Report on Corporate Governance and ownership structure 2018 Financial Year

APPROVED BY THE BOARD OF DIRECTORS ON 12 MARCH 2019

Report on Corporate Governance and ownership structure 2018 Financial Year

Registered Office: Piazzetta Monte, 1 – 37121 Verona

Share Capital €41,280,000.00 fully paid-up

Bank registered on the Register of Banks and Parent Company of the doBank S.p.A. – Register of Banking Groups

Code 10639, ABI code 10639 – Registration at the Companies Register, Chamber of Commerce Industry Crafts and Agriculture of

Verona, and Economic & Administrative Index no.:

VR/19260 – Tax Code 00390840239 and VAT no. 02659940239

Member of the Interbank Deposit Protection Fund.

www.dobank.com

Page
GLOSSARY 6
INTRODUCTION 8
1.0 ISSUER'S PROFILE 10
2.0 INFORMATION ON OWNERSHIP STRUCTURE (pursuant to Art. 123(2), paragraph 1 of the Consolidated Finance Law) at the date of 31 December 2018 12
a) Share capital structure (pursuant to Art. 123(2), paragraph 1, letter a) of the Consolidated Finance 12 Law)
b) Restrictions on securities transfer (pursuant to Art. 123(2), paragraph 1, letter b) of the Consolidated Finance Law) 12
c) Significant capital investments (pursuant to Art. 123(2), paragraph 1, letter c) of the Consolidated Finance Law) 12
d) Securities granting special rights (pursuant to Art. 123(2), paragraph 1, letter d) of the Consolidated Finance Law) 13
e) Employee shareholding: mechanism of exercising the voting right (pursuant to Art. 123(2), paragraph 1, letter e) of the Consolidated Finance Law) 13
f) Restrictions on voting right (pursuant to Art. 123(2), paragraph 1, letter f) of the Consolidated Finance Law) 13
g) Agreements between shareholders known to doBank in accordance with Art. 122 Consolidated Finance Law (pursuant to Art. 123(2), paragraph 1, letter g) of the Consolidated Finance Law) 13
h) Change of control clauses (pursuant to Art. 123(2), paragraph 1, letter h) of the Consolidated Finance Law) and statutory provisions on Public Takeover Bids (pursuant to Article 104, paragraph 1(3) of the Consolidated Finance Law) 14
i) Delegations to increase the share capital and authorisations to purchase treasury shares (pursuant to Art. 123(2), paragraph 1, letter m) of the Consolidated Finance Law) 14
l) Management and coordination activity (pursuant to Art. 2497 et seq. of the Italian Civil Code) 15
3.0 COMPLIANCE (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER A) OF THE CONSOLIDATED FINANCE LAW) 16
4.0 DOBANK BOARD OF DIRECTORS 16
4.1 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123(2), PARAGRAPH 1, LETTER I) OF THE CONSOLIDATED FINANCE LAW) 16
4.1.1 Succession plan in case of absence or impediment 19
4.2 COMPOSITION (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTERS D) AND D(2) OF THE CONSOLIDATED FINANCE LAW) 20
4.2.1. Diversity criteria and policies 26
4.2.2. Maximum accumulation of assignments held in other companies 26
4.2.3. Induction and recurring training initiatives 27
4.3 ROLE OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER D) OF THE CONSOLIDATED FINANCE LAW) 28
4.3.1 Duties 28
4.3.2 Meetings and functioning 31

4.3.3 Self-assessment 32
4.3.4 Competing activities 34
4.4 DELEGATED BODIES 34
4.5 OTHER EXECUTIVE DIRECTORS 36
4.6 INDEPENDENT DIRECTORS 36
4.7 LEAD INDEPENDENT DIRECTOR 37
5.0 TREATMENT OF CORPORATE INFORMATION 37
Management of Privileged Information 37
Internal Dealing 38
6.0 COMMITTEES INTERNAL TO THE BOARD (pursuant to Art. 123(2), paragraph 2, letter d) of the Consolidated Finance Law) 39
7.0 APPOINTMENTS COMMITTEE 39
8.0 REMUNERATION COMMITTEE 42
9.0 REMUNERATION OF DIRECTORS (Directors' indemnity in the case of resignation, dismissal or termination of the relationship following a public takeover bid (pursuant to Art. 123(2), paragraph 1, letter i) of the Consolidated Finance Law) 44
10.0 CONTROL AND RISKS COMMITTEE 44
11.0 INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM 49
11.1 DIRECTOR IN CHARGE OF THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM
60
FUNCTION 62 11. 2 HEAD OF THE INTERNAL AUDIT
11.3 ORGANISATION MODEL pursuant to Italian Legislative Decree 231/2001 64
11.4 INDEPENDENT AUDITING COMPANY 65
11.5 MANAGER IN CHARGE OF PREPARING THE CORPORATE ACCOUNTING DOCUMENTS AND OTHER COMPANY ROLES AND FUNCTIONS 65
11.6 COORDINATION BETWEEN ENTITIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM 66
12.0 INTERESTS OF DIRECTORS AND TRANSACTIONS WITH RELATED PARTIES 67
13.0 APPOINTMENT OF AUDITORS 68
14.0 COMPOSITION AND FUNCTIONING OF THE BOARD OF AUDITORS (pursuant to Art. 123(2), paragraph 2, letters d) and d(2)) of the Consolidated Finance Law) 70
14.1 Diversity policies 71
14.2 Self-Assessment 72
15.0 RELATIONSHIPS WITH SHAREHOLDERS 72
16.0 SHAREHOLDERS' MEETINGS (pursuant to Art. 123(2), paragraph 2, letter c) of the Consolidated Finance Law) 73
16.1 Legitimacy, attendance and voting methods 74
16.2 Conduct of Shareholders' Meeting works 75
16.3 Significant changes in the capitalisation and in the composition of the ownership structure 75
17.0 ADDITIONAL CORPORATE GOVERNANCE PRACTICES (pursuant to Art. 123(2), paragraph 2, letter a) of the Consolidated Finance Law) 76

18.0 CHANGES SINCE RELEVANT YEAR-END 77
19.0 CONSIDERATIONS ON THE LETTER DATED 21 December 2018 OF THE CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE 78
TABLE 2: STRUCTURE OF BOARD OF DIRECTORS AND COMMITTEES 82
TABLE 3: STRUCTURE OF THE BOARD OF AUDITORS 85

GLOSSARY

Shareholders' Meeting: the shareholders' meeting of doBank

Avio: Avio S.à r.l., with registered office in Luxembourg, 26 Boulevard Royal, L-2449, tax code 97754310155 and VAT no. LU28038434, registered at the Companies Register of Luxembourg at no. B195157

Circular 263: Rules on risk activity and conflict of interests in relation to connected persons, issued by the Bank of Italy with Circular no. 263 dated 27 December 2006 as amended

Corporate Governance Code: the Corporate Governance Code of listed companies approved in July 2015 by the Corporate Governance Committee and promoted by Borsa Italiana S.p.A., ABI, Ania, Assogestioni, Assonime and Confindustria (available at the page http://www.borsaitaliana.it/comitato-corporate-governance/codice/codice.htm)

Civil Code: the Italian Civil Code.

Board of Auditors: the doBank Board of Auditors.

Board Committees: the Appointments Committee, the Remuneration Committee and the Risks and Transactions with Connected Persons Committee, viewed collectively.

Appointments Committee: the Committee internal to the Board of Directors, constituted in conformity with Articles 4 and 5 of the Corporate Governance Code.

Remuneration Committee: the Committee internal to the Board of Directors, constituted in conformity with Articles 4 and 6 of the Corporate Governance Code.

Risks and Transactions with Connected Persons Committee: the Committee internal to the Board of Directors, constituted in conformity with Articles 4 and 7 of the Corporate Governance Code.

Board of Directors: the doBank Board of Directors.

Supervisory Provisions: Circular no. 285 of the Bank of Italy dated 17 December 2013 – Supervisory Provisions for Banks

Issuer/doBank/Company/Bank/Parent Company: doBank S.p.A., with registered office in Piazzetta Monte, 1 – 37121 Verona, with fully paid-up share capital of Euro 41,280,000.00, registered on the Register of Banks and Parent Company of the doBank S.p.A. Banking Group, in the Register of Banking Groups with code 10639 and ABI code 10639, at the Companies Register of Verona, at the Economic and Administrative Index with no. VR/19260, tax code and VAT no.: 00390840239, member of the Interbank Deposit Protection Fund.

Financial Year: the company financial year to which this Report relates, commencing from 1 January to 31 December 2018.

Fortress: Fortress Investment Group LLC, based at Corporation Trust Center 1209, Orange Street, 19801, Wilmington, Delaware, DE, United States

Group/doBank Group: the doBank Banking Group, currently consisting of doBank S.p.A, in the capacity of Parent Company, Italfondiario S.p.A., doSolutions S.p.A., and doData S.r.l..

Fortress Group: Fortress and any company or entity directly or indirectly controlled by it, or subject to common control of the same.

MAR.: "Market Abuse Regulation" - Regulation EU no. 596/2014 on market abuse.

MTA: the Screen-Based Stock Exchange organised and run by Borsa Italiana on which the doBank shares are traded.

Supervisory Body: the Bank of Italy.

Listing: the listing of the Issuer's shares on the MTA, organised and managed by Borsa Italiana S.p.A, with start of trading on 14 July 2017.

Implementing Regulation: Regulation EU no. 347/2016 for the implementation of the MAR.

CONSOB Issuers' Regulation: the Regulation issued by CONSOB by resolution no. 11971 of 1999 (as amended) on issuers.

CONSOB Markets' Regulation: the Regulation issued by CONSOB by resolution no. 20249 of 2017 on markets.

CONSOB Related Parties' Regulation: the Regulation issued by CONSOB by resolution no. 17221 dated 12 March 2010 (as amended) on transactions with related parties.

Report: the report on corporate governance and ownership structure, which companies are required to prepare in accordance with Art. 123(2) of the Consolidated Finance Law.

Internal Controls System: the internal controls system adopted by the Group.

doBank Internet Website: the Bank's internet website available at the page www.dobank.com.

Independent Auditing Company: EY S.p.A. - Via Isonzo, 11 - 37126 Verona.

SoftBank: SoftBank Group Corporation based in 1-9-1 Higashi-Shinbashi, Minato-ku - Tokyo - Japan.

Articles of Association: the current articles of association of doBank as published on the company website at the approval date of this document, which do not include, therefore, the resolutions of the extraordinary shareholders' meeting of 5 March 2019 not yet effective.

Consolidated Banking Law: Italian Legislative Decree no. 385 dated 1 September 1993, as updated from time to time.

Consolidated Finance Law: Italian Legislative Decree no. 58 dated 24 February 1998, as updated from time to time.

INTRODUCTION

This Report is aimed at providing to the doBank shareholders and to the market an assessment and analysis tool in relation to the corporate governance system adopted by doBank and it has been prepared in consideration of the provisions contained:

in the Consolidated Finance Law and in the respective implementing regulations adopted by CONSOB (being the regulatory corpus aimed at listed issuers);

in the Consolidated Banking Law (being the regulation intended for the banking system);
in the Corporate Governance Code.

It is noted that:

on 9 March 2016, by order of the Bank of Italy, was registered in the Register of Banking Groups, in accordance with Art. 64 of the Consolidated Banking Law, as Parent Company of the doBank Group;
has been listed on the MTA since 14 July 2017.

In continuity with the first Report, produced last year by doBank, it is appropriate to provide a brief representation of the current configuration of the doBank Group, following both the Listing process and the dynamics occurring during the 2018 financial year, to allow for the best contextualisation of the contents of the Report itself.

doBank reorganisation project

During 2018 doBank outlined a new corporate structure for the Group, with the aim of making it more coherent with doBank's business mix, which earns almost all of its revenues from servicing activities, to align the Group with the industry's best practices and to strengthen its competitiveness compared to the other players on the relevant market.

By virtue of the reorganisation operations and, more specifically, the merger operation into doBank of the company doRealEstate, the transfer operation to Italfondiario of the master servicing branch of doBank, as well as of the special servicing branch of Italfondiario in favour of doBank, by means, respectively, of a contribution and demerger operation described below, the parent company doBank now stands out due to its greater specialisation in special servicing activities and real estate services. In parallel, doBank has begun the "debanking" process aimed at further strengthening the Servicing activity, which represents the company's core business, and consolidating the position of the company and the group on the relevant market. In that logic, therefore, the 2018-2020 Business Plan has been prepared, which is based upon a strategic corporate redefinition of the Group aimed at ensuring, from 2019, that the same will take the form of a listed servicing company (pursuant to Art. 115 of T.U.L.P.S. (Consolidated Law on Public Safety) which regulates the credit recovery sector). The new structure to be implemented by the Group, on one side, aligns doBank to its European peers, and on the other, removes significant limits on the use of capital and the optimisation of the Group's financial structure, thus providing a further lever for growth and allowing for major cost efficiencies, also in terms of tax charges.

Against the applications submitted, the Bank of Italy therefore authorised, by note with ref. no. 1261021/18 dated 30 October 2018,

• the Demerger by way of transfer to doBank of the financial elements of the business compendium of Italfondiario, referable to the special servicing activities concerning the entire portfolio of credits under management at the same (assets and liabilities recorded in the balance sheet situation at the date of 30.06.2018); with effect from 1 January 2019.

the Contribution, by way of transfer to Italfondiario of the doBank business branch which included, inter alia, the master servicing activities and the activities in support of the securitisation vehicles and, in particular, the cash management and corporate servicer activities, as well as all personnel dedicated to the conduct of the same pertinent to the branch in question (assets and liabilities recorded in the balance sheet situation at the date of 30.06.2018) with effect from 1 January 2019;
the Merger of doRealEstate into doBank, at the financial value at the date of 30.06.2018; with effect from 31 December 2018 and tax effect from 1 January 2018.

The activities indicated in the above points were finalised with the stipulation of the respective deeds on 24 December 2018; consequently, doBank holds 100% of the capital of the following companies belonging to the Banking Group:

Italfondiario S.p.A., the company specialises in master servicing and cash management activities, also by virtue of the transfer of the aforementioned contribution and of the simultaneous partial demerger in favour of doBank concerning the unregulated special servicing activities;
doSolutions S.p.A., in continuity with the company's mission as a shared service centre and technological hub of the Group;
doData S.r.l. (which changed its previous name of IBIS S.r.l. by resolution of the Shareholders' Meeting dated 14 May 2018), in continuity with its mission to provide specific business information and data quality management services for NPL;

Finally, as part of the assessment of the Group's opportunities for growth and in line with its strategic plan, doBank has implemented expansion projects into other servicing markets.

doBank Hellas

Following specific assessments and analyses, doBank has decided that the Greek market presents suitable characteristics to "export" its business model and, in that sense, it has taken steps to obtain the necessary authorisations to operate in Greece in the credit recovery management sector, so as to position itself well compared to its competitors.

Following the positive issuance of the required authorisations, commencing from 30 April 2018, doBank therefore began to operate on the Greek market with its own foreign branch known as "doBank Hellas", located in Athens.

The initiative saw doBank awarded a new important credit management mandate, focusing upon creating a leadership position in the upcoming local servicing market. Last July, doBank, by way of its Greek branch, in fact signed a services agreement (otherwise known as Project Solar) with 4 systemic Greek banks in light of which it obtained under management, exclusively, a portfolio of non-performing loans of the approximate value of 1.8 billion Euros (GBV), constituted by over 300 credit positions attributable to Greek small and medium enterprises.

Altamira

Following a specific competitive process, doBank signed in late December 2018 an agreement for the acquisition of 85% of Altamira Asset Management S.A.. Altamira is a company incorporated under Spanish law, a leader in Southern Europe in the market of credit and real estate asset management, with assets under management of approximately €55 billion and a presence on the Spanish, Cypriot, Portuguese and Greek markets. The share purchased by doBank may be increased to 100% in the event that Banco Santander S.A., holder of the residual 15% of Altamira's capital, exercises the right of co-sale provided by pre-existing corporate agreements. Altamira's acquisition by doBank will be fully financed both with doBank's cash availability and through recourse to bank borrowing.

In coherence with doBank's business model, Altamira is an independent servicer, characterised by an asset light structure and a long-term partnership with major financial institutions and international investors, including Banco Santander, Sareb (company controlled by the Spanish Government and founded in 2012 to support the Spanish banking system through the transfer of assets from struggling banks), Bain Capital, Apollo, CPP Investment Board, PRA Group and Axactor.

Altamira's offer of services includes the servicing of NPL, the marketing, development and management of real estate assets, advisory services and portfolio management, characterising it as a one-stop-shop for its customers. Altamira is the Spanish market's main servicer with a market share of approximately 15% in 2017 and the management, inter alia, of a contract for the management of a share of future flows of NPL and Real Estate of Banco Santander. Since 2017, Altamira has also successfully developed an international presence in Portugal, with the assignment of the Oitante mandate in Cyprus, with the assignment of the asset management mandate originated by Cyprus Cooperative Bank in Greece, with the incorporation of a local company.

The finalisation of the operation, scheduled indicatively by May 2019, also following the completion of the new corporate structure of doBank by virtue of which doBank will cease to be considered a banking Group, is subject to the necessary antitrust authorisations in relation to which the company has filed the specific application to the competent authorities.

1.0 ISSUER'S PROFILE

doBank has chosen to adopt a "traditional" management and control model, whose structure is focused on the presence of the Board of Directors, in the capacity of body with strategic supervision functions, and the Board of Auditors, in the capacity of body with control functions, both appointed by the Shareholders' Meeting. It is also envisaged for the Board of Directors to appoint a Managing Director, as body with management function.

doBank is the parent company - listed, since 14 July 2017 - of the doBank Group. The Group is structured on the model of a federal and multifunctional group and the Parent Company ensures, even at consolidated level, efficient and precise management and control systems. The Group also aims to guarantee the implementation of significant synergies and its organisation involves a major integration between the subsidiaries and the Parent Company.

The doBank Group pre-reorganisation.

The doBank Group post-reorganisation

The Group's unitary governance is guaranteed by the role of guidance, governance and support performed by the Parent Company as well as by the compliance, by all companies forming part of the Group, with a set of common principles at the basis of the corporate operations. doBank, consequently, in conducting its management and coordination role (subject to the statutory and operational autonomy of each Group company), defines the strategic development lines of each of them, ensuring the coherence of those strategies with the Group policies.

doBank also, on one side, ensures the coordination and control of the activities of the companies controlled by it so as to guarantee the correct conduct of the strategic mission and the uniformity of guidance, and, on the other, provides and/or supplements the support and service activities to those subsidiaries, sharing the best skills. In that context, doBank has decided to centralise within it, in the capacity of Parent Company, the so-called corporate functions (human resources management; organisation and organisational development; occupational safety; general and logistical services; purchases; administration, finance and control, including:. treasury, accounting, financial statements, reports, etc.; communication; commercial development; legal and corporate affairs; extraordinary finance and investor relations), while the subsidiary companies focus on their respective core businesses, without prejudice to the responsibility of the respective company bodies for the outsourced activities.

doBank falls within the definition of SME in accordance with Art. 1, paragraph 1, letter w(4).1) of the Consolidated Finance Law and Art. 2(3) of the Consob Issuers' Regulation; however, the capitalisation and turnover figures relating to the year 2018 are not currently available in the list of SMEs published by Consob on its website.

2.0 INFORMATION ON OWNERSHIP STRUCTURE (pursuant to Art. 123(2), paragraph 1 of the Consolidated Finance Law) at the date of 31 December 2018

a) Share capital structure (pursuant to Art. 123(2), paragraph 1, letter a) of the Consolidated Finance Law)

The doBank share capital – which is described in more detail and comprehensively in Table 1 at the foot of this Report - is made up entirely of ordinary shares, traded on the MTA.

The doBank share capital at 31 December 2018 amounts to Euro 41,280,000.00, split into 80,000,000 shares - indivisible and registered - without par value and it has not undergone changes at the date of this Report.

There are currently no employee shareholding schemes in doBank that exclude the direct exercise of the voting rights.

In relation to treasury shares, see paragraph i) below of this chapter.

b) Restrictions on securities transfer (pursuant to Art. 123(2), paragraph 1, letter b) of the Consolidated Finance Law)

There are no restrictions on the transfer of share securities, as the shares are transferrable in the legal methods.

c) Significant capital investments (pursuant to Art. 123(2), paragraph 1, letter c) of the Consolidated Finance Law)

At 31 December 2018 the following entities possess shareholdings higher than 5%:

Affiant or entity positioned at the top of the shareholding chain	Direct shareholder	Number of shares	%
SoftBank Group Corporation	Avio	40,080,000	50.10%
Jupiter Asset Management Ltd	Total Jupiter Asset Management Ltd1	6,165,978	7.71%
others < 5%		32,199,669	40.25%
Treasury shares		1,554,353	1.94%

¹ As recorded by the Mod120A Communication dated 18 October 2017.

total capital	80,000,000	100.00%

As indicated in the previous report, it is noted that on 5 January 2018 SoftBank communicated to the Company and to the competent Supervisory Authorities the completion of the acquisition process of Fortress Investment Group LLC and the consequent acquisition of the indirect controlling investment in the share capital of doBank.

Based upon the communications received from doBank, only two "Entities" therefore possess a share of more than 5% of the share capital, more specifically:

SoftBank, which, on 3 January 2018, sent to the Company the communication, in accordance with Art. 120 of the Consolidated Finance Law, aimed at certifying the indirect possession of 50.1% of the share capital.

Jupiter Asset Management Limited, which sent to the Company its communication, in accordance with Art. 120 of the Consolidated Finance Law, on 20 October 2017, communicating that it holds, directly or indirectly, 7.71% of the share capital.

At the date of this Report, no communications have been received from the Shareholders presenting changes to the situation presented here.

d) Securities granting special rights (pursuant to Art. 123(2), paragraph 1, letter d) of the Consolidated Finance Law)

There are no securities granting special rights of control over doBank.

e) Employee shareholding: mechanism of exercising the voting right (pursuant to Art. 123(2), paragraph 1, letter e) of the Consolidated Finance Law)

There are no employee shareholding schemes in doBank. For an overview, see what is illustrated in point i) below.

f) Restrictions on voting right (pursuant to Art. 123(2), paragraph 1, letter f) of the Consolidated Finance Law)

There are no restrictions on the voting right with reference to the Issuer's shares, or mechanisms that may constitute potential restrictions.

g) Agreements between shareholders known to doBank in accordance with Art. 122 Consolidated Finance Law (pursuant to Art. 123(2), paragraph 1, letter g) of the Consolidated Finance Law)

doBank has been aware, since 19 July 2017, of the existence of a shareholder agreement in accordance with Art. 122 of Italian Legislative Decree 58/1998 known as "Second modification and reaffirmation of the shareholder agreement", signed on 18 July 2017 between Siena Holdco S.à r.l., Verona Holdco S.à r.l. and Avio, and translated into Italian, being sworn on the same date, by the Notary Posadino of Milan.

That agreement, whose extract is available on the doBank Internet Website, at the page https://www.dobank.com/sites/default/files/assets/files/Estratto_patto_parasociale_Avio.pdf, was received by the Bank on 19 July 2017 and was filed, on the same date, at the Companies Register of Verona with effect from 21 July 2017.

At the date of this Report, no further agreements and/or establishment of associations or committees between Shareholders of the Bank have been received or are known to doBank.

h) Change of control clauses (pursuant to Art. 123(2), paragraph 1, letter h) of the Consolidated Finance Law) and statutory provisions on Public Takeover Bids (pursuant to Article 104, paragraph 1(3) of the Consolidated Finance Law)

The Servicing Contract between Intesa and Italfondiario S.p.A (companies of the doBank Group, as stated above) contains a change of control clause. In particular, in that contract, "change of control" meant the situation where the Fortress Group does not maintain strategic involvement in the management of Italfondiario S.p.A.; that involvement would cease, inter alia, if the Fortress Group no longer held an investment of at least 51% of the share capital of Italfondiario S.p.A. or no longer had the right, directly or indirectly, to appoint the majority of members of the Board of Directors of Italfondiario S.p.A.. That contract was included among the financial elements of the business compendium of Italfondiario, with the consent of Intesa, demerged in favour of doBank, as indicated above, which then saw the provision of agreements terminating the mandate commencing from 31 March 2019.

The Servicing Contract between UniCredit and doBank (MSA UniCredit) recognises to the Members the right to withdraw, in whole or in part, from the Contract, without paying any penalty, upon the occurrence of some events (which will therefore constitute just cause for revocation in accordance with Art. 1725 of the Italian Civil Code) including the possibility that…..one of the top two or both of the top two main competitors of UniCredit operating in Italy and/or in Germany ("Main Competitors") come to hold, directly or indirectly, the absolute majority of the shares with voting right of the Servicer or the right to appoint the majority of board directors.

The servicing contract (Project Solar) signed with 4 systemic Greek banks envisages a condition of withdrawal, in favour of the latter, if Fortress ceases to hold (directly or indirectly) at least 10% per cent of the shares issued and outstanding of doBank S.p.A. or if the majority of the directors of doBank S.p.A. ceases to be elected by Fortress or if, finally, doBank S.p.A. or "doBank Hellas" (the Greek branch that will be demerged), are reorganised by methods that configure one or both of the cases indicated above.

The Bank's Articles of Association do not envisage derogations from the provisions on the passivity rule provided by Art. 104, paragraphs 1 and 1(2) of the Consolidated Finance Law and do not envisage the application of the neutralisation rules contemplated by Art. 104(2), paragraphs 2 and 3 of the Consolidated Finance Law.

i) Delegations to increase the share capital and authorisations to purchase treasury shares (pursuant to Art. 123(2), paragraph 1, letter m) of the Consolidated Finance Law)

At 31 December 2018, there were no delegations to issue convertible bonds or to increase the share capital (not even for the purpose of personnel incentive plans).

There are similarly no delegations or resolutions of the Shareholders' Meeting with regard to the purchase of treasury shares.

On the point, it is, however, worth noting that:

a) on 21 June 2017 the Shareholders' Meeting resolved upon an incentive system linked to the Listing, known as "IPO Bonus 2017", whose implementation involves the assignment of Company shares in favour of some resources identified within the perimeter of key personnel identified by the Bank. In order to allow for the distribution of the 2017 IPO Bonus (and, at the same time, to implement the provisions of the contract regulating the remuneration of the Managing Director - for the part in shares for the entire duration of the mandate), the Shareholders' Meeting thus resolved, at the same meeting, on an overall plan ("Stock Granting Plan"), which involves the use of treasury shares held by the company in service of the implementation of the plan itself, such that the shares are assigned free of charge to the respective beneficiaries.

b) On 19 April 2018 the Shareholders' Meeting resolved to adopt the 2018 Incentive Plan, which involves the assignment of an incentive in cash and/or in free ordinary shares of doBank, to be paid within the space of a multiyear period to some resources identified within the perimeter of key personnel identified by the Bank and selected beneficiaries belonging to doBank Group Personnel within the terms and by the methods regulated in the plan, and which involves the implementation of the contractual provisions regulating the remuneration of the Managing Director in office.

