emorkeb

Banca Popolare di Sondrio

Gruppo BPER Banca

REPORT

ON CORPORATE GOVERNANCE

AND OWNERSHIP STRUCTURE

CERTIFIED

Banca Popolare di Sondrio

FONDATA NEL 1871

Gruppo BPER Banca

REPORT

ON CORPORATE GOVERNANCE

AND OWNERSHIP STRUCTURE

Joint-stock company - Founded in 1871

Head Office and General Management: I - 23100 Sondrio SO - Piazza Garibaldi 16

Tel. 0342 528.111 - Fax 0342 528.204

Websites: https://www.popso.it - https://istituzionale.popso.it/en

E-mail: [email protected] - Certified e-mail (PEC): [email protected]

Registered with the Sondrio Companies Register under no. 00053810149

Registered in the Register of Banks under no. 842 - Member of the Interbank Deposit Protection Fund

Company belonging to the BPER Banca Group - Registered in the Register of Banking Groups no. 5387.6

Company subject to management and coordination by BPER Banca spa

Tax code and VAT number: 00053810149 - 01086930144

Share capital: € 1,360,157,331 - Reserves: € 1,740,955,502

(Figures approved at the Shareholders' meeting of 30 April 2025)

Drafted pursuant to Article 123-bis of the Consolidated Law on Finance (TUF)

Banca Popolare di Sondrio spa

(Traditional governance and control model)

Website: istituzionale.popso.it

Financial year covered by the Report: 2025

Date of approval of the Report: 10 March 2026

CERTIFIED

GLOSSARY ... 7

ISSUER PROFILE ... 9
1.1 CORPORATE SUSTAINABILITY PROFILE ... 10
INFORMATION ON THE OWNERSHIP STRUCTURE (PURSUANT TO ART. 123-BIS OF THE CONSOLIDATED FINANCE ACT) AS AT 31/12/2025 ... 13
A) SHARE CAPITAL STRUCTURE ... 13
B) RESTRICTIONS ON THE TRANSFER OF SECURITIES ... 13
C) SIGNIFICANT EQUITY HOLDINGS ... 13
D) SECURITIES CONFERRING SPECIAL CONTROL RIGHTS ... 14
E) EMPLOYEE SHARE OWNERSHIP: MECHANISM FOR EXERCISING VOTING RIGHTS ... 14
F) RESTRICTIONS ON VOTING RIGHTS ... 14
G) SHAREHOLDER AGREEMENTS ... 14
H) CHANGE OF CONTROL CLAUSES AND ARTICLES OF ASSOCIATION PROVISIONS RELATING TO TAKEOVER BIDS ... 14
I) INDEMNITIES FOR DIRECTORS IN THE EVENT OF RESIGNATION, DISMISSAL OR TERMINATION OF EMPLOYMENT FOLLOWING A TAKEOVER BID ... 14
L) APPOINTMENT AND REPLACEMENT OF DIRECTORS AND APPLICABLE RULES ON AMENDMENTS TO THE ARTICLES OF ASSOCIATION ... 14
M) POWERS TO INCREASE THE SHARE CAPITAL AND AUTHORISATIONS TO PURCHASE TREASURY SHARES ... 15
N) DIRECTION AND COORDINATION ACTIVITIES ... 15
ADHERENCE TO CODES OF CONDUCT ... 16
3.1 ADHERENCE TO THE CORPORATE GOVERNANCE CODE ... 16
3.2 LETTER FROM THE CHAIR OF THE CORPORATE GOVERNANCE COMMITTEE DATED 18 DECEMBER 2025 ... 16
BOARD OF DIRECTORS ... 18
4.1 ROLE OF THE BOARD OF DIRECTORS ... 18
4.2 APPOINTMENT AND REPLACEMENT OF DIRECTORS ... 19
4.3 COMPOSITION OF THE BOARD OF DIRECTORS ... 22

CERTIFIED

Diversity criteria and policies in the composition of the Board and in the company's organisation...27
Verification of the eligibility requirements and limits on the accumulation of offices held in other companies by corporate officers...28
4.4 OPERATION OF THE BOARD OF DIRECTORS...29
4.5 ROLE OF THE CHAIR OF THE BOARD OF DIRECTORS...30
4.6 SECRETARY OF THE BOARD OF DIRECTORS...32
4.7 MANAGING DIRECTORS...32
4.8 EXECUTIVE COMMITTEE...33
Report to the Board by managing directors / delegated bodies...33
4.9 OTHER EXECUTIVE DIRECTORS...33
4.10 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR...34
4.11 DIRECTORS' REMUNERATION...34
4.12 DIRECTORS' SELF-ASSESSMENT AND SUCCESSION...35
DIRECTORS' SELF-ASSESSMENT...35
Directors' succession...35
4.13 PROFESSIONAL PROFILES OF THE DIRECTORS...37

COMMITTEES WITHIN THE BOARD...54
5.1 REMUNERATION COMMITTEE...55
5.2 CONTROL AND RISK COMMITTEE...58
5.3 APPOINTMENTS AND CORPORATE GOVERNANCE COMMITTEE...63
5.4 SUSTAINABILITY COMMITTEE...66
MANAGEMENT OF CORPORATE INFORMATION...70
MANAGEMENT ROLES AND AREAS OF GOVERNANCE...71
7.1 GENERAL MANAGEMENT...71
7.2 GOVERNANCE AREAS...71
INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM...74
8.1 CHARACTERISTICS OF THE INTERNAL CONTROL SYSTEM...74
8.2 THE SYSTEM OF REGULATIONS...75
8.3 THE ROLES OF THE SENIOR GOVERNING BODIES...75
Board of Directors and Board Committees...76
Managing Director...77
The Anti-Money Laundering Officer...78
The General Manager, the Deputy General Managers and the Heads of Governance Areas...79
The Board Of Statutory Auditors...80
8.4 CONTROL FUNCTIONS...81
First-level controls...81

emarket

Second-level checks... 82
Chief Risk Officer Governance Area ... 82
Compliance Officer Service and Data Protection Officer (DPO)... 84
Anti-Money Laundering Service ... 86
Third-level controls ... 88
8.5 MANAGER RESPONSIBLE FOR PREPARING THE COMPANY'S
ACCOUNTING DOCUMENTS... 89
8.6 INTERNAL CONTROLS RELATING TO ACCOUNTING AND FINANCIAL
INFORMATION... 90
Description of the main features of the existing risk management and
internal control systems in relation to the financial reporting process ... 91
8.7 ORGANISATIONAL, MANAGEMENT AND CONTROL MODEL
PURSUANT TO LEGISLATIVE DECREE 231/2001... 93
8.8 INDEPENDENT AUDITORS... 97
9. DIRECTORS' INTERESTS AND TRANSACTIONS WITH RELATED
PARTIES/ASSOCIATED PARTIES... 98
Register of related parties/associated parties and those referred to in Article
136 of the Consolidated Law on Banking, and review of transactions ... 99
9.1 COMMITTEE FOR RELATED-PARTY TRANSACTIONS ... 99
10. THE BOARD OF STATUTORY AUDITORS... 104
Composition of the Board of Statutory Auditors as at 31/12/2025 ... 104
10.1 APPOINTMENT AND REPLACEMENT OF STATUTORY AUDITORS... 104
10.2 COMPOSITION OF THE BOARD OF STATUTORY AUDITORS ... 106
Diversity criteria and policies in the composition of the Board of Statutory
Auditors ... 108
10.3 ROLE OF THE BOARD OF STATUTORY AUDITORS... 109
10.4 OPERATION OF THE BOARD OF STATUTORY AUDITORS... 110
Coordination with control functions... 111
10.5 REMUNERATION OF THE STATUTORY AUDITORS... 112
10.6 SELF-ASSESSMENT OF THE BOARD OF STATUTORY AUDITORS... 112
10.7 PROFESSIONAL PROFILES OF THE STATUTORY AUDITORS... 113
11. RELATIONS WITH SHAREHOLDERS AND KEY STAKEHOLDERS... 118
12. SHAREHOLDERS' MEETINGS... 119
12.1 CONVENING, DUTIES AND CONDUCT OF MEETINGS... 119
12.2 PARTICIPATION IN THE SHAREHOLDERS' MEETING AND
SHAREHOLDERS' RIGHTS... 120
12.3 2025 MEETING... 121

CERTIFIED
^{}[]

CHANGES SINCE THE END OF THE REPORTING PERIOD ...123

CERTIFIED

GLOSSARY

Bank/BPS: Banca Popolare di Sondrio spa.

Code / CG Code: the Corporate Governance Code for listed companies, approved in January 2020 by the Corporate Governance Committee.

Italian Civil Code / c.c.: the Italian Civil Code.

Corporate Governance Committee /CG Committee: The Italian Committee for the Corporate Governance of Listed Companies, promoted not only by Borsa Italiana S.p.A. but also by ABI, ANIA, Assogestioni, Assonime and Confindustria.

Executive Director: With the exception of the Managing Director, the members referred to in this document as executive directors are so pursuant to Bank of Italy Circular No. 285/2013, as they hold managerial positions in companies within the BPER Banca Group, although they do not hold powers of attorney or perform management functions within the Bank.

Board of Directors/Board: the Board of Directors of Banca Popolare di Sondrio spa.

MEF Decree: Decree No. 169 of the Ministry of Economy and Finance of 23 November 2020 - implementing Article 26 of Legislative Decree No. 385 of 1 September 1993, the Consolidated Law on Banking.

Issuer: Banca Popolare di Sondrio spa.

Financial year: the 2025 financial year.

ESRS: the sustainability reporting standards set out in Commission Delegated Regulation (EU) 2023/2772 of 31 July 2023.

Issuers' Regulation: The regulation adopted by Consob with resolution no. 11971 of 1999, as subsequently amended and supplemented.

Consob Markets Regulation: The regulation adopted by Consob with resolution no. 20249 of 28 December 2017, as subsequently amended and supplemented.

Consob Related-Party Regulation: The Regulation adopted by Consob by Resolution No. 17221 of 12 March 2010 on related-party transactions (as subsequently amended and supplemented).

CERTIFIED

Report: The report on corporate governance and ownership structure that companies are required to prepare pursuant to Article 123-bis of the Consolidated Law on Finance (TUF).

Report on Remuneration: The report on remuneration policy and compensation paid that companies are required to prepare and publish pursuant to Articles 123-ter of the Consolidated Law on Finance and 84-quater of the Issuers’ Regulation.

Corporate website: The Bank’s corporate website, available at the following address: https://istituzionale.popso.it/en.

Consolidated Law on Banking / TUB: Legislative Decree No. 385 of 1 September 1993.

Consolidated Law on Finance /TUF: Legislative Decree No. 58 of 24 February 1998.

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

EMPREGIO 2025

Gruppo BPER Banca

CERTIFIED

1. ISSUER PROFILE

Banca Popolare di Sondrio S.p.A., founded in Sondrio on 4 March 1871, was one of Italy's first cooperative banks, inspired by the cooperative credit movement.

The share capital amounts to €1,360,157,331.

Banca Popolare di Sondrio, in its role as a joint-stock company since December 2021, has continued its commitment to fostering the social and economic development of the areas it serves, paying particular attention to families and small and medium-sized enterprises. This commitment is specifically mentioned in the Articles of Association.

The Bank's fundamental connection with the local area and its commitment to playing an active role in its development are reflected in the structure of its branch network, which comprises 362 branches, in addition to 130 branches specialising mainly in the provision of treasury services to entities and institutions. This network prioritises intensity over mere expansion and ensures that the Bank is firmly rooted in the various geographical areas it serves.

BPS adopts the traditional governance and control model, the essential and qualifying elements of which are described in this Report.

However, in 2025, the Bank's profile underwent a radical transformation: on 6 February, BPER Banca S.p.A. announced a Public Exchange Offer (PEO) relating to up 451,835,777 shares in Banca Popolare di Sondrio. This transaction, launched in June on the basis of an exchange ratio of 1.45 newly issued BPER shares for each BPS share tendered in response to the Public Exchange Offer, developed further on 3 July, with the consideration for the Offer increased by the addition of a cash component of EUR 1.00 per BPS share tendered, thereby resulting in the transaction being classified as a Public Tender Offer (PTO).

On 18 July, with the conclusion of the first phase of the PTO, BPER Banca exceeded the 50% threshold in the share capital of Banca Popolare di Sondrio (58.35%), which thus became part of the BPER Banca Banking Group.

The offer period was reopened from 21 to 25 July 2025. The PTO was finally closed on 1 August 2025. At the end of the transaction, BPER Banca holds 80.69% of the share capital of Banca Popolare di Sondrio, and, as of the fourth quarter of 2025, the process began that will lead to the merger by incorporation of BPS into BPER by April 2026.

With regard to the banking supervisory framework to which the Bank is subject, following its joining the BPER Banca Banking Group, the Bank is no longer considered a significant supervised institution by the ECB on its own, but is managed as a supervised entity by the European Central Bank as part of a significant supervised group.

Based on the definitions set out in the Corporate Governance Code, the Bank is classified as a 'large company with concentrated ownership'. This classification is taken

Banca Popolare di Sondrio BANKING AND INTERNATIONAL

Report on Corporate Governance and Ownership

Structure

Financial year 2025

into account for the purposes of implementing the Principles and Recommendations set out in the Code, as indicated later in this Report.

1.1 CORPORATE SUSTAINABILITY PROFILE

Banca Popolare di Sondrio, which has always maintained close ties with the areas in which it operates, is committed to fostering the sustainable economic development of the community through attentive, tailored support for its customers. In particular, the Bank has initiated a sustainability integration strategy by setting out, in its Business Plan, the main actions required to implement Environmental, Social and Governance (ESG) issues, in line with the principles of the UN Global Compact and the UN Sustainable Development Goals. Progress made and future objectives are described in the sustainability reporting pursuant to the Legislative Decree No. 125 of 6 September 2024 (hereinafter, the 'Sustainability Reporting') and in the dedicated 'Sustainability' section of the Bank's website.

To ensure the consistent implementation of the ESG strategy of the former Banca Popolare di Sondrio Banking Group, the Bank has developed the following ESG governance system:

The Board of Directors is responsible for defining the guidelines, targets and strategies, and for approving the Sustainability Report and the main policies within its remit, as well as the Risk Appetite Framework and the risk management policies, in particular those relating to climate and the environment. Furthermore, the Board of Directors is tasked with supervising the proper oversight of ESG issues and, to this end, participates in training and professional development activities. Finally, the members of the Board ensure the integration of ESG risks into business strategies, governance, processes, procedures and the control system;
The Control and Risk Committee assists the Board of Directors in determining and regularly reviewing the guidelines of the internal control and ESG risk management system, as well as in periodically reviewing the adequacy of this system with respect to the Bank's characteristics and risk profile, and its effective functioning. Finally, with the support of the Manager responsible for preparing the Bank's corporate accounting documents, it also assists the Board of Directors in assessing the compliance of the information included in the sustainability reporting with regulatory requirements and reporting standards;
The Sustainability Committee, established with the aim of enhancing the integration of ESG factors into the corporate governance structures, provides support to the Board of Directors in an advisory, preparatory and proactive capacity when assessing the sustainability factors deemed fundamental to the medium- to long-term value creation strategy and when translating these factors into the Bank's

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

CERTIFIED

policies (for further details, please refer to Section 5.4, 'Sustainability Committee');

The Management Sustainability Committee, together with the Mobility Manager - who is responsible for planning and managing activities related to sustainable mobility - coordinates and implements sustainability-related activities, in accordance with the guidelines established by the Board of Directors and set out in the strategic planning;
At the operational level, the Sustainability Department and the ESG contact persons, located across the various departments of Banca Popolare di Sondrio and its subsidiaries, oversee regulatory developments, manage the implementation of ESG initiatives, and support the Management Sustainability Committee and the various functions involved;
The Network's ESG specialists, appointed for each Area, assist branches in gathering information relevant to customer assessment throughout the credit granting process and collaborate with the central offices in activities aimed at preparing ESG Due Diligence.

The Bank has also adopted a robust set of internal policies to implement its commitment to incorporating ESG issues into its business and operations: the Sustainability Policy, the Environmental Policy, the ESG Credit Policy, the ESG Investment Policy, and the Policy on Financing in the Arms Production and Trade Sector. These represent the guiding documents for integrating sustainability into the operations of the Bank and its subsidiaries in terms of social issues, environmental impacts, enhancement of human capitals, protection of human rights, and combatting corruption.

Sustainability elements are integrated into the strategy of Banca Popolare di Sondrio and its subsidiaries: the incorporation of sustainability-related issues into the Bank's activities and corporate processes is reflected in the pursuit of ongoing objectives, including the development of ESG-focused products and services, the disbursement of new loans with a positive environmental and social impact, and the issuance of new bonds (Green, Social and Sustainable Bonds). This is complemented by mandatory annual training on sustainability issues for employees and governing bodies, the target of using only electricity from renewable sources by 2026, and the promotion of initiatives focused on gender equality, support for parenthood and inclusion.

In this way, Banca Popolare di Sondrio and its subsidiaries face the challenges of the transition to a sustainable economy, capitalising on the opportunities arising from both business expansion and the strengthening of internal processes.

The development of ESG-focused products and services is a key pillar of the sustainability strategy, as clearly outlined in the 2025-2027 Business Plan, which envisages the expansion of the sustainable offering, with a particular focus on financing and bond issuance transactions aimed at generating a positive environmental and social impact.

Banca Popolare di Sondrio FONDAZIONE DEL FIT

CERTIFIED

Banca Popolare di Sondrio FONDAZIONE DEL FIT

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structura

Financial year 2025

Specifically, the Bank's Business Plan sets out the following:

The development of ESG-focused products and services;
Approximately €2.4 billion in new loans with a positive environmental and social impact;
Approximately €1.0 billion in new bond issues (Green, Social and Sustainable Bonds).

Such an approach is crucial not only to meet the needs of consumers who are increasingly sensitive to the environmental and social impacts of goods and services, but also to support companies that adopt innovative business models, increasing their competitiveness and anticipating European environmental regulations. It also enables the Bank to expand its ESG credits portfolio, which is necessary for issuing sustainable finance instruments such as Green, Social and Sustainable Bonds.

The ESG product offering is an indispensable element in achieving the adaptation, C&E risk mitigation and emission reduction goals of Scope 3.

In the context of the Bank's recent integration into the BPER Banca Group, this strategic focus is further strengthened: indeed, the new structure enables the Bank to leverage industrial synergies and to enhance its ability to respond even more effectively to the needs expressed by stakeholders, while maintaining its local identity and close ties with the communities it serves.

For further information and details on the content of this sub-section, please visit the Bank's website at https://istituzionale.popso.it/en/sustainability/our-commitment.

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

Gruppo BPER Banca

CERTIFIED

2. INFORMATION ON THE OWNERSHIP STRUCTURE (PURSUANT TO ART. 123-BIS OF THE CONSOLIDATED FINANCE ACT) AS AT 31/12/2025

A) SHARE CAPITAL STRUCTURE

The share capital of Banca Popolare di Sondrio is represented by ordinary shares without par value.

Banca Popolare di Sondrio shares are traded on Borsa Italiana's Euronext Milan market, on the FTSE MIB index.

As at 31 December 2025, the share capital amounted to €1,360,157,331, divided into 453,385,777 ordinary shares, all of which carry the same rights and obligations. Shareholders are entitled to the voting and economic rights typical of joint-stock companies.

There are no financial instruments (convertible bonds, warrants) that confer the right to subscribe for newly issued shares.

In approving the annual financial statements, the Ordinary Shareholders' Meeting determines the amount of the dividend payable on each share. Uncollected dividends on shares within five years from the date they became payable will remain with the Bank.

B) RESTRICTIONS ON THE TRANSFER OF SECURITIES

Shares are freely transferable in accordance with the law.

In this regard, it should be noted that transactions in shares and other financial instruments issued by the issuer carried out by relevant persons and by persons closely associated with them, pursuant to Regulation (EU) No. 596/2014 ('MAR'), the Consolidated Law on Finance and the Issuers' Regulation, are subject to the disclosure obligations on Internal Dealing set out in the aforementioned regulatory provisions.

Furthermore, individuals performing administrative, supervisory or management functions at the Bank are required to comply with the closed periods for trading set out in the aforementioned Regulation (EU) No. 596/2014.

C) SIGNIFICANT EQUITY HOLDINGS

As at 31 December 2025, based on the information recorded in the shareholder register, the notifications received pursuant to Article 120 of the Consolidated Law on Finance, and other information available to the Bank, the following persons are recorded as directly or indirectly holding a significant stake in the share capital of BPS:

SIGNIFICANT EQUITY HOLDINGS

PERSONAL

Bank of Canada

Telebrs: distribution and commercial use strictly prohibited

CERTIFIED

Banca Popolare

di Sondrio COMPANY SRL VET

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structur

Financial year 2025

Declarant	Direct shareholder	% share of ordinary share capital	% share of voting capital
BPER Banca spa	BPER Banca spa	80.691%	80.691%
Private Wealth Management Global Sif Dynamic Strategy	Private Wealth Management Global Sif Dynamic Strategy	4.908%	4.908%

D) SECURITIES CONFERRING SPECIAL CONTROL RIGHTS

There are no securities that confer special control rights.

E) EMPLOYEE SHARE OWNERSHIP: MECHANISM FOR EXERCISING VOTING RIGHTS

There are no employee share ownership schemes in place.

F) RESTRICTIONS ON VOTING RIGHTS

There are no restrictions on voting rights. Each share confers the right to one vote in accordance with current legislation.

G) SHAREHOLDER AGREEMENTS

The Bank is not aware of any shareholder agreements as referred to in Article 122 of the Consolidated Law on Finance.

H) CHANGE OF CONTROL CLAUSES AND ARTICLES OF ASSOCIATION PROVISIONS RELATING TO TAKEOVER BIDS

There are no such provisions.

I) INDEMNITIES FOR DIRECTORS IN THE EVENT OF RESIGNATION, DISMISSAL OR TERMINATION OF EMPLOYMENT FOLLOWING A TAKEOVER BID

There are no agreements of this type.

For further information, please refer to the 'Annual Report on Remuneration Policy for 2025 and on the Remuneration Paid in 2024', available on the corporate website.

L) APPOINTMENT AND REPLACEMENT OF DIRECTORS AND APPLICABLE RULES ON AMENDMENTS TO THE ARTICLES OF ASSOCIATION

In relation to the rules applicable to the appointment and replacement of directors, please refer, for reasons of expository coherence, to section 4.2 'Appointment and

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

^{}[]

Banca Popolare di Sondrio BANCA PODER GROUPE SRL IAF

replacement of directors' below. Amendments to the Articles of Association fall within the remit of the Extraordinary Shareholders' Meeting, and the relevant provisions are set out in Article 17 of the Articles of Association. Pursuant to Article 32 of the Articles of Association, the Board of Directors is empowered to pass resolutions to bring the Articles of Association into line with statutory provisions.

M) POWERS TO INCREASE THE SHARE CAPITAL AND AUTHORISATIONS TO PURCHASE TREASURY SHARES

The Board of Directors has not been granted any powers to increase the share capital pursuant to Article 2443 of the Italian Civil Code or to issue participatory financial instruments.

Similarly, the Board of Directors has not been granted any authorisations to purchase treasury shares.

N) DIRECTION AND COORDINATION ACTIVITIES

From 18 July 2025, following the positive outcome of the Public Tender Offer, Banca Popolare di Sondrio is subject to the direction and coordination of BPER Banca Spa pursuant to Articles 2497 et seq. of the Italian Civil Code.

Banca Popolare di Sondrio
CAMPANIA
BRANCA
Gruppo BPER Banca

Report on Corporate Governance and Ownership
Structural
Financial year 2025

CERTIFIED

3. ADHERENCE TO CODES OF CONDUCT

3.1 ADHERENCE TO THE CORPORATE GOVERNANCE CODE

Banca Popolare di Sondrio adheres to the Corporate Governance Code promoted by the Corporate Governance Committee of Borsa Italiana S.p.A., which can be consulted on the latter's website (www.borsaitaliana.it).

In the relevant sections, this Report sets out the ways in which the Bank adheres to the Principles and Recommendations of the Code, in accordance with the underlying 'comply or explain' principle.

BPS further states that, as a credit institution, it has established sits organisational framework in compliance with the relevant legislation and, in particular, with the EU sector-specific regulations, with Legislative Decree No. 385 of 1 September 1993 (Consolidated Law on Banking), and with the provisions issued by the Bank of Italy. Banca Popolare di Sondrio also notes that, since November 2014, it has been subject to direct supervision by the European Central Bank, which carries out specific supervisory tasks within the framework of the SSM (Single Supervisory Mechanism) to ensure the sound and prudent management of institutions and the existence of efficient and effective corporate governance systems. On 18 July 2025, following the conclusion of the first phase of the PTO, BPER Banca exceeded the 50% threshold in Banca Popolare di Sondrio's share capital (58.35%), and BPS became part of the BPER Banca banking group. As a result, the Bank is no longer considered a significant supervised institution by the ECB on its own, but is classified as a supervised entity by the European Central Bank as part of a significant supervised group.

The subsidiary Banca Popolare di Sondrio (SUISSE) SA, based in Lugano (Switzerland), is subject to the laws of the Swiss Confederation, but this does not affect the corporate governance structure of the Parent Company.

3.2 LETTER FROM THE CHAIR OF THE CORPORATE GOVERNANCE COMMITTEE DATED 18 DECEMBER 2025

In a letter dated 18 December 2025, the Chair of the Corporate Governance Committee addressed the usual communication to the senior management of listed companies, highlighting the Committee's monitoring activities regarding the application of self-regulatory provisions and making specific recommendations in this regard, aimed at strengthening the companies' governance structures in line with the provisions of the Code.

At its meeting on 20 January 2026, the Board of Directors reviewed the contents of the Letter from the Chair of the Corporate Governance Committee and the Committee's recommendations for 2026.

CERTIFIED

Banca Popolare

di Sondrio

SINDACO IND. 1874

Report on Corporate Governance and Ownership

Structure

Financial year 2025

In particular, the recommendations relate to the topics set out in the table below:

Committee recommendations for 2026	Reference in the Report
More detailed explanation of the reviews and initiatives undertaken to amend the remuneration policies	Chapter 4.11 ‘Directors’ remuneration’
Chapter 10.5 ‘Remuneration of Statutory Auditors’
Adoption, in the course of 2026, of a policy for dialogue with the relevant stakeholders for the company, to be reported in the Report on Corporate Governance and Ownership Structure to be published in 2027	Chapter 11 ‘Relations with shareholders and key stakeholders’

Banca Popolare di Sondrio FONDAZIONE DEI STRUTI

CERTIFIED

Banca Popolare di Sondrio FONDAZIONE DEI STRUTI

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structura

Financial year 2025

4. BOARD OF DIRECTORS

4.1 ROLE OF THE BOARD OF DIRECTORS

The Board of Directors is vested with all powers for the ordinary and extraordinary management except for those that fall exclusively to the Shareholders' Meeting.

Furthermore, Article 32, paragraphs 2, 3 and 4, of the Articles of Association stipulate that:

The Board of Directors shall perform the strategic oversight duties set out in the legislation in force from time to time. In this context, the Board of Directors, among other things:

a) defines and approves the overall corporate governance structure, verifies its proper implementation, and promptly initiates any corrective measures;

b) approves the organisational structure and identifies the information flows required to ensure the full circulation of information;

c) defines and approves the business model, the general guidelines and the strategic directions, as well as the risk appetite, specifically approving the Risk Appetite Framework (RAF) and the strategic business and financial plans;

d) defines and approves the risk governance objectives and policies, as well as the general framework of the internal capital adequacy assessment process (ICAAP) and the internal liquidity adequacy assessment process (ILAAP);

e) defines and approves the guidelines for the internal control system;

f) approves the accounting and reporting systems;

g) oversees the public disclosure and communication process;

h) ensures effective dialogue with the heads of the main corporate functions and reviews the choices and decisions they make over time.

In addition to the powers that cannot be delegated in accordance with the applicable regulatory provisions, the following decisions are reserved to the exclusive competence of the Board of Directors:

a) the appointment, if any, of the Executive Committee and the determination of its powers;

b) the appointment and dismissal of the Chief Executive Officer, and the scope and limits of their powers;

c) the decisions referred to in Article 45 of these Articles of Association (Editor's note: General Management: Composition and resolutions concerning the members);

d) the appointment and removal, after consulting the Board of Statutory Auditors, of the Manager responsible for preparing the company's accounting documents, together with the determination of the powers and means required to perform the duties assigned to this Manager pursuant to the law. In any case, the Manager

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

responsible for preparing the Company's accounting documents must have acquired adequate professional experience in administration and/or accounting over a reasonable period of time in the banking, securities finance or insurance sectors;

e) the appointment and dismissal of the heads of the internal audit, regulatory compliance and risk management functions, as well as the heads of any other corporate functions that the applicable regulatory provisions assign to the strategic oversight body;

f) the delegation of decision-making powers in relation to the credit disbursement;

g) the approval and amendment of the main internal regulations;

h) the acquisition and disposal of strategic shareholdings, as defined by the supervisory regulations in force from time to time;

i) decisions concerning the establishment of criteria for the coordination and management of Group companies and the establishment of criteria for the implementation of instructions issued by the supervisory authorities.

The Board of Directors is also empowered to pass resolutions to align the Articles of Association with legal provisions, to establish or close branch offices, to reduce the share capital in the event of a member's withdrawal, as well as to make decisions on mergers in the cases referred to in Articles 2505 and 2505-bis of the Italian Civil Code, and on demergers in the cases provided for in Article 2506-ter, last paragraph, of the Italian Civil Code.

4.2 APPOINTMENT AND REPLACEMENT OF DIRECTORS

Articles 23, 24 and 25 of the Articles of Association govern the appointment and replacement of directors. A summary of the process for electing and replacing directors is provided below.

Lists, containing the names of candidates numbered consecutively, may be submitted by the Board of Directors - in accordance with the provisions now set out in Article 147-ter.1 of the Consolidated Law on Finance, as introduced by Law No. 21 of 5 March 2024 - and by shareholders who, alone or jointly, represent at least 1% of the share capital, unless the law and regulations in force from time to time establish a lower percentage, to be indicated in the notice of call of the Meeting.

The lists containing a number of candidates equal to or higher than three must be composed so as to ensure the minimum number of independent directors and gender balance required by the law currently in force regarding the composition of the Board of Directors resulting from the vote, in accordance with the principles established by the law and the Articles of Association.

The Bank makes the document 'Optimal qualitative and quantitative composition of

Banca Popolare di Sondrio BRENCHA 2018-2022

Report on Corporate Governance and Ownership

Structurae

Financial year 2025

the Board of Directors of Banca Popolare di Sondrio spa' available to shareholders, so that the selection of candidates to be nominated can take into account the required professional skills and characteristics.

The lists must be submitted to the company's registered offices within the time limits set by the regulations in force and accompanied by the information required by the regulations and the Articles of Association.

The lists shall be accompanied by information relating to the identity of the Shareholders who have submitted them, with an indication of the number of shares and the corresponding total percentage held.

Together with each list, detailed information on the personal and professional characteristics of the candidates and the list of offices held in other companies shall be filed at the registered office, as well as the declarations in which the candidates accept the candidature and, under their own responsibility, declare that they are suitable for the office, certifying, in particular, the non-existence of any reasons for ineligibility and incompatibility and the possession of the requirements set out by current legislation and by the Articles of Association for holding the office of director. Candidates shall state whether they comply with the specific independence requirements for the position of independent director, and this qualification shall be indicated in the lists.

All the information required by Article 144-decies of the Issuers' Regulation concerning elected directors can be found on the Bank's website, in the section https://istituzionale.popso.it/en/investor-relations/shareholders-meeting. In particular, the lists from which the candidates were selected (with details of the submitting shareholders), detailed information on the personal and professional characteristics of the candidates, and the declarations certifying that they meet the requirements set out by law and, where applicable, the independence requirements set out by the regulations.

From the list that obtained the highest number of votes in the Assembly, all the candidates are selected in the progressive order in which they are listed, except the last one.

The candidate in first place is taken from the list that obtained the second highest number of votes and that was not submitted or voted by shareholders connected with the shareholders who submitted or voted the list that obtained the highest number of votes. Lists that have not obtained at the Shareholders' Meeting a number of votes equal to at least half of the percentage of capital necessary for the submission of the lists will not be taken into consideration. If only one list exceeds this limit, and the same applies to the submission of a single list, all the Directors shall be taken from that list, subject to compliance with the legislation concerning the minimum number of independent Directors and gender balance.

In the event that the composition of the Board of Directors resulting from the

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

outcome of the vote does not ensure the appointment of the minimum number of independent directors required by regulations or does not comply with the principle of gender balance, the directors lacking the specified required qualifications, elected from the list that obtained the highest number of votes and identified by the highest sequential number, are replaced by the next candidate on the same list possessing the required qualification. If this does not identify suitable substitutes, the director appointed from the list that obtained the second highest number of votes also gets substituted. Pursuant to Article 24 of the Articles of Association, if no suitable replacements can be found even after applying this criterion, or if it is impossible to apply the mechanism, the Shareholders' Meeting shall resolve on the spot, on the proposal of the persons present who have the right to vote, by a relative majority, among individual candidates who meet the aforementioned requirements, and replacements shall be carried out in the order indicated above. If no list is validly submitted, the election shall be carried out by means of a relative majority of the candidates submitted to the Meeting together with the filing of the required documentation, provided that the independence requirements are met in the number required by the Articles of Association and that the rules on gender balance in force from time to time are complied with.

Without prejudice to the fact that the activities of all Directors must be characterised by independence of judgment, the Articles of Association prescribes that, with regard to the minimum number of Directors required by the legislation and self-regulation codes to which the Bank adheres from time to time, the specific requirements for the qualification of an independent director set out in art. 147-ter, fourth paragraph, of the Consolidated Law on Finance, the implementing legislation of art. 26 of Legislative Decree No. 385/1993, and the CG Code must be met. As stated above, candidates are required to declare the possession of the aforementioned independence requirements, and this quality is indicated in the lists.

If, during the financial year, one or more directors leave office, the remaining directors shall replace them by means of a resolution approved by the Board of Statutory Auditors, selecting them, where possible, from among the non-elected candidates on the lists to which the departing directors belonged, in compliance with the requirements of collegial adequacy of the Board, the minimum number of independent directors and gender balance, in accordance with the legislation in force from time to time. Directors appointed in this manner shall remain in office until the next Shareholders' Meeting.

If the Shareholders' Meeting is required to replace directors taken from the sole list submitted or, in the case of multiple lists, taken from the list that obtained the highest number of votes, the election shall be carried out by a relative majority vote among individual candidates, without the obligation to form a list. If, on the other hand, the Shareholders' Meeting is required to replace directors from another list, the election shall

Banca Popolare di Sondrio
CERTIFIED
Gruppo BPER Banca
Report on Corporate Governance and Ownership
Structurae
Financial year 2025

be carried out by a relative majority vote on individual candidates, selecting them, where possible, from among the unelected candidates on the lists to which the outgoing directors belonged.

