Report on Corporate Governance and Ownership Structure 2017 Financial Year

APPROVED BY THE BOARD OF DIRECTORS ON 13 MARCH 2018

Report on Corporate Governance and Ownership Structure 2017 Financial Year

doBank S.p.A.

Registered Office: Piazzetta Monte, 1 – 37121 Verona

Share Capital €41,280,000.00 fully paid-up

Bank registered on the register of Banks and Parent Company of the doBank Banking Group – Register of Banking Groups code 10639, ABI code 10639 – Registration at the Companies Register, Chamber of Commerce of Verona no./Economic & Administrative Index no.: VR/19260 – Tax Code 00390840239 and VAT no. 02659940239 Member of the Interbank Deposit Protection Fund.

www.dobank.com

Page
GLOSSARY 6
The organisation of doBank and its Listing. 8
The new doBank Articles of Association 9
1.0 ISSUER'S PROFILE 10
2.0 INFORMATION ON OWNERSHIP STRUCTURE (pursuant to Art. 123(2), paragraph 1 of the Consolidated Finance Law) at the date of 31 December 2017 11
a) Share capital structure (pursuant to Art. 123(2), paragraph 1, letter a) of the Consolidated Finance Law)11
b) Restrictions on securities transfer (pursuant to Art. 123(2), paragraph 1, letter b) of the Consolidated Finance Law) 11
c) Significant capital investments (pursuant to Art. 123(2), paragraph 1, letter c) of the Consolidated Finance Law) 11
d) Securities granting special rights (pursuant to Art. 123(2), paragraph 1, letter d) of the Consolidated Finance Law) 12
e) Employee shareholding: mechanism of exercising the voting right (pursuant to Art. 123(2), paragraph 1, letter e) of the Consolidated Finance Law) 12
f) Restrictions on voting right (pursuant to Art. 123(2), paragraph 1, letter f) of the Consolidated Finance Law) 12
g) Agreements between shareholders known to doBank in accordance with Art. 122 Consolidated Finance Law (pursuant to Art. 123(2), paragraph 1, letter g) of the Consolidated Finance Law) 12
h) Change of control clauses (pursuant to Art. 123(2), paragraph 1, letter h) of the Consolidated Finance Law) and statutory provisions on Public Takeover Bids (pursuant to Articles 104, paragraph 1(3) of the Consolidated Finance Law) 13
i) Delegations to increase the share capital and authorisations to purchase treasury shares (pursuant to Art. 123(2), paragraph 1, letter m) of the Consolidated Finance Law) 13
l) Management and coordination activity (pursuant to Art. 2497 et seq of the Italian Civil Code) 14
3.0 COMPLIANCE (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER A) OF THE CONSOLIDATED FINANCE LAW) 14
4.0 DOBANK BOARD OF DIRECTORS 15
4.1 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123(2), PARAGRAPH 1, LETTER I) OF THE CONSOLIDATED FINANCE LAW) 15
4.1.1 Succession plan in the case of absence or impediment 18
4.2 COMPOSITION (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTERS D) AND D(2) OF THE CONSOLIDATED FINANCE LAW) 19
4.2.1. Diversity Policies 23
4.2.2. Maximum accumulation of assignments held in other companies 24
4.2.3. Induction and recurring training initiatives 25
4.3 ROLE OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER D) OF THE CONSOLIDATED FINANCE LAW) 25
4.3.1 Duties 25
4.3.2 Meetings and functioning 29

4.3.3 Self-assessment 30
4.3.4 Competing activities 31
4.4 DELEGATED BODIES 31
4.5 OTHER EXECUTIVE DIRECTORS 33
4.6 INDEPENDENT DIRECTORS 34
4.7 LEAD INDEPENDENT DIRECTOR 35
5.0 TREATMENT OF CORPORATE INFORMATION 35
6.0 COMMITTEES INTERNAL TO THE BOARD (pursuant to Art. 123(2), paragraph 2, letter d) of the Consolidated Finance Law) 36
6.1 Appointments and Remuneration Committee (active until the Company listing) 37
7.0 APPOINTMENTS COMMITTEE 38
8.0 REMUNERATION COMMITTEE 40
9.0 REMUNERATION OF DIRECTORS (Directors' indemnity in the case of resignation, dismissal or termination of the relationship following a public takeover bid (pursuant to Art. 123(2), paragraph 1, letter i) of the Consolidated Finance Law) 42
10.0 CONTROL AND RISKS COMMITTEE 43
11.0 INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM 47
11.1 DIRECTOR IN CHARGE OF THE INTERNAL CONTROL AND RISK MANAGEMENT 58 SYSTEM
11. 2 HEAD OF THE INTERNAL AUDIT FUNCTION 59
11.3 ORGANISATION MODEL pursuant to Italian Legislative Decree 231/2001 62
11.4 INDEPENDENT AUDITING COMPANY 63
11.5 MANAGER IN CHARGE OF PREPARING THE CORPORATE ACCOUNTING DOCUMENTS AND OTHER COMPANY ROLES AND FUNCTIONS 63
11.6 COORDINATION BETWEEN ENTITIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM 64
12.0 INTERESTS OF DIRECTORS AND TRANSACTIONS WITH RELATED PARTIES 65
13.0 APPOINTMENT OF AUDITORS 66
14.0 COMPOSITION AND FUNCTIONING OF THE BOARD OF AUDITORS (pursuant to Art. 123(2), paragraph 2, letters d) and d(2)) of the Consolidated Finance Law) 68
14.1 Diversity policies 70
14.2 Self-Assessment 70
15.0 RELATIONSHIPS WITH SHAREHOLDERS 70
16.0 SHAREHOLDERS' MEETINGS (pursuant to Art. 123(2), paragraph 2, letter c) of the Consolidated Finance Law) 71
16.1 Legitimacy, attendance and voting methods 72
16.2 Conduct of Shareholders' Meeting works 73
16.3 Significant changes in the capitalisation and in the composition of the ownership structure 73
17.0 ADDITIONAL CORPORATE GOVERNANCE PRACTICES (pursuant to Art. 123(2), paragraph 2, letter a) of the Consolidated Finance Law) 74
18.0 CHANGES SINCE RELEVANT YEAR-END 74

19.0 CONSIDERATIONS ON THE LETTER DATED 13 DECEMBER 2017 OF THE CHAIRMAN OF
THE CORPORATE GOVERNANCE COMMITTEE 75
TABLE 1: INFORMATION ON OWNERSHIP STRUCTURE 76
TABLE 2: STRUCTURE OF BOARD OF DIRECTORS AND COMMITTEES 78
TABLE 3: STRUCTURE OF BOARD OF AUDITORS 81

GLOSSARY

Shareholders' Meeting: the Shareholders' Meeting of doBank

Avio: Avio S.à r.l., with registered office in Luxembourg, 26 Boulevard Royal, L2449, tax code 97754310155 and VAT no. LU28038434, registered at the Companies Register of Luxembourg at no. B195157.

Circular 263: Rules on risk activity and conflict of interests in relation to related parties, issued by the Bank of Italy with Circular no. 263 dated 27 December 2006 as amended.

Corporate Governance Code: the Corporate Governance Code of listed companies approved in July 2015 by the Corporate Governance Committee and promoted by Borsa Italiana S.p.A., ABI, Ania, Assogestioni, Assonime and Confindustria (available at the page http://www.borsaitaliana.it/comitato-corporate-governance/codice/codice.htm).

Civil Code: the Italian Civil Code.

Board of Auditors: the doBank Board of Auditors.

Board Committees: the Appointments Committee, the Remuneration Committee and the Risks and Transactions with Connected Persons Committee, viewed collectively.

Appointments Committee: the Committee internal to the Board of Directors, constituted in conformity with Articles 4 and 5 of the Corporate Governance Code.

Remuneration Committee: the Committee internal to the Board of Directors, constituted in conformity with Articles 4 and 6 of the Corporate Governance Code.

Risks and Transactions with Connected Persons Committee: the Committee internal to the Board of Directors constituted in conformity with Articles 4 and 7 of the Corporate Governance Code.

Board of Directors: the doBank Board of Directors.

Supervisory Provisions: Circular no. 285 of the Bank of Italy dated 17 December 2013 – Supervisory Provisions for Banks.

Registration Document: the Registration Document for IPO purposes drafted in accordance with the Implementing Regulation of Italian Legislative Decree dated 24 February 1998 no. 58, on the regulation of issuers and filed at CONSOB on 29 June 2017 following communication of the approval measure by CONSOB by note dated 28 June 2017 reference no. 0083967/17.

Issuer/doBank/Company/Bank/Parent Company: doBank S.p.A., with registered office in Piazzetta Monte, 1 – 37121 Verona, with fully paid-up share capital of Euro 41,280,000.00, registered on the Register of Banks and Parent Company of the doBank S.p.A. Banking Group, in the Register of Banking Groups with code 10639 and ABI code 10639, art the Companies Register of Verona, at the Economic and Administrative Index with no. VR/19260, tax code and VAT no.: 00390840239, member of the Interbank Deposit Protection Fund.

Financial Year: the company financial year to which this Report relates, included between 1 January and 31 December 2017.

Fortress: Fortress Investment Group LLC, based c/o Corporation Trust Center 1209, Orange Street, 19801, Wilmington, Delaware, DE, United States.

Group/doBank Group: the doBank Banking Group, consisting of doBank S.p.A, in the capacity of Parent Company, Italfondiario S.p.A., doSolutions S.p.A., doRealEstate S.p.A. and I.B.I.S. S.r.l..

Fortress Group: Fortress and any company or entity directly or indirectly controlled by it, or subject to common control of the same.

MAR: "Market Abuse Regulation" - EU Regulation no. 596/2014 on market abuse.

MTA: the Screen-Based Stock Exchange organised and run by Borsa Italiana on which the doBank shares are traded.

Supervisory Body: the Bank of Italy.

Listing: the listing of the Issuer's shares on the MTA, organised and run by Borsa Italiana S.p.A., with start of trading on 14 July 2017.

Implementing Regulation: EU Regulation no. 347/2016 to implement the MAR.

CONSOB Issuers' Regulation: the Regulation issued by CONSOB by resolution no. 11971 of 1999 (as amended) on issuers.

CONSOB Markets' Regulation: the Regulation issued by CONSOB by resolution no. 20249 of 2017 on markets.

CONSOB Related Parties' Regulation: the Regulation issued by CONSOB by resolution no. 17221 dated 12 March 2010 (as amended) on transactions with related parties.

Report: the report on corporate governance and ownership structure, which companies are required to prepare in accordance with Art. 123(2) of the Consolidated Finance Law.

Internal Controls System: the internal controls system adopted by the Group.

doBank Internet Website: the Bank's internet website available at the page www.dobank.com.

Independent Auditing Company: EY S.p.A. - Via Isonzo, 11 - 37126 Verona.

SoftBank: SoftBank Group Corporation based in 1-9-1 Higashi-Shinbashi, Minato-ku - Tokyo - Japan.

Articles of Association: the existing doBank articles of association.

Consolidated Banking Law: Italian Legislative Decree no. 385 dated 1 September 1993, (known as "Consolidated Banking Law"), as updated each time.

Consolidated Finance Law: Italian Legislative Decree no. 58 dated 24 February 1998, (known as "Consolidated Finance Law") as updated each time.

INTRODUCTION

This Report is aimed at providing to the doBank shareholders and to the market an assessment and analysis tool in relation to the corporate governance system adopted by doBank and it has been prepared in consideration of the provisions contained:

in the Consolidated Finance Law and in the respective implementing regulations adopted by CONSOB (as the regulatory corpus aimed at listed issuers);
in the Consolidated Banking Law (as the regulation intended for the banking system);
in the Corporate Governance Code.

Since this is the first Report produced by doBank - which, as will be illustrated in detail below, has been listed on the MTA since 14 July 2017 - it is worth providing a brief introduction, describing the establishment of the current configuration of the doBank Group and the Listing process, to provide for context as to the contents of the Report itself.

The organisation of doBank and its Listing.

On 30 October 2015, the entire share capital of UniCredit Credit Management Bank S.p.A., bank of the UniCredit group dedicated mainly to managing the impaired loans of that banking group, was acquired by Avio¹ , a company belonging to the Fortress Group, whose capital is held for 50% by Siena Holdco S.à r.l. (a company controlled by the funds managed by Fortress)² and for 50% by Verona Holdco S.à r.l (a company controlled by Eurocastle Investment Limited, which, in turn, is managed, by virtue of a management agreement, by Fortress). As a consequence of that operation, from 30 October 2015 UniCredit Credit Management Bank S.p.A. changed its company name to "doBank S.p.A." and ceased to form part of the UniCredit Group.

On 9 March 2016, by order of the Bank of Italy, doBank was registered in the Register of Banking Groups, in accordance with Art. 64 of the Consolidated Banking Law, as parent company of the doBank Group, made up, in addition to doBank itself, by doRealEstate S.p.A., an instrumental company.

The Group's structure then expanded following the acquisition of Italfondiario S.p.A. (previously controlled by affiliated companies of the Fortress Group), active on the Italian market in the outsourced management of financial and trade receivables, performing and non-performing, which, in turn, wholly owned the companies Italfondiario RE S.r.l., I.B.I.S. S.r.l. and Gextra S.r.l..

The acquisition process of 100% of the share capital of Italfondiario S.p.A. by doBank took place in two phases, made up of the acquisition of a 9.75% investment on 31 March 2016, followed by the acquisition of the remaining part of the share capital, finalised on 14 October 2016, after obtaining the respective clearance from the Bank of Italy.

That operation gave rise to a process of gradual but overall streamlining of the Group's activities and structures, by way of:

creation of the company doSolutions S.p.A., with the role of shared services company and technological hub of the Group;

¹ The acquisition concerned an investment representing 97.81% since the remaining share of 2.19% was represented by treasury shares.

² As illustrated in more detail in the part dedicated to the ownership structure, last 27 December 2017 SoftBank Group Corp. completed the acquisition process of Fortress Investment Group LLC.

streamlining of the real estate hub, by defining the role of doRealEstate S.p.A., aimed at incorporating Italfondiario RE S.r.l.);
improvement of the role and industrial profile of IBIS S.r.l..

The reorganisation process of the ownership structure, begun in 2016, ended on 27 April 2017, with the sale of Gextra S.r.l. (indirectly controlled by doBank by way of Italfondiario S.p.A.). For further information on the origins and reorganisation of the doBank Group, see Chapter 5.1 of the Registration Document published on the doBank Internet Website at the page https://www.dobank.com/it/investor-relations/IPO/documento-registrazione.

In the early part of 2017, doBank commenced a listing process of its shares on the screen-based stock exchange run by Borsa Italiana, completed with the start of trading on 14 July 2017.

The new doBank Articles of Association

On 21 June 2017, the extraordinary Shareholders' Meeting resolved on a series of amendments to the Articles of Association, connected to assuming the status of listed company with consequent application to the Bank of the regulations dictated for companies using the risk capital market. Those amendments, authorised by the Supervisory Body, took effect from 14 July 2017, the start date of trading of the Company's shares on the MTA.

The new Articles of Association:

lay down, in line with market practice, that the extraordinary Shareholders' Meeting may resolve upon: (i) the exclusion of the right of option within the limits and by the methods provided by Art. 2441, fourth paragraph, second sentence of the Italian Civil Code (i.e. within the limits of 10% of the pre-existing share capital, provided that the market price corresponds to the market value of the shares and this is confirmed in a specific report by an independent auditor/independent auditing company) and (ii) the assignment of shares or other financial instruments in favour of employee work providers within the limits indicated in Art. 2349 of the Italian Civil Code;
incorporate the provisions of Italian Legislative Decree 27/2010, as amended by Italian Legislative Decree 91/2012, relating to the exercise of some rights by shareholders of listed companies, in implementation of Directive 2007/36/EC on exercising the vote in the Shareholders' Meeting;
provide, in conformity with Art. 174(3) of the Consolidated Finance Law, the so-called "list vote" mechanism for the appointment of the members of the Board of Directors, reserving the appointment of one member to any minority list submitted, which is not connected in any way, even indirectly, with those who have submitted or voted upon the list that came first by number of votes;
provide, in conformity with Art. 148 of the Consolidated Finance Law, the so-called "list vote" mechanism for the appointment of the members of the Board of Auditors, reserving the chairmanship of the Board of Auditors to the statutory auditor taken from any minority list submitted which is not connected in any way, even indirectly, with those who have submitted or voted upon the list that came first by number of votes;
provide that the allocation of the members of the Board of Directors and the Board of Auditors to be elected is done on the basis of a criterion that ensures the gender balance, in compliance with the provisions of Articles 147(3) and 148 of the Consolidated Finance Law;
provide, in conformity with Art. 154(2) of the Consolidated Finance Law, the appointment of the Manager in Charge of drafting the corporate accounting documents and fulfilling the duties provided by that Article.

1.0 ISSUER'S PROFILE

doBank has chosen to adopt a "traditional" management and control model, whose structure is focused on the presence of the Board of Directors, in the capacity of body with strategic supervision functions, and the Board of Auditors, in the capacity of body with control functions, both appointed by the Shareholders' Meeting. There is also provision for the appointment by the Board of Directors of a Chief Executive Officer, as body with management function.

doBank is the parent company - listed - of the doBank Group. The Group is structured on the model of a federal and multifunctional group and the Parent Company ensures, even at consolidated level, efficient and precise management and control systems. The Group also has the aim of guaranteeing the implementation of significant synergies and its organisation involves a significant integration between subsidiaries and Parent Company.

The doBank Group, at 31 December 2017, is structured as follows:

The unitary governance of the Group is guaranteed by the role of guidance, governance and support performed by the Parent Company as well as by the compliance, by all companies that form part of the Group, with a set of common principles at the basis of the corporate operations. doBank, consequently, in conducting its management and coordination role (subject to the statutory and operational autonomy of each Group company), defines the strategic development lines of each member company, ensuring the coherence of those strategies with the Group policies.

doBank also, on one side, ensures the coordination and control of the activities of the companies controlled by it so as to guarantee the correct conduct of the strategic mission and the uniformity of guidance, and, on the other, provides and/or supplements the support and service activities to those subsidiaries, sharing the best skills. In that context, doBank has decided to centralise within it, in the capacity of Parent Company, the so-called corporate functions (human resources management; organisation and organisational development; occupational safety; general and logistical services; purchases; administration, finance and control, [including: treasury, accounting, financial statements, reports, etc.]; communication; commercial development; legal and corporate affairs; extraordinary finance and investor relations), while the subsidiary companies focus on their respective core businesses, without prejudice to the responsibility of the respective company bodies for the outsourced activities.

2.0 INFORMATION ON OWNERSHIP STRUCTURE (pursuant to Art. 123(2), paragraph 1 of the Consolidated Finance Law) at the date of 31 December 2017

a) Share capital structure (pursuant to Art. 123(2), paragraph 1, letter a) of the Consolidated Finance Law)

The doBank share capital – which is described in more detail and more comprehensively in Table 1 at the foot of this Report - is made up entirely of ordinary shares, traded on the MTA.

The doBank share capital at 31 December 2017 amounts to Euro 41,280,000.00, split into 80,000,000 shares - indivisible and registered - without par value and it has not undergone changes at the date of this Report.

There are currently no employee shareholding schemes in doBank that exclude the direct exercise of the voting rights.

In relation to treasury shares, we refer to paragraph i) below of this chapter.

b) Restrictions on securities transfer (pursuant to Art. 123(2), paragraph 1, letter b) of the Consolidated Finance Law)

There are no restrictions on the transfer of share securities, as the shares are transferrable in the legal methods.

c) Significant capital investments (pursuant to Art. 123(2), paragraph 1, letter c) of the Consolidated Finance Law)

At 31 December 2017 the following entities possess shareholdings higher than 5%:

Affiant or entity positioned at the top of the shareholding chain	Direct shareholder	Number of shares	%
Soft Bank Group Corporation	Avio	40,080,000	50.10%
	Jupiter Asset Management Ltd	2,057,281	2.57%
Jupiter Asset Management Ltd	Nortrust Nominees Limited	4,108,697	5.13%
	Total Jupiter Asset Management Ltd	6,165,978	7.70%
others < 5% (SME)		32,004,022	40.01%
Treasury shares		1,750,000	2.19%
total capital		80,000,000	100.00%

Following the QLF-2017-0167 authorisation, issued on 21 December 2017 by the European Central Bank and by the Bank of Italy on 21 December 2017 (ref. 1506852/17) and 22 December 2017 (ref. 1512028/17), on 27 December 2017 the acquisition process of Fortress was completed by SoftBank.

On 5 January 2018 SoftBank communicated to the Company and to the competent supervisory authorities the completion of the transaction and the acquisition of the indirect controlling interest in the doBank share capital.

Based upon the communications received from doBank, Jupiter Asset Management Limited is the only entity to have surpassed the relevant ownership threshold of 5% of the share capital, among the various entities that subscribed doBank shares as part of the initial public offer (IPO) or purchased them during the subsequent trading on the MTA. In particular, on 19 July 2017 Jupiter Asset Management Limited sent to the Company the communication required by Art. 120 of the Consolidated Finance Law, in which it stated that it held 5.12% of the Company's capital; on 20 October 2017, it then communicated that it had increased to 7.70% the shareholding held, directly or indirectly.

At the date of this Report, no changes have occurred with respect to what is illustrated above.

d) Securities granting special rights (pursuant to Art. 123(2), paragraph 1, letter d) of the Consolidated Finance Law)

There are no securities granting special rights of control over doBank.

e) Employee shareholding: mechanism of exercising the voting right (pursuant to Art. 123(2), paragraph 1, letter e) of the Consolidated Finance Law)

There are employee shareholding schemes in doBank. For an overview, we refer, to what is illustrated in point i) below.

f) Restrictions on voting right (pursuant to Art. 123(2), paragraph 1, letter f) of the Consolidated Finance Law)

There are no restrictions on the voting right with reference to the Issuer's shares, or mechanisms that may constitute potential restrictions.

g) Agreements between shareholders known to doBank in accordance with Art. 122 Consolidated Finance Law (pursuant to Art. 123(2), paragraph 1, letter g) of the Consolidated Finance Law)

On 19 July 2017 doBank received two communications, concerning the existence of shareholder agreements in accordance with Art. 122 of Italian Legislative Decree 58/1998 and, in particular:

1. Agreement known as "Second amendment and reaffirmation of the shareholder agreement"

Signed on 18 July 2017 between Siena Holdco S.à r.l., Verona Holdco S.à r.l. and Avio, and translated into Italian, being sworn on the same date, by the Notary Posadino of Milan.

That agreement, whose extract is available on the doBank Internet Website, at the page https://www.dobank.com/sites/default/files/assets/files/Estratto_patto_parasociale_Avio.pdf, was received by the Bank on 19 July 2017 and was filed, on the same date, at the Companies Register of Verona with effect from 21 July 2017.

2. Shareholder agreement

Signed on 13 February 2007 between Fortress and Messrs A. Nardone, Peter L. Briger Jr. and Wesley R. Edens, and translated into Italian, being sworn on 18 July 2017, by the Notary Posadino of Milan.

That agreement was also received by the Bank on 19 July 2017 and was filed, on the same date, at the Companies Register of Verona with effect from 21 July 2017.

The main provisions of the Agreement regulated: (a) the composition of the Fortress Board of Directors and (b) the right of veto due to the majority of the principals in relation to some matters reserved to the Fortress Board of Directors.

However, it is noted that on 26 February 2018 Avio communicated to doBank that that agreement ceased on 27 December 2017, following the automatic termination in conformity with its terms, as a consequence of the already cited and aforementioned acquisition operation of Fortress by SoftBank. Information on the dissolution of the Agreement was published in accordance with the law, and in particular on the doBank Internet Website.

At the date of this Report, no further agreements and/or establishment of associations or committees between Shareholders of the Bank have been received or are known to doBank.

h) Change of control clauses (pursuant to Art. 123(2), paragraph 1, letter h) of the Consolidated Finance Law) and statutory provisions on Public Takeover Bids (pursuant to Articles 104, paragraph 1(3) of the Consolidated Finance Law)

The Servicing Contract between Intesa and Italfondiario S.p.A (company of the doBank Group, as stated above) contains a change of control clause. In particular, in that contract, "change of control" means the situation where the Fortress Group does not maintain strategic involvement in the management of Italfondiario S.p.A.; that involvement would cease, inter alia, in the case where the Fortress Group no longer holds an investment of at least 51% of the share capital of Italfondiario S.p.A. or no longer has the right, directly or indirectly, to appoint the majority of members of the Board of Directors of Italfondiario S.p.A..