The plan indicated in point a) has already produced effects during 2018, with upfront and deferred share assignments, while the plan indicated in point b) will produce its effects during the current year. Both plans, of course, will also produce their effects in future years. This is all to occur through the assignment of ordinary shares of the Company, in accordance with Art. 2357(3) of the Italian Civil Code, and, to that end, the Company may dispose of the treasury shares already held by the Bank.

doBank, at the date of 31 December 2018, held no. 1,554,353 treasury shares, amounting to 1.94% of the share capital.

Moreover, as part of the "debanking" cited in the "Introduction", at the point "Reorganisation of the doBank Group", it is noted that on 5 March 2019 the Extraordinary Shareholders' Meeting of doBank was held to resolve upon changes to its Articles of Association and, among these, to Article 4 which involves a substantial modification of the issuer's corporate purpose. The favourable resolution assumed by the Shareholders' Meeting determined the onset of the right of withdrawal in favour of ordinary shareholders who have not contributed to adopting the resolution, in accordance with Article 2437, paragraph 1, letter a) of the Italian Civil Code. The related right of withdrawal for those Shareholders, regulated by the Company with an articulated series of rights of option, provides that, if there are further shares subject to withdrawal and not purchased, the same will be purchased by the Company itself (using the available reserves, even in derogation of the quantitative limits established by paragraph 3 of Article 2357 of the Italian Civil Code). At that Shareholders' Meeting, in addition, the Shareholders authorised "the Board of Directors and for it the Managing Director to proceed with the disposal, in whole or in part, on the market or off-market, without time limits, of any shares of doBank S.p.A. purchased by the Company from the shareholders who have exercised the right of withdrawal, at the price and in the quantity deemed necessary or opportune, in respect of the terms and conditions of law, making any necessary or opportune accounting record, in the Company's interest, also for the purpose of allowing for the successful outcome of the resolutions above and the operations on which the same depend, establishing the times and methods of performing the respective operations and in any case according to what is deemed necessary or opportune;

l) Management and coordination activity (pursuant to Art. 2497 et seq. of the Italian Civil Code)

The issuer is not subject to management and coordination activity in accordance with Art. 2497 et seq. of the Italian Civil Code.

It fact, although Avio holds directly 50.1% of the doBank share capital, that controlling relationship does not translate into the exercise of management and coordination activity, as Avio does not impart directives to doBank and, more generally, does not interfere in the management of the Bank.

Therefore, the determination of the strategic and managerial guidelines of doBank and, more generally, the entire activity of the Bank, are the result of free self-determination of the corporate bodies and do not involve management by Avio.

As regards the additional:

information required by Art. 123(2), paragraph 1, letter i) of the Consolidated Finance Law, see the section of this Report dedicated to the remuneration of Directors;
information required by Art. 123(2), paragraph 1, letter l) of the Consolidated Finance Law, see the section of this Report dedicated to the Board of Directors.

3.0 COMPLIANCE (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER A) OF THE CONSOLIDATED FINANCE LAW)

doBank has adopted the traditional governance model which is not influenced by non-Italian provisions of law.

Following the Listing, doBank joined the Corporate Governance Code of Listed Companies (available at the page http://www.borsaitaliana.it/comitato-corporate-governance/codice/codice.htm) and consequently brought its corporate governance in line with the principles and criteria indicated therein, if applicable.

In this Report, doBank intends to illustrate in detail the methods by which the Corporate Governance Code was applied by the Bank, also highlighting the principles that have been appliedIn that regard, it is worth noting that doBank, as a banking company, must comply with and abide by the regulatory provisions established by the Consolidated Banking Law and by the Supervisory Provisions.

The corporate governance practices adopted by the Bank are illustrated below in this Report and further information on doBank's corporate governance structure is available on the doBank Internet Website.

4.0 DOBANK BOARD OF DIRECTORS

4.1 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123(2), PARAGRAPH 1, LETTER I) OF THE CONSOLIDATED FINANCE LAW)

In conformity with the legislative and regulatory provisions applicable to listed companies, Art. 13 of the Articles of Association establishes that the Board of Directors is appointed by the Shareholders' Meeting, based upon lists submitted by the shareholders or by the Board of Directors and in which the candidates, listed in a number no higher than 11, are combined with a sequential number.

In accordance with Art. 147(3), paragraph 1 of the Consolidated Finance Law and the Articles of Association, in addition to any list submitted by the Board of Directors, the entities legitimated to vote who, even together with others, hold overall a share of investment of at least 2.5%² of the share capital having the right to vote in the ordinary Shareholders' Meeting may submit lists for the appointment of the Directors.

² Note that with CONSOB resolution no. 20273, dated 24 January 2018, the limit relating to the share of investment for the Shareholders' Meeting of 19 April 2018 was fixed at 1%.

The ownership of the minimum share of investment for the submission of lists is determined with regard to shares that are registered in favour of the individual shareholder, or multiple shareholders jointly, on the day on which the lists are filed at the Company; the respective certification may even be produced after the filing, provided that this occurs within the period scheduled for publication of those lists by the Company.

Any person legitimated to vote (as well as (i) legitimated persons belonging to the same group, thereby meaning the controlling entity, even non-corporate, in accordance with Art 2359 of the Italian Civil Code and any company controlled by or under the common control of that entity, or (ii) parties to the same shareholder agreement pursuant to Art. 122 of the Consolidated Finance Law, or (iii) legitimated entities that are otherwise connected between them by virtue of significant relationships of connection in accordance with the rules of law and/or regulations in force and applicable) may submit or contribute to submitting a single list, just as each candidate may appear in only one list under penalty of ineligibility.

Each list that has a number of candidates equal to or greater than three must be made up of candidates belonging to both genders, so as to ensure respect of the gender balance at least to the minimum extent required by the legislation, including regulatory, in force at the time.

The list of the Board of Directors, where submitted, must be filed at the Company's registered office by the thirtieth day prior to the date of the Shareholders' Meeting and form the subject of the publicity formalities envisaged by existing regulations.

The lists submitted by the shareholders must, under penalty of forfeiture, be filed at the registered office, even by a means of distance communication and according to methods indicated in the notice of convocation that allow for the identification of the entities filing the same, by the twenty-fifth day preceding the date of the Shareholders' Meeting and they are made available to the public at the registered office, on the doBank Internet Website and by the other methods envisaged by existing regulations, at least twenty-one days before the date of the Shareholders' Meeting.

The lists submitted must also be accompanied, as well as by other additional documentation required by existing regulations,

(a) by information relating to the identity of the shareholders that have submitted the lists, indicating the overall percentage of investment held, notwithstanding that the certification showing ownership of that investment may be produced within the timescales indicated above;

(b) by a declaration of the shareholders other than those that hold, even jointly, a controlling or relative majority investment, certifying the absence of relationships of connection, even indirect, in accordance with the legislation, including regulatory, in force at the time, with the latter;

(c) by comprehensive information on the personal and professional characteristics of the candidates with any indication of the suitability to be classified as Independent Directors in accordance with the regulations in force at the time, as well as by a declaration by those candidates certifying possession of the requirements provided by the legislation, including regulatory, in force each time and by the Articles of Association, therein including those of integrity and, where applicable, independence, and by their acceptance of their candidacy and the role, if elected;

(d) by any other further or different declaration, information and/or document provided by the legislation, including regulatory, in force each time.

The lists for which the requirements indicated above are not respected are considered not to have been submitted.

Each entity entitled to vote may vote upon a single list and the vote of each shareholder will concern the list and, consequently, all the candidates indicated on it, with no possibility of variations, additions or exclusions.

Based upon the provisions of the Articles of Association, the election of the Board of Directors occurs, at the end of the vote, in accordance with what is indicated below:

(i) all directors to be elected, except 1, are taken from the list that came first by number of votes, in the sequential order in which they are indicated on that list;
(ii) the remaining director to be elected, in possession of the independence requirements, is taken from the list that came second by number of votes and that is not connected, in any way, even indirectly, in accordance with the legislation, including regulatory, in force each time, with the entities legitimated to vote who submitted or voted on the list that came first; the first candidate in sequential order of the list in possession of the independence requirements is therefore elected;
(iii) if the first two lists have obtained the same number of votes validly expressed in the Shareholders' Meeting, the list that was submitted by the shareholders in possession of the bigger investment prevails;
(iv) if the number of candidates included in the submitted lists, both of majority and minority, is less than that of the Directors to be elected, the remaining Directors are elected by resolution made by the Shareholders' Meeting by relative majority, ensuring respect of the principles of independence and gender balance required by the legislation, including regulatory, in force each time. In the event of a tied vote between two or more candidates, a ballot shall be held between the same in the Shareholders' Meeting;
(v) if only one list has been submitted, the Shareholders' Meeting expresses its vote on it and if the same obtains the relative majority of the votes represented in the Shareholders' Meeting, the candidates listed in sequential order, up to the number fixed by the Shareholders' Meeting, are elected as directors, ensuring respect of the principles of independence and gender balance required by the legislation, including regulatory, in force each time;
(vi) if no list has been submitted or if only one list has been submitted and the same does not obtain the relative majority of votes represented in the Shareholders' Meeting, the Shareholders' Meeting resolves according to the methods indicated in paragraph (iv) above;
(vii) if the necessary minimum number of Independent Directors and/or Directors belonging to the least represented gender has not been elected, the Directors on the List which came first, marked by the highest sequential number and not having the requirements in question, are replaced by the next candidates having the necessary requirement or requirements belonging to the same List;
(viii) if, even applying the replacement criteria indicated in paragraph (viii) above, suitable replacements are not identified, the Shareholders' Meeting resolves by relative majority. In this case, the replacements shall be made starting with the lists that progressively received the highest number of votes and with the candidates bearing the highest progressive number;
(ix) the list voting procedure, described in this paragraph, applies only in the case of appointment of the entire Board of Directors. In the event that the entire Board of Directors is not to be renewed or if, for any reason, it is not possible to appoint the Board of Directors by the methods indicated in this paragraph, the Shareholders' Meeting shall resolve according to the methods indicated in paragraph (iv) above.

In the event of termination from office, for any reason, of one or more directors, they are replaced according to the following methods:

(i) if the outgoing director is taken from a minority list, and provided that the majority of the directors is still made up of directors appointed by the Shareholders' Meeting, the Board of Directors will appoint the replacement by way of co-opting in accordance with Article 2386 of the Italian Civil Code, by resolution approved by the Board of Auditors, from candidates belonging to the same list as the outgoing director, if they are in possession of the necessary requirements and willing to accept the role. If, for any reason, there are no names available and eligible or if the outgoing director is taken from the majority list, the Board of Directors will appoint the replacement or replacements by co-opting in accordance with Article 2386 of the Italian Civil Code without restrictions on the choice between the members of the lists submitted in turn.
(ii) If the Shareholders' Meeting must proceed in accordance with law to appoint the directors required to supplement the Board of Directors as a result of termination, the provisions of the Articles of Association will be followed, namely:
- (a) if it necessary to replace one or more members of the Board of Directors taken from the majority list, the replacement will occur by decision of the ordinary Shareholders' Meeting which resolves with the relative majority of votes represented therein, without restrictions on the choice between the members of the lists submitted in turn;
- (b) if, on the other hand, it is necessary to replace the member of the Board of Directors taken from the minority list, the Shareholders' Meeting proceeds, with the vote assumed by relative majority of the votes represented therein, to choose them, where possible, from the candidates indicated in the list of which the replaced director formed part, who have confirmed in writing, at least 10 (ten) days before that fixed for the Shareholders' Meeting, their candidacy, together with declarations on the absence of causes of ineligibility or forfeiture, as well as the existence of the requirements laid down by the legislation, including regulatory, in force each time or by the Articles of Association for the assumption of the role. If that replacement procedure is not possible, the member of the Board of Directors will be replaced by a resolution to be passed by relative majority of the votes represented at the Shareholders' Meeting in respect, where possible, of the representation of minorities;
(iii) The replacements indicated above must, in any case, be made in respect of the legislation, including regulatory, in force each time on gender balance and the minimum number of Independent Directors.
(iv) The Directors appointed by the Shareholders' Meeting in replacement of the outgoing members expire together with those in office at the time of their appointment.

Finally, every time, for any reason or cause, the majority of Directors appointed by the Shareholders' Meeting is no longer in place, the entire Board of Directors is understood to be forfeited and the Directors remaining in office must convene the Shareholders' Meeting to appoint the new Board of Directors.

4.1.1 Succession plan in case of absence or impediment

The Succession Plan adopted by the Bank, in compliance with Supervisory Regulations on the definition of succession plans for senior positions of Banks of larger dimensions or operational complexity, and which also satisfies the provisions identified by Application Criterion 5.C.2 of the Corporate Governance Code, envisages a specific procedure, to be applied in the case of impediment to exercise the powers and functions attributed to the Managing Director, indicated as follows:

1) in the case of short-term temporary impediment, quantifiable at 30 calendar days (due to sickness or accident or any cause that prevents normal working activity), the ordinary business and Group management is entrusted to Mr Fabio Balbinot, Head of the Servicing Department. Upon the temporary removal of the impediment to the exercise of his powers by the Managing Director, the temporary powers assigned to Mr Fabio Balbinot cease, unless otherwise resolved by the Board of Directors;
2) in the case of full and permanent impediment of the Managing Director, the ordinary business and Group management is entrusted ad interim to Mr Fabio Balbinot for the time necessary for the Board of Directors, with the support of the Appointments Committee, to identify, select and enter into a contract with the new Managing Director.

When the Board of Directors appoints the new Managing Director, the delegations granted to Mr Fabio Balbinot will cease and, based upon the Articles of Association and the new delegations granted, the ordinary management will transfer to the full powers of the newly-appointed Managing Director.

Moreover, following the Self-Assessment process of the Board of Directors (as highlighted in more detail in point 4.3.3 below, dedicated to that subject) the need emerged to make to the Succession Plan further updates and implementations which the Board, during approval of the Self-Assessment Report, has planned to make by the end of the 2019 financial year.

4.2 COMPOSITION (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTERS D) AND D(2) OF THE CONSOLIDATED FINANCE LAW)

In accordance with Art. 13 of the Articles of Association, the Company is managed by a Board of Directors consisting of a number of directors no less than 7 and no more than 11, elected by the Shareholders' Meeting which, prior to the election, determines its number.

The Shareholders' Meeting itself determines its duration in office, notwithstanding that the latter may not be less than one financial year or more than three financial years, with effect from acceptance of the role and expiry at the date of the Shareholders' Meeting convened to approve the financial statements relating to the final financial year of the role.

The members of the Board of Directors may be re-elected.

In relation to the requirements of professionalism, and considering the importance that the same hold to ensure the good functioning of the management body, the Regulation of the doBank Board of Directors (found on the Company website at the page https://www.dobank.com/it/governance/consiglio-di-amministrazione, to which reference is made for completeness of information) provides additional requirements that the Directors must possess in addition to the requirements provided by existing regulatory and legislative provisions.

The Directors must possess at least one of the following requirements of experience and knowledge, acquired through studies or long-term experience of administration, management and control in (i) the financial sector or (ii) enterprises or entities of significant economic dimensions and proven standing or (iii) the exercise of professional activities or university teaching in legal or economic subjects:

knowledge of the banking business and of assessment and management techniques of risks connected to the exercise of banking activity;
experience of business management and organisation;
capacity to read and interpret the financial statements data of companies or entities;
expertise of corporate nature (audit, compliance, legal, corporate, etc.);
knowledge of the regulation of banking or financial activity;
knowledge of global dynamics of the economic-financial system;
experience and knowledge of the markets.

The Board of Directors assesses the existence of the requirements for its members after the appointment, reporting to the market of the outcomes of that verification by way of a press release and subsequently, on an annual basis for the espected matters, providing the respective results within the Corporate Governance Report.

In accordance with the provisions of Art. 13, paragraph 5 of the Articles of Association, a number of Directors no less than that provided by the legislation, including regulatory, in force each time (currently no less than 2), must possess the independence requirements established by law and by the regulatory provisions (independence requirements provided by Art. 3 of the Corporate Governance Code).

The Board of Directors, consequently, assesses the existence of the independence requirement declared by the directors with regard to substance, rather than form, and that assessment is made after the appointment of a new Director who is classified as independent and on an annual basis, for all Directors.

To that end, the Board of Directors, based upon the declarations made by the director and the information gathered, examines any further available evidence, even possibly attributable to relationships held, even indirectly, by the director with the Group and their significance with the economic and financial situation of the interested party.

The Board of Auditors verifies the correct application of the criteria and procedures adopted by the Board of Directors, supported by the Appointments Committee, for the purposes of the aforementioned assessment, and both outcomes (Board assessments and Board of Auditors' verification) are communicated to the market.

The Board of Directors currently in office was appointed by the Shareholders' Meeting on 19 April 2018 which, as a priority, determined its number at 9 members, and fixed its expiry to the date of the Shareholders' Meeting convened to approve the financial statements of the 2020 Financial Year. Moreover, from the representatives appointed by the Shareholders' Meeting, the Director Paola Bruno resigned on 17 October 2018. The Board of Directors therefore co-opted on 25 January 2019 the lawyer Marella Idi Maria Villa, whose appointment was confirmed by the Shareholders' Meeting on 5 March 2019.

It is noted that that renewal of the Board made by the Shareholders' Meeting on 19 April 2018 was the first after the admission of the doBank shares to the MTA, and that, for the first time, the appointments were made based upon the list vote mechanism, as regulated by the Articles of Association and described in Section 4.1 of this Report. The Company therefore complied for the first time with the provisions on gender balance in the composition of the management body (in accordance with Art. 147(3), paragraph 1(3) of the Consolidated Finance Law and in conformity with the provisions of Art. 2 of Italian Law no. 120 dated 12 July 2011).

It is also noted that with a view to appointing new directors, the Board of Directors of doBank, with the support of the Appointments Committee (in adhesion to Application Criterion 5.C.1 of the Corporate Governance Code), had approved on 8 March 2018 the document entitled "Orientation on the qualitative and quantitative composition of the Board of Directors deemed optimal", which identified the theoretical profile of the candidates to appointment, therein including the managerial, professional (in adhesion to Application Criterion 1.C.1, letter h)), integrity and independence characteristics. That document should therefore satisfy the need to provide orientations, suggestions and indications deemed useful, in order for the list of candidates, presented by the Shareholders for the appointment of the new management board, to be deemed adequate to the responsibilities that the respective members will assume.

Consequently, within the Board, there are different components of the necessary professionalisms for adequate internal dialectics as well as an adequate number of independent members in accordance with the Corporate Governance Code (note that that point was further confirmed also following the co-opting of the director Marella Idi Maria Villa).

At the meeting on 10 May 2018 the Board of Directors therefore ascertained the possession of the requirements of professionalism, integrity and independence envisaged by existing regulations for the Directors and Auditors appointed on 19 April 2018 by the Shareholders' Meeting.

In particular, the Board, following the preliminary investigation activities and having obtained the unanimous opinion of the Appointments Committee, ascertained possession of the requirements of integrity and professionalism as well as the lack of existence of situations impeding all directors and auditors.

In relation to the requirements of independence of the Directors, the preliminary investigation revealed:

(i) the existence of the requirements of independence, in conformity with the provisions of the Consolidated Finance Law and, in particular, with the provisions laid down by the combined provision of Articles 147(3), paragraph 4 and 148 paragraph 3 of the Consolidated Finance Law and in accordance with the Corporate Governance Code, for the Directors Giovanni Battista Dagnino, Giovanni Lo Storto, Nunzio Guglielmino and the members of the Board of Auditors;
(ii) the existence of the requirements of independence, exclusively in conformity with the provisions of the Consolidated Finance Law and, in particular, with the rules laid down by the combined provisions of Articles 147(3) paragraph 4 and 148 paragraph 3 of the Consolidated Finance Law, for the Chairman of the Board of Directors, Giovanni Castellaneta.

The independence of the Directors as indicated above was communicated to the market through the publication of the specific Communication dated 10 May 2018 (Principle 3.P.2 of the Corporate Governance Code).

In relation to the requirements of independence of the members of the Board of Auditors, the preliminary investigation revealed the existence of the requirements of independence, in conformity with the provisions of the Consolidated Finance Law and, in particular, with the rules laid down by the combined provisions of Articles 147(3) paragraph 4 and 148 paragraph 3 of the Consolidated Finance Law and in accordance with the Corporate Governance Code, for the members of the Board of Auditors.

Having positively completed the verification of the individual requirements for each company representative, the Board therefore implemented, again in conformity with the provisions formulated in the "orientation document" cited above, the verification of the qualitative and quantitative composition of the Board of Directors deemed optimal, identifying that the professional characteristics and skills of the Representatives appointed by the Shareholders' Meeting are, as a whole, complementary and constitute a collegial body equipped with a balanced, complete and varied set of skills and professionalisms. That verification therefore ascertained that the Board includes all areas of competence required of the Management Body which, in addition, are covered by a high level of professionalism, expertise and aptitudes, as well as an adequate availability of time. The doBank Board of Directors, as a consequence, currently consists of:

•	Chairman	Giovanni Castellaneta
•	Managing Director	Andrea Mangoni
•	Director	Emanuela Da Rin
•	Independent Director	Giovanni Battista Dagnino
•	Director	Francesco Colasanti
•	Independent Director	Nunzio Guglielmino
•	Independent Director	Giovanni Lo Storto
•	Director	Giuseppe Ranieri
•	Director	Marella Idi Maria Villa

For each Director, a brief curriculum vitae is given below, and, in Table 2 at the foot of this report, further relevant information is provided.

Giovanni Castellaneta, born in Gravina in Puglia (BA) on 11 September 1942, graduated in Law from the La Sapienza University of Rome. He was Italian Ambassador in Australia (and in some Pacific Ocean States), in Iran, Government Representative in Albania and Italian Ambassador in the United States (2005-2009), at the Organization of American States (OSA) and the Bahamas. He assumed the role of Diplomatic Counsellor of the President of the Council and his personal representative for the G7/G8 Summits from 2001 to 2005. In addition, from 2002 to 2012 he covered the role of Board Director of Leonardo/Finmeccanica and Vice Chairman of the homonymous Group. From 2010 to 2016 he was Chairman of the Board of Directors of SACE and from 2012 to 2017 he covered the role of Chairman of Italfondiario S.p.A. He was Senior Advisor for Italy of Fortress Investment Group. Commencing from 2013 and until 2018 he was Chairman of Torre SGR S.p.A., a role that he also covered at Milanosesto S.p.A. from March 2014 to July 2018.

As well as covering the role of Chairman of the Board of Directors of doBank, he is currently Chairman of the Board of Directors of the company Castellaneta & Partners, and was appointed General Secretary of the Iniziativa Adriatico Ionica (IAI) in June 2017.

Andrea Mangoni has, since April 2016, been Managing Director of doBank S.p.A. Born in Terni in 1963, he graduated in Economic Sciences and began his career working with the Inter-American Development Bank, dealing with restructuring projects in Brazil and Argentina. In 1996 he covered in Acea the role of Head of Extraordinary Finance and coordinated the activities relating to the company's stock market listing, occurring in 1998. Thereafter, he became Head of Planning and from 2001 CFO. In 2003 he was appointed Managing Director. In 2009 he joined Telecom Italia in the role of Group CFO and operational Chairman of Telecom Italia Sparkle, a company responsible for managing traffic and the international network. In 2012 he was appointed International Operations General Manager of Telecom Italia and managed, amongst other things, the crisis and re-launch of Tim Brasil, becoming its CEO. From June 2013 to March 2015 he held the role of Chairman and CEO of Sorgenia (CIR Group), and managed the financial restructuring of the company. In 2015 he covered the role of General Manager of Fincantieri.

Francesco Colasanti, born in Frosinone on 29/12/1975, graduated in Economics from the LUISS Guido Carli University of Rome. From 2001 he worked at Fortress Investment Group where he currently covers the role of Managing Director, responsible in Europe for the Private Equity funds. Within the Group he also covers the role of Chief Investment Officer of the Fortress Italian NPL Fund and Investment Manager of Eurocastle (listed company managed by Fortress - ECT.AS). He has participated in the main investment processes of the Fortress Group in the NPL sector and in the real estate sector. Since 2005 he has contributed to the creation and growth, on behalf of the Fortress Group, of Torre SGR S.p.A., for which since 2009 he has covered the role of Director. From 2000 to 2001 he worked at PricewaterhouseCoopers in the Audit and Transaction Support team.

Emanuela Da Rin, born in Rome in 1967, graduated in Law in 1989 from the "La Sapienza" University of Rome. She was authorised to practise as a lawyer in 1993 and has been registered at the Bar of Rome since 1993. Until 2001 she worked at Studio Legale Chiomenti. Thereafter, she joined BonelliErede, where, from 2003, she was a partner in the Banking and Financial Department. At Studio BonelliErede she covered the role of Team Leader of the Banks Focus Team and Real Estate Focus Team. She deals with real estate finance and corporate finance operations. In recent years, she has provided continuous assistance in the sector of special/distressed credits, working both for credit institutions as part of restructuring and valorisation operations of non-performing loans, and for funds in the acquisition of credit portfolios. Since 2017 she has been a Board Director of SITAF Società Italiana Traforo Autostradale del Frejus S.p.A. (company controlled by ANAS S.p.A.).

Giovanni Battista Dagnino was born in Pully (Switzerland) on 25 April 1966. He graduated from Milan's Bocconi University and gained a Ph.D. in Business Administration. He is registered on the Register of Statutory Auditors of the Ministry of Economy and Finance. He is a Full Professor of Economics and Business Management at the University of Rome LUMSA, Palermo campus, where he teaches "Business Finance", "Corporate Governance & Strategic Leadership" and "Digital Strategy". In addition, he is a Faculty Member at the European Institute for Advanced Studies in Management of Brussels, a Fellow of the Strategic Planning Society of London and Friend of the European Investment Bank Institute of Luxembourg and the Strategic Management Society of Chicago. He previously covered the role of Full Professor at the University of Catania from 2006 to 2018, teaching from 2004 to 2018 "Financial and Insurance Business Management" and from 2008 to 2018 "Corporate Strategy" in the Master's Degree Courses in "Business Finance" and in "Business Management"; he has also covered visiting positions in authoritative international business schools. He is the author of over 150 publications distributed internationally and nationally on corporate governance, entrepreneurship and business strategy. He has developed operational experiences in enterprises active in the LPG-liquefied petroleum gas industries and in the real estate sector. He was formerly a member of the Young Entrepreneurs Group of Confindustria Palermo, at which he was Director/treasurer and member of the "Area Euro-Mediterranea" National Commission in Confindustria Roma.

