, of Legislative Decree 17 March 2020, no. 18, converted into law with amendments by Law 24 April 2020, no. 27 (the effectiveness of which was lastly extended to the meetings held by 31 December 2024, by art. 11, paragraph 2, of Law 5 March 2024, no. 21 "Capital Law") ("Cura Italia Decree") – has provided that participation in the Meeting by those who have the right to vote may take place exclusively through the representative designated by the Company pursuant to art. 135-undecies of the TUF.

The aforementioned meetings of the Shareholders were respectively attended by:

physically all members of the Board of Directors with the exception of Director Monica Billio; Honorary Chair Sebastien Egon Fürstenberg was also physically present. In addition, the Chair of the Board of Statutory Auditors Andrea Balelli and Standing Auditors Franco Olivetti and Annunziata Melaccio were physically present; and
physically all members of the Board of Directors with the exception of the Directors Monica Billio and Roberto Diacetti; the Chair of the Board of Auditors Andrea Balelli and the Standing Auditors Franco Olivetti and Annunziata Melaccio were also physically present.

During the meetings, the CEO, as representative of the Board of Directors, is available to report on the activities carried out and planned by the Board, in any case in compliance with the rules on inside information. The Board - also by means of the reports made available to the shareholders according to the terms set out by the TUF and by means of the progressive improvement of the organisation of institutional communication through the website - does its best to ensure that the shareholders receive adequate information on the elements necessary to take the decisions for which the Shareholders' Meeting is responsible, with full knowledge of the facts.

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

***

During the year, the Board did not deem it necessary to define a different corporate governance system as the existing one is functional to the company's needs.

14. Considerations on the Letter from the Chair of the Corporate Governance Committee

The letter issued by the Chair of the Corporate Governance Committee on 17 December 2024, together with the summary report, was promptly forwarded to the Chair of the Board of Directors and, for their information, to the Chief Executive Officer and the Chair of the Board of Statutory Auditors.

The document was discussed at the meetings held on 22 and 23 January 2024 of the Board of Statutory Auditors and the Board of Directors respectively, together with the "12th Annual Report on the Application of the Corporate Governance Code".

As a matter of practice, the general indications on the application of the Code and the recommendations of the Chair of the Corporate Governance Committee are taken into account, also in the self-assessment, in order to identify:

possible areas for improvement in the application of the Code;
fill in any gaps in the application or explanations provided;
possible evolutions of governance.

The Board of Directors carefully considered the contents of the letter from the Committee Chair and in particular the recommendations made by the Corporate Governance Committee. For 2025, the Committee deemed the following areas worthy of attention:

1. Completeness and timeliness of pre-Board disclosures

In particular, the Chair of the Committee, as far as pre-Board disclosures are concerned, draws attention to Principle IX of the Code and, in particular, to Recommendation 11, which establishes that deadlines for pre-filing disclosures must be identified and the procedures for protecting the confidentiality of the data and information provided so as not to prejudice the timeliness and completeness of the information flows, recommends that companies provide adequate justification in the corporate governance report in the event of a waiver of the timeliness of pre-Board disclosures for reasons of confidentiality, which may be provided for in board regulations and/or adopted in practice.

2. Transparency and effectiveness of the remuneration policy

The Committee also draws particular attention to Principle XV of the Code and, specifically, Recommendation 27, which states, in letter c), that performance targets for variable remuneration components should be clearly predetermined and measured. It recommends that companies provide adequate justification in the corporate governance report in the event of a deviation from the predetermination and measurement of performance targets, which may be provided for in board regulations and/or adopted in practice.

3. Executive Role of the Chair

Finally, the Chair of the Committee draws attention to Principle V and Recommendation 4, which requires companies that, in the event that the Chair is assigned the position of Chief Executive Officer or is granted significant management powers, the board of directors explain the reasons for this choice. The Committee, therefore, invites companies to provide adequate justification in the Corporate Governance Report in the event of effective non-application, explaining, inter alia, the reasons for the decision as well as how to ensure compliance with Principles V and X of the Code.

The aforementioned recommendations, also in view of the specific regulations of the banking sector to which Banca Ifis is subject, have been - to the extent necessary - duly applied.