The Articles of Association of the Bank do not involve derogations to the provisions on the passivity rule provided by Art. 104(2), paragraphs 2 and 3 of the Consolidated Finance Law.

i) Delegations to increase the share capital and authorisations to purchase treasury shares (pursuant to Art. 123(2), paragraph 1, letter m) of the Consolidated Finance Law)

At the date of this Report, there are no delegations to issue convertible bonds or to increase the share capital (not even for the purpose of personnel incentive plans).

There are similarly no delegations or resolutions of the Shareholders' Meeting with regard to the purchase of treasury shares.

On the point, it is appropriate to note that on 21 June 2017 the Shareholders' Meeting resolved upon an incentive system linked to the Listing, known as "2017 IPO Bonus", which will be implemented by way of the assignment of Company shares in favour of relevant personnel identified by the Bank.

In order to allow for the distribution of the 2017 IPO Bonus (and, at the same time, to implement the provisions of the contract that regulates the remuneration of the Chief Executive Officer in office - for the part in shares), the Shareholders' Meeting thus resolved, at the same meeting, on an overall plan ("Stock Granting Plan"), which provides for the use of treasury shares held by the company in service of the implementation of the plan itself, such that the shares are assigned free of charge to the respective beneficiaries.

The Stock Granting Plan – which will have a term until 31 December 2024 - will therefore be implemented through the assignment of ordinary shares of the Company, in accordance with Art. 2357(3) of the Italian Civil Code and, to that end, the Company may use the treasury shares already held by the Bank up to the maximum limit of no. 1,750,000, corresponding to 2.19% of the share capital.

doBank, at the date of 31 December 2017, held no. 1,750,000 treasury shares, amounting to 2.19% of the share capital.

l) Management and coordination activity (pursuant to Art. 2497 et seq of the Italian Civil Code)

The Issuer is not subject to management and coordination activity in accordance with Art. 2497 et seq of the Italian Civil Code.

It should in fact be considered that, although Avio holds 50.1% of the doBank share capital, that controlling relationship does not translate into the exercise of management and coordination activity, as Avio does not impart directives to doBank and, more generally, does not interfere with the management of the Bank.

Therefore, the determination of the strategic and managerial guidelines of doBank and, more generally, the entire activity of the bank, are the result of free self-determination of the corporate bodies and do not involve management by Avio.

As regards the additional:

information required by Art. 123(2), paragraph 1, letter i) of the Consolidated Finance Law, we refer to the section of this Report dedicated to the remuneration of Directors;
information required by Art. 123(2), paragraph 1, letter l) of the Consolidated Finance Law, we refer to the section of this Report dedicated to the Board of Directors.

3.0 COMPLIANCE (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER A) OF THE CONSOLIDATED FINANCE LAW)

doBank has adopted the traditional governance model that is not influenced by non-Italian provisions of law.

Following the Listing, doBank joined the Corporate Governance Code of Listed Companies (available at the page http://www.borsaitaliana.it/comitato-corporategovernance/codice/codice.htm) and consequently brought its corporate governance in line with the principles and criteria indicated therein, if applicable.

In this Report, doBank intends to illustrate in detail the methods by which the Corporate Governance Code was applied by the Bank, also highlighting the principles that have been fully applied as well as those from which the Bank, even if only partly, has decided to deviate (according to the principle of "comply or explain"). In that regard, it is worth noting that doBank, as a banking company, must comply with and abide by the regulatory provisions established by the Consolidated Banking Law and by the Supervisory Provisions.

The corporate governance practices adopted by the Bank are illustrated below in this Report and further information on doBank's corporate governance structure is available on the doBank Internet Website.

4.0 DOBANK BOARD OF DIRECTORS

4.1 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123(2), PARAGRAPH 1, LETTER I) OF THE CONSOLIDATED FINANCE LAW)

In conformity with the legislative and regulatory provisions applicable to listed companies, Art. 13 of the Articles of Association establishes that the Board of Directors is appointed by the Shareholders' Meeting, based upon lists submitted by the shareholders or by the Board of Directors and in which the candidates, listed in a number no higher than 11, are combined with a sequential number.

In accordance with Art. 147(3), paragraph 1 of the Consolidated Finance Law and the Articles of Association, in addition to any list submitted by the Board of Directors, the entities legitimated to vote who, even together with others, hold overall a share of investment of at least 2.5% of the share capital having the right to vote in the ordinary Shareholders' Meeting may submit lists for the appointment of the Directors.

By CONSOB resolution no. 20273 dated 24 January 2018, the limit relating to the share of investment was fixed at 1%.

The ownership of the minimum share of investment for the submission of lists is determined with regard to shares that are registered in favour of the individual shareholder, or multiple shareholders jointly, on the day on which the lists are filed at the Company; the respective certification may even be produced after the filing provided that this occurs within the period scheduled for publication of those lists by the Company.

Every entity legitimated to vote (as well as (i) legitimated entities belonging to the same group, thereby meaning the controlling entity, even non-corporate, in accordance with Art. 2359 of the Italian Civil Code and any company controlled by or under the common control of that entity, or (ii) parties to the same shareholder agreement pursuant to Art. 122 of the Consolidated Finance Law, or (iii) legitimated entities that are otherwise connected between them by virtue of significant relationships of connection in accordance with the rules of law and/or regulations in force and applicable) may submit or contribute to submitting a single list, just as each candidate may appear in only one list under penalty of ineligibility.

Each list that has a number of candidates equal to or greater than three must be made up of candidates belonging to both genders, so as to ensure respect of the gender balance at least to the minimum extent required by the legislation, including regulatory, in force at the time.

The list of the Board of Directors, where submitted, must be filed at the Company's registered office by the thirtieth day prior to the date of the Shareholders' Meeting and form the subject of the publicity formalities provided by existing regulations.

The lists submitted by the shareholders must, under penalty of forfeiture, be filed at the registered office, even by a means of distance communication and according to methods indicated in the notice of convocation that allow for the identification of the entities filing the same, by the twentyfifth day preceding the date of the Shareholders' Meeting and they are made available to the public at the registered office, on the doBank Internet Website and by the other methods provided by existing regulations, at least twenty-one days before the date of the Shareholders' Meeting.

The lists submitted must also be accompanied, as well as by other additional documentation required by existing regulations,

(a) by information relating to the identity of the shareholders that have submitted the lists, indicating the overall percentage of investment held, notwithstanding that the certification showing ownership of that investment may be produced within the timescales indicated above;

(b) by a declaration of the shareholders other than those that hold, even jointly, a controlling or relative majority investment, certifying the absence of relationships of connection, even indirect, in accordance with the legislation, including regulatory, in force at the time, with the latter;

(c) by comprehensive information on the personal and professional characteristics of the candidates with any indication of the suitability to be classified as Independent Directors in accordance with the regulations in force at the time, as well as by a declaration by those candidates certifying possession of the requirements provided by the legislation, including regulatory, in force each time and by the Articles of Association, therein including those of integrity and, where applicable, independence, and by their acceptance of their candidacy and the role, if elected;

(d) by any other further or different declaration, information and/or document provided by the legislation, including regulatory, in force each time.

The lists for which the requirements indicated above are not respected are considered not to have been submitted.

Each entity entitled to vote may vote upon a single list and the vote of each shareholder will concern the list and, consequently, all the candidates indicated on it, with no possibility of variations, additions or exclusions.

Based upon the provisions of the articles of association, the election of the Board of Directors occurs, at the end of the vote, in accordance with what is indicated below:

(i) all directors to be elected, except 1, are taken from the list that came first by number of votes, in the sequential order in which they are indicated on that list;
(ii) the remaining director to be elected, in possession of the independence requirements, is taken from the list that came second by number of votes and that is not connected, in any way, even indirectly, in accordance with the legislation, including regulatory, in force each time, with the entities legitimated to vote who submitted or voted on the list that came first; the first candidate in sequential order of the list in possession of the independence requirements is therefore elected;
(iii) if the first two lists have obtained the same number of votes validly expressed in the Shareholders' Meeting, the list that was submitted by the shareholders in possession of the bigger investment prevails;
(iv) if the number of candidates included in the submitted lists, both of majority and minority, is less than that of the Directors to be elected, the remaining Directors are elected by resolution made by the Shareholders' Meeting by relative majority, ensuring respect of the principles of independence and gender balance required by the legislation, including regulatory, in force each time. In the case of equal votes between the candidates, a second ballot will be held between the same by way of further Shareholders' Meeting vote;
(v) if only one list has been submitted, the Shareholders' Meeting expresses its vote on it and if the same obtains the relative majority of the votes represented in the Shareholders' Meeting, the candidates listed in sequential order, up to the number fixed by the Shareholders' Meeting, are elected as directors, ensuring respect of the principles of independence and gender balance required by the legislation, including regulatory, in force each time;
(vi) if no list has been submitted or if only one list has been submitted and the same does not obtain the relative majority of votes represented in the Shareholders' Meeting, the Shareholders' Meeting resolves according to the methods indicated in paragraph (iv) above;
(vii) if the necessary minimum number of Independent Directors and/or Directors belonging to the least represented gender has not been elected, the Directors on the List which came first, marked by the highest sequential number and not having the requirements in question, are replaced by the next candidates having the necessary requirement or requirements belonging to the same List;
(viii) if, even applying the replacement criteria indicated in paragraph (viii) above, suitable replacements are not identified, the Shareholders' Meeting resolves by relative majority. In that circumstance, the replacements will be made starting with the lists gradually most voted and the candidates marked by the highest sequential number;
(ix) the list voting procedure, described in this paragraph, applies only in the case of appointment of the entire Board of Directors. If the entire Board of Directors does not have to be renewed or if it is not possible for any reason to appoint the Board of Directors by the methods provided by this paragraph, the Shareholders' Meeting resolves according to the methods indicated in paragraph (iv) above.

In the event of termination from office, for any reason, of one or more directors, they are replaced according to the following methods:

(i) if the outgoing director is taken from a minority list, and provided that the majority of the directors is still made up of directors appointed by the Shareholders' Meeting, the Board of Directors will appoint the replacement by way of co-opting in accordance with Article 2386 of the Italian Civil Code, by resolution approved by the Board of Auditors, from candidates belonging to the same list as the outgoing director, if they are in possession of the necessary requirements and willing to accept the role. If, for any reason, there are no names available and eligible or if the outgoing director is taken from the majority list, the Board of Directors will appoint the replacement or replacements by co-opting in accordance with Article 2386 of the Italian Civil Code without restrictions on the choice of members of the lists submitted in turn.
(ii) If the Shareholders' Meeting must proceed in accordance with law to appoint the directors required to supplement the Board of Directors as a result of termination, the provisions of the Articles of Association will be followed, namely:
(a) if it necessary to replace one or more members of the Board of Directors taken from the majority list, the replacement will occur by decision of the ordinary Shareholders' Meeting which resolves with the relative majority of the votes represented therein, without restrictions on the choice between the members of that list submitted in turn;
(b) if, on the other hand, it is necessary to replace the member of the Board of Directors taken from the minority list, the Shareholders' Meeting proceeds, with the vote assumed by relative majority of the votes represented therein, to choose them, where possible, from the candidates indicated in the list of which the replaced director formed part, who have confirmed in writing, at least 10 (ten) days before that fixed for the Shareholders' Meeting, their candidacy, together with declarations on the absence of causes of ineligibility or forfeiture, as well as the existence of the requirements laid down by the legislation, including regulatory, in force each time or by the Articles of Association for the assumption of the role. If that replacement procedure is not possible, that member of the Board of Directors will be replaced by resolution to be made with the relative majority of the votes

represented in the Shareholders' Meeting, in respect, where possible, of the representation of minorities.

(iii) The replacements indicated above must, in any case, be made in respect of the legislation, including regulatory, in force each time on gender balance and the minimum number of Independent Directors.
(iv) The Directors appointed by the Shareholders' Meeting in replacement of the outgoing members expire together with those in office at the time of their appointment.

Finally, every time, for any reason or cause, the majority of Directors appointed by the Shareholders' Meeting is no longer in place, the entire Board of Directors is understood to be forfeited and the Directors remaining in office must convene the Shareholders' Meeting to appoint the new Board of Directors.

4.1.1 Succession plan in the case of absence or impediment

In compliance with the Supervisory Provisions on the definition of succession plans for the senior positions of banks of larger dimensions or with particular operating complexity, on 27 June 2017 the Board of Directors, with the support of the Appointments and Remuneration Committee, established at that time, and based upon the analyses performed by the Group's Resources & Transformation Function, approved a specific procedure, to be applied in the case of impediment to the exercise of powers and functions attributed to the Chief Executive Officer. That procedure, which also satisfies the requirements identified by Application Criterion 5.C.2 of the Corporate Governance Code, provides:

1) in the case of short-term temporary impediment, classifiable at 30 calendar days (due to sickness or accident or any cause that prevents normal working activity), the ordinary business and Group management is entrusted ad interim to the Chief Financial Officer. Upon the removal of the impediment to the exercise of his powers by the Chief Executive Officer, the temporary powers assigned to the Chief Financial Officer cease, unless otherwise resolved by the Board of Directors;
2) in the case of full and permanent impediment of the Chief Executive Officer, the ordinary business and Group management is entrusted ad interim to the Chief Financial Officer for the time necessary for the Board of Directors, with the support of the Appointments Committee, to identify, select and enter into a contract with the new Chief Executive Officer.

When the Board of Directors appoints the new Chief Executive Officer, the delegations granted to the Chief Financial Officer cease and, based upon the Articles of Association and the new delegations granted, the ordinary management will transfer to the full powers of the newlyappointed Chief Executive Officer.

Therefore, the Company, in view of the provisions on Succession Plans fixed by the Supervisory Provisions, by the Corporate Governance Code and by the CONSOB guidelines as well as taking account of market best practices and the recommendations contained in the letter sent by the Chairman of the Corporate Governance Committee to the Chairmen of the Board of Directors of Italian listed issuers on 13 December 2017, has deemed it appropriate to update the succession plan adopted as stated above and, with the agreement of the Appointments Committee (meeting on 18 December 2017), has planned to develop by the first half-year of 2018 a "CEO Contingency Succession Plan" which involves - procedurally - the detailed actions to be undertaken in the presence of sudden and unforeseeable events preventing the Chief Executive Officer, during his mandate, from exercising his functions.

4.2 COMPOSITION (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTERS D) AND D(2) OF THE CONSOLIDATED FINANCE LAW)

In accordance with Art. 13 of the Articles of Association, the Company is managed by a Board of Directors consisting of a number of directors no less than 7 and no more than 11, elected by the Shareholders' Meeting which, prior to the election, determines its number.

The Shareholders' Meeting itself determines its duration in office, notwithstanding that the latter may not be less than one financial year or more than three financial years, with effect from acceptance of the role and expiry at the date of the Shareholders' Meeting convened to approve the financial statements relating to the final financial year of the role.

The members of the Board of Directors may be re-elected.

In relation to the requirements of professionalism and considering the importance that the same hold to ensure the good functioning of the management body, the Regulation of the doBank Board of Directors (found on the doBank Internet Website at the page https://www.dobank.com/it/governance/consiglio-di-amministrazione, to which reference is made for completeness of information) provides additional requirements that the Directors must possess in addition to the requirements provided by existing regulatory and legislative provisions.

The Directors must possess at least one of the following requirements of experience and knowledge, acquired through studies or long-term experience of administration, management and control in (i) the financial sector or (ii) enterprises or entities of significant economic dimensions and proven standing or (iii) the exercise of professional activities or university teaching in legal or economic subject:

knowledge of banking business and assessment and management techniques of risks connected to the exercise of banking activity;
experience of business management and organisation;
capacity to read and interpret the financial statements data of companies or entities;
expertise of corporate nature (audit, compliance, legal, corporate, etc.);
knowledge of regulations of banking or financial activity;
knowledge of global dynamics of the economic-financial system;
experience and knowledge of the markets.

The Board of Directors assesses the existence of the requirements for its members after the appointment, giving information to the market of the outcomes of that verification by way of a press release and subsequently, on an annual basis, providing the respective results as within the Corporate Governance Report.

In accordance with the provisions laid down by Art. 13, paragraph 5 of the Articles of Association, a number of Directors no less than that provided by the legislation, including regulatory, in force each time (currently a number no less than 2), must possess the independence requirements established by law and by the regulatory provisions (independence requirements provided by Art. 3 of the Corporate Governance Code).

The Board of Directors, consequently, assesses the existence of the independence requirement declared by the directors with regard to substance, rather than form, and that assessment is made after the appointment of a new Director who is classified as independent and on an annual basis, for all Directors.

To that end, the Board of Directors, based upon the declarations made by the directors and from the information gathered, examines any further available evidence, even possibly attributable to relationships held, even indirectly, by the director with the Group and their significance with the economic and financial situation of the interested party.

The Board of Auditors verifies the correct application of the criteria and procedures adopted by the Board of Directors, supported by the Appointments Committee, for the purposes of the aforementioned assessment, and both outcomes (Board assessments and Board of Auditors verification) are communicated to the market.

The Board of Directors currently in office was appointed by the Shareholders' Meeting on 30 October 2015 (with the favourable votes of the then sole director Avio and based upon the proposal made by the same) which as a priority determined its number at 9 members, and fixed its expiry to the date of the Shareholders' Meeting convened to approve the financial statements of the 2017 Financial Year.

Avio S.à r.l., with the aim of achieving the composition of the Board of Directors deemed optimal in relation to achieving the objective of correct fulfilment of its functions, to identify the directors appointed to make up to the management body of doBank, indicated profiles adequate to the dimensions and complexity of the Bank's organisational structure, so as to allow for the control of the entire company operations, also as regards management and controls.

Consequently, within the Board there are numerous members having the professionalisms necessary for adequate internal dialectics as well as an adequate number of independent members (this requirement was also ascertained during the Listing) in accordance with the Corporate Governance Code.

In the Financial Year no changes occurred within the Board of Directors, while during 2016, as a result of resignations, the Directors Fausto Galmarini, Wesley Robert Edens and Randal Alan Nardone were replaced in their roles (initially by co-opting, then subject to appointment by the Shareholders' Meeting) by: Dr Andrea Mangoni, Mr Edovige Catitti and Dr Giuseppe Ranieri. The doBank Board of Directors currently consists of:

•	Chairman	Giovanni Castellaneta
•	Chief Executive Officer	Andrea Mangoni
•	Director	Fabio Balbinot
•	Independent Director	Edovige Catitti
•	Director	Francesco Colasanti
•	Independent Director	Nunzio Guglielmino
•	Independent Director	Giovanni Lo Storto
•	Director	Giuseppe Ranieri
•	Director	Charles Robert Spetka

For each Director, a brief curriculum vitae is given below, and, in Table 2 at the foot of this report, further relevant information.

Giovanni Castellaneta, born in Gravina in Puglia (BA) on 11/09/1942, graduated in Law from the La Sapienza University of Rome. He was Italian Ambassador to Australia (and to some Pacific States), Iran, Government Representative in Albania and Italian Ambassador to the United States (2005-2009), at the Organization of American States (OSA) and the Bahamas. He assumed the role of Diplomatic Counsellor of the President of the Council and his personal representative for the G7/G8 Summits from 2001 to 2005. In addition, from 2002 to 2012 he covered the role of Board Director of Leonardo/Finmeccanica and Vice Chairman of the homonymous Group. From 2010 to 2016 he was Chairman of the Board of Directors of SACE and from 2012 to 2017 he covered the role of Chairman of Italfondiario S.p.A. He was Senior Advisor for Italy of Fortress Investment Group. Currently, as well as covering the role of Chairman of the Board of Directors of doBank, he is also Chairman of the Board of Directors of the company Torre SGR S.p.A., since 2013. He has also been Chairman of Milano Sesto S.p.A. since March 2014 and was appointed Secretary General of the Adriatic Ionian Initiative (AII) in June 2017.

Andrea Mangoni has, since April 2016, been Chief Executive Officer of doBank. Born in Terni in 1963, he graduated in Economic Sciences and begun his career working with the Inter-American Development Bank, dealing with restructuring projects in Brazil and Argentina. In 1996 he covered in Acea the role of Head of Extraordinary Finance and coordinated the activities relating to the Company's placement on the stock market, occurring in 1998. Thereafter, he became Head of Planning and from 2001 CFO. In 2003 he was appointed Chief Executive Officer. In 2009 he joined Telecom Italia in the role of Group CFO and operational Chairman of Telecom Italia Sparkle, a company responsible for managing traffic and the international network. In 2012 he was appointed International Operations General Manager of Telecom Italia and managed, amongst other things, the crisis and re-launch of Tim Brasil, becoming its CEO. From June 2013 to March 2015 he held the role of Chairman and CEO of Sorgenia (CIR Group), and managed the financial restructuring of the company. In 2015 he covered the role of General Manager of Fincantieri.

Fabio Balbinot, born in Conegliano (TV) on 02/02/1973, graduated in Economics from the University of Trieste. Until 2001 he worked in some companies of the Montedison group and the CIR group as Financial Controller, while from 2001 to 2004 he covered various roles in the finance and M&A area within Pirelli RE (now Prelios). From 2005 to 2017 he covered the role of Senior Vice President of Fortress Investment Group and from 2010 to 2016 the role of Board Directors of Torre SGR S.p.A. Since 2010 he has been General Manager of Italfondiario S.p.A. and from 2011 to February 2017 he covered the role of Chief Executive Officer of Italfondiario S.p.A. of which he is currently Board Director. Since 2015 he has covered the role of Board Director of BCC Gestione Crediti S.p.A.. From 15 May 2017, he took on responsibility for the Administration, Finance and Management Control function of doBank in the capacity of Group Chief Financial Officer.

Edovige Catitti, born in Bisenti (TE) on 03/09/1947, graduated in law from the University of Rome and later obtained a Master's in Business Administration (MBA) from the Bocconi University in Milan. He was Director of the Milan Branch of the National Institute of Building Credit from 1988 to 1992 and from 1992 to 1995 he directed the Commercial Area of that Institute at the Rome Office. Previously, he worked at the Italian Institute of Land Credit in Rome and Milan where, in particular, he dealt with urban planning law and the investigation of financial/real estate transactions. From June 1995 to 2011 he was General Manager of Aareal Bank Italia, branch of Aareal Bank AG based in Wiesbaden (Germany). From January 2012 to December 2013 he was Director of the business consultancy company Ad Advisory S.r.l., which operates in the sector of restructuring of real estate finance transactions. From January 2012 to October 2013 he was also Board Director, on behalf of Banca Monte dei Paschi di Siena, of the Companies Trixia S.r.l., based in Milan and Le Robinie S.p.A. based in Reggio Emilia. From October 2013 to July 2017 he worked for the Leonardo Caltagirone Group as Director of numerous Group companies. Since January 2016 he has been Adjunct Professor of Real Estate Finance at the LUISS Business School.

Francesco Colasanti, born in Frosinone on 29/12/1975, graduated in Economics from the LUISS Guido Carli University of Rome. Since 2001 he has worked at Fortress Investment Group where he currently covers the role of Managing Director, responsible in Europe for the Private Equity funds. Within the Group he also covers the role of Chief Investment Officer of the Fortress Italian NPL Fund and Investment Manager of Eurocastle (listed company managed by Fortress - ECT.AS). He has participated in the main investment processes of the Fortress Group in the NPL sector and in the real estate sector. Since 2005 he has contributed to the creation and growth, on behalf of the Fortress Group, of Torre SGR S.p.A., for which since 2009 he has covered the role of Director. From 2000 to 2001 he worked at PricewaterhouseCoopers in the Audit and Transaction Support team.

Nunzio Guglielmino, born in Rome on 14/01/1946, graduated in Law and Political Sciences from the University of Rome. From 1980 to 1984 he was an official at the Ministry of the Treasury and from 1984 to 1993 he covered the role of Councillor for Economic and Monetary Affairs at the Permanent Representation of Italy in Brussels, actively participating in meetings of the Council of Financial Ministers of the European Union (ECOFIN) and contributing to preparing the Maastricht Treaty. From 1993 to 1995 he worked at the Ministry of Economy and Finance and, in 1996, he was appointed General Manager at the Treasury Department of the Ministry of Economy and Finance. From 1993 to 2000 he was on the Board of Directors of the European Investment Bank and from 2000 to 2015 he was Deputy Governor of the Council of Europe Development Bank (CEB). He was Deputy Chairman of Poste Italiane and Board Director of Cassa Depositi e Prestiti and other companies, both public and private. He has covered since October 2016 the role of expert for consultancy activities for examining and investigating issues of Community law in the Presidency of the Council of Ministers, with a decree in the process of being renewed.

