CRO's summary of the year

About this report

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk

CRO's summary of the year

Risk and capital management Pillar 3 | 2023

of 10 per cent of total economic capital. Utilisation of the risk limits set by the Board of Directors has been moderate and only minor adjustments were made to the market risk limits in 2023.

Liquidity risk is managed in accordance with the Group policy for risk management and the Group instructions for management, reporting and control of liquidity risk. The Board has set internal limits for Liquidity Coverage Ratio (LCR), Net Stable Funding Ratio (NSFR), ratio of deposits to net loans and minimum requirement for own funds and eligible liabilities (MREL) in the risk appetite framework. In line with the bank's risk strategy and risk appetite, liquidity risk should be low and bolster the bank's financial strength. DNB aims to have a balance sheet structure which reflects the liquidity risk profile of an international bank with AA-level long-term credit ratings.

DNB had good access to diversified funding sources in different currencies in 2023. The risk profile was satisfactory and low throughout the year. The ratio between deposits and lending remained at a high level, and the liquidity indicators LCR and NSFR for the DNB Group were at satisfactory levels. During 2023, DNB issued several non-preferred senior bonds and was well within the requirements for both MREL capital and non-preferred debt.

DNB is one of the few banks with a long-term credit rating of AA from both S&P Global and Moody's, AA- and Aa2, respectively. In addition, DNB has a short-term credit rating of A-1+ from S&P Global and P-1 from Moody's, both of which are the highest rating score. S&P Global and Moody's confirmed DNB's ratings in November and October 2023, respectively.

Reputational risk is followed up through monitoring and analyses of media coverage and customer satisfaction. The risk appetite framework states that DNB is to work for a good reputation and deliver on expectations from society and our stakeholders. In 2023, DNB's reputation, as measured by Traction, was lower than DNB's target. In particular, the situation with higher interest rates led to negative media reports and frustration among some customers.

Sustainability risk or ESG (environmental, social and governance) risk is managed in accordance with the Group policy for risk management, the Group policy for sustainability and the frameworks and instructions for risk management of the various risk types. According to the Group instructions for sustainability in credit activities, sustainability risk is to be assessed in the same way as other risk factors. ESG risk assessments are an integrated part of DNB's credit decision process for all corporate customers with credit exposure above NOK 8 million.

Efforts to strengthen the collection, structuring and analysis of ESG data continued through 2023. The transition plan for how we will achieve our overall goal of net zero emissions by 2050, and how we can best serve our role as a driving force for sustainable transition, was published in October 2023 and can be found on dnb.no/sustainability-reports.

Operational risk is managed in accordance with the Group policy for risk management and the Group instructions for operational risk. The Board has set limits in risk appetite for how much operational risk DNB is willing to accept. The Board is notified immediately if any significant events arise. The Board receives a detailed report on the operational risk in the Group as part of the quarterly risk report.

Total operational losses were NOK 1 029 million in 2023. The greatest operational risk is information security and is associated with extensive and increasingly advanced cyber attacks. The Group's cyber security roadmap includes standardised controls, security culture and competence. Both internal and external assessments indicate that DNB has a strong cyber defence. IT operational performance was stable during the year, with few critical incidents.

→ Risk statement from the Board of Directors

About this report

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk

CRO's summary of the year Risk statement from the Board of Directors

Risk and capital management Pillar 3 | 2023

Oslo, 13 March 2024 The Board of Directors of DNB Bank ASA

Olaug Svarva (Chair of the Board)

Jens Petter Olsen (Vice Chair of the Board)

Gro Bakstad Christine Bosse Petter-Børre Furberg

Jannicke Skaanes Kim Wahl

Sverre Krog (Group Chief Risk Officer, CRO)

Julie Galbo Lillian Hattrem Stian Tegler Samuelsen

Kjerstin R. Braathen (Group Chief Executive Officer, CEO)

CRO's summary of the year

→ Risk statement from the Board of Directors
Contents
About this report
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Key figures

Capital	31 Dec. 2023	31 Dec. 2022
Risk exposure amount (NOK billion)	1 100	1 062
Own funds (NOK billion)	247	231
CET1 capital ratio (per cent)	18.2	18.3
Capital adequacy (per cent)	22.5	21.8
Leverage ratio (per cent)	6.8	6.8
Liquidity
LCR, significant currencies (per cent)	129	136
NSFR, significant currencies (per cent)	117	114
Credit and counterparty credit risk
Credit risk, EAD (NOK billion)1	2 381.4	2 339.2
- of which counterparty credit risk, EAD (NOK billion)	54.5	78.2
Impairment of financial instruments (NOK billion)	(2.6)	0.3
Risk exposure amount, credit and counterparty credit risk (NOK billion)	987.9	967.8
Market risk
Market risk as a share of economic capital (per cent)2	12.0	12.2
Risk exposure amount, market risk (NOK billion)	12.4	14.0
Operational risk
Operational losses (NOK million)	1 028.9	415.7
Risk exposure amount, operational risk (NOK billion)	121.2	105.4
Reputational risk, Traction (points)	57	60

1 Excluding institutions, government, central banks, equity positions and exposure in associated companies. Counterparty risk has been included.

2 Including strategic ownership.

Development in risk exposure amount (REA)

Capital adequacy ratio

Additional Tier 1 capital Tier 2 capital

Leverage ratio

Per cent

→ Contents

About this report

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk

CRO's summary of the year Risk statement from the Board of Directors

Risk and capital management Pillar 3 | 2023

2
4
8
9
9
10
11
11

12
13

13
15
18
18
20
20
22

2. Capital management	24
Capital adequacy and regulatory requirements	25
Capital management and ICAAP	29
Stress testing of capital	32

3. Liquidity risk and asset and
liability management	35
Developments in liquidity risk in 2023	36
Funding	37
Asset encumbrance	39
Liquidity reserve	39
Liquidity risk management and control	41
Stress testing of liquidity risk	42

4. Credit risk	44
Developments in credit risk in 2023	46
Capital requirements for credit risk	50
Overview of credit exposures	53
Impairment and default	54
Internal measurement methods (IRB)	57
Exposures in the IRB portfolios	60
Credit risk exposures under the standardised
approach	61
Management and control of credit risk	62
Stress testing	65

5. Counterparty credit risk	66
Developments in counterparty credit risk in 2023	67
Capital requirements for counterparty credit risk	67
Risk-mitigating measures	67
Settlement risk	68

Management and control of counterparty credit risk	69
Stress testing and wrong way risk	69

6. Market risk	70
Developments in market risk in 2023	71
Capital requirements for market risk	71
Market risk exposure	72
Management and control of market risk	77
7. Operational risk	78
Developments in operational risk in 2023	79
Capital requirements for operational risk	80
Management and control of operational risk	80
Reputational risk	82
8. ESG risk	83
Developments in ESG risk in 2023	84
Management and control of ESG risk	90
Roles and responsibilities	90
Management of ESG risk in the different
risk types	91
Stress testing	92
9. Appendix	93
Appendix 1	94
Appendix 2	108
Appendix 3	115

CRO's summary of the year Risk statement from the Board of Directors

→ About this report
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and

capital management Pillar 3 | 2023

About this report

The Pillar 3 report provides information about DNB's risk management, risk measurement and capital adequacy, and supplements the extensive information provided in DNB's annual report, quarterly interim reports and fact books.

Regulatory framework

This report, with the additional Excel disclosures, has been prepared in accordance with the Capital Requirements Regulation and Directive (CRR and CRD) including Commission Delegation Regulation 2022/2453 as regards the disclosure of environmental, social and governance risks, which was implemented in Norway 3 April 2023. Articles 431–455 in CRR II specify the reporting requirements. This report,

together with DNB's annual report and the Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)', provides the consolidated disclosure of DNB as required in these regulations and the guidelines given by the European Banking Authority (EBA) in 'Guidelines on disclosure requirements under Part Eight of Regulation (EU) No 575/2013 (GL 2016/11)'.

The capital requirements regulation consists of three pillars:

→ Pillar 1 covers the regulatory requirements for banks' capital and descriptions of the calculation methods for risk exposure amounts and own funds.
→ Pillar 2 sets out requirements for the Internal Capital Adequacy Assessment Process (ICAAP) and the bank's responsibility for assessing risks other than those described under Pillar 1.
→ Pillar 3 covers public disclosure requirements and allows the market to assess financial institutions' capital and risk management.

The methods used to calculate capital requirements for the various risk categories are illustrated in the figure to the left. DNB reports credit risk according to the advanced IRB approach (A-IRB), using internal risk models to calculate the capital requirement. Some credit portfolios are temporarily or permanently exempt from IRB reporting and are reported according to the standardised approach. Market risk is measured using the standardised approach. Operational risk is reported using the standardised approach.

→ About this report
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

Risk and capital management Pillar 3 | 2023

The Board of Directors of DNB Bank ASA approves the guidelines and procedures for Pillar 3 reporting and reviews the report prior to publication. The Pillar 3 report is not subject to external audit.

Legal structure and consolidation rules

This report complements DNB's annual report with additional information and is intended to be read in conjunction with the annual report, in particular the section on Corporate Governance and the disclosures relating to remuneration. Together with the annual report, this report provides information on DNB's material risks and includes details on the Group's risk profile which form the basis for the calculation of capital requirements.

The Pillar 3 report is based on the Group's consolidated situation as at 31 December 2023. The DNB Group consists of several legal entities, where subsidiaries are defined as companies where DNB has direct or indirect control. DNB Bank ASA is the parent company in the DNB Group and has several subsidiaries, including DNB Livsforsikring AS and DNB Asset Management Holding AS, each having underlying subsidiaries. The CRR/CRD regulations do not apply to insurance companies, therefore DNB Livsforsikring AS will publish its own Pillar 3 report, 'Solvency and Financial Condition Report', on 8 April 2024. When this report refers to 'DNB' or 'the Group' or 'the bank', it normally relates to the activities in DNB that are regulated by CRR/CRD.

DNB prepares its consolidated financial statements in accordance with the international accounting standards IFRS. A description of the accounting principles is presented in the Group's annual report. When the consolidated financial statements are prepared, intra-Group transactions and balances, as well as unrealised gains or losses on these transactions between Group entities, are eliminated. The consolidation rules under the capital requirements regulations for banks and investment firms (CRR/CRD) deviate from the consolidation of the annual financial statements for the DNB Group, and the differences between the accounting and regulatory scopes of consolidation are shown in Tables EU CC2 and EU LI1 in the appendix to this report. In accordance with the capital requirements regulations, only companies in the financial sector and companies providing ancillary services are included in the consolidated capital adequacy. Associated companies are proportionally consolidated (pro rata up to 50 per cent) based on DNB's ownership interest.

For 2023, this applies to the following companies:

→ Eksportfinans (ownership interest of 40 per cent). DNB Bank ASA has also issued guarantees for other loans in Eksportfinans. The transactions have been carried out on ordinary market terms as if they had taken place between independent parties.
→ Luminor Group AB (ownership interest of about 20 per cent).
→ Vipps AS (ownership interest of about 47 per cent).

At year-end 2023, DNB's share of the risk exposure amounts for credit and market risk in Eksportfinans amounted to NOK 0.6 billion, and NOK 14 billion in Luminor. The companies are also included in the basis for calculating capital requirements for operational risk. Risk exposure amounts in Vipps were insignificant. Consolidation of capital adequacy is based on the valuation principles used in the operating companies' financial statements. The valuation principles that form the basis for solvency calculations in the respective companies at the national level are applied to shareholdings in the foreign companies that are being consolidated. The solvency report for the consolidated Group (cross-sectoral reporting) includes the subsidiary DNB Livsforsikring AS and the pro rata consolidation of Fremtind AS, where DNB has a 35 per cent ownership interest at the end of 2023.

CRO's summary of the year Risk statement from the Board of Directors
Contents
→ About this report
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Sbanken

Sbanken became a wholly owned subsidiary of DNB in 2022 and the merger was completed in 2023. Sbanken is included in DNB's risk management and control processes and in all tables and figures in this Pillar 3 report.

Significant subsidaries

DNB Boligkreditt AS is a wholly owned subsidiary of DNB Bank ASA and provides loans secured by residential property for up to 75 per cent of the value of the property. Based on developments in international capital markets, DNB Boligkreditt has been given a key role in ensuring the DNB Group long-term and solid financing. This is done through the issuance of covered bonds. DNB Boligkreditt AS is defined as a large institution pursuant to Article 4.1 (146) and must comply with the reporting requirement in Article 13 of the CRR. The relevant tables for DNB Boligkreditt (Articles 437, 438, 440, 442, 450, 451, 451a and 453) are shown in the Excel disclosure. The figures and information in these attachments should be viewed in the context of DNB Boligkreditt's annual report.

For an overview of the Group's legal structure, see: https://www.dnb.no/portalfront/nedlast/en/about-us/ Legal\_structure\_DNB\_Group\_30\_November\_2023.pdf

Information in accordance with Pillar 3 requirements is published quarterly in separate Excel files, see: https://www.ir.dnb.no/press-and-reports/financial reports

For more information on DNB's Corporate Governance, see DNB's annual report: https://www.ir.dnb.no/press-and-reports/financial reports

For more information on DNB's remuneration scheme, see DNB's annual report: https://www.ir.dnb.no/press-and-reports/financial reports

1 Risk management and control

2 Capital management

3 Liquidity risk and asset and liability management Corporate governance and the risk and capital management framework

4 Credit risk Authorisations

5 Counterparty credit risk Monitoring and reporting

6 Market risk Stress testing

3. Liquidity risk and asset and liability management

7 Operational risk 8 Climate risk Recovery plan and public crisis management

9 Appendix 2. Capital management

Risk and capital management Pillar 3 | 2023 Pillar 3 | 2023Introduction 1. Risk management

1. Risk management and control

The Group must, at all times be able to identify, assess, manage, measure, monitor report and control relevant risks. Risk management should support a healthy risk culture and good business practice.

Risk culture

The Group's risk management is designed to build a healthy risk culture and support good business practice. A good risk culture is based on all employees being aware of their responsibilities and proactively contributing to coherent and comprehensive risk management. All levels in the organisation must have access to relevant and necessary risk information. Each individual manager must ensure that employees understand and take an active approach to risk and potential returns.

1. Risk management and control
→ Risk management
→ Corporate governance and the risk and capital management framework
Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
Risk appetite
Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Risk management

The risk management and control framework states that DNB is to have proactive management of risk with clear and appropriate guidelines and procedures that enable DNB to make well-informed risk decisions.

DNB must only assume risks that are understood and can be managed. Risk must be an integral part of the governance and remuneration system, through indicators that operationalise risk limits and risk strategies and that are followed up by managers individually. Managers are responsible for requiring and establishing adequate risk reporting in their own unit.

Risk management must be of good quality and have high information value. The concept of risk management includes coordinated activities, processes and measures that ensure that assessed risks are managed, monitored, controlled and reported to an adequate extent and in line with DNB's guidelines and requirements.

Corporate governance and the risk and capital management framework

Corporate governance in DNB is about how the Board and DNB's management exercise their roles to preserve and develop the company's values in an optimal manner. DNB's executives and Board of Directors carry out an annual assessment of corporate governance principles and practices.

Risk management is part of our business operations and is integrated into DNB's performance management processes and management system. Our governing documents outline how we are to work with risk management. The highest level of our governing documents is our Governance principles, which include principles relating to:

→ strategy and values
→ risk appetite
→ attracting, safeguarding and developing employees
→ ethics (Code of Conduct)
→ internal control, risk management and compliance
→ application of DNB's governing requirements.

Of these, 'Principles for risk appetite' and 'Principles for internal control, risk management and compliance' are particularly related to the management and control of risk. The Governance principles are elaborated in the Group policy for Risk Management in DNB.

The Board determines the long-term risk profile through DNB's risk appetite framework, which is assessed and renewed at least once a year. The targets and limits set out in the risk appetite framework are reflected in other parts of risk management, including authorisations and business frameworks. The framework for risk appetite is described in more detail on page 21.

The capitalisation assessment (Internal Capital Adequacy Assessment Process, ICAAP) is integrated into governance processes through the risk appetite framework and general monitoring of risk trends. ICAAP is described in more detail in the chapter on capital management.

The recovery plan is intended to ensure that DNB can recover from a very serious stress situation, without involvement or support from the authorities. The plan is renewed annually and is an integral part of DNB's risk and capital management. There is overlap between the indicators in the recovery plan and the risk appetite framework, so risk appetite also acts as an early warning system. Both frameworks are followed up and reported monthly to Group Management and quarterly to the Board. The recovery plan is described in more detail later in this chapter.

To be as prepared as possible to handle serious business and operational disruptions, DNB must have a framework for business continuity and crisis management. This includes plans for transition to back-up solutions for information technology, for outsourced operations, for recovery from financial stress and for the continuation of critical functions in a crisis management situation.

For more detailed description of DNB's corporate governance, see the annual report and the corporate governance report at ir.dnb.no.

1. Risk management and control
Risk management
→ Corporate governance and the risk and capital management framework
Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
Risk appetite
Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Governing bodies of DNB Bank ASA

As at 31 December 2023

The Board has overall responsibility for ensuring that DNB has appropriate internal control, including for risk management and compliance. The Board also determines the Group's overall risk appetite. The Board evaluates its work and competence related to the enterprise's internal control, including related to risk management and compliance, at least annually.

The CEO is responsible for ensuring that the Board's internal control guidelines, including risk management and compliance, are implemented in the business.

Roles and responsibilities related to internal control, including risk management and compliance, are distributed according to a corporate governance model with three lines of defence.

→ The first line of defence covers all of DNB's operational functions (business areas, staff units and support units). Operational management is responsible for establishing, managing and following up internal control, including risk management and compliance, within its own area of responsibility. All risk is owned by the first line. Risk is to be owned at the lowest possible organisational level. Roles, responsibilities, and distribution of risk between business areas, staff units and support units within the first line are set out in the Group's governance model and are specified in the units' governing documents. Employees are responsible for maintaining good internal control in their daily work tasks.
→ The second line of defence consists of the risk management function and the compliance function. Risk management and compliance must be independent control functions that report to the general manager and must have the opportunity to report their assessments to the Board. The functions must have the necessary authority, expertise, expertise and resources, as well as access to all relevant information. The functions are
1. Risk management and control
Risk management
→ Corporate governance and the risk and capital management framework
→ Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
Risk appetite
Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

to be involved in and contribute to assessing the risk associated with the introduction of new strategies, organisational changes and other changes in the business, provided that such changes in the business are to be regarded as significant. Responsibilities and how the tasks are to be performed are described in more detail in the frameworks for the risk management and compliance functions, respectively.

→ The third line of defence is internal audit (Group Audit) and assists the Board in ensuring that there is sufficient quality in all material elements of the Group's internal control, including for risk management and compliance. Group Audit is mandated by the Board of Directors of DNB Bank ASA, which also approves the audit's annual plans and budgets. Group Audit is responsible for ensuring that adequate and effective internal control and risk management have been established and implemented. Group Audit must also assess whether management processes and control measures are effective and contribute to the Group's goal attainment.

Roles and responsibilities Group Risk Management

Group Risk Management (GRM) is the independent risk management function in DNB. This function is responsible for advising the first line of defence on risk management issues, and must have the competence and capacity to contribute proactively to sound risk management in all parts of the Group. In addition, GRM is to monitor, control and report on the risk situation independently of the units that own and manage the risks.

GRM is led by the Chief Risk Officer (CRO), who is a member of the Group Management team and has the opportunity to report directly to the Board of Directors. The CRO cannot be dismissed without the approval of the Board.

GRM's areas of responsibility include:

→ determining the Group's risk appetite and ensuring that the risk appetite framework functions effectively;
→ preparing frameworks and instructions for the management of the different risk types;
→ endorsing decisions on risk-taking in the areas of credit, market and liquidity risk;
→ owning and managing models and measurement methods for financial risk;
→ having the overall responsibility for the independent validation of models;
→ having the overall responsibility for stress testing and for recommending measures based on the conclusions of the stress tests;
→ carrying out independent assessments and controls of the risk level and reporting on risk to the Group Management team and the Board;
→ preparing the Group's recovery plan and following up the Group's crisis management plan.

GRM is to be involved in assessments that have a material impact on DNB's overall risk exposure and is to ensure that risks are adequately assessed, managed, measured, monitored, reported and controlled by the relevant business areas and staff and support units.

GRM has separate specialist units that are responsible for frameworks and risk control within credit risk, market risk, liquidity risk, model risk and operational risk. In addition, GRM has independent units that are responsible for model development, model validation, risk data, risk analysis, recovery and resolution planning/the resolution regulations, stress testing and risk reporting.

ESG risk is a risk that must be taken into account in the management of all risk types. ESG risk assessment requirements have therefore been incorporated into the frameworks for all risk types. GRM is responsible for collecting and reporting ESG risk in Pillar 3.

1. Risk management and control

Corporate governance and the risk and capital management framework

→ Roles and responsibilities

Monitoring and reporting

2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

Risk and capital management Pillar 3 | 2023

For more on management and control see also the descriptions in separate chapters on management and control of liquidity risk, credit risk, counterparty credit risk, market risk, operational risk and ESG risk.

The compliance function

The Group Chief Compliance Officer (GCCO) leads the compliance function. The GCCO reports directly to the CEO and can, if necessary, report to the Board. The GCCO establishes a framework for the compliance functions in all business areas and support units, branch offices or companies in the DNB Group licensed under financial market regulations. Other companies, by decision of the GCCO, must have a compliance function that is part of the overall compliance function.

DNB's compliance function is an independent control function in the second line of defence that assists the Board, the CEO and other first line executives in their efforts to ensure that DNB conducts its business activities in accordance with relevant rules and legislation. The compliance function comes in addition to the first line's independent responsibility for internal control and for compliance with rules and legislation of importance to the unit or entity concerned.

The compliance function provides advice and guidance on compliance, in addition to monitoring and controlling compliance. The compliance function is also responsible for reporting and providing information on the status of compliance and compliance risks. The compliance function takes a risk-based approach to its work, mainly based on rules and legislation that set conditions and requirements for DNB's licensed activities. This applies to financial, regulatory, competition and data protection rules and legislation, as well as rules and legislation intended to counteract money laundering, corruption and sanctions violations.

The monitoring and control carried out by the compliance function include an assessment of whether sufficiently effective policies and procedures have been developed to detect compliance risks. This work also includes an assessment of preventive measures and procedures. The compliance functions must be involved in and contribute to assessing the risk associated with the introduction of new strategies, organisational changes and other changes in business operations.

Group Audit

DNB's internal audit (Group Audit) assists the Board in ensuring that there is quality in all significant aspects of the Group's risk management. Group Audit takes its instructions from the Board of Directors, which also approves the audit's annual plans and budgets.

For a more detailed description see the annual report and corporate governance report at ir.dnb.no.

Group Committees

Committees have been established to assist Group Executive Vice Presidents with decision-making, monitoring and control in various specialist areas:

→ The Asset and Liability Committee (ALCO) is an advisory body to the Chief Financial Officer (CFO). The ALCO monitors the Group's capital expenditures and asset allocation. In addition, the ALCO monitors risk exposures within market and liquidity risk. The committee is a meeting place for information sharing and coordination between entities that operationally manage market and liquidity risk and Group Risk Management as an independent risk control function.
→ The Group Credit Committee (GCC) is chaired by the Chief Risk Officer (CRO). The GCC handles large or complex credit cases and credit cases with a particularly high risk of money laundering. The committee also considers administrative matters, including industry reports, credit regulations, risk reports, stress testing, model changes and credit strategies. The GCC handles and endorses credit cases based on personal authorisations. The Group Executive Vice President for the business area that has the case is the extender and CRO is the endorser. The Group Chief Compliance Officer is a permanent member of the committee.

Corporate governance and the risk and capital management framework

→ Roles and responsibilities

Monitoring and reporting

Risk appetite
Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk

Risk and capital management Pillar 3 | 2023

→ The Financial Markets Risk Committee (FMRC)

is chaired by the Group Executive Vice President for Market and Liquidity Risk Management. The FMRC is responsible for approving and supervising principles and processes for activities involving market risk in DNB. This includes recommending market risk limits and approving and following up guidelines, methodology and control for market risk and counterparty risk.

→ The Non-Financial Risk Committee (NFRC) is chaired by the Chief Risk Officer (CRO) and contributes to developing DNB's management of non-financial risk. The NFRC contributes to a consistent approach and joint coordination of firstline responsibility for managing operational risk, compliance and reputational risk. The committee exchanges information, coordinates activities and advises on complex individual cases. Subject matter groups reporting to the NFRC follow up progress in areas such as money laundering, IT risk, thirdparty risk and data protection. The Group Chief Compliance Officer is a permanent member of the committee.

→ The Group Sustainability Committee (GSC) is chaired by the Group Executive Vice President for Communications & Sustainability. The GSC is a Group-wide committee tasked with ensuring that sustainability is an integral part of all areas of the business, in addition to coordinating efforts and ensuring close follow-up of the Group's strategic sustainability ambitions. The committee is also responsible for ensuring progress and goal attainment in its sustainability work in accordance with the Group Policy on Sustainability. It is also responsible for conducting the assessment of the status of sustainability-related KPIs as part of the strategic dashboard used by Group Management and the Board of Directors. The GSC also monitors the Group's implementation of ESG laws and regulations.

Chief Executive Officer (CEO) and Group Management Meeting

The CEO is responsible for implementing risk management that contributes to meeting the business targets set by the Board, including effective management systems and internal control. The Group Management Meeting is the CEO's collegium for senior management. All significant decisions relating to risk and capital management are generally made in consultation with the Group Management team. The Group Executive Vice Presidents of the business areas and support units participate in the Group Management Meeting.

Board of Directors and Board Committees

DNB's Board of Directors has overall responsibility for the company's activities and establishes, among other things, the Group's strategy and overall goals, and ensures satisfactory reporting. The Board also sets limits for risk appetite and sets limits for how much risk DNB is willing to accept in order to achieve set goals and ambitions.

The Board is responsible for ensuring that the Group is adequately capitalised relative to the risk and scope of the business, in addition to ensuring compliance with capital requirements. The Board carries out an ongoing assessment of the capital situation; see further discussion in the chapter on capital management and ICAAP (Internal Capital Adequacy Assessment Process).

Each year, the Board of Directors reviews the CEO's report on the status of internal control. The report also includes an assessment of the principal risk areas in the Group. The review documents the quality of the work on internal control and risk management, and it is intended to identify any weaknesses and needs for improvement.

1. Risk management and control

Corporate governance and the risk and capital management framework

→ Roles and responsibilities
→ Authorisations
→ Monitoring and reporting

2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

Risk and capital management Pillar 3 | 2023

Risk Management Committee

The Risk Management Committee monitors the systems for internal control, risk management and internal auditing, and ensures that they function effectively. The committee considers changes to systems and procedures that are submitted to the Board for approval. In addition, the committee advises the Board on risk profile, including risk appetite, and the committee prepares the Board's follow-up of risk development and risk management. Advice to the Board also includes strategies for capital and liquidity management, credit risk, market risk, operational risk, compliance risk, reputational risk and other risks. The committee consists of up to four Board members who are elected for two years at a time. It is also a requirement that at least one of the committee's members has extensive experience in identifying, assessing and managing risk in large and complex companies. The organisation of DNB's Risk Management Committee, and the quarterly reporting of risk management to the Board of Directors, is considered to cover the relevant requirements in the countries in which DNB operates, including the US CFR §252.144.1

1 CFR § 252.144 – 'Risk management and committee requirements for foreign banking organizations with \$100 billion or more in total consolidated assets but less than \$100 billion in total U.S. assets'

Audit Committee

The Audit Committee is responsible for ensuring that the DNB Group has independent, efficient and objective external and internal audits and satisfactory financial reporting in accordance with laws and regulations. The Audit Committee also has specified tasks related to the quality assurance of the Group's sustainability reporting. The Audit Committee reviews quarterly and annual financial statements with particular focus on material discretionary assessment and estimates, significant adjustments as a result of requirements and recommendations from the auditors, as well as any changes in accounting policies and practices. The Audit Committee considers the quarterly accounts and proposals for the annual financial statements for DNB Bank ASA and the DNB Group.

Compensation and Organisation Committee

The Compensation and Organisation Committee is responsible for preparing guidelines, frameworks and matters related to remuneration to be decided by the Board, including variable remuneration for employees in all parts of the Group and other material personnelrelated matters for senior executives. The committee is also the Board's preparatory body for selected matters relating to culture, management and succession planning.

Authorisations

There must be authorisations for all credit approvals and position and trading limits in all significant financial areas. Authorisations and overall limits are decided by the Board and delegated further in the organisation. Any delegation must be approved and followed up by the immediate superior. All authorisations in DNB are personal. Authorisations are based on an assessment of the relevant individual's competence and experience, as well as the business need. When granted, information is provided about the conditions and restrictions in the authorisation. All authorisations granted in DNB are documented and monitored. For more information on authorisations for credit, liquidity and market risk, see the chapters for the respective forms of risk.

Monitoring and reporting

DNB's risk situation is reported at least monthly to Group Management and at least quarterly to the Board of Directors. This internal risk reporting includes examining targets, frameworks and strategies. Group Risk Management has the overall responsibility for risk reporting in DNB. This applies to both internal risk monitoring and risk reporting to the authorities. All levels of the organisation must have access to relevant and necessary risk information to follow up their own risk.

The purpose of internal control is to ensure that the organisation meets its objectives for operational

1. Risk management and control

Corporate governance and the risk and capital management framework

→ Monitoring and reporting

2. Capital management
3. Liquidity risk and asset and liability management

Risk and capital management Pillar 3 | 2023

efficiency and effectiveness, reliable reporting and compliance with laws, regulations and guidelines. DNB has a common framework for internal control. An important element is the annual attestation of internal control, where all areas of the Group make a summarised assessment of internal control in their unit.

In accordance with requirements set by the Board of Directors, the compliance function and the GCCO regularly report on the compliance situation to the CEO and to the Board. Local compliance functions regularly report on the compliance situation to the GCCO as well as to the manager of the relevant unit.

All DNB employees are responsible for reporting and handling significant incidents or deviations. Operational incidents and compliance breaches must be recorded in a loss and incident database. Actions taken must be registered for all serious incidents and compliance breaches, and the status reported to Group Management and the Board of Directors.

Risk reporting from the second line of defence to the Board of Directors of DNB

The table to the right shows the regular reports from Group Risk Management and Group Compliance to the Board. In addition, the Board is informed at the first meeting if there is a breach of risk appetite limits, breaches of threshold values in the recovery plan or other significant events or changes in the risk situation.

Risk reporting from the second line of defence to the Board of Directors of DNB

Frequency → Quarterly Report

Risk Report

The risk report provides a broad review of the risk situation, with analyses and comments. The report is a second line of defence assessment of the risk outlook. Important elements include risk level measured according to the risk appetite framework, the status of the indicators set out in the recovery plan, an assessment of the Group's capitalisation and the results of stress testing and scenario analyses.

GCCO Compliance Report

Group Compliance prepares a report on the status and development of the compliance situation. The report is the GCCO's independent assessment and is intended to provide a clear overall picture of compliance risk in the Group and form the basis for any action taken.