4.3 COMPOSITION OF THE BOARD OF DIRECTORS

Pursuant to Article 20 of the Articles of Association, the Board of Directors is composed of fifteen members, elected by the Ordinary Shareholders' Meeting. The composition of the Board of Directors shall ensure collegial adequacy, as well as the presence of the minimum number of independent directors and gender balance in accordance with the legislation in force from time to time.

It should be noted that, pursuant to Article 22 of the Articles of Association, one-third of the Board of Directors is renewed each financial year.

All directors meet the requirements set out in current legislation.

In this regard, it should be noted that the MEF Decree introduced into Italian law new requirements and suitability criteria for the performance of the offices of corporate officers, as well as the more stringent limits on the holding of multiple offices set out in Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013.

During the 2025 financial year, the following changes occurred in the composition of the Board of Directors:

on 30 April 2025, the terms of office of the Directors Nicola Cordone, Anna Doro, Federico Sergio Francesco Falck, and Serenella Rossi expired;

For the election of five directors for the three-year period 2025-2027 by the Ordinary Shareholders' Meeting of 30 April 2025, two lists were duly submitted within the statutory time limits:

'List No. 1', submitted by the 12 shareholders listed below, for a total shareholding in the capital of Banca Popolare di Sondrio of 1.55124%:
Amber Capital UK LLP, manager of the funds Amber Capital Investment Management ICAV - Amber Global Opportunities, Privilege/Amber Event Europe, Amber Capital Investment Management ICAV - Amber Event Driven Fund;
Amber Capital Italia SGR S.p.A., manager of the Alpha UCITS SICAV / Amber Equity Fund;
Anima Sgr spa, manager of the Anima Inizitiva Italia fund;
Eurizon Capital SA, manager of the Eurizon Fund, sub-funds: Italian Equity Opportunities, Equity Italy Smart Volatility;
Eurizon Capital SGR spa, manager of the funds: Eurizon Am Rilancio Italia Tr, Eurizon Pir Italia Azioni, Eurizon Azioni Italia, Eurizon Progetto Italia 70, Eurizon Progetto Italia 40;

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

FONDAZIONE 2025

Fideuram Asset Management Ireland, manager of the Fonditalia Equity Italy fund;
Fideuram Intesa Sanpaolo Private Banking Asset Management Sgr spa, manager of the funds: Fideuram Italia, Piano Bilanciato Italia 30, Piano Bilanciato Italia 50, Piano Azioni Italia;
Interfund SICAV - Interfund Equity Italy;
Generali Asset Management S.p.A., Asset Management Company, acting in the name and on behalf of Alleanza Obbligazionario;
Kairos Partners Sgr S.p.A., acting as the management company for Kairos International SICAV - Italia Made in Italy and Patriot sub-funds;
Mediolanum Gestione Fondi Sgr spa, fund manager for: Mediolanum Flessibile Futuro Italia and Mediolanum Flessibile Sviluppo Italia;
Mediolanum International Funds Limited - Challenge Funds - Challenge Italian Equity;
'List No. 2', submitted by the following 8 shareholders, for a total shareholding in the capital of Banca Popolare di Sondrio of $1.28567\%$ :
Salvatore Catalano;
7 Aprile srl;
Carmen Prandi;
Società Finanziaria Polisetttoriale SO.FI.P. spa;
Mario Francesco Pozzoni;
Antonio Staino;
Armida De Dosso;
Corrado Viganò.

Following the voting at the Shareholders' Meeting of 30 April 2025, the list that obtained the highest number of votes was 'List No. 1', with 180,679,726 votes, equivalent to $73.347\%$ of the share capital represented at the Meeting. 'List No. 2' received 64,040,015 votes, representing $25.997\%$ of the share capital present at the Meeting.

Therefore, in accordance with the Articles of Association, the following persons were elected for the three-year period 2025-2027: Maria Letizia Ermetes (Independent Director); Christian Montaudo (Independent Director); Salvatore Providenti (Independent Director); Franco Giuseppe Riva (Independent Director), all from 'List No. 1'; and Francesco Venosta, from 'List No. 2'.

On the corporate website, in the section https://istituzionale.popso.it/en/investor-relations/shareholders-meeting, all the information required by Article 144-decies of the Issuers' Regulation regarding the elected directors can be found - information also provided in summary form in this report. In particular, the lists from which the candidates were selected (with details of the submitting shareholders), detailed information on the

Banca Popolare di Sondrio FONDAZIONE PER

CERTIFIED

Banca Popolare di Sondrio FONDAZIONE PER

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structura

Financial year 2025

personal and professional characteristics of the candidates, and the declarations certifying that they meet the requirements set out by law and, where applicable, the independence requirements set out by the regulations. The same information regarding the directors elected at the previous Annual General Meetings held in 2024 and 2023 is also available at the aforementioned web address.

Subsequently, the Bank's competent bodies carried out the process of assessing the suitability of the corporate officers elected at the Shareholders' Meeting of 30 April 2025. In particular, on 27 May 2025, following an investigation by the Appointments and Governance Committee and based on the information provided by the parties concerned and the documentation available to the Bank, the Board of Directors verified that the elected directors met the requirements of professionalism, integrity, and fairness; furthermore, it verified that the requirements of independence were met, as stipulated, among other things, by Articles 147-ter and 148 of the Consolidated Law on Finance and the MEF Decree, for the directors elected by the aforementioned Shareholders' Meeting as independent directors, namely:

Maria Letizia Ermetes;
Christian Montaudo;
Salvatore Providenti;
Franco Giuseppe Riva.

At its meeting on 27 June 2025, pursuant to the Bank of Italy Provision of 1 August 2023, the Board of Directors appointed Director Loretta Credaro as the Anti-Money Laundering Officer, certifying, among other things, that she met the Fit & Proper requirements for her appointment to this role.

Following the successful conclusion of BPER Banca's PTO for Banca Popolare di Sondrio, the following changes took place:

on 1 September 2025, Board Member Christian Montaudo left the Board due to resignation;
on 15 September 2025, the following directors resigned: Loretta Credaro, Maria Letizia Ermetes, Roberto Giay, Maria Chiara Malaguti, Pierluigi Molla, Séverine Mélissa Harmine Neervoort, Mario Alberto Pedranzini, Salvatore Providenti, Giuseppe Recchi, Franco Giuseppe Riva, Silvia Stefini, Francesco Venosta and Rossana Zambelli;
on 15 September 2025, Director Lino Enrico Stoppani ceased to hold office following the revocation of his mandate by the Shareholders' Meeting.

The ordinary Shareholders' Meeting, convened at the request of the majority shareholder, held on 15 September 2025, resolved, among other matters, on the complete renewal of the Board, which was carried out in accordance with the provisions of the Articles of Association, which stipulate the rotation of one third of the directors each

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINDACO IND. S.P.A.

financial year (staggered board).

In accordance with the law, the shareholder BPER Banca SpA, which holds a total equity investment in the Bank's share capital equal to 80.69%, submitted the following lists:

List No. 1, for the appointment as Directors, with a term of office expiring upon the approval of the financial statements as at 31 December 2025, of the following persons:
Gabriele Beni, Independent;
Massimetti Annamaria;
Silvia Stefini, independent;
Cristiano Cincotti, independent;
Marcucci Simone.
List No. 2, for the appointment as Directors, with a term of office expiring upon the approval of the financial statements as at 31 December 2026, of the following persons:
Andrea Casini, independent, named on the list as the candidate for Chair;
Sonnino Elvio;
Neervoort Séverine Mélissa Harmine, indipendent;
Maria Chiara Malaguti, independent;
Molla Pierluigi.
List No. 3, for the appointment as Directors, with a term of office expiring upon the approval of the financial statements as at 31 December 2027, of the following persons:
Giuseppe Recchi, independent;
Alessandra Ruzzu, independent;
Conforti Elena;
Giay Roberto;
Kuhn Stefano Vittorio.

Following the votes cast at the Shareholders' Meeting on 15 September 2025, the aforementioned lists obtained, respectively: 389,275,415 votes, representing 99.914% of the share capital present at the Meeting; 389,147,308 votes, representing 99.881% of the share capital present at the Meeting; 389,060,101 votes, representing 99.859% of the share capital present at the Meeting.

The aforementioned candidates were therefore elected, with the terms of office detailed above.

Banca Popolare di Sondrio BOROLORE

Gruppo BPER Banca

CERTIFIED

Financial year 2025

provided in summary form in this report. In particular, the lists from which the candidates were selected (with details of the submitting shareholder), detailed information on the personal and professional characteristics of the candidates, and the declarations certifying that they meet the requirements set out by law and, where applicable, the independence requirements set out by the regulations.

Subsequently, the Bank's competent bodies carried out the process of assessing the suitability of the corporate officers elected at the Shareholders' Meeting of 15 September 2025. In particular, on 09 October 2025, following an investigation by the Appointments and Corporate Governance Committee and based on the information provided by the parties concerned and the documentation available to the Bank, the Board of Directors verified that the elected directors met the requirements of professionalism, integrity, and fairness; furthermore, it verified that the requirements of independence were met, as stipulated, among other things, by Articles 147-ter and 148 of the Consolidated Law on Finance and the MEF Decree, for the directors elected by the aforementioned Shareholders' Meeting as independent directors, namely:

Gabriele Beni;
Andrea Casini;
Cristiano Cincotti;
Maria Chiara Malaguti;
Séverine Mélissa Harmine Neervoort;
Giuseppe Recchi;
Alessandra Ruzzu;
Silvia Stefini.

At its meeting on 15 September 2025, the Board of Directors appointed Mr Andrea Casini as Chair, Mr Giuseppe Recchi as Vice-Chair, and Mr Elvio Sonnino as Managing Director; pursuant to the Bank of Italy Provision of 1 August 2023, Mr Sonnino was also appointed as the Anti-Money Laundering Officer.

The Board of Directors in office at the end of the 2025 financial year and at the date of approval of this Report is composed of the following directors, as set out in greater detail in Table 2, attached to this Report:

Office	Members
Chair - Independent	Casini Andrea
Managing Director - Executive	Sonnino Elvio
Deputy Chair - Independent	Recchi Giuseppe
Director - Independent	Beni Gabriele
Director - Independent	Cincotti Cristiano
Director - Executive	Conforti Elena

emarket

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare

di Sondrio

CERTIFIED

Gruppo BPER Banca

Director - Non-Executive - Non-Independent	Giay Roberto
Director - Executive	Kuhn Stefano Vittorio
Director - Independent	Malaguti Maria Chiara
Director - Executive	Marcucci Simone
Director - Non-Executive - Non-Independent	Massimetti Annamaria
Director - Non-Executive - Non-Independent	Molla Pierluigi
Director - Independent	Neervoort Séverine Mélissa Harmine
Director - Independent	Ruzzu Alessandra
Director - Independent	Stefini Silvia

Diversity criteria and policies in the composition of the Board and in the company's organisation

With regard to the corporate diversity policies applied in relation to the composition of the Board of Directors, in January 2022, in implementation of the regulations in force, the Bank adopted the 'Regulation on Diversity in the Composition of the Board of Directors and Board of Statutory Auditors of Banca Popolare di Sondrio', which aims to ensure that the composition of corporate bodies reflects an appropriate degree of diversification in terms of, among other things, skills, experience, age, gender and international outlook. Diversification in the composition of the Board of Directors supports internal discussion and dialogue, fosters the emergence of a variety of approaches and perspectives in the analysis of issues and decision-making on matters within its competence, effectively supports the company's processes of strategy formulation, business and risk management, and control over the work of senior management, in order to ensure the sound and prudent management of the bank.

In particular, with regard to aspects such as age, gender composition, and educational and professional background, the following is specified:

One third of the members of the Board are reappointed annually; directors hold office for three financial years and may be re-elected. Over the years, this has led to an appropriate generational turnover and has resulted in adequate diversity both in terms of the age of Board members and the duration of their term, thereby helping to ensure a plurality of approaches and perspectives in the analysis of issues and the decision-making of the board;
with regard to gender diversity in particular, pursuant to the provisions of Article 20 of the Articles of Association, the composition of the Board of Directors must ensure gender balance in compliance with the legislation in force from time to time. As at 31 December 2025, in accordance with this provision, 6 directors belonged to the less represented gender;

With regard to diversified skills and experience, age groups, compliance with the

Banca Popolare di Sondrio
CERTIFIED
Gruppo BPER Banca
Report on Corporate Governance and Ownership
Structurae
Financial year 2025

principle of gender balance of the Directors, each year, in anticipation of the partial renewal of the Board of Directors, the Bank publishes the document 'Optimal qualitative-quantitative composition of the Board of Directors of Banca Popolare di Sondrio Spa', available on the corporate website at the page https://istituzionale.popso.it/en/investor-relations/shareholders-meeting. The document highlights the importance of the presence of members with diversified skills and experiences. This heterogeneity - together with a certain range of ages and respecting the principle of gender balance - can in fact favour a plurality of approaches and perspectives in analysing the issues and taking decisions. Among other things, the document sets out the overall qualitative composition that the Board deems optimal.

The knowledge and experience outlined in the aforementioned document complement the competence criteria governed by Article 10 of the MEF Decree, which stipulates that, in addition to professionalism requirements, directors must meet the competence criteria set out therein in order to demonstrate their suitability to hold office.

Finally, to foster an adequate exchange within the Board of Directors and ensure informed and thoughtful decisions, it was considered appropriate that more individuals with proven skills in each of the areas listed above be present on the Board.

Over time, this methodological approach has proven its effectiveness, ensuring that the Bank is managed in a balanced and efficient manner.

The expertise of the corporate representatives is developed through the performance of their respective roles and, in addition, through high-level, thematic in-depth training programmes aimed at broadening and updating their knowledge and fostering discussion and exchange of views between the various professional backgrounds represented on the Board of Directors, while also facilitating the identification of any areas for improvement in the governance and control of Group risks. During 2025, the training plan for the Bank's directors and statutory auditors covered the following topics:

Supervisory Authority expectations (including Succession Plans);
Governance & Fit & Proper;
The internal control system: an integrated view of the controls;
New trends in Control Functions and Digital Transformation;
Accounting and financial reporting;
Analysis of the business model and the strategic planning process.

Verification of the eligibility requirements and limits on the accumulation of offices held in other companies by corporate officers

When verifying the requirements of professionalism, integrity and independence stipulated by current legislation, at the time of appointing corporate officers, the Board of

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

COMPAGNIA BANKS

Gruppo BPER Banca

Directors conducts an in-depth professional assessment of the appointed individuals and, with the investigative support of the Appointments and Corporate Governance Committee, ascertains that these requirements are met, that the aforementioned principles of diversity are complied with, and that the appointments are appropriate in terms of the professional roles required, as outlined above. In this regard, it should be noted that the verification of the requirements of professionalism, integrity, fairness, independence, limits on the number of offices held and availability of time is also carried out in compliance with the provisions issued by the European Central Bank, which have broadened the scope of the assessment, extending the range of factors to be taken into account to include further, highly complex criteria relating to integrity and fairness, as well as professionalism, competence and experience; with regard to the latter aspect, the suitability of the officers must be assessed not only at the individual level but also at the collective level, in terms of their actual contribution to the collegial body. Furthermore, it is necessary to verify the time commitment that the individual dedicates to adequately performing the roles they hold and the compatibility of this commitment with their other activities. In this regard, it should be noted that, with the MEF Decree, new regulations on this subject were introduced with effect from 30 December 2020, which, among other things, transposed Directive 2013/36/EU on limits to the accumulation of appointments.

Pursuant to the 'Supervisory Provisions for Banks' - Bank of Italy Circular No. 285 of 17 December 2013 - and the Corporate Governance Code, the Board of Directors, in addition to reviewing any significant new developments concerning individual representatives, conducts an annual reassessment of whether the eligibility requirements stipulated by current legislation for holding office are met.

The periodic checks and checks for new developments carried out during 2025 yielded positive results, confirming the suitability of all corporate officers.

4.4 OPERATION OF THE BOARD OF DIRECTORS

Pursuant to Article 27 of the Articles of Association, the Board of Directors is convened at least every two months and, in any event, whenever the Chair deems it necessary. The Board also meets when a reasoned request is made by at least one third of the directors.

The rules and procedures governing the functioning of the Board of Directors are set out in the Rules of Procedure of the Board of Directors, which were approved by the Board at its meeting held on 19 September 2025.

The Board of Directors is convened by the Chair, by means of a notice setting out the agenda, which must be sent to the directors and the statutory auditors at least five days before the date set for the meeting, except in cases of urgency, in which case the aforementioned time limit and procedures may be waived.

Banca Popolare di Sondrio FONDAZIONE PER LA SCUOLA E L'ETTURO

CERTIFIED

Sanita a.s. - Sondrio

FONDAZIONE PER LA SCUOLA E L'ETTURO

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structura

Financial year 2025

The Board of Statutory Auditors may convene the Board of Directors, or one or more of the standing members of the Board of Directors may individually convene it, upon written notice to the Chair of the Board of Directors.

Meetings are chaired by the Chair of the Board of Directors, who coordinates the proceedings and ensures that all directors and statutory auditors receive adequate information on the items on the agenda, usually, five days prior to each meeting, so that informed and considered decisions can be taken. This is carried out in accordance with the provisions of the Board of Directors' Operating Rules and with the adoption of appropriate measures to ensure the confidentiality of the documentation.

For the year 2025, the pre-meeting information provided to all directors and statutory auditors was sent within the stipulated timeframe. There were no deviations from these deadlines, except in exceptional and duly justified cases, attributable to reasons of urgency and/or to organisational or operational requirements of the proposing departments, agreed with senior management, which made it necessary to postpone the provision of the documentation.

For meetings of the Board of Directors to be valid, an absolute majority of its members must be present. Resolutions are passed by open vote and adopted by an absolute majority of those present; in the event of a tie, the Chair casts the deciding vote.

Minutes of the Board's meetings and resolutions are drawn up and recorded in the relevant register, and must be signed by the Chair and the Secretary. Certified true extracts of these minutes serve as evidence of the meetings held and the resolutions passed.

Pursuant to Article 26 of the Articles of Association, the Board of Directors shall appoint a secretary from among its members or select a senior staff member or another qualified person for this role. Currently, the role of Secretary to the Board is performed by the Head of the Secretariat and General Affairs Service, Paolo Rovedatti.

During the 2025 financial year, 30 meetings were held, each lasting an average of approximately 4 hours and 40 minutes, and the Board members ensured a high level of attendance.

At the beginning of each year, the Board draws up a general schedule of its activities.

For the current financial year, which, as far as the Bank is concerned, will end with the merger by incorporation into BPER Banca spa on 20 April, 5 meetings are scheduled; as at the date of approval of this Report, 4 meetings have been held.

4.5 ROLE OF THE CHAIR OF THE BOARD OF DIRECTORS

The Chair is appointed by the Board of Directors from among its members.

Pursuant to Article 36 of the Articles of Association, the Chair oversees the work of

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

Gruppo BPER Banca

CERTIFIED

the Board, organises and directs its activities, and performs all the duties required by the applicable regulatory provisions, ensuring the effectiveness of Board discussions and taking steps to ensure that the resolutions adopted by the Board are the result of proper debate and the informed and considered input of all its members.

In accordance with the provisions of internal regulations, the Chair:

promotes the effective functioning of the corporate governance system, ensuring, to this end, the effective and balanced operation and distribution of powers, as well as the efficient and continuous coordination between the strategic guidance and oversight functions and the management functions;
acts as the point of contact for the control body and the committees within the Board of Directors, as well as for the heads of the corporate control functions;
coordinates the Board's activities, convenes Board meetings in accordance with the Articles of Association, and, in collaboration with the Managing Director, sets the agenda, ensuring that Board members are provided with timely and adequate information;
chairs Board meetings, directs and moderates discussions, ensures the effectiveness of Board deliberations, and takes steps to ensure that the resolutions adopted by the Board are the result of appropriate dialogue and the informed, knowledgeable and reasoned input of all its members;
promotes the holding of regular meetings between the Directors, including outside Board meetings, aimed at in-depth analysis and mutual discussion of issues of strategic importance, taking into account the applicable regulations and supervisory guidelines;
ensures that the Bank has in place a procedure for the internal management and external disclosure of documents and information concerning the Bank, with particular reference to insider information, and a policy for managing dialogue with shareholders as a whole and with other stakeholders deemed relevant to the Bank, also taking into account the engagement policies adopted by institutional investors and active managers;
acts as a liaison between the Executive Directors and the Non-Executive Directors;
where deemed appropriate in the interests of the smooth conduct of business, with the assistance of the Secretary and in agreement with the Managing Director, ensures that employees of the Bank and Group companies who head the relevant corporate functions, depending on the subject matter, attend Board meetings, including at the request of individual Directors, to provide appropriate insights on the items on the agenda;
with the assistance of the Secretary, ensures that, following their appointment and throughout their term of office, all members of the administrative and control bodies

Banca Popolare di Sondrio FONDAZIONE DEI STRUTI

Report on Corporate Governance and Ownership

Structurae

Relatori sordor

General Affairs

Financial year 2025

are able to participate in initiatives aimed at providing them with an adequate understanding of the business sectors in which the Bank operates, of the Bank's dynamics and their development, including with a view to the Bank's sustainable success, also in coordination with the Parent Company;

with the assistance of the Secretary, ensures the adequacy and transparency of the Board of Directors' self-assessment process, with the support of the Appointments and Corporate Governance Committee;
proposes to the Board of Directors the appointment and dismissal of the Secretary.

Pursuant to Article 26, paragraphs 2 and 3, of the Articles of Association, in the event of the Chair's absence or incapacity, the Chair shall be replaced by the Deputy Chair(s); in the event of the absence or incapacity of the Deputy Chair(s) as well, the Chair shall be replaced by the Director referred to in Article 26, paragraph 3, of the Articles of Association.

As at the end of the 2025 financial year and as at the date of approval of this Report, the office of Chair is held by Mr Andrea Casini, an independent director, appointed by the Board of Directors at its meeting held on 15 September 2025.

4.6 SECRETARY OF THE BOARD OF DIRECTORS

Pursuant to Article 26, paragraph 4, of the Articles of Association, the Board of Directors shall appoint a Secretary from among its members or appoint to this role a senior staff member or another qualified person who has significant experience in the work of the company's governing bodies in general and, preferably, in-depth knowledge of the Bank and the functioning of its key processes.

As at the end of the 2025 financial year and as at the date of approval of this Report, the Secretary of the Board of Directors is Mr Paolo Rovedatti, Head of the Secretariat and General Affairs Service.

4.7 MANAGING DIRECTORS

Pursuant to Articles 32(3)(b) and 33(1) of the Articles of Association, the Board of Directors is responsible for appointing the Managing Director and setting the limits of the Managing Director's powers.

Pursuant to Article 37 of the Article of Association, the Managing Director is the head of the executive team and, within the scope of the powers delegated to him/her by the Board of Directors, oversees the management of the company in accordance with the general planning and strategic guidelines determined by the Board. The Managing Director also oversees the implementation of Board resolutions and is responsible for managing and coordinating the activities of the staff.

The Managing Director works in close collaboration with the Executive Committee,

emarket

and storage

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare

di Sondrio

CERTIFIED

Gruppo BPER Banca

if appointed, and maintains the necessary and appropriate relations with the Chair of the Board of Directors.

At the end of the 2025 financial year and at the date of approval of this Report, the position of Managing Director is held by Mr Ennio Sonnino, an executive director appointed by the Board of Directors at its meeting held on 15 September 2025.

The principal responsibilities assigned to him are as follows:

to oversee the preparation of the Bank's interim financial reporting and annual financial statements;
to exercise the powers relating to credit disbursement within the limits set out in the relevant internal regulations;
to make decisions on expenditure/purchases and on real estate matters, within predefined monetary thresholds;
to resolve on the initiation of legal and administrative actions and applications at all levels of jurisdiction;
to oversee the development of the Bank's organisational structure;
in agreement with the Chair, to manage corporate communications to the market and relations with the financial community.

4.8 EXECUTIVE COMMITTEE

Pursuant to Article 33 of the Articles of Association, the Board of Directors may delegate its powers to an Executive Committee, specifying the Committee's remit.

This collective body was one of the Bank's delegated bodies until 15 September 2025. As at that date, it was composed of the following members: Lino Enrico Stoppani, Mario Alberto Pedranzini and Loretta Credaro. From 1 January 2025 to 15 September 2025, the Committee met 32 times, with an average duration of about 1.30 hours.

At its meeting held on the aforementioned date, following the Ordinary Shareholders' Meeting, which, among other things, renewed the entire Board of Directors, the Board of Directors resolved not to establish an Executive Committee.

With regard to the operating rules and the powers assigned to the Executive Committee up to 15 September 2025, please refer to the Report on Corporate Governance and Ownership Structure for the 2024 financial year.

Report to the Board by managing directors / delegated bodies

Pursuant to Article 37 of the Articles of Association, the Managing Director maintains the necessary and appropriate relations with the Chair of the Board of Directors.

4.9 OTHER EXECUTIVE DIRECTORS

With the exception of the Managing Director, the members listed in this document

Banca Popolare di Sondrio FONDAZIONE DELه

CERTIFIED

Sanità Custodiale di Sondrio

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structura

Financial year 2025

as executive directors are executive directors pursuant to Bank of Italy Circular No. 285/2013, as they hold managerial positions in companies within the BPER Banca Group, although they do not hold powers of attorney or perform managerial functions within the Bank.

4.10 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR

Although the activities of all the directors of Banca Popolare di Sondrio are characterised by independence of judgement, only those directors who meet the independence requirements set out in Articles 147-ter(4) and 148(3) of the Consolidated Law on Finance, Article 13 of the MEF Decree and the Corporate Governance Code, to which the Bank adheres, are considered independent directors.

As at 31 December 2025, the Board of Directors is composed of 8 members out of a total of 15 who meet the independence criteria as represented above.

The independent directors met, in the absence of the other directors, six times during 2025. These meetings were held on 14 February, 4 March, 19 March, 3 April, 7 April and 28 April 2025.

Ms Silvia Stefini held the position of Lead Independent Director from 1 January to 15 September 2025. Following the complete renewal of the Board, as resolved by the Ordinary Shareholders' Meeting on 15 September 2025, and also in view of the new shareholder structure and the planned forthcoming merger by incorporation of the Bank into BPER Banca S.p.A., it was decided not to appoint a Lead Independent Director.

4.11 DIRECTORS' REMUNERATION

Pursuant to Article 2389(1) of the Italian Civil Code and Article 30 of the Articles of Association, the remuneration of the Board of Directors is set annually by the Shareholders' Meeting, which determines it in a fixed amount, including an item relating to participation in Board Committees, in implementation of the Group's Remuneration Policies.

The Meeting also determines the amount of the attendance fees and, possibly as a lump sum, the reimbursement of expenses for attending meetings and the fees for participation in committees.

In 2025, the remuneration of the members of the Board of Directors was approved at the Shareholders' Meeting held on 30 April 2025 and subsequently amended at the Shareholders' Meeting held on 15 September 2025, which fully renewed the Board of Directors following Banca Popolare di Sondrio's entry into the BPER Banca Banking Group.

Forms of incentive pay based on financial instruments or linked to the company's performance are not foreseen for directors.

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

CERTIFIED

Pursuant to the aforementioned regulations, it is the responsibility of the Board of Directors, acting on a proposal from the Remuneration Committee and after consulting the Board of Statutory Auditors, to determine the remuneration of directors who hold particular offices laid down in the Articles of Association. These offices are: Chair, Deputy Chair, Managing Director and Senior Board Member.

In determining this remuneration, the Board of Directors takes into account: the importance of the office and the associated level of responsibility; the professional qualities required; the actual commitment involved, including in terms of time and effort; the Bank's financial and economic situation, including future projections; and the market level of remuneration for comparable offices in companies of a similar size and nature.

In any case, when determining remuneration, the criterion of its current and future sustainability is always taken into account.

The Annual Report on the Remuneration Policy for 2025 and on the Remuneration Paid in 2024, prepared pursuant to Article 123-ter of the Consolidated Finance Act and published on the Bank's corporate website at the link https://istituzionale.popso.it/en/investor-relations/shareholders-meeting, as part of the documents for the Ordinary Shareholders' Meeting held on 30 April 2025, sets out the Bank's policy on the remuneration of members of the governing bodies, the General Manager and managers with strategic responsibilities, as well as the procedures used to adopt and implement this policy.

4.12 DIRECTORS' SELF-ASSESSMENT AND SUCCESSION

DIRECTORS' SELF-ASSESSMENT

On 11 March 2025, the Board of Directors approved the results of the Board's self-assessment for the 2024 financial year. With regard to the results of this analysis, please refer to the document 'Report on Corporate Governance and Ownership Structure' for the 2024 financial year.

Following the Board of Directors' approval, on 5 November 2025, of the plan for the merger by incorporation of Banca Popolare di Sondrio S.p.A. into the parent company BPER Banca S.p.A., which is to be submitted for approval at the Shareholders' Meeting convened for 12 March 2026, BPS did not carry out a self-assessment for the 2025 financial year, given the Bank's planned dissolution as a result of the aforementioned merger on 20 April 2026.

Directors' succession

The Bank has adopted a policy document governing the Succession Plans for the Bank's senior management (Chair of the Board of Directors, Managing Director and General Manager) and for the Bank's Top Management, in compliance with the legislation, including supervisory regulations, in force from time to time, the Corporate Governance

Banca Popolare di Sondrio FONDAZIONE DELه

Report on Corporate Governance and Ownership

Structure

Financial year 2025

e e

Code and the provisions of the Articles of Association.

Indeed, the existence of structured procedures to ensure the orderly succession of the Bank's senior executives and top management serves to guarantee continuity and certainty in the management of the company, to avoid negative economic and reputational repercussions, and to ensure the selection of the best possible candidates for succession, both in the event of planned successions and in the event of replacements due to sudden and unexpected events. The Succession Plans described in the aforementioned document therefore aim to safeguard the Bank's stability, ensuring the orderly continuity of the business and avoiding potential economic and reputational repercussions.

CERTIFIED

4.13 PROFESSIONAL PROFILES OF THE DIRECTORS

ANDREA CASINI

PRESIDENTE DEL CONSIGLIO DI AMMINISTRAZIONE - INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 15 settembre 2025

INCARICHI E POSIZIONI ATTUALI

2026-oggi Presidente • Alba Leasing spa
2025-oggi Presidente • Banca Popolare di Sondrio spa
2025-oggi Presidente • Finitalia spa
2023-oggi Consigliere di amministrazione • Gesco spa
2022-oggi Senior Advisor Strategico e Finanziario

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2023-2026 Amministratore unico • Sal srl
2016-2022 Co-CEO • Unicredit spa
2005-2016 Vicepresidente e Direttore generale • Unicredit Bulbank - Bulgaria
2005 Deputy CEO • Zivnostenska Banka - Repubblica Ceca
2002-2004 Deputy CEO • Unibanka - Slovacchia
2001 Responsabile Divisione Corporate New Europe • Divisione Banche Nuova Europa - UniCredit
1999-2001 Responsabile dell'Unità Sviluppo Imprese Banche Federate • Unicredito Italiano
1980-1998 Direttore e Vicedirettore di filiale • Credito Italiano

ISTRUZIONE

1980 Diploma di ragioniere e perito commerciale • Istituto Tecnico Commerciale Enrico Fermi di Empoli

CERTIFIED

GIUSEPPE RECCHI

VICEPRESIDENTE DEL CONSIGLIO DI AMMINISTRAZIONE - INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 27 aprile 2024

Comitati consiliari:

Presidente del Comitato Nomine e corporate governance

Membro del Comitato Operazioni con parti correlate e soggetti collegati

INCARICHI E POSIZIONI ATTUALI

2025-oggi Senior Advisor • Gruppo Acciona SA
2025-oggi Vicepresidente (e Consigliere di amministrazione dal 2024) • Banca Popolare di Sondrio spa
2023-oggi Presidente • Stretto di Messina spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2018-2022 Chief Executive Officer • Affidea Group BV
2014-2022 Consigliere di amministrazione • UnipolSai Assicurazioni spa
2017-2018 Consigliere di amministrazione • Infrastrutture Wireless Italiane spa
2016-2018 Consigliere di amministrazione • Esaote spa
2016-2018 Consigliere di amministrazione • Istituto Europeo di Oncologia srl
2016-2017 Presidente • Telecom Italia Ventures srl
2016-2017 Consigliere di amministrazione • Sparkle spa
2014-2017 Presidente esecutivo (e Vicepresidente dal 2017 al 2018) • Telecom Italia spa
2014-2017 Presidente • Fondazione TIM
2008-2015 Consigliere di amministrazione • Exor spa (già Ifis spa)
2011-2016 Membro del Comitato esecutivo • Assonime
2014-2017 Consigliere di amministrazione • Italian Institute of Technology (IIT)
2012-2014 Vicepresidente • B-20 Task Force per l'Anticorruzione
2011-2014 Vicepresidente (e Presidente del Comitato FDI) • Confindustria
2011-2014 Membro del Comitato esecutivo • Aspen Institute (Italia)
2011-2014 Comitato consultivo E.I. • Massachusetts Institute of Technology
2011-2014 Consigliere di amministrazione • Comitato d'Onore per la candidatura di Roma alle olimpiadi 2020
2011-2014 Presidente • Eni spa
2011-2014 Consigliere di amministrazione • Fondazione Eni Enrico Mattei (FEEM)
2008-2014 Consigliere di amministrazione (e Vicepresidente dal 2009 al 2012) • Interbanca spa
2006-2014 Membro dell'European Advisory Board • Blackstone
2007-2009 Consigliere di amministrazione • GE Capital Financial Services Italy
2007-2008 Consigliere di amministrazione • Aegean Baltic Bank
2004-2007 Consigliere di amministrazione • American Chamber of Commerce (Italia)

CERTIFIED
^{}[]

2002-2004 Consigliere di amministrazione • Permasteelisa spa
2002-2004 Professore a contratto di Corporate Finance • Università degli Studi di Torino
2001-2004 Amministratore unico • GE Capital SFG Italia srl
2001-2004 Membro dell'Advisory Board • Invest Industrial
1997-1999 Consigliere di amministrazione • S.T.I.P.E. - Studio Tecnico Italiano Progettazioni Estero srl
1996-1999 Consigliere delegato • Recchi spa
1996-1998 Amministratore unico • Recchi Energy spa (già Tileman LTD)

ISTRUZIONE

1990 Laurea in Ingegneria civile • Politecnico di Torino

CERTIFIED

ELVIO SONNINO

nato a Bologna il 30 agosto 1960

CONSIGLIERE DELEGATO

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 15 settembre 2025

INCARICHI E POSIZIONI ATTUALI

2025-oggi Consigliere delegato • Banca Popolare di Sondrio spa
2025-oggi Presidente • BPER Real Estate spa
2024-oggi Consigliere di amministrazione • Associazione Bancaria Italiana (ABI)
2022-oggi Vicepresidente • Banco di Sardegna spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2021-2025 Chief Operating Officer e Vicedirettore generale • BPER Banca spa
2022 Consigliere di amministrazione • Carige spa
2012-2021 Chief Operating Officer e Vicedirettore vicario • Gruppo UBI Banca
2012-2021 Consigliere di amministrazione • UBI Accademy srl
2000-2021 vari incarichi, da ultimo Consigliere delegato • UBI Sistemi e Servizi scpa
2015-2020 Consigliere di amministrazione (e Vicepresidente dal 2018) • IW Private Investments società di intermediazione mobiliare spa
2013-2019 Consigliere di amministrazione • UBI Banca spa
2009-2012 Condirettore generale e successivamente Direttore generale • Banco di Brescia
2007-2009 Vicedirettore generale • Gruppo UBI Banca
2004-2007 Vicedirettore generale • Banca Lombarda
2001-2004 Direttore generale e Consigliere di amministrazione • Lombarda Sistemi e Servizi (oggi UBI Sistemi e Servizi scpa)
2000-2001 Responsabile ICT, Back-office, Real Estate, Acquisti e Organizzazione • Gruppo Banca Lombarda
1997-2000 Responsabile Direzione Organizzazione e Sistemi Informativi • Cassa di Risparmio di Firenze
1996-1997 Responsabile Area Organizzazione e Sistemi Informativi • Banco Ambrosiano Veneto
1985-1995 Senior Manager • Arthur Andersen M.C. (oggi Accenture)