TABLES

TABLE a.1: STRUCTURE OF THE BOARD OF DIRECTORS AT THE END OF THE FINANCIAL YEAR

Board of Directors
Office	Members		Date of first appointment	In office	List	List	Exec.	Non	Indep.	Indep.
		Year of birth	(*)	from	to	(presenters) (**)	(M/m)***		exec.	Code	TUF	attendance ****
Chair	Ernesto Fürstenberg Fassio	1981	2019	28/04/2022	Approval of the 2024 financial statements	A	M		X			16/16
Chief Executive Officer	Frederik Herman Geertman	1970	2021	28/04/2022	Approval of the 2024 financial statements	A	M	X				16/16
Director	Nicola Borri	1976	2024	18/04/2024	Approval of the 2024 financial statements	A	M		X	X	X	11/11
Director	Monica Regazzi	1969	2021	28/04/2022	Approval of the 2024 financial statements	A	M		X	X	X	16/16
Director	Paola Paoloni	1968	2022	28/04/2022	Approval of the 2024 financial statements	A	M		X	X	X	16/16
Director	Roberta Gobbi	1962	2022	28/04/2022	Approval of the 2024 financial statements	A	M		X	X	X	16/16
Director Deputy Chair	Simona Arduini	1970	2019	28/04/2022	Approval of the 2024 financial statements	A	M		X	X	X	16/16
Director	Monica Billio	1968	2019	28/04/2022	Approval of the 2024 financial statements	A	M		X	X	X	16/16
Director (LID)	Antonella Malinconico	1968	2016	28/04/2022	Approval of the 2024 financial statements	A	M		X	X	X	16/16
Director	Roberto Diacetti	1973	2019	28/04/2022	Approval of the 2024 financial statements	A	m		X	X	X	16/16
Director	Beatrice Colleoni	1973	2019	28/04/2022	Approval of the 2024 financial statements	A	M		X	X	X	16/16
Director	Giovanni Meruzzi	1970	2022	28/04/2022	Approval of the 2024 financial statements	A	M		X	X	X	16/16
Director	Luca Lo Giudice	1972	2019	28/04/2022	Approval of the 2024 financial statements	A	M		X			16/16
Directors leaving office during FY 2024
Director and Honorary Chair	Sebastien Egon Fürstenberg	1950	1983	28/04/2022	08/02/2024	A	M		X			0/2
Quorum required for the submission of lists by minorities for the election of one or more members (pursuant to Art. 147-ter of the TUF): 1%
No. of meetings held during the reporting year: 16

Notes:

* This means the date the director was first appointed (ever) to the Board.

** This column shows who submitted the list from which each director was drawn ("A": shareholders; "BoD": Board of Directors)

***In this column, the list from which each director was drawn ("M": majority list; "m": minority list) is indicated

****In this column, the attendance of the directors at the Board meetings is indicated

TABLE a.2: BOARD COMMITTEE STRUCTURE AT THE END OF THE FINANCIAL YEAR

Board of Directors			Control and Risks Committee		Appointments Committee		Remuneration Committee
Position/Qualification	Members	(*)	(**)	(*)	(**)	(*)	(**)
Non-executive Director - Independent pursuant to the Corporate Governance Code and Article 147-ter TUF	Simona Arduini	21/21	M
Non-executive Director - Independent pursuant to the Corporate Governance Code and Article 147-ter TUF	Monica Billio	21/21	M
Non-executive Director - Independent pursuant to the Corporate Governance Code and Article 147-ter TUF	Paola Paoloni	21/21	M
Non-executive Director - Independent pursuant to the Corporate Governance Code and Article 147-ter TUF	Roberto Diacetti	17/21	M	10/10	M
Non-executive Director - Independent pursuant to the Corporate Governance Code and Article 147-ter TUF	Antonella Malinconico	21/21	C	10/10	M
Non-executive Director - Independent pursuant to the Corporate Governance Code and Article 147-ter TUF	Monica Regazzi
Non-executive Director - Independent pursuant to the Corporate Governance Code and Article 147-ter TUF	Giovanni Meruzzi					9/9	M
Non-executive Director - Independent pursuant to the Corporate Governance Code and Article 147-ter TUF	Roberta Gobbi			10/10	C
Non-executive Director - Independent pursuant to the Corporate Governance Code and Article 147-ter TUF	Beatrice Colleoni					9/9	C
Non-executive director	Luca Lo Giudice					9/9	M
No. of meetings held during the year:		21		10		9

Notes:

* This column shows the directors' participation in committee meetings (no. of meetings attended out of the total No. of meetings attended)

** This column indicates the qualification of the director within the committee ("C": Chair; "M": member; eventual date of hiring or termination of qualification).