Giovanni Lo Storto, born in Troia (FG) on 03/12/1970, graduated in Economics from the LUISS Guido Carli University of Rome, of which since 2013 he has been General Manager. He was Official of the Army Administration Corps and worked in Bartolini as Branch Operations Director, at the Italian Reinsurance Union, and at Swiss Re in the CEO's staff. From 1997 to 2005 he was a lecturer in the subject and later contract professor of Economics and Management of Insurance Companies at the LUISS Guido Carli University of Rome and at the University of Aquila. He formed part of the Board of Directors of the Foundations Gerardo Capriglione and Italiacamp. Currently, he is Vice Chairman of Pola S.r.l., Chief Executive Officer of L.Lab S.r.l. and he forms part of the Board of Directors of the magazine Internazionale, the magazine Formiche, the press agency Askanews, L.COM S.r.l., the Bruno Visentini Foundation and the Mediterraneo Foundation. He is also co-founder of the business accelerator LuissEnlabs. He edited for Rubbettino the Italian edition of the book Jugaad Innovation in 2014 and in 2016 Frugal Innovation. On 25 May 2017 his book Erostudente was published.

Giuseppe Ranieri, born in Rome on 19/02/1974, graduated in Economics from the "La Sapienza" University of Rome and from 2013 covered the role of Director in Fortress Investment Group. From 1998 to 1999 he worked as an analyst at Nusa SIM S.p.A. and later, from 2000 to 2005, as Manager at PricewaterhouseCoopers-Transaction Services. From 2005 to 2009 he worked at Morgan Stanley Real Estate Fund and Prelios S.p.A., and from 2009 to 2012 at First Atlantic Real Estate NPL S.p.A. (now Frontis S.p.A.).

Charles Robert Spetka, born in Ohio (USA) on 30/08/1962, graduated in Electronic Engineering from Pennsylvania State University and holds a Master's in Business Administration from the University of North Carolina. Until 1997 he worked at Goldman Sachs as a Trader, specialising in commercial mortgage-backed securities, HUD project loans and commercial performing and nonperforming loans. From 1997 to 2003 he covered the role of Chief Executive Officer Real Estate Debt Investment of GMAC Commercial Mortgage Corporation. From 2003 to 2013 he performed the role of Chief Executive Officer of CW Financial Services. From 2013 he covered the role of Managing Director for Fortress Investment Group.

It is noted that all members of the current Board of Directors, including those who rotated in their roles after the initial appointment, and thus in the period between 30 October 2015 and the approval of this Report, are in possession of the requirements laid down by law and by the applicable regulatory provisions.

As noted above, on the occasion of the next Shareholders' Meeting, convened for 19 April 2018, the Shareholders will be asked to resolve, inter alia, on the appointment of the new directors. In that regard, it is emphasised that that renewal is the first, after the admission of the doBank shares to the MTA, and that, for the first time, the appointments will be made based upon the list vote mechanism, as regulated by the Articles of Association and described in Section 4.1 of this Report. The Company is also required to comply for the first time with the provisions on gender balance in the composition of the management body (in accordance with Art. 147(3), paragraph 1(3) of the Consolidated Finance Law and without prejudice to the provisions of Art. 2 of Italian Law no. 120 dated 12 July 2011).

In view of the appointment of the new directors, the doBank Board of Directors, with the support of the Appointments Committee (in accordance with Application Criterion 5.C.1 of the Corporate Governance Code), has taken steps to identify the theoretical profile of the candidates for appointment, therein including the managerial, professional (in accordance with Application Criterion 1.C.1, letter h)), integrity and independence characteristics and, during the meeting on 8 March 2018, it approved the document entitled "Guidelines on the optimal qualitative and quantitative composition of the Board of Directors". That document contains, precisely, guidelines, suggestions and indications deemed useful, so that the lists of candidates, which will be submitted by the Shareholders for the appointment of the new management body, are adequate to the responsibilities assumed by the respective members, even possibly within the Board Committees as well as being compliant with the applicable regulations and best practice in that regard.

4.2.1. Diversity Policies

The "Policy on the Composition of the Corporate Bodies", approved by the Board of Directors on 9 November 2017, contains provisions on diversity policies in relation to the composition of the management and control bodies, concerning gender and the training path that the company representatives must possess. In that regard, the Board of Directors has favoured the existence of those characteristics irrespective of the age of the individual.

Those policies, with particular reference to gender diversity, will be applied for the first time upon the renewal of the roles scheduled upon the approval of the financial statements at 31 December 2017 in application of the provisions of Italian Law no. 120 dated 12 July 2011, which imposed the obligation of reserving a certain share of the members of the Board of Directors of listed companies to the least represented gender.

Considering also the provisions of Art. 2 of the Law cited above, the outgoing Board has recommended that at least one-fifth of the members of the new management body are reserved to the least represented gender.

4.2.2. Maximum accumulation of assignments held in other companies

Without prejudice to respecting the limits on the number of assignments that the members of the management body may hold in accordance with the legislation, including regulatory, the Board of Directors, on 9 November 2017, approved a policy on the composition of the corporate bodies, in which it also identified and defined, inter alia, the maximum number of assignments, of management and control, in other companies (as illustrated below), that may be considered compatible with the effective conduct of the role of doBank director, and this also takes account of the participation of the directors in the Board Committees. The Directors are therefore required to inform the Bank of assignments held at other companies or entities.

Table 2, at the foot of this Report and cited in point 4.2 above, provides evidence, in conformity with the provisions of the Corporate Governance Code, of the number of assignments of management and control that the doBank directors have communicated to cover in other companies listed on regulated markets, in financial, banking, insurance companies or those of significant dimensions.

The policy cited above specifies that these are without prejudice, in any case, to the requirements that may derive from the emanation of the expected implementing Ministerial Decrees of Art. 26 of the Consolidated Banking Law (as amended by Italian Legislative Decree no. 72 dated 12 May 2015, incorporating the so-called CRD IV Directive into the Italian legal system).

The policy notes in addition the prohibition indicated in Article 36 of Italian Law no. 214 dated 22 December 2011 (known as "Interlocking" prohibition) and the related obligation of any directors who hold incompatible roles to communicate the exercised option, within the deadline of 90 days from appointment, notwithstanding that, once that period has elapsed with no communication being made, they forfeit both roles. To that end, the directors must certify annually that they do not cover roles in management, supervision and control bodies in competing enterprises or groups of enterprises to allow the Board to make its annual assessment. That verification was renewed with a positive outcome by the Board of Directors also with reference to the Financial Year.

* * * * *

Based upon the adopted policy:
the doBank executive directors in addition to the role covered in doBank may not cover the role of:
executive director in more than 2 other companies listed on the regulated markets, Italian or foreign, or in unlisted financial, banking or insurance companies or those of significant dimensions;
non-executive director or statutory member of the control body in more than 4 other companies listed on regulated markets, Italian or foreign, or in unlisted financial, banking or insurance companies or those of significant dimensions;
the independent directors in addition to the role covered in doBank may not cover the role of:
executive director or non-executive director or statutory member of the control body in more than 10 other companies listed on the regulated markets, Italian or foreign, or in unlisted financial, banking or insurance companies or those of significant dimensions.
the non-executive directors in addition to the role covered in doBank may not cover the role of:
executive director or non-executive director or statutory member of the control body in more than 12 other companies listed on the regulated markets, Italian or foreign, or in unlisted financial, banking or insurance companies or those of significant dimensions;

specifying that the scope of application of the limit to the accumulation of roles of administration, management and control covered by doBank Directors excludes companies:

controlling doBank, both directly and indirectly;
belonging to the doBank group, therein including companies directly or indirectly invested by doBank.

In coherence with Application Criterion 2.C.5 of the Corporate Governance Code, the doBank Chief Executive Officer may not assume the role of Director of another issuer, not belonging to the group headed by doBank, and of which a doBank Director is Chief Executive Officer.

The current composition of the Board of Directors reflects the above general criteria.

4.2.3. Induction and recurring training initiatives

On 1 August 2017, at the initiative of the Chairman of the Board of Directors and the independent directors of doBank, in conformity with Application Criterion 2.C.2 of the Corporate Governance Code, a training day was held on the issue of "market abuse", with the support of external specialist consultants. That initiative, which saw the distribution of specific training material, was held at the Company's registered office, and was attended by all Directors and Statutory Auditors. In addition to the direct aim of satisfying training requirements, the initiative increased the cohesion between the members of the corporate bodies.

4.3 ROLE OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER D) OF THE CONSOLIDATED FINANCE LAW)

In conformity with existing regulations aimed at companies with shares listed on regulated markets and in compliance with the recommendations of the Corporate Governance Code, the Board of Directors covers a central role in the Company's governance model.

In that regard, Art. 17 of the Articles of Association provides that the Board of Directors is invested with all powers for the ordinary and extraordinary management of the Company, except those reserved by law or by the Articles of Association to the Shareholders' Meeting.

The matters under the exclusive remit of the Board include, in particular: i) the approval of the organisational and corporate governance structure of the Bank, guaranteeing the clear distinction of duties and functions as well as the prevention of conflicts of interest; ii) the approval of accounting and reporting systems; iii) supervision of the process of public reporting and communication of the Bank; iv) the duty of ensuring effective dialectics with the management function and with the heads of the main company functions and to verify over time the decisions and choices made by them.

The following resolutions are under the exclusive remit of the Board of Directors:

the appointment and revocation of the Chief Executive Officer as well as the manager in charge of preparing the corporate accounting documents;
the general guidance as well as the adoption and modification of business, strategic and financial plans of the Company and the Group;
the quarterly assessment of the general performance of company management, based upon information received from the delegated bodies and comparing the results achieved with those planned;
the adjustments of the Articles of Association that become necessary to guarantee their conformity with the regulatory provisions applicable each time;
the definition of the remuneration and incentive systems at least for the following entities; the executive directors; the heads of the main business lines, company functions or geographic areas; those who report directly to the bodies with strategic supervision, management and control function; the managers and personnel of the highest level of the company control functions;
the merger by incorporation of companies in the cases provided by Articles 2505 and 2505(2) of the Italian Civil Code;
the demerger in the cases provided by Art. 2506(3) of the Italian Civil Code;
the reduction of the capital in the case of shareholder withdrawal;
the indication of which persons, in addition to those indicated in these articles of association, are responsible for representing the Company;
any establishment of committees or commissions internal to the Company Bodies with investigatory, advisory and proactive or coordination functions, also with the aim of ensuring that the corporate governance system complies with existing recommendations on corporate governance, determining, at the time of constitution, their members, duration, powers and rights;
the risk management policies, as well as the assessment of the functionality, efficiency, effectiveness of the Internal Controls System and the adequacy of the organisational, administrative and accounting structure;
the determination of the criteria for the coordination and management of the Group companies, also by way of specific regulations, and the determination of the criteria for executing the instructions of the Bank of Italy;
the acquisition and sale of strategic investments, businesses and/or business branches, subject to what is established by Art. 2361, second paragraph of the Italian Civil Code;
the approval and amendment of the main internal regulations;
the acquisition and sale of properties;
the appointment and revocation, having heard from the Board of Auditors, of the managers of the internal audit, compliance, risk control and anti-money laundering functions as well as the approval and modification of the respective function regulations;
the establishment and organisation, also for the purposes of allocating the power of signature, in Italy and abroad, of secondary offices, branches, agencies, cashiers and representative offices as well as their closure.

The Board of Directors, also by way of the Board Committees for the respective areas of activity, has assessed and overseen, insofar as it is responsible, the adequacy of the organisational, administrative and accounting structure, with particular reference to the internal control and risk management system; that activity is implemented by way of the competent company functions, which have duly reported in that regard to the Board of Directors.

Similarly, the Board of Directors has implemented that assessment and supervision over the subsidiary companies, through the implementation and continuous application of the Group's "Corporate Governance Project", approved by it and which identifies, on one side, precise responsibilities of the Parent Company and the subsidiary companies, in the context of a univocal and reciprocal assumption of commitments and, on the other, the tools used by the Parent Company to exercise its role of guidance, governance and support for the Group.

In that regard, it is noted that, in the Group's governance model, the organisational, administrative and accounting structure, as well as the internal control systems adopted by the subsidiary companies, provide for the centralisation of some important functions at the parent company. In particular, the Group's governance system involves the centralisation at doBank of the company control functions (i.e. risk management, compliance and anti-money laundering functions, i.e. the so-called "second level" control functions, as well as the internal audit function, a control function known as "third level") and specific corporate functions (human resources management; occupational safety; logistics; procurement; administration, finance and control, including: treasury, accounting, financial statements, reporting, etc.; communication; product development; legal and corporate affairs; extraordinary finance and organisational support).

In respect of the corporate governance project, the subsidiary companies of doBank: (i) are required to implement the provisions issued by the Parent Company in execution of instructions imparted by the Bank of Italy in the interest of the Group's stability as well as to provide to the Parent Company itself all data and information useful for those purposes; (ii) pursue the respective corporate purpose, aiming to achieve objectives of quality, efficacy and overall efficiency, as well as conformity with the relevant regulations; (iii) operate in accordance with the policies and guidelines formulated by doBank, in respect of their legal autonomy and the principles of correct corporate management; (iv) communicate to doBank the necessary data and information for the purposes of exercising the management, coordination and control activities under its remit and collaborate to respect the rules on consolidated supervision.

In accordance with the Supervisory Provisions on corporate governance and the Corporate Governance Code, coherently with the provisions at statutory level and in its Regulation, the Board of Directors, inter alia:

(a) defines the nature and risk level compatible with the strategic objectives of the Bank, including in its assessments all risks that may become significant in the perspective of the medium to long-term sustainability of the Bank's activity; it approves the business model, in awareness of the risks to which that model exposes the Bank; it approves the governance policies of the risks to which the Bank may be exposed, as well as the risk targets and tolerance thresholds;

(b) approves the policies and processes of assessment of the company activities, and, in particular, the financial instruments, verifying their constant adequacy; it also establishes the maximum limits to the Bank's exposure towards financial instruments and products of uncertain or difficult assessment;
(c) approves the process for the development and validation of internal risk measurement systems not used for regulatory purposes and periodically assesses their correct use;
(d) defines the process for approving new products and services, launching new activities, entering new markets;
(e) approves the company policy on outsourcing of company functions;
(f) in order to attenuate the Bank's operating and reputational risks and to encourage the dissemination of a culture of internal controls, approves a Code of Ethics with which the members of the Company Bodies and employees must comply. The code defines the standards of conduct (e.g. ethical principles and rules to be observed in relationships with customers) on which the company activity must be based;
(g) approves the internal systems of reporting violations;
(h) in relation to ICT approves:
(i) the development strategies of the information system and the relevant model for the system architecture;
(ii) the IT security policy;
(iii) the guidelines on selecting personnel with technical functions and acquisition of systems, software and services, including the use of external suppliers, and promotes the development and sharing and update of knowledge in the ICT field;
(iv) the organisational and methodological framework of reference to the ICT risk analysis;
(v) the propensity to the ICT risk, in conformity with the risk objectives and the framework of reference for determining the risk appetite defined at company level in the "Risk Appetite Framework" (RAF);
(vi) the company documents provided by the regulations for the management and control of the information system; the Board of Directors is informed, at least on an annual basis, of the adequacy of the services provided and the support of those services to the evolution of business operations in relation to the costs incurred and, promptly, in the case of severe problems for the company activity deriving from incidents and malfunctioning of the information system;
(i) in relation to business continuity:
(i) defines the business continuity objectives and strategies of the service, guaranteeing adequate human resources, technological and financial resources;
(ii) approves the operational continuity plan and subsequent amendments following technological and organisational adjustments, accepting the residual risks not managed by the operational continuity plan, promoting in addition its development, periodic control and update in the face of significant innovations, or deficiencies/gaps or supervening risks;
(iii) appoints the manager of the operational continuity plan;
(iv) approves the annual plan of verifications of the operational continuity measures and examines the results of the tests documented in writing;

(k) defines the criteria for identifying the most significant operations to be submitted for prior approval by the Risks and Transactions with Connected Persons Committee, and resolves on the transactions with related parties and connected persons in accordance with the procedures adopted in that sense;

The Board also guarantees that:

(i) the implementation of the relevant framework for determining the risk propensity "Risk Appetite Framework" (RAF), is coherent with the approved risk targets and tolerance thresholds (where identified); in that context, the Board of Directors periodically assesses the adequacy and effectiveness of the RAF and the compatibility between the actual risk and the risk targets;
(ii) the strategic plan, the RAF, the Internal Capital Adequacy Assessment (ICAAP) process, the budgets and the Internal Controls System are coherent, also considering the evolution of the internal and external conditions in which the Bank operates;
(iii) the quantity and allocation of capital and liquidity held are coherent with the risk appetite, the risk governance policies and risk management process;
(iv) at least on an annual basis, the activity programme is approved by the Board itself (including the audit plan) and the annual reports prepared by the company control functions (compliance, internal audit and risk management) are identified. In that context, the Board of Directors also approves the long-term audit plan.

4.3.2 Meetings and functioning

During 2017, the Board of Directors held 17 meetings, each with average duration of 2 hours and 25 minutes. With reference to the percentage of attendance of each director, see Table 2, at the foot of this Report.

Beyond the board meetings, the Directors participated, on 6 February 2017 and 18 September 2017, in two "off agenda" investigation and analysis meetings in relation, respectively, to the preparation of the 2017/2020 budget/business plan and to the possible investment operation in the closed-ended fund Atlante II.

For the 2018 financial year, 13 meetings are planned, 4 of which have already been held at the date of this Report.

The planning of the items on the agenda of the various meetings of the Board of Directors is the responsibility of the Chairman. The Chairman also ensures that, during the meetings, the Board of Directors dedicates the time necessary to the matters to be discussed and stimulates the directors so that they may provide their precious contribution, functional to a constructive debate.

The Articles of Association provide, at Art. 16, that the Board of Directors is convened, even by means of telecommunication, at the registered office of the Company or elsewhere, both in Italy and abroad, at intervals usually not exceeding three months and, in any case, every time the Chairman deems it necessary or a request is made by the Chief Executive Officer or by at least two directors (at least three days before the date fixed for the meeting - in the case of urgency, the Board may be convened at least 24 hours before the meeting).

The Board of Directors may also be convened at the initiative of the Board of Auditors.

Again in accordance with Art. 16, paragraph 4 of the Articles of Association, in the absence of convocation, the Board of Directors is validly constituted when the majority of the Directors and Auditors in office are in attendance, including in any case the director appointed from the minority list, and all those entitled have been informed in advance of the meeting.

The Articles of Association also allow for the attendees at the meeting of the Board of Directors to attend remotely, using telecommunication systems (including audio/video links), provided that each of the attendees can be identified by all the others and that each is able to intervene in real time in the discussion of the matters examined, as well as to receive, send and read documents.

In order to allow for adequately informed and aware participation by all directors and thereby to allow the same to express themselves in awareness of all matters being resolved, the Regulation of the Board of Directors (approved in the updated version on 17 October 2017) provides that the notice of convocation must contain the agenda of the points in discussion and that appropriate documentation in support of the proposal and the related necessary information is made available to the Directors, at least 2 days before the board meeting or, in the case of urgent convocation, at least the day before that meeting.

In that regard, it is specified that, as regards the Financial Year and in conformity with Application Criterion 1.C.5 of the Corporate Governance Code, the Chairman of the Board of Directors acts as the diligent party not only in ensuring that the documentation, relating to the various items on the agenda of the various board meetings, is available to all directors and auditors in respect of the timescales indicated above, but that that documentation, on many occasions, is made available even with longer advance notice.

The Chairman of the Board of Directors, in accordance with Art. 16 of the Articles of Association, may invite personnel of the Company and/or the Group, or third parties, to attend at meetings of the Board, if this may be of assistance in discussing the items on the agenda. In that regard, for the Financial Year, there was, at the invitation of the Chief Executive Officer or the Chairman, effective participation of managers of the Company at the meetings of the Board of Directors, on individual matters on the agenda (Application Criterion 1.C.6 of the Corporate Governance Code).

4.3.3 Self-assessment

In conformity with the contents of the Supervisory Provisions on corporate governance and on compliance with the "Regulation of the Self-Assessment Process of the Board of Directors" approved on 2 March 2017, the Board of Directors itself performed the self-assessment process, with reference to the period between 15 July 2016 (completion date of the current composition of the Board of Directors, coinciding with the appointment, by the Shareholders' Meeting, of the Director Dr Giuseppe Ranieri) and 14 July 2017 (start date of trading of the Bank's shares on the MTA).

That process was conducted with the involvement and support of an external consultant (independent expert able to ensure autonomy of judgment), as a professional identified by the Chairman of the Board of Directors in compliance with the proposal of the Appointments and Remuneration Committee established at that time.

More specifically, the self-assessment process was structured into: (i) an investigation phase, gathering information through the completion of questionnaires and subsequent interview with all directors by the expert; (ii) a phase of development and preparation of the outcomes of the assessment, identifying the strengths and weaknesses ascertained; (iii) a preparation phase of the summary document of the outcomes of the process, which ended with the collegial discussion of the same, during the board meeting on 17 October 2017.

The self-assessment process revealed that:

a) the functioning of the Board of Directors, as well as the Board Committees, is essentially correct and effective. The composition of the Board of Directors, in both qualitative terms (also by virtue of the positive professional complementary expertise identified) and numerical terms, is adequate to the role that those boards are asked to play; the Board Directors, despite generally being burdened by significant professional duties, in addition to those resulting from the assignment covered in doBank, ensure their constant commitment, both in terms of time and physical presence, in the discussion of complex and time-consuming activities of the Bank and the Group.
b) the Board of Directors, together with the Chief Executive Officer and with the contribution provided by the Board Committees, as well as with the support of the Board of Auditors, has brought to completion, in light of the changes linked to the evolution of the activity and the context in which the Bank and the Group work, strongly determined by the current board structure, not only the update of the internal regulations controlling the entire Group but, also, with every related regulatory and organisational fulfilment, the Listing of the Parent Company.
c) the Board of Directors, together with the Chief Executive Officer and with the contribution of the Board Committees, in demonstration of the full awareness of the role covered by each member and the connected responsibilities, has strongly engaged, through the active participation of the individual members, on the front of renewing its structure and the overall organisational and business design of the Group, strengthening the relationships of collaboration and trust between the individual members and, more generally, between the separate, albeit strongly complementary, functions of strategic supervision, management and control.

The process revealed some profiles that could be improved, completely superseded at the date of this Report.

The next self-assessment process of the Board of Directors will be conducted, as well as in compliance with the Supervisory Provisions on corporate governance, also in full acceptance of the Application Criteria of the Corporate Governance Code.

4.3.4 Competing activities

The Shareholders' Meeting has not authorised derogations from the prohibition on competition ratified by Art. 2390 of the Italian Civil Code.

4.4 DELEGATED BODIES

Chief Executive Officer

In accordance with Art. 15 of the Articles of Association, the Board of Directors may appoint a Chief Executive Officer, determining his powers.

In that sense, the doBank Board of Directors has identified Dr Andrea Mangoni as Chief Executive Officer (since 5 April 2016) and has delegated to the same (in accordance with Art. 17 of the Articles of Association) the completion of a precise list of categories of management acts (most recently adjusted at the meeting on 2 August 2017), without, however, taking away his prerogatives. The categories of acts, whose completion has been delegated to Dr Andrea Mangoni, (the list of which is recorded at the Companies Register of Verona, at which the respective resolution was filed and registered and to which express reference is made) are determined analytically and broken down with clarity and precision, also in the indication of the quantitative limits and limits on value and any methods of exercise; this also allows the Board of Directors to assess exactly and verify precisely the correct fulfilment as well as the possible exercise of its management powers and right of retention. The powers of the Chief Executive Officer in any case exclude operations reserved by law and/or regulations to the remit of the Board of Directors.

The Chief Executive Officer is therefore directly responsible for managing the Company. In relation to him, as recorded by the due checks performed, the situation of interlocking directorate provided by the Corporate Governance Code (Application Criterion 2.C.5) is not in place.

The Chief Executive Officer is attributed management duties, namely the implementation of the guidelines resolved by the Board of Directors in the exercise of its strategic supervision function.

The Chief Executive Officer, in summary:

supervises the company management and Group management in conformity with the general, planning and strategic guidelines determined by the competent corporate bodies promoting the unitary nature of business management and the activity of management and coordination of the Group;
manages and coordinates the activity of the operating structures having strategic relevance and control functions, in respect of the resolutions of the Board of Directors;
exercises every right attributed to him in respect of the law and the internal regulations in force each time as well as contracts with principals;
assumes decisions and initiatives in respect of the annual budget of expenditure approved by the Board of Directors and, in any case, in respect of the delegated powers;
defines the operational and executive structure of the Company and ensures that the organisational, administrative, accounting aspects as well as the overall system of internal controls is adequate to the nature and dimensions of the Company itself;
supervises the functionality of the internal control and risk management system, from the start of trading of the Company shares on the MTA.