Frequency → Annually Report

Recovery Plan

The recovery plan, which is part of the Bank Recovery and Resolution Directive (BRRD), is an integral part of DNB's risk and capital management. An important part of the recovery plan is a description of various identified measures that can improve DNB's capital adequacy and liquidity situation in a crisis. The plan is revised annually. The status of defined recovery indicators is reported to the Board of Directors on a quarterly basis.

Validation Report

The accuracy of the bank's internal models (IRB and IMM), which are used for capital requirements calculations, are assessed annually by the bank's independent validation unit. The results are presented to the Board of Directors. Group Audit prepares compliance reports that assess compliance with the respective requirements for IRB and IMM models. These reports are considered by the Board at the same Board meeting as the validation results.

1. Risk management and control

Corporate governance and the risk and capital management framework

Monitoring and reporting
→ Stress testing
→ Risk appetite

2. Capital management
3. Liquidity risk and asset and liability management

Risk and capital management Pillar 3 | 2023

Stress testing

Group Risk Management is responsible for performing regulatory stress tests and for conducting stress tests and scenario analyses at Group level that capture the major risk factors at any given time. Stress tests are an integral part of the Bank's capital and risk management. The stress tests must be forward-looking and include all relevant risk types. They cover a range of scenarios of varying degrees of severity, including scenarios that reflect severe downturns. The stress tests include assessments of the significance for the Group's financial strength and other financial objectives, and are used in the work on risk appetite.

Important stress tests that are carried out at least annually in DNB:

→ Stress testing of capitalisation and liquidity is carried out quarterly and presented to Group Management and the Board of Directors as part of the risk report.
→ Stress testing is carried out as part of the annual ICAAP reporting to Finanstilsynet (the Financial Supervisory Authority of Norway), see the chapter on capital management.
→ Crisis scenarios are developed and tested as part of the DNB Group's recovery plan and crisis management plan.
→ Stress tests of specific credit portfolios are carried out on an ongoing basis.
→ Stress tests are carried out on DNB Boligkreditt's financial strength and resilience in the event of a fall in housing prices.
→ Counterparty risk is stress tested to reveal undesirable outcomes of the overall counterparty risk exposure, both in isolation and in the context of the bank's credit risk exposure.
→ Stress tests are performed for market risk to measure potential losses based on changes in market prices.

Risk appetite

The risk appetite framework is part of the strategic management of the Group and consists of limits and assessment principles for DNB's most significant types of risk. Principles for risk appetite are included as part of the governance principles at the highest level in DNB's hierarchy of governing documents.

The risk appetite framework is implemented throughout the organisation. Risk indicators at lower organisational levels support the risk appetite framework.

Risk indicators can be expressed as limits for quantifiable risk or as qualitative assessments of risk level. They do not have to be expressed through the same measurement parameters used at Group level, but it must be possible to link them to the same types of risk and measure the same development. Monitoring of the risk indicators is adapted to the individual business areas and must ensure that the risk is kept within the established level in the risk appetite framework.

The risk level is measured against the risk appetite limits each month, which provides an overall summary of the risk situation in the DNB Group. The risk appetite framework includes 16 dimensions of risk, across risk types and business areas. The table on the next page shows an overview of the framework and associated dimensions that were applicable at year-end 2023.

1. Risk management and control

Risk management
Corporate governance and the risk and capital management framework
Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
→ Risk appetite
→ Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Risk types and associated dimensions in the risk appetite framework

Risk types	Dimensions
Profitability and loss-absorbing ability	→ Risk-adjusted return
Capital adequacy	→ Common Equity Tier 1 (CET1) ratio
	→ Solvency Capital Requirements, DNB Livsforsikring AS, without transition rules
	→ Minimum Requirements for own funds and Eligible Liabilities (MREL)
Market risk	→ Market risk, measured as a proportion of economic capital
Credit risk	→ Concentration risk, within industries and counterparties
	→ Credit quality (expected credit loss), total and per customer segment
	→ Credit growth, total credit portfolio and per customer segment
Liquidity risk	→ Liquidity Coverage Ratio (LCR)
	→ Net Stable Funding Ratio (NSFR)
	→ Deposit-to-loan ratio
Operational risk	→ IT risk – operational performance (forward-looking assessment)
	→ IT risk – operational performance (backward-looking assessment)
	→ Past loss events
	→ Cyber security risk
Reputational risk	→ Overall risk assessment and reputation score

Measurement and monitoring

Through continuous follow-up of risk appetite, DNB ensures that the risks identified as the most significant at an overarching level are subject to follow-up and discussion in the organisation's operational units.

The Group's status is assessed against the limits in risk appetite and is presented in the form of a green, yellow, orange or red status light. Each status has a clearly defined meaning, and in case of a breach of limit values.

DNB has the following defined action rules:

→ Breach of the yellow limit can be dealt with by the Group Management team.
→ Breach of the orange limit can be dealt with by the Group Management team, but the Board must be informed.
→ Breach of the red limit must be reported to the Board as part of the agenda at the next Board meeting. Specific proposals for possible countermeasures and/or proposals for extending the limits for risk appetite must be submitted.

Corporate governance and the risk and capital management framework

Monitoring and reporting

Risk appetite
→ Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

Risk and capital management Pillar 3 | 2023

Governance principles for risk appetite

As part of the risk appetite framework, DNB has identified four governance principles that describe procedures and responsibilities for the entire Group.

→ Ownership: The risk appetite framework is owned by the Board of Directors. All changes to the framework and governance principles must therefore be approved by the Board.
→ Responsibility: Each risk appetite statement has a coordinator in Group Risk Management who is responsible for following up and preparing any action plans if the risk levels are exceeded. The coordinator is also responsible for assessing whether the measurement adequately captures risk trends.
→ Annual review: The risk appetite framework must be reviewed at least once a year, independently of the strategic and financial planning process.
→ Reporting: Group Management receives monthly status reports on risk levels in the Group. The Board receives a quarterly status report with comments and analyses.

Recovery plan and public crisis management

DNB has prepared a recovery plan in accordance with the EU's Bank Recovery and Resolution Directive (BRRD). The recovery plan is drawn up as an integral part of the Group's risk and capital management framework and takes effect in the event of a breach of predefined indicators. Breach of the indicators triggers a thorough assessment of the situation and whether measures should be implemented. The recovery plan is designed to ensure that the Group can recover from a very serious stress situation, without involvement or support from the authorities. DNB has also submitted a liquidation plan, called a Living Will, to the US authorities regarding operations in the US.

A contingency plan for liquidity has also been drawn up, which describes, among other things, how the bank should handle a liquidity crisis that applies either only to the bank or to the industry as a whole. Depending on the type of crisis affecting the bank's liquidity situation, and the assessments made by the ALCO and the Group Management team, Group Treasury sets up an action plan for remedying liquidity shortfall. The plan contains trigger points and timeframes within each measure to be implemented, as well as priority of funding sources and costs for alternative solutions, as well as any impact on the bank's capital adequacy. Possible measures could be the issuance of covered bonds using available reserves in the collateral pool in

DNB Boligkreditt AS, change of terms on deposits and limitation of lending, as well as exploiting the market for repurchase agreements (the repo market) and central bank facilities through pledging of securities holdings.

DNB has a hierarchy of contingency measures, illustrated in the figure on the next page. The risk appetite framework should function as an early warning system, and there are therefore several overlaps between the indicators in risk appetite and the recovery plan.

The recovery plan includes:

→ strategic analysis of the DNB Group and socially critical functions performed by DNB;
→ operational and legal dependencies, externally and internally within the Group;
→ governance processes in recovery planning and in implementing the plan;
→ crisis scenarios that could trigger a recovery situation;
→ recovery measures that could improve the Group's capital adequacy and liquidity situation;
→ preparatory measures to ensure the implementation of the recovery measures;
→ communication plan in a crisis.
1. Risk management and control
Risk management
Corporate governance and the risk and capital management framework
Roles and responsibilities
Authorisations
Monitoring and reporting
Stress testing
Risk appetite
→ Recovery plan and public crisis management
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

The recovery plan is updated annually and then assessed by Finanstilsynet and the supervisory college.2 The supervisory authorities may propose improvements but may also issue direct orders for changes. The indicators in the recovery plan are followed up monthly in the risk reporting to the ALCO and quarterly to the Board of Directors.

The coronavirus pandemic in 2020–2022 was a fullscale test of the recovery plan and risk management framework, and DNB's risk management framework functioned well during the crisis. Group Management received updated and relevant analyses of DNB's risk profile throughout the pandemic.

If the bank's recovery were to be unsuccessful, the bank would be subject to resolution, carried out under the auspices of public authorities.

Finanstilsynet, in consultation with the resolution college3 for DNB, prepares an annual crisis management plan for DNB. The plan describes how Finanstilsynet would handle a crisis in DNB if the bank is not restored after implementing measures from the recovery plan.

2 DNB's supervisory college is composed of the supervisory authorities in the countries in the EU/EEA area where DNB has subsidiaries.
3 DNB's resolution college is composed of the crisis management authorities in the countries in the EU/EEA area where DNB has subsidiaries.

Connection between risk appetite, different preparedness measures within the Group and the recovery plan

Normal situation	→ Financial optimisation → Return to green 'traffic lights' in risk appetite		Li qu id
Recovery phase	→ Prevent crisis from happening and return to preferred risk profile → Resolve the crisis effectively and return to a normal situation	C ap ita l i nd ic at or s	ity a nd fu nd in g in	O th er in di ca to rs
Resolution phase	→ Manage the crisis effectively to ensure minimal loss to society and continuation of systemically important functions		di ca to rs

1 Risk management and control

2 Capital management

3 Liquidity risk and asset and liability management Capital adequacy and regulatory requirements

4 Credit risk Capital management and ICAAP

5 Counterparty credit risk Stress testing of capital

6 Market risk 3. Liquidity risk and asset and liability management

7 Operational risk 4. Credit risk

8 Climate risk 5. Counterparty credit risk

9 Appendix 6. Market risk

Risk and capital management Pillar 3 | 2023 Pillar 3 | 2023Introduction 1. 2. Capital management

2. Capital management

Annual updating of risk appetite limits, financial targets and strategies are important elements of capital management.

CET1 capital ratio Per cent

18.2 (18.3)

Capital ratio Per cent

22.5 (21.8)

(2022 figures)

1. Risk management and control
2. Capital management
→ Capital adequacy and regulatory requirements
Capital management and ICAAP
Stress testing of capital
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Capital adequacy and regulatory

requirements

At the end of 2023, the Common Equity Tier 1 (CET1) capital ratio for DNB Group was 18.2 per cent, which was 1.4 percentage points above the supervisory autorities's expectation, including the Pillar 2 Guidance.

Capital adequacy

Capital adequacy is measured in accordance with the EU Capital Requirements Regulation for banks and investment firms (CRR II/CRD V), which was implemented in Norway on 1 June 2022.

The tables to the right shows the various elements that comprise the capital adequacy requirements for DNB. In addition to the regulatory capital requirement, Finanstilsynet's (the Financial Supervisory Authority of Norway) view is that DNB should maintain a margin in the form of CET1 capital that is 1.25 percentage points above the overall capital requirement (Pillar 2 Guidance). At year-end 2023, the CET1 capital requirement was 15.6 per cent, while the expectation from the supervisory authorities, including the Pillar 2 Guidance, was 16.8 per cent. This requirement will vary due to the countercyclical buffer and systemic risk buffer, which are determined based on DNB's total exposure in each country.

CET1 capital ratio

Per cent

Supervisory authorities' expectation Surplus of CET1 capital ¹

1 Including Pillar 2 Guidance 1.25 per cent

The Tier 1 capital ratio for DNB was 20.0 per cent and the total capital adequacy ratio was 22.5 per cent at year-end, compared with 19.6 and 21.8 per cent, respectively, a year earlier. CET1 capital increased by NOK 5.8 billion to NOK 199.9 billion at year-end 2023.

CET1 capital ratio Additional Tier 1 capital Tier 2 capital

See the chapter on liquidity risk and asset and liability management for information about MREL.

1. Risk management and control
2. Capital management
→ Capital adequacy and regulatory requirements
Capital management and ICAAP
Stress testing of capital
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk

Composition of different capital adequacy requirements

Per cent	Dec. 2023	Dec. 2022	Dec. 2021
Minimum Common equity Tier 1 capital requirement	4.5	4.5	4.5
Systemic risk buffer	3.2	3.2	3.1
Buffer for other systemically important institutions (O-SII)	2.0	2.0	2.0
Countercyclical buffer	2.2	1.7	0.8
Capital conservation buffer	2.5	2.5	2.5
Pillar 2 capital requirement that can be made up of CET1 capital	1.1	1.2	1.9
Common equity Tier 1 (CET1) capital requirement1	15.6	15.0	14.8
Minimum capital requirement that can be made up of Additional Tier 1 capital	1.5	1.5	1.5
Pillar 2 capital requirement that can be made up of Additional Tier 1 capital	0.4	0.4
Tier 1 capital requirement1	17.4	16.9	16.3
Minimum capital requirement that can be made up of Tier 2 capital	2.0	2.0	2.0
Pillar 2 capital requirement that can be made up of Tier 2 capital	0.5	0.5
Own funds requirement1	19.9	19.4	18.3

1 Pillar 2 Guidance 1.25 per cent

9. Appendix Risk exposure amount

Risk Exposure Amount (REA) in relation to the capital base determines banks' regulatory capital adequacy. The minimum requirement for total own funds is 8 per cent of REA for credit risk, market risk and operational risk. REA is also used for the calculation of the capital conservation buffer, systemic risk buffer, buffer for systemically important institutions (O-SII) and countercyclical capital buffer.

REA increased by NOK 38 billion during the year and amounted to NOK 1 100 billion at the end of 2023. REA for credit risk increased by NOK 23.8 billion. REA for market risk and CVA was 1.6 billion lower, while operational risk increased by NOK 15.8 billion.

Capital requirements

According to the capital adequacy regulations, DNB must meet minimum requirements and combined buffer requirements under Pillar 1 and the requirements under Pillar 2.

Minimum requirement under Pillar 1

The minimum requirement for capital adequacy under Pillar 1 is that own funds must constitute at least 8 per cent of the bank's REA. The requirement must be fulfilled by at least 4.5 per cent Common Equity Tier 1 (CET1) capital and at least 6 per cent by Tier 1 capital, including Additional Tier 1 capital (AT1 capital). The remaining 2 per cent can be fulfilled by Tier 2 capital.

SREP and Pillar 2 requirements

Finanstilsynet conducts assessments to determine whether individual institutions have a need for additional capital to cover risk elements that are not adequately covered by the capital requirements under Pillar 1. These are referred to as Pillar 2 requirements. Pillar 2 requirements are normally determined on an annual basis by Finanstilsynet, based on an overall assessment of the risk and capital situation through the Supervisory Review and Evaluation Process (SREP). The main conclusion of Finanstilsynet's assessment in the 2023 SREP process was that, based on the prevailing risk level and external factors, the DNB Group was adequately capitalised as at 31 December 2022. The Pillar 2 requirement for the DNB Group is 2.0 per cent of REA and must be met with a minimum of 56.25 per cent CET1 capital and a minimum of 75 per cent Tier 1 capital.

1. Risk management and control
2. Capital management
→ Capital adequacy and regulatory requirements
Capital management and ICAAP
Stress testing of capital
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

Risk exposure amount

NOK billion

9. Appendix Buffer requirements under Pillar 1

The combined buffer requirement is the sum of the capital conservation buffer, the systemic risk buffer, the buffer for systemically important institutions (Other Systemically Important Institutions, O-SII) and the countercyclical buffer. These buffer requirements must all be met by CET1 capital.

Development in risk exposure amount

The institution-specific countercyclical buffer requirement amounted to 2.2 per cent by year-end 2023. This requirement is set as a weighted average of the prevailing countercyclical buffer requirements in the countries in which the bank operates. The countercyclical buffer requirement in Norway was 2.5 per cent as at 31 December 2023.

The effective systemic risk buffer for DNB was 3.2 per cent at year-end 2023 and is a weighted average of the systemic buffer rates applicable for the bank's

exposures. From the end of 2020, the systemic risk buffer has been 4.5 per cent for Norwegian exposures for DNB.

The Norwegian capital buffer requirement for systemically important banks is 1.0 per cent or 2.0 per cent, depending on the size of the bank, and applies to the entire REA. For DNB, the requirement is 2.0 per cent.

Capital management and ICAAP

→ Capital adequacy and regulatory requirements

Stress testing of capital

3. Liquidity risk and asset and liability management

Stress testing of capital

Risk and capital management Pillar 3 | 2023

The total combined buffer requirement for DNB was 9.9 per cent at the end of 2023, and the supervisory expectation for the CET1 ratio was 16.8 per cent.1

The table shows the compliance with the minimum and buffer requirements under Pillar 1 and the Pillar 2 requirements. By year-end 2023, CET1 capital exceeded the corresponding requirement by NOK 31.1 billion.

Leverage ratio

Following the global financial crisis, leverage ratio was introduced as a supplement to the risk-weighted capital requirements. When CRR II/CRD V was implemented in Norway in June 2022, the Norwegian buffer requirements for leverage ratio were removed.

The capital base for the leverage ratio is Tier 1 capital, which comprises AT1 capital in addition to CET1 capital. The exposure amount consists of both balance sheet items and off-balance sheet items. The latter is calculated with the conversion factors from the standardised approach for the capital adequacy calculation. In addition, some adjustments are made for derivatives and repo transactions. The definitions of leverage ratio and the calculation methodology are in accordance with CRR II.

1 Including Finanstilsynet's expectation of a margin of 1.25 per cent in relation to the requirements (Pillar 2 Guidance)

Total capital requirements, 31 December 2023

NOK million	Rate	DNB Group
Risk exposure amount		1 099 949
Minimum Common equity Tier 1 capital requirements	4.5%	49 498
Minimum Tier 1 capital requirement	6.0%	65 997
Minimum Total own funds requirement	8.0%	87 996
Pillar 2 capital requirement	2.0%	21 999
of which to be made up of Tier 1 capital	1.1%	12 374
of which to be made up of Common equity Tier 1 Capital	0.4%	4 125
Common equity Tier 1 buffer requirements:
Capital conservation buffer	2.5%	27 499
Systemic risk buffer	3.2%	35 477
Buffer for other systemically important institutions (O-SII)	2.0%	21 999
Counter-cyclical buffer	2.2%	24 351
Combined buffer requirement	9.9%	109 326
Allocation of capital to cover capital requirements:
Total capital		231 463
Total capital requirement		219 321
Surplus of Total capital		12 142
Tier 1 capital		208 445
Tier 1 capital requirement		187 698
Surplus of Tier 1 capital		20 747
Common equity Tier 1 capital		194 088
Common equity Tier 1 capital requirement		162 949
Surplus of Common equity Tier 1 capital		31 139

1. Risk management and control
2. Capital management
→ Capital adequacy and regulatory requirements
→ Capital management and ICAAP

3. Liquidity risk and asset and liability management
4. Credit risk

Stress testing of capital

Leverage ratio

Per cent

9. Appendix Through CRR II/CRD V, the EU adopted a minimum requirement for a leverage ratio of 3 per cent, where only globally systemically important banks are subject to a buffer requirement on top of the minimum requirement. Any institution-specific risk of 'excessive leverage' must be addressed by Pillar 2 requirements. As a consequence of this, the Norwegian buffer requirements for the leverage ratio were discontinued when CRR II/CRD V was implemented on 1 June 2022. DNB's leverage ratio requirement as at 31 December 2023 was 3.0 per cent.

At year-end 2023, DNB's leverage ratio was 6.8 per cent, same as a year earlier. The leverage ratio is significantly influenced by the level of central bank deposits on the balance sheet. DNB's leverage ratio, excluding all claims on central banks, was 7.5 per cent at year-end 2023. At year-end, central bank deposits were NOK 311 billion, compared with NOK 304 billion at year-end 2022.

Capital management and ICAAP Targets and principles for capital management

The Chief Financial Officer (CFO) is responsible for capital management, and the principles for capital management are laid down in Group instructions. Capital management balances several considerations, and DNB has a process for assessing capital adequacy that entails that the Group:

→ meets regulatory requirements with a margin that corresponds to the Group's risk profile and risk tolerance
→ achieves competitive terms in funding markets
→ achieves a competitive return on equity
→ can fulfil the Group's dividend policy
→ has flexibility to take advantage of growth opportunities in the market.

Capital assessment process

The process for assessing capital adequacy (Internal Capital Adequacy Process, ICAAP) must ensure that DNB's capitalisation is adapted to the risk level. The process must be in line with Finanstilsynet's requirements for the ICAAP and is based on the following:

→ Assessments of risk, regulatory requirements and capital needs are forward-looking and are based on DNB's business strategies and financial plans. DNB's capitalisation, liquidity and funding are subject to

1. Risk management and control
2. Capital management Capital adequacy and regulatory requirements
→ Capital management and ICAAP
Stress testing of capital
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

stress tests. The capital assessment process includes risks that are not covered by the requirements under Pillar 1. Risk is quantified and assessed based on calculations of economic capital and stress tests, in addition to the regulatory risk exposure amount.

→ Risks and capital are assessed on an ongoing basis, and this forms an integral part of DNB's framework for risk and financial management. Financials and risk assessments are reported monthly (see also discussion in the chapter on risk management and control). Assessments of risk and capital needs are submitted to the Board of Directors on a quarterly basis. Financial plans for the coming years, prepared in the Group's annual Financial Plan, are an integral part of the ICAAP and the ICAAP stress test (see the section on stress testing of capital).
→ In the financial strategy process, the target for the Group's return on equity is converted to a required return on allocated capital. A key principle of DNB's governance model is that the Group's capital requirements are to be fully allocated to the business areas. Economic capital, i.e. capital needs calculated by internal risk models, is one of the bases for capital allocation.
→ The capital assessment process is documented at least annually through a separate ICAAP report for the Group and its most important subsidiaries and

is approved by the respective Boards of Directors. The Group's self-assessment of funding and liquidity needs (ILAAP) is included in the report. Several of DNB's subsidiaries prepare their own ICAAP documentation, which is included in the Group's ICAAP. The supervisory authorities perform annual assessments of the ICAAP and ILAAP processes as part of the Supervisory Review and Evaluation Process (SREP).

→ DNB's quarterly and annual reports describe the composition of own funds, terms applying to the different capital instruments included in own funds and regulatory deductions from own funds. To facilitate efficient capital allocation and risk management in the Group, own funds may be reallocated to various legal entities within the Group. DNB may to reallocate own funds within the Group to the extent permitted by relevant laws and regulations where DNB's legal entities are domiciled. DNB sees no other material obstacles to transfers of own funds within the Group.

Internal assessments of capital adequacy Margin to regulatory capital requirements Under normal market conditions, DNB will operate with a headroom in form of CET1 capital beyond Finanstilsynet's expectation (Pillar 2 Guidance). This headroom is intended to cover unexpected volatility in REA and in the capital base, underpin strategic

flexibility and provide confidence in DNB's ability to pay dividends according to dividend policy and coupons on Additional Tier 1 capital. DNB's long-term dividend policy is to have a pay-out ratio of more than 50 per cent of profits as cash dividends, provided that the capital adequacy is at a satisfactory level. DNB will use other regulatory capital instruments than CET1 capital to ensure that capital requirements are fulfilled cost effectively. The leverage ratio will, under normal market conditions, meet regulatory requirements by a reasonable margin. DNB is one of the best capitalised financial services groups in the Nordic region.

Capitalisation of subsidiaries must be in compliance with relevant Norwegian and other national and international rules on transfer pricing. The capitalisation of subsidiaries must otherwise reflect that capital resources are kept as high in the corporate structure as possible. Profits in subsidiaries are channelled to DNB Bank ASA through dividends and Group contributions. DNB Boligkreditt AS must operate with a headroom to regulatory requirements to cover for volatility in earnings and capital caused by the mark-to-market valuation of derivative contracts and funding in NOK. DNB Livsforsikring AS must fulfil the solvency requirements with a reasonable margin, see the 'Solvency and Financial Condition Report', to be published on 8 April 2024.

1. Risk management and control
2. Capital management Capital adequacy and regulatory requirements
→ Capital management and ICAAP

3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

Risk and capital management Pillar 3 | 2023

Capitalisation of international subsidiaries is based on fulfilment of applicable local regulatory requirements with a reasonable margin and a specific and comprehensive assessment of borrowing capacity, reflecting the risk profile and creditworthiness of the entity, local peer group references and the size and tenor of funding from the parent bank.

Comparison of economic capital and regulatory minimum requirements

DNB calculates economic capital for all main risk categories. Economic capital should cover 99.9 per cent of unexpected losses within a horizon of one year, in other words economic capital should cover a 'one-in-a-thousand-year loss'. DNB employs a simulation model that calculates unexpected losses for the different types of risks and for the Group as a whole. The quantification is based on historical data. A diversification effect arises when risks are assessed together, as it is unlikely that all loss events occur at the same time. Due to the diversification effects between different risk categories and business areas, the Group's economic capital needs are lower than they would have been if all the business areas had been independent companies.

The figure shows a comparison of economic capital and the regulatory minimum capital requirements in Pillar 1, i.e. 8 per cent of the risk exposure amount

Economic capital

NOK million	31 Dec. 2023	31 Dec. 2022
Credit risk	37 156	37 354
Market risk	9 483	10 090
Life insurance risk3	16 140	19 963
Operational risk	8 845	8 496
Business risk	7 619	6 829
Gross economic capital	79 243	82 732
Diversification effect	(18 805)	(19 291)
Net economic capital	60 438	63 441
Diversification effect in per cent of gross economic capital	24	23

3 Economic capital related to DNB Livsforsikring AS is included in the table, even though it is outside the regulatory scope (CRD-group), because it has a significant impact on the Group's total economic capital.

(REA). Economic capital and the regulatory minimum requirements are based on the same level of confidence: 99.9 per cent of unexpected losses.

At the end of 2023, economic capital was lower than the regulatory minimum requirement under Pillar 1. The difference is primarily attributable to the measurement of credit risk. The main reason being that a portion of the credit portfolio is measured according to the standardised approach in the regulatory capital adequacy requirement. At the end of 2023, 33 per cent of the risk exposure amount for credit was measured according to the standardised approach, which assigns higher risk weights than the IRB method. Internal classification models are used for calculating economic capital for all portfolios, regardless of whether the models have formal IRB approval. The credit portfolio is considered well diversified with respect to industries and there is therefore no calculated addition in economic capital for sector concentration risks. There is, however, a small addition for concentration risk for individual customers.

1. Risk management and control
2. Capital management Capital adequacy and
regulatory requirements
→ Capital management and ICAAP
→ Stress testing of capital
3. Liquidity risk and asset and liability management
4. Credit risk

7. Operational risk
8. ESG risk

2. Capital management Capital adequacy and

Comparison of capital requirements and economic capital NOK billion

Economic capital for market risk is higher than the regulatory minimum capital adequacy requirement under Pillar 1. The main difference is that equity investments in the banking book are treated as credit risk in the capital adequacy calculations under Pillar 1, with a risk weighting of 100 per cent and a corresponding minimum capital adequacy requirement of 8 per cent. Economic capital for the same investments is approximately 40 per cent of the exposure. The internal market risk measurement also includes elements that are not covered by the regulatory Pillar 1 requirements. These are risk aspects that are covered by Pillar 2 requirements in the regulatory capital requirement.

The methodology for calculating economic capital for insurance risk is based on DNB Livsforsikring's capital requirements under the Solvency II regulations, adjusted to a 99.9 per cent confidence level. In the regulatory Pillar 1 capital requirements, significant

investments in insurance companies above a threshold allowance are deducted from regulatory capital.

Business risk is not covered by the Pillar 1 requirements. In the calculation of economic capital, business risk is treated as a residual risk and reflects the risk of losses that cannot be linked to the other quantified risk categories.

Stress testing of capital ICAAP stress test

At least once a year, a comprehensive stress test (the ICAAP stress test) is presented to the Board as a basis for evaluating the robustness of the Group's capitalisation. This is normally done in connection with the consideration of the Group's strategy and financial targets for the next three years. The results of the financial planning process (Target Process) and the ICAAP stress test are important parts of DNB's ICAAP.

The ICAAP stress test assumes a severe deterioration in macroeconomic conditions and shows how this could affect the Group's risks, profits and capitalisation. As a starting point for the annual stress test, the stress scenario is prepared based on relevant risk factors. The macroeconomic scenario for the stress test is reviewed by the bank's ALCO committee and approved by the Chief Risk Officer. In the stress test, loan losses are estimated by the

1. Risk management and control

regulatory requirements

Capital management and ICAAP

→ Stress testing of capital
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk

2. Capital management Capital adequacy and

Risk and capital management Pillar 3 | 2023

model for calculating expected credit losses in the credit portfolio with supplementary analyses of individual portfolios. The Group's model for calculating economic capital is used to estimate losses related to market risk, operational risk and business risk.

Some key features of the macroeconomic scenario used in the ICAAP stress test:

→ The policy rate is assumed to rise to around 6 per cent in 2024 in response to expectations of sustained high inflation, before the rate is gradually reduced to 3.3 per cent in 2027. Higher money market premiums will keep 3-month NIBOR between 6.7 and 3.6 per cent throughout the stress test period.
→ Norwegian mainland GDP falls by 2.3 and 2.4 per cent in 2025 and 2026, respectively.
→ The registered unemployment rate rises to 6.3 per cent, somewhat above the level from the Norwegian banking crisis in the early 1990s.
→ House prices drop around 50 per cent. Households respond to falling house prices, declining real wage growth and an uncertain labour market by reducing their spending.
→ Global GDP growth falls by 3.0 per cent in 2025. Norwegian exports of traditional goods and services are weakened substantially despite a weaker NOK.

History ICAAP stress test

Per cent

FSA expectation as at 31 Dec. 2023 (16.8%)

Regulatory requirement including Pillar 2 Guidance, but without countercyclical capital buffer (14.8%)

The results from the stress test show weak annual results over the four years. The weak profit development is due to loan losses and losses related to operational risk, business risk and market risk. REA increases throughout the period as a result of increased credit risk. The CET1 capital ratio drops from 18.2 in 2023 to 16.5 per cent in 2025, until positive results restore it to 17.9 per cent in 2027.

From the fourth quarter of 2023, the DNB Group has set up a quarterly solvency stress test, which is included in the bank's risk report to the Board. In addition to DNB's own stress testing, Finanstilsynet carries out an annual stress test of DNB. US regulatory requirements for stress testing are fulfilled according to CFR § 252.146.2

2 CFR § 252.146 – 'Capital stress testing requirements for foreign banking organizations with total consolidated assets of \$100 billion or more and combined U.S. assets of less than \$100 billion.'