Nunzio Guglielmino, born in Rome on 14 January 1946, graduated in Law and Political Sciences from the University of Rome. From 1980 to 1984 he was an official at the Ministry of the Treasury and from 1984 to 1993 he covered the role of Councillor for Economic and Monetary Affairs at the Permanent Representation of Italy in Brussels, actively participating at meetings of the Council of Financial Ministers of the European Union (ECOFIN) and contributing to preparing the Maastricht Treaty. From 1993 to 1995 he worked at the Ministry of Economy and Finance and, in 1996, he was appointed General Manager at the Treasury Department of the Ministry of Economy and Finance. From 1993 to 2000 he was on the Board of Directors of the European Investment Bank and from 2000 to 2015 he was Deputy Governor of the Council of Europe Development Bank (CEB). He was Deputy Chairman of Poste Italiane and Board Director of Cassa Depositi e Prestiti and other companies, both public and private. From October 2016 to 30 June 2018 he held the position of expert advisor for the examination and in-depth analysis of EU law matters, at the Presidency of the Council of Ministers.

Giovanni Lo Storto, born in Troia (FG) on 1970, he graduated in economics from the LUISS University, at which he has been the General Manager since 2013. He is a Director of Pirelli and C. S.p.A., and a member of the Control, Risks, Sustainability and Corporate Governance Committee and of the Remuneration Committee. He was an official of the administration corps of the army and worked as a branch operations manager at Bartolini, at the Italian Reinsurance Union and at Swiss Re on the CEO's staff. From 1997 to 2005 he was Honorary Fellow and then contract Professor in Economics and Insurance Business Management at the LUISS.

He was a member of the Board of Directors of the Gerardo Capriglione Foundation and of Italiacamp. He is currently also Deputy Chairman of Pola Srl, Chief Executive Officer of L.Lab Srl, Managing Director of L.Campus Srl and member of the Board of Directors of the magazines "Internazionale" and "Formiche", of the press agency Askanews, of L.COM Srl, of the "Fondazione Bruno Visentini" and the "Fondazione Mediterraneo".

He is also co-founder of the LuissEnlabs enterprise accelerator.

He was responsible for the Italian edition of the book "Jugaad Innovation" on 2014 and of "Frugal Innovation" on 2016. On 2017 he published the book "Ero studente" for Rubettino.

Giuseppe Ranieri, born in Rome on 19 February 1974, graduated in Economics from the "La Sapienza" University of Rome and from 2013 covered the role of Director at the Fortress Investment Group. From 1998 to 1999 he worked as an analyst at Nusa SIM S.p.A. and later, from 2000 to 2005, as Manager at PricewaterhouseCoopers-Transaction Services. From 2005 to 2009 he worked at Morgan Stanley Real Estate Fund and Prelios S.p.A., and from 2009 to 2012 at First Atlantic Real Estate NPL S.p.A. (now Frontis S.p.A.).

Marella Idi Maria Villa, born in Milan on 23 October 1977, graduated in Law from the Catholic University of the Sacred Heart in Milan and was authorised to practise as a lawyer in 2006. She has been registered at the Bar of Milan since 2006. From 2011 she worked with Grande Stevens Studio Legale Associato, where, from 2014, she was Salary Partner, providing assistance in areas related to Banking & Finance, Capital Markets and Mergers and Acquisitions, advising, in particular, listed companies with reference to the Consob regulations (Consolidated Finance Law and Issuers' Regulation), Bank of Italy rules and Borsa Italiana instructions. She acquired experiences in debt restructuring of listed companies with banks and in their subsequent recapitalisation; performing consultancy activity in the sector of real estate investment funds and extraordinary corporate operations (acquisitions, mergers and sale of companies). She dealt with the banking area of numerous corporate finance, acquisition and leveraged finance, real estate and project finance operations; as part of structured finance, she has assisted investors, arrangers, sellers and issuers during securitisation operations and transfers of credits and in issuances of listed bonds.

4.2.1. Diversity criteria and policies

doBank has regulated its diversity criteria and policies for the composition of the Board of Directors through the document "Policy on composition of the Corporate Bodies", approved by the Board of Directors on 9 November 2017. The Policy in fact contains provisions on diversity policies in relation to the composition of the management and control boards, relating to gender and the training career that the business representatives must possess, in coherence with existing regulatory provisions. In that regard, the Board of Directors has decided to favour the existence of those characteristics irrespective of the age of the individual.

As already noted in point 4 above, Composition of the Board of Directors, those policies, with particular reference to gender diversity, were applied for the first time upon the renewal of the roles last 19 April 2018, also in application of the provisions of Italian Law no. 120 dated 12 July 2011, which imposed the obligation of reserving a certain share of the members of the Board of Directors of listed companies to the least represented gender. Considering also the provisions of Art. 2, the new Board has reserved to the least represented gender at least one-fifth of the members³ .

Finally, with precise reference to the issue of gender balance, provided by the applicable regulations, which had, as indicated above, ceased to exist following the resignation of the Director Paola Bruno, the Board of Directors, with the co-opting of 25 January 2019 (whose appointment was confirmed by the Shareholders' Meeting of March 5, 2019), re-established to at least one-fifth the component of the Directors of the least represented gender and, in this case, with 2 reserved posts.

4.2.2. Maximum accumulation of assignments held in other companies

Without prejudice to respecting the limits on the number of assignments that the members of the management body may hold in accordance with the legislation, including regulatory, the Board of Directors, on 9 November 2017, approved a policy in relation to the composition of the corporate bodies, by which it identified and defined, inter alia, the maximum number of roles, of management and control in other companies (as illustrated below), that can be considered compatible with the effective conduct of the role of doBank director, also taking account of the participation of the directors in the Board Committees. The Directors are therefore required to inform the Bank of assignments assumed at other companies and entities.

Table 2, at the foot of this Report and cited in point 4.2 above, provides evidence, in conformity with the provisions of the Corporate Governance Code, of the number of assignments of management and control that the doBank directors in office have communicated that they cover in other companies listed on regulated markets, in financial, banking, insurance companies or those of significant dimensions.

³ It is noted that the Board of Directors currently in force constitutes, in accordance with Art. 2 of Italian Law no. 120/2011, the first post-listing mandate and, consequently, the threshold of one-third envisaged by the rule is understood to be reduced to "at least one-fifth".

The policy cited above specifies that these are without prejudice, in any case, to the requirements that may derive from the emanation of the expected implementing Ministerial Decrees of Art. 26 of the Consolidated Banking Law (as amended by Italian Legislative Decree no. 72 dated 12 May 2015, incorporating the so-called CRD IV Directive into the Italian legal system).

The policy notes in any case the prohibition indicated in Article 36 of Italian Law no. 214 dated 22 December 2011 (known as "Interlocking" prohibition) and the related obligation of any directors who hold incompatible roles to communicate the exercised option, within the deadline of 90 days from appointment, notwithstanding that, once that period has elapsed with no communication being made, they forfeit both roles. To that end, the directors must certify annually that they do not cover roles in management, supervision and control bodies in competing enterprises or groups of enterprises to allow the Board to make its annual assessment. That verification was renewed with a positive outcome by the Board of Directors also with reference to the Financial Year.

* * * * *

Based upon the adopted policy: the doBank executive directors in addition to the role covered in doBank - may not cover the role of:
- executive director in more than 2 other companies listed on the regulated markets, Italian or foreign, or in unlisted financial, banking or insurance companies or those of significant dimensions;
- non-executive director or statutory member of the audit body in more than 4 other companies listed on regulated markets, Italian or foreign, or in unlisted financial, banking or insurance companies or those of significant dimensions;
the independent directors in addition to the role covered in doBank may not cover the role of:
- executive director or non-executive director or statutory member of the audit body in more than 10 other companies listed on the regulated markets, Italian or foreign, or in unlisted financial, banking or insurance companies or those of significant dimensions.
the non-executive directors in addition to the role covered in doBank may not cover the role of:
- executive director or non-executive director or statutory member of the audit body in more than 12 other companies listed on the regulated markets, Italian or foreign, or in unlisted financial, banking or insurance companies or those of significant dimensions;

specifying that the scope of application of the limit to the accumulation of roles of administration, management and control covered by doBank Directors excludes companies:

controlling doBank, both directly and indirectly;
belonging to the doBank group, therein including companies directly or indirectly invested by doBank.

In coherence with Application Criterion 2.C.6 of the Corporate Governance Code, the doBank Managing Director has not assumed the role of Director of another issuer, not belonging to the group headed by doBank, and of which a doBank Director is Managing Director.

The current composition of the Board of Directors respects the above general criteria.

4.2.3. Induction and recurring training initiatives

During May 2018 a board induction meeting was held with the aim of aligning the new Directors on the various company projects and ongoing initiatives. No specific training initiatives were implemented; moreover, as identified by the strategic supervision body itself during the selfassessment, during 2019 targeted induction initiatives will be implemented, according to the requirements identified in that sense and as outlined in more detail in point 4.3.3 below dedicated to the Self-Assessment of the Board of Directors.

4.3 ROLE OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER D) OF THE CONSOLIDATED FINANCE LAW)

4.3.1 Duties

In conformity with existing regulations aimed at companies with shares listed on regulated markets and in compliance with the recommendations of the Corporate Governance Code, the Board of Directors covers a central role in the Company's governance model.

In that regard, Art. 17 of the Articles of Association provides that the Board of Directors is invested with all powers for the ordinary and extraordinary management of the Company, except those reserved by law or by the Articles of Association to the Shareholders' Meeting.

The matters under the exclusive remit of the Board include, in particular: i) approval of the organisational and corporate governance structure of the Bank, guaranteeing the clear distinction of duties and functions as well as the prevention of conflicts of interest; ii) approval of accounting and reporting systems; iii) supervision of the process of public reporting and communication of the Bank; iv) duty of ensuring effective dialectics with the management function and with the heads of the main company functions and verifying over time the decisions and choices made by them.

The following resolutions are under the exclusive remit of the Board of Directors:

the appointment and revocation of the Managing Director as well as the Manager in Charge of preparing the corporate accounting documents;
the general guidance as well as the adoption and modification of business, strategic and financial plans of the Company and the Group;
the quarterly assessment of the general performance of company management, based upon information received from the delegated bodies and comparing the results achieved with those planned;
adjustments of the Articles of Association that become necessary to guarantee their conformity with the regulatory provisions applicable each time;
the definition of the remuneration and incentive systems at least for the following entities; the executive directors; the heads of the main business lines, company functions or geographic areas; those who report directly to the bodies with strategic supervision, management and control function; the managers and personnel of the highest level of the company control functions;
the merger by incorporation of companies in the cases provided by Articles 2505 and 2505(2) of the Italian Civil Code;
the demerger in the cases provided by Art. 2506(3) of the Italian Civil Code;
the reduction of the capital in the case of shareholder withdrawal;
the indication of which persons, in addition to those indicated in these articles of association, are responsible for representing the Company;
any establishment of committees or commissions internal to the company bodies with investigatory, advisory and proactive or coordination functions, also with the aim of ensuring that the corporate governance system complies with existing recommendations on corporate governance, determining, at the time of constitution, their members, duration, powers and rights;
the risk management policies, as well as the assessment of the functionality, efficiency and effectiveness of the Internal Controls System and the adequacy of the organisational, administrative and accounting structure;
the determination of the criteria for the coordination and management of the Group companies, also by way of specific regulations, and the determination of the criteria for executing the instructions of the Bank of Italy;
the acquisition and sale of strategic investments, businesses and/or business branches, subject to what is established by Art. 2361, second paragraph of the Italian Civil Code;
the approval and amendment of the main internal regulations;
the purchase and sale of properties;
the appointment and revocation, having heard from the Board of Auditors, of the managers of the internal audit, compliance, risk control and anti-money laundering functions as well as the approval and modification of the respective function regulations;
the establishment and organisation, also for the purposes of allocating the power of signature, in Italy and abroad, of secondary offices, branches, agencies, cashiers and representative offices as well as their closure.

The Board of Directors, also by way of the Board Committees for the respective areas of activity, has assessed and overseen, insofar as it is responsible, the adequacy of the organisational, administrative and accounting structure, with particular reference to the internal control and risk management system; that activity is implemented by way of the competent company functions, which have duly reported in that regard to the Board of Directors.

Similarly, the Board of Directors has implemented that assessment and supervision over the subsidiary companies, through the implementation and application of the Group's "Corporate Governance Project", approved by it and which identifies, on one side, precise responsibilities of the Parent Company and the subsidiary companies, in the context of a univocal and reciprocal assumption of commitments and, on the other, the tools used by the Parent Company to exercise its role of guidance, governance and support for the Group.

In that regard, it is noted that, in the Group's governance model, the organisational, administrative and accounting structure, as well as the internal control systems adopted by the subsidiary companies, envisage the centralisation of some important functions at the Parent Company. In particular, the Group's governance system envisages the centralisation at doBank of the company control functions (i.e. risk management, compliance and anti-money laundering functions, namely the so-called "second level" control functions, as well as the internal audit function, the so-called "third level" control function) and specific corporate functions (human resources management; workplace safety; logistics; procurement; administration, finance and control, including: treasury, accounting, financial statements, reporting, etc.; communication; product development; legal and corporate affairs; extraordinary finance and organisational support).

In respect of the Corporate Governance Project, the subsidiary companies of doBank: (i) are required to implement the provisions issued by the Parent Company in execution of instructions imparted by the Bank of Italy in the interest of the Group's stability as well as to provide to the Parent Company itself all data and information useful for those purposes; (ii) pursue the respective corporate purpose, aiming to achieve objectives of quality, efficacy and overall efficiency, as well as conformity with the relevant regulations; (iii) operate in accordance with the policies and guidelines formulated by doBank, in respect of their legal autonomy and the principles of correct corporate management; (iv) communicate to doBank the necessary data and information for the purposes of exercising the management, coordination and control activities under its remit and collaborate to respect the rules on consolidated supervision.

In accordance with the Supervisory Provisions on corporate governance and the Corporate Governance Code, coherently with the provisions at statutory level and in its Regulation, the Board of Directors, inter alia:

(a) defines the nature and risk level compatible with the strategic objectives of the Bank, including in its assessments all risks that may become significant in the perspective of the medium to longterm sustainability of the Bank's activity; approves the business model, in awareness of the risks to which that model exposes the Bank; approves the governance policies of the risks to which the Bank may be exposed, as well as the risk targets and tolerance thresholds;
(b) approves the policies and processes of assessment of the company activities, and, in particular, the financial instruments, verifying their constant adequacy; it also establishes the maximum limits to the Bank's exposure towards financial instruments and products of uncertain or difficult assessment;
(c) approves the process for the development and validation of internal risk measurement systems not used for regulatory purposes and periodically assesses their correct use;
(d) defines the process for approving new products and services, launching new activities, entering new markets;
(e) approves the company policy on outsourcing of company functions;
(f) in order to attenuate the Bank's operating and reputational risks and to encourage the dissemination of a culture of internal controls, approves a Code of Ethics with which the members of the company bodies and employees must comply. The code defines the standards of conduct (e.g. ethical principles and rules to be observed in relationships with customers) on which the company activity must be based;
(g) approves the internal systems of reporting violations;
(h) in relation to ICT approves:
- (i) the development strategies of the information system and the relevant model for the system architecture;
- (ii) the IT security policy;
- (iii) the guidelines on selecting personnel with technical functions and acquisition of systems, software and services, including the use of external suppliers, and promotes the development and sharing and update of knowledge in the ICT field;
- (iv) the organisational and methodological framework of reference to the ICT risk analysis;
- (v) the propensity to the ICT risk, in conformity with the risk objectives and the framework of reference for determining the risk appetite defined at company level in the "Risk Appetite Framework" (RAF);
- (vi) the company documents provided by the regulations for the management and control of the information system; the Board of Directors is informed, at least on an annual basis, of the adequacy of the services provided and the support of those services to the evolution of business operations in relation to the costs incurred and, promptly, in the case of severe

problems for the company activity deriving from incidents and malfunctioning of the information system;

(i) in relation to business continuity:
- (i) defines the business continuity objectives and strategies of the service, guaranteeing adequate human resources, technological and financial resources;
- (ii) approves the operational continuity plan and subsequent amendments following technological and organisational adjustments, accepting the residual risks not managed by the operational continuity plan, promoting in addition its development, periodic control and update in the face of significant innovations, or deficiencies/gaps or supervening risks;
- (iii) appoints the manager of the operational continuity plan;
- (iv) approves the annual plan of verifications of the operational continuity measures and examines the results of the tests documented in writing;
(k) defines the criteria for identifying the most significant operations to be submitted for prior approval by the Risks and Transactions with Connected Persons Committee, and resolves on the transactions with related parties and connected persons in accordance with the procedures adopted in that sense;
The Board also guarantees that:
(i) the implementation of the relevant framework for determining the risk propensity "Risk Appetite Framework" (RAF), is coherent with the approved risk targets and tolerance thresholds (where identified); in that context, the Board of Directors periodically assesses the adequacy and effectiveness of the RAF and the compatibility between the actual risk and the risk targets;
(ii) the strategic plan, the RAF, the Internal Capital Adequacy Assessment (ICAAP) process, the budgets and the internal controls system are coherent, also considering the evolution of the internal and external conditions in which the Bank operates;
(iii) the quantity and allocation of capital and liquidity held are coherent with the risk appetite, the risk governance policies and risk management process;
(iv) at least on an annual basis, the activity programme is approved by the Board itself (including the audit plan) and the annual reports prepared by the company control functions (Compliance, Internal Audit and Risk Management) are examined. In that context, the Board of Directors also approves the long-term audit plan.

4.3.2 Meetings and functioning

During 2018, the Board of Directors held 20 meetings 4 , each with average duration of about 2 hours. With reference to the percentage of attendance of each director, see Table 2, at the foot of this Report. Beyond the board meetings, the Directors participated, on 9 February 2018, 13 April 2018, 14 June 2018, 8 November 2018 and 7 December 2018, at five "off agenda" investigation and analysis meetings in relation, respectively, to the 2018 budget, the group reorganisation project, the 2018/2020 business plan, the assessment of an offer to be submitted to the market for the acquisition of a platform for credit recovery activities and, finally, the possible acquisition of a servicer in Spain.

For the 2019 financial year, 14 meetings are planned, 5 of which have already been held at the date of this Report.

⁴ Including the 7 meetings held by the Board of Directors that expired with the approval of the financial statements at 31 December 2017.

The planning of the items on the agenda of the various meetings of the Board of Directors is the responsibility of the Chairman. The Chairman also ensures that, during the meetings, the Board of Directors dedicates the time necessary to the matters to be discussed and stimulates the directors to provide their precious contributions, functional to a constructive debate.

The Articles of Association provide, at Art. 16, that the Board of Directors is convened, even by means of telecommunication, at the registered office of the Company or elsewhere, both in Italy and abroad, at intervals usually not exceeding three months and, in any case, every time the Chairman deems it necessary or a request is made by the Managing Director or by at least two directors.

The Board of Directors may also be convened at the initiative of the Board of Auditors.

Again in accordance with Art. 16, paragraph 4 of the Articles of Association, in the absence of convocation, the Board of Directors is validly constituted when the majority of the Directors and Auditors in office are in attendance, including in any case the director appointed from the minority list, and all those entitled have been informed in advance of the meeting.

The Articles of Association also allow for the attendees at the meeting of the Board of Directors to attend remotely, using telecommunication systems (including audio/video links), provided that each of the attendees can be identified by all the others and that each is able to intervene in real time in the discussion of the matters examined, as well as to receive, send and read documents.

In adhesion to the provisions introduced by the Regulation of the Board of Directors – approved in the updated version on 17 October 2017 – the notice of convocation must be sent reasonably in advance, subject to cases of urgency, to all Directors and to the Statutory Auditors.

In order to allow for an adequately informed and aware participation by all directors and thereby to allow the same to express their informed opinions on the matters being resolved, the Regulation of the Board of Directors requires the notice of convocation to contain the agenda of the points under discussion, and the appropriate supporting documentation and related necessary information to be made available to the Directors at least 2 days before the board meeting, or in the case of an urgent convocation, at least the day before that meeting.

In that regard, it is specified that, as regards the Financial Year and in conformity with Application Criterion 1.C.5 of the Corporate Governance Code, the Chairman of the Board of Directors acts as the diligent party not only in ensuring that the documentation, relating to the various items on the agenda of the various board meetings is available to all directors and auditors in respect of the timescales indicated above, but that that documentation, on many occasions, is made available even with longer advance notice.

The Chairman of the Board of Directors, in accordance with Art. 16 of the Articles of Association, may invite personnel of the Company and/or the Group, or third parties, to attend at meetings of the Board, if this may be of assistance in discussing the items on the agenda. In that regard, for the Financial Year, there was, at the invitation of the Managing Director or the Chairman, effective participation of managers of the Company at the meetings of the Board of Directors, on individual matters on the agenda (Application Criterion 1.C.6 of the Corporate Governance Code).

4.3.3 Self-assessment

It should firstly be stated that the results of the previous 2017 Self-Assessment did not reveal any open or pending corrective actions.

The self-assessment process for the year 2018 of the Board of Directors was conducted in conformity with both the Supervisory Provisions on corporate governance and with the Application Criteria of the Corporate Governance Code, as well as in respect of the "Regulation on the self-assessment process of the Board of Directors" approved on 17 October 2018. The self-assessment process took as its reference the period of time between 19 April 2018 (date of renewal of the Board of Directors by the Shareholders' Meeting) and 31 October 2018 (completion date of the collection of the questionnaires). The timeframe considered is significant as it enabled the examination of the functioning of the Management Body in its current composition and, given the confirmation in the role of 6 previous Directors, to benefit from the previous experience gained by the same.

That process was conducted with the involvement and support of the Legal and Corporate Affairs Function, together with internal Personnel of the Bank identified by the Chairman of the Board of Directors at the agreed proposal of the Appointments Committee.

More specifically, the self-assessment process was structured into: (i) an investigation phase, gathering information through the completion of questionnaires; (ii) a development and preparation phase of the outcomes of the assessment, identifying the strengths and weaknesses ascertained; (iii) a preparation phase of the summary document of the outcomes of the process, which ended with the collegial discussion of the same, during the board meeting on 19 December 2018.

The self-assessment process revealed that:

The Board Directors guarantee constant personal commitment, in terms of time and physical presence, in the discussion of complex and demanding activities of the Bank.
The set of Directors contributes to making up a well-structured collegial body in terms of skills and technical expertise, suitable to guarantee the understanding, management and planning of the Bank's activities as well as to oversee their main risks, thereby guaranteeing the sound and prudent management required by the Supervisory Body
The functioning of the Strategic Supervision and Management Body, as well as the Board Committees, is essentially correct and effective and the conduct of the meetings, from their convocation and provision of documentation relating to the items on the agenda, is harmonious and coherent both with existing regulations and with the internal Regulations adopted by the Bank.
The preparation of the minutes of the Board (as well as those of the Committees) deals with the foregoing and highlights promptly the decisions made by the Body as well as the periods of discussion and internal dialectics within the Board.
The Board and the Board Committees demonstrate as a whole full awareness of their duties, as a synthesis of the role responsibly covered by each Representative.

The process revealed some profiles which may be improved, subject to specific and targeted actions already decided by the Board itself and which will be implemented during the year 2019.

In particular, it is planned to implement specific "induction" initiatives in favour of the Directors aimed at incorporating the indications and suggestions made by those Representatives in relation to the areas of knowledge and expertise. 2 sessions are planned to be dedicated, during the year 2019, to at least two of the following matters:

New Business Market of impaired loans in other European countries and digital banking;
Market of NPL's in Italy Problematic characteristics in recovering NPL's and doBank's current business;
Strategic profile and managerial profile for commitments in listed companies.

In addition, the Board has planned to address by the end of 2019 the Succession Plan of the Company with reference to the "key resources".

4.3.4 Competing activities

The Shareholders' Meeting has not authorised derogations from the prohibition on competition ratified by Art. 2390 of the Italian Civil Code.

4.4 DELEGATED BODIES

Managing Director

In accordance with Art. 15 of the Articles of Association, the Board of Directors may appoint a Managing Director, determining his powers.

In that sense, the Board of Directors of doBank appointed on 19 April by the Shareholders' Meeting confirmed, on the same date, Mr Andrea Mangoni as Managing Director, and delegated the same (in accordance with Art. 17 of the Articles of Association) to complete a precise list of categories of acts of management, without thereby depriving him of his prerogatives.

The categories of acts, whose completion was delegated to Mr Andrea Mangoni, (the list of which is recorded at the Companies Register of Verona, at which the respective resolution was filed and registered and to which express reference is made) are determined analytically and broken down with clarity and precision, also in the indication of the quantitative limits and limits on value and any methods of exercise; this also allows the Board of Directors to assess exactly and verify precisely the correct fulfilment as well as the possible exercise of its management powers and right of retention. The Managing Director's powers in any case exclude the operations reserved by law and/or by regulations to the remit of the Board of Directors.

The Managing Director is therefore directly responsible for managing the Company. In relation to him, as recorded by the due checks performed, the situation of interlocking directorate is not in place. The Managing Director is attributed management duties, namely the implementation of the guidelines resolved by the Board of Directors in the exercise of its strategic supervision function.

The Managing Director, in summary:

supervises the company and Group management in conformity with the general, planning and strategic guidelines determined by the competent corporate bodies - promoting the unitary nature of business management and the management and coordination activity of the Group;
manages and coordinates the activity of the operating structures having strategic relevance and control functions, in respect of the resolutions of the Board of Directors;
exercises every right attributed to him in respect of the law and the internal regulations in force each time as well as contracts with principals;
assumes decisions and initiatives in respect of the annual budget of expenditure approved by the Company's Board of Directors and, in any case, in respect of the delegated powers;
defines the operational and executive structure of the Company and ensures that the organisational, administrative, accounting aspects as well as the overall system of internal controls are adequate to the nature and dimensions of the Company itself;
supervises the functionality of the internal control and risk management system, from the start of trading of the Company shares on the MTA.

This is without prejudice to the attribution to the Managing Director of the legal representation of the Company, in accordance with the Articles of Association.

The Managing Director also exercises every other power attributed to him by the Board of Directors and, where not otherwise indicated, he may sub-delegate, in accordance with the Articles of Association, his powers and attributions, subject to his responsibility for the acts implemented by the sub-delegated entities. The sub-delegated bodies provide to the Board of Directors, by way of the Managing Director, a quarterly report, with aggregated data, on the exercise of the powers attributed to them. The Managing Director performs, on a quarterly basis - or more frequently, in the case of specific requirements - reporting activity, with aggregated data, to the Board of Directors, concerning the decisions and initiatives taken in relation to the powers granted by the Board of Directors itself. Specific reporting, on a quarterly basis, is made on any intergroup transactions or transactions with related parties resolved - as defined by the provisions in force each time - or atypical or unusual transactions with respect to normal business management.