This is without prejudice to the attribution to the Chief Executive Officer of the legal representation of the Company, in accordance with the Articles of Association.

The Chief Executive Officer also exercises every other power attributed to him by the Board of Directors and, where not otherwise indicated, he may sub-delegate, in accordance with the Articles of Association, his powers and attributions, subject to his own liability for acts implemented by the sub-delegated bodies. The sub-delegated bodies provide to the Board of Directors, by way of the Chief Executive Officer, a quarterly report, with aggregated data, on the exercise of the powers attributed to them. The Chief Executive Officer performs, on a quarterly basis - or more frequently, in the case of specific requirements - reporting activity, with aggregated data, to the Board of Directors, concerning the decisions and initiatives taken in relation to the powers granted by the Board of Directors itself. Specific reporting, on a quarterly basis, is made on any intergroup transactions or transactions with related parties - as defined by the provisions in force each time - or atypical or unusual transactions with respect to normal business management.

Chairman of the Board of Directors

In accordance with Art. 14 of the Articles of Association, the Board of Directors elects from its members a Chairman, for three financial years, subject to the shorter duration established by the Shareholders' Meeting.

The Board of Directors, by decision dated 30 October 2015, appointed the Ambassador Giovanni Castellaneta as Chairman of the doBank Board of Directors.

Art. 10 of the Articles of Association establishes that it is the duty of the Chairman of the Board of Directors to chair the Shareholders' Meeting, as well as to regulate the Shareholders' Meeting works in conformity with the criteria and methods established by the regulations in force and by the Shareholders' Meeting regulation.

The Chairman of the Board of Directors has not received management delegations and, as a consequence, does not cover any executive role. Similarly, he does not cover a specific role in developing the business strategies.

The Chairman does not hold, neither directly nor indirectly, significant investments in the Company capital.

Board Reporting

Art. 15 of the Articles of Association requires the Chief Executive Officer to report to the Board of Directors and to the Board of Auditors, at least on a quarterly basis and in the methods established by the Board of Directors itself, on the conduct of his activity, in conformity with the rules of law.

It follows that the decisions made by the Chief Executive Officer (as well as by the recipients of sub-delegations attributed by him, in conformity with the provisions of Art. 17 of the Articles of Association and authorised by the Board) must be brought to the attention of the Board according to the methods and frequency, at least quarterly, identified by the Board itself.

In particular, the delegated bodies must report on the general management performance and on its outlook, as well as on the operations of most economic, financial and capital significance implemented by the Company and by its subsidiaries to the Board of Directors and to the Board of Auditors at least every three months.

In addition, in conformity with the provisions outlined in the Group Governance model (i.e. Policy on Information Flows, Regulation of Internal Control System; etc…), the circulation of information between the corporate bodies and within the same is an essential condition to achieve the objectives of efficient business management and effectiveness of the controls.

In that regard, the delegated bodies have reported to the Board of Directors and to the Board of Auditors on the activity performed in the exercise of the delegations granted to them, in respect of the deadlines indicated above.

4.5 OTHER EXECUTIVE DIRECTORS

In addition to the Chief Executive Officer, at the approval date of this Report, there are no other Directors equipped with management delegations directly granted by the Board of Directors.

However, in adhesion to Application Criterion 2.C.1 of the Corporate Governance Code, it is noted that:

the Director Fabio Balbinot covered, until 3 March 2017, the role of Chief Executive Officer of the subsidiary Italfondiario S.p.A, subsequently maintaining only his role as Board Director of the same; in addition, as already highlighted, from 15 May 2017 he assumed responsibility for the administration, finance and management control function of doBank, in the capacity of Group Chief Financial Officer.
the Director Charles Robert Spetka covers the role of manager/administrator in the parent company Avio.

4.6 INDEPENDENT DIRECTORS

At the approval date of this Report, 3 independent directors form part of the Board of Directors, identified in accordance with Art. 3 of the Corporate Governance Code.

As represented in paragraph 4.2 above, the Board has implemented the annual verification of the requirements held by the various directors (and, among these, also that of independence), in conformity with the supervisory regulations dictated for banks.

It is noted, however, that the Board of Directors, at the meeting on 9 June 2017, in conformity with Art. 144(9), paragraph 1(2) of the CONSOB Issuers' Regulation and Application Criterion 3.C.4 of the Corporate Governance Code, assessed, in view of the Listing, the existence of the independence requirements for each of its non-executive members, recording the outcome of its assessments in the registration document, filed at CONSOB for the purpose of the initial public offer (IPO) of the doBank shares, as part of the Listing operation; the Board of Auditors then verified the correct application of the assessment criteria and procedures adopted by the Board of Directors to assess the independence of its members.

The Board of Directors has also verified, before the approval of this Report, the continuance of the requirement of independence according to the criteria provided by the Corporate Governance Code for the directors in office.

At the outcome of the examination performed, the verification already performed by the Board on 9 June 2017 was confirmed, based upon which:

the following persons are independent directors - in accordance with Art. 148 of the Consolidated Finance Law and Art. 3 of the Corporate Governance Code: Nunzio Guglielmino, Giovanni Lo Storto and Edovige Catitti;
the Chairman of the Board of Directors Giovanni Castellaneta is an independent director in accordance with Art. 3 of the Corporate Governance Code;
the Chief Executive Officer Andrea Mangoni and the Directors Francesco Colasanti, Fabio Balbinot, Charles Robert Spetka and Giuseppe Ranieri are not independent directors, neither in accordance with Art. 148 of the Consolidated Finance Law nor in accordance with Art. 3 of the Corporate Governance Code.

The Board of Auditors then verified the correct application of the assessment criteria and procedures adopted by the Board of Directors to assess the independence of its members. In that regard, the outcome of the checks performed will be published in the annual report to the Shareholders' Meeting, which will occur together with the financial statements of the Financial Year, in respect of the legal methods and timescales.

In conformity with Application Criterion 3.C.6 of the Corporate Governance Code, the independent directors met on several occasions, in different contexts from the meetings of the Board Committees, in autonomy and without moreover recording the results of those meetings, to assess serenely and objectively the contribution made by the same to the works of the Board. On 28 July 2017, in addition, the Independent Directors met, in the absence of other Directors, to assess the issues relating to the operation known as "Project FINO" and, on that occasion, they prepared an opinion in that regard, which was submitted to the Board of Directors when resolving on that operation.

4.7 LEAD INDEPENDENT DIRECTOR

As none of the presuppositions identified by the Corporate Governance Code (Application Criterion 2.C.3) are in place, the Board of Directors has not appointed any Independent Director as lead independent director.

5.0 TREATMENT OF CORPORATE INFORMATION

The existing regulatory system (Consolidated Finance Law; M.A.R. and Implementing Regulation; CONSOB Issuers' Regulation), and the recommendations of the Corporate Governance Code (criterion 1.C.1, letter j) impose upon the Directors and Auditors of listed companies a precise functional obligation to keep confidential the documents and information that the same may acquire in the conduct of the respective duties.

In conformity with those provisions, therefore, the Board of Directors – at the initiative and proposal of the Chief Executive Officer - identified and defined the processes and procedures for internal management, as well as the related communication externally, of information and documents concerning the Company, also with reference to privileged information.

Management of Privileged Information

The Board of Directors during the meeting on 25 May 2017 and based upon the filing of the Listing application, approved the policy "Management of Privileged Information and Establishment of Register of Persons having Access" (hereafter, the "Policy").

The Policy illustrates the procedures to be observed for the communication, both internally and externally to the company environment, of documents and information regarding doBank and the companies controlled by it with particular reference to privileged information.

The aim of a regulation on the treatment of privileged information is to avoid the disclosure of documents and information regarding the Company occurring in an untimely, incomplete or inadequate manner and possibly leading to information asymmetries between the public.

The correct dissemination of privileged information thus protects the market and investors, guaranteeing to the same adequate knowledge of the affairs concerning the issuer, on which to base their investment decisions.

The rationale of the obligation to disseminate privileged information in conformity with preestablished methods is aimed at avoiding:

abuse or attempted abuse of privileged information;
recommending or inducing others to abuse privileged information; or
communicating to others privileged information outside the normal exercise of the job, profession, function or office, preventing other entities or categories of entities from using information not known by the public to complete speculative operations on the markets to the detriment of investors, who are unaware of that information.

For the purposes of the Policy and in compliance with the provisions of Article 18, paragraph 1, letter a) of the MAR, as well as in conformity with the Implementation Regulation, doBank has also established the register of recipients having access to privileged information. The register is unique for doBank and for the companies controlled by it which, through the adoption of adequate internal policies, allow the Company to promptly fulfil the obligations deriving from the application of the Policy, identifying and communicating to doBank the entities for the purpose of registering the same in the aforementioned register.

The Register in question, in order to allow for simple consultation and extraction of data, is prepared and kept by the Compliance Function in electronic format compliant with the models indicated in the Implementation Regulation and must be kept so as to guarantee at any time:

the confidentiality of the information contained therein, ensuring that the list may only be accessed by clearly identified persons;
the accuracy of the information contained therein;
access to and obtaining of previous versions of the Register.

The Policy, split into different chapters, identifies the roles and responsibilities of the players involved in the management process of Privileged Information, also illustrating the sanctions.

Internal Dealing

In conformity with the applicable regulatory provisions on market abuse cited above (Consolidated Finance Law; M.A.R. and Implementation Regulation; CONSOB Issuers' Regulation), on 25 May 2017 the Board of Directors approved the "Internal Dealing" policy (hereafter, the "Procedure"), aimed at regulating the implementation of reporting obligations and conduct towards the Company and the market, relating to transactions completed, even by way of interposing person, on the Company shares and in financial instruments, as well as connected financial instruments made by persons that involve administrative, control or management functions and/or relevant entities and/or by persons closely linked to them.

The procedure identifies the "IR Relevant Entities", the "MAR Relevant Entities" and the "Closely Related Persons" to the Relevant Entities in absolute adherence to the provisions of the CONSOB Issuers' Regulation. The Procedure also establishes that "Relevant Transactions" are all transactions concerning the Shares and/or derivative instruments and/or other financial instruments related to them, completed on their own behalf, even by interposing person, by the MAR Relevant Entities by Persons Closely Related to them (as provided by the regulations and incorporated in the Policy).

The Procedure also illustrates the sanctions and specifies that, in addition to the sanctions provided by the provisions of law and regulations in force on abuse of privileged information and internal dealing, in the event of a violation of the provisions of the Procedure, doBank will, in relation to those responsible, adopt the measures provided by the applicable regulation, In addition, the Procedure notes that the violation of the provisions contained therein may constitute serious damage, also in terms of image, with major consequences on the economic-financial level. The Procedure also specifies that, if the violation is committed by an employee, it may constitute a disciplinary offence and, in the most serious cases, may give rise to dismissal.

6.0 COMMITTEES INTERNAL TO THE BOARD (pursuant to Art. 123(2), paragraph 2, letter d) of the Consolidated Finance Law)

Art. 21 of the Articles of Association attributes to the Board of Directors the duty to establish committees within it, determining the number of their members.

In conformity with the provisions of the Corporate Governance Code, at the approval date of this Report, three Board Committees are established with proactive, advisory and coordination functions:

the Appointments Committee;
the Remuneration Committee;
the Risks and Transactions with Connected Persons Committee.

Following the Listing process, the Board of Directors thus established three Board Committees in place of the two previously in force (Appointments and Remuneration Committee and Risks and Transactions with Connected Persons Committee and, considering its composition as well as the number and availability of the independent and non-executive directors, it opted for a composition of the Board Committees formed by members by majority being independent, with those including the Chairman.

All the Board Committees in office at the date of this Report are constituted by at least three nonexecutive directors, mostly independent; from the latter, the respective Chairmen were chosen. The members of the Board Committees are in possession of the expertise and experience required to manage the duties and roles attributed to those committees.

Each of the Board Committees has its own Regulation on functioning which includes, inter alia, provisions regulating mechanisms of coordination and mutual information between the various corporate bodies.

Minutes are duly taken of the meetings of all Board Committees and the respective Chairmen give information thereof at the next meeting of the Board of Directors, during which the opinions expressed in support of the assessments of the Board itself are illustrated (Application Criterion 4.C.1, letter d) of the Corporate Governance Code). The members of the Board Committees are given the right to access all information that, in the opinion of their members, is deemed necessary for the conduct of their duties (Application Criterion 4.C.1, letter e) of the Corporate Governance Code). The Board Committees may make use of external consultants, whose cost is incurred by the Company, within the limits of the budget approved by the Board of Directors.

6.1 Appointments and Remuneration Committee (active until the Company listing)

As noted above, during the Financial Year and until the Listing, the Appointments and Remuneration Committee was active, consisting of the following non-executive directors, mostly independent:

Nunzio Guglielmino Chairman (Independent);
Giovanni lo Storto Member (Independent);
Edovige Catitti Member (Independent);
Francesco Colasanti Member.

The Appointments and Remuneration Committee was attributed all typical functions of the Appointments Committee and the Remuneration Committee. During the period when it was active, it met 9 times; the average duration of the meetings, all duly recorded, was approximately 60 minutes. During its meetings, the Appointments and Remuneration Committee dealt with the following matters:

terms and conditions of the assignment to be granted to the consultant for the selfassessment process of the Board of Directors;

acknowledgement of the Regulation of the Committee updated by board resolution dated 9 February 2017;
revision of the "Regulation of the Self-Assessment Process of the Board of Directors";
annual assessment of the roles covered by the company representatives, and possession of the requirements laid down by Art. 36 of Italian Law 214/2011 ("interlocking prohibition") along with the declarations issued to fulfil the obligations provided by Art. 136 of the Consolidated Banking Law and the Bank of Italy Circular 263/2006;
final analysis of the 2016 incentive system applied to the doBank management structures and 2016 entry bonus as well as that applied in Italfondiario S.p.A.;
final analysis of the 2016 incentive system in doBank reserved to "key function holders" of the Group and "Bonus Pool";
revision of the "Remuneration and Incentive Policy of the doBank Banking Group and Key Function Holders - year 2017";
calculation methodology of the adjusted EBITDA for MBO purposes;
appointment of the Manager in Charge of preparing the corporate accounting documents and update on the appointment of the doBank Chief Financial Officer;
update of the incentive system structure increase of the limit of the incidence of variable remuneration on fixed remuneration up to a maximum of 2:1;
annual reporting of Appointments and Remuneration Committee to the Board of Directors;
amendments to the collaboration contract with the Chief Executive Officer;
Group remuneration and incentive policies: adjustment post-Listing;
verification of requirements of Directors and Auditors also for Listing purposes;
identification of the remuneration criteria of a Manager being recruited;
approval of the stock assignment regulation of the Bank ("IPO bonus plan") in application of the remuneration and incentive policies of the Group post-Listing;
replacement procedure of the Chief Executive Officer in the case of absence and/or impediment;
MBO objectives for "Key Function Holders" of the Group;

7.0 APPOINTMENTS COMMITTEE

Active from the Listing date.

In conformity with the Supervisory Provisions and in respect of the provisions laid down by the Corporate Governance Code, during 2017 the composition of the Appointments Committee was the following from its establishment until 17 October 2017:

Nunzio Guglielmino - Chairman (Independent);
Giovanni lo Storto - Member (Independent);
Francesco Colasanti - Member;

after 17 October 2017:

Giovanni lo Storto Chairman (Independent);
Edovige Catitti Member (Independent);
Francesco Colasanti Member.

The Appointments Committee is regulated by a specific Regulation - published on the doBank Internet Website, at the page https://www.dobank.com/it/governance/comitati-endoconsiliari which determines its responsibilities and regulates its functioning. The Appointments Committee has specific and adequate resources - quantified in the Financial Year at Euro 20,000.00 - for the conduct of its functions as well as being able to make use of external experts, involving, where necessary, the competent company functions.

The Appointments Committee, in the fulfilment of its functions and proactive body:

participates in defining, ex ante, the quali-quantitative composition of the Board of Directors considered optimal in relation to the governance objectives identified by the industry regulations. in that context, the Appointments Committee: (a) formulates opinions to the Board of Directors in relation to the dimension and composition of the same; (b) expresses recommendations in relation to the professional figures whose presence within the Board of Directors is deemed appropriate by virtue of the characteristics of professionalism and any independence of each candidate; (c) expresses recommendations in relation to the maximum number of assignments of director or auditor in other companies listed on regulated markets (even foreign), in financial, banking, insurance companies or those of significant dimensions that may be considered compatible with the effective conduct of the assignment as director of the Bank, considering the participation of the directors on Board Committees. To that end, it identifies general criteria differentiated based upon the commitment connected to each role (of executive, non-executive or independent director), also in relation to the nature and dimensions of the companies in which the assignments are covered as well as any belonging to the Bank's group;
supports the Board of Directors in assessing on the merits any problematic circumstances relating to the appointments of directors occurring by virtue of the authorisation - general and preventive - by the Shareholders' Meeting of the Bank to derogate the competition prohibition provided by Article 2390 of the Italian Civil Code;
proposes to the Board of Directors candidates to the role of director in the cases of co-opting, where necessary to replace independent directors;
is asked to express its opinion on the suitability of the candidates that, based upon the analysis performed preventively, the Board of Directors has identified to cover the roles (the opinions issued by the Committee as part of the analyses made by the Board of Directors are sent, together with the same, to the Supervisory Authority);
formulates opinions to the Board of Directors in relation to resolutions concerning any replacement of the members of the Board Committees that become necessary during the time in office of the Appointments Committee;
with reference to the need to ensure an adequate level of diversification in the collective composition of the Board of Directors, fixes a target in terms of share of the least represented gender and prepares a plan to increase this share up to the fixed target;
assists the Board of Directors in the self-assessment process of the corporate bodies and in defining the succession plans in the senior positions of the executive;
provides to the Board of Directors its support in the ex post assessment of the coherence between the effective composition and that defined ex ante as optimal as well as in verifying the existence of the regulatory and statutory requirements required for directors and auditors, therein including the conditions provided in accordance with Article 26 of the Consolidated Banking Law, as later supplemented and amended;

• supports the Board of Directors in defining succession plans in the senior positions of the executive as provided by Section IV of Circular 285.

In performing its duties, the Committee takes account of the objective of avoiding the decisionmaking processes of the Board of Directors being dominated by a single individual or by groups of individuals who may cause prejudice to the Bank.

The Committee identifies the information flows that must be sent to it for the correct exercise of its functions and it may access relevant company information for the purposes of exercising the same. The Committee also has sufficient financial resources to guarantee its operational independence and it may make use of external experts.

In relation to the internal controls system, the Committee also collaborates with the Risks and Transactions with Connected Persons Committee in order to identify the managers of the Internal Audit, Compliance, Anti-Money Laundering and Risk Management Functions who will be appointed by the Board of Directors, having heard from the Board of Auditors of the Bank.

Since 14 July 2017 - as stated, the date of its establishment - the Appointments Committee met twice, and the average duration of the meetings, all duly recorded, was about 45 minutes.

During 2017, the Appointments Committee performed the activity under its remit and collaborated with the Board of Directors; at the invitation of the Chairman, some managers of the Company participated at the meetings, in relation to the discussion of specific items on the agenda. The Chairman and the Board of Auditors took part at the meetings and works of the Appointments Committee.

In particular, the Appointments Committee supported the Board of Directors in the activity preparatory to assigning a specialist company for defining in detail the replacement procedure of the Chief Executive Officer.

In addition, it started the support activities of the Board of Directors for identifying the opportune quali-quantitative composition of the management body, considering the expiry of the same on the date of the Shareholders' Meeting which convened to approve the financial statements of the Financial Year, as represented in more detail in point 4.2 above.

The Appointments Committee has defined the schedule of its meetings for the year 2018 (of which 2 have already been held), planning to meet, in principle, the day before that fixed for meetings of the Board of Directors or on the same day, at an earlier time.

8.0 REMUNERATION COMMITTEE

Active from the Listing date.

In conformity with the Supervisory Provisions, the composition of the Remuneration Committee reflects an adequate presence of experience and knowledge in the field of governance of banks, in legal, financial matters and remuneration policies and, in respect of the provisions dictated by the Corporate Governance Code; during 2017 the composition of the Remuneration Committee was the following:

from its establishment until 17 October 2017:

Giovanni Lo Storto Chairman (Independent);
Edovige Catittti Member (Independent);
Francesco Colasanti Member;

after 17 October 2017:

Nunzio Guglielmino Chairman (Independent);
Giovanni Lo Storto Member (Independent);
Francesco Colasanti Member.

The Committee is regulated by a specific Regulation - published on the doBank Internet Website, at the page https://www.dobank.com/it/governance/comitati-endoconsiliari - which determines its duties and regulates its functioning. The Remuneration Committee has specific and adequate resources - quantified in the Financial Year at Euro 20,000.00 - for the conduct of its functions and it may make use of external experts and involve, if necessary, the competent company functions.

In adhesion to Application Criterion 6.C.6 of the Corporate Governance Code, Art. 6 of the cited Regulation provides that no member of the Remuneration Committee may participate at meetings regarding the determination of the proposal on the remuneration due to him by virtue of specific assignments. The Remuneration Committee, in fulfilling its functions as a proactive body:

presents proposals or expresses opinions to the Board of Directors in relation to the remuneration of the directors and personnel whose remuneration and incentive systems are under the remit of the Board of Directors; also monitors decisions adopted in that regard by the Board of Directors;
in relation to the remuneration of executive directors and other directors who cover particular roles, presents proposals or expresses opinions to the Board of Directors in relation to establishing the performance targets related to the variable component of that remuneration; also monitors the decisions adopted in that regard by the Board of Directors;
has advisory duties in relation to determining the criteria for the remuneration of key function holders of the Parent Company and the companies controlled by it, as identified in accordance with the Supervisory Provisions and the European regulations;
assesses periodically the adequacy, overall coherence and concrete application of the remuneration policy of the directors and Key Function Holders, also using information provided by the Chief Executive Officer of the parent company; makes to the Board of Directors proposals in that regard;
assesses, in collaboration with the Risks and Transactions with Connected Persons Committee, the adequacy and correctness of the self-assessment process for identifying Key Function Holders in order to guide the activities to be implemented, guaranteeing the independent review recommended by the guidelines of the European Banking Authority (EBA);
directly oversees the correct application of the rules relating to the remuneration of managers of the Internal Audit, Compliance and Anti-Money Laundering and Risk Management functions (the "Company Control Functions"), in close collaboration with the Board of Auditors;
deals with preparing the documentation to be submitted to the Board of Directors for the respective decisions (therein including the remuneration report in accordance with Article 123(3) of the Consolidated Finance Law, in respect of the terms provided for its submission to the Shareholders' Meeting);
contributes to defining the remuneration and incentive policies of the Group and their periodic assessment;
ensures the involvement of the competent company functions in the process of development and control of the Group's remuneration and incentive policies;
expresses, also using information received from the competent company functions, the achievement of the performance objectives to which the incentive plans are linked and the ascertainment of the other conditions imposed for the payment of remuneration;
provides adequate feedback on the activity performed to the Company Bodies and to the

Shareholders' Meeting.

From 14 July 2017 - date of its establishment - to the end of that year, the Remuneration Committee met 4 times; the average duration of the meetings, all duly recorded, was about 35 minutes.

During 2017 the Remuneration Committee performed the activity under its remit and collaborated with the Board of Directors; at the invitation of the Chairman, some managers of the Company participated at the meetings, in relation to the discussion of specific items on the agenda. The Chairman of the Board of Auditors and, in some cases, all members of the Board of Auditors, also normally took part at meetings and in the works of the Remuneration Committee.

More specifically, the Remuneration Committee assessed and expressed its opinion, in support of the Board of Directors, in relation to the following matters:

identifying and fixing the final analysis criteria of the MBO system of the Group's "key function holders";
procedure of identifying the Group's "key function holders";
identifying the remuneration criteria of a Manager being recruited;
updating the perimeter of the Group's "key function holders";, the respective remuneration and the incentive system;
defining an "outstanding bonus" for management activity of a particular credit portfolio;
procedure for the final analysis of the CEO's remuneration following the Listing.

The Remuneration Committee has defined the schedule of its meetings for the year 2018 (of which 2 have already been held), planning to meet, in principle, the day before that fixed for the meetings of the Board of Directors or on the same day, at an earlier time.