1. Risk management and control

regulatory requirements

Capital management and ICAAP

→ Stress testing of capital
3. Liquidity risk and asset and liability management
4. Credit risk

Risk and capital management Pillar 3 | 2023

EBA stress test

In 2023, DNB participated in the biannual EBA 'EU wide' stress test along with 70 other European banks. The stress test indicated that DNB has a strong capital position and a good recovery capacity. The outcome of the stress test shows a decline in the Common equity Tier 1 (CET1) ratio for the DNB Group of

2.2 percentage points from 18.3 per cent in 2022 to 16.1 per cent at the end of 2024 (see figures to the right). The fall in the capital ratio is mainly due to loan losses, losses related to market risk and operational risk, and an increase in REA. Positive results in 2025 lead to a rise in the CET1 capital ratio to 16.2 per cent by the end of 2025. The leverage ratio remains stable at 6.8 per cent in 2023, and improves to 7.1 per cent in 2025.

DNB is one of the most robust banks in Europe. DNB's CET1 capital ratio was 16.2 per cent at the end of the scenario, which is almost five percentage points higher than the average of the 70 European banks. Among the 70 European banks, DNB ranks in the top six, measured by the CET1 capital ratio in last year's stress test. DNB ranks as number eight measured by the change in the CET1 capital ratio from the highest to the lowest level during the stress test period. The reason that DNB ends up as the sixth most robust bank is because of high capitalisation at the beginning of the stress test, as well as good earnings and low costs compared to the other banks.

CET1 ratio according to the EBA stress test

Leverage ratio according to the EBA stress test Per cent

50 European Effects of EU implementation of the banks finalisation of Basel III reforms

DNB Nordic peers

On 27 June 2023, the European Parliament and the Council of the European Union reached agreement on the implementation of the finalised Basel III legislation, CRR III and CRD VI. The rules for calculating capital requirements will be changed for credit, market and operational risk, as well as for the risk of impaired creditworthiness (CVA). The rules are expected to come into force in the EU from 1 January 2025,

with transitional rules the following years. A more risksensitive standard method and more restrictions on the use of internal models (IRB) will be introduced. Among other things, there will be a lower limit for IRB key figures (input floor) and new restrictions on the distance between the standard method and the IRB method (output floor). The IRB system is also limited by requiring capital requirements for the largest corporate customers to follow the foundation IRB method (F-IRB).

1 Risk management and control

2 Capital management

3 Liquidity risk and asset and liability management 3. Liquidity risk and asset liability management

4 Credit risk Developments in liquidity risk in 2023

5 Counterparty credit risk Funding

6 Market risk Asset encumbrance

Liquidity reserve

7 Operational risk Liquidity risk management and control

8 Climate risk Stress testing of liquidity risk

9 Appendix 4. Credit risk

Risk and capital management Pillar 3 | 2023 Pillar 3 | 2023Introduction 1. 2. Capital management

3. Liquidity risk and asset and liability management

The objective of DNB's liquidity risk management is to ensure that DNB is always able to meet its payment obligations. DNB aims to maintain well-diversified funding, which includes a broad deposit base from both personal and corporate customers, in addition to market funding. The Norwegian financial market is insufficient to fund all the bank's lending in Norwegian kroner (NOK), and DNB therefore relies on funding in foreign currencies. In 2023, DNB had ample access to funding. The ratio of deposits to net loans remained at a high level and the liquidity situation was satisfactory.

Definition

Liquidity risk is the risk that DNB will be unable to meet its payment obligations as they fall due or will be unable to meet its liquidity obligations without a substantial rise in associated costs. Liquidity is vital for financial operations, but as a rule this risk does not materialise until other events give rise to concern about DNB's ability to meet its financial obligations.

Development in total LCR

Per cent

200

150

0 50 100 Dec. Dec. Dec. Dec. Dec.

2019 2020 2021 2022 2023

(2022 figures)

Liquid assets

NOK billion

Long-term debt securities NOK billion

506 (537)

Average LCR in 2023 Per cent 129 (136)

824 (683)

NSFR Per cent 117 (114)

2. Capital management

3. Liquidity risk and asset and liability management
→ Developments in liquidity risk in 2023
Funding
Asset encumbrance
Liquidity reserve
Liquidity risk management and control
Stress testing of liquidity risk
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Developments in liquidity risk in 2023 DNB had ample access to both long-term and shortterm market funding throughout the year and a satisfactory liquidity situation at year-end. The ratio of deposits to net loans remained stable at high levels throughout the year. DNB raised further subordinated funding as part of the adaptation to the minimum requirements for own funds and eligible liabilities (MREL) and subordination requirements.

2023 has seen continuous hikes of the policy interest rates in NOK as well as other significant currencies. The liquidity run off from certain banks in Europe and the US also resulted in some market turmoil and increased credit spreads during the spring of 2023 and a greater focus on the stickiness of customer deposits and the level of confidence to put on reported regulatory liquidity measures. Internationally, credit spreads returned to previous levels during the last months of the year. The spread in covered bonds in NOK has remained at attractive levels and DNB utilised this by issuing more NOK funding during the second half of the year.

The short-term liquidity risk target (Liquidity Coverage Ratio, LCR) stayed well above the minimum total LCR requirement of 100 per cent required in the EU Capital Requirements Regulation (CRR) and reached 146 per cent at the end of 2023, compared to 120 per cent at the end of 2022. In addition, there is a minimum

requirement for an LCR of 50 per cent in NOK and 100 per cent in other significant currencies. The LCR level depends on the outflow and inflow volumes as defined by stress factors over a period of 30 days.

The long-term structural liquidity risk target (Net Stable Funding Ratio, NSFR) is designed to address longer term liquidity mismatches and sets requirements for

the funding structure relative to lending, investments and other assets. The NSFR is required to be at least 100 per cent at all times. The NSFR for the Group was 117 per cent at the end of 2023, compared to 114 per cent the year before.

The table below shows the LCR and NSFR in the main currencies and in total at year-end 2022 and 2023.

LCR development, significant currencies

Per cent	EUR	USD	NOK	Total
31 December 2023	179	314	65	146
31 December 2022	171	155	65	120

NSFR development, significant currencies

Per cent	EUR	USD	NOK	Total
31 December 2023	435	195	87	117
31 December 2022	464	171	88	114

Issued senior debt and covered bonds

	Senior debt		Covered bonds
NOK Billion	NOK	Currencies	NOK	Currencies
31 December 2023	6.1	214.9	52.9	232.4
31 December 2022	6.6	212.7	22.0	272.3

3. Liquidity risk and asset and liability management

2. Capital management

→ Funding
Asset encumbrance
Liquidity reserve
Liquidity risk management and control
Stress testing of liquidity risk
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Composition and drivers of LCR

In the very short term, LCR depends on the composition of daily inflows and outflows, and the indicator is thus volatile by nature. The numerator of DNBs LCR mainly consists of level 1 assets in the form of central bank deposits and bonds issued by governments and SSAs. The denominator mainly comprises estimated deposit outflows and funding maturing in the coming 30-day period in a stressed scenario. The inflows are mainly lending falling due in the 30-day period. The DNB Group is subject to minimum requirements for LCR in NOK, EUR and USD as well as across all currencies. With good access to both EUR and USD, the LCR indicators for these currencies are therefore consistently at a higher level than the NOK indicator.

Changes in the LCR for the DNB Group in 2023 are mainly explained by changes in the composition of the deposit balance and variations in the maturity profile of the market funding. Cashflows related to derivatives include contractual inflows and outflows from derivatives as well as collateral outflows from the impact of an adverse market scenario calculated using the Historical Look Back Approach (HLBA).

During the fourth quarter of 2023, DNB reviewed the treatment of certain deposit types in the LCR and implemented permanent changes that aligned the reporting to the specific requirements. The LCR has therefore been recalculated for all entities and significant currencies back to December 2022. The LCR for DNB Group has been above the regulatory requirements for all periods in 2023. The LCR in NOK for DNB Bank ASA would have been below the regulatory requirements in and August 2023 when recalculated with the above mentioned changes.

Funding

DNB is funded mainly through customer deposits and bonds, as well as secured and unsecured short-term funding.

Issued long-term debt securities issued by the Group was NOK 506 billion at year-end 2023, compared with NOK 537 billion the previous year. Senior preferred bonds, senior non-preferred bonds and subordinated bonds (Tier 2 capital) are mainly issued through the European Medium-Term Note (EMTN) programme.

DNB has also established a US MTN programme in USD and JPY, in addition to EUR covered bond programmes in Europe and the US.

Covered bonds are an important instrument for longterm funding in DNB and are issued by the subsidiary, DNB Boligkreditt AS. Investors are provided with security in DNB Boligkreditt's portfolios of mortgage loans, which are of the highest quality. In turbulent times, covered bonds have proved to be a more robust funding instrument with lower pricing volatility than senior bonds. DNB's covered bond programme is approved as a European Covered Bond (Premium) Programme in accordance with the Covered Bond Directive.1

It is a regulatory requirement that European banks must have a minimum amount of own funds and eligible liabilities (MREL) that can be written down or converted into equity (bail-in) when a bank is failing or is likely to fail. Part of the MREL requirement must be met with subordinated funding, often referred to as the subordination requirement. From 1 January 2024, eligible liabilities to meet the subordination requirement must be subordinated to senior preferred bonds (so called senior non-preferred (SNP) bonds).

1 Directive (EU) 2019/2162

3. Liquidity risk and asset and liability management

2. Capital management

Liquidity risk management and control

→ Funding
Asset encumbrance
Liquidity reserve

Stress testing of liquidity risk
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

DNB issued SNP bonds for the first time in September 2020 and at year-end 2023 the Group had NOK 100 billion outstanding in SNP funding.

DNB's green finance framework enables DNB to issue green bonds in the format of MREL-eligible bonds (senior preferred bonds and senior non-preferred bonds) as well as covered bonds. The funds raised from green senior bonds will be used to finance and refinance loans within renewable energy, clean transportation and green residential buildings, based on pre-defined criteria aligned with the substantial contribution criteria in the EU Taxonomy. Read more about our green finance framework and our sustainability ambitions at https://www.ir.dnb.no/ funding-and-rating/green-bond-framework and https://www.dnb.no/sustainability-reports.

The figure to the right shows the development in average term to maturity for DNB's long-term funding at year-end 2023, divided between senior preferred bonds, senior non-preferred bonds and covered bonds. The maturity profile is almost the same as last year. The figure also shows senior nonpreferred debt that reaches maturity from 2025. At the end of 2023, the average residual maturity for debt securities issued was 3.6 years, almost the same as the previous year. A large amount of senior debt was issued in 2019. This debt was grandfathered as debt qualifying to meet the MREL

subordination requirement until 31 December 2023 and has thus been refinanced with senior nonpreferred debt. Since the financial crisis, the average term to maturity has been about four years for outstanding long-term funding. The figure on page 39 shows the development in average term to maturity for long-term funding, which is composed of senior preferred bonds, senior non-preferred bonds and covered bonds.

The ratio of deposits to net loans is measured as customer deposits in per cent of net lending to customers, adjusted for short-term money market positions. Customer deposits overall remained at high levels throughout the year and the ratio of deposits to net loans reached 72.6 per cent at the end of 2023, at the same level as the year before the previous year. Customer deposits were up NOK 28 billion, corresponding to 2 per cent in 2023.

3. Liquidity risk and asset and liability management

2. Capital management

Stress testing of liquidity risk

→ Funding
→ Asset encumbrance
→ Liquidity reserve Liquidity risk management and control

Risk and capital management Pillar 3 | 2023

DNB uses a number of short-term commercial paper programmes for short-term funding. These programmes provide ample access to short-term funding. Using several funding channels contributes to great flexibility to meet investors' interests and diversify the funding sources. DNB is a bank with a good credit rating in a strong economy and attracts substantial funds from other banks, central banks and money market funds. The funds include business deposits and excess liquidity from national and international banks, which, together with commercialpaper funding, serve as a short-term liquidity buffer.

Asset encumbrance

The use of covered bonds has contributed to more awareness of asset encumbrance. A high proportion of Norwegian loans are secured by pledged assets. This is because almost all lending is kept on the banks' balance sheets as the market for securitisation in Europe is still less developed. In addition, the home ownership rate in Norway is high and the vast majority of residential estates are financed by mortgage loans.

At year-end 2023, encumbered assets accounted for NOK 409 billion, which is about 13 per cent of the balance sheet, compared with NOK 508 billion and 17 per cent, respectively, the previous year. The current level of encumbered assets in DNB is comfortable considering the Group's diversification, capitalisation and liquidity.

Average term to maturity for long-term funding, senior unsecured bonds, senior non-preferred bonds and covered bonds

For more information on asset encumbrance, see table AE1 in the appendix to the report.

Liquidity reserve

Year

To support its ongoing liquidity management, DNB has a holding liquidity reserve consisting of unencumbered liquid assets that can be made available in a stressed situation. The liquidity reserves are mainly held in the form of highly liquid bonds and central bank deposits. Among other things, DNB uses these securities as

collateral for short-term loans from central banks, and they are an element of the liquidity buffers for ensuring fulfilment of regulatory liquidity requirements. Total liquid assets at the end of 2023 amounted to NOK 824 billion, compared with NOK 683 billion in 2022.

3. Liquidity risk and asset and liability management

2. Capital management

Stress testing of liquidity risk

Funding

Asset encumbrance

→ Liquidity reserve Liquidity risk management and control

Risk and capital management Pillar 3 | 2023

DNBs bond portfolio consists of a domestic NOK portfolio and an international portfolio in foreign currencies. At year-end 2023, the total bond portfolio amounted to NOK 237 billion, of which the NOK portfolio totalled NOK 113 billion and the international portfolio in foreign currencies totalled NOK 124 billion. The high credit quality of the bond portfolio reflects its purpose as a liquidity reserve for the bank. At the end of 2023, 99.9 per cent of the portfolio had a credit rating category of AA or better, and no bonds in the portfolio are rated lower than category A+. The weighted average time to maturity was 2.7 years at year-end 2023. With reference to the categorisation of liquid assets within the LCR framework, the total bond portfolio at year-end 2023 consisted of level 1 and level 2A assets, where level 1 represents the most liquid asset class. Level 1 assets accounted for NOK 235 billion while the remaining balance of NOK 2 billion consisted of level 2A assets. All of the bonds held in the reserve are central-bankeligible instruments and available for intraday liquidity needs and overnight liquidity facilities.

Liquid assets by currency,

31 December 2023

Per cent

Customer deposits (NOK billion) Ratio of deposits to loans (per cent) Ratio of deposits to loans adjusted for short-term money market investments in New York (per cent)

Liquid assets, 31 December 2023

Per cent

Customer deposits and ratio of deposits to loans

2. Capital management

3. Liquidity risk and asset and liability management
Developments in liquidity risk in 2023
Funding
Asset encumbrance
Liquidity reserve
→ Liquidity risk management and control
Stress testing of liquidity risk
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Liquidity risk management and control The governance of liquidity risk management in DNB

is based on a clear separation of duties and reporting structure and is in conformance with regulatory requirements. The Board of Directors sets the risk appetite statements, overall risk limits and risk strategy in line with a low liquidity risk profile. The risk appetite statements, liquidity risk strategy and risk limits are reviewed and reset at least annually by the Board. Monitoring and reporting are conducted separately and follow the principles of the threelinesofdefence model. As the first line of defence, Group Finance calculates and reports on risk measures. The second line of defence, Group Risk Management, monitors the risk development and compliance with internal risk limits in addition to independent risk assessments and controls. Furthermore, Group Risk Management is responsible for model risk management, which includes independent validation of models.

The Group's risk appetite framework defines the limits for liquidity management in DNB. Over the past decade, DNB has issued internal risk appetite statements for LCR, NSFR and the ratio of deposits to net loans. From 2022, a new risk appetite statement on MREL was introduced. The risk appetite is operationalised through DNB's liquidity strategy and risk limits framework.

In line with the bank's risk strategy and risk appetite, liquidity risk should be low and bolster the bank's financial strength. This implies that the bank should seek to have a balance sheet structure which reflects the liquidity risk profile of an international bank with AA level long-term credit ratings issued by recognised rating agencies. Maintaining a low risk profile calls for adequate diversification of funding sources with respect to both contractual counterparties, tenors and financial instruments.

The principles for Group liquidity risk management and control are set in a Group risk policy and further elaborated in the Group Instructions for Managing Liquidity Risk, which set out detailed requirements for governance, accountability and responsibilities related to monitoring, measurement, controls and reporting of liquidity risk. Group Treasury manages the liquidity positions, liquidity reserve, external and internal funding on a daily basis, while Group Risk Management represents the independent second line risk management function.

The Group's liquidity risk management is centralised in Group Treasury. The liquidity risk in branch offices and subsidiaries is consolidated in the balance sheet and included in the basis for the Group's liquidity management. Liquidity risk is managed on both consolidated and individual entity levels. The subsidiaries DNB Livsforsikring AS and DNB Asset

Management AS manage and administer their own customer assets. This management is covered by internal liquidity guidelines in the respective entities. Group Treasury is responsible for providing funding to subsidiaries and branch offices outside Norway. DNB Bank ASA and DNB Boligkreditt AS have entered into a bilateral agreement that regulates the coordination of funding and liquidity between these two entities. Group Treasury is responsible for ensuring that the Group always stays within the liquidity limits and for managing the assets in the liquidity portfolio.

The limit structure for liquidity risk conforms with the structure in the EU Capital Requirements Regulation. Liquidity risk is measured and controlled primarily through the short-term liquidity risk requirement, LCR, as well as the long-term structural liquidity risk requirement, NSFR. In addition, the Group has limits for internal liquidity indicators that supplement LCR in the shorter and longer term. The objective of the liquidity risk limits is to reduce the bank's dependency on short-term funding from domestic and international capital markets, as funding from such sources tends to be more credit- and market-sensitive than ordinary customer deposits. Hence, there are also internal targets and ambitions for the bank's funding materialised from customer deposits.

2. Capital management

3. Liquidity risk and asset and liability management
Developments in liquidity risk in 2023
Funding
Asset encumbrance
Liquidity reserve
→ Liquidity risk management and control
→ Stress testing of liquidity risk
4. Credit risk
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

The liquidity risk and the utilisation of liquidity risk limits are monitored on an intra-daily basis, and positions on LCR and other liquidity indicators for each significant currency are reported daily to Group Treasury, DNB Markets and Group Risk Management. NSFR and its limits are also monitored closely and are measured and reported to the Asset and Liability Committee (ALCO) and Group Management monthly. Both LCR and NSFR are reported to the Board of Directors on a quarterly basis as part of the Group's risk report.

Should a breach of any liquidity risk limit occur, established escalation procedures will be followed. Deviations from the limits for LCR and NSFR are immediately reported to Group Treasury, Group Risk Management and the Chief Financial Officer (CFO). All exceeded limits are to be reported to and handled at the same decision-making or authorisation level as that at which they were approved. Any breach of risk limits that were adopted by the Board must therefore be reported to and decided upon by the Board.

The credit ratings of the underlying securities in the bond portfolio are continuously monitored and reported. The chapter on market risk contains a description of how market risk in the liquidity portfolio is monitored.

Chapter 1 on Risk management and control includes a brief description of DNB's contingency plan for liquidity.

Stress testing of liquidity risk

DNB regularly conducts stress testing to ensure that the Group has sufficient liquid assets to cope with stressed conditions in a satisfactory manner. The underlying assumptions of risk factors on which liquidity risk stress scenarios are based are regularly reviewed and, at a minimum, as part of the preparations for the annual renewal of strategy and risk limits. This includes a reassessment of the bank's assets that can be classified as liquid and can be used as collateral in Norges Bank or other central banks.

Liquidity stress testing is integrated in the bank's liquidity risk management framework, including the setting of and possible adjustments to liquidity limits. The stress testing also provides the basis for the bank's contingency funding plans.

The stress tests are run on a quarterly basis and comprise four scenarios. A systemic market stress, a bank-specific stress, a combined systemic and bank-specific stress scenario and a regulatory LCR scenario. The results are reported to ALCO and the Board. The stress factors used in each scenario are based on both historic and hypothetical events, as well as the LCR methodology. A fall in housing prices will reduce the future issuance capacity in the form of covered bonds and may in severe cases require the transfer of liquid assets to DNB Boligkreditt AS to secure necessary overcollateralisation within the cover pool. A significant fall in housing prices is used in the systemic and combined scenarios. The LCR scenario follows the regulatory methodology that defines the LCR calculation and the stress factors in this scenario are therefore given by the LCR regulation. This scenario includes a prognosis of how many days of net outflows it takes to force the LCR indicator below 100 per cent. All scenarios cover a time horizon of up to 12 months.

Finally, a reverse liquidity stress test (RLST) is included to assess circumstances that would deplete the bank's liquidity reserves. The reverse stress test is based on the combination scenario, and various events, including no refinancing of covered bonds and increased run off on deposits, are then introduced to provoke situations where the liquidity buffer is exhausted at different time horizons, ranging from 30 to 180 days.

In addition to the stress test described above, additional stress tests are also used to assess liquidity needs related to collateral requirements. This includes the need to strengthen DNB Boligkreditt AS' cover pool in the event of a steep drop in housing prices, as well as collateral outflows related to changes in the value of the derivative contracts due to changes in underlying prices, rates and currency exchange rates. Group Treasury closely monitors and manages weekly reports of this counterparty risk. Read more about counterparty credit risk in chapter 5.

3. Liquidity risk and asset and liability management

2. Capital management

Liquidity risk management and control

Funding

Asset encumbrance

Liquidity reserve

→ Stress testing of liquidity risk

Risk and capital management Pillar 3 | 2023

DNB's liquidity stress tests cover all requirements relating to liquidity risk in all countries in which DNB operates. This includes the principles and requirements of the Basel Committee, European Banking Authority and the US CFR Section 252.145.2

2 CFR § 252.145 – Liquidity risk-management requirements for foreign banking organizations with total consolidated assets of \$250 billion or

more and combined U.S. assets of less than \$100 billion.

Ratings

Credit ratings are forward-looking and are meant to reflect how future events could impact the issuer's creditworthiness. The credit rating represents the rating agencies' assessment of the issuer's capacity and willingness to meet financial obligations on time. Strong credit ratings issued by recognised rating agencies are thus important for ensuring predictable, flexible access to funding.

The short-term credit rating is an expression of the probability of an issuer failing to meet its financial obligations in the current year and of the expected financial loss resulting from non-fulfilment of the obligations. A long-term debt rating is an expression of the same probability but over a period of one year or more.

DNB is one of the few banks with a long-term debt rating of Aa2 with positive outlook from Moody's and AA- with stable outlook from S&P. In addition, DNB has a short-term credit rating of A-1+ from S&P Global and P-1 from Moody's, both of which are the highest rating score. Both S&P Global and Moody's confirmed DNB's ratings in their latest rating reports in November 2023 and October 2023, respectively. For more information see https://www.ir.dnb.no/funding-and-rating/rating.

Rating DNB Bank ASA

Rating agency	Rating	Latest rating report	Latest rating action
S&P	Resolution Counterparty Rating: AA- (LT) Senior Preferred Rating (LT): AA Outlook: Stable Senior Non-Preferred: A Tier 2 (LT): A AT1 (LT): BBB Short term: A-1+	S&P rating report – November 2023	22 January 2019
Moody's	Counterparty Risk Rating (LT): Aa1 Outlook: Stable Senior Preferred Rating (LT): Aa2 Outlook: Positive Senior Non-Preferred Rating (LT): A2 Tier 2 (LT): A3 AT1 (LT): Baa2 Short term: P-1	Moody's rating report – October 2023	27 September 2023

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk 4.

5 Counterparty credit risk Developments in credit risk in 2023

6 Market risk Capital requirements for credit risk

7 Operational risk Overview of credit exposures

8 Climate risk Impairment and default

9 Appendix Internal measurement methods (IRB)

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

DNB has a robust credit portfolio, with loans to private individuals and small and medium-sized enterprises in Norway accounting for about 62 per cent. Credit quality was generally stable through 2023, but uncertainty has increased due to geopolitical turmoil and rising costs for businesses and households. Losses widened somewhat through 2023 after remaining low since the pandemic.

Definition

Pillar 3 | 20234. Credit risk Credit risk is the risk of financial losses due to failure by the Group's customers to meet their payment obligations to DNB. Credit risk refers to all claims against customers, mainly loans, but also commitments in the form of other extended credit, guarantees, interest-bearing securities, unutilised credit lines, derivative trading and interbank deposits. Credit risk also includes concentration risk, which is risk associated with large exposures to a single customer or concentration within geographical areas or industries, as well as risks related to homogeneous customer groups.

Development in total credit portfolio1, EAD NOK billion

Risk exposure amount NOK billion

966 (943)

Economic capital NOK billion

37.2 (37.4)

Net impairments NOK billion (2.6) (0.3)

(2022 figures)

3. Liquidity risk and asset and liability management

4. Credit risk

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

Terms used in the discussion of credit risk

Nominal exposure is the aggregate credit exposure prior to impairments, collateral and conversion factors. It is the sum of the amount deducted and offbalance-sheet items such as unused lines of credit and guarantees. The term 'net exposures' reflects the corresponding amount adjusted for impairments.

Exposure at default (EAD) indicates how much of the allocated exposure is expected to be deducted in the event of a future default. EAD is the sum of the amount deducted and off-balance-sheet items multiplied by a conversion factor (CCF). The calculation of CCF assumes a downturn in the market and must be equal to or more conservative than the long-term average. EAD is reported as exposure before impairments.

Probability of default (PD) is the calculated probability that a customer will not be able to service their credit within the next 12 months. PD is calculated using statistical models on the basis of a combination of financial and non-financial factors. The PD forms the basis for DNB's risk classification of customers. Defaulted exposures are automatically assigned a PD of 100 per cent.

Loss given default (LGD) indicates how much the Group expects to lose if the customer defaults on their obligations, at the same time as there is a major downturn. The LGD calculation used in the IRB reporting must always be more conservative than the long-term average. The models consider the collateral associated with the exposure, future cash flow and other relevant factors.

Expected loss (EL) indicates the average annual expected losses over a business cycle, taking into account in the bank's IRB models. EL is calculated as PD x LGD x EAD. Under normal circumstances, this figure should be higher than the actual losses.

Expected Credit Loss (ECL) is calculated according to the IFRS9 financial reporting standard. ECL is calculated as PD x LGD x EAD, where both PD and LGD should correspond to the actual observed level, and projected values depend on the bank's view of future macroeconomic development. DNB's model for calculating expected credit losses is based on the IRB models. Conservative buffers and adjustments for cyclicality are removed so that the estimates are point-in-time.

In DNB's internal monitoring of credit risk, credit exposures are grouped based on calculated PD.

The breakdown is defined as follows:

→ Low risk: PD 0.01 0.75 per cent.
→ Medium risk: PD 0.75 3 per cent.
→ High risk: PD over 3 per cent, including defaulted exposures where PD=100 per cent.
1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2023
Capital requirements for credit risk
Overview of credit exposures
Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios
Credit risk exposures under the standardised approach
Management and control of credit risk
Stress testing
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Developments in credit risk in 2023

DNB's portfolio of loans and credit to customers amounted to NOK 2 381 billion, measured in EAD, at the end of 2023. Counterparty credit risk is included in these figures. The portfolio was almost evenly distributed between loans and credit to corporates and private individuals.

Credit quality was generally good, but we saw a negative trend in several segments for small and medium-sized enterprises and in some segments for large customers. Activity for housing and holiday cottage builders declined, and retail trade in sports equipment, building materials, furniture and new cars showed stagnation or decline. In commercial real estate, fewer properties were sold and property values were reduced. The credit quality of the portfolio of loans to private individuals was good and unchanged. Total impairments for the year ended at NOK 2.6 billion, which is an increase from the previous year, but still lower than normalised losses. The accumulated write-downs in Group 3 (non-performing loans) amounted to NOK 6.5 billion at year-end, approximately unchanged from the previous year-end.

International financial markets continued to be volatile in 2023. The rise in prices for food and other consumer goods contributed to weak developments in household demand, but a strong labour market and

Development in credit portfolio1, EAD

NOK billion

1 Excluding institutions, governments, central banks, equity positions and affiliate companies. Counterparty credit risk has been included.

unusually high savings levels supported consumption. Inflation edged down at year-end, but was still high, and was largely sustained by higher service prices and wage growth.

The figure above shows developments in the credit portfolio measured in EAD. The bank's credit portfolio increased by NOK 42 billion in 2023. Loans to small and medium-sized enterprises increased by 4.2 per

cent, and loans to personal customers increased by 0.5 per cent in 2023. Adjusted for exchange rate effects, large corporates and the international portfolio increased by 0.4 per cent, small and medium-sized enterprises increased by 3.5 per cent and personal customers increased by 0.2 per cent.

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2023
Capital requirements for credit risk
Overview of credit exposures
Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios
Credit risk exposures under the standardised approach
Management and control of credit risk
Stress testing
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Development in mortgages2, EAD NOK billion

2 Norwegian mortgage portfolio

Loan-to-value mortgages, granted volume Per cent

2022 2023

Loans to private individuals

Loans to private individuals consist mainly of mortgages. DNB has low activity in the areas of credit card and consumer finance and places emphasis on responsibility and sustainability in its lending practices. The portfolio of car loans is discussed below under loans to corporates.

Norway has a very high proportion of privately owned dwellings. More than 80 per cent of the population owns their own dwelling, and dwellings are primarily financed by floating-rate mortgages. The housing market in Norway has experienced a sharp rise in prices in recent years. After several interest rate hikes and increased costs for households, growth slowed, ending at 0.5 per cent for 2023.

DNB's mortgage portfolio amounted to NOK 1 065 billion, measured in EAD, at the end of 2023 and mainly consists of mortgages and certificates of financing for homes in Norway. 87 per cent of the portfolio is reported using the IRB method. An application to report Sbanken according to the IRB method has been submitted to Finanstilsynet (the Financial Supervisory Authority of Norway). For the time being, however, the Sbanken portfolio is reported using the standardised method. Certificates of financing are reported according to the standard method. The same applies to some smaller mortgage portfolios in Poland and Luxembourg, and the

mortgage portfolio in Luminor, which is reported pro rata. The comments below relate to the Norwegian mortgage portfolio.

DNB's mortgage portfolio is of high quality. The proportion of defaulted mortgages was 0.3 per cent at the end of 2023, and 99 per cent of the loans were classified as low or medium risk based on the bank's own PD calculations. In the reporting of capital adequacy, a conservative addition to the PD calculation is required for the mortgage portfolio. Based on external PD values, 98 per cent of the portfolio was classified as low or medium risk. The proportion of loans with instalment deferral was at 24 per cent at the end of 2023, up 2 percentage points over the year.

71 per cent of the bank's mortgage portfolio has been transferred to DNB Boligkreditt and forms the basis for issuing covered bonds.

For the mortgage portfolio, the loan-to-value (LTV) ratio is calculated as the loan's share of the property's market value. Short-term intermediate financing is not included in the calculation. The market value of all mortgaged homes is updated every quarter. The loan-to-value ratio for DNB's Norwegian mortgage portfolio, excluding Sbanken, was 58.5 per cent at the end of 2023 compared with 56.2 at the previous year-end. The chart to the left shows the mortgage

3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2023
Capital requirements for credit risk
Overview of credit exposures
Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

portfolio broken down by object-oriented loan-tovalue ratio. The loan-to-value ratio for Sbanken's mortgage portfolio was 47.6 at year-end 2023.