ISTRUZIONE

1984 Laurea in Economia e Commercio • Università degli Studi di Bologna

CERTIFIED

GABRIELE BENI

CONSIGLIERE INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 15 settembre 2025

Comitati consiliari:

Presidente del Comitato Operazioni con parti correlate e soggetti collegati

Membro del Comitato Controllo e rischi

INCARICHI E POSIZIONI ATTUALI

2025-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2023-6/2025 Senior Advisor • PWC TLS Avvocati e Commercialisti

2021-2025 Consigliere di amministrazione e General Counsel • G.P.M. Investimenti spa

2021-2023 Consigliere di amministrazione • Siirtec Nigi spa

2017-2021 Consigliere di amministrazione • Nexi Payments spa

2017-2021 Vicepresidente • Istituto di Servizi per il Mercato Agricolo Alimentare - ISMEA

2015-2021 Presidente • Consorzio Italiano Assicurazioni Agricoltura

2016-2017 Commissario Governativo • Istituto di Servizi per il Mercato Agricolo Alimentare - ISMEA

2008-2017 Consigliere di amministrazione • MPS Capital Services Banca per le Imprese spa

2009-2016 Consigliere di amministrazione • S.I.C.I. Sviluppo Imprese Centro Italia SGR spa

2014-2015 Vicepresidente • Istituto di Servizi per il Mercato Agricolo Alimentare - ISMEA

2010-2013 Consigliere di amministrazione • Monte dei Paschi Belgio Banque

2007-2008 Consigliere di amministrazione • Firenze Fiera spa

2007-2008 Consigliere di amministrazione • Consum.it spa

2001-2004 Vicepresidente vicario • Banca di Credito Cooperativo di Signa

ISTRUZIONE

2009 Doctor of International Commercial Law • Western State University - USA

2008 Master in Business and Finance • Western State University - USA

1987 Laurea in Giurisprudenza • Università degli Studi di Firenze

CERTIFIED

CRISTIANO CINCOTTI

CONSIGLIERE INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 15 settembre 2025

Comitati consiliari:

Membro del Comitato Operazioni con parti correlate e soggetti collegati

Membro del Comitato Controllo e rischi

INCARICHI E POSIZIONI ATTUALI

2025-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2018-oggi Componente del Comitato Etico • Fondazione di Sardegna
2014-oggi Professore associato di Diritto Commerciale, Diritto Societario, Diritto del Mercato e degli Intermediari Finanziari, Diritto Fallimentare • Università degli Studi di Cagliari
2002-oggi Avvocato libero professionista

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2021-2024 Consigliere di amministrazione • BPER Banca spa
2019 Componente dell'Organismo di Vigilanza ex D.Lgs. 231/2001 • Iniziative Sardegna spa (INSAR)
2002-2014 Ricercatore • Università degli Studi di Cagliari
2012-2013 Consigliere di amministrazione • Fondazione Ente Lirico Cagliari

ISTRUZIONE

2024 Abilitazione all'esercizio delle funzioni di professore di prima fascia in Diritto Commerciale
2006 Dottorato di Ricerca in Diritto Commerciale • Università degli Studi di Catania
1999 Laurea in Giurisprudenza • Università degli Studi di Cagliari
1996 Specializzazione in Diritto Comunitario e della Concorrenza • Université de Liège

CERTIFIED

ELENA CONFORTI

CONSIGLIERE ESECUTIVO

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 15 settembre 2025

INCARICHI E POSIZIONI ATTUALI

2025-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2025-oggi Consigliere di amministrazione • Banco di Sardegna spa
2022-oggi Dirigente • BPER Banca spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2021-2022 Consigliere di amministrazione • Italian Chamber of Commerce and Industry for the UK
2020-2022 Dirigente • UniCredit Londra
2018-2021 Consigliere di amministrazione • Cordusio Fiduciaria spa (Gruppo UniCredit)
2005-2019 Dirigente • UniCredit Milano

ISTRUZIONE

2005 Laurea in Lingue e Letterature Straniere (sperimentale) • Università Cattolica del Sacro Cuore

CERTIFIED

ROBERTO GIAY

CONSIGLIERE NON ESECUTIVO - NON INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 27 aprile 2024

Comitati consiliari:

Membro del Comitato Remunerazione

INCARICHI E POSIZIONI ATTUALI

2025-oggi Presidente • Pegaso Finanziaria spa
2025-oggi Vicepresidente • Tenute del Cerro Wines srl
2025-oggi Consigliere di amministrazione • Marina di Loano spa
2024-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2023-oggi Consigliere di amministrazione • Nomisma - Società di Studi Economici spa
2022-oggi Vicepresidente • Tenute del Cerro spa
2022-oggi Vicepresidente • Gruppo Una spa
2016-oggi Presidente • Unipol Finance spa
2003-oggi Group Corporate General Manager • Unipol Assicurazioni spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2023-2025 Consigliere di amministrazione • Fondazione Unipolis
2023-2025 Vicepresidente • Società e Salute spa
2021-2024 Consigliere di amministrazione • BPER Banca spa
2010-2021 Consigliere di amministrazione (e Vicepresidente dal 2011 al 2021) • Arca Vita spa
2010-2021 Consigliere di amministrazione (e Vicepresidente dal 2011 al 2021) • Arca Assicurazioni spa
2013-2019 Vicepresidente • Incontra Assicurazioni spa
2010-13/2016-19 Consigliere di amministrazione (e Presidente dal 2016 al 2018) • Unipol Banca spa
2010-2016 Consigliere di amministrazione • Compagnia Assicuratrice Linear spa
2009-2016 Consigliere di amministrazione • Unisalute spa
2012-2014 Amministratore delegato • Premafin Finanziaria spa

ISTRUZIONE

1993 Laurea in Economia e Commercio • Università degli Studi di Torino

CERTIFIED

STEFANO VITTORIO KUHN

CONSIGLIERE ESECUTIVO

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 15 settembre 2025

INCARICHI E POSIZIONI ATTUALI

2025-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2024-oggi Consigliere di amministrazione • Bancomat spa
2023-oggi Chief Retail and Commercial Banking Officer • BPER Banca spa
2023-oggi Consigliere di amministrazione • UnipolRental
2022-oggi Vicepresidente • BPER Factor spa
2021-oggi Consigliere di amministrazione • Finitalia spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2025 Consigliere di amministrazione • UniSalute spa
2024-2025 Vicepresidente • Bibanca spa
2022-2023 Responsabile Rete Commerciale • BPER Banca spa
2021-2022 Coordinatore Commerciale Territoriale Lombardia • BPER Banca spa
2019-2021 Direttore Macro Area Territoriale Milano ed Emilia-Romagna • UBI Banca
2017-2019 Direttore Macro Area Territoriale Brescia e Nord Est • UBI Banca
2016-2017 Direttore generale • Banco di Brescia
2015-2016 Condirettore generale • Banco di Brescia
2012-2015 Direttore generale • UBI Banca di Valle Camonica
2009-2012 Vicedirettore generale e Direttore Commerciale • Banco di Brescia
2007-2009 Responsabile Direzione Mercato Retail • Banco di Brescia
2005-2007 Responsabile Area Milano • Banco di Brescia
1999-2005 Responsabile Area Brianza • Banco di Brescia

ISTRUZIONE

2019 Master in Leadership e Leadership delle organizzazioni • SDA Bocconi
2018 Coaching in collaborazione con SCOA
1986 Master in Marketing Bancario • CESMA Executive Education

CERTIFIED

MARIA CHIARA MALAGUTI

CONSIGLIERE INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 29 aprile 2023

Comitati consiliari:

Presidente del Comitato Controllo e rischi

Membro del Comitato Remunerazione

INCARICHI E POSIZIONI ATTUALI

2023-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2011-oggi Professore Ordinario di Diritto Internazionale • Facoltà di Economia, Università Cattolica del Sacro Cuore
2019-oggi Avvocato • Studio Legale PedersoliGattai • Of Counsel
2025-oggi Presidente emerito • Unidroit (Istituto Internazionale per l'Unificazione del Diritto Privato)
2003-oggi Consulente Giuridico • Banca Mondiale
2003-oggi Consulente esterno per questioni di natura commerciale • Servizio per il Contenzioso Diplomatico e dei Trattati, Ministero degli Affari Esteri e della Cooperazione Internazionale (MAECI)
2003-oggi Membro • Collegio di Difesa della Repubblica Italiana per Contenziosi in Materia di Diritto degli Investimenti Stranieri (a supporto dell'Avvocatura dello Stato)
2023-oggi Arbitro • Lista degli Arbitri ICSID su nomina italiana
2022-oggi Arbitro ed esperto in Commercio, Sostenibilità e Sviluppo • Roster dell'Unione Europea
2019-oggi Arbitro • Corte Osce
2011-oggi Arbitro • Lista di Possibili Panelists del DSB - OMC
2021-oggi Membro • Comitato esecutivo della International Law Association (ILA) - Sezione Italiana
2020-oggi Membro • Academic Council Institute for Transnational Arbitration (ITA)
2019-oggi Membro • Tribunale Amministrativo Istituto Italo - Latino Americano (IILA)
2018-oggi Membro • Commissione Arbitrato e ADR ICC Italia
2018-oggi Delegato Italiano • ICC Commission on Arbitration e ADR (Internazionale)
2017-oggi Delegato Italiano • Uncitral
2011-oggi Patrocinante in Cassazione
1992-oggi Avvocato iscritta all'Ordine di Bologna
1991-oggi Avvocato iscritta all'Ordine di New York

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2020-2025 Presidente • Unidroit (Istituto Internazionale per l'Unificazione del Diritto Privato)
2017-2020 Membro del Consiglio di amministrazione • Finecobank
2003-2019 Membro • Studio Legale Associato Mazzoni, Regoli Studio Legale (Milano-Roma)
2014-2015 Vicepresidente • Commissione Uncitral
2012-2013 Capo Delegazione • Delegazione Italiana per i Negoziati sui principi e regole Unidroit sul Close-Out Netting

CERTIFIED

2008-2011 Professore Ordinario di Diritto Internazionale • Facoltà di Giurisprudenza, Università del Salento
1997-2011 Professore Jean Monnet di Diritto Commerciale Comunitario • Facoltà di Giurisprudenza, Università del Salento
2006-2009 Capo Delegazione • Delegazione Italiana per i Negoziati sulla convenzione Unidroit su titoli detenuti presso intermediari
2001-2003 Esperto Legale • Banca Centrale Europea, Direzione Generale Sistemi di Pagamento, Divisione Securities Settlement Policy (Francoforte)
1998-2000 Referendaire e Capo di Gabinetto • Tribunale di Prima Istanza delle Comunità Europee (Lussemburgo)
1997-1999 Consulente • Comitato Legale sull'euro, Ministero del Tesoro
1993-1994 Membro • Centre for European Policy Studies (CEPS) Working Party on Cross-Border Payments and Clearing in Europe (Bruxelles)
1990-1991 Uditore • Commissione Europea, DG XV (Bruxelles)
1990-1990 Uditore • The Hague Academy of International Law

ISTRUZIONE

1987 Laurea in Giurisprudenza • Università di Bologna
1989 Master of Law (LLM) • Harvard Law School, Cambridge
1993 PHD With Distinction • Istituto Universitario Europeo (IUE), Firenze
2008 Laurea in Economia • Università di Bologna

CERTIFIED

SIMONE MARCUCCI

CONSIGLIERE ESECUTIVO

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 15 settembre 2025

INCARICHI E POSIZIONI ATTUALI

2025-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2025-oggi Consigliere di amministrazione • Fondo Interbancario di Tutela dei Depositi
2024-oggi Chief Financial Officer • BPER Banca spa
2024-oggi Consigliere • Associazione Bancaria Italiana
2024-oggi Consigliere di amministrazione • Banco di Sardegna spa
2024-oggi Consigliere di amministrazione • Arca Holding spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2024-2025 Presidente del Consiglio di amministrazione • Gardant Bridge Servicing spa
2023-2024 Chief Executive Officer • Unicredit International Bank (Luxemburg) SA
2017-2024 Presidente del Consiglio di sorveglianza • Zagrebacka Bank Croatia
2001-2024 Manager • Unicredit Group
2022-2023 Membro del Consiglio di sorveglianza • Unicredit International Bank Luxemburg SA
2021-2022 Chief Financial Officer • Unicredit Italy Division
2015-2021 Chief Financial Officer • Unicredit Bank AG
2016-2020 Membro dell'Advisory Board • Unicredit Turnaround Management CEE GMBH
2017-2019 Presidente del Consiglio di sorveglianza • Unicredit Bank Czech and Slovak
2016-2019 Chief Financial Officer • Unicredit CIB Division & CEE Division
2011-2015 Vicepresidente del Consiglio di sorveglianza • Unicredit Hungary
2011-2015 Membro del Consiglio di sorveglianza • Unicredit Serbia
2011-2015 Membro del Consiglio di sorveglianza • Unicredit Bulgaria
2011-2015 Membro del Consiglio di sorveglianza • RN Bank
2011-2013 Membro del Consiglio di sorveglianza • Unicredit Slovakia
1994-2001 Controller and Analyst • Bancalntesa

ISTRUZIONE

2000 MBA Master in Business Administration • SDA Bocconi
1993 Laurea in Information Science • Università degli Studi di Milano

CERTIFIED

ANNAMARIA MASSIMETTI

CONSIGLIERE NON ESECUTIVO - NON INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 15 settembre 2025

INCARICHI E POSIZIONI ATTUALI

2025-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2025-oggi Componente Giunta Esecutiva • Associazione Agenti UnipolSai Associati AUA
2007-oggi Responsabile Agenzia Generale Olbia • UnipolSai Assicurazioni spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2022-2025 Consigliere di amministrazione • Banco di Sardegna spa
2021-2025 Delegato Regionale Sardegna • Associazione Agenti UnipolSai Associati AUA
2019-2025 Componente Consiglio Nazionale • Associazione Agenti UnipolSai Associati AUA
2004-2007 District Manager Area Sardegna - Lazio • Ina Assitalia - Gruppo Generali - Direzione generale Roma
1998-2004 Human Resources Manager • Ina Assitalia - Agenzia Generale Olbia

ISTRUZIONE

2001 Abilitazione allo svolgimento dell'attività di promotore finanziario
1995 Laurea in Giurisprudenza • Università degli Studi di Sassari

CERTIFIED

PIERLUIGI MOLLA

CONSIGLIERE NON ESECUTIVO - NON INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 9 novembre 2021

Comitati consiliari:

Membro del Comitato Controllo e rischi

INCARICHI E POSIZIONI ATTUALI

2025-oggi Presidente • Banca della Nuova Terra spa
2025-oggi Consigliere di amministrazione • Piovan spa
2025-oggi Consigliere di amministrazione • Lifting Control Holding spa
2025-oggi Consigliere di amministrazione • Tach Systems spa
2024-oggi Vicepresidente • Fondazione Ave Verum
2021-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2021-oggi Partner • Mainini & Associati
2014-oggi Revisore • Fondazione Collegio della Guastalla ETS
2013-oggi Revisore Legale
1982-oggi Dottore Commercialista Iscritto all'Ordine di Milano

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2025 Presidente • Banca Popolare di Sondrio spa
2024-2025 Membro del Consiglio • Fassi Holding srl
2015-2025 Membro del Consiglio • Vector Wealth Management SA
2001-2007 Partner e Responsabile del Dipartimento Grants and Incentives • Ernst & Young Financial Business Advisors spa (EYFBA)
2007-2009 Senior Advisor • Ernst & Young Financial Business Advisors spa (EYFBA)
2009-2010 Senior Advisor • Reconta Ernst & Young spa (oggi Ey spa)
2011-2021 Membro del Consiglio • Epyon Consulting srl
1986-2021 Membro del Consiglio • Analysis spa
2004 Membro del Consiglio • Italmatch Chemicals spa
1986-2001 Amministratore Delegato • Iniziativa spa
2010-2014 Membro del Consiglio Direttivo • Associazione Alumni dell'Università L. Bocconi
2014-2018 Sindaco Effettivo • Associazione Alumni dell'Università L. Bocconi
2013-2017 Membro del Consiglio • Fondazione degli Ospedali di Abbiategrasso, Cuggiono, Legnano e Magenta
2004-2010 Membro del Consiglio Direttivo • Unione Cattolica Imprenditori e Dirigenti di Milano (UCID)

Socio Fondatore • Iniziativa spa
Socio Fondatore • Analysis spa
Socio Fondatore • Epyon Consulting srl

ISTRUZIONE

1981 Laurea in Economia Aziendale • Università L. Bocconi di Milano

CERTIFIED

SÉVERINE MÉLISSA HARMINE NEERVOORT

CONSIGLIERE INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 27 aprile 2024

Comitati consiliari:

Presidente del Comitato Sostenibilità

Membro del Comitato Nomine e corporate governance

INCARICHI E POSIZIONI ATTUALI

2024-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2023-oggi Global Policy Director • International Corporate Governance Network (ICGN)

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2023-2024 Partecipante permanente del Comitato Investimenti • Fondazione Compagnia di San Paolo
2017-2023 Lead ESG Policy Advisor • Norges Bank Investment Management (NBIM)
2015-2016 Assistant Vice-president Affari governativi e normativi globali • Deutsche Bank
2011-2014 Account Director • MHP Communications
2010-2011 Analista dipartimento advisory • PWC
2008-2008 Assistente di ricerca, politica energetica • French Institute for International Relations (IFRI)

ISTRUZIONE

2010 MSC in Government and Politics in the European Union • London School of Economics and Political Science (LSE)
2009 MSC in European Affairs • Institut d'Etudes Politiques (Sciences Po Paris)
2007 BA in International Relations • Université Libre de Bruxelles (ULB)

CERTIFIED

ALESSANDRA RUZZU

CONSIGLIERE INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 15 settembre 2025

INCARICHI E POSIZIONI ATTUALI

2025-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2021-oggi Chief External Relations & Communication Officer • Tinexta spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2022-2025 Membro del Comitato di Indirizzo • Fondazione di Sardegna
2015-2024 Consigliere di amministrazione • Cassa Depositi e Prestiti spa
2009-2021 Global Head of Communications & Sustainability and Institutional Affairs • Falck Renewables spa
2014-2015 Consigliere di amministrazione • Banco di Sardegna spa
2007-2008 Advisor del Presidente della Delegazione Parlamentare Italiana presso NATO • Senato della Repubblica
2000-2006 Manager Relazioni Istituzionali • APCO Worldwide

ISTRUZIONE

1999 Master in Business Administration Lobby e Rapporti Istituzionali • LUISS Management spa
1997 Laurea in Scienze Economiche e Bancarie • Università degli Studi di Siena

CERTIFIED

SILVIA STEFINI

CONSIGLIERE INDIPENDENTE

dal 15 settembre 2025

Data di 1° nomina nel Consiglio di amministrazione: 29 aprile 2023

Comitati consiliari:

Presidente del Comitato Remunerazione

Membro del Comitato Sostenibilità

INCARICHI E POSIZIONI ATTUALI

2023-oggi Consigliere di amministrazione • Leonardo spa
2023-oggi Consigliere di amministrazione • Banca Popolare di Sondrio spa
2022-oggi Responsabile Risk Management, Compliance e Antiriciclaggio • Equiter SGR spa
2020-oggi Presidente • Chapter Zero Italy - The Nedcommunity Climate Forum

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2020-2024 Consigliere di amministrazione • Renantis spa (già Falck Renewables spa)
2021-2022 Consigliere di amministrazione • Equor Capital Partners Sgr spa
2019-2022 Consigliere di amministrazione • Italgas spa
2016-2017 Dirigente Responsabile Gas Product Line Leader Europa+, Zurigo (Svizzera) • Ge Power Services
2013-2015 Dirigente Responsabile Commercial Operations Leader Europa+, Milano (Italia) • Ge Power Services
2004-2012 Dirigente Responsabile Emea Enterprise Risk Management Milano (Italia) e Atlanta (US) • Ge Power Services
2001-2004 Dirigente Responsabile di Sales Financing • Ge Oil & Gas di Firenze
1999-2003 Consigliere di amministrazione • Ge Capital Services srl
1997-2000 Business Development e Mergers & Acquisitions • Ge Capital Europe LTD di Londra (Regno Unito)
1992-1997 Dirigente, Management Consultant e Corporate Finance • Mckinsey & Co (Italia, US, Olanda)
1991-1991 Analista • Oxera Consulting LLP di Oxford (Regno Unito)
1989-1990 Analista Mercati Finanziari • Standard & Poor's/Dri McGraw-Hill di Milano

ISTRUZIONE

2022 Diploma di Governance • International Directors Program INSEAD di Fontainebleau (Francia)
1991 MBA Finance • City University Business School di Londra
1988 Laurea in Economia Politica, indirizzo Economia Monetaria e Finanziaria • Università L. Bocconi di Milano

Banca Popolare di Sondrio FONDAZIONE DEI STRUTTURA

Report on Corporate Governance and Owners

Structure

Financial year 2025

5. COMMITTEES WITHIN THE BOARD

The Board of Directors has established five non-executive Board Committees, each with a different area of responsibility and vested with advisory, investigative and proposal-making powers: the Remuneration Committee, the Control and Risk Committee, the Appointments and Corporate Governance Committee, the Sustainability Committee, and the Committee for Related-Party Transaction, as described in Section 9.1 below.

It is our belief that the current organisational structure of the Board of Directors fully meets the need to ensure that the Bank is governed efficiently and effectively, in accordance with the principles of cost-effectiveness and operational streamlining.

The Committees are appointed annually by the Board of Directors, normally at the first meeting following the reappointment of the Board pursuant to Article 22 of the Articles of Association, and in any case remain in office until a new appointment resolution is passed.

The composition, meetings, resolutions and powers of each of these Committees are governed by specific Operating Rules approved by the Board of Directors.

These Rules stipulate that the Chair of the Committee, assisted by the Committee Secretary and the relevant corporate functions, must verify that the documentation to be provided in support of the Committees' activities is adequate, in both qualitative and quantitative terms, in relation to the matters to be discussed at each meeting. To this end, the Chair of the Committee ensures that the documentation provides appropriate evidence, for each item on the agenda, of the most significant and relevant factors for the performance of the Committees' duties and the adoption of resolutions within their remit.

With regard to the deadlines for sending the information to support the discussion of the items on the agenda, the Committees' Operating Rules - in line with the provisions for the Board of Directors - stipulate that, as a general rule, the documentation must be made available five days prior to each meeting.

If the documentation made available by the aforementioned deadline is not comprehensive, any subsequent additions shall be provided, subject to the Chair's authorisation, no later than the day of the meeting. Furthermore, if it is not possible to provide the necessary information/documentation in a comprehensive manner within the required timeframe, the Chair shall ensure that appropriate and timely in-depth analyses are carried out during the meeting. This is without prejudice to the Committee's right to request the submission of additional documentation during the meeting.

With regard to the methods for submitting the aforementioned information documents, the Committees' Operating Rules stipulate that they shall be made available by filing them with the relevant corporate organisational unit, as well as via the dedicated secure platform used for managing meetings of the Bank's governing bodies, which is

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINDACO IND. S.P.C.

Gruppo BPER Banca

designed to protect the confidentiality of the data and information provided.

With regard to the minutes of meetings, the Operating Rules stipulate that they are to be drawn up by the Committee Secretary in consultation with the Chair, while the approval of the minutes is entrusted to the Committee itself, as a rule at the next available meeting.

5.1 REMUNERATION COMMITTEE

The Remuneration Committee is composed of 3 non-executive directors, at least 2 of whom are independent. The members of the Committee must, individually and collectively, possess adequate knowledge, skills and expertise regarding remuneration policies and practices and risk management and control activities, in particular with regard to the mechanism for aligning the remuneration structure with risk, capital and liquidity profiles. At least one member of the Committee must also possess adequate knowledge and experience in financial matters, to be assessed by the Board of Directors at the time of appointment.

At its meeting of 12 May 2025, the Board of Directors renewed the composition of the Committee, which was made up as follows:

Silvia Stefini, appointed as Chair of the Committee at its meeting on 23 May 2025;
Ermetes Maria Letizia;
Giay Roberto;
Malaguti Maria Chiara;
Venosta Francesco.

Following Banca Popolare di Sondrio's entry into the BPER Banca Group and the Shareholders' Meeting of 15 September 2025, which renewed the Board of Directors in its entirety, the Board, at its meeting of 19 September 2025, renewed the composition of the Remuneration Committee, which, as at 31 December 2025 and as at the date of approval of this Report, is composed as follows:

Chair
Stefini Silvia

Member
Giay Roberto

Member
Malaguti Maria Chiara

Banca Popolare di Sondrio PONORA UNI EN

Gruppo BPER Banca

CERTIFIED

Saniter

Financial year 2025

The Chair of the Committee is appointed by the Board of Directors from among the independent members of the Committee. If the Chair is absent or unable to act, they shall be replaced in all their duties by the most senior Committee member in office and, in the event of equal seniority, by the oldest member in order of age, provided that they meet the independence requirements.

As at 31 December 2025 and as at the date of approval of this Report, the role of Chair of the Remuneration Committee is held by Silvia Stefini.

The Chair:

a) coordinates the Committee's activities, convenes its meetings and, assisted by the Secretary, sets the agenda, ensuring that Committee members are provided with timely and adequate information;

b) chairs the Committee's meetings, directs and moderates the discussion, ensures the effectiveness of the debate, and endeavours to ensure that the conclusions reached by the Committee are the result of proper dialogue and the informed and reasoned input of all its members.

The Chair of the Committee maintains close relations with the Chair of the Board of Directors in order to coordinate the Committee's activities with those of the Board. In addition, the Chair informs the Board of Directors of the activities carried out at the next available meeting.

Pursuant to the current Operating Rules of the Remuneration Committee, adopted following Banca Popolare di Sondrio's entry into the BPER Group, the Committee performs advisory, investigative and proposal-making functions in support of the activities of the Board of Directors and, to the extent of its remit, of the Executive Committee (where established) - without prejudice to the decision-making autonomy and responsibilities of these bodies in adopting resolutions falling within their respective remits - and in line with the Parent Company's management and coordination role, and taking into account the provisions of the Group's policies and regulations.

With regard to the Bank, without prejudice to any additional powers conferred on it by applicable legislation, including secondary and self-regulatory legislation, the Committee is specifically responsible for the following tasks:

a) submitting a proposal to the Board of Directors regarding the remuneration to be paid to the Board of Directors and the Board of Statutory Auditors, to be submitted for approval by the Shareholders' Meeting, in accordance with the Group's Remuneration Policies;

b) submitting a proposal to the Board of Directors regarding the remuneration to be paid to Directors holding specific offices, taking into account the provisions of the remuneration policy, including with regard to the variable component, in accordance with the Group's remuneration policies;

c) submitting a proposal to the Board of Directors concerning the remuneration to be

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINCE 1918

Gruppo BPER Banca

paid to the members of the General Management, as identified in accordance with the Articles of Association, to the heads of the main business lines and corporate functions, and to those who report directly to the strategic supervision, management and control bodies, in accordance with the Group's remuneration policies;

d) submitting a proposal to the Board of Directors regarding the remuneration to be paid to the heads and most senior staff of the corporate control functions, as well as to the Manager responsible for preparing the company's accounting documents, in accordance with the Group's remuneration policies;

e) providing the Board of Directors with an opinion on the remuneration to be paid to 'key personnel', as identified in accordance with the relevant provisions in force and on the basis of current legislation, including Group legislation, where the determination of the relevant remuneration falls within the Board of Directors' remit and has not been delegated by the Board to other senior bodies of the Bank;

f) providing the Board of Directors with an opinion, also drawing on information received from the relevant corporate functions of the Bank and/or the Parent Company, on the outcome of the process for identifying 'key personnel', including any exclusions pursuant to the regulations in force at the time;

g) providing an opinion to the Board of Directors for the purpose of approving any documents implementing the compensation and incentive systems that are submitted to the Board of Directors for approval;

h) supporting the Board of Directors, to the extent of its competence, in reviewing and approving the Remuneration Policies prepared by the Parent Company, to be submitted for subsequent resolution by the Shareholders' Meeting;

i) providing an opinion, also drawing on information received from the relevant corporate functions, on the adequacy, overall consistency and effective application of the remuneration and incentive policies approved by the Shareholders' Meeting;

j) directly monitoring, in close cooperation with the Board of Statutory Auditors, the compliance of the remuneration policy for the heads of corporate control functions with the applicable regulatory provisions, as well as the correct application of said policy;

k) overseeing the preparation of documentation on remuneration policies and practices to be submitted to the Board of Directors for the relevant decisions;

l) ensuring the involvement of the relevant corporate functions in the process of developing and monitoring remuneration and incentive policies and practices;

m) verifying that the remuneration system set out in the BPER Group's remuneration and incentive policies takes sustainability issues into account, including those relating to the gender pay gap.

With reference to the banking subsidiaries and the other subsidiaries belonging to

Banca Popolare di Sondrio BANKING GROUP
Gruppo BPER Banca

emarket
with storage
CERTIFIED

Financial year 2025

the former Banca Popolare di Sondrio Banking Group in relation to which the appointment of Representatives is reserved for the responsibility of the Board of Directors, and in the event that a member of the Board of Directors or the General Manager (if appointed) of Banca Popolare di Sondrio is a candidate for a position in a Subsidiary of Banca Popolare di Sondrio, without prejudice to the management and coordination role of the Parent Company, the Committee, also taking into account any guidance from the Parent Company, shall express its opinion to the Board of Directors regarding:

a) the remuneration to be paid to the members of the Boards of Directors and the Boards of Statutory Auditors, to the members of the Executive Committee, where such a body is provided for in the respective Articles of Association, and to Directors holding specific offices;
b) the remuneration to be paid to the members of General Management or to similar positions provided for in the respective Articles of Association.

For further information on remuneration, please refer to the Annual Report on Remuneration Paid in 2025, prepared pursuant to Article 123-ter of the Consolidated Finance Act.

Minutes of the Remuneration Committee's meetings are duly taken by the Secretary, in agreement with the Committee Chair, and the minutes are generally submitted to the Committee for approval at its next meeting.

In 2025, the members of the Board of Statutory Auditors generally attended the Committee's meetings.

In carrying out its duties, the Committee makes use of information flows from the Company's bodies and functions. The regulation of the types, methods and content of all information flows intended for the Committee is based on the powers assigned to the Committee under the Articles of Association and under statutory, secondary and self-regulatory provisions.

In 2025, the Remuneration Committee met 10 times, with each meeting lasting an average of about 1 hour and 13 minutes. To date, the Remuneration Committee has met 4 times in 2026.

5.2 CONTROL AND RISK COMMITTEE

The Control and Risk Committee is composed of 3 to 5 non-executive directors, the majority of whom are independent. The members of the Committee must, individually and collectively, possess the appropriate knowledge, skills and expertise to enable them to effectively monitor the Bank's control systems and practices, as well as its risk strategies and guidelines, and at least one member of the Committee must have appropriate experience in accounting and financial matters or risk management, as assessed by the Board of Directors at the time of appointment.

emarket

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

In this regard, at its meeting of 12 May 2025, the Board of Directors renewed the composition of the Committee, which was made up as follows:

Maria Chiara Malaguti, appointed Chair of the Committee at its meeting held on 16 May 2025;
Montaudo Christian;
Providenti Salvatore;
Riva Franco Giuseppe;
Zambelli Rossana.

Following the entry of Banca Popolare di Sondrio into the BPER Banca Group and the Shareholders' Meeting of 15 September 2025, which renewed the Board of Directors in its entirety, at its meeting of 19 September 2025, the Board of Directors renewed the composition of the Control and Risk Committee, which, as at 31 December 2025 and as at the date of approval of this Report, is composed as follows:

Chair
Malaguti Maria Chiara

Member
Beni Gabriele

Member
Cincotti Cristiano

Member
Molla Pierluigi

Member
Ruzzu Alessandra

The Chair of the Committee is appointed by the Board of Directors from among the independent members of the Committee. The Chair of the Committee may not be the same person as the Chair of the Board of Directors or the Chair of any other Board committee. If the Chair is absent or unable to act, they shall be replaced in all their duties

Banca Popolare di Sondrio FONDAZIONE DEI STRUTTURA

Report on Corporate Governance and Owners

Structure

Financial year 2025

by the most senior Committee member in office and, in the event of equal seniority, by the oldest member in order of age, provided that they meet the independence requirements.

As at 31 December 2025 and as at the date of approval of this Report, the role of Chair of the Risk and Control Committee is held by Maria Chiara Malaguti.

The Chair:

a) coordinates the Committee's activities, convenes its meetings and, assisted by the Secretary, sets the agenda, ensuring that Committee members are provided with timely and adequate information;

In accordance with the current Operating Rules of the Control and Risk Committee, adopted following Banca Popolare di Sondrio's entry into the BPER Group, the Committee provides support to the Board of Directors in relation to risks and the internal control system, as well as in relation to the approval of periodic financial and non-financial reports - without prejudice to the decision-making autonomy and responsibilities of these bodies in adopting resolutions within their respective areas of competence - and in line with the Parent Company's management and coordination role, and taking into account the provisions of Group regulations.

Furthermore, the Committee supports the Board of Directors' activities in the area of sustainability, covering all the corporate processes, structures and controls through which the Bank, in compliance with Article 1, Principle I of the Borsa Italiana Corporate Governance Code and the principles developed by the relevant international bodies, ensures the pursuit of sustainable development, with a particular focus on environmental, social and governance issues.

The Committee cooperates with the other Committees, whose activities may have an impact on the risk strategy, and maintains regular communication with the institution's internal control functions, inviting them to scheduled meetings, in order to ensure that all relevant risk factors are duly taken into account.