9.0 REMUNERATION OF DIRECTORS (Directors' indemnity in the case of resignation, dismissal or termination of the relationship following a public takeover bid (pursuant to Art. 123(2), paragraph 1, letter i) of the Consolidated Finance Law)

Article 20 of the Articles of Association provides that the Directors are entitled, in addition to the repayment of expenses incurred for the exercise of their functions, to an annual fee, in a fixed and/or variable amount, which is resolved by the ordinary Shareholders' Meeting and which remains unchanged until a new resolution by the same; the Board itself establishes the method of dividing the fee between its members.

In addition, where the Shareholders' Meeting has not already done so, the Board may establish, in accordance with Art. 2389 of the Italian Civil Code, having heard from the Board of Auditors, the remuneration of the directors invested with particular roles and those who make up the Board Committees, in any case in respect of the remuneration and incentive policies determined by the Shareholders' Meeting.

In conformity with the indications contained in Art. 6 of the Corporate Governance Code and in respect of the "Provisions on Remuneration and Incentive Policies and Practices of Banks and Banking Groups" issued by the Bank of Italy, Art. 6 of the Articles of Association establishes that the ordinary Shareholders' Meeting, as well as establishing the fees due to the bodies appointed by the same, approves:

• the remuneration and incentive policies in favour of the bodies with strategic supervision, management and control function and the remaining personnel;

the remuneration plans based upon financial instruments;
the criteria for determining the fee to be granted in the case of early termination of the employment relationship or early cessation from the role, therein including the limits fixed to that fee in terms of the annual amount of fixed remuneration and the maximum amount deriving from their application.

As part of the approval of the remuneration policies, the Shareholders' Meeting is also granted, at the proposal of the Board of Directors and in any case in respect of the conditions and limits provided by the regulatory provisions in force, the power to raise the limit to the incidence of variable remuneration on fixed remuneration up to a maximum of 2:1. That right was exercised by the Shareholders' Meeting at the meeting on 21 June 2017.

As regards the further information to be provided in this Report, reference is made to the relevant parts of the Remuneration Report published in accordance with Art. 123(3) of the Consolidated Finance Law.

10.0 CONTROL AND RISKS COMMITTEE

In conformity with the Supervisory Provisions and in respect of the provisions dictated by the Corporate Governance Code, doBank has established a control and risks committee entitled Risks and Transactions with Connected Persons Committee made up of the following non-executive directors, mostly independent.

During 2017 the composition of the Risks and Transactions with Connected Persons Committee was the following:

from 23 January 2017 to 9 February 2017:

Giovanni Lo Storto Chairman (Independent);
Nunzio Guglielmino Member (Independent);
Fabio Balbinot Member;

from 9 February to 16 March 2017:

Giovanni Lo Storto Chairman (Independent);
Nunzio Guglielmino Member (Independent);
Edovige Catitti Member (Independent);
Giuseppe Ranieri Member.
from 17 March 2017
Edovige Catitti Chairman (Independent);
Nunzio Guglielmino Member (Independent);
Giovanni Lo Storto Member (Independent);
Giuseppe Ranieri Member.

The Committee is regulated by a specific Regulation - published on the DoBank Internet Website, at the page https://www.dobank.com/it/governance/comitati-endoconsiliari - which determines its duties and regulates its functioning. The Risks and Transactions with Connected Persons Committee has specified and adequate resources - quantified in the Financial Year at Euro 20,000.00 - for the conduct of its functions and it may use external experts, involving, where necessary, the competent company functions.

The Risks and Transactions with Connected Persons Committee, in fulfilling its functions as a proactive body, supports the Board of Directors in relation to the risks and internal control system, remuneration and incentives, conflicts of interest and transactions with connected persons and

related parties. In particular:

A) RISKS AND INTERNAL CONTROLS SYSTEM

In relation to the risks and internal controls system in conformity with the Supervisory Provisions, the Risks and Transactions with Connected Persons Committee:

a) identifies and proposes, using the contribution of the Appointments Committee, the managers of the Internal Audit, Compliance and Anti-Money Laundering and Risk Management functions) i.e. the company control functions, hereafter, also: "CCF") to be appointed;
b) examines in advance the activities programmes (including the audit plan) and the annual reports prepared at consolidated level by the CCF and sent to the Board of Directors;
c) expresses assessments and formulates opinions to the Board of Directors on respect of the principles with which the Internal Controls System and the company organisation must comply and the requirements that must be respected by the CCF, bringing to the attention of the Board of Directors any points of weakness and the consequent corrective actions to be promoted; to that end, it assesses the proposals of the Chief Executive Officer of the Parent Company;
d) contributes, by means of assessments and opinions, in defining the company policy on outsourcing of the CCF;
e) checks that the CCF comply with the indications and guidelines of the Board of Directors and supports the latter in preparing the coordination document laid down by Title IV, Chapter 3 of Circular 285;
f) assesses the correct use of the accounting principles for preparing the consolidated financial statements and the financial statements of the Parent Company and to that end liaises with the Manager in Charge of preparing the accounting documents and with the Board of Auditors of the Bank;

g) supports the Board of Directors for decisions to be made in relation to correct and effective determination of the risk appetite framework (RAF) and the risk governance policies. In particular, the Committee performs support functions to the Board of Directors:

in defining and approving the strategic guidelines and risk governance policies, performing assessment and proactive activity required for the Board of Directors, as required by Title IV, Chapter 3 of Circular 285, to define and approve the risk objectives ("risk appetite") and tolerance threshold ("risk tolerance");
in verifying the correct implementation of the strategies, risk governance policies and RAF;
in defining the policies and assessment processes of company activities, including the verification that the price and conditions of operations with customers are coherent with the business model and the risk strategies.

The Committee performs, in addition, all duties attributed to it by the Corporate Governance Code and, in particular:

h) expresses its opinion to the Board of Directors with regard:
to the definition of the guidelines of the internal control and risk management system, so that the main risks relating to the Bank and its subsidiaries are correctly identified, as well as adequately measured, managed and monitored, and the determination of the level of compatibility of those risks with business management coherent with the strategic objectives identified;
to the assessment, at least on an annual basis, of the adequacy of the internal control and risk management system with respect to the characteristics of the business and

the risk profile assumed, as well as its effectiveness;

to the approval, at least on an annual basis, of the work plan prepared by the head of the Internal Audit function, having heard from the Board of Auditors and the director in charge of the internal control and risk management system;
to the description, within the corporate governance report, of the main characteristics of the internal control and risk management system, expressing its assessment on the adequacy of the same;
to the assessment, having heard from the Board of Auditors, of the results illustrated by the independent auditor in any letter of suggestions and in the report on fundamental issues emerging during the statutory audit;
to the appointment and revocation of the Head of the Internal Audit function;
to the fact that the Head of the Internal Audit function has adequate resources for the conduct of his responsibilities;
to the fact that the remuneration of the Head of the Internal Audit is defined coherently with the company policies;

i) assesses, together with the manager in charge of preparing the corporate accounting documents and having heard from the independent auditor and the Board of Auditors, the homogeneity of the accounting standards used for the purposes of preparing the consolidated financial statements;

j) expresses opinions on specific aspects relating to identifying the main company risks;

k) examines the periodic reports, concerning the assessment of the internal control and risk management system, and those of particular relevance prepared by the Internal Audit function

l) monitors the autonomy, adequacy, effectiveness and efficiency of the Internal Audit function;

m) requests from the Internal Audit function, where the need or opportunity arises, the conduct of checks on specific operational areas, simultaneously notifying the chairman of the Board of Auditors thereof;

n) reports to the Board of Directors, at least half-yearly, on the occasion of the approval of the annual and half-yearly report, on the activity performed as well as on the adequacy of the internal control and risk management system;

o) supports with adequate preliminary activity the assessments and decisions of the Board of Directors on managing risks deriving from prejudicial events of which the Board of Directors has become aware (Application Criterion 7.C.2, letter g) of the Corporate Governance Code);

B) REMUNERATION AND INCENTIVES

In that field, the Risks and Transactions with Connected Persons Committee:

a) assesses, in collaboration with the Remuneration Committee, the adequacy and correctness of the self-assessment process for the purpose of directing the activities to be implemented, guaranteeing the independent review recommended by the EBA Guidelines;
b) ascertains that the incentives underlying the remuneration and incentive system of the Group take account of the risks, capital and liquidity.
C) CONFLICTS OF INTEREST AND TRANSACTIONS WITH CONNECTED PERSONS AND RELATED PARTIES

In relation to the assessment of cases of conflict of interests and, in particular, transactions with connected persons indicated in Circular 263/2006 of the Bank of Italy and transactions with related parties indicated in the CONSOB Related Parties' Regulation, within the limits of the role attributed to the same by the relevant regulatory provisions, the Risks and Transactions with Connected Persons Committee supports the Board of Directors and, if provided by internal regulations, the subsidiary companies, for the related decisions to be assumed. In particular, among the functions provided by the CONSOB Related Parties' Regulation, the Committee:

a) issues preventive and motivated opinions, as well as binding, for the purpose of the resolution of the Board of Directors, on the overall suitability of the internal procedures that regulate the identification and management of transactions with related parties and/or with connected persons implemented by the Bank and/or by the Group companies, as well as the subsequent updates, to satisfy the objectives established by the CONSOB Related Parties' Regulation, by the regulations of the Bank of Italy for transactions with connected persons and by Article 136 of the Consolidated Banking Law for transactions with bank representatives;
b) issues preventive and motivated opinions, in the cases expressly provided, on the interest in completing the transaction with related parties and/or with connected persons implemented by the Bank and/or by the Group companies, as well as on the convenience and substantial correctness of the respective conditions;
c) in the cases expressly provided of transactions with related parties and/or connected persons implemented by the Bank and/or by the Group companies, the Risks and Transactions with Connected Persons Committee is involved as early as in the phase of negotiations and in the preliminary phase through the receipt of a complete and prompt information flow, with the right to request information and to make observations to the delegated bodies and to the entities instructed to conduct the negotiations or preliminary investigation;
d) if necessary, it expresses opinions based upon the information made available by the competent structure of the Bank, on significant issues regarding the single perimeter of the Group of related parties and connected persons.

The Risks and Transactions with Connected Persons Committee during 2017 met 18 times, and the average duration of the meetings, all duly recorded, was about one hour and twenty minutes.

During 2017, the Committee performed the activity under its remit and collaborated with the Board of Directors; at the invitation of the Chairman, some Company managers attended at the meetings, in relation to specific items on the agenda. The Chairman of the Board of Auditors and, on some occasions, all members of the Board of Auditors, normally took part in the meetings and works of the Risks and Transactions with Connected Persons Committee.

More specifically, the Committee assessed and expressed its opinion, in support of the Board of Directors, on the following matters:

Policies under its remit RAF ICAAP Process of preparing and auditing the consolidated financial statements - Remuneration and Incentives of the doBank Banking Group - Management of transactions with connected persons and transactions in conflict of interests - Information Flows - ITC Risk - Recovery Plan;
Audit tracking;
Updates on AML Action Plan;
Guidelines for determining the provisioning to the Risks and Charges Provision;
2016 Risks Report;
RAF Monitoring at 31 December 2016 and definition of 2017 metrics;
Business Continuity activities performed during 2016;
Examination of Individual and Consolidated Draft Financial Statements at 31 December 2016;
Communication of start of Bank of Italy (SREP) proceedings and proposal of adjustment of Risk Appetite Statement;
Compliance and AML Risk Report;
Software selection outcomes of supplier for application on AML fulfilments;
Sustainability of 2016 remuneration policy following adoption of RAF;
Implementation profiles of securitisation operations;
Examination of transactions with related parties;
Company Control Function of the Group and appointments of Representatives Appointment of ICT Security Manager;
Calculation methodology of EBITDA adjustment for MBO purposes;
Appointment of Manager in Charge of drafting the corporate accounting documents and update on appointment of Chief Financial Officer;
2016 Annual Internal Audit Report and 2017 Audit Plan;
Annual report of the AML Function on 2016 activities and Self-assessment report of risks of money laundering and terrorist financing;
Annual report of the Compliance Function, Compliance Plan and Complaints Report;
Internal controls system of Risk Management: report of 2016 activities and 2017 planning for the doBank Group;
2016 Annual Report on controls on important outsourced operational functions;
Report on activities performed by the Supervisory Body pursuant to Italian Legislative Decree 231/01;
Annual statement of Risks and Transactions with Connected Persons Committee;
Summary quarterly reports on KORI;
Regulation on Integrated Internal Controls System of the doBank Banking Group;
Audit Report on Suspicious Transactions Reporting Process;
Update on Action Plan on Gap Analysis Circular 285 of the Bank of Italy;
Examination of Regulation of the Internal Audit, Compliance, AML and Risk Management Function of the doBank Group;
Quantification of individual half-yearly risk weighted activities;
Appointment of Heads of Specialist Compliance Controls;
New organisational model on anti-money laundering/combating terrorist financing;
Procedure for identifying key function holders;
Update on action plan defined at outcome of Gap Analysis on Internal Controls System;
Common matrix to the FAC for assessment of risks of the Group and approval of Risk Acceptance Policy for the Group;
Operational Continuity Plan of the doBank Group and update of the Disaster Recovery plan;

The Risks and Transactions with Connected Persons Committee has defined the schedule of its meetings for the year 2018 (4 of which have already been held), planning to meet, in principle, the day before that fixed for the meetings of the Board of Directors or the same day, at an earlier time.

11.0 INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

The Group, in line with the relevant regulations and best practice, has established an Internal Controls System aimed at constantly overseeing the main risks connected to the Group's activities, so as to be able to guarantee sound and prudent business management, coherent with the set objectives.

The Group's Internal Controls System is based upon control bodies and functions, information flows and methods of involvement between the entities involved and governance mechanisms of the Group. In particular, it is structured as set out below:

the primary responsibility for the completeness, adequacy, functionality and reliability is deferred to the governance bodies, and in particular the Body with strategic supervision function, which has the duties of strategic planning, management, assessment and monitoring of the overall Internal Controls System; on the other hand, it is the duty of the Board of Auditors to oversee the completeness, adequacy and functionality of the Internal Controls System, ascertaining the adequacy of the company functions involved, the correct conduct of the duties and the adequate coordination of the same as well as prompting any corrective interventions;
the third level controls, entrusted to the Internal Audit function, are aimed at assessing periodically the completeness, functionality, adequacy and reliability in terms of efficiency and effectiveness of the Internal Controls System in relation to the nature and intensity of the risks of company requirements, also identifying any violations of the organisational measures adopted by the Group;
the second level controls are aimed at ensuring the correct implementation of the risk management process, verifying respect of the limits assigned to the various operating functions, checking the coherence of the operations of the individual production areas with the assigned risk-return objectives as well as guaranteeing the conformity of the business operations with the rules, including those of self-regulation and they are performed, for the areas under the respective remit, by the Compliance, Anti-Money Laundering, Risk Management Functions and by the Manager in charge of preparing the corporate accounting documents;
the first level controls, aimed at ensuring the correct conduct of the operations, are the responsibility of the company functions in charge of the business/operational activities which are asked, as part of daily operations, to identify, measure, monitor and attenuate risks deriving from the ordinary company activity in conformity with the risk management process and the applicable internal procedures.

Board of Directors and Risks and Transactions with Connected Persons Committee

The guidelines of the internal controls and risk management system are defined by the Parent Company's Board of Directors in coherence with the strategic guidelines and the risk appetite established by the same. In that way, the Board, in line with Application Criterion 7.C.1. letter a) of the Corporate Governance Code, ensures that the main risks are correctly identified, measured and monitored adequately, taking account of their evolution and interaction.

In that context, the Parent Company's Board of Directors defines and approves, on an annual basis, the Group's Risk Appetite Framework in order to guarantee that the business develops within the desired risk profile and in respect of national and international regulations. The Risk Appetite Framework, approved by the doBank Board of Directors on 25 January 2017 in relation to the policy and on 9 February 2017, and subsequent updates as regards the Risk Appetite Statement, defines in conformity with Application Criterion 1.C.1, letter b of the Corporate Governance Code, in addition to the list of relevant metrics, also the amount of risk that the Group is prepared to accept in normal operating conditions (target), the maximum deviation acceptable from the targets in conditions of stress (trigger) and the maximum level of risk assumption for the Group, as well as the rules of escalation and involvement of the Board of Directors in the case of exceeding the various thresholds for the purpose of their assessment and definition of any corrective interventions. The Board of Directors performs the assessments and assumes the decisions in relation to the internal controls and risk management system obtaining support from the Risks and Transactions with Connected Persons Committee.

As part of its duties, the Board of Directors approves the establishment of the company control functions, the respective duties and responsibilities, the methods of coordination and collaboration, the information flows between the same and between the latter and the Company Bodies, appointing them and revoking their respective managers, having heard from the Board of Auditors, at the proposal of the Risks and Transactions with Connected Persons Committee, which, in turn, obtains the opinion of the Appointments Committee. The Board has also instructed the Chief Executive Officer to implement the guidelines defined by the same through the design, management and monitoring of the Internal Controls and risk management system. In that perspective, the Board guarantees that the company control functions are independent and may have access to all activities of the Group and to any information relevant to the fulfilment of its duties.

The Board of Directors periodically verifies that the organisational structure as well as the resources of the company control functions are qualitatively and quantitatively adequate and coherent with the strategic guidelines of the Group and defines any organisational adjustments and the personnel of the Internal Audit function.

In coherence with Application Criterion 7.C.1 letter b) of the Corporate Governance Code, in order to assess annually the adequacy, effectiveness and efficiency of the Internal Controls and Risk Management System, the Board of Directors, with the support of the Risks and Transactions with Connected Persons Committee, examines the reports of the heads of the company control functions (i.e. Compliance, Anti-Money Laundering, Risk Management and Internal Audit), the information of the Manager in charge of preparing the corporate accounting documents, in conformity with the accounting standards and the requirements of homogeneity dictated by the preparation of the consolidated financial statements, as well as any further useful information for monitoring the company risks produced by the competent structures and/or by the company instructed to perform the accounts audit. At the outcome of that analysis, the Board expresses its assessment, promoting the prompt adoption of suitable corrective measures where significant aspects of criticality emerge.

In the same context, the Board of Directors approves the guidelines of the Internal Audit function, overseeing their implementation and it approves annually, in line with Application Criterion 7.C.1. letter c), of the Corporate Governance Code, the audit plan, having heard from the Board of Auditors and the manager in charge of the internal control and risk management system.

Finally, the Board of Directors promotes the dissemination of a business culture of internal controls that enhances the company control functions, so that all company personnel are aware of the role attributed to them. To that end, the Board of Directors has approved a Code of Ethics, attached to the Organisation and Management Model pursuant to Italian Legislative Decree 231/2001, within which the principles are formalised that the members of the Company Bodies and the employees are required to respect in the conduct of the attributed matters.

Board of Auditors

The Board of Auditors oversees the completeness, adequacy and functionality of the Internal Controls System as well as the risk management and control processes, ascertaining the adequacy of the company functions involved, the correct conduct of the duties and the adequate coordination of the same as well as promoting any corrective interventions of deficiencies and irregularities identified.

For the same purpose, the Board of Auditors, using the company control functions, performs checks with a view to ensuring the regularity and legitimacy of management, the adequacy and compliance of the process in determining the internal capital (ICAAP) with the requirements provided by the regulations, the internal risk measurement systems for determining the capital requirements and their compliance with regulatory requirements, the financial information process, the statutory audit of the annual accounts and the consolidated financial statements. The Board of Auditors participates, inter alia, in the works of the Board of Directors.

The Board of Auditors of the Parent Company acts in close relationship with the corresponding bodies of the companies controlled by it and also has the duty to inform the Supervisory Authorities without delay of all acts and circumstances of which it becomes aware in the exercise of its activities, that may constitute an irregularity in management of the Group.

According to the governance model adopted by the Group, the Parent Company's Board of Auditors is also attributed the functions of supervisory body pursuant to Italian Legislative Decree 231/2001.

Company Control Functions

In accordance with the Supervisory Provisions the company control functions include the Compliance, Anti-Money Laundering, Risk Management and Internal Audit Functions. Those functions are separate between them as well as hierarchically independent from the company functions that perform the activities subject to their controls.

In accordance with the aforementioned provisions and limited to the aspects regulated therein on remuneration and incentive policies and practices, the Resources & Transformation Function is also classified as a company control function.

Compliance Function

According to the adopted model, the management activities of the risk of non-conformity with the rules are centralised at the Parent Company and coordinated by the head of the Group's Compliance and Anti-Money Laundering Function (Chief Compliance Officer). The Function is required to deal with the identification, monitoring and control of the risk of non-conformity with the rules, providing consultancy and support to the operating structures and the business as well as preparing the necessary periodic information to the Company Bodies.

The companies controlled by the Parent Company, in respect of the applicable Supervisory Provisions, or where deemed opportune, identify a representative for the compliance activities. The representative must be formally appointed, by the respective Body with strategic supervision function, having heard from the body with control function, subject to the prior opinion of the Parent Company's Chief Compliance Officer, and report functionally to the Parent Company's Compliance and Anti-Money Laundering Function.

The Compliance and Anti-Money Laundering Function, as the second level company control function, operates according to a risk-based approach, following the principles and techniques of risk management and it contributes to ensuring the conformity of the Group's actions with all regulations to which it is subject.

Indicated below are the duties and responsibilities of the Compliance and Anti-Money Laundering Function defined in respect of the applicable regulatory and legislative provisions, the internal organisational measures in force and the industry best practices. In particular, Compliance is responsible for the following activities:

preparing the relevant guidelines and policies on managing the risk of non-conformity, to be submitted to the corporate bodies, proposing the methods of control of each regulatory area for which the risk of non-conformity is identified;
constantly monitoring the regulatory framework, in order to guarantee that the external legislation is adequately translated into regulations, processes and internal procedures;
providing consultancy and assistance to the corporate bodies and to other Group structures through the issuance of opinions in cases of doubts on the interpretation of external legislation and on the application of internal rules;
defining the methodologies of assessing the risk of non-conformity, identifying measures for the prevention of the identified risk and verifying the adequacy of the same in managing the risk of non-conformity;
monitoring the risks of non-conformity to the rules identified, for the purposes of their mitigation and/or management;
preparing the periodic reports on the adequacy of the control of conformity to be submitted to the corporate and control bodies, including mainly:
o identification and assessment of the main risks of non-conformity to which the Group is exposed and planning of the respective management interventions, concerning both any deficiencies emerging in the company operations and the need to deal with any new risks of non-conformity identified following the annual risk assessment;
o at the end of the controls, the description of the activities performed, the criticalities identified and the remedies identified;
communicating promptly to the corporate and control bodies the issues and violations of conformity considered to be of particular significance;
in the internal capital adequacy assessment process (ICAAP), supporting the Risk Management Function in the assessment of non-quantifiable risks, with specific reference to the reputation risk and to the risk of non-conformity. In addition, the function has the duty of verifying the conformity of the process and supporting Risk Management and the entities involved in defining the same;
collaborating with the other company control functions, according to the methods expressed in the "Regulation on the Integrated Internal Controls System of the doBank Banking Group", in order to achieve an effective integration of the risk management process;
supporting the Resources & Transformation Function in continuously defining and creating training programmes, aimed at strengthening technical-professional skills and updating personnel internal to the Group and the Function itself.

In line with what is established by the Supervisory Provisions and by the internal regulations, the Body with strategic supervision function has appointed the Chief Compliance Officer as head of the Compliance and Anti-Money Laundering Function. In the appointment/revocation process, the opinion of the Risks and Transactions with Connected Persons Committee is also required which, in turn, obtains the opinion of the Appointments Committee.

The Chief Compliance Officer possesses the following requirements:

he is positioned in an adequate hierarchical-functional position; in particular, the manager is positioned hierarchically under the body with management function and has direct access to the body with strategic supervision function and to the body with control function;
possesses adequate requirements of professionalism;
does not have direct responsibility for the operating areas subject to control and is not hierarchically subordinate to the managers of those areas;
reports directly to the Company Bodies; in particular, the head of the function has direct access to the body with strategic supervision function and to the body with control function and communicates with them without restrictions or intermediations.

In relation to the management process of the risk of non-conformity with the rules, the Chief Compliance Officer guarantees control of non-conformity, through the supervision and management of operating activities connected to implementation of the "management process of the risk of non-conformity", transversal to the Group, dealing with its methodological aspects, the adequacy of the contents, the implementation of the relevant controls, also using the collaboration of specialist expertise (e.g. legal, organisational, risk management, technological, human resources, internal audit function) available therein, as well as the contributions provided by the compliance model (e.g. heads of specialist controls, the compliance representative of Italfondiario), as indicated within the Regulation of the Compliance & Anti-Money Laundering Function.