The Norwegian Lending Regulations (Utlånsforskriften), which entered into force on 1 January 2021, apply up to and including 31 December 2024. The regulations apply to loans for mortgages, unsecured loans to consumers and loans to consumers secured by assets other than dwellings, such as loans secured by cars or boats. Financial institutions may grant loans that do not satisfy all the conditions in the regulations for up to 10 per cent of the value of total loans granted. For loans secured by collateral in dwellings in Oslo, the limit for deviations is set at a maximum of 8 per cent. DNB monitors lending practices closely to ensure compliance with the regulations in all parts of the bank.

Loans to corporates in Norway and internationally

DNB's corporate loans amounted to NOK 1 194 billion at the end of the year, measured in EAD and including counterparty credit risk. Of this, loans to Norwegian and Norwegian-owned companies amounted to NOK 713 billion, with NOK 481 billion in loans to international customers.

DNB's portfolio of loans to the real estate sector accounts for about 32 per cent of all corporate credit.

Development in loans to the real estate sector, EAD

NOK billion

Leasing of shopping centres Leasing of retail store Leasing of hotels Leasing of warehouse/ logistics/combination Leasing of office premises Leasing of residential Housing cooperative

3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2023
Capital requirements for credit risk
Overview of credit exposures
Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

The majority of the portfolio is income-generating properties, i.e. completed real estate projects where the loan is serviced by rental income. The residential property portfolio mainly involves short-term loans for housing development projects, with a high degree of advance sales. The portfolio of commercial real estate loans is predominantly comprised of Norwegian customers. The credit quality of the portfolio of loans to office properties was stable throughout the year. The price level of the most attractive office properties in Oslo and other large Norwegian cities has been rising for many years, but has fallen since the beginning of 2022 as a result of rising interest rates and thus higher yield requirements. This trend is expected to continue somewhat, although low vacancy rates and a small supply of new properties are dampening the effect. So far, no lower demand for office property has been registered due to increased use of hybrid working methods. The portfolio of commercial real estate loans was of good quality in 2023. Trade in bulky capital goods and sporting goods was reduced in 2023 and landlords of property for these industries may face demands for renegotiation of leases going forward. At the end of 2023, 95 per cent of loans to the real estate sector were classified as low or medium risk, compared with 97 per cent at year-end 2022.

The seafood portfolio accounted for 7 per cent of total corporate credit, measured in EAD, at the end of the year. Fish farming accounts for 65 per cent of the portfolio. Inflation and high feed costs have contributed to higher costs, but profitability is nevertheless expected to remain solid. The supplier industry experienced a lower order intake and reduced activity in 2023 due to uncertainty surrounding new investments in the Norwegian aquaculture industry as a result of the introduction of ground rent tax. There are signs that investment will pick up somewhat in 2024. At the end of the year, 97 per cent of loans to the sector were classified as low or medium risk.

At year-end, power and renewables accounted for approximately 8 per cent of total corporate credit, measured in EAD. The portfolio consists mainly of Nordic power production and distribution grids, as well as renewable power production in North and South America. High gas prices as a result of sanctions against Russia and the decommissioning of nuclear power in Sweden and Germany have led to very high and volatile electricity prices in the Nordic region. The power industry experienced high margins also in 2023. At year-end, 98 per cent of loans to the sector were classified as low or medium risk.

The portfolio related to oil, gas and offshore accounted for 6 per cent of the total corporate portfolio at the end of the year. The credit quality has developed positively because of high oil and gas prices. The combination of increased attention to energy security and rising earnings through 2023 provides a more positive outlook than it has been for several years. At the end of 2023, 90 per cent of the oil and gas portfolio was classified as low or medium risk, as measured in EAD. For the offshore portfolio, the share of low and medium risk was 72 per cent.

At year-end, retail trade accounted for 5 per cent of total corporate credit, measured in EAD. Retail trade had a weak development through 2023, with the building materials, sports and electronics segments accounting for the largest decline. As a result of higher costs for households and enterprises, the segments have experienced reduced profitability and, in some cases, deficits. Against this background, the credit quality of DNB's portfolio has developed somewhat negatively. This is reflected in an increasing proportion of moderate risk, while the proportion of high-risk customers was unchanged throughout the year. At the end of 2023, 90 per cent of the portfolio was classified as low or medium risk, the same as at year-end 2022.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Developments in credit risk in 2023
→ Capital requirements for credit risk

Overview of credit exposures Impairment and default

Internal measurement

methods (IRB) Exposures in the IRB portfolios

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

DNB's portfolio of loans for passenger cars (for both businesses and private individuals) amounted to NOK 105 billion, measured in EAD, at the end of the year. In 2023, the industry experienced reduced profitability and a fall in new car sales as a result of increased costs for businesses and households. Increased used car sales, together with service and parts sales, have contributed positively. At the end of 2023, 90 per cent of the portfolio was classified as low or medium risk.

Capital requirements for credit risk

The total risk exposure amount (REA) for credit risk, including counterparty credit risk, was NOK 966 billion for the DNB Group at the end of 2023, NOK 24 billion higher than the year before. Table on page 51 shows the specification of REA for credit risk.

The figure to the right shows changes in REA for the credit portfolio distributed among the most substantial portfolios. The REA for the IRB portfolio increased by NOK 16 billion. This is due to growth in both the corporate portfolio and mortgages. See analysis of development in the IRB portfolio on page 60.

The REA for portfolios reported according to the standardised method amounted to NOK 320 billion, of which NOK 54 billion is mortgages.

Development in risk exposure amount (REA) for credit risk

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

Developments in credit risk in 2023
→ Capital requirements for credit risk
- Overview of credit exposures Impairment and default
Internal measurement
methods (IRB)
Exposures in the IRB portfolios
Credit risk exposures under the standardised approach
Management and control of credit risk
Stress testing
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Specification of risk exposure amounts (REA) for credit risk

NOK million	Original exposure	EAD	Average risk weight	Risk exposure amount 2023	Risk exposure amount 2022
IRB approach
Specialised Lending (SL)	7 367	7 051	33%	2 349	4 174
Small and medium enterprises (SME)	217 566	198 699	46%	92 035	86 047
Other corporates	1 001 868	771 083	43%	329 522	317 807
Retail, secured by real estate property	925 692	925 692	22%	201 714	200 096
Other retail	80 763	66 958	31%	20 631	22 309
Total credit risk, IRB approach	2 233 256	1 969 484	33%	646 251	630 433
Standardised approach
Central governments or central banks	458 822	458 206	0%	86	1
Regional governments or local authorities	49 017	42 322	2%	727	757
Public sector entities	81 545	79 929	0%	14	52
Multilateral developments banks	54 305	54 305	1%	594
International organisations	987	987	0%
Institutions	85 656	59 076	32%	18 679	19 120
Corporates	195 825	168 934	68%	114 560	116 578
Retail	140 791	67 911	75%	50 659	49 332
Secured by mortgages on immovable property	153 913	138 845	39%	53 842	51 465
Exposures in default	3 986	3 072	132%	4 061	2 643
Items associated with particularly high risk	735	732	150%	1 099	1 355
Covered bonds	54 010	54 010	10%	5 401	4 389
Claims in the form of CIU	1 583	1 583	36%	568	232
Equity exposures	22 957	22 956	233%	53 586	54 602
Other items	29 631	29 631	55%	16 233	11 581
Total credit risk, standardised approach	1 333 762	1 182 498	27%	320 109	312 107
Total credit risk	3 567 018	3 151 982	31%	966 360	942 540

1. Risk management and control

3. Liquidity risk and asset and liability management

4. Credit risk

→ Capital requirements for credit risk

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

Definition of default

DNB's definition of default is in line with the updated EBA guidelines published in 2016. The definition of default under IFRS 9 is fully in line with the regulatory definition of default. The application of the definition of default is different for corporate and personal customers.

Corporate customers

There is qualified payment default if an engagement exceeding NOK 2 000 and more than 1 per cent of the borrower's total exposure with DNB has lapsed by more than 90 days.

Expected default on payment exists if it is unlikely that the borrower will pay what they owe DNB without having to implement measures, such as the realisation of collateral, to finance the payment. Whether there is an expected default on payment depends on an assessment of the probability of future payment default. There is a wide range of circumstances that may be relevant to consider. Expected defaults can be caused by indicators that are absolute, such as:

→ bankruptcy proceedings
→ sale of loans with a discount of more than 5 per cent related to credit risk
→ forced restructuring where debt is expected to be reduced by more than 1 per cent.

Furthermore, several indicators should be considered when determining whether expected defaults have occurred.

These indicators are not absolute. Examples of this include:

→ expected failure to service all financial obligations, including refinancing risks
→ violation of financial clauses
→ deterioration in the ratio of loan to income
→ sale of collateral that weakens the bank's creditor position.

If a default occurs, all obligations that the customer has in DNB will be deemed to be in default. Contagion can also occur between financially dependent borrowers where one customer's financing or payment difficulties are also likely to lead to payment difficulties for one or more other customers.

If specific criteria are met, a customer can exit default status and return to being a healthy borrower after a 3- or 12-month return-to-non-default period. The 12-month return-to-non-default period is for customers who exit default after forced restructuring.

Personal customers

For personal customers, a qualified payment default exists if a commitment exceeding NOK 1 000 and more than 1 per cent of the defaulted amount under the agreement with DNB is overdue by more than 90 days.

The absolute requirements for expected defaults for personal customers are similar to those for corporate customers. Other indicators of expected default include a reduction in the customer's income, for example due

to unemployment, a significant increase in LTV ratio, or a situation where the guarantor or co-borrower is in a bankruptcy or debt settlement process.

For personal customers, defaults apply at the agreement level. Therefore, in principle, there will be no contagion between agreements belonging to the same borrower. An important exception to this rule is contagion between instruments within the same product category, for example between two mortgages to the same borrower. If there is also a default related to one or more agreements totalling at least 20 per cent of the customer's total exposure with DNB, all agreements with the bank will be deemed to be in default.

Definition of past due exposures

Past due exposures are overdue amounts on loans and overdrafts on credit, assuming a deterioration of customer solvency or unwillingness to pay.

Financial assets qualify as past due when any amount of principal, interest or fee has not been paid at the date it was due. Past due exposures are reported for their entire carrying amount. Past due loans and overdrafts on credit lines are monitored on an ongoing basis.

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

→ Overview of credit exposures Impairment and default

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

Overview of credit exposures Exposures by customer segment, industry and country

Gross carrying amount and maximum exposure amounted to NOK 3 348 billion at the end of 2023. The figures to the right show exposure by customer segment and country.

Loans and credit to personal customers accounted for 40 per cent of exposure. Loans to corporate customers accounted for 41 per cent. Exposures with governments and central banks, equity positions and other assets are included in the graph as 'other'. The credit portfolio is mainly linked to Norway or Norwegian customers. The Norwegian-related portfolio accounted for 65 per cent at the end of 2023. See additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)' for more information.

Gross carrying amount, split by customer segments, 31 December 2023

Gross carrying amount, split by country, 31 December 2023

Per cent

Forborne exposures

Forborne exposures are defined as credit exposures where the loan terms have been changed as a result of the customer having had financial problems.

Forborne exposures include both defaulted and non-defaulted exposures. The objective of forbearance is to assist the customer through a financially challenging period. It is a prerequisite that customers must be expected to be able to meet their obligations at a later date.

The most common forms of forbearance are:

→ changing the term of the loan
→ refinancing
→ debt remission, including remission of overdue interest payments
→ deferment of overdue interest payments.

Forbearance is an element of DNB's strategy for limiting losses. Procedures for handling these exposures have been incorporated in the credit process. DNB has operative guidelines describing how business units should identify, analyse and approve forbearance cases. Developments in the volume of forborne exposures are reported quarterly to the Board.

For more information see Note G4 Credit risk management in DNB's annual report.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Impairment and default

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

Impairment and default

When calculating expected credit losses, all credit exposures are divided into three groups:

→ Stage 1: Includes exposures that have not had a significant increase in credit risk since the agreement was entered into. According to IFRS 9, an expected credit loss must be calculated for the next 12 months.
→ Stage 2: Includes exposures with significant negative development in lifetime PD compared to PD upon entering into the agreement. In addition, it includes loans with PD between 5 and 40 per cent, exposures with forbearance and personal customers with payments that are between 30–60 days overdue. For these, an expected credit loss is calculated over the entire life of the agreement.
→ Stage 3: Includes defaulted loans. Like stage 2, stage 3 will calculate the expected credit loss without any time limitation. For customers in default (stage 3), PD is set to 100 per cent.

For the exposures in stages 1 and 2, expected losses are estimated using DNB's Expected Credit Loss (ECL) model, which is based on internal models for EAD, PD and LGD and on forecasts for future economic developments.

The stage 3 ECL impairment is calculated as the difference between the carrying value and the present value of estimated future cash flows discounted by the original effective interest rate. The estimated future cash flows are based on developments in the customer's exposure, the value of collateral, experience with the customer, the likely outcome of negotiations and expected macroeconomic developments that will affect the customer's expected cash flow. If the exposure is collateralised, the value of the collateral is included in the estimated future cash flows regardless of whether foreclosure is probable or not.

ECL for stage 3 credit exposures for customers with exposures of more than NOK 50 million is calculated as probability-weighted ECL from considered scenarios. The scenarios should represent the actual opportunities for a customer in financial difficulty. The rule is that three different scenarios should be considered.

→ Going concern: What is the probability of a development where all debt is repaid without concessions in the form of debt conversion or writeoffs? The ECL in this scenario is zero.
→ Restructuring: What is the likelihood of a development where the customer must restructure its capital structure to maintain going concern, and what will ECL be for DNB in such a restructuring?

→ Liquidation: What is the probability of a development where a company is liquidated through bankruptcy, orderly liquidation etc., and what is the ECL for DNB in this scenario?

The ECL for each scenario, and the probability of each scenario occurring, will depend on both market conditions and customer-specific factors. The sum of the scenarios must always be 100 per cent. If a scenario is highly unlikely, the probability can be set to zero.

The ECL in a restructuring scenario will depend on the discounted present value of the customer's expected future cash flows, as well as the expected level of debt that can be agreed with the stakeholders in a restructuring. The ECL in a liquidation scenario will depend on the expected realisation value of collateral on the sale of assets – for example, as part of a bankruptcy or orderly liquidation.

The ECL in stage 3 is calculated for corporate customers with loans below NOK 50 million using the bank's ECL model. The model is based on the probability that a loan will be 'recovered', expressed as Cure Rate (CR), and an estimated loss given that the loan remains in default, expressed as Loss Given Loss (LGL). Both CR and LGL take into account customerand agreement-specific information, as well as a forward-looking component similar to the methodology for customers in stages 1 and 2.

3. Liquidity risk and asset and liability management

4. Credit risk

→ Impairment and default

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

For private individuals with loans of more than NOK 5 million as defaults, an individual assessment of collateral and debt-servicing capacity is carried out to determine the ECL. For private individuals with loans of less than NOK 5 million, a portfolio approach is used to calculate ECL in stage 3. The estimate is calculated using a discounted expected collateral value that provides expected recovery rates for a representative sample of customers in default. The expected recovery rates are then applied to customers with similar characteristics to the customers in the sample. When a customer is in the 3- or 12-month return-to-non-default period, the customer will continue to be presented in stage 3, but with stage 2 lifetime ECL from the ECL model.

Impairment of loans and financial instruments

Net impairments are the sum of all impairments in the period, minus all reversals made in the same period. The figure on the top left shows developments in net impairments in 2023.

The figure to the right shows developments in accumulated write-downs of loans to customers at amortised costs and financial exposures recorded from the end of 2022 to the end of 2023. Accumulated impairments amounted to NOK 8.8 billion at year-end, a reduction of NOK 29 million from 2022. The change in accumulated impairments includes provisions due to the origination of new

Net defaulted exposures

NOK billion

Development in accumulated impairment of loans and financial commitments

3. Liquidity risk and asset and liability management

4. Credit risk

→ Impairment and default

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

financial instruments during the period. The figure also shows increases and decreases in expected credit loss resulting from changes in input parameters and assumptions, including macro forecasts, as well as the effect of partial repayments on existing facilities and the unwinding of the time value of discounts due to the passage of time. Further, the table includes writeoffs, changes in provisions due to the derecognition of financial instruments during the period and exchange rate effects.

Non-performing exposures

Net non-performing exposures fell by NOK 0.9 billion in 2023 and amounted to NOK 23 billion at the end of the year. 21 per cent of DNB's non-performing investments are in oil, gas and offshore, mainly related to challenges in the offshore segment. The nonperforming volume in this segment declined by NOK 5.6 billion in 2023 and amounted to NOK 4.9 billion at year-end. The positive development in credit quality is a result of higher oil and gas prices and completed restructurings.

The figure on the previouse page shows the distribution of net non-performing exposures by industry. More detailed information can be found in the additional Pillar 3 disclosures 'Risk and capital management – Pillar 3 attachment (Excel)'.

Historical development of impairment of financial instruments

The figure above shows the net annual impairments as a proportion of lending for the period 1957–2023. From 1992, net impairments are also broken down between personal and corporate customers, excluding the public sector and credit institutions. The period from 1987 to 1993 is referred to as the Norwegian banking crisis and stands out from other years. Other years that stand

out are 2009, when the financial crisis led to increased impairments, inter alia linked to Baltic operations, and 2016 when DNB was compelled to record substantial impairment in the oil-related portfolio. The coronavirus pandemic did not affect the impairments in 2020 to any great extent. The increase in 2020 is due to further impairments in the offshore portfolio, while 2021, 2022 and 2023 were more normal, with low impairments.

3. Liquidity risk and asset and liability management

4. Credit risk

Overview of credit exposures Impairment and default

→ Internal measurement methods (IRB)

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

Internal measurement methods (IRB) DNB has used internal credit risk models since 1995. The calculations from models approved for measuring credit risk in the capital adequacy are integrated into the Bank's internal management tools.

In the internal monitoring of credit risk, internal models are used to calculate CCF (EAD), PD and LGD for all credit exposures, regardless of whether they are approved for calculating capital requirements. The risk parameters that DNB uses to measure risk in the large corporates and mortgage portfolios are different from those that have been approved for calculating capital adequacy according to the advanced IRB approach.

The approved models have mandatory mechanisms that ensure more stable capital adequacy requirements over time and are more conservative in their calibration levels. More risk-sensitive risk models are preferable for internal management purposes.

DNB uses the Advanced IRB (A-IRB) approach for its corporate and personal customer portfolios. Some portfolios in subsidiaries or specific segments are exempted. The Foundation IRB (F-IRB) method is not used. There is no distinction between A-IRB and F-IRB for loans to personal customers. The table shows the reporting methods used for the different credit portfolios in DNB, distributed among exposure classes.

Reporting methods for credit portfolios in DNB

Exposure class	Main reporting methods
Corporate and Specialised Lending (SL)	A-IRB
Retail, mortgage loans	IRB
Retail, other exposures	IRB
Governments and central banks	Standardised approach
Institutions	Standardised approach
Equity positions and other assets	Standardised approach

The purpose of the IRB system is to ensure sound risk management. This calls for high quality and transparency throughout the value chain. The Board of Directors assesses the need for capital on the basis of risk measurements and an overall evaluation of operating parameters and business and strategic targets.

The independent entity responsible for model risk conducts annual validations of the IRB models. Regular controls of model use are carried out through the Credit Risk Review Institute, which looks specifically at the models' data (model input). Furthermore, periodic theme-based self-assessments of the most important parts of the IRB value chain are carried out. Group Audit prepares an annual report with an assessment of whether the IRB system in DNB meets external requirements.

The areas of application for the IRB models are:

→ capital adequacy calculations
→ decision-support in the credit process
→ limits in the risk appetite framework and credit strategies
→ risk measurement and ongoing reporting
→ pricing of credit risk
→ measuring portfolio profitability
→ basis for models applied in stress testing and calculation of expected credit loss.

3. Liquidity risk and asset and liability management

4. Credit risk

Overview of credit exposures Impairment and default

→ Internal measurement methods (IRB)

Credit risk exposures under the standardised approach

Risk and capital management Pillar 3 | 2023

Models used in IRB reporting

An overview of the IRB models used, with comments where the models have been adjusted to meet requirements from Finanstilsynet, is shown in the additional Excel disclosure to this report.

In order to comply with the new regulation of the definition of default, effective from 1 January 2021, new calibration levels were calculated for the IRB models. Calibration levels were calculated in accordance with new EBA estimation guidelines that were also in effect from 1 January 2021. An application to use the new calibration levels was submitted to Finanstilsynet in March 2021, and we are awaiting approval. They will be implemented as soon as approval is granted.

In 2020, DNB applied for approval of a new PD model for retail mortgages. The new model is being run as a complementary model in internal risk management until Finanstilsynet gives its formal approval for use in IRB reporting. In December 2022, DNB also submitted an application to expand the application of the retail mortgage models and for permission to report Sbanken's retail mortgage portfolio using the advanced IRB method (A-IRB). DNB is awaiting approval on both applications.

DNB applied for approval of new models for object financing and unsecured credit in 2023. An application for approval of a new LGD model for object financing for personal and corporate customers in Norway and Sweden was sent in March 2023. The model has been implemented as a complementary model in internal risk management until Finanstilsynet gives its formal approval for use in IRB-reporting. An application for approval of new PD and LGD models for unsecured credit for private individuals was submitted in May 2023. Implementation of the new models is ongoing. The models will be used as complementary models for internal risk management when implemented.

In addition to the general recalibration across the model park for IRB and the new models for mortgages, object financing and unsecured credit, DNB is awaiting approval from Finanstilsynet in two more areas:

→ Application for changes related to processing of offers and financing certificates.
→ Application for change of categorisation of corporates as retail.

Special requirements for DNB's IRB models

Corporates: Finanstilsynet has stipulated that the PD level in the large corporates portfolio should be relatively stable, irrespective of economic conditions, in order to avoid large variation in the capital requirement. In addition, a floor has been set for certain LGD models, which makes the models more conservative than warranted on a statistical basis.

Mortgages: Finanstilsynet has set requirements for PD and LGD in the mortgage portfolio. There is a minimum PD requirement of 0.2 per cent for all credit agreements. In addition, LGD should not be lower than 20 per cent at the portfolio level. As a result of these requirements, the risk weights for the mortgage portfolio are higher than they would have been if they had been based on unbiased estimated PD and LGD.

Risk classification

DNB divides the healthy credit portfolio into ten risk classes based on the exposures' probability of default, PD. See the table on the next page. Exposures that are in default are assigned a PD of 100 per cent.

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

Developments in credit risk in 2023
Capital requirements for credit risk
Overview of credit exposures Impairment and default
→ Internal measurement methods (IRB)
Exposures in the IRB portfolios
Credit risk exposures under the standardised approach
Management and control of credit risk
Stress testing
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

DNB's credit risk classification

Probability of default (per cent)					External rating
Risk grade	Risk classification	As from	Up to	Moody's	S&P Global
1		0.01	0.10	Aaa - A3	AAA - A÷
2	Low risk	0.10	0.25	Baa1 - Baa2	BBB+ - BBB
3		0.25	0.50	Baa3	BBB÷
4		0.50	0.75	Ba1	BB+
5		0.75	1.25	Ba2	BB
6	Medium risk	1.25	2.00
7		2.00	3.00	Ba3	BB÷
8		3.00	5.00	B1	B+
9	High risk	5.00	8.00	B2	B
10		8.00	Impaired3	B3, Caa/C	B÷, CCC/C

DNB's risk classification system, where 1 represents the lowest risk and 10 the highest risk.

3 PD in risk grade 10 goes to maximum 40 per cent

IRB model validation

Independent validation is a key control function of DNB's IRB system. It is carried out by Model Risk Management, an entity that is independent of the entities in charge of the model development process and the establishment and renewal of loans.

New IRB models and material changes to existing models are subject to initial validation, while existing IRB models are validated annually. The validation results provide a basis for assessing the performance of the Group's IRB models consistently and meaningfully. Riskmitigating actions are recommended in cases where the validation results indicate a need for improvement. The CRO decides on the actions to be taken. The results of this work are presented at least annually to DNB's Board of Directors.

Models are assessed based on six risk elements: design and development, input data, implementation, model use, performance and governance. Each element is assessed for each model using qualitative and quantitative methods. Validation of governance is a qualitative analysis that provides an assessment of whether the governance of the models is consistent and sound throughout the model's life cycle.

The assessment of the model's performance consists largely of quantitative analyses, with a particular focus on the ranking of borrowers' creditworthiness (discriminatory power) and estimation of the level of risk parameters (calibration). A PD model with good discriminatory power can largely distinguish between customers who will default on their loan obligations and those who will not. An LGD model should be able to predict which non-performing credit exposures will result in relatively large and small losses. Validation of the calibration level provides an assessment of whether the risk parameters have been established at the appropriate level. Discrepancies between predicted and observed levels are expected. Whether the deviations are acceptable depends on the risk parameter and the part of the business cycle in which the deviations occur. Since the LGD level should correspond to the loss severity during an economic downturn, the loss level observed during a normal period should be lower than the LGD estimate. The same applies to EAD.

3. Liquidity risk and asset and liability management

4. Credit risk

Credit risk exposures under the standardised approach

→ Exposures in the IRB portfolios

Risk and capital management Pillar 3 | 2023

Exposures in the IRB portfolios

The proportion of DNB's credit portfolio reported under the IRB method amounted to NOK 1 969 billion, measured in EAD, at the end of 2023. The figure shows the IRB portfolio, including counterparty credit risk by exposure category. EAD increased by 2 per cent in 2023. Exchange rate fluctuations contributed to a 1 per cent increase in the IRB portfolio's EAD and REA, mainly related to NOK versus USD and EUR. Counterparty credit risk accounts for 1 per cent of the IRB portfolios EAD and REA.

The credit quality was generally strong throughout the year, but especially for small and medium-sized enterprises, the risk weight increased for the performing portfolio. On the other hand, customers moving from the non-performing to the performing portfolio contribute to decreasing the risk weight in both the large corporate segment and for small and mediumsized enterprises. An increased volume that qualifies for the SME Supporting Factor (SSF) also contributed to improved effective risk weight throughout the year.

The implementation of CRR II in 2022 introduced the Infrastructure Supporting Factor (ISF) for exposures that have the specific purpose of funding essential public infrastructure. This was implemented in DNB in first quarter in 2023.

Exposure classes in the IRB portfolio, EAD, 31 December 2023

Per cent

Development in Risk Exposure Amount for the IRB portfolio

NOK billion

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

4. Credit risk

Developments in credit risk in 2023
Capital requirements for credit risk
Overview of credit exposures
Impairment and default
Internal measurement methods (IRB)
Exposures in the IRB portfolios
→ Credit risk exposures under the standardised approach
Management and control of credit risk
Stress testing
5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Credit risk exposures under the standardised approach

About 35 per cent of the Group's credit portfolio measured by EAD was reported according to the standardised approach at the end of 2023. Key figures for the portfolios reported according to the standardised approach are presented in the section on capital requirements for credit risk.

DNB has been granted permission from Finanstilsynet to use the standardised approach to calculate risk exposure amounts (REA) for governments and central banks and for equity positions. Sbanken, subsidiaries in Poland and Luxembourg and associated companies calculate REA according to the standardised approach. Other portfolios that are reported according to the standardised approach are exposures to institutions, factoring and housing cooperatives in Norway. In addition, the approach is used when DNB does not have sufficient data to calculate REA according to the IRB approach.

DNB's exposures calculated according to the standardised approach are allocated to 15 different exposure classes.

→ governments and central banks
→ regional governments and local authorities
→ public sector entities
→ multilateral development banks
→ international organisations
→ institutions (banks, credit institutions, investment firms)
→ corporates (non-financial and financial companies, insurance companies, housing cooperatives)
→ retail (private individuals)
→ secured by mortgages on immovable property
→ exposures in default (exposures overdue for 90 days)
→ high risk
→ covered bonds
→ mutual funds, collective investment undertakings (exposures in the form of units or shares in CIUs)
→ equity exposures (holdings of shares and other equity instruments not in the trading book)
→ other exposures (prepaid expenses, cash in hand, deferred tax assets etc.).

Exposure classes in the standardised portfolio, EAD, 31 December 2023

Per cent

According to the regulation, either the rating from an export credit agency or, where not available, the country rating from eligible credit assessment agencies such as Moody's, S&P Global and Fitch can be used to determine the risk weight for exposures to central governments, central banks and institutions.

3. Liquidity risk and asset and liability management

4. Credit risk

Credit risk exposures under the standardised approach

→ Management and control of credit risk

Risk and capital management Pillar 3 | 2023

Management and control of credit risk

The risk appetite framework defines maximum limits for credit exposure. Limits have been set for annual growth, risk concentrations and credit quality. There is an upper limit for growth, measured in terms of EAD, for each customer segment. To limit concentration risk, there are limits for risk exposure related to individual customers and industry segments. The limits for credit quality are designed as limits for Expected Credit Loss (ECL) and apply to all types of credit risk. ECL is measured using internal credit risk models and forward-looking macroeconomic assumptions.

In addition to the risk appetite framework, there are credit strategies for the individual customer segments. Risk should be an integral part of the governance and remuneration system through indicators that operationalise risk limits and strategies, and are followed up by managers individually. To read more about risk appetite, see the chapter on risk management and control in DNB.

Decision-making processes and authorisations

Group Risk Management is responsible for checking and monitoring the quality of credit portfolios and the effectiveness of the credit process. Group Credit Management is part of Group Risk Management and is responsible for establishing the framework for the credit process and for credit management in all business areas.

Credit decisions in DNB

4 The Chief Risk Officer (CRO) is the head of the Group Credit Committee (GCC).

3. Liquidity risk and asset and liability management

4. Credit risk

Credit risk exposures under the standardised approach

→ Management and control of credit risk

Risk and capital management Pillar 3 | 2023

Each business area is responsible for managing its own credit activities and portfolios within the confines of the risk appetite limits and credit strategies. To ensure effective, high-quality decisions, DNB has established multiple levels of credit approval authorisations, see the figure on the previouse page. The levels are based on the size, complexity of the credit, the required expertise and the risk involved.

All extension of credit is based on the 'four eyes' principle. This means that one person makes a decision based on the recommendation of another person. In cases where the requested credit exceeds a specific level, the decision must be endorsed by a credit officer in Group Credit Management. For the smallest amounts of credit in the corporate segment, however, automated risk classification can replace one of the 'pairs of eyes'.

In the personal banking market, credit applications should, as a rule, be processed using automated measurement and decision-support systems. Applications from low-risk personal customers with good debt-servicing capacity and a moderate debt/ asset ratio are approved digitally. The process automatically collects data on income, debt and assets, as well as updated information about the value of the collateral in connection with refinancing existing loans and issuing pre-qualification letters.

If the customer has not proven a satisfactory debtservicing capacity, credit should normally not be granted even if the collateral is satisfactory. The customer's debt-servicing capacity is determined based on future cash flows. The main sources of these cash flows are income from business operations for corporate customers and wage income for personal customers. In addition, the extent to which realisation of the collateral will cover the bank's exposure in the event of default, and any reductions in future cash flows, are taken into account.