Without prejudice to any additional responsibilities assigned to it by the regulations, the Control and Risk Committee is, in particular, responsible for the following tasks:

supporting the Board of Directors in making decisions regarding the implementation of strategic guidelines and risk management policies, in a manner

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINDACO DI REPUBBLICA

Gruppo BPER Banca

consistent with the Bank's situation;

providing assessments and opinions to the Board of Directors on compliance with the principles that must govern the internal control system and the corporate organisation, bringing to the Board's attention any weaknesses and the resulting corrective actions to be taken;
supporting the Board of Directors in verifying the correct implementation of strategies, risk management policies and the RAF;
providing assessments and opinions to the Board of Directors in relation to the evaluation and monitoring of the requirements that must be met by the corporate control functions, bringing to the Board's attention any weaknesses and the corresponding corrective actions to be implemented;
verifying that the corporate control functions correctly comply with the instructions and guidelines of the internal control and risk management system established by the Board of Directors, without prejudice to the Parent Company's management and coordination role;
supporting the Board of Directors in preparing the corporate governance report, with a focus on information relating to the internal control and risk management system and the assessment of its overall adequacy, without prejudice to the Parent Company's management and coordination role;
with the support of the Appointments and Governance Committee, identifying and proposing candidates for the positions of heads of the corporate control functions to be appointed, and providing guidance in the event of their dismissal;
providing the Board of Directors with an opinion on the document outlining the planning of the activities of the corporate control functions, prepared at least once a year, in accordance with the guidelines set by the Parent Company;
reviewing the final accounts and the reports prepared by the corporate control functions, as well as any reports from the Managing Director concerning issues and critical matters that have arisen in the course of his/her work or that have otherwise come to his/her attention;
in coordination with the Manager responsible for preparing the Company's accounting documents, and after consulting the Board of Statutory Auditors and the entity appointed to perform the statutory audit, assessing the correct application of accounting standards;
supporting the Board of Directors in assessing the findings presented by the entity appointed to perform the statutory audit in any letter of recommendations and in the report on key issues identified during the statutory audit;
providing the Board of Directors with an opinion on the policy for outsourcing corporate control functions, without prejudice to the Parent Company's

Banca Popolare di Sondrio
GRUPPO BPER Banca

CERTIFIED

Report on Corporate Governance and Owners
Structure
Financial year 2025

management and coordination role;

supporting the Board of Directors in defining policies and processes for assessing the Company's activities, including verifying that the pricing and terms of transactions with customers are consistent with the business model and risk strategies, and in line with the guidelines set by the Parent Company;
supporting the Board of Directors in approving the document on the coordination of corporate control functions, as required by Bank of Italy Circular no. 285/2013 and subsequent updates;
supporting the Board of Directors in assessing, at least annually, the adequacy of the internal control and risk management system in relation to the company's characteristics and the risk profile assumed, as well as its effectiveness;
supporting, through appropriate investigative activities, the Board of Directors' assessments and decisions regarding the management of risks arising from adverse events of which the Board has become aware;
assessing the suitability of periodic financial and non-financial information to accurately reflect the company's business model, strategies, the impact of its activities, and the performance achieved;
supporting the Board of Directors in assessing the independence, adequacy, effectiveness and efficiency of the company's control functions. Furthermore, the Committee verifies that the remuneration of the heads of the corporate control functions is consistent with the remuneration policy established by the Parent Company.

The Control and Risk Committee has the right to access relevant company information necessary for the performance of its assigned tasks and to engage external consultants.

Minutes of the meetings of the Control and Risk Committee are duly taken by the Secretary, in agreement with the Chair of the Committee, and the minutes are generally submitted to the Committee for approval at its next meeting.

The Control and Risks Committee and the Board of Statutory Auditors exchange all information of mutual interest and, where appropriate, coordinate the performance of their respective duties. To this end, the Chair of the Board of Statutory Auditors, or another member appointed by the Chair, regularly attends the Committee's meetings.

In carrying out its duties, the Committee makes use of information flows from the Company's bodies and functions. The regulation of the types, methods and content of all information flows intended for the Committee is based on the powers assigned to the Committee under statutory, secondary and self-regulatory provisions.

During 2025, the Control and Risks Committee met 20 times, with each meeting lasting an average of just under 4 hours. At the invitation of the Committee Chair, other

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINDACO IND. 2025

Gruppo BPER Banca

directors and representatives of the company's functions also attended the meetings.

To date, the Control and Risk Committee has met four times in 2026.

5.3 APPOINTMENTS AND CORPORATE GOVERNANCE COMMITTEE

The Appointments and Corporate Governance Committee is currently composed of 3 non-executive directors, at least 2 of whom are independent. The members of the Committee must, collectively, possess knowledge, skills and expertise appropriate to the Committee's duties.

In this regard, at its meeting of 12 May 2025, the Board of Directors renewed the composition of the Committee, which was made up as follows:

Giuseppe Recchi, appointed as Chair of the Committee at its meeting held on 22 May 2025;
Ermetes Maria Letizia;
Molla Pierluigi;
Neervoort Séverine Mélissa Harmine;
Stefini Silvia.

Following Banca Popolare di Sondrio's entry into the BPER Banca Group and the Shareholders' Meeting of 15 September 2025, which renewed the Board of Directors in its entirety, the Board, at its meeting on 19 September 2025, renewed the composition of the Appointments and Corporate Governance Committee, which, as of 31 December 2025 and the date of approval of this Report, is composed as follows:

Chair

Recchi Giuseppe

Member

Neervoort Séverine Mélissa

Harmine

Member

Massimetti Annamaria

Banca Popolare di Sondrio FONDAZIONE DEI STRUTTURA

Report on Corporate Governance and Owners

Structure

Financial year 2025

the independence requirements.

As at 31 December 2025 and as at the date of approval of this Report, the role of Chair of the Appointments and Corporate Governance Committee is held by Giuseppe Recchi.

The Chair:

a) coordinates the Committee's activities, convenes its meetings and, assisted by the Secretary, sets the agenda, ensuring that Committee members are provided with timely and adequate information;

Pursuant to the current Operating Rules of the Appointments and Corporate Governance Committee, adopted following Banca Popolare di Sondrio's entry into the BPER Group, the Committee performs advisory, investigative and proposal-making functions in support of the work of the Board of Directors and, to the extent of its remit, of the Executive Committee (where established) - without prejudice to the decision-making autonomy and responsibilities of these bodies in passing resolutions within their respective remits - and in line with the Parent Company's management and coordination role, and taking into account the provisions of the Group's policies and regulations.

Without prejudice to any additional powers conferred on it by applicable legislation, including secondary and self-regulatory provisions, the Committee is specifically responsible for the following tasks:

a) supporting the Board of Directors in the preliminary determination of the optimal qualitative and quantitative composition of the Board (and of its Committees) for the purposes of appointing Directors, and in the subsequent verification of the consistency between this composition and the actual composition resulting from the appointment process;

b) carrying out preliminary investigations to enable the Board of Directors to verify that corporate officers and the heads of the main corporate functions meet the requirements set out in the applicable regulations and supervisory provisions, and supporting the Board in adopting and, where necessary, updating the internal governance policy documents relating to the process for assessing corporate officers;

c) providing the Board of Directors with a reasoned opinion on the removal of

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINDACO IND. "S.P.E."

Gruppo BPER Banca

Directors who no longer meet the requirements set out in the applicable regulations and supervisory provisions;

d) providing an advisory opinion on proposals for the appointment of members of the Executive Committee (where established). For the purposes of appointing or expanding the Executive Committee, it plays a supporting role, vis-à-vis the Board of Directors and, where applicable, the Executive Committee itself, in the phase of identifying in advance the ideal qualitative and quantitative composition of the Executive Committee and in the subsequent phase of verifying that the composition resulting from the appointment process complies with this ideal;

e) providing an opinion on proposals for the appointment of the Managing Director and, where applicable, the General Manager, as well as the other members of the General Management, as identified in accordance with the Articles of Association;

f) providing the Board of Directors with an opinion on:

(i) the approval and updating of the internal regulations governing the succession of the Company's Senior Management (Chair, Managing Director and, where applicable, General Manager), supporting the Board of Directors in the implementation of these regulations, in line with their provisions;

(ii) the approval and updating of the internal regulations governing the succession of top management (for these purposes, top management is defined as the first lines of hierarchical reporting below the Board of Directors, the Managing Director, the General Manager, where appointed, and the Manager responsible for preparing the Company's accounting documents), including with regard to the heads of the Company's control functions;

g) supporting the Control and Risk Committee in identifying candidates to be proposed to the Board of Directors for appointment as heads of the company's control functions, with a particular focus on verifying compliance with the suitability requirements set out in the applicable regulations;

h) supporting the Board of Directors in preparing the Report on Corporate Governance and Ownership Structure;

i) monitoring developments in national and international regulations and best practices on corporate governance, and keeping the Board of Directors informed of any significant changes;

k) having examined the proposal made by the Chair of the Board of Directors, in consultation with the Chief Executive Officer, providing the Board of Directors with an opinion on the adoption and updating of the policy for managing dialogue with shareholders as a whole, also taking into account the engagement policies adopted by institutional investors and asset managers.

With regard to the banking subsidiaries and other subsidiaries for which the appointment of Representatives is the responsibility of the Board of Directors, and in the

Banca Popolare di Sondrio FONDAZIONE DEI STRUTTURA

Report on Corporate Governance and Owners

Structure

Financial year 2025

event that a member of the Board of Directors or the General Manager (if appointed) of Banca Popolare di Sondrio is a candidate for a position in a subsidiary of the Bank, without prejudice to the Parent Company's management and coordination role, the Committee, also taking into account any recommendations from the Parent Company, shall provide guidance to the Board of Directors on the proposed appointments of candidates for the following offices:

a) Director, including in the case of co-option;
b) member(s) of the Executive Committee, where such a body is provided for in the respective Articles of Association;
c) Chief Executive Officer or Managing Director, where such offices are provided for in the respective Articles of Association;
d) members of the General Management or similar positions provided for in the respective Articles of Association.

In providing this guidance, the Committee shall take into account compliance with diversity objectives, without prejudice to the obligations set out by legislation, including secondary and self-regulatory legislation, in force from time to time.

Furthermore, the Committee supports the Board of Directors in the process of self-assessment of the composition and functioning of the Board of Directors and the Executive Committee (where established).

Minutes of the meetings of the Appointments and Corporate Governance Committee are duly taken by the Secretary, in agreement with the Chair of the Committee, and the minutes are generally submitted to the Committee for approval at its next meeting.

In 2025, the members of the Board of Statutory Auditors generally attended the Committee's meetings.

In carrying out its duties, the Committee makes use of information flows from the Company's bodies and functions. The regulation of the types, methods and content of all information flows intended for the Committee is based on the powers assigned to the Committee under the Articles of Association and the applicable legal provisions, including secondary legislation and self-regulatory frameworks.

In 2025, the Appointments and Corporate Governance Committee met 17 times, with each meeting lasting an average of approximately 1 hour and 15 minutes. To date, the Appointments and Corporate Governance Committee has met twice in 2026.

5.4 SUSTAINABILITY COMMITTEE

The Sustainability Committee is composed of 3 non-executive directors, at least 1 of whom must be independent. As at 31 December 2024, the Sustainability Committee was composed entirely of independent directors. In addition, at least one of the

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINDACO IND. REP.

Gruppo BPER Banca

Committee's members must have appropriate experience and knowledge in the field of sustainability.

In this regard, at its meeting of 12 May 2025, the Board of Directors renewed the composition of the Committee, which was made up as follows:

Neervoort, Séverine Mélissa Harmine, appointed as Chair of the Committee at its meeting held on 29 May 2025;
Riva Franco Giuseppe;
Stefini Silvia.

Following Banca Popolare di Sondrio's entry into the BPER Banca Group and the Shareholders' Meeting of 15 September 2025, which renewed the Board of Directors in its entirety, the Board, at its meeting of 19 September 2025, renewed the composition of the Sustainability Committee, which, as at 31 December 2025 and as at the date of approval of this Report, is composed as follows:

Chair
Neervoort Séverine Mélissa
Harmine

Member
Ruzzu Alessandra

Member
Stefini Silvia

The Chair of the Committee is appointed by the Board of Directors from among the members of the Committee. If the Chair is absent or unable to act, they shall be replaced in all their duties by the most senior Committee member in terms of length of service and, in the event of equal length of service, by the most senior member in terms of age.

As at 31 December 2025 and as at the date of approval of this Report, the role of Chair of the Sustainability Committee is held by Séverine Mélissa Harmine Neervoort.

The Chair:

a) coordinates the Committee's activities, convenes its meetings and, assisted by the Secretary, sets the agenda, ensuring that Committee members are provided with timely and adequate information;
b) chairs the Committee's meetings, directs and moderates the discussion, ensures the effectiveness of the debate, and endeavours to ensure that the conclusions reached by the Committee are the result of proper dialogue and the informed and reasoned

Banca Popolare di Sondrio FONDAZIONE DEI STRUTTURA

Report on Corporate Governance and Owners

Structure

Financial year 2025

input of all its members.

The Chair of the Committee maintains close relations with the Chair of the Board of Directors in order to coordinate the Committee's activities with those of the Board.

Pursuant to the current Operating Rules of the Sustainability Committee, adopted following Banca Popolare di Sondrio's entry into the BPER Group, the Committee provides support for the Board of Directors' activities in the area of sustainability, covering all the corporate processes, structures and controls through which the Bank, in compliance with Article 1, Principle I of the Borsa Italiana Corporate Governance Code and the principles developed by the relevant international bodies, ensures the pursuit of sustainable development, with a particular focus on environmental, social and governance issues, in line with the Parent Company's management and coordination role and taking into account the provisions of Group regulations.

a) reviewing and assessing, at least annually, the content of the Group's sustainability policy and the Group's ability, through ongoing engagement with all stakeholders, to ensure the achievement of its sustainable development objectives;

b) examining and assessing the final accounts and the reports prepared by the corporate functions responsible for controlling and monitoring sustainability issues, as well as any reports from the Managing Director concerning problems and critical issues that have arisen in the course of his/her work or that have otherwise come to his/her attention;

c) assessing the Bank's position in relation to sustainability metrics, indices and market benchmarks;

d) monitoring relevant initiatives (forums, associations, study and in-depth analysis events) organised at both the international and domestic levels with the aim of promoting and enhancing awareness of sustainability issues, and to assess, also in terms of their relevance and effectiveness, the extent of the Bank's involvement in achieving the Sustainable Development Goals;

e) monitoring initiatives and programmes aimed at promoting, throughout all the Bank's organisational structures, a culture of sustainability and awareness among the Bank's staff of the need to pursue sustainable development;

f) assessing the technological, environmental, social, economic, political and geopolitical scenarios and macrotrends that are likely to have a significant long-term impact on society as a whole and, consequently, on the Bank's corporate purpose and its relationship with society;

g) promoting and/or support initiatives aimed at analysing the scenarios referred to in point (f) above.

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

^{}[]

Banca Popolare di Sondrio

BANCO PUBBLICO

Gruppo BPER Banca

Minutes of the Sustainability Committee's meetings are duly taken by the Secretary, in agreement with the Chair of the Committee, and the minutes are generally submitted to the Committee for approval at the next available meeting.

In 2025, the Chair of the Board of Statutory Auditors consistently attended the Committee's meetings.

In carrying out its duties, the Committee makes use of information flows from the Company's bodies and functions. The rules governing the types, methods and content of all information flows intended for the Committee are based on the powers assigned to the Committee under the Articles of Association and the applicable laws, including secondary legislation and regulations.

During 2025, the Sustainability Committee met 8 times, with each meeting lasting an average of approximately 1 hour and 30 minutes. To date, the Sustainability Committee has met once in 2026.

Banca Popolare di Sondrio BOROLORE

Gruppo BPER Banca

CERTIFIED

Sanita toria

Struttura

Financial year 2025

6. MANAGEMENT OF CORPORATE INFORMATION

For the transmission and storage of Regulated Information, Banca Popolare di Sondrio uses the EMARKET and the EMARKET Storage mechanism, available at , which are operated by Teleborsa Srl - with registered office at Piazza di Priscilla 4, Rome - pursuant to CONSOB authorisation and Resolutions No. 22517 and No. 22518 of 23 November 2022.

In particular, Banca Popolare di Sondrio has adopted appropriate procedures which, in compliance with the regulations in force, ensure the proper handling and disclosure to the market of inside information, as referred to in Article 114 of the Consolidated Law on Finance and EU Regulation 596/2014 (the so-called 'MAR'). In particular, the 'Regulations on the Management of Insider Information and the Insider Register of the Banca Popolare di Sondrio Group' have been adopted, the purpose of which is to ensure compliance with the applicable legal and regulatory provisions on the management and circulation of insider information and to guarantee that such information is treated with the utmost secrecy and confidentiality. In particular, the aim was to ensure transparency vis-à-vis the market and to implement appropriate preventive measures against the misuse of Insider Information.

Among other things, these regulations govern the process for identifying insider information, the process for disclosing it to the public, the right to delay its disclosure, and the Register of persons with access to insider information.

Pursuant to the MAR provisions set out in Regulation (EU) No 596/2014, the Board of Directors has adopted its own Internal Dealing Regulations. This document outlines the process for managing transactions in financial instruments issued by the Bank carried out by individuals holding administrative, supervisory or management positions.

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

CERTIFIED

7. MANAGEMENT ROLES AND AREAS OF GOVERNANCE

7.1 GENERAL MANAGEMENT

Pursuant to Article 45 of the Articles of Association, the Board of Directors determines the powers of the General Management and, on the proposal of the Managing Director, appoints the relevant staff, specifying the duties, grade and functions of its members.

The Board may also appoint a General Manager, who heads General Management, and shall determine the General Manager's functions, duties and powers. It is the responsibility of the Managing Director to propose the appointment and to nominate potential candidates for the same position, as well as to propose their specific duties, functions and powers. If no General Manager is appointed, the General Management reports to the Managing Director.

If appointed, the General Manager shall exercise the powers conferred upon them and perform the tasks assigned to them in accordance with the law, the Supervisory Regulations, and the Articles of Association.

With regard to the strategic guidelines adopted by the Board of Directors, the General Manager, within the scope of their responsibilities, implements the resolutions of the Board, the Executive Committee and the Chair, issuing specific directives to the heads of the various departments and favouring direct communication where situations suggest it.

The General Manager attends the meetings of the Board of Directors and the Executive Committee.

Until the Shareholders' Meeting held on 15 September 2025, the role of General Manager was held by Mr Mario Alberto Pedranzini; subsequently, the Board of Directors, meeting on the same date, resolved not to appoint a new General Manager, instead assigning the relevant functions and powers to the Managing Director.

7.2 GOVERNANCE AREAS

The Bank's current high-level organisational structure is designed to optimise the effectiveness and efficiency of the Bank's operations. It is based on the division of organisational cases into 'Governance Area', which oversees a set of Services and Offices responsible for carrying out activities that are consistent with each other. At the top of these areas is a C-Level Suite, made up of the Heads of the 'Governance Areas', who report directly, in terms of hierarchy and function, to the Managing Director, who oversees all the Governance Areas.

The Heads of the Governance Areas are appointed on the proposal of the Managing Director, by resolution of the Board of Directors, which is supported by the Appointments

Banca Popolare di Sondrio FONDAZIONE DEI STRUTTURA

Report on Corporate Governance and Owners

Structure

Financial year 2025

and Corporate Governance Committee.

The responsibilities of the Heads of the Governance Areas are always broad in scope, i.e. they include explicit management and coordination tasks, including vis-à-vis the Bank's subsidiary companies.

Among their various activities, the Heads of Governance Areas:

Assist the Managing Director. and collaborate with one another, contributing to the achievement of shared corporate objectives by carrying out the tasks that fall within the scope of responsibility defined by the mission of their respective Governance Area and the organisational units reporting to them, and by the powers delegated to them;
Contribute to multi-annual strategic planning, potential analysis and the definition of annual budgets; pursue budget objectives by carrying out activities within their areas of responsibility; and report on any deviations and corrective actions taken;
Within their areas of responsibility, they pursue the objectives set for the Bank and, more broadly, for the BPS Group as a whole, providing guidance and coordination to the subsidiaries.

The individual Governance Areas and a brief summary of their functions are set out below.

Chief Lending Officer Governance Area: Whose mission is 'To define the Group's credit strategy and to oversee the adequacy and effectiveness of credit processes, in line with the development guidelines set out in the business plan and within the risk-taking limits defined by the senior management bodies. Furthermore, to oversee credit quality at Group level through the monitoring of deteriorated positions, defining the actions required to meet NPE targets (NPE operational plan), overseeing the management of credit anomalies and the credit recovery process, and initiating measures to minimise risks and promptly launch initiatives to protect the Bank's credit rights.

Chief Risk Officer Governance Area, whose mission is: 'To design, develop and manage, within the scope of and in accordance with the resolutions adopted by the corporate bodies, measurement systems of a regulatory and/or managerial nature for the various types of risk at Group level and, using these systems, to ensure the full implementation of risk-taking, risk-management and risk-monitoring policies.'

Chief Commercial Officer Governance Area, whose mission is: 'To oversee value creation at Group level, ensuring excellence in commercial practice through market monitoring, local presence, the development of international relationships, the analysis of customer needs, and product control.'

Chief Financial Officer Governance Area, whose mission is: 'To oversee the generation of value at Group level, through planning, management control, management analysis, capital and liquidity policies, and the management of the Group's treasury and finance activities. To govern sustainability issues. Furthermore, to ensure a systematic, fair

emarket

and storage

CERTIFIED

Banca Popolare di Sondrio

SINDACO IND. S.P.L.

Gruppo BPER Banca

Report on Corporate Governance and Ownership Structure

Financial year 2025

and true representation of the Bank's assets and liabilities, results and financial position, in compliance with civil and tax legislation.'

Chief Information and Operations Officer Governance Area, whose mission is: 'To oversee the creation of value at Group level through the analysis and enhancement of information assets and the definition of ICT architectures, processes and methodologies, together with the management of operations, data strategy and data quality, ICT security, and business resilience and continuity, while also enabling digital transformation. Furthermore, to manage the Bank's real estate assets, workplace safety, and procurement and ancillary services, while optimising costs.'

Banca Popolare di Sondrio FONDAZIONE DELLA REPUBBLICA

CERTIFIED

Garanzia
Struttura

Financial year 2025

8. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

Conscious that the internal control and risk management system is a key element in ensuring that the Bank's activities are always based on the traditional criteria of 'sound and prudent management', the Bank is continuously committed to optimising and updating the system itself. To this end, the Bank has always been guided by, and continues to refer to, the principles established by the Supervisory Authority in relation to:

proportionality, understood as the application of the rules in accordance with the Bank's size and operational characteristics;
gradualness, understood as the progressive adoption of more advanced measurement and control methodologies, tools and procedures;
consistency, understood as the use of uniform operating methods by the various organisational functions;
cost-effectiveness, understood as the ability to ensure that the overall burden of control is appropriate, but in no case exceeds the impacts to be mitigated.

In accordance with these guidelines, a system has been developed that enables the detection, measurement, and management of all types of risk the Bank deems relevant in consideration of its activities, with a view to their responsible governance.

In July 2025, following the conclusion of the Public Tender Offer launched by BPER Banca S.p.A., Banca Popolare di Sondrio became part of the BPER Banking Group. As a result, the Bank became subject to the direction and coordination activities exercised by the Parent Company also in terms of the system of internal control, progressively adopting its policies and directives.

8.1 CHARACTERISTICS OF THE INTERNAL CONTROL SYSTEM

The internal control and risk management system consists of the set of rules, activities, procedures and organisational structures that aim to ensure, according to sound and prudent management principles, compliance with company strategies and the achievement of the following objectives:

process efficiency and effectiveness;
preservation of asset value and protection against losses;
reliability and integrity of accounting and management information;
containment of risks within the limits set by the Risk Appetite Framework (RAF);
compliance of operations with both the policies established by corporate governance bodies and internal and external regulations;
operational conduct based on fairness and prudence.

More specifically, the internal control and risk management system, in accordance with the indications provided by current legislation, complies with the following guiding

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINDACIO UNI EN

Gruppo BPER Banca

principles:

clear attribution of tasks and responsibilities between the organisational entities and, within the BPS Group, between the companies that comprise it;
ensuring the necessary separation and independence of the control functions from the operating units;
definition of control activities at each operating level, which means controls extended to all relevant business areas;
development of a risk and control culture and a shared language at all levels of the organisation;
full awareness of the risks assumed through the identification, measurement and monitoring of all types of risk, assumed or assumable, which are considered material;
homogeneity in the definition and adoption of risk assessment methods and tools within the BPS Group, avoiding inconsistent use of taxonomies, metrics and qualitative/quantitative methodologies;
timely communication between the control functions and the corporate bodies to guarantee that anomalies found are promptly brought to the attention of the appropriate levels and managed swiftly;
development and maintenance of reliable information systems, capable of providing prompt and adequately detailed data and information for recipients to carry out their activities.

8.2 THE SYSTEM OF REGULATIONS

In accordance with the provisions of the supervisory regulations and taking into account the Bank's needs, in order to regulate, from a methodological, organisational, operational and information-related perspective, the components of the internal control and risk management system that the Bank employs in its day-to-day operations, the following types of regulations have been drawn up for each relevant area:

Guidelines, policies, and general and process regulations, which govern the criteria, systems and processes for monitoring and managing risks, as well as the role of the corporate bodies and organisational units in defining and implementing them;
Operational and methodological regulations, which govern the components required for the implementation of the aforementioned risk monitoring and management systems, such as the activities, methodologies, procedures and organisational structures involved.

8.3 THE ROLES OF THE SENIOR GOVERNING BODIES

The Internal Control and Risk Management System involves, with different roles, the

Banca Popolare di Sondrio FONDAZIONE DEI STRUTI

CERTIFIED

Gruppo BPER Banca

Report on Corporate Governance and Owners

Structure

Financial year 2025

Board of Directors and the Board Committees, the Board of Statutory Auditors, the Managing Director assisted by the members of the General Management and the Heads of the Governance Areas, the Organisational Units and other specific figures entrusted with internal control tasks, and all personnel.

As reported in the previous paragraphs, the Bank's entry into the BPER Banca Group entailed its subjection to the direction and coordination activities exercised by the Parent Company and changes to the roles of the corporate bodies, including the relinquishment of certain prerogatives as part of the gradual process of integration into the governance, management, and control systems of the new Banking Group. The following paragraphs provide an overview of the responsibilities of the key players in the Bank's Internal Control and Risk Management System, which, following the Bank's integration into the BPER Banca Banking Group, are carried out in accordance with the policies of the Parent Company and under its supervision, taking into account the unified strategic plan of the new Group.

Board of Directors and Board Committees

The Board of Directors, as the body with strategic overseeing responsibilities, ensures the completeness, adequacy, functionality and reliability of the Internal Control and Risk Management System. It is also responsible for defining and approving the Risk Appetite Framework (RAF) and the risk governance and management policies, as well as for updating them in line with the strategic guidelines.

In order to ensure their effective implementation, the resolutions adopted with regard to the aforementioned areas are communicated to the relevant representative of the body with management responsibilities, who in turn instructs the organisational units responsible for their implementation.

In particular, the Board of Directors:

defines the strategic direction, the reference framework for determining the risk appetite, the risk governance and management policies, and the guidelines for the internal control system;
takes note of the risk profile and the methods used to identify and assess risks;
approves the establishment of the company's control functions, their duties and responsibilities, the coordination and collaboration arrangements, and the information flows among these functions and between these functions and the corporate bodies;
ensures that the organisational framework is consistent with the risk management policies and that roles and responsibilities are allocated in a clear and appropriate way;
ensures that the adequacy and functionality (effectiveness and efficiency) of the Internal Control and Risk Management System are checked and, if deficiencies or

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

anomalies emerge, promptly adopts appropriate corrective measures;

oversees the definition of a correct, complete and timely information system, consistent with the importance and complexity of the information needed;
promotes the development and dissemination, at all organisational levels, of a control culture that must guide the company's activities.

In carrying out these tasks, the Board of Directors is supported by its internal Committees, in accordance with their respective powers. Among these, the Control and Risk Committee, in particular, is responsible for assisting the Board of Directors in determining the guidelines of the internal control and risk management system and in periodically reviewing its adequacy and effective functioning; specifically, it supports the Board of Directors in defining the Risk Appetite Framework and strategies for the prevention, governance and management of material risks, in periodically monitoring risk exposure in relation to the objectives and limits set, and in verifying the completeness, adequacy and functionality of the internal control and risk management system; it also performs all other functions assigned to it by supervisory regulations.

Managing Director

Within the scope of the responsibilities of the Board of Directors, the Managing Director, assisted by General Management and the Heads of Governance Areas, oversees the implementation of the strategic objectives, the RAF, the risk management policies and any other decisions taken by the Board of Directors and the Executive Committee. With regard to the establishment and maintenance of an effective internal control system, the Managing Director implements the strategic guidelines set by the Board of Directors, overseeing the design, implementation and management of the various components of the system.

In particular, the Chief Executive Officer:

submits to the Board of Directors for approval the strategic guidelines, the multi-year development plans and the related annual budgets, the updates/revisions to the Risk Appetite Framework (RAF) and the risk governance and management policies;
establishes, by submitting them to the Board of Directors for review and approval, the key aspects of the business processes relevant for the purposes of the internal control system, and oversees their subsequent implementation; in this context, ensures the periodic identification and assessment of the main business risks, taking into account the nature of the activities carried out by the Bank;
previously examines the transactions of major strategic, economic, equity-related and financial relevance, and then submits them to the Board of Directors for approval;
establishes rules, activities, procedures and organisational structures relating to the

Banca Popolare di Sondrio PONORA UNI EN

Gruppo BPER Banca

CERTIFIED

Structure

Financial year 2025

risk management process, taking care of its implementation;

puts in place the necessary initiatives to continuously ensure the completeness, adequacy, functionality and reliability of the entire Internal Control and Risk Management System and its components, ensuring that it is adapted to changing operating conditions and significant changes in the regulatory framework;
ensures the necessary interventions to eliminate any weaknesses, anomalies or malfunctions found in the internal control and risk management system, activating the competent functions;
ensures the proper, timely and safe management of information systems for accounting, management and reporting purposes.

The Anti-Money Laundering Officer

While retaining responsibility for approving the Bank's overall strategy for preventing and combating money laundering and terrorist financing (AML/CFT) and for overseeing its implementation, the Board of Directors has appointed Mr Elvio Sonnino, Managing Director, as the Bank's new Anti-Money Laundering Officer, effective 15 September 2025.

The Bank's Anti-Money Laundering Officer is the main point of contact between the Head of the Anti-Money Laundering Service and the Board of Directors; the Anti-Money Laundering Officer ensures that all the information necessary to fully understand the significance of the money laundering risks to which the Bank is exposed is available, for the purpose of exercising their respective responsibilities. The AML Officer also ensures that the Bank's Anti-Money Laundering Service Manager performs their duties effectively.

The Officer may not delegate their duties to third parties and: a) possesses adequate knowledge, skills and experience regarding money laundering risks, AML/CFT policies, controls and procedures, as well as the business model of the Bank and its area of operations; b) has sufficient time and resources to perform their duties effectively.

When appointing the AML/CFT Officer, the Bank considered potential conflicts of interest and adopted measures to prevent or mitigate them (see the 'Regulations on the Monitoring of Directors' Independence Requirements' approved by the Board of Directors on 19 January 2024).

The Anti-Money Laundering Officer:

monitors the adequacy and proportionality of anti-money laundering policies, procedures and internal control measures, taking into account the Bank's characteristics and the ML/TF risks to which it is exposed;
assists the Board of Directors in assessing the organisational structure and resourcing of the Anti-Money Laundering Service, including any decision to assign responsibility for this function to the Anti-Money Laundering Officer themselves;
ensures that the corporate bodies are regularly informed about the activities carried

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

Gruppo BPER Banca

CERTIFIED

out by the Head of the Anti-Money Laundering Service and about discussions held with the competent authorities;

informs the corporate bodies of any anti-money laundering violations and critical issues of which they become aware, and recommend the appropriate actions;
verifies that the Head of the Anti-Money Laundering Service has direct access to all the information necessary for the performance of their duties, is provided with sufficient human and technical resources and tools, and is informed of any anti-money laundering deficiencies identified by the other internal control functions and by the Supervisory Authorities;
ensures that the issues and proposed actions raised by the Anti-Money Laundering Service Officer are assessed by the Managing Director (where this role is not held by the Anti-Money Laundering Officer themselves).

The General Manager, the Deputy General Managers and the Heads of Governance Areas

General Management, headed by the General Manager (if appointed by the Board of Directors), is composed of the General Manager and the Deputy General Managers. If no General Manager has been appointed, General Management reports directly to the Managing Director, pursuant to Article 45(3) of the Articles of Association.

Assisted by the other members of General Management, the General Manager (if appointed) participates in the management function by making proposals regarding specific aspects of business management, in accordance with the strategic guidelines adopted by the Board of Directors; furthermore, within their sphere of competence, they implement the decisions taken by the Senior Bodies, with a particular focus on the conduct of current affairs. Specifically, oversees the overall functioning and the administrative processes of the Bank, verifying the effective application of the provisions issued by the corporate bodies and ensuring the concrete and correct exercise of the powers delegated.

The organisational structure of the Governance Area brings together a number of Services and Offices responsible for carrying out activities that are consistent with each other. The Heads of the Governance Areas oversee the Services and Offices that report to them; at the same time, they ensure a hierarchical-functional reporting to the delegated councillor, who oversees all the Governance Areas.

Overall, the General Management and the Heads of the Governance Areas - individually or collectively - assist the Managing Director in implementing the strategic guidelines, the RAF, and the governance and risk management policies defined by the senior management bodies, ensuring the adoption of all necessary measures to guarantee that the organisation and the Internal Control and Risk Management System comply with the requirements set out in internal and regulatory provisions.

Banca Popolare di Sondrio FONDAZIONE DEI STRUTI

Gruppo BPER Banca

CERTIFIED

Banca Popolare

di Sondrio FONDAZIONE

Gruppo BPER Banca

Report on Corporate Governance and Owners

Structure

Financial year 2025

The Board Of Statutory Auditors

The Board of Statutory Auditors, also making use of the business units that carry out internal control activities, oversees compliance with the law, regulatory and statutory provisions, and corporate resolutions, the observance of the principles of proper administration, the adequacy of the organisational structures and the information and accounting systems, the completeness, adequacy, functionality, and reliability of the Internal Control and Risk Management System; it verifies the effectiveness of the structures involved in the Internal Control and Risk Management System and their proper coordination, promoting corrective actions for identified deficiencies and irregularities; it also exercises the additional functions and powers provided by current legislation, as well as the tasks and functions assigned to it by the Bank of Italy and other supervisory authorities. In addition, it verifies and monitors the independence of the external auditing firm and is responsible for the procedure for selecting this firm, recommending to the Board of Directors the appointment of the selected firms.

The Board of Statutory Auditors informs the Corporate Bodies of any deficiencies identified in the course of its activities, promotes the measures to be taken and verifies that they are actually implemented. In addition, in accordance with current regulations, it notifies the Supervisory Authorities of any facts or actions of which it becomes aware that may constitute an irregularity in the management of the company or a breach of the rules governing banking activities.

The Board of Statutory Auditors is also responsible for overseeing various aspects of sustainability, particularly in ESG reporting, to ensure the quality of non-financial information and regulatory compliance, thereby making sustainability a cornerstone of corporate transparency.

Its main responsibilities include:

Regulatory compliance: verifying that sustainability reporting complies with European and national provisions and accurately reflects the company's commitments.
Internal control and ESG risk management: Ensuring that the company has an adequate internal control system capable of identifying and monitoring environmental, social and governance risks.
Proper administration: assessing the consistency of the company's decisions with the principles of economic rationality and the sustainability strategies approved by the Board of Directors.