With specific reference to the management process of the risk of non-conformity, the Chief Compliance Officer:

is the owner of the management process of the risk of non-conformity activated in order to monitor the constant and continuous alignment of the company regulations, the organisational structures, the internal provisions, procedures and information system, as well as the training processes, the relevant regulations (of self- and hetero-regulation) and the evolution of the business (e.g. new products/services or business lines, new processes and procedures, revisions of the organisational structures);
is responsible for defining the methodologies both for the analysis and management of the risk of non-conformity with the rules, and for the management of the different operating phases of the management process of the risk of non-conformity and deals with their dissemination among the specialist controls and in the Group companies so that they can be fully incorporated;
oversees the various operating phases provided by the management process of the risk of nonconformity under his remit and deals with updating continuously the mapping of the risks of non-conformity with the assessments and information sent by the different specialist controls and by the other company control functions;
is responsible for the correct implementation of the information flows;
collaborates with the Complaints Management structure, positioned within the Legal and Corporate Affairs Function, for the activities of identifying non-conformity originating from the analysis of complaints received;
guarantees that the procedures adopted are able to ensure the substantial compliance with the obligations imposed by the provisions in force, assesses their methods of execution and identifies any areas of intervention to minimise the current and prospective risk of nonconformity;
collaborates with the other company control functions, also overseeing the reciprocal exchange of suitable information flows in conformity with the requirements of the "Regulation on the Integrated Internal Controls System of the doBank Banking Group";
takes steps to investigate and remedy areas of improvement reported by the Internal Audit Function following findings emerging during verifications under the remit of the Compliance and Anti-Money Laundering Function;
takes steps to investigate and remedy findings by the Supervisory Authorities emerging during inspections under the remit of the Compliance and Anti-Money Laundering Function or other company functions insofar as they are responsible.

Anti-Money Laundering Function

In the context of the centralised organisation model adopted by the Group in relation to the Internal Controls System, the Anti-Money Laundering Function established at the Parent Company fulfils the role of anti-money laundering function on behalf of both the Parent Company and the companies controlled by it, as defined by the regulatory provisions in force, and ensures the management of the risk of money laundering and terrorist financing. The Anti-Money Laundering Function is positioned organisationally within the Compliance and Anti-Money Laundering Function and reports functionally to the body with management function of the Parent Company and has direct access to the body with strategic supervision function and the body with control function of the Parent Company.

In respect of the centralised model adopted by the Parent Company, at each of the companies controlled by the Bank, recipients of the anti-money laundering regulations, a representative or a specific anti-money laundering unit must be identified which, acting in close functional collaboration with the specific structure of the Parent Company, oversees the processes connected to the anti-money laundering regulations in the relevant company.

The Head of Anti-Money Laundering of the Group, for the aspects of specific interest, must be informed comprehensively and promptly of the outcomes of the control activities performed at the companies belonging to the group as well as of any significant occurrence. He has access to all group databases containing information useful for the conduct of its duties.

In that context, in order to implement unitary management of the Group risk level, the Head of the Group's Anti-Money Laundering Function is attributed the duty of informing the Company Bodies of the individual subsidiary companies of the findings of the checks performed. Those findings will be part of the overall report on the activities performed at Group level, provided to the Board of Directors of the Parent Company.

In addition, the Group's Anti-Money Laundering Function includes in the activity plans (also through service agreements) checks and/or consultancy activities - at consolidated level - aimed at ascertaining respect, by all Subsidiaries, of the guidelines and principles imparted by the Parent Company as part of this Regulation as well as the specific regulations applicable to them.

The Anti-Money Laundering Function includes the "STR Unit" in charge of assessing reports of suspicious transactions, which must be sent to the Financial Information Unit (FIU) of the Bank of Italy by the "STR Delegate".

The responsibility and duties of the Function are attributed to the Anti-Money Laundering Manager who is in possession of the following requirements:

he is positioned in an adequate hierarchical-functional position; in particular, he reports functionally to the Chief Executive Officer of the Parent Company;
he is adequately independent, authoritative and professional;
he does not have direct responsibility for operating areas subject to control and is not hierarchically subordinate to the managers of those areas;
he reports directly to the Company Bodies; in particular the Manager of the Anti-Money Laundering Function has direct access to the Board of Directors and to the Board of Auditors of doBank and communicates with them without restrictions or intermediation.

The Anti-Money Laundering Manager, in addition, performs the following duties:

he covers the role of Anti-Money Laundering Manager of the Group and in that sense develops the directives in relation to the recipient Group Companies so as to guarantee a homogeneous approach in line with the defined management model;
he receives specific information flows regarding the outcomes of the control activities performed at the recipient Group Companies and regarding any other significant event;
he has access to every database and every type of information existing in the recipient Group Companies for the purposes of completing his duties;
he performs supervision activities on the different structures of doBank and the recipient Group Companies to which the different duties relating to the management of the anti-money laundering process are entrusted;
he verifies periodically the adequacy of the architecture of the internal control system with particular regard to management of the money laundering and terrorist financing risk.

The Anti-Money Laundering Manager is attributed also the role of Delegate for the assessment and reporting of suspicious transactions for doBank and for the recipient Group Companies (hereafter also "STR Delegate"), in accordance with Art. 42, paragraph 4 of Italian Legislative Decree 231/2007, by virtue of a specific delegation, formalised and adequately brought to the attention of the company structure.

The STR Delegate is in possession of the requirements of independence, authoritativeness and professionalism and has responsibility for the following activities:

he assesses reports received from the recipient Group Companies and the possible consequent transmission of those reports to the FIU;
he archives with the respective motivation the reports deemed not to be well-founded;
he communicates, by the organisational methods deemed most appropriate, the outcome of his assessment to the manager of the Function that originated the report; he promptly informs the Company Bodies if, during his activity, he identifies particular situations of violation of the rules in that regard; he provides consultancy to the operating structures regarding the management of suspicious transaction reports and any abstention from executing the transaction;
he assesses the communications sent by the Board of Auditors and by the Supervisory Body pursuant to Italian Legislative Decree 231/2001 on infractions in relation to suspicious transaction reports, in accordance with Article 52, par. 2, letter b) of Italian Legislative Decree

231/2007;

• he performs a role of liaison with the FIU and manages any requests for further information received from the competent Authorities, therein including the Judicial Authority.

The role and responsibilities of the delegate have been adequately formalised and made public within the Group by way of appropriate communications.

Risk Management Function

As part of the centralised organisation model adopted by the Group in relation to the Internal Controls System, the Risk Management Function, established at the Parent Company, fulfils the role of second level control function on behalf of both the Parent Company and the companies controlled by it.

From the organisational profile, the Risk Management Function reports hierarchically and functionally to the Chief Executive Officer, but with direct access to the Board of Directors.

As defined by the regulatory provisions in force, the function in question provides constantly objective and independent activity, aimed at identifying, measuring, monitoring and preventing as well as communicating to the appropriate hierarchical levels the risks to which the Group is exposed.

Using methodological approaches, applications and reliable instruments, coherent with the degree of complexity of the Group operations, the Risk Management Function guarantees an integrated vision in current and prospective terms of the context of riskiness and capital and organisational adequacy of the Group, verifying the coherence of the Group's risk profile with the risk objectives expressed in the Risk Appetite Framework (RAF).

The RAF constitutes the essential presupposition for determining a risk governance policy and a risk management policy based upon principles of sound and prudent management.

The Risk Management Function, considering the nature of the risks assumed or to be assumed and the availability by the Bank of adequate methodologies and skills for determining their exposure and the respective internal capital, classifies the same into quantifiable risks and risks that are difficult to quantify to be subjected to opportune attenuation and control systems.

The function structures adequate information flows towards the company bodies and functions and also communicates promptly to the same, upon request or by initiative, any problems deemed significant, emerging during the conduct of its activities. The outcomes of the assessments ending with negative opinions or that highlight significant deficiencies are sent in full, promptly and directly, to the Company Bodies.

In general, the function guarantees the dissemination of a risk culture within the Group, cooperating, for the areas of expertise, with the company control functions so as to guarantee a unitary and integrated vision of the Internal Controls System and to ensure the correct interaction and integration between the Group's control functions.

Head of the Risk Management Function

In line with what is established by the Supervisory Provisions and by the internal regulation, the Head of the Risk Management Function (Chief Risk Officer) is appointed by the Board of Directors; in the appointment/revocation process, the opinion of the Risks and Transactions with Connected Persons Committee is also requested, which, in turn, obtains the opinion of the Appointments Committee.

During 2017 the role of Head of the Risk Management Function was covered by Mr Claudio Fanin who reports hierarchically and functionally to the Chief Executive Officer but has direct access to the Board of Directors and is not responsible for any operating area. He reports to the Board directly or by way of the Risks and Transactions with Connected Persons Committee, at least on an annual basis or at the next opportunity, in the case of particular significance, regarding the adequacy, effectiveness and efficiency of the risk management controls performed as part of the second level controls.

With reference to the risk management activities on companies controlled by the Parent Company centralised at the Parent Company and in particular for the supervised company Italfondiario S.p.A., it is noted that: the subsidiary Italfondiario S.p.A., as intermediary subject to the supervision of the Bank of Italy, has outsourced its risk management function to the Parent Company, based upon an intergroup service agreement prepared in conformity with the relevant regulations. In that context, a representative has also been identified for the function - in possession of the requirements of integrity, professionalism and independence required by the Supervisory Provisions – appointed by the Board of Directors of the subsidiary, at the indication of the Parent Company. The representative is positioned under the direct hierarchical management of the Board of Directors of the subsidiary, reports functionally to the Head of the Risk Management Function of the Parent Company and mainly has the duty of supporting the latter in the conduct of the activities under its remit, as regulated in the service agreement.

In relation to other companies controlled by the Parent Company and not supervised, for which there is no requirement to establish functions in charge of control, management and safeguarding of risks, the function ensures the necessary coverage of the main operational processes and respective inherent risks through their inclusion within the second level controls at consolidated level, defined according to an approach based upon the risk level, also with a view to ascertaining the compliance of the behaviours of the companies controlled by the Parent Company with the guidelines imparted by them and the specific regulations applicable to them.

For those subsidiary companies, the Head of the Group's Risk Management Function is attributed the duty to inform the Company Bodies of the individual company of the results of the checks performed by virtue of exercising the management and coordination activities. The respective findings form part of the overall reporting on risk management activities performed at Group level, provided to the Board of Directors of the Parent Company.

During 2017 the Risk Management Function, under the supervision of its Manager and coherently with the planning approved by the Board of Directors, performed interventions that involved both the Parent Company and its subsidiary companies, attributable mainly to the:

periodic review of the Risk Appetite Framework (RAF) and the risk governance policies, collaborating, insofar as it is responsible, with their implementation through periodic monitoring activity and verifying respect of the risk objectives, operating limits and risk indicators defined by the Board of Directors;
revision of the criteria for identifying operations that, for particular risk profiles, are deemed worthy of particular attention and providing preventive opinions on their coherence with the RAF;
operational implementation of the internal capital adequacy assessment process (ICAAP Internal Capital Adequacy Assessment Process) of the Group and respective formalisation in

a specific annual document (ICAAP Report) subject to authorisation of the respective competent bodies before transmission to the Supervisory Authority;

measurement, assessment of quantifiable and non-quantifiable risks, to which the Group is exposed, identification, development and maintenance of the methodologies aimed at promptly identifying any criticalities;
revision of the management and monitoring processes of the liquidity risk, also in light of the new corporate perimeter. Drafting of the "Liquidity Risk Policy of the doBank Banking Group"
start of scouting activity, in relation to operating risks, for the identification of a multicompany market ICT tool, aimed at the management, in a single environment, of the risk process analysis, and the activities linked also to other control functions.
revision of the methodology of the ICT risk assessment and monitoring process to make it more adequate to the new organisational context with simultaneous definition of the new framework of the ICT risk management process for the whole Group;
revision of the operating risks management model also in light of the new corporate perimeter

During the year, the activities aimed at the methodological strengthening of the Function continued through the revision of the Regulation as well as the refinement of the monitoring processes of the exposure to the risks identified.

Internal Audit Function

In the context of the centralised organisation model adopted by the Group in relation to the Internal Controls System, the Internal Audit Function established at the Parent Company fulfils the role of internal audit function on behalf of both the Parent Company and the companies controlled by it, as defined by the regulatory provisions in force, and also ensures a constant, independent and objective assessment of the overall Internal Controls System, so that its respective purposes are guaranteed in the pursuit of improving the effectiveness and efficiency of the organisation.

In particular, the Function is instructed to ensure, in the perspective of third level controls, also through verifications in situ, supervisory action over the due performance of the operations and the processes of the Parent Company and its subsidiaries with the aim of preventing or identifying the onset of anomalous and risky behaviours or situations. It also assesses the completeness, adequacy, functionality and reliability of the organisational structure and the other components of the Internal Controls System, the risk management process and the other company processes, bringing to the attention of the Company Bodies the results of the activity performed and the possible improvements, to the risk management process, to the measurement and control tools of the same and to the internal organisational measures in force.

The Function communicates directly the results of the assessments and checks. The link between the same and the Chief Executive Officer of the Parent Company is in any case guaranteed through adequate information flows and the Managerial Coordination Committee of the Internal Controls System which has the duty of managing, in a coordinated and structured manner, issues relating to the correct functioning of the Internal Controls System and the remediation plans connected to it as well as those relating to the management and monitoring of risks. The Function also has direct access to the Board of Auditors and communicates with it without restrictions or intermediations.

In general, the Function guarantees support to the senior bodies in promoting and disseminating an adequate and solid culture of controls within the Group.

From the organisational profile, the Internal Audit Function is permanent and independent and has the authority, resources and expertise required to perform the duties attributed to it.

The Internal Audit Function is in fact equipped with adequate personnel, by number and technicalprofessional skills, receiving continuous training. In addition, it has economic resources that can be activated autonomously, including recourse to external consultancy.

The Internal Audit Function has free access to all activities - including those outsourced - to all company premises of the Group, both at central offices and at peripheral structures, to internal rules and procedures, to IT systems, to management data and that of any other nature, as well as freedom to perform interviews with personnel, both of the Parent Company and of its subsidiaries, except as otherwise established by law.

In line with the provisions of its mission and without compromising its independence the Internal Audit Function participates, where requested, with consultancy role, in the company working groups on planning issues (e.g. new products, channels, systems, processes, etc.), also for the purpose of contributing to the correct design of the controls system. Finally, it deals with the adoption of initiatives aimed at facilitating the coordination and interchange of information with other company control functions to guarantee a unitary and integrated vision of the Internal Controls System.

11.1 DIRECTOR IN CHARGE OF THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

Without prejudice to the responsibility of the Board of Directors in relation to the establishment of company control functions and to defining the respective roles and responsibilities, on 9 June 2017 the Board of Directors, coherently with Principle 7.P.3. letter a) no. (i) of the Corporate Governance Code entrusted to the Chief Executive Officer, Dr Andrea Mangoni, the function of director assigned to supervise the functions of the internal control and risk management system, attributing to him the following main responsibilities:

dealing with identifying the main business risks, taking account of the characteristics of the activities performed by the Issuer and its subsidiaries, and submitting them periodically for examination by the Board of Directors;
implementing the strategic guidelines, the RAF and, in general, the risk governance policies defined by the Board of Directors, dealing with the planning, implementation and management of the Internal Control and Risk Management System and verifying constantly its adequacy and effectiveness;
adapting the Internal Controls System to the dynamics of the operating conditions and the legislative and regulatory panorama;
asking the Internal Audit Function to conduct checks on specific operating areas and on respect of the internal rules and procedures of business operations, giving simultaneous communication of the same to the Chairman of the Board of Directors, to the Chairman of the Risks and Transactions with Connected Persons Committee and to the Chairman of the Board of Auditors;

• reporting promptly to the Board of Directors on issues and criticalities emerging in the conduct of its activities or of which it has in any case been informed, so that the Board of Directors may assume the appropriate initiatives.

In the conduct of his function, the Chief Executive Officer is supported by the Managerial Coordination Committee of the Internal Controls System, of which he is the Chairman, and in which the heads of the company control functions participate, as permanent members, and, in the capacity of invitees, along with the heads of the other business or support functions who are asked, from time to time, to discuss specific issues. Within that committee, issues are addressed, in a coordinated and structured manner, relating to the correct functioning of the Internal Controls System and to the remedial plans related thereto as well as those relating to risk management and monitoring.

Also through the participation in that committee and the analysis of the respective information flows, the Chief Executive Officer acquires the necessary information to:

guarantee the alignment of the organisation and the Internal Controls System with the principles and requirements provided by existing regulations;
verify continuously the effective management of the overall company risks and the adequacy, effectiveness and efficiency of the related controls;
make proposals aimed at supplementing the annual plans of the company control functions, also through the request for verification activity on specific operating or risk areas, consistently with Application Criterion 7.C.4. letter d) of the Corporate Governance Code, as well as to supervise during the year their effective implementation.

In implementation of his mandate, in line with Application Criterion 7.C.4 letters a), b), c), and e) of the Corporate Governance Code, the Chief Executive Officer thus:

ensures the effective management of risks in their various components, preparing adequate policies and procedures to be observed within the Bank, ascertaining that in the case of violations, the necessary corrective actions are made and outlining information flows aimed at guaranteeing to the competent Company Bodies full awareness of the risk management methods;
implements the necessary initiatives to guarantee continuously the completeness, adequacy, functionality and reliability of the Internal Controls System and informs the Board of Directors of the results of the checks made, preparing and implementing the necessary corrective or adjustment interventions in the case of deficiencies or anomalies as well as following changes to the legislative or regulatory context or the introduction of new relevant activities, services and processes;
guarantees to the Board of Directors effective and constant dialectic discussion, also using the collaboration of the company structures which respond to the same as the head of the internal structure, to allow them to verify over time the choices and decisions assumed by them in relation to the internal control and risk management system.

11. 2 HEAD OF THE INTERNAL AUDIT FUNCTION

In coherence with Principle 7.P.3. letter b) of the Corporate Governance Code, the Board of Directors resolves with exclusive responsibility in relation to the appointment and revocation of the Manager of the Internal Audit Function, at the proposal of the Risks and Transactions with Connected Persons Committee, which, in turn, obtains the opinion of the Appointments Committee, and having heard the opinion of the Board of Auditors.

During 2017 the role of Head of the Internal Audit Function was covered by Dr Paolo Poncetta who reports hierarchically to the Board of Directors and is not responsible for any operating area, as provided also by Application Criterion 7.C.5. letter b) of the Corporate Governance Code. He reports to the Board of Directors directly or by way of the Risks and Transactions with Connected Persons Committee, at least on an annual basis or at the next opportunity, in cases of particular significance, on the adequacy, effectiveness and actual functioning of the Internal Controls System. In line with Application Criterion 7.C.1, second part of the Corporate Governance Code, the Board of Directors also resolves, subject to the favourable opinion of the Risks and Transactions with Connected Persons Committee and having heard from the Board of Auditors, in relation to the remuneration of the Manager of the Internal Audit Function based upon criteria and parameters separated from the performance of the Bank, coherently with the provisions of the company policies.

In order to fulfil his mandate to verify the operations and suitability of the Internal Control and Risk Management System, the Head of the Internal Audit Function performs the following activities:

defines and implements an annual and long-term audit plan based upon a risk assessment methodology that takes into consideration the evolutionary aspects of the business and the related development strategies of the Group, the emerging risk and the significant changes in the organisational structures and processes, the restrictions deriving from regulatory and contractual rules, the requests of Management and the Company Bodies (Application Criterion 7.C.5. letter a) of the Corporate Governance Code. The long-term plan is also updated on an annual basis in order to reflect promptly any significant evolutions in the risk profile of the Bank following modifications in the business, organisational or regulatory context. In order to guarantee that the plan is dynamic and to deal with, during the year, any unplanned intervention requests, the annual plan provides for the establishment of a suitable reserve of resources from those available. The audit plans are submitted for approval to the Board of Directors subject to the examination of the Risks and Transactions with Connected Persons Committee;
issues, in line with Application Criterion 7.C.5. letters d) and f) of the Corporate Governance Code, periodic informative reports to the Board of Directors, subject to examination of the Risks and Transactions with Connected Persons Committee, to the director in charge of the internal control and risk management system and to the Board of Auditors which provide summary assessments on the suitability of the internal control and risk management system and an update on the stage of progress and the results of the planned (half-yearly and annual) audit activities as well as on the implementation of the action plans defined by management (quarterly);
promptly informs the Board of Directors, the Risks and Transactions with Connected Persons Committee, the director in charge of the Internal control and risk management system as well as the Board of Auditors, of the reports prepared at the outcome of the individual audit interventions that contain aspects of particular significance for the purposes of assessing the overall Internal Controls and Risks Management System (Application Criterion 7.C.5. letter e) and f) of the Corporate Governance Code;
communicates appropriately and transparently with the supervisory authorities, with reference to the audit activities;
maintains qualified resources within the Internal Audit Function equipped with expertise, knowledge, capacity and experience necessary for the full implementation of its mission;
has direct and unlimited access to all information and documentation useful for the conduct of the individual assignments, in coherence with Application Criterion 7.C.5. letter c) of the Corporate Governance Code.

For the fulfilment of his duties, the Head of the Internal Audit Function has an adequate annual budget, subject to approval by the competent Company Bodies and able to cover, in particular, the main requirements linked to the use of technical consultancies on specific matters and the professional training requirements of the resources.

With reference to the audit activities on subsidiary companies centralised at the Parent Company and in particular for the supervised company Italfondiario S.p.A., coherently with what is regulated in the outsourcing contract prepared in conformity with the relevant regulations, during 2017 the body with strategic supervision function of the company appointed a representative, positioned under the direct hierarchical power of that body and that reports functionally to the Group's Head of Internal Audit. That representative has the duty of supporting the Manager of the function in implementing the audit plan approved by the Board of Directors of Italfondiario S.p.A., in the management of relationships with the Company Bodies as well as the prompt reporting of events or situations of particular relevance.

In relation to the other non-supervised subsidiary companies, as there is no representative, the Head of the Internal Audit Function guarantees the necessary coverage of the main operating processes and the respective related risks through their inclusion within the Group audit plan. For those companies, the Group's Head of Internal Audit Function has the duty of informing the Company Bodies of the individual company controlled by the Parent Company of the results of the checks performed by virtue of exercising the management and coordination activities, by way of the overall reporting on the audit activities performed at Group level.

During 2017 the Internal Audit Function, under the supervision of its Manager and coherently with the planning approved by the Board of Directors, performed interventions involving both the Parent Company and its subsidiary companies attributable to three main areas of intervention connoted by logics of priority and peculiar risk profiles:

governance processes, relating to defining the business strategies, planning and management control, risk management and controls, management of the corporate bodies;
business processes, which include "core" activities of the Bank, with regard to both the management and recovery of performing / non-performing credits, and to the "banking" sector, aimed at the integrated offer of credit products;
support processes, aimed at the correct functioning of the company, through the management of projects, processes and procedures and the conduct of administrative and management activities of company, financial, human, technological, tangible and intangible resources.

This latter area includes verification activities aimed at assessing the reliability of the information systems (Application Criterion 7.C.5. letter g) of the Corporate Governance Code). In implementing those activities, the Head of the Internal Audit Function, as well as internal specialist resources inserted into the workforce during the year, has obtained support from consultancy personnel, equipped with adequate requirements of professionalism, independence and organisation, to make up for the still incomplete availability of internal resources, with respect to the coverage requirements highlighted in the planning phase.

During 2017, the process of methodological strengthening of the Internal Audit Function continued through the revision of its Regulation, the launch of the project for the implementation of an ICT application able to support in an integrated and coordinated manner all phases of the audit process (i.e. risk assessment, planning of activities, implementation of interventions, reporting and monitoring of action plans), the consequent review of the methodology applied and its formalisation in the manuals of the function. Pending the aforementioned implementations, interventions aimed at strengthening the effectiveness of the audit processes concerned the monitoring process of the action plans and the formats used for the reporting produced by the Function.

11.3 ORGANISATION MODEL pursuant to Italian Legislative Decree 231/2001

doBank has proceeded with the overall and organic review of its Organisation and Management Model pursuant to Italian Legislative Decree 231/2001 (hereafter: the "Model"), in order to:

define an effective approach of continuous update and management of the Model;
incorporate the new organisational structure;
align the Model to the applicable best practices, to the relevant guidelines (Confindustria and ABI) and to the most recent case law rulings and doctrine guidelines existing in that regard;
extend the perimeter of the crimes considered in the Model to all circumstances currently identified in accordance with Italian Legislative Decree 231/2001

On 15 July 2017, the doBank Board of Directors approved the new model and, following an analysis of market best practices, entrusted to the Board of Auditors the role of Supervisory Body, appointing the Chairman of the Board of Auditors, Dr Francesco Bonifacio, as Chairman of the Supervisory Body, and as members of the same the Statutory Auditors Dr Nicola Lorito and Dr Massimo Fulvio Campanelli, with the term of the assignment coinciding with that of the Board of Directors.