TABLE a.3: STRUCTURE OF THE BOARD OF STATUTORY AUDITORS AT THE END OF THE FINANCIAL YEAR

Board of Statutory Auditors
Office	Members	Year of birth	Date of first appointment (*)	In office since	In office until	List (M/m) (**)	Indep. Code	Attendance at Board meetings (***)
Chair	Andrea Balelli	1975	2022	28/04/2022	Approval of the 2024 financial statements	m	X	22/23
Standing Auditor	Franco Olivetti	1974	2019	28/04/2022	Approval of the 2024 financial statements	M	X	23/23
Standing Auditor	Annunziata Melaccio	1977	2022	28/04/2022	Approval of the 2024 financial statements	M	X	23/23
Alternate Auditor	Marinella Monterumisi	1955	2019	28/04/2022	Approval of the 2024 financial statements	M	X	n.a.
Alternate Auditor	Emanuela Rollino	1978	2022	28/04/2022	Approval of the 2024 financial statements	M	X	n.a.
Quorum required for the submission of lists by minorities for the election of one or more members (pursuant to Art. 148 of the TUF): 1%
No. of meetings held during the reporting year: 23

www.bancaifis.it

Notes:

* This means the date the auditor was first appointed (ever) to the Board.

** This column shows the list from which each auditor has been drawn ("M": majority list; "m": minority list).

*** This column shows the attendance of auditors at meetings of the Board of Statutory Auditors.

bancaifis.it

Independent directors Lead Independent Director 5. Corporate information management 6. Board committees 7. Director Self-Evaluation and Succession - Appointments Committee 7.1 Self-Assessment and Director succession 7.2 Appointments Committee Composition and functioning of the Appointments Committee Member of the Appointments Committee 8. Remuneration of Directors - Remuneration Committee 8.1 Remuneration of Directors 8.2 Remuneration Committee 9. Internal Control and Risk Management System - Control and Risk Committee a.Main characteristics of the existing risk management and internal control systems in relation to the financial reporting process a.1. Background a.2. Description of the main characteristics of the existing risk management and internal control system in relation to the financial and sustainability reporting process (the "System") a.2.1 Steps in the process of managing the risks of financial misstatement a.2.2 Steps in the process of managing the risks of sustainability misreporting a.2.3 Roles and Functions involved 9.1 Chief Executive Officer 9.2 Control and Risks Committee Composition and functioning of the Control and Risks Committee 9.3 Head of the Internal Audit Function 9.4 Organisational model pursuant to Legislative Decree No. 231/2001 9.5 Independent Auditors 9.6 Manager charged with preparing the company's financial reports and other corporate roles and functions 9.7 Coordination between the parties involved in the internal control and risk management system 10. Directors' interests and related party transactions 11. Board of Statutory Auditors 11.1 Appointment and replacement 11.2 Composition and operation Diversity criteria and policies Independence Remuneration
		37
		39
		40
		41
		42
		42
		44
		44
		45
		47
		47
		47
		48
		58
		58
		59
		59
		60
		61
		62
		62
		62
		67
		69
		70
		71
		72
		74
		76
		76
		77
		81
		82
		82

Independent directors Lead Independent Director 5. Corporate information management 6. Board committees 7. Director Self-Evaluation and Succession - Appointments Committee 7.1 Self-Assessment and Director succession 7.2 Appointments Committee Composition and functioning of the Appointments Committee Member of the Appointments Committee 8. Remuneration of Directors - Remuneration Committee 8.1 Remuneration of Directors 8.2 Remuneration Committee 9. Internal Control and Risk Management System - Control and Risk Committee a.Main characteristics of the existing risk management and internal control systems in relation to the financial reporting process a.1. Background a.2. Description of the main characteristics of the existing risk management and internal control system in relation to the financial and sustainability reporting process (the "System") a.2.1 Steps in the process of managing the risks of financial misstatement a.2.2 Steps in the process of managing the risks of sustainability misreporting a.2.3 Roles and Functions involved 9.1 Chief Executive Officer 9.2 Control and Risks Committee Composition and functioning of the Control and Risks Committee 9.3 Head of the Internal Audit Function 9.4 Organisational model pursuant to Legislative Decree No. 231/2001 9.5 Independent Auditors 9.6 Manager charged with preparing the company's financial reports and other corporate roles and functions 9.7 Coordination between the parties involved in the internal control and risk management system 10. Directors' interests and related party transactions 11. Board of Statutory Auditors 11.1 Appointment and replacement 11.2 Composition and operation Diversity criteria and policies Independence Remuneration
		37
		39
		40
		41
		42
		42
		44
		44
		45
		47
		47
		47
		48
		58
		58
		59
		59
		60
		61
		62
		62
		62
		67
		69
		70
		71
		72
		74
		76
		76
		77
		81
		82
		82