The Statutory Auditors attend the Shareholders' Meetings and the meetings of the Board of Directors. The Board of Statutory Auditors and the Risk Control Committee exchange all information of mutual interest and, where appropriate, coordinate the performance of their respective duties.

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

EMPREGIO 2025

Garanzia del lavoro

8.4 CONTROL FUNCTIONS

The company's organisational structure includes specific roles for the functions responsible for the controls governed by the Supervisory Instructions, which fall into the following categories:

First-line controls or first-level controls;
Risk and compliance controls, or second-line controls;
Internal Audit activities or third-level controls.

The establishment of corporate functions with control responsibilities and the coordination between these functions adhere to principles and guidelines aimed at ensuring the necessary synergy between all the actors involved. In particular, the following are expected:

pre-defined functional and hierarchical reporting lines and an appropriate position within the organisational structure, to be understood as fundamental operational mechanisms for the functioning of the Internal Control System;
appropriate allocation of powers, responsibilities and resources to the control functions;
planning of the activities carried out by the control functions so as to ensure their overall consistency with the strategic guidelines, the identification and assessment of the main risks, and the scheduling of the corresponding management actions;
established operating rules to govern the relationships between the control functions; in this regard, the following are relevant: i) sharing the findings of the activities conducted; ii) identifying moments of coordination between the control functions (e.g., during the work of dedicated internal committees) to jointly analyse weaknesses in the internal control system and take coordinated action for their correction; such opportunities for coordination between functions may be scheduled periodically (e.g., while planning their respective control activities) or when particularly serious events occur, with the aim of promoting joint remedial actions and sharing methods and timelines for resolution.

Even following the incorporation of Banca Popolare di Sondrio into the BPER Banca Group, the Bank's Internal Control System has remained decentralised within BPS, in derogation from the BPER Banca Group's rules, which generally stipulate that the Internal Control Functions of Legal Entities governed by Italian law be centralised within the Parent Company.

First-level controls

Line controls are procedural, IT or behavioural checks aimed at verifying that operations are carried out correctly. If they are not integrated into the IT procedures, they are entrusted to the same corporate units - including back-office functions - that are responsible for carrying out the processes or parts thereof ('first-line controls'), or they are

performed by units that, although reporting to the heads of operational areas, are dedicated exclusively to control tasks (‘second-line controls').

The central Departments and Services, the Offices, and the local branches are responsible for the effective implementation of the controls and their adequacy, depending on the organisational structure of the various business units. In this context, it is particularly important that, within the central organisational structures, there are forms of specialised or enhanced supervision over operational areas with specific risk profiles (e.g. controls on the management of credit anomalies and credit recovery processes; operational supervision in the areas of legal matters, data processing and protection, outsourcing of IT system activities and components, taxation, occupational health and safety, personnel management and social security).

Second-level checks

Risk and compliance controls are aimed at defining the criteria and methodologies for the identification and measurement of risks and verifying compliance therewith, checking the consistency of the operations in each productive area with any risk-return objectives assigned, and monitoring current and prospective capital adequacy.

These controls are carried out by organisational units that are separate from those with production functions.

The organisational Units responsible for these controls are: Chief Risk Officer Governance Area;the Compliance Officer Service and DPO;the Anti-Money Laundering Service.

Chief Risk Officer Governance Area

In carrying out the Bank's ‘risk management function', the Chief Risk Officer Governance Area (the ‘CRO Area' for short) assists the Corporate Bodies in the configuration and implementation of the Risk Appetite Framework (RAF) and risk management policies, as well as in monitoring the adequacy of the Group's capital and liquidity positions.

It is responsible for the design, development, updating, validation and management of systems, methodologies and procedures suitable for the identification, measurement, evaluation and control of material risk profiles. It also carries out second-level controls on the main types of risk, monitoring their exposure in both a current and future perspective.

It provides advisory services to the corporate bodies and internal committees (board and/or managerial committees) to enable a proper ex-ante assessment of the potential impact of business decisions on risk and on the capital and liquidity position, coordinating for this purpose with the relevant corporate structures.

It promotes or collaborates in awareness-raising and training initiatives, for both

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

Gruppo BPER Banca

emarket

sdir sforzage

CERTIFIED

Senior Management and the staff of central and peripheral organisational units, on aspects related to risk management, with the aim of promoting the dissemination of risk culture at the various levels of the corporate organisation.

More specifically, the CRO Area, whose manager reports hierarchically and functionally to the Chief Executive Officer, carries out the following main activities:

develops the methodologies, techniques, tools, and processes for the identification, evaluation, measurement, and control of the risks associated with business activities and produces the related risk reporting;
promotes projects for the design and development of systems for assessing, measuring, monitoring and managing current and emerging risks;
provides for measuring and evaluating exposure to significant risks in a reliable, timely, systematic, and complete manner, monitoring both current and prospective exposure;
with regard to credit risk, verifies that credit exposures are monitored properly, especially impaired exposures, and assesses the consistency of classifications, the adequacy of provisions and the adequacy of recovery processes; it also monitors the most important positions and the overall riskiness of the loan portfolio;
analyses, including on a precautionary basis, the risks associated with the offer of new products and services, entry into new operating and market segments, the acquisition or disposal of significant shareholdings, the use of third parties to perform corporate services/activities (including agreements to outsource activities or information systems) and, in general, the pursuit of corporate projects and management initiatives of an 'innovative' nature or of strategic importance;
contributes to the provision of prior opinions and assessments on the consistency of the most significant transactions with the Risk Appetite Framework, and, where requested, in the case of additional transactions with a heightened risk profile, a significant value and/or an extraordinary or unusual nature;
contributes operationally to the definition, maintenance or independent verification of systems, procedures, methods and any other tools functional for the evaluation - including for accounting purposes - of corporate assets or liabilities, adopted both from a regulatory perspective and for management purposes, coordinating for this purpose with the relevant corporate departments;
where required by regulations, oversees the internal processes for determining capital adequacy (ICAAP) and liquidity adequacy (ILAAP), as well as the preparation/updating of the documents required by the provisions on the prevention and management of banking crises (Recovery Plan);
oversees the periodic disclosure obligations of entities in accordance with the 'Third Pillar' prudential regulations;
oversees the execution of the periodic stress tests conducted on a systemic basis by

the banking and financial authorities for micro- or macro-prudential purposes.

The CRO Area, within which the Risk Control Service is located, is composed of a series of specialist and support offices coordinated by the Chief Risk Officer (CRO). Among these, the Validation Office, a control unit reporting directly to the Chief Risk Officer, operates autonomously and independently from the units responsible for developing internal models. Its role is to verify, both at the initial set-up stage and on an ongoing basis, the quality of the internal risk measurement systems and the evaluation of company activities adopted for both regulatory and management purposes, with a particular focus on internal rating systems.

The CRO Area outsources all the tasks assigned by law to the ‘risk control function' at the Italian-registered product companies Factorit spa and Banca della Nuova Terra spa; these outsourcing agreements remained in force throughout 2025, including following the change in the corporate structure with the acquisition of control of the Banca Popolare di Sondrio Group by the BPER Banca Banking Group in July, thereby ensuring, even during this transition phase, adequate continuity in the adoption and implementation within the two entities' corporate structures of the risk control and management guidelines issued by the new Parent Company, BPER Banca. The CRO Area also liaises with the equivalent corporate risk management function operating within the foreign subsidiary BPS (SUISSE) SA, with which it maintains methodological consistency and provides guidance, obtaining from the subsidiary the data and information necessary to assess its risk exposure - including in the form of reports, statements and disclosures on the development of business risks - and carrying out supervisory, comparative and in-depth analysis activities.

Compliance Officer Service and Data Protection Officer (DPO)

The Compliance Officer Service and DPO Office - whose manager reports hierarchically and functionally to the Managing Director - carries out, through its two constituent organisational units (the BPS Compliance Office and the BPS Group Compliance Office), advisory and control activities aimed at identifying and preventing legal and reputational risks potentially associated with the non-compliance of the Bank's processes and procedures with the external regulatory (laws and regulations) and self-regulatory (internal provisions) requirements applicable to the Bank.

In addition, the head of this function is also appointed as Data Protection Officer (DPO), a role that forms an integral part of the corporate Data Protection framework, adopted pursuant to Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation, ‘GDPR') on the protection of natural persons with regard to the processing of personal data.

Regulatory Compliance Function

The government's responsibility for the entire regulatory framework governing the

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

CERTIFIED

Bank's activities - which supervisory regulations assign to the Service - is exercised by the Service, with the exception of matters already handled, in a specialised manner, by other corporate functions typically responsible for second-level controls (Risk Control Function, Anti-Money Laundering Function, Manager responsible for preparing the Company's accounting documents - who has also assumed the role of the person required to certify the sustainability reporting - and Validation Function).

The Service adopts a so-called 'widespread compliance' model, aimed at fulfilling the aforementioned regulatory obligation both through the direct oversight of core issues, primarily concerning consumer protection (investment services, transparency, usury, privacy, etc.), and through the management of ICT and information security risks. Furthermore, the Function's work is characterised by collaboration, within their respective areas of responsibility, with 'specialist controllers' and 'compliance contacts' specifically appointed within the corporate structure, with the aim of enhancing the quality of compliance checks.

In summary, the compliance process consists of the following phases: monitoring of regulatory updates; advisory services; risk assessment (assessment of the degree of non-compliance risk); testing (operational checks); training; and reporting.

The Service is involved in the ex ante assessment of compliance with regulations that may be applicable to operations relating to new products and services, entry into new operating and market segments, decisions to use third parties to perform corporate services/activities (including the outsourcing of activities or information systems) and, in general, all 'innovative' corporate projects undertaken by the Bank. The Service provides support to Senior Management and to the Board of Directors and the Board of Statutory Auditors on all matters where the risk of regulatory non-compliance is significant, and participates in training and awareness-raising programmes/initiatives for company personnel on the provisions applicable to their activities.

Furthermore, at the Italian-registered product companies BNT Banca S.p.A., which specialises in salary-backed loans, and at Factorit S.p.A. - a company specialising in factoring services, for which the Service will operate in this capacity from April 2025 - the Service directly performs, on an outsourcing basis, all the tasks legally assigned to the compliance function. In this context, the Service also implements specific methodological coordination mechanisms aimed at ensuring the appropriate and effective management of non-compliance risks, including with regard to the entity operating in a foreign jurisdiction, BPS (SUISSE) SA. To this end, it facilitates regular exchanges of information on the development of these risks at the level of each corporate entity involved.

DPO - Data Protection Officer

In accordance with the provisions of Article 39 of the GDPR, the head of the Service, in their capacity as Data Protection Officer:

informs and advises the Data Controller (the Bank) and employees on their

Banca Popolare di Sondrio BANKING CERTIFIED
Gruppo BPER Banca
Report on Corporate Governance and Owners
Structure
Financial year 2025

obligations under the GDPR and other European and national data protection regulations;

verifies that the applicable regulations and the Data Controller’s internal policies are correctly applied, including with regard to the allocation of responsibilities, staff awareness and training, and carries out the relevant checks;
upon request, prepares opinions on the data protection impact assessment of certain aspects of the company’s operations, and monitors their implementation;
cooperates with the Data Protection Authority;
acts as a point of contact for the Data Protection Authority, as well as for customers and employees.

The DPO is supported by the Personal Data Protection Oversight Office, which acts as the functional oversight body in this area, and receives information from the latter regarding the activities and first-level controls carried out.

Anti-Money Laundering Service

The Anti-Money Laundering Service - divided into two organisational units, the BPS Group AML Office and the BPS AML Office - reports hierarchically and functionally to the Chief Executive Officer through its manager. It provides stable oversight in order to supervise the prevention and combating of risks arising from involvement in money laundering and terrorist financing operations.

It acts as a specialised centre of expertise in this specific area, responsible, among other things, for overseeing the checks on individuals, relationships and transactions carried out on a daily basis by the operational departments, towards which it directs intensive efforts to encourage and raise awareness.

It continuously reviews the suitability of the processes and procedures adopted to ensure adequate monitoring of the risks associated with violations of the money laundering and terrorist financing regulations in force from time to time, in consultation with the Bank’s appointed Anti-Money Laundering Officer.

It coordinates the activities of the anti-money laundering functions of the companies belonging to the former Banca Popolare di Sondrio Banking Group and collaborates with them to establish effective controls over money laundering and terrorist financing risks.

It also provides support and assistance to the corporate bodies and Senior Management on the issues it oversees, supplying them with appropriate information.

In particular, the Anti-Money Laundering Service:

identifies the applicable regulations and assesses their impact on internal processes and procedures;
contributes to the definition of the internal control system and procedures aimed at preventing and combating money laundering and terrorist financing risks, continuously verifying their adequacy;

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

continuously verifies the adequacy of the risk management process and the appropriateness of the internal control system and procedures, proposing organisational and procedural changes aimed at ensuring adequate oversight;
through its head, and in coordination with the other relevant company functions, conducts the self-assessment of money laundering and terrorist financing risks required by the applicable provisions;
annually submits, through the Head of the Service, an activity plan to the Board of Directors, outlining both the second-level controls to be carried out and any organisational and/or technical-IT measures required to strengthen controls in the areas of customer due diligence, the reporting of suspicious transactions, and the retention of data, information and documents;
recommends to the Body with management responsibilities the corrective measures to be taken to address any weaknesses identified, including those identified by the competent authorities and Internal Audit;
conducts checks on the effectiveness of the reporting process and on the appropriateness of first-level assessments of customer operations;
collaborates in defining the policies for the governance of money laundering and terrorist financing risks and the stages into which the process is divided;
provides support and assistance to the Bank's Corporate Bodies and Senior Management;
coordinates the anti-money laundering structures of all the companies belonging to the former Banca Popolare di Sondrio Banking Group, ensuring that they implement consistent policies and adopt adequate and appropriate systems and procedures to effectively prevent the risk of money laundering and terrorist financing; to this end, it establishes dedicated internal control mechanisms applicable to the companies within the scope of the former Banca Popolare di Sondrio Banking Group;
analyses, on a preventive basis, the risks of money laundering and terrorist financing associated with the offer of new products and services, entry into new operating and market segments, outsourcing of services to third parties (including outsourcing of activities and information systems) and, in general, the pursuit of 'innovative' corporate projects;
verifies the reliability of the IT system for the fulfilment of customer due diligence, data retention and suspicious transaction reporting obligations;
submits to the Financial Intelligence Unit for Italy (FIU): a) objective reports on transactions at risk of money laundering, based on the instructions issued by the FIU; b) on a monthly basis, aggregated data on overall business activity, in accordance with the 'Provisions for the submission of aggregated data' published on 25 August 2020;

Banca Popolare di Sondrio BANKING GROUP
Gruppo BPER Banca

emarket
with storage
CERTIFIED

Financial year 2025

in cooperation with the relevant functions, it oversees the development of a corporate training plan aimed at ensuring that staff and external collaborators receive ongoing refresher training on anti-money laundering and counter-terrorist financing;
promptly informs the corporate bodies, through the department manager, of any significant violations or deficiencies identified in the performance of its duties;
periodically informs the Corporate Bodies - either directly or through the Anti-Money Laundering Officer - about the progress of corrective measures taken in response to deficiencies identified in control activities, and about any inadequacy of the human and technical resources allocated to the Anti-Money Laundering Function, as well as the need to strengthen these resources;
establishes direct information flows to the corporate bodies and Senior Management, providing them with support and assistance on the issues it oversees;
carries out enhanced customer due diligence in relation to particular circumstances - whether objective, environmental or subjective - in which the risk of money laundering is particularly high;
notifies the Italian Ministry of Economy and Finance of infringements pursuant to Article 49 of Legislative Decree No. 231/2007;
through the BPS Group's AML Office, which serves as a coordination unit for all companies within the former Banca Popolare di Sondrio Banking Group, ensures that these companies implement consistent policies and adopt adequate and appropriate systems and procedures to effectively prevent money laundering and terrorist financing, in line with the Group's structure and the size and characteristics of each intermediary;
establishes internal control mechanisms on AML/CFT matters at the level of the former Banca Popolare di Sondrio Banking Group;
through the head of the BPS Group's AML Office, collaborates with the anti-money laundering functions or similar structures of each entity within the former Banca Popolare di Sondrio Banking Group.

Third-level controls

In detail, the Internal Audit Service aims, on the one hand, to check, through third-level controls and on-site inspections, the regular course of operations and the development of risks, and, on the other hand, to assess the adequacy and functionality of the organisational structure and the other components of the internal control and risk management system, bringing possible improvements to the attention of the corporate bodies, with particular reference to the Risk Appetite Framework (RAF), the risk management process and the tools for measuring and controlling them.

As the Bank's third-level control function, the Service supports the Board of

Report on Corporate Governance and Ownership Structure

Financial year 2025

Bank of Canada

General Services

Directors, particularly with regard to specific risk control and organisational efficiency/effectiveness verification requirements.

The Service is independent of all production units and of other functions that perform control tasks; it does not carry out any operational and/or management activities in order to avoid the emergence of conflicts of interest, being entirely autonomous in terms of its internal organisation. It operates under the authority of its own head and reports directly, both hierarchically and functionally, to the Board of Directors, including through the Chair.

The Service verifies the correctness of the conduct adopted by the company's organisational units in carrying out the activities assigned to them, identifying any anomalous trends or procedural violations; it also performs investigative tasks, including with regard to specific irregularities or non-compliances identified.

In addition to performing autonomous third-level control tasks at Banca Popolare di Sondrio, the Service performs the internal audit function, on an outsourcing basis, for the Italian-registered product companies Factorit spa and Banca della Nuova Terra spa; the subsidiary BPS (SUISSE) SA, which operates in a foreign jurisdiction, on the other hand, has its own corporate audit function, in relation to which the Internal Audit Department ensures methodological coordination and provides guidance, and also carries out direct audits of the subsidiary.

The Service maintains direct reporting links with the Board of Directors, the Chief Executive Officer, the Control and Risk Committee and the Board of Statutory Auditors. Specifically, the head is required to report periodically to the Board of Directors, the Control and Risk Committee and the Board of Statutory Auditors on the results of the activities carried out, outlining the audits performed, the findings and the areas for improvement identified.

8.5 MANAGER RESPONSIBLE FOR PREPARING THE COMPANY'S ACCOUNTING DOCUMENTS

Law No. 262 of 28 December 2005, entitled 'Provisions for the Protection of Savings and the Regulation of Financial Markets', among various innovations regarding responsibilities and obligations related to corporate reporting, introduced the corporate role of the Manager responsible for preparing the Company's accounting documents, which is now governed by Article 154-bis of the Consolidated Law on Finance (TUF).

In accordance with the regulatory provisions, the Bank has incorporated into Article 32 of its Articles of Association the provisions relating to the Manager responsible for preparing the Company's accounting documents.

Pursuant to this provision, the Manager responsible for preparing the company's accounting documents is appointed by the Board of Directors, following the opinion of

Banca Popolare di Sondrio BANCERS S.p.A.
Gruppo BPER Banca

emarket
with storage
CERTIFIED

Financial year 2025

the Board of Statutory Auditors, and must have acquired adequate professional experience in administration and/or accounting over a reasonable period of time in the banking, financial, securities or insurance sectors.

The Manager responsible is vested with the powers and resources necessary to perform the duties assigned to them by law. In particular, the Manager is responsible for establishing appropriate administrative and accounting procedures for the preparation of the separate financial statements and the consolidated financial statements.

With particular reference to the obligations set out in Article 154-bis of the TUF, the Manager responsible for preparing the Company's accounting and corporate documents, together with the delegated administrative bodies, hereby certify:

the adequacy and effective application of the administrative and accounting procedures for the preparation of the Bank's separate financial statements and the consolidated financial statements of the former Banca Popolare di Sondrio Banking Group;
the compliance of the separate and consolidated financial statements with international accounting standards;
that the Bank's corporate accounting documents, as well as the Bank's deeds and communications disclosed to the market and relating to corporate information, agree with the findings of the books and the accounting entries;
that the annual and consolidated financial statements are able to provide a true and fair view of the equity, economic and financial position of the Bank and the former Banca Popolare di Sondrio Banking Group;
the ability of the report on operations to provide a reliable analysis of the Bank's performance and results, as well as its financial position, together with a description of the main risks and uncertainties to which they are exposed.

With the entry into force of Legislative Decree No. 125 of 6 September 2024, which implements Directive (EU) 2022/2464 (CSRD) on corporate sustainability reporting, the delegated management bodies and the Manager responsible for preparing the Company's accounting documents must certify, in a dedicated report, that the sustainability reporting included in the management report has been prepared in accordance with the reporting standards applied pursuant to Directive (EU) 2013/34 of the European Parliament and of the Council of 26 June 2013 and the Legislative Decree adopted in implementation of Article 13 of Law No. 15 of 21 February 2024, as well as the specifications adopted pursuant to Article 8(4) of Regulation (EU) 2020/852 of the European Parliament and of the Council of 18 June 2020.

With effect from 1 July 2024, the Board of Directors appointed Simona Orietti as the Manager responsible for preparing the Company's accounting documents.

8.6 INTERNAL CONTROLS RELATING TO ACCOUNTING AND FINANCIAL

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

CERTIFIED

INFORMATION

The Internal Control System for accounting and financial information is understood as the process which, by involving multiple corporate functions, provides reasonable assurance regarding the reliability of financial reporting, the accuracy of accounting documents, and compliance with applicable regulations.

The establishment and maintenance of an adequate control system for corporate information, and the Bank's periodic assessment of its effectiveness, presuppose the prior identification of a benchmarking model to be used as a reference. This model must be generally accepted, rigorous and comprehensive, and therefore capable of guiding the proper implementation and correct assessment of the control system itself. In order to assess the adequacy of its administrative and accounting procedures and the effectiveness of its internal control system, the Bank has adopted a reference model based on the guidelines and principles set out in the 'CoSO Framework' and, with regard to information systems, in the 'COBIT Framework', which represent the generally accepted international benchmarks for internal control systems.

The verification of the existence of an adequate system of administrative and accounting procedures and of its proper functioning over time is carried out in accordance with methodologies set out in internal methodological regulations and is performed, in part, by the dedicated organisational unit established for this purpose and, in part, by the same unit with the support of other corporate functions.

Description of the main features of the existing risk management and internal control systems in relation to the financial reporting process

The main stages of the model adopted by the Bank, aimed at issuing the certifications required by Article 154-bis of the TUF, are described below.

Identification of financial reporting risks

The risk identification process is carried out, first and foremost, by selecting the relevant entities (companies) within the scope of consolidation of the former Banca Popolare di Sondrio Banking Group and, subsequently, by analysing the risks inherent in the business processes from which the financial reporting originates.

The identification of the scope of the investigation involves:

the definition of relevant entities based on quantitative and qualitative criteria in relation to the economic and financial contribution made by the individual companies of the former Banca Popolare di Sondrio Banking Group in the most recent available financial statements, and in relation to the impact on the company's accounting and financial reporting;
the identification of significant financial statement items and processes, defined as such if they are associated with material data and information, i.e., accounting items

Banca Popolare di Sondrio FONDAZIONE DEI STRUTTURA

Report on Corporate Governance and Owners

Structure

Financial year 2025

for which there is a more than remote possibility that they may contain errors with a potentially material impact on the financial reporting.

Within each significant process, the most relevant ‘assertions’ are also identified, again on the basis of risk analysis assessments. Financial statement assertions relate to existence, completeness, occurrence, assessment, rights and obligations, and presentation and disclosure. Therefore, the risks relate to the possibility that one or more financial statement assertions may not be correctly presented, with a consequent impact on the financial reporting itself.

Identification of controls to address the identified risks

In response to the identified risks, the corresponding control measures are identified to ensure the proper processing of the ‘accounting data life cycle’, with the aim of guaranteeing a true and accurate representation of the financial reporting.

The control system is structured to include controls at the entity level, which operate across the entire entity, and specific controls at the process level.

Having adopted a ‘risk-based’ approach, the identification of critical processes and accounting risks at the process level guides the analytical activities, enabling the identification and assessment of the controls required to mitigate the inherent risk and reduce the residual risk to acceptable levels.

Assessment of the controls implemented in relation to the identified risks

The adequacy and effective application of the administrative and accounting procedures are verified by assessing the process controls, i.e., by evaluating the design and actual operation.

The overall analysis of the controls covering each risk is independently defined as a summary of the process for assessing the level of adequacy and compliance associated with these controls.

The risk assessment process concludes with the determination of the residual risk level, which is the value resulting from the application of the overall assessment of the controls.

Information flows containing the results of the activities carried out are submitted to the administrative bodies on a half-yearly basis in the form of operational reports prepared by the designated Manager to support the certifications accompanying the accounting documents.

Roles and functions involved

The Manager governs the system that oversees the preparation of financial information. To this end, they have the authority to define the organisational guidelines to establish an adequate structure within their function, are equipped with the means and tools to carry out their activity, and collaborate with other organisational units by establishing a systematic relationship with the functions that contribute to the process of preparing financial reports.

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

CERTIFIED

Every six months, the Manager prepares a report, which they present to the Board of Directors and send to the Internal Audit Service for their information. It is the responsibility of the Board of Directors to ensure that the appointed Manager has the appropriate powers and resources to perform the tasks assigned to them, as well as to oversee the proper execution of administrative and accounting procedures.

The Manager is required to promptly inform the Board of Statutory Auditors if critical issues of an accounting, equity, or financial nature arise.

Under a specific service agreement, the Internal Audit Service provides the appointed Manager with any information and data that may facilitate the assessment and governance of any potential critical issues, such as anomalies that may fall within the appointed Manager's scope of action. Similarly, in accordance with their respective mandates, the Manager is required to promptly inform the Internal Audit Service if, in the course of carrying out their activities, they become aware of particularly serious irregularities, including those not strictly of an accounting/financial nature.

The Risk Management Function collaborates with the Manager responsible for preparing financial reports concerning risks and related hedging policies, while the Compliance Service and the DPO ensure adequate information flows regarding the transposition of external regulations that may affect them.

In the event that information containing accounting data is disclosed to the market, the Manager must be involved.

For each subsidiary classified as material, and also for the purposes of the consolidated financial reporting of the former Banca Popolare di Sondrio Banking Group, the relevant executive body appoints a contact person for the Manager, who is tasked with extending the reference model applied by the Bank to the subsidiary's own processes. At least once every six months, a certification is issued to the Manager, in which the contact person confirms the adequacy and effective application of the administrative and accounting procedures for the preparation of their financial statements, as well as the consistency of the information provided with the accounting books and records.

8.7 ORGANISATIONAL, MANAGEMENT AND CONTROL MODEL PURSUANT TO LEGISLATIVE DECREE 231/2001

By resolution of the Board of Directors of 28 August 2008, the Bank adopted its own Organisational and Management Model pursuant to Legislative Decree No. 231/2001 (hereinafter also referred to as the 'Model'), which sets out the operating principles and rules through which the Bank intends to comply with the provisions of the Decree.

The purpose of the Model is to set up a structured and organic system of procedures and control activities for the prevention and conscious management of the risk of offences being committed through the identification of sensitive processes and their subsequent

Banca Popolare di Sondrio FONDAZIONE DEI STRUTTURA

Report on Corporate Governance and Owners

Structure

Financial year 2025

formalisation. These activities make it possible to:

ensure that all those who operate in the name and on behalf of the Bank are aware that, in the event of violating the provisions set out therein, they may engage in conduct subject to disciplinary sanctions and, if it constitutes an offence pursuant to Legislative Decree No. 231/2001, to criminal and administrative sanctions, not only against themselves but also against the Bank;
ensure the compliance of everyone's behaviour with the ethical principles to which the Bank adheres in carrying out its corporate mission;
enable the Bank, through the monitoring of 'high-risk business areas', to take prompt action to prevent or combat the commission of such offences.

In this regard, training and information activities are also noted for the recipients of the Model through the provision of dedicated training on the presence and content of the Model, the composition and duties of the Supervisory Body, as well as the publication of the Model in its entirety on the company intranet and the General Section and Code of Ethics on the company website.

Pursuant to Legislative Decree No. 231/2001, the task of supervising the operation of and compliance with the Model, as well as promoting its updating, must be entrusted to a body with autonomous powers of initiative and control. Accordingly, the Board of Directors established the Supervisory Body (hereinafter also referred to as the 'SB') at the appropriate time, with the task of monitoring the effective implementation of the Organisational Model.

As of 1 January 2024, the composition of the Supervisory Body has been significantly changed, in part to comply with case law and the provisions of the Corporate Governance Code to which the Bank has adhered. Specifically, the Body, which is supported by a Secretariat, comprises 3 members: 2 professionals from outside the Banking Group, including the Chair of the Board, and 1 internal member. All members possess the appropriate professional qualifications and specific skills, covering a range of subject areas and experience, as assessed by the Board of Directors at the time of their appointment.

The Supervisory Body is entrusted with the task of supervising:

the effectiveness and adequacy of the Model in relation to the corporate structure and its actual capacity to prevent the commission of offences;
the compliance with the provisions of the Model by the Corporate Bodies, employees, and third parties, requesting, where appropriate, the assessment of initiating disciplinary proceedings;
the advisability of updating the Model, in light of changes in the company's circumstances and/or in the regulatory framework, as well as in the event of significant and/or repeated breaches of the Model.

In order to fulfil the duties assigned to it pursuant to Legislative Decree No.

emarket

and storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINDACO IND. S.P.C.

Gruppo BPER Banca

231/2001, the SB is entrusted with the following activities:

disseminating and verifying, within the corporate context, knowledge and understanding of the principles set out in the Model and the Code of Ethics;
preparing the annual plan of its own checks to assess the adequacy and functioning of the Model;
verifying the risky business areas identified in the Model and the effectiveness of the protocols put in place by the Bank to oversee these areas;
requesting, collecting and processing any information relevant to verifying the adequacy of the Model and its observance by the addressees;
conducting investigations into possible violations of the provisions of the Model, including on the basis of reports received, in order to strengthen the Model;
reporting any established violations to the competent body for the possible initiation of disciplinary proceedings;
verifying that violations of the Model are effectively and appropriately sanctioned;
drawing up an annual training plan aimed at promoting awareness of the Model and the Code of Ethics;
periodically assessing the adequacy of the Model with respect to the provisions and regulatory principles of the Decree;
regularly assessing the adequacy of information flows and taking any necessary corrective measures;
receiving and processing any information relevant to verifying the adequacy of the Model and its observance by the addressees;
promptly forwarding to the Board of Directors any information relevant to the performance of the SB's duties, as well as to the Bank's proper compliance with the provisions of the Decree;
verifying and monitoring the proper maintenance and effectiveness of all documentation relating to the activities identified in the Model.

To these ends, the Supervisory Body also makes use of the reports of the internal control functions, liaises with the Board of Statutory Auditors and the Control and Risk Committee, and holds regular meetings during which it may summon the heads of business processes for matters within their competence, recording these meetings in a dedicated minute book.

In 2025, the SB held 7 meetings, convening numerous heads of the Bank's main functions, including on the basis of the periodic information flows governed by the OMM itself.

Ongoing liaison with the Board of Statutory Auditors is ensured, in addition to the flow of information, by the presence of a Standing Auditor among the members of the Supervisory Body. The Chair also attended 4 meetings of the Control and Risk Committee

Banca Popolare di Sondrio FONDOUNIONARI

Gruppo BPER Banca

emarket

with storage

CERTIFIED

Saniter

Financial year 2025

and 3 meetings of the Board of Directors, with a view to ensuring more effective coordination and a mutual exchange of information.

In addition, the Supervisory Body held numerous and regular coordination and guidance meetings with the consultancy firm appointed to assist the Bank in updating the Organisational and Management Model, with a view to ensuring that it remains effective and up to date in light of the numerous organisational and regulatory changes that have occurred since its last release.

The Supervisory Body reports on the results of its activities, on the functioning of the Model and on compliance with it, except in particularly serious cases, where reporting is immediate, in a dedicated annual report submitted to the Board of Directors, the Control and Risk Committee and the Board of Statutory Auditors, setting out, where necessary, proposals for measures or corrective actions.

Pursuant to Legislative Decree No. 231/2001, an integral part of the Model is the Code of Ethics (comprehensively revised and updated in 2025), which expresses the Bank's ethical commitments and responsibilities in the conduct of its business and corporate activities and defines the set of values and principles, as well as the guidelines for conduct inspired by criteria of fairness, transparency, integrity, and professionalism.

The provisions of the Model and the Code of Ethics are addressed to the members of the corporate bodies, to all employees and, in general, to all those who work with the Bank, whatever their relationship with the Bank may be, as well as to those who have business relations with the Bank.

The recipients thus identified are required to comply with the principles and to report to the Supervisory Body any information relating to conduct that may constitute a breach of the Model or the Code of Ethics.

During 2025, the Board of Directors approved the complete revision and updating of the Code of Ethics, the Regulations on the Composition and Operation of the Supervisory Body, the General Section of the Model, and the Catalogue of Predicate Offences pursuant to Legislative Decree No. 231/2001, as well as the introduction of the Annex - Information Flows to and from the Supervisory Body.

The review of the entire 231 framework was to have been completed in terms of its drafting by the end of 2025, with the Board of Directors approving the Special Section, which comprises the set of Prevention Protocols specific to the types of offences provided for by Legislative Decree No. 231/2001. In anticipation of the timing of the completion of the merger by incorporation into BPER Banca spa, the Board of Directors engaged with the Supervisory Body, both directly and through the assessment of the Control and Risk Committee. Having assessed the information received, the Board of Directors concluded that the activity could not be usefully and effectively completed before the date set for the merger and therefore resolved to discontinue the review activity.

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

emarket

sdir sbarage

CERTIFIED

8.8 INDEPENDENT AUDITORS

At its Shareholders' Meeting held on 29 April 2017, Banca Popolare di Sondrio appointed EY S.p.A., registered in the Single Register of Statutory Auditors maintained by the Ministry of Economy and Finance under No. 70945, to audit the Bank's financial statements, the consolidated financial statements of the former Banca Popolare di Sondrio Group, and to conduct a limited audit of the consolidated half-yearly financial reports for the financial years 2017-2025.

Following the completion of the PTO and BPER Banca's assumption of the role of Parent Company of the former Banca Popolare di Sondrio Group, the approach expressed by the new Parent Company, which envisages the appointment of a single Group Auditor for all its subsidiaries, was implemented. Therefore, at the Shareholders' Meeting held on 15 September 2025, the Board of Directors and the Board of Statutory Auditors submitted for approval a proposal for the consensual termination of the engagement of EY spa and, at the same time, for the appointment of Deloitte&Touche spa for the nine-year period 2025-2033. The Shareholders' Meeting therefore approved the aforementioned proposals.

It should also be noted that the Shareholders' Meeting of 27 April 2024 had already appointed KPMG S.p.A. as independent auditors for the nine-year period from 2026 to 2034. At the Shareholders' Meeting held on 15 September 2025, the Shareholders also approved the consensual termination of the audit mandate previously awarded to KPMG spa.