Special Part of the 231 Model

The contents and structure of the Special Part have been reviewed, achieving the drafting of a new text, constituted by 10 "Sensitive Areas", each concerning one or more families of crime and/or circumstances of crime, identified due to the common sensitive activities and standards of control and conduct:

Sensitive Area I Crimes against the Public Administration and crime of bribery among private entities;
Sensitive Area II Corporate crimes;
Sensitive Area III Crimes of organised and transnational criminality;
Sensitive Area IV Crimes for the purpose of terrorism and subversion of the democratic order and receiving stolen goods, money laundering and use of cash, goods or utilities of unlawful origin, as well as self-laundering;
Sensitive Area V Crimes and administrative offences of abuse of privileged information and insider dealing;
Sensitive Area VI Crimes in relation to occupational health and safety;
Sensitive Area VII Computer crimes and crimes relating to unlawful data processing;
Sensitive Area VIII Crimes of falsification of coins, revenue stamps and instruments or signs of recognition, against industry and trade and in relation to violation of copyright
Sensitive Area IX Environmental crimes;
Sensitive Area X Crimes of use of third country citizens without a regular permit.

Coherently, a new version of the doBank Code of Ethics was also prepared, which constitutes an integral part of the Model and defines the set of ethical principles, duties and responsibilities that the Bank assumes to achieve the corporate objectives and that, therefore, must be observed by all employees.

Predicate crimes of Italian Legislative Decree 231/2001

The annex to the Model, entitled "Predicate Crimes of Italian Legislative Decree 231/2001", an integral part of the Model itself, provides a description of the crimes and administrative offences whose commission determines, upon the occurrence of the presuppositions provided by Italian Legislative Decree 231/2001, the onset of administrative liability of the entity in accordance with and for the effects of the cited regulation.

The Model as well as the Code of Ethics is consultable on the doBank Internet Website, at the page: https://www.dobank.com/it/governance/modello-ex-dlgs-23101.

11.4 INDEPENDENT AUDITING COMPANY

The Shareholders' Meeting on 17 June 2016 granted to E.Y. S.p.A. the statutory auditing assignment of the financial statements and the consolidated financial statements of the Group as well as the accounts audit limited to the consolidated half-yearly report for each of the nine financial years closing from 31 December 2016 to 31 December 2024.

E.Y. S.p.A. was also granted, by way of separate formalised agreements, the auditing activities of the financial statements of some of the doBank subsidiary companies.

11.5 MANAGER IN CHARGE OF PREPARING THE CORPORATE ACCOUNTING DOCUMENTS AND OTHER COMPANY ROLES AND FUNCTIONS

By resolution made on 10 April 2017, the Board of Directors appointed Mr Mauro Goatin as Manager in charge of preparing the corporate accounting documents (hereafter: "Manager in Charge"), subject to the favourable opinion of the Board of Auditors, in compliance with the provisions of Art. 154(2) of the Consolidated Finance Law.

The Manager in Charge is granted adequate powers and means to exercise the duties attributed by the regulation, while the Board of Directors is responsible for overseeing the fact that the Manager in Charge has those powers and means and that he respects the administrative and accounting procedures. The presence of an adequate structure reporting directly to the Manager in Charge is the principal element that characterises the availability of adequate means and powers provided by the regulation. To that end, the Manager in Charge uses the "262 Manager", as a resource specifically dedicated to the conduct of the control and management activity of the control model of the Manager in Charge.

The Manager in Charge has the responsibility to certify:

the adequacy and effective application of the administrative and accounting procedures during the financial year to which the documents refer;
that the documents are drafted in compliance with the applicable international accounting standards recognised by the European Community in accordance with (EC) Regulation no. 1606/2002 of the European Parliament and of the Council, dated 19 July 2002;
the correspondence of the documents with the results of the accounting books and records;
the suitability of the documents to provide a true and correct representation of the capital, economic and financial situation of the issuer and the set of Companies included in the consolidation;
for the financial statements and consolidated financial statements, that the management report includes a reliable analysis of the management performance and result, as well as the situation of the issuer and the consolidated companies, together with a description of the main risks and uncertainties to which they are exposed;
for the abbreviated half-yearly financial statements, that the interim management report contains references to the important events of the first six months of the financial year and their incidence, together with a description of the main risks and uncertainties for the rest of the financial year.

The Manager in Charge participates at meetings of the Board of Directors of the Group Companies and/or of the Board of Auditors, where the agenda concerns matters under his remit.

The information flows between the Manager in Charge and the other company control functions are regulated in the "Regulation on the Integrated Internal Controls System of the doBank Banking Group". In addition, the Manager in Charge holds meetings and information exchanges with the Independent Auditing Company regarding the respective activities, with particular reference to any points of attention on internal controls.

The Managers of the other company functions, having specific duties in relation to internal control and risk management, in conformity with Application Criterion 7.P.3, letter C of the Corporate Governance Code, have been indicated in the above paragraphs of this Report, within the specific sections dedicated to Internal Audit, Risk Management, Compliance and Anti-Money Laundering.

11.6 COORDINATION BETWEEN ENTITIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

In coherence with principle 7.P.3 of the Corporate Governance Code, the duties and responsibilities of the various control bodies and functions along with the information flows between the different functions/bodies and between these and the Company Bodies are defined in detail within the Regulation on the Integrated Internal Controls System of the doBank Banking Group approved by the doBank Board of Directors on 25 May 2017.

In order to guarantee a unitary and integrated vision of the Internal Controls System and to guarantee correct interaction and integration between the company control functions, a series of coordination and collaboration mechanisms are also defined, in coherence with Application Criterion 7.C.1, letter d), aimed at maximising the synergies and avoiding any potential area of overlapping or deficiency of control.

In particular, productive interaction between the company control functions is guaranteed through the pursuit of the following objectives:

sharing of methodologies and metrics with which the different functions perform their assessments;
elimination of methodological and organisational overlapping;
improvement of communication between the company control functions and the Company Bodies;
sharing of information and assessments made.

Those objectives are achieved through the following interaction mechanisms which are positioned within the more general framework of active and constant collaboration between the company control functions:

participation in the process of definition/update of the internal regulations on risks and controls;
exchange of information flows, documentary and of data, such as on the planning of control activities and the outcome of the same;
participation in Board Committees (Risks and Transactions with Connected Persons Committee) and Managerial Committees (Internal Controls System Coordination Committee);
organisation of periodic meetings between the company control functions
participation in joint working groups established on matters directly connected to the functioning of the Internal Controls System and the control functions (e.g. definition of a common risk assessment metric, definition of a Group policy for risk acceptance).

The improvement of the interaction between control functions and the constant update to the Company Bodies by the same, in relation to the activities performed, are aimed at contributing over time to company governance that guarantees sound and prudent management also through a more effective safeguarding of risk at all company levels.

12.0 INTERESTS OF DIRECTORS AND TRANSACTIONS WITH RELATED PARTIES

The Board of Directors, by decision made on 25 May 2017, approved the "Procedure of the doBank Group for the Management of Transactions with Connected Persons, Related Parties and Transactions in Conflict of Interest" (hereafter: the "Procedure"), entering into force on 14 July 2017, the day of Listing.

The Procedure was submitted preventively to the Risks and Transactions with Connected Persons Committee, which expressed a favourable opinion to its approval.

The Procedure, in respect of the regulatory supervisory provisions and in conformity with the CONSOB Related Parties' Regulation, is aimed at defining, as part of the operations of the Bank and more generally the Group, the principles and rules to be observed for controlling the risk deriving from situations of possible conflict of interest determined by the vicinity of those entities to the decision-making centres of the Bank and the Group.

More generally, the Procedure is structured as an organic compendium aimed at regulating unitarily the governance aspects as well as the areas of application and the procedural and organisational processes in relation to transactions with related parties (in accordance with the CONSOB Regulation), with connected persons (in accordance with Title V, Chapter 5 of Circular 263) and with company representatives (in accordance with Art. 136 of the Consolidated Banking Law).

In view of the affinity present in the CONSOB Related Parties' Regulation and in the Supervisory Provisions, doBank has determined a "Single Perimeter", which includes both the "CONSOB Related Parties" and the "Bank of Italy Connected Persons", to which the decision-making procedures provided in the Procedure unitarily apply.

The Procedure thus involves an architecture aimed at regulating:

the identification, update and monitoring continuously of the perimeter of entities in conflict of interest (Single Perimeter);
the management of transactions with entities in conflict of interest, with reference, inter alia, to:
identification of transactions, including cases of exemption and exclusion, considering that, in relation to the thresholds of relevance, the Procedure identifies, distinguishes and regulates transactions of most significance, transactions of lesser significance and transactions of small amount;
management of the decision-making process on transactions, differentiated based upon the different thresholds of significance identified by the Procedure;
reporting and transparency obligations towards the corporate bodies (Board of Directors, Board of Auditors, Risks and Transactions with Connected Persons Committee and Shareholders' Meeting), the supervisory authorities and the market.
the methods of conducting the activities for managing transactions concluded with entities in conflict of interest;
the operating and organisational structures involved in the process and their respective duties;
the information flows, both internal and external;
the monitoring and control activities of those transactions;
the methods of updating those procedures.

The full text of the Procedure, to which reference is made for any further detail, is available on the doBank Internet Website, at the page https://www.dobank.com/it/governance/parti-correlatesoggetti-collegati.

Finally, it is noted that, in respect of the principle established by Art. 2391 of the Italian Civil Code (on the interests of Directors) Art. 136 of the Consolidated Banking Law applies to doBank, as a banking company, in accordance with which the bank representatives may not enter into obligations of any nature or complete acts of sale, directly or indirectly, with the bank that they administer, manage or control except subject to resolution by the management body made unanimously and with the favourable vote of all members of the audit body, without prejudice to the obligations provided by the Italian Civil Code, in relation to the interests of Directors.

To that end, the Directors and Auditors of the Bank have communicated, and periodically update, the list of entities - legal or natural persons - for which the finalisation of any relationships may constitute the case of obligation referable essentially to the banking representatives.

13.0 APPOINTMENT OF AUDITORS

Art. 23 of the Articles of Association establishes that the appointment of the Board of Auditors occurs by the Shareholders' Meeting based upon lists submitted by the legitimated parties, in which the candidates are listed in sequential order.

The lists are split into two sections, indicating, respectively, up to 3 (three) candidates for the role of Statutory Auditor and up to 2 (two) candidates for that of Alternate Auditor. If a list presents candidates to the role of Statutory Auditor and Alternate Auditor, at least the first candidate to the role of Statutory Auditor and at least the first candidate to the role of Alternate Auditor indicated in the respective sections must have been registered for at least three years in the register of statutory auditors and must have exercised the activity of statutory accounts auditing for a period of no less than 3 years. If a list presents a number of candidates equal to or greater than 3, each section for the appointment to Statutory Auditor and to Alternate Auditor must present a number of candidates belonging to the least represented gender that ensures, within that section, respect of the gender balance at least to the minimum extent required by the legislation, even regulatory, in force.

No candidate, under penalty of forfeiture of his/her candidacy, may appear in more than one list.

Each entity legitimated to vote (as well as (i) the legitimated entities belonging to the same group, thereby meaning, the controlling entity, even non-corporate, in accordance with Art.2359 of the Italian Civil Code and every company controlled by or under the common control of the same entity or (ii) parties to the same shareholders' agreement pursuant to Article 122 of the Consolidated Finance Law, or (iii) legitimated entities that are otherwise connected between them by virtue of significant relationships of connection in accordance with the legislation and/or regulations in force and applicable) may present or contribute to presenting only one list, just as each candidate may appear in only one list under penalty of ineligibility.

In accordance with the Articles of Association, Shareholders that, at the time of submitting the list, are holders, alone or together with other submitting Shareholders, of shares with voting right representing at least 2.5% of the share capital having the right to vote in the ordinary Shareholders' Meeting may subject a list for the appointment of the Auditors.

By CONSOB resolution no. 20273 dated 24 January 2018, the limit relating to the share of investment was fixed at 1%.

Certification of the minimum share of investment may be produced even after the deposit provided that this is done by the deadline laid down for the publication of those lists.

The lists must, under penalty of forfeiture, be filed at the company's registered office, even by way of a distance communication technique and according to methods made known within the notice of convocation that allow for the identification of entities filing the list, by the twenty-fifth day before the date of the Shareholders' Meeting (or by the different deadline laid down from time to time by the applicable regulations) and they are made available to the public at the registered office, on the doBank Internet Website and by the other methods provided by existing regulations, at least twentyone days before the date of the Shareholders' Meeting (or by the different deadline laid down from time to time by the applicable regulations).

Together with the lists, and again by the deadline indicated above, the legitimated entities that have submitted them must also file the additional documentation and declaration required by the legislation, even regulatory, in force each time. The list for which the rules indicated above have not been respected is considered not to have been submitted.

Each person entitled to vote may vote on only one list.

The election of the members of the Board of Auditors occurs as follows:

(i) 2 (two) Statutory Auditors and 1 (one) Alternate Auditor are taken from the list that obtained the highest number of valid votes, in the sequential order in which they are listed on that list;
(ii) the remaining Statutory Auditor and the remaining Alternate Auditor are taken from the list that obtained the highest number of votes after that indicated in point (i) above, with the first candidates of the respective sections being elected, respectively, Statutory Auditor and Alternate Auditor.

The Statutory Auditor taken from the list that obtained the highest number of votes after than indicated in point (i) above is assigned the Chairmanship of the Board.

In cases where, in the terms and methods indicated above, only one list is submitted, or where no list is submitted, or even where a number of candidates equal to that to be elected is not present in the lists, the Shareholders' Meeting resolves for the appointment or supplementation by relative majority. In the case of equal votes among multiple candidates, a second ballot will be held between the same, by way of further Shareholders' Meeting vote. The Shareholders' Meeting is required in any case to ensure respect of the gender balance provided by the legislation, even regulatory, in force.

In the case of death, resignation or forfeiture or absence for any other reason of a Statutory Auditor, he is replaced by the Alternate Auditor belonging to the same list on which the outgoing Auditor was listed according to the sequential listing order, in respect of the minimum number of members registered in the register of statutory auditors who have exercised statutory accounts auditing activity and the principle of gender balance. If this is not possible, the outgoing Auditor is replaced by the Alternate Auditor having the indicated characteristics taken gradually from the lists that received the most votes among those of minority, according to the sequential listing order. If the appointment of the Auditors is not done with the list vote system, the Alternate Auditor will take over as provided by legal provisions. If the Chairman of the Board of Auditors is replaced, the replacement Alternate Auditor also assumes the role of Chairman. The Shareholders' Meeting provided by Article 2401, paragraph 1 of the Italian Civil Code proceeds with the appointment or replacement of the Auditors in respect of the principle of necessary representation of minorities and gender balance. If that Shareholders' Meeting does not confirm the Alternate Auditor taking over in the role of Statutory Auditor, the same will return to cover the role of Alternate Auditor.

14.0 COMPOSITION AND FUNCTIONING OF THE BOARD OF AUDITORS (pursuant to Art. 123(2), paragraph 2, letters d) and d(2)) of the Consolidated Finance Law)

The already cited Art. 23 of the Articles of Association requires at least 2 Statutory Auditors and 1 Alternate Auditor to have been registered for at least three years on the register of statutory auditors and to have exercised statutory accounts auditing activity for a period of no less than three years.

All Auditors must be in possession of the requirements of eligibility, integrity and professionalism provided by law and by the other applicable provisions and, for the purposes of Art. 1, paragraph 2, letters b) and c) of the Decree of the Ministry of Justice 30 March 2000, no. 162, which establishes the requirements of professionalism and integrity.

The Auditors may assume roles of management and control at other companies within the limits established by the legislation, including regulatory, in force.

In addition, in conformity with the recommendations indicated in Application Criterion 8.C.1 of the Corporate Governance Code, the doBank Auditors must be in possession of the independence requirements provided by Art. 3 of that code as well as the requirements indicated in Art. 148, paragraph 3 of the Consolidated Finance Law.

With reference to Application Criterion 8.C.4 of the Corporate Governance Code, it is noted that, the "Group Procedure for the Management of Transactions with Connected Persons, Related Parties and Transactions in Conflict of Interests" provides, in addition to the procedure for the correct management of any transactions for the company representatives, that, where the members of the Board of Auditors have an interest in the operation, on their own behalf or that of third parties, they inform the other Auditors, specifying the nature, terms, origin and scope of the interest.

In addition, in the conduct of its duties and activity, the Board of Auditors constantly liaises through periodic and reciprocal involvements as well as prompt information exchanges - with both the Risks and Transactions with Connected Persons Committee, and with the Internal Audit Function. That activity was completed through the constant participation of the Chairman of the Board of Auditors, or another Auditor instructed for this purpose, at meetings of the cited committee (as, moreover, already highlighted in Chapter 10 above) and the manager of the Internal Audit Function at periodic meetings of the Board of Auditors (Application Criterion 8.C.6 of the Corporate Governance Code).

The doBank Auditors currently in office were appointed by the Shareholders' Meeting on 30 October 2015 i.e. before the Listing). As a consequence, the Auditors in office (whose mandate will expire at the date of the Shareholders' Meeting convened to approve the financial statements of the Financial Year) were not chosen in conformity, inter alia, with Application Criterion 8.C.1 of the Corporate Governance Code. However, in view of the Listing, all Auditors declared to possess the independence requirements provided by it (with reference to the directors) and the Board of Directors, at the meeting on 9 June 2017, assessed the existence of the independence requirements for each of the Auditors, communicating the outcome of its assessments in the Registration Document filed at CONSOB for the purposes of admission to listing of the doBank shares. The Board of Auditors has acknowledged that there is no hindrance to the assessment checks of the cited independence requirements.

During 2017, the Board of Auditors held 16 meetings, with average duration of roughly 3 hours and 30 minutes each. With reference to the percentage of attendance of each Auditor at the meetings, we refer to Table 3 at the foot of this Report.

Table 3 also indicates the relevant information in relation to each member of the Board of Auditors in office, at the approval date of this Report.

On 1 August 2017, at the initiative of the Chairman of the Board of Directors, a training day was held dedicated to the theme of "market abuse", with the support of specialist external consultants. That initiative, which saw the distribution of specific training material, was held at the Company's registered office, with the participation of all members of the Board of Auditors and the Board of Directors. The initiative satisfied training requirements and also increased the cohesion between the members of the corporate bodies.

On the occasion of the next Shareholders' Meeting, convened for the day of 19 April 2018 to approve the financial statements relating to the Financial Year, the Shareholders will be asked to resolve, inter alia, on the appointment of the new Board of Auditors. As noted above, that renewal will be the first after the admission of the doBank shares on the MTA and will therefore take place, for the first time, based upon the list vote mechanism, as regulated by the Consolidated Finance Law and by the Articles of Association of the Company; consequently, the Company will bring itself in line with the provisions on gender balance in the composition of the Audit Body (in accordance with Articles 147(3), paragraph 1(3) and 148, paragraph 1(2), of the Consolidated Finance Law), and the existence of the requirements indicated above for the members of the Board of Auditors will be assessed by the Board of Directors and by the Board of Auditors:

(i) after the appointment, giving information to the market of the outcomes of that verification by press release (Application Criterion 8.C.1 of the Corporate Governance Code);

(ii) on an annual basis, providing the respective results in the Corporate Governance Report.

14.1 Diversity policies

The Board of Directors in the report prepared in accordance with Art. 125(3) of the Consolidated Finance Law, in illustration of the item on the agenda of the convened shareholders' meeting and relating to the renewal of the audit body, has, inter alia, taken account of the policies on diversity, provided in the "Policy on the Composition of the Corporate Bodies", approved on 9 November 2017, as well as the applicable rules in that regard and, in particular, those relating to gender and the training path. In that regard, it is noted that the Board of Directors has favoured the existence of those characteristics, irrespective of the age of the individual. The policies on gender diversity will be applied for the first time with the renewal of the roles provided with the approval of the financial statements at 31 December 2017.

14.2 Self-Assessment

The Issuer's Board of Auditors has also conducted the self-assessment process; the activity was performed, as for the self-assessment of the Board of Directors, with the support of independent external professionals.

As for the Board, the self-assessment concerned the period preceding the Listing and was performed on the basis of the "Programme of the Self-Assessment Process of the Board of Auditors". At the end of the process, the "Report on the Outcome of the Self-Assessment of the Board of Auditors" was prepared, which revealed the correct and effective functioning of the audit body.

In relation to profiles susceptible to improvement, as well as the desired implementation of the skills that can be used by the Board of Auditors, the opportunity was identified for the same, as appropriate and according to the specific nature of the issues discussed, to make available to the Board of Directors part of its minutes to inform the Board of Directors, on specific issues, of the stance taken by the Board of Auditors and any activities that the Board of Auditors deems useful to solicit.

Finally, it is noted that on 14 December 2017 the Board of Auditors drafted and adopted its own Regulation.

15.0 RELATIONSHIPS WITH SHAREHOLDERS

The establishment and maintenance of a constant and productive dialogue with the shareholders, institutional investors and other specific stakeholders is considered by doBank to be a duty towards the market.

That dialogue, according to the rules and procedures that regulate the disclosure of privileged information, is aimed at adopting the best applicable professional practices and is based upon principles of transparency, promptness and completeness of information.

Also with the aim of ensuring broad and simple dissemination of the same among the public, doBank publishes relevant information of strategic, financial and corporate governance nature, price sensitive press releases, the main metrics on the performance of the shares on the Stock Exchange, and the appointments scheduled by the Company's financial calendar in the "Investor Relations" section of the doBank Internet Website; that information also facilitates the participation of the shareholders in the shareholders' meeting, facilitating the exercise of its rights.

The Company, in conformity with (Application Criterion 9.C.1 of the Corporate Governance Code), has chosen to establish for itself a company structure dedicated to managing the relationships with shareholders, known as Investor Relations and entrusted to Dr Manuela Franchi, Head of Finance, Investor Relations and M&A; the structure is positioned within the Administration, Finance and Control Department and can be reached through the following channels:

e-mail: [email protected]

telephone: +39 06 47979154

16.0 SHAREHOLDERS' MEETINGS (pursuant to Art. 123(2), paragraph 2, letter c) of the Consolidated Finance Law)

In accordance with the law, the Shareholders' Meeting is ordinary and extraordinary and meets, usually, in the town in which the Company is based, unless otherwise decided by the Board of Directors, provided that it is in Italy or in another country in which the Company performs its activity (also by way of its subsidiaries).

In conformity with existing provisions of law and regulations, the Articles of Association of the Company provide that the ordinary Shareholders' Meeting is convened at least once a year, within 120 days from the year-end, to resolve upon the matters attributed by law and by the Articles of Association to its remit.

The Shareholders' Meeting, both ordinary and extraordinary, is convened within the terms of law and regulations by way of notice published on the Company's Internet Website at the page https://www.dobank.com/it/governance/assemblea-azionisti, as well as by the other methods provided by the legislation in force, including regulatory.

The Shareholders' Meeting is held at first convocation. The Board of Directors may establish that the Shareholders' Meeting is held in a number of convocations. The majorities provided by existing regulations are applied.

In order for the constitution of the Shareholders' Meeting, both ordinary and extraordinary, and its respective resolutions to be valid, the provisions of law and the articles of association are observed; the majorities provided by existing regulations are applied.

The Company's Articles of Association, moreover, provide for qualified quorums for the approval of the remuneration policies, where the Board of Directors propose (in respect of the conditions and limits laid down by the regulatory provisions applicable each time) to raise the limit to the incidence of variable remuneration on fixed remuneration up to a maximum of 2:1.

In that case, therefore, for the constitution of the Shareholders' Meeting and the resolutions made by it to be valid, the following quorums are observed:

the Shareholders' Meeting is constituted by at least half of the share capital and the resolution is made with the favourable vote of at least 2/3 of the share capital represented in the Shareholders' Meeting;
the resolution is made with the favourable vote of at least 3/4 of the capital represented in the Shareholders' Meeting, whatever the share capital with which the Shareholders' Meeting is constituted.