All corporate customers with credit exposures must be risk-classified for each approval of a material amount, and at least once a year. The risk classification should reflect the long-term risk related to the customer and the exposure. See text box about DNB's watchlist on page 65.

Management of the risk classification system is organisationally independent of operational activity and is handled by Group Risk Management. The risk classification models are designed to cover portfolios of exposures. If a model is considered to provide a substantially incorrect classification for a single exposure, the model-generated classification may, in exceptional cases, be manually overridden. Overrides must be satisfactorily justified and made only after an assessment by an independent entity. Risk classifications of exposures to personal customers are never overridden. For more information, see the description of the classification system in the section on credit models and risk classification.

Authorisations

All credit approval and endorsement authorisations are personal. The exception is the Board of Directors, which approves credit proposals as a collegiate body. The Board decides on credit applications of an extraordinary nature. These are primarily credit applications corresponding to more than 10 per cent of the bank's own funds.

The Board has delegated credit approval authorisation to the Group Chief Executive Officer (CEO). The CEO has further delegated this authorisation to the business areas and Group Risk Management. These authorisations are exercised in a decision-making system where the business area approves the application and Group Credit Management endorses decisions up to the Board level on behalf of Group Risk Management.

A credit decision must be brought before a higher decision-making body if the decision-maker is in doubt as to whether the credit is within their own authority. The same applies if the case is unusual or raises ethical or reputational issues. For new clients that present a high ESG risk, a decision must be made at the highest level below the Board level. Read more about management and control of ESG risk from page 83.

3. Liquidity risk and asset and liability management

4. Credit risk

Credit risk exposures under the standardised approach

→ Management and control of credit risk

Risk and capital management Pillar 3 | 2023

Collateral and other risk-mitigating measures

Collateral is used to mitigate credit risk. Collateral primarily consists of physical assets such as homes, commercial properties or vessels, or in the form of guarantees, cash deposits, netting agreements or credit insurance. As a rule, physical assets must be insured. In addition, the bank uses negative pledge clauses, which prohibit customers from pledging assets to other lenders. The value of collateral assets is assessed continuously during the term of the credit and haircuts are applied to most collateral categories. For larger/complex pledged objects, specialist environments in the bank may be consulted. In the large corporates segment, the bank's relative position as a pledgee must be considered. DNB has internal guidelines and procedures for the valuation of real estate as collateral for loans, including the use of statistical models and valuations made by independent external parties or internal appraisers.

Guarantors are largely private individuals, businesses, governments, municipalities, export credit agencies and banks. The value of a guarantee depends on the guarantor's debt-servicing capacity and financial wealth and is assessed individually. In cases where the bank is given a guarantee by a company, the value of the guarantee will fluctuate along with the company's financial performance and financial strength. A guarantee provided by a private limited company could be subject to the restrictions on the

pledging of collateral by a private limited company stipulated in the Norwegian Private Limited Liability Companies Act.

DNB has credit committees at multiple levels. These credit committees work in an advisory capacity, providing assistance to the extender in the relevant business area and to the endorser in the independent risk organisation. There is a hierarchy of committees, where the Group Credit Committee (GCC), headed by the Chief Risk Officer (CRO), considers cases that are of interest to more than one business area.

Credit risk review

Through Credit Risk Review (CRR), DNB has an independent second-line function that controls compliance with Group Instructions for Credit Activities, Group Instructions for Sustainability in DNB's Credit Activities, credit strategies and DNB's Credit Manual. CRR involves performing controls in all of the bank's credit areas. One of the elements of CRR is a Model Input Review (MIR), which aims to ensure the correct and consistent application of IRB models that include subjective input. CRR findings, including MIR findings, are used to implement improvement measures in daily credit work and for training purposes.

Credit risk reporting

The economic capital required to cover credit risk is calculated for all credit agreements and forms the basis for evaluating the profitability of the agreements. The calculation is based on the risk parameters in the internal credit models and considers factors such as industry concentration, geographic concentration, particularly volatile segments and large individual exposures.

Exposure relative to the limits set in the risk appetite framework is reported to Group Management each month. If limits are exceeded, a report is sent to the Board of Directors to inform them of the cause, together with an action plan. The Group's quarterly risk report to the Board of Directors provides an extensive description of the risk appetite status and other developments in the credit risk situation. Group Risk Management has established an independent secondline function that conducts reporting and analysis of credit risk, including the follow-up of risk appetite. In the internal monitoring of credit risk, all portfolios are measured and reported using internal models, irrespective of whether or not the internal models have been approved for use in capital adequacy calculations.

3. Liquidity risk and asset and liability management

4. Credit risk

Credit risk exposures under the standardised approach

→ Stress testing

Stress testing and wrong way risk

Risk and capital management Pillar 3 | 2023

Watchlist

DNB continually updates lists of exposures that need to be monitored extra carefully. The objective is to identify customers who require close monitoring so as to implement the necessary improvement measures or terminate the customer relationship while the customer still has financial control, in addition to taking the necessary measures to prevent or reduce losses.

An exposure will be put on a watchlist for special monitoring in case of breach of financial covenants or when the customer has been granted grace periods on principal payments or other payment relief due to liquidity problems (forbearance). In addition, exposures with the following characteristics are considered as candidates for the watchlist:

→ Customers classified as high risk.
→ Customers whose financial situation has deteriorated, for instance due to a material reduction in income, the loss of important business areas, material changes to operating parameters or the loss of key personnel.

When a customer is placed on a watchlist, a new risk assessment is performed, the collateral is reviewed, and an action plan is prepared for the customer relationship. If anticipated default is considered a likely option, an assessment is performed to determine whether this calls for impairment of the exposure. See the section on impairment and default earlier in this chapter. For more information about exposures with payment relief see the discussion of forborne exposures on page 53.

Stress testing

DNB's credit portfolios are subjected to a variety of stress tests, both at an overall level and for specific portfolios. The stress tests are used to gauge vulnerability to losses resulting from either loss of income or customer defaults within a business area or a specific portfolio. Stress tests are used to identify critical drivers for credit risk and capital adequacy. Stress testing of the total credit portfolio is done at least quarterly as part of the internal capitalisation assessment and reported to Group Management and the Board of Directors. Stress testing of the credit portfolio is also carried out in connection with ICAAP reporting to Finanstilsynet and is part of the Group's recovery plan and crisis management plan. Read more about stresstesting in the chapter 'Capital management' on page 24.

Several methods are used to estimate credit losses in connection with stress testing. Group-wide stress tests use the model for calculating expected credit loss (ECL). Starting with a stressed macroeconomic scenario like the one described in the chapter on capital management and ICAAP, the PD, LGD and EAD for each individual borrower are calculated forward in time using the stressed scenario as input to the models. The new PD, LGD and EAD values are then applied in new estimates of expected credit loss.

DNB uses a bottom-up methodology, specially developed scenarios and custom tools for stress testing subsidiaries, business areas and specific portfolios. These may consist of fewer macroeconomic variables or involve more direct changes to risk parameters in the models, depending on the needs of the different subsidiaries, business areas or portfolios.

Stress testing of credit portfolios is an important tool that is actively used in the management of credit risk. Results from the stress tests are included in the quarterly reporting to the Board.

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk 4. 5.

5 Counterparty credit risk

6 Market risk Developments in counterparty credit risk in 2023

7 Operational risk Capital requirements for counterparty credit risk

8 Climate risk Risk-mitigating measures

9 Appendix Settlement risk

Management and control of counterparty credit risk counterparty credit risk

Risk and capital management Pillar 3 | 2023

Pillar 3 | 20235. Counterparty credit risk Counterparty credit risk is sensitive to market changes, such as fluctuations in interest and exchange rates and in the price of commodities. Counterparty credit risk in DNB, measured as Exposure at Default (EAD), decreased in 2023 and was 31 per cent lower than the previous year. DNB enters derivative contracts on the basis of customer demand for hedging instruments and to hedge its own market positions resulting from customer activity. In addition, derivatives are used to hedge positions in the trading portfolio, for general position-taking and to hedge foreign exchange and interest rate risks that arise in connection with funding and lending.

Definition

Counterparty credit risk is the risk of financial loss related to the counterparty's ability to meet their contractual obligations. Counterparty credit risk is a form of credit risk that arises from trading in financial instruments, such as derivatives, securities financing transactions (SFTs) or repurchase agreements (repo). It differs from other credit risk in that exposure usually depends on market risk factors such as interest rates, exchange rates, commodity prices or equity prices, and it changes on a daily basis. Such financial instruments are most often traded Over-the-Counter (OTC), i.e. through standardised bilateral contracts between two counterparties.

Counterparty credit risk, EAD NOK billion

Risk exposure amount for counterparty credit risk NOK billion

(2022 figures)

3. Liquidity risk and asset and liability management

Settlement risk Management and control of counterparty credit risk

5. Counterparty credit risk

→ Developments in counterparty credit risk in 2023
→ Capital requirements for counterparty credit risk
→ Risk-mitigating measures

counterparty credit risk Stress testing and wrong way risk

Risk and capital management Pillar 3 | 2023

Developments in counterparty credit risk in 2023

During 2023, counterparty credit risk in DNB decreased by 31 per cent to NOK 54 billion at year-end 2023, measured as EAD. 74 per cent of EAD arises from derivatives and the remainder from securities financing transactions and repurchase agreements.

The reduced EAD was a result of changes in interest and exchange rates, as well as lower commodity prices and reduced trading volumes. Compared with 2022, the volatility in the energy markets was much lower, which resulted in a less volatile derivative exposure for DNB.

Capital requirements for counterparty credit risk

The Risk Exposure Amount (REA) for counterparty credit risk in DNB was NOK 21.5 billion at year-end, down from NOK 25.2 billion at year-end 2022. REA for counterparty credit risk stands for around 1.96 per cent of DNB's total REA. The capital requirement for counterparty credit risk is calculated in the same manner as for credit risk, except for the calculation of EAD.

DNB uses a combination of the standardised approach (Standardised Approach for Counterparty Credit Risk, SA-CRR) and internal models (Internal Model Method, IMM). The SA-CCR method is used to calculate the exposure to commodity and equity derivatives. EAD for interest rate and cross-currency derivatives is measured using IMM. Using IMM to calculate counterparty credit risk better reflects the risk sensitivity and provides the full effect of all risk-mitigating agreements. DNB's IMM models are approved to use a regulatory scaling factor (alpha) of 1.4.

REA for counterparty credit risk is calculated using the credit risk method approved for the counterparty (Internal Ratings-Based Approach (IRB) or standardised method). For more information on calculating capital requirements, see the chapter on credit risk. For information about capital requirements for Credit Valuation Adjustment (CVA), see the chapter on market risk.

Risk-mitigating measures

To mitigate counterparty credit risk vis-à-vis individual counterparties, DNB enters into netting agreements with its customers. These agreements make it possible to net the positive and negative market values linked to contracts with the same counterparty.

Collateral Management is also an important aspect of risk mitigation. For SFTs, it is an integral part of the product because the counterparty can only borrow against part of the market value of the collateral. The loan-to-value ratio is set conservatively. For SFTs, Global Master Repurchase Agreements (GMRA) and Global Master Securities Lending Agreements (GMSLA) are

used as standard master agreements to protect the rights of the participants. For derivatives, collateral management is either managed through clearing or bilateral margining of non-cleared derivatives.

Regulatory requirements under the European Market Infrastructure Regulation (EMIR) require mandatory clearing for several types of OTC derivatives. By clearing derivatives, counterparty credit risk is moved from several single counterparties to one central counterparty with full netting of all agreements. Central counterparties are regulated and have procedures for mitigating risk. Among other things, the financial requirements for members include both initial margin and variation margin, as well as contributions to the default fund. They also have thorough procedures for dealing with any member default. The central counterparties hold several layers of capital to absorb losses resulting from defaults among the members. The principle is that the defaulting party must cover losses in the first instance via deposited funds. Then, part of the Central Counterparties (CCPs) own capital will be used before the other members' default funds.

DNB is a member of several central counterparties and clears interest rate, equity and commodity derivatives, as well as repurchase agreements. The largest exposure is with respect to London Clearing House (LCH) and stems from interest rate derivatives. As at year-end 2023, approximately 90 per cent of DNB's outstanding

3. Liquidity risk and asset and liability management

Developments in counterparty credit risk in 2023

5. Counterparty credit risk

Capital requirements for counterparty credit risk

→ Risk-mitigating measures
→ Settlement risk

Management and control of counterparty credit risk counterparty credit risk

Stress testing and wrong way risk

Risk and capital management Pillar 3 | 2023

volume of standard interest rate derivatives had been cleared through LCH Swapclear.

DNB also enters into bilateral margin agreements with financial derivative counterparties, in addition to an increasing number of non-financial counterparties. These agreements are called Credit Support Annex (CSA) agreements. Under these agreements, the market value of all derivative contracts between DNB and the counterparty is calculated daily and the variation margin is posted. The CSA-agreements with the biggest financial counterparties also require an initial margin. Variation margin and initial margin largely eliminate counterparty credit risk. The collateral posted is mainly cash, though other eligible collateral is used as well.

The agreements are not normally dependent on the credit quality of the counterparty. A minority of the CSA agreements the bank has entered into, including the agreements with DNB Boligkreditt, state that DNB must provide additional collateral for the counterparties' exposures if DNB's credit rating falls below certain thresholds. The agreements then state that the threshold value for collecting collateral will be lowered, in order to further reduce the credit risk for the other counterparty. The number of levels depends on the rating agency, since DNB has different ratings with different agencies and because their requirements are different. At yearend 2023, a downgrade of three levels would have resulted in NOK 690 million of increased collateral.

Counterparty credit risk split by sector, EAD, 31 December 2023

Per cent

Capital requirements are calculated for exposures to central counterparties in accordance with CRR/CRD. At year-end 2023, REA related to exposures to central counterparties amounted to NOK 235 million. Counterparty credit risk in equity derivatives, securities financing transactions and currency trading for private customers is reduced by the fact that increases and decreases in market value are settled daily.

Settlement risk

Settlement risk is linked to the settlement of transactions where the bank has met its obligation to deliver the agreed security or sum without knowing whether the counterparty has met its obligation to deliver the agreed security or sum to the bank. One example is a currency exchange where the bank sends the agreed amount in one currency before receiving the agreed amount in the other currency.

DNB has established various measures for mitigating and controlling settlement risk. One important measure is a balance check on the account. This means that the bank does not make payment to the counterparty until it is established that the balance in the counterparty's account is sufficient to cover the obligation. Moreover, in connection with settlements of securities transactions, one of the conditions attached to the securities account is that securities cannot be delivered before the bank has received payment. The normal procedure in the banking market is that the main currencies are settled through Continuous Linked Settlement (CLS). CLS ensures payment versus payment, which means that the final transfer of the bank's payment is not executed until the counterparty's payment takes place. In addition, settlement risk limits have been established which entail a ceiling for a single counterparty's total settlement amounts that fall due on the same day.

3. Liquidity risk and asset and liability management

Developments in counterparty credit risk in 2023

5. Counterparty credit risk

Capital requirements for counterparty credit risk

Risk-mitigating measures

Settlement risk

→ Management and control of counterparty credit risk counterparty credit risk
→ Stress testing and wrong way risk

Risk and capital management Pillar 3 | 2023

Management and control of counterparty credit risk

DNB has elaborated on the responsibility of counterparty credit risk management (CCR) in two different governing documents: Credit Risk and Market Risk. The former governs the quantification of credit quality measures as well as the processes and principles related to the assignment and control of credit limits and utilisation. The Market Risk Framework governs the risk metrics underlying the exposure element of CCR. In addition, a separate CCR Management Framework ensures that DNB has an effective management and control structure for CCR, clarifying responsibilities, promoting prudent counterparty credit risk management and ensuring compliance with relevant regulatory requirements.

The Financial Markets Risk Committee (FMRC) is headed by the Chief Market Risk Officer (CMRO) and is responsible for approving and following up principles and procedures for market and counterparty credit risk. The FMRC has a special responsibility for assessing and approving measurement methods related to internal models. The decision maker for changes to internal models is the Chief Risk Officer.

The CCR models are continuously monitored and upgraded so DNB can ensure that they are always suitable for the area of application. The IMM models are subject to quarterly testing and validation by

the independent validation function, according to the guidelines defined in the framework for Model Risk Management. Among other things, the models' predictive power is tested quarterly through backtesting. For more information about the validation principles, see the chapter on credit risk.

In addition, Group Audit conducts an annual review of the models' compliance with CRR requirements. Both validation and audit reports are considered by the FMRC and by Group Management before being presented to the Board.

Stress testing and wrong way risk

DNB has established a special programme for stress testing counterparty credit risk. The stress testing programme is designed to identify undesired future outcomes of the total counterparty credit risk exposure, both in isolation and together with the bank's total credit risk exposure. Central to stress tests is the design of various scenarios. Additional stress testing related to exposures in some commodity markets are also taken into account in the credit decision.

In addition to identifying potential losses related to counterparty credit risk exposure, stress tests also identify specific and general correlation risk between credit risk and market risk factors, so-called Wrong Way Risk (WWR). WWR is an additional risk that

may arise through an adverse correlation between counterparty exposures and the credit quality of the counterparties.

To define and manage WWR, DNB has drawn up specific governing documents that describe how the risk is to be identified in individual cases and at the portfolio level. WWR is reported to the management of DNB Markets and Group Risk Management, among others. Particularly significant instances of WWR are followed up by the FMRC.

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk

6 Market risk 4. 5. 6.

7 Operational risk Developments in market risk in 2023

8 Climate risk Capital requirements for market risk

9 Appendix Market risk exposure

Risk and capital management Pillar 3 | 2023

Market risk in DNB, measured as economic capital, remained stable at a low level in 2023. There are significant diversification effects within market risk in DNB. Market risk arises primarily from the bank's asset and liability management, customer activities in DNB Markets and equity investments. Among the most significant risk factors are interest rates, foreign currency and credit spreads.

Definition

Pillar 3 | 20236. Market risk Market risk is the risk of financial loss due to unhedged positions in the foreign exchange, interest rate, commodity and equity markets. The risk reflects potential fluctuations in profit due to volatility in market prices or exchange rates. Market risk occurs in several segments of DNB and includes both risk which arises through ordinary trading activities and risks that arise as parts of banking activities and other business operations.

Market risk as share of economic capital Per cent

0 5 10 2022 2023 Banking activities Trading activities Strategic ownership Pension liabilities

Risk exposure amount for market risk NOK billion

12.4 (14.0)

Market value of equity and real estate investments in the banking portfolio NOK billion

22.4 (22.9)

(2022 figures)

3. Liquidity risk and asset and liability management

→ Developments in market risk in 2023
→ Capital requirements for market risk

Market risk exposure

Risk and capital management Pillar 3 | 2023

Developments in market risk in 2023

The inflation both in Norway and internationally remained elevated in 2023, and central banks worldwide continued to increase their key policy rates. However, international financial markets generally performed well since the markets expect the central banks to start lowering rates in 2024. The Norwegian krone was volatile through the year.

At the end of 2023, DNB's economic capital was NOK 9.5 billion, compared with NOK 10.1 billion year-end 2022. DNB uses an internally developed simulation model to calculate economic capital. The model estimates economic capital on the 99.9th percentile and covers all significant risks in DNB.

Utilisation of risk limits set by the Board was moderate, with only small adjustments to the limits in 2023. The limits for market risk are discussed later in this chapter.

Capital requirements for market risk

Capital requirements are calculated according to the CRR/CRD regulations, and DNB reports market risk according to the standardised approach. According to CRR/CRD, capital requirements under Pillar 1 are calculated for interest and equity risks associated with the trading portfolio. For currency and commodity risk, the capital requirement under Pillar 1 is calculated for the overall portfolio.

The trading portfolio

DNB's trading portfolio consists of positions in securities and derivatives held for the purpose of resale or to take advantage of price or interest rate fluctuations in the short term, as well as hedging such positions. For example, the instruments in the trading portfolio are related to customer transactions through DNB Markets and include 'market making' and facilitating corporate financing. The definition of the trading portfolio is given in the CRR/CRD regulations and DNB has implemented internal guidelines that describe limits to the trading portfolio.

Risk exposure amount (REA) for market risk

	31 Dec.	31 Dec.
NOK million	2023	2022
Position and general risk, debt instruments	8 136	8 590
Position and general risk, equity instruments	757	509
Currency risk	0	151
Commodity risk	5	3
Credit value adjustment risk (CVA)1	3 500	4 782
Total market risk	12 399	14 035

1 In the in CRD reporting (Corep) the CVA risk is not included in market risk

The capital requirement for market risk under Pillar 1 decreased. The most important reason was decrease in the capital for CVA-risk.

The market value of derivative contracts depends on the counterparty's creditworthiness and other market risk factors. CVA is an adjustment of the market value of Over-the-Counter (OTC) derivatives in order to account for impaired creditworthiness of the counterparty. Provisions are calculated for CVA and recognised in the income statement. The capital requirement for CVA should cover the risk associated with the volatility of CVA provisions. DNB calculates capital adequacy requirements under Pillar 1 for CVA risk according to the standardised approach in CRR/CRD.

The banking portfolio

DNB refers to market risk that is related to positions and activities that are not included in the trading portfolio as the banking portfolio. The banking portfolio is composed of financial instruments that, among other things, come from the Group's financing activities and equity capital investments. There is also market risk in the banking portfolio due to different fixed-rate periods for debt and assets.

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk

→ Capital requirements for market risk
→ Market risk exposure

Risk and capital management Pillar 3 | 2023

Development in REA for CVA risk

NOK billion

The development in the risk exposure amount (REA) for CVA risk in the DNB Group is shown in the figure above.

In addition, there are capital requirements under Pillar 2 for market risk in the banking portfolio and other risk not covered by Pillar 1.

Market risk exposure Market risk limits

Overall risk limits are established for market risk in the risk appetite framework, expressed as the maximum share of economic capital.

Market risk limits, 31 December 2023

		Limit, trading	Limit, banking
NOK million		portfolio	portfolio	Total	Description
Limits set by the board	Interest rate risk*	4	7	11	Sensitivity limit
	Currency risk	2 500		2 500	Market value limit
	Equity risk	2 050	915	2 965	Market value limit
	Commodities risk	300		300	Market value limit
	Basis swap risk*	15/(30)		15/(30)	Sensitivity limit
	Real estate risk	1 025		1 025	Market value limit
Administrative limits	Physical asset risk**		10 250	10 250	Market value limit
	Strategic investments***	24 500		24 500	Market value limit
	Basis curve risk*	62		62	Sensitivity limit
	Bond risk	30 000		30 000	Market value limit
	Credit spread risk****		61	61	Sensitivity limit

* Basis point value

** Includes residual value of vehicles associated with leasing operations

*** Includes investments in Luminor Group AB and Vipps AS

**** Markets, Treasury and WM. The liquidity portfolio's mandate specifies the allocation between the trading and the banking portfolio

The risk appetite framework for market risk is supported by the strategy for market risk and operationalised in the form of limits for different risk factors. The limits for significant market risk exposures are determined by the Board of Directors. Limits are set at least annually and will automatically expire if not renewed. The limits are delegated by the Board of Directors to the Chief Executive Officer (CEO), who delegates them further to risk-taking entities that make investment or trading decisions. If limits are breached, this must be reported immediately both to whomever delegated the limits and to Group Risk Management (GRM).

Administrative limits and escalation levels are set for exposures that are defined as less significant. Such limits are used when there is a need for operational scope of action. Administrative limits are determined by the Group Executive Vice Presidents. Any changes to administrative limits must be reported to GRM and the Chief Risk Officer (CRO). The table above gives an overview of the most important administrative limits and limits set by the Board that applied at the end of 2023. In addition to these, smaller limits are set for options.

3. Liquidity risk and asset and liability management

6. Market risk

→ Market risk exposure

Risk and capital management Pillar 3 | 2023

Interest rate risk

Interest rate risk occurs when financial instruments change value because of interest rate fluctuations and occurs both in the banking and the trading portfolios. Interest rate risk is expressed as NOK per basis point value (BPV), which represents how much the present value of the positions will change if the underlying interest rate changes by one basis point. BPV is thus a measure of how sensitive the value of the bank's portfolios is to changes in interest rate levels. The figures on to the right show the interest rate risk in the trading and banking portfolios, respectively. The average exposure to interest rate risk over the whole year was NOK 0.9 million per BPV for the trading portfolio and NOK 2 million per BPV for the banking portfolio.

DNB's total interest rate risk limit at the end of 2023 amounted to NOK 11 million per basis point change, distributed between NOK 4 million in the trading portfolio and NOK 7 million for other exposures. Separate limits are set for each currency and the different intervals on the yield curve. Interest rate risk is measured and reported daily in DNB Markets and Group Treasury. The limits were not breached in 2023.

Interest rate exposure in the trading activities, BPV, 2023

Interest rate exposure in the banking activities, BPV, 2023

NOK million

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management
4. Credit risk
5. Counterparty credit risk

7. Operational risk
8. ESG risk
9. Appendix

Risk and capital management Pillar 3 | 2023

Table EU IRRBBA – Qualitative information on interest rate risks and non-trading book activites

a) IRRBB is defined as the current or future risk to the bank arising from adverse interest rate movements that affect the banking portfolio, both through a change in the net present value of interest rate sensitive instruments and changes in expected future profitability resulting from interest rate movements.
b) The risk appetite statement for market risk defined by the board is that overall market risk should not constitute a dominant part of DNB's total risk and should mainly be an effect of customer activities. The risk appetite for market risk is made operational by determining and delegating limits, including IRRBB components for the various types of market risks. Market risk constitutes a small part of the overall risk in DNB. Group Treasury is the entity responsible for managing, among other things, Group liquidity and market risks arising in the banking portfolio. The interest rate risk strategy is conservative and based on the bank's size and risk capacity.
c) DNB measures and reports to management internally approved limits usage and related interest rate risk exposures and daily. Group Risk Management executes daily second line controls.

In addition to the minimum requirement stated in the EBA guidelines, delta NII (net interest income), delta EVE (economic value of equity), delta MV (market value changes) and other key figures are calculated and reported at least monthly, and more frequently if necessary, to other relevant recipients, including the management of Group Treasury and the Asset Liability Committee (ALCO). Group Risk Management is responsible for developing and distributing internal and external reports.

Basis point value (BPV) is the key risk metric for interest rate, spread and basis risk. To quantify the interest rate risk in the banking portfolio, DNB calculates changes in expected future profitability (delta net interest income, delta NII) and the change in the net present value of different interest-rate-sensitive assets and liabilities over their remaining life as a result of an interest rate shock (delta economic value of equity, delta EVE). The bank's interest rate risk metrics include both gap, basis and option risk elements.

d) Changes in expected net interest income (dNII) for the banking portfolio are calculated according to the EBA guidelines on the management of interest rate risk from non-trading book activities (IRRBB, EBA/GL/2022/14) and the Regulatory Technical Standards specifying supervisory shock scenarios (EBA/RTS/2022/10). The scenarios considered are an instantaneous upwards and downwards parallel shift in the yield curves. In addition, methods and assessments that are appropriate for the bank's characteristics and business activities are internally developed, which include a rate fall scenario of 100 bps to account for the level of rates in the individual currencies in scope non-parallel shocks to consider basis and credit risk.

The effect on the economic value of the interest-rate-sensitive instruments is calculated according to the scenarios of the Supervisory Outlier Test required by the EBA regulation (EBA/ GL/2022/14) and the Regulatory Technical Standards specifying supervisory shock scenarios (EBA/RTS/2022/10: parallel shift based on calibrations up and down; short interest rates and down, long interest rates up; short rates up, long rates down; short rates up and down. Additional internally developed scenarios are also used to reflect the bank's characteristics.

e) The key modelling and parametric assumptions used by the bank for IRRBB measures are the same as those used to produce the figures included in the template EU IRRBB1 in the additional excel disclosure 'Risk and capital management – Pillar 3 attachment (Excel)' on ir.dnb.no.

f) The bank prioritises the IRRBB management approach based on risks, but also ensures understanding of the accounting policies and their effects. The effects of the various accounting policies on IRRBB are predominantly a consequence of the business model and measurement method applied to the various instruments and portfolios in scope. The bank's principles are disclosed in several Notes to the balance sheet, including Note 1 on accounting principles in the sections covering Financial Instruments and Derivatives, the Note on Financial Derivatives and Hedge Accounting, the Note on Net Interest Income, the Note on Net Gains on Financial Instruments at Fair Value and the Note on Classification of Financial Instruments.

The bank performs IRRBB calculations based on a constant balance sheet for dNII and run-off balance sheet for dEVE. Accounting equity is excluded from the dEVE IRRBB measurement but included in the dNII IRRBB measurement. The bank's equity is not considered to have any long-term interest rate exposure, but rather to have an interest rate binding corresponding to the notice period for changes of loan terms (i.e. interest rate changes). For non-maturing assets and liabilities, except for statutory notice periods, the repricing frequency of both non-maturing assets and liabilities is set to one day. Commercial margin considerations are included for dNII purposes but excluded from dEVE calculations. Zero interest rate floor and negative interest rate effects are included in the bank's estimations.

g) From a dEVE perspective, based on positions as at 31 December 2023, the Supervisory Outlier Test scenario producing the worst-case result is the 'rates up', with a negative effect equal to NOK 614 million. From a dNII perspective, based on positions as at 31 December 2023, the scenario producing the worst-case result is the parallel shift down by 200 bps with a negative effect equal to NOK 3 880 million. For historical comparison and variation, please refer to figures reported in table IRRBB1 in the additional excel disclosure 'Risk and capital management – Pillar 3 attachment (Excel)' on ir.dnb.no.
h) Traditional banking products, for example loans and deposits, have an intrinsic sensitivity to changes in interest rates. A very large part of the bank's balance sheet is exposed to floating rates (directly or indirectly linked to IBOR-rates), constituting a natural hedge effect against IRRBB. In addition, the bank actively manages IRRBB based on Board-approved limits, which are internally delegated.

For a large majority of floating interest rate products, so called p.t. (pro tempore) based, the bank uses its own discretion to set the price (interest rate) of loans and deposits. Such products have no interest rate risk or duration beyond the statutory notice period. Fixed-rate loans constitute a very limited part of the loan portfolio, and the bank has the option to pass on to the customer any reduced premia related to early payments. Similar considerations apply for fixed term deposits. The volume of deposits without contractual maturity (NMDs), which are both stable and interest-independent, is negligible. This insight forms the basis for the bank's assumption of not attributing any interest rate risk to NMD and not modelling any duration beyond what follows from the notice period set by law.

i) k) The average and longest repricing maturity assigned to non-maturity deposits is approximately eight weeks.

3. Liquidity risk and asset and liability management

6. Market risk

→ Market risk exposure

Risk and capital management Pillar 3 | 2023

Equity investments

As a shareholder, DNB actively exercises ownership in selected companies through their Boards of Directors. Exposure relative to market risk limits is measured based on the investments' market value, including any future commitments in Private Equity funds (PE funds). The fair value of the investments is NOK 22.4 billion, slightly down from NOK 22.9 billion at year-end 2023. The reduction is a result of the overall change of market value in several portfolios, where the sale of collateral taken over by the bank in particular has contributed to the reduction.