Banca Popolare di Sondrio PONORA UNI, L.P.P.
Gruppo BPER Banca

CERTIFIED

Financial year 2025

9. DIRECTORS' INTERESTS AND TRANSACTIONS WITH RELATED PARTIES/ASSOCIATED PARTIES

The Bank manages conflicts of interest with the aim of ensuring, as effectively as possible, compliance with the relevant regulations governing its operations. The areas sensitive in terms of managing conflicts of interest addressed herein relate to: transactions with related parties, as referred to in IAS 24 and in the Regulation issued by Consob Resolution No. 17221 of 12 March 2010 and subsequent amendments; transactions with associated parties, as referred to in Part Three, Chapter 11 of Bank of Italy Circular No. 285/2013 ('Risk activities and conflicts of interest in relation to associated parties'); loans to corporate officers and their related parties, as referred to in Article 88(1)(4) and (5) of Directive (EU) 2013/36, as amended by Directive (EU) 2019/878; and the obligations of bank officers, as referred to in Article 136 of the Consolidated Law on Banking and in Title II, Chapter 3 of Circular No. 229/1999 (Supervisory Instructions for Banks).

The Internal Regulation on related-party transactions adopted by the Bank is published on the company's website at the link https://istituzionale.popso.it/en in the section on corporate governance.

In accordance with current legislation, information on transactions with related parties is disclosed in the reports and explanatory notes, both statutory and consolidated, of the Bank's Annual Financial Report; it is also disclosed in the report and explanatory notes of the Consolidated Half-Year Financial Report as at 30 June.

In addition to quantifying the impact of related-party transactions in relation to the balance sheet and financial aggregates (Consob Communication DEM/6064293 of 28 July 2006), this information specifies whether these transactions: form part of the Bank's ordinary operations; are settled on market terms; and, in any case, are based on assessments of mutual economic convenience. The disclosures also specify, again in relation to possible conflicts of interest, whether there are any positions or transactions deriving from atypical and/or unusual operations, as defined by the relevant regulations (Consob Circular DEM/1025564 of 6 April 2001).

The Internal Regulations on transactions with related parties, adopted by the Bank pursuant to the rules set out in Title V, Chapter V of Bank of Italy Circular no. 263/2006, which came into force on 31 December 2012 and was subsequently incorporated into Circular no. 285/2013, are also published on the company website https://istituzionale.popso.it/en in the section on corporate governance. In particular, risk activities involving related parties are reported to the Bank of Italy on a quarterly basis from 31 December 2012, both at the consolidated and individual levels.

The obligations referred to in Article 136 of the Consolidated Law on Banking entered into with Banca Popolare di Sondrio by its representatives and by companies

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

CERTIFIED

associated with them pursuant to the relevant regulations, are unanimously approved by the Board of Directors, the interested representative having abstained, with the favourable vote of all the standing members of the Board of Statutory Auditors. If a Statutory Auditor is absent from the meeting at which the aforementioned obligations are examined and approved, they shall formally express their consent as soon as possible, and in any case before the resolution is implemented.

Register of related parties/associated parties and those referred to in Article 136 of the Consolidated Law on Banking, and review of transactions

Until Banca Popolare di Sondrio's entry into the BPER Banca Banking Group, the compliance contact person within the Legal and Regulatory Advice Department responsible for overseeing regulatory matters relating to transactions with related parties and associated persons collected information from the directors, statutory auditors, key management personnel, and certain employees of the Bank and the companies of the former Banca Popolare di Sondrio Group using dedicated registration forms regarding relevant persons, pursuant to CONSOB Regulation No. 17221, Circular No. 285/2013, Article 88 of Directive (EU) 2013/36, and Article 136 of the Consolidated Law on Banking.

Furthermore, the compliance contact person entered the information collected into a dedicated IT application that interfaced with the general register, which therefore received information relating to related parties and/or associated parties, referred to in Article 88 of Directive (EU) 2013/36, and referred to in Article 136 of the Consolidated Law on Banking.

As of 15 September 2025, the updating of information relating to relevant persons of the Bank and the companies of the former Banca Popolare di Sondrio Banking Group is handled by the designated departments of the parent company, BPER Banca S.p.A., which also ensure that this information is entered into the dedicated IT application.

Banca Popolare di Sondrio's Large Exposures Office and Rating Desk continue to carry out the prior review and record in the aforementioned application any credit transactions proposed by the branches involving related parties, associated parties, and persons referred to in Article 88 of Directive (EU) 2013/36. It also prepares the information for the Committee for Related-Party Transactions regarding the transactions on which the Committee is required to express its opinion.

9.1 COMMITTEE FOR RELATED-PARTY TRANSACTIONS

The Committee for Related-Party Transactions is composed of three independent non-executive directors, one of whom is selected from among the directors elected by minority shareholders, if any.

In this regard, at its meeting of 12 May 2025, the Board of Directors renewed the composition of the Committee, which was made up as follows:

Banca Popolare di Sondrio BANKING AND FIT

Gruppo BPER Banca

emarket

502-552-006

CERTIFIED

Banca Popolare

di Sondrio

Sondrio 2015-2018

Report on Corporate Governance and Owners

Structure

Financial year 2025

Rossana Zambelli, appointed Chair of the Committee at its meeting held on 3 June 2025;
Montaudo Christian;
Providenti Salvatore;
Recchi Giuseppe.

Following the entry of Banca Popolare di Sondrio into the BPER Banca Group and the Shareholders' Meeting of 15 September 2025, which renewed the Board of Directors in its entirety, at its meeting of 19 September 2025, the Board of Directors renewed the composition of the Committee for Related-Party Transactions, which, as at 31 December 2025 and as at the date of approval of this Report, is composed as follows:

Chair

Member

Beni Gabriele

Cincotti Cristiano

Reechi Giuseppe

The Chair of the Committee is appointed by the Board of Directors and, in the event of the Chair's absence or incapacity, the most senior member of the Committee in terms of length of service, or, in the event of equal length of service, the oldest member, shall take the Chair's place in all the Chair's duties.

As at 31 December 2025 and as at the date of approval of this Report, the role of Chair of the Committee for Related-Party Transactions is held by Gabriele Beni.

The Chair:

a) coordinates the Committee's activities, convenes its meetings and, assisted by the Secretary, sets the agenda, ensuring that Committee members are provided with timely and adequate information;
b) chairs the Committee's meetings, directs and moderates the discussion, ensures the effectiveness of the debate, and endeavours to ensure that the opinions and other conclusions reached by the Committee are the result of proper dialogue and the informed and reasoned input of all its members.

The Chair of the Committee maintains close relations with the Chair of the Board of Directors in order to coordinate the Committee's activities with those of the Board. In

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

Gruppo BPER Banca

emarket

sdir

generali

addition, the Chair informs the Board of Directors of the activities carried out at the next available meeting.

With reference to the provisions of the 'Regulation on transactions with related parties' (hereinafter also referred to as the 'Consob Regulation') issued by Consob Resolution No. 17221/2010 and subsequent amendments, the Committee for Related-Party Transactions:

i. analyses and provides a binding opinion to the Board of Directors on the adequacy of the procedures designed to ensure, in compliance with the relevant regulations, the substantive and procedural transparency and fairness of transactions carried out with related parties;

ii. issues a reasoned, non-binding opinion on the Bank's interest in completing minor transactions of small value that are not excluded from the procedures, and on the advisability and substantive fairness of the relevant conditions, having received, sufficiently in advance, complete and adequate information to enable it to issue such an opinion;

iii. participates in the negotiation and due diligence phases for transactions of greater significance. This participation takes the form of receiving a complete and timely flow of information, as well as the right to request information and to make observations to the delegated bodies and to the persons responsible for conducting the negotiations or the due diligence process. To carry out this activity, the Committee may delegate one or more of its members;

iv. issues a reasoned opinion on the Bank's interest in carrying out the most significant transactions, as well as on the advisability and substantial fairness of the related conditions. This opinion shall be made available to the public as an annex to the information document prepared by the Bank pursuant to Article 5, paragraph 1, of the Consob Regulation, or shall be published on the Bank's website;

v. collaborates with the compliance contact person in the Legal and Regulatory Advice Office to oversee regulatory matters relating to transactions with related parties in the preparation of the quarterly report, to be submitted to the Board of Directors and the Board of Statutory Auditors, on the execution of transactions with the aforementioned parties;

vi. every six months, it takes note of the information included in the Bank's annual operation report and in the consolidated half-yearly report on related-party transactions, and, where appropriate, makes observations.

Furthermore, in the event of ordinary related-party transactions concluded on terms equivalent to market or standard terms, the Committee shall receive complete and adequate information on such transactions. The Committee is not involved when related-party transactions fall within the cases and exclusion options that the Bank makes use of.

With reference to the provisions of the 'Supervisory Provisions for Banks', issued by

Banca Popolare di Sondrio BANKING AND SOCIETY Groupob PEP

CERTIFIED

Structurae

Financial year 2025

the Bank of Italy in Circular no. 285/2013 and subsequent amendments, Part Three, Chapter 11, 'Risk activities and conflicts of interest in relation to related parties', the Committee for Related-Party Transaction:

i. analyses and provides a binding opinion to the Board of Directors on the adequacy of the procedures to ensure, in compliance with the relevant regulations, the objectivity and impartiality of the resolution, by the Bank's competent departments, of transactions carried out with associated parties;

iv. issues a reasoned opinion on the Bank's interest in carrying out the most significant transactions, as well as on the advisability and substantial fairness of the related conditions;

v. collaborates with the compliance contact person in the Legal and Regulatory Advice Office to oversee regulatory matters relating to transactions with associated parties in the preparation of the quarterly report, to be submitted to the Board of Directors and the Board of Statutory Auditors, on the execution of transactions with the aforementioned parties;

Furthermore, the RPT Committee provides the Board of Directors with a reasoned, binding opinion on the adequacy of the internal policies of the former Banca Popolare di Sondrio Banking Group in terms of establishing an organisational structure and a system of internal controls that enable the effective prevention and management of potential conflicts of interest in transactions with related parties.

The RPT Committee is not involved when transactions with associated parties fall within the exclusion cases and powers exercised by the Bank.

The RPT Committee has access to the relevant corporate information necessary to perform the tasks assigned to it.

Minutes of the meetings of the Committee for Related-Party Transactions are duly taken by the Secretary, in agreement with the Committee Chair, and the minutes are generally submitted to the Committee for approval at its next meeting.

In 2025, the members of the Board of Statutory Auditors generally attended the

CERTIFIED

Banca Popolare di Sondrio

SINDACO IND. SPEC.

Gruppo BPER Banca

Report on Corporate Governance and Ownership Structure

Financial year 2025

Committee's meetings.

During 2025, the Committee met 16 times, with each meeting lasting an average of 40 minutes. To date, the Committee for Related-Party Transactions has met three times in 2026.

103

Banca Popolare di Sondrio PROPRIATE SINO CITY

Gruppo BPER Banca

CERTIFIED

Structure

Financial year 2025

10. THE BOARD OF STATUTORY AUDITORS

Composition of the Board of Statutory Auditors as at 31/12/2025

Chair

Vago Carlo Maria

Statutory Auditor

De Buglio Massimo

Statutory Auditor

Vitali Laura

Alternate Auditor

Capitanio Marco Fabio

Alternate Auditor

Vido Paolo

10.1 APPOINTMENT AND REPLACEMENT OF STATUTORY AUDITORS

Articles 39 and 40 of the Articles of Association govern the appointment of the members of the Board of Statutory Auditors through the list voting mechanism.

The lists, containing the indication of candidates for the position of standing auditor and substitute auditor divided into two sections, may be submitted by shareholders who, alone or jointly, represent at least 1% of the share capital, unless the law and regulations in force from time to time establish a lower percentage, to be indicated in the notice of call of the Meeting.

The lists containing no fewer than three standing statutory auditor candidates must ensure gender balance in its composition, in accordance with the principles established by the laws and regulations in force over time.

The lists must be filed at the company's registered office in accordance with the terms of the law.

In the event that only one list, or only lists submitted by shareholders who are

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

connected with each other, has been filed by the deadline provided for by the regulations, the bank shall promptly notify; in this case, lists may be submitted up to the third day following the deadline, and the threshold for the presentation of lists is reduced by half.

Detailed information about the personal and professional characteristics of the candidates must also be submitted to the registered office, along with the list of positions held in other companies and the declarations in which the candidates accept their candidacy, declare themselves suitable for the position, and certify that there are no reasons for ineligibility or incompatibility, and that they meet the requirements set out by the law and the Articles of Association to hold the office of auditor.

All the information required by Article 144-decies of the Issuers' Regulation concerning the elected members of the Board of Statutory Auditors can be found on the Bank's website, in the section https://istituzionale.popso.it/en/investor-relations/shareholders-meeting. In particular, the lists from which they were selected (with details of the submitting shareholders), detailed information on the personal and professional characteristics of the candidates, and the declarations certifying that they meet the eligibility requirements set out by the legislation.

From the list that obtained the highest number of votes at the Shareholders' Meeting, two standing statutory auditors and one alternate auditor are selected, in the progressive order in which the candidates are listed in the relevant section of the list.

From the list that obtained the second highest number of votes and that was not submitted or voted for by shareholders connected with those who submitted or voted for the list that obtained the highest number of votes, one standing statutory auditor and one alternate auditor shall be selected, in the sequential order in which the candidates are listed in the relevant section of that list. The Standing Auditor appointed from this list shall serve as Chair of the Board of Statutory Auditors.

If two or more lists among those from which the candidates are to be drawn have obtained the same number of votes, the same shall be subject to a second ballot until the number of votes obtained ceases to be equal.

If only one list has been submitted, all the standing and alternate statutory auditors shall be taken from that list, subject to compliance with the rules on gender balance in force from time to time. In this case, the chair shall be held by the candidate in first place on the list.

In the event that the composition of the Board of Statutory Auditors resulting from the outcome of the vote does not comply with the principle of gender balance, the auditor elected from the list that obtained the highest number of votes, who belongs to the more represented gender and is distinguished by the highest sequential number, is replaced by the next candidate on the same list belonging to the less represented gender. If this does not identify suitable substitutes, the auditor appointed from the list that obtained the second highest number of votes also gets substituted. Even if suitable substitutes are not

Banca Popolare di Sondrio PONORA UNI EN

Gruppo BPER Banca

CERTIFIED

Banca Popolare

di Sondrio

PROPRIETARY INTERNATIONAL

Report on Corporate Governance and Owners

Structure

Financial year 2025

identified, or if the mechanism cannot be applied, the Shareholders' Meeting resolves on the spot by a relative majority between individual candidates belonging to the less represented gender, on the proposal of the persons present who have the right to vote, proceeding with replacement in the order indicated above.

Article 41 of the Articles of Association governs the procedure for replacing statutory auditors. If one or more standing statutory auditors are no longer in office, the alternates from the same list shall take their place, in the order in which they were listed, subject to compliance with the legislation in force from time to time concerning gender balance, and shall remain in office until the next Shareholders' Meeting.

If the Meeting is required to replace statutory auditors taken from the majority list or from the only list submitted, a vote shall be held by relative majority among candidates not subject to the list requirement or, alternatively, among the candidates placed on any other minority lists, again by relative majority, but without taking into account the votes of the shareholders who submitted the majority list at the most recent election of the Board of Statutory Auditors or who, according to the notices provided in accordance with the regulations in force from time to time, hold, including indirectly, a relative majority of the votes that can be exercised at the meeting and of the votes of the shareholders connected with them, as defined by the regulations in force from time to time. In any case, gender balance must be ensured in the composition of the Board of Statutory Auditors, in accordance with the principles established by the legislation in force from time to time.

10.2 COMPOSITION OF THE BOARD OF STATUTORY AUDITORS

The Board of Statutory Auditors in office at the date of approval of this Report was appointed for the three-year period 2024-2026 by the Shareholders' Meeting held on 27 April 2024 and, pursuant to the Articles of Association, its term of office will expire on the date of the Shareholders' Meeting called to approve the financial statements for the third year of its term of office.

The current composition of the Board of Statutory Auditors is as follows (also shown in greater detail in Table No. 4 attached to this Report):

Office	Members
Chair of the Board of Statutory Auditors	Vago Carlo Maria
Statutory Auditor	De Buglio Massimo
Statutory Auditor	Vitali Laura
Alternate Auditor	Capitanio Marco Fabio
Alternate Auditor	Vido Paolo

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

SINDACO IND. S.P.L.

Gruppo BPER Banca

With regard to the renewal of the Board of Statutory Auditors by the Shareholders' Meeting of 27 April 2024, for the election of the standing and alternate statutory auditors and the Chair of the Board of Statutory Auditors for the three-year period 2024-2026, two lists had been duly submitted within the statutory time limits:

'List No. 1', submitted by the following 4 shareholders, for a total shareholding in the capital of Banca Popolare di Sondrio of 1.136%:
Catalano Salvatore;
7 Aprile srl;
Prandi Carmen;
Società Finanziaria Polisetttoriale SO.FI.P. spa.
'List No. 2', submitted by the following 12 shareholders, for a total shareholding in the capital of Banca Popolare di Sondrio of 1.22727%:
Amundi Asset Management SGR spa, manager of the Amundi Impegno Italia - B fund and the Amundi Sviluppo Attivo Italia fund;
Anima SGR spa, manager of the Anima Iniziativa Italia fund;
BancoPosta Fondi spa SGR, manager of the Bancoposta Rinascimento fund;
Eurizon Capital SA, manager of the Eurizon Fund, sub-funds: Italian Equity Opportunities and Equity Italy Smart Volatility;
Eurizon Capital SGR spa, manager of the funds: Eurizon Step 70 PIR Italia Giugno 2027, Eurizon PIR Italia Azioni, Eurizon Azioni Italia, Eurizon Progetto Italia 70 and Eurizon Progetto Italia 40;
Fideuram Asset Management Ireland, manager of the Fonditalia Equity Italy fund;
Fideuram Intesa Sanpaolo Private Banking Asset Management SGR spa, manager of the funds: Fideuram Italia, Piano Bilanciato Italia 50 and Piano Azioni Italia;
Interfund SICAV - Interfund Equity Italy;
Kairos Partners SGR spa, in its capacity as Management Company of Kairos International SICAV - Italia and Made in Italy Sub-Funds;
Mediobanca SGR spa, manager of the Mediobanca MID & Small Cap Italy fund;
Mediolanum Gestione Fondi SGR spa, manager of the fund: Mediolanum Flessibile Futuro Italia fund;
Mediolanum International Funds Limited - Challenge Funds - Challenge Italian Equity.

Following the voting, the list that obtained the highest number of votes was List No. 1, with 216,614,485 votes, representing 93.1% of the share capital present at the Shareholders' Meeting. List No. 2 received 14,285,702 votes, representing 6.1% of the capital present at the Shareholders' Meeting.

107

Banca Popolare di Sondrio FONDAZIONE DEI STRUTI

CERTIFIED

Banca Popolare di Sondrio FONDAZIONE DEI STRUTI

Gruppo BPER Banca

Report on Corporate Governance and Owners

Structure

Financial year 2025

Therefore, pursuant to the Articles of Association, the following persons were elected for the three-year period 2024-2026: Ms Laura Vitali (Standing Statutory Auditor), Mr Massimo De Buglio (Standing Statutory Auditor) and Mr Paolo Vido (Alternate Statutory Auditor), from 'List No. 1'; and Mr Carlo Maria Vago (who assumed the role of Chair of the Board of Statutory Auditors) and Mr Marco Fabio Capitanio (Alternate Statutory Auditor), drawn from 'List No. 2'.

All the information required by Art. 144-decies of the Issuers' Regulation concerning the elected statutory auditors can be found on the company's website, in the section https://istituzionale.popso.it/en/investor-relations/shareholders-meeting. In particular, the lists from which they were selected (including the details of the presenting shareholders), comprehensive information on the personal and professional characteristics of the candidates, and the declarations confirming compliance with the legal requirements and the independence requirements set by regulations, respecting the guidelines contained in the 'ECB Guide to the Assessment of Suitability Requirements' and the Recommendations of the Corporate Governance Code, to which the Bank adhered on 30 June 2023.

The list of offices held by each member of the Board of Statutory Auditors, as known to the Bank since the last survey, is set out in Table 6, annexed to this Report.

On 27 May 2024, the Board of Statutory Auditors carried out the process of assessing the requirements and criteria for the suitability and independence of the statutory auditors elected by the Shareholders' Meeting of 27 April 2024.

Based on the information provided by the parties concerned and the documentation available to the Bank, the Board of Statutory Auditors has ascertained that the members of the Board of Statutory Auditors meet the aforementioned requirements and criteria of suitability and independence:

Carlo Maria Vago (Chair of the Board of Statutory Auditors);
Massimo De Buglio (Standing Auditor);
Laura Vitali (Standing Auditor);
Marco Fabio Capitanio (Alternate Auditor);
Paolo Vido (Alternate Auditor).

Therefore, all members of the Board of Statutory Auditors meet the professional requirements set out in the regulations in force for those performing control functions in banks.

Diversity criteria and policies in the composition of the Board of Statutory Auditors

With regard to the company's diversity policies applied in relation to the composition of the Board of Statutory Auditors, Article 38 of the Articles of Association stipulates that the composition of the Board of Statutory Auditors must ensure gender balance in accordance with current regulations.

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

Gruppo BPER Banca

CERTIFIED

In order to ensure full compliance with the principles of diversity and inclusion within the Banca Popolare di Sondrio Group and to guarantee an appropriate level of diversity among the corporate bodies, the Board of Directors has adopted the 'Regulation on Diversity in the Composition of the Board of Directors and the Board of Statutory Auditors of Banca Popolare di Sondrio', which aims to ensure that the composition of the corporate bodies reflects an appropriate degree of diversity in terms of, among other things, skills, experience, age, gender, and international outlook.

In accordance with the above, at the end of the 2025 financial year, the Board of Statutory Auditors of Banca Popolare di Sondrio was composed of 1/3 female members and 2/3 male members. The composition of the Board of Statutory Auditors is in line with the applicable regulatory provisions, as well as with the guidelines issued by national and European authorities, which require adequate diversity in terms of age, gender, length of tenure and skills, in order to, inter alia, encourage debate and dialogue within the Board and foster the emergence of a variety of approaches and perspectives.

With regard to the educational and professional backgrounds of the members of the Board of Statutory Auditors, it should be noted that, in accordance with current provisions, the Supervisory Body, when verifying the requirements of professionalism, integrity, and independence as stipulated by the supervisory regulations, carries out an in-depth professional assessment of the appointed individuals at the time of their appointment and verifies that they meet these requirements. The current standing members of the Board of Statutory Auditors possess diverse educational and professional backgrounds, which ensure a comprehensive overview that is fully suited to the role they hold.

As stated in the section on the Board of Directors, we would like to remind readers that, in order to ensure the maximum efficiency and effectiveness of the company's senior management bodies, the standing statutory auditors participate in high-level, topic-specific training programmes aimed at updating their knowledge, stimulating discussion and exchange between the various professional backgrounds represented on the body to which they belong, and also facilitating the identification of any areas for improvement in the governance and control of Group risks.

For further information on the criteria and policies regarding diversity in the composition of the Board of Statutory Auditors, please refer to the 'Sustainability Report' included in the Report on Operations of the 2024 Annual Financial Report, which is available on the company's website in the Investor Relations section.

10.3 ROLE OF THE BOARD OF STATUTORY AUDITORS

Pursuant to Article 42 of the Articles of Association, the Board of Statutory Auditors oversees, among other matters:

Banca Popolare di Sondrio PONORA UNI EN

Gruppo BPER Banca

CERTIFIED

Structura

Financial year 2025

compliance with the law, the Articles of Association, the Bank's regulations and corporate resolutions; compliance with the principles of proper administration;
the adequacy of the organisational, administrative and accounting structure adopted by the Bank and its effective functioning, as well as its reliability in presenting the results of operations properly;
the adequacy, completeness, functionality and reliability of the internal control system.

Furthermore, the Board of Statutory Auditors performs all other functions assigned to it by law, also taking into account the role that the laws and regulations applicable to banks entrust to the supervisory body.

The Board of Statutory Auditors may request information from the directors, including with regard to subsidiaries, on the progress of the company's operations or on specific matters. It may also exchange information with the corresponding bodies of subsidiary companies regarding their administration and control systems and the general performance of the company's activities.

Furthermore, the Board of Statutory Auditors is vested with all the powers set out in Article 151 of Legislative Decree No. 58/1998.

The Board of Statutory Auditors shall, without delay, inform the competent Supervisory Authorities of any acts or facts of which it becomes aware in the performance of its duties that may constitute irregularities in the management of the Bank or a breach of regulations.

The Statutory Auditors must attend the Shareholders' Meetings and the meetings of the Board of Directors and the Executive Committee (where appointed).

10.4 OPERATION OF THE BOARD OF STATUTORY AUDITORS

Without prejudice to the provisions of the law and the Articles of Association, the functioning of the Board of Statutory Auditors is governed by the Regulations of the Board of Statutory Auditors.

Pursuant to this Regulation, the Board of Statutory Auditors shall meet as often as necessary to perform its functions (if applicable, according to a schedule agreed on a monthly basis by its members for this purpose).

Meetings of the Board of Statutory Auditors are chaired by the Chair, who is responsible for coordinating the meetings.

The notice of call must be sent a reasonable time in advance and, in any case, no

110

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

Gruppo BPER Banca

emarket

sdir sforzage

CERTIFIED

later than three days before the date of the meeting, except in cases of urgency.

Also pursuant to the aforementioned Regulations, in order to ensure appropriate and informed participation, the Statutory Auditors must be provided, where available, with the supporting documentation and information necessary to enable them to express informed opinions on the matters to be discussed at the meeting.

With regard to the minutes of meetings, the Regulations of the Board of Statutory Auditors stipulate that proper minutes must be drawn up for each meeting, which must be signed, at the earliest opportunity, by all those present, as well as by any absent auditors, to confirm that they have read and agreed with the contents, and entered in the designated register of meetings and resolutions of the Board of Statutory Auditors. In this regard, the Board of Statutory Auditors has its own Secretariat.

During the 2025 financial year, the Board of Statutory Auditors held 55 meetings, each lasting an average of approximately 2 hours.

At least one member of the Board of Statutory Auditors was present at all meetings of the Board of Directors and the Executive Committee.

With regard to training activities, the Statutory Auditors regularly participate in the training initiatives organised for the benefit of the Board of Directors, as described in Section 4.3 of this Report.

During the year 2026 and up to the date of approval of this Report, the Board of Statutory Auditors met on 6 occasions.

Coordination with control functions

Pursuant to Article 42 of the Articles of Association, the Board of Statutory Auditors makes use of the Company's control structures and functions to perform and direct its audits and the necessary checks, receiving for this purpose appropriate information flows from such structures and functions, either on a regular basis or in relation to specific situations or business developments.

The Board of Statutory Auditors may also request information from the directors, including with regard to subsidiary companies, on the progress of the company's operations or on specific matters, and it may also exchange information with the corresponding bodies of subsidiary companies regarding their administration and control systems and the general performance of the company's activities.

The Board of Statutory Auditors is also required, inter alia, to ascertain the effectiveness of all the Company's structures and functions involved in the internal control system, as well as the adequacy of their coordination, promoting corrective actions in respect of any deficiencies and irregularities identified.

Pursuant to the Regulations of the Board of Statutory Auditors, in the performance of its duties, the Board ensures the establishment of appropriate meetings and periodic discussions with the Bank's top management, with the executives of the Bank and its

Banca Popolare di Sondrio PONSOLO 2019-2023 Gruppo BPER Banca

emarket self- storage CERTIFIED

Report on Corporate Governance and Owners

Structure

Financial year 2025

Group, with the auditing firm appointed by the Bank, and with the supervisory bodies of the companies belonging to the BPS Group.

The Board of Statutory Auditors also holds regular meetings with the Heads of the internal control Functions and with the Supervisory Body.

10.5 REMUNERATION OF THE STATUTORY AUDITORS

In accordance with the provisions of Article 2402 of the Italian Civil Code and Article 43 of the Articles of Association, the annual remuneration of the Board of Statutory Auditors is determined by the Shareholders' Meeting and is valid for the entire term of office.

The Shareholders' Meeting also determines the amount of attendance fees payable to the Statutory Auditors for their participation in meetings of the Board of Directors and the Executive Committee (if appointed) and, where applicable, also on a lump-sum basis, the reimbursement of expenses incurred in the performance of their duties.

Forms of incentive pay based on financial instruments or linked to the company's performance are not foreseen for members of the Board of Statutory Auditors.

The remuneration of the members of the Bank's Board of Statutory Auditors appointed by the Shareholders' Meeting convened to approve the financial statements for the 2023 financial year was determined by that Shareholders' Meeting; for further details, reference should be made to the documents published on the Bank's corporate website in connection with the Shareholders' Meeting of 27 April 2024, available at https://istituzionale.popso.it/en/investor-relations/shareholders-meeting.

10.6 SELF-ASSESSMENT OF THE BOARD OF STATUTORY AUDITORS

In early 2025, the Board of Statutory Auditors approved the Board's self-assessment for the 2024 financial year. With regard to the results of this analysis, please refer to the document 'Report on Corporate Governance and Ownership Structure' for the 2024 financial year.

In 2026, however, the usual annual self-assessment was not carried out, as in 2025, as already described in the previous sections, the Public Tender Offer launched by BPER Banca Spa for the shares of Banca Popolare di Sondrio was successfully concluded. As stated in the notice pursuant to Article 102 of the Consolidated Law on Finance published by BPER Banca S.p.A. on 6 February 2025, the Public Exchange Offer was, inter alia, aimed at implementing the merger by incorporation of Banca Popolare di Sondrio S.p.A. into its parent company, BPER Banca S.p.A.

In this regard, it should be noted that, given the projected timeframe for the completion of the merger by incorporation of BPS into BPER Banca, the Board of Statutory Auditors did not deem it necessary to prepare the self-assessment document.

112

CERTIFIED

10.7 PROFESSIONAL PROFILES OF THE STATUTORY AUDITORS

CARLO MARIA VAGO

PRESIDENTE DEL COLLEGIO SINDACALE

dal 27 aprile 2024

Data di 1° nomina nel Collegio sindacale: 27 aprile 2024

INCARICHI E POSIZIONI ATTUALI

2024 Presidente del Collegio Sindacale • Banca Popolare di Sondrio spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2001-2023 Partner • EY spa

1989-2023 Auditor • EY spa

2022 Revisore legale • Azimut Holding

2010-2011 Revisore legale • Credito Valtellinese

2007 Revisore legale • Credito Artigiano

2006 Revisore legale • Banca Fideuram

2003 Iscritto al Registro dei Revisori Legali

ISTRUZIONE

1989 Laurea in Economia Aziendale • Università Commerciale L. Bocconi di Milano

CERTIFIED

MASSIMO DE BUGLIO

SINDACO EFFETTIVO

dall'11 maggio 2021

Data di 1° nomina nel Collegio sindacale: 11 maggio 2021

INCARICHI E POSIZIONI ATTUALI

2025-oggi Sindaco effettivo • Holding Reti Autostradali spa
2025-oggi Sindaco effettivo • Autostrade per l'Italia spa
2025-oggi Sindaco effettivo • Liquid Factory sbrl
2023-oggi Presidente del Collegio Sindacale • Fondo Nazionale di Garanzia
2021-oggi Sindaco effettivo • Banca Popolare di Sondrio spa
2018-oggi Presidente del Collegio sindacale • Autotorino spa
2018-oggi Presidente del Collegio sindacale e Revisore effettivo • Immobiliare Diana spa
2015-oggi Sindaco e Revisore effettivo • Associazione Skipass Livigno
2010-oggi Partner, Co-Head Divisione Financial Advisory di Milano • Provasoli Advisory Partners spa

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2019-2025 Membro del Consiglio di amministrazione • Fondazione per la Ricerca Ospedale Papa Giovanni XXIII di Bergamo (FROM)
2024 Presidente del Collegio Sindacale • Autotorino Roma spa
2014-2023 Sindaco effettivo • Angel Capital Management spa
2019-2022 Sindaco effettivo • Cossi Costruzioni spa
2021 Sindaco effettivo • Arca Holding spa
2019-2021 Sindaco effettivo • Maggioli spa
2019-2021 Sindaco effettivo • Rivolta Carmignani spa
2017-2021 Sindaco effettivo • Fsi Investment First spa
2017-2020 Sindaco effettivo • Milano Investment Partners Sgr spa
2016-2020 Revisore legale • Società Italiana degli Autori ed Editori
2019 Presidente del Consiglio di amministrazione • Secam spa
2017-2018 Sindaco effettivo • Restiani spa
2009 Consultant, area "Corporate Tax" • Studio Tributario e Societario Deloitte di Milano

ISTRUZIONE

2013 Iscritto all'Ordine dei Dottori Commercialisti di Milano
2013 Iscritto al Registro dei Revisori Legali, sezione "Attivi"
2009 Laurea specialistica in Economia e Legislazione per l'impresa • Università Commerciale L. Bocconi
2007 Laurea triennale in Economia e Legislazione per l'impresa • Università Commerciale L. Bocconi
2004 Maturità Scientifica • Liceo "Carlo Donegani" di Sondrio

114

CERTIFIED

LAURA VITALI

SINDACO EFFETTIVO

dal 28 aprile 2018

Data di 1° nomina nel Collegio sindacale: 28 aprile 2018

INCARICHI E POSIZIONI ATTUALI

2025-oggi Sindaco effettivo • NPLight spa
2025-oggi Sindaco effettivo • Rent2Go srl
2022-oggi Presidente del Collegio sindacale • Factorit spa
2018-oggi Sindaco effettivo • Banca Popolare di Sondrio spa
2024-oggi Revisore legale • Livigno Scavi srl
2024-oggi Revisore legale • Legre srl
2020-oggi Presidente del Collegio dei revisori • Consorzio Tutela Bresaola della Valtellina
2025-oggi Curatore • Italval Group Srl in liquidazione
2024-oggi Curatore • Busi Costruzioni Generali srl
2021-oggi Curatore fallimentare • Zugnoni Candido Imprenditore Individuale
2008-oggi Associato Dottore Commercialista • Studio Vitali Dottori Commercialisti

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2015-2024 Sindaco effettivo • Club Acceleratori spa
2020-2023 Sindaco effettivo • Reevo spa
2011-2023 Sindaco effettivo • Musixmatch spa
2019-2022 Sindaco effettivo • Servizi Ecologici Ambientali srl
2020-2021 Sindaco effettivo • Orizzonte Cooperativa Sociale
2020-2021 Presidente del Collegio sindacale • Coptron Società Cooperativa
2019-2021 Presidente del Collegio sindacale • Forme Società Cooperativa Sociale
2019-2021 Sindaco effettivo • Società per l'Ecologia e l'Ambiente spa
2016-2021 Sindaco effettivo • American Startup Club spa
2016-2021 Sindaco effettivo (e Revisore unico dal 2013 al 2016) • Emilio Giacomelli srl
2015-2018 Sindaco effettivo • Crypto Club spa
2014-2018 Sindaco effettivo • Azienda Energetica Valtellina Valchiavenna spa
2016 Sindaco effettivo • Blockchain Club srl
2013-2016 Sindaco effettivo • Club Italia Investimenti 2 spa
2016-2023 Liquidatore • L'Autoindustriale Valtellinese srl
2014-2023 Curatore fallimentare (e Commissario giudiziale dal 2013 al 2014) • Giacomelli Costruzioni srl
2014-2021 Curatore fallimentare • World Watches srl
2013-2021 Curatore fallimentare • Fratelli Invernizzi di Invernizzi Davide & C. snc
2013-2018 Curatore fallimentare • Sacif Impianti srl
2014-2015 Commissario giudiziale • La Casa del Legno srl
2011-2015 Curatore fallimentare • Romeri Lino Impresa Individuale
2006-2008 Praticante • Picolli Difino & Associati

ISTRUZIONE

2011 Conseguito dell'abilitazione di Mediatore professionista
2009 Iscrizione all'Ordine dei Dottori Commercialisti ed Esperti Contabili di Sondrio
2007 Laurea specialistica in Economia e Legislazione per l'Impresa • Università Commerciale L. Bocconi
2005 Laurea triennale in Economia e Legislazione per l'Impresa • Università Commerciale L. Bocconi

CERTIFIED

MARCO FABIO CAPITANIO

SINDACO SUPPLENTE

dal 27 aprile 2024

Data di 1° nomina nel Collegio sindacale: 27 aprile 2024

INCARICHI E POSIZIONI ATTUALI

2025 Sindaco effettivo • Eurizon Capital Real Asset SGR spa
2024 Sindaco supplente • Banca Popolare di Sondrio spa
2024 Presidente del Collegio sindacale • Intesa Aretina s.c a rl
2023 Presidente del Collegio sindacale (e Sindaco effettivo dal 2022 al 2023) • Dropmi srl in Liquidazione
2023 Sindaco effettivo • Suez Italy spa
2023 Amministratore • Eklexia Advisory S.T.P. srl

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

1998-2024 Partner • KPMG spa
1992-1998 Manager/Senior Manager • KPMG spa - Auditing e consulenza contabile/finanziaria
1988-1992 Supervisor Senior • Ernst & Young - Auditing e consulenza contabile/finanziaria
1986-1987 Ufficiale di Complemento • Guardia di Finanza di Roma
1984-1985 Assistant • Arthur Andersen & Co. Management Consultants sas

2024 Iscritto all'Albo C.T.U. del Tribunale di Roma
2023 Iscritto all'Albo dei Gestori della Crisi d'Impresa
1995 Iscritto nel Registro dei Revisori legali dei Conti
1988 Iscritto all'Albo dei Dottori Commercialisti e degli Esperti Contabili di Roma

ISTRUZIONE

1986 Laurea in Economia e Commercio • Università degli Studi di Roma "La Sapienza"

116

CERTIFIED

PAOLO VIDO

SINDACO SUPPLENTE

dall'11 maggio 2021

Data di 1° nomina nel Collegio sindacale: 11 maggio 2021

INCARICHI E POSIZIONI ATTUALI

2023 Revisore legale • Fondazione "Scuola Materna Elisa Paini Credaro Ets"
2021 Sindaco supplente • Banca Popolare di Sondrio spa
2019 Sindaco effettivo • Pirovano Stelvio spa
2019 Sindaco effettivo • Banca della Nuova Terra spa
2010 Responsabile Adempimenti Fiscali Cassa Assistenza Sanitaria Personale • Banca Popolare di Sondrio spa
2005 Membro dell'Organismo di Sorveglianza del Fondo di Quiescenza del Personale • Banca Popolare di Sondrio spa
1995 Titolare dello "Studio Commercialista dott. Vido Paolo"

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

2012-2015 Revisore contabile • Comune di Sondrio
2010-2025 Consulente Fiscale • Istituto Tecnico ITIS E. Mattei di Sondrio
2009-2014 Revisore contabile • Comune di Piateda (So)
2005-2006 Senior Consultant • Società di Revisione Legale Deloitte Consulting spa
2000-2006 Revisore contabile • Comune di Montagna in Valtellina (So)
1994-2003 Sindaco effettivo • Coget srl
1999-2002 Sindaco effettivo • Azienda Sondriese Multiservizi spa
1999-2002 Sindaco effettivo • Iniziative Immobiliari Italiane spa
1997-2002 Sindaco effettivo • Fin.Recos srl
1999-2001 Presidente del Collegio sindacale • Exeter srl
1999-2000 Presidente del Collegio sindacale • Faber spa
1994-1995 Collaboratore • Studio Commercialista dott. Dassogno Alberto
1991-1993 Revisore contabile • Arthur Andersen & Co. sas

2000-2015 Iscritto al Registro dei Revisori enti locali
1999 Iscritto nel Registro dei Revisori legali
1995 Iscritto all'Albo dei Dottori Commercialisti e degli Esperti Contabili della Provincia di Sondrio

ISTRUZIONE

1995 Specializzazione Libera Professione di Dottore Commercialista
1989 Laurea in Economia Aziendale • Università Commerciale L. Bocconi

Banca Popolare di Sondrio FONDAZIONE DELLA REPUBBLICA

CERTIFIED

Banca Popolare di Sondrio FONDAZIONE DELLA REPUBBLICA

Report on Corporate Governance and Ownership

Structure

Financial year 2025

11. RELATIONS WITH SHAREHOLDERS AND KEY STAKEHOLDERS

Banca Popolare di Sondrio has always paid particular attention to its relations with investors as a whole and with its main stakeholders. The aim has been to maintain a strong bond with the shareholder base as it has grown, including outside the Bank's more traditional areas of operation.