In accordance with the Articles of Association, and in line with existing provisions on remuneration and incentive policies and practices issued by CONSOB and, for banks and banking groups, by the Bank of Italy, the ordinary Shareholders' Meeting, as well as establishing the fees due to the bodies appointed by the same, approves: (i) the remuneration and incentive policies in favour of bodies with strategic supervision, management and control and the remaining personnel; (ii) the remuneration plans based upon financial instruments; (iii) the criteria for determining the fee to be granted in the case of early termination of the employment relationship or early cessation from the role, therein including the limits fixed to that fee in terms of annual payments of fixed remuneration and the maximum amount deriving from their application.

The agenda is established by those exercising the power of convocation in the accordance with the law and the articles of association.

The right to add to the agenda may be exercised, in conformity with existing regulatory provisions, by as many shareholders as, even jointly, represent at least 2.5% of the share capital: in that case, they also prepare a report that sets out the motivation of the resolution proposals on new matters that they propose be discussed. The Shareholders may also submit further resolution proposals on matters already on the agenda, indicating the respective motivations.

By the deadline for publishing the notice of convocation, or in the different term provided by the legal provisions, the Board of Directors guarantees the provision to the public of a report on each item on the agenda.

16.1 Legitimacy, attendance and voting methods

In accordance with the Articles of Association and in respect of existing regulations, the holders of shares having voting right may attend at the Shareholders' Meeting, provided that their legitimacy is certified according to the methods and terms provided by the legislation, including regulatory, in force each time.

The legitimacy to attend at the Shareholders' Meeting and to exercise the right to vote is certified by a communication to the Company, made by the intermediary in favour of the entity holding the right to vote, based upon the respective evidence at the end of the accounting day of the seventh open trading day prior to the date fixed for the Shareholders' Meeting at first convocation.

Art. 9 of the Articles of Association reserves to the Chairman of the Shareholders' Meeting the right to ascertain, in general, the right of attendance at the Shareholders' Meeting, as well as to resolve any disputes.

The Articles of Association DO NOT provide the right for the Shareholders to attend at the Shareholders' Meeting by means of telecommunication, or to exercise the voting right electronically.

The Articles of Association also provide that the Shareholder holding the right to attend at the Shareholders' Meeting may be represented by written proxy by another person, even a nonshareholder, provided that this is in respect of the provisions of law. The voting delegation may also be granted by electronic document signed digitally in accordance with the provisions of existing regulations and notified to the Company by specific e-mail address in the methods indicated in the notice of convocation, or by other methods chosen from those provided by the legislation, including regulatory, in force and indicated in the notice of convocation.

As already highlighted in several points of this Report, the Shareholders' Meeting convened for 19 April 2018 is the first that will take place after the Listing of the Company's shares on the MTA and, consequently, Application Criterion 9.C.2 of the Corporate Governance Code (which recommends the participation of the Directors in the Shareholders' Meetings of the Company as an important opportunity for discussion between those Directors and Shareholders) is considered here in highlighting that in general the Directors have duly participated at the Shareholders' Meetings held during the year 2017. On those occasions, the Board of Directors was able to report on the activity performed and planned and took steps to provide to the Shareholders adequate information on the necessary elements so that the (then) Sole Shareholder could assume, in full awareness, its decisions.

16.2 Conduct of Shareholders' Meeting works

By resolution made on 10 April 2017, the Shareholders' Meeting of doBank, approved its Regulation. The respective document is available to the shareholders and the public indistinctly on the doBank Internet Website, in the Governance section, as well as, for those who are legitimated to attend and exercise the voting right, at the registered office of the Company and in the locations in which the Shareholders' meetings are held each time.

Art. 16 of the Shareholders' Meeting Regulation grants to those entitled to participate based upon the law and the Articles of Association (the "Legitimate Attendees" as shareholders or their delegates, Directors, Auditors and Secretary of the meeting) the right to attend at the Shareholders' Meeting and to take the floor on each of the items up for discussion.

Those intending to exercise the right to take the floor must make a request to the Chairman (by show of hand or by submitting a written request, if ordered in that sense by the Chairman) not before the item on the agenda to which the intervention request refers has been read aloud.

Art. 10 of the Articles of Association also provides that the Chairman is assisted by a Secretary, appointed by majority among the attendees. As well as in the cases provided by law, when the Chairman deems it opportune, a notary may be asked to act as Secretary, appointed by the Chairman himself.

16.3 Significant changes in the capitalisation and in the composition of the ownership structure

The capitalisation of the Company is affected by fluctuations of the market values and, considering the value of the Company shares from the time of its Listing to the last listing day of the Financial Year, the dynamics indicated below can be identified:

DATE	SHARE VALUE	CAPITALISATION
Value at opening of 1st listing day
14 July 2017	€ 9.00	€ 720,000,000.00
Value at closing of last listing day
31 December 2017	€ 13.55	€ 1,084,000,000.00

The doBank share capital based upon the Listing operation of the Company shares on the MTA, has not undergone changes during the financial year and, as described in more detail in point 2 above in relation to the ownership structure, at the date of 31 December 2017 it amounts to Euro 41,280,000.00 split into no. 80,000,000 shares - indivisible and registered - not having par value.

The change to the ownership structure occurred during the financial year related, on one side, to the Listing, and, on the other, to the finalisation, on 27 December 2017, of the planned acquisition of Fortress by SoftBank. The operation - performed following the decision of the European Central Bank of 21 December 2017 (QLF-2017-0167) and the decisions of the Bank of Italy dated 21 December 2017 (Ref. 1506852/17) and 22 December 2017 (Ref. 1512028/17) by which those authorities granted their authorisations - involved, for SoftBank, the acquisition of indirect control of Avio and, consequently, also of doBank.

In relation to the Listing process, it is noted that, as part of the distribution of the Company shares held by Avio, initially amounting to 34,700,000, Avio exercised the so-called "greenshoe" option for a further 3,470,000 shares: in total, therefore, 38,170,000 doBank shares were placed on the market.

Consequently, Avio holds at the approval date of this Report no. 40,080,000 shares, amounting to 50.1% of the doBank share capital.

Among the various subscribers, Jupiter Asset Management Limited is the only Shareholder that surpassed the relevant threshold of 5%. In that regard, it is noted that Jupiter Asset Management Limited, by note dated 19 July 2017, communicated to the Company that it held shares representing 5.12% of the Company only then to communicate, next 20 October 2017, to have increased its share up to 7.70%.

At the approval date of this Report, no amendments to the Articles of Association were proposed to the Shareholders' Meeting in relation to the percentages established for exercising the shares and the prerogatives implemented to protect the minorities.

17.0 ADDITIONAL CORPORATE GOVERNANCE PRACTICES (pursuant to Art. 123(2), paragraph 2, letter a) of the Consolidated Finance Law)

Reporting systems of illegitimate behaviours (whistleblowing)

Following the 11th update of Circular 285/2013 of the Bank of Italy which defined specific requirements in relation to "Reporting of illegitimate behaviours (Whistleblowing)", with the aim of introducing, within banks, fully-fledged internal systems dedicated to gathering reports by personnel, of actions and circumstances that may constitute a breach of the rules regulating banking activity, the Board of Directors on 17 December 2015 resolved upon the adjustment of that process with the aim of introducing, within the Bank, a system dedicated to gathering reports from personnel, of actions and circumstances that may constitute a breach of the rules regulating banking activity.

A specific process regulation was therefore passed, which involves among the communication channels, in addition to paper transmission, also an IT platform, with access from the Bank's website reserved only to employees and collaborators authorised by doBank, guaranteeing the anonymity of the initial phases.

The Board of Directors has resolved to identify as the Chief Compliance Officer the Manager of reports of illegitimate behaviours.

18.0 CHANGES SINCE RELEVANT YEAR-END

No changes have occurred in the corporate governance structure since the end of the Financial Year.

19.0 CONSIDERATIONS ON THE LETTER DATED 13 DECEMBER 2017 OF THE CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE

During the board meeting on 12 February 2018, the Chairman delivered and illustrated to the Directors, also in the capacity of members of the Board Committees, as well as to the Board of Auditors, the letter dated 13 December 2017, received by the Company on 31 January 2018, with which the Chairman of the Corporate Governance Committee (hereafter: the "Committee"), in communicating his annual report on the application of the Corporate Governance Code, expresses the recommendations of the Committee to listed companies, summarised below:

1) quality of pre-board meeting information: the Committee emphasises the opportunity of guaranteeing full transparency on the promptness, completeness and usability of the pre-board meeting information, providing precise indications on the actual respect of the terms identified as congruous for the transmission of the documentation;
2) clarity and completeness of remuneration policies: the Board recommends to issuers to assign in their policies greater weight to the long-term variable components, to introduce clawback clauses and to define criteria and procedures for assigning any severance indemnities.
3) establishment and functions of Appointments Committee already subject also to past recommendations: the Committee recommends to all issuers, even in those characterised by more a concentrated ownership structure, to establish the Appointments Committee, and to distinguish clearly the functions of that committee, if it has been unified with the remuneration committee, reporting separately on the activities performed.

The Committee has also identified some further governance areas susceptible to a qualitative improvement that concern:

Succession plans for executive directors the importance is emphasised of providing succession plans for the executive directors, to ensure the continuity and stability of management, and to give greater transparency to the plans adopted.
Quality of independent directors given the significance of the independent directors in the process of forming the will of the board, the importance is emphasised of strengthening the assessments of independence providing adequate explanations in the case of disregard or substantive application of the criteria, which should represented limited exceptions.
Content of the board review the importance is emphasised of providing structured produces for the board review activity and boards of directors are advised to include in their assessments also the effectiveness of its functioning, considering in particular, the contribution of the Board to defining the strategic plans and monitoring the management performance and the adequacy of the internal control and risk management system.

The solicitations for better adhesion of listed companies to the recommendations contained in the Corporate Governance Code have already been subject to attention, as appropriately reported in the various points of this Report.

doBank S.p.A. - Share Capital Structure
	No. Shares	% of S.C.	Listed/Not Listed	Rights and obligations
Ordinary Shares	80,000,000	100	100
Multiple voting shares	//	//	//	//
Shares with limited voting right	//	//	//	//
Shares without voting right	//	//	//	//
Other	//	//	//	//
doBank S.p.A. - Capital
	No. Shares		% of S.C.
Outstanding Shares	78,250,000		97.81
Treasury Shares	1,750,000		2.19
	doBank S.p.A. - Other Financial Instruments
	Listed	No. outstanding instruments	Category of shares in service of conversion	No. shares in service of conversion
Convertible bonds	//	//	//	//
Warrants	//	//	//	//
	doBank S.p.A. - Significant Investments in share capital
Declaring Entity	Direct Shareholder		% of Ordinary Capital	% Share of Voting capital
SoftBank Group Corporation	Avio S.à r.l. - Luxemburg		50.10	51.22
Jupiter Asset Management Limited - London - England	Jupiter Asset Management Limited - London - England		2.57	2.63
	Nortrust Nominees Limited - England	London -	5.13	5.25
	Others		40.01	40.90

TABLE 1: INFORMATION ON OWNERSHIP STRUCTURE

doBank Treasury Shares	2.19	--

	ard of Bo Di tor rec s											Co ol a nd ntr ks Ris Co itte mm e		Rem tio un era n Co itte mm e		Ap int po me n ts Co itte mm e		ati Re mu ner on and int Ap nts po me e ( §) Co itte mm
Ro le	Me mb ers	Yea r of birt h	f fir Dat st app e o oin nt * tme	In o ffic e fr om	In o ffic ntil e u	List **	Exe c	Non - exe c.	Ind ep. Cod e	Ind ep. soli Con dat ed Fin anc e Law	oth No. er role s ***	(*)	(*)	(** )	(*)	( ** )	( *)	( ** )	( *)	( ** )
Cha irm an	llan Gio ni C aste eta van	194 2	30/ 10/ 201 5	30/ 10/ 201 5	al o f App Fin. rov St. at 31/ 12/ 201 7	----	NO	YES	NO	YES	1	17/ 17	----	----	----	----	----	----	----	----
Chi ef E utiv xec e Off icer ◊ •	And M oni rea ang	196 3	02/ 03/ 201 6	05/ 04/ 201 6	App al o f Fi rov n. St. at 31/ 12/ 201 7	----	YES	NO	NO	NO	//	17/ 17	----	----	----	----	----	----	----	----
Dir ect or	Fab alb io B ino t	197 3	30/ 10/ 201 5	30/ 10/ 201 5	App al o f Fi rov n. St. at 31/ 12/ 201 7	----	NO	YES	NO	NO	//	15/ 17	1/2	M ( a)	----	----	----	----	----	----
Dir ect or	Edo vige Ca titt i	194 7	25/ 05/ 201 6	25/ 05/ 201 6	al o f Fi App rov n. St. at 31/ 12/ 201 7	----	NO	YES	YES	YES	//	17/ 17	15/ 16 1/1 6	) M ( P (f g)	2/2	M ( c)	1/1	M ( d)	8/8	M ( b)
Dir ect or	Co lasa nti Fra nce sco	197 5	30/ 10/ 201 5	30/ 10/ 201 5	App al o f Fi rov n. St. at 31/ 12/ 201 7	----	NO	YES	NO	NO	1	15/ 17	----	----	4/4	M	2/2	M	8/9	M
Dir ect or	lielm Nun zio Gug ino	194 6	30/ 10/ 201 5	30/ 10/ 201 5	al o f Fi App rov n. St. at 31/ 12/ 201 7	----	NO	YES	YES	YES	//	16/ 17	16/ 18	M	2/2	C (e )	1/1	P (c )	7/9	C
Dir ect or	Gio ni L o St orto van	197 0	30/ 10/ 201 5	30/ 10/ 201 5	al o f Fi App rov n. St. at 31/ 12/ 201 7	----	NO	YES	YES	YES	//	14/ 17	3/1 8 12/ 18	) M ( P (g f)	2/2 2/2	) M ( C (c d)	1/1 1/1	) M ( P (d c)	7/9	M
Dir ect or	Giu Ran ieri sep pe	197 4	15/ 07/ 201 6	15/ 07/ 201 6	al o f Fi App rov n. St. at 31/ 12/ 201 7	----	NO	YES	NO	NO	//	15/ 17	15/ 16	M ( b)	----	----	----	----	----	----
Dir ect or	Cha rles Ro ber t Sp etk a	196 2	30/ 10/ 201 5	30/ 10/ 201 5	al o f Fi App rov n. St. at 31/ 12/ 201 7	----	NO	YES	NO	NO	//	13/ 17	----	----	----	----	----	----	----	----
				---- ---- ---- ---- ----	DIR ECT OR ---- ---- ----	S C EAS ING	OF FIC E D	UR ING RE	LEV AN T F	INA NCI AL YEA	R--- ---- ---- ---- ----	---- ---- ---- -
NO NE
	No. etin gs h eld by me	Bo D d urin	nt f leva ina ncia g re	l ye 17 ar:		Con	l an d R tro	isks Co mm	itte e:1 8	Rem un	Com mit : 4 tee	App . Co	itte e: 2 mm		Rem un.	& A intm ppo	s Co ent	m(§ ): 9
The qu oru m r equ	s (p 7(3 ) Co w) % ( ) ed for sub mis sio f lis ts b y th ino ritie s fo r th lect ion of ber Art . 14 lida ted Fin e La is 1 CO NSO B re sol utio o. 2 027 3 d d 2 4 Ja ry 2 018 est t to ate n o e m e e one or mo re m em urs uan nso anc n n nua

TABLE 2: STRUCTURE OF BOARD OF DIRECTORS AND COMMITTEES

NOTES

The symbols indicated below must be inserted in the column "Role":
This symbol indicates the director in charge of the internal control and risk management system.
◊ This symbol indicates the main person responsible for managing the issuer (Chief Executive Officer or CEO).
No Director is appointed as Lead Independent Director (LID).
* First appointment date of each director means the date on which the director was appointed for the first time (absolutely) in the Issuer's BoD.
** The directors in office are all an expression of the (then) Sole Shareholder Avio S. à r.l.
*** This column indicates the number of assignments of director or auditor (external to the doBank Group) covered by the interested party in other companies listed on regulated markets, even foreign, in financial, banking or insurance companies or those of significant dimensions. Below, the assignments are indicated in full.
(*). This column indicates the participation of the directors in meetings respectively of the BoD and the committees (indicate the number of meetings at which he participated with respect to the total number of meetings at which he could have participated; e.g. 6/8; 8/8 etc.).
(**). This column indicates the qualification of the director within the Committee: "C": Chairman; "M": Member.
a)until 9 February 2017
b)from 9 February 2017
c)until 17 October 2017
d)from 17 October 2017
e)from 8 November 2017
f)from 17 March 2017
g)until 16 March 2017

(§) Ceased following the listing

le Ro	Na me	sig in list d C nie ba k, fin cia l, ins nie ho f s ign i fic dim sio As ts r t t nm en e om pa s o r n an ura nc e c om pa s o se o an en ns
ha C irm Bo D an	l lan Gi ni Ca ste eta ov an	ha f t he d o f D f T C irm Bo ire SG R S A. cto an o ar rs o or re .p.
hie f E tiv C xe cu e f fic O er	An dr M ni ea an go	/ /
Dir to ec r	bio l bin Fa Ba ot	/ /
Dir to ec r	do E vig e C ati tti	/ /
Dir to ec r	las Fra Co ti nc es co an	f T Dir SG R S A. to ec r o or re .p.
Dir to ec r	lie lm Nu io Gu ino nz g	/ /
Dir to ec r	Gi ni Lo St ort ov an o	/ /
Dir to ec r	Gi Ra nie ri us ep pe	/ /
Dir to ec r	ha les be ka C Ro Sp rt et r	/ /

TABLE 3: STRUCTURE OF BOARD OF AUDITORS

of Bo ard dit au ors
Rol e	be M em rs	of th Ye Bir ar	Fir st int nt ap po me dat e *	ffic e f In o rom	ffic l In o nti e u	Lis t **	de de Co in p.	da ard Att Bo at en nce eti me s * ng	he No . ot r ign nts ass me
ha C irm an	F R A N C E S C O M A R I A N O B O N I F A C I O	19 54	/ 10/ 30 20 15	/ 10/ 30 20 15	l of Ap pro va fin l st cia . at an / 12/ 31 20 17		YE S	16/ 16	21
d S ito ta tu to ry au r	M A S S I M O F U L V I O C A M P A N E L L I	19 75	/ 10/ 30 20 15	/ 10/ 30 20 15	l of Ap pro va fin l st cia . at an / 12/ 31 20 17		YE S	15/ 16	7
S d ito ta tu to ry au r	N I C O L A L O R I T O	19 61	/ 10/ 30 20 15	/ 10/ 30 20 15	l of Ap pro va fin l st cia . at an / 12/ 31 20 17		YE S	16/ 16	18
lte d A ito te rn a au r	M A U R I Z I O D E M A G I S T R I S	19 58	/ 10/ 30 20 15	/ 10/ 30 20 15	l of Ap pro va fin l st cia . at an / 12/ 31 20 17		YE S	__	22
lte d A ito te rn a au r	G I O V A N N I P A R I S I	19 75	/ 10/ 30 20 15	/ 10/ 30 20 15	l of Ap pro va fin l st cia . at an / 12/ 31 20 17		YE S	__	6
f m f be ing he l d du ing lev ina ia l y Nu t t m r o ee s r re an nc ea r:
fo bm f l by he fo he lec f o be ( ( ) l ) ( Qu ire d iss ion is ino it ies ion Ar 1 4 3 Co i da d ina La 1 % C O S O 7 F N B ts t r t t t t t. te nt to or um re q u r s u o m r e o ne o r m or e m em rs p ur su an o ns o nc e w am ou s lu da d ). Re ion 2 0 2 7 3 2 4 Ja 2 0 1 8 t te so n o. nu ar y

NOTES * First appointment date of each auditor means the date on which the auditor was appointed for the first time (absolutely) on the board of auditors of the issuer. ** The Auditors in office are all an expression of the (then) Sole Shareholder Avio S. à r.l.

*** This column indicates the attendance of the auditors at meetings of the board of auditors (indicate the number of meetings at which he attended compared to the overall number of meetings at which he could have attended; e.g. 6/8; 8/8 etc.).

****This column indicates the number of roles of director or auditor covered by the interested party in accordance with Art. 148(2) of the Consolidated Finance Law and the respective implementing provisoscontained in the CONSOB Issuers' Regulation. The full list of assignments is published by CONSOB on its internet website in accordance with Art. 144(5)(6) of the CONSOB Issuers' Regulation.

le Ro	Na me	les red Ro Co ve
Cha irm an	nifa Bo cio Fr o M aria anc esc no	Cha of t he rd o f A udi irm Boa tor an s fon Ital dia rio S.p .A. - d oR eal Est S.p .A. – A de TEC K S A. - Em iko n S .r.l . - L ari rt S A. - M o P olo HI GH YE LD S.p .A. – R esl IT S .r.l . - S S.p .A. ate uto stra tre ata .p. por ma .p. arc oc mm – Tel lep .l. - ss S A. – Te Pa S.p .A. - T MA LL RE S.r To SG R S A. epa .p. ass y rre .p. dito Sta Au tut ory r log & F rkin l S. lga ls & ilan .r.l. ulg Ital line alia .l. – lata Bo iera Pa S.p .A. Pav ime A. – Bu ri H Re t M o S – B ari ia S A. – Ce x It S.r Ga S.p .A. – T CO S.p .A. nta ote na g p. sor .p. ow er – - uid Liq ato r Sile .l. i ida S.r n L iqu zio nus ne Dir ect or AFS .l. S.r
dito Sta Au tut ory r	elli lvio Cam M imo Fu pan ass	dito Sta Au tut ory r do Rea lEst S.p .A. - d oSo lut ion s S A. – Au lass ic S .r.l Ric ci C aff è S A. – TW ICE PS S.p .A. ate toc .p. .p. . – Sol udi e A tor Ret ail .r.l Spo rt S Dir ect or Ber & .l. Ber S.r ger ger
Sta dito tut Au ory r	ola Lor ito Nic	Cha of t he rd o f A udi irm Boa tor an s doS olu Lab ch red l Es .r.l. dit tio S.p .A. – A CEA En ine eri ies Res Inn tio n S A. – BC C G ion e C iti S A. – EN PA M Rea e S – F DR Ge stio Cre i S. A. tor est tat ns g ng ora ear ova .p. .p. ne p. - dito Sta Au tut ory r Ital fon dia - d eal edi ob ilia iko .r.l. .l. rio S.p .A. oR Est S.p .A. – B r So c. I azi e M To SG R S A. – Em n S - P S.p .A. – S S.p .A. – T MA LL RE S.r ate nte rot tre ata ano rm on re - rre .p. por os mm Sol udi e A tor Ace a 8 S.r .l. to cen uid Liq ato r Ad eni SG R S A. in L iq. – S ine ia S A. in L iqu ida zio um .p. rg .p. ne - Me mb f th e S rvis Co itte er o upe ory mm e di C red di V elle ida Ban ito Coo tri in L iqu zio ca p. ne Sol irec e D tor Lui lbia .l. i M aria M i M r O S.r ont ate g
Alt dito Au ate ern r	De Ma istr is M izio g aur	Cha of t he rd o f A udi irm Boa tor an s sal do bre da ulg .l. – lga ls & ilan .r.l lga alia le G Ad .l. – An S.p .A. – B ari Acc ori S.r Bu ri H Re t M o S Bu ri It S.p .A. – T ina NR riat ico S.r Op SG R S A. ote ess sor erm era .p. . – dito Sta Au tut ory r alia ulg ulg iell do Sol iko .r.l. rod rod Bio Cr S.p .A. – B iom e It S.p .A. - B ari S.p .A. – B ari Gio i S. A. – utio S.p .A. - Em n S – E P P uzi S.p .A. - E P P uzi oto ma sse ne ass p. ns por one one ali alfo ndi ard lob al S olu esl .r.l. Ce ntr Livo Fe ris S.p .A. – G t G S.p .A. - It ario S.p .A. – L o G tio S.p .A. – R IT S – S tre ata S.p .A. rno rra am ene rou p eon ns oc mm Liq uid ato r Co uid rzio SIT AB in Liq azi nso on e Dir ect or AFS .l. - diu S.r Pr esi m S A. .p.
Alt dito Au ate ern r	Par isi G iov i ann	dito Sta Au tut ory r Ch ia S A. – Tm all S.r .l. – Ita lpa ck Car S.r .l. – M o P olo HI GH YE LD S.p .A. – Im Ma nci ni S .r.l. too em .p. ns arc pre sa Sol udi e A tor Ital hic a S .r.l. gra p

⁸³Report on Corporate Governance and Ownership Structure 2017 Financial Year ²⁰¹⁷doBank

AI Terminal

Dovalue

4145_cgr_2018-03-28_7e164ee0-1dbf-4d79-96fb-35aeccf32e41.pdf