Equity investments in the banking portfolio are grouped into:

→ Direct investments an investment portfolio of unlisted companies.
→ Venture investments through DNB Venture's mandate, venture investments comprise an investment portfolio of Nordic start-ups with considerable innovation capabilities. The target companies may have synergy effects for the DNB Group.
→ Credit portfolio the purpose of the credit portfolio is to secure or recover the value of credit exposures through ownership and subsequent realisation. Based on business-related and long-term assessments, the bank may decide to sell equities pledged as collateral or convert defaulted debt into equity and ownership.

Equity and real estate investments in the banking portfolio, 31 December 2023

NOK million	Book value	Fair value	Realised gains/losses	Total unrealised gains/losses

Direct investments	85	262	(0)	177
Venture investments	62	79	(22)	17
Credit portfolio	932	1 270	1 374	403
Short strategic financial investments	4 372	6 641		(33)
Long strategic financial investments	10 255	13 601		(110)
PE funds including loan portfolio	96	137	7	41
Total Equity Investments	15 802	21 990	1 358	495
Real estate portfolio Investments, M&A	245	397	44	9
Real estate portfolio Poland
Total Real Estate Investments	245	397	44	9
Total Equity and Real Estate Investments	16 047	22 387	1 403	504

→ Strategic financial investments investments in the financial sector with a strategic perspective. Ownership of Fremtind Forsikring AS, Luminor Group AB and Vipps AS are among the largest investments.
→ Real estate exposures either strategic real estate investments or properties repossessed as a result of credit default. Real estate exposure is measured as the market value of the underlying properties, regardless of the financing structure.
→ PE portfolio consists of shares in unlisted PE funds. The portfolio consists mainly of acquisition funds that invest in mature enterprises and a smaller proportion in venture funds investing in companies in the start-up phase.

For ordinary shareholdings, the difference between the book value and the fair value is used for value adjustments of the shareholding. For subsidiaries and associated companies, the book value is equal to the market value. For real estate, the book value is the carrying amount of the properties in the company accounts, while the market value is the last valuation of the property.

3. Liquidity risk and asset and liability management

6. Market risk

→ Market risk exposure

Risk and capital management Pillar 3 | 2023

Fair value is defined as 'the price that would have been obtained from the sale of an asset or paid to transfer liability in an orderly transaction between market participants at the valuation date'. DNB determines the fair value of financial instruments either by using prices obtained directly from external data or by using valuation methods. The valuation uses the most relevant, observable input data and the least possible non-observable input data. Valuation methods can be categorised as 'market approach', 'revenue approach' and 'cost approach'. Assets and liabilities measured or stated at fair value are categorised into the following three levels:

→ Level 1: Listed prices (not adjusted) in active markets for identical assets or liabilities to which the company has access at the valuation date.
→ Level 2: Input data other than listed prices, which can be directly or indirectly observed for the asset or liability.
→ Level 3: Non-observable input data for the asset or liability.

Other exposures

Basis swap spread risk arises because a substantial portion of DNB's assets in NOK is funded with foreign currency through covered bonds issued by DNB Boligkreditt AS or through other debt instruments. The currency is swapped to NOK through basis swaps with the same or shorter term. A basis swap is a

combined interest rate and currency swap where the parties exchange future cash flows and agree to pay and receive interest. Basis swaps are normally held to maturity and value is assessed daily. This entails that the recognised value of a swap fluctuates during the term of the swap. There are no limits on basis swaps that are used in connection with funding.

Currency risk in the Group is hedged against DNB Markets, which is thus the only entity that is directly exposed to traditional currency risk. The exposure is low and is predominantly linked to business operations and, to some extent, to supporting customer trades.

Asset risk is exposure to direct ownership of physical assets that are not standardised. Examples of such assets are industrial equipment and construction machinery. The majority of the limit for this risk covers exposure to the residual value of vehicles associated with leasing operations.

Credit spread risk mostly arises as a result of the bank's liquidity risk management through the management of bonds in the liquidity portfolio. In addition, there is some credit spread risk in the trading portfolio as a result of secondary market trading and investments in the primary market. Secondary market trading takes place mainly through market-making of Norwegian bonds and

commercial papers. The credit spread is the add-on to the reference interest rate in a bond coupon. Credit spread risk is the risk of changes in market assessments of the credit spread.

Equity-related risk in the trading portfolio arises mainly from DNB Markets performing market-making in shares and equity derivatives on electronic marketplaces and to customer brokers. In addition, DNB Markets sets prices for convertible bonds. Market risk, as a result of these activities, is managed on an ongoing basis within the relatively moderate equity limits allocated to the trading portfolio.

In addition, there are limits for commodity risk and basis curve risk. Commodity exposure is moderate, and the risk associated with the exposure is small. Basis curve risk occurs when interest rate instruments denominated in the same currency are not valued with the same yield curve.

3. Liquidity risk and asset and liability management

6. Market risk

Market risk exposure

→ Management and control of market risk

Risk and capital management Pillar 3 | 2023

Management and control of market risk

The Group Policy for Risk Management covers all risks in the DNB. For market risk, the policy is elaborated and specified in the framework for market risk management that establishes definitions, principles for delegation of limits and requirements for the management of market risks, including IRRBB. The framework for market risk is reviewed and updated at least annually. Local instructions for business areas with significant market risk exposure have been implemented. The local instructions operationalise the framework in the individual business area.

DNB uses various risk metrics in the management and control of market risk:

→ Economic capital is used to measure the overall market risk and in internal risk and capitalisation assessments.
→ Value at Risk (VaR) is used to measure aggregated risk across asset classes and is a supplementary risk metric. VaR is calculated for interest rate, equity and currency risk. Limits are not set for VaR.
→ Sensitivity measures are used to report and monitor exposures against specific limits, e.g. yield curve intervals. Sensitivity measures in the market risk measurement reflect how much the bank risks losing in the event of a given change in the underlying risk type. The sensitivity measures are important for the qualitative risk assessment and are also used as a basis for quantitative risk modelling.
→ Some limits are expressed as market value and thus the risk and exposure related to limits are measured in terms of market value.
→ To take the non-linear nature of options into account, the risk limits are set as scenario limits, meaning that the exposure is measured by stress testing both the underlying instrument and the corresponding volatility.
→ Stress tests of EVE and NII are used to measure interest rate risk outside the trading portfolio (IRRBB).

In addition to the risk metrics that are included in the monitoring of market risk, stress testing is used to identify exposures and losses that could arise under extreme but, at the same time, plausible market conditions.

The Financial Markets Risk Committee (FMRC) is headed by the Chief Market Risk Officer (CMRO). The committee follows up and approves the framework for managing market risk related to the bank's activity in financial markets, including methodology and control procedures. The FMRC has members from Group Risk Management, DNB Markets and Group Treasury.

Market risk exposure, risk appetite and limit utilisation are reported monthly to Group Management and the ALCO, and quarterly to the Board.

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk

Management and control of operational risk

6 Market risk 4. 5. 6. 7.

7 Operational risk

8 Climate risk Developments in operational risk in 2023

9 Appendix Capital requirements for operational risk

Risk and capital management Pillar 3 | 2023

DNB's operations have been stable throughout 2023. Geopolitical unrest has continued to be a risk driver this year, but this has not resulted in any major operational losses. A decision by the Court of Justice of the European Union resulted in a significant loss.

Operational losses

1 200

NOK million

Definition

Pillar 3 | 20237. Operational risk Operational risk is the risk of loss resulting from inadequate or failed processes, people and systems or from external events. Reputational risk is not covered by this definition but is a separate type of risk that is discussed at the end of this chapter.

Clients, Products & Business Practices Damage to Physical Assets Execution, Delivery & Process Management External Fraud Internal Fraud Business Disruption & System Failures Employment Practices & Workplace Safety Category not confirmed Risk exposure amount (REA) for operational risk NOK billion

121.2 (105.4)

Operational events Number

4 681 (4 774)

(2022 figures)

3. Liquidity risk and asset and liability management

Capital requirements for operational risk

7. Operational risk

→ Developments in operational risk in 2023

Management and control of operational risk

Risk and capital management Pillar 3 | 2023

Developments in operational risk in 2023 Geopolitical unrest and crime

The turbulent world situation is a risk driver for many enterprises, including DNB. Supply chains can also be affected by such turbulence, as we experienced during the COVID-19 crisis in 2020–2021. DNB did not experience significant operational losses due to this unrest in 2023.

The crime situation is also developing, where we see that certain Swedish criminal gangs have started to operate in Norway. We have observed both fraud and money laundering issues associated with these gangs. Another development is the use of artificial intelligence to perpetrate crime. Read more under 'Financial crime' in our annual report on ir.dnb.no.

DNB monitors the geopolitical situation and trends in financial crime and works systematically to prevent DNB's products and services from being used for criminal activities.

Sbanken

DNB acquired Sbanken in 2022, and the merger was completed in 2023. Certain operational aspects, such as moving and integrating IT services with DNB's systems platform, will continue into 2024. Risks are managed closely in the project to ensure that appropriate measures are implemented throughout the various phases and work streams.

There have been no significant operational incidents so far in this process.

Technology and security

DNB is continuously modernising its IT services and the way they are managed. Long-term projects to replace legacy core and payment systems are underway. Such projects are important to ensure stable and secure operations for the future. At the same time, we are working on how to use emerging technologies such as artificial intelligence and digital assets, including crypto currencies and central bank digital currencies, within a safe framework. Regulatory requirements are also becoming stricter and the preparations for the EU's Digital Operational Resilience Act (DORA) are well under way.

The primary indicator for IT operations in DNB is 'green days'. A green day is a day when all IT services run smoothly, without negative impact for customers. Operational stability has been improved significantly over the past few years, and in 2023, we had 95 per cent green days, about the same as in 2022. The incidents that caused 'red' and 'yellow days' were spread throughout the year and involved different services, including errors in supplier systems. Errors in our online and mobile banks are usually the ones that affect our customers directly. DNB publishes the current status on such incidents at https://www.dnbstatus.no (Norwegian only).

A cyber security roadmap governs progress and priorities for improving DNB's cyber defence. This is crucial given the dynamic and constantly changing threat landscape. The aim is to increase maturity through standardising controls and improving security culture and competence. As is the case with most large institutions, DNB is subjected to attempted cyber attacks on an ongoing basis, but this rarely has noticeable consequences. Both internal and external assessments indicates that DNB has a strong cyber defence.

Incidents

In June 2023, the Court of Justice of the European Union issued a judgment relating to legal proceedings against a Polish bank, concerning foreign currency loan agreements in Poland. The judgment clarified which claims the parties to a loan agreement can make against each other if a national court finds that the loan agreement is invalid. Based on this, our subsidiary DNB Poland estimated there is an increased legal risk associated with a legacy foreign currency portfolio and made provisions of NOK 635 million in 2023.

The daily fines imposed upon DNB since September 2022 for failing to fulfil an order to update proof of identity for all customers, were terminated in April 2023. Updating customer information is an ongoing process, and we are constantly working on this in order to manage and control the risk of money laundering.

3. Liquidity risk and asset and liability management

→ Developments in operational risk in 2023

→ Capital requirements for operational risk
→ Management and control of operational risk

8. ESG risk

Risk and capital management Pillar 3 | 2023

Risk exposure amount (REA) for operational risk

NOK million	Factors	31 Dec. 2023	31 Dec. 2022
Corporate finance	18%	4 876	4 535
Trading and sales	18%	9 331	10 073
Retail brokerage	12%	40	44
Commercial banking	15%	71 814	59 362
Retail banking	12%	24 205	21 954
Payment end settlements	18%	7 088	6 050
Agency services	15%	722	562
Asset management	12%	3 113	2 838
Sum REA	15%	121 190	105 418

Operational losses in 2023 amounted to NOK 1 029 million, which is somewhat higher than the average for the past ten years, due to the case relating to foreign currency loans in Poland. Most other incidents only impacted internal costs and loss of income for DNB, but without significant consequences for our customers.

Capital requirements for operational risk DNB uses the standardised approach to calculate capital requirements for operational risk. Calculating the risk exposure amount using the standardised approach is done by grouping the bank's revenue over the last three years by business activities and

calculating a weighted average multiplied by 12.5. The risk exposure amount for operational risk was NOK 121 190 million at year-end 2023, an increase of NOK 15 772 million from the previous year. The risk exposure amount will always increase from the previous year as long as this years' revenue is higher than the revenue three years ago.

Management and control of operational risk Operational Risk Management contributes to efficient business operations and reduces losses. Good risk management includes establishing a healthy risk culture, as well as clear roles and responsibilities for working with operational risk. All managers in DNB must be aware of and manage operational risk in their own processes, systems, products and services. All business areas have their own risk departments.

The Group Operational Risk division in Group Risk Management is DNB's central specialist unit for operational risk management and constitutes the Group's second line defence for such risk. This is an independent control function responsible for the framework for operational risk management, Group reporting and risk mitigation through insurance. The unit is also responsible for the maintenance and development of the Group's risk management tools that facilitate management and measurement of risk and compliance. Employees in the unit monitor operational risk in all business areas and support units, in significant subsidiaries and at international offices.

The figure on the next page shows the key elements of DNB's operational risk management. In a healthy risk culture, there is a focus on understanding risk assessments, establishing, implementing and evaluating risk management measures, and ensuring effective reporting to relevant stakeholders. All identified losses and incidents must be recorded in a loss and incident database on an ongoing basis.

3. Liquidity risk and asset and liability management

Developments in operational risk in 2023

7. Operational risk

Capital requirements for operational risk

→ Management and control of operational risk

8. ESG risk

Risk and capital management

Pillar 3 | 2023

Operational risk management in DNB

The Group's governing documents, together with laws and regulations, set the premises for managing operational risk. DNB's principles for internal control, risk management and compliance contain overarching principles, which are elaborated in policies, instructions and processes for operational risk. Risk assessments and risk management are also subject to regulations and guidelines from the authorities in Norway and other countries where DNB operates.

The Group's risk appetite sets the limits for both cyber risk, IT operations risk and loss events in general. Risk identification and assessment, together with registration and follow-up of operational incidents, should provide an overall picture of the operational risk and contribute to reliable measurement of risk.

The Group's business areas and support units report their most significant risks to their respective Group Executive Vice President quarterly. Group Risk Management submits a quarterly risk report to the Board of Directors, which includes information on developments in risks that are considered material to the Group, such as cyber risk.

The Group instructions for approval of products and services are an important part of the Group's operational risk framework. The purpose of these instructions is to ensure high quality in DNB's portfolio of products and services, thus ensuring competitiveness, customer satisfaction and compliance. The instructions ensure that the risk is assessed before a product or a service is approved. In addition, there must be descriptions of what the product or service means to the customer, who the target group is and who in DNB is responsible for the product.

Common principles provide DNB with a conceptual framework and overall understanding of internal control and form the basis of a framework for structured

internal control work. An important element is the annual internal control assessment, where the Group units make a summary assessment of the internal control in their area. This includes risk assessments, controls and mitigating actions. Group Executive Vice Presidents and the Group CEO are responsible for approving and submitting these summary assessments to the Board of Directors.

The Non-Financial Risk Committee (NFRC) plays a key role in coordinating the management of operational risk across DNB. Associated subject matter groups work on topics such as anti-money laundering, IT risk, data protection, third-party risk and digital assets. Each group reports and can escalate matters to the committee. Read more about the NFRC, in the chapter on risk management and control.

The Group's insurance programme is intended to contribute to limiting the financial consequences of undesirable events that may occur despite established security procedures and other risk-mitigating measures. The insurance policies cover fire and other accidents, criminal activities, embezzlement, costs and loss of profit after a cyber attack, professional liability and directors' and officers' liability in the Group's operations worldwide. This year's renewals have, as in 2022, been characterised by lower premiums after the significant increases in 2019–2021.

1. Risk management and

and liability management

Developments in operational risk in 2023

7. Operational risk

operational risk

of operational risk

control

3. Liquidity risk and asset

Management and control

Capital requirements for

→ Reputational risk

Risk and capital management

Pillar 3 | 2023

Reputational risk

Reputation is important to DNB. Serving as a driving force for sustainable transition, our commitment to compliance, along with ongoing dialogue with customers and stakeholders, aims to build trust and strengthen our reputation. Our Code of Conduct helps to ensure effective compliance work. DNB manages reputational risk through corporate governance and business activities. In accordance with the product approval process, reputational risk must be assessed for all products and services, and the Grouplevel function responsible for communication and sustainability is involved in these assessments. DNB monitors reputational risk in close connection with operational risk.

DNB's risk appetite framework states that DNB aims to have a good reputation and deliver on expectations from society and stakeholders.

Changes in reputational risk mainly come from two sources: internal sources within the company (changes in business practices, new or revised products, marketing campaigns, infrastructure downtime or other technical issues) or external sources (changes in the business environment, market trends, expectations from stakeholders, changes in public opinion).

Development in reputation score

Traction score, quarterly

DNB measures the brand's reputation with Traction, a Norwegian market analysis which enables DNB to assess its reputation against competitors and comparable companies in other sectors.

In Traction, a company receives a score between 0 and 100, where a score of 65 or higher is considered 'good', which is also DNB's target. DNB scored 57 at the end of 2023, which is below our target. The reduced score in 2023 is associated with the rapidly increasing interest rates and high cost of living for most people.

The most important countermeasure is to be good advisers to our customers. DNB has a significantly better reputation among our own customers than in the Norwegian population in general.

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk

6 Market risk

7 Operational risk

8 Climate risk 4. 5. 6. 7. 8. ESG risk

9 Appendix Developments in ESG risk in 2023

Risk and capital management Pillar 3 | 2023

NOK billion

Climate change, environmental degradation, social issues and other environmental, social and governance (ESG) factors pose considerable challenges for the economy. It is expected that environmental risks, including climate-related risk, will become even more prominent going forward and may affect the financial risks to which financial institutions are exposed. Social and governance factors – such as human rights and corruption – may also represent sources of financial risk for financial institutions. DNB is exposed to ESG risk through the companies the Group finances and invests in, and through these companies' ability to adapt to the changing environment, promote ethical labour practices, climate change and facilitate the transition to a low-emission society.

Energy efficiency of the collateral1

1 EPC labels for the real estate portfolio in EU. Due to data quality, only the Norwegian-related portfolio is classified from A to G.

3. Liquidity risk and asset and liability management

Risk and capital management Pillar 3 | 2023

Definition

ESG Risk/Sustainability risk is the risk of financial losses and other negative consequences arising from events related to climate and environmental factors (E), social issues (S) or corporate governance (G). ESG factors can affect a variety of risk types in both financial and non-financial risk. Climate risk is further divided into the following risk types:

→ Physical climate risk risk associated with the consequences of climate change that lead to damage or loss in a physical sense. Within physical risk, a distinction is also made between chronic and acute risk, depending on how fast the risk occurs.
→ Transition risk risk associated with the consequences of the changes resulting from mitigation measures. There may be political, regulatory, technological or socio-economic changes in the transition to a low-emission society.
→ Liability risk risk associated with the liability to account for or counteract climate-related damage or losses, such as legal action being taken against a company for its contribution to climate change or for failing to disclose climate-related risks to its investors.

Social issues include factors such as health and quality of life, equal access to resources and benefits, inclusive social and working life conditions, participation, belonging and security.

Corporate governance includes factors such as responsible and ethical business governance. This can include a company`s governance structure, ethics and corporate governance, transparency, anti-corruption, anti-money laundering measures and tax matters.

Developments in ESG risk in 2023

The year 2023 was the hottest year on record, causing negative effects on local communities and disrupting value chains across the globe. At the same time, global politics and economics were weighed down by a macroeconomic backdrop of uncertainty and high inflation, and the long-term climate agenda had to yield priority to more pressing short-term concerns. In such an environment, it becomes even more important to ensure that sufficient capital is directed into the climate transition to ensure that the pace is maintained. In DNB, we are committed to our strategic ambition of being a driving force in the transition, and by the end of 2023, DNB had contributed a total of NOK 562 billion to the financing and facilitating of sustainable activities1, including 24 billion to financing of renewable and other sustainable activities.

Since April 2023, DNB has been required to report on ESG risks in line with Commission Delegation Regulation (EU) 2022/2453. The requirements include DNB's ESG risks related to climate change transition risk, climate change physical risk and mitigation actions. The implementation of these requirements has been handled together with DNB's other ESG reporting obligations, i.e. the EU Taxonomy,

¹ These activities are not based on the definition in the Taxonomy Regulation or the classification system.

2. Capital management
3. Liquidity risk and asset and liability management

5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
→ Developments in ESG risk in 2023

Risk and capital management Pillar 3 | 2023

to ensure consistent data and logics. The development and integration of data is an ongoing process. See the Appendix 2 to this report, as well as the additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)' for more information about ESG risk.

Building a system to map and monitor DNB's ESG risk, ensuring strategic target attainment and meeting reporting requirements are important factors in DNB's approach to risk management. DNB's long-term profitability depends on our customers incorporating sustainability into their business models and strategic choices. By setting requirements for accountability on the part of its customers, DNB can have a positive impact on social development, while at the same time reducing customers' and own risk. Throughout 2023, DNB continued to develop and improve the identification, management and control of ESG risk through the following activities:

→ DNB's transition plan was published on 17 October 2023. The plan includes targets covering around 70 per cent of financed emissions in the Group's lending portfolio, in addition to targets for the activities where DNB invests on behalf of customers (via DNB Asset Management, DNB Livsforsikring and DNB Næringseiendom). The transition plan is available at dnb.no/sustainability-reports.

→ Continued development on the Group-wide ESG Data Hub, which serves as a cloud-based central data hub to facilitate all needs relating to sustainability data across the Group. The hub integrates and processes sustainability data from internal and external sources, ensuring master data control and data quality management, and makes the data available through tailored products for risk management, reporting, equity analysis and other purposes. Among the most important data products developed during the year is a tool for estimating financed emissions. This tool provides PCAF2 estimates for most credit exposures and emission scopes, which are key components of the Group's transition plan and will be reported semi-annually in line with CRR/CRD requirements.
→ In 2023, DNB started mapping nature risk in the credit portfolio. The analysis is based on available data and tools that show which sectors and geographical areas have the greatest dependence and impact on nature. The mapping phase allows us to focus the work on the areas where DNB has the greatest risk, as well as the greatest opportunity to exert influence. This work will continue in 2024.

2 Partnership for Carbon Accounting Financials, a global collaboration on measurement and reporting of financed emissions.

The Norwegian Transparency Act entered into force in 2022, and DNB reported in accordance with the Act for the first time in June 2023. The report explains our due diligence assessment process for basic human rights and decent working conditions in our supply chain, in addition to the potential risks. The updated report for the year 2023 is available at dnb.no/sustainability-reports.

3. Liquidity risk and asset and liability management

Management and control of ESG risk

Risk and capital management Pillar 3 | 2023

Climate risk

Climate risk is one of the most urgent ESG-related drivers that can affect the Group's financials. If companies that DNB finances do not take climate risk into account, their viability and profitability will be affected, which in turn may impact on DNB's value creation. Both transition risk and physical risk can have significant financial consequences, which can affect DNB, for example through loan defaults, decreased value of collateral, credit impairments, investment losses and higher insurance settlements. In the short to medium term, transition risk is more significant than physical risk for DNB. The table to the right shows examples of how climate-related risk can affect DNB within different risk types:

	Transition risk	Physical risk
Credit risk	Companies can face negative consequences, such as loss of income due to changes in preferences or increased costs (relating to legal matters, statutory compliance and technological changes). This can have a negative effect on the company's cash flow and its ability to repay debt, further leading to a higher probability of default and increased credit risk.	Credit exposure could increase if climate related risk drivers reduce borrowers' ability to repay and service debt (income effect) or banks' ability to fully recover the value of a loan in the event of default (wealth effect).
Market risk	Transition risk could lead to a shift in the market condition, leading to reduction in financial asset values, negative price adjustments where transition risk is not yet incorporated into prices.	Climate change could imply a decrease in the value of financial asset, including the potential to trigger large, sudden and negative price adjustments where climate risk is not yet incorporated into prices. Climate change could also lead to a breakdown in correlations between assets or a change in market liquidity for particular assets, undermining risk management assumptions.
Liquidity risk	Banks' access to stable sources of funding could be reduced as market conditions change. Climate-related risk drivers may cause banks' counterparties to draw-down deposits and credit lines.	Climate change and severe physical events may lead to greater liquidity demand and change in marked liquidity for particular assets.
Operational risk	Increasing legal and regulatory compliance risk associated with climate-sensitive investments and businesses. Reputational risk could also arise from shifting sentiment among customers and increasing attention and scrutiny from other stakeholders (investors, regulators etc.) on how businesses respond to climate change.	Severe physical events may lead to physical damage to DNBs properties, branches or data center leading to disruption of operations.

3. Liquidity risk and asset and liability management

Risk and capital management Pillar 3 | 2023

Exposure to climate risk in the loan portfolio

The table to the right lists the sectors in the loan portfolio that DNB considers having the greatest climate risk. The key risk factors are listed for each sector, as well as the proportion of the corporate loan portfolio. There are also great opportunities associated with the corporate market portfolio, as the green shift will require large amounts of capital. This offers opportunities for DNB and makes the Group responsible for supporting the transition through financing, advisory services and requirements. DNB's efforts to be a driving force in the climate transition are described in greater detail in section Greenhouse gas emissions and energy efficiency, from page 62 onwards, in our annual report 2023.

Physical climate risk

Physical climate risk could impact DNB's customers in the form of lower revenues and higher costs due to supply chain disruption and other impacts that strain production. Such risks could also lead to damage to customers' property or operations, which could impair the value of assets and the creditworthiness, leading to increased default rates, delinquencies, write-offs and impairment charges in DNB's portfolios. In addition, the Group's premises and assets may also suffer physical damage due to weather-related events, leading to increased costs.

Sector	Climate risk – key risk factors	2023	2022
Commercial and residential property	1 Market risk (most prominent for commercial property), e.g. energy standard and efficiency, upgrading needs
	2 Regulatory changes (most prominent for residential property), e.g. changes in requirements relating to building standards, waste management/recycling	32.2	32.2
Oil, gas and offshore	1 Regulatory changes, e.g. relating to CO2 emissions, taxes and framework conditions
	2 Market risk, e.g. reduction in access to credit and lower level of interest from equity investors
	3 Physical risk, e.g. extreme weather events	6.1	7.9
Shipping	1 Regulatory changes, e.g. emissions requirements
	2 Technology, e.g. reductions of CO2 in fuel, support from the authorities
	3 Market risk (varies in the different sub-sectors), e.g. a shift in demand towards ships with lower emissions, transport of goods with high CO2 content	3.8	3.7
Renewable energy	1 Market risk (considerable variation between the risk drivers in the areas of solar power, wind power, hydropower and power distribution), e.g. pace of development nationally and globally, infrastructure, export capacity
	2 Regulatory changes, e.g. stability in framework conditions, support from the authorities	7.5	7.2
Building and construction industry	1 Market risk (most prominent in commercial property), e.g. stricter requirements for reduced emissions on building sites, upgrading of machinery
	2 Regulatory changes, e.g. increased technical requirements, emissions and reporting requirements for the value chain with associated increases in costs	2.1	2.1

Proportion of the corporate loan portfolio, EAD (per cent)

2. Capital management
3. Liquidity risk and asset and liability management

5. Counterparty credit risk
6. Market risk
7. Operational risk
8. ESG risk
→ Developments in ESG risk in 2023

Risk and capital management Pillar 3 | 2023

In the loan portfolio, assessments of physical risk are conducted for the real estate portfolio. These assessment makes use of data from the Eiendomsverdi property database, and data related to physical climate risk events is linked to properties through the Norwegian Land Register. Physical climate risk is further defined as chronic or acute risk as follows:

→ Chronic risk is defined as current sea level rise and sea level in 2050. The scenarios are defined based on the average maturity of our portfolio.
→ Acute risk is defined as risk of flooding, both current and future risk of flood, the current level of risk of landslides, avalanche hazard areas and major landslides.

At year-end 2023, commercial and residential real estate exposure related to chronic or acute climate change events amounted to NOK 175 billion. Due to lack of data, the exposure to chronic and acute climate change events is only calculated in the loan portfolio collateralised by residential and commercial immovable properties.

Some of the real estate exposure is in the sectors presented in the table to the right, but due to the data quality, all loans collateralised by residential and commercial immovable properties are grouped

Exposure subject to climate change physical risk

As at 31 December 2023

NOK billion	Total gross carrying amount	Chronic climate change events	Acute climate change events	Chronic and acute climate change events
Agriculture, forestry and fishing	58
Mining and quarrying	20
Manufacturing	67
Electricity, gas, steam and air conditioning supply Water supply; sewerage, waste management and remediation activities	58 3
Construction Wholesale and retail trade; repair of motor vehicles and motorcycles	94 49
Transportation and storage	72
Real estate activities	281
Loans collateralised by residential immovable property	866	14	117	3
Loans collateralised by commercial immovable property	261	7	37	2

into these sectors. Read more about DNB's exposure subject to physical risk in the additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)' published on ir.dnb.no.

The mapping of climate data and assets other than real estate is an ongoing project which is expected to improve the data and integration.

Transition risk

The EU Energy Efficiency Directive aims to reduce energy consumption and greenhouse gas emissions from buildings and is one of the action points in the EU's Green Deal. For DNB's residential and commercial real estate portfolio, the directive may result in increased costs for satisfying new requirements. The directive is essential in the EU's efforts to achieve net-zero emissions by 2050.

3. Liquidity risk and asset and liability management

Risk and capital management Pillar 3 | 2023

Energy efficiency of the collateral, 2023

Amount i NOK billion		A	B	C	D	E	F	G	Without EPC label
Total EU area	1 127	1%	12%	7%	12%	12%	11%	14%	32%
Of which Loans collateralised by commercial immovable property	261	2%	5%	4%	3%	3%	1%	1%	82%
Of which Loans collateralised by residential immovable property	866	1%	14%	8%	14%	15%	14%	18%	16%

To assess DNB's transition risk, the energy efficiency in the portfolio of commercial and residential real estate has been calculated. DNB's mortgage portfolio mainly consists of mortgages in Norway. To calculate the energy efficiency, the logic is based on EPC labels for the Norwegian portfolio. In the absence of EPC labels and energy consumption, the building's energy efficiency is estimated based on average energy consumption from Enova.

At year-end 2023, 15 per cent of the portfolio of residential properties had EPC label A or B, and 37 per cent from A to D. For the portfolio of commercial properties, 7 per cent was labelled A or B and 14 per cent from A to D. Due to lack of data, the proportion without an EPC label for residential and commercial properties was 32 per cent at year-end 2023.

At year-end 2023, the data coverage and quality for energy consumption and EPC labels for the portfolio of properties outside Norway was low. The energy efficiency in this portfolios was therefore not estimated. We will continue to work on improving energy consumption data for our international portfolio in 2024.