In implementation of the provisions of Bank of Italy Circular No. 285 of 17 December 2013, and with reference to Recommendation No. 3 of the Corporate Governance Code, Banca Popolare di Sondrio has adopted the 'Regulations governing the Dialogue between Directors and Shareholders' - available at https://istituzionale.popso.it/en/investor-relations/dialogue-directors-shareholders - which set out the rules aimed at promoting and regulating dialogue between the Board of Directors and its shareholders as a whole on matters within the Board's remit, defining the procedures for its implementation and identifying the relevant participants, the topics to be discussed, as well as the methods, timing and channels of interaction.

Finally, on the Bank's website, the 'Governance' and 'Investor Relations' sections are dedicated to corporate information and contain important news items for shareholders.

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

CERTIFIED

12. SHAREHOLDERS' MEETINGS

The Shareholders' Meeting of Banca Popolare di Sondrio is the Bank's supreme body.

A duly convened Shareholders' Meeting represents all shareholders, and its resolutions, passed in accordance with the law and the Articles of Association, are binding on all shareholders.

The Ordinary Shareholders' Meeting shall be convened by the Board of Directors at least once a year, within 120 days from the end of the financial year, to resolve on the approval of the financial statements.

On the other hand, an Extraordinary Shareholders' Meeting shall be convened whenever it is necessary to pass one of the resolutions reserved for it by the legislation in force from time to time.

12.1 CONVENING, DUTIES AND CONDUCT OF MEETINGS

Pursuant to Article 13 of the Articles of Association, the Shareholders' Meeting may be ordinary or extraordinary and is normally held in a single call. However, the Board of Directors may decide that an Ordinary or Extraordinary Shareholders' Meeting shall be held in multiple sessions, by issuing a second notice of call and, for an Extraordinary Shareholders' Meeting only, also a third notice of call.

The Shareholders' Meeting is convened, in accordance with the procedures and within the time limits set out by law, by the Board of Directors at the Bank's registered office or at any other place specified in the notice of call.

In particular, the Ordinary Shareholders' Meeting is responsible for:

approving the financial statements and the allocation of profit;
appointing and removing directors;
appointing the statutory auditors;
determining the remuneration of directors and statutory auditors;
passing resolutions on the liability of directors and statutory auditors;
approving remuneration and incentive policies in accordance with the laws and regulations in force from time to time, remuneration plans based on financial instruments, as well as the criteria for determining any compensation in the event of early termination of employment or early cessation of office, including the relevant limits and maximum amounts;
resolving on the authorisations provided for in the specific regulation on related-party transactions, in accordance with the legislation in force from time to time;
appointing the Independent Auditors and set their remuneration;
resolving on other matters falling within its remit pursuant to the law or the Articles

Banca Popolare di Sondrio FONDAZIONE DEI STRUTTURI
Gruppo BPER Banca

emarket
service
CERTIFIED
Report on Corporate Governance and Ownership
Structure
Financial year 2025

of Association.

The Ordinary Shareholders' Meeting is validly convened and passes resolutions in accordance with the provisions of the law.

The Extraordinary Shareholders' Meeting is validly convened and passes resolutions in accordance with the provisions of the law. However, for resolutions concerning, in particular, amendments to the corporate purpose, a quorum consisting of shareholders representing at least half of the share capital is required, together with the favourable vote of at least two-thirds of the share capital represented at the Meeting.

The Shareholders' Meeting is chaired by the Chair of the Board of Directors and, in the event of the Chair's absence or inability to act, by the Chair's deputy or, failing that, by a shareholder appointed by those present.

On the proposal of the Chair, the Shareholders' Meeting shall appoint a secretary to take the minutes. In the case of an Extraordinary Shareholders' Meeting, and also whenever the chair deems it appropriate, the role of secretary shall be performed by a notary.

To date, the Board of Directors has not proposed to the Shareholders' Meeting the adoption of Shareholders' Meeting Regulations, as no need for such regulations has arisen in order to ensure the proper and efficient conduct of the Meeting's business.

12.2 PARTICIPATION IN THE SHAREHOLDERS' MEETING AND SHAREHOLDERS' RIGHTS

Pursuant to Article 14 of the Articles of Association, those entitled to vote may attend the Shareholders' Meeting, provided that the Bank has received, within the statutory time limits, a communication from the authorised intermediary certifying their entitlement.

Each share confers the right to one vote.

The notice convening the Shareholders' Meeting - which is published, in accordance with the timeframe required by current legislation, at the Company's registered office, on the authorised storage mechanism 'eMarket STORAGE' (), on the Company's website at https://istituzionale.popso.it/en/investor-relations/shareholders-meeting and, in extract form, in a national daily newspaper - contains all the information required by law to enable Shareholders to participate in the Shareholders' Meeting in a proper and informed manner.

Those who have the right to vote may be represented at the Shareholders' Meeting in accordance with the provisions of the law. For each Shareholders' Meeting, the Bank shall designate--giving notice thereof in the notice of call--one or more persons to whom those entitled to vote may grant, in accordance with the procedures laid down by the laws and regulations in force from time to time, a proxy with voting instructions on all or some of the items on the agenda. The proxy is effective only in relation to the proposed

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

Gruppo BPER Banca

CERTIFIED

resolutions for which voting instructions were given.

Pursuant to Article 13 of the Articles of Association, shareholders who, individually or jointly, represent an aggregate shareholding of no less than 2.5% of the share capital may request that the agenda be supplemented or submit draft resolutions on matters already included in the agenda, within the time limits, conditions and procedures provided for by law.

Those who have the right to vote may propose questions on the items on the agenda before the Meeting, in accordance with the procedures set out in the notice of the Meeting. Questions that are relevant to agenda items shall be answered, by the date prior to the Shareholders' Meeting specified in the notice of meeting, in a specific section of the Bank's website.

12.3 2025 MEETING

During 2025, an Ordinary and Extraordinary Shareholders' Meeting was held on 30 April 2025, and an Ordinary Shareholders' Meeting was held on 15 September 2025. At these Meetings, entitled parties were able to participate, without access to the meeting rooms, exclusively through Computershare SpA, the Designated Representative appointed by the Company pursuant to Article 135-undecies of the Consolidated Law on Finance, in accordance with the provisions of Decree-Law No. 215 of 30 December 2023, converted into Law No. 18 of 23 February 2024.

At the Shareholders' Meeting held on 30 April 2025, the Shareholders:

i. approved the 2024 financial statements, the Directors' report on operations, the profit for the year, the allocation of the profit for the year, and the distribution of the dividend;

ii. approved the 'Annual report on remuneration policy and compensation paid', which sets out the 2025 remuneration policies of the Banca Popolare di Sondrio S.p.A. Group and the remuneration paid in 2024;

iii. approved the 2025 Share-based Remuneration Plan;

iv. approved the 2025-2027 Long-Term Remuneration Plan based on financial instruments;

v. authorised the use of treasury shares already held in service of the 2025 Share-based Remuneration Plan and/or in service of the 2025-2027 long-term share-based remuneration plan;

vi. appointed five directors for the three-year period 2025-2027;

vii. set the annual remuneration of the Board of Directors;

viii. amended Article 49 of the Articles of Association.

At the Shareholders' Meeting held on 15 September 2025, the Shareholders:

i. completely renewed the Board of Directors;

emarket

with storage

CERTIFIED

Banca Popolare

di Sondrio PROPRIETARY OF S. P.

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structure

Financial year 2025

ii. set the annual remuneration of the Board of Directors;

iii. approved the mutual termination of the statutory audit engagements awarded to EY S.p.A. for the financial years 2017-2025 and to KPMG S.p.A. for the financial years 2026-2034, as well as the related engagements for the limited assurance of the Sustainability Report;

iv. appointed Deloitte & Touche S.p.A. to perform the statutory audit of the accounts for the financial years 2025-2033 and the limited assurance of the Sustainability Report for the financial years 2025-2027, and determined the related fees.

122

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPPO BPER Banca

CERTIFIED

13. CHANGES SINCE THE END OF THE REPORTING PERIOD

Following the approval of the merger plan by incorporation by the Boards of Directors of Banca Popolare di Sondrio S.p.A. and BPER Banca S.p.A. on 5 November 2025, the European Central Bank granted, in January 2026, the necessary regulatory authorisations for the merger and its completion.

Approval of the transaction is subject to resolutions by the respective Extraordinary Shareholders' Meetings, both of which have been convened for 12 March 2026. Accordingly, should such Shareholders' Meetings have a favourable outcome, this will not, inter alia, entail the holding of the Ordinary Shareholders' Meeting convened to approve the financial statements of Banca Popolare di Sondrio, nor the renewal of the corporate offices.

Finally, it should be noted that, following the merger by incorporation of BPS into BPER Banca, the Bank will cease to exist as a Legal Entity.

123

124

CERTIFIED

Banca Popolare
di Sondrio
FONDESI UICN 1981
Gruppo BPER Banca

Report on Corporate Governance and Ownership
Structure

TABLE 1: INFORMATION ON THE OWNERSHIP STRUCTURE AS AT 31/12/2025

SHARE CAPITAL STRUCTURE
	No. of shares	No. of voting rights	Listed (indicate markets) / unlisted	Rights and obligations
Ordinary shares
(specifying whether there is a provision for increasing voting rights)	453,385,777	453,385,777	Euronext Milan Market of Borsa Italiana	-
Preference shares	-	-	-	-
Multiple-vote shares	-	-	-	-
Other classes of voting shares	-	-	-	-
Savings shares	-	-	-	-
Convertible savings shares	-	-	-	-
Other categories of non-voting shares	-	-	-	-
Other	-	-	-	-
OTHER FINANCIAL INSTRUMENTS
(granting the right to subscribe for newly issued shares)
---	---	---	---	---
	Listed (indicate markets) / unlisted	No. of instruments issued	Category of shares available for conversion/exercise	No. of shares available for conversion/exercise
Convertible bonds	-	-	-	-
Warrants	-	-	-	-

SIGNIFICANT EQUITY INVESTMENTS (*)

emarket

edir storage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio BANCATEL NO. 317

Gruppo BPER Banca

Declarant	Direct shareholder	% share of ordinary share capital	% share of voting capital
BPER Banca spa	BPER Banca spa	80.691%	80.691%
Private Wealth Management Global Sif Dynamic Strategy	Private Wealth Management Global Sif Dynamic Strategy	4.908%	4.908%

(*) Figure as at 31/12/2025, based on the information recorded in the shareholders' register, the notifications received pursuant to Article 120 of the Consolidated Law on Finance, and other information available to the Company.

emarket

sdir sionage

CERTIFIED

Banca Popolare

di Sondrio

PONTIFICIA DEL SITI

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structure

TABLE 2: STRUCTURE OF THE BOARD OF DIRECTORS AS AT 31/12/2025 (UNCHANGED AS AT THE DATE OF THIS REPORT)

BOARD OF DIRECTORS
Office	Members	Year of birth	Date of first appointment (*)	In office since	In office until	List (presenting shareholders) (**)	List (M/m) (***)	Executive	Non-exec.	Independent Code	Independent TUF (Consolidated Law on Finance)	No. of other appointments (***)
Chair	Casini Andrea	1961	15/09/2025	15/09/2025	General Meeting approving the financial statements as at 31 December 2026	Shareholders	M		X	X	X	3
CEO (*)	Sonnino Elvio	1960	15/09/2025	15/09/2025	General Meeting approving the financial statements as at 31 December 2026	Shareholders	M	X				2
Deputy Chair	Recchi Giuseppe	1964	27/04/2024	15/09/2025	General Meeting approving the financial statements as at 31 December 2027	Shareholders	M		X	X	X	2
Director	Beni Gabriele	1962	15/09/2025	15/09/2025	General Meeting approving the financial statements as at 31 December 2025	Shareholders	M		X	X	X	1
Director	Cincotti Cristiano	1975	15/09/2025	15/09/2025	General Meeting approving the financial statements as at 31 December 2025	Shareholders	M		X	X	X	0
Director	Conforti Elena	1980	15/09/2025	15/09/2025	General Meeting approving the financial statements as at 31	Shareholders	M	X				1

emarket

sdir elonage

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio BANCAO 100.000

Gruppo BPER Banca

					December 2027
Director	Giay Roberto	1965	27/04/2024	15/09/2025	General Meeting approving the financial statements as at 31 December 2027	Shareholders	M		X			7	28/30
Director	Kuhn Stefano Vittorio	1963	15/09/2025	15/09/2025	General Meeting approving the financial statements as at 31 December 2027	Shareholders	M	X				4	8/8
Director	Malaguti Maria Chiara	1964	29/04/2023	15/09/2025	General Meeting approving the financial statements as at 31 December 2026	Shareholders	M		X	X	X	0	27/30
Director	Marcucci Simone	1966	15/09/2025	15/09/2025	General Meeting approving the financial statements as at 31 December 2025	Shareholders	M	X				2	6/8
Director	Massimetti Annamaria	1971	15/09/2025	15/09/2025	General Meeting approving the financial statements as at 31 December 2025	Shareholders	M		X			0	8/8
Director	Molla Pierluigi	1956	09/11/2021	15/09/2025	General Meeting approving the financial statements as at 31 December 2026	Shareholders	M		X			4	30/30
Director	Neervoort Séverine Mélissa Harmine	1985	27/04/2024	15/09/2025	General Meeting approving the financial statements as at 31 December 2026	Shareholders	M		X	X	X	0	28/30
Director	Ruzzu Alessandra	1969	15/09/2025	15/09/2025	General Meeting approving the financial statements as at 31 December 2027	Shareholders	M		X	X	X	0	8/8
Director (o)	Stefini Silvia	1964	29/04/2023	15/09/2025	General Meeting approving the financial statements as at 31 December 2025	Shareholders	M		X	X	X	1	30/30

CERTIFIED

Banca Popolare
di Sondrio
Sondrio S.r.l.
Gruppo BPER Banca
Report on Corporate Governance and Ownership
Structure

DIRECTORS CEASING OFFICE DURING THE FINANCIAL YEAR
Director	Cordone Nicola	1966	30/04/2022	30/04/2022	General Meeting approving the financial statements as at 31 December 2024	BoD	M		X	X	X	N/A
Director	Credaro Loretta	1961	18/04/2015	27/04/2024	General Meeting approving the financial statements as at 31 December 2026	BoD	M	X				N/A
Director	Doro Anna	1965	30/04/2022	30/04/2022	General Meeting approving the financial statements as at 31 December 2024	BoD	M		X	X	X	N/A
Director	Ermetes Maria Letizia	1963	30/04/2025	30/04/2025	General Meeting approving the financial statements as at 31 December 2027	Shareholders	M		X	X	X	N/A
Director	Falck Federico Sergio Francesco	1949	01/03/2003	30/04/2022	General Meeting approving the financial statements as at 31 December 2024	BoD	M	X				N/A
Director	Montaudo Christian	1978	30/04/2025	30/04/2025	General Meeting approving the financial statements as at 31 December 2027	Shareholders	M		X	X	X	N/A
CEO (*)	Pedranzini Mario Alberto	1950	21/12/2012	29/04/2023	General Meeting approving the financial statements as at 31 December 2025	BoD	M	X				N/A
Director	Providenti Salvatore	1963	30/04/2025	30/04/2025	General Meeting approving the financial statements as at 31 December 2027	Shareholders	M		X	X	X	N/A
Director	Riva Franco Giuseppe	1957	30/04/2025	30/04/2025	General Meeting approving the financial statements as at 31 December 2027	Shareholders	M		X	X	X	N/A

128

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio BANCATELLO.CHT

Gruppo BPER Banca

Director	Rossi Serenella	1962	23/04/2016	30/04/2022	General Meeting approving the financial statements as at 31 December 2024	BoD	M		X	X	X	N/A	9/9
Deputy Chair	Stoppani Lino Enrico	1952	25/07/1996	29/04/2023	General Meeting approving the financial statements as at 31 December 2025	BoD	M	X				N/A	22/22
Director	Venosta Francesco	1960	26/09/2000	30/04/2025	General Meeting approving the financial statements as at 31 December 2027	Shareholders	m		X			N/A	22/22
Director	Zambelli Rossana	1958	29/04/2023	29/04/2023	General Meeting approving the financial statements as at 31 December 2025	BoD	M		X	X	X	N/A	22/22
Total number of meetings held during the reporting financial year:													30

Quorum required for the submission of lists for the election of one or more members (pursuant to Article 147-ter of the Consolidated Law on Finance): 1% of the share capital.

NOTES:

() The date of appointment of each Director refers to the date on which the Director was appointed to the Bank's Board of Directors for the first time (ever);
() This column indicates whether the list from which each Director was selected was submitted by Shareholders or by the Board of Directors;
() This column indicates whether the list from which each Director was selected is a 'majority' list (M) or a 'minority' list (m);
() This column shows the total number of directorship or supervisory positions held by the person concerned, pursuant to Articles 17 and 18 of MEF Decree No. 169/2020, as at the date of this Report (detailed in Table 5);
(**) Attendance of each director at meetings of the Board of Directors as a percentage of the total number of meetings at which they were entitled to attend;
(•) Director in charge of the internal control and risk management system;
(○) Lead Independent Director (LID) until 15 September 2025.

CERTIFIED

Banca Popolare

di Sondrio

FONDES 1808-2013

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structure

TABLE 3: STRUCTURE OF THE BOARD COMMITTEES AS AT 31/12/2025 (UNCHANGED AS AT THE DATE OF THIS REPORT)

Board of Directors		Executive Committee		OPC Committee		Control and Risk Committee		Remuneration Committee		Appointments and Corporate Governance Committee		Sustainability Committee
Office/Role	Members	(1)	(2)	(1)	(2)	(1)	(2)	(1)	(2)	(1)	(2)	(1)	(2)
President of the Board of Directors - Non-Executive - Independent	Casini Andrea	-	-	-	-	-	-	-	-	-	-	-	-
CEO - Executive - Non-independent	Sonnino Elvio	-	-	-	-	-	-	-	-	-	-	-	-
Deputy Chair - Non-Executive - Independent	Recchi Giuseppe	-	-	14/16	M	-	-	-	-	17/17	P	-	-
Director - Non-Executive - Independent	Beni Gabriele	-	-	6/6	P from 19/09/25	6/6	M from 19/09/25	-	-	-	-	-	-
Director - Non-Executive - Independent	Cincotti Cristiano	-	-	6/6	M from 19/09/25	6/6	M from 19/09/25	-	-	-	-	-	-
Director - Executive - Non-independent	Conforti Elena	-	-	-	-	-	-	-	-	-	-	-	-
Director - Non-executive - Non-independent	Giay Roberto	-	-	-	-	-	-	9/10	M	-	-	-	-
Director - Executive - Non-independent	Kuhn Stefano Vittorio	-	-	-	-	-	-	-	-	-	-	-	-
Director - Non-Executive - Independent	Malaguti Maria Chiara	-	-	-	-	20/20	P from 16/05/25 M to 16/05/25	9/10	M	-	-	-	-
Director - Executive - Non-independent	Marcucci Simone	-	-	-	-	-	-	-	-	-	-	-	-
Director - Non-executive - Non-independent	Massimetti Annamaria	-	-	-	-	-	-	-	-	4/4	M from 19/09/25	-	-
Director - Non-executive - Non-independent	Molla Pierluigi	16/16	M to 06/05/25	-	-	6/6	M from 19/09/25	-	-	5/5	M from 12/05/25 to 15/09/25	-	-

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare

di Sondrio

EMPRESA MILANO

Gruppo BPER Banca

Director - Non-Executive - Independent	Neervoort Séverine Mélissa Harmine	-	-	-	-	7/8	M to 12/05/25	-	-	7/9	M from 12/05/25	8/8	P from 29/05/25 M to 29/05/25
Director - Non-Executive - Independent	Ruzzu Alessandra	-	-	-	-	5/6	M from 19/09/25	-	-	-	-	2/3	M from 19/09/25
Director - Non-Executive - Independent	Stefini Silvia	-	-	-	-	-	-	7/7	P from 23/05/25	5/5	M from 12/05/25 to 15/09/25	8/8	M from 29/05/25 P to 29/05/25
DIRECTORS CEASING OFFICE DURING THE FINANCIAL YEAR
Director - Non-Executive - Independent (in office until 30/04/25)	Cordone Nicola					6/7	M to 30/04/25	3/3	P to 30/04/25
Director - Executive - Non-independent (in office until 15/09/25)	Credaro Loretta	28/32	M to 15/09/25	-	-	-	-	-	-	-	-	-	-
Director - Non-Executive - Independent (in office until 30/04/25)	Doro Anna			5/5	M to 30/04/25	7/7	P to 30/04/25
Director - Non-Executive - Independent (in office until 15/09/25)	Ermetes Maria Letizia	-	-	-	-	-	-	4/4	M from 12/05/25 to 15/09/25	5/5	M from 12/05/25 to 15/09/25	-	-
Director - Executive - Non-independent (in office until 30/04/25)	Falck Federico Sergio Francesco	14/16	M to 30/04/25	-	-	-	-	-	-	-	-	-	-
Director - Non-Executive - Independent (in office until 01/09/25)	Montaudo Christian	-	-	4/4	M From 12/05/25 to 01/09/25	5/5	M From 12/05/25 to 01/09/25	-	-	-	-	-	-
CEO - Executive - Non-independent (in office until 15/09/25)	Pedranzini Mario Alberto	32/32	M to 15/09/25	-	-	-	-	-	-	-	-	-	-
Director - Non-Executive - Independent (in office until 15/09/25)	Providenti Salvatore	-	-	4/5	M from 12/05/25 to 15/09/25	6/6	M from 12/05/25 to 15/09/25	-	-	-	-	-	-
Director - Non-Executive - Independent (in office until 15/09/25)	Riva Franco Giuseppe		-	-	-	6/6	M from 12/05/25 to 15/09/25	-	-	-	-	3/3	M from 12/05/25 to 15/09/25
Director - Non-Executive - Independent (in office until 30/04/25)	Rossi Serenella	-	-	5/5	P to 30/04/25	-	-	-	-	-	-	2/2	M to 30/04/25
Vice-Chair - Executive - Non-independent (in office until 15/09/25)	Stoppani Lino Enrico	32/32	P to 15/09/25	-	-	-	-	-	-	-	-	-	-
Director - Non-executive - Non-independent (in office until 15/09/25)	Venosta Francesco	-	-	-	-	-	-	4/4	M from 12/05/25 to 15/09/25	7/8	M to 12/05/25	-	-

emarket

Banca Popolare

di Sondrio

FONDES 2016-2023

Gruppo BPER Banca

Report on Corporate Governance and Ownership

Structure

Director - Non-Executive - Independent (in office until 15/09/25)	Zambelli Rossana	-	-	5/5	M from 12/05/25 to 15/09/25	14/14	M to 15/09/25	-	-	8/8	M to 12/05/25	-	-
No. of meetings held during the financial year:		32		16		20		10		17		8

NOTES:

(1) Attendance of each Board member at meetings of Board Committees out of the total number of meetings they were entitled to attend;
(2) Role of the director within the committee: 'C': Chair; 'M': Member.

emarket

andn't

Banca Popolare

di Sondrio

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

TABLE 4: STRUCTURE OF THE BOARD OF STATUTORY AUDITORS AS AT 31/12/2025 (UNCHANGED AS AT THE DATE OF THIS REPORT)

BOARD OF STATUTORY AUDITORS
Office	Members	Year of birth	Date of first appointment (*)	In office since	In office until	List (M/m) (**)	Independent Code	Attendance at Board meetings (***)	No. of other appointments (***)
Chair	Vago Carlo Maria	1961	27/04/2024	27/04/2024	General Meeting approving the financial statements as at 31 December 2026	m	X	55/55	0
Statutory Auditor	De Buglio Massimo	1985	11/05/2021	27/04/2024	General Meeting approving the financial statements as at 31 December 2026	M	X	54/55	5
Statutory Auditor	Vitali Laura	1983	28/04/2018	27/04/2024	General Meeting approving the financial statements as at 31 December 2026	M	X	53/55	3
Alternate Auditor	Capitanio Marco Fabio	1961	27/04/2024	27/04/2024	General Meeting approving the financial statements as at 31 December 2026	m	X	N/A	N/A
Alternate Auditor	Vido Paolo	1962	11/05/2021	27/04/2024	General Meeting approving the financial statements as at 31 December 2026	M	X	N/A	N/A
Indicate the number of meetings held during the financial year:								55

Quorum required for the submission of lists for the election of one or more members (pursuant to Article 148 of the Consolidated Law on Finance): 1% of the share capital.

NOTES:

() date on which the Statutory Auditor was appointed to the Bank's Board of Statutory Auditors for the first time (ever);
(*) this column indicates whether the list from which each Statutory Auditor was selected is a 'majority' list (denoted by 'M') or a 'minority' list (denoted by 'm');

emarket
with storage
CERTIFIED

Banca Popolare di Sondrio
PONTIFICIA DEL SIT
Gruppo BPER Banca

Report on Corporate Governance and Ownership
Structure

( ) this column indicates the attendance of the Statutory Auditors at meetings of the Board of Statutory Auditors;
() this column shows the total number of directorship or supervisory positions held by the person concerned, pursuant to Articles 17 and 18 of MEF Decree No. 169/2020, as at the date of this Report (detailed in Table 6).

134

emarket

andr

eonr

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare

di Sondrio

CONCEPTO REGIONALE

Gruppo BPER Banca

TABLE 5: LIST OF POSITIONS HELD PURSUANT TO ARTICLES 17 AND 18 OF MEF DECREE NO. 169/2020 HELD BY MEMBERS OF THE BOARD OF DIRECTORS (*)

BOARD OF DIRECTORS
MEMBER	OFFICE	COMPANY
Chair
Casini Andrea	Chair of the Board of Directors	Finitalia spa
	Member of the Board of Directors	Gesco spa (single-member company)
	Member of the Board of Directors	Alba Leasing spa
CEO
Sonnino Elvio	Deputy Chair of the Board of Directors	BPER Real Estate spa
	Deputy Chair of the Board of Directors	Banco di Sardegna spa
Deputy Chair
Recchi Giuseppe	Member of the Board of Directors	Liquid Factory Società Benefit a Responsabilità Limitata
	Chair of the Board of Directors	Stretto di Messina spa
Director
Beni Gabriele	Chair of the Board of Directors	Edoardo & Lorenzo srl
Director
Cincotti Cristiano	-	-
Director
Conforti Elena	Member of the Board of Directors	Banco di Sardegna spa
Director
Giay Roberto	Deputy Chair of the Board of Directors	Gruppo Una spa
	Member of the Board of Directors	Nomisma - Società di Studi Economici - spa
	Deputy Chair of the Board of Directors	Tenute del Cerro Wines srl
	Deputy Chair of the Board of Directors	Tenute del Cerro spa - società agricola
	Chair of the Board of Directors	Unipol Finance spa
	Member of the Board of Directors	Marina di Loano spa
	Chair of the Board of Directors	Pegaso Finanziaria spa

emarket
sdir elonage
CERTIFIED

Banca Popolare
di Sondrio
FONDES 1806.2013
Gruppo BPER Banca

Report on Corporate Governance and Ownership
Structure

| Director
Kuhn Stefano Vittorio | Deputy Chair of the Board of Directors | BPER Factor spa |
| --- | --- | --- |
| | Member of the Board of Directors | Finitalia spa |
| | Member of the Board of Directors | Unipolrental spa |
| | Member of the Board of Directors | Bancomat spa |
| Director
Malaguti Maria Chiara | - | - |
| Director
Marcucci Simone | Member of the Board of Directors | Arca Holding spa |
| | Member of the Board of Directors | Banco di Sardegna spa |
| Director
Massimetti Annamaria | - | - |
| Director
Molla Pierluigi | Chair of the Board of Directors | Banca della Nuova Terra spa |
| | Member of the Board of Directors | Piovan spa |
| | Member of the Board of Directors | Lifting Control Holding spa |
| | Member of the Board of Directors | Tach Systems spa |
| Director
Neervoort Séverine Mélissa
Harmine | - | - |
| Director
Ruzzu Alessandra | - | - |
| Director
Stefini Silvia | Member of the Board of Directors | Leonardo spa |

(*) Based on the information available to the Bank as at the date of this Report

emarket

andn't

sion

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare

di Sondrio

CONCEPTO REGIONALE

Gruppo BPER Banca

TABLE 6: LIST OF POSITIONS HELD PURSUANT TO ARTICLES 17 AND 18 OF MEF DECREE NO. 169/2020 HELD BY THE MEMBERS OF THE BOARD OF STATUTORY AUDITORS (*)

BOARD OF STATUTORY AUDITORS
MEMBER	OFFICE	COMPANY
Chair
Vago Carlo Maria	-	-
Statutory Auditor
De Buglio Massimo	Chair of the Board of Statutory Auditors	Autotorino spa
	Chair of the Board of Statutory Auditors	Immobiliare Diana spa
	Statutory Auditor	Liquid Factory Società Benefit a Responsabilità Limitata
	Statutory Auditor	Autostrade per l'Italia spa
	Statutory Auditor	Holding Reti Autostradali spa
Statutory Auditor
Vitali Laura	Chair of the Board of Statutory Auditors	Factorit spa
	Statutory Auditor	NPLight spa
	Statutory Auditor	Rent2Go srl

(*) Based on the information available to the Bank as at the date of this Report

138

emarket
sdir sionage
CERTIFIED

Banca Popolare
di Sondrio
GRUPPO BSP. Banca

Report on Corporate Governance and Ownership
Structure

TABLE 7: SUMMARY OF COMPLIANCE WITH THE INDIVIDUAL PROVISIONS OF THE CORPORATE GOVERNANCE CODE FOR LISTED COMPANIES (2020 EDITION)

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
Article 1 - Role of the Board of Directors
P.I: The Board of Directors leads the company in the pursuit of sustainable success.	☑	Paragraph 1.1
P.II: The Board of Directors defines the strategies of the company and its parent group in line with Section I and monitors their implementation.	☑	Paragraph 4.1
P.III: The Board of Directors shall determine the corporate governance system that is most effective for the conduct of the company's business and the pursuit of its strategies, taking into account the scope for autonomy afforded by the legal framework. Where necessary, it shall consider and promote appropriate changes, submitting them to the Shareholders' Meeting when it falls within its remit.	☑	Chapter 1
P.IV: The Board of Directors promotes dialogue with shareholders and other stakeholders relevant to the company.	☑	Chapter 11
R.1: The BOD:
(a) reviews and approves the business plan of the company and its parent group, including on the basis of an analysis of issues relevant to long-term value creation, carried out with the possible support of a committee whose composition and functions are determined by the Board of Directors;
(b) periodically monitors the implementation of the business plan and assesses the overall performance of operations, periodically comparing the results achieved with those planned;
(c) defines the nature and level of risk consistent with the company's strategic objectives, taking into account in its assessments all factors that may be relevant to the company's sustainable success;
(d) defines the corporate governance system of the company and the structure of the group to which it belongs, and assesses the adequacy of the organisational, administrative and accounting structure of the company and of its strategically important subsidiaries, with a particular focus on the internal control and risk management system;
(e) resolves on transactions of the company and its subsidiaries that are of major strategic, economic, equity-related or financial significance to the company; to this end, it establishes the general criteria for identifying transactions of major significance;
(f) in order to ensure the proper management of company information, it shall, on a proposal from the Chair in consultation with the CEO, adopt a procedure for the internal management and external disclosure of documents and information concerning the company, with particular reference to inside information.	☑	Paragraph 4.1
R.2 If deemed necessary in order to establish a corporate governance system that is more suited to the company's needs, the Board of Directors shall draw up reasoned proposals to be submitted to the Shareholders' Meeting on the following matters:	☑	Chapter 2
Paragraph 4.1
Paragraph 4.3

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPO BPER Banca

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
(a) choice and characteristics of the corporate governance model (traditional, ‘one-tier’, ‘two-tier’);
(b) the size, composition and appointment of the Board of Directors, and the term of office of its members;
(c) structure of the administrative and economic rights attached to the shares;
(d) percentages established for the exercise of minority protection rights.
In particular, where the Board of Directors intends to propose to the Shareholders’ Meeting the introduction of enhanced voting rights, it shall, in the explanatory report to the Shareholders’ Meeting, provide adequate reasons for such proposal and indicate the expected effects on the company’s ownership and control structure and on its future strategies, describing the decision-making process followed and any dissenting views expressed within the Board of Directors.		Chapter 12
R.3 On the basis of a proposal by the Chair, drawn up in consultation with the CEO, the Board of Directors shall adopt and set out, in the Report on Corporate Governance, a policy for managing dialogue with shareholders as a whole, also taking into account the engagement policies adopted by institutional investors and active asset managers.
The Chair shall ensure that, in all cases, the Board of Directors is informed, by the next available meeting, of the progress and significant content of the dialogue conducted with all shareholders.	✓	Chapter 11
Article 2 - Composition of corporate bodies
P.V The Board of Directors is composed of executive directors and non-executive directors, all of whom possess the professionalism and skills appropriate to the tasks entrusted to them.	✓	Paragraph 4.3
P.VI The number and expertise of the non-executive directors are such as to ensure that they play a significant role in the adoption of Board resolutions and to guarantee effective monitoring of management. A significant proportion of the non-executive directors are independent.	✓	Paragraph 4.3
P.VII The company applies diversity criteria, including gender diversity, when determining the composition of the Board of Directors, while upholding the overarching objective of ensuring that its members possess the necessary expertise and professionalism.	✓	Paragraph 4.3
P.VIII The Board of Statutory Auditors has a composition that is suitable for ensuring the independence and professionalism of its function.	✓	Paragraph 10.2
R.4 The Board of Directors determines the allocation of management powers and identifies which of the executive directors holds the position of chief executive officer. If the Chair is appointed as chief executive officer or is granted significant management powers, the Board of Directors shall explain the reasons for this decision.	✓	Paragraph 4.7
R.5 The number and expertise of the independent directors are appropriate to the company’s needs and to the functioning of the BOD, as well as to the establishment of the relevant committees.
The BOD shall include at least two independent directors, other than the Chair.
In large companies with concentrated ownership, independent directors shall constitute at least one third of the BOD.
In other large companies, independent directors shall constitute at least half of the Board of Directors.	✓	Paragraph 4.3
Paragraph 4.10

CERTIFIED

Banca Popolare
di Sondrio
Sondrio S.r.l.
Gruppo BPER Banca

Report on Corporate Governance and Ownership
Structure

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
In large companies, independent directors meet, in the absence of the other directors, on a periodic basis and, in any event, at least once a year, to assess matters they deem relevant to the functioning of the Board of Directors and the management of the company.
R.6 The Board of Directors assesses the independence of each non-executive director immediately after their appointment, as well as during their term of office whenever circumstances relevant to independence arise, and in any event at least annually.
For this purpose, each non-executive director shall provide all information necessary or useful for the Board of Directors' assessment, which, on the basis of all available information, shall take into account any circumstance that affects or may appear capable of affecting the director's independence.	☑	Paragraph 4.3
R.7 The circumstances that compromise, or appear to compromise, a director's independence include, at a minimum, the following:
(a) if they are a significant shareholder of the company;
(b) if they are, or have been in the previous three financial years, an executive director or an employee:
- of the company, of a strategically important subsidiary of the company, or of a company subject to joint control;
- of a significant shareholder of the company;
(c) if, directly or indirectly (e.g., through subsidiaries or companies of which they are an executive director, or as a partner in a professional firm or consultancy), they have, or have had in the previous three financial years, a significant business, financial or professional relationship:
- with the company or its subsidiaries, or with their executive directors or senior management;
- with a person who, including jointly with others through a shareholders' agreement, controls the company; or, if the controlling entity is a company or other entity, with its executive directors or senior management;
(d) whether they receive, or have received in the previous three financial years, from the company, one of its subsidiaries or the parent company, significant remuneration in addition to the fixed remuneration for their office and the remuneration provided for participation in the committees recommended by the Code or required by current legislation;
(e) if they have served as a director of the company for more than nine financial years, whether consecutive or not, within the last twelve financial years;
(f) if they hold the office of executive director in another company in which an executive director of the company holds a directorship;
(g) if they are a shareholder or director of a company or an entity belonging to the network of the firm appointed as the company's independent auditors;
(h) if they are a close family member of a person who falls under any of the situations referred to in the points above. At the latest at the start of its term of office, the Board of Directors shall establish in advance the quantitative and qualitative criteria for assessing the significance referred to in letters c) and d) above. In the case of a director who is also a partner of a professional firm or a consulting firm, the Board of Directors shall assess the significance of any professional relationships that may affect the director's position and role within the firm or consulting firm, or that	☑	Paragraph 4.3
Table 2

140

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

GRUPO BPER Banca

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
otherwise relate to material transactions of the company and its group, even irrespective of quantitative parameters. The Chair of the Board of Directors, who has been nominated as a candidate for this role in accordance with R. 23, may be deemed independent if none of the above circumstances apply. If the Chair, who is assessed as independent, sits on the committees recommended by the Code, the majority of the committee members shall be other independent directors. The Chairperson assessed as independent shall not chair the Remuneration Committee or the Control and Risk Committee.
R.8 The company shall define diversity criteria for the composition of the Board of Directors and the Board of Statutory Auditors and, also taking into account its ownership structure, identify the most suitable instrument for implementing these criteria. At least one third of the Board of Directors and, where independent, of the Board of Statutory Auditors shall be made up of members of the less represented gender. Companies shall adopt measures to promote equal treatment and equal opportunities for both genders throughout the entire corporate organization and monitor the effective implementation of these measures.	✓	Paragraph 4.3 Paragraph 10.2
R.9 All members of the Board of Statutory Auditors shall meet the independence requirements set out in R. 7 for directors. The assessment of independence is carried out, in accordance with the timeframe and procedures set out in Recommendation 6, by the Board of Directors or the Board of Statutory Auditors, on the basis of the information provided by each member of the Board of Statutory Auditors.	✓	Paragraph 4.10 Table 4
R.10 The results of the assessments of the independence of directors and members of the Board of Statutory Auditors, as referred to in R. 6 and R. 9, are disclosed to the market immediately after their appointment by means of a dedicated press release and, subsequently, in the corporate governance report; on these occasions, the criteria used to assess the materiality of the relationships in question are indicated and, if a director or a member of the Board of Statutory Auditors has been deemed independent despite the existence of one of the situations referred to in R. 7, a clear and reasoned explanation of this decision is provided, taking into account the position and individual characteristics of the person concerned.	✓	Paragraph 4.3 Paragraph 4.10 Paragraph 10.2
Article 3 - Operation of the Board of Directors and role of the Chair
P.IX: The Board of Directors shall establish the rules and procedures for its own functioning, in particular with a view to ensuring the effective management of board reporting.	✓	Paragraph 4.4
P.X: The Chair of the Board of Directors acts as a liaison between the executive directors and the non-executive directors and ensures the effective functioning of the Board's activities.	✓	Paragraph 4.5
P.XI: The Board of Directors shall ensure an appropriate internal allocation of its functions and shall establish Board committees with preparatory, advisory and consultative functions.	✓	Chapter 5
P.XII: Each director shall ensure that they have sufficient time available to perform the duties assigned to them diligently.	✓	Paragraph 4.3
R.11: The Board of Directors shall adopt rules of procedure governing the functioning of the Board and its committees, including the procedures for the taking of minutes of meetings and for the management of information	✓	Paragraph 4.4

CERTIFIED

Banca Popolare
di Sondrio
Sondrio S.r.l.
Gruppo BPER Banca

Report on Corporate Governance and Ownership
Structure

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
flows to directors. These procedures shall specify the deadlines for the prior submission of information and the methods for protecting the confidentiality of the data and information provided, in such a way as not to compromise the timeliness and completeness of information flows.
The report on corporate governance provides adequate information on the main contents of the Board of Directors’ regulations and on compliance with the procedures concerning the timeliness and adequacy of the information provided to directors.
R.12: The Chair of the Board of Directors, with the assistance of the body’s secretary, ensures:
a) that the pre-meeting information and the supplementary information provided during meetings are sufficient to enable the directors to act in an informed manner in the performance of their duties;
b) that the activities of the Board committees with investigative, proposal-making and advisory functions are coordinated with the activities of the Board of Directors;
c) in agreement with the CEO, ensuring that the executives of the company and those of the companies within its group, who are responsible for the relevant corporate functions depending on the matter at hand, attend Board meetings, including at the request of individual directors, to provide appropriate in-depth information on the items on the agenda;
d) that, following their appointment and throughout their term of office, all members of the Board of Directors and the Board of Statutory Auditors are able to participate in initiatives aimed at providing them with an adequate understanding of the business segments in which the company operates, of the company’s dynamics and their development, including with a view to the company’s sustainable success, as well as of the principles of sound risk management and the relevant regulatory and self-regulatory framework;
e) the adequacy and transparency of the Board of Directors’ self-assessment process, with the support of the Appointments Committee.	✓	Paragraph 4.3
Paragraph 4.5
R.13: The Board of Directors shall appoint an independent director as the Lead Independent Director:
a) if the Chair of the Board of Directors is the Chief Executive Officer or holds significant management powers;
b) if the office of Chair is held by a person who controls the company, including jointly;
c) in large companies, even in the absence of the conditions set out in letters a) and b), if requested by a majority of the independent directors.	✓	Paragraph 4.10
R.14: The Lead Independent Director:
a) acts as a point of contact and coordination for the requests and contributions of non-executive directors, and in particular of independent directors;
b) coordinates meetings of independent directors only.	✓	Paragraph 4.10
R.15: In large companies, the Board of Directors shall express its guidance on the maximum number of directorships or board memberships on the management or supervisory bodies of other listed companies or companies of significant size that can be considered compatible with the effective performance of the duties of director of the company, taking into account the commitment entailed by the role held.	✓	Paragraph 4.3

142

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio

Gruppo BPER Banca

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
R.16: The Board of Directors shall establish internal committees with investigative, proposal-making and advisory functions on matters relating to appointments, remuneration, and control and risks. The functions assigned to committees by the Code may be allocated differently or combined within a single committee, provided that adequate disclosure is given of the duties and activities performed in respect of each assigned function and that the Code's recommendations regarding the composition of the relevant committees are complied with. The functions of one or more committees may be assigned to the Board of Directors as a whole, under the coordination of the Chair, provided that: a) the independent directors represent at least half of the Board of Directors; b) the Board of Directors allocates sufficient time within its meetings to the performance of the functions typically assigned to these committees. If the functions of the Remuneration Committee are assigned to the Board of Directors, the last sentence of Recommendation 26 shall apply. Companies other than large companies may assign the functions of the Control and Risk Committee to the Board of Directors, even if the condition set out in point (a) above is not met. Companies with concentrated ownership, including large companies, may assign the functions of the Appointments Committee to the Board of Directors, even if the condition set out in point (a) above is not met.	✓	Paragraph 4.8
Chapter 5
Paragraph 5.1
Paragraph 5.2
Paragraph 5.3
Paragraph 5.4
Paragraph 9.1
R.17: The Board of Directors shall define the duties of the committees and determine their composition, prioritising the expertise and experience of their members and, in large companies, avoiding an excessive concentration of roles in this area. Each committee is coordinated by a chair, who reports to the Board of Directors on the activities carried out at the next available meeting. The Chair of the committee may invite the Chair of the Board of Directors, the Chief Executive Officer, the other directors and, after informing the chief executive officer, representatives of the relevant company departments to attend individual committee meetings; members of the control body may also attend the meetings of each committee. The committees have the right to access the information and corporate functions necessary for the performance of their duties, to have financial resources at their disposal, and to engage external consultants, within the terms established by the Board of Directors.	✓	Paragraph 4.8
Chapter 5
Paragraph 5.1
Paragraph 5.2
Paragraph 5.3
Paragraph 5.4
Paragraph 9.1
R.18: On the proposal of the Chair, the Board of Directors shall resolve on the appointment and dismissal of the Secretary of the Board of Directors and shall set out the Secretary's professional requirements and powers in its rules of procedure. The secretary supports the Chair's activities and, with impartial judgment, provides assistance and advice to the Board of Directors on all matters relevant to the proper functioning of the corporate governance system.	✓	Paragraph 4.6
Article 4 - Appointment of directors and self-assessment by the Board of Directors

CERTIFIED

Banca Popolare
di Sondrio
Sondrio S.r.l.
Gruppo BPER Banca

Report on Corporate Governance and Ownership
Structure

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
P.XIII: To the extent of its remit, the Board of Directors shall ensure that the process for appointing and replacing directors is transparent and serves to achieve the optimal composition of the Board of Directors in accordance with the principles set out in Article 2.	☑	Paragraph 4.2
Paragraph 4.3
Paragraph 4.12
P.XIV: The Board of Directors periodically assesses the effectiveness of its activities and the contribution made by its individual members, using formalised procedures whose implementation it oversees.	☑	Paragraph 4.12
R.19: The Board of Directors entrusts the Appointments Committee with the task of assisting it in the following activities:
a) self-assessment of the Board of Directors and its committees;
b) determining the optimal composition of the Board of Directors and its committees;
c) identifying candidates for the office of director in the event of co-option;
d) where applicable, the submission of a list by the outgoing Board of Directors, to be carried out in a manner that ensures its transparent compilation and submission;
e) drawing up, updating and implementing any succession plan for the Chief Executive Officer and other executive directors.	☑	Paragraph 5.3
R.20: The Appointments Committee is composed of a majority of independent directors.	☑	Paragraph 5.3
R.21: The self-assessment focuses on the size, composition and actual functioning of the Board of Directors and its committees, also taking into account the role it has played in defining strategies and in monitoring the performance of operations, as well as the adequacy of the internal control and risk management system.	☑	Paragraph 4.12
R.22: The self-assessment is conducted at least every three years, in preparation for the renewal of the Board of Directors.
In large companies other than those with concentrated ownership, the self-assessment is carried out annually and may also be conducted using different methods throughout the body's term of office, with consideration being given to engaging an independent consultant at least every three years.	☑	Paragraph 4.12
R.23: In companies other than those with concentrated ownership, the Board of Directors shall:
– in view of each renewal of the Board, issues guidelines on the quantitative and qualitative composition it deems optimal, taking into account the results of the self-assessment;
– requires any person submitting a list containing a number of candidates exceeding half of the members to be elected to provide, in the documentation filed for the deposit of the list, adequate information on the list's consistency with the orientation expressed by the Board of Directors, including with reference to the diversity criteria set out in Principle VII and Recommendation 8, and to indicate their candidate for the position of Chair of the Board of Directors, who shall be appointed in accordance with the procedures set out in the Articles of Association.
The outgoing Board of Directors' guidance shall be published on the company's website well in advance of the publication of the notice convening the shareholders' meeting to appoint a new board. The guidance identifies the managerial and professional profiles and the skills deemed necessary, also in light of the company's sectoral characteristics, taking into account the diversity criteria set out in Principle VII and Recommendation 8, as well as	☑	Paragraph 4.2
Paragraph 4.3
Paragraph 4.12

144

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio BANCCHI SRL SRL

Gruppo BPER Banca

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
the guidance provided on the maximum number of offices pursuant to Recommendation 15.
R.24: In large companies, the Board of Directors:
- with the support of the Appointments Committee, draws up a succession plan for the Chief Executive Officer and the executive directors, which at a minimum sets out the procedures to be followed in the event of early departure from office;
- verifies the existence of appropriate procedures for the succession of top management.	✓	Paragraph 4.12
Art. 5 - Remuneration
XV. The remuneration policy for directors, members of the control body and top management is designed to support the pursuit of the company's sustainable success and takes into account the need to attract, retain and motivate individuals who possess the skills and professionalism required by their role within the company.	✓	Paragraph 4.11
Paragraph 5.1
Paragraph 10.5
XVI. The remuneration policy is drawn up by the Board of Directors through a transparent procedure.	✓	Paragraph 4.11
Paragraph 5.1
XVII. The Board of Directors shall ensure that the remuneration paid and accrued is consistent with the principles and criteria set out in the policy, taking into account the performance achieved and other circumstances relevant to its implementation.	✓	Paragraph 4.11
Paragraph 5.1
R.25: The Board of Directors shall entrust the Remuneration Committee with the task of:
a) assisting the Board of Directors in formulating the remuneration policy;
b) submitting proposals or expressing opinions on the remuneration of executive directors and other directors holding specific offices, as well as on the setting of performance targets linked to the variable component of such remuneration;
c) monitoring the practical implementation of the remuneration policy and, in particular, verifying that performance targets have actually been met;
d) periodically assessing the overall adequacy and consistency of the remuneration policy for directors and top management.
In order to ensure that the Bank has personnel with the necessary expertise and professionalism, the remuneration of directors, both executive and non-executive, and of the members of the control body is determined by taking into account the remuneration practices common in the relevant sectors and for companies of a similar size, also considering comparable experiences abroad and, where necessary, seeking the advice of an independent consultant.	✓	Chapter 5
Paragraph 5.1
R.26: The Remuneration Committee is composed exclusively of non-executive directors, the majority of whom are independent, and is chaired by an independent director. At least one member of the committee must have appropriate knowledge and experience in financial matters or remuneration policies, to be assessed by the Board of Directors at the time of appointment.
No director may take part in meetings of the Remuneration Committee at which proposals concerning their own	✓	Paragraph 5.1

CERTIFIED

Banca Popolare
di Sondrio
Sondrio S.r.l.
Gruppo BPER Banca

Report on Corporate Governance and Ownership
Structure

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
remuneration are made.
R.27: The remuneration policy for executive directors and top management sets out:
a) an appropriate balance between the fixed and variable components, consistent with the company's strategic objectives and risk management policy, taking into account the nature of the business and the sector in which it operates, and in any case ensuring that the variable component accounts for a significant portion of the total remuneration;
b) maximum limits on the payment of variable components;
c) performance targets, to which the payment of variable components is linked, that are pre-defined, measurable and, to a significant extent, linked to a long-term time horizon. These targets shall be consistent with the company's strategic objectives and aimed at promoting its sustainable success, including, where relevant, non-financial parameters;
d) an appropriate deferral period - relative to the date of vesting - for the payment of a significant portion of the variable component, in line with the nature of the business activity and the associated risk profiles;
e) contractual arrangements that enable the company to request the repayment, in whole or in part, of variable components of remuneration that have been paid (or to withhold deferred amounts), determined on the basis of data that subsequently prove to be manifestly incorrect and on the basis of any other circumstances identified by the company;
f) clear and predetermined rules for the possible payment of severance indemnities for directors, which set an upper limit on the total amount that may be paid by linking it to a specific sum or to a specific number of years of remuneration. No such indemnity shall be paid if the termination of the employment relationship is due to the achievement of objectively inadequate performance.	☑	Paragraph 4.11
R.28: Share-based compensation plans for executive directors and top management provide incentives for alignment with shareholders' interests over the long term, stipulating that a predominant portion of the plan has an overall vesting and retention period of at least five years for the shares granted.	☑	Paragraph 4.11
R.29: The remuneration policy for non-executive directors provides for remuneration commensurate with the expertise, professionalism and commitment required by the duties assigned to them within the Board of Directors and its committees; this remuneration is not linked, except for an insignificant portion, to financial performance targets.	☑	Paragraph 4.11
R.30: The remuneration of the members of the control body shall provide for remuneration that is commensurate with the expertise, professionalism and commitment required by the importance of the role held, as well as the size and sectoral characteristics of the company and its situation.	☑	Paragraph 10.5
R.31: Upon the termination of the term of office and/or the termination of the employment relationship with an executive director or a general manager, the Board of Directors shall, by means of a press release disseminated to the market following the internal processes leading to the award or recognition of any severance pay and/or other benefits, disclose detailed information on:	☑	Chapter 2

146

www.ecopelare.com

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare

di Sondrio

EPOLOGIA NO. 327

Gruppo BPER Banca

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
a) the award or payment of indemnities and/or other benefits, the circumstances justifying their accrual (e.g., due to the expiry of the term of office, removal from office or a settlement agreement), and the decision-making procedures followed within the company for this purpose;
b) the total amount of the severance indemnities and/or other benefits, the components thereof (including non-monetary benefits, the retention of rights under incentive schemes, consideration for non-compete undertakings, or any other remuneration granted for any reason and in any form), and the timing of their payment (distinguishing between the portion paid immediately and the portion subject to deferral mechanisms);
c) the application of any claw-back or malus clauses for a portion of the amount;
d) the compliance of the elements indicated in letters a), b) and c) above with the provisions of the remuneration policy, clearly stating the reasons and the decision-making procedures followed in the event of any deviation, even partial, from the policy;
e) information on the procedures that have been or will be followed to replace the outgoing executive director or general manager.
Article 6 - Internal control and risk management system
Point XVIII: The internal control and risk management system consists of the set of rules, procedures and organisational structures aimed at the effective and efficient identification, measurement, management and monitoring of the main risks, with the objective of contributing to the company's sustainable success.	✓	Chapter 8
Paragraph 8.1
Paragraph 8.2
P.XIX: The Board of Directors shall define the guidelines of the internal control and risk management system in line with the company's strategies and shall assess their adequacy and effectiveness on an annual basis.	✓	Paragraph 8.1
Paragraph 8.2
Paragraph 8.3
P.XX: The Board of Directors shall define the principles governing coordination and information flows between the various parties involved in the internal control and risk management system, with a view to maximising the efficiency of the system, reducing the duplication of activities, and ensuring that the supervisory body performs its duties effectively.	✓	Paragraph 8.3
R.32: The organisation of the internal control and risk management system involves the following parties, each within the scope of their respective responsibilities:
a) the Board of Directors, which is responsible for setting the overall direction and assessing the adequacy of the system;
b) the Chief Executive Officer, who is responsible for establishing and maintaining the internal control and risk management system;
c) the Control and Risk Committee, established within the Board of Directors, which is responsible for supporting the Board of Directors' assessments and decisions relating to the internal control and risk management system and for approving periodic financial and non-financial reports. In companies that adopt the 'one-tier' or 'two-tier' corporate model, the functions of the Control and Risk Committee may be assigned to the supervisory body.
d) the head of the internal audit function, who is responsible for verifying that the internal control and risk	✓	Paragraph 8.3
Paragraph 8.4
Paragraph 8.5

CERTIFIED

Banca Popolare
di Sondrio
Sondrio S.r.l.
Gruppo BPER Banca

Report on Corporate Governance and Ownership
Structure

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
management system is functional, appropriate and consistent with the guidelines established by the Board of Directors;
e) the other corporate functions involved in controls (such as the risk management function and the legal and compliance risk management function), structured according to the company's size, sector, complexity and risk profile;
f) the supervisory body, which oversees the effectiveness of the internal control and risk management system.
R.33: The Board of Directors, with the support of the Control and Risk Committee:
a) defines the guidelines of the internal control and risk management system in line with the company's strategies and, at least once a year, assesses the adequacy of this system in relation to the company's characteristics and the risk profile assumed, as well as its effectiveness;
b) appoints and dismisses the head of the Internal Audit Function, determines their remuneration in accordance with company policies, and ensures that they are provided with adequate resources to perform their duties. If it decides to outsource the Internal Audit Function, in its entirety or for specific business segments, to a party external to the company, it shall ensure that this party meets the appropriate standards of professionalism, independence and organisation, and shall provide adequate justification for this decision in the corporate governance report;
c) at least once a year, approves the work plan prepared by the head of the Internal Audit Function, after consulting the supervisory body and the Chief Executive Officer;
d) assesses the advisability of adopting measures to ensure the effectiveness and impartiality of judgement of the other company functions referred to in Recommendation 32, letter e), verifying that they are equipped with the appropriate professional skills and resources;
e) assigns the supervisory functions referred to in Article 6(1)(b) of Legislative Decree No 231/2001 to the supervisory body or to a body specifically established for that purpose. If the body is not the same as the supervisory body, the Board of Directors shall consider appointing to the body at least one non-executive director and/or a member of the supervisory body and/or the holder of the company's legal or control functions, in order to ensure coordination between the various parties involved in the internal control and risk management system;
f) after consulting the control body, assesses the findings presented by the independent auditor in any letter of recommendations and in the additional report addressed to the control body;
g) in the corporate governance report, describes the main features of the internal control and risk management system and the arrangements for coordination between the parties involved in the system, indicating the relevant national and international models and best practices, expresses its overall assessment of the adequacy of the system, and reports on the decisions made regarding the composition of the supervisory body referred to in point (e) above.	✓	Paragraph 8.3
R.34: The Chief Executive Officer shall:
a) ensures that the main corporate risks are identified, taking into account the nature of the activities carried out by the company and its subsidiaries, and periodically submits them to the Board of Directors for review;
b) implements the guidelines established by the Board of Directors, overseeing the design, implementation and	✓	Paragraph 8.3

148

CERTIFIED

Report on Corporate Governance and Ownership Structure

Financial year 2025

Banca Popolare di Sondrio BANCCHI SRL S.R.L.

Gruppo BPER Banca

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
management of the internal control and risk management system, continuously verifying its adequacy and effectiveness, and ensuring that it is adapted to changing operating conditions and to the legislative and regulatory landscape;
c) may instruct the Internal Audit Function to carry out audits of specific operational areas and of compliance with internal rules and procedures in the execution of company transactions, simultaneously notifying the Chair of the Board of Directors, the Chair of the Control and Risks Committee and the Chair of the Control Body;
d) promptly reports to the Control and Risk Committee on any issues or critical matters that have arisen in the course of their work, or of which they have otherwise become aware, so that the Committee can take the appropriate action.
R.35: The Control and Risk Committee is composed solely of non-executive directors, the majority of whom are independent, and is chaired by an independent director.
As a whole, the Committee possesses adequate expertise in the business sector in which the company operates, enabling it to assess the associated risks; at least one member of the Committee possesses adequate knowledge and experience in accounting and finance or in risk management.
In assisting the Board of Directors, the Control and Risk Committee:
a) after consulting the Manager responsible for preparing the Company's accounting documents, the statutory auditor and the supervisory body, assesses the correct application of accounting standards and, in the case of groups, their consistency for the purposes of preparing the consolidated financial statements;
b) assesses the suitability of the periodic financial and non-financial information to accurately represent the company's business model, strategies, the impact of its activities and the performance achieved, coordinating with any committee established pursuant to Recommendation 1, letter a);
c) reviews the content of periodic non-financial information that is relevant to the internal control and risk management system;
d) provides opinions on specific aspects relating to the identification of the principal business risks and supports the assessments and decisions of the Board of Directors concerning the management of risks arising from adverse events of which the Board has become aware;
e) reviews the periodic reports and those of particular significance prepared by the internal audit function;
f) monitors the independence, adequacy, effectiveness and efficiency of the Internal Audit Function;
g) may instruct the Internal Audit Function to carry out audits of specific operational areas, simultaneously notifying the Chair of the control body;
h) reports to the Board of Directors, at least when the annual and the consolidated half-year financial report are approved, on its activities and on the adequacy of the internal control and risk management system.	✓	Paragraph 5.2
R.36: The Head of the Internal Audit Function is not responsible for any operational area and reports directly to the Board of Directors. They shall have direct access to all information relevant to the performance of their duties.
The Head of the Internal Audit Function:
a) Reviews, both on an ongoing basis and in response to specific needs, and in accordance with international standards, the functioning and adequacy of the internal control and risk management system, through an audit plan	✓	Paragraph 8.4

CERTIFIED

Banca Popolare
di Sondrio
FONDESI UCC S.P.A.
Gruppo BPER Banca
Report on Corporate Governance and Ownership
Structure

Principles and Recommendations of the Corporate Governance Code	Applied	Main references in the Report
approved by the Board of Directors and based on a structured process of analysis and prioritisation of the main risks;
b) prepares periodic reports containing appropriate information on its activities, on the methods used to manage risks, and on compliance with the plans drawn up to mitigate those risks. These periodic reports shall include an assessment of the adequacy of the internal control and risk management system;
c) also at the request of the control body, promptly prepares reports on events of particular significance;
d) forwards the reports referred to in letters b) and c) to the chairs of the control body, the Control and Risk Committee and the Board of Directors, as well as to the Chief Executive Officer, except in cases where the subject of these reports specifically concerns the activities of these individuals;
e) As part of the audit plan, verifies the reliability of the information systems, including the accounting systems.
R.37: Any member of the control body who, on their own behalf or on behalf of a third party, has an interest in a specific company transaction shall promptly and comprehensively inform the other members of the control body and the Chair of the Board of Directors of the nature, terms, origin and extent of their interest.
The supervisory body and the Control and Risk Committee shall promptly exchange information relevant to the performance of their respective duties. The Chair of the control body, or another member designated by the Chair, shall participate in the work of the Control and Risk Committee.	☑	Paragraph 5.2
Paragraph 9.1
Paragraph 10.3

150

emarket

Prepared by

Banca Popolare di Sondrio spa

For further information, please contact

Banca Popolare di Sondrio spa

Piazza Garibaldi, 16

23100 Sondrio

AI assistant

Bper Banca — Governance Information 2026

4395_rns_2026-04-01_581e14a6-eaff-4e35-8fb3-1e4346240b65.pdf

Banca Popolare di Sondrio

REPORT

ON CORPORATE GOVERNANCE

AND OWNERSHIP STRUCTURE

Banca Popolare di Sondrio

REPORT

ON CORPORATE GOVERNANCE

AND OWNERSHIP STRUCTURE

CONTENTS

GLOSSARY

1. ISSUER PROFILE

1.1 CORPORATE SUSTAINABILITY PROFILE

2. INFORMATION ON THE OWNERSHIP STRUCTURE (PURSUANT TO ART. 123-BIS OF THE CONSOLIDATED FINANCE ACT) AS AT 31/12/2025

A) SHARE CAPITAL STRUCTURE

B) RESTRICTIONS ON THE TRANSFER OF SECURITIES

C) SIGNIFICANT EQUITY HOLDINGS

D) SECURITIES CONFERRING SPECIAL CONTROL RIGHTS

E) EMPLOYEE SHARE OWNERSHIP: MECHANISM FOR EXERCISING VOTING RIGHTS

F) RESTRICTIONS ON VOTING RIGHTS

G) SHAREHOLDER AGREEMENTS

H) CHANGE OF CONTROL CLAUSES AND ARTICLES OF ASSOCIATION PROVISIONS RELATING TO TAKEOVER BIDS

I) INDEMNITIES FOR DIRECTORS IN THE EVENT OF RESIGNATION, DISMISSAL OR TERMINATION OF EMPLOYMENT FOLLOWING A TAKEOVER BID

L) APPOINTMENT AND REPLACEMENT OF DIRECTORS AND APPLICABLE RULES ON AMENDMENTS TO THE ARTICLES OF ASSOCIATION

M) POWERS TO INCREASE THE SHARE CAPITAL AND AUTHORISATIONS TO PURCHASE TREASURY SHARES

N) DIRECTION AND COORDINATION ACTIVITIES

3. ADHERENCE TO CODES OF CONDUCT

3.1 ADHERENCE TO THE CORPORATE GOVERNANCE CODE

3.2 LETTER FROM THE CHAIR OF THE CORPORATE GOVERNANCE COMMITTEE DATED 18 DECEMBER 2025

4. BOARD OF DIRECTORS

4.1 ROLE OF THE BOARD OF DIRECTORS

4.2 APPOINTMENT AND REPLACEMENT OF DIRECTORS

4.3 COMPOSITION OF THE BOARD OF DIRECTORS

Diversity criteria and policies in the composition of the Board and in the company's organisation

Verification of the eligibility requirements and limits on the accumulation of offices held in other companies by corporate officers

4.4 OPERATION OF THE BOARD OF DIRECTORS

4.5 ROLE OF THE CHAIR OF THE BOARD OF DIRECTORS

4.6 SECRETARY OF THE BOARD OF DIRECTORS

4.7 MANAGING DIRECTORS

4.8 EXECUTIVE COMMITTEE

Report to the Board by managing directors / delegated bodies

4.9 OTHER EXECUTIVE DIRECTORS

4.10 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR

4.11 DIRECTORS' REMUNERATION

4.12 DIRECTORS' SELF-ASSESSMENT AND SUCCESSION

DIRECTORS' SELF-ASSESSMENT

Directors' succession

4.13 PROFESSIONAL PROFILES OF THE DIRECTORS

ANDREA CASINI

INCARICHI E POSIZIONI ATTUALI

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

ISTRUZIONE

GIUSEPPE RECCHI

INCARICHI E POSIZIONI ATTUALI

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

ISTRUZIONE

ELVIO SONNINO

INCARICHI E POSIZIONI ATTUALI

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

ISTRUZIONE

GABRIELE BENI

INCARICHI E POSIZIONI ATTUALI

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

ISTRUZIONE

CRISTIANO CINCOTTI

INCARICHI E POSIZIONI ATTUALI

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

ISTRUZIONE

ELENA CONFORTI

INCARICHI E POSIZIONI ATTUALI

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

ISTRUZIONE

ROBERTO GIAY

INCARICHI E POSIZIONI ATTUALI

ESPERIENZE, ATTIVITÀ E INCARICHI PREGRESSI

ISTRUZIONE

STEFANO VITTORIO KUHN

INCARICHI E POSIZIONI ATTUALI

Bper Banca Governance Information 2026