Chairman of the Board of Directors

In accordance with Art. 14 of the Articles of Association, the Board of Directors elects from its members a Chairman, for three financial years, subject to the shorter duration established by the Shareholders' Meeting.

The Board of Directors, appointed on 19 April by the Shareholders' Meeting confirmed by a decision on the same date the Ambassador Giovanni Castellaneta as Chairman of the Board of Directors of doBank.

Art. 10 of the Articles of Association establishes that it is the duty of the Chairman of the Board of Directors to chair the Shareholders' Meeting, as well as to regulate the Shareholders' Meeting works in conformity with the criteria and methods established by the regulations in force and by the Shareholders' Meeting regulation.

The Chairman of the Board of Directors has not received management delegations and, as a consequence, does not cover any executive role. Similarly, he does not cover a specific role in developing the business strategies.

The Chairman does not hold, neither directly nor indirectly, significant investments in the Company capital.

Board Reporting

Art. 15 of the Articles of Association requires the Managing Director to report to the Board of Directors and to the Board of Auditors, at least on a quarterly basis and by the methods established by the Board of Directors itself, on the conduct of his activity, in conformity with the rules of law.

It follows that the decisions made by the Managing Director (as well as by the recipients of subdelegations attributed by him, in conformity with the provisions of Art. 17 of the Articles of Association and authorised by the Board) must be brought to the attention of the Board according to the methods and frequency, at least quarterly, identified by the Board itself.

In particular, the delegated bodies must report on the general management performance and on its outlook, as well as on the most significant economic, financial and capital operations implemented by the Company and by its subsidiaries to the Board of Directors and to the Board of Auditors at least every three months.

In addition, in conformity with the provisions outlined in the Group Governance Model (i.e. Policy on Information Flows, Regulation of Internal Control System; etc…), the circulation of information between the corporate bodies and within the same is an essential condition to achieve the objectives of efficient business management and effectiveness of the controls.

In that regard, the delegated bodies have reported to the Board of Directors and to the Board of Auditors on the activity performed in the exercise of the delegations granted to them, in respect of the deadlines indicated above.

4.5 OTHER EXECUTIVE DIRECTORS

In addition to the Managing Director, at the approval date of this Report, there are no other Directors equipped with management delegations directly granted by the Board of Directors.

There are no additional cases, in addition, of Directors to be considered executive in accordance with Application Criterion 2.C.1 of the Corporate Governance Code.

4.6 INDEPENDENT DIRECTORS

At the approval date of this Report, 3 independent directors form part of the Board of Directors, identified in accordance with Art. 3 of the Corporate Governance Code.

As represented in paragraph 4.2 above, on 10 May 2018 the Board has implemented the annual verification of the requirements held by the various directors (and, among these, also that of independence), in conformity with the supervisory regulations dictated for banks.

The Board of Auditors has therefore verified the correct application of the assessment criteria and procedures adopted by the Board of Directors to assess the independence of its members.

On 12 March 2019, the Board of Directors has verified, prior to the approval of this Report, the existence of the requirement of independence, according to the criteria provided by the Corporate Governance Code, for the directors in office.

From the examination performed, the outcomes of the verification already performed by the Board on 10 May 2018 are confirmed, based upon which:

the following persons are independent directors - in accordance with Art. 148 of the Consolidated Finance Law and Art. 3 of the Corporate Governance Code: Nunzio Guglielmino, Giovanni Lo Storto and Giovanni Battista Dagnino;
the Chairman of the Board of Directors Giovanni Castellaneta is an independent director in accordance with Art. 148 of the Consolidated Finance Law but not in accordance with Art. 3 of the Corporate Governance Code;
the Managing Director Andrea Mangoni and the Directors Francesco Colasanti, Emanuela Da Rin, Marella Idi Maria Villa⁵ and Giuseppe Ranieri are not independent directors, neither in accordance with Art. 148 of the Consolidated Finance Law nor in accordance with Art. 3 of the Corporate Governance Code.

The Board of Auditors is required to verify the correct application of the assessment criteria and procedures adopted on 12 March by the Board of Directors to assess the independence of its members. In that regard, the outcome of the checks performed will be published in the annual report to the Shareholders' Meeting, which will be published together with the financial statements of the Financial Year, in respect of the legal methods and timescales.

⁵ For the Representative the verification of the requirements was implemented on 11 February 2019, following the coopting performed by the Board of Directors on 25 January 2019.

In conformity with Application Criterion 3.C.6 of the Corporate Governance Code, the independent directors met on several occasions, in different contexts from meetings of the Board Committees, in autonomy and without moreover recording the results of those meetings, to assess serenely and objectively the contribution made by the same to the works of the Board.

On 17 October 2018 and 7 December 2018, in addition, the independent Directors met, in the absence of the other Directors, respectively for (i) the assessment of the Group Policy for "Management of Transactions with Related Parties of doBank S.p.A., with Connected Persons of the doBank Banking Group and Transactions in Conflict of Interest", and for (ii) the examination of a securitisation operation with a Related Party, of ordinary nature and under equivalent conditions to those of the market. On both occasions they prepared an opinion in that regard, which was submitted to the Board of Directors when assuming the respective decisions.

4.7 LEAD INDEPENDENT DIRECTOR

As none of the presuppositions identified by the Corporate Governance Code (Application Criterion 2.C.4) are in place, the Board of Directors has not appointed any Independent Director as lead independent director.

5.0 TREATMENT OF CORPORATE INFORMATION

The existing regulatory system (Consolidated Finance Law; M.A.R. and Implementing Regulation; CONSOB Issuers' Regulation), and the recommendations of the Corporate Governance Code (criterion 1.C.1, letter j) impose upon the Directors and Auditors of listed companies a precise functional obligation to keep confidential the documents and information that the same may acquire in the conduct of the respective duties.

In conformity with those provisions, therefore, the Board of Directors – at the initiative and proposal of the Managing Director - has identified and defined the processes and procedures for internal management, as well as the related external communication, of information and documents concerning the Company, also with reference to privileged information.

Management of Privileged Information

doBank, based upon the filing of the Listing application in 2017, adopted the "Management of Privileged Information" policy approved by the Board of Directors and, in accordance with Article 18, paragraph 1, letter a) of the market abuse regulation ("MAR"), as well as in conformity with the provisions of the Implementing Regulation, established the Register of Recipients having access to Privileged Information ("Insider Register").

The Policy illustrates the procedures to be observed for the communication, both internally and externally to the company environment, of documents and information regarding doBank and the companies controlled by it with particular reference to privileged information.

The correct dissemination of privileged information thus protects the market and investors, guaranteeing to the same adequate knowledge of the affairs concerning the issuer, on which to base their investment decisions.

The rationale of the obligation to disseminate privileged information in conformity with preestablished methods is aimed at avoiding:

abuse or attempted abuse of privileged information;
recommending or inducing others to abuse privileged information; or
communicating to others privileged information outside the normal exercise of the job, profession, function or office, preventing other entities or categories of entities from using information not known by the public to complete speculative operations on the markets to the detriment of investors, who are unaware of that information.

The Insider Register is kept by the Compliance Function in electronic format in compliance with the models indicated in the Implementing Regulation in order to guarantee at any time:

the confidentiality of the information contained therein, ensuring that the list may only be accessed by clearly identified persons;
the accuracy of the information contained therein;
access to and retrieval of previous versions of the Register.

During 2018, following the issuance by Consob of the Guidelines on the Management of Privileged Information, doBank also established the Register of Relevant Information (RRI) deeming it appropriate to track the individual pieces of information that, at a later stage, may assume privileged nature, also involving their monitoring.

Finally, the Board of Directors, on 11.02.2019, approved the update of the Policy on the management of privileged information as well as the respective procedure regarding the implementing measures in order to comply with the cited Consob guideline no. 1/2017 as well as the principles indicated in Italian Legislative Decree no. 107 dated 10.08.2018, which modified the Consolidated Finance Law in the part relating to public disclosure and reporting to Consob as well as the sanction system.

Internal Dealing

In conformity with the applicable regulatory provisions on market abuse cited above (Consolidated Finance Law; M.A.R. and Implementation Regulation; CONSOB Issuers' Regulation), on 25 May 2017 the Board of Directors approved the "Internal Dealing" policy (hereafter, the "Procedure"), aimed at regulating the implementation of reporting obligations and conduct towards the Company and the market, relating to transactions completed, even by way of interposing person, on the Company shares and in financial instruments, as well as connected financial instruments made by persons that perform administrative, control or management functions and/or relevant entities and/or by persons closely linked to them.

The procedure identifies the "IR Relevant Entities", the "MAR Relevant Entities" and the "Closely Related Persons" to the Relevant Entities in absolute adherence to the provisions of the CONSOB Issuers' Regulation. The Policy also establishes that "Relevant Transactions" are all transactions concerning the Shares and/or derivative instruments and/or other financial instruments related to them, completed on their own behalf, even by interposing person, by the MAR Relevant Entities by Persons Closely Related to them (as provided by the regulations and incorporated in the Policy).

The Procedure also illustrates the sanctions and specifies that, in addition to the sanctions provided by the provisions of law and regulations in force on abuse of privileged information and internal dealing, in the event of a violation of the provisions of the Procedure, doBank will, in relation to those responsible, adopt the measures provided by the applicable regulation. In addition, the Procedure notes that the violation of the provisions contained therein may constitute serious damage, also in terms of image, with major consequences on the economic-financial level. The Procedure also specifies that, if the violation is committed by an employee, this may constitute a disciplinary offence and, in the most serious cases, may give rise to dismissal.

6.0 COMMITTEES INTERNAL TO THE BOARD (pursuant to Art. 123(2), paragraph 2, letter d) of the Consolidated Finance Law)

Art. 21 of the Articles of Association attributes to the Board of Directors the duty to establish committees within it, determining the number of their members.

In conformity with the provisions of the Corporate Governance Code, at the approval date of this Report, three Board Committees are established with proactive, advisory and coordination functions:

the Appointments Committee;
the Remuneration Committee;
the Risks and Transactions with Connected Persons Committee.

The Board of Directors, in establishing the three Board Committees, took account of its composition as well as the number and availability of the independent and non-executive Directors; it therefore opted for a composition of the Board Committees formed by members, mostly independent, from which the Chairman is chosen.

All the Board Committees in office at the date of this Report are constituted by at least three nonexecutive directors, mostly independent; from the latter, the respective Chairmen were chosen. The members of the Board Committees are in possession of the expertise and experience required to manage the duties and roles attributed to those committees.

Each of the Board Committees has its own Regulation on functioning which includes, inter alia, provisions regulating mechanisms of coordination and mutual information between the various corporate bodies.

Minutes are duly taken of the meetings of all Board Committees and the respective Chairmen give information thereof at the next meeting of the Board of Directors, during which they illustrate the opinions expressed in support of the assessments of the Board itself (Application Criterion 4.C.1, letter d) of the Corporate Governance Code). The members of the Board Committees are given the right to access all information that, in the opinion of their members, is deemed necessary for the conduct of their duties (Application Criterion 4.C.1, letter e) of the Corporate Governance Code). The Board Committees may make use of external consultants, whose cost is incurred by the Company, within the limits of the budget approved by the Board of Directors.

7.0 APPOINTMENTS COMMITTEE

In conformity with the Supervisory Provisions and in respect of the provisions laid down by the Corporate Governance Code, during 2018 the composition of the Appointments Committee was the following:

until 18 April 2018:

Giovanni Lo Storto Chairman (Independent);
Edovige Catitti Member (Independent);
Francesco Colasanti Member.

from 19 April 2018:

Giovanni Lo Storto Chairman (Independent);
Giovanni Battista Dagnino Member (Independent);
Giovanni Castellaneta Member.

The Appointments Committee is regulated by a specific Regulation - published on the doBank internet website, at the page https://www.dobank.com/it/governance/comitati-endoconsiliari - which determines its responsibilities and regulates its functioning. The Appointments Committee has specific and adequate resources - quantified in the Financial Year at Euro 20,000.00 - for the conduct of its functions as well as being able to make use of external experts, involving, where necessary, the competent company functions.

The Appointments Committee, in the fulfilment of its functions as a proactive body:

participates in defining, ex ante, the quali-quantitative composition of the Board of Directors considered optimal in relation to the governance objectives identified by the industry regulations. In that context, the Appointments Committee: (a) formulates opinions to the Board of Directors in relation to the dimension and composition of the same; (b) expresses recommendations in relation to the professional figures whose presence within the Board of Directors is deemed appropriate by virtue of the characteristics of professionalism and any independence of each candidate; (c) expresses recommendations in relation to the maximum number of assignments of director or auditor in other companies listed on regulated markets (even foreign), in financial, banking, insurance companies or those of significant dimensions that may be considered compatible with the effective conduct of the assignment as director of the Bank, considering the participation of the directors on Board Committees. To that end, it identifies general criteria differentiated based upon the commitment connected to each role (of executive, non-executive or independent director), also in relation to the nature and dimensions of the companies in which the assignments are covered as well as any belonging to the Bank's group;
supports the Board of Directors in assessing on the merits any problematic circumstances relating to the appointments of directors occurring by virtue of the authorisation - general and preventive - by the Shareholders' Meeting of the Bank to derogate the competition prohibition provided by Article 2390 of the Italian Civil Code;
proposes to the Board of Directors candidates to the role of director in the cases of co-opting, where necessary to replace independent directors;
is asked to express its opinion on the suitability of the candidates that, based upon the analysis performed preventively, the Board of Directors has identified to cover the roles (the opinions issued by the Committee as part of the analyses made by the Board of Directors are sent, together with the same, to the Supervisory Authority);
formulates opinions to the Board of Directors in relation to resolutions concerning any replacement of the members of the Board Committees that become necessary during the time in office of the Appointments Committee;
with reference to the need to ensure an adequate level of diversification in the collective composition of the Board of Directors, fixes a target in terms of share of the least represented

gender and prepares a plan to increase this share up to the fixed target;

assists the Board of Directors in the self-assessment process of the corporate bodies and in defining the succession plans in the senior positions of the executive;
provides to the Board of Directors its support in the ex post assessment of the coherence between the effective composition and that defined ex ante as optimal as well as in verifying the existence of the regulatory and statutory requirements required for directors and auditors, therein including the conditions provided in accordance with Article 26 of the Consolidated Banking Law, as subsequently supplemented and amended;
supports the Board of Directors in defining succession plans in the senior positions of the executive as provided by Section IV of Circular 285.

In carrying out its tasks, the Committee takes account of the objective of ensuring that the decisionmaking processes of the Board of Directors area is not dominated by a single entity or by groups of entities which might cause prejudice to the bank.

The Committee identifies the information flows which must be addressed to it for the proper performance of its functions and may access relevant company information for the purposes of carrying out these functions. The Committee is also equipped with sufficient financial resources to guarantee its operational independence and can employ external experts.

As regards the internal control system, the Committee also collaborates with the Risk and Transactions with Connected Persons Committee in order to identify the managers of the Internal Audit, Compliance and Anti-Money Laundering and Risk Management functions who will be appointed by the Board of Directors, having consulted the bank's Board of Auditors.

During the 2018 financial year, the Appointments Committee met 9 times; the average duration of the meetings, all duly recorded, was approximately 50 minutes.

During 2018, the Appointments Committee performed the activity under its remit and collaborated with the Board of Directors; at the invitation of the Chairman, some managers of the Company participated at the meetings, in relation to the discussion of specific matters on the agenda. The Chairman of the Board of Auditors also took part in the meetings and works of the Appointments Committee.

In particular, the Appointments Committee supported the Board of Directors in relation to the following main matters:

Assessment of the Process to be implemented in relation to shareholders' meeting decisions aimed at appointing the new Board of Directors of the Company: activity under the remit of the Committee;
Update on any situations changing the Requirements of independence, integrity and accumulation of assignments of the Directors and Auditors in view of the approval of the 2017 Financial Statements:
Assessment of the Orientation document on the qualitative and quantitative composition of the Board of Directors;
Prior examination of the "Explanatory report to the shareholders on the appointment of the Board of Directors";
Verification of the lists submitted by the shareholders and respective documentation;
Opinion to be issued to the Board of Directors preparatory to the resolution of appointment of the members of the board committees: Remuneration Committee and Risks and Transactions with Connected Persons Committee
Assessment on the outcome of the "2018 Self-Assessment Process of the Board of Directors of doBank S.p.A.

The Appointments Committee has defined the schedule of its meetings for the year 2019 (3 of which have already been held), planning to meet, in principle, on the day before that fixed for the meetings of the Board of Directors or on the same day, at an earlier time.

8.0 REMUNERATION COMMITTEE

In conformity with the Supervisory Provisions, the composition of the Remuneration Committee reflects an adequate presence of experience and knowledge in the field of governance of banks, in legal, financial matters and remuneration policies and, in respect of the provisions dictated by the Corporate Governance Code, during the whole of 2018, the composition of the Remuneration Committee was the following:

Nunzio Guglielmino – Chairman (Independent);
Giovanni Lo Storto - Member (Independent).
Francesco Colasanti - Member.

The Committee is regulated by a specific Regulation - published on the DoBank Internet Website, at the page https://www.dobank.com/it/governance/comitati-endoconsiliari - which determines its duties and regulates its functioning. The Remuneration Committee has specific and adequate resources - quantified in the Financial Year at Euro 20,000.00 - for the conduct of its functions and it may make use of external experts and involve, if necessary, the competent company functions.

In adhesion to Application Criterion 6.C.6 of the Corporate Governance Code, Art. 6 of the cited Regulation provides that no member of the Remuneration Committee may participate at meetings regarding the determination of the proposal on the remuneration due to him by virtue of specific assignments. The Remuneration Committee, in fulfilling its functions as a proactive body:

presents proposals or expresses opinions to the Board of Directors in relation to the remuneration of the directors and personnel whose remuneration and incentive systems are under the remit of the Board of Directors; it also monitors decisions adopted in that regard by the Board of Directors;
in relation to the remuneration of executive directors and other directors who cover particular roles, presents proposals or expresses opinions to the Board of Directors in relation to establishing the performance targets related to the variable component of that remuneration; it also monitors the decisions adopted in that regard by the Board of Directors;
has advisory duties in relation to determining the criteria for the remuneration of key function holders of the Parent Company and the companies controlled by it, as identified in accordance with the Supervisory Provisions and the European regulations;
assesses periodically the adequacy, overall coherence and concrete application of the remuneration policy of the directors and Key Function Holders, also using information provided by the Managing Director of the parent company; makes to the Board of Directors proposals in that regard;
assesses, in collaboration with the Risks and Transactions with Connected Persons Committee, the adequacy and correctness of the self-assessment process for identifying Key Function Holders in order to guide the activities to be implemented, guaranteeing the independent review recommended by the guidelines of the European Banking Authority (EBA);
directly oversees the correct application of the rules relating to the remuneration of managers of the Internal Audit, Compliance and Anti-Money Laundering and Risk Management functions (the

"Company Control Functions"), in close collaboration with the Board of Auditors;

deals with preparing the documentation to be submitted to the Board of Directors for the respective decisions (therein including the remuneration report in accordance with Article 123(3) of the Consolidated Finance Law, in respect of the terms provided for its submission to the Shareholders' Meeting);
contributes to defining the remuneration and incentive policies of the Group and their periodic assessment;
ensures the involvement of the competent company functions in the process of development and control of the Group's remuneration and incentive policies;
expresses, also using information received from the competent Company Functions, an opinion on the achievement of the performance targets to which the incentive plans are linked and on the assessment of the other conditions imposed for the payment of remuneration;
provides adequate feedback on the activity performed to the company bodies and to the Shareholders' Meeting.

During the 2018 financial year, the Remuneration Committee met 5 times; the average duration of the meetings, all duly recorded, was approximately 1 hour and 20 minutes.

During 2018 the Remuneration Committee performed the activity under its remit and collaborated with the Board of Directors; at the invitation of the Chairman, some managers of the Company participated at the meetings, in relation to the discussion of specific items on the agenda. The Chairman of the Board of Auditors and, in some cases, all members of the Board of Auditors, also normally took part at meetings and in the works of the Remuneration Committee.

More specifically, the Remuneration Committee assessed and expressed an opinion, in support of the Board of Directors, in relation to the following main issues:

2018 remuneration policy (2018 policy and 2017 implementation/review);
Group incentive plan based upon financial instruments; severance payments policy;
Definition of 2018 Perimeter of Key Function Holders;
Modification of primary reporting organisational structure following termination of employment relationship with a resource;
Update of Regulations on remuneration based upon stock instruments intended for the Managing Director and the Key Resources (Stock Granting Plan);
Remuneration of the manager in charge of the set-up of the new banking activity , scheduled as part of the Reorganisation process;
2018 Incentive System: assessment of proposal relating to the selection of further Resources to whom to attribute a variable component higher than 100%;
Opinion on the Regulation on remuneration based upon stock instruments intended for Key Function Holders and Additional Selected Resources (2018 Stock Based Incentive Plan).

The Remuneration Committee has defined the scheduled of its meetings for the year 2019 (1 of which has already been held), planning to meet, in principle, on the day before that fixed for the meetings of the Board of Directors or on the same date, at an earlier time.

9.0 REMUNERATION OF DIRECTORS (Directors' indemnity in the case of resignation, dismissal or termination of the relationship following a public takeover bid (pursuant to Art. 123(2), paragraph 1, letter i) of the Consolidated Finance Law)

Article 20 of the Articles of Association provides that the Directors are entitled, in addition to the reimbursement of expenses incurred for the exercise of their functions, to an annual fee, in a fixed and/or variable amount, which is resolved by the ordinary Shareholders' Meeting and which remains unchanged until a new resolution by the same; the Board itself establishes the method of dividing the fee between its members.

In addition, if the Shareholders' Meeting has not already done so, the Board may establish, in accordance with Art. 2389 of the Italian Civil Code, having heard from the Board of Auditors, the remuneration of the directors invested with particular roles and those who make up the Board Committees, in any case in respect of the remuneration and incentive policies determined by the Shareholders' Meeting.

In conformity with the indications contained in Art. 6 of the Corporate Governance Code and in respect of the "Provisions on Remuneration and Incentive Policies and Practices of Banks and Banking Groups" issued by the Bank of Italy, Art. 6 of the Articles of Association establishes that the ordinary Shareholders' Meeting, as well as establishing the fees due to the bodies appointed by the same, approves:

the remuneration and incentive policies in favour of the bodies with strategic supervision, management and control function and the remaining personnel;
the remuneration plans based upon financial instruments;
the criteria for determining the fee to be granted in the case of early termination of the employment relationship or early cessation from the role, therein including the limits fixed to that fee in terms of the annual amount of fixed remuneration and the maximum amount deriving from their application.

As part of the approval of the remuneration policies, the Shareholders' Meeting is also granted, at the proposal of the Board of Directors and in any case in respect of the conditions and limits provided by the regulatory provisions in force, the power to raise the limit to the incidence of variable remuneration on fixed remuneration up to a maximum of 2:1. That right was exercised by the Shareholders' Meeting at the meeting on 21 June 2017 and was confirmed by the Shareholders' Meeting at the meeting on 19 April 2018.

As regards the further information to be provided in this Report, see the relevant parts of the Remuneration Report published in accordance with Art. 123(3) of the Consolidated Finance Law.

10.0 CONTROL AND RISKS COMMITTEE

In conformity with the Supervisory Provisions and in respect of the provisions dictated by the Corporate Governance Code, doBank has established a control and risks committee entitled Risks and Transactions with Connected Persons Committee made up of the following non-executive directors, mostly independent.

During 2018, the composition of the Risks and Transactions with Connected Persons Committee was the following:

until 19 April 2018

Edovige Catitti –Chairman (Independent);
Nunzio Guglielmino Member (Independent);
Giovanni Lo Storto Member (Independent);
Giuseppe Ranieri Member.

From 19 April 2018:

Giovanni Battista Dagnino - Chairman (Independent);
Nunzio Guglielmino - Member (Independent);
Paola Bruno - Member (resigned from 17 October 2018 and replaced with the Ambassador Giovanni Castellaneta on 25 January 2019).

In the cases provided by the Consob "Regulation on Transactions with Related Parties", as well as by the specific Group Policy, the Committee, after 19 April 2018, met in the minimum composition of 3 members, all independent, with the participation of the Independent Director Giovanni Lo Storto. The Committee is regulated by a specific Regulation - published on the DoBank Internet Website, at the page https://www.dobank.com/it/governance/comitati-endoconsiliari - which determines its duties and regulates its functioning. The Risks and Transactions with Connected Persons Committee has specified and adequate resources - quantified in the Financial Year at Euro 20,000.00 - for the conduct of its functions and it may use external experts, involving, where necessary, the competent company functions.

The Risks and Transactions with Connected Persons Committee, in fulfilling its functions as a proactive body, supports the Board of Directors in relation to the risks and internal control system, remuneration and incentives, conflicts of interest and transactions with connected persons and related parties. In particular:

A) RISKS AND INTERNAL CONTROLS SYSTEM

In relation to the risks and internal controls system in conformity with the Supervisory Provisions, the Risks and Transactions with Connected Persons Committee:

a) identifies and proposes, using the contribution of the Appointments Committee, the managers of the Internal Audit, Compliance and Anti-Money Laundering and Risk Management functions (i.e. the company control functions, hereafter, also: "CCF") to be appointed;
b) examines in advance the activities programmes (including the audit plan) and the annual reports prepared at consolidated level by the CCF and sent to the Board of Directors;
c) expresses assessments and formulates opinions to the Board of Directors on respect of the principles with which the Internal Controls System and the company organisation must comply and the requirements that must be respected by the CCF, bringing to the attention of the Board of Directors any points of weakness and the consequent corrective actions to be promoted; to that end, it assesses the proposals of the Managing Director of the Parent Company;
d) contributes, by means of assessments and opinions, in defining the company policy on outsourcing of the CCF;
e) checks that the CCF comply with the indications and guidelines of the Board of Directors and supports the latter in preparing the coordination document laid down by Title IV, Chapter 3 of the Circular 285;
f) assesses the correct use of the accounting principles for preparing the consolidated financial statements and the financial statements of the Parent Company and to that end liaises with the Manager in Charge of preparing the accounting documents and with the Board of Auditors of the Bank;

g) supports the Board of Directors for decisions to be made in relation to correct and effective determination of the risk appetite framework (RAF) and the risk governance policies. In particular, the Committee performs support functions to the Board of Directors:

in defining and approving the strategic guidelines and risk governance policies, performing assessment and proactive activity necessary so that the Board of Directors, as required by Title IV, Chapter 3 of Circular 285, may define and approve the risk objectives ("risk appetite") and tolerance threshold ("risk tolerance");
in verifying the correct implementation of the strategies, risk governance policies and RAF;
in defining the policies and assessment processes of the company activities, including the verification that the price and conditions of transactions with customers are coherent with the business model and the risk strategies.