AI Terminal

Banca Ifis

4153_cgr_2025-03-27_82ba7ef4-792b-4dc6-b458-2c180099a640.pdf

Report on Corporate Governance and Shareholding Structure

Report on Corporate Governance and Shareholding Structure

2024

Contents

Background

Glossary

1. Issuer Profile

Shareholders

Corporate governance model

Shareholders' Meeting

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

For more information on the Shareholders' Meeting, refer to Section 13

Board of Directors

For more information on the Board of Directors, refer to Section 4

Board committees

See Sections 6, 7, 8, and 9 for more information on Board Committees

Board of Statutory Auditors

For more information on the Board of Statutory Auditors, refer to Section 11

2. Information on the shareholding structure as at 31 December 2024

2.1 Capital structure

Tab.1

2.2 Restrictions on the transfer of securities

2.3 Significant equity investments

Tab.2

2.4 Securities conferring special rights

2.5 Employee share ownership: mechanism for exercising voting rights

2.6 Restrictions on voting rights

2.7 Shareholder agreements

2.8 Change of control clauses and provisions of the Articles of Association relating to takeover bids

2.9 Powers to increase share capital and authorisations to purchase own shares

2.10 Management and coordination activities

3. Compliance (pursuant to art. 123-bis, paragraph 2, letter a), TUF)

4. Board of Directors

4.1 Role of the Board of Directors

4.2 Appointment and replacement

4.3 Composition

Tab.3

Tab.4

Tab.5

Tab. 6

Diversity criteria and policies in Board composition and corporate organisation

Gender of current Directors Current Directors' age brackets

Maximum number of offices held in other companies

4.4 Functioning of the Board of Directors

4.5 Role of the Chair

Board Secretary

4.6 Executive directors

Chief Executive Officer

HR management

Purchase and disposal of goods and services

Capital Market

Chair of the Board of Directors

Information to the Board by the CEO

Other executive directors

4.7 Independent directors and Lead Independent Director

Independent directors

Lead Independent Director

5. Corporate information management

6. Board committees

7. Director Self-Evaluation and Succession - Appointments Committee

7.1 Self-Assessment and Director succession

Succession Plans

7.2 Appointments Committee

Composition and functioning of the Appointments Committee

Member of the Appointments Committee

8. Remuneration of Directors – Remuneration Committee

8.1 Remuneration of Directors

8.2 Remuneration Committee

9. Internal Control and Risk Management System - Control and Risk Committee

a. Main characteristics of the existing risk management and internal control systems in relation to the financial reporting process

a.1. Background

a.2. Description of the main characteristics of the existing risk management and internal control system in relation to the financial and sustainability reporting process (the "System")

a.2.1 Steps in the process of managing the risks of financial misstatement

a.2.2 Steps in the process of managing the risks of sustainability misreporting

a.2.3 Roles and Functions involved

Banca Ifis | 2024 Report on Corporate Governance and Shareholding Structure

9.1 Chief Executive Officer

Independent directors Lead Independent Director 5. Corporate information management 6. Board committees 7. Director Self-Evaluation and Succession - Appointments Committee 7.1 Self-Assessment and Director succession 7.2 Appointments Committee Composition and functioning of the Appointments Committee Member of the Appointments Committee 8. Remuneration of Directors - Remuneration Committee 8.1 Remuneration of Directors 8.2 Remuneration Committee 9. Internal Control and Risk Management System - Control and Risk Committee a.Main characteristics of the existing risk management and internal control systems in relation to the financial reporting process a.1. Background a.2. Description of the main characteristics of the existing risk management and internal control system in relation to the financial and sustainability reporting process (the "System") a.2.1 Steps in the process of managing the risks of financial misstatement a.2.2 Steps in the process of managing the risks of sustainability misreporting a.2.3 Roles and Functions involved 9.1 Chief Executive Officer 9.2 Control and Risks Committee Composition and functioning of the Control and Risks Committee 9.3 Head of the Internal Audit Function 9.4 Organisational model pursuant to Legislative Decree No. 231/2001 9.5 Independent Auditors 9.6 Manager charged with preparing the company's financial reports and other corporate roles and functions 9.7 Coordination between the parties involved in the internal control and risk management system 10. Directors' interests and related party transactions 11. Board of Statutory Auditors 11.1 Appointment and replacement 11.2 Composition and operation Diversity criteria and policies Independence Remuneration
		37
		39
		40
		41
		42
		42
		44
		44
		45
		47
		47
		47
		48
		58
		58
		59
		59
		60
		61
		62
		62
		62
		67
		69
		70
		71
		72
		74
		76
		76
		77
		81
		82
		82