To ensure a higher energy efficiency and decarbonisation of the building stock, we are continuing to strengthen DNB's in-house competence on the topic in order to further support our customers. Both within product developments and advisory. DNB also work actively in relation to policymakers, to discuss the importance of public-private and cross-border collaboration for achieving the broader decarbonisation efforts.

Obtaining data on the actual energy performance of buildings would allow us to monitor and report on developments in energy intensity, but this data is currently not available. As a first step, DNB is currently in dialogue with Elhub regarding access to actual energy usage data. Read more about our work on portfolios for home mortgages, housing cooperatives and commercial real estate in the transition plan, which is available at dnb.no/sustainability-reports.

For a complete review of our energy efficiency of collaterals, see the additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)', published on ir.dnb.no.

dnb.no/sustainability-reports.

Management and control of ESG risk Climate and environment, social conditions and corporate governance are integrated into DNB's strategy and corporate governance. Governing documents set out how we will work with sustainability and ESG risk. Group Sustainability Policy is DNB's overarching governing document for sustainability and forms the basis for how the Group works with sustainability. The Group Policy for Risk Management, which covers all risk types in DNB, stipulates that ESG risks must be taken into account in the management of all risk types. Sustainability risk assessment requirements have therefore been incorporated into the frameworks for all risk types. Read more about our sustainability governance from page 51 in DNB's

DNB's transition plan also serves to reduce the level of climate risk in the loan and investment portfolios. The targets set out in the plan are designed to ensure that, as a financial institution, DNB further integrates climate change considerations into processes, including the selection of – and engagement with – customers and the companies in which DNB invests. Read more about the responsibility for following up the plan in our transition plan, which is published on

annual report for 2023.

3. Liquidity risk and asset and liability management

Developments in ESG risk in 2023

→ Management and control of ESG risk
→ Roles and responsibilities Management of ESG risk in the different risk types

Risk and capital management Pillar 3 | 2023

Roles and responsibilities Board of directors and group management

DNB's Board of Directors has overall responsibility for the company's activities and determines the Group's strategy and overall goals. The Board follows up DNB's sustainability work through dashboards that show goal attainment for the most important strategic ambitions, including with regard to sustainability. This is considered by the Group Management and the Board of Directors three times a year. In this way, the Board of Directors and Group Management closely monitor sustainability work, including climate-related issues. The Board also determines the limits for risk appetite and sets limits for how much risk DNB is willing to accept in order to achieve set targets and ambitions, including ESG risk. Climate, environmental and social risks are reported quarterly to the Board of Directors and Group Management. Developments in DNB's ESG risk exposure per industry is also reported quarterly to the Board and Group Management.

Read more about how the Board and management follow up DNB's sustainability work, and how this is reflected in management's remuneration schemes from page 51 in DNB's annual report for 2023, published on dnb.no/sustainability-reports.

The group executive vice president for communications & sustainability

The EVP for Communications & Sustainability can make decisions relating to sustainability at Group level. Matters of great significance or where there is disagreement are escalated to the CEO for a decision.

Group sustainability committee

To ensure that sustainability is an integral part of all areas of the business, in addition to coordinating efforts and ensuring close follow-up of the Group's strategic sustainability ambitions, Group Management has established a Group Sustainability Committee (GSC). The committee must ensure progress and goal attainment in its sustainability work in accordance with the Group Policy for Sustainability and is responsible for conducting the assessments of the status of sustainability-related KPIs as part of the strategic dashboard used by Group Management and the Board. The GSC also makes strategic recommendations to Group Management and the Board.

Non-financial risk committee (NFRC)

The committee is chaired by the Chief Risk Officer (CRO) and contributes to developing DNB's management of non-financial risk. The NFRC contributes to a consistent approach and joint coordination of first-line responsibility for managing operational risk, compliance and reputational risk. The committee exchanges information, coordinates

3. Liquidity risk and asset and liability management

Developments in ESG risk in 2023

→ Roles and responsibilities

→ Management of ESG risk in the different risk types

Risk and capital management Pillar 3 | 2023

activities and advises on complex individual cases. Subject matter groups reporting to the NFRC follow up progress in areas such as money laundering, IT risk, third-party risk and data protection.

Group risk management

Group Risk Management (GRM) has the overall responsibility for monitoring and reporting risks related to climate, the environment and social conditions. The Chief Risk Officer (CRO) reports the Group's risk landscape to DNB's Group Management team each month and to the Board of Directors and the market each quarter. The business areas also contribute to identifying and limiting risk factors relating to climate, the environment and social conditions through risk mapping in the credit process.

GRM is responsible for the preparation of frameworks and instructions for the management of the different risk types. By year-end 2023, sustainability risk management had been integrated into the frameworks and instructions for all risk types. ESG risk has become an integral area of responsibility in every division of Group Risk Management. This means that all divisions either have or are planning initiatives to integrate ESG risk into their everyday risk management processes. GRM is also responsible for the development of models and processes that ensure sound and consistent assessments of sustainability risk, in addition to being responsible

for collecting data and reporting sustainability risk in Pillar 3. For more information on management and control see the chapter on Risk management and control on page 12.

Management of ESG risk in the different risk types

Exposure to ESG risk is managed through the different risk management frameworks. Our approach to sustainability and associated risks is, however, evolving rapidly, and as a result, ESG risks will be further developed in processes and internal control in the years to come. The Group considers credit risk as the most material risk type impacted by ESG risk. The management of ESG risk for credit risk is explained below. Other risk types are integrated into relevant processes.

Credit risk

ESG risk assessments are integrated into DNB's credit decisions and are managed in accordance with the Group Policy for Risk Management and Group Instructions for Sustainability in Credit Activities. According to the instructions, activities on the part of a borrower that affect ESG risk must be analysed in credit proposals in the same way as other potentially relevant risk drivers. DNB measures and follows up the average ESG risk level for borrowers in the categories low, medium and high. This work uses an ESG score diagram, which is sector-specific, allowing

us to address the most significant risks in the different industry segments. The instruction also specify which customers we do not grant credit.

DNB also uses an internally developed classification tool model for assessing companies' ESG risk. The tool covers four thematic areas: climate, the environment, social conditions and corporate governance. Of these, climate risk assessments were enhanced in 2023. The ESG classification is a very important part of the decision-making process for the establishment of new credit commitments. All customers are assessed regarding ESG, but for customers that have a total credit commitment of more than NOK 8 million, ESG risk must be commented on in the credit proposal. For all customers that have a credit commitment of more than NOK 50 million, risk classification must also be performed, using the in-house developed ESG risk assessment tool. Our own ESG assessments are supplemented by ESG analyses from third parties. An ESG customer dialogue form has also been developed to ensure that customers have a good understanding of which sustainability areas DNB perceives as significant in relation to risk management.

In the event of high ESG risk, the credit decision is escalated to the highest decision level below the Board. Customers with high ESG risk must also establish an internal action plan to follow up the thematic areas that cause the risk to be assessed as high. The action

3. Liquidity risk and asset and liability management

Developments in ESG risk in 2023

→ Management of ESG risk in the different risk types

→ Stress testing

Risk and capital management Pillar 3 | 2023

plan must cover a 12-month period and must contain milestones and specify the person who is responsible. The action plan also acts as basis for further dialogue with the customer. The risk model and process are assessed on a regular basis.

In 2023, the link between ESG risk and financial risk has been made clear in the credit reporting guidelines. For customers with moderate or high ESG risk, specific comments shall be made on how ESG risk may affect their future debt-servicing capacity in the financial analysis section of the credit documentation.

For project financing that is subject to the equator principles, separate assessments must document compliance with the principles.

Stress testing

When conducting stress tests of credit portfolios, climate risk is integrated into the stress scenarios. In 2023, DNB become a participant in the European Central Bank's (ECB) climate scenario analysis and stress test by preparing climate-related financial data on a variety of topics. The data collection and analysis are an ongoing work during the first quarter of 2024.

The purpose of the exercise is to gather data on climate and financial risk and assess whether the financial services industry is adequately prepared to manage their climate risk exposures and play their part in the realisation of the EU's target of a 55 per cent reduction in emissions by 2030. Through the data collection, DNB has gained valuable new insights into the different ways climate risk can impact its portfolios. In addition, it has facilitated significant improvements to the estimation model for GHG emissions, which will be key in delivering on the upcoming Pillar 3 financed emissions template in June 2024. The aggregated results from the ECB's analysis will hopefully shed some light on how climate risks impact DNB's financial risk and can be adequately included in financial risk analyses, as well as probability of default (PD) and loss given default (LGD) estimates.

1 Risk management and control 1. 2. Capital management

2 Capital management

3 Liquidity risk and asset and liability management 3. and asset liability management

4 Credit risk

6 Market risk

7 Operational risk

8 Climate risk 4. 5. 6. 7. 8. ESG risk

9 Appendix 9.

Appendix 2: Qualitative information in accordance with Article 449a CCR

Risk and capital management Pillar 3 | 2023

Pillar 3 | 20239. Appendix This report, Risk and capital management – Disclosure according to Pillar 3 2023, together with DNB's annual report and the additional Excel disclosure 'Risk and capital management – Pillar 3, attachment (Excel)', provides the consolidated disclosure of DNB as required in these regulations and the guidelines given by the European Banking Authority (EBA) in 'Guidelines on disclosure requirements under Part Eight of Regulation (EU) No 575/2013 (GL 2016/11)' including Commission Delegation Regulation 2022/2453 as regards the disclosure of environmental, social and governance risks, which was implemented in Norway 3 April 2023.

Requirements on disclosures regarding banks' risk and capital management are stipulated in the accounting and capital requirement regulations. As of 2023, the risk and capital information that is applicable in order to fulfil both sets of regulations is presented in DNB's Annual report for 2023. The disclosures that are specific to CRR can be found in this report in the form of quantitative information to be provided as stipulated in EBA/GL/2016/11 and in explanatory texts to the tables.

More information about DNB's risk management can be found in the Annual report 2023.

Information to be provided quarterly as stipulated in EBA/GL/2016/11 is published on DNB's website. For each article in Part Eight of Regulation (EU) No 575/2013 (CRR), the reference table below states in which of the publications the information can be found. This mapping is followed by a separate reference table for the additional Excel disclosures to the Pillar 3 report.

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Appendix 1: Reference table for CRR part 8

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)	Reference in DNB's annual report 2023 and interim reports or on the DNB website
Title I	General principles
Article 431	Disclosure requirements and policies
1-2	General disclosure requirements	This report, Risk and capital management Disclosure according to Pillar 3 2023		Annual report, chapter on Corporate Governance, description of Risk management and internal control, Financial reports on ir.dnb.no
3	Requirement to have a formal policy and internal processes, systems and controls to comply with the disclosure requirements	Ch. 0: Risk Statement
4	All quantitative disclosures shall be accompanied by a qualitative narrative and any other supplementary information that may be necessary in order for the users of that information to understand the quantitative disclosures,
5	Upon request, explanations of rating decisions to SMEs or other corporate applicants for loans	Can be provided upon request
Article 432	Non-material, proprietary or confidential information
1-3	Institutions may exclude non-material, proprietary or confidential information under certain conditions	Information items not disclosed under EBA/ GL/2016/11	EU templates not applicable for DNB are documented
Article 433	Frequency and scope of disclosures	Ch. 0: Introduction		Financial Calendar in Annual report and on ir.dnb.no
	General information about disclosures
Article 433a	Disclosures by large institutions	Ch. 0: Introduction		Financial Calendar in Annual report and on ir.dnb.no
	Frequency requirements for publishing disclosures of Pillar 3 information for large institutions		Contents page
Article 433b	Disclosures by small and non-complex institutions	Not applicable
Article 433c	Disclosures by other institutions	Not applicable
Article 434	Means of disclosures			Financial Reports on ir.dnb.no
1	Information medium for Pillar 3 disclosures and references to equivalent and additional data in other media
2	Reference to the locations where Pillar 3 and additional disclosures are published

1. Risk management and control

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in DNB's annual report 2023 and interim reports or on the DNB website
Title II	Technical criteria on transparency and disclosure
Article 435	Disclosure of risk management objectives and policies
1	Institutions shall disclose their risk management objectives and policies for each separate category of risk, including the risks referred to under this Title. These disclosures shall include:		Annual report, chapter on Corporate Governance
1a	Strategies and processes to manage the risks	Ch. 2: Capital management; Ch. 3: Liquidity risk and asset and liability management; Ch. 4: Credit risk; Ch. 5: Counterparty credit risk; Ch. 6: Market risk; Ch. 7: Operational risk; Ch. 8: ESG risk	Annual report, chapter on Corporate Governance, and Corporate Governance on ir.dnb.no
1b	Structure and organisation of the risk management organisation including its authority and statutes	Ch. 2: Capital management; Ch. 3: Liquidity risk and asset and liability management; Ch. 4: Credit risk; Ch. 5: Counterparty credit risk; Ch. 6: Market risk; Ch. 7: Operational risk; Ch. 8: ESG risk	Annual report, chapter on Corporate Governance regarding risk and capital management and Corporate Governance on ir.dnb.no
1c	Scope and nature of risk reporting and measurement systems	Ch. 2: Capital management; Ch. 3: Liquidity risk and asset and liability management; Ch. 4: Credit risk; Ch. 5: Counterparty credit risk; Ch. 6: Market risk; Ch. 7: Operational risk; Ch. 8: ESG risk	Annual report, chapter on Corporate Governance regarding risk and capital management and Corporate Governance on ir.dnb.no
1d	Policies for hedging and mitigating risk	Ch. 2: Capital management; Ch. 4: Credit risk; Ch. 5: Counterparty credit risk; Ch. 6: Market risk; Ch. 7: Operational risk	Annual report, chapter on Corporate Governance regarding risk and capital management and Corporate Governance on ir.dnb.no
1e	Declaration of conformity that the risk management system is fit-for-purpose in relation to the institution's profile and strategy	Ch.0: Risk Statement; Ch. 7: Operational Risk	Annual report, chapter on Corporate Governance regarding risk and capital management and Corporate Governance on ir.dnb.no
1f	Risk statement with overall risk profile	Ch.0: Risk statement; Ch. 1: Risk management and control
2	Institutions shall disclose the following information, including regular, at least annual updates, regarding governance arrangements:
2a–c	Corporate governance disclosures	Ch. 1: Risk management and control	Annual report, chapter on Corporate governance, Board of Directors (material/relevant directorships)

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Risk and
capital management
Pillar 3 2023

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)	Reference in DNB's annual report 2023 and interim reports or on the DNB website
2d	Whether or not the institution has set up a separate risk committee	Ch. 1: Risk management and control		Corporate Governance on ir.dnb.no
2e	Description of the information flow on risk to the management body	Ch. 1: Risk management and control		Annual report, chapter on Corporate Governance regarding risk and capital management and Corporate Governance on ir.dnb.no
Article 436	Disclosure of the scope of application
a	Name of the institution to which the requirements in CRR apply	Front page and Ch. 0: About this report
b	Reconciliation between the consolidated financial statements prepared in accordance with the applicable accounting framework and the consolidated financial statements prepared in accordance with the requirements on regulatory consolidation	Ch. 0: About this report	LI1; LI2; LI3
c	a breakdown of assets and liabilities of the consolidated financial statements prepared in accordance with the requirements on regulatory consolidation pursuant to Sections 2 and 3 of Title II of Part One, broken down by type of risks		LI1; CC2
d	a reconciliation identifying the main sources of differences between the carrying value amounts in the financial statements under the regulatory scope of consolidation as defined in Sections 2 and 3 of Title II of Part One, and the exposure amount used for regulatory purposes		LI2
e	for exposures from the trading book and the non-trading book that are adjusted in accordance with Article 34 and Article 105, a breakdown of the amounts of the constituent elements of an institution's prudent valuation adjustment, by type of risks, and the total of constituent elements separately for the trading book and non trading book position		PV1
f	any current or expected material practical or legal impediment to the prompt transfer of own funds or to the repayment of liabilities between the parent undertaking and its subsidiaries	Ch. 2: Capital Management
g	the aggregate amount by which the actual own funds are less than required in all subsidiaries that are not included in the consolidation, and the name or names of those subsidiaries;		LI3
h	where applicable, the circumstances under which use is made of the derogation referred to in Article 7 or the individual consolidation method laid down in Article 9.		LI3

3. Liquidity risk and asset and liability management

Appendix 2: Qualitative information in accordance with Article 449a CCR

→ Appendix 1: Reference table 
for CRR part 8

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)	Reference in DNB's annual report 2023 and interim reports or on the DNB website
Article 437	Disclosure of own funds	Ch. 2: Capital management		Annual report note G3 and interim report note G3 on Capitalisaton and capital adequacy.
	Institutions shall disclose the following information regarding their own funds:		A01, A03
a	General disclosure requirements regarding own funds		CC1, CC2
b	Description of the main features of capital instruments		CCA
c	Full terms and conditions of capital instruments		CCA
d i-iii	Separate disclosures on the nature of prudential filters, deductions, and items not deducted		CC1
e	Description of restrictions applied to the calculation of own funds		CC1
f	Explanation of the basis on which capital ratios have been calculated if other than the basis specified in CRR	Not applicable	CC1
Article 438	Disclosure of own funds requirements and risk-weighted exposure amounts	Ch. 2: Capital management		Annual report note G3 and interim report note G3 on Capitalisaton and capital adequacy.
	Institutions shall disclose the following information regarding the compliance by the institution with the requirements laid down in Article 92 of this Regulation and in Article 73 of Directive 2013/36/EU:		A02, A03
a	Institution's approach to assessing the adequacy of its internal capital
b	the amount of the additional own funds requirements based on the supervisory review process as referred to in point (a) of Article 104(1) of Directive 2013/36/EU and its composition in terms of Common Equity Tier 1, additional Tier 1 and Tier 2 instruments;		KM1
c	upon demand from the relevant competent authority, the result of the institution's internal capital adequacy assessment process;	Provided upon request; DNB's ICAAP-report
d	the total risk-weighted exposure amount and the corresponding total own funds requirement determined in accordance with Article 92, to be broken down by the different risk categories set out in Part Three and, where applicable, an explanation of the effect on the calculation of own funds and risk-weighted exposure amounts that results from applying capital floors and not deducting items from own fund	Ch. 4: Credit risk	OV1

1. Risk management and	Article in CRR	Description	management – Disclosure according to Pillar 3 2023	additional Excel disclosures (table)
control	e	the on- and off-balance-sheet exposures, the risk-weighted exposure amounts		CR10
2. Capital management		and associated expected losses for each category of specialised lending referred to in Table 1 of Article 153(5) and the on- and off-balance-sheet exposures and
3. Liquidity risk and asset		risk-weighted exposure amounts for the categories of equity exposures set out in Article 155(2);
and liability management	f	the exposure value and the risk-weighted exposure amount of own funds		OV1, INS1
4. Credit risk		instruments held in any insurance undertaking, reinsurance undertaking or insurance holding company that the institutions do not deduct from their own funds in accordance with Article 49 when calculating their capital requirements on an
5. Counterparty credit risk		individual, sub-consolidated and consolidated basis
6. Market risk	g	the supplementary own funds requirement and the capital adequacy ratio of the financial conglomerate calculated in accordance with Article 6 of Directive 2002/87/EC and Annex I to that Directive where method 1 or 2 set out in that		INS2
7. Operational risk		Annex is applied;
8. ESG risk	h	the variations in the risk-weighted exposure amounts of the current disclosure period compared to the immediately preceding disclosure period that result from		CR8; CCR7
9. Appendix		the use of internal models, including an outline of the key drivers explaining those variations
→ Appendix 1: Reference table	Article 439	Disclosure of exposures to counterparty credit risk	Ch 5: Counterparty credit risk
for CRR part 8	a	Methodology to assign internal capital and credit limits for counterparty credit
Appendix 2: Qualitative		exposures
information in accordance with Article 449a CCR	b	Policies for securing collateral and establishing credit reserves
	c	Policies with respect to wrong-way risk exposures
Appendix 3: Pillar 3 additional disclosures	d	Impact of the amount of collateral the institution would have to provide given a downgrade in its credit rating
	e	the amount of segregated and unsegregated collateral received and posted per type of collateral, further broken down between collateral used for derivatives and securities financing transactions		CCR5
	f	for derivative transactions, the exposure values before and after the effect of the credit risk mitigation as determined under the methods set out in Sections 3 to 6 of Chapter 6 of Title II of Part Three		CCR1
	g	for securities financing transactions, the exposure values before and after the effect of the credit risk mitigation as determined under the methods set out in Chapters 4		CCR1

and 6 of Title II of Part Three,

Reference in Risk and capital

Reference in Pillar 3

Risk and capital management Pillar 3 | 2023

Reference in DNB's annual

1. Risk management and control

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)	Reference in DNB's annual report 2023 and interim reports or on the DNB website
h	the exposure values after credit risk mitigation effects and the associated risk exposures for credit valuation adjustment capital charge, separately for each method as set out in Title VI of Part Three		CCR2
i	The exposure value to central counterparties and the associated risk exposures within the scope of Section 9 of Chapter 6 of Title II of Part Three, separately for qualifying and non-qualifying central counterparties, and broken down by types of exposures;		CCR8
j	the notional amounts and fair value of credit derivative transactions; credit derivative transactions shall be broken down by product type; within each product type, credit derivative transactions shall be broken down further by credit protection bought and credit protection sold	Not applicable	CCR6
k	the estimate of alpha where the institution has received the permission of the competent authorities to use its own estimate of alpha in accordance with Article 284(9)	Not applicable	CCR1
l	separately, the disclosures included in point (e) of Article 444 and point (g) of Article 452		CCR3; CCR4
m	for institutions using the methods set out in Sections 4 to 5 of Chapter 6 of Title II Part Three, the size of their on- and off-balance-sheet derivative business as calculated in accordance with Article 273a(1) or (2), as applicable.		CCR1
Article 440	Disclosure of countercyclical capital buffers	Ch. 2: Capital Management
a	Geographic distribution of credit exposures for calculating the countercyclical capital buffer		CCyB1
b	Amount of the countercyclical capital buffer		CCyB2
Article 441	Disclosure of indicators of global systemic importance	Not applicable
	Indicators used for determining the score of the institution in accordance with the identification methodology
Article 442	Disclosure of exposures to credit and dilution risk	Ch. 4: Credit risk
a	the scope and definitions that they use for accounting purposes of 'past due' and 'impaired' and the differences, if any, between the definitions of 'past due' and 'default' for accounting and regulatory purposes;			Annual report note G1 Accounting principles and note G4 Credit risk management
b	Methods for determining specific and general credit risk adjustments			Annual report note G4 Credit risk management
c	Information on the amount and quality of performing, non-performing and forborne exposures for loans, debt securities and off-balance-sheet exposures, including their related accumulated impairment, provisions and negative fair value changes due to credit risk and amounts of collateral and financial guarantees received;		CQ1; CQ3; CQ4; CQ5; CQ7;CR1
d	an ageing analysis of accounting past due exposures;		CQ3

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

7. Operational risk
8. ESG risk

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

3. Liquidity risk and asset and liability management

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)	Reference in DNB's annual report 2023 and interim reports or on the DNB website
e	The gross carrying amounts of both defaulted and non-defaulted exposures, the accumulated specific and general credit risk adjustments, the accumulated write-offs taken against those exposures and the net carrying amounts and their distribution by geographical area and industry type and for loans, debt securities and off-balance-sheet exposures;		CQ4; CQ5	Annual report note G11 and interim report note G7; Loans and financial commitments to customers by industry segment.
f	Any changes in the gross amount of defaulted on- and off-balance-sheet exposures, including, as a minimum, information on the opening and closing balances of those exposures, the gross amount of any of those exposures reverted to non-defaulted status or subject to a write-off;		CR1
g	the breakdown of loans and debt securities by residual maturity.		CR1-A
Article 443	Disclosure of encumbered and unencumbered assets	Ch. 3: Liquidity management and asset and liability management
	Institutions shall disclose information concerning their encumbered and unencumbered assets. For those purposes, institutions shall use the carrying amount per exposure class broken down by asset quality and the total amount of the carrying amount that is encumbered and unencumbered. Disclosure of information on encumbered and unencumbered assets shall not reveal emergency liquidity assistance provided by central banks.		AE1; AE2; AE3
Article 444	Disclosure of the use of the Standardised Approach	Ch. 4: Credit risk
	Institutions calculating their risk-weighted exposure amounts in accordance with Chapter 2 of Title II of Part Three shall disclose the following information for each of the exposure classes set out in Article 112:
a	Names of the nominated ECAIs and ECAs and the reasons for any changes in those nominations over the disclosure period;		CR5
b	Exposure classes for which each ECAI or ECA is used		CR5
c	Description of the process used to transfer the issuer and issue credit assessments onto items not included in the trading book	Not applicable
d	Association of the external rating of each nominated ECAI or ECA with the institution's scale of credit quality steps	Not applicable
e	Exposure values before and after credit risk mitigation associated with each credit quality step		CR4; CR5; CCR3
Article 445	Exposure to market risk	Ch. 6: Market risk
	Capital requirements for market risk		MR1	Annual report note G4 and interim report note G3 on Capitalisaton and capital adequacy.

1. Risk management and control
2. Capital management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)
		Ch. 2: Capital management;
Article 446	Disclosure of operational risk management	Ch. 7: Operational risk
	Institutions shall disclose the following information about their operational risk management:
a	Approaches for the assessment of own funds requirements for operation risk that the institution qualifies for;
b	where the institution makes use of it, a description of the methodology set out in Article 312(2), which shall include a discussion of the relevant internal and external factors being considered in the institution's advanced measurement approach;	Not applicable
c	in the case of partial use, the scope and coverage of the different methodologies used.	Not applicable	OR1
Article 447	Disclosure of key metrics
a	Composition of own funds and own funds requirements		KM1
b	Total risk exposure amount		KM1
c	Amount and composition of additional own funds which the institutions are required to hold		KM1
d	Combined buffer requirement which the institutions are required to hold		KM1
e	Leverage ratio and the total exposure measure as calculated in accordance with Article 429		KM1
f (i-iii)	Information in relation to liquidity coverage ratio as calculated		KM1
g (i-iii)	Information in relation to net stable funding requirement as calculated		KM1
h	Own funds and eligible liabilities ratios and their components, numerator and denominator		KM2; TLAC1
Article 448	Disclosure of exposures to interest rate risk on positions not included in the trading book	Ch.6: Market risk table IRRBBA
	Institutions shall disclose the following information on their exposure to interest rate risk on positions not included in the trading book:		IRRBB1
1a	the changes in the economic value of equity calculated under the six supervisory shock scenarios referred to in Article 98(5) of Directive 2013/36/EU for the current and previous disclosure periods;
1b	the changes in the net interest income calculated under the two supervisory shock scenarios referred to in Article 98(5) of Directive 2013/36/EU for the current and previous disclosure periods;

1. Risk management and control

3. Liquidity risk and asset and liability management

7. Operational risk
8. ESG risk

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)	Reference in DNB's annual report 2023 and interim reports or on the DNB website
1c	a description of key modelling and parametric assumptions, other than those referred to in points (b) and (c) of Article 98(5a) of Directive 2013/36/EU used to calculate changes in the economic value of equity and in the net interest income required under points (a) and (b) of this paragraph;
1d	an explanation of the significance of the risk measures disclosed under points (a) and (b) of this paragraph and of any significant variations of those risk measures since the previous disclosure reference date;
1e	the description of how institutions define, measure, mitigate and control the interest rate risk of their non-trading book activities for the purposes of the competent authorities' review in accordance with Article 84 of Directive 2013/36/EU, including:
(i)	a description of the specific risk measures that the institutions use to evaluate changes in their economic value of equity and in their net interest income;
(ii)	a description of the key modelling and parametric assumptions used in the institutions' internal measurement systems that would differ from the common modelling and parametric assumptions referred to in Article 98(5a) of Directive 2013/36/EU for the purpose of calculating changes to the economic value of equity and to the net interest income, including the rationale for those differences;
(iii)	a description of the interest rate shock scenarios that institutions use to estimate the interest rate risk;
(iv)	an outline of how often the evaluation of the interest rate risk occurs;
1f	the description of the overall risk management and mitigation strategies for those risks;
1g	average and longest repricing maturity assigned to non-maturity deposits.
2	Nature of the interest rate risk and key assumptions and frequency of measurement of interest rate risk
	By way of derogation from paragraph 1 of this Article, the requirements set out in points (c) and (e)(i) to (e)(iv) of paragraph 1 of this Article shall not apply to institutions that use the standardised methodology or the simplified standardised methodology referred to in Article 84(1) of Directive 2013/36/EU. interest rate risk, broken down by currency

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

		Reference in Risk and capital	Reference in Pillar 3	Reference in DNB's annual
Article in CRR	Description	management – Disclosure according to Pillar 3 2023	additional Excel disclosures (table)	report 2023 and interim reports or on the DNB website
Article 449	Disclosure of exposures to securitsation positions	Not applicable
Article 449a	Disclosure of environmental, social and governance risks (ESG risks)	Ch. 8: ESG risk
Table 1	Qualitative information on Environmental risk	Ch. 8: ESG risk, Appendix 2 'Qualitative information' p. 108
Table 2	Qualitative information on Social risk	Ch. 8: ESG risk, Appendix 2 'Qualitative information' p. 111
Table 3	Qualitative information on Governance risk	Ch. 8: ESG risk, Appendix 2 'Qualitative information' p. 114
Template 1	Banking book – Indicators of potential climate Change transition risk: Credit quality of exposures by sector, emissions and residual maturity		ESG1
Template 2	Banking book – Indicators of potential climate change transition risk: Loans collateralised by immovable property – Energy efficiency of the collateral	Ch. 8: ESG risk	ESG2
Template 3	Banking book – Indicators of potential climate change transition risk: Alignment metrics	Not applicable
Template 4	Banking book – Indicators of potential climate change transition risk: Exposures to top 20 carbon-intensive firms		ESG4
Template 5	Banking book – Indicators of potential climate change physical risk: Exposures subject to physical risk	Ch. 8: ESG risk	ESG5
Template 6	Summary of key performance indicators (KPIs) on the Taxonomy-aligned exposures		ESG6	Annual report 2023, page 85
Template 7	Mitigating actions: Assets for the calculation of GAR		ESG7	dnb.no/sustainability-reports
Template 8	GAR (%)		ESG8	dnb.no/sustainability-reports
Template 9	Mitigating actions: BTAR	Not applicable
Template 10	Other climate change mitigating actions that are not covered in Regulation (EU) 2020/852		ESG10
				Annual Report note G47 Remunerations etc. and Remuneration report on dnb. no. Chapter on Corporate
Article 450	Disclosure of remuneration policy			Governance on ir.dnb.no
1	Remuneration policy and practices:
1-a	Decision-making process used for determining remuneration policy, and number of meetings held by main body overseeing remuneration during the financial year		EU REMA
1-b	link between pay and performance		EU REMA