The Committee performs, in addition, all duties attributed to it by the Corporate Governance Code and, in particular:

h) expresses its opinion to the Board of Directors with regard:

to the definition of the guidelines of the internal control and risk management system, so that the main risks relating to the Bank and its subsidiaries are correctly identified, as well as adequately measured, managed and monitored, and the determination of the level of compatibility of those risks with business management coherent with the strategic objectives identified;
to the assessment, at least on an annual basis, of the adequacy of the internal control and risk management system with respect to the characteristics of the business and the risk profile assumed, as well as its effectiveness;
to the approval, at least on an annual basis, of the work plan prepared by the head of the Internal Audit function, having heard from the Board of Auditors and the director in charge of the internal control and risk management system;
to the description, within the corporate governance report, of the main characteristics of the internal control and risk management system, expressing its assessment on the adequacy of the same;
to the assessment, having heard from the Board of Auditors, of the results illustrated by the independent auditor in any letter of suggestions and in the report on fundamental issues emerging during the statutory audit;
to the appointment and revocation of the head of the Internal Audit function;
to the fact that the head of the Internal Audit function has adequate resources for the conduct of his responsibilities;
to the fact that the remuneration of the head of the Internal Audit is defined coherently with the company policies;

i) assesses, together with the Manager in Charge of preparing the corporate accounting documents and having heard from the independent auditor and the Board of Auditors, the homogeneity of the accounting standards used for the purposes of preparing the consolidated financial statements;

j) expresses opinions on specific aspects relating to identifying the main company risks;

k) examines the periodic reports, concerning the assessment of the internal control and risk management system, and those of particular relevance prepared by the Internal Audit function

l) monitors the autonomy, adequacy, effectiveness and efficiency of the Internal Audit function;

m) requests from the Internal Audit function, where the need or opportunity arises, the conduct

of checks on specific operational areas, simultaneously notifying the chairman of the Board of Auditors;

n) reports to the Board of Directors, at least half-yearly, on the occasion of the approval of the annual and half-yearly report, on the activity performed as well as on the adequacy of the internal control and risk management system;

o) supports with adequate preliminary activity the assessments and decisions of the Board of Directors on managing risks deriving from prejudicial events of which the Board of Directors has become aware (Application Criterion 7.C.2, letter g) of the Corporate Governance Code);

B) REMUNERATION AND INCENTIVES

In that field, the Risks and Transactions with Connected Persons Committee:

a) assesses, in collaboration with the Remuneration Committee, the adequacy and correctness of the self-assessment process for the purpose of directing the activities to be implemented, guaranteeing the independent review recommended by the EBA Guidelines;
b) ascertains that the incentives underlying the remuneration and incentive system of the Group take account of the risks, capital and liquidity.
C) CONFLICTS OF INTEREST AND TRANSACTIONS WITH CONNECTED PERSONS AND RELATED PARTIES

In relation to the assessment of cases of conflict of interests and, in particular, transactions with connected persons indicated in Circular 263/2006 of the Bank of Italy and transactions with related parties indicated in the CONSOB Related Parties' Regulation, within the limits of the role attributed to the same by the relevant regulatory provisions, the Risks and Transactions with Connected Persons Committee supports the Board of Directors and, if provided by internal regulations, the subsidiary companies, for the related decisions to be assumed. In particular, among the functions provided by the CONSOB Related Parties' Regulation, the Committee:

a) issues preventive and motivated, as well as binding, opinions for the purpose of the resolution of the Board of Directors, on the overall suitability of the internal procedures that regulate the identification and management of transactions with related parties and/or with connected persons implemented by the Bank and/or by the Group companies, as well as the subsequent updates, to satisfy the objectives established by the CONSOB Related Parties' Regulation, by the regulations of the Bank of Italy for transactions with connected persons and by Article 136 of the Consolidated Banking Law for transactions with bank representatives;
b) issues preventive and motivated opinions, in the cases expressly provided, on the interest in completing the transaction with related parties and/or with connected persons implemented by the Bank and/or by the Group companies, as well as on the convenience and substantial correctness of the respective conditions;
c) in the cases expressly provided of transactions with related parties and/or connected persons implemented by the Bank and/or by the Group companies, the Risks and Transactions with Connected Persons Committee is involved as early as in the phase of negotiations and in the preliminary phase through the receipt of a complete and prompt information flow, with the right to request information and to make observations to the delegated bodies and to the entities instructed to conduct the negotiations or preliminary investigation;
d) if necessary, it expresses opinions based upon the information made available by the competent structure of the Bank, on significant issues regarding the single perimeter of the Group of related parties and connected persons.

The Risks and Transactions with Connected Persons Committee during 2018 met 16 times, and the average duration of the meetings, all duly recorded, was about one hour and twenty minutes.

During 2017, the Committee performed the activity under its remit and collaborated with the Board of Directors; at the invitation of the Chairman, some Company managers attended at the meetings, in relation to specific items on the agenda. The Chairman of the Board of Auditors and, on some occasions, all members of the Board of Auditors, normally took part in the meetings and works of the Risks and Transactions with Connected Persons Committee.

More specifically, the Committee assessed and expressed its opinion, in support of the Board of Directors, in relation to the following main issues:

Policy of competence RAF/OMR ICAAP/ILAAP Process of preparing and checking the consolidated financial statements - Remuneration and Incentives of the doBank Banking Group - Management of transactions with connected parties and transactions in conflict of interest – Information Flows – ITC Risk – Recovery Plan;
Quarterly audit tracking on the outcomes of the monitoring of the action plans;
Updates on the AML action plan;
Organisational positioning and appointment of data protection officer (DPO).
Analysis of the outcomes of the gap analysis conducted for the purposes of implementing European Regulation no. 679/2016 on data protection (GDPR) and respective multiyear action plan;
Policy on personal data protection in accordance with the GDPR and respective organisation model of the Group;
Guidelines for determining allocations to the Risks and Charges Provision;
Risk Appetite Statement 2018;
Criteria of identification of most significant Transactions;
Tableau de Bord of 2018 quarterly risks;
Business Continuity activities performed during 2017;
Examination of Individual and Consolidated Draft Financial Statements at 31 December 2017 also for the purposes of ascertaining the correct use of the accounting standards;
valuation of the investment portfolio of the Bank highlighting respect of the supervisory limits, in relation to investments;
acknowledgement of the Corporate Governance Report relating to the 2017 financial year, provided by the Corporate Governance Code for listed companies;
quarterly Compliance & AML Risk Report on the outcomes of the action plan monitoring;
Periodic monitoring of the GDPR action plan;
Outcomes of the compliance risk assessment activity in relation to the regulatory scope of banking transparency;
Sustainability of 2018 remuneration policy following adoption of the RAF;
Examination of transactions with related parties
Preventive assessment for appointment of the Data Protection Officer as well as for the appointment of the AML Officer of the doBank Hellas branch in accordance with Article 44 of Italian Law 3691/2008;
2017 Internal Audit Annual Report and 2018 Audit Plan;
Annual report of the AML function on the 2017 activities and Self-assessment report of money laundering and terrorist financing risks;
Annual report of the Compliance Function on the activities of 2017, Compliance Plan for 2018 and Complaints Report relating to 2017;
2017 annual report of Risk Management and 2018 Risk Management planning of the doBank Group;
2017 annual report on controls on the important outsourced operating functions;
2017 annual report of the Company Control Functions on the checks performed on subsidiaries of the doBank Group;
Report on activities performed by the Supervisory Body pursuant to Italian Legislative Decree 231/01.
Annual report of the Risks and Transactions with Connected Persons Committee.
Quarterly summary reports on KORI;
Regulation on the Integrated Internal Controls System of the doBank Banking Group;
Audit Reports with negative assessments issued during 2018 by the Internal Audit Function;
Quarterly updates on the stage of progress of the Action Plan on the Bank of Italy inspection report;
Examination of updates made to the Regulations of the Internal Audit, Compliance, AML, Risk Management Functions and Manager in Charge of the doBank Group;
Examination of the AML Policy for the Greek branch and updates made to the AML policies and procedures of doBank;
Appointment of Heads of Specialist Controls of ComplianceUpdate;
Operational Continuity Plan of the doBank Group and update of the Disaster Recovery plan;

The Risks and Transactions With Related Parties Committee has defined the schedule of its meetings for the year 2019 (3 of which have already been held), planning to meet, in principle, the day before that fixed for meetings of the Board of Directors or on the same day, at an earlier time.

After the closure of the Financial Year, the Board of Directors resolved, on 25 January 2019, upon the modification of the Regulation of the Risks and Transactions with Related Parties Committee, providing for the same also the functions attributed in relation to the supervision of issues of sustainability (with reference to Italian Legislative Decree 254/2016 – Non-Financial Declaration).

11.0 INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

The Group, in line with the relevant regulations and best practice, has established an Internal Controls System aimed at constantly overseeing the main risks connected to the Group's activities, so as to be able to guarantee sound and prudent business management, coherent with the set objectives.

The Group's Internal Controls System is based upon control bodies and functions, information flows and methods of involvement between the entities involved and governance mechanisms of the Group. In particular, it is structured as set out below:

• the primary responsibility for the completeness, adequacy, functionality and reliability is deferred to the governance bodies, and in particular the Body with strategic supervision function, which has the duties of strategic planning, management, assessment and monitoring of the overall Internal Controls System; on the other hand, it is the duty of the Board of Auditors to oversee the completeness, adequacy and functionality of the Internal Controls System, ascertaining the adequacy of the company functions involved, the correct conduct of the duties and the adequate coordination of the same as well as prompting any corrective interventions;

the third level controls, entrusted to the Internal Audit function, are aimed at assessing periodically the completeness, functionality, adequacy and reliability in terms of efficiency and effectiveness of the Internal Controls System in relation to the nature and intensity of the risks of company requirements, also identifying any violations of the organisational measures adopted by the Group;
the second level controls are aimed at ensuring the correct implementation of the risk management process, verifying respect of the limits assigned to the various operating functions, checking the coherence of the operations of the individual production areas with the assigned risk-return objectives as well as guaranteeing the conformity of the business operations with the rules, including those of self-regulation and they are performed, for the areas under the respective remit, by the Compliance, Anti-Money Laundering, Risk Management Functions and by the Manager in Charge of preparing the corporate accounting documents;
the first level controls, aimed at ensuring the correct conduct of the operations, are the responsibility of the company functions in charge of the business/operational activities which are asked, as part of daily operations, to identify, measure, monitor and attenuate risks deriving from the ordinary company activity in conformity with the risk management process and the applicable internal procedures.

During 2019, that aspect of the internal controls system will be audited with a view to assessing any interventions that, in full conformity with the principles ratified by the Corporate Governance Code, continuously guarantee its effectiveness and coherence with the evolutionary scenarios of strategic and organisational nature that involve the Group.

Board of Directors and Risks and Transactions with Connected Persons Committee

The guidelines of the internal controls and risk management system are defined by the Parent Company's Board of Directors in coherence with the strategic guidelines and the risk appetite established by the same. In that way, the Board, in line with Application Criterion 7.C.1. letter a) of the Corporate Governance Code, ensures that the main risks are correctly identified, measured and monitored adequately, taking account of their evolution and interaction.

In that context, the Parent Company's Board of Directors defines and approves, on an annual basis, the Group's Risk Appetite Framework in order to guarantee that the business develops within the desired risk profile and in respect of national and international regulations. The Risk Appetite Framework, approved by the doBank Board of Directors on 10 May 2018 in relation to the policy and on 19 June 2018 as regards the Risk Appetite Statement, defines, in conformity with Application Criterion 1.C.1, letter b of the Corporate Governance Code, in addition to the list of relevant metrics, also the amount of risk that the Group is prepared to accept in normal operating conditions (target), the maximum deviation acceptable from the targets in conditions of stress (trigger) and the maximum level of risk assumption for the Group (tolerance), as well as the rules of escalation and involvement of the Board of Directors when exceeding the various thresholds for the purpose of their assessment and definition of any corrective interventions.

The Board of Directors performs the assessments and assumes the decisions in relation to the internal controls and risk management system obtaining support from the Risks and Transactions with Connected Persons Committee.

As part of its duties, the Board of Directors approves the establishment of the company control functions, the respective duties and responsibilities, the methods of coordination and collaboration, the information flows between the same and between the latter and the company bodies, appointing them and revoking their respective managers, having heard from the Board of Auditors, at the proposal of the Risks and Transactions with Connected Persons Committee, which, in turn, obtains the opinion of the Appointments Committee. The Board has also instructed the Managing Director to implement the guidelines defined by the same through the design, management and monitoring of the Internal Controls and risk management system. In that perspective, the Board guarantees that the company control functions are independent and may have access to all activities of the Group and to any information relevant to the fulfilment of its duties.

The Board of Directors periodically verifies that the organisational structure as well as the resources of the company control functions are qualitatively and quantitatively adequate and coherent with the strategic guidelines of the Group and defines any organisational adjustments and the personnel of the Internal Audit function.

In coherence with Application Criterion 7.C.1 letter b) of the Corporate Governance Code, in order to assess annually the adequacy, effectiveness and efficiency of the Internal Controls and Risk Management System, the Board of Directors, with the support of the Risks and Transactions with Related Parties Committee, examines the reports of the heads of the company control functions (i.e. Compliance, Anti-Money Laundering, Risk Management and Internal Audit), the reporting of the Manager in Charge of preparing the corporate accounting documents, in conformity with the accounting standards and the requirements of homogeneity dictated by the preparation of the consolidated financial statements, as well as any further information useful for monitoring the business risks produced by the competent structures and/or by the company assigned the accounts audit. At the outcome of that analysis, the Board expresses its assessment, promoting the prompt adoption of suitable corrective measures where significant aspects of criticality emerge.

In the same context, the Board of Directors approves the guidelines of the Internal Audit function, overseeing their implementation and it approves annually, in line with Application Criterion 7.C.1. letter c) of the Corporate Governance Code, the audit plan, having heard from the Board of Auditors and the director in charge of the internal control and risk management system.

Finally, the Board of Directors promotes the dissemination of a business culture of internal controls that enhances the company control functions, so that all company personnel are aware of the role attributed to them. To that end, the Board of Directors has approved a Code of Ethics, attached to the Organisation and Management Model pursuant to Italian Legislative Decree 231/2001, which formalises the principles that the members of the company bodies and employees are required to respect in carrying out the matters attributed.

Board of Auditors

The Board of Auditors oversees the completeness, adequacy and functionality of the Internal Controls System as well as the risk management and control processes, ascertaining the adequacy of the company functions involved, the correct conduct of the duties and the adequate coordination of the same as well as promoting any corrective interventions of deficiencies and irregularities identified.

For the same purpose, the Board of Auditors, using the company control functions, performs checks with a view to ensuring the regularity and legitimacy of management, on the adequacy and compliance of the process of determining the internal capital (ICAAP) with the requirements provided by the regulations, the internal risk measurement systems for determining the capital requirements and their compliance with regulatory requirements, on the adequacy of the governance system and the liquidity risk management (ILAAP), on the financial information process, on the statutory audit of the annual accounts and the consolidated financial statements. The Board of Auditors participates, inter alia, in the works of the Board of Directors.

The Board of Auditors of the Parent Company acts in close relationship with the corresponding bodies of the companies controlled by it and also has the duty to inform the Supervisory Authorities without delay of all acts or circumstances of which it becomes aware in the exercise of its activities which may constitute an irregularity in management of the Group.

According to the governance model adopted by the Group, the Parent Company's Board of Auditors is also attributed the functions of supervisory body pursuant to Italian Legislative Decree 231/2001.

Company Control Functions

In accordance with the Supervisory Provisions the company control functions include the Compliance, Anti-Money Laundering, Risk Management, Internal Audit and Manager in Charge Functions. Those functions are separate between them as well as hierarchically independent from the company functions that perform the activities subject to their controls.

In accordance with the aforementioned provisions and limited to the aspects regulated therein on remuneration and incentive policies and practices, the Resources and Transformation Function is also classified as a company control function.

Compliance Function

According to the adopted model, the management activities of the risk of non-conformity with the rules are centralised at the Parent Company and coordinated by the Head of the Group's Compliance and Anti-Money Laundering Function (Chief Compliance Officer). The Function is required to deal with identifying, monitoring and controlling the risk of non-conformity with the rules, providing consultancy and support to the operating and business structures as well as preparing the necessary periodic information to the company bodies.

The companies controlled by the Parent Company, in respect of the applicable Supervisory Provisions, where deemed opportune, identify a representative for the compliance activities. The representative must be formally appointed, by the respective Body with strategic supervision function, having heard from the body with control function, subject to the prior opinion of the Parent Company's Chief Compliance Officer, and he will report functionally to the Parent Company's Compliance and Anti-Money Laundering Function.

The Compliance and Anti-Money Laundering Function, as the second level company control function, operates according to a risk-based approach, following the principles and techniques of risk management and it contributes to ensuring the conformity of the Group's actions with all regulations to which it is subject.

Indicated below are the duties and responsibilities of the Compliance and Anti-Money Laundering Function defined in respect of the applicable regulatory and legislative provisions, the internal organisational measures in force and the industry best practices. In particular, Compliance is responsible for the following activities:

preparing the relevant guidelines and policies on managing the risk of non-conformity, to be submitted to the corporate bodies, proposing the methods of control of each regulatory area for which the risk of non-conformity is identified;
constantly monitoring the regulatory framework, in order to guarantee that the external legislation is adequately translated into regulations, processes and internal procedures;
providing consultancy and assistance to the corporate bodies and to other Group structures through the issuance of opinions in cases of doubts on the interpretation of external legislation and on the application of internal rules;
defining the methodologies of assessing the risk of non-conformity, identifying measures for the prevention of the identified risk and verifying the adequacy of the same in managing the risk of non-conformity;
monitoring the risks of non-conformity with the rules identified, for the purposes of their mitigation and/or management;
preparing the periodic reports on the adequacy of the control of conformity to be submitted to the corporate and control bodies, including mainly:
- o identification and assessment of the main risks of non-conformity to which the Group is exposed and planning the respective management interventions, concerning both any deficiencies emerging in the company operations and the need to deal with any new risks of non-conformity identified following the annual risk assessment;
- o at the end of the controls, the description of the activities performed, the criticalities identified and the remedies identified;
communicating promptly to the corporate and control bodies the issues and violations of conformity considered to be of particular significance;
in the internal capital adequacy assessment process (ICAAP), supporting the Risk Management Function in the assessment of non-quantifiable risks, with specific reference to the reputational risk and to the risk of non-conformity. In addition, the function has the duty of verifying the conformity of the process and supporting Risk Management and the entities involved in defining the same;
collaborating with the other company control functions, according to the methods expressed in the "Regulation on the Integrated Internal Controls System of the doBank Banking Group", in order to achieve an effective integration of the risk management process;
supporting the Resources & Transformation Function in continuously defining and creating training programmes, aimed at strengthening technical-professional skills and updating personnel internal to the Group and the Function itself.

In line with what is established by the Supervisory Provisions and by the internal regulations, the Body with strategic supervision function has appointed the Chief Compliance Officer as head of the Compliance and Anti-Money Laundering Function. In the appointment/revocation process, the opinion of the Risks and Transactions with Connected Persons Committee is also required which, in turn, obtains the opinion of the Appointments Committee.

During 2018 the role of Chief Compliance Officer was covered by Ms Laura Tonelli in full conformity with the following requirements:

she is positioned in an adequate hierarchical-functional position; in particular, the manager is positioned hierarchically under the body with management function and has direct access to the body with strategic supervision function and to the body with control function;
she possesses adequate requirements of professionalism;
she does not have direct responsibility for operating areas subject to control and is not hierarchically subordinate to the managers of those areas;
she reports directly to the company bodies; in particular, the head of the function has direct access to the body with strategic supervision function and to the body with control function and communicates with them without restrictions or intermediations.

In relation to the management process of the risk of non-conformity with the rules, the Chief Compliance Officer guarantees control of non-conformity, through the supervision and management of operating activities connected to implementation of the "management process of the risk of nonconformity", transversal to the Group, dealing with its methodological aspects, the adequacy of the contents, the implementation of the relevant controls, also using the collaboration of specialist expertise (e.g. legal, organisational, risk management, technological, human resources, internal audit function) available therein, as well as the contributions provided by the compliance model (e.g. heads of specialist controls, the compliance representative of Italfondiario), as indicated within the Regulation of the Compliance & Anti-Money Laundering Function.

With specific reference to the management process of the risk of non-conformity, the Chief Compliance Officer:

is the owner of the management process of the risk of non-conformity activated in order to monitor the constant and continuous alignment of the company regulations, the organisational structures, the internal provisions, procedures and information system, as well as the training processes, the relevant regulations (of self- and external regulation) and the evolution of the business (e.g. new products/services or business lines, new processes and procedures, revisions of the organisational structures);
is responsible for defining the methodologies both for the analysis and management of the risk of non-conformity with the rules, and for the management of the different operating phases of the management process of the risk of non-conformity and deals with their dissemination among the specialist controls and in the Group companies so that they can be fully incorporated;
oversees the various operating phases involved in the management process of the risk of nonconformity under her remit and deals with updating continuously the mapping of the risks of non-conformity with the assessments and information sent by the different specialist controls and by the other company control functions;
is responsible for the correct implementation of the information flows;
collaborates with the Complaints Management structure, positioned within the Legal and Corporate Affairs Function, for the activities of identifying non-conformity originating from the analysis of complaints received;
guarantees that the procedures adopted are able to ensure substantial compliance with the obligations imposed by the provisions in force, assesses their methods of execution and identifies any areas of intervention to minimise the current and prospective risk of non-conformity;
collaborates with the other company control functions, also overseeing the reciprocal exchange of suitable information flows in conformity with the requirements of the "Regulation on the Integrated Internal Controls System of the doBank Banking Group";
takes steps to investigate and remedy areas of improvement reported by the Internal Audit Function following findings emerging during verifications under the remit of the Compliance and Anti-Money Laundering Function;
takes steps to investigate and remedy findings by the Supervisory Authorities emerging during inspections under the remit of the Compliance and Anti-Money Laundering Function or other company functions insofar as they are responsible.

Anti-Money Laundering Function

In the context of the centralised organisation model adopted by the Group in relation to the Internal Controls System, the Anti-Money Laundering Function established at the Parent Company fulfils the role of anti-money laundering function on behalf of both the Parent Company and the companies controlled by it, as defined by the regulatory provisions in force, and ensures the management of the risk of money laundering and terrorist financing. The Anti-Money Laundering Function is positioned organisationally within the Compliance and Anti-Money Laundering Function and reports functionally to the body with management function of the Parent Company and has direct access to the body with strategic supervision function and the body with control function of the Parent Company.

In respect of the centralised model adopted by the Parent Company, at each of the companies controlled by the Bank, recipients of the anti-money laundering regulations, a representative or a specific anti-money laundering unit must be identified which, acting in close functional collaboration with the specific structure of the Parent Company, oversees the processes connected to the anti-money laundering regulations in the relevant company.

The Head of Anti-Money Laundering of the Group, for the aspects of specific interest, must be informed comprehensively and promptly of the outcomes of the control activities performed at the companies belonging to the group as well as of any significant occurrence. He has access to all group databases containing information useful for the conduct of his duties.

In that context, in order to implement unitary management of the Group risk level, the Head of the Group's Anti-Money Laundering Function is attributed the duty of informing the company bodies of the individual subsidiary companies of the findings of the checks performed. Those findings will be part of the overall report on the activities performed at Group level, provided to the Board of Directors of the Parent Company.

In addition, the Group's Anti-Money Laundering Function includes in the activity plans (also through service agreements) checks and/or consultancy activities - at consolidated level - aimed at ascertaining respect, by all Subsidiaries, of the guidelines and principles imparted by the Parent Company as part of this Regulation as well as the specific regulations applicable to them.

The Anti-Money Laundering Function includes the "STR Unit" in charge of assessing suspicious transaction reports, which must be sent to the Financial Intelligence Unit (FIU) of the Bank of Italy by the STR Delegate.

The responsibility and duties of the Function are attributed to the Anti-Money Laundering Manager, a role covered in 2018 by Ms Elisa Francesconi who is in possession of the following requirements:

• she is positioned in an adequate hierarchical-functional position; in particular, she reports functionally to the Managing Director of the Parent Company;

she is adequately independent, authoritative and professional;
she does not have direct responsibility for operating areas subject to control and is not hierarchically subordinate to the managers of those areas;
she reports directly to the Company Bodies; in particular the Anti-Money Laundering Function Manager has direct access to the Board of Directors and to the Board of Auditors of doBank and communicates with them without restrictions or intermediation.

The Anti-Money Laundering Manager, in addition, performs the following duties:

she covers the role of Anti-Money Laundering Manager of the Group and in that sense develops the directives in relation to the recipient Group Companies so as to guarantee a homogeneous approach in line with the defined management model;
she receives specific information flows regarding the outcomes of the control activities performed at the recipient Group Companies and regarding any other significant event;
she has access to every database and every type of information existing in the recipient Group Companies for the purposes of completing her duties;
she performs supervision activities on the different structures of doBank and the recipient Group Companies to which the different duties relating to the management of the anti-money laundering process are entrusted;
she verifies periodically the adequacy of the architecture of the Internal Control System with particular regard to management of the money laundering and terrorist financing risk.

The Anti-Money Laundering Manager is attributed also the role of Delegate for the assessment and reporting of suspicious transactions for doBank and for the recipient Group Companies (hereafter also "STR Delegate"), in accordance with Art. 42, paragraph 4 of Italian Legislative Decree 231/2007, by virtue of a specific delegation, formalised and adequately brought to the attention of the company structure.

The STR Delegate is in possession of the requirements of independence, authoritativeness and professionalism and has responsibility for the following activities:

she assesses reports received from the recipient Group Companies and the possible consequent transmission of those reports to the FIU;
she archives with the respective motivation the reports deemed not to be well-founded;
she communicates, by the organisational methods deemed most appropriate, the outcome of her assessment to the manager of the function that originated the report; she promptly informs the company bodies if, during her activity, she identifies particular situations of violation of the rules in that regard; she provides consultancy to the operating structures regarding the management of suspicious transaction reports and any abstention from executing the transaction;
she assesses the communications sent to her by the Board of Auditors and the Supervisory Body pursuant to Italian Legislative Decree 231/2001 in relation to violations concerning suspicious transactions reporting, in accordance with Article 52, paragraph 2, letter b) of Italian Legislative Decree 231/2007;
she performs a role of liaison with the FIU and manages any requests for further information received from the competent Authorities, therein including the judicial authority.

The role and responsibilities of the delegate have been adequately formalised and made public within the Group by way of appropriate communications.

Risk Management Function

As part of the centralised organisation model adopted by the Group in relation to the Internal Controls System, the Risk Management Function, established at the Parent Company, fulfils the role of second level control function on behalf of both the Parent Company and the companies controlled by it.

From the organisational profile, the Risk Management Function reports hierarchically and functionally to the Managing Director, but with direct access to the Board of Directors.

As defined by the regulatory provisions in force, the function in question provides constantly objective and independent activity, aimed at identifying, measuring, monitoring and preventing as well as communicating to the appropriate hierarchical levels the risks to which the Group is exposed. Using methodological approaches, applications and reliable instruments, coherent with the degree of complexity of the Group operations, the Risk Management Function guarantees an integrated vision in current and prospective terms of the context of riskiness, the capital adequacy and the adequacy of the governance system and liquidity risk management system and organisational system of the Group, verifying the coherence of the Group's risk profile with the risk objectives expressed in the Risk Appetite Framework (RAF).

The RAF constitutes the essential presupposition for determining a risk governance policy and a risk management policy based upon principles of sound and prudent management.

The Risk Management Function, considering the nature of the risks assumed or to be assumed and the availability by the Bank of adequate methodologies and skills for determining their exposure and the respective internal capital, classifies the same into quantifiable risks and risks that are difficult to quantify to be subjected to opportune attenuation and control systems.

The function structures adequate information flows towards the company bodies and functions and also communicates promptly to the same, upon request or by initiative, any problems deemed significant, emerging during the conduct of its activities. The outcomes of the assessments ending with negative opinions or that highlight significant deficiencies are sent in full, promptly and directly, to the company bodies.

In general, the function guarantees the dissemination of a risk culture within the Group, cooperating, for the areas of expertise, with the company control functions so as to guarantee a unitary and integrated vision of the Internal Controls System and to ensure the correct interaction and integration between the Group's control functions.

In line with what is established by the Supervisory Provisions and by the internal regulation, the Head of the Risk Management Function (Chief Risk Officer) is appointed by the Board of Directors; in the appointment/revocation process, the opinion of the Risks and Transactions with Connected Persons Committee is also requested, which, in turn, obtains the opinion of the Appointments Committee.

During 2018, the role of Head of the Risk Management Function was covered by Mr Claudio Fanin who reports hierarchically and functionally to the Managing Director but has direct access to the Board of Directors and is not responsible for any operating area. He reports to the Board directly or by way of the Risks and Transactions with Connected Persons Committee, at least on an annual basis or at the next opportunity, in the case of particular significance, regarding the adequacy, effectiveness and efficiency of the risk management controls performed as part of the second level controls.

With reference to the risk management activities on companies controlled by the Parent Company centralised at the Parent Company and in particular for the supervised company Italfondiario S.p.A., it is noted that: the subsidiary Italfondiario S.p.A., as intermediary subject to the supervision of the Bank of Italy, has outsourced its risk management function to the Parent Company, based upon an intergroup service agreement prepared in conformity with the relevant regulations. In that context, a representative has also been identified for the function - in possession of the requirements of integrity, professionalism and independence required by the Supervisory Provisions – appointed by the Board of Directors of the subsidiary, at the indication of the Parent Company. The representative is positioned under the direct functional hierarchical management of the Board of Directors of the subsidiary, reports functionally to the Head of the Risk Management Function of the Parent Company and mainly has the duty of supporting the latter in the conduct of the activities under its remit, as regulated in the service agreement.

In relation to other companies controlled by the Parent Company and not supervised, for which there is no requirement to establish functions in charge of control, management and safeguarding of risks, the function ensures the necessary coverage of the main operational processes and respective inherent risks through their inclusion within the second level controls at consolidated level, defined according to an approach based upon the risk level, also with a view to ascertaining the compliance of the behaviours of the companies controlled by the Parent Company with the guidelines imparted by them and the specific regulations applicable to them.

For those subsidiary companies, the Head of the Group's Risk Management Function is attributed the duty to inform the company bodies of the individual Company of the results of the checks performed by virtue of exercising the management and coordination activities. The respective findings form part of the overall reporting on risk management activities performed at Group level, provided to the Board of Directors of the Parent Company.

During 2018 the Risk Management Function, under the supervision of its manager and coherently with the planning approved by the Board of Directors, performed interventions that involved both the Parent Company and its subsidiary companies, attributable mainly to the:

periodic review of the Risk Appetite Framework (RAF) and the risk governance policies, collaborating, insofar as responsible, with their implementation through periodic monitoring activity and verifying respect of the risk objectives, operating and monitoring limits as well as the risk indicators defined by the Board of Directors;
revision of the criteria for identifying transactions that, for particular risk profiles, are deemed worthy of particular attention and providing preventive opinions on their coherence with the RAF;
operational implementation of the internal capital adequacy assessment process (ICAAP) and the internal liquidity adequacy assessment process (ILAAP) of the Group and respective formalisation in a specific annual document (ICAAP/ILAAP Report) subject to authorisation of the respective competent bodies before transmission to the Supervisory Authority;
measurement, assessment of quantifiable and non-quantifiable risks, to which the Group is exposed, identification, development and maintenance of the methodologies aimed at promptly identifying any criticalities;
revision, in compliance with the requirements of the Supervisory Regulations, of the Recovery Plan, prior to the maximum period of two years scheduled in cases of normal operations, following the assumption of the status of a listed company by the Group, incorporating at the same time the evolutions referring both to organisational aspects and to the Strategic Plan;
definition of the drivers and parameters functional to determining the impairment for the individual types of financial assets, in compliance with the provisions of new accounting standard "IFRS 9 – Financial Instruments";

implementation of a multi-company market IT instrument, aimed at the management, in a single environment, of the risk process analysis and of activities connected also to the other control functions.
implementation of the methodology of the ICT risk assessment and monitoring process reviewed during 2017 in order to make it more adequate to the new organisational context with simultaneous definition of the new framework of the ICT risk management process for the whole Group;
contribution to the definition of the policy for accepting risks of the doBank Group and the risk assessment metrics;

During the year, the activities aimed at the methodological strengthening of the Function continued through the revision of the Regulation as well as the refinement of the monitoring processes of the exposure to the risks identified.

Internal Audit Function

In the context of the centralised organisation model adopted by the Group in relation to the Internal Controls System, the Internal Audit Function established at the Parent Company fulfils the role of internal audit function on behalf of both the Parent Company and the companies controlled by it, as defined by the regulatory provisions in force, and also ensures a constant, independent and objective assessment of the overall internal controls system, so that its respective purposes are guaranteed in the pursuit of improving the effectiveness and efficiency of the organisation.

In particular, the function is instructed to ensure, in the perspective of third level controls, also through verifications in situ, supervisory action over the due performance of the operations and the processes of the Parent Company and its subsidiaries with the aim of preventing or identifying the onset of anomalous and risky behaviours or situations. It also assesses the completeness, adequacy, functionality and reliability of the organisational structure and the other components of the internal controls system, the risk management process and the other company processes, bringing to the attention of the company bodies the results of the activity performed and the possible improvements, to the risk management process, to the measurement and control tools of the same and to the internal organisational measures in force.

The Function communicates directly the results of the assessments and checks. The link between the same and the Managing Director of the Parent Company is in any case guaranteed through adequate information flows and the managerial coordination committee of the Internal Controls System which has the duty of addressing, in a coordinated and structured manner, the issues relating to the correct functioning of the Internal Controls System and the remedial plans related to it as well as those connected to the management and monitoring of risks. The function also has direct access to the Board of Auditors and communicates with it without restrictions or intermediations.

In general, the function guarantees support to the senior bodies in promoting and disseminating an adequate and solid culture of controls within the Group.

From the organisational profile, the Internal Audit Function is permanent and independent and has the authority, resources and expertise required to perform the duties attributed to it.

The Internal Audit Function is in fact equipped with adequate personnel, by number and technicalprofessional skills, receiving continuous training programmes. In addition, it has economic resources that can be activated autonomously, including recourse to external consultancy.

The Internal Audit Function has free access to all activities - including those outsourced - to all company premises of the Group, both at central offices and at peripheral structures, to internal rules and procedures, to IT systems, to management data and that of any other nature, as well as freedom to perform interviews with personnel, both of the Parent Company and of its subsidiaries, except as otherwise established by law.

In line with the provisions of its mission and without compromising its independence the Internal Audit Function participates, where requested, with consultancy role, in company working groups on planning issues (e.g. new products, channels, systems, processes, etc.), also for the purpose of contributing to the correct design of the controls system. Finally, it deals with the adoption of initiatives aimed at facilitating the coordination and interchange of information with other company control functions to guarantee a unitary and integrated vision of the internal controls system.

11.1 DIRECTOR IN CHARGE OF THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

Without prejudice to the responsibility of the Board of Directors in relation to the establishment of company control functions and to defining the respective roles and responsibilities, on 19 April 2018 the Board of Directors, coherently with Principle 7.P.3. letter a) no. (i) of the Corporate Governance Code entrusted to the Managing Director, Mr Andrea Mangoni, the function of director assigned to supervise the functions of the internal control and risk management system, attributing to him the following main responsibilities:

dealing with identifying the main business risks, taking account of the characteristics of the activities performed by the Issuer and its subsidiaries, and submitting them periodically for examination by the Board of Directors;
implementing the strategic guidelines, the RAF and, in general, the risk governance policies defined by the Board of Directors, dealing with the planning, implementation and management of the Internal Control and Risk Management System and verifying constantly its adequacy and effectiveness;
adapting the Internal Controls System to the dynamics of the operating conditions and the legislative and regulatory panorama;
asking the Internal Audit Function to conduct checks on specific operating areas and on respect of the internal rules and procedures of business operations, giving simultaneous communication thereof to the Chairman of the Board of Directors, to the Chairman of the Risks and Transactions with Connected Persons Committee and to the Chairman of the Board of Auditors;
reporting promptly to the Board of Directors on issues and criticalities emerging in the conduct of his activities or of which he has in any case been informed, so that the Board of Directors may assume the appropriate initiatives.

In the conduct of his function, the Managing Director is supported by the Managerial Coordination Committee of the Internal Controls System, of which he is the Chairman, and in which the heads of the company control functions participate, as permanent members, and, in the capacity of invitees, the heads of the other business or support functions who are asked, from time to time, to discuss specific issues. Within that committee, issues are addressed, in a coordinated and structured manner, relating to the correct functioning of the Internal Controls System and to the remedial plans related thereto as well as those relating to risk management and monitoring.

Also through the participation in that committee and the analysis of the respective information flows, the Managing Director acquires the necessary information to:

guarantee the alignment of the organisation and the Internal Controls System with the principles and requirements provided by existing regulations;
verify continuously the effective management of the overall company risks and the adequacy, effectiveness and efficiency of the related controls;
make proposals aimed at supplementing the annual plans of the company control functions, also through the request for verification activity on specific operating or risk areas, consistently with Application Criterion 7.C.4. letter d) of the Corporate Governance Code, as well as to supervise during the year their effective implementation.

In implementation of his mandate, in line with Application Criterion 7.C.4 letters a), b), c), and e) of the Corporate Governance Code, the Managing Director thus:

ensures the effective management of risks in their various components, preparing adequate policies and procedures to be observed within the Bank, ascertaining that in the case of violations, the necessary corrective actions are made and outlining information flows aimed at guaranteeing to the competent Company Bodies full awareness of the risk management methods;
implements the necessary initiatives to guarantee continuously the completeness, adequacy, functionality and reliability of the internal controls system and informs the Board of Directors of the results of the checks made, preparing and implementing the necessary corrective or adjustment interventions in the case of deficiencies or anomalies as well as following changes to the legislative or regulatory context or the introduction of new relevant activities, services and processes;
guarantees to the Board of Directors effective and constant dialectic discussion, also using the collaboration of the company structures reporting to the same as the head of the internal structure, to allow them to verify over time the choices and decisions assumed by them in relation to the internal control and risk management system.

During 2018, as part of the meetings of the Coordination Committee of the Internal Controls System, the following main issues were analysed and discussed, based upon information flows circulated by the participating structures in advance:

main findings of the audit activities performed in 2017 and reported in the final annual reports of the company control functions
risk assessments based upon the preparation of the plans of activities of verification of the Group's internal controls system for 2018;
stage of progress of the auditing activities planned in 2018 and any modifications to be made to those plans, main criticalities emerging from those audits as well as from the quarterly monitoring activities of the action plans aimed at resolving the existing findings;
update on the planning initiatives aimed at increasing a) the level of integration of the system of controls, such as the implementation of a common IT platform to support the control processes, as well as b) the focus of Management on the main risk areas through the revision of the methodology of control functions in relation to tracking and monitoring action plans and respective reporting to the Bodies;

• assessment of the impacts of the reorganisation initiatives of the Group on the perimeter of activities of the control functions in both current and prospective key.

11. 2 HEAD OF THE INTERNAL AUDIT FUNCTION

In coherence with Principle 7.P.3. letter b) of the Corporate Governance Code, the Board of Directors resolves with exclusive responsibility in relation to the appointment and revocation of the Head of the Internal Audit Function, at the proposal of the Risks and Transactions with Connected Persons Committee, which, in turn, obtains the opinion of the Appointments Committee, and having heard the opinion of the Board of Auditors.

During 2018 the role of Head of the Internal Audit Function was covered by Mr Paolo Poncetta who reports hierarchically to the Board of Directors and is not responsible for any operating area, as provided also by Application Criterion 7.C.5. letter b) of the Corporate Governance Code. He reports to the Board of Directors directly or by way of the Risks and Transactions with Connected Persons Committee, at least on an annual basis or at the next opportunity, in cases of particular significance, on the adequacy, effectiveness and actual functioning of the Internal Controls System.

In line with Application Criterion 7.C.1, second part of the Corporate Governance Code, the Board of Directors also resolves, subject to the favourable opinion of the Risks and Transactions with Connected Persons Committee and having heard from the Board of Auditors, in relation to the remuneration of the Head of the Internal Audit Function based upon criteria and parameters separate from the performance of the Bank, coherently with the provisions of the company policies.

In order to fulfil his mandate to verify the operations and suitability of the Internal Control and Risk Management System, the Head of the Internal Audit Function performs the following activities:

defines and implements an annual and long-term audit plan based upon a risk assessment methodology that considers the evolutionary aspects of the business and the related development strategies of the Group, the emerging risk and the significant changes in the organisational structures and processes, the restrictions deriving from regulatory and contractual rules, the requests of Management and the Company Bodies (Application Criterion 7.C.5. letter a) of the Corporate Governance Code. The long-term plan is also updated on an annual basis in order to reflect promptly any significant evolutions in the risk profile of the Bank following modifications in the business, organisational or regulatory context. In order to guarantee that the plan is dynamic and to deal with, during the year, any unplanned intervention requests, the annual plan provides for the establishment of a suitable reserve of resources from those available. The audit plans are submitted for approval to the Board of Directors subject to the examination of the Risks and Transactions with Connected Persons Committee;
issues, in line with Application Criterion 7.C.5. letters d) and f) of the Corporate Governance Code, periodic informative reports to the Board of Directors, subject to examination of the Risks and Transactions with Connected Persons Committee, to the director in charge of the internal control and risk management system and to the Board of Auditors which provide summary assessments on the suitability of the internal control and risk management system and an update on the stage of progress and the results of the planned (half-yearly and annual) audit activities as well as on the implementation of the action plans defined by management (quarterly);
promptly informs the Board of Directors, the Risks and Transactions with Connected Persons Committee, the director in charge of the Internal Control and Risk Management System as well as the Board of Auditors, of the reports prepared at the outcome of the individual audit interventions

that contain aspects of particular significance for the purposes of assessing the overall Internal Controls and Risks Management System (Application Criterion 7.C.5. letter e) and f) of the Corporate Governance Code;

communicates appropriately and transparently with the supervisory authorities, with reference to the audit activities;
maintains qualified resources within the Internal Audit Function equipped with expertise, knowledge, capacity and experience necessary for the full implementation of its mission;
has direct and unlimited access to all information and documentation useful for the conduct of the individual assignments, in coherence with Application Criterion 7.C.5. letter c) of the Corporate Governance Code.

For the fulfilment of his duties, the Head of the Internal Audit Function has an adequate annual budget, subject to approval by the competent Company Bodies and able to cover, in particular, the main requirements linked to the use of technical consultancies on specific matters and the professional training requirements of the resources.

With reference to the audit activities on subsidiary companies centralised at the Parent Company and in particular for the supervised company Italfondiario S.p.A., coherently with what is regulated in the outsourcing contract prepared in conformity with the relevant regulations, the body with strategic supervision function of the company has appointed a representative, positioned under the direct hierarchical power of that body who reports functionally to the Group's Head of Internal Audit. That representative has the duty of supporting the manager of the function in implementing the audit plan approved by the Board of Directors of Italfondiario S.p.A., in the management of relationships with the company bodies as well as the prompt reporting of events or situations of particular relevance.

In relation to the other non-supervised subsidiary companies, there is no similar figure but the Head of the Internal Audit Function guarantees the necessary coverage of the main operating processes and the respective related risks through their inclusion within the Group audit plan. For those companies, the Group's Head of Internal Audit Function has the duty of informing the Company Bodies of the individual company controlled by the Parent Company of the results of the checks performed by virtue of exercising the management and coordination activities, by way of the overall reporting on the audit activities performed at Group level.

During 2018 the Internal Audit Function, under the supervision of its Manager and coherently with the planning approved by the Board of Directors, performed interventions involving both the Parent Company and its subsidiary companies attributable to three main areas of intervention connoted by logics of priority and peculiar risk profiles:

governance processes, relating to the definition of company strategies, management planning and control, risk management and controls, management of corporate bodies (i.e. remuneration policies, ICAAP/ILAAP process, framework of control of Manager in Charge, market abuse and management of privileged information, anti-money laundering processes, personal data protection);
business processes, which include the "core" activities of the Bank, with regard to both the management and recovery of performing credits (extrajudicial and judicial recovery activities and respective resolution processes, management of the limitation risk, due diligence and on-boarding activities of new portfolios);
support processes, aimed at the correct functioning of the company, through the management of projects, processes and procedures and the conduct of administrative activities and management

of business, financial, human, technological, tangible and intangible resources (i.e. purchases cycle, administrative-accounting processes connected to the management of human resources, supervisory reports, operational continuity management processes, change management of the information system, assessment of security vulnerabilities of support systems for business processes).

This latter area includes verification activities aimed at assessing the reliability of the information systems (Application Criterion 7.C.5. letter g) of the Corporate Governance Code). In implementing those activities, the Head of the Internal Audit Function, as well as the internal specialist resources, obtained support from personnel of a consultancy company, equipped with adequate requirements of professionalism, independence and organisation, to make up for the still incomplete availability of internal resources, with respect to the coverage requirements highlighted in the planning phase.

During 2018, the process of methodological strengthening of the Internal Audit Function continued through the revision of its Regulation, the launch of the project for the implementation of an ICT application able to support in an integrated and coordinated manner all phases of the audit process (i.e. risk assessment, planning of activities, implementation of interventions, reporting and monitoring of action plans), the consequent review of the methodology applied and its formalisation in the manuals of the function. That manual also consolidates and integrates coherently the impacts on the audit processes of the initiatives already undertaken during 2017 in relation to the adoption of a common matrix at Group level for assessing risks, the adoption of a policy for accepting risks coherent with the RAF as well as initiatives aimed at strengthening the monitoring process of the completion of remediation plans of the findings.

11.3 ORGANISATION MODEL pursuant to Italian Legislative Decree 231/2001

On 12 February 2018, the doBank Board of Directors approved the new Organisation and Management Model pursuant to Italian Legislative Decree 231/2001 of doBank, updated in order to guarantee the alignment to the changed corporate, operational and organisational structure of the Group, as well as to the evolved perimeter of crimes in accordance with the Decree. In that perspective, the following were revised:

the General Part, particularly in line with the provisions contained in the "Corporate Governance Project of the doBank Banking Group", in the "Management and Coordination Group Regulation" as well as in the "Regulation on the Integrated Internal Controls System of the doBank Banking Group";
the Protocols that constitute the Special Part: a specific Protocol has also been introduced, as new, to control administrative crimes and offences of Abuse of privileged information and Insider Dealing.
The attachment Predicate Crimes of Italian Legislative Decree 231/2001, which constitutes an integral part of the Model, has been updated in line with the changes occurring in that regard during the planning period.

The Group Code of Ethics, also an integral part of the model, has remained unchanged compared to the version approved by the doBank Board of Directors on 15 July 2016.

The Board of Directors, in coherence with what was resolved in 2017 on the occasion of the previous substantial revision of the 231 Model, entrusted to the Board of Auditors the role of Supervisory Body, appointing the Chairman of the Board of Auditors, Ms Chiara Molon, as Chairman of the Supervisory Body, and as members of the same the Statutory Auditors Mr Nicola Lorito and Mr Francesco Bonifacio, with the term of the assignment coinciding with that of the Board of Directors.

Predicate crimes of Italian Legislative Decree 231/2001

The annex to the Model, entitled "Predicate Crimes of Italian Legislative Decree 231/2001", an integral part of the Model itself, provides a description of the crimes and administrative offences whose commission determines, upon the occurrence of the presuppositions provided by Italian Legislative Decree 231/2001, the onset of corporate liability in accordance with and for the effects of the cited regulation.

The Model, as well as the Code of Ethics, is consultable on the doBank Internet Website, at the page: https://www.dobank.com/it/governance/modello-ex-dlgs-23101.

11.4 INDEPENDENT AUDITING COMPANY

The Shareholders' Meeting on 17 June 2016 granted to Ernst & Young S.p.A. the statutory auditing assignment of the financial statements and the consolidated financial statements of the Group as well as the accounts audit limited to the consolidated half-yearly report for each of the nine financial years closing from 31 December 2016 to 31 December 2024.

Ernst & Young S.p.A. was also granted, by way of separate formalised agreements, the auditing activities of the financial statements of some of the doBank subsidiary companies.

It is noted that, with the approval of the 2018 financial statements, the auditing assignment granted to Ernst & Young S.p.A. on the financial statements of the subsidiary Italfondiario S.p.A. ended. In that regard, in agreement with the Board of Auditors, a selection procedure has already been activated for other auditing companies.

11.5 MANAGER IN CHARGE OF PREPARING THE CORPORATE ACCOUNTING DOCUMENTS AND OTHER COMPANY ROLES AND FUNCTIONS

The renewal of the Board of Directors required to proceed, in the board meeting of 19 April 2018, also with the renewal of the Manager in charge of preparing the Company's accounting documents. With the favorable opinion of the Board of Statutory Auditors, the Board therefore confirmed in this role Mr. Mauro Goatin.The Manager in Charge is granted adequate powers and means to exercise the duties attributed by the regulation, while the Board of Directors is responsible for overseeing the fact that the Manager in Charge has those powers and means and that he respects the administrative and accounting procedures. The presence of an adequate structure reporting directly to the Manager in Charge is the principal element that characterises the availability of adequate means and powers provided by the regulation. To that end, the Manager in Charge uses the "262 Manager", as a specifically dedicated resource for the conduct of the control and management activity of the model of control of the Manager in Charge.

The Manager in Charge has the responsibility to certify:

o the adequacy and effective application of the administrative and accounting procedures during the financial year to which the documents refer;

o that the documents are drafted in compliance with the applicable international accounting standards recognised by the European Community in accordance with Regulation (EC) no. 1606/2002 of the European Parliament and of the Council, dated 19 July 2002;
o the correspondence of the documents with the results of the accounting books and records;
o the suitability of the documents to provide a true and correct representation of the capital, economic and financial situation of the issuer and the set of Companies included in the consolidation;
o for the financial statements and consolidated financial statements, that the management report includes a reliable analysis of the management performance and result, as well as the situation of the issuer and the consolidated companies, together with a description of the main risks and uncertainties to which they are exposed;
o for the abbreviated half-yearly financial statements, that the interim management report contains references to the important events of the first six months of the financial year and their incidence, together with a description of the main risks and uncertainties for the rest of the financial year.

The Manager in Charge participates at meetings of the Board of Directors of the Group Companies and/or of the Board of Auditors, where the agenda concerns matters under his remit.

The information flows between the Manager in Charge and the other company control functions are regulated in the "Regulation on the Integrated Internal Controls System of the doBank Banking Group". In addition, the Manager in Charge holds meetings and information exchanges with the Independent Auditing Company regarding the respective activities, with particular reference to any points of attention on internal controls.

The managers of the other company functions, having specific duties in relation to internal control and risk management, in conformity with Application Criterion 7.P.3, letter C of the Corporate Governance Code, have been indicated in the above paragraphs of this Report, within the specific sections dedicated to internal audit, risk management, compliance and anti-money laundering.

11.6 COORDINATION BETWEEN ENTITIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

In coherence with principle 7.P.3 of the Corporate Governance Code, the duties and responsibilities of the various control bodies and functions along with the information flows between the different functions/bodies and between these and the company bodies are defined in detail within the Regulation on the Integrated Internal Controls System of the doBank Banking Group approved by the doBank Board of Directors on 19 December 2018.

In order to guarantee a unitary and integrated vision of the Internal Controls System and to guarantee correct interaction and integration between the company control functions, a series of coordination and collaboration mechanisms are also defined, in coherence with Application Criterion 7.C.1, letter d), aimed at maximising the synergies and avoiding any potential area of overlapping or deficiency of control.

In particular, productive interaction between the company control functions is guaranteed through the pursuit of the following objectives:

sharing of methodologies and metrics with which the different functions perform their assessments;
elimination of methodological/organisational overlapping;
improvement of communication between the company control functions and the company bodies;
sharing of information and assessments made.

Those objectives are achieved through the following interaction mechanisms which are positioned within the more general framework of active and constant collaboration between the company control functions:

participation in the process of definition/update of the internal regulations on risks and controls;
exchange of information flows, documentary and of data, such as on the planning of control activities and the outcome of the same;
participation in Board Committees (Risks and Transactions with Connected Persons Committee) and Managerial Committees (Internal Controls System Coordination Committee);
organisation of periodic meetings between the company control functions
participation in joint working groups established on matters directly connected to the functioning of the Internal Controls System and the control functions (e.g. definition of a common risk assessment metric, definition of a Group policy for risk acceptance).

The improvement of the interaction between control functions and the constant update to the company bodies by the same, in relation to the activities performed, are aimed at contributing over time to company governance that guarantees sound and prudent management also through a more effective safeguarding of risk at all company levels.

12.0 INTERESTS OF DIRECTORS AND TRANSACTIONS WITH RELATED PARTIES

The Board of Directors, by decision made on 17 October 2018, approved the "Group Policy for Managing Transactions with Related Parties of doBank S.p.A., with Connected Persons of the doBank banking group and Transactions in Conflict of Interest" (hereafter: the "Policy"), entering into force on the same date, superseding the previous Procedure dated 14 July 2017.

The Policy was submitted preventively to the Board of Auditors and to the Risks and Transactions with Connected Persons Committee, which expressed a favourable opinion to its approval.

The Policy, in respect of the regulatory supervisory provisions and in conformity with the CONSOB Related Parties' Regulation, is aimed at defining, as part of the operations of the Bank and more generally the Group, the principles and rules to be observed for controlling the risk deriving from situations of possible conflict of interest determined by the vicinity of some entities to the decisionmaking centres of the Bank and the Group.

More generally, the Policy is structured as an organic compendium aimed at regulating unitarily the governance aspects as well as the areas of application and the procedural and organisational processes in relation to transactions with related parties (in accordance with the CONSOB Regulation), with connected persons (in accordance with Title V, Chapter 5 of Circular 263) and with company representatives (in accordance with Art. 136 of the Consolidated Banking Law).

In view of the affinities present in the CONSOB Related Parties' Regulation and in the Supervisory Provisions, doBank has determined a "Single Perimeter", which includes both the "CONSOB Related Parties" and the "Bank of Italy Connected Persons", to which the decision-making procedures provided in the Policy unitarily apply.

The Policy, in continuity with the previous internal regulatory architecture, now provides more systematic and harmonious regulation of the matter aimed at:

the identification, update and monitoring continuously of the perimeter of entities in conflict of interest (Single Perimeter);

the management of transactions with entities in conflict of interest, with reference, inter alia, to:
- identification of transactions, including cases of exemption and exclusion, considering that, in relation to the thresholds of relevance, the Policy identifies, distinguishes and regulates transactions of most significance, transactions of lesser significance and transactions of small amount;
- management of the decision-making process on transactions, differentiated based upon the different thresholds of significance identified by the Policy;
- reporting and transparency obligations towards the corporate bodies (Board of Directors, Board of Auditors, Risks and Transactions with Connected Persons Committee and Shareholders' Meeting), the Supervisory Authorities and the market.
the definition of the methods of conducting the activities for managing transactions concluded with entities in conflict of interest;
the identification of the operating and organisational structures involved in the process and their respective duties;
the establishment and tracking of information flows, both internal and external;
the establishment of monitoring and control activities of those operations, as well as the attribution of them to the competent Functions;
the provision of methods of updating those procedures.

The full text of the Policy, to which reference is made for any further detail, is available on the doBank Internet Website, at the page https://www.dobank.com/it/governance/parti-correlate-soggetticollegati.

Finally, it is noted that, in respect of the principle established by Art. 2391 of the Italian Civil Code (on the interests of Directors) Art. 136 of the Consolidated Banking Law applies to doBank, as a banking company, in accordance with which the bank representatives may not enter into obligations of any nature or complete acts of sale, directly or indirectly, with the bank that they administer, manage or control except subject to resolution by the management body made unanimously and with the favourable vote of all members of the audit body, without prejudice to the obligations provided by the Italian Civil Code, in relation to the interests of Directors.

To that end, the Directors and Auditors of the Bank have communicated, and periodically update, the list of entities - legal or natural persons - for which the finalisation of any relationships may constitute the case of obligation referable essentially to the banking representatives.

13.0 APPOINTMENT OF AUDITORS

Art. 23 of the Articles of Association establishes that the appointment of the Board of Auditors occurs by the Shareholders' Meeting based upon lists submitted by the legitimated parties, in which the candidates are listed in sequential order.

The listings are to be divided into two lists, indicating, respectively, up to 3 (three) candidates for the office of Statutory Auditor and up to 2 (two) candidates for the office of Alternate Auditor. If a list presents candidates to the role of Statutory Auditor and Alternate Auditor, at least the first candidate to the role of Statutory Auditor and at least the first candidate to the role of Alternate Auditor indicated in the respective sections must have been registered for at least three years in the register of statutory auditors and must have exercised the activity of statutory accounts auditing for a period of no less than 3 years. If a list presents a number of candidates equal to or greater than 3, each section for the appointment to Statutory Auditor and to Alternate Auditor must present a number of candidates belonging to the least represented gender that ensures, within that section, respect of the gender balance at least to the minimum extent required by the legislation, even regulatory, in force.

No candidate shall be included in more than one list, under penalty of disqualification from his/her candidacy.

Each entity legitimated to vote (as well as (i) the legitimated entities belonging to the same group, thereby meaning, the controlling entity, even non-corporate, in accordance with Art.2359 of the Italian Civil Code and every company controlled by or under the common control of the same entity or (ii) parties to the same shareholders' agreement pursuant to Article 122 of the Consolidated Finance Law, or (iii) legitimated entities that are otherwise connected between them by virtue of significant relationships of connection in accordance with the legislation and/or regulations in force and applicable) may present or contribute to presenting only one list, just as each candidate may appear in only one list under penalty of ineligibility.

In accordance with the Articles of Association, Shareholders that, at the time of submitting the list, are holders, alone or together with other submitting Shareholders, of shares with voting right representing at least 2.5%⁶ of the share capital having the right to vote in the ordinary Shareholders' Meeting may subject a list for the appointment of the Auditors.

Certification of the minimum share of investment may be produced even after the deposit provided that this is done by the deadline laid down for the publication of those lists.

The lists must, under penalty of forfeiture, be filed at the company's registered office, even by way of a distance communication technique and according to methods made known within the notice of convocation that allow for the identification of entities filing the list, by the twenty-fifth day before the date of the Shareholders' Meeting (or by the different deadline laid down from time to time by the applicable regulations) and they are made available to the public at the registered office, on the doBank Internet Website and by the other methods provided by existing regulations, at least twentyone days before the date of the Shareholders' Meeting (or by the different deadline laid down from time to time by the applicable regulations).

Together with the lists, and again by the deadline indicated above, the legitimated entities that have submitted them must also file the additional documentation and declaration required by the legislation, even regulatory, in force each time. Lists that do not comply with the requirements outlined above shall be deemed not to have been submitted.

Each person with voting rights may vote for one list only.

The election of the members of the Board of Auditors occurs as follows:

(i) 2 (two) Statutory Auditors and 1 (one) Alternate Auditor are taken from the list that obtained the highest number of valid votes, in the sequential order in which they are listed on that list;
(ii) the remaining Statutory Auditor and the remaining Alternate Auditor are taken from the list that obtained the highest number of votes after that indicated in point (i) above, with the first candidates of the respective sections being elected, respectively, Statutory Auditor and Alternate Auditor.

The Statutory Auditor taken from the list that obtained the highest number of votes after than indicated in point (i) above is assigned the Chairmanship of the Board.

If, in the terms and methods indicated above, only one list is submitted, or if no list is submitted, or even if a number of candidates equal to that to be elected is not present in the lists, the Shareholders'

⁶ It is noted that by CONSOB Resolution no. 20273, dated 24 January 2018, the limit relating to the share of investment for the Shareholders' Meeting of 19 April 2018 was fixed at 1%.

Meeting resolves for the appointment or supplementation by relative majority. In the event of a tied vote among several candidates, a ballot shall be held between such candidates, by means of another vote at the Shareholders' Meeting. In any event, the Shareholders' Meeting is required to ensure the gender balance as envisaged by the legal and regulatory provisions in force.

In the case of death, resignation or forfeiture or absence for any other reason of a Statutory Auditor, s/he is replaced by the Alternate Auditor belonging to the same list on which the outgoing Auditor was listed according to the sequential listing order, in respect of the minimum number of members registered in the register of statutory auditors who have exercised statutory accounts auditing activity and the principle of gender balance. If this is not possible, the outgoing Auditor shall be replaced by the Alternate Auditor who has the characteristics indicated and drawn progressively from the minority lists which received the highest number of votes, in accordance with the progressive order of the list. If the Auditors were not appointed in accordance with the list voting system, the Alternate Auditor envisaged by the provisions of law shall take his/her place. The replacing Alternate Auditor shall also hold the office of Chairman in any circumstance that envisages replacing the Chairman of the Board of Statutory. The Shareholders' Meeting envisaged under Article 2401, paragraph 1 of the Italian Civil Code shall appoint or replace the Auditors, in accordance with the principle of the necessary representation of minorities and gender balance. If the Alternate Auditor who replaces the Statutory Auditor is not confirmed in office by such Shareholders' Meeting, the Alternate Auditor shall return to his/her role of Alternate Auditor.

14.0 COMPOSITION AND FUNCTIONING OF THE BOARD OF AUDITORS (pursuant to Art. 123(2), paragraph 2, letters d) and d(2)) of the Consolidated Finance Law)

The already cited Art. 23 of the Articles of Association requires at least 2 Statutory Auditors and 1 Alternate Auditor to have been registered for at least three years on the register of statutory auditors and to have exercised statutory accounts auditing activity for a period of no less than three years.

All Auditors must be in possession of the requirements of eligibility, integrity and professionalism provided by law and by the other applicable provisions and, for the purposes of Art. 1, paragraph 2, letters b) and c) of the Decree of the Ministry of Justice 30 March 2000, no. 162, which establishes the requirements of professionalism and integrity.

Auditors may hold administration and control positions in other companies subject to the limits established by the provisions, also regulatory provisions, in force.

In addition, in conformity with the recommendations indicated in Application Criterion 8.C.1 of the Corporate Governance Code, the doBank Auditors must be in possession of the independence requirements provided by Art. 3 of that code as well as the requirements indicated in Art. 148, paragraph 3 of the Consolidated Finance Law.

With reference to Application Criterion 8.C.5 of the Corporate Governance Code, it is noted that, the "Group Policy for Managing Transactions with Related Parties of doBank S.p.A., with Connected Persons of the doBank banking group and Transactions in Conflict of Interest" provides, in addition to the management of any transactions for the company representatives, that, where the members of the Board of Auditors have an interest in the transaction, on their own behalf or that of third parties, they inform the other Auditors, specifying the nature, terms, origin and scope of the interest.

In addition, in the conduct of its duties and activity, the Board of Auditors constantly liaises - through periodic and reciprocal involvements as well as prompt information exchanges - with both the Risks and Transactions with Connected Persons Committee, and with the Internal Audit Function. That activity was completed through the constant participation of the Chairman of the Board of Auditors, or another Auditor instructed for this purpose, at meetings of the cited committee (as, moreover, already highlighted in Chapter 10 above) and the manager of the Internal Audit Function at periodic meetings of the Board of Auditors (Application Criterion 8.C.7 of the Corporate Governance Code). The doBank Auditors currently in office were appointed by the Shareholders' Meeting on 19 April 2018 and the composition of the Board is the following.

Chiara Molon Chairman
Francesco Mariano Bonifacio Statutory Auditor
Nicola Lorito Statutory Auditor
Sonia Peron Alternate Auditor
Roberta Senni Alternate Auditor

In that regard, it is emphasised that that renewal was the first, after the admission of the doBank shares to the MTA, and that, for the first time, the appointment was made based upon the list vote mechanism, as regulated by the Articles of Association and described in Section 13.0 of this Report. The Company has therefore complied for the first time with the provisions on gender balance in the composition of the audit body (in accordance with Art. 148 of the Consolidated Finance Law and in conformity with the provisions of Italian Law no. 120 dated 12 July 2011).

As a consequence, for the Auditors in office, the mandate will expire at the date of the Shareholders' Meeting convened to approve the financial statements of the 2020 Financial Year. All Auditors have declared to possess the requirements of independence required by the existing rules. In relation to the requirements of independence of the members of the Board of Auditors, the preliminary investigation implemented by the Board of Directors in the meeting on 10 May 2018 identified the existence of the requirements of independence, in conformity with the provisions of the Consolidated Finance Law and, in particular, with the provisions laid down by the combined rules of Articles 147(3) paragraph 4 and 148 paragraph 3 of the Consolidated Finance Law and in accordance with the Corporate Governance Code, for all members of the Board of Auditors. The outcome of the assessments was communicated to the market by publishing a specific Announcement on 10 May 2018 (Application Criterion 8.C.1 of the Corporate Governance Code).

During 2018, the Board of Auditors held 28⁷ meetings, with average duration of roughly 3 hours each. With reference to the percentage of attendance of each Auditor at the meetings, see Table 3 at the foot of this Report.

Table 3 also indicates the relevant information in relation to each member of the Board of Auditors in office, at the approval date of this Report.

For the 2019 financial year, 24 meetings are planned, 6 of which have already been held at the date of this Report.

14.1 Diversity policies

doBank has regulated diversity criteria and policies for the composition of the Corporate Bodies, and the Board of Directors, in the report prepared in accordance with Art. 125(3) of the Consolidated Finance Law for the renewal of the audit body on the occasion of the Shareholders' Meeting last 19

⁷ Including the 6 meetings held by the previous Board of Auditors, which expired with the approval of the financial statements at 31 December 2017.

April 2018, has also taken account of the policies on diversity, provided in the "Policy on the Composition of the Corporate Bodies", approved on 9 November 2017, as well as the applicable rules in that regard and, in particular, those relating to gender and the training path. In that regard, it is noted that the Board of Directors has favoured the existence of those characteristics, irrespective of the age of the individuals. The policies on gender diversity, as indicated above, were applied for the first time with the renewal of the roles by the Shareholders' Meeting on 19 April 2018 and, in that sense, the Board of Auditors sees the presence of 2 members of the least represented gender, one in the role of Chairman of the Board of Auditors, and one as Alternate Auditor (both an expression, in addition, of the list submitted by the minority Shareholder).

14.2 Self-Assessment

Even the Board of Auditors of the Issuer has conducted the self-assessment process for the 2018 financial year, based upon the "Self-Assessment Programme" approved on 17 October 2018. At the end of the process, the "Report on the Outcome of the Self-Assessment of the Board of Auditors" was prepared, which revealed the following:

a) The functioning of the control body is, essentially, correct and effective; its composition, in qualitative terms, is adequate to the role that that Body is asked to play; the Auditors, despite having additional professional duties to those resulting from the assignment covered at doBank, guarantee their constant availability, in terms of both time and physical presence, to cover the demanding activities of the Bank and the Group.
b) The Board, in demonstration of the full awareness of the role covered and the connected responsibilities, is strongly engaged in performing the activities and functions deferred to it, also through the active participation of the individual Members, strengthening at the same time the relationships of trust and collaboration between the individual Members and, more generally, between the Board itself and the Strategic Supervision and Management Functions.

In relation to the profiles susceptible to improvement, the Board is hoping to strengthen the technical means and personnel available.

15.0 RELATIONSHIPS WITH SHAREHOLDERS

The establishment and maintenance of a constant and productive dialogue with the shareholders, institutional investors and other specific stakeholders is considered by doBank to be a duty towards the market.

That dialogue, according to the rules and procedures that regulate the disclosure of privileged information, is aimed at adopting the best applicable professional practices and is based upon principles of transparency, promptness and completeness of information.

Also with the aim of ensuring broad and simple dissemination of the same among the public, doBank publishes relevant information of strategic, financial and corporate governance nature, price sensitive press releases, the main metrics on the performance of the shares on the Stock Exchange, and the appointments scheduled by the Company's financial calendar in the "Investor Relations" section of the doBank Internet Website; that information also facilitates the participation of the shareholders in the shareholders' meeting, facilitating the exercise of their rights.

The Company, in conformity with Application Criterion 9.C.1 of the Corporate Governance Code, has chosen to establish a business structure dedicated to managing relationships with shareholders, within the IR, M&A and Finance function entrusted to Ms Manuela Franchi, Chief Financial Officer. The structure is positioned within the Administration, Finance and Control department and can be contacted via the following channels:

e-mail: [email protected] telephone: +39 06 47979154

16.0 SHAREHOLDERS' MEETINGS (pursuant to Art. 123(2), paragraph 2, letter c) of the Consolidated Finance Law)

In accordance with the law, the Shareholders' Meeting is ordinary and extraordinary and meets, usually, in the town in which the Company is based, unless otherwise decided by the Board of Directors, provided that it is in Italy or in another country in which the Company performs its activity (also by way of its subsidiaries).

In conformity with existing provisions of law and regulations, the Articles of Association of the Company provide that the ordinary Shareholders' Meeting is convened at least once a year, within 120 days from the year-end, to resolve upon the matters attributed by law and by the Articles of Association to its remit.

The Shareholders' Meeting, both ordinary and extraordinary, is convened within the terms of law and regulations by way of notice published on the Company's internet website at the page https://www.dobank.com/it/governance/assemblea-azionisti, as well as by the other methods provided by the legislation in force, including regulatory.

The Shareholders' Meeting is held at single convocation. The Board of Directors may decide that the Shareholders' Meeting may be held on multiple convocations. The majorities required by law shall apply.

In order for the constitution of the Shareholders' Meeting, both ordinary and extraordinary, and its respective resolutions to be valid, the provisions of law and the articles of association are observed; the majorities provided by existing regulations are applied.

The Company's Articles of Association, moreover, envisage qualified quorums for the approval of the remuneration policies, where the Board of Directors proposes (in respect of the conditions and limits laid down by the regulatory provisions applicable each time) to raise the limit to the incidence of variable remuneration on fixed remuneration up to a maximum of 2:1.

In that case, therefore, for the constitution of the Shareholders' Meeting and the resolutions made by it to be valid, the following quorums are observed:

the Shareholders' Meeting is constituted with at least half of the share capital and the resolution is passed with the favourable vote of at least 2/3 of the share capital represented at the Meeting;
the resolution is passed with the favourable vote of at least 3/4 of the share capital represented at the Meeting, regardless of the amount of share capital constituted at the Meeting.

In accordance with the Articles of Association, and in line with existing provisions on remuneration and incentive policies and practices issued by CONSOB and, for banks and banking groups, by the Bank of Italy, the ordinary Shareholders' Meeting, as well as establishing the fees due to the bodies appointed by the same, approves: (i) the remuneration and incentive policies in favour of the bodies with strategic supervision, management and control and the remaining personnel; (ii) the remuneration plans based upon financial instruments; (iii) the criteria for determining the fee to be granted in the case of early termination of the employment relationship or early cessation from the role, therein including the limits fixed to that fee in terms of annual payments of fixed remuneration and the maximum amount deriving from their application.

The agenda is established by those exercising the power of convocation in the accordance with the law and the articles of association.

The right to add to the agenda may be exercised, in conformity with existing regulatory provisions, by as many shareholders as, even jointly, represent at least 2.5% of the share capital: in that case, they also prepare a report that sets out the motivation of the resolution proposals on new matters that they propose be discussed. The Shareholders may also submit further resolution proposals on matters already on the agenda, indicating the respective motivations.

By the deadline for publishing the notice of convocation, or in the different term provided by law, the Board of Directors guarantees the provision to the public of a report on each item on the agenda.

16.1 Legitimacy, attendance and voting methods

In accordance with the Articles of Association and in respect of existing regulations, the holders of shares having voting right may attend at the Shareholders' Meeting, provided that their legitimacy is certified according to the methods and terms provided by the legislation, including regulatory, in force each time.

The legitimacy to attend at the Shareholders' Meeting and to exercise the right to vote is certified by a communication to the Company, made by the intermediary in favour of the entity holding the right to vote, based upon the respective evidence at the end of the accounting day of the seventh open trading day prior to the date fixed for the Shareholders' Meeting at first convocation.

Art. 9 of the Articles of Association reserves to the Chairman of the Shareholders' Meeting the right to ascertain, in general, the legitimacy to attend at the Shareholders' Meeting, as well as to resolve any disputes.

The Articles of Association do not provide the right for the Shareholders to attend at the Shareholders' Meeting by means of telecommunication, or to exercise the voting right electronically.

The Articles of Association also provide that the Shareholder holding the right to attend at the Shareholders' Meeting may be represented by written proxy by another person, even a nonshareholder, provided that this is in respect of the provisions of law. The voting delegation may also be granted by electronic document signed digitally in accordance with the provisions of existing regulations and notified to the Company by specific e-mail address by the methods indicated in the notice of convocation, or by other methods chosen from those provided by the legislation, including regulatory, in force and indicated in the notice of convocation.

As already highlighted in several points of this Report, the Shareholders' Meeting convened on April 19, 2018 was the first after the listing of the Company's shares on the MTA and, with reference to the Application Criterion 9.C.2 of the Corporate Governance Code, it is pointed out that the Directors took part in the meeting mentioned above. On that occasion, the Board of Directors reported on the activities carried out and planned; the Board also made every effort to ensure that the shareholders received adequate information about the elements necessary to make their own decisions, with full knowledge of the facts.

16.2 Conduct of Shareholders' Meeting works

By resolution made on 10 April 2017, the Shareholders' Meeting of doBank, approved its Regulation. The respective document is available to the shareholders and the public indistinctly on the doBank Internet Website, in the Governance section, as well as, for those who are legitimated to attend and exercise the voting right, at the registered office of the Company and in the locations in which the Shareholders' meetings are held each time.

Art. 16 of the Shareholders' Meeting Regulation grants to those entitled to participate based upon the law and the Articles of Association (the "Legitimate Attendees" being shareholders or their delegates, Directors, Auditors or the meeting Secretary) the right to attend at the Shareholders' Meeting and to take the floor on each of the items up for discussion.

Those intending to exercise that right must make a request to the Chairman (by show of hand or by submitting a written request, if ordered in that sense by the Chairman) not before the item on the agenda to which the intervention request refers has been read aloud.

Art. 10 of the Articles of Association also provides that the Chairman is assisted by a Secretary, appointed by majority among the attendees. As well as in the cases provided by law, when the Chairman deems it opportune, a notary may be asked to act as Secretary, appointed by the Chairman himself.

16.3 Significant changes in the capitalisation and in the composition of the ownership structure

The share capital of doBank has not undergone changes during the Financial Year and, at the date of 31 December 2018, amounts to Euro 41,280,000.00 split into no. 80,000,000 shares - indivisible and registered - not having nominal value.

The capitalisation of the Company is affected by fluctuations of the market values and, considering the value of the Company shares in the 2018 Financial Year, the dynamics indicated below can be identified:

DATE	SHARE VALUE	CAPITALISATION
Opening value 1 January 2018	€13.55	€1,084,000,000.00
Closing value
31 December 2018	€9.245	€739,600,000.00

For the purposes of a more complete analysis of the performance of the doBank stock, we note the payment of a dividend of €0.394 per share, following the shareholders' meeting resolution dated 19 April 2018.

In relation to the composition of the ownership structure, there are no significant changes compared to the end of the 2018 financial year. More in detail, at the approval date of this report, Avio holds no. 40,080,000 shares, amounting to 50.1% of the share capital of doBank, an amount unchanged with respect to the completion of the Listing process. From the various shareholders, Jupiter Asset Management Limited is the only Shareholder that has exceeded the relevant threshold of 5%. In that regard, it is noted that Jupiter Asset Management Limited, by note dated 19 July 2017, communicated to the Company that it holds shares representing 5.12% of the Company only then to communicate, the next 20 October 2017, that it had increased its share up to 7.71%.

At the approval date of this Report, no amendments to the Articles of Association were proposed to the Shareholders' Meeting in relation to the percentages established for exercising the shares and the prerogatives implemented to protect the minorities.

17.0 ADDITIONAL CORPORATE GOVERNANCE PRACTICES (pursuant to Art. 123(2), paragraph 2, letter a) of the Consolidated Finance Law)

Reporting systems of illegitimate behaviours (whistleblowing)

Following the 11th update of Circular 285/2013 of the Bank of Italy which defined specific requirements in relation to "Reporting of illegitimate behaviours (Whistleblowing)", with the aim of introducing, within banks, fully-fledged internal systems dedicated to gathering reports by personnel, of actions and circumstances that may constitute a breach of the rules regulating banking activity, doBank implemented a system dedicated to gathering reports from personnel, of actions and circumstances that may constitute a breach of the rules regulating banking activity.

A specific process regulation was therefore passed, which involves among the communication channels, in addition to paper transmission, also an IT platform, with access from the bank's website reserved only to employees and collaborators authorised by doBank, guaranteeing anonymity in the initial phases.

The Board of Directors has resolved to identify as the Chief Compliance Officer the Manager of reports of illegitimate behaviours.

Data Protection Officer

The GDPR introduced the figure of the Data Protection Officer (DPO), envisaging in some cases the obligation for Data Controllers and Data Processors to appoint such a figure (where not mandatory, the appointment of the DPO is in any case encouraged by the Authorities).

The DPO provides support, control, consulting, training and information on the application of the GDPR and national legislation on personal data processing, cooperates with the Authority and is the point of contact, even with respect to the data subjects, for any issues related to the processing of personal data.⁸

Following an analysis of the legislation and clarifying documents issued at a European and national level for the purpose of choosing the designation of the DPO, the doBank Group considered that there was an obligation to appoint a DPO, as it falls among those parties that, according to the interpretation of WP29 and the Privacy Authority, carry out "processing that by its nature, scope and/or purpose requires regular and systematic monitoring of those affected on a large scale", and deemed it appropriate to appoint a single Group DPO. On 8 March 2018, the Board of Directors appointed the

⁸ As clarified by the "Guidelines on Data Protection Officers" in WP29 of 13 December 2016 (amended 5 April 2017), the DPO is not personally liable in the event of non-compliance with the GDPR. In fact the data controller or the data processor are responsible for guaranteeing and being able to demonstrate that the processing operations comply with the provisions of the regulation.

Data Protection Officer, granting the assignment, for two years, to the current Chief Compliance Officer.

The main tasks of the DPO are:

to inform and provide advice to the Data Controller/Internal Data Processor as well as to employees who carry out processing regarding the obligations envisaged by the relevant legislation.
to oversee compliance with the requirements of the European Regulation and other regulations on Personal Data Protection as well as this Policy and the internal rules on the personal data processing, including the attribution of responsibilities, awareness and training of personnel participating in the processing and related monitoring activities.
to provide an opinion on the scope of the impact assessment on Personal Data protection (where applicable) and to monitor its performance.
to cooperate and act as a contact for the supervisory authority for matters related to personal data processing;
to act as a contact for data subjects in all matters concerning the processing of their personal data and the exercise of their rights.

The Data Protection Officer reports directly to the Data Controller represented by the Board of Directors and to the Controller's delegate, usually identified as the Company's Managing Director. In addition, he represents the contact point for the Privacy Authority to which his name is communicated in line with a specific online process.

Non-financial companies

doBank, in the capacity of Issuer, falling within Entities of public interest, submitted during the financial year its first consolidated declaration in relation to non-financial reporting, in conformity with the provisions dictated in that regard by Italian Legislative Decree 254/2016 and in concomitance with the reporting obligations linked to the Financial Statements at 31 December 2017.

18.0 CHANGES SINCE RELEVANT YEAR-END

As highlighted in point 1.0 "Issuer's Profile", the reorganisation process implemented by doBank saw some effects in the period between the financial years 2018 and 2019. More specifically, the demerger performed by Italfondiario in favour of doBank and the deed of contribution by doBank to Italfondiario, see the effects commencing from 1 January 2019.

Similarly, the "debanking" process begun by doBank during 2018, and aimed at allowing for the further strengthening of the Servicing Activity (which represents the Company's core business, and the consolidation of the position of the Company and the Group on the market of reference) saw the extraordinary Shareholders' Meeting on 5 March 2019 approve the proposal of the Board of Directors and, consequently, modify the Company's corporate purpose with the aim of pursuing the strategic objectives illustrated above and, in particular, the desired consolidation of the status of servicer pursuant to Art. 115 of TULPS. Consequently, the new Articles of Association of doBank see the removal of any reference to the notion of bank, banking group, exercise of banking activity and, more generally, to the regulations applicable to banks themselves. It is noted that with the implementation of that project, moreover in anticipation of the aforementioned authorisations from the Bank of Italy,

doBank intended to achieve greater streamlining and efficiency for the Group as the project aims to render its corporate structure coherent with the core business of the management and recovery of nonperforming loans.

As part of its Governance, finally, last 25 January 2019 the non-independent and non-executive Director Marella Idi Maria Villa was co-opted, in turn confirmed in the assignment by the ordinary Shareholders' Meeting on 5 March 2019.

19.0 CONSIDERATIONS ON THE LETTER DATED 21 December 2018 OF THE CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE

During the board meeting on 25 January 2019, the Chairman delivered and illustrated to the Directors, also in the capacity of members of the Board Committees, as well as to the Board of Auditors, the letter dated 23 December 2018 in which the Chairman of the Corporate Governance Committee (hereafter: the "Committee") illustrated an overview on the level of application of the main recommendations of the Code, identifying, in general (the letter is forwarded to all listed Companies), some marginal improvements compared to previous years, although for some areas the level of application of the recommendations remains low and the quality of information provided by the Issuers, with the annual Corporate Governance Report, is unsatisfactory. In light of the findings of the 2018 report, the Committee therefore identified 4 areas of improvement and made one recommendation for each of the same, cited below:

1) Pre-board reporting: the Committee invites the Boards of Directors to express an explicit assessment on the adequacy of the pre-board reporting received during the financial year. In particular, the Chairmen of the Boards of Directors are invited to promote that assessment activity and to ensure that the requirements of confidentiality are protected without compromising the adequacy and promptness of information flows preceding the board meetings.
2) Full application of criteria of independence of the Code: the Committee invites the management bodies to apply with greater rigour the criteria of independence defined by the Code and the Control Bodies to supervise the correct application of those criteria: the Committee emphasises that the cases in which they have not been applied should represent an exception and, above all, be subject to an in-depth individual assessment, with reference to the situations in which the individual director is found, and an exhaustive explanation in the Corporate Governance Report.
3) Board review activity: the Committee invites the Board of Directors to guarantee greater transparency with regard to the methods of conducting the board review. The Committee hopes, particularly for Issuers of larger dimensions, that a board member will supervise the board review process and that methods will be adopted which value the contribution of each director.
4) Remuneration of executive directors: the Committee invites the Boards of Directors and remuneration Committees to assess the adequacy of the remuneration policies with the pursuit of the objective of sustainability of the business activities in the medium to long-term. In particular, the Committee recommends, particularly to the competent Bodies of medium to large Issuers, to strengthen the link of variable remuneration to parameters linked to long-

term objectives and to limit to individual exceptional cases, subject to adequate explanation, the possibility of paying sums not linked to pre-determined parameters (i.e. "ad hoc" bonuses).

The Board of Directors, at the cited meeting on 25 January 2019, therefore assessed the recommendations received from the Committee with respect to the Governance model adopted and deemed that doBank is substantially already "compliant" with the recommendations received. In addition, with specific reference to the first Recommendation, the Board of Directors has assessed that the pre-board reporting, received each time, is adequate and prompt. That consideration also emerged in the recent Board Self-Assessment process, recognising the proactive role played by the Chairman from the moment of convocation of the meetings.

TABLE 1: INFORMATION ON OWNERSHIP STRUCTURE

	doBank S.p.A. - Share Capital Structure
	No. Shares	% of S.C.	Listed/Not Listed	Rights and obligations
Ordinary Shares	80,000,000	100	100
Multiple voting shares	//	//	//	//
Shares with limited voting right	//	//	//	//
Shares without voting right	//	//	//	//
Other	//	//	//	//
	doBank S.p.A. - Capital
	No. Shares		% of S.C.
Outstanding Shares	78,445,647		98.06
Treasury Shares	1,554,353		1.94
	doBank S.p.A. - Other Financial Instruments
	Listed	No. outstanding instruments	Category of shares in service of conversion	No. shares in service of conversion
Convertible bonds	//	//	//	//
Warrants	//	//	//	//
	doBank S.p.A. - Significant Investments in share capital
Affiant	Direct Shareholder		% of Ordinary Capital	% Share of Voting capital
SoftBank Group Corporation	50.10	51.09

Jupiter Asset Management Limited - London - England	–Various funds under mgmt	7.71	7.86
	Others	40.25	41.05
	doBank Treasury Shares	1.94	--

	d o f Bo D ire to ar c rs											l Co tro n d ks R is an Co i t te m m e		Re m un Co i t te m m e		Ap in tm ts p o en Co i t te m m e		An y Ex ive t ec u Co i t te m m e
Ro le	be M em rs	Ye ar f o h B ir t	irs F t t. ap p da * te	In f f ice o fro m	In f f ice o l i t un	is L t **	Ex ec	No n ex ec	de In p. Co de	de In p C F L	No he t o r les ro *	( *)	( *)	( ** )	( *)	( ** )	( *)	( ** )	( *)	( ** )
Cha irm an	ni Cas Gio van tell ta ane	194 2	30/ 10/ 201 5	19/ 04/ 201 8	al o f App rov fina ncia l st. at 31/ 12/ 202 0	M	NO	YES	NO	YES	0	20/ 20	----	----	----	----	5/5	M ( b)	----	----
ing Ma nag Dire cto r ◊ •	And rea ni Ma ngo	196 3	02/ 03/ 201 6	19/ 04/ 201 8	al o f App rov fina ncia l st. at 31/ 12/ 202 0	M	YES	NO	NO	NO	1	19/ 20	----	----	----	----	----	----	----	----
Dire cto r	ela Rin Em Da anu	196 7	19/ 04/ 201 8	19/ 04/ 201 8	al o f App rov fina ncia l st. at 31/ 12/ 202 0	M	NO	YES	NO	NO	0	12/ 13 (b )	----	----	----	----	----	----	----	----
Dire cto r	Gio ni B atti sta Dag van nin o	196 6	19/ 04/ 201 8	19/ 04/ 201 8	al o f App rov fina ncia l st. at 31/ 12/ 202 0	M	NO	YES	YES	YES	0	13/ 13 (b )	10/ 10	C (b )	----	----	5/5	M ( b)	----	----
Dire cto r	Fra nce sco Col nti asa	197 5	30/ 10/ 201 5	19/ 04/ 201 8	al o f App rov fina ncia l st. at 31/ 12/ 202 0	M	NO	YES	NO	NO	1	17/ 20	----	----	5/5	M	2/4	M ( a)	----	----
Dire cto r	zio Gug Nun lielm ino	194 6	30/ 10/ 201 5	19/ 04/ 201 8	al o f App rov fina ncia l st. at 31/ 12/ 202 0	M	NO	YES	YES	YES	0	19/ 20	14/ 16	M	5/5	C	----	----	----	----
Dire cto r	Gio ni L o Sto van rto	197 0	30/ 10/ 201 5	19/ 04/ 201 8	al o f App rov fina ncia l st. at 31/ 12/ 202 0	M	NO	YES	YES	YES	1	18/ 20	5/6	M ( a)	4/5	M	9/9	C (b )	----	----
Dire cto r	Giu ieri Ran sep pe	197 4	15/ 07/ 201 6	19/ 04/ 201 8	al o f App rov fina ncia l st. at 31/ 12/ 202 0	M	NO	YES	NO	NO	0	18/ 20	6/6	M ( a)	----	----	----	----	----	----
Dire cto r	Ma rell a Id i M aria Vill a	197 7	25/ 01/ 201 9	25/ 01/ 201 9	al o f App rov fina ncia l st. at 31/ 12/ 202 0	M	NO	YES	NO	NO	0	0/0
	---	--- --- ---	--- --- --- ---	--D I --- ---	R E C T O R S	C E A S	I N G O	F F I C E	D U R I N G	R E L E V A	N T F I N A	N C I A	L Y E A R-	--- ---	--- --- ---	--- --- ---	--- --- -
Dire cto r	Fab io B alb ino t	197 3	30/ 10/ 201 5	30/ 10/ 201 5	App f fina al o rov ncia l st.	----	NO	YES	NO	NO	/ /	5/7 (a )

TABLE 2: STRUCTURE OF BOARD OF DIRECTORS AND COMMITTEES

2 0 y ea r:							Pe Co i 1 6 t te rso ns m m e:					i Co 9 t te m m e				/
d o f ' m he l d du lev No Bo D ire ing ing to t t ar c rs ee s r re an						ks d R is Tr io t a n an sa c ns h d i Co t te w nn ec				Re m Co m m	io t un er a n in Ap tm ts p o en i t te e;				ive i Ex Co t t te ec u m m e: N A
Dire cto r	la Bru Pao no	196 7	19/ 04/ 201 8	19/ 04/ 201 8	d on Res igne 17/ 10/ 201 8	M	NO	YES	NO	NO	/ /	8/9 (c )	5/7	M ( c)
Dire cto r	Cha rles ber Ro t Spe tka	196 2	30/ 10/ 201 5	30/ 10/ 201 5	f fina al o App rov l st. ncia at 31/ 12/ 201 7	----	NO	YES	NO	NO	/ /	1/7 (a )
Dire cto r	Edo vige Ca titt i	194 7	25/ 05/ 201 6	25/ 05/ 201 6	al o f App rov fina l st. ncia at 31/ 12/ 201 7	----	NO	YES	YES	YES	/ /	7/7 (a )	6/6	C (a )		4/4	M ( a)
					at 31/ 12/ 201 7

The quorum required for submission of lists by the minorities for the election of one or more members (pursuant to Art. 147(3) Consolidated Finance Law) is 1% (CONSOB resolution no. 20273 dated 24 January 2018)

NOTES

The symbols indicated below must be inserted in the column "Role":

• This symbol indicates the director in charge of the internal control and risk management system.

◊ This symbol indicates the main person responsible for managing the issuer (Managing Director or CEO).

○ This symbol indicates the Lead Independent Director (LID).

* First appointment date of each director means the date on which the director was appointed for the first time (absolutely) in the Issuer's BoD.

** This column indicates the list from which each director was taken ("M": majority list - expression of the Shareholder Avio S. à r.l; "m": minority list - expression of a group of minority Shareholders; "BoD": list submitted by the BoD).

*** This column indicates the number of assignments of director or auditor covered by the interested party in other companies listed on regulated markets, even foreign, in financial, banking or insurance companies or those of significant dimensions. The assignments are indicated in full in the Corporate Governance Report.

(*). This column indicates the attendance of the directors at meetings respectively of the BoD and the committees (indicate the number of meetings s/he attended compared to the total number of meetings s/he could have attended; e.g. 6/8; 8/8 etc.).

(**).This column indicates the qualification of the director within the Committee: "C": chairman; "M": member.

a)until 18 April 2018

b)from 19 April 2018

c)until 17 October 2018

le Ro	Na me	l d ba k f l, ho f s f d As ig in ist Co ies ing ina ia ins ies ig i ica im ion ts t nt s nm en e mp an or n nc ura nc e c om p an or se o n en s s ,
ha f C irm Bo D an o	l lan G iov i Ca ste eta an n	/ /
ing ire Ma D cto na g r	dr An Ma i ea ng on	f ire l ian d ip de S G S.p D Ita In Inv Pa R A cto nt tm t rtn r o en es en er
D ire cto r	la Em Da R in an ue	/ /
D ire cto r	G iov i Ba ist Da ino tt an n a g n	/ /
D ire cto r	las Fra Co i t nc es co an	f D ire To S G R S.p A. cto r o rre
ire D cto r	l lm Nu io Gu ie ino nz g	/ /
D ire cto r	G iov i Lo Sto rto an n	f l l D ire P ire i & C. S.p A. cto r o
D ire cto r	G ius Ra ier i ep p e n	/ /
D ire cto r	l la d i ia i l la Ma I Ma V re r	/ /

TABLE 3: STRUCTURE OF THE BOARD OF AUDITORS

Boa rd o f A udi tor s
Rol e	be M em rs	f b Ye ar o h ir t	F irs t. da t a p p * te	f f In ice o fro m	f f l In ice i t o u n	L is t **	de de In Co p.	da A t te t n nc e a d m Bo ing t ar s * ee	he No t . o r ig ts as s nm en
ha C irm an	C H I A A O L O R M N	19 83	/ / 19 04 20 18	/ / 19 04 20 18	l o f t he l Ap Fin cia pro va an / / Sta 31 12 20 20 tem ts at en	m	Ye s	/ 22 22	13
S ta tu to ry d Au i to r ( ha l C irm i t an u n / / ) 1 8 0 4 2 0 1 8	F R A N C E S C O M A R I A N O B O N I F A C I O	19 54	/ / 30 10 20 15	/ / 19 04 20 18	l o f t he l Ap Fin cia pro va an / / Sta 31 12 20 20 tem ts at en	M	Ye s	/ 27 28	27
S ta tu to ry d Au i to r	I C O L A L O I O N R T	19 61	/ / 30 10 20 15	/ / 19 04 20 18	l o f t he l Ap Fin cia pro va an / / Sta 31 12 20 20 tem ts at en	M	Ye s	/ 28 28	19
l d A i te te to rn a a u r	S O I A O N P E R N	19 70	/ / 19 04 20 18	/ / 19 04 20 18	l o f t he l Ap Fin cia pro va an / / Sta 31 12 20 20 tem ts at en	m	Ye s	/ /	5
l d A i te te to rn a a u r	R O B E R T A S E N N I	19 82	/ / 19 04 20 18	/ / 19 04 20 18	l o f t he l Ap Fin cia pro va an / / Sta 31 12 20 20 tem ts at en	M	Ye s	/ /	1
O S S G O G --A U D I T R C E A I N F F I C E D U R I N R E L E V A N T F I N A N C I A L Y E A R- --- --- --- --- --- --- --- --- --- --- -
S ta tu to ry d Au i to r	M A S S I M O F U L V I O C A M P A N E L L I	19 75	/ / 30 10 20 15	/ / 30 10 20 15	l o f t he l Ap Fin cia pro va an / / Sta 31 12 20 17 tem ts at en	/ /	Ye s	/ 05 06	/ /
l d A i te te to rn a a u r	A U I I O M R Z D E M A G I S T R I S	19 58	/ / 30 10 20 15	/ / 30 10 20 15	l o f t he l Ap Fin cia pro va an / / Sta 31 12 20 17 tem ts at en	/ /	Ye s	/ /	/ /
l d A i te te to rn a a u r	G I O V A N N I P A R I S I	19 75	/ / 30 10 20 15	/ / 30 10 20 15	l o f t he l Ap Fin cia pro va an / / Sta 31 12 20 17 tem ts at en	/ /	Ye s	/ /	/ /
be f m he l d du lev f l y Nu ing ing ina ia t t m r o ee s r re an nc ea r:
he d for he bm f l by he for he lec f o be (pu ) ( lut da d 2 ) T ire iss ion ist ino it ies ion o A 14 7-t CF L is 1 % CO NS OB ion . 2 02 73 4 J 20 18 t t t t t t rt. te qu oru m req u su o s m r e o ne or m ore m em rs rsu an er re so no an ua ry

NOTES

^* Date of first appointment of each auditor means the date on which the auditor was appointed for the first time (absolutely) in the issuer's board of auditors.

** This column indicates the list from which each auditor was taken ("M": majority list - expression of the Shareholder Avio S. à r.l; "m": minority list - expression of a group of minority Shareholders).

^*** This column indicates the attendance of the auditors at meetings of the board of auditors (indicate the number of meetings he/she attended compared to the overall number of meetings he/she could have attended; e.g.. 6/8; 8/8 etc.).

^****This column indicates the number of assignments as director or auditor covered by the interested party in accordance with Art. 148(2) of the Consolidated Finance Law and the respective implementing provisions contained in the CONSOB Issuers' Regulation. The complete list of assignments is published by CONSOB on its internet website in accordance with Art. 144-quinquiesdecies of the CONSOB Issuers' Regulation.

le Ro	Na me	les d Ro Co ve re
ha irm C an	h iar lon C M a o	ha irm f he d o f d i C Bo S Au t ta tu to to an o ar ry rs do k Ba S.p A. n d S i ta tu to to ry a u r l fo fo de l Ca i Pr 2 S.p A. Ko ino Co In ica Or izz io Se iz i i Do i Co ia is i S. C. ta t t to t p r og re ss ; s op rm a g an az ne rv r m m er c a l.; f lo f f f ic ine ig l ia & las ic iq i d l.; & Le S.p A. O E. B C. S.p A. P T L - P L S.r T B S I T T E L E M A T I C B I O M E D I C A L t t t to r. ; ; u l.; S.r S E R V I C E S V E N I C E L N G S.p A. le d i So Au to r l. S. O F. I. B. S.r l d A i te te to rn a a u r l l l f f le l Ta i I ia S.p A. Ta i Ra ina io S.p A. Co ine I ian S.p A. ta t ta ta mo m o z ne n n a ; ; le So ire D to c r l l. a H T Co ing S.r io ico t ns u so c un
d i S ta tu to to ry a u r	ian Fr M an ce sc o ar o fa Bo i io n c	ha irm f he d o f d i C Bo S Au t ta tu to to an o ar ry rs fo l d iar io S.p de C S.p i S.r l.; im S.p lo ig h l d Sp I A. Au T E H A. Em Ko La A. M Po H Ye A; ta to tra t n s p or n r ar ar co ; ; ; lep lep l l l.; l S S.p A. Te S.p A. Te Pa S.p A. Tm R E S.r To S G R S.p A. Pa im S.p A. tre ta ta m m a as s as s y a rre v en ; ; ; ; ; Ga Gr S.p A. t m en e ou p S d i ta tu to to ry a u r do k loc l. ; log k do lu lg ls d Ba S.p A. Re I T S.r Bo & F ier Pa ing S.p A. So io S.p A. Bu i Ho Re t te ts n s na a r ns ar an so r ; ; ; lan l.; lg l l lne l l.; la M i S.r Bu i I ia S.p A. Ce I ia S.r Ga S.p A. To C O S.p A. ta ta ta o ar ; x ; we r l d i A te te to rn a a u r lea l.; le dr l. E S S E D I E S S E; G iov C S.r Op S G R S.p A. Te ina G N L A ia ico S.r t e r er a rm ; ire D to c r l. A F S S.r be f iso i M Su Co t te em r o p er v ry m m e d i d i d i l le i in l iq i da io Ba Cr Co Ve to tr nc a e op u z ne
d i S ta tu to to ry a r u	la N ico Lo i to r	ha f he d o f d C irm S Au i Bo t ta tu to to an o ar ry rs do lu bo h l l. So ion S.p A. A C E A En ine ing La ies Re In ion S.p A. E N P A M Re Es S.r t to t ta te s g er ra r se ar c no va a ; ; d i S ta tu to to ry a r u k l fo b l ko do S.p d iar io S.p So d iaz io i iar S.p S G S.p i Ba A. I A. Ba In M A. To R A. Em ta te n n no r c. rm e ne o e rre p or n ; ; ; ; l.; l.; l. S.r Pr S.p A. S S.p A. T M A L L R E S.r Sa Ve ian S.r to tre ta o s m m a rn es e su v o ; ; l d i A te te to rn a a u r l l Co io io d ino iz io do i - C. S.p in iq i da io ina ia S.p in iq i da io R Es Ac R. E. A. A. B B V A F A. tru t t s ne r er c q ue ne nz ne z u z ; u z ; l. R E S L O C I T S.r

		le ire So D to c r l b l. Lu ig i M ia M i M O ia S.r t te ar on a r be f iso i M Su Co t te em r o p er ry m m e v d d d l le l da i Cr i Co i Ve i in iq i io Ba to tr nc a e op u ne z
		iq i da L to u r de da A ium S G R S.p A. in L iq. S ine ia S.p A. in L iq i io n ; rg u z ne ;
lte d A ito te rna au r	So ia Pe n ro n	ha f he f C irm d o ire Bo D t to an o ar c rs l. F in iz ia S.r d i S ta tu to to ry a u r l ia S.p M I A. ta az ar s l d A i te te to rn a a u r do k Ba S.p A. n de de d i In Au t to p en n r l. G. A. A. T Se ice S.r rv le ire So D to c r l. F ina iar ia M S.r te nz on ro ss o
lte d A ito te rna au r	be Ro Se i rta nn	l d i A te te to rn a a u r do k Ba S.p A. n

AI Terminal

Dovalue

4145_cgr_2019-03-26_f24ce752-d25d-4662-94d8-8c00a3605b34.pdf

Report on Corporate Governance and ownership structure 2018 Financial Year

Table of contents

GLOSSARY

INTRODUCTION

doBank reorganisation project

doBank Hellas

Altamira

1.0 ISSUER'S PROFILE

The doBank Group pre-reorganisation.

The doBank Group post-reorganisation

2.0 INFORMATION ON OWNERSHIP STRUCTURE (pursuant to Art. 123(2), paragraph 1 of the Consolidated Finance Law) at the date of 31 December 2018

a) Share capital structure (pursuant to Art. 123(2), paragraph 1, letter a) of the Consolidated Finance Law)

b) Restrictions on securities transfer (pursuant to Art. 123(2), paragraph 1, letter b) of the Consolidated Finance Law)

c) Significant capital investments (pursuant to Art. 123(2), paragraph 1, letter c) of the Consolidated Finance Law)

d) Securities granting special rights (pursuant to Art. 123(2), paragraph 1, letter d) of the Consolidated Finance Law)

e) Employee shareholding: mechanism of exercising the voting right (pursuant to Art. 123(2), paragraph 1, letter e) of the Consolidated Finance Law)

f) Restrictions on voting right (pursuant to Art. 123(2), paragraph 1, letter f) of the Consolidated Finance Law)

g) Agreements between shareholders known to doBank in accordance with Art. 122 Consolidated Finance Law (pursuant to Art. 123(2), paragraph 1, letter g) of the Consolidated Finance Law)

h) Change of control clauses (pursuant to Art. 123(2), paragraph 1, letter h) of the Consolidated Finance Law) and statutory provisions on Public Takeover Bids (pursuant to Article 104, paragraph 1(3) of the Consolidated Finance Law)

i) Delegations to increase the share capital and authorisations to purchase treasury shares (pursuant to Art. 123(2), paragraph 1, letter m) of the Consolidated Finance Law)

l) Management and coordination activity (pursuant to Art. 2497 et seq. of the Italian Civil Code)

3.0 COMPLIANCE (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER A) OF THE CONSOLIDATED FINANCE LAW)

4.0 DOBANK BOARD OF DIRECTORS

4.1 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123(2), PARAGRAPH 1, LETTER I) OF THE CONSOLIDATED FINANCE LAW)

4.1.1 Succession plan in case of absence or impediment

4.2 COMPOSITION (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTERS D) AND D(2) OF THE CONSOLIDATED FINANCE LAW)

4.2.1. Diversity criteria and policies

4.2.2. Maximum accumulation of assignments held in other companies

4.2.3. Induction and recurring training initiatives

4.3 ROLE OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123(2), PARAGRAPH 2, LETTER D) OF THE CONSOLIDATED FINANCE LAW)

4.3.1 Duties

4.3.2 Meetings and functioning

4.3.3 Self-assessment

4.3.4 Competing activities

4.4 DELEGATED BODIES

Managing Director

Chairman of the Board of Directors

Board Reporting

4.5 OTHER EXECUTIVE DIRECTORS

4.6 INDEPENDENT DIRECTORS

4.7 LEAD INDEPENDENT DIRECTOR

5.0 TREATMENT OF CORPORATE INFORMATION

Management of Privileged Information

Internal Dealing

6.0 COMMITTEES INTERNAL TO THE BOARD (pursuant to Art. 123(2), paragraph 2, letter d) of the Consolidated Finance Law)

7.0 APPOINTMENTS COMMITTEE

8.0 REMUNERATION COMMITTEE

9.0 REMUNERATION OF DIRECTORS (Directors' indemnity in the case of resignation, dismissal or termination of the relationship following a public takeover bid (pursuant to Art. 123(2), paragraph 1, letter i) of the Consolidated Finance Law)

10.0 CONTROL AND RISKS COMMITTEE

A) RISKS AND INTERNAL CONTROLS SYSTEM

B) REMUNERATION AND INCENTIVES

11.0 INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

Board of Directors and Risks and Transactions with Connected Persons Committee

Board of Auditors

Company Control Functions

Compliance Function

Anti-Money Laundering Function

Risk Management Function

Internal Audit Function

11.1 DIRECTOR IN CHARGE OF THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

11. 2 HEAD OF THE INTERNAL AUDIT FUNCTION

Predicate crimes of Italian Legislative Decree 231/2001

11.4 INDEPENDENT AUDITING COMPANY

11.5 MANAGER IN CHARGE OF PREPARING THE CORPORATE ACCOUNTING DOCUMENTS AND OTHER COMPANY ROLES AND FUNCTIONS

11.6 COORDINATION BETWEEN ENTITIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

12.0 INTERESTS OF DIRECTORS AND TRANSACTIONS WITH RELATED PARTIES

13.0 APPOINTMENT OF AUDITORS

14.0 COMPOSITION AND FUNCTIONING OF THE BOARD OF AUDITORS (pursuant to Art. 123(2), paragraph 2, letters d) and d(2)) of the Consolidated Finance Law)

14.1 Diversity policies

14.2 Self-Assessment

15.0 RELATIONSHIPS WITH SHAREHOLDERS

16.0 SHAREHOLDERS' MEETINGS (pursuant to Art. 123(2), paragraph 2, letter c) of the Consolidated Finance Law)

16.1 Legitimacy, attendance and voting methods

16.2 Conduct of Shareholders' Meeting works

16.3 Significant changes in the capitalisation and in the composition of the ownership structure

17.0 ADDITIONAL CORPORATE GOVERNANCE PRACTICES (pursuant to Art. 123(2), paragraph 2, letter a) of the Consolidated Finance Law)

Reporting systems of illegitimate behaviours (whistleblowing)