1. Risk management and control
2. Capital management
3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)
1 c-f	Criteria for performance measurement, parameters and rationale for any variable component scheme		EU REMA
1 g-j	Aggregate quantitative information on remuneration, including breakdowns		EU REM1
2	Quantitative information about remuneration to members of the institution's management body for significant institutions		EU REM1; EU REM5
Article 451	Disclosure of leverage ratio	Ch. 2: Capital management
1-a	Leverage ratio		LR1; LR2
1-b	a breakdown of the total exposure measure as well as a reconciliation of the total exposure measure with the relevant information disclosed in published financial statements;		LR1; LR2; LR3
1-c	The amount of exposures calculated in accordance with Articles 429(8) and 429a(1) and the adjusted leverage ratio calculated in accordance with Article 429a(7);		LR2
1-d	Description of the processes used to manage the risk of excessive leverage
1-e	Description of factors that had an impact on the leverage ratio during the period		LR1
2	Disclosures for public development institutions
3	Large institutions shall disclose the leverage ratio and the breakdown of the total exposure measure referred to in Article 429(4) based on averages		LR2
Article 451a	Dislosure of liquidity requirements	Ch. 3: Liquidity risk and asset and liability management
1	General requirement
2	Disclosure of information in relation to liquidity coverage ratio (LCR)		LIQ1
a-c	Disclosure of averages based on end-of-the-month observations over the preceding 12 months for each quarter of the relevant disclosure period		LIQ1
3	Disclosure of information in relation to net stable funding ratio (NSFR)		LIQ2
a-c	Quarter-end figures of available and required stable funding		LIQ2
4	Institutions shall disclose the arrangements, systems, processes and strategies put in place to identify, measure, manage and monitor their liquidity risk

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)
Title III	Qualifying requirements for the use of particular instruments or methodologies
Article 452	Disclosure of the use of the IRB approach to credit risk	Ch. 4: Credit risk
a	Competent authority's permission of the approach or approved transition
b	for each exposure class referred to in Article 147, the percentage of the total exposure value of each exposure class subject to the Standardised Approach or to the IRB Approach, as well as the part of each exposure class subject to a roll-out plan		CR6-A
c	the control mechanisms for rating systems at the different stages of model development, controls and changes, which shall include information on:
(i)	the relationship between the risk management function and the internal audit function;
(ii)	the rating system review;
(iii)	the procedure to ensure the independence of the function in charge of reviewing the models from the functions responsible for the development of the models;
(iv)	the procedure to ensure the accountability of the functions in charge of developing and reviewing the models;
d	the role of the functions involved in the development, approval and subsequent changes of the credit risk models; separately for each IRB exposure class
e	the scope and main content of the reporting related to credit risk models;
f	description of the internal ratings process by exposure class, including the number of key models used with respect to each portfolio and a brief discussion of the main differences between the models within the same portfolio, covering:
(i)	definitions, methods and data for estimation and validation of PD, which shall include information on how PDs are estimated for low default portfolios, whether there are regulatory floors and the drivers for differences observed between PD and actual default rates at least for the last three periods;
(ii)	where applicable, the definitions, methods and data for estimation and validation of LGD, such as methods to calculate downturn LGD, how LGDs are estimated for low default portfolio and the time lapse between the default event and the closure of the exposure;
(iii)	where applicable, the definitions, methods and data for estimation and validation of conversion factors, including assumptions employed in the derivation of those variables;

Risk and
capital management
Pillar 3 2023

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)	Reference in DNB's annual report 2023 and interim reports or on the DNB website
g	as applicable, the following information in relation to each exposure class referred to in Article 147:		CR6, CCR4
(i)	gross on-balance-sheet exposure		CR6
(ii)	off-balance-sheet exposure values prior to the relevant conversion factor		CR6
(iii)	exposure after applying the relevant conversion factor and credit risk mitigation;		CR6
(iv)	any model, parameter or input relevant for the understanding of the risk weighting and the resulting risk exposure amounts disclosed across a sufficient number of obligor grades (including default) to allow for a meaningful differentiation of credit risk		CR6
(v)	separately for those exposure classes in relation to which institutions have received permission to use own LGDs and conversion factors for the calculation of risk weighted exposure amounts, and for exposures for which the institutions do not use such estimates, the values referred to in points (i) to (iv) subject to that permission		CR6
h	institutions' estimates of PDs against the actual default rate for each exposure class over a longer period, with separate disclosure of the PD range, the external rating equivalent, the weighted average and arithmetic average PD, the number of obligors at the end of the previous year and of the year under review, the number of defaulted obligors, including the new defaulted obligors, and the annual average historical default rate.		CR9
Article 453	Disclosure of the use of credit risk mitigation techniques	Ch. 4: Credit risk		Annual report note G4 Credit risk management and note G6 Credit risk exposure
a	Policies and processes for on- and off-balance-sheet netting
b	Policies and processes for collateral valuation and management
c	Main types of collateral taken by the institution
d	Main types of guarantor and credit derivative counterparty and their creditworthiness
e	Information about market or credit risk concentrations within the credit mitigation taken	Not applicable
f	Exposure value covered by eligible financial and other collateral for exposures under the standardised approach or the IRB approach without own estimates of LGD and CCF		CR3

1. Risk management and control

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Article in CRR	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (table)	Reference in DNB's annual report 2023 and interim reports or on the DNB website
g	Conversion factor and the credit risk mitigation associated with the exposure and the incidence of credit risk mitigation techniques with and without substitution effect
h	For institutions calculating risk-weighted exposure amounts under the Standardised Approach, the on- and off-balance-sheet exposure value by exposure class before and after the application of conversion factors and any associated credit risk mitigation		CR4
i	For institutions calculating risk-weighted exposure amounts under the Standardised Approach, the risk-weighted exposure amount and the ratio between that risk-weighted exposure amount and the exposure value after applying the corresponding conversion factor and the credit risk mitigation associated with the exposure; the disclosure set out in this point shall be made separately for each exposure class;		CR4
j	Credit risk mitigation impact of credit derivatives
Article 454	Use of the Advanced Measurement Approaches to operational risk	Not applicable		Annual report note G4 Credit risk management and note G6 Credit risk exposure
	Description of the use of insurance and other risk transfer mechanisms to mitigate operational risk
Article 455	Use of Internal Market Risk Models	Not applicable
a-g	Institutions calculating their capital requirements in accordance with Article 363 shall disclose the following information:

3. Liquidity risk and asset and liability management

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Risk and capital management Pillar 3 | 2023

Appendix 2: Qualitative information in accordance with Article 449a CCR

Environmental risk – table 1
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
	Business strategy and processes
(a)	Institution's business strategy to integrate environmental factors and risks, taking into account the impact of environmental factors and risks on institution's business environment, business model, strategy and financial planning	Ch. 8: ESG risk, p. 83		'Strategy' and 'Climate and environment', p.18 and 61, Annual report 2023 DNBs sustainable ambitions and Transition plan publised on dnb.no/ sustainability-reports
(b)	Objectives, targets and limits to assess and address environmental risk in short-, medium-, and long-term, and performance assessment against these objectives, targets and limits, including forward-looking information in the design of business strategy and processes			'Greenhouse gas emissions and energy efficiency', p. 62, Annual report 2023
(c)	Current investment activities and (future) investment targets towards environmental objectives and EU Taxonomy-aligned activities		ESG 6 ESG 7 ESG 8	'Financing, advisory services and investment', p.79, Annual report 2023, 'EU taxonomy for sustainable activities', p. 85, Annual report 2023 See the Group's complete EU taxonomy reporting published on dnb.no/sustainability-reports.
(d)	Policies and procedures relating to direct and indirect engagement with new or existing counterparties on their strategies to mitigate and reduce environmental risks			Transition plan publised on dnb.no/sustainability-reports Group instructions for corporate responsibility in DNB's credit activites CSR-ESG risk assessment tool on dnb.no/sustainability-reports Group Policy Sustainability published on dnb.no/sustainability-reports Group instructions responsible investments published on dnb.no/sustainability-reports Voting guidelines (Norway and globally) on dnb.no/sustainability-reports
	Governance
(e)	Responsibilities of the management body for setting the risk framework, supervising and managing the implementation of the objectives, strategy and policies in the context of environmental risk management covering relevant transmission channels	Ch. 0: Risk Statement, p. 4 Ch. 8: ESG Risk, p. 83		'The Board of Directors' report on corporate governance' and 'Management and follow-up of the sustainability ambitions', p.35-37 and 51-52 Annual report 2023
(f)	Management body's integration of short-, medium- and long term effects of environmental factors and risks, organisational structure both within business lines and internal control functions	Ch. 0: Risk Statement, p. 4		Corporate Governance 2023 on dnb.no/sustainability-reports

3. Liquidity risk and asset and liability management

9. Appendix
Appendix 1: Reference table for CRR part 8
→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Risk and
	capital management
Pillar 3 2023

Environmental risk – table 1
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
(g)	Integration of measures to manage environmental factors and risks in internal governance arrangements, including the role of committees, the allocation of tasks and responsibilities, and the feedback loop from risk management to the management body covering relevant transmission channels	Ch. 0: Risk Statement, p. 4 Ch. 8: ESG Risk, p. 83		'Management and follow-up of the sustainability ambitions', p. 51-52 Annual report 2023 Group Policy Sustainability and Corporate Governance 2023 published on dnb.no/sustainability-reports
(h)	Lines of reporting and frequency of reporting relating to environmental risk	Ch. 8: ESG risk, p. 83 Ch. 0: Risk Statement, p. 4 Quarterly risk reporting to management and the board of directors. Appendix 3: Pillar 3 additional disclosures, p. 115	Content page
(i)	Alignment of the remuneration policy with institution's environmental risk-related objectives			'Management and follow-up of the sustainability ambitions', p. 52 Annual report 2023 Guidelines for remuneration of directors on dnb.no/en/about-us/organisation/agm-dnb?la=EN&site=DNB_NO
	Risk management
(j)	Integration of short-, medium- and long-term effects of environmental factors and risks in the risk framework	Ch. 8: ESG risk, p. 83		'Management and follow-up of the sustainability ambitions', p. 51-53 Annual report 2023
(k)	Definitions, methodologies and international standards on which the environmental risk management framework is based
(l)	Processes to identify, measure and monitor activities and exposures (and collateral where applicable) sensitive to environmental risks, covering relevant transmission channels	Ch. 8: ESG risk, p. 83	ESG 5
(m)	Activities, commitments and exposures contributing to mitigate environmental risks		ESG 10	Transition plan published on dnb.no/sustainability-reports. 'EU taxonomy for sustainable activities', p. 85, Annual report 2023 See the Group's complete EU taxonomy reporting published on dnb.no/sustainability-reports

3. Liquidity risk and asset and liability management

9. Appendix

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
(n)	Implementation of tools for identification, measurement and management of environmental risks	Ch. 8: ESG risk, p. 83
(o)	Results and outcome of the risk tools implemented and the estimated impact of environmental risk on capital and liquidity risk profile
(p)	Data availability, quality and accuracy, and efforts to improve these aspects	Ch. 8: ESG risk, p. 83
(q)	Description of limits to environmental risks (as drivers of prudential risks) that are set, and triggering escalation and exclusion in the case of breaching these limits	Ch. 8: ESG risk, p. 83	Group instructions for corporate responsibility in DNB's credit activites CSR-ESG risk assessment tool on dnb.no/sustainability-reports Group Policy Sustainability published on dnb.no/sustainability-reports Group instructions responsible investments on dnb.no/sustainability reports
(r)	Description of the link (transmission channels) between environmental risks with credit risk, liquidity and funding risk, market risk, operational risk and reputational risk in the risk management framework	Ch. 8: ESG risk, p. 83

3. Liquidity risk and asset and liability management

9. Appendix

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Social risk – table 2
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
	Business strategy and processes
(a)	Adjustment of the institution's business strategy to integrate social factors and risks taking into account the impact of social risk on the institution's business environment, business model, strategy and financial planning	Ch. 8: ESG risk, p. 83		'Strategy', p. 18 Annual report 2023 'Human rights', p. 90, Annual report 2023 'Diversity and inclusion', p.97, Annual report 2023 DNBs sustainable ambitions on dnb.no/sustainability-reports
(b)	Objectives, targets and limits to assess and address social risk in short-term, medium-term and long-term, and performance assessment against these objectives, targets and limits, including forward-looking information in the design of business strategy and processes			'Strategy', p. 18, Annual report 2023 'Human rights', p. 90, Annual report 2023 'Diversity and inclusion', p.97, Annual report 2023 DNBs sustainable ambitions and Report under the Norwegian Transparency Act 2023 on dnb.no/sustainability-reports
(c)	Policies and procedures relating to direct and indirect engagement with new or existing counterparties on their strategies to mitigate and reduce socially harmful activities			Group policy sustainability published on dnb.no/sustainability-reports Group instructions responsible investments published on dnb.no/sustainability-reports Group instructions for corporate responsibility in NB's credit activities on dnb.no/sustainability-reports
	Governance
(d)	Responsibilities of the management body for setting the risk framework, supervising and managing the implementation of the objectives, strategy and policies in the context of social risk management covering counterparties' approaches to:	Ch. 8: ESG risk, p. 83		'Management and follow-up of the sustainability ambitions', p. 52, Annual report 2023 'Human rights', p. 90, Annual report 2023 'Diversity and inclusion', p. 97, Annual report 2023
(i)	Activities towards the community and society			'Strategy', p. 18 Annual report 2023 DNBs sustainable ambitions, Report under the Norwegian Transparency
(ii)	Employee relationships and labour standards			Act 2023 and Group Policy Sustainability published on dnb.no/sustainability-reports
(iii)	Customer protection and product responsibility
(iv)	Human rights
(e)	Integration of measures to manage social factors and risks in internal governance arrangements, including the role of committees, the allocation of tasks and responsibilities, and the feedback loop from risk management to the management body	Ch. 8: ESG risk, p. 83		Management and follow-up of the sustainability ambitions', p. 52, Annual report 2023 Group policy sustainabilty on dnb.no/sustainability-reports

3. Liquidity risk and asset and liability management

9. Appendix

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Risk and
capital management
Pillar 3 2023

Social risk – table 2
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
(f)	Lines of reporting and frequency of reporting relating to social risk	Ch. 8: ESG risk, p. 83		The Norwegian Transparency Act requires that the business establishes a systematic and comprehensive work to ensure respect for human rights and working conditions in all its activities. Reorting according to annual process description and on demand. A separate statement on the Transparency Act is published on dnb.no/sustainability-reports. In annual renewal of credit commitment a review of the ESG classification is carried out. Group policy sustainability published on dnb.no/sustainability-reports
				Group instructions responsible investments published on dnb.no/sustainability-reports Group instructions for corporate responsibility in DNB's credit activities on dnb.no/sustainability-reports
(g)	Alignment of the remuneration policy in line with institution's social risk-related objectives			'Management and follow-up of the sustainability ambitions', p. 52, Annual report 2023 Guidelines for remuneration of directors on dnb.no/en/about-us/organisation/agm-dnb?la=EN&site=DNB_NO
	Risk management
(h)	Definitions, methodologies and international standards on which the social risk management framework is based			'Human rights', p. 90, Annual report 2023 'Diversity and inclusion', p. 97, Annual report 2023 Group policy sustainability published on dnb.no/sustainability-reports Group instructions for corporate responsibility in DNB's credit activities published on dnb.no/sustainability-reports
(i)	Processes to identify, measure and monitor activities and exposures (and collateral wher applicable) sensitive to social risk, covering relevant transmission channels			'Human rights' p. 90, Annual report 2023 'Diversity and inclusion', p. 97, Annual report 2023 Group policy sustainability published on dnb.no/sustainability-reports Group instructions for corporate responsibility in DNB's credit activities published on dnb.no/sustainability-reports Group instructions responsible investments published on dnb.no/sustainability-reports CSR-ESG risk assessment tool on dnb.no/sustainability-reports

3. Liquidity risk and asset and liability management

9. Appendix

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Social risk – table 2
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
(j)	Activities, commitments and assets contributing to mitigate social risk			Report under the Norwegian Transparency Act 2023 published on dnb.no/sustainability-reports Group policy sustainability published on dnb.no/sustainability-reports Group instructions for sustainability in DNB's credit activities published on dnb.no/sustainability-reports Group instructions responsible investments published on dnb.no/sustainability-reports CSR-ESG risk assessment tool on dnb.no/sustainability-reports
(k)	Implementation of tools for identification and management of social risk			Report under the Norwegian Transparency Act 2023 published on dnb.no/sustainability-reports Group policy sustainability published on dnb.no/sustainability-reports Group instructions for sustainability in DNB's credit activities published on dnb.no/sustainability-reports Group instructions responsible investments published on dnb.no/sustainability-reports CSR-ESG risk assessment tool on dnb.no/sustainability-reports
(l)	Description of setting limits to social risk and cases to trigger escalation and exclusion in the case of breaching these limits			'Human rights', p. 90, Annual report 2023 'Diversity and inclusion', p. 97, Annual report 2023 Report under the Norwegian Transparency Act 2023 published on dnb.no/sustainability-reports Group policy sustainability published on dnb.no/sustainability-reports Group instructions for sustainability in DNB's credit activities published on dnb.no/sustainability-reports Group instructions responsible investments published on dnb.no/sustainability-reports CSR-ESG risk assessment tool on dnb.no/sustainability-reports
(m)	Description of the link (transmission channels) between environmental risks with credit risk, liquidity and funding risk, market risk, operational risk and reputational risk in the risk management framework	Ch. 8: ESG risk, p. 83

3. Liquidity risk and asset and liability management

9. Appendix

→ Appendix 2: Qualitative information in accordance with Article 449a CCR

Governance risk – table 3
Row number	Description	Reference in Risk and capital management – Disclosure according to Pillar 3 2023	Reference in Pillar 3 additional Excel disclosures (template)	Reference in DNB's annual report, interim reports, policies and governing documents or on dnb.no
	Governance
(a)	Institution's integration in their governance arrangements gov ernance performance of the counterparty, including committees of the highest governance body, committees responsible for decision-making on economic, environmental, and social topics	Ch.0: Risk Statement, p. 4 Ch.8: ESG Risk, p. 83		'Management and follow-up of the sustainability ambitions', p. 52, Annual report 2023 'Corporate governance 2023 published on dnb.no/sustainability-reports Group Policy Sustainability published on dnb.no/sustainability-reports DNB's governance principles on dnb.no/sustainability-reports
(b)	Institution's accounting of the counterparty's highest governance body's role in non-financial reporting	Ch.8: ESG risk, p.83		'Management and follow-up of the sustainability ambitions', p. 52, Annual report 2023 Group Policy Sustainability published on dnb.no/sustainability-reports DNB's Code of Conduct for Business Partners published on dnb.no/sustainability-reports DNB's Code of Conduct published on dnb.no/sustainability-reports DNB's governance principles on dnb.no/sustainability-reports
(c)	Institution's integration in governance arrangements of the governance performance of their counterparties including:			Group Policy Sustainability published on dnb.no/sustainability-reports CSR-ESG risk assessment tool on dnb.no/sustainability-reports DNB's Code of Conduct for Business Partners published on
(i)	Ethical considerations			dnb.no/sustainability-reports
(ii)	Strategy and risk management			DNB's Code of Conduct published on dnb.no/sustainability-reports
(iii)	Inclusiveness			DNB's governance principles on dnb.no/sustainability-reports
(iv)	Transparency
(v)	Management of conflict of interest
(vi)	Internal communication on critical concerns
	Risk management
(d)	Institution's integration in risk management arrangements the governance performance of their counterparties considering:			CSR-ESG risk assessment tool on dnb.no/sustainability-reports DNBs Code of Conduct for Business Partners published on
(i)	Ethical considerations			dnb.no/sustainability-reports
(ii)	Strategy and risk management			Group Policy Sustainability published on dnb.no/sustainability-reports
(iii)	Inclusiveness			DNB's Code of Conduct published on dnb.no/sustainability-reports DNB's governance principles on dnb.no/sustainability-reports
(iv)	Transparency
(v)	Management of conflict of interest
(vi)	Internal communication on critical concerns

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Risk and capital management Pillar 3 | 2023

Appendix 3: Pillar 3 additional disclosures

Excel disclosure 'Risk and capital management – Pillar 3 attachment (Excel)', published on ir.dnb.no

				31 December 2023
	Unless otherwise stated, figures in the templates are figures for DNB Group – regulatory consolidation	Annex	Article in CRR II	Updated
Own funds
CC1	Composition of regulatory own funds	Annex VII	Points (a), (d), (e) and (f) of Article 437	Semi-Annually
CC2	Reconciliation of regulatory own funds to balance sheet in the audited financial statements	Annex VII	Point (a) of Article 437	Semi-Annually
A01	Own funds and capital ratios, DNB Bank ASA and DNB Group		Article 437	Quarterly
	Key metrics and overview of risk exposure amounts
OV1	Overview of risk exposure amounts	Annex I	Point (d) of Article 438	Quarterly
KM1	Key metrics (at consolidated group level)	Annex I	Points (a) to (g) of Article 447 and point (b) of Article 438	Quarterly
INS1	Insurance participations	Annex I	Point (f) of Article 438	Annually
INS2	Financial conglomerates information on own funds and capital adequacy ratio	Annex I	Points (g) of Article 438	Annually
A02	Specification of risk exposure amounts and capital requirements, DNB Group and DNB Bank ASA		Article 438	Quarterly
A03	Specification of risk exposure amounts and capital requirements, associated companies		Article 438	Quarterly
Scope of application
LI1	Differences between accounting and regulatory scopes of consolidation and the mapping of financial statement categories with regulatory risk categories	Annex V	Point (c) of Article 436	Annually
LI2	Main sources of differences between regulatory exposure amounts and carrying values in financial statements	Annex V	Point (d) of Article 436	Annually
LI3	Outline of the differences in the scopes of consolidation (entity by entity)	Annex V	Point (b) of Article 436	Annually
PV1	Prudent valuation adjustments (PVA)	Annex V	Point (e) of Article 436	Annually
Credit risk quality
CQ1	Credit quality of forborne exposures	Annex XV	Point (c) of Article 442	Semi-Annually
CQ3	Credit quality of performing and non-performing exposures by past due days	Annex XV	Points (c) and (d) of Article 442	Annually
CQ4	Quality of non-performing exposures by geography	Annex XV	Points (c) and (e) of Article 442	Semi-Annually
CQ5	Credit quality of loans and advances by industry	Annex XV	Points (c) and (e) of Article 442	Semi-Annually
CQ7	Collateral obtained by taking possession and execution processes	Annex XV	Point (c) of Article 442	Semi-Annually
CR1	Performing and non-performing exposures and related provisions	Annex XV	Points (c) and (f) of Article 442	Semi-Annually
CR1-A	Maturity of exposures	Annex XV	Point (g) of Article 442	Semi-Annually

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

				31 December 2023
	Unless otherwise stated, figures in the templates are figures for DNB Group – regulatory consolidation	Annex	Article in CRR II	Updated
	Credit risk mitigation techniques
CR3	Disclosure of the use of credit risk mitigation techniques	Annex XVII	Point (f) of Article 453	Semi-Annually
	Standardised approach
CR4	Standardised approach – Credit risk exposure and CRM effects	Annex XIX	Points (g), (h) and (i) of Article 453 CRR and point (e) of Article 444	Semi-Annually
CR5	Standardised approach	Annex XIX	Point (e) of Article 444	Semi-Annually
	IRB approach to credit risk
CR6	IRB approach – Credit risk exposures by exposure class and PD range	Annex XXI	Point (g) of Article 452	Semi-Annually
CR6-A	Scope of the use of IRB and SA approaches	Annex XXI	Point (b) of Article 452	Annually
CR7-A	IRB approach – Disclosure of the extent of the use of CRM techniques	Annex XXI	Point (g) of Article 453	Semi-Annually
CR8	REA flow statements of credit risk exposures under the IRB approach	Annex XXI	Point (h) of Article 438	Quarterly
CR9	IRB approach – Back-testing of PD per exposure class (fixed PD scale)	Annex XXI	Point (h) of Article 452	Annually
	Disclosure on specialised lending
CR10	Specialised lending and equity exposures under the simple riskweighted approach	Annex XXIII	Point (e) of Article 438	Semi-Annually
	Exposures to counterparty credit risk
CCR1	Analysis of CCR exposure by approach	Annex XXV	Points (f), (g), (k) and (m) of Article 439	Semi-Annually
CCR2	Transactions subject to own funds requirements for CVA risk	Annex XXV	Point (h) of Article 439	Semi-Annually
CCR3	Standardised approach – CCR exposures by regulatory exposure class and risk weights	Annex XXV	Point (l) of Article 439 referring to point (e) of Article 444	Semi-Annually
CCR4	IRB approach – CCR exposures by exposure class and PD scale	Annex XXV	Point (l) of Article 439 referring to point (g) of Article 452	Semi-Annually
CCR5	Composition of collateral for CCR exposures	Annex XXV	Point (e) of Article 439	Semi-Annually
CCR7	REA flow statements of CCR exposures under the IMM	Annex XXV	Point (h) of Article 438	Quarterly
CCR8	Exposures to CCPs	Annex XXV	Point (i) of Article 439	Semi-Annually
	Standardised approach and internal model for market risk
MR1	Market risk under the standardised approach	Annex XXIX	Article 445	Semi-Annually
Key Metrics
CCyB1	Geographical distribution of credit exposures relevant for the calculation of the countercyclical buffer	Annex IX	Point (a) of Article 440	Semi-Annually
CCyB2	Amount of institution-specific countercyclical capital buffer	Annex IX	Point (b) of Article 440	Semi-Annually

1. Risk management and control

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Risk and capital management Pillar 3 | 2023

	Unless otherwise stated, figures in the templates are figures for DNB Group – regulatory consolidation	Annex	Article in CRR II	Updated
Leverage ratio
LR1 LR2	Summary reconciliation of accounting assets and leverage ratio exposures Leverage ratio common disclosure	Annex XI Annex XI	Point (b) of Article 451(1) Article 451(3) – Rows 28 to 31a Points (a), (b) and (c) of Article 451(1) and Article 451(2) – Rows up to row 28. Annual (for rows 28 to 31a)	Semi-Annually Semi-Annually
LR3	Split up of on balance sheet exposures (excluding deratives, SFTs and exempted exposures)	Annex XI	Point (b) of Article 451(1)	Semi-Annually
	Liquidity requirements
LIQ1	Quantitative information of LCR	Annex XIII	Article 451a(2)	Quarterly
LIQ2	Net Stable Funding Ratio	Annex XIII	Article 451a(3)	Semi-Annually
	MREL-minimum requirement eligible liabilities
KM2	Key metrics – MREL	Annex V	Article 447 (h)	Quarterly
TLAC1	Composition – MREL	Annex V	Article 447 (h)	Semi-Annually
TLAC3b	Creditor ranking – resolution entity	Annex V		Semi-Annually
	Encumbered and unencumbered assets
AE1	Encumbered and unencumbered assets	Annex XXXV	Article 443	Annually
AE2	Collateral received and own debt securities issued	Annex XXXV	Article 443	Annually
AE3	Sources of encumbrance	Annex XXXV	Article 443	Annually
Operational risk
OR1	Operational risk own funds requirements and risk-weighted exposure amounts	Annex XXXI	Articles 446 and 454	Annually
Remuneration policy
REMA	Remuneration policy	Annex XXXIII	Point a-f, j and k of Article 450(1) , 450(2)	Annually
REM1	Remuneration awarded for the financial year	Annex XXXIII	Point (h)(i)-(ii) of Article 450(1)	Annually
REM2	Special payments to staff whose professional activities have a material impact on institutions' risk profile (identified staff)	Annex XXXIII	Point (h)(v) to (vii) of Article 450(1)	Annually
REM3	Deferred remuneration	Annex XXXIII	Point (h)(iii) and (iv) of Article 450(1)	Annually
REM4	Remuneration of 1 million EUR or more per year	Annex XXXIII	Point (i) of Article 450(1)	Annually
REM5	Information on remuneration of staff whose professional activities have a material impact on institutions' risk profile (identified staff)	Annex XXXIII	Point (g) of Article 450(1)	Annually

31 December 2023

31 December 2023
------------------	--	--

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR

Unless otherwise stated, figures in the templates are figures for DNB Group – regulatory consolidation		Annex	Article in CRR II	Updated
ESG risk
ESG1	Banking book – Climate change transition Risk: Credit quality of exposures by sector, emissions and residual maturity	Annex XXXIX	Article 449a	Semi-Annually
ESG2	Banking book – Climate change transition risk: Loans collateralised by immovable property – Energy efficiency of the collateral	Annex XXXIX	Article 449a	Semi-Annually
ESG4	Banking book – Climate change transition risk: Exposures to top 20 carbon-intensive firms	Annex XXXIX	Article 449a	Semi-Annually
ESG5	Banking book – Climate change physical risk: Exposures subject to physical risk	Annex XXXIX	Article 449a	Semi-Annually
ESG6	Summary of GAR KPIs	Annex XXXIX	Article 449a	Semi-Annually
ESG7	Mitigating actions: Assets for the calculation of GAR	Annex XXXIX	Article 449a	Semi-Annually
ESG8	GAR (%)	Annex XXXIX	Article 449a	Semi-Annually
ESG10	Other climate change mitigating actions that are not covered in the EU Taxonomy	Annex XXXIX	Article 449a	Semi-Annually
	Interest rate risk in the banking book
IRRBB1	Interest rate risks of non-trading book activities	Annex XXXVII	Article 448 (1)	Semi-Annually
Additional information
CCA	Disclosure of main features of regulatory capital instruments as at 31 December 2023	Annex VII	Points (b) and (c) of Article 437	Quarterly
CCA footnotes	Disclosure of main features of regulatory capital instruments – footnotes			Quarterly
DNB Boligkreditt
	DNB Boligkreditt – Key metrics		Article 433a (2)	Quarterly
	DNB Boligkreditt – Credit Risk		Article 433a (2)	Semi-Annually
	The following EU templates are not applicable for DNB as at 31 December 2023
CR2	Changes in the stock of non-performing loans and advances	Annex XV	The level of DNB's NPL-ratio is below 5%	Semi-Annually
	Changes in the stock of non-performing loans and advances and related net accumulated
CR2a	recoveries	Annex XV	The level of DNB's NPL-ratio is below 5%	Semi-Annually
CR7	IRB approach – Effect on the RWEAs of credit derivatives used as CRM techniques	Annex XXI	DNB has no credit derivatives as at 31 December 2022	Semi-Annually
CR9.1	IRB approach – Back-testing of PD per exposure class (only for PD estimates according to point (f) of Article 180(1) CRR)	Annex XXI	DNB does not apply article 180(1)	Annually
CQ2	Quality of forbearance	Annex XV	The level of DNB's NPL-ratio is below 5%	Semi-Annually
CQ6	Collateral valuation – loans and advances	Annex XV	The level of DNB's NPL-ratio is below 5%	Semi-Annually
CQ8	Collateral obtained by taking possession and execution processes – vintage breakdown	Annex XV	The level of DNB's NPL-ratio is below 5%	Semi-Annually

	31 December 2023
--	------------------	--

Introduction

1. Risk management and
control

3. Liquidity risk and asset and liability management

9. Appendix

Appendix 2: Qualitative information in accordance with Article 449